Malware Analysis Report

2024-12-07 10:04

Sample ID 241114-ctkw8stblc
Target 44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe
SHA256 44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec
Tags
credential_access discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec

Threat Level: Likely malicious

The file 44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery ransomware spyware stealer

Renames multiple (7778) files with added filename extension

Renames multiple (8600) files with added filename extension

Credentials from Password Stores: Windows Credential Manager

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in Program Files directory

Browser Information Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:22

Reported

2024-11-14 02:24

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"

Signatures

Renames multiple (8600) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JEDNWX6E\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\DQFI3FMT\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\4FXYHFK9\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\SMFN3Z3Q\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLBAR.INF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSSOAPR3.DLL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CDLMSO.DLL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\EquityMergeLetter.Dotx C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CAMERA.WAV C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\NVBELL.NET.XML C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OFFRHD.DLL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\VVIEWRES.DLL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.DPV C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB10.BDR C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe

"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt

MD5 ce84fc74b75f880013e953a200cfdde3
SHA1 b7aee542b34765005180b89853b4d1630c21bd25
SHA256 b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66
SHA512 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337

C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer

MD5 a5bce4073ebb8704c167c09a1fea8c82
SHA1 60ddc5fa8cda42a6770ece2217c54607952883d2
SHA256 28dab4dcd4ddcb8b990401b256513ca0240aef855351eabcef2b0e16e970bbc0
SHA512 44e12a0c093b2474d62feafaf234020d9b3a34532b3b1bf4bb3292a934d2dbb143a9d83a72c48986c676d6f8a8476bbb5ed6b2670f4a486cb4ae6d20f4220aac

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 d3089ec1492cd4176192750b3b11947d
SHA1 51bf2cf3dc5d8b995bf8c24c2474769dbfda107c
SHA256 308a342732914b370aafdf3337ffe701e275a493592af78364fc16d87726bc5a
SHA512 cf95b216ecd602786624a60e7d8b6018bf8540e5d1a7e6cfbbe4864014f0282ae2ce3d9cd0d0c1414943afbf89e5ddb61b6302554b782ea2097ae19f325a054a

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.NBA

MD5 30c729dd3e47dcb9ca70119e9068ea14
SHA1 99297fe75569bb287e50871bddafa4f785b3c1ab
SHA256 2a7012ceca91dded80ffa754561eacd44f04b30c85170f94c2ec5132068e4ae2
SHA512 b26646c36b9cb7f3f8887476694f6cef85784ff0be92d4513f5f35d6390263bd51f29d1cce016983d26c409d23cceded605197bac636ea7ab8a4f83dc4f5f4ee

memory/2408-3257-0x000000013F980000-0x000000013FA72000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 bfab3ff9677fa7a95e16428202df5697
SHA1 29a80800d1574d431984e4f25360c783450fa65f
SHA256 83dcfd34af8ab140be16b7216f7acf84dd35b445ad6e2f42b9a9e8022c9bb500
SHA512 17bcba9f1e3446b632969787ff4748061620395f6de7684fc295f6f7f898e42699aec90aa0fb0960ab0416c90f89064cc2290078cbbdcae4b3babecedb34e3e4

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 a4471e790ef5d81884debeaf5ec691e8
SHA1 c2cc06c4b28f8a512f3b021fee0120c45a584c2e
SHA256 d094baac33b585a6c37cdba400e57d6e8dcc8b8c9a0b207426fc33c232ac8500
SHA512 0e84d5018b35ff3a33443b27f3cd11ee9e55e5128b094f6583cdffd055ee06d5aeea1fecdd27475839cfac889a8c960a4c6de5fe3b53068eaab9f623ddc28c48

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 47b3f76682d45d62a1e46fa26affa688
SHA1 037e156c49d3edfd8303c338f4ce5edf5e52e533
SHA256 f19d884538ca29496d411831ba4facb325ab60167a3b6476c8d4ce0a5985ad30
SHA512 b50065ec307dd4741384d3a0fbbf7946340455558efba787caa0f18ac9e7dc5a7a101a21864f15b344526b686b2dc9862cc2bcbb489ee8ee16f2570aca568e4e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 c1b98565201510341c89ffda2a3a3b2a
SHA1 b42541ff887dd8b58cd63bb384d67e3e8b401fc7
SHA256 f4ededac0e459b9ba25f05730b0a571f6329482a3f394316dbbae228a8847914
SHA512 c93888acd96848c80cdd1e0316394e3abd0fce886eadc93a4f609362e7adc62e96d906fa8d91870ccf3cea767fda3ca88390411a39e7c6bce39a43bcfeb901ca

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 283bd95da76ec53136fc284061fd1d0c
SHA1 e03e8ecbab08102932b1289ff6424753cf64a195
SHA256 2757e1e235f2afd0b12a8724c9b6bfea11d7908e0e63e7e3431051f9ac2b7028
SHA512 c1d2b12b1923c203a5db8f68c0b1bd4cf1cc88b6d13c79b91dba416851b5579a0c7b8c5a14cc32650ea658a85648256073149bfeb193090e6803972bc29d0891

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 0c5f05ad621ab4b715c5cc6e178f723c
SHA1 e9ccfb9ad1fd22db01c908d12b9f2f0d96693e12
SHA256 3c269fddbf1348d9cd92f63489062d25da7ebff99178ad294df6ca1387db4615
SHA512 747524fa6034370789b585c14398b130227afbb085856e91f8e4045d134535da26d5f0e037d2d747348e799f3e0429ba66abea596c68d30a6f1a74a883acc342

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 3dda26aff9c69631eb4e28606d70e8e0
SHA1 f7a62ba3ed9b88ff18ce8c611056584f81f90d49
SHA256 8e8195a860640a6281f07ea4600f2be7cd347ef5ef6f4dcdae87f2f31247d699
SHA512 70a0703be6c59fbcda612828b7a03dbe8f3bc17f1af029904f0c8a7d7a48d0a1a0aa9e646766db216f834860e08878e6127fb71797335ae5d0dc0cbe814deae1

C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.NBA

MD5 74920652d5329fa71a2deace9e50d25d
SHA1 35f606d612245cf30269d0bb99fd73636d93cc83
SHA256 e4138fc3451d00dda87627b6cb5ff3bba28b9ddc87740d13865ec2fea77762be
SHA512 4c447bec2b32419b3449665bd75b54ec6d200aa9cacef537ba891e45619f211ab6464ff27d84f0957198cbed781f148cb046fe4c3df2d596d0bbb00caaabc2fc

C:\Program Files\Java\jre7\lib\zi\Etc\UCT.NBA

MD5 e1a77710c4d50dba1523ae9f5adb67ac
SHA1 2b30b065a420b39d2ecbe1aa13cd736157c6605e
SHA256 6a4b9239939778c318118e2bc8fc79daefe3d704fa27120ff5676bda5c53e586
SHA512 16429a1a61ca5a70452ad3ef206ad69ce4316d34081bdf1f4ab2f1533141250077387774ecfbe4fedb9c542c47687b439e7e49f1bf75549535cb35f6a9244d7d

memory/2408-6472-0x000000013F980000-0x000000013FA72000-memory.dmp

C:\Program Files\Java\jre7\lib\zi\SystemV\MST7

MD5 e88899b0e31101f5ea9b10e1c82ed52c
SHA1 fc1e81f2271955ec580704ca8d05fcded14dd22e
SHA256 e609ce9a03e63961d16da96d438ba378a62eca41b483a2cc76fd4eb7a56b95bb
SHA512 6edfafcad155a1ce995bec5f2bea9c7a308e127c870f701f7a3f42d0089368ef70eecf5d58ee8f12d82ea1c1187c4a98079d84d3fcba2b743e014cb2c87ef0e7

C:\Program Files\Java\jre7\lib\zi\SystemV\HST10

MD5 0a15dc2a6a20153ed6cbed37c461ed70
SHA1 0552d392713a83b759fc98d197cc3367aa98f511
SHA256 25f50b04c8239389fa26d2f0b400f25102c8496ca2b29a66215f7c169458ca89
SHA512 f898e292754ddf7c77e55d21bc07c5b10659a578f992581b19b6de50ccf88ec0bd48d7e50aace12624e460e123d7a88af90207a782ee2f0923e5fe6c158257b0

