hxxps://drive[.]google[.]com/file/d/14YYkGAbmt2U_LHWf_zWBLpPOu-UZYmcv/view?usp=sharing

Analysis

max time kernel
894s
max time network
895s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
28-01-2025 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14YYkGAbmt2U_LHWf_zWBLpPOu-UZYmcv/view?usp=sharing

Score

7^/10

defense_evasion discovery upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
5064	Adobe Photoshop Cs3 10.0.exe
3120	Adobe Photoshop Cs3 10.0.exe
4236	Photoshop.exe

Loads dropped DLL 64 IoCs

pid	Process
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001900000002acff-2548.dat	upx
behavioral1/memory/4236-4478-0x0000000000400000-0x0000000003006000-memory.dmp	upx
behavioral1/memory/4236-4481-0x0000000004E30000-0x0000000004EE2000-memory.dmp	upx
behavioral1/memory/4236-4484-0x0000000010000000-0x00000000102FC000-memory.dmp	upx
behavioral1/memory/4236-4483-0x0000000003490000-0x00000000034BC000-memory.dmp	upx
behavioral1/memory/4236-4482-0x0000000004F20000-0x0000000004FD2000-memory.dmp	upx
behavioral1/memory/4236-4479-0x0000000004E30000-0x0000000004F1D000-memory.dmp	upx
behavioral1/memory/4236-4485-0x0000000006870000-0x0000000006AC0000-memory.dmp	upx
behavioral1/memory/4236-4488-0x0000000006CA0000-0x0000000006F82000-memory.dmp	upx
behavioral1/memory/4236-4487-0x0000000006AC0000-0x0000000006C98000-memory.dmp	upx
behavioral1/memory/4236-4489-0x0000000006CA0000-0x0000000006F82000-memory.dmp	upx
behavioral1/memory/4236-4486-0x0000000006870000-0x0000000006AC0000-memory.dmp	upx
behavioral1/memory/4236-4548-0x00000000091C0000-0x00000000091FC000-memory.dmp	upx
behavioral1/memory/4236-4544-0x00000000091C0000-0x00000000091FC000-memory.dmp	upx
behavioral1/memory/4236-4560-0x000000000A100000-0x000000000A25B000-memory.dmp	upx
behavioral1/memory/4236-4568-0x000000000A0A0000-0x000000000A0B0000-memory.dmp	upx
behavioral1/memory/4236-4574-0x000000000A0A0000-0x000000000A0AC000-memory.dmp	upx
behavioral1/memory/4236-4573-0x000000000A100000-0x000000000A215000-memory.dmp	upx
behavioral1/memory/4236-4572-0x000000000A100000-0x000000000A215000-memory.dmp	upx
behavioral1/memory/4236-4569-0x000000000A100000-0x000000000A136000-memory.dmp	upx
behavioral1/memory/4236-4567-0x000000000A0A0000-0x000000000A0AF000-memory.dmp	upx
behavioral1/memory/4236-4566-0x000000000A0A0000-0x000000000A0AD000-memory.dmp	upx
behavioral1/memory/4236-4564-0x000000000A0A0000-0x000000000A0B1000-memory.dmp	upx
behavioral1/memory/4236-4563-0x000000000A0A0000-0x000000000A0AB000-memory.dmp	upx
behavioral1/memory/4236-4562-0x000000000A0A0000-0x000000000A0CB000-memory.dmp	upx
behavioral1/memory/4236-4561-0x000000000A0A0000-0x000000000A0CB000-memory.dmp	upx
behavioral1/memory/4236-4559-0x000000000A0D0000-0x000000000A0E5000-memory.dmp	upx
behavioral1/memory/4236-4575-0x0000000000400000-0x0000000003006000-memory.dmp	upx
behavioral1/memory/4236-4596-0x000000000A9A0000-0x000000000ADA3000-memory.dmp	upx
behavioral1/memory/4236-4597-0x000000000A9A0000-0x000000000ADA3000-memory.dmp	upx
behavioral1/memory/4236-4591-0x000000000A120000-0x000000000A133000-memory.dmp	upx
behavioral1/memory/4236-4585-0x000000000A5D0000-0x000000000A99C000-memory.dmp	upx
behavioral1/memory/4236-4577-0x000000000A4D0000-0x000000000A539000-memory.dmp	upx
behavioral1/memory/4236-4610-0x0000000004E30000-0x0000000004F1D000-memory.dmp	upx
behavioral1/memory/4236-4613-0x0000000003490000-0x00000000034BC000-memory.dmp	upx
behavioral1/memory/4236-4612-0x0000000004F20000-0x0000000004FD2000-memory.dmp	upx
behavioral1/memory/4236-4623-0x0000000006CA0000-0x0000000006F82000-memory.dmp	upx
behavioral1/memory/4236-4687-0x000000000D930000-0x000000000DBC9000-memory.dmp	upx
behavioral1/memory/4236-4690-0x00000000091C0000-0x00000000091FC000-memory.dmp	upx
behavioral1/memory/4236-4689-0x000000000FB40000-0x000000000FE65000-memory.dmp	upx
behavioral1/memory/4236-4688-0x000000000D800000-0x000000000D832000-memory.dmp	upx
behavioral1/memory/4236-4661-0x0000000000400000-0x0000000003006000-memory.dmp	upx
behavioral1/memory/4236-4686-0x000000000D4B0000-0x000000000D7FE000-memory.dmp	upx
behavioral1/memory/4236-4685-0x000000000CF90000-0x000000000D06E000-memory.dmp	upx
behavioral1/memory/4236-4684-0x000000000B640000-0x000000000B686000-memory.dmp	upx
behavioral1/memory/4236-4683-0x000000000BBB0000-0x000000000BF73000-memory.dmp	upx
behavioral1/memory/4236-4682-0x000000000B620000-0x000000000B631000-memory.dmp	upx
behavioral1/memory/4236-4680-0x000000000B490000-0x000000000B4A7000-memory.dmp	upx
behavioral1/memory/4236-4679-0x000000000B320000-0x000000000B47B000-memory.dmp	upx
behavioral1/memory/4236-4678-0x000000000A2F0000-0x000000000A337000-memory.dmp	upx
behavioral1/memory/4236-4677-0x000000000A230000-0x000000000A2E3000-memory.dmp	upx
behavioral1/memory/4236-4676-0x000000000A1C0000-0x000000000A1D3000-memory.dmp	upx
behavioral1/memory/4236-4675-0x000000007C340000-0x000000007C3A0000-memory.dmp	upx
behavioral1/memory/4236-4674-0x000000000A140000-0x000000000A190000-memory.dmp	upx
behavioral1/memory/4236-4672-0x000000000A5D0000-0x000000000A99C000-memory.dmp	upx
behavioral1/memory/4236-4671-0x000000000A4D0000-0x000000000A539000-memory.dmp	upx
behavioral1/memory/4236-4665-0x0000000003490000-0x00000000034BC000-memory.dmp	upx
behavioral1/memory/4236-4664-0x0000000004F20000-0x0000000004FD2000-memory.dmp	upx
behavioral1/memory/4236-4681-0x000000000B4B0000-0x000000000B4DB000-memory.dmp	upx
behavioral1/memory/4236-4673-0x000000000A9A0000-0x000000000AC5A000-memory.dmp	upx
behavioral1/memory/4236-4669-0x00000000091C0000-0x00000000091FC000-memory.dmp	upx
behavioral1/memory/4236-4663-0x0000000004E30000-0x0000000004F1D000-memory.dmp	upx
behavioral1/memory/4236-4740-0x0000000000400000-0x0000000003006000-memory.dmp	upx
behavioral1/memory/4236-4779-0x0000000004E30000-0x0000000004F1D000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Black and White\High Contrast Red Filter.blw	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\PCX.8BI	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Patterns\PostScript Patterns\Optical checkerboard.ai	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Basic\images\lineBoxNE.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Brushes\Square Brushes.abr	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\Dicom.8bi	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\Default Actions.atn	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\Automate\WIASupport.8LI	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Color Swatches\PANTONE solid to process EURO.aco	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Styles\Web Styles.asl	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Textures\Puzzle.psd	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\ds_bot.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\Caption.htm	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\IndexPage.htm	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\KMZ.8BI	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\TenByThirteen.txt	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Menu Customization\Video and Film.mnu	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\FrameSet.htm	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Patterns\PostScript Patterns\60's flowers.ai	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Patterns\PostScript Patterns\Water droplets.ai	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\Thumbnail.htm	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\plug_ins3d\2d.x3d	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\Automate\HDRMergeUI.8bf	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\OBJ.8BI	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxN.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\images\outerBL.gif	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\feedUpImageButton_over.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\Filters\Lighting Styles\Flood Light	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\Default Swatches.aco	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\Gray-Black Duotones\424 bl 4.ado	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Scripts\Load Files into Stack.jsx	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Workspaces\2-Task-based Workspaces\Painting and Retouching	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\Caption.htm	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\home.gif	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\Process Duotones\magenta bl 4.ado	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\PANTONE(R) Duotones\506 burgundy (75%) bl 3.ado	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\Default Gradients.grd	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\spacer.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Textures\Linen.jpg	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table - Minimal\images\galleryStyle.css	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\Gray-Black Duotones\423-1.ADO	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Scripts\Export Layers To Files.jsx	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Patterns\PostScript Patterns\Pinwheel.ai	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\slideEdgeW.gif	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Brushes\Special Effect Brushes.abr	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\TRITONE\Process Tritones\BMY sepia 3.ado	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\Process Duotones\magenta bl 2.ado	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\OpenEXR.8BI	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Styles\Abstract Styles.asl	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Color Books\HKS E Process.acb	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Brushes	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Black and White\Infrared.blw	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Textures\Purple Pastels.jpg	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\roundotNW.gif	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\File Formats\Gif.8bi	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\images\navBL.gif	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Plug-Ins\Displacement Maps\Pentagons (10%).psd	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\TRITONE\Process Tritones\BMY sepia 2.ado	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\PANTONE(R) Duotones\green 349 bl 2.ado	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Textures\Mountains 1.psd	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\feedUpImageAt.gif	Adobe Photoshop Cs3 10.0.exe
File created	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Duotones\Duotones\PANTONE(R) Duotones\159 dk orange bl 2.ado	Adobe Photoshop Cs3 10.0.exe
File opened for modification	C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.dll	Adobe Photoshop Cs3 10.0.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	Photoshop.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Photoshop.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Adobe Photoshop Cs3 10.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xcopy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Adobe Photoshop Cs3 10.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	xcopy.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Device Association Framework\Store\	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Device Association Framework	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Device Association Framework\Store	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e77ce1a6-a3bf-4a6d-874a-8eb24fae2c3f}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{003785f7-3096-4b88-ab5f-c72a621713e6}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\AuxUserType\2	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Application.10.1\ = "Photoshop Application"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.PlugIn\shell\open\command\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c2d014a-8df0-46c3-8bb8-69a2ca6de96f}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5b158688-e624-4979-b14c-35eecd115530}	Photoshop.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f4177ee1-8e4e-4742-b55e-fc96b75aa9a4}	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f23dd8af-d7e0-4633-8baa-4ac879b13092}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DECC242-87EF-11cf-86B4-444553540000}	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Application.10\CLSID	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9414F179-C905-11d1-92CC-00600808FC44}\TypeLib\ = "{4B0AB3E1-80F1-11cf-86B4-444553540000}"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.psb\ = "Photoshop.PSBFile"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.PlugIn\shell	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{060c8dab-f753-4650-8f7b-158b476c277a}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e3a92d91-d84e-491d-b974-c7b898b64b4c}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f107191-8e6a-4243-b2ab-cae510fadd9e}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b9029042-a3b5-4f5e-a6ef-bc41d2d12c35}	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e9fcc41b-11ea-4b95-97fe-7bf8bd3a6b9c}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\DataFormats\GetSet\0	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.10\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe,1"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5f97a183-016e-4297-8b58-d6621b6f4543}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{84f5580c-fe2e-4be4-9302-384fc5a554de}	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c58389ed-6921-459d-a6fe-fe574c61fa33}\LocalServer32	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f2282846-adda-4608-ad77-9d49c96068a4}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\VersionIndependentProgID	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.psd\ShellNew	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Application.10.1\CLSID\ = "{6DECC242-87EF-11cf-86B4-444553540000}"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image\CLSID	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image\NotInsertable	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{bbabfd32-0108-41c7-9a66-4df7bdd490b2}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{29caef10-23d6-464b-88e2-005f243f9116}\LocalServer32	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Application\ = "Photoshop Application"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4B0AB3E1-80F1-11cf-86B4-444553540000}\1.0\HELPDIR	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58179145-2d72-4774-8bd2-e55a8af63663}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\3\MRUListEx = ffffffff	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\ = "Adobe Photoshop Image"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\DataFormats\GetSet\0\ = "Adobe Photoshop Image,1,1,3"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image.10\shell\open\command	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a2fe5c87-ea21-4602-896c-8bef6c46d027}	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{aaf82edf-f4ee-4883-b337-58fc192b26f5}	Photoshop.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4B0AB3E1-80F1-11cf-86B4-444553540000}\1.0\ = "Adobe Photoshop CS3 Type Library"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9db71367-444a-4caa-b037-9af7fbcb9a4b}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6d2a1db8-7dc8-41fc-9e51-95906c6649c2}\LocalServer32	Photoshop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58179145-2d72-4774-8bd2-e55a8af63663}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E891EE9A-D0AE-4cb4-8871-F92C0109F18E}\1.0\HELPDIR	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Photoshop.Image\ = "Adobe Photoshop Image"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5f97a183-016e-4297-8b58-d6621b6f4543}	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b62f89d4-0d99-4200-80c6-c221835feeee}\LocalServer32\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe /Automation"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{205394a4-0806-46e7-853f-74444b481bd3}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{956445cb-570b-4350-adf6-3d54db1d94f0}\LocalServer32	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f2282846-adda-4608-ad77-9d49c96068a4}\LocalServer32	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\verb\-1\ = "Show,0,0"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e3a92d91-d84e-491d-b974-c7b898b64b4c}\LocalServer32	Photoshop.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	Photoshop.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{76E9291E-57BD-45b4-8DA4-E4AC599DD39E}\DefaultIcon\ = "C:\\Program Files (x86)\\Adobe\\Adobe Photoshop CS3\\Photoshop.exe,0"	Photoshop.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b4cb0682-7e4c-4d21-a7b7-87d0f8e305ad}\LocalServer32	Photoshop.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 627254.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2324	msedge.exe
2324	msedge.exe
4404	msedge.exe
4404	msedge.exe
4080	identity_helper.exe
4080	identity_helper.exe
3060	msedge.exe
3060	msedge.exe
4396	msedge.exe
4396	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe
1772	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4236	Photoshop.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1772	MiniSearchHost.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe
4236	Photoshop.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 1084	4404	msedge.exe	77
PID 4404 wrote to memory of 1084	4404	msedge.exe	77
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 1956	4404	msedge.exe	78
PID 4404 wrote to memory of 2324	4404	msedge.exe	79
PID 4404 wrote to memory of 2324	4404	msedge.exe	79
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80
PID 4404 wrote to memory of 2828	4404	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/14YYkGAbmt2U_LHWf_zWBLpPOu-UZYmcv/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffdb103cb8,0x7fffdb103cc8,0x7fffdb103cd8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe
  "C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5064
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Adobe\AdobeSetup.cmd" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3596
  - - C:\Windows\SysWOW64\xcopy.exe
      XCOPY /Y "C:\Program Files (x86)\Adobe\cache.db" "C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\cache\"
      4⤵
      System Location Discovery: System Language Discovery
      Enumerates system info in registry
      PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,14121335915605767542,9171953572266744247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4500