C:\Program Files\Java\jre7\lib\zi\SystemV\EST5

MD5 375379c84db7a669a593752ecaedd968
SHA1 644830ffcd4c22668fe90b21de297ab4cc1de789
SHA256 f90d22e2e987a5e763af9d80971ab88933f9a2c9c6df0521184892d66a5bb639
SHA512 eea1baaced776303dcaf1ea3fb3473d433d49c306d22f46564f7d4681d75595097e0bc229d2abb3a6501143517794812591a2aa11064265d09b861c4cdbf1b72

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 3c1e1a8dccdf60747910b112815c4bf8
SHA1 8ddbbd732de2e73c1bf14d0489447640fcd664e4
SHA256 e2f7f16b0d0744ee2e70ff5e9dc21bb86b87b075b071533a61780b3cfc8fad2d
SHA512 ba21f7a06891f9cd646a476d8956fb9bd03b03fdaf2bff7bdf932236496bb27e10d3d78d1ce6629fe9504ec4fd7edb5e83fda7298eb4bbf9b1097074da221b34

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT

MD5 4a7087ed6c38c648cf6ab1b4bc0e8898
SHA1 3854d32a753fe6123ff65c985379462b038184a0
SHA256 13c5e26c8b1de1914517eec0634e0eb84ea858b4d3eb34e3afd9ab61b10ddb66
SHA512 2ba1d2010db932e90a8b8cefcba6a32bf944841509d398e2afd4f40404c97e6de5f3eef455fa8df8d055c41344b27c1d4294085a0c343fbce6b61966b416cea3

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c57895703fecfb9aaaa9ad7574fe1461
SHA1 32fa9fba95f33a7c883357a4c46a873489f1b811
SHA256 7b768b6d48433d407c6f1ca5296f90d8cb9cb9df337552c1dc0e01d6e0ffc1ed
SHA512 2ea87b613d1916ccf63f918b6f623eb979d8f6790b7080c675a708f0701d90cffd6cfdd9d51ec54ce5667d78ace801a68e4ad862ef867b568f3eae8b11bfa103

memory/2408-9502-0x000000013F980000-0x000000013FA72000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 5a7178fe710cf9a92843c970546717e3
SHA1 d5c5148bb6a5f600891c43aa0783cf8501a1605f
SHA256 2b5f97f9502222a6793343f21bd3c9b49ff44b00b27b076db25aaf7db4dd98be
SHA512 a2509707e03d283602d71243c2410de970d7a355671f80e5f853e485c541592cc912201dde73bb912fd1ff8df285b2dfbbfa6dab0dd583547bd924a05c2d8e3d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 2aeb8c81fefad28921b4673609cfcd08
SHA1 198c0fefe3c239f187fdfe166fdcf06e5679173d
SHA256 e723275f45b6ad41263f429ef065c15703c60f194db99c886aa4a93b0d9a9cdb
SHA512 50c0bd7a34ac5dffce18c2ff3a0182243e6efab9c220a45711bfa9621c51ed8baf1e756aca601238fd58bdb95fc83f5ae12db5384b0dfd2edc715771c142d8a5

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF

MD5 3f1cf54de20215467695a16b4fbfb2ee
SHA1 864d3b4852da8cda947f20b3ef24c9ad69b1e3c1
SHA256 befb7142ef2505f30bddf8a55395d0db09ad281aadc115ce2f5aeafdd4e796ea
SHA512 af534022f1b3f1965e5f6fc28d7112bc1ce98ad37de57bc75c57cd0314e4d72f62501e792fd092bcf82e70c2bf3af4eb955ce4d85fd9bbfe2fce85c4086e1190

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF

MD5 5cb9157d9d8abbadb3c1f11fdd6fa07e
SHA1 3c795c350ecb12a7708546947baf49b188e5a7d1
SHA256 de68d7fca575027820f23c895cf990ae1e414b8ca560297144e166e0001ee9f4
SHA512 2a86c0f54a88bfe17891ebfdabd35349037ff917c1f6bd252caf573fcc08697590871b5a0b6f739d821adf50dd268ac838d66a4ff33d8bed5ec84c3aca168772

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF

MD5 ac8a6d20049544f5824bddd5a05024ff
SHA1 d5ea77b5172f978be158e90f5cf9d6b20b364cc7
SHA256 13402002bc66553da349c7202a65784ecf929c02a0e8c8895341db465522f8d6
SHA512 1d4852a66e1b544e43ce231344bdc9cb50c59bc64a0726ee9852374c4f2e9da75a0836198446a4e5fd8dec0a76cd6febcaad2c02fd4ee756e96110b98f8f8a87

memory/2408-13287-0x000000013F980000-0x000000013FA72000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF

MD5 fd971f2ae7e4bd7a82c6d3601d663465
SHA1 03eca0df376a255932c2af73a5c83f7b5335963e
SHA256 ec97829a832b6d0d6c1b662277f093007b4b67fb2fd6700e1ab3a960bc77291e
SHA512 ff661c933e91e5d5cc70d158a8420f8de4864ac64e74679666c2aec7db2c9a50f8d3e84d4eed72c8cbab993baddd0e46117607c58b98f8ca5756924e3cfc6517

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK

MD5 2326cfa941727960e182722a073b2a6e
SHA1 df9fe9077fe4aa425bdeed3ef7bcebd068fc2a4e
SHA256 d4e149bbcdb2d5737fca08511101b3687971956b9237d2ac7771bdacc2273f68
SHA512 e2ca0842195a4cf171b1cfb30d25a0989e1edbabb2234b15473e150e102527c5233065525cba4f6685c4b04e6be24fdbf853a8f0d0badb1bd428f7b6db377b3f

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK

MD5 7433f45eb36f85c185204cf54e67841f
SHA1 5da91e1560e5b798e29d39c581d6e902d8ba4d39
SHA256 6404de63e58ea4c1fda83ff2268277f8c831129646e1bf73c797db6597655578
SHA512 db862a456b1d9ab812356f6b0d6e69ac23c2571720f7a6d6b7e277458cdf45a509c6858b7feebab750a963765603a7ab8f1e8b18e3ff585a4dcc801aeb1d67e5

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK

MD5 f1eb6a12a586194e2c324e3fd2adaa41
SHA1 567fd58be4ac210f8b68a4c54f1b2df704c0b960
SHA256 4146e2c8b88b25581c8f3a49dda88e9bb845513fd8fa66b9f3754136607b030d
SHA512 e9f71fbfcbd16fdc959f3022000db37d464bd040148e6bb39bfbe9fb999099e38f71a0f013af18c9d0d4d8316cd827fc8d1f67c55344e2b1212a805274cfb446

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK

MD5 4ce663a95a9e674444e70ae7e82f8853
SHA1 410b69515d69508d2ea615c2cc3474d811963786
SHA256 50a52bdb29948e3ddb89a724beb38456a3369af02ee842d63f8bfe453334cc07
SHA512 1e9d201eae00bc4cf656e18771babc1927dfff7d9bdb11d0f9d64a09aa13bfac81ac0d7fff119161c6788ccae16efaa8c9726a1981c4327ad001b4d423fe894c

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 0217da4245cd6bd491f73b9d260a0f7e
SHA1 24f806d7538becffdbd176d7f6d8f62ddff878a8
SHA256 f7f8e7e39ad100d0836a24593b19224f15f1c39574e17c6b4b5de2da72a09474
SHA512 43863586ac7f74ffc2e0d3859d72d339343a612f173fd8fe699e69ef89fddf7111a53b3021494eea7bdc0ca3a83b33d572764ae95189c9565e4cbbf5135ea5b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF

MD5 1ad0309f8aaecb58d241239516eed97f
SHA1 77197cfd38553126e1643b55fc7d40d0620bc940
SHA256 b5895a4436c8d12d1db56584ea2485bcf37ad764144df67c268663231ddb0d11
SHA512 502f1358f99853fa29a7b3fe546ffea5085436b2972bf1a8383d2d73b2288e1370a0ea3128929c573bf8d5ea05f7379f3bd437ee1fc81464a4b398f1350aee88

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF

MD5 d44f37b42ca0ddccab9a98c2855319d6
SHA1 70cd03e2ab061c179f52a980298d8e536c3ddd0d
SHA256 d796aba5117ebbe36de9f686a0ac1bd582bfd84c3a3957c29fd586572193e219
SHA512 c5add547da265266b10eabacb291abbae06f0817713d09b6b85f8a3ef190219e04e8b012c42d26c4a62d5afe7cff99d4d8168823f72eedae1db3332610ab5b12

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7777c5ac1daacd689eef030b39feb40e
SHA1 14c742c83b0471b26da84e8cf0f67286568d0025
SHA256 d97f8454cffa2dd55e746d818aee97ab9ceed167f0f1818b2675d67b8a3eb7ae
SHA512 36714d30508233dca78a2cc45f1d02fdc33d3bce5329ff33ae7e4963426c0121924048d819b6b05fbc1eac604657e3aaff90a384dad7d63a542b2961d641dbdf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF

MD5 4d7cfdea73371e27d1cb257f510d93d9
SHA1 af21c5f5a3a6fc347a4c83b3087ff6ea67e35070
SHA256 ebe8c0f75d12e2f2351d714130cd7d818064d07d63db9046f76b58edfaca9b11
SHA512 5ad197c39277767a38cac1276ce58a4a818cfaa48b078fedfdd1f19367f37b0785f3dbfa5aaa58fe1d0c8cec155bd6d4e18027c2c20b771ba8d0a33cca3834f7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF

MD5 595692f002ecbe3db42b3ed6e63f6c71
SHA1 a574cdd67c1922109f7d69b2c398c369dc07e30a
SHA256 9fb82c329d40f9ad84a10e5e19a0f98f8ec33248b2ed1ddc4e40ad27a7ef772a
SHA512 0c40bce0a46a3976e29d6cb4b5d9102587f753893df3d94fe854810bcdefc573baebf254b06bb17f27e33d605eac0ab9988953640867a3b8436256275fb43715

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 6da01a767686e8eec68b7403d0a725ae
SHA1 19141fffb671b3f89a2d029fa6ca2ca7d34241fb
SHA256 35de4bd214d59c68d10c304a99a98b3d564f4e428542ef2fc4cf4b665610cac9
SHA512 3d4af81d4691f920db191e75346c9d33faa7dddfc3980989fdf7d6aea84810287c5b9284256ceb7253c04cd6ca3263d00ab3a09add92bd9397181a266c017233

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 c367cbc3d3439821f57787e83653bc51
SHA1 87ed31fa63c87ccec63b4aea1c4b66e0d073d0d0
SHA256 066f305667d179528a7fadbf893e683f78e2939690433da28846452b34d07fc9
SHA512 7c309bd9db0cc959a48439a3c0d8e6d352bcc8c781b957cf3823b3a731087e4887cf703038504f0147a3bfaff3a7fcd8692082860362623c06c03e7f9528d4e3

memory/2408-16096-0x000000013F980000-0x000000013FA72000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.NBA

MD5 a0d59a8ae79833fb12bbf72f20f89ccb
SHA1 5d1fbcf610054cf4055343f17b0fb712f140d875
SHA256 c13e1fc95f176f1871954703528b4b935b99fc93eae46050171cc700858b3888
SHA512 750e77b6cb887ee00a2a4f705f34a993d623f8e3fb82a082853f5bd2266fdf8889574fa1bc62bad475d88ebd137ab2613beab98dc4dc4c9bb1a559c2caca6181

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 9e50f2aa4c36acbcdaaa5b9a6c842be3
SHA1 072845e13f66899c377f674bf21da051da151888
SHA256 deb60305344a60f88322bee84ad1fd088a775bb778b08557240b4543df2413ca
SHA512 53aa6f6a99ac84add3661e0f5eff38d961b87c208b933688100cf77a00d33acb466146fbdedbf1f1896b19b94ff917e7f75f82ff851f0f523179587a386964cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

MD5 2e636b4a3beac6ce959208aed8d8461c
SHA1 aa257cc1d4000dc1558acb08cb6a1f4b07239bde
SHA256 c834738ef106c65071e3679b30304652a9dbc30975fe0ec094ecba8f0ca06332
SHA512 8386c5b7fdd5d8a9edae4adb1f74d19bdf849168c89c236d08991cea6e9fa768c6f75f58d8705adaf8e0d71d9147c03c513009b4a2bbec69538d443ef89884f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 16806f0f0f16f96dad3fabd7a0656112
SHA1 eed9c58df68a9de0d876742deb4f84fabcf3fffa
SHA256 eb391c4636a32c4651c10891df4bc016ff65254cbc6ae1a420da2aee0989ce02
SHA512 1f39f2cfdb3a85e31c3d76e2b9717a258ff6019459280f3f644cab03b0c2b92720bcfa5bc6bf26684482e70db5a0305a2121417a1f79a6e772ea4b1722c52181

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

MD5 13287e58866bdd2483ca9b44ba72f86a
SHA1 0032fbc4b23306b3163983dd7c69b17c22976833
SHA256 59a5e11f645652ce76f024421104c312bd4dd8e3d42e99333f10c32aaba34870
SHA512 8cc69a3e0ae17c9fed6221735f467bb0391c5060c009b8ca6717eb9886b81e53620b3511951465860e9d389b91b416ca111b03cb1d1aee8d7c43df7c4bfed8a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

MD5 db77a7615f90146e02be087bd8ecf2c0
SHA1 539f4c6f3f960f20b8ffca275da2fa0232c5606d
SHA256 7d93cc59cf2b90745abb17cf51e93865fc7655c7b9074512e18f107a1e4334d8
SHA512 8e14495eed2ef58afce7bd61a6b2ab5ae715da5344544e4132ff962645b9cb05f4530010a37d59f873b61780e54f99e95be62334ed8577d055b9592bea8dfe29

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JEDNWX6E\desktop.ini

MD5 9bbfc5e711348921a182e24353b853f2
SHA1 1a7c03782ddc9d4292c9a9a2ced0f51b1b64c507
SHA256 724f8e7b6b3a99c7261aa6486bf77d1cb03c899b028bc65229d31f95d7e5a4b6
SHA512 a4655cfb9d6224a62e5584d59744321e813190027de3e66c99e6990fd3856a357ba1ecf5988849c60d57a1105244b3802c34e9ea3215015be1b904f3d9910826

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

MD5 3624df8396c38fccc9ee94c3583d2222
SHA1 a2dceb388996d4f49f295095baf74787c73e673f
SHA256 a5ebe43e78997d46facad4282f5d1ff53237b917269232f70c81ca3e1ff5fefd
SHA512 ab615669df11b9978466968138e7b08ec418a9158d0530c5a23e47400669b253f5039a9d6f4f76f12848ff45b8be0441f0d549917ffb33562949606234104811

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 d8a8ff0a509f879a22c00574e7ee65fa
SHA1 58e6867c0121c2269cce94bf8ad523fe8a0cf5dc
SHA256 da20022555c8926cc55a1afea9d83832b46a19b409656009156b6dd4d3bd0a7d
SHA512 458835eddff52594c534ff3a14fb9e93978010acfeee81795d06888b4d0731642ad601301832ca6ef74370470c6586b1b38b869e4e2a028eb2651d88b451d969

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 528c8cdcd6b96aee1e9469b9906f6476
SHA1 32131f2b1fa02b422daaff053311a4d6a375380d
SHA256 37aab0d946123ea9ad1a053509cb1903d7b96338218bbe7654af705d74897d7c
SHA512 2a61aa17c97efbea22e4f1a626aba1a5bf305499569b179b61e5ac21841ccff9d31e7160c9a1f729f6f04a2f499899e2c276143180a45aee0fe7a1771ac4d7f2

C:\Users\Admin\Documents\DenyShow.xlsx

MD5 f71e9c6558892abdc80d2f4bba78b1d0
SHA1 3931f5b5a9f729cf323ae874e37d2f0f9278e73c
SHA256 b5237278ce5626889ab3c980d0aa1e49fc79b25422d7ab70e251d1f9d57dd437
SHA512 0f90a97d791c17711c48ca2ee84afeca96c97a0dacdbb9318a3cf7e7ce5b1e5645882ddfb525fdecd4c6caad44653fbf6cdd56eec7438797d1d12d990187b73c

memory/2408-18733-0x000000013F980000-0x000000013FA72000-memory.dmp

memory/2408-18977-0x000000013F980000-0x000000013FA72000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:22

Reported

2024-11-14 02:24

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"

Signatures

Renames multiple (7778) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxUnselected.svg C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Other C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado27.tlb C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark-2x.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Social.DATA C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ja-jp\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_selected_18.svg C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ar-ae\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.GRAPH.16.1033.hxn C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gu\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sl.pak C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\ui-strings.js C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\added.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-il\readme.txt C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe

"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\readme.txt

MD5 ce84fc74b75f880013e953a200cfdde3
SHA1 b7aee542b34765005180b89853b4d1630c21bd25
SHA256 b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66
SHA512 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 130e4eaa6215a59eb728513ba516f847
SHA1 aa1af6a6bf5140ea7b1f3f321a207e53d81dbd74
SHA256 34f824f38a2e482ef1da1c2f7831c7d8d3ad2af9c9bf040a8ac3a3d5f00c6f80
SHA512 94f0088f300691c5cc33afe371c29131ebdca1472619214068036b129df18d958d378e425b6c46457ee9cb47cefaff07831afb4e123a3cbf1a10ed1f435d2d2e

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 44622bb50c1fae5e217fc369f2a92375
SHA1 66bd166ed3bf1934a416bdf2f8a4faae87f2bd37
SHA256 cefee8cfb0df123027950ec265eeed7a4a398837f7f54349ded3eef8f7830b43
SHA512 56a2012c8a85b97fa38e3133a24c000835957f26680a611ab6aab2778d3dfa803052f32e3f8ce0e1bd5f0e46b2474cb031a0787ef6e29c8a6c4acbfa1bdd9233

memory/3452-5497-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 a7f8c1209b2e9cebcb46b44919fdf986
SHA1 3d134df739ceebb38753252a4c99e444276c0722
SHA256 b16e024842c8d31b07eabe020b081bf37e6a88ad4bf45fdc2b4eba9df1b98c4a
SHA512 cfa7a8fb5df653a06532fa5ef50d4fe8348576d954be5a17a1c1b10fac831393f2f1bafe1ac300e527016872ec5c0df66a90fc757e2815b6f19fd2ab298cfc09

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 382f153285f47d9bf505ccf0ed660002
SHA1 39dd912b24fdaad233390a3d227d83462bcbaf95
SHA256 051bc2438200fd025290509a529870c534359936125b5cbb8b81e8c4fc3aa9cb
SHA512 649d36c3d60007360776b41e673b7f4257673f32f74fbeea3978bb067cd1014b7f01ee907b0d371065fe37bdd0ee62c6b2f8f5b670604b5c00e614f97440ea53

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 88c0717c31c64dc22c03d0ef7e7f73e7
SHA1 134689a958e83aec0c81c50b106a066692f975de
SHA256 e8505ea0e38e9edb4f637f8537fd05c8b17700aa0b64b3b1af737c7c447ca65d
SHA512 4d31eb19f33908e4e4652c41f9585b947adc98fb2dabd4df61be5b9a8c7abf3cb0f146792929263267ce2fe46b77363470297f0ee7618b0800d3bb9c4235685a

C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK

MD5 4771aee3e9c778a3dc89182290beabea
SHA1 1aa494d3fb98db1276aee7a4dda3796207f670f0
SHA256 4bfbedf1d60d78fdff2db423e4b230cd7a8eae9ff6966528927c88169f45eab6
SHA512 a5c8fdc8a9017e63d6c9eadc8fd94c4ff3f30fc72a76141f02c4891079af67f880792671c86f094efc672855312b3b300d5148410e9958f9ad7f168f7afcc87b

C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK

MD5 f143165091948fb1f9de6138b92fa27b
SHA1 0618184532a66fd25aebbd060a407ddc4690e87d
SHA256 223dc669312bc42bb7e6632aa83a33c89f91a132f09c5875f71a1f31caf5c1b0
SHA512 9fe443b4c73ff5113ae46242bf04af4ba9922d363ad3dd5805ee18acbc2731db27f046a281d5d21f25507d0dd797363466343c3edfeda7cd85f43b8bb32638a9

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 a372fb56cfae3c977a1da72b2764441c
SHA1 7e7d4cc931aef3235996f4462a96335565edaa07
SHA256 a8bd8ba2b373ae651d564060888a74793b6ad02817193b239d363dd4edeae2f8
SHA512 caee5a2d578a4a64fd26a0b6debcfa9ef79feb4c22e573b8860ea6a0af6844e5b2c2262b21c41e96bc3d89270cd81a2f5d49bfff55603fb0b7014846e10bba01

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub

MD5 98db013e3a8e9503880fae3b53bbd5f4
SHA1 d21d8145f6e7b2f8d5b21393026adf009a58b064
SHA256 ccbbc79b2f6c1a8fdc778401aaad2cffa146e0138819f37068a107d09c84da80
SHA512 7425557a4eec030c34071bf1cd90a90499343369aaad18dcc046760e81c546434848721eff4d0b98bbf3b95a9a548b705e3edb70322460f6445bbf4dc8040c02

memory/3452-9323-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 43a199064b5076d2a46dff72c9efe5de
SHA1 8c943ff2b1ea1a62eafa6c44f6057ff42d33acf4
SHA256 6f91e85a5e588c99be6583bcf76dc0e67be3eafc006c0b9044fbe2195b1fe81b
SHA512 d20ffba32989e29e4d8ac78313f4652b42e74d81b890bf1b0767b69ca6d763b609ccfb1cdff2a0b2626ee2f837d716050b72f5623a18e43fba70d6bf545cf94f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 0db4bbfaff0cbd8e197268823e0b93c1
SHA1 99fccb68d53afc4b03b10438d506a522c72d227e
SHA256 e020e5b69af2b663ebd79aa3f3da777feb61129425c970e8c7d4f483e48fb1fd
SHA512 6113aae3db515a0781a8748b5310076178e2e8882c645ec02c61554b889738430d3f178e15f6778a88933601e225c80dab00274d3f2e0820a9fc0a3a5a38c41d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 b30e9ce23dc3e2366149cea2b70d6ece
SHA1 256c2a218a62e4669a7f11eb74580831bf52f0b2
SHA256 8fb6e8f9e6c20b8c5f41aa77cb641fb6533a0f5f0633675fc42e48f464a398a6
SHA512 39a6e76c1236e866b85169af89bd2395a4f85d111971ca38707d036d9d4e15428f078c0d7d3dc06eb47efba1d9e00785e4e63403605d961714f68e7af54f9561

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 8a064eeb8f8b688ce2dcef6c18bd33c3
SHA1 2aae540d9ee976cf52a2533fc2f40cdb00c31177
SHA256 b97cd54061ab0565ab2ef80b110bb2e53993cd7281196d44cb76e22d429ab07e
SHA512 842758046c0a2395f080730753aa0a023cbea124ebb16daf3f464b113abd36018270ad1980ebf030025bd35ed3c4e1099f98ac3a4dff8bef45d18b65b43befcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg

MD5 1b0c7fd3a49708ea41b69bc2149e6d19
SHA1 362f8e2d87e868cd97cf0838819aa06925108b16
SHA256 062ba5ef629b3345156e513815fcbf70b33e509da6ad3cea437f81d7f09b2fa1
SHA512 cd2364c46100688590089b1cd02ca3a23081ddb41efa83be96dbc88334028bb7b2bb3a102ee9764ebce329487e78c51b73e3c2670f7e6626eb43d90776eafbfd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ui-strings.js

MD5 2e1cda847b8ad9937b518f6a775ee516
SHA1 0bdd93e35570bc3694002aef353e11b8c973e9d2
SHA256 6f5310dde996bc4d9c59e50967c089995ea1819962bc5f4bbdfc672542dcd380
SHA512 f4a9556d084b6dbedf4d8acbbb4167594e9764a4a70156c333c40275d9ba500100b120671eb8361190a2c6ffdb2ca4f00725c4c40097ad47b4cf32c78dc7cdfb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 ffb24e979617d52f10ac8df7f607771a
SHA1 8a47c6d18728c3ee079e8e7482bac93a023e1139
SHA256 e3aaf6189104d4ba8cc0bccc3aa92a8cf50e049b54c4a9e99be2574d624e6f17
SHA512 75ba6fc74be8bb896a0e7134700cb3cdad8b74a0c31d2908df2790fba31350513924434a167598d68bb5cc1b3a28841fc04796a9a66c2595da93dc3aa36a1fdd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 5b10a5b963a980f610d398b05784438d
SHA1 c89079dfce81706949ba8951d2e36c4ade1e9480
SHA256 eb5b872f9a6022ef70f927ad807ae9397b2247ac00b22d27ae8ef8f0a1a878e0
SHA512 cf387fb399fed966e7e22d1d5332943d18435ba81954c11c7b85f74c46a081aa6bc1f93b48d639a795794c4e6e0afc1e525d8ad5bd20d37aaaf9f411ffb3e06a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js

MD5 7ef7d1dc8ea606ddf9dcc0eae45053db
SHA1 c7c91ef0115c5f6c0622808f0620714a07af00e7
SHA256 60415f6b7ecbe231bbd6aa55b9e63c4a431aa32d1269bf6481f0ee9176e54fc8
SHA512 a95b4c72e635be4ffc2ecf03e522a7b4cf6651248f2c0473cef35984f6bcd2f058501cb8e67ae08184b9484a9529191389144122bfc76a4237db863929fa7853