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
PID:336

C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe
"C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3120
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Adobe\AdobeSetup.cmd" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2040
- - C:\Windows\SysWOW64\xcopy.exe
    XCOPY /Y "C:\Program Files (x86)\Adobe\cache.db" "C:\Program Files (x86)\Common Files\Adobe\Adobe PCD\cache\"
    3⤵
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    PID:1508

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
"C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4236
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Modifies data under HKEY_USERS
PID:4724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe

Filesize
6.9MB

MD5
1ecb567c1b278891699868a5d4f2201c

SHA1
0e7e89b64f1fc57c3de9f290d2273020e3f8f0c6

SHA256
ac203422e0157b1fc2d52a254a211c18bf5626a2cbef8915de6c79e3b00de8f1

SHA512
28c7082c6039b563e578b37ff17dde06e4a266fec4df2405ac808d42855fb097555d8c94453d4cd6fc7f82d8e4ad408232aaad25f22b87df5a6d03ba06a657fd

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Color Swatches\DIC Swatch ReadMe.txt

Filesize
812B

MD5
42881f1ddd81128db91204e0349e52b1

SHA1
4d1a0c1741a84bf57ab7cb884d8a6789378f01d7

SHA256
7480092938b728f6c371b57932f47d5441eaacb891177efc95ddd0f80f090f41

SHA512
c025b46aac8efdc698c50136dd62bb3ac66eaab61e7212ae8285c82fde188ead6b9538f091e7c45b23cfc820f1a1f2bef25247b50a692a25526d9fabca4062ac

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Color Swatches\VisiBone ReadMe.txt

Filesize
417B

MD5
9f89b49e6e4b81eb9a3ef6a5d8924461

SHA1
17ee8eae11a1fb327f3344cc549bef305de408c5

SHA256
d739aa103e35aa5efd0fe49dd14d9360b5a83261b164d6d3277a24fed97ff8fc

SHA512
ef2f26b00ee4dccdb28fc1bb6c960cab9ae6f72f126bee21104b865b8e7833b35a64abf464b71cc34e954a8ccdb805544729368caee2a84b8ab97914c30fa761

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\1stFiveBySevens.txt

Filesize
40B

MD5
388137007f4a3808e9d9dac9f0c6c5e7

SHA1
bbecccd4568c132e96bc21df354fc999216884d9

SHA256
e32d9b5836fc640b75cc70c4ea9e86d3daebe761173d9e2cfe65d7a959b8aaa0

SHA512
63d18cd7d56952a62087969bd017a76e37f66b60ad49964d7130543c437c61014aa842197911dee805e0ec7b25c628508d94fedf8f9b7e40828c106c0bb8678b

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\EightByTen.txt

Filesize
38B

MD5
cb9ca4b71172e8297a30e8acd78b75dd

SHA1
edc7294ec3465cfd5813fc104f0e297a033cab10

SHA256
886e7dbcf9e75b3167025ca2f5f48fcc2e21f0ed6f8b6376dbf51ad62df9e509

SHA512
f46773866101bf18707ef7aa7f813e1b32b6256454029253c41128bdcabf3dff7812f3811304d4f18aec58d62eb8dd46126b38c17ce71221b5f0d811e41b1621

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndSmaller.txt

Filesize
155B

MD5
1171863f0ef0e631906da1ca150634f2

SHA1
2cce4c36052fab30be5d3d1b038daedba4e11e4b

SHA256
2318e7fcf7daed8e34ca5259d4e020c5a315d5bff764101a19e09621dc9bdb4a

SHA512
832d0382c3387b2f659d129fb1c7f3f76e70153b34c45055760cfd00702b4d57bcbcd3dbf3099f7df3641945bb0d83d3770a096869af99ad165c2324df87f727

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndThreeByFive.txt

Filesize
81B

MD5
d667867a3524232f2fdb96dd5995af1b

SHA1
612521e7a115412a898e044c57773e306bb53aa6

SHA256
3503d4e23799c6bd4e5295f0efc18fe4122f5f7f8449470ba8446e56559152b6

SHA512
f49b918b9e2340e29126397a9b95299871204a26e8e081d6b4d39f2eaa2e019b261e3781a85f6cb3b182aaa8e01a6b81c36943201ad999750ecab8232956cd19

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndThreeByThreeH.txt

Filesize
366B

MD5
024cf4b49c3c023c7834a1c0e0da523b

SHA1
66e3b776d5184955e76cbd38ff745addd01ffe49

SHA256
72b4b76fd1bd36a80b7954b98883477e08f98fcccba0852692f4c6741d27d753

SHA512
04ca40155cf05f33dc8025b5053f7680dcacbfb32e369ba6598953e189c39a3911f844f1a92e418f81fa8f763e724a189cf50dac6a0b69aa2ef958faef200035

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndThreeH.txt

Filesize
58B

MD5
2c1cf4f76fa1cecc0c4737cfd8d95118

SHA1
ecbffb23eb3053ead40dfc45afbb2d565afa1d03

SHA256
66b4a8b2a17f0463f7427c0239106eaf710ea7129f42d184a58c50cdff614ba4

SHA512
d1ecfd1b7dd8e49bc005dd6549f73117dec2e0008c3e81934b7b09c5bf922316b7b07f726b4aaa38780b00281af470607f88b5ab67a17f23fc87e1fc860c011f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndTwoByTwoH.txt

Filesize
176B

MD5
bb191b8e995ebe983df98e10524f122d

SHA1
6939a043f443d6541633220e627d1ac28e66d2c9

SHA256
038ec3903206018dd16cafa824b31c0c10c4df67340e51a0e0c7b95e5301584f

SHA512
4c657a0f9e5e9e98fcdb14525ed1da0502f8eb676c3a10698c7815494975fa61cc509a286f50ab3239ab44fa78bee1ba2e237ebc8904651436ad8bfc0b3276fd

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndTwoH.txt

Filesize
140B

MD5
a7e867cf39a53ef26a70614e2830b90c

SHA1
b2b34d8be5cf7666d99f835429ac8a03b369c86c

SHA256
24045c10c12a89f4c11e3b88ea34558fcdf926a8c1008cd08cc33bc71407c774

SHA512
8e6eb78d0a4ae949374abfca2960c46b6edb9a3c4a1e66290816ee8fab432e523bc709e725b22d7e7dfe00fe6aad8f8cf6fc98351e7b8a5ac0f2e99bce20eb3d

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FiveBySevenAndTwoHByThreeH.txt