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js

MD5 21f2ca476ed257d7e66c00b67fc96634
SHA1 c58b27c34bbfacbd897807b14ff24ce136731068
SHA256 0e11870242a2e733563c2df93154b3211a8ea0c8f88ea238d0bca0b741cea30c
SHA512 06b97ed7709837fa224de1f5f07632bb53a227066f41f70e1eba747aa7185868f19503d6daa2e598cc8e9267b8ec743502ab8a01210b7387a67b6fcd1c78bcc4

memory/3452-12230-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

MD5 aff732a35945d784e248e4885b99e103
SHA1 e6c6103672db50598b79836483d115104f5c41f3
SHA256 89793a216a11c25a3d04523f4ef7bf518aa15431650c9f559616c4379e5bdeae
SHA512 65c9810c959c382a10e8b7c0166483391f094f738cbbde16f86072eee0f2c61e7744c3bea83d55dfc9d7d901192b81ce7292f29e3fc5201efefda73c19f4f9a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js

MD5 4c1e06ee07943595be07e523dcb058dd
SHA1 f188b18cf9fbd713083825978db50dae3b34413b
SHA256 bcbfc040fb68a1d22d25adbf99e053002245f8e7a238560e501ae5f21fb5e230
SHA512 cd9ca2788db95ecf8f0567161aeb07ef1ea8d185c2c03f638f22a34c973145dab818ab49f19e2c31c29b889cb9855264c9fbb8d9d30a943f22c5414e3d5d88c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js

MD5 1bef3730805f22730d810159bb5c8ad9
SHA1 73f31f9cdfc0c603509b5efbd8e6bd58ce622f6c
SHA256 48f5a1325cb20164d1c05e4cacbffc82a130cd573c624233f642a9c49e683ab9
SHA512 097d8cbe4ee22ff10b1825369e883e2a0be4839d6c9518170f2b88042167d3b51f2e600a9c5583b07cbf5bc7a603b2d9af3a0009718d366aff489c9a4e170258

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 2744753292c5241070212dec4f2c39b6
SHA1 d7802267799886f94a2714ac5a83b8549d6ec4b7
SHA256 f5a31ce30e168b969ee444286bf56491bfa9d3c5af80a6ac99a44e15e923b126
SHA512 9b74980973430b62f628dd3f432f0c5dacd0b3adcca964df3ca280045218b6298a18b9b360c23b2ba29327669dcf5da023700e811adebbb3a8d0e7bcb96312f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 ceeb186db67d7f0d32edbef4a3e1657b
SHA1 c3b36e286b6b309f50217e1372a97d94fb6aa7ea
SHA256 29429773709033e63b4c8e07e650f781cfb3ae999023de6ef619081485d39253
SHA512 c6025103d8248950555885771decd603feacdbb151c3ccbd371e462fb60dd07f7f0cb689bf4625d01a6f73f07ee7634895f5e8b2b98e94eccc9e4fedadd62f40

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 222609bcd971fa3c564feb75e0c3c64f
SHA1 ed61ad50c89daf2c5ea0c69ed4e7f79aea8ee4f9
SHA256 4a18d854f1cf465597309a8bc5147fbca263c211e535058ef50bb7604b4be61d
SHA512 47825070b4fdccd03063bc9191dab10c5873a7d6d5049a80c610858c1b332c06609dd16d5097fa5c70bccf571e3a05e0945df87da089bb8b28d5eff89ac14ab2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js

MD5 ae920a285896a617e84426755a2a56c1
SHA1 122ddfe0a9e5a88e7151cd732915c6e4f9e70d32
SHA256 48e46c90e105ec82548791d1b80f2b28b589f743bf82ab7d10831e5c0ef571dd
SHA512 e59c3242abcd1215581938dae140b6a038578fb33e7e773b557691bdfbf33fd5561095822b027c7963b83f4ccb14da40bcccc8152d9775e5a30b8c62d6f46e6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png

MD5 94852414d61cf7d10884b9e07f2d4cd5
SHA1 dad7f0afb2925e41432ec66b074912231932c2f3
SHA256 76186e4fabe9a1abd594b7ab17e35c06c45997b75dc3a0ea6a93ff7df310b415
SHA512 e282070bb1dcb66d2e4e113007a60dc6bff35d305f9f921c06b5767fd29a13caa17cb2b54e11f36903c1dd560fb08251f5c1a6e0ef1f628f2cd63a4249f88b9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png

MD5 b534c145de2e57c25cc19971482e7f80
SHA1 ed7610bfc6c8555702c97b374c398267d739047b
SHA256 253893e386208402ecb9a8a4ef5d88006083f340e20c80653b3d7b584344affe
SHA512 6f6443efe877a066221bbdbd969ac699b1827de1c8c24677ea7d4e343114211ad7877726674c81b02ac3ecd7c04ec73939d1608f56230cd95343341795dd1c7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 5759f1a633b7d2b4efdba6f5f16ed12f
SHA1 a44e9589f073379d995691d7c1ce4d1fea3fba86
SHA256 d2e215360e7253c5ea2f00fce527b1dd18a9824af0b177abf3a96bbaee09718e
SHA512 00add3770e7e845b4521a40cc9c22e638ef68d6486078e36987fd614b0c6112871232fae1ee46f4bf2d7b211f096ab58877cd7a59e3e57f73c21991e9e05f3cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

MD5 1ebc675ac6d1517e717a52b6d2ce33da
SHA1 73f4ba794f36f5a0a3517546bc69a0adfbdfcf10
SHA256 e27b1250131d485e95d03a55118e4471471df1ce8a82e45a1f6f6b221c1096c4
SHA512 1244718928f35965ffb8e0b3f62680c5f905d480d9e22bf73eb097e4c62a82e49c0671c3eb627c335aa01eeffb2363cdb88babfcc19f499648672931629c3af5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 af2ddfe39b73a92ff445fef1b4559c5f
SHA1 c5598d57571027eb0cdce6886a0dd615021f6eb9
SHA256 c7944101c7d83932c58a32d71b3a19ec1298ff468f52bbc58bbb7276ebe09414
SHA512 248702df1ad84bc75dba4ee29e8b34c1f5c11eafc5f6d5f11d0531b2d7d7595c93bc67c04c8b8ed2d0ca6f444a585d57668997087ff1db60ee1b34460ca5224d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 a0c6a4c12fd1904f26a6cd0ad8a5edf4
SHA1 785a1285d41fc2588f84f49a1f4d6127dc4531a2
SHA256 c094b7487694de34a197f98e3b8e39e60e9e4b7cfc3e9f2971b9c9830ed90cbc
SHA512 bfb7e96111e2a9686c46ebb95e42686cbfe09ae68915d81df729e223f4480ad279f99c5329e31e451dd4333d816ee11d310d9eace0b52e9dca1f4b936dfeba5d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons2x.png

MD5 8ad5a40524a07b5d772f85947cc50acf
SHA1 d2ecba7ed7f7923ff5b28cb8a78567f04dccaa10
SHA256 c1e7bf2367f965c65f26a50bfe515d75a1569832c9266a92cb9f6b2137a13fa1
SHA512 ea3d9f23cac71efc6b6857ffda2b73f2390eea355a8bb1d30c98b87182525a213032ff7beadba1eaf3906254ef9578c711006ff0c659d048bd7726518d7d25ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png

MD5 b3425f24f3cb8303eef08a25a812add7
SHA1 ad7f99ba65d1c4c7eaa75044d0fd0b2320aad5eb
SHA256 bb3e0e1cd627671d1508bbc4fc473c04f86efe90b5a4658b64223a6c66a8fe66
SHA512 46d423e37af8e0fe44a32221d4a31ff7249007159fe44fb18f26d5302cc8ce15ab5a60b1d6b868afffea3a9d59a6616339b360878970a243d7a5d86894a23653

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png

MD5 1d35fecd18d60098725fa9c74cbbdad8
SHA1 00be988fa444c76d47918a526847d60da01adaa9
SHA256 7ab62ce91f1d548097116d4e8d38a12718a905d7b833b30e88f7381072b879e7
SHA512 6d08ef0be0007bd03900153b309377779929f7f6ace2aa9e1569aad5d73020b9daa2786a7e46d9c716e4a062c4077948b7ecb2e548876180bf4facc88bd1707b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.NBA

MD5 2376b131621f62d36a020e64f93d3013
SHA1 eca668a186d76c681b82423e396d99e34e426ffa
SHA256 0aff63ba73abf91da4527b211a7be4c9b99bc764e2a7013cff963ff32f761ddf
SHA512 056e544e6a7c903f5877ed36b5d8940044b073dc1b2e224fb1a3c6c6d33f8b2af7c259a7cbb53052d53f4505c69de96203af5077b652b1393a2a443dd57c0ece

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png

MD5 013b09bb9a22039c9aea3655d1c299bb
SHA1 116716d570afb66b530ba8ca954db1842e6203cb
SHA256 dbe23a36b6eb375bd4b12e0716b30be75aa53de5ae371e01d52e49122877997c
SHA512 2b9fb30452563ac05762123361bd46fdb18cd3ee1eab9ec8f3c4d466e27820188af94c7fdad4c143a4a2d90cd36ecc7f7d0e9b142c682b405339af4a3f13e257

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png

MD5 cda1e392433ac5643c1bb0207f3abab2
SHA1 9b7728cf176d4995726868221c7c9f2e7902f28d
SHA256 256b3f948b0930118fce0619201302bfd16c9d342a9e029cde207208b03148c0
SHA512 e0d2624090f13b7467e913461f82b6bee850e357ea6da4ea1588f50546e30230793fef4745c2003ca04dd19d09ad556e5ada81f7822e75fb418f8e8afa95b53b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

MD5 13dc1ede123f70c325ffd41ff8d39740
SHA1 34a6c929647bfc31363c9b6d4ec94f796bdaa67a
SHA256 0cf45539d95b1a93212e98df6edff762ae9677bba1e1a43b2f86b67cdd54a1bc
SHA512 a936863939f8215440949e583e544658dcd55cc2f126e2a866929539d08d3b5034c26dead71bcc29e4e12b900a2fc822b73583337361ec0608bf0fe9a2900171

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js

MD5 d9a01d7ebec3af432208d53001993d05
SHA1 451909a1c25d5ea570953ceda1957590c02e0bfe
SHA256 c2e4b93129bc4473826a55e20078950c1f0ea27e9a215c9d906a7f6e579b4f39
SHA512 5ff02123af6dac2f7022bcb96f8a5a692ac4a9701fab643683aa1f1efe0df68b498b7df1dd7b15091d45fbc9c57fe5ff18b792ae033ae39e66e4d92d3d27e075

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png

MD5 5261058cf46a134216d5389aedaaaf0b
SHA1 fb101a0a8e023c6509f2d2f90a48f94e442a86d8
SHA256 737a275d9b20bb9b3ae87fc1802593bd585d37190290ebf98cddd02dd1d0da53
SHA512 d81d1223f87d28112ec8a9efd8fcb789dee646dd5e35fe35a4108ceb88109cd8bba600e149fc97d69800c1a2bc5acea31d359dae980cfef14ddb9ea5733a0e19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png

MD5 f443755a58b995d1cbd9089da6003c85
SHA1 fa954e7e88ba3c4ff3e6ce5efa45ae2a61787244
SHA256 8370c69c87a36ceff10b1cc81d4dd220849ad8f0551c43763e525c20a8c4973d
SHA512 3e816e853c332d7fffb5232318fa1d85ac06e5964825229f1ad04c589927958a195e08aeda8399fa62b3ea3a3735b1f89eb7db7328f749d7f71271cedad5f557

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 29e8cfc08816f04fa0df6f1f8c006ff2
SHA1 bca6af52fff184837b05871ce5ef98eab8dfff5a
SHA256 fc36aec682f51d420803103fd5a8df5580c4fdf4de74eb0e92683cdd8fb74ea6
SHA512 116dd7668fd95f4bdcb1f73044d3f97064615b49cf82ad4e1f60a98d4e467a7293351c6646b0ab9ced5aec039f9b9afece820e856f5f44d5cdd861dbda6694ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png

MD5 bfc7999d96c3a9522ad4e0e884788624
SHA1 d67c54d416de5ab7823c3f9b76310b86f602ed31
SHA256 026ef1be4f4895ac19e27abef42c5952e9b5fa90ae4c228644ea248d59f921a3
SHA512 27ee309016308f7fd9fa17afe542736b789a7ca77db2a0577a695d516c60bc6292302346039e35115a2d66735828b9a40b01c5355abcde636e1edb5ebd7a21b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png

MD5 11a7f6bf1abc54249bc55dcd77586597
SHA1 dc49fa4b394523cf3be36518b43429f575caa765
SHA256 7dc1d6f93190a9df2e3fda49ace1b4a80df27b6f2024a9c4f3ba52b7ffbe5149
SHA512 9f9e030029f5733ee91d41bf5f5ee9b9e50a82cab432a775e00ef941a11f62c035b2f885c259a9753825f82b311efb06128189bf48cbde9196201f7493721c91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

MD5 0b3db481d965e9222f2cbb36b78ec07a
SHA1 2bd3056242275b28e41c857045e94c17ab07e324
SHA256 e7455ea9c9467972e56d7e30abd353ef2f06b3470552424e5c5d0911ed84b698
SHA512 f0fcc6d3e4ef53d0fa402177a97ffc8da5b4ea4855031f7fa78eba264d2cacfdd982df91567a6195ad51b2348270b438606fb9322b2d3eaf1e2bf1d87d412e17

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

MD5 5cf13605759f88106fd19f699be37790
SHA1 93103f6d4f91ee8676b237baffe99e52a749ed36
SHA256 c9c36da5fbd3685c498e136ba702c147fba2548325275f74a159b493fdef122a
SHA512 b04fefd76022461a5275ba47c69f9cb39a80829c148c724ffb6db0106456a1d549965d2ab57fd772c8f914ce9aa9f36ebaa168ac54fa91b5429e9f6a657f762d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif

MD5 7c9d1f3e97721610c86607981cd41cdf
SHA1 7cce2e72e90294126cbaeb50cd7849b1bd2d98fa
SHA256 32588324e6db03d9faee2d121264c27f6fb06ef078d76df7268c5045bd811d9d
SHA512 9b018261485ceb66cb69ee092a6088511424440e7febd3948b0c05c7381a63f81f63370bf6e03a6e619d055d3c77baf71eab23ed643d57412be7d49aef83f539

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.NBA

MD5 67fceee06ce3e15527f448b756eaafb9
SHA1 462587a1628418b351442430477b03d8cc7343d1
SHA256 95d0a426160d7b46f2ebec9efc5d77e4194cc91685feea7cd9d7cf0fe4379a12
SHA512 be363fce941ce0d455c308a7bfec079a2ffbf2979916b90941bdb4ab4a5ad86ceb3537ee1a6b39d276c1b8d08f0f839b8c0a32e4c20bafb2eeb3268386458768

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

MD5 0c9f07221fbfd942cd1f4ada1a714367
SHA1 7bd02ec7535725d9e6bf04147d1b5b82073c655e
SHA256 45770d7d95e5f4b2f454fc1cfe6167301cd64b89f1a6b58b0f6d439384fdb3c2
SHA512 08ba3ebcc99b73afc6efe3e504579a90dd9ed29540182cd5cc0f889027f72d9eb5ebd2abec22524a82537715c2262a5489565e4f216c6bc4b2a4c652a846d8f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js

MD5 ac571e13c70d2dc0b494600c5c8a20d1
SHA1 2bef6a617b15e236ed74a14951dbbdee6382971a
SHA256 ee29a0a20c683246fd398c8e10609142476de1cf8149f1b2a10ec295a912c95b
SHA512 2bb118a5b90e31be4842402171d7fd497a420220768adb6e3a6086224a50e61e592c0e34932bd99020e55d9cc5e1990d96872859acbf4cf36a1246de4566fda9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\ui-strings.js

MD5 f7809d92023ce23252220ec2956347c0
SHA1 a0d8ef852d338e46095336a031aa9f917754dda2
SHA256 9c81f360a30be8508ebfa75e7d4dbdb6276dfe5aafb9f4d1cdef0a61d7a66333
SHA512 39dc4e4ca8d8453d382a61df4c9e2237342a9a74727ef9d121b989026017a7010e267e1e17e41887049154ace2ee780fe7020a83cc8d4f7a574e8bbc31b493d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\ui-strings.js