Filesize
112B

MD5
87571ce586bb6565c6bab8808d7a5daa

SHA1
88af850339fa819bca9d2924227efa4a42bd54c6

SHA256
23d420cc18f26c6e9f77d5b531e61058b55be3e5b071ff3664fd62359b7b528b

SHA512
4c321e0720fa43891d7ec7ef8abaabf557fec31b2d5fa7e44a4f5ea7742481b70ed59f19eb41c6295370e7aed2f44b9d187fdb8a48442cdb346355e3e9e9ccac

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FourByFives.txt

Filesize
81B

MD5
a163e9f243273cfdd30d40e9b11d4eab

SHA1
b0305b9f854fc51ecf233bcc878aafe9c22b4fb7

SHA256
b15491226ac8ce0b87c0d28530cd01d89ee7016d6c9fdf951ac17e9bf28bdf74

SHA512
a40c534ddf5d43653219fe69db44645a3cb61aa5ac5066e7d1f5f864c453b8175f03d234f4a97f280bc2773f4075b97486d51445b1143c916cd225526dfeee71

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FourByFivesAndSmaller.txt

Filesize
167B

MD5
bceef68cb887519b438771840de07a60

SHA1
ee7c4833938414701f5f1a8652ba39b463fc8b14

SHA256
0d11f4248e6702948745c7702e1c9aaeff983ff4585022ff0d065aefb3c9c5db

SHA512
a686d5353a40e236dde2b79b649423785d7a4b9c679bd3bd8a0f35fe8955796014206017cb01c532842c3a03f3c5728095569e2933813ad9a1a2c2c5afc21ae4

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FourByFivesAndTwoByTwoH.txt

Filesize
188B

MD5
203768ce527e10bf6e6874d1fbf25dc6

SHA1
5989035d44c0ecd1ddf9a1458cb8d5e0e502ca2c

SHA256
e37ce3b00a1f15b3de62029972345420b76313a885c6ccc6e3b5547857b3ecc6

SHA512
73251a4f5d369378bec9003f8d4ce497f92d8015226288905e174e584a595f67a82a8a9aa36247dad3f9ef7ae1a26cc2ddcebbe237a078cc5642a8cebd69d984

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\FourByFivesAndTwoHByThreeH.txt

Filesize
124B

MD5
3aaceebd65f0b79f9ae1718d3241bf37

SHA1
2ccf78e3b22f294c2b9d2af73d2fede8af96d6a8

SHA256
7b8ec8dd836b564f0c85ad088fc744de820345204e154bc1503e04e9d6fdd9f1

SHA512
bb78c9783303a24dbe8e5fcb112d9a4872d8521f30662770c6a4182cc6fd78ba865c467a5ae3d4d6348a5011aeb6df95b46b6c99cf2bced2beefeaba04ee458c

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\ReadMe.txt

Filesize
2KB

MD5
4548327a0f79a9533f53ad28c5593816

SHA1
fbc793c81515946374dec9837f1df425f5cae6c2

SHA256
47504809fb0ef950909155538b5b21151b36288d1ed567f4fcf6838eb20579bb

SHA512
90f459bf6780fef7536bbb9850eacd93a9b6fedada2cf6df81fee8f7f507d41176298e7ad43141baeed28040bcf87210a41b5138ec5fc147393f11478d09f75f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\TenByThirteen.txt

Filesize
30B

MD5
2e7e1a23b46a41c7de590877b1dce2b1

SHA1
8210b218f10093aac8d1732650ace2922837e516

SHA256
60837f17b0a4f31563938aca41ac3f86053b4af45ad7ed171d7b65674496316e

SHA512
8482296ae6e1f41b0f03b4f3008b5378b5a8e131ea036c8d0a3d9b6b50b0a91febaf3b111a3c9ab8ba422e5cb9720b758159a9f51b9aedb1e1362096330d90ba

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\ThreeHByFive.txt

Filesize
66B

MD5
7d4618c60c56c06812272e1200040c38

SHA1
4c65f40ff899c12b30a978aa30626b256e11dcf9

SHA256
28371caa2007c5cb4b31542a5326f0bdfebc3c3c0b033d8cbead214cddbf8d4b

SHA512
70fd708fbb73ad60f3400481157e80b244a39dcff55fb1bf67d42533f86076f4f37dab41077d9d5febf5c080c6b5efd3a5938d1864acbaa09ae952a018784c79

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\TwoHByThreeH.txt

Filesize
151B

MD5
aaf73b41216617cd686754874f00a7ff

SHA1
4331f4d099bc1774ff1c180c166d8b4c2fa76eab

SHA256
8f15bdc73dc02bbe289e97380bdfdf3997c5e1a7b850d805dac55a5fda650184

SHA512
1291b0787d3a24818fa1ff20464d3d1ff2850c7cfa9d5c74cc8de0e3b59d6a8ba1d5b5c845fc8c1872892ffdf19c9ba37730099fd8892d8631492805f2e99937

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\TwoHByThreeHAndTwoByTwoH.txt

Filesize
228B

MD5
f4332cb4ea9179c3b4d5f039fe518947

SHA1
12b445e0dbf65060bfc3dd1a0958f2524d48d324

SHA256
fb678f67aea5293efa9930a41b828fdfb475dc2b427628588640e080884f0e45

SHA512
d442a078daf7a151d437edb8a8e2b0dc3eba06818a318a38c6f0d926112496870802fb171cfffaba6f884c8fd5cc4ca615d1762e22e2d052151db9ac2740c512

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Layouts\TwoHByThreeQ.txt

Filesize
168B

MD5
4756d1a3ba2cf4e2367512ae56a084e9

SHA1
1742135a92cb1fd0c158486a1130ce5f09e0213f

SHA256
99a9b76af35b9bf8b788e54091a09bb01ec77aad5bb0c26904920c345b8367f9

SHA512
06e11ad9616ad09363bcb37a180a38d62477d784e8db25efa49981b02b245fe8bf3be514fcdde8c5c5a7a42aa6a41bb65b705a1aadb4a93f4f5ad42fe9634b86

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Basic\FrameSet.htm

Filesize
5KB

MD5
a3d15953d568f0881a5f7e6db10c1831

SHA1
e498b1b4c8bc367df1666b1f9cbcfb80eaa9fc2e

SHA256
0f9454112403669d54390246ad53eac6d6106ef04c23ec79699fd020bb998a74

SHA512
890d98e0222ea2536be81049c9ea53d0ac2d6872fdadc14426dbb006f28f1a87105d02645dc1dbd7edb6a4682fd08d2cdf0b0835e10d413b7f267b0921017bd5

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Basic\IndexPage.htm

Filesize
516B

MD5
374703c9fb68a8c8e802defe3fe8f7e6

SHA1
02ec334685067251c53b3039ec7513c6fcd8787c

SHA256
c9d253081255e81db099735b5175483b9e07d6f20dd6dde6642ffc77e7391c8a

SHA512
7761810b4a4e010b3e0180fb33c7f0215b2e36ad6018ec10a9987ee5a613d15a4ef7e8c50a0466f92e3026ddcd5a8ad434980f660538795056fd1a1cdfb621e3

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Basic\images\bgtile01.gif

Filesize
173B

MD5
a51b4de32a47c556fca787e54f1b50e5

SHA1
336c8d48dec662bc98de95b1889ef770360031b7

SHA256
f7ea3f39610d1351b239cdfd058bcbe8ac26bb1ac663df0d045bb791e03ab8ec

SHA512
bb4513e5ee8d841fa6726142edc440b4f9843e1c0333b675811056ce7833a2fe9032b1e71f05fd7a79bbdb068eb35a2087229a80a91fe2e2bb0fdafab3903be9

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Basic\images\lineBoxW.gif

Filesize
53B

MD5
3a464903f930948907e72b5bd598f236

SHA1
42484a574556769047d79790eafa759f1f80585f

SHA256
47007c544b6126c01e6c9da7dd5ec31d3ab99b42478a2f8228669f45cff14408

SHA512
4bf183a5bf8a10e94fabe33b22a35c4ff10314b6026ffdf6244f8df1e6fb7a48fdbaec725e3eef2e3bec328507473bb39885c1abbccaf7f9a16b178e9e0aa0aa

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\FrameSet.htm

Filesize
5KB

MD5
cb4965d699cfc68ff619aad8b44578f7

SHA1
12bc3b99d9720e484d9f0bdd1dc0978a3ef8fbe0

SHA256
cd8c70851f4fb475f4bb932275af9b6fa53f17b9488bf6f8b981f94a04fda135

SHA512
b9922c37f7ba67abe0eb8edf7849f41a92bb54f5f218d6a5e5e9cb1357367a8af80f27aeecd77efd8f09a295a9ca52a7840ea998572cebe681881f0e8d9a0c7b

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\CSScriptLib.js

Filesize
5KB

MD5
92e14e6eae5ded932826d594598cea99

SHA1
e8ef22f74abc233f37e0910ed5bed24e74012e22

SHA256
b0c29fa5c5f66adf507afc2b0cdbbb433c45c8b27b3c1342f5b181e4b395dae4

SHA512
c7e753f71b35f6c5617cac9b92badd9d15726cccccb7123d2b9cfb6d42a39bda944524c80699e0791da44a8b307a6da93f1928cc1d246cc128489aa9dd601044

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\feedUpClose.gif

Filesize
220B

MD5
84d65cb7cb59b5b918bb6a791987f261

SHA1
2f9687691b9544b888959e4dc86129e4f847e297

SHA256
be2e8d13fa01be4c013f9cd1dc4a20df16d9e02050a6ebffa2243caa626d841d

SHA512
23ded48426cd9ca310829162894bee058d48f2360fcec4e3ad5b0b0c8c4d38ba0f083dca98b622929534529b8fe4125d89f796559607cecf50e43af670ae5369

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\feedUpClose_over.gif

Filesize
220B

MD5
af3fd8c22758544919095a77137b7a68

SHA1
be2e19f820c61933b8e340422887b0c761c00b4c

SHA256
d99f869663e3cf2aa293b081630ea412280ccfa5d9b27dd2b2e933dd22c19d27

SHA512
1af1625781847987ecfc152fc5b65ff50ea834f1ffbe0fc57912a64cc42578a2e22e1425b10507606e9ae3e98beb140d9ffb08ba5d3b568b103ac3dafacdd4ff

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\infoEdgeE.gif

Filesize
54B

MD5
80379af40d87bb17127b51911b4e0703

SHA1
949f3a0418448a87978905b46dafd533a2355bcc

SHA256
31011a6832d290baa9d3eccb01c8e49e740fa76428fe4d5d124c60d3b1b54f64

SHA512
4bf94df80018011d30608c7bc2dec0bf438d3a1999156d75499a33602802d89238f78267156d585924f4222aaf472e7ccbda1e624c094e265feec4e35983036a

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\infoEdgeS.gif

Filesize
55B

MD5
73016672a0beca9ecd6723ddb775d4a6

SHA1
3ef772c4d6d43bf0140e2b907851fb60533ad5bd

SHA256
3ee39a8d944e2c6ae95436fc019b1b0cc91585df3347ba46ea417e97fb663e95

SHA512
73e00d1733b69d961a6f45e21d156759e315f28902ed69bde97be02509572596b5cb88f45a211678b834c2d956b7f3b32350a7635d28ea5808af8a74f018b125

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\infoEdgeSE.gif

Filesize
57B

MD5
ff1052d1e22b9e132e6fe559a654dee8

SHA1
b3c91a606302be37d3c45f23bec2bfad20606622

SHA256
5a58f8d85b48ddb0bc9ad2889912af0395333db65c89f9facde2f7d36d5fe328

SHA512
1061918002d0adc0a321cd0463131f35d0233da134cf318ad44447843a1133b5c75e0bf906559621b3ad054a456083aa567e38a026b9ba56452e52c191fa841f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Feedback\images\infoEdgeSW.gif

Filesize
69B

MD5
e61995ffe399c0d6df05e7bbb480a93e

SHA1
aa5fb30d236ca79c04cbdf5909f4fc4becd3ed09

SHA256
41de6aa28b82cf0207263eedc57961422ec889fbaf2bdd3cf8613e10493da7da

SHA512
5dabd84b1a74e32cc7780023cb5a006ee61e9b634fa7cb4bd011899ea0f710d4a6f5ec79fd959a3be7a25c0f6100ae9f569560c3b3bb6e140734737949e6612f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\FrameSet.htm

Filesize
5KB

MD5
0c66f47a2ef1720a7eddc80944d04407

SHA1
0282fab8685dfc766657fd8d18f71216234ebaa9

SHA256
7f521da24896050068c1898b58be08f79f5f2ab48d229a6b471694e3fcc6c027

SHA512
227322ee9e45d3f1a0f63e52e134700825a323863a0bf7004e55ac853823ab142bc7f758df4abd2183badeaa5a6e1076c4f9156d1725684ff5e5456ce8559062

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\Thumbnail.htm

Filesize
544B

MD5
dcd6fb0b6e17b6ef6e860e35cc943f3d

SHA1
654dc194206d2e37fe627b89910579d37ded297e

SHA256
409afe45f5389fe1408f7f9c915664247a20b35e7c72ba67cb3f19a900269dbf

SHA512
dd191a3549beb9e10592115e158bd8faebd62c3b0c701bc812565a7fe2a14a241ec5b3ce1e3ff5b6af711c424c79809121bf66f7d0baac3a352a445072d08b58

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxE.gif

Filesize
53B

MD5
701c614774780ad5cf051a4577892a40

SHA1
da12953efafb5e58336da9c87e6bf257f95bfb80

SHA256
a67e4758c33a5a0bc81305e6d2b283d5f3ee8159bf1b9a526e83623425f57474

SHA512
d078efbaa2fe7e896fc87b18b9acb65ddf42eb4800091df38a8fb6f76e3c0d7772e2848eafa7b013e687ca8ea83dd96d4e6fddc7b84b882704d66526716c1935

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxN.gif

Filesize
54B

MD5
19641c20cfaf6ef04575c3e9cb959944

SHA1
6aeab9705dcdd1707bcf849244c4734cbdc59980

SHA256
0446ec5c6ed795160587f08268d1dabf41da2a940804b563aae81179a024ed1a

SHA512
ce542db029281e62d2a4f035df0608729c4c823f1e23503edeedc1c0912e8c24a7265ae9322e28977a6e77c417ca47411ff774667ab19ee1902c37815213d807

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxNE.gif

Filesize
54B

MD5
27d2d68f0a81ba0ddf03ca75b8948f3c

SHA1
6219f43b01640363b96a32044b6a308f5d8e795c

SHA256
ac8f84eaefd217fbd46c569ec4d032a9680a205b0332f3b64370213db989df04

SHA512
3ebb5194a80da5bf0a15ae8967d93ba3c5ec5b258332c3044032af3a36df935f1cdd79ce18fce8091f8c71b2de1e535a1575d7946c2640571a4041599bde5d38

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxNW.gif

Filesize
54B

MD5
cd594fc86a4ca7160deeb1b7af5ee07f

SHA1
88036d57bd269bb085148de33e9ee899cd20a660

SHA256
2308d854462083e27c8fcedf3b3e95536ebcacd07d5c215e6d7a2f70dd5d53a0

SHA512
097f6a4ce33b2aa182d2be07492ce118b945a908301d104d50ea7b191472861f43bc80f3ae6c535291aa3c35b659279cd801bcd52239a2d9b95435948b359ddb

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxS.gif

Filesize
54B

MD5
4b73a8ab85ac7e5e104bd965730ff27b

SHA1
db70f2f52cb82feb4fab3f6b41ed146340440de3

SHA256
3ad1710dacd318be17beb3120b77e80cad851e006ac5d827f1c9569d5dc3dc4f

SHA512
1452e5571bddcdd45b7f36692cf012548f9f2bfb83ca82fcbf1f1f4194ff86ba1a3c621579d12c8629e760078cb53b1bcd72c42c7a56a878d5b8e26088f80cb3

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxSE.gif

Filesize
54B

MD5
dddce83d404e9f4c6c3f4fd79bb50319

SHA1
c3e4b7335ee03a9c5d78f75f3106a0cb37b05eec

SHA256
4b2dc35cda5399bf806e88f37bd3b8fdbc837872d86c18dc42b7d642e842ff9d

SHA512
b77a245e4975ec6bff711ab109acc08c8ee6c791ece7d184b7a51e70c26d7ba95dcef067d14c603b661f9b6a0ef12ee7890f2803e57685c5de32fca4149f0c2b

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\lineBoxSW.gif

Filesize
54B

MD5
7c841d42cd778596a835254722b4bbc3

SHA1
226a98ac1586fcb2762c3946902fd53050a4a679

SHA256
96494ee8b998840627117283a3f00b6dcc9b4cf515b72d278ac199f8052cfd1d

SHA512
7e2ab2667797eb2aa9ab6d7bee9b7eab641d0e88de7dedc0fd527cd9995e2b41f54622db8cf6b2db62a70f437c0796b3e00358de600b3a842302505ae24c964c

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 1 - Info Only\images\spacer.gif

Filesize
43B

MD5
f7f26805de1a1f270e665bf7873d7e19

SHA1
c32085898c6e36d361d4b8017087de90e1b8465c

SHA256
2188414d64d2930eb54f4731b6eb9a931358ba625d1cd7535a889409218609d2

SHA512
6755bed154762d44a97d836c1201a518b98c7df673c42fc125de88d5e8c73a43a08883280954c92cac7f62cc6ce31ce2e2208000c6be31c5f132446cddf702c0

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Centered Frame 2 - Feedback\FrameSet.htm

Filesize
5KB

MD5
647e93571156cd8a53e33412ff8686d6

SHA1
421635f3bd85e42987c773281217f256f350206d

SHA256
e4eb1aa001998e33364086d6a5c4c7278dda9cbfb0b6d915874b35c15497b86c

SHA512
909bd72e6e3db66156afef206517e9693c1e545f1afa6ea89271dace37856413ec223e78d2614b574825b7a431873802c6dc893e50f99f83466dcded90dd4df2

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - Black On White\images\galleryStyle.css

Filesize
1KB

MD5
6712e2ff8f1f7b9aa6909021cb589534

SHA1
7f66682b8e001cba8fb12aef11a78ba2e201e15a

SHA256
beeb5834ecc95d4177bf38fcb89aac9c5b372e632bc7813dafedef0618e332c2

SHA512
1a0a718f5089b21e1512793df91373da38e22dfcd676b4e5ada61fb5b9b24c8851cd91097642134fd3041a40db410ff4f6757aea0553b3c1836ec235bb1e9eb1

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\arrow_next.gif

Filesize
65B

MD5
ec309bb96489de2c2a027114df6bb4c9

SHA1
1ce04636a29992db3db0a057656e24b237716e16

SHA256
b3a46abc4c3e22a94de01606de42bb13a115a90a6aa134d1d95854cf0fb869ec

SHA512
e8ed8ce865252267d029a7d9b3f1c8c71e42f4d2ff01889f264b463569fb83aab00224f5b749cd22fb1ae67a7bc7a68bf04d05d1472b2a3751073201ea4fb1c3

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\arrow_prev.gif

Filesize
64B

MD5
0ec93d1670672ca67161c93054e88c0d

SHA1
da208544d87d2abbe5d0b80e02d34b72832a395f

SHA256
144d2ef6a2c2ed5e70d0f5746a9c93627d32eb7325eefdcf232823cc72a60606

SHA512
2e10ab8e263080e78ff3c8f32802086dea002ef64ebec909ed457677c88bfe3d3efc0878213b4d74123ab061bbf6bd5f6f2ee74013a90761ff7f741426f4950b

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\dotted_horiz.gif

Filesize
35B

MD5
cf8d6b36d78aa9e290c1016136943e9f

SHA1
1936140365811e7693e395a411faeab9369f53f1

SHA256
31575ed2330babc2f82d31f1f04a5e0fac4a98206e8c2f644232a51137d3868e

SHA512
522a88d46cb3a5d1caa0db5f8c39309322afc29497605b5eed2aaaaf82fec62a48532fb798ab3fc8c8409b53e71b657ae9b1335737b24cb520419668a54c7e3f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\dotted_vert.gif

Filesize
35B

MD5
471a6c8a61966b37b5fccf7f977c0322

SHA1
0b70cbad4cd9030d7272556b806359b390cfcf05

SHA256
04769aeece5c7ff9e56a33594b529cdc636ab69680f8c1e175899df6233c82dd

SHA512
844fddc9e83d540364e02f11c3467ec5120d1882efdc6411a27f1f19fbdff59e5bc616063fb2865efd80c387e0ce379d99bfbee082c4a9540174457f1b836c90

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Dotted Border - White on Black\images\home.gif

Filesize
87B

MD5
f19b0997743f9a74de958bc62a3fd222

SHA1
d3318fa5868400b3fac31bd9b981e38d93e186c2

SHA256
abccf8f81d677f52a0c4db28984ba463b3bba9ba99894f9f39f4c9547a6140aa

SHA512
236ab7d1b62633bd6116c03bf5ef935908eeea43b87d410a8e2e6f0f681f753ebc0eb750704c204c9a34c2a494e3bc6b0d113ac27692cb519ed8207edddd6c65

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Flash - Gallery 1\IndexPage.htm

Filesize
2KB

MD5
f3690f95b6918b435bd90bc4a222f160

SHA1
b4b82db83cfaacad7ea5f9bb779ceb9c72188ad4

SHA256
c5828beae4bf17ebf5099253e102941cab47bc62d9578081fae25076ea24b0a4

SHA512
ea75f059018866e62033a6a336704c3f1c79d1c951d48e265df1d85566b04eb14991cd5071576359f18a4e32b59c50ee30be2c6f3132456f1e201fd762abc4b6

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Flash - Gallery 1\flashobject.js

Filesize
5KB

MD5
e75cb6b4bb0b15fb7d4e1c6352520eb4

SHA1
3e7e866d3cac0d687fff22f50bc5a7d23bacd1b7

SHA256
2ba6648c4b81b33db58d6dd13873576f9b02531c6bebd2f9866f89462ff6dd63

SHA512
725d802ace1edfb3e75a561afa3e0da986fd8f0aa2d75d58738ec75900180bb82aa0b3288845aba6bf39515cd79f5f5ba6a86a943b80ad53d3ac33d1044d1674

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\FrameSet.htm

Filesize
1KB

MD5
d656f22e21bc0b39ed401a73f4ebd8ad

SHA1
9bfd92fdb8872aebf042e0dad1b15a0ea657bda8

SHA256
2ef0b8632395250da7a50aba9c73b8b97c27e1a5ff76d0ae2ffce238e3ce4f0c

SHA512
d60cf1e1cee7dac955737b857db8d35fbf774bac20efddf67680d5744200a805474a678d4794b22ecca1ee8c263434b884cde207cc0b3bb912f6948ac01de143

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\IndexPage.htm

Filesize
414B

MD5
c9580e2bd3527b65bf5b812b477ffe30

SHA1
66e921f302739af54e7a991ce38a1d37ead7c7c2

SHA256
e77bb87374bd3a9b3ccdf932d260091a3ffeb1d1ad9d236b54f0f6797585ebd7

SHA512
e86e61aa09e93395f03b9976d6af4f775be3e017ca371a837e538d440e04b7813d2855c3b7c2444aaa357c9d7a3b5ccca7649c6c557bc3f520b953d96aa93577

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Gray Thumbnails\images\spacer.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal - Feedback\FrameSet.htm

Filesize
670B

MD5
93dba3fdb38e1ffc9c0d1cc74bf3825d

SHA1
5746aabf57391fb7d7beb26bf97356110138707a

SHA256
9cd75c359d70b7ffd18897217918a60bed658bf3b1e78b7f865218f9e929d994

SHA512
310163900834833bbbf9686e2b28aed47ac3068bd016385cd364e9324400e2ee992b59d64c734ceff9f346f47af616de2efcc868dc3dedb2ed3519faa233e596

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal - Feedback\images\pattern01.gif

Filesize
98B

MD5
515756344558ceb3f52c19e51cc12c13

SHA1
6658c282dfd619e76fea4a8c9596b723c61b1f18

SHA256
2ebc488bf2c17023ad5cd77eb307a9c0f3ddadc5ee6774c3d027b8227ffc29c3

SHA512
9aa979af2b241c9f40220d390d546b25a1edbce80e3e6f604e9876bfb0d3bee22d8fb59a8795860d0baaf65b5637d545b91f1449904775781bbc1adc296f2734

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Gray\FrameSet.htm

Filesize
670B

MD5
6e611cd7b2fb938b8e87e7bd1c9f1bcb

SHA1
ee13349f6474160b8a2d015d3dcb8e6d43cb3996

SHA256
631cc8fbd8fd91846638e5152cb8d2601f2af5e78c88ac9075cd033fa4cd577d

SHA512
13a89e9b806d9cf3f1585ca070e3adb70d985b7e7831cc10bb2641a1309d4faefd38d7e627445a92388af07d4b3ad882de7cad6262b1b52ae2478eca7efc3d06

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Neutral\FrameSet.htm

Filesize
3KB

MD5
95a5ddf74ef1a9646697b79c1747bec9

SHA1
7e8b008101facfb72475fa55b0eb66aae529ddea

SHA256
efe7c5ec5930d57bc2a75989c422ae4ec5ab74e9b9ef48489d4141d2844c5c29

SHA512
631ec2ca1831a046eeaa9f51c3615b636203b9286218fa15abae601ed028ae4875ef5dae5cc913ff11bc34f844ec40f547100a11fd930777e5ede892033e3f51

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Neutral\IndexPage.htm

Filesize
541B

MD5
b39c08a9f4eec3124c439ada83f44d20

SHA1
5b7926faa7b3f20270bfc466dcd578916dfdddfc

SHA256
a4bcf879690bd8ed8963fe303dba40d2763348732f623228b4a83633826496bd

SHA512
8861fdf16690763e2101879ddd43f70333006cf5230f0d0e5ded2881113f53201721751d0936f16bca3ff1ceace7cbb1cceac2b81adbdb2139833722125025dc

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Neutral\images\shadowBottom.gif

Filesize
45B

MD5
366de1bea14af9278062f2e03a2e1f8d

SHA1
ab1f6120b8f21640db9cd556deb62662465981e3

SHA256
10de7905b53e7359086b3e89f87c7186c7cb8d3ee5a75335b85b36c5d9d167ea

SHA512
82b971cce880d764bcd038aa4f7a754fc9b3c4172437355d8557d08560c1221a4f5bfc0cf2e4786cbaae062bdaaf25c4f72645f20744d9bccb19178e5ae77f98

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Neutral\images\shadowTop.gif

Filesize
44B

MD5
666b8d6c2a26ace51c0b24e62cd0136b

SHA1
48fd5e9ad172bae08278e1db6e0ce5bee30f892e

SHA256
db9d3fedbb85d984cc674ce471efd87cde8abed74279100481cb638e55e9be24

SHA512
1bc0d8f861d1d4becf5f40ace9db93d5f1a0c5da40ae832e36683ec66545fd9a098b8d6729d835e1860b569ece829a05920938afd990541c2a263a44d57d490f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\FrameSet.htm

Filesize
4KB

MD5
424df5f7fb9fbeeac29a8421ae884ec3

SHA1
912337eaeafcadd5852ea7680c345a2feb9f0bc9

SHA256
09fbcab7e95cd1f893dcc2978fdd2b4a4f5ec96fa6892d4f00a72b0854082feb

SHA512
d0fbc87ef792e2441fda0753afe7584bfacb4d3db1897d804132a77f04769ce2ce8cb7db7dedf1ccb8877f55f349204e303c615f1dc09e303eeb542d42065739

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\innerBL.gif

Filesize
47B

MD5
b6525a281d720c9fb68b869174141082

SHA1
9c8d1318eb1a40ef883699dbf65ea2427c7dc09f

SHA256
a0216b8145dabec9fcc8b3cf5892a4d12399492a9a24bf9abb737538a148291a

SHA512
3c4b7eac326207b93cd8bd3742595ef5757cc92f71881049d5a79c262573e6b9212e9ee97923ef4e25a48f8b09994fa9aa12a6986a99c24f0d81c57e39338ae0

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\innerTL.gif

Filesize
46B

MD5
fd50d9c094e7ba5350186016af1e6372

SHA1
9a3ded46c98ef056c98b144bd40dcddd175a3204

SHA256
d51cb81d1e00e36fc9b947ba47c096919bf7b6c4026aba4c86f40817e43cf051

SHA512
ebf16437dfb610500f9a247600d9243b453dcb0980dbce00a647f6318c3b3adb3e8af677b6d541cfcb57bf617d020cd99dfbedb7932e5bbe4b68fb8655a2e324

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\roundBL.gif

Filesize
68B

MD5
f3b36277413e7174fd2c890132dc5391

SHA1
d8c4043896cf1655c7b5dbfbe88736820a862720

SHA256
d4043d45a4a58fab6d4a8f50490e4c7162c882e0a8a859726bca02b9163b105f

SHA512
cc92b41dc068fd29208136a203c8aa1c77f2094e2e4c0e1f5ba24b9fe84acba53034b9ea14d2ba9fe52b5600b13bb3a1dc32b66c5b50780567319ce541af4fa3

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\roundBR.gif

Filesize
68B

MD5
406bcddb9397a6f486d83d8f18026bcc

SHA1
080092bf3cb39682c9e141b8cd110d76ab9b5d84

SHA256
07d6c02e36e0a0f273a4d16e63465d853be75cf4466aebce405cad2fa15ad7d9

SHA512
1d31b6fd96b9189cca1d0863c2fa471ecb9667e070ac5d5ccda659e9e8ad3210044417173dbeee12635bac91100bcb4049f2c40eb4e4fc037556315512c90d4b

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\roundTL.gif

Filesize
68B

MD5
0a23bb2ffa4daed9bcae6a124e85427d

SHA1
e9792af367b91df926babda86d669eca86816ff7

SHA256
509ce80c9f7dade0d6117a835f7135a4acbcf890eda5f3555b8c4a4f9ff4563c

SHA512
0184cc069b62262315f4c1988b37eb2fed14e7835fd938587bc35fc63abc15588b1653358d6ec81b98c02b49068caed735eb5192f7e3e5c50bbffd04e090977c

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\roundTR.gif

Filesize
68B

MD5
1fd27b71b85ff12030a1b8ae3103d175

SHA1
e6aa65a557f6fd273198efbb6f58e4ebbb2050d7

SHA256
4823c295c508fc95727c013cdeda061dc24fb368d23eefadbcef3a8d89af561b

SHA512
3da2670ca504e3faacd5f83e0f6dd62cf61d42b511988d758a0c0f65823e276a193d4aac8d29c6c4a1a0085ff770686ff7aa78b336ce15b981ec87cbd02cde6a

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Horizontal Slideshow\images\spacer.gif

Filesize
43B

MD5
df3e567d6f16d040326c7a0ea29a4f41

SHA1
ea7df583983133b62712b5e73bffbcd45cc53736

SHA256
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

SHA512
b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\FrameSet.htm

Filesize
3KB

MD5
046bfc5fa6defd5ac87bd9911f86a1d0

SHA1
b509cdfd5bb48f9bc9841c8a42e843649f381e9b

SHA256
b772f6e18f07c1de8fd84c855395a9ff6ba9ce17b77c55e659f5c90b379cc5c2

SHA512
6fc2cac0d2b6e1741452ef4c0540948189c531770cb84765ea7145be89a7af75ba3023054710250876a3b718907f6e4967f6da142df88b797406b4ba24cfaba9

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Horizontal Thumbnails\images\Thumbs.db

Filesize
20KB

MD5
b62f7d057a543d35679636b9d286a7af

SHA1
bced394e7bd33128d144571e79307d89b0855c68

SHA256
7059e3c007d414792b62d0f85bde28aeb443107b63f1bc4b7fddc3dead213c5f

SHA512
76e529bb3e876286f4c6e232ff04b7dce207a66bb31cf7d480561ddef475c23c36f1408a0632fc992954ace149567fb30ab2d43635db79cfcbc6d62ae50be4b4

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\FrameSet.htm

Filesize
3KB

MD5
5814e53a948db2e8cc1e13b371b9d6b5

SHA1
9da987b0b8155338d1eecb5d83b25ff3b8dbd6b5

SHA256
d77c2beddf705df0cdd34b3536539b187112be6dce9ec4b113c5b52312650ff2

SHA512
f733d9bc1f539f5cb14401abcc673a8fae77ddcf8619cb77584a9ceaf6b3ed143bf0eebaf48d43068134f9c0fff1d4d742e8da2401bfb1d90fb6db61a872340f

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\IndexPage.htm

Filesize
513B

MD5
7d0a27db87cbd4243eacad312e5d7f41

SHA1
9b077bbd55fc3718e25dd9b80b89423cd9495633

SHA256
8ae7498b01f40e9d2a04df8a8a91cc0b180eb9eb64b78129f59a6d6ab547816b

SHA512
88ed00f2eba7cc1e53fafddcb74c2c1029f2866c4379816b0c53a6230dd5a06eb33092647b36c90f29ebbb7c705fcb065514977acb06fea4cadd43ae144f73ed

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\ds_bot.gif

Filesize
106B

MD5
35b643f84e7c2be0f2a31d09a4f51ac0

SHA1
c46138ea76683df66ff56836ceb3a8c743960d99

SHA256
63ac22c5e233fe7a6581139aa7a2bb82f651fbe312bc91e0cca716e464b84f42

SHA512
ba21713fa8068ebf79573ca5e07cb6344243737b040002afdf81a9c2e44d4071b840ce12a6df1742fc9237aa260f2fe49e6faec6222dcf6f63078a642bec494c

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\ds_bot_corner.gif

Filesize
120B

MD5
093a92f84d3a8f15e93114cebd9f832a

SHA1
9ebab475ba0f09653cf43dc4d3db1965c8a21acd

SHA256
a0996475e26e98d234619a323acdec8e2960ddded220d47985f41dc19851ff01

SHA512
0fd3ce31fef92a211504d8c8451979b4b167ac4253eaed76665ee3e2b648ea1f5d969fa30899d0f9c7f39b9fb6b6a1dd013b7c559f750953cdee30061b443656

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\ds_bot_lt.gif

Filesize
229B

MD5
6c7faa04a899f37b969fd297d9b21a90

SHA1
44ef5d457a7d9c189b26d4bd460f2c428c09f9b9

SHA256
17c5ed140289d98cfd2fbaf2d02591d60cea1bc47b77a14661552914fa8b2877

SHA512
250c6c9d515b416cb71e1cb02e033323bf31994cf670fff4ba4cc9e7959daffbf8afa59814f1af8230ba2a0c8d42cfd07735ef8a529f675ff5c25593bbb927f0

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\ds_rt.gif

Filesize
107B

MD5
3afd79afbf956ae7908b30ead87b7f8e

SHA1
c5c605da6c16b7c3b67f47f35ae2bd792abe072e

SHA256
1b6dcee224de525629ab1b4973284b61208c671ffb47451329c01463c5ef41cd

SHA512
1911b6d1b0ca3ee11ae8e016655f5086237ef4ec284312b6b0e8492d2500cb7e4376c2194652714649d9a8587bfa70c685dc80ebef47c84d69fe4ca7b6353312

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple - Vertical Thumbnails\images\ds_top_rt.gif

Filesize
209B

MD5
274334c6b4d1f8b9dd55edeadd465d07

SHA1
209cbf8f7e99b3225dc3155d1a6ab46681911748

SHA256
3f1d72c63ea60883a2e56ed4f043ba7b9f23807063f06ecd129ec31274a45b02

SHA512
c784288d50ccceaba7bfa996462503ef8ba413ad788f3290d278d6f86165caa19e988c7ee2802cc874601a4544b7921845b2ad22aa88e9d76cb83f3244e9a3df

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Simple\Caption.htm

Filesize
455B

MD5
6cda401703f598d55ddc38a27a0fea5d

SHA1
1ba8346780cdc22f5514a01369c8d6d78e555d36

SHA256
a0567813dfb85d8da78f389e9916a919db3afe3d273bafb8c138e08d01a69bbb

SHA512
3ac04a5bb87e35e663127c57faac7429abcc94538413a23a51c411b37741fcd14785bd581978aa44a40848a34a6e111d1806ffaccad6f9b36c88518085d9dfdb

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\background.jpg

Filesize
6KB

MD5
a1587cc5135974016cc21d877d97062c

SHA1
cc96de741fb6cf95c7978407d98b8b001e1d2b89

SHA256
b54d0bed280b953bb25b798e953babf73f10b0a378e2b927cc41b80cb118f84c

SHA512
f6a534fac5a3dc502c90431acf350bee70caeb244b9e5a664a3ffbd73211428bb8374cfb1b520ef0e421e16fc40e7a7ac78ee83792557a69a31e35a44939b880

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\home.gif

Filesize
691B

MD5
f470e493875a62d5ac801a7fa5645f76

SHA1
a82e9816ad4f4151881714179c281a764256dd37

SHA256
531eb700cdb5d0e562106d76d86eeb3b4ae55546295a8d014739581d03173b78

SHA512
e3557b4f9b17428cdb6d5fb156ff7e49d10f7c3279cbb231fa3e7ddd925008e4db17648d50f05cc48dfdd6a84481f7d43c53c76e8fafc6424dd1764669439c90

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\next.gif

Filesize
683B

MD5
abbf959994da39d7fdd89ee7f45d9b36

SHA1
131ad3a5ecf00bdcebebb4d97127263db36f657e

SHA256
56b46dd73a34e806024f0abf6884f76009c6fbf6265942be749466e2bd145617

SHA512
3fb7809004f53d2eb1018f32eb26ddc8905373c3bf77bfb7db1d8027a9446c16ff4c8ab65a49f6619fd5c4a6840514cb61c63594a716dfad47b47d7f102090c8

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 1\images\previous.gif

Filesize
685B

MD5
e2638e5eeb4d76bd3991add0fe8d31ba

SHA1
0bd9cb7cff0b0bd2decfe9bd1d219dd5e9772cca

SHA256
3879430859f246ba645e50df04a7d25713407f9e6a0aa5986d8c2151fcb5f1e7

SHA512
2012f0e46194a188c85f46f08442480a12754071e63ce17c7aa2a666d1365b67f36d2c88d478b703a1362ae5e2eb50618c7862eaa98923f59619cf4b1f1e3d09

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Presets\Web Photo Gallery\Table 2\images\innerL.gif

Filesize
55B

MD5
7f5462a760ef486b4bd4ec17edd59331

SHA1
d4e452aac83e06d08b44f8ca3d1e12e99669629d

SHA256
2ffaf9ae3c50babe404faf4745def22a615222c73d233c064487b50115f49f00

SHA512
c401aad029cfddc75834253408433fb5afcc98d90439a14231e1b55983686d1409d005ba1b9386c308b6b3c75493ec7ddb72cdf4d30c295ef04f594ef22f03fa

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\Default Filter Colors.aco

Filesize
952B

MD5
48b13d77a765518151b251c7727f3720

SHA1
6d259eeb7b68807d97a4182af5250aa89ee2cfab

SHA256
3abd290c69c18c287f969932e96305e35704ca84dabf3784bd21950912d1ec40

SHA512
dc296607142087e358c9e1b444d176282e83866c01c6b2314236429ee7da6ded9608730f98504e1cb630296eb6183904b23eecd86f62d47ad2a4e3622d7e0b7e

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\Default New Doc Sizes.txt

Filesize
20KB

MD5
6b3698008143c584cfa77ee615d0e26e

SHA1
d183500b1b42f96ad3b08f309f34537cec37c04f

SHA256
52ca94e229c3e4fb62aafc4a82328e4982084a35026b3f7719aa62fa007c2830

SHA512
47144965fb0e493f6c51f80a796bd42d9ce392ef45d51ea4b70005294bc99fef98c7460aad958b382eb9083bd5393002173a3317d3fad5ecabf39730a94ba7e4

Download Submit
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Required\OS Shortcuts.txt

Filesize
96B

MD5
303d07950ebdb1129ed20b56517eec03

SHA1
af8ae6e4068d13bd59aa282cdd7a10b4a1f46b92

SHA256
999dd9c1b23bba7418102e894e7773176fb6b95d783ad1530924bf63249284da

SHA512
1e695f05a23e3194aa4a57295b6914c46ff785a08e1dc4b1b280470f8d55b4c3446eb75b6850fad9ee52d7e2843e8710e68dcccf10c03a84d2a15727a0be9242

Download Submit
C:\Program Files (x86)\Adobe\AdobeSetup.Cmd

Filesize
1KB

MD5
3ab232d12fce978108138e2d0350497c

SHA1
23317b33e2bb5f03bf2fed11af88d179f482c28e

SHA256
7dd744e09aa7df393ef236bd10abea018a00d3c5e85f415e4a60c746f1672c09

SHA512
601528ae84ea951ff8da975e1eeced4f4ecfbd05124215a68c915b22855fd0852facdffb9c7a9ac868161339d76d4923af631e2a93be3e6d8c72600cc389bbbe

Download Submit
C:\Program Files (x86)\Adobe\cache.db

Filesize
15KB

MD5
9ffa8a1dad8a5d44a7338cfb3a6b3dbc

SHA1
9cb1d6b2ad64a1fa438cee17550d237bb0ff5cd9

SHA256
69cfaca4f885c9b7402167da22364f937392601423201a78c803539fbd322c7b

SHA512
c6e9b94b808731a371dc13b5a63bb5bc4e6f1a6fe72e39356e1826c6ca272c95685f107989fe94be1a8573a6c4a6205969b509b3922450f8b45e9525379786b4

Download Submit
C:\Program Files (x86)\Common Files\Adobe\caps\caps.db

Filesize
25KB

MD5
86ed2df96dcfb1488db4d98c46ce210c

SHA1
95fda3ccda536ef57de36d662d9db5e532007d9d

SHA256
8e26ca94cda14cc783621680daf9f14927c3cef4626a83c2f06b8076727ba965

SHA512
32a3681d564ac336a026d2fbc421f48b803b68f41dbe633d80797faf8404375a7bdaaf31fabc8bfc984f0c189f660a16a148bc172c0d71001434a292abb450bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ad87e0f4dbb4f59310e2552e68a470be

SHA1
ea45b19dde4cc87e06054408baa8b24aac34a591

SHA256
fb68e6829cf6c8848f2aebeec55aaf6eb33647975b932d2f36b81b267298ef42

SHA512
fc28f26f2c8ae8b81ba207e318a18bda12dc19bf42164b24a126e727121d4ab1e2f6a5f7d89c1b1f05853db8a4af0a26b76fb60f3bd81a1ebcc968f28c3efae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
03252147faa18d057300dc329deda9e5

SHA1
b68c0d52f3539f78f64879c95723047d055fb5c6

SHA256
4654bd53ef2bf68c5b4cd279a3860408bb933f9efecd8959e71253fb937b89ce

SHA512
d60b3e307c164282eeb53832b2f5ac34126cc09f834ca9605b60c587ce4cc66e719188ef10d32f06815195d04b74fd16093254707c333bfd539992250c38c8bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
10f920ebf7be9eb7cbc64a0f819e67f7

SHA1
fab1c732a286396c1d4085a0277405b8135af0c7

SHA256
ab9961a3a2b3e139bd4740dbc79607d0e813d22d75eb6a1837b9549242723a0e

SHA512
a366ca176296f4dd4b5243079978af244d52d385e6fe01ee88e4ff9c3d9875692cf9cccbcd739de0cfc5d28f99e4732740ff851ad79c2673b824b87f45999b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3dfa5e0dc4e7d70bc6599cd43e9248c1

SHA1
cc4b800f42d1700fc244c38a98e1cd0d585a603f

SHA256
25338af08300b7d38d8658e2dd9ebd83ec13aa5797aa26808ce8505a24de8091

SHA512
51bb5652410a8f7f411e2e1ed764ecd0e5f8c3a9ec6ba78957d101c112c404334d97c6d939c5a7d1da9a236fbf670bd8daa0f831154a6c93cf00eeed428629ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d13edb2a326a3df704c0ea544eb79619

SHA1
5c565d7c612a1263443429c871221df3d89405c0

SHA256
e095c202f000f27ce851d8eb2cfd9cd9c44a6893554e37ecd3422545aa0e4b8f

SHA512
f9bd1d02444b71413dc5eb77f59ad559c31f56106daced892db2f963654b22ee59cfb4f8a6bd9d0670281aaecdd8017d6c103a3782a5c67af0a05211eaa4ea3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f4f2d65c50ae6b396addb51fb31bed48

SHA1
f0fa069b062d9122c6a1f7ba6f1b0e56901f7b66

SHA256
e2516f9b361e2cb888b0e6dd3a7538f7aae8081ba699146c0151e2f28b174394

SHA512
0a707feab8f627a8c55412a7df8b8c26a147ef2558474bf0a303b555e4218948e036ca0e2d4e3d1ddb9fa1cb0d05c96a8b0f28e1b862310dd60e6425e7d02d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb34c6cb8df2fdc29281428b4523b70b

SHA1
b78f69a69169b4ccccc0b57e0755398f99d22e46

SHA256
5eacdf35df36d86135903599d869e6786c176a106e40307ec424d4868f640008

SHA512
caa904d307d5a765773575eca45f84fe809ff286019353e8b4029e8cdcd7efc9a77569eadd53b711cdfc7be7110dc7fa85ab5e24cde72ec7dddf693a2bc12b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
738129fdf31636bdc9af9a0cd9f0927f

SHA1
085009e8a80e42b274dc0a479e5c4aaf2d2d7c88

SHA256
1f2a4eb1ae00ef49589590de6484b2131b6813003b4554a9c54c6037e62bd550

SHA512
a70921dbc15f1ad6647d8c6c6f911f03d61422bf3381f6a468884f8bdff03fc3ff5be9e010d8a3eca40b7ceebdae7f3cba0cef1e28d85a1e488e252c846ddae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d45db3ce4b3e3540febf8417f3bd374

SHA1
d271552c984e9e11678dca3bf1c0f2a77bf1949b

SHA256
fc0a534eac01493b8b42390a4496a945527ae1d961adb98e9ea105a3797c7edd

SHA512
dd893f8e8d831e55f3e3b2baf1c3876cd7318d8ea1f5c1bf55b089bec05c0cf24a042fedb410e39585470a8446193f07de3ea1c0f3b260b82b0253a0e39ff2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5402c880467fa0ed52c7c44cf513c487

SHA1
aabf654373a6c75a0d5b69948cdb43d59e9610ac

SHA256
1161d869f6a03995112276f683f7c8194b62d78ccfbbf964b3506b057912d177

SHA512
ad2667d404d26ace6a86e4babd9a823d2b3dec8334123928b3355ae25c34c4f45a7aa21ad30ffada8098d80da6ea586f9f4ef722aa0020833ca66f21c953df3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2f3d3b99b93e7486afb861f800874705

SHA1
b0881a1854b0d79332d3c19f1def807be352df60

SHA256
1b42dcff26059aad51c59a5bb0d489f3ee00a705b80d667b198eeed336601046

SHA512
7e295f9ba96dba4d3c5cf0f1ec0b598cfe3d17686f92a688efe4a08636d511014631c3be1463169b218cf9fdd312885586f8d0e29ba3a2fa8820606ae7dc2b87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d076518ca7a744713ff6b7e0c1b7bcb

SHA1
f4ddcd8aa70d80101eb3cd075af4707b659ef5bf

SHA256
b0d14932c0cd76fb3c570df0f8781d511e72f83605a73a9184da019fe21d559d

SHA512
7cbd18591ad7bab192db994797e1a5e783df08f3d07874de9f80af18edca5b36f1b908906de105bd02d440537eb4b3c2b7a97322cac927feb8b0d6850e128c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c1186b8b86ce4f9cbd5b5161278ad8d

SHA1
03fdaf6777ec208472be021aa25e4a123c0bbc06

SHA256
6baa27dc54a931b1a38f21787c4e9d4a270aeec1de1816f62ffa673ce6dbf1f7

SHA512
ecf96f3b7a2b844f0411ea2f444d72eafab06a5efbbb6e6455dd5244484326d158c7439dd38a942971f800e83aba7118a684521e8581c908c1aa4b59e7964235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42d7124773e40194e7b1a8a78c639720

SHA1
afe125a258d1452aec6cda5dbfa65392ae0ef8fd

SHA256
e3458dec4f994181c50f0531e92f908cfbec86c162c782f19fedc8f84e5859a9

SHA512
3412a6b583fca628b6c0a93d132c333390b7236445c27a81fce12412528b3a93388f4f1607dd9a13add3cd2b766159e7a9b7efb142a0f9922a3910b8fc00b4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
205ab191642d70b64771b2cdd5f59dd2

SHA1
a4c3db59bf89c320f7be6190b98c16d767658e53

SHA256
2a57d188f4ff23f01c156438b6b50455040160f002f18170086e754fc6a98cf4

SHA512
6258758cfec212b7a1311fe33bd7ce1950a269d69ae751ec2b3269438827f78c38f62a8270f9141f2e039da3515c4a43182d59a21aeb793d3fdf573e61d149d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54c1eff28192c93f5c10049ccfaacf8b

SHA1
f02e249c54f3d69ef9300d3fa53ca87601a171f0

SHA256
b01b53129a158692fe9b75b12ed9982bb23cfbc5586ba9595149ccaf558f3d0d

SHA512
4654ff30e65a968029621037c1f3b73f6b53d54047d62da70cb58c93ca0f89b15535ce9eb1856b7d325278f4f94e7d186931ae1856027ba9d2334479786dcd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55a729059496a35f5085db7afacec3ee

SHA1
03c77640482cc99677cad871c61615910103a892

SHA256
6328812133b664982b3fd1b536e4d2c93f49ce3f0feac3e5764863df1c298480

SHA512
240072914965a3c01823c21c3243c5b60b5c16100533b15dfa784d7fb5b41a9831ee779a4f709b829c625a1d4843f5e2e897974b58f78f4a15e252ecf7cc94f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7e02813e94f24c75e739e4dacdf6fad

SHA1
bf7dbf6b985a20dbeebcbba3ad18b6dee5aff691

SHA256
4f73730981e8a9a9112b092756e8dcb3e1005421b7347f08655c9f0ade346328

SHA512
230b4d8ecd72a5b508cf6754a29e5a14ad7f46556ea4f23eb035899ea8ce0b3ed14822c4ddc6e5f169e947629136c636f3b4c9007578fb708886d5ef8210ae88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
82db3bd4c49e83bbce366412298c4b49

SHA1
694ee9eeb96d832b5de83bf8dc304bbb6e322075

SHA256
049a9c067eec2db59aee427b90cbfae5e3b5a53737468ab03051ebfd42fca36c

SHA512
b3bcecb78315a4c56dba7a65eb44fb299a6b09c09abcb6d3b6d068bff8fcddd44ea405c29995e2461d176cdcb205ed0be0c4b3f291b204ac37bd2941f208c80b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\936fbd20-4146-4584-9f1d-7a5162118148.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
1301a13a0b62ba61652cdbf2d61f80fa

SHA1
1911d1f0d097e8f5275a29e17b0bcef305df1d9e

SHA256
7e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716

SHA512
66aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TWAIN.LOG

Filesize
420B

MD5
bce40da6674c9375243a98229c94c33c

SHA1
2e4b91b11e00dee5a738efde664b480889700c93

SHA256
991314c1dfe62150be03d551a46019bf0d097b7e4d97eb1dca37dfa7037502d8

SHA512
a1a3228a5a119964cab3ddf0620233cbeb7c77075663c03a692142043c4d4b5a80fce5355cf7e52e528c01d2f65fd4a56d7943b1efbb2a2fa4512f3cab8a233e

Download Submit
C:\Users\Admin\Downloads\Adobe Photoshop Cs3 10.0.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 627254.crdownload

Filesize
48.0MB

MD5
00aa35a36d13bb381d4b4ce2e6316a3b

SHA1
c23923f2410bee2a72a0947f316e75610f88b180

SHA256
71d458354ee595e071f9debd11bd68de850f4cc8724243ef7bacf49c0f062def

SHA512
3c6538a23fe9e452a5875136d2635268bca028cc0361cf59e0f210b2db2219a487fea37036779ac8139b85e204ee73a5bb2eab97ce8585bd9e19452c4ebac589

Download Submit
memory/3120-4402-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3120-4396-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4236-4479-0x0000000004E30000-0x0000000004F1D000-memory.dmp

Filesize
948KB

Download
memory/4236-4613-0x0000000003490000-0x00000000034BC000-memory.dmp

Filesize
176KB

Download
memory/4236-4487-0x0000000006AC0000-0x0000000006C98000-memory.dmp

Filesize
1.8MB

Download
memory/4236-4489-0x0000000006CA0000-0x0000000006F82000-memory.dmp

Filesize
2.9MB

Download
memory/4236-4486-0x0000000006870000-0x0000000006AC0000-memory.dmp

Filesize
2.3MB

Download
memory/4236-4485-0x0000000006870000-0x0000000006AC0000-memory.dmp

Filesize
2.3MB

Download
memory/4236-4548-0x00000000091C0000-0x00000000091FC000-memory.dmp

Filesize
240KB

Download
memory/4236-4544-0x00000000091C0000-0x00000000091FC000-memory.dmp

Filesize
240KB

Download
memory/4236-4560-0x000000000A100000-0x000000000A25B000-memory.dmp

Filesize
1.4MB

Download
memory/4236-4565-0x000000000A0A0000-0x000000000A0B1000-memory.dmp

Filesize
68KB

Download
memory/4236-4568-0x000000000A0A0000-0x000000000A0B0000-memory.dmp

Filesize
64KB

Download
memory/4236-4574-0x000000000A0A0000-0x000000000A0AC000-memory.dmp

Filesize
48KB

Download
memory/4236-4573-0x000000000A100000-0x000000000A215000-memory.dmp

Filesize
1.1MB

Download
memory/4236-4572-0x000000000A100000-0x000000000A215000-memory.dmp

Filesize
1.1MB

Download
memory/4236-4571-0x000000000A0A0000-0x000000000A0BA000-memory.dmp

Filesize
104KB

Download
memory/4236-4570-0x000000000A0A0000-0x000000000A0C2000-memory.dmp

Filesize
136KB

Download
memory/4236-4569-0x000000000A100000-0x000000000A136000-memory.dmp

Filesize
216KB

Download
memory/4236-4567-0x000000000A0A0000-0x000000000A0AF000-memory.dmp

Filesize
60KB

Download
memory/4236-4566-0x000000000A0A0000-0x000000000A0AD000-memory.dmp

Filesize
52KB

Download
memory/4236-4564-0x000000000A0A0000-0x000000000A0B1000-memory.dmp

Filesize
68KB

Download
memory/4236-4563-0x000000000A0A0000-0x000000000A0AB000-memory.dmp

Filesize
44KB

Download
memory/4236-4562-0x000000000A0A0000-0x000000000A0CB000-memory.dmp

Filesize
172KB

Download
memory/4236-4561-0x000000000A0A0000-0x000000000A0CB000-memory.dmp

Filesize
172KB

Download
memory/4236-4559-0x000000000A0D0000-0x000000000A0E5000-memory.dmp

Filesize
84KB

Download
memory/4236-4558-0x000000000A0A0000-0x000000000A0BC000-memory.dmp

Filesize
112KB

Download
memory/4236-4575-0x0000000000400000-0x0000000003006000-memory.dmp

Filesize
44.0MB

Download
memory/4236-4586-0x000000000A120000-0x000000000A172000-memory.dmp

Filesize
328KB

Download
memory/4236-4596-0x000000000A9A0000-0x000000000ADA3000-memory.dmp

Filesize
4.0MB

Download
memory/4236-4608-0x000000000A0A0000-0x000000000A0AC000-memory.dmp

Filesize
48KB

Download
memory/4236-4609-0x000000000A100000-0x000000000A4C3000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4607-0x000000000A0A0000-0x000000000A0BA000-memory.dmp

Filesize
104KB

Download
memory/4236-4606-0x000000000A0A0000-0x000000000A0AB000-memory.dmp

Filesize
44KB

Download
memory/4236-4605-0x000000000A0A0000-0x000000000A0AB000-memory.dmp

Filesize
44KB

Download
memory/4236-4604-0x000000000A0A0000-0x000000000A0C2000-memory.dmp

Filesize
136KB

Download
memory/4236-4603-0x000000000A100000-0x000000000A136000-memory.dmp

Filesize
216KB

Download
memory/4236-4602-0x000000000A100000-0x000000000A25B000-memory.dmp

Filesize
1.4MB

Download
memory/4236-4601-0x000000000A0C0000-0x000000000A0CE000-memory.dmp

Filesize
56KB

Download
memory/4236-4600-0x000000000A0C0000-0x000000000A0CE000-memory.dmp

Filesize
56KB

Download
memory/4236-4599-0x000000000A120000-0x000000000A134000-memory.dmp

Filesize
80KB

Download
memory/4236-4598-0x000000000A120000-0x000000000A134000-memory.dmp

Filesize
80KB

Download
memory/4236-4597-0x000000000A9A0000-0x000000000ADA3000-memory.dmp

Filesize
4.0MB

Download
memory/4236-4595-0x000000000A0C0000-0x000000000A0CC000-memory.dmp

Filesize
48KB

Download
memory/4236-4594-0x000000000A0C0000-0x000000000A0CC000-memory.dmp

Filesize
48KB

Download
memory/4236-4593-0x000000000A120000-0x000000000A138000-memory.dmp

Filesize
96KB

Download
memory/4236-4592-0x000000000A120000-0x000000000A138000-memory.dmp

Filesize
96KB

Download
memory/4236-4591-0x000000000A120000-0x000000000A133000-memory.dmp

Filesize
76KB

Download
memory/4236-4590-0x000000000A120000-0x000000000A133000-memory.dmp

Filesize
76KB

Download
memory/4236-4589-0x000000000A120000-0x000000000A132000-memory.dmp

Filesize
72KB

Download
memory/4236-4588-0x000000000A120000-0x000000000A132000-memory.dmp

Filesize
72KB

Download
memory/4236-4585-0x000000000A5D0000-0x000000000A99C000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4584-0x000000000A0C0000-0x000000000A0CC000-memory.dmp

Filesize
48KB

Download
memory/4236-4583-0x000000000A100000-0x000000000A113000-memory.dmp

Filesize
76KB

Download
memory/4236-4582-0x000000000A100000-0x000000000A113000-memory.dmp

Filesize
76KB

Download
memory/4236-4581-0x000000000A100000-0x000000000A14D000-memory.dmp

Filesize
308KB

Download
memory/4236-4587-0x000000000A120000-0x000000000A172000-memory.dmp

Filesize
328KB

Download
memory/4236-4580-0x000000000A100000-0x000000000A14D000-memory.dmp

Filesize
308KB

Download
memory/4236-4579-0x000000000A100000-0x000000000A142000-memory.dmp

Filesize
264KB

Download
memory/4236-4578-0x000000000A100000-0x000000000A142000-memory.dmp

Filesize
264KB

Download
memory/4236-4577-0x000000000A4D0000-0x000000000A539000-memory.dmp

Filesize
420KB

Download
memory/4236-4576-0x000000000A100000-0x000000000A4C3000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4610-0x0000000004E30000-0x0000000004F1D000-memory.dmp

Filesize
948KB

Download
memory/4236-4488-0x0000000006CA0000-0x0000000006F82000-memory.dmp

Filesize
2.9MB

Download
memory/4236-4612-0x0000000004F20000-0x0000000004FD2000-memory.dmp

Filesize
712KB

Download
memory/4236-4611-0x0000000003120000-0x000000000314C000-memory.dmp

Filesize
176KB

Download
memory/4236-4480-0x0000000003120000-0x000000000314C000-memory.dmp

Filesize
176KB

Download
memory/4236-4623-0x0000000006CA0000-0x0000000006F82000-memory.dmp

Filesize
2.9MB

Download
memory/4236-4482-0x0000000004F20000-0x0000000004FD2000-memory.dmp

Filesize
712KB

Download
memory/4236-4687-0x000000000D930000-0x000000000DBC9000-memory.dmp

Filesize
2.6MB

Download
memory/4236-4690-0x00000000091C0000-0x00000000091FC000-memory.dmp

Filesize
240KB

Download
memory/4236-4689-0x000000000FB40000-0x000000000FE65000-memory.dmp

Filesize
3.1MB

Download
memory/4236-4688-0x000000000D800000-0x000000000D832000-memory.dmp

Filesize
200KB

Download
memory/4236-4661-0x0000000000400000-0x0000000003006000-memory.dmp

Filesize
44.0MB

Download
memory/4236-4686-0x000000000D4B0000-0x000000000D7FE000-memory.dmp

Filesize
3.3MB

Download
memory/4236-4685-0x000000000CF90000-0x000000000D06E000-memory.dmp

Filesize
888KB

Download
memory/4236-4684-0x000000000B640000-0x000000000B686000-memory.dmp

Filesize
280KB

Download
memory/4236-4683-0x000000000BBB0000-0x000000000BF73000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4682-0x000000000B620000-0x000000000B631000-memory.dmp

Filesize
68KB

Download
memory/4236-4680-0x000000000B490000-0x000000000B4A7000-memory.dmp

Filesize
92KB

Download
memory/4236-4679-0x000000000B320000-0x000000000B47B000-memory.dmp

Filesize
1.4MB

Download
memory/4236-4678-0x000000000A2F0000-0x000000000A337000-memory.dmp

Filesize
284KB

Download
memory/4236-4677-0x000000000A230000-0x000000000A2E3000-memory.dmp

Filesize
716KB

Download
memory/4236-4676-0x000000000A1C0000-0x000000000A1D3000-memory.dmp

Filesize
76KB

Download
memory/4236-4675-0x000000007C340000-0x000000007C3A0000-memory.dmp

Filesize
384KB

Download
memory/4236-4674-0x000000000A140000-0x000000000A190000-memory.dmp

Filesize
320KB

Download
memory/4236-4672-0x000000000A5D0000-0x000000000A99C000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4671-0x000000000A4D0000-0x000000000A539000-memory.dmp

Filesize
420KB

Download
memory/4236-4665-0x0000000003490000-0x00000000034BC000-memory.dmp

Filesize
176KB

Download
memory/4236-4664-0x0000000004F20000-0x0000000004FD2000-memory.dmp

Filesize
712KB

Download
memory/4236-4681-0x000000000B4B0000-0x000000000B4DB000-memory.dmp

Filesize
172KB

Download
memory/4236-4673-0x000000000A9A0000-0x000000000AC5A000-memory.dmp

Filesize
2.7MB

Download
memory/4236-4669-0x00000000091C0000-0x00000000091FC000-memory.dmp

Filesize
240KB

Download
memory/4236-4663-0x0000000004E30000-0x0000000004F1D000-memory.dmp

Filesize
948KB

Download
memory/4236-4693-0x000000000A0A0000-0x000000000A0B1000-memory.dmp

Filesize
68KB

Download
memory/4236-4692-0x000000000A0A0000-0x000000000A0B1000-memory.dmp

Filesize
68KB

Download
memory/4236-4691-0x000000000A100000-0x000000000A25B000-memory.dmp

Filesize
1.4MB

Download
memory/4236-4697-0x000000000A0A0000-0x000000000A0CB000-memory.dmp

Filesize
172KB

Download
memory/4236-4706-0x000000000A100000-0x000000000A215000-memory.dmp

Filesize
1.1MB

Download
memory/4236-4713-0x000000000A100000-0x000000000A113000-memory.dmp

Filesize
76KB

Download
memory/4236-4714-0x000000000A100000-0x000000000A113000-memory.dmp

Filesize
76KB

Download
memory/4236-4712-0x000000000A100000-0x000000000A14D000-memory.dmp

Filesize
308KB

Download
memory/4236-4711-0x000000000A100000-0x000000000A14D000-memory.dmp

Filesize
308KB

Download
memory/4236-4710-0x000000000A100000-0x000000000A142000-memory.dmp

Filesize
264KB

Download
memory/4236-4709-0x000000000A100000-0x000000000A142000-memory.dmp

Filesize
264KB

Download
memory/4236-4708-0x000000000A100000-0x000000000A4C3000-memory.dmp

Filesize
3.8MB

Download
memory/4236-4707-0x000000000A0A0000-0x000000000A0AC000-memory.dmp

Filesize
48KB

Download
memory/4236-4705-0x000000000A100000-0x000000000A215000-memory.dmp

Filesize
1.1MB

Download
memory/4236-4704-0x000000000A0A0000-0x000000000A0BA000-memory.dmp

Filesize
104KB

Download
memory/4236-4703-0x000000000A0A0000-0x000000000A0C2000-memory.dmp

Filesize
136KB

Download
memory/4236-4702-0x000000000A100000-0x000000000A136000-memory.dmp

Filesize
216KB

Download
memory/4236-4701-0x000000000A0A0000-0x000000000A0B0000-memory.dmp

Filesize
64KB

Download
memory/4236-4700-0x000000000A0A0000-0x000000000A0AF000-memory.dmp

Filesize
60KB

Download
memory/4236-4699-0x000000000A0A0000-0x000000000A0AD000-memory.dmp

Filesize
52KB

Download
memory/4236-4698-0x000000000A0A0000-0x000000000A0AB000-memory.dmp

Filesize
44KB

Download
memory/4236-4696-0x000000000A0A0000-0x000000000A0CB000-memory.dmp

Filesize
172KB

Download
memory/4236-4695-0x000000000A0A0000-0x000000000A0BC000-memory.dmp

Filesize
112KB

Download
memory/4236-4694-0x000000000A0A0000-0x000000000A0BC000-memory.dmp

Filesize
112KB

Download
memory/4236-4740-0x0000000000400000-0x0000000003006000-memory.dmp

Filesize
44.0MB

Download
memory/4236-4779-0x0000000004E30000-0x0000000004F1D000-memory.dmp

Filesize
948KB

Download
memory/4236-4483-0x0000000003490000-0x00000000034BC000-memory.dmp

Filesize
176KB

Download
memory/4236-4484-0x0000000010000000-0x00000000102FC000-memory.dmp

Filesize
3.0MB

Download
memory/4236-4481-0x0000000004E30000-0x0000000004EE2000-memory.dmp

Filesize
712KB

Download
memory/4236-4478-0x0000000000400000-0x0000000003006000-memory.dmp

Filesize
44.0MB

Download
memory/5064-2281-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/5064-2218-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download