MD5 d3fc02c621256b9d911ba57ba8c837d1
SHA1 05e167e3fa868026137768e52fcd58226f246ccd
SHA256 a6ee1cd724c729ce81aebc388370c42e4bc3a2eb561c1a41cb1ae592380a1c4a
SHA512 ca7a8b5b05733589f494648d46394d246b680770d77cd0a77e66237d9dadfa2a348b2d134dceecc3ad8f5a9dfd66ef24e88345e71fe3a89dfac0ed708b35970d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js

MD5 c277e763bc7322ce1634d33756e2b0b0
SHA1 3a8c7e07f49e2e2e311b75f0f17e4a96d835c53d
SHA256 7eba9ca5945748c48325394e984b17181f1542ee58ca3d5661bf3129c0dd29a5
SHA512 96b76903b6fde91dc98c35b31eee775c43fd0a2f8b7d3b0214e17c4a6f1f93dcd30fe50f87e0230d7f6b1cd8ed577285fe535dfac524aa4cf85635995ad4f67c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

MD5 6f8b5a95a174f7cd5afdecf004b15c05
SHA1 2dd30c94c19246581580209bb246277e8c4f0b8c
SHA256 53aaf08a700cc1ba71b7dd05fb5c0c9b0127595b51f6482542e77132de057727
SHA512 e8e1ea05324435a2ef6be83e2bb7e6b32f3081caee537d1a32b72cf6019234c8a54fb4acf0600b3a1dcf5c51bcd32e5ada923b989be4060068223df085e44cda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 e146671466464ea4e3033744071c93d4
SHA1 c2fd8e2ac73276a191fa98d89b5e3a8f17c501fa
SHA256 46a4b9e7040f957f997548fecf08ed62444fb8726809cd5c5f864bc69991a787
SHA512 9650b831cddeffa541e8223e21b96a8c4ec7d22cc8be07adb7d484cf7a2bda6c98047eab2502b4eb4309589eb97ea5b1eb58c796c8d7a5a02cc4e347ce987050

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js

MD5 da3cf1dde6259520a2c00306abe30f52
SHA1 cde688f1fa1bc3bd2b95e4dc5b72cc24d9c8c13f
SHA256 669cbb3e7fa224f0512f723f3b9c581c173273bb644df57258e9166791be0e6e
SHA512 75ec03cfcc4c4ffd95817e60c070188293ae5b81d9df9a52bd48e532f986bedf65ff17fe34406fbe2e94cba5b05df9a14214a811ddb48ffdf4e28a1a78cb3bd2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 11ffa592aac0fb92122c8488438a8ce4
SHA1 4f6a3231e6d3b608bb3b5f3cb1be143ad2b84be8
SHA256 108ff6626dcaf6ad7db0ef10d31309b352939c8e217644ea647cdf9459cc0e64
SHA512 6c679f6047b093ef0b4853fc40325fa5a00e69efb1c6013b27e9cd245f4caaf4d0306500703a96b9395f4fa27c8f77e304f152bc945fdc45cba09651fc01af03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 7405f1200f2b7a1a0f84fd829637656b
SHA1 107334392b419bcf6118ffa7eef2498efea5d103
SHA256 150ef6c8d42cb62405c5e32fff40c0caab1e5961e9632dd6087c550bbf4df451
SHA512 51a4976873e157ab13bcfffa160e97792fa2ac86af6cc6da7c04819d5bdb03eead5144eac7bd291112e3495779c375337b16bed6f5a71c5e7e3714493a8950e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js

MD5 d05d5e7bc4f514adae7f22785980f6e8
SHA1 7523ded3da3699f4c25c617fc7a94a8d91515242
SHA256 92c44c8ddce1ebc61bd65c528b3b3cec6de4c55c9e2cbc52cfcd7a30d0423fea
SHA512 636e863a7f120630ae87070bc4b41273358e06b143c77c34fd14883e8dcbdb37bfdb47d4d3a1303d58dc972b971aa5109bfe23196da82f555aaa7e0a55ef783c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

MD5 8069d8492eec5dc3f2ce903f988ce7b7
SHA1 97948d891b4146954d57d075bb4e9bec746c2df1
SHA256 aa1f4f0bda17ea6989e2ac4b061c9966d8f02c60ca1d54c76d4da41d60bf1fb9
SHA512 c57aafc2578a40f6061429cf6c70f9061d78e9c94f1737e704fb906d52ce31b36bd7da8c7a44028577fb2700b459a9fa68324474c1a3a2ba321811cefc68787b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\ui-strings.js

MD5 197471a06b07536b3b21d80c2b2e0a37
SHA1 1ebcec912448e78493d8cd423a6055734cf0d56f
SHA256 81b239811e0a4c3eb981eda8d588544167377362047ac00f2fcaf220b332c0f1
SHA512 f9e1bfa24361a1969fb6b482e9356feb2159ee93d447600176a3ec8ef203fccbc3650dc21680132299ea740f0d3c0c551aafab2afa4d5165748363e76030859d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

MD5 ab71e3b694ef1d11dd575f153621bec4
SHA1 fd49795c80b327ebdbd08b207ae06f63e77efa23
SHA256 fe3c2ef049ab6ad7982860fe33cce3c0e1757105a983b540e4f0034c469c07ce
SHA512 ed8c016b984ece3697bb361f77814889552b8095f965a22b217052d2c0969015b3bd39a96a1576acfce08f73feac5e8165a59840cefb0f1dd6871527698de227

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 d89801ad6065aeffcfcbb6a4ff32e403
SHA1 1919a23b68bfe0210d9635d2dfd9593cdcbb1eb5
SHA256 4846c02f811e4c23baccc783dde31dc366560888b43904ba1a42c2e34f815531
SHA512 d98cb8a3042180e23ae7672d45da034e5c1c66914841c5f1f371ebf2b9a4b52f1ccb7862ec044c9f41e34104be8c351627c6d78550828cf969fbc5087080ee48

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 15efa47730efd12261723b65b82dc8cb
SHA1 399d96477a0185a0403e439fbd8f4a2c36ea4ffc
SHA256 c9d52db405887e5189536e42e15b72cb9baf4417e77683c369b4e64ffe51deba
SHA512 9e48417d48f68c12c03b147bcac10f7778868dcadbedc24f071e666559e7248638c9bed5edff725a6307c2b114d7cc6b13a12a368b7b62e130854d3e63fb788b

memory/3452-16021-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

MD5 6c32f3fbffd083f91a1e0432da6d0199
SHA1 67d3ed99e5a1869546fb3b1f5906c219cf3ccdae
SHA256 59de9a5c63ff901267b7ac688663d8128910ab235b441f33a04788d8029ee379
SHA512 0f04ca56be0d0e2d9ad740f55722e984369205572636fb8a3608ffeaf2fc3bc3545ddee2bd384eded2f11b68123a7b421b1ca8a883bb0143077586ea2bb6985e

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

MD5 229db2414b4c2c8cbb931f25cfb0e386
SHA1 b9f45f26f5af1bb64391864cae31f83519d8937f
SHA256 426384f82fe4e01543a11fe9206f85e07dc678263857212c66d918d41e52c84f
SHA512 bafba7081dc5bf37ae1d5ae2e53aa1df6f9e4f280ae084521c94ee71cf631c4ba089b3d29666af8a50eb958cc0d0f0058dba9dfecb1702d71e220b99783be320

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 5e0e7923e5fbb326d5f405d3ba95fb52
SHA1 91e7c8874a5cb52df8e5a123d38a69498f2b3da4
SHA256 29f9bba582d5857e5f230d9bee54a8585b1356afcf32fe14a1cc20bcc43c4652
SHA512 fd49da866ecdf106c8854d45642698c1cd6eb524fc96f705ba524020ba31d3e189e777d88b8758e479e5d77146da08c4af5cdb8786db3dfd8e6e7fc8fd4eabc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001

MD5 03506305bce7cedc8622b968bda97298
SHA1 a242fa7682d908974174e5455b511b771600387c
SHA256 5bc28330cb16d33243ba77e03fe51337c17d1ee02606c344dff93bb003af8658
SHA512 fe7a3048ddc628240a098e56c135bf32327900d81d73e290e6568fdef025bb5a9e89fe0d1eb08a995473434bafe0683a1a3a7b17cee8a67ae7d996da54286d47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 06e602198f489e491abc4475f970e9c2
SHA1 a6094b1a8de208939fd919ce377c4111f3cc71ab
SHA256 95ee54ccc523d54fb8b360af4953a9678672f156f900f5e87666b97141af92cf
SHA512 e96384824af1c88bb93347d6cab602c71881302107bd005b4031f2badf6f6be86af469694d1f2b22a6d1ec3154ea727589e9598f5c00930b766c811c6bffc528

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 fb2304d453505d2ce4bcbdeb7713230b
SHA1 a1bf6d0886a6923b0ad12954965550b840f5d690
SHA256 5115fbd04c5ed8fa8020f58f4da2ece274b50a222a8c1cd96733e667001e83d4
SHA512 5f643b0777c3f0192dae39a40dc65adf93c8fdbb005db2e13f93f5ddfc8ee4f087280faad6d922e730fe9fc80982518e874ce2f3f7cb877a0af713a485c0e917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

MD5 c274523500d4b0c141324c68bce2d185
SHA1 16ed1828c59bc79cf9de8ed210b07d3e827ce78f
SHA256 f453091e3fcdfefb49d73ec653dd917dd65016c8c807b25b149199eee4684848
SHA512 ed41a7c96698e38a021e39dd2e3ce73984c4a129cc9e7428528426732de3808f4288b832f1447de1f55e1cfe986c6e15be658c6749755ba578cfc9a6f30c2bc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

MD5 dba904eb327efe76553deb13d4abb5f8
SHA1 a4141db3d3c6209f351c52a480bf6e32275fba3c
SHA256 b615bc79f41666a4659c287093be00468228dddfc1687523335f38e3f8b7aaca
SHA512 29a57b58643ee4147845e90695e7930b54fcc3d06744fad30828f3fefab4b5dbfbe5f3e696c27117c65d20a9242c97561c3bc4267644a25057e4d43708d6a828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3

MD5 db82c1c3a69ba657eb7f371d9ba58c2c
SHA1 6c2c5fcfe539eed8addbbd24a63739276d82a487
SHA256 e26eb58603a7c9bdd6fe9959f61e539b5948d6673563b824a5092bffe457b6df
SHA512 7e6b3a93197dd97cde319a66b84d5c71bfd654a76bc6670ad216dbe8c521940ef2b12c12e086f29f1e26b05f799589d3e22300ac93448365b52545ba1976bfba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 0b4e2c2d5ce00faca9e7d316f3011ce3
SHA1 754cfd1e2768456f8d9bea16d0c05924979953d2
SHA256 b5d73b07a57eab8960fc36f8f2436c15390d999be2371a6241eb1962a6dd4822
SHA512 8953d18f9f4e15772def92beb5bc9a440605b31fdd470e3eae2454e94822b74930c5cd53f59f5b21eabfed1658e59a4cf70976df102508dcd4ee9c4f697cfbf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1

MD5 8a71886e110277bd259aa193c5d4c225
SHA1 67403bcdf32ffbaa1a05eae4eaa0b0321b778fb8
SHA256 6d4321726c8776b02818ceb7c4990e9267a1ce32040ffc9079b81d6abc902164
SHA512 87abe3733f69e89e04c55131e44b42f8f19d3fa5c0655c6c0b227e4cd4ba40c6cbd41dd2b409598b98d81b6eb0e37cc148c883765e05bef8d54bf774db3420fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 6eb8fa2d563e23f0210e4df34c49e736
SHA1 a5e6e04762dec9c8b660770c65e716cb8234d85a
SHA256 b6a0849594927654ebfaadb5748c155f98a855e984a2b79111df990f1be14e3f
SHA512 a20c2da93e338a966a689f6d695ed575085c118c7a7042e6bbd5c1e28a39f7a76b240b5723e8aaab6db0db041ee79e9e218f115e38c9352bea97ab79572ead0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 2ed5c26af6ff895beb03a8c8a73ed61c
SHA1 968616b2b3ceae9410166cb1b0040ade13507df1
SHA256 b8f3e20930d5a740a94cdc0f8cec8496a6845e2f1583a8c721ef211e225e589c
SHA512 eefd53eb965991d92d4d7d50f57ec5765104d3d880f100ab722c417d251f49adc38cf7d541344756b76bf4494e4cf8bd8ac8c470986efccb0c73ea3545faed3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 9c742a8e51bac9a3bc2a890599916f0e
SHA1 647b6e8aaa16b51f0acf7240f1bd36470789f86e
SHA256 69b0c220f808cd699fbf74a66b182e49dcbe4dc1ea9fb86164d893ab09ceab96
SHA512 b6c4875fde0e4ce2b921d6127eee5f2a80096bda16d277bd8a042f28b9dea213df189f5be91baad506bffe1b12770bb7d81feac537793eb891ae939195cd23f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

MD5 7a6b98bba28d158a4851092a40c5036f
SHA1 84834e912f31f4ae17d1a4fd54b20b688844951d
SHA256 cd0c28809d752898931ff14e68905b74ad2220082ef3daa543c42c267adf7af1
SHA512 f87b404c2aaceba0dd9553c323191ac7fdfc7a7a365f7ea7f443622ba6afdf318f4fbc5ac1d87f715ad6a3a0c191a9978f18985a47fe052f177abee532ec23ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 8789bf61415bcd55bbc5a999baa7be7c
SHA1 edc83db47f30cc94399d9f8264bd8619ca2a5920
SHA256 95b0e906713a2921da266d75d4744fa5985106dbe798fe5acc2cd3daa077c76d
SHA512 fefc7b8f9e1542dc1fc0b383fe9766b142ad2734d0837a14cf8086dac9024cf0dafce90ad8fbf4ae27b04b5df760f071efbc0d617a5f0d2e7a7caa103f3fba2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 337e1697c41a6b2080ceb1ccbae4e37b
SHA1 9a84c69984e9a7e3844f18c97075d81395975da6
SHA256 1e4d9e2ad516a34f69698d508cbf1256a9c38952415868105396dcece98c62c2
SHA512 7ff3252b80838f52826a95f0154e96ef2bf63813bd0694bd7b02458aedbca47cbf0ac1ba2ddd21ff504e2d99c91d1f1ecb791bc66b1b7733dcbbea49b28fc5b5

C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

MD5 1fff562aa58c9f1c222c5049e9bfa592
SHA1 13e00d780e65db0774172e7ec9bc3622b67b755f
SHA256 da2350b8d4e82cf8645213b4d48f2d98472c1e60bd1b72beacfbeb6c0d5012c7
SHA512 efc43e9ad283b6348edc1d18fe97b7ac1253de93f69be41170ae6b937074c994acd17c9333f77e616ff1ee6a47146a0ed8cd757a34f236bad8f6146880c10de2

C:\Users\Admin\AppData\Local\Temp\wct5658.tmp

MD5 cd03b86bbf96b05514c7b9537822061e
SHA1 9ba0298f3e2d2254783623055cf81199f484b10d
SHA256 616fbd1592a211e63002bdd5379ceb55b5372d1134cfaa9a7bdae2aa0f7fb3cf
SHA512 9e939ffe171cd900090bf9c1bb1d36448d8c978a8fbfce48d38abcc3c862d66511ff4b341743e5ba17c924696c98216b32fcc104a3fead4f365d288168f8ae5a

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

MD5 6dd4eb5e743f5285173442a03b662873
SHA1 2b47dcd972caa8a836dd85af02cf9c4c25de762f
SHA256 69af284cddb8c12f8bd7826af5e1ebb4a7b5ad9b5995db4d3be798fdfd51d4c0
SHA512 59c6f267997558845f820c9b1a6de73f64a3511d5974e93185aad67f63cb84d399c724be3dedcff8a0a3e61adc28c14b095da767ed18cc2786362cd10e0b70c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\places.sqlite-shm.NBA

MD5 62d3f7732141aa48a48b5630b9c923ce
SHA1 1fc82d3e929330964fe45bef2da12c0e03c4a11e
SHA256 d1ef1f5dd2362ad060b4f69634c9f2769caeb75593b49199bcc34e4c3dcdb394
SHA512 610ba77c8a54d54d97008b1e0342779896f130d1d6d176f4afbd025e82fe58eea3b77e339a87dc06d3f9f9146bfbbde247aa83980a7cdf4b3075cc333fd20954

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 ed7e995f0d82cb7a3923b0bdc7c2fa34
SHA1 a484ea9eddf6e5dc0a1f170ee0a2eaf63c8f4270
SHA256 609b52fe4f841cb17500b68ea4110e42ea1d7f9e182e93601f21b0985eee3aec
SHA512 153af1cad3e76414f54b976dbd63efd41000f08dcc9d5cb3d606be5890ef3e835dc877d384b899fcab27b6bab168cd7fd7ae21e82ac46b10fe0a31b6a2777b6a

memory/3452-19129-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp

memory/3452-19413-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp