Analysis Overview
SHA256
084bcc67847bf29586354adce89daac64b8b3db88a5d1c8f5c05b8a64f45e829
Threat Level: Known bad
The file 0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.zip was found to be: Known bad.
Malicious Activity Summary
Phobos
Modifies boot configuration data using bcdedit
Renames multiple (469) files with added filename extension
Renames multiple (307) files with added filename extension
Deletes shadow copies
Modifies Windows Firewall
Deletes backup catalog
Loads dropped DLL
Drops startup file
Reads user/profile data of web browsers
Enumerates connected drives
Adds Run key to start application
Drops desktop.ini file(s)
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Opens file in notepad (likely ransom note)
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Interacts with shadow copies
Modifies registry class
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-21 07:09
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-21 07:09
Reported
2023-06-21 07:14
Platform
win7-20230220-en
Max time kernel
295s
Max time network
33s
Command Line
Signatures
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (307) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 = "C:\\Users\\Admin\\AppData\\Local\\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe" | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 = "C:\\Users\\Admin\\AppData\\Local\\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe" | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Drops desktop.ini file(s)
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0146142.JPG.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18196_.WMF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\OUTEX.ECF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\ado\msado26.tlb | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\ext\dnsns.jar | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21319_.GIF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Media Player\Media Renderer\connectionmanager_dmr.xml | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\msxactps.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00915_.WMF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGMN011.XML.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\CATALOG.XML | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\sa-jdi.jar.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD15072_.GIF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIcon.jpg | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0252349.WMF | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02749U.BMP | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR30F.GIF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_over.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR1B.GIF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ca.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\1 Right.accdt.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\TN00011_.WMF.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.id[11F494D3-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\AD98.POC | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI689C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8232.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA91C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6f75ee.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB051.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\6f75ec.mst | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI81A4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA851.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB16C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC944.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI68CD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9BEF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAC97.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB11D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB738.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID559.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA3FB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAE2E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\6f75ee.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6f75ec.mst | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7A6F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7E97.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8510.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9A87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8723.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA563.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC9A2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC9F1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE833.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI68ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7DBC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC5E9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID49D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE40B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI68BD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID1CF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE882.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI68FE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7743.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI7D6D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI89F2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI97A9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB4B7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6B50.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIACA7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE3CC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE499.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE8B2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6061.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411198-A502-11D2-BBCA-00C04F8EC294}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\winword.exe\SupportedTypes\.dot | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\edit\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\winword.exe\SupportedTypes\.wpd | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{05741520-C4EB-440A-AC3F-9643BBC9F847}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411198-a502-11d2-bbca-00c04f8ec294}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111bd-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID\ = "HxDs.HxRegister" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411219-a502-11d2-bbca-00c04f8ec294}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\xmlfile\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\DefaultIcon\ = "\"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C04E4E5E-89E6-43C0-92BD-D3F2C7FBA5C4}\1.0\ = "Microsoft Visual Studio Tools for the Microsoft Office System Loader 1.0 Type Library" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f7-a502-11d2-bbca-00c04f8ec294}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111e2-a502-11d2-bbca-00c04f8ec294}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111db-a502-11d2-bbca-00c04f8ec294}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell\edit\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111e2-a502-11d2-bbca-00c04f8ec294}\ = "HxFilters Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411198-A502-11D2-BBCA-00C04F8EC294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{000C0601-0000-0000-C000-000000000046} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f7-a502-11d2-bbca-00c04f8ec294}\ = "HxParseDisplayName Class" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{C04E4E5E-89E6-43C0-92BD-D3F2C7FBA5C4}\1.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411198-a502-11d2-bbca-00c04f8ec294}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111bd-a502-11d2-bbca-00c04f8ec294}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Help\\hxds.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\xmlfile\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411219-a502-11d2-bbca-00c04f8ec294} | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411198-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411198-a502-11d2-bbca-00c04f8ec294}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411219-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID\ = "HxDS.HxRegisterSession" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{60A896CA-1649-45BF-B63F-2E7312A968F0}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\edit\command\ = "\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLED.EXE\" /verb edit \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\winword.exe\SupportedTypes\.txt | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{05741520-C4EB-440A-AC3F-9643BBC9F847}\ = "CWRLoader Object" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f0-a502-11d2-bbca-00c04f8ec294}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411219-a502-11d2-bbca-00c04f8ec294}\Programmable\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{314111f7-a502-11d2-bbca-00c04f8ec294}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111db-a502-11d2-bbca-00c04f8ec294}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Winword.exe\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{60A896CA-1649-45BF-B63F-2E7312A968F0}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTA\\8.0\\x86\\VSTARemotingServer.dll" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111bd-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f0-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{60A896CA-1649-45BF-B63F-2E7312A968F0}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f0-a502-11d2-bbca-00c04f8ec294}\ = "HxRegistryWalker Class" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111e2-a502-11d2-bbca-00c04f8ec294}\VersionIndependentProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111bd-a502-11d2-bbca-00c04f8ec294}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\ShellEx | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\SOFTWARE\Microsoft\HTMLHelp\2.0\LocalReg\CLSID\{314111bd-a502-11d2-bbca-00c04f8ec294}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\Programmable | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f7-a502-11d2-bbca-00c04f8ec294}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{314111f0-a502-11d2-bbca-00c04f8ec294}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\ProgID\ = "HxDS.HxRegisterProtocol.1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{31411228-a502-11d2-bbca-00c04f8ec294}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
"C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe"
C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
"C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8E27DCE9A5DEE0BDA11538472758C02E
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1B5905B1BA01DBA396F42912A8813446 M Global\MSI0000
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\syswow64\wevtutil.exe
"wevtutil.exe" im "C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man"
C:\Windows\System32\wevtutil.exe
"wevtutil.exe" im "C:\Program Files (x86)\Microsoft Office\Office14\BCSEvents.man" /fromwow64
Network
Files
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.id[11F494D3-2943].[[email protected]].eking
| MD5 | 4ec1586372465a84d8aceb98669b77a3 |
| SHA1 | 39a2e7fa61a2e9e58fbb3f686025fe44dc84a024 |
| SHA256 | 4aec1fc12b947cb336f281b54cca6fa6ad81d0bd342b038d14e3c7c06d37a320 |
| SHA512 | a40130efae9032a2153338068e3bf4f0d8d26c8bf1aa0658576ac1eb7149d7f25acdd5760f8be30a96ee89b1144a0c8e168dffc028506958ad86ef456cd4a850 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos
| MD5 | db10fd32bfe67918ed177579d4be9d76 |
| SHA1 | 44ecf4c5a6fbbd1ace84d0efe91f13d6ba6bb738 |
| SHA256 | c936ab1da7ef4314182c8edabaeae90f8d51ed45bc48848d35670adf5b470d31 |
| SHA512 | bb574ef876e7529d4f3c4c52cc54aa1814f2c02030b83a5bd7223d4b31c992668c00e4a7e68d4f1caaa6493db4ac84eb649fe59e98feceb9828119cac1e74b05 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao
| MD5 | 2b62a30906a2b8bf3b68abd2ef9d105b |
| SHA1 | 9898d25a214dba04ebd7e3030ac9e2e90ea7a369 |
| SHA256 | 075561eff2cd3ad586776fa904f0040282c5f6a261f6a8fd6a0a524d14cd2d2c |
| SHA512 | 6db5955477a9bb5386c1af03df526496f9e64533e6c3071c8e5c44062541e91e9bb39096da947a91bdfa5e7de53c1e047dcf427c1dfde94554d7458f8f0862ea |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil
| MD5 | 1ef5e829303a139ce967440e0cdca10c |
| SHA1 | f0fa45906bd0f4c3668fcd0d8f68d4b298b30e5b |
| SHA256 | 98ce42deef51d40269d542f5314bef2c7468d401ad5d85168bfab4c0108f75f7 |
| SHA512 | 19dc6ae12de08b21b36c1ec7f353ce9e7cef73fa4d1354c436234167f0847bc9e2b85e2f36208f773ef324e2d79e6af1beca4470e44b8672b47d077efe33a1f8 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana
| MD5 | 71c7e24524aea1022361143d0a876c84 |
| SHA1 | b141efff466f27664599dd2aa91f0b7c50736f1d |
| SHA256 | 07a692cc9bc920ef8caed75ba9af60ad2d6b144c83bfde3b91a77b5bcce277a3 |
| SHA512 | 4cd51849de464e0139ce77de3003af1ab1b6c639862fb7d5e8362f33ef0a9828f8af9ebd6d4b4ce9dc5a67084bc5c1106fd3b3327fc428e25c75b780e98d37ff |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk
| MD5 | 985f599bb4b81c01d5b5d16ad241d5ed |
| SHA1 | a90b24a33383273378fc6429b95fdf62c4c2e5d5 |
| SHA256 | 36bce57f9ab26334f370d700cd0a853618cf2051afbe561ba09b0aae5dc371a4 |
| SHA512 | fd8f3414083a7b4c75e9a5dc043f38db062971dcac022194c274d5f5816867961736dbf0e17b7da19ca9c835f2e11864e0f305895e8c76eee3d0c5ecdf3e0239 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide
| MD5 | 0a876dfacfdabc170818581a2e6e6d54 |
| SHA1 | 376fd52e52867f959cb2076fbbc4d214778a7fc0 |
| SHA256 | e28b98a94e0077340a3aece749f2d400c3f06890cec9447f4c2567bd1e7a5839 |
| SHA512 | 766fb737e92fbd233563887cf8335c9aa4e96d3a970c28b7ddebbd21ca764dc85ee4ebd805538f697ad8b2d59ed0c53bd46d9fb7077d54c136f9c22bedae9cba |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10
| MD5 | 65435a5d117aa6b052a5f737d9946a7b |
| SHA1 | b8b17ad613463c3c9a1fe928819fb30cb853e6b1 |
| SHA256 | ea49aa9f6f6cf2d53d454e628ba5a339cc000230c4651655d0237711d747f50b |
| SHA512 | 4f85061ef6c66bf0e030af017af8c7154ed3f7953594ae2cf6f663e8b95ba978a54c171b01f212880e2711c2fd745a12b959ed27e7f6b1847273f70a4010ccde |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville
| MD5 | eeb20c9bc165677800b6dc7621a50cc9 |
| SHA1 | def5026103297fa44a2185104f2ee400cb93329c |
| SHA256 | 6a3a9301bb8dd782bb5c170bedfa73e9e7c60235e6e1840f14bd14b812127ef2 |
| SHA512 | d4e72f43c75de83deb0526233423726503354d7112618b44c94e695d159a02b6da4823a2c9a2be8cf71d2c7e42108d0db7edbb54a640579f853e6d110e7599ed |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury
| MD5 | 335a7c8e767a2dd0ecf3460eaabb0bbd |
| SHA1 | 111ffd83edcb095d251067456a3a60b754b4c717 |
| SHA256 | a0bf83b3948dce6afe987c170a5cd711a3d65fcd5c70e3b7bbfeeb1578544609 |
| SHA512 | bf0772423bdc11a4029439acef8922c6c541519ce98bce97681d1a1da32bbf3a73f506138d494d9cc860b6afb3584094565db7683f6b2a2cb30e3e94430d1933 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT
| MD5 | b8d5d64c3ef0b30644898a80682f5121 |
| SHA1 | bbc7b3902250307a2cdbb314abe98e34795032be |
| SHA256 | 2f329134686a44ee0362fd0c8b5d071e38bade32a5389e31282f64f565e76759 |
| SHA512 | f1f90923769648e585f3f38724d203e4bf6a10cab7c6708f7791a83dd6348b3b9948eaf481baa7bef31ff63d75b6fe1ec00cb888dc1acc8b65b90d96bff39638 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | ab9d8ef2ffa9145d6c325cefa41d5d4e |
| SHA1 | 0f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab |
| SHA256 | 65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785 |
| SHA512 | 904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
| MD5 | b85026155b964b6f3a883c9a8b62dfe3 |
| SHA1 | 5c38290813cd155c68773c19b0dd5371b7b1c337 |
| SHA256 | 57ffc9ca3beb6ee6226c28248ab9c77b2076ef6acffba839cec21fac28a8fd1f |
| SHA512 | c6953aea1f31da67d3ac33171617e01252672932a6e6eae0382e68fa9048b0e78871b68467945c6b940f1ea6e815231e0c95fbe97090b53bf2181681ecf6c2dd |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png
| MD5 | a2bb242dc046bacdc58e7fbbe03cce85 |
| SHA1 | 052ab788f1646b958e0ea2c0ef47d00141fc1004 |
| SHA256 | 486a8212c0d6860840d883981ca52daaad3bf3b2ab5be56cdc47ed9b42daba22 |
| SHA512 | d9bb4c0658f79fbcf22697c24bc32f4ef27ddf934e8f41cf73a2990d18cdb38379f6b61e50edef8ebdf5a2f59a0f8fa40e000b24f1c55a06cfa161db658326ad |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml
| MD5 | 118db038cff249fc1b96f7a8f2b27620 |
| SHA1 | 6f804438c7a4af3c57191138510a644d24bde92b |
| SHA256 | 8d43407158818d7f3e03cc0a6ae6d789e9e393467ba847a998214eb4e292b989 |
| SHA512 | 4ee3a5d2c49d50ecd97193828389d3339661f90d8b8d41bea5fc4ffedb26578c738016fc772217f3f5049adadcf744273f6b9f60ba379a8e39fc60188be5dde5 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml
| MD5 | ceb1e6764a28b208d51a7801052118d7 |
| SHA1 | 2719eea8bde44ff35dd7b274df167c103483b895 |
| SHA256 | 99d48b66d590c07b14f4cd68adac79e92616afcf00503a846b6bf4599bfeabc0 |
| SHA512 | f4a2df6229bca6c6ef9ef9f432847683238715eddcb1f89c291da5f5900c9a3461204d8495c3450c8bae1c1a661424089554d316468ba1b039a2c50d6e69bf29 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml
| MD5 | 2c16868331f82ff43059dcb0ea178af3 |
| SHA1 | 983589535e05c495ffeae4b0b31ddcfafe92a763 |
| SHA256 | be9ceb4464b22203feffd3700c5570b7d6d44c5d0d357148e1e6d5be5e694376 |
| SHA512 | 184653d3e40df84cd0052e5d9477201f276ce0e8cbb5e4b7bfac86fc7da325eef476982910be24c20725a6db6617fffd88998d6053c1b694718bc7ab0bde9ea1 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml
| MD5 | f7c78514872f9cb5585f8d69532cd2d0 |
| SHA1 | ff9dfbb62a3b48c85b6434ee831fb33a8dba9526 |
| SHA256 | 5f7bcd85900e62abb00ce739eaad53d80170a4a6152d951b6825110d2fc17965 |
| SHA512 | 50ee6ae916ea0e806b73c2e5bb727f6ee4837a696c5bd8559ede78148b40a5d5cdd135e28c8b5153a8fef568fd21ef0708ca198ace89e7120ffb84fd9bc91c01 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml
| MD5 | a75d7d422fd00bf31208b013e74d8394 |
| SHA1 | 3d59f8de55a42cc13fb2ebda6de3a5193f2ee561 |
| SHA256 | 7a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5 |
| SHA512 | af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml
| MD5 | d7d2fed9b7c55fe72a6cda66725cb7e8 |
| SHA1 | 2cb154a1c4a0553658801a088edf87b5816cbbd2 |
| SHA256 | a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5 |
| SHA512 | 0ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml
| MD5 | 437687da72730cf42ce36bd093b78b3e |
| SHA1 | 693e31dc362426bc4d7a6b2954f7c80267476d66 |
| SHA256 | d0d0b1face19fe4a88c6b51f6ced55ae0e00ac548b75809d88089ad431da5d3a |
| SHA512 | 7d05e270926dcb452ce405dac9dab6e9e1a0dd247bc93f0940826eb4abecf827acb6f42ef32d3b6f6ac4b46b28d522e0b25f6b8b679affb9a198db8ba4fe2daa |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml
| MD5 | 48e296d8287ae11c252e4277ee885161 |
| SHA1 | 8a75b573549c2791d38acb3a4d215fa2153b37eb |
| SHA256 | c94a9a55369ccc4b41a71b9c18b04e1778a0913447ca6b5a630135f7a7ac0c1b |
| SHA512 | b17a5a8a6009bfde681829bd7be3b550d8b8bf6bfee19bdd55567163890550980ac0633fd956f117006892638f408c63449d4520b0716e6866ab0858cc3f743b |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml
| MD5 | e7b188938a141c90dda76cc258c01f8b |
| SHA1 | fdf0e86d2f90e51797779674e429b6f826107a5b |
| SHA256 | 77cf0aa8aa6d73f27ad7faa42f7c9a76a689a60d74483f96050dc1cc0adb88c0 |
| SHA512 | b106fa59882b0345ce6885d902317af39a3f538731d100e4a92920ee7895ceab8a62d563c4137f8e3e1c7bd61ad6c017ddb301adbc01c7463984b3b245b3da54 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml
| MD5 | bb95a9de280c528c32806d0d5231de6d |
| SHA1 | bbffb8596f1bc68df5603a10a3672a02ebd3ea8b |
| SHA256 | a7ca0125b93e1a5681d5a9c294ec3a4e5680cc58e44fd223d2dac04232b7367c |
| SHA512 | ac4cad4f24495aa6b0d5ed8aa439554f479cc2fdba4d5dd256f1983fa43a4121c8fdf79ad7ec9d9a396a73fd480bf2f5141ab5303d50c8b6d2ce47d158010a80 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml
| MD5 | c9580e2bd3527b65bf5b812b477ffe30 |
| SHA1 | 66e921f302739af54e7a991ce38a1d37ead7c7c2 |
| SHA256 | e77bb87374bd3a9b3ccdf932d260091a3ffeb1d1ad9d236b54f0f6797585ebd7 |
| SHA512 | e86e61aa09e93395f03b9976d6af4f775be3e017ca371a837e538d440e04b7813d2855c3b7c2444aaa357c9d7a3b5ccca7649c6c557bc3f520b953d96aa93577 |
C:\Program Files\Java\jre7\COPYRIGHT
| MD5 | 2a79a18a4fce30f9d28abe3b0174812b |
| SHA1 | fce91cb769cb486bd59d97a59943e69418c03e06 |
| SHA256 | 46570844fde2506ac28543dcde5bd20877b0bb2522a0cb11671513722ddb842a |
| SHA512 | 4ed0cfe9d66106e365977378a53f7881d1bd795fda7e89bc8e879888b54bae79ce80746bde779c9aad058000f06d1b96d8e0c7bacb0b871d3fc075e684a0f2f9 |
C:\Program Files\Java\jre7\lib\management-agent.jar
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg
| MD5 | d1950d80f172e80f1c48685c51835807 |
| SHA1 | ae9fb8e72137c1729ffb559aa5f541bff78661c9 |
| SHA256 | 523c41464ee47d61350e15bc091bc970d73ae2d00bfe7a88bc7fe00ae6202c75 |
| SHA512 | a6af7912278d814025fd2825a16943917461c881a8f2ff1972497a3a9f6998e349c5e375d69bc8697ae7197054083e0988198c4fc57cab3184f98f82a07a1a1d |
C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi
| MD5 | 9e0573ecb4a0800788a3aa64ad731bbc |
| SHA1 | fa205d2a65684c6245a2272facf45fb12ace4014 |
| SHA256 | 136dd1a7d0a62859f2077a62b7673c5c712fb750604a15f5f6140ab2c5112327 |
| SHA512 | 3c01530d43156962f4a2305472eb5dc77464ae3bd88f932a2f55e72355c4c1db1df050c94951a1375ed6f69bbc4102ef6ea45574f4ca293123685564a1334596 |
C:\Program Files\Java\jre7\lib\zi\Africa\Tunis
| MD5 | 66663b7d29e1bcbcfabbf26496f44d28 |
| SHA1 | 652e5ca160b40dbdb15b9a3b89ef967d6d44d455 |
| SHA256 | 8474486baa45dc211adc58156a75954f3542dc65326d6e5b157288711ed74e75 |
| SHA512 | aae76395ca6c3fe5e58a64618fb00ba73cf1198450da008edff89366bb9fb5bb62ad91f06b65a3af57c45aec92a67b2d51075c9438b526f5edc0aa4d4f38e17f |
C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan
| MD5 | 128e5d8a837d1d9b540b96013e4c9f19 |
| SHA1 | 641eb152f889f8027c1fecec8fd81df2540400c0 |
| SHA256 | 58bd661ff1a892697366215a8938d1c616cb4523e1ede78b49d155b132430917 |
| SHA512 | 2a64edb3c126e9d432f8c8592af3121423a93af9d266649bb33b73e3d65a5504db3f00e268a51fb59ddd3e279f03d2048b3b243e9f5602b2399584928ff2a316 |
C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon
| MD5 | 90c805bcb9fa376aacfb38d598ec7bb6 |
| SHA1 | c264d31acdf5c68a97ba444c7fd7e8af853122c4 |
| SHA256 | dbcfcc77f5774ed3333f3963eb84a324fd967de4d62c96631be6af1d6b3fe136 |
| SHA512 | bdd9bfe471648e8a116ab65d97e56f38b2d7516e0ba522de25b284c7b29d089dc039bb653f1b08e6ea0792150cad576adc48890dd6956a6aa29e5175cc5e2f0a |
C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica
| MD5 | 1135e286fb5224ef530f4ce0ec4a2835 |
| SHA1 | e1ef9d5aba553828ff9b4ff2cf9c1f25b085c6a8 |
| SHA256 | 4a93894f08d98d707cd9a0274f4c9a51bcfa27e701359e12befcc78ffb488817 |
| SHA512 | f57b77dcd655d347fdcfc3a1beada329998824caa5db061553a7c784a163b4641076ba99677a4e648d0477671aa14da7f883b2df8b9ed6eed3985e7c2c8ca4e2 |
C:\Program Files\Java\jre7\lib\zi\America\Matamoros
| MD5 | 93a2fdbfe3bd18cfa0620f2632efa4d4 |
| SHA1 | c0b705de8aa572a851737c34f1721c501473d31d |
| SHA256 | 3e84c247e11701fb5451865acb6262c8495d47c5f397a772a7bc01c9ce9f5b12 |
| SHA512 | 1e5454026ba8100ebf7a32dbdda862c9c315b1f6a758242a7c451ade0ff87ef3757fd8caf58c96a0bd63e7bde72217b9664edfa2bb426f50a9ca9cbc2dde655a |
C:\Program Files\Java\jre7\lib\zi\America\Nassau
| MD5 | 4401d715587a3bcf3830b14dd764a25c |
| SHA1 | 33117586fe2f2cbfde2a7ff3b1fbf74927a65e42 |
| SHA256 | 8b3827b7bae22f976e2a59e9957ba8b3b9cee57a4cf923a4da970a8f3c1e79c5 |
| SHA512 | 7b63cc90c5cb65c3a54ab7249b67d9f12eb86237410eb51e961bd39777f517d65b62a08f018e8d8ce89745c2222b2302a9a007c88771968e81e97a60ce037def |
C:\Program Files\Java\jre7\lib\zi\America\Noronha
| MD5 | 527e3a39bc066f9dfcc85c57acc8d262 |
| SHA1 | aed5fa100750d77de0ce7e7c2e6d7a322131c910 |
| SHA256 | 43c2ae1019ad57912662c9bd170d8d6986299bad4ec76811e70c98c4a1ffe3b6 |
| SHA512 | a1a0266e0c1b0e8b33e4dd242be63b258df4f2d1ae748583649dcb22ba82c7cd27c4ed12f632f7fd745f484621a303f8ace8c8f91646c74ffc71cf0ab12275a4 |
C:\Program Files\Java\jre7\lib\zi\America\Regina
| MD5 | 05640f18f5c0807dd96697e31fc5d8ba |
| SHA1 | 659edaff37a05ac603d08c90d2b5d26d9c90c78b |
| SHA256 | 86fbc959c7ffdeba173fc2baa99a8a93d75ba5d6a83a3e3300bab1b0a46b1d42 |
| SHA512 | 000113934c92690a06eb580a6128941aef65c5d9ac043811627175332a0a6aaa4f55bcae211aafed8c5a7cba9dae94a162785c749c08392cd42978cef1771b48 |
C:\Program Files\Java\jre7\lib\zi\America\Resolute
| MD5 | cb97b848abcb6376d491ac6bd9cbeadd |
| SHA1 | 3800020090c3bc180b0cf63fab7b39905680453c |
| SHA256 | d6369598c0846422df1f6e1029041784e34d3b6fcc12a3ba0fc1613a0f80530a |
| SHA512 | 5c910d7062750c5f76f87e174eb0b1225453fbf36ba072d04ca025579af6a051c7af85c7772a4756876659ab6f8cc4429c11b3620c3f5298e0599ea4f8d5a644 |
C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund
| MD5 | 81ed540e1204e3237f63da49df05a7d5 |
| SHA1 | 88176d30b1bf7d6f87f1ba92dac451b883dc1432 |
| SHA256 | 256fb9c4796b15a7ec4b0d5319e9e493ca4cffda658310420bdfd31e1c59da79 |
| SHA512 | 92b183b168ad7cf33673e688094d8199cff7c3063aa3e2b83891838f02ac1a79291e6a36e8216040c588306191634cf51484c79f56106492408dd09079e0f807 |
C:\Program Files\Java\jre7\lib\zi\America\Whitehorse
| MD5 | 1036f4aae37bd39b2ecc451c487e33c1 |
| SHA1 | 8d60a72a4873cf55fa7bac47dff692303d17d157 |
| SHA256 | b61465acf0031e6a4cc34a66d568bd1735668abf591a6badb1f5f5bc20bf9919 |
| SHA512 | 3ac2c8d3259ecbc41b186c2861ea6be3e6f9cc6b673a2ef610d42c91b359f31e941aa7de1d6ae801191870acdd6590ec788839cf9c069a7fc658d84582103a62 |
C:\Program Files\Java\jre7\lib\zi\Asia\Amman
| MD5 | 227fd460860a3ad1fd2b245793c07f95 |
| SHA1 | 71d8da21d4bb33f4cc32b70b174815e40eda657e |
| SHA256 | 693195cf289838146418e1bd05fd1a482c36ff75a77874609d615247285d5b99 |
| SHA512 | ce035dbe02b8e15091f7fee997a823dc4a0ef12c14e4f7d8441b9d3d9878bd17036db61e24d4e67db2a6e1f8b50168f6f03311b19713c688691ce4298b1deb2c |
C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka
| MD5 | 709c6a80af0276b170c521117ede47c6 |
| SHA1 | 8e6d9001ca20e76482e1ab88d54d47c65c8c7836 |
| SHA256 | d8129de4286dc4fd245c7776b51d76aaa727956e8fc88ff928eb69ff7fc17e0b |
| SHA512 | bef13fa741340cb7c1174406f76f9c65445c76ec091e47daa8537b5f769ad2231347c61144ce8f6e4cb16fd5cd27bb169930c3f8c3b5b9e24e6609491fbbd4e3 |
C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe
| MD5 | 0d4ec840c1db49efd9ea0f2dd0a7c66e |
| SHA1 | df44812586d12298c713564804b42142fb68a8c9 |
| SHA256 | 2091501cde52f2dd75b74ad947075b6381c5f503af97a66b592b7caebe9e36cf |
| SHA512 | 85585ff43a93051adce2aa4f7213bb5a8e4b4160bc1ba20eb061fe1b7d489cc07676b512e00c37ec63d76e08cc98598901ae6babaaf57a0c59eda9f621c1bbfd |
C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta
| MD5 | 5f54d1240735d46980b776af554f44d3 |
| SHA1 | acf7707c08973ddfdb27cd361442ccfba355c888 |
| SHA256 | 2c80619d7e7c58257293cda3a878c13e5856f4e06f6f90601276f7b9179c9e07 |
| SHA512 | b1f542f68a48608ae53904fbe2105bd8f3e544941abb38ec9d24cb7a26f916ef94cfb431cce0c64077dc2934913130d78492914a5e9ffc52f311e68217caef15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem
| MD5 | 433b6e531d44ca54bab63198a3f6b388 |
| SHA1 | f1dceea33541fd68c8e9caaacc76f062da393a90 |
| SHA256 | c00b114d3e1a4d978c0051e7e8503f7fd30dea142240d6b950164a37cce3edaf |
| SHA512 | ca77aab2370179c0f5eeb6b8ed8b56eae5c3083860f51eda2031f7d5772e2018011ad5b004b1db1e1b5bc2e4c0f300735eac814cf913f54791fa26375d3eaa11 |
C:\Program Files\Java\jre7\lib\zi\Asia\Manila
| MD5 | 38397588c4d02f8b95c263852e9aee7a |
| SHA1 | 80691ad30930c04fe1bb2f645f9c6c0548ece80d |
| SHA256 | 42d699d9e89e439804c0981f96b1a3fa7dbe42c6be1dbca6211c6faa4e0e2463 |
| SHA512 | e46b5c1865b53513bb10be9e3a2c2a54ee9e88f83e8802e85e728a2364ab649ecd4af605b41d7583688f8a78d1b49e36f1ef5b8824ab89885578eed8ebdbfd15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk
| MD5 | 88a4ef65b666e053c28c9e023d8579f5 |
| SHA1 | 4a9c1d641605648e7e0ff0f87d1ea6d21ff42a06 |
| SHA256 | 88d5d20f83be8b19edd7cf53771fa94c1a67429f7bf9cec90822dc84a3a434a3 |
| SHA512 | 9ef796e128b899f33feb0fba39017a0365e6289c3249ef6d2aae61c6c0283febf89626323bcee6e1e3fb9e80c4908c2ca09ddd53396ac41c78ba2e5c47500f0d |
C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda
| MD5 | a1534d6e98a6b21386456a8f66c55260 |
| SHA1 | c7239c0fe3b7a00d812e548f4cb9d8d863e8c251 |
| SHA256 | 4c555a3d8b83f80c2e0d0b647769e82148ebe7e27811d0a63277d6f61abafbbc |
| SHA512 | af0302203a3ccb765aa4ce1b1ab524ffa500d62e179ffb527b76d2b62f5ba31b037902d8d46278378e7255a91251f06c0779fe4940d47a582415a201b0e401db |
C:\Program Files\Java\jre7\lib\zi\Asia\Seoul
| MD5 | 64321e9c7da09049fe84bd0613726226 |
| SHA1 | c2bed2099ce617f1cc035701de5186f0d43e3064 |
| SHA256 | e43fe96a7f7ec0a38984f78c064638b2daa75e261ab409bbbe2d3e590265ec7b |
| SHA512 | 4f56b895d0ab27f71ad4f5e54309538ab3052955c319ca5f718e6b8f8fbed1bd5f51f036eff7cd82d4403ad4b93395ddf75dc8621041ef5c5ca916c1113104c7 |
C:\Program Files\Java\jre7\lib\zi\CST6CDT
| MD5 | 359a1339722ce22ffdafcf70fb387a3d |
| SHA1 | a958f03b193b09efcd8d35934c33b524b4e0cd7b |
| SHA256 | fbb4fa31c3fa0c14ccb3fe426e39dcad529b17e379309c0adbe27fcc93feba50 |
| SHA512 | 4a90df2fa4bfee474f9e79570ae05a26b6752f0244ab755a49ac0d38f69f28ed97b134092f353ded2c968a3d9baf2d08a73eee2943e8116b65c4c8357bf2dc0b |
C:\Program Files\Java\jre7\lib\zi\Europe\Oslo
| MD5 | 677bb0dcac881a5a4638ede690ca721c |
| SHA1 | ab8e52e9f345d8152a39110c9ebbc07bfe37b182 |
| SHA256 | 97d364e2d3d35f030a038c41bbadc42d0c15fa8d79ba569987e19fddb2e80f9a |
| SHA512 | 6485b77c5bd7581ba0f80318493879df55d29606e30bd8a609f18a94da581c46e2284287869d3d1b7dd2857a5388fd97c87070279305b66e10d67430d5c96a06 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vienna
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius
| MD5 | 515d8db6175667b02ed715ba8aff0b2a |
| SHA1 | 44ca509396091b269d47da24e3d7e09fd8da7268 |
| SHA256 | d50e2d8474134908822ade46e27717d1a22aaa2d4ebd66ee14c988ecafc01461 |
| SHA512 | b0003c56ca6ca6789847ca2d75eb762a7da8870cde67cde39baa6d8a50c0a4c62fa1cf67bebb892ea50515ea7913209bdd0ae946b76ddbb1aef46a8f9cba5b8b |
C:\Program Files\Microsoft Games\Solitaire\desktop.ini
| MD5 | 22577911e88af39f79409e6de8eed4d9 |
| SHA1 | 93436ea60c5dcdd2e9893a025f560ab72422ae8c |
| SHA256 | e08dd9962eedb16e12840ea2a977cc07bc5fa8d96259682edaa080573d525e4c |
| SHA512 | 2db5f3b0000212518614c74c73dca3205cda5751aa2504ad9bf9b98be46e98143c064980dce9a8a6372305840946717c38e244d9e1f2ecbdff683fc1f0a8fbb5 |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | 69016e6a597d194701476b8e04d4e028 |
| SHA1 | 71a24ddb0c5bbd321d3f09d7b322c3655fb5e129 |
| SHA256 | 4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a |
| SHA512 | a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae |
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png
| MD5 | 6294c74db1a4aac788765b4e0a0278b5 |
| SHA1 | 81e9bbc06946e3c078d1c1aa150ca93e501ace6d |
| SHA256 | ab3df617aaa3140f04dc53f65b5446f34a6b2bdbb1f7b78db8db4d067ba14db9 |
| SHA512 | a4a83643031063cab4226cef7e215765e6f997ce7719173632a66a45bfc0a710b3e6bc19a590108bda91576030e2e37f77e339a3f4e71478d96dafb0d46d2941 |
C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac
| MD5 | c3e4eefedd55eae4334456daa4aa0ad7 |
| SHA1 | ba9abe2d4d40bbd94530564b6eb178ec02a47204 |
| SHA256 | 7081ba3d8887be22551f56b5f50da675bda7dd02f40e9fcb150ac84fccbe387f |
| SHA512 | a302516427a81e59fe955f4316fd56b8e5207542b1abdd7eb3fc2e9dbc669849dce90d12d9160b59d45af233e63e2156f3a3f1e7807b7ae1b1225a94d472cea3 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML
| MD5 | 05fc90d38e2468528ad10b5ce0bff46f |
| SHA1 | 3e50a6510e30a9183cbc4a727d4ee3a6e3786102 |
| SHA256 | 4f969244f420a506355a2c1e81bdd9841f1263818b9189ac31c5c5e14ea41acc |
| SHA512 | f6e585b7f0046e95b5c808133f17f131ac9c50ac41f0f9c09d7e17509f77891d5e3d9f71b7b0322fb4ed187d98425f2a45f6addf428a9436bec7af74fbe679fb |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML
| MD5 | 950ebe96859f7ad2194cce45ba32bede |
| SHA1 | ec77126b84fba5f858a84cde4373e1724c86d481 |
| SHA256 | 1db92b26f408ddb6f3ac47574cd49cf4dc131efa8090477bf6d0a5feea4bdf1c |
| SHA512 | 4755508c6a9fb44d196c2fb4de3cd229b5526f48e1baf0057db858930d5e940c0e7c2c62cfc1e66e558987f2e93d11abeded72c709020df80c0b773607c33d8b |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\PREVIEW.GIF
| MD5 | c42c94e7e22da680544d2ee9553f5327 |
| SHA1 | 318f931facb45612173e8f845305001d1134d88c |
| SHA256 | 0ae208d8333b8d56b0871129f974ea63ad90303e5087fd1092d7cc7a66e85ed6 |
| SHA512 | 23bf222aaecef148138b5b2cd55e46084913986a7ebab17ab82011890ee179d00403bc5573ba7a783f280ef829e6cd5598a3153aac24d8fe5b2992064c30ed15 |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.INF
| MD5 | decc47bad99272317818a41e7a522d85 |
| SHA1 | 8d92c3a841aca4b24ae76a488c4e9985570c81d7 |
| SHA256 | 153e9423e652627ab50fe46f33f0ee612adefaf54ad06bf70947650cdd32871e |
| SHA512 | e8982763416ce78756050b0383398505979193e92a5cd7541758756a7e1c188405073329fa8f737861b4de5236c8a88f797cd0bf0083245349eee2905d906a7b |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF
| MD5 | f08b597fc0dad2e60eb47c729ec5a0e8 |
| SHA1 | 6102ed704c46ebab3fa452e0978e001f6799e7f0 |
| SHA256 | 86d911c492b42593042265fd0e6f48a2cee1f9090238e1d849420feae106ccdd |
| SHA512 | b64d872c27d5fd0918f8b6df4c9834718f669ddf7823e191115e64f1784961c0ef384b9de3310bac1e5c10fc52ccee0a94392c5c595f271e169649654e2118ca |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF
| MD5 | e3d6d9c99344bef76ff5e6fa940c1379 |
| SHA1 | 84da7a8bafe3d5898bef2d806b318af5adcd85f1 |
| SHA256 | dd0a8ab83ad0ac36cb27968e73c3b8c87f5d3080854b214a74b53c152f534036 |
| SHA512 | 63184737bdff4cc24545d32c83df3656d772538a91644870386aba113dbb09763d4357a45fc5e9197bcb0f3b5aa519d5f8fed6ff48d4d8f953e56b96fd43209b |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF
| MD5 | b0d582502cd3ceeca01a0741bc96982c |
| SHA1 | 015498c371e78b8fc5ed5d0831bf2f8fcf803d05 |
| SHA256 | 255c3a22d46b57e3f291eac23e404ce7b331400041930a0b43eb777bf8ed06fb |
| SHA512 | d0b92159fe96a71ee641bb11365923eb89c391045c2b275e5fec0512ffca3c430cef1c25270c7440cfbb36d2e525675fd80b69ae2a9273f27ea384d19c58cf07 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF
| MD5 | 42968ab756f9db46dac524acd13c5283 |
| SHA1 | 6cb4841f1adb1015105a551e1de9a673f2169650 |
| SHA256 | 7fbcfcd86bdfa943dbd68f67c3fcba6e7ab86fda2d14d28862c176bf18579fca |
| SHA512 | e42291e186e3b3f2e0dd3325d9ffee51a5b1b80fb0125a9fed79926f95f400ae38e7dc60c03718f3b6c8ed970fb9d2d9902bc8648c9d8f0fdf0f9fba8f735dbe |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF
| MD5 | dd7428c326b6303dcda2df68badec0ef |
| SHA1 | 83d0d1df0c2116857baa8ab9c2d5f856e29d6b04 |
| SHA256 | 59f4c13183ac051510c1eea1127c45540085a860875b07d4987d64ddbf46acbe |
| SHA512 | 402a8282fd6f050b125d6ae5efb9fd2bc9976356101714e908743d20f0cb317e43180936e44b709cf83cd12bc628674b74d46a1579332e54d0176484274bcb67 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF
| MD5 | cafc2a2dde2f05e2a60677690d2ca245 |
| SHA1 | 8bd9c447b79435b8497212ef76f5b43dffb030a8 |
| SHA256 | db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e |
| SHA512 | 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml
| MD5 | 7e5a19c335555b4fcaf22078f0a5e362 |
| SHA1 | 55079ae8c6067cd839503f9c3ae7ef9deb72892d |
| SHA256 | 202115097d1bee389d4d4d81db00117252be97d5691af316941f3843ef7a05f5 |
| SHA512 | 371b8cf9a6485a2c59fb928a8b460caec1f7a572126641f568f77133b78e0e7b91fd52c10e6089c286d4162050ce50f9aeb1886784d75d338ab02a6b7d357a68 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml
| MD5 | 0fb569bd35d44c9ffa7d4728af4e734f |
| SHA1 | b41945703b8efdabbb18c60ccd93d2115ceb78fa |
| SHA256 | 788ddb3f7716950d0d204e6cad9fe3cc1dddb6140f615cb1c76bea0541722c20 |
| SHA512 | b94c1fd2dd103b19b5fbac6c76d3166be91b01d659e1c912a26ccc48664a153c62cbbbf15ab3869aef08fdc8bb3918e4ce83bb97a1a428f55ce12793d50ee646 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Module.xml
| MD5 | 5360b12f6a07af7be93437d215f72fca |
| SHA1 | fe12fecaca49a131167d88817c4941514ea408e1 |
| SHA256 | a0cffb66ffbe1d4701a3aa75ae66af7ca178b45f5c722de3d9021a543129f80a |
| SHA512 | a0b23b148cd30b1d4a41e81aca63179eda341bac1d1c3bf83924d0bef90a47e11f2de08b4cbb879331d507184ec1df9b59c18951e740b94247ef726b15fcc410 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml
| MD5 | c3c9945cae188df73afd04c6251ba98d |
| SHA1 | 4327d33b49b3c7046cdff83bdd31c724bdbf4118 |
| SHA256 | a2a40bb99c6a44d49eeb216549045620e8cb9fb90fb165eff71f846f30264096 |
| SHA512 | a674c78678624d59cff6386381c0e4e459836484aca4e617fec26729878743d2ffa5dd4a3bab0a0f0f27d60095739cf4ee0a6b0f4a5d79d31b43a7ecdbba02a2 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml
| MD5 | e2b1e53f26985bc0bc2a99c7d107a1d1 |
| SHA1 | b0b9bccd847f973baaed9790a33f3f77d2d1db1c |
| SHA256 | 3dc463a76fc170607c07b104c3cb531362ce7d6e10c1a34e0c0f370aeae08ce8 |
| SHA512 | 0c53d4208a6b0cc0e6959d7eafc24012efd854316ac3830267861fd02f1da0246a268e75a7549b8b5ede05d08798f22f87c7bc305b62dbf76632cdff107ff718 |
memory/1976-18685-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/1976-18689-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF
| MD5 | 68a8b1b2741f9c2ba2c58d3afbeff021 |
| SHA1 | 7ef6db0684eda77c6003d00c98da41a3e76556cc |
| SHA256 | 3b19ee6de90710035284dadad89bb5ad0057db27c79ad2eca5f5d5e540a892c1 |
| SHA512 | fb35085a488c6f3cda39a51a67d32a8f88f8ca8b68fe07d68f2a86cfa28879b4998bdec237ee28e61a1271a5cd9f5705e1cf8bc6176df8a2cb3f410da2f90d5c |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF
| MD5 | 6f6b5e30af6a9e64b7b6a19c39de7e0c |
| SHA1 | f4e37133cd52efd2967e90d645332c44a56b6832 |
| SHA256 | babd6f664158d665504571b169a1e81ef75470cdca4fdd7d95be6cdb7826136d |
| SHA512 | 4521a9829f60e2f4af33d4f72dbeedac048fcec352554b449ca36bcc32b64b65151bb7fcec78b389c37ed5819acd4c7f61e9ec08591408dd2400cf78ab5d67ed |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF
| MD5 | c7ea739796f77dea0edf2dcebe980a6b |
| SHA1 | 5bab75849b9d716b8fec896e7b0f2d37659b3bad |
| SHA256 | 4cc7e6272db6b1ad7581f76c63c694e926e20698e9b02223d5041a55960463f2 |
| SHA512 | afa36a9eba55e94eaaa5c64129338d6af50a0a485c2b37075594e0415b8d2f2d181574a8b99969a92f90790085f761fb66b1a03020afc715fa17121b803ac534 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF
| MD5 | 60c6b126049a35e50fffeadf17279275 |
| SHA1 | 1d58c87e67c4b9d2c7ddd6b1f9c033eff16ca9b8 |
| SHA256 | 77133f431d5e12dd850002c0d3d4e0fecbe3a7a699d604dc8c5eae9976e1d260 |
| SHA512 | a3e171c1c71e0c8fb05df6d783f5ac9c7ce0f9c3bbe653952ea048adce025192d5eba4ed8cc7800bd52afd265256ecea887ea63725c49cf563455ff321d45e76 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF
| MD5 | 81e4bf29a6552cb0df60980b937ed4a3 |
| SHA1 | ca18e846361c6f84ae934ac108d5df987e977925 |
| SHA256 | 8d84ef2aa665b1d6e1a15112d9c53eab04b68a09a088de5392ee63d51060db81 |
| SHA512 | ff58938f4d4c80baba6b15d20744b9762757cfc6834d8a5023b209f07914793881361ab457eed2fb0d17e28a8c99c541a142809f19715d0350c4487e78846ed2 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF
| MD5 | 6790430bcb39e961b83668cbaa1573dc |
| SHA1 | 9f01e584f766dfbb5e49d6e32f7dc51fea2d0d91 |
| SHA256 | 5514e3463923ca8257bc073bf34413d0426a6b45bf569b5a5b74c7c5298c57a7 |
| SHA512 | 6fe6a31054dc68ee8c59da7de683ce56963f27b6a3e8ed634184c5ac99b6cb4dfdc2ab7980b4acb1f9b2a44ed61cd363ebb388b44cf466c736789d9bda98573e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF
| MD5 | 4df019b7bb2ba1e54ed725a85be04261 |
| SHA1 | f40905a7a7dd1623fa8f075715c862f6b944e961 |
| SHA256 | 33c35642a71ce7d31f92ebe614045d206968f058cb345c7df4ab397a2655f16d |
| SHA512 | 654f35be8431fb1e9995a75ea93b9fb04fa12e7ed94923df34ec99bf8052c46effb28ea46417357e1a6ce6f9a8663525d5ad48cd74942968df2a178396024ac1 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF
| MD5 | 5dc32f41bef844b95b3a8d79e9633c42 |
| SHA1 | 50cf558caa78030567cf4e265f7c9cba3a2d904b |
| SHA256 | 86d2cf5b090f43ee54d8f7c1dcf746a853951191457ff6dac96269a9d24860b9 |
| SHA512 | 99e7e8bbb58a6727ddbfa71f9dbb7d02658a11d7e735367ead3cea004ed3edba9cca8997117745fb40733672879b5f466a7e39cd5684729eb413bce49c2019ec |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF
| MD5 | e0a6fc12e9cddb11d637714157db14e8 |
| SHA1 | 5c2c7b2a90861b03082d3af01f802d42b937476b |
| SHA256 | 2f1411c6a9eed5ac2ccf7eb35456b8601e3c96907765746895325407cc307cc4 |
| SHA512 | 3f30489d8544921a38f743f905aded78827948c695acce03cf892121893ad7193f7810ef5e5941e2183483e27cd384fa37dba257931f392fe0781eebce384ebe |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF
| MD5 | 8edc22fedce822ad66c7733ea98784b2 |
| SHA1 | 9c0986ff2345b18e88d604e24a105ba386d87b21 |
| SHA256 | fa807c957eafe34b850cb453a096df2e5899f0902a837fccd59f9aafa869fb44 |
| SHA512 | 31bdbaf34b4e8f2edff432a5f1ee5fb571105081cea907b6cd41c529f4a9ec4956d009378f3b4fd912abab84605d78da298d4718b75780814e1fa1e86386d20e |
C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL_COL.HXT
| MD5 | 0ec3bbc188caf04134280e5a95f00446 |
| SHA1 | bd398b51e76ebec0b43d756e04548a1907e8d2ba |
| SHA256 | 97779f7cae716a4243ac78cdd8c051cfbefdd111d26740978dd0f4c962c2aa7d |
| SHA512 | e67b8b8f0a30a663360fbac820bfe536abb5534db6e0475424ad3dfd526793663ba5e7d866ebea85f67c9154d6bbda2d38789255f83567be05848cc0d7c1934c |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF
| MD5 | c2dc578691371996eab94eb37f6896e4 |
| SHA1 | 9c09715d6b50b203e161cfb59bbbfaa7837532c4 |
| SHA256 | 9f3a97071dc41574af5b54e44945fabef8d5da339d179476a78dbd624a60033e |
| SHA512 | a3778926bde4b74eb0dbda8c7857f2f05c6abfc39222f80332bfdcf7fcfd4db9b81ddca44c45a1155244e667f98f07c7211c25a29c68a62d89b8637e8ae05e70 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
| MD5 | 3e586cd8128ba5d03ccbc121909e7421 |
| SHA1 | 140dc52658e2eeee3fdc4d471cce84fec7253fe3 |
| SHA256 | 1207fbf437a6d60bad608c9c4a7397194c4f3768142a32c7e5f3a1415452a992 |
| SHA512 | f1759159e90975a7baf3c666e402f9063909bb11f47371c9472ae40315ba13454f0ff4aa418c7d0079eebc09909268b5d2d39ef871f0e5850544b1442f9d6f1d |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF
| MD5 | 9cb5fb90f42219febcadbc6eb57257f6 |
| SHA1 | c948b86625804155f9ac9478a07cae11d8021563 |
| SHA256 | 1093af6901915021573eb2e3bcb49af7f1eb79df351806d325b80f1baedaa185 |
| SHA512 | 9c9031770c5c67f40b93dc7dac91822f3b5eabe1deb83eceb2a878afc810a810ce0521f966e68fa49aa1973cec342cd3ef6096ebaaa191b885a542e4a178ca5a |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif
| MD5 | 79b9e09ca5f8f8ebd840da4c96afeccc |
| SHA1 | efd9e4cb4eb7a896db0cd0de5138eb5be50864db |
| SHA256 | 318e9e1df845c4135ab519baf8e2c9e617df90e2b3020741ab5d926bb0d4cc93 |
| SHA512 | 2df29a7c367151d76b4adab7002e0e90337c1ee07f935545cf30cb729ae91171bceeec0e2611e50d91d097797bc221ff63f949e225629f23a0dc5de3dae851da |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_COL.HXC
| MD5 | 59bcafcabdd1f16e7b9889ee10dec858 |
| SHA1 | 116cf3bc4321fa20352d009e1d0cea588a9b61e0 |
| SHA256 | 006f8885e892963b3d4a0b53141f888ef5d0b36770d43b82296bcbf800a89d13 |
| SHA512 | 2d0fe70022c2bd7397b94c78b27d6c3d2426a644a1601b6381084941e9b1dca913d0e0787d8e463d69d7730031233f5b85ec76b480b736ced324fbd45727dfad |
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
memory/1976-21561-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\MSOSEC.XML
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTL.ICO
| MD5 | 8722af8683c6dedfa35cf708f04e507a |
| SHA1 | e411318d7904624a56946cec0059e380b0a4bd0f |
| SHA256 | a338f849bbccace695e284ab83c0cecc84876fdb292078f1186b31e9b6a07127 |
| SHA512 | 1341ce0453aeae411696a7343f2f6a6fa991fbd483433841cfd4b202ad476d77ba62b66ff547baf4e29a5bd38e7c1f2f78ead201ed1bb8ec50b98eb763bb11da |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTS.ICO
| MD5 | d4a7e4b0851785143ecd98f019ace3c9 |
| SHA1 | 99d3d7b7167a9ce2fe67a0d296bfdf60ba7a8a8e |
| SHA256 | ea3a2d1ae34d98f545d82a53ff2d1c6e5334ab4a0a4cd902e3fcd0fb697bf32d |
| SHA512 | cfaa3e8c5f61f0b662c6e04296ae67b83d81fe96eed7872bc503c131cdf47576777d1857d0575ca309652f63f5de2a8ad6fe072bd3c3127eda3d353e61260c2a |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp
| MD5 | 79f7ca0fba179cb0bc93eb2f178e4ace |
| SHA1 | a529d3822d5bbe18f6c3acfe44b19f0449e76f9f |
| SHA256 | 86a618c687c518ca93f7151a26391ef0e19101986d30f7eeefa420b0574fc5ec |
| SHA512 | 3924f19e1a9e1b9b9eac515c1d5dffff2aafde9745ad8d20b0d71dfede631875c611b58b2624fef0273830341b497fe7b554710d18bdfedd57c36ac0a764947f |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp
| MD5 | cc084392f2514a4337b42f4865e2cc83 |
| SHA1 | 79ff391fe2ea7244cdb5a1e1e5bc68ee0cc1c17a |
| SHA256 | 3bff857daf1c246b3ba79bff08805f403b65b0e2a5cffb40b078a383eb861514 |
| SHA512 | 9c19d048cc3c0b34e8191368b9d243a4a9a25bdf4c55b3d51da4e97a679ca8507dd7368fe3ba22cb32451d433533d215549a276271462f8d1d1c2a9ff37ab68e |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp
| MD5 | 5b4d40b272eb1356f8a88982e76d4451 |
| SHA1 | 4344a4f7503185c3830fdc877e6d44ac0f1198bb |
| SHA256 | 90ebb694c6e15523caa8196f148f47d1c9c477a48c49d638354530e0c2b811ba |
| SHA512 | cee35a29ad193bb1f672cd69fb0c6ea7d35ab7427c5a33757842881d8db17b0eed1e1c59dc52e577ca29f5b74f83f9b023a61b844eab469eeedd04195293654d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css
| MD5 | e2bdd4d017ce36dec632e386e894a4e5 |
| SHA1 | 973c9f51425416d311a4fb1b502de562b57f152b |
| SHA256 | c23a5cc2d7277749c47ddcad301aa92fcbbaeab54e552813333c1306c5cf2425 |
| SHA512 | 85878f146a7bbcbea9b35cb48c79bfafa27d7872c4c312e824944d9bc70f1548624a2f58839958c8033981b6aeb01b65ab2f454a75963f91c282871d9df90075 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css
| MD5 | 6c3081b7bee29dbf58f91f2e18d844e2 |
| SHA1 | 9437dfc92ec5cc8e0b938a23d11f43cc3d1739dd |
| SHA256 | cb973b51d6e0730a068671ec24e50257ecac543574a2678214b7009fd6620d9b |
| SHA512 | 2d12c25529f1b40724e5d4e452bc5c5fbe196646e29411c5cd8dcbc2897c65cae881d9be2ca5a9a18c36e2e62127a625271c3c0f5970d52fa29c4c4a9b52cd75 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO
| MD5 | 385592b8ece89d5bb6c8ff79b132c562 |
| SHA1 | bc14ffc7e1686ee066f445f1ab95714ad631b9e3 |
| SHA256 | b57536fb8401facf2e6aed14ed0f15e42a4f38b1e05eebc1a8be1613909c5165 |
| SHA512 | 62ad043d2e28c8e5eddfb9d46edbacd40ac092b3fcc0e5bca70ac0d07d9d4b80cbf194f99803bbac70f3b963f9a3e7ae2ba29ecf3d71535ea3ab257115862bc1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif
| MD5 | 697538917066fbdc54bb7922e0f2eef8 |
| SHA1 | 21cf57e715733ecaadd17747a6956fea5dfcc3e9 |
| SHA256 | 1270be94b76ac32534581f51fecec7ce90ed9e0f3693f310058fba0c6ca8aaa7 |
| SHA512 | 26806e433c67cbcf7bff91a47e214a312929f279739bdf2ca0b5d26f04e40f76f6350161c7aaa44de48fe70aa6bb67293d9736aaac526f1f794e94f135538be1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif
| MD5 | bd38f281632881248ac7f09eef8a6319 |
| SHA1 | 5a40ad5f3ec39d2ad991e0b94683a0ce987d5066 |
| SHA256 | b92428daaf38be6775a2b1ce78f5c8ce213b90c6e6fbd95bae56458ab90f7437 |
| SHA512 | 1e102e101b9c679ff5bbb874806650bc12a69dbab6fd446617e392c99620c81e35c2233a745934692b2e4f20b46a7cf5e90cf38a97b87ea588d525ce356b6099 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF
| MD5 | 0ad4cf7b35f62b8ff9c73f481594fbdd |
| SHA1 | 08b895c85051d99477cdf56d80c4006c262048ef |
| SHA256 | c55b90509b8cb9bac53fbdddfc93d4e572685c509f1218423c43a5d6013bbd48 |
| SHA512 | 697f1c0117c89ea0486b5b8e9dded787eafcfd710251cef4cf5cc275b1572a5cf9d499e44fa672aca8a77521a33b2e5040cf69c7cc3947fec2cd75d2296edecf |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF
| MD5 | ab58d658c2dfe0393df78f57740dcdb8 |
| SHA1 | 096427e4fce6a16c49a01f645139172fbf077ba5 |
| SHA256 | 882993b55cc0c527f0a6059b69b3faf4ef3ccb9cecd3d8847ca0e49a1444debe |
| SHA512 | bfbad9a939371aa29f4ed8c5bcad0d0299766bbe6dc1d9d6233ae0c060a394c0b8bf665b11a28c3713d434340dda690cabb578ecf3e2a4a462d797f0b3f30df2 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
| MD5 | ec8d9cf15661e1e246997637ac868ca2 |
| SHA1 | e172de70f1a3707fc8501f5a2207613f376169dc |
| SHA256 | 82f9a5d07d2ed70801a407aefc9336fb4582b17a23686cbd30ce31881a289b85 |
| SHA512 | d87760b7b4b1b286af229762c9c2b81847c803410a2a36834861ee85533ff2c2614753db56db863c73dd6ea6807c1074a317e62f066870dfb6fd4257bbdefa2d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
| MD5 | 9d1101f2c45ce53f2ead40247bc2629f |
| SHA1 | c7c2770645e7611ae33bd7a0b3ed948d39f17c06 |
| SHA256 | 47f0149b43961165c5fa224dbd2d1e956cf0a26b86d15ee3e12652c2a6e013ca |
| SHA512 | 91ae75b332bb98b6116352147701514db0426f710600bcbd1bdfe31f20ab83c2c21c794244055372e5d11ee177f8dedfd31a1d9a744b84be0f57b580a8464ec1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF
| MD5 | 9c1b2a47c87f33de47ccfcdc098e1806 |
| SHA1 | 4ea8f90ce4f6569e41788252674776594ca668f8 |
| SHA256 | 8d77e83b50a81c442acd64cf5a57ee30906256da88e661e87cba51320f2cdda9 |
| SHA512 | b317fc3bea365325bc928e347d081bf019c0dd35e764172ed105212e86ab4ab303b92bd1bb0752cc27c0a7d46548e199df353fb84873e812a744878d9d34bd30 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
| MD5 | ccd9d8aa4c9fbad1069e4dd2c4982652 |
| SHA1 | 58cc653eba0694d39e7615ee7e049c8441fe6600 |
| SHA256 | 35e1150f8a8236fd8c2be2c6da618b5f5366caabb763b7453201f5c430441aae |
| SHA512 | 7530335f5f01da26479349321531093d3da8a1cefd4e916496dd254273076df9ef5eb91ecde1221e37a2525e76a8578a6859ec79a15ddb0a69e2e39578afb8f0 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif
| MD5 | f25638c3ccba37aad21daf44d061ded1 |
| SHA1 | 2db65949b3b8b9f2ec83a7aebda1d4379c17391e |
| SHA256 | f2d7df9f7c7a829d151f2d26f67f11bb6b824fb5ed649c159dd6124c4b4dce60 |
| SHA512 | 362d8d85fb18947f6924d956f93d8cc8eec7febac2cc8aa5bebaa983ce257c1f0eb416663d650c0958d33d7ddadbf79e636a26cd6f592ab38057d7dcc2227c3c |
\Windows\Installer\MSI7743.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSI7743.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSI7A6F.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSI7A6F.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico
| MD5 | 46b109680d8e37a25b4ca79ff35e270f |
| SHA1 | e1d4ca57aa3114a7931c7a5bbc8be1ecd8bd7882 |
| SHA256 | 54a918ed71329a2e6af831153825cb69b8cd45938a352d3b0882c92969a353dd |
| SHA512 | 7533cfb7af8b272d23734efddd2eba7524a746ac0664621ba3c05f139417f6e68bdf6e38c57ea16e8552d0b491a37f320f8f95d7b9e39e3c171a28f81643197c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OnLineBusy.ico
| MD5 | 175b6d3035eaaf10bcc78b54ab021ecf |
| SHA1 | 480f5c00b285f824d6eec209d6937e05c34d1805 |
| SHA256 | 868d0516a42b8340eba07ffaa00f5928e1d6a7daf2a3c4d96c1b86b80e2e3e81 |
| SHA512 | eb0b26da872e4e957415ca60d0114903a3b62dfc6f4b02db745004a32ce55d791baf8d550284be03157a59a433fdc9e39a3129155cc0a73cef87febc51fb2f6b |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\PersonalContact.ico
| MD5 | d33c6324366941b3c100293e79426478 |
| SHA1 | afd047c1461a2ce36b775cc94392672eb43f1463 |
| SHA256 | d2a2840f1282913c2678160f13f3204616a9c302ae3b8f47bf17783ef3323aa7 |
| SHA512 | 7cffef992a6008d2d5b1cd768ae722d533a7e2a637b421ab67f16175328ffc9f3a4cd72ed5db695796d335371aad94c4bf9003fe685c3833b7687b59bbb6b940 |
C:\Windows\Installer\MSI7D6D.tmp
| MD5 | 9cadbfa797783ff9e7fc60301de9e1ff |
| SHA1 | 83bde6d6b75dfc88d3418ec1a2e935872b8864bb |
| SHA256 | c1eda5c42be64cfc08408a276340c9082f424ec1a4e96e78f85e9f80d0634141 |
| SHA512 | 095963d9e01d46dae7908e3de6f115d7a0eebb114a5ec6e4e9312dbc22ba5baa268f5acece328066c9456172e90a95e097a35b9ed61589ce9684762e38f1385b |
\Windows\Installer\MSI7D6D.tmp
| MD5 | 9cadbfa797783ff9e7fc60301de9e1ff |
| SHA1 | 83bde6d6b75dfc88d3418ec1a2e935872b8864bb |
| SHA256 | c1eda5c42be64cfc08408a276340c9082f424ec1a4e96e78f85e9f80d0634141 |
| SHA512 | 095963d9e01d46dae7908e3de6f115d7a0eebb114a5ec6e4e9312dbc22ba5baa268f5acece328066c9456172e90a95e097a35b9ed61589ce9684762e38f1385b |
C:\Windows\Installer\MSI7DBC.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
\Windows\Installer\MSI7DBC.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
C:\Windows\Installer\MSI7E97.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
\Windows\Installer\MSI7E97.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
C:\Windows\Installer\MSI81A4.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSI81A4.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSI81A4.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSI8232.tmp
| MD5 | 5577a98daef4ba33e900a3e3108d6cc1 |
| SHA1 | 5af817186ab0376a0433686be470ea2b48c74f5f |
| SHA256 | 148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d |
| SHA512 | d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5 |
C:\Windows\Installer\MSI8232.tmp
| MD5 | 5577a98daef4ba33e900a3e3108d6cc1 |
| SHA1 | 5af817186ab0376a0433686be470ea2b48c74f5f |
| SHA256 | 148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d |
| SHA512 | d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5 |
C:\Windows\Installer\MSI8510.tmp
| MD5 | 5a1e6b155435693938596d58eaca74bb |
| SHA1 | 27fb323ccc215136ef350469072b6ad559d39c3d |
| SHA256 | f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac |
| SHA512 | 4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388 |
\Windows\Installer\MSI8510.tmp
| MD5 | 5a1e6b155435693938596d58eaca74bb |
| SHA1 | 27fb323ccc215136ef350469072b6ad559d39c3d |
| SHA256 | f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac |
| SHA512 | 4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388 |
C:\Windows\Installer\MSI8723.tmp
| MD5 | 8d4c7e2792f92d8e7cba3098a54c8e66 |
| SHA1 | d21b486f78aef95b7041d7e6966568ac3c550e3a |
| SHA256 | aaf3e53a1a1aeadac1339b20e256eabc29502a9a583a7c18b29d6bba2adb1ab0 |
| SHA512 | b81598b2c47ebe78fb9851254b576885e7ba68b637337378c9e8e7928c72ffc89734c9a729dcb947aa64f8a89f07ef9c1751f64526e60cd72931b92662d2b91a |
\Windows\Installer\MSI8723.tmp
| MD5 | 8d4c7e2792f92d8e7cba3098a54c8e66 |
| SHA1 | d21b486f78aef95b7041d7e6966568ac3c550e3a |
| SHA256 | aaf3e53a1a1aeadac1339b20e256eabc29502a9a583a7c18b29d6bba2adb1ab0 |
| SHA512 | b81598b2c47ebe78fb9851254b576885e7ba68b637337378c9e8e7928c72ffc89734c9a729dcb947aa64f8a89f07ef9c1751f64526e60cd72931b92662d2b91a |
C:\Windows\Installer\MSI89F2.tmp
| MD5 | 8d4c7e2792f92d8e7cba3098a54c8e66 |
| SHA1 | d21b486f78aef95b7041d7e6966568ac3c550e3a |
| SHA256 | aaf3e53a1a1aeadac1339b20e256eabc29502a9a583a7c18b29d6bba2adb1ab0 |
| SHA512 | b81598b2c47ebe78fb9851254b576885e7ba68b637337378c9e8e7928c72ffc89734c9a729dcb947aa64f8a89f07ef9c1751f64526e60cd72931b92662d2b91a |
\Windows\Installer\MSI89F2.tmp
| MD5 | 8d4c7e2792f92d8e7cba3098a54c8e66 |
| SHA1 | d21b486f78aef95b7041d7e6966568ac3c550e3a |
| SHA256 | aaf3e53a1a1aeadac1339b20e256eabc29502a9a583a7c18b29d6bba2adb1ab0 |
| SHA512 | b81598b2c47ebe78fb9851254b576885e7ba68b637337378c9e8e7928c72ffc89734c9a729dcb947aa64f8a89f07ef9c1751f64526e60cd72931b92662d2b91a |
C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd
| MD5 | 9546c10433c45bfb9947449dd8d304de |
| SHA1 | f8ebbbe3ad6a8cfd13607fd3a7fad7a3a7a50158 |
| SHA256 | 6778c7c7b6b6c1c273e668169a7652a681da86ad62d03f7c5aa120405069feb2 |
| SHA512 | 90c6dda39740f839fb470f838c35d5f264a0a8664c57cbc66c431082710ee633ca4672b3b64902e7bbb7a61e9b9f4eea251a7d8b6d5126de6d73d3480fdede5d |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\AMERITECH.NET.XML
| MD5 | eb74234cb882f0fedae27f0b9e9957d8 |
| SHA1 | 973377cb3ecbbe475ec49d45f15ced0a02143a1c |
| SHA256 | 0645a4a67dcec462dc9f335bb0564e6e39bf12ea7e40cf8de81418210102c2d1 |
| SHA512 | 480e05680cdcb4d72456228a7a61f2577eb2e412760fce40a5b4066d140d41545110b830851b764ac483a6630dd5ff1e27ba1f95643fa3fcb801eed514ba4b29 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML
| MD5 | b024a04198ed894b334178e411856122 |
| SHA1 | ca7552399eca0ceec6a3dbf393396fade2f5f550 |
| SHA256 | cadbea407cb411d2ed1c47c77536b622eb7d53d4fd3ee3b9897d554298683fe3 |
| SHA512 | 466ef38a6bd49fc816e208b408e5bcc7d366dc7eb9072600ab21510b6e1417894bffeee5ec96f5a0a535d8e541fd505ae3450f2233e5a128bb073394c530e879 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML
| MD5 | b4052c951a5d5df0482bec08dcd1a1d9 |
| SHA1 | 99f3e0929eabf972e94c276c6423499860202f65 |
| SHA256 | f860ea6cfbfe8ddb3862a09c1b443f3273dac1a4757ce9e7a3b34d46f971ff10 |
| SHA512 | c26450d504e58cdbba0ded009158837855dadd8040b0c05845ee25b540567758c650df3d6b28c3571adff47e39d8ef99b30144250477524a19ab172d0870ef82 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML
| MD5 | 938fcac2676e99d92efee069eacacc37 |
| SHA1 | 575b35480aab9ada77d22f922bc57cb49a7580a6 |
| SHA256 | 9b8747ddedfdcb06f34ca5161281e28aafe3bec2e4b21aa731e17bb46dabc6c1 |
| SHA512 | 515074b8b8c14986ab86913a659ffa007cab07db5c6798ef6a4e12279ad3bf68262ac42ce991ed20a06825a8e5b8d0efc48aca38dad5503178d1dce0ef68c33c |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AR.XML
| MD5 | dc5794fd7e35debdd2e25f3e22761cce |
| SHA1 | 348034e08eaa9434bcf5713e9880f60bfd33ba78 |
| SHA256 | 15dfcf446deb114d465215cf49907aa5efc5fb8531f97607d50148cb4b680288 |
| SHA512 | 6a9b27a6702e40ef03367ce611716816cc4debac9086983148ff75c4e8656f10ff5edf73e95e18efe9e0ef7b721350e86a20919061d0ce1266258384ef98b1d2 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML
| MD5 | 0b0d4b77b1494ca873f4311cc88a9fde |
| SHA1 | e88f8c3100290bbcdc224f4db05a77811726fe90 |
| SHA256 | 60107be66c9efe4d6aa0a3864f71d60b3800c8d6400daa36c05609d099b5f891 |
| SHA512 | 0a2410540f096ebd0464f16681b7375152fe8844ad2fed5fe86b352a61d6c65695051c82a36b77156a79ac633943463739752163d48b26abedf2db2c49ba794d |
\Windows\Installer\MSI97A9.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSI97A9.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSI9A87.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
\Windows\Installer\MSI9A87.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
C:\Windows\Installer\MSI9BEF.tmp
| MD5 | 5577a98daef4ba33e900a3e3108d6cc1 |
| SHA1 | 5af817186ab0376a0433686be470ea2b48c74f5f |
| SHA256 | 148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d |
| SHA512 | d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5 |
\Windows\Installer\MSI9BEF.tmp
| MD5 | 5577a98daef4ba33e900a3e3108d6cc1 |
| SHA1 | 5af817186ab0376a0433686be470ea2b48c74f5f |
| SHA256 | 148199b4f3b6b2030e2aeb63a66e8e333e692d38691bcbe39139cf02bb61b31d |
| SHA512 | d37d511975b5331a5b1cdda736890c7d4f2dcba4abac2b9399c977bdb7e09c964327e3f771cd592e2632b0e776545c490f29fd391ec13c7948557957cd805dd5 |
C:\Windows\Installer\MSIA3FB.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
C:\Windows\Installer\MSIA3FB.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
\Windows\Installer\MSIA3FB.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
C:\Windows\Installer\MSIA563.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSIA563.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSIA851.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSIA851.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSIA91C.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSIA91C.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSIACA7.tmp
| MD5 | 85221b3bcba8dbe4b4a46581aa49f760 |
| SHA1 | 746645c92594bfc739f77812d67cfd85f4b92474 |
| SHA256 | f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f |
| SHA512 | 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d |
\Windows\Installer\MSIACA7.tmp
| MD5 | 85221b3bcba8dbe4b4a46581aa49f760 |
| SHA1 | 746645c92594bfc739f77812d67cfd85f4b92474 |
| SHA256 | f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f |
| SHA512 | 060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d |
C:\Windows\Installer\MSIAE2E.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
\Windows\Installer\MSIAE2E.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
C:\Windows\Installer\MSIB051.tmp
| MD5 | 33908aa43ac0aaabc06a58d51b1c2cca |
| SHA1 | 0a0d1ce3435abe2eed635481bac69e1999031291 |
| SHA256 | 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783 |
| SHA512 | d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46 |
\Windows\Installer\MSIB051.tmp
| MD5 | 33908aa43ac0aaabc06a58d51b1c2cca |
| SHA1 | 0a0d1ce3435abe2eed635481bac69e1999031291 |
| SHA256 | 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783 |
| SHA512 | d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46 |
C:\Windows\Installer\MSIB11D.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
\Windows\Installer\MSIB11D.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
C:\Windows\Installer\MSIB16C.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
\Windows\Installer\MSIB16C.tmp
| MD5 | 4a843a97ae51c310b573a02ffd2a0e8e |
| SHA1 | 063fa914ccb07249123c0d5f4595935487635b20 |
| SHA256 | 727ecf287fb6f4953ee7748913dd559b4f8d3a022fa2ca55bc51cf5886c52086 |
| SHA512 | 905c081552d95b523ecf1155b6c7e157652e5ff00cda30c1c21124d266eb7d305c3398d6832316f403dc45d1b639f1a5a67aea29922cd1a032f52e5247ec55d2 |
C:\Windows\Installer\MSIB4B7.tmp
| MD5 | 399075975c41f7e85b12bc6668f59cf3 |
| SHA1 | 04f5140a93f4fd7721cd305d12cdb80d75b36a16 |
| SHA256 | b5129d385ac5d296142ba97faf663ffbb6c50761fc414d4528d8b8a26bc31ac3 |
| SHA512 | 1266087db1d06405ccdb4e3cfc8f086b361da2a276a62dcbd2ecfa4532571cf57fdc568b07493fb5d0d9171c1eac8b9d371cd3e35600ee08b108b2688c0c95bf |
\Windows\Installer\MSIB4B7.tmp
| MD5 | 399075975c41f7e85b12bc6668f59cf3 |
| SHA1 | 04f5140a93f4fd7721cd305d12cdb80d75b36a16 |
| SHA256 | b5129d385ac5d296142ba97faf663ffbb6c50761fc414d4528d8b8a26bc31ac3 |
| SHA512 | 1266087db1d06405ccdb4e3cfc8f086b361da2a276a62dcbd2ecfa4532571cf57fdc568b07493fb5d0d9171c1eac8b9d371cd3e35600ee08b108b2688c0c95bf |
C:\Windows\Installer\MSIB738.tmp
| MD5 | 9471017b246f1b3dbbd8984ecc1f4293 |
| SHA1 | d498d3f0fdf3c5d90e244094f3df3e618da36341 |
| SHA256 | e75f900e7240da9993c267a11f5a68d4c2cebb205fa690200bcdf8e1d0b6e7d8 |
| SHA512 | d950f8e613b8585ba8148cad5731134105bf992d160cdedffdf914e78e7b9f1eac0fa3d1071c87343ee942a92ad8ebd1970850edb5fb278326ef03e9ab4160c7 |
\Windows\Installer\MSIB738.tmp
| MD5 | 9471017b246f1b3dbbd8984ecc1f4293 |
| SHA1 | d498d3f0fdf3c5d90e244094f3df3e618da36341 |
| SHA256 | e75f900e7240da9993c267a11f5a68d4c2cebb205fa690200bcdf8e1d0b6e7d8 |
| SHA512 | d950f8e613b8585ba8148cad5731134105bf992d160cdedffdf914e78e7b9f1eac0fa3d1071c87343ee942a92ad8ebd1970850edb5fb278326ef03e9ab4160c7 |
C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM
| MD5 | 7d0a27db87cbd4243eacad312e5d7f41 |
| SHA1 | 9b077bbd55fc3718e25dd9b80b89423cd9495633 |
| SHA256 | 8ae7498b01f40e9d2a04df8a8a91cc0b180eb9eb64b78129f59a6d6ab547816b |
| SHA512 | 88ed00f2eba7cc1e53fafddcb74c2c1029f2866c4379816b0c53a6230dd5a06eb33092647b36c90f29ebbb7c705fcb065514977acb06fea4cadd43ae144f73ed |
C:\Windows\Installer\MSIC5E9.tmp
| MD5 | 5a1e6b155435693938596d58eaca74bb |
| SHA1 | 27fb323ccc215136ef350469072b6ad559d39c3d |
| SHA256 | f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac |
| SHA512 | 4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388 |
\Windows\Installer\MSIC5E9.tmp
| MD5 | 5a1e6b155435693938596d58eaca74bb |
| SHA1 | 27fb323ccc215136ef350469072b6ad559d39c3d |
| SHA256 | f2d5eb947b85f763f72de7f800118844a5207c9e3dd456f13186c2aaf0c485ac |
| SHA512 | 4fee8576ef5541d4923aacb514b09e1e4dc8d6cbb1dcaada67c65240358147b971c2a1d034faf50c594ae7edb4a3c68dd4ffbbb69893413ffb52e71a86c65388 |
C:\Windows\Installer\MSIC944.tmp
| MD5 | 00c3f5ca474a20c4a8dfb263a3950dad |
| SHA1 | 78b00a2e0490e1664af4d86fdbd3ac78330d21d4 |
| SHA256 | 9d849a8f5b39941ea32d47f0529977b1870f648736a483d86682436e3d3db748 |
| SHA512 | 20a8a8655b61b464f29329a70daa95a36c8c54b549bbec26ed93c63097d6d7a4c0a3ca1cb9a85a0521d298885c00f22fbfa28abf9aa33737056b48cc0ebead9d |
\Windows\Installer\MSIC944.tmp
| MD5 | 00c3f5ca474a20c4a8dfb263a3950dad |
| SHA1 | 78b00a2e0490e1664af4d86fdbd3ac78330d21d4 |
| SHA256 | 9d849a8f5b39941ea32d47f0529977b1870f648736a483d86682436e3d3db748 |
| SHA512 | 20a8a8655b61b464f29329a70daa95a36c8c54b549bbec26ed93c63097d6d7a4c0a3ca1cb9a85a0521d298885c00f22fbfa28abf9aa33737056b48cc0ebead9d |
C:\Windows\Installer\MSIC9A2.tmp
| MD5 | 33908aa43ac0aaabc06a58d51b1c2cca |
| SHA1 | 0a0d1ce3435abe2eed635481bac69e1999031291 |
| SHA256 | 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783 |
| SHA512 | d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46 |
\Windows\Installer\MSIC9A2.tmp
| MD5 | 33908aa43ac0aaabc06a58d51b1c2cca |
| SHA1 | 0a0d1ce3435abe2eed635481bac69e1999031291 |
| SHA256 | 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783 |
| SHA512 | d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46 |
C:\Windows\Installer\MSIC9F1.tmp
| MD5 | 399075975c41f7e85b12bc6668f59cf3 |
| SHA1 | 04f5140a93f4fd7721cd305d12cdb80d75b36a16 |
| SHA256 | b5129d385ac5d296142ba97faf663ffbb6c50761fc414d4528d8b8a26bc31ac3 |
| SHA512 | 1266087db1d06405ccdb4e3cfc8f086b361da2a276a62dcbd2ecfa4532571cf57fdc568b07493fb5d0d9171c1eac8b9d371cd3e35600ee08b108b2688c0c95bf |
\Windows\Installer\MSIC9F1.tmp
| MD5 | 399075975c41f7e85b12bc6668f59cf3 |
| SHA1 | 04f5140a93f4fd7721cd305d12cdb80d75b36a16 |
| SHA256 | b5129d385ac5d296142ba97faf663ffbb6c50761fc414d4528d8b8a26bc31ac3 |
| SHA512 | 1266087db1d06405ccdb4e3cfc8f086b361da2a276a62dcbd2ecfa4532571cf57fdc568b07493fb5d0d9171c1eac8b9d371cd3e35600ee08b108b2688c0c95bf |
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip
| MD5 | 1b09d4b3b183d0e78c9627ba6b0f925e |
| SHA1 | fd441ff31ab04f40acc054b90c34bdee299017bc |
| SHA256 | 2555bb5583cd7eecea012833776c74683ce3479d1c1553733366905bc820ea83 |
| SHA512 | 5426ddbc2ee693f1397c0a44ca5c6f1f8b763189326edfbdae4e82157ffa525937f78f0461f9d9b284a4a2491c7b1fe20d887adeb3ab7a07186b46ab6f5f8038 |
C:\Windows\Installer\MSID1CF.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
\Windows\Installer\MSID1CF.tmp
| MD5 | d1f5ce6b23351677e54a245f46a9f8d2 |
| SHA1 | 0d5c6749401248284767f16df92b726e727718ca |
| SHA256 | 57cb8f01cf553c3886760180d1a74839f2f676640115504485aca9692f577acc |
| SHA512 | 960e90894e7bedcc89894e77e57e8ee0c99dd2c530d02665e8bbd3a1793eccc1e295c5923d1f37c757fa1158097fbaae70898c16052882d3d210c29ea801b3ba |
C:\Windows\Installer\MSID49D.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
\Windows\Installer\MSID49D.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
C:\Windows\Installer\MSID559.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
C:\Windows\Installer\MSID559.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
\Windows\Installer\MSID559.tmp
| MD5 | 9caf5e1999a4bd6ab8c4d4ea07818a7d |
| SHA1 | fb1fe1d18fb670fbbf7461f449a473778b711717 |
| SHA256 | 813ebc09bb3144d76f6f3a1550877c21590e0776f893915ca1178672e84ca1e7 |
| SHA512 | d40a70f7718adc63a21758ce43bd0c3f71abf4a4b7dd0639be3decf326a1b3281ac1043c519fd3f5cbae5ed6b3e59e3bd8d583c2ae253529fdd6d5225f41ab74 |
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |
C:\Windows\Installer\MSIE3CC.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
C:\Windows\Installer\MSIE3CC.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
\Windows\Installer\MSIE3CC.tmp
| MD5 | 9f0b9bc54bb73dfb7cf85520da1a08cb |
| SHA1 | 236f7b770317d782f0817fbf7542140cb1e1526e |
| SHA256 | 0d44d40e8bda72a3d6ca26665100b256848e2183029a6728c18ad97cd650547f |
| SHA512 | 8acfb05a7b4723776fa66c0f71bde90dd49243de5dd2a8cf1a1f09a1175f9346c12a717050bff5f3938bda6cc4c610ca1eab75d4b9b7c8bcfb97d9158727a10d |
C:\Windows\Installer\MSIE40B.tmp
| MD5 | 33908aa43ac0aaabc06a58d51b1c2cca |
| SHA1 | 0a0d1ce3435abe2eed635481bac69e1999031291 |
| SHA256 | 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783 |
| SHA512 | d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46 |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
| MD5 | cea67ffae620e6410ed0590dc6ec9b92 |
| SHA1 | de0e7c9e496fdd650fd8ab826e84b256eeb85812 |
| SHA256 | 2dfba633817046c7f559ed4b93076048435f7e1a90f14eb8035c04b9ebae2537 |
| SHA512 | ba21e55aa88dc8b12e13ebff9e67570177db6aacfb606658650397e6423937d882b1e1c93ed62d12de0dfd59791d78c6a73d68e55f343cfa1f85235daf3b89ec |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
| MD5 | 0a9c72f9db202d3c13e46b9a902f4a6c |
| SHA1 | c0ef3c5679f5c071f592f49042733f9542a59e4f |
| SHA256 | 57eb66eb632b72c290761008baf8118400f3a914e5ea4ff8621c3d61d529c89c |
| SHA512 | 2788ba119c86c5f806ac04b1435d0ca668ae665d843d99128cce7b2d79726434d15c2dc0d3d991cd9fd2a492f14695f01a7c5e825211e7a6a593cfb6a85360c9 |
C:\Windows\Installer\MSIE8B2.tmp
| MD5 | b8255a1bc3c307557741d2c99b8256d1 |
| SHA1 | 48cc6f3c1a566f06684c5184cf830cbd7db638c2 |
| SHA256 | 796aea9a46fb7704222a7fe1f4e27455b14640c816d6f961344f89dc47537b33 |
| SHA512 | 85f685ad84f2208ad87ff34fb5e99edae50fc938a9335cb9747b7707d237c1b397c318090112eee0e9f04777ee004e26e7377f57c3e31159a96638b65110a69c |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
| MD5 | 3acc3cc8c26b9cd4f8db480174d5210f |
| SHA1 | 0084bb4735d725d16042918ea916d3e39d379177 |
| SHA256 | 18df269c236e68e99a2e97691011172e3c2c600448a13dca21118370bc226335 |
| SHA512 | 614d3e11bf7670772edc4135db9ea0056d23b2b7374bfafd47bb3de080cd2e35b83b336ce3eadda374b869af5f28b0b29998f011455b467cfd4cbd47bc1ab7b3 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
| MD5 | 17240404cc21fa5bd98a4a03b059f656 |
| SHA1 | 17bf789e27311a0ab774e7a293b834c82c425d49 |
| SHA256 | 54ad5402b99458324b0e2a71fb21fe7c0e16eccf508b444034a6585aae645053 |
| SHA512 | d05635f214f250f97319544464039754e289ee5424729d053b5efa90159ddeb6b1ae3902aac8ddc711b5ca51e78aab299f06fd8c19f0d14c9ab621941983a7ce |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk
| MD5 | 98ca7859082dd1dc8570f548fd1a4894 |
| SHA1 | 4687cac842d71ea8ddca89cc681dbc83df8aa787 |
| SHA256 | 56ef96896db0a2f66b66a8513c0c1f699c5c67f1b23d5e7daab3e679e37d48e3 |
| SHA512 | c215566e992e46e77bac8dc462301b82206f499d46153203129bd4b05cd1d22621afc2ae828a998369fd0e3578f575fcc53b429023f74c3d7eaf01a8a65b040d |
C:\ProgramData\Microsoft Help\MS.MSPUB.14.1033.hxn
| MD5 | 80bda6f948a1289beefa36d2ba38194d |
| SHA1 | 948905d56e776f1efa1e026b309c6669b089a2fa |
| SHA256 | 9cb5d05f0db60b9e0d1b76af229fd2a705903d6a1278d4b815faa536a60c118d |
| SHA512 | ebbc2ac06f50c65430f2d3df2dd94434a6bb0e431a48e5929d57b944882f66e488f6abb668535f0bdd5007b92d18d2c4b726ccbc547c60c6adb3c8f5b7f4e586 |
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn
| MD5 | 55b53f1413edc16c71b2ed8377f7cebf |
| SHA1 | c4c7cc19e754412b38845e6fa4c48d20b1c51da4 |
| SHA256 | 3eefc4790b52024832ea4c03c6e7a781f3ef9416866a959b2777fce101ad9d61 |
| SHA512 | 23301467411dbbfc5b302282dcb483e3d2758f7b4f999f32717e2d758479fab08e553149558c4a0c2f69b8db739a3eca67e78ef8ddf3d6304e5b577044d55b8f |
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn
| MD5 | 565aba2aa486212bffe024fefb3a8ba0 |
| SHA1 | 13f8e2befaf22d391595db2f5bb2efd761cb41ac |
| SHA256 | 891c1644d5e29e33e5bb88666853f9531b93a3d6fbbd4a8b01e4e8701f836bea |
| SHA512 | a7a9610937383b8b9feeacacbda08f5d05692cd1550b238caac7a94d17399d689bc95e5afbd7a378e4cb2524d59c3bc3591e975a6aad65bcb6f6cd2e65cbe8ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000002
| MD5 | 871bdd96b159c14d15c8d97d9111e9c8 |
| SHA1 | 8cd537a621659c289f0707bad94719b5782ddb1f |
| SHA256 | cc2786e1f9910a9d811400edcddaf7075195f7a16b216dcbefba3bc7c4f2ae51 |
| SHA512 | e116d2d486bc802e99d5ffe83a666d5e324887a65965c7e0d90b238a4ee1db97e28f59aed23e6f968868902d762df06146833be62064c4a74d7c9384dfb0c7f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 0e2e640b11f60ae0769bca010bdc6ecc |
| SHA1 | 420f079c4fa62bd56442cbd687964bfa1b423a20 |
| SHA256 | d81bfb50e59a9abbe66f6ae0c6b45c7b9c0bc6eead2cf982118ac4d62b6ffeda |
| SHA512 | c39a4d54d66c0ea99c68abef1032b24097f15bb5b42a0d02337a6bd2e27b9c570f1788a0835b926dd6f9f6adb6a8868ef28641d246abf6b8899d20cda2f45475 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\VCT3UJZ1\desktop.ini
| MD5 | 53553242d57214aaa5726a09b05fe7bc |
| SHA1 | 931613845dd0e72f1b1a5ba0c89f1c34e5cc089d |
| SHA256 | 1be2b3990b410ca4fb38d1f79019c4018cd8820b69618646c81d22dfcbddc802 |
| SHA512 | dd0a0b9213182c99444bb7fb2eba5b28f521a768880be2539706730693ed9ea462feb4fd46b1deb5e7d4f31a284f2803b476209b451c9dc4d6ed056d71736d64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
| MD5 | 897208d5df122e307ab837d982b2c085 |
| SHA1 | cf4ca14a7adcbc197cd84c1997efdd076911d608 |
| SHA256 | eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4 |
| SHA512 | b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
| MD5 | 68cf4c147c95c7e6a1e5a6ee6dc7a185 |
| SHA1 | 4204d04da17eea4650c1e921106988ea61c97d40 |
| SHA256 | c38f1294a259a7e943728e76d1a9d2e0992d22f4cebf6de1fb42204e7126d19a |
| SHA512 | 94dc7f770068c869ac5471148e7ce30670a0bde0014c98a295b4c9b68bb5aba33d39fde081be849c625f501bbd66014214e2c5561b8c0c0deba02e9c788ef098 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
| MD5 | 6df9012b2b7cb3c55963499a26309bba |
| SHA1 | 6d7aaa7d2bcca4a8758b398ab7617839203c828a |
| SHA256 | 80bd5cb5a9ca35dcdea1d59b5f1778f4114f6215af38004a02a99a1d37383648 |
| SHA512 | 32aa05aca47a17b6afdbadabe83e929e5a55777c5f5ddb0c854ae78ef403a2baeda46e7f1f1fd7de5237749f43d5f8ce0c95e260ef25e27e20cbdffde41bcaf6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\841yyxv3.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset
| MD5 | 654285e76e3062621bb2a7abadeb9214 |
| SHA1 | 90514492cfadee2303e64fe5bb1c852fc7caf2bc |
| SHA256 | 6c2b87f2b54344778d2eb7f85ae86f2079206f40d185896f7dd3df446533e8a1 |
| SHA512 | 2ddd07e926504fa628db2e422ed2975fe4d0d99f8effbe43025e19634ad34b7f54b5de7be5dd32972377fe67c5a6d8436c525a1fc9db2d8ccfe676c1d9084c99 |
C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00001.log
| MD5 | c3eef41f29629d2c7796d9c3ee638df3 |
| SHA1 | 65c07cdd1c2108cb27649aad8690f2643d018e41 |
| SHA256 | 04893027370077030b48fd90535706dedb3b2d31e4f6ce5bfbcd1c8578017383 |
| SHA512 | 96898187fe2e319b120c3026a300b06109bc1c9720660a30d8a3705d7cf58f37162d61e904f64b798c4368e4716c3adbbbdb8d047dae4822c131f4526d5b331b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
| MD5 | 5d52c133dbb0c7dda6de26ed1ca2c54d |
| SHA1 | d61596a342190277c0440fb1eaa096e22ec92a23 |
| SHA256 | 913c6e2c32d99e4baff62cf421a494730cb043924f2c6bf46406573b59c641bd |
| SHA512 | 60bbc39283fa13b09473078627965c153aa35cc330bf37ad9b0827725b1f0fa81e72378d0b88194641cf2c4777a9c4148e6925df180d1315f7b674b860a3d944 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | d2a70550489de356a2cd6bfc40711204 |
| SHA1 | 02ec1f60b2e76741dd9848ac432057ff9d58d750 |
| SHA256 | e80232b4d18d0bb7e794be263ba937626f383f9917d4b8a737ba893a8f752293 |
| SHA512 | 2a2d76973c1c539839def62ba4f09319efa246ddc6cad4deb48b506a23f0b5ddbc083913d462836a6eff2db752609655f0d444d4478497ab4e66c69d1ef54b5c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\841yyxv3.Admin\times.json
| MD5 | 0d7db7ff842f89a36b58fa2541de2a6c |
| SHA1 | 50f3b486f99fb22648d26870e7a5cba01caed3da |
| SHA256 | 140eda45fe001c0fe47edd7fc509ff1882d46fbcb7c7437d893c1fb83012e433 |
| SHA512 | 6e6570a7cc802760730db659a4ede4221ac2cd944f4b0d97b0a5c8a9f2a072899e3c3fc5dac336b53f8accde81cbeeca6c5998a1471a2f91eb60e3e13620368d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\841yyxv3.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a67d568fd3cd6d93504c1352708fd8ba |
| SHA1 | 5d518c7cbf452382fa8b1d740005ef5cf0c10107 |
| SHA256 | 0ae124b1e64802cd478b1a5233f6d6a808c08cb5e512139dc8ef6c96eb0b1330 |
| SHA512 | 89009269942fbcd027d92c90f16537662f36104eff9dd834d8bb4ad8f503bfc7262ca91f3a95e648763bc6021701dce803f2dfe74c9df85b5253d26cf78e4b22 |
C:\Users\Admin\Downloads\desktop.ini
| MD5 | 65fe580cf845ed035c4e57ad02a987cf |
| SHA1 | 6a7fc08e53675bd325b0e6426eec4ce52db7f2a6 |
| SHA256 | 4afd6e7f6ef862c727cf5780abfde2094eb56e93383b6e9d4cb7fae81dd17cd1 |
| SHA512 | bbc34c4f8892aaae0831e02cdc146ffca22efff5e70601bafa084bb0824e88c87fd20988e602fdcf649ba0322ea1d74cdd5bc7805525987c4115096173e33b76 |
C:\Users\Admin\Favorites\Links for United States\desktop.ini
| MD5 | 59763dea4943fa0a7ec51296d5f2c7b3 |
| SHA1 | c3b3795c396c3f64ac68d9304f97b34adfdbf206 |
| SHA256 | 6eb69e26de2a26eda48af77d4cec893aa0cf4748a64cbefcfe11a22c1e680ad9 |
| SHA512 | 92c41f07d1aad07acbe943f36731f4739b5bd84822f660459e464262d45f4970203210180655683feb51868735d9deaaf37fb8308d415376bc631ce887b94fdd |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
| MD5 | 1477fccb6f5105178b8a4959217a35a0 |
| SHA1 | c66fa5d6d133a7cb7247edd1b32fc6b82dec3dd9 |
| SHA256 | 118980fc1bef9a9da8a06e2a864d3f5f5573b37786bac8709746a8ca26a12523 |
| SHA512 | 1715a141037d97e12c98f91a62bd44e76364af02e8ad5024699e9dc3951d005eb3471de1bde3569a61af8e5127883cc1133b6274928bde3c5ad5840e36ee764a |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
| MD5 | 393017b9101a884b66d64849d99a7d05 |
| SHA1 | 6fbef1dbdae7b9c1eb817a8c762704f4301192da |
| SHA256 | fb701ba16878b120e90469d8238b8765f8a157f6aabf76d94fd6aa09b591cf93 |
| SHA512 | 175fcd4da63f57f127b2382965a38a9359fee7f7a694803bd4f76e8715ac9c607e6ea863b2d938514e727f539613b7e93ed3110c47b30ff4530c3e142237c555 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
| MD5 | 9081505b52708b1cf5f639883942d813 |
| SHA1 | 1efd3054cc8a59abfc3e52f5aa5702c8fb18b0d5 |
| SHA256 | 5cad8b3db8fbb29e0cabbd785e1e3449ebcd5b04544cde14c93812a93860cc47 |
| SHA512 | 23b0249a981614c2ac604fa68be9876919513ebddff84aa08e98f05495531f0c4ff7f1dcf19e2b7d9b6040c65e96dc3c210a695f66b20c25b020461cb9c116d0 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
| MD5 | 25a495be8250cc90b02a483e82df99c6 |
| SHA1 | 0f8ca0d9fa83bb38a8a400a893185e589a968742 |
| SHA256 | ba1d859d62b101dc263d6834aaa81378941736dfab33b15243a4bf3b45691735 |
| SHA512 | 6926347d0da33ecdf2af9d5ef5966f2108da941447c4e33ca90eeebf82a4171a1439bb3b285c31387e08b5fbd964851fd98d4c352975802de74ce02b03b7bd0d |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
| MD5 | 6ef918fec6062ec3fa9aec3515ff22e9 |
| SHA1 | 7b97afba8180e32e17cf04e2ebc14306fbd37a63 |
| SHA256 | 9df18e83bfce0d614cee8a1ce8ab9500f4fc8c1b39f41acb9b7caaa317fb55f2 |
| SHA512 | 03c347f8c31b3aed7c3b73450b774fac8a917d2ce7ee9bb58e9da6c3121dd6fd88334ce9ddb56404c1d9c9a964319808577f62855d559a66606537651780b7b0 |
C:\info.hta
| MD5 | 5c1565755765f6c2410da411156815bf |
| SHA1 | 73f6651988eabbcf753db76cbf2f50e3e7e9126e |
| SHA256 | 8e632f5db3a2b1874ab44195324bc2c2b7a65e616ef663e1ce634f44a13a0771 |
| SHA512 | 00d28d4f7c17ce32df18c4aea9a05fc4ec3b823cce754a5cb7d33d01732f948321954980b632ce818b66fd9a83ed7bcd1b3d643d5c2cd8afc79bca9cf3f0f1ab |
Analysis: behavioral2
Detonation Overview
Submitted
2023-06-21 07:09
Reported
2023-06-21 07:13
Platform
win10v2004-20230220-en
Max time kernel
210s
Max time network
212s
Command Line
Signatures
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (469) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 = "C:\\Users\\Admin\\AppData\\Local\\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe" | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 = "C:\\Users\\Admin\\AppData\\Local\\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe" | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Drops desktop.ini file(s)
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-It.otf.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymxb.ttf | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\redshift.ini | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-80_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\iw_get.svg.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_66\bin\jawt.dll.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\db2v0801.xsl | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ind_prog.gif | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\stable.identity_helper.exe.manifest.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-256.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\example_icons.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_es-419.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSOARIACAPI.DLL.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-80.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-ul-oob.xrm-ms.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_ja.jar.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-pl.xrm-ms.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-300.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\it-it\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\WideTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ppd.xrm-ms.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\bg.pak.id[4724D398-2943].[[email protected]].eking | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\db\bin\stopNetworkServer | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sampler.jar | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\PlaceholderCollectionHero.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-200.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Cyrl-BA\msipc.dll.mui | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_PigEar.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileSmallSquare.scale-100.png | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings | C:\Windows\system32\mspaint.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
"C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe"
C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
"C:\Users\Admin\AppData\Local\Temp\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\UseCheckpoint.jpeg" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\AddSend.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SwitchDisable.mht
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.197.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 13.89.178.26:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
| US | 117.18.237.29:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | api.msn.com | tcp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp |
Files
C:\Program Files\7-Zip\7-zip32.dll
| MD5 | 2f244a56091c9705794e92e6bcc38058 |
| SHA1 | 3f2b518be764f29c66ba8564d1be8f4309cce747 |
| SHA256 | e322feefa8d4c76d8749f88c9b877e3e119418c4ac0b18a8cfb7260638cc588d |
| SHA512 | 3ee3835abfec9c2db4ba1f33b5e59db2400e712d5dd7cde82a12889ea1beab8ac85b923ec0447e81b3d2ce3ebd14922882653f5bcdcc81a29f225acfa4872572 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | ab9d8ef2ffa9145d6c325cefa41d5d4e |
| SHA1 | 0f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab |
| SHA256 | 65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785 |
| SHA512 | 904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100 |
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png
| MD5 | a2bb242dc046bacdc58e7fbbe03cce85 |
| SHA1 | 052ab788f1646b958e0ea2c0ef47d00141fc1004 |
| SHA256 | 486a8212c0d6860840d883981ca52daaad3bf3b2ab5be56cdc47ed9b42daba22 |
| SHA512 | d9bb4c0658f79fbcf22697c24bc32f4ef27ddf934e8f41cf73a2990d18cdb38379f6b61e50edef8ebdf5a2f59a0f8fa40e000b24f1c55a06cfa161db658326ad |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-windows.xml
| MD5 | f7c78514872f9cb5585f8d69532cd2d0 |
| SHA1 | ff9dfbb62a3b48c85b6434ee831fb33a8dba9526 |
| SHA256 | 5f7bcd85900e62abb00ce739eaad53d80170a4a6152d951b6825110d2fc17965 |
| SHA512 | 50ee6ae916ea0e806b73c2e5bb727f6ee4837a696c5bd8559ede78148b40a5d5cdd135e28c8b5153a8fef568fd21ef0708ca198ace89e7120ffb84fd9bc91c01 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml
| MD5 | 2c16868331f82ff43059dcb0ea178af3 |
| SHA1 | 983589535e05c495ffeae4b0b31ddcfafe92a763 |
| SHA256 | be9ceb4464b22203feffd3700c5570b7d6d44c5d0d357148e1e6d5be5e694376 |
| SHA512 | 184653d3e40df84cd0052e5d9477201f276ce0e8cbb5e4b7bfac86fc7da325eef476982910be24c20725a6db6617fffd88998d6053c1b694718bc7ab0bde9ea1 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml
| MD5 | d7d2fed9b7c55fe72a6cda66725cb7e8 |
| SHA1 | 2cb154a1c4a0553658801a088edf87b5816cbbd2 |
| SHA256 | a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5 |
| SHA512 | 0ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml
| MD5 | a75d7d422fd00bf31208b013e74d8394 |
| SHA1 | 3d59f8de55a42cc13fb2ebda6de3a5193f2ee561 |
| SHA256 | 7a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5 |
| SHA512 | af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml
| MD5 | ceb1e6764a28b208d51a7801052118d7 |
| SHA1 | 2719eea8bde44ff35dd7b274df167c103483b895 |
| SHA256 | 99d48b66d590c07b14f4cd68adac79e92616afcf00503a846b6bf4599bfeabc0 |
| SHA512 | f4a2df6229bca6c6ef9ef9f432847683238715eddcb1f89c291da5f5900c9a3461204d8495c3450c8bae1c1a661424089554d316468ba1b039a2c50d6e69bf29 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml
| MD5 | 48e296d8287ae11c252e4277ee885161 |
| SHA1 | 8a75b573549c2791d38acb3a4d215fa2153b37eb |
| SHA256 | c94a9a55369ccc4b41a71b9c18b04e1778a0913447ca6b5a630135f7a7ac0c1b |
| SHA512 | b17a5a8a6009bfde681829bd7be3b550d8b8bf6bfee19bdd55567163890550980ac0633fd956f117006892638f408c63449d4520b0716e6866ab0858cc3f743b |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml
| MD5 | 437687da72730cf42ce36bd093b78b3e |
| SHA1 | 693e31dc362426bc4d7a6b2954f7c80267476d66 |
| SHA256 | d0d0b1face19fe4a88c6b51f6ced55ae0e00ac548b75809d88089ad431da5d3a |
| SHA512 | 7d05e270926dcb452ce405dac9dab6e9e1a0dd247bc93f0940826eb4abecf827acb6f42ef32d3b6f6ac4b46b28d522e0b25f6b8b679affb9a198db8ba4fe2daa |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml
| MD5 | 9f89b49e6e4b81eb9a3ef6a5d8924461 |
| SHA1 | 17ee8eae11a1fb327f3344cc549bef305de408c5 |
| SHA256 | d739aa103e35aa5efd0fe49dd14d9360b5a83261b164d6d3277a24fed97ff8fc |
| SHA512 | ef2f26b00ee4dccdb28fc1bb6c960cab9ae6f72f126bee21104b865b8e7833b35a64abf464b71cc34e954a8ccdb805544729368caee2a84b8ab97914c30fa761 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml
| MD5 | bb95a9de280c528c32806d0d5231de6d |
| SHA1 | bbffb8596f1bc68df5603a10a3672a02ebd3ea8b |
| SHA256 | a7ca0125b93e1a5681d5a9c294ec3a4e5680cc58e44fd223d2dac04232b7367c |
| SHA512 | ac4cad4f24495aa6b0d5ed8aa439554f479cc2fdba4d5dd256f1983fa43a4121c8fdf79ad7ec9d9a396a73fd480bf2f5141ab5303d50c8b6d2ce47d158010a80 |
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml
| MD5 | 0188bed9647ab3c0f81dc3e4b5589baa |
| SHA1 | 05493cad7050ee0cba5255847941736898503dd3 |
| SHA256 | f5d3f822a8435f91f7a5d54b720aa637f8b8f8102c7670d1b52d98f2d0123beb |
| SHA512 | 20e40619e02c24acd461fe07a7d7e448bdd03f423221ecde05ec206eb7b520d3d500e3b5988122b97a8752fe2cc7b305417692ec73d4568dcf49b2c3c4fb8d0b |
C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\invalid32x32.gif
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jre1.8.0_66\release
| MD5 | ff9a2d3be0b1b401f5bbae30ab62a24d |
| SHA1 | 29d8cda271ced9cf1d430029fa4ab0d6ba5948c0 |
| SHA256 | fd13695474bc8227057e56cb7013cea630c9ad3a2a134b7b412293f850c1df43 |
| SHA512 | 0dd906600b44350136079b23488fd72b0f1a8a4eed594b26a692a725a62a741707b2811005dc11a389e5da89ebfd7040519342813035047bbee906a20beff2e1 |
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml
| MD5 | 0b783b2c6d8aa254f3e90187725263aa |
| SHA1 | df2e49e32c8e1d25b17d410addf35badc22ef90f |
| SHA256 | 590de671f8b144c3ec28a4e953a91685bb6c2a97c7c25c08d44003445bc2fe3e |
| SHA512 | ef532a7213505f49d95b05cf27d64e1b45ef9ded6b057ba0501fb0b62631784f21f235a0842c58b2b27522e06bb383afefd3220c85064b729b45131692fa2461 |
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml
| MD5 | 809457c05fe696f5d34ac5ac8768cdd4 |
| SHA1 | a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9 |
| SHA256 | 1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be |
| SHA512 | cf38e01d3e174ff4b8070fb88ead7e787143ce7cf60b91365fafd01cacc1420337654083a14dfb2caa900141a578717f5d24fa3cadd17c1a992d09280fd8dc44 |
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt
| MD5 | c183857770364b05c2011bdebb914ed3 |
| SHA1 | 040e5ac904de86328cca053a15596e118fc5da24 |
| SHA256 | 094c4931fdb2f2af417c9e0322a9716006e8211fe9017f671ac6e3251300acca |
| SHA512 | 8ac7790c0687f86d2d0ca82cfc9921c8cd6e6f5392594317d5ee6f3661500de58ebd5ef6300a412c23ed1cd2748c5eadeeb9719f32758590bd4168a0259bbd70 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
memory/3492-10820-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10821-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10825-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10845-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10846-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10847-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10848-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10850-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10851-0x0000027B60570000-0x0000027B60571000-memory.dmp
memory/3492-10849-0x0000027B60570000-0x0000027B60571000-memory.dmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
| MD5 | d458a2f85bc1330f13acccd63d88d015 |
| SHA1 | 2604402597e41faa97db737fe0fb4166864752ad |
| SHA256 | 0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 |
| SHA512 | 5e89c3541022d31df8d7d2b15522734649796428ba6842182ab59988d3ea5679e1f8b2903b4e7646785c46c8d41b5e99031a4875a340e9be84362b63797e1c99 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
| MD5 | d458a2f85bc1330f13acccd63d88d015 |
| SHA1 | 2604402597e41faa97db737fe0fb4166864752ad |
| SHA256 | 0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 |
| SHA512 | 5e89c3541022d31df8d7d2b15522734649796428ba6842182ab59988d3ea5679e1f8b2903b4e7646785c46c8d41b5e99031a4875a340e9be84362b63797e1c99 |
C:\Users\Admin\AppData\Local\0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446.exe
| MD5 | d458a2f85bc1330f13acccd63d88d015 |
| SHA1 | 2604402597e41faa97db737fe0fb4166864752ad |
| SHA256 | 0b997e8b0d0ff6cc4e6f1919c6c0f3080eaa0d08c8fccdf50f7648bf05cca446 |
| SHA512 | 5e89c3541022d31df8d7d2b15522734649796428ba6842182ab59988d3ea5679e1f8b2903b4e7646785c46c8d41b5e99031a4875a340e9be84362b63797e1c99 |
memory/3424-14105-0x0000016E3D970000-0x0000016E3D980000-memory.dmp
memory/3424-14110-0x0000016E3D9B0000-0x0000016E3D9C0000-memory.dmp
memory/3424-14143-0x0000016E46500000-0x0000016E46501000-memory.dmp
memory/3424-14159-0x0000016E46580000-0x0000016E46581000-memory.dmp
memory/3424-14170-0x0000016E46580000-0x0000016E46581000-memory.dmp
memory/3424-14177-0x0000016E46610000-0x0000016E46611000-memory.dmp
memory/3424-14181-0x0000016E46610000-0x0000016E46611000-memory.dmp
memory/3424-14195-0x0000016E46610000-0x0000016E46611000-memory.dmp
memory/3424-14199-0x0000016E46610000-0x0000016E46611000-memory.dmp
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\CANYON.INF
| MD5 | a1534d6e98a6b21386456a8f66c55260 |
| SHA1 | c7239c0fe3b7a00d812e548f4cb9d8d863e8c251 |
| SHA256 | 4c555a3d8b83f80c2e0d0b647769e82148ebe7e27811d0a63277d6f61abafbbc |
| SHA512 | af0302203a3ccb765aa4ce1b1ab524ffa500d62e179ffb527b76d2b62f5ba31b037902d8d46278378e7255a91251f06c0779fe4940d47a582415a201b0e401db |
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\PREVIEW.GIF
| MD5 | 80e4b616b1c7264011924f980d0a1d5e |
| SHA1 | d2811ba0bae94849d9a97e1f8ce89af91da2db9b |
| SHA256 | e8eac758147eeb2b17f4c1e59ab9fc9bd1cb6c764665e0b028700ac7a4744a5b |
| SHA512 | 5943d1d5a6c50ca451cfdc46284aebe563bab24646e7ee5854da2f0f617a15a56f2686c766be7eb605e6952fdf9a49e2794ef07e29bac64a59a471ce40066eec |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | 69016e6a597d194701476b8e04d4e028 |
| SHA1 | 71a24ddb0c5bbd321d3f09d7b322c3655fb5e129 |
| SHA256 | 4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a |
| SHA512 | a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae |
C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo
| MD5 | cafc2a2dde2f05e2a60677690d2ca245 |
| SHA1 | 8bd9c447b79435b8497212ef76f5b43dffb030a8 |
| SHA256 | db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e |
| SHA512 | 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\EPDF_RHP.aapp
| MD5 | c9580e2bd3527b65bf5b812b477ffe30 |
| SHA1 | 66e921f302739af54e7a991ce38a1d37ead7c7c2 |
| SHA256 | e77bb87374bd3a9b3ccdf932d260091a3ffeb1d1ad9d236b54f0f6797585ebd7 |
| SHA512 | e86e61aa09e93395f03b9976d6af4f775be3e017ca371a837e538d440e04b7813d2855c3b7c2444aaa357c9d7a3b5ccca7649c6c557bc3f520b953d96aa93577 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\OptimizePDF_R_RHP.aapp
| MD5 | 9cb5fb90f42219febcadbc6eb57257f6 |
| SHA1 | c948b86625804155f9ac9478a07cae11d8021563 |
| SHA256 | 1093af6901915021573eb2e3bcb49af7f1eb79df351806d325b80f1baedaa185 |
| SHA512 | 9c9031770c5c67f40b93dc7dac91822f3b5eabe1deb83eceb2a878afc810a810ce0521f966e68fa49aa1973cec342cd3ef6096ebaaa191b885a542e4a178ca5a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Pages_R_RHP.aapp
| MD5 | 6289d77cc58fd2a1816d396fdc5696c6 |
| SHA1 | ac14825f3fa381442f959a459f7d0b153094cdee |
| SHA256 | 1c944211b06ef66eeb79aa89cbc24d3d2e5108d4bae17f1877e297341ecdea20 |
| SHA512 | abc4bca589e1b6e8404def1793e514a5b35a9a3255b37dc7d25af88a3df0e7969101b42cf9be1402e312e25f30288395cef03ffe5a37845689680c2c9097210d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
| MD5 | eedd2d13e3671d589714446755b78b38 |
| SHA1 | 2fdd23507187a259f5a7edb01611a37b6b09f4da |
| SHA256 | 467082e15a8ddefd51088e12a6189f9923dadfdf363ac1b0448ec43dc483cb3d |
| SHA512 | ef47a62ce6ffb0c5b34b2c6d72f5874dbad4109b98aaa21f56b8b2d83471f5ebf983f6dfd889399abe4fead6296cf2ca3f409a4aa4badad8cc3c48f688323837 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reminders_18.svg
| MD5 | 3f16cc51cf788a50e6cc1ae60897bbf7 |
| SHA1 | e5a8c8f5227ca6da79589192892e81b6a3f43686 |
| SHA256 | 30f1d12f90b61f22130b22667f722aeca0aadd59ba3e19d866d72a99a3f0ce3d |
| SHA512 | 17686bb9e01aa108b9b62b33bb70bb8aa35e4d88199281aaacbc8d8da7d54f1f353bf31a109dc22a4e404780ece4cb3d23f0ec81f80e9553ef060011e568134c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg
| MD5 | 1bf37c0336c12ccaa1c62386acacc858 |
| SHA1 | f1e187c79588e4e9fce931997443d7e5cafd1db6 |
| SHA256 | a9044f3c6877f4fa6789bd90f11813a22696bda53e0be17bf52229b70fa87673 |
| SHA512 | f75100874b1dd43c49f54a9aa4621e8bd1efa84359ce44ece2444b639c7bcbddf6564f6c4be089f5d656550c7293b9f5ec4a4b20880939fbeb5ebc21e30866b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg
| MD5 | 81cfb9735fea15ca8791a3c34a78d992 |
| SHA1 | 9b4962166a47f5edc62e5fe3c4f8772446db9296 |
| SHA256 | 3d89171c24a889bce28f04adb60f08a141584b7c345b158536a72a8070c252b8 |
| SHA512 | f6ac853f4012ddcb29e5079ec00bf058343af1a6d6cedbc9613056db0575c77e964b0864c9693a6e02a525d5e13ccc54e0e7fd938ea39c3d2c6005db959b346a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg
| MD5 | 55215e8f92d35f26cca06fa9d5d221e9 |
| SHA1 | 994838c8df5921e3828749a7703ebfa8383e43b6 |
| SHA256 | e94ac27227c8a25c3f8ede219fd80ace01e7176a12111125b31ae1dcddd487ae |
| SHA512 | 7972d3fb8c305a1b41f3ec4a618c9904c1e655fc757f1dc83f9d9041433f3c30e6708ed3d4fb3166cc41d9773df3f159aa44333f76fdde28f317676046bc9c67 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-disabled_32.svg
| MD5 | 6ed14467c19d47e477a56f007e28f076 |
| SHA1 | 87f18f0e27d3ab7f1ba99aed3a9e0a21e026a8e2 |
| SHA256 | f4b6949da1382fe465cf0c37332dcd8289edd0324d595f715cf258d63d363c3c |
| SHA512 | 56aa02cda87956a7179780fdbee280bcde12e17fce70e6c52e54b04cf8e32c3f38e67726be64e5e5ce5cd7645355b758b5a5ec611167704ac79b042a4abfb4aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg
| MD5 | 2807924fc18c958c38a7004a5dbd4091 |
| SHA1 | 85534040543c3306284e6a475999c46249a35e4b |
| SHA256 | 0345bffb28f80f4d0ded1a2af09a337b18ab3a80c68205bc8321a6ad4d409500 |
| SHA512 | 264d29c6b920b3005ebda1fdb0e0ee6e17059c69d63969c61ea4b5c5464022166ccc04b2c1f69b91052c3e3dd551a087e8e5379d2a62c452184a12b278a8ac3a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg
| MD5 | cd5d2472a2bf9ac7eb4e15146b30bd2f |
| SHA1 | bca600423f99b87df44fde9d96ff874017037afe |
| SHA256 | 038589c0f8f0b9fbed7fe7835de0237de4a28ea404078955a78c0b8145fa323c |
| SHA512 | dde83047b85cf0afd4ac77c9f4e850ebba48a1e1d581ed78c30733f58a9d5e2e22d34a2b2e57e4527f3c314f84922c3aecd6366052d46e0d6157990ed888a27e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_selectlist_checkmark_18.svg
| MD5 | bb80d204c09023de9181edf43dbda1b8 |
| SHA1 | 9e3b9dd99a34d35de68b3d1a4476e6ccfbd9ba85 |
| SHA256 | d5bcc5fc57c056779e8adfaae57d4162825ab3d879f5aaf11ca5404c3df0ad16 |
| SHA512 | 7fc8dffcfe7c5c2e7e02be42f17e7294ed98ec1403b9287bc4db569a8471864151014ee7b91652612c0d6aed0542a73f341f3c7dacdd7a0beff34fe186777c80 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_selected_18.svg
| MD5 | 0498cfb8aae1383c049e8ccdd85f3abf |
| SHA1 | c5fbfcc70b441e91a5ecd23295c745aaf076aa4d |
| SHA256 | ad125b854735c81b5782a65b5b006c7c991e28688b6dd8e5998f432976b9223c |
| SHA512 | 113f19bf726f79473ae2b4406a76676ec0bc4709a26f374aaa3bbd9d0b5790ee4fdd8ebe1a3ab68995973923ae33df7c1c6798e93bf060643c14acfabd4e9302 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_18.svg
| MD5 | 30c9bd1aee3794fd46bc99fc2a359212 |
| SHA1 | 9817640da0b98babc461d277a39b323dc9a76cd3 |
| SHA256 | 4b10fc416763ad7b65a6d6fb3c0016505ec5aaa7a117021a26e4dd6d11fe7d1d |
| SHA512 | bae367b7555f5f7f677abbad1dd548225c2580ffe21bcae5022f8eecf8c97cfe8f7813fd86c31a7f9052c174610ae9d2ae21ac22b381701975492e2386f67f94 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right-pressed.gif
| MD5 | e3c4dd21a9171fd39d208efa09bf7883 |
| SHA1 | 9438e360f578e12c0e0e8ed28e2c125c1cefee16 |
| SHA256 | d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb |
| SHA512 | 2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js
| MD5 | 0d3a12fd3f68decc694da04b57e61d8c |
| SHA1 | f73d4d591f6ef0b2b04fc90d2e840329f7590743 |
| SHA256 | ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76 |
| SHA512 | 2c58a879d4022b441056c85c301ce26401da5f7bc9619debd35fa3bd98b5f1cab8f21e2ae5a177865c64e741dae18f39f99fac1cf00c468ba0e281037d5e883c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js
| MD5 | 68b6f0644d50595a97c9fd60b8d8e697 |
| SHA1 | a4d0edf9264ce1922dc419c7f3b3cedb2814bea7 |
| SHA256 | bf9b3f1f9a3a163d41b1b20a2c410355e6ee72ae97725a7bad97ad23993b0b5f |
| SHA512 | d1a26cc27c302f06419abf97507c0a4d06729aeadab615acaaac0c3fcec6d7715e10642121a4d773ad3d5f613030728e49fb3d07303fad05f7a342352ebad003 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png
| MD5 | 65c9f3fb24b80d8c470d518f901b9c60 |
| SHA1 | b9521c39944357d4b55b91f9f3739575d1f3bef1 |
| SHA256 | 8de76ee7eb6b32c307d4a46a43ac55bc15b917e2a24d36c3d001878a97fd39d6 |
| SHA512 | 6572d65abd587055a69980558b2568266ff76555faadf3ddc93fa65bdd7a009a2fbca10f37f44c27ae889d3de99a3673c2b9ba6e6456242e951703fa32d9c636 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js
| MD5 | dd24e91615f1963a5c64bc9878a0a8d5 |
| SHA1 | 407ece3322d57d16a448b5522d4f29229f80b8b1 |
| SHA256 | 4cf9816ed1062189ff0c8d427fba5e912cc68fc9af76cf7f08fd255977de3b33 |
| SHA512 | a88d5e6fcfd998b0abe79b5b314f3f83f424be9447dca01e1a64a3e7313eb247baa894c10c5758c6788cad27582c09207d00d2e7bc41515e7f1751e05aa812ba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ui-strings.js
| MD5 | 1ea3b76135bb4a589027d6243075a936 |
| SHA1 | 2951fdafcb862ef53fcf213572368bd5e08094ad |
| SHA256 | c960c819e997c1c9d080235a5e24e65059b63cf66b95ff3da9a44773ebf81c1b |
| SHA512 | 3c10075e71d2e44535e19c8660bee7071a110d07dbef67ccc4cc94c45f93afd72f8ce6b24be31e6193549823b7db204e20950e5c1a075ae159c39682db295d27 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\ui-strings.js
| MD5 | b651e9101be833e87337050028831efd |
| SHA1 | ee594ba38a6324369ffc7b4dc89407d3436e34d9 |
| SHA256 | 4717e5fb82c0ee85a7c97d022f410990a62efa2492070e42385cfeab67afd619 |
| SHA512 | 3552858c2a688c95a76c0bb8a6a76b119b744b2e8ae7e7f30135ccd8a145318762faa52c1783a639fb179056317caeaed20c15f211db1d45bc957bc3ce591aef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | 3f7323acc829bc8b3799148d439b3d47 |
| SHA1 | 3d3c540c4080462a8013d6db9383ad69606779e8 |
| SHA256 | d9de646d51650572b66a6cf8a52ad1efd46b7a47830fa7972da0bc05baa2fad0 |
| SHA512 | 09e2a175dd874ac369331fbfd863be20c9ecc005bfd6c7eeadac071804653265e4f7195d70058f2f73951a6a6e202fc96930f2ce71c2d815b228edf01729b559 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\uk-ua\ui-strings.js
| MD5 | a90f5732d4e24d85316da98b11850db2 |
| SHA1 | 0bd5f84ab9190941d435d3137a9f228a28ec841e |
| SHA256 | 761b731ef9b5cc0ba757b25a9d7deb3e19aaf36577e7cb30099b7497c042e76c |
| SHA512 | c1909e15d003f3990dc0bb5c2675608998734d726001e491089003d9e64630250c677209586b774c654ce6b8d669ea4a2683fa0312418355a6b949cd490fbd70 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 7ab2ac51d33778dac850c5dd8b4ba45d |
| SHA1 | b3f47f20c438aa488fe835e0145c014853ee48aa |
| SHA256 | ca17d6cc1f7ab317c34a7cb767ad017163e71726ac648518679c6b1c59fa86dc |
| SHA512 | c14ac0ad209625e0acb2ca9e0afc5f6c98901b01f92b675d073b72929455f47ccf29cbfdaa248c602b02fc2bce484c56753b1a54e66f6ce9df2ea57bed88962b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon.png
| MD5 | 2a78f84427d1d591409740722e60d793 |
| SHA1 | 304f17d9c56e79b95f6c337dab88709d4f9b61f0 |
| SHA256 | 4eae979bb805992739f77e351706e745076ed932d3ef54dd47ba119c4c2fb5c6 |
| SHA512 | d687c646bba8b801511a17b756f61a1209ea94938940fbe46d9e4893f14606f9e1e5ff468ba4a77474603f5cdbe0cb9df3d24767e5c9ac81a0b373dcf4a4f3ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ui-strings.js
| MD5 | 07bcf4e882ae521ec6ddfd0bb2a608db |
| SHA1 | 88e2ab25dec6ba9fedced9bbd21da03639da9409 |
| SHA256 | bc9df2774317cdca8e5a702f249a6994fa3b63852e7749124e82ef1f37b89aa6 |
| SHA512 | ceafee63fb03e94b418bd87c6af91a53c9bef53b86eddb51a7aee77d8ad5e6654045da12c3c28f3ab4486d2f6f135f7f834790991037708b0301085f62e22fa7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js
| MD5 | 0ec670fd70f5e89c3d2727df9f2a5398 |
| SHA1 | d19c88c8e11361d4f29719518b8543e0ecf5ff09 |
| SHA256 | 8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3 |
| SHA512 | a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | c7fc95def1d53bd3e747248ecbd3cd5e |
| SHA1 | 1b251f02465f9c7dce91aac5aa0679a3c34318e8 |
| SHA256 | 4049b739e6322c7d7caa241ac41c8e0b1f2893957204a910c9708c7731a7a8b5 |
| SHA512 | f4b90435a3b250c1d3dc8df9bb4d331dfe9b1c0212eeb1768073afb81b3915fe61a7c4af151c8090565f778dbdf1f4fad7b5f545c9a21b7782cd7671be2ac96e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png
| MD5 | b513ae819f7d8d10fa4f6cbfdf055b22 |
| SHA1 | b4228971cceadd4a698f3c206d8f4bc24a37f991 |
| SHA256 | 25778f162c4243167f8eaa876f1b0619e67afc158de7805600471a563ec5e8b7 |
| SHA512 | c11266406d79494f7d74f8f8a5f955e2bad14b8924877e882fb3e7cc7442998cf6e7a9be3aa7f1a945af8bb2add9dfcdec0ef54239f6ee80748d77444dafe6fe |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js
| MD5 | b17a6a8826832fc2e1098d0286242861 |
| SHA1 | 8ce2bb5944d61be2b628fc80ebabc769768e0b48 |
| SHA256 | 82a1cc52037ccd1ee4a73cc41b86ef4c9b45db28025d56105566bbc9f06bc41f |
| SHA512 | 688757cebb6aaf1a9948ce1dd30318ac2b7afb7a47938e6eecf1bbbc1be058ba78744c208d71a9747ae514242b09322489ad314119cf612a7e4a717907521962 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\files_icons.png
| MD5 | 80802b088528adf260a52f1563f68b85 |
| SHA1 | ef4f8b7ed9c912df3b77387702d7e773b205009a |
| SHA256 | 2e9d958387b90088b65dd5d7fcd08a7b1d78c6476ae4c66537c2aebd9aa65ebf |
| SHA512 | 75fc10147c223366eb266249f4854e0537599d0c66825c02a26d20bcd6a3257b0a2d8baafe9b376115f7cbfbbf530b523528ac86417ad316b13ec7bec9d9b500 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
| MD5 | 651bcf535ed50ffa7724c8751bec1a66 |
| SHA1 | 5758c4862740517ba28026c298d1b3a61f43716d |
| SHA256 | 359f38eef400e2fa3924a3258652e74ee19cd46cb92e47bce91f1194fce25e9e |
| SHA512 | 492b73f1622e8a1a064141a2edbac9fb29e5f604b629b063fc7251289d237e50721e1295b4f3450322fe72f01b57561a79f0ad4b3a20290cf3214ccf0204d372 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js
| MD5 | d3e4c2fefeea6e6c467df305f7a8f3af |
| SHA1 | a4468bf4d5abcb4d720b0fefb396dce5864e4717 |
| SHA256 | e9288289beec2fe3b6ac24c1311451c8d079786a09515b95cbf2eda7f87f0b22 |
| SHA512 | b81a9d38a4a6cd54c2081289192ce7aee3e34d71f834c9b94eac8cd79a5cb90a0dbd3ee0da89be68e4fb69a82903c658addc272a9d70d8f8f8f8cff5c2c18f10 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js
| MD5 | a3f07671642038caece41ff2a52d8673 |
| SHA1 | 53442624b01b79a3729a23d4f12efc8dae4b1002 |
| SHA256 | 088d391d696ec15140e7b4dbe6fe17e95296af9d09c7eeff17a0a9c241925b89 |
| SHA512 | 5d1ab4b072eec924d13d760da6aa958cc81fa58cfec3de8ff239d131d37b31cdd547eac0fa5ab34c060f0f28a2295e071a1a9573815541c5b92cf0c63f11bdb7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js
| MD5 | 74ca2c01b07af0dda4bb39ac330fc49c |
| SHA1 | 7cc7781cca7798ce0940fe9be999e85f8b5064e1 |
| SHA256 | ab9ac8d62fd064748c921e6bd4c123f5cc8910a384d1804bec33ffe27da27c4c |
| SHA512 | cd71201d364c7cfc9d317f091a9dc318d77bdc7340ec4abceee2fa23e3f58cfb1a8f45b5216f5ebb40b3738fef28eeb37717b2508aa1369316da6b7c82c510fa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js
| MD5 | df3b4d35decc08d05ef8ee0644ab7274 |
| SHA1 | 6b0381b9ee40dc8470a63218e5cc5feb579f7334 |
| SHA256 | e27e5eb93a24a2d866e30bf027e4f0c3da9fae8968cf5eb69446e7f668356164 |
| SHA512 | 257c770416a94f5b79ed837fa0f5e7926cede3ce06c1a9b819c1ca77c645f37bd366564cb028b0ba6afc5444aa5ac774c3af36cd7c108164d1000254cf85c94a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | 39e7048d412b94bb2dad145a2daa5875 |
| SHA1 | 08778bbd84d9411f2e531867dffe45fee5d60d24 |
| SHA256 | 4985216f1f370fff03c45d4a711c18b3f49165f8278e6cfc231bb38b920095a7 |
| SHA512 | 65803d69def3517f0021a291748b55cb5bb2e8437732e6cb9b99b1f778f766fbff2c484b664d16ccbedcd51c14f89e99cd5f977cf97d680eca78a9d4f8b87fb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
| MD5 | 92f1f77de0ce17e9486d53787f69618e |
| SHA1 | 41198fdd6a18321c15c3d4647962e687fc036af6 |
| SHA256 | 4ecb5e390829b5b11dd02db2f22ac1349e32a24e5bd3a8489f6fb5fb0f07eeb6 |
| SHA512 | b389c8364936fbb96a407fb1a848254fd8b7bcbde05637ac1acfb48ba0b30e887dd44b2447e1e3eb75a902241d67571584a819927cc8d0a91d325f5df79f12ce |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js
| MD5 | 72542b122d453927f3d6c59552165606 |
| SHA1 | 6e2b7f049b60f10edcdec06f357114448c0896f8 |
| SHA256 | 3b17f8b83bec3e72acd0d014f58e7de206106a7644bf3293f93c7456ced47419 |
| SHA512 | 25eade5c88cc35325978ba2e103050608fed4330a1677280eb2e0445946a3367d26796ca1233aa6d7ec4c87f04faf7706d82c72b3f3485d80c18e088813f7a1f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small.png
| MD5 | 3d55e1e012d3824e53e84d404a6e2f2e |
| SHA1 | 9983296698d4e2736faf1c529e8d27f8071d7939 |
| SHA256 | 6559f403524ea6ef9bf2e1d0bb66d1af8152920fb002ec2c4ced993083124a88 |
| SHA512 | ec75d4dea30bf7567b2f6e30ffed408815c57680a38659f6055d770c85393d8a5678d38a066ceb7fd0ff9c5ef49cf9fd73d7e8eae5a9a83360a41ca74343f576 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\dd_arrow_small2x.png
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg
| MD5 | 9b4c8a5e36d3be7e2c4b1d75ded8c8a1 |
| SHA1 | 1f884298931bc1126e693e30955855f19447d508 |
| SHA256 | ad47fd9e87159d651a53b3dfba3ef200684a9ed88c2528b62e18f3881fe203b0 |
| SHA512 | e1acc0b10c92c2895fc916fc8feead869e04315e5e6e279f8e61b344545103b4c9ff808c9ca2121d1b013879071364f677da128caeba89bf918ec2791e5ed094 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 421cd12b43e660f10da31bee36e85f4b |
| SHA1 | b568bb931d5bf4b5805d20fc339b06f9b3763c9d |
| SHA256 | ce7c16adff608d624a412164fdc692305fb461f4b14f9167e6efa78dbbad12ba |
| SHA512 | f56bf5a7a713cbf018203c24a7f9dd426a2cf018cb3ddf9e27f3a7765be3571339421fa5a2cc68f677eb4929a2a2835238a723db4de07bb0634e3f151878ac86 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js
| MD5 | 7d8302df4582de342a31d0335e979ae7 |
| SHA1 | 7a3e918e23dc8002dfbe1695f8e8fd52db995d1f |
| SHA256 | 899ad5e0b3501d7e00d2f3bd3c7729b4223839e8629c61328db0f818ba0870c9 |
| SHA512 | cbc23b3285f6d8d72221d0fc05ff59336402005e7d3f50d66249ef6076648ec2e22d33ed64f5436767c123f59d37dae45270a259153ed98b885f9c43ec9bc2aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js
| MD5 | 35d5c7b80ed270a94872c0e56a6c59c6 |
| SHA1 | bbc4ed04ea6c922213d7cc19c62c3c4cd23b7113 |
| SHA256 | 5c03e31975b96b3d151d9e034b884cab9c6fb29576d2b5653c375fc5661b6dd1 |
| SHA512 | 57ec341f6ff49f24516e117d5c0b119ba4c62dc0537cfcaa15bbba248729c06d29ca224462bb331c44ff1b3abd724df86d0b2ec473ae9f5d54e31ae2002e8bdd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js
| MD5 | 8c228e05facfe8aa2678dfa60964cd9a |
| SHA1 | ab239ba3ef2601723b723f3bb21e4646b6be17c2 |
| SHA256 | b56779fe9b8f45ac92c5a73dfe56c1d9709bda16e42b4cc4467a0ce6e78ab578 |
| SHA512 | 6d6f19318d597866aac780c0fe0dbff830214b896b8f4d8a2e44c38646d25a16be9302a1bc0da7730a1f441ec10d77fb74d567dd9fa23b6317d87fc4d8a80b6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\tr-tr\ui-strings.js
| MD5 | ac5499eafd4971635af58e297f054b16 |
| SHA1 | 371c993b00d29dc6adf097cde924d7c2708bc6e3 |
| SHA256 | 7e5f72b18e306e563f81a3452208025b62c6f2f93d1dc306fdafe6f3bf6e25a8 |
| SHA512 | 21d5c909f70a3dac4ac432251f4b41aa82f5cddbc4216461f31bd9e4660842883125ee96b7f9c1b634aa2c7458efbdb51ca63500396285c544906afddd987605 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js
| MD5 | 29dbb24810bdd7f802c1165f8bc3a714 |
| SHA1 | 9ed5ed2ea58cb6d9196e8d88fccdd8f0d522ea47 |
| SHA256 | c9fdf06266cf9e6d61f7989471abe569239a93cc2c0f65a7c596a81af8d6a67f |
| SHA512 | 3802320bcf7b20a6656460456d5b03ac4f85e4572d7530518dcf99f28162964adc211c5adcfb7ace603b6734271581cea26c9e85821b88b1915e13780a19ec24 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\ui-strings.js
| MD5 | b54b9c5d611b062aea9d8ec0d192335d |
| SHA1 | a6a96602b80181ef494a0da49dacae1c44f7c739 |
| SHA256 | d70a13e9b9e9f4026679200872160d667979bd0ae57e6527d44090e49bbc2c83 |
| SHA512 | e56e4a0dba26c3bd824bcd397d495249466a3732bbe1466f9ed1c23ec3a25d79e44e360fb5ee5a229fb24d6961ac32a2a57d0a29fe669e767bd33b956f57ebf5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js
| MD5 | 7a232b079f30771ada44ab6a1843ec14 |
| SHA1 | 72349db2853443af021d538be9417fe32369d2ab |
| SHA256 | e33edcde1654c47b3f834797623932ff5dd99a4331b255b60452d69d61ccfb4c |
| SHA512 | 431073f497196ad03ba92a8087aa6c50717ae137b05aba341cd8f7ec1705b46f2878b30455c10d7339f89ef16022ca5d054b0f96e5956ef0590121ad8e1a6638 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ui-strings.js
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ja-jp\ui-strings.js
| MD5 | cb3da70177c8dc7d4d90e6d97bf62b42 |
| SHA1 | 4ed47773b266e5f2df0685cbfd913256ffce0147 |
| SHA256 | 73db9a677a191204872f2d7833986f65b4abbc2854aae06afb051724b2538a40 |
| SHA512 | 340d7abdb7627adfcb361c339aab940c6b8c0f2814bf954feed4d08da8dea7f9ab02f1a8d053385f4961f932fa8821ce9b51180bd675c99b8148ac5becc3ee1d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js
| MD5 | edbd91ead174c60fdacb765349ea4fcf |
| SHA1 | e55660206658be80e2033a93abd8854653246eea |
| SHA256 | dfd68e26d32c27e8c7d096cd558b12da3228019525baaa2d4b32030339fb0b6a |
| SHA512 | 9c664370c6c102a0e6992f2fe711e7fe7f6ac732a8562bcc1839a0d99d828e4ab0b3dc70f33f3cba444d04161d0df13b70e72b9079c5aabc7a85543168d58854 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | ffaab524b0c94fd06a44c1b5b683e0dc |
| SHA1 | 17dcce5e4d3b9f718c902863652cb67e060e2f3e |
| SHA256 | d0a34414103960973357a239952bb0fab5f988ccda1b67ff8e6864afcd806272 |
| SHA512 | a7ecbd3e9656cb0fc1304b4b86980e97680c73b673c4284bbca08c4a3f3ade0699a7de61f0905aee9d521da4beaed61d3ec943090ecc44833118f1f5a29318ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ui-strings.js
| MD5 | 5af99e838bada8e34b660d7fcecae2bf |
| SHA1 | ead4e402f4696ede69adb3e4cd694e7d52925844 |
| SHA256 | e3f604ce27fb93d417b9e8a4a5f10f6fd17b59a76aad9754ea0cc5c56b31687a |
| SHA512 | e69f6f12a51382491b4bec6f19260df249dc6dd9a33fc590a90a055baa5f6dcc80894e2c65ecc7dd0d10040c90740dcfcd2f98dbd1f2fbd94c34941897f6ecd9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 45ad813c887294a1c5c88358f6e6fd12 |
| SHA1 | 45266d0bda31888b67b10c601d303caca8786d30 |
| SHA256 | 91ed5badd0d99f45c65c0ccdec04fc59fffb1f6d055a4d2722dccde82a6bb73b |
| SHA512 | b06ab5889fdf50735ff0c3cfcac3e526b9f32d694ac631e7c2a06eceff357f17e92540df5f84426f8e8f75726c1e7df3592f1620728b70a4b5290c9e49e377f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adc_logo.png
| MD5 | 5c4cbc56377969e41dcf39d60690feeb |
| SHA1 | a20120d0d043af4d3b6a72db517ab8a623b3febc |
| SHA256 | c0601bc1bac97e69da3ef3e2898aafe64aec5ae4f3ccbdb7649471f76da4ca0e |
| SHA512 | 4accc91aeb47949f1137ac69a0740a25c957853f59ff8d18077e64b1a3262488b71fc4bd45714075a0652328e1a49a602c7950b86edabbbd7e5abbd9000b705f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
| MD5 | a7a19c86ac01e03111c30032ba417b55 |
| SHA1 | fd7f42ef37d82cf1704b65762a8bc6b4a868234d |
| SHA256 | 494032a3293df271c7cc5d26a5753acffc5f6df811d024e9b573f2fa380f3591 |
| SHA512 | 728d4755dd7d21c5ca285906d5f043728fd089de42d2fd04beb514563224104f7672e5f5144e4ed68770b933dd1069d76b26d140eb692d83d907176330f3f6dd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
| MD5 | f2f1d5a683617b2bdb6cb0b1eae67135 |
| SHA1 | 3e0dda160b0f8b963dde8036b45aabab5d86504f |
| SHA256 | 96497e49c11ebeb0f73bc01b033b7f45cd9f8eee478176e11b1c7342efa63569 |
| SHA512 | cc9688ee19a6391296abbae9fb1422a6d72d87b7abe8552e860eeb092f8cf7e6864a7f06dae6a60784b77353c38103abd3632492f8b33b7b3d900531cdb673b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
| MD5 | 5991993dd41d6d2b062d58bb70971e0c |
| SHA1 | 1a75ce12ef1c4cb6a85225d0bf4f68d4a3edfce5 |
| SHA256 | bd66e8f62d34f70917102405af895c0b07b79c13fd2d1ea65ebfba3bd4853aeb |
| SHA512 | 75511589b1937aca668348061728734718d02065ae76446b61e3292834709e3b66f2a453717fd593a8fa1db92ad7b97af03f7d2e7f5538716582ae7d8c11e09b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
| MD5 | 6018a4862e3cc6b434d517a47858a2bf |
| SHA1 | 23769e9ae485bb2c35630db9a6ecc8a40c2207cf |
| SHA256 | fde09d85ac7ec84dc0b5f2bf1c1f935b80a3e45dd9257af499d412302602f310 |
| SHA512 | 4fae17ef027649315cbc73ea47a2fbdd8c8c05b9d818af5b41439e9e5fd81d62ce13f6ad125a2817d0bb4b24a831358803c53003628520cb9c2a8376ac8e1aa3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js
| MD5 | cf69901e6d4609009dff8be5b3045c96 |
| SHA1 | 712afbf4bdf24b6fa059f0fcd837449d75432800 |
| SHA256 | 16d0edc8b7ad7705b23a14058f366ff1c0dfa16a0ad14f741924c308754cf8d1 |
| SHA512 | 84b63e071f56e8e406fe361473dfd6eb17daec1809eed425b1b977f0135d6a78a3375c9bd1a65daf1ac7977f712b63ed735eac8ebc91e55c1a3f366e288a9ed6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Info2x.png
| MD5 | 6851879a0faea8a5f301ad66a97236a1 |
| SHA1 | a980afc22fc78cbf8fe201a25d527643293837bd |
| SHA256 | a617e7b32332d495f04bb212d67a13be53cb2af484fb4fcefba4a48d9ce16199 |
| SHA512 | 30628041f3b028172f6ff7452b36954c8fe607138f6cf30d98a60b02f3b3c6e545ce95174b7cf0ab517f4fc28efd6623dd295b0ce4e359f83f21dbd052eca7f5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg
| MD5 | 8c8fd1cfdc60f513bf20132a1d5aeea2 |
| SHA1 | 40167e542ddfd848fd138e2914dbb7f116a8f99f |
| SHA256 | f438a4e713df6a982afbe2eec993cd582edc37a876fee88e1ddabb478f2b5ee0 |
| SHA512 | e5a985404619bebfb615d4b5378942b56089b40170e4072c61eb9ddf722639941e820f039437b59cd3859944b3e06ed72ee49e879522e81fd9d49b56c8e40d35 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png
| MD5 | 5e0d423694dc87169e1124f26d755117 |
| SHA1 | 340b47ffc7ffe45c30ce927f1c839d01600f6161 |
| SHA256 | 68df674391ddb32170020e5b55b8df9ac1bb5274419dbf8748ce53efb18584cf |
| SHA512 | 17ace592b7b00dd530d923711160c39417b6c6412c3528cecb002fc065a16dc439555f61e4f6de7ac86291cd9cac5f5ea8411bec8ffe043faba887026fd2ec77 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
| MD5 | 8ab4b211dc3d2947d2466033f6d524f7 |
| SHA1 | 7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb |
| SHA256 | 5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee |
| SHA512 | 0b7e9cda1a82a15fc9492a35808bd1ea43966cf5e55d84b9831f79d64f36a66583a14f0ba95eb12098bf9df6a95eef0bec6606aba1cf56bdee0e046aa60f8d5f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\cross.png
| MD5 | f56ff7c1261e30d124fc64fd279d8eea |
| SHA1 | 76f82f1cad9f132da9facc9235095c3c65f15765 |
| SHA256 | 605d47a6802a6ba6675ce2970606011e1d53eebdd846effd6f47bd0903d7ed13 |
| SHA512 | 25a4c3e49d565455500ec5a66085cd0160e578ffbd84aa3620b72c956c8f9e1362e720b1746bf886827302684a11d48e3b9c960183d1d3c0f751044b00e78123 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\close.svg
| MD5 | 2518c2304a390e60d20b53b101fc0056 |
| SHA1 | aae24d58011859ff6986508882dd7eecaaa7f604 |
| SHA256 | 03e98670a1d9049b8e1f02c4fdd449d098465f7578ee0eebfaf3f138a78301ae |
| SHA512 | b7457acf824d68e7728088668cd8d44e06566dc71d156db7e9480b957305f2268778907a8e93e4e2d1937b3c3cbfeeb327399cd7f33a60274d91efab2ec3f534 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe.sig
| MD5 | d8d0face111912e6dcc93f665bfa10ad |
| SHA1 | e171cc8b4abd73e2e6f9e0145e8e3d46e333133b |
| SHA256 | 5efe288bf88e3a66ead387ee327d7f2ae6637fa507e14271cd1c30024279945e |
| SHA512 | 2bedc86a79225d3c23067a042a219976a670ee164222cbde077edc2bf5618181eb5e26edf86946e2797016c5a87f3534e47dc4ac76d40487354a701ef77aa51a |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\LICENSE
| MD5 | 402535c9f22ff836ea91dd12e8b8847b |
| SHA1 | 707efc314ec536abed535cdb1b2414aba4713577 |
| SHA256 | efbb03b7a7f6fd3c29391d4d0281e1830a85caadd831c3f04716faca4107a42e |
| SHA512 | 6c0e9557cf0fadf4db740e203df3d499f7247a472d9132b7e474420b142ae83e6cab592f93aa096d51c04f732098fa7355622e955b459f1c6d87bae8abc73264 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Staging
| MD5 | 27418f9aeb0fae483bcf13272efe6310 |
| SHA1 | 9a28ce8233f1be05276f787e06f872f7dd49f8ed |
| SHA256 | e3c2af35d1dfc500e16f826a071cc311bf55003a3de77de7ea3376c6b6fa2857 |
| SHA512 | 35386ad7cb2b39b8d9dc94599e08bd68cc60e3a192090b511f1a2c99b3824b7f74949ed57494ea0e4ba32d25b2c6bdc30117687a5352ec96ca41b1a927ffa7f4 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.strings.psd1
| MD5 | 9cb17fa9b59645c7f574893b4565d2ab |
| SHA1 | 274e027aa39e24845fd11fcbf265523de44e69e9 |
| SHA256 | e2e70c766bc6c37a41a221b53a0e62ef616c8fbcf7a244c4863f6a74c06b8e64 |
| SHA512 | d28e543a9355274fecea9be5b1120fefea5e4652835e477cc9886527c0a67556582368618ef1ad98fc95a406541cb7541dc30451033a77b8c0f2011874b1a774 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\MSFT_PackageManagementSource.schema.mfl
| MD5 | 125863dbbbb069fd535aaf5f8b17bfbe |
| SHA1 | ba601b96a414c6e3dddc42e6a0608ecf099e6310 |
| SHA256 | 424c38504d88d0f7b3691471d18b1a21141b9e31b1cee5dad278963613252480 |
| SHA512 | 18e068cfb976f972322e12fe755aa37a3f44fe79e2da094042f22f1a3b0a6328033e05a625f4faa2a373c654751ed1094f9c04d9411e86888448e367ded915d6 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\MSFT_PackageManagementSource.schema.mfl
| MD5 | 1fb20e4a02ba1ad84aca9d99fb1921cc |
| SHA1 | 169ea6ad71a5c4f4d8312668259ffb793e6cac0d |
| SHA256 | 1c55f2acd075736d1fccd0e7bca9292072d933e2811b8e042c172e9e7f112f39 |
| SHA512 | 3516ca18f6f5b64fdb2de80c950d114b2c5d979c24764cad4328411eca14c47c4758816bce45c3a691adaef50fdeeef64ca51a7ce603aa5ac11bd308a9166621 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\MSFT_PackageManagementSource.schema.mfl
| MD5 | a87075b4c8c1f40fdebb7b489397e52f |
| SHA1 | 4c40a9a27e643766e31e9e4376afbc3935a0c5b4 |
| SHA256 | 50e54aab30bf9dd428b5bb49c12736ef5cfa318a66930fc837b29067f332fdbb |
| SHA512 | 5a340842cb142b9899ea6934157cece9e71723eeeb9f444cf0a76c8a5560de56e265b860c71ad239ed8fe65d691458d9f5d7a1d380b8beb2c092b1d33008377f |
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\8F275DA2-5DF1-44E3-B319-427E26356EC8\en-us.16\s641033.hash
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-d5a8f02229be41efb047bd8f883ba799-59258264-451c-4459-8c09-75d7d721219a-7112.json
| MD5 | 709c6a80af0276b170c521117ede47c6 |
| SHA1 | 8e6d9001ca20e76482e1ab88d54d47c65c8c7836 |
| SHA256 | d8129de4286dc4fd245c7776b51d76aaa727956e8fc88ff928eb69ff7fc17e0b |
| SHA512 | bef13fa741340cb7c1174406f76f9c65445c76ec091e47daa8537b5f769ad2231347c61144ce8f6e4cb16fd5cd27bb169930c3f8c3b5b9e24e6609491fbbd4e3 |
C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vsch
| MD5 | faee174ece449bca53aea3129d925069 |
| SHA1 | b856abf03c3dd98afecd55186536ceaf03b9c7ab |
| SHA256 | f23391587f1c9fc48eabd1e95f4caf16f585ef09941b7bc24f023d228e81ccd5 |
| SHA512 | 1c5c8d28e1b0088005604e2d0325a521449955f05f8544da497c875377e9dc73e4550f04dbb8a2d370af70036522b43fcec2b78b5cd01875a384a40eaad519fd |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml
| MD5 | 703493f4417c30ed1e1856d3628945a4 |
| SHA1 | c8da0fdf2d0580a739f0d11a4322131581b67f77 |
| SHA256 | 7c23b4ec3b42f260dfffadaf7d59a0efcc8f6547149b45907b1fc5242a4e6c2e |
| SHA512 | 2876029ed71708e31bce2871dc62820c6684a16be26802560341a07dac9394095d7b672ccdfb65bcae8177539c4f20cf4e8b8b8e892fd117f21cebd3632275a4 |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml
| MD5 | af98b62b3f9d6e70c082f05969c0d2b3 |
| SHA1 | 2a78fe6ace36668a1505ce949dd5415cf172590b |
| SHA256 | 77544451f210250b90637e7ecfebfc0ce00398ef964a2d46f1b92adf4d6f97a2 |
| SHA512 | 6a8d54bbaa9d6f04de832a60fed8f471eaf38bce9f95942d2fa84dba035739b65cc4fbe58904a7d2220af89d735b96be1bb6aa43aedecb83afba6c4d3be20850 |
C:\ProgramData\Microsoft\Windows\OneSettings\ASAP_CloudPolicy.json
| MD5 | cb891f4fa69ad0dfc64df8855dac21a9 |
| SHA1 | b0b072a8905da992cd9b61b85e340ab538f09350 |
| SHA256 | 117ca486353accbb966ef4e10ff865f8ef1ad4fc30863009c5a71515afaf5426 |
| SHA512 | eaf2e2852126257453c99b4afbb5d14e91dff47110f6553a03869280a71b1ec7049814ead710d2f99667e7c24231e45dd13fd52ebfac99ee444fe02ee883654f |
C:\ProgramData\Microsoft\Windows\OneSettings\SCCInstallService.json
| MD5 | c3e1e839b9c0260095e628839a879503 |
| SHA1 | 13b64e448c355404b054f069cff626d3592b45ed |
| SHA256 | 09e7685da39962d29ccd545f78601cf4a6d016216eb0b60f3d6dda0e25ac1f8d |
| SHA512 | cd2caeaf2c24b0569d9b648674eb2ae3015624ae32894ba88eb0fa51d11d30860afc888e4330336ec6961211ca8ca233ba8f553477a091cc33c3e0333ce4ce62 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk
| MD5 | 535ee7f4b7959a29e1d1be5a67e00334 |
| SHA1 | c8b3bcb1c1fbf79c59a847510d884da10dc62f19 |
| SHA256 | 46dcb7a9e7bde1f57e5ed2eef9257d2d0ad622c1b3da32700f6d9e2ec4a0e287 |
| SHA512 | b0f9d39cb8200c35c564053454dc9fc67e68140861255f77dbe63679375ff3f892426109e95633fcf6e285b9547d890d1281d8ae4ef97cfb78433608961934b4 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
| MD5 | 8776c367699ad807af292f1f5d085d4c |
| SHA1 | 9209e352bf9d3999f94881a75d6f7d39bc6d7f77 |
| SHA256 | 18b602cdbb7656129a359046fc68faf1b990da88c6c3b3e6b20c1df399cc0645 |
| SHA512 | 83a17d98d175a122fe98cf89c476826769d8fae0d74dc93c8fe48d12089e26bfd501a586db3783a03e1bfe07864ebec2a6b5a48415554c61cd565131ed40a9e1 |
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag
| MD5 | a9d5728f9b0e997753288b3a140c5335 |
| SHA1 | a44e9168f2e351f3ad4ee2f7c0e0037d64f65066 |
| SHA256 | 84ba348aafb41879cfa434256c8657baff00a9bf41d5ebe041b0ef87e7419f28 |
| SHA512 | 13380300950d351ffb3256e3b65f6dcfda8c52dcedf6627e10ef231925e45b178d173e7a24406bdef42949f9919326e7abf8a9101e2fee0127c578a46a1df294 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | c2f301357fc67b74855008b231de8fdc |
| SHA1 | 61f2933dc2170820ce11ceac69fa40745dc95325 |
| SHA256 | cdf16f72c5d07b36484056e601ed9687f78477e5d85cee85a34f2406b7fb5906 |
| SHA512 | 00494504627fa10ffeccab7549d11c7b570d580dd0b21a680ddcebf7e1f98a486b907ffa55eb0f5da5f8fd007c7363b184793771798709112229b3999326b0d4 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 323821054750939d32c26fec3a5ab7a5 |
| SHA1 | 02c1a40ab20833bcaa50670d8ac1f0df7e051cf6 |
| SHA256 | 0b104dfa306965639069d83c2a39f7dbbe28d9fc93421fd4df618e1bae471d67 |
| SHA512 | 79210e406b0eb2e582d35d746895be8400231e84af4025c039d963fc48da6bc5caabe7fcc22e71ce8ef375fa2db4a6da8dbf488ec2d14ef8448d263c44ea99af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\dasherSettingSchema.json
| MD5 | 310614b10980392ebdb5a5a8b90b527c |
| SHA1 | 8c8fb36e7c2a1574cde7fdea30e8e5f14fad7691 |
| SHA256 | 445c811c35e2fbd4aa59389ec805492c7b2db50d65f5d161417ce8302b103fbe |
| SHA512 | 416650adf9a61cbbb6eff7af635264e5bdde903477465cce05b63773927b8afb35e75fb68497882bce7778f524b9c7f3f2befcfe3840e99bff90ccd305bac66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.58.4_0\_locales\hr\messages.json
| MD5 | 798b4a7c5a9f20d24f36ba8daf7b8f70 |
| SHA1 | 0f007b82783ddea5da7374c96925b77a7fe9f57f |
| SHA256 | e5cbc8e3a6e843009fc9a9de7a83df9d05532e08d48da06c66f907f58d0c745e |
| SHA512 | e3faa4376d03dad6cd714dee6349733abe29d0c2118456f80bcc4c758015b12a06b4ec6532a6e98d512f5c6dec7a7ade5c1d2a418db0f739ed17f18c0cd6b54b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 7d3165882b27dc69918cc2de97baab96 |
| SHA1 | 4970307efcbff0c15053a742d6db65c4528d4308 |
| SHA256 | 5cdcd733b8b630509bac08589db291ddbde33d79f64664cb9582e66589555257 |
| SHA512 | 2be106c204c36cdd721247bf95eff0f8137b67b3509598719fff28a54dab7cee596796bd356e0a31492cd3bf4ed87b5b555ec82da8a11c0f967a4c15766de28e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | fd4b38e94292e00251b9f39c47ee5710 |
| SHA1 | b80de5d138758541c5f05265ad144ab9fa86d1db |
| SHA256 | 2c34ce1df23b838c5abf2a7f6437cca3d3067ed509ff25f11df6b11b582b51eb |
| SHA512 | 1080f871e39cc839e5bcc9f852f9a8f3ddc03cf7e72e9fd1d6e4a71d7e74936f58adc646c9a9dc382fde85c5d281c2a44a459caf6afa58272d7fa006152e4cb1 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.scale-100.png
| MD5 | c3664b673d90c603447db7c2d2bbc5e7 |
| SHA1 | 69e8c467e518475d2447487333ae89cdfdafc1b2 |
| SHA256 | 0a4b86a00511e2b7138123513bc31d174e1aeeb9508889ab6cb67b4de9bdd721 |
| SHA512 | 8b288ac8acb7de7a7c7180fee04b05a1fd46c7fe19b575a7dffa46a82d2af1eea9f949325a358699fe1bb169d853792687b56570b08f9f2f7b5462430f94d111 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin
| MD5 | 1595ed4372d33dbecabbfd411c6c8f46 |
| SHA1 | 8b8ba962b765110f762f873edbc3193adef48b33 |
| SHA256 | 8f6abb9e202dd8027ac9abbd475a24e62659a0b2683613f219c21d1238816ed7 |
| SHA512 | e0017291c0d0685ede7a6492c2683a90b37482d21037840ab3e2cef4ed381bbffa8c31ef3c8d06db0a800eff69ba4505012886f88a911997657b3f26284142f1 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000093.bin
| MD5 | 97d6d52a254a9cbd2bad939ce1926af8 |
| SHA1 | 15a64b0f07658da802cb0bdd43c9c6f2df2f0af9 |
| SHA256 | bbfa41253ad301a1cd9c7f6321bff365068178f26cd84e8afb127fb4001bc4be |
| SHA512 | 98e76665962acd459228cb9635d95bb37c6e538eca7ae50107c665c93be334b907178f87749b3a4f33db34152b9d9035163fe2429306eb3ac45ee539e242c3da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini
| MD5 | 897208d5df122e307ab837d982b2c085 |
| SHA1 | cf4ca14a7adcbc197cd84c1997efdd076911d608 |
| SHA256 | eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4 |
| SHA512 | b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
| MD5 | 61d2c715839bcfa06ce4d23dd84e7457 |
| SHA1 | cdb61e6100ac4882ba4863875f63e38b8b804ddc |
| SHA256 | 1f9ec15f6ff239e14a3a243a98f19ae7db16d425a63b2da0908cc0ffcb1258e7 |
| SHA512 | cb6577068e0b746a0ff0148238fd5be9e02e4ff6218fc21d78194a06ebd3f54aa12a1a9b80a4cc9a9f66f72f49eb875eb367b344f674807af11373770f75d952 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1427f698-77ad-42ca-acc5-6515b32fa1c8.up_meta_secure
| MD5 | 67f022b63ce6ae0602b1c26761f4f7ee |
| SHA1 | 4d450bf47b85f9c376c7727e49fe55afd509b2b7 |
| SHA256 | e8195f8e18c1f0602bab8831ed7a652b2e58628df6b28024d379ab83579a4516 |
| SHA512 | a7e5c69720663cbd4b90515e94e7d99e0019efdb526962c60002b42cf10519fc08f15b9aba74afa7b4d6eb07c281389ff4a1cb98668431ac00302b21f711b9bd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\9d776189-39b5-4ca0-803a-b59e1b97f2f9.7abc1dd4-db69-4d5f-a7f7-6e504fafe61f.down_meta
| MD5 | 055e7659ae2d231213949fe77250e07c |
| SHA1 | 2eb7f29347f7336674d073b576a3b818b49de042 |
| SHA256 | f7ec4d08c90f5b50f1f30152df1641a2e411b8714623dee9004a813246261d0f |
| SHA512 | a62435120697a370d4e3a80d80a624e2f8e598925de7bf5d979fc8ddb81886f22c401ebac9076909714ab9025ad11596bbf5fb81055aea7bf8fa7453679e0b16 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\b929c021-ab9c-48d4-b879-5084f215a062.e7ad4cc2-b128-4fe1-a0d1-00dafddbbd68.down_meta
| MD5 | 4d2afbd7bbf71d011625057cd614c86c |
| SHA1 | 6610ee85bc2135308e08d5eda53128bf7f84a356 |
| SHA256 | 158506ded8f8a91e1b78badcb3818b69740f6bef0e8d2e324be70d15e3c691b6 |
| SHA512 | eaebff4aa99e4f21671031a6b0308dfb1c4eec121b35a15a671f1e4be5a536c47a21a8dd261ed35da54cf461f08c2351abb8a27e261040a07ab0996ab748184a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
| MD5 | 80be6efdf5a776659777bf07d4aff891 |
| SHA1 | 1f98e7ba8de8c6b39f4b202739ca71fa2629fd6d |
| SHA256 | 9ebc694d4895efc802ea27714a71986f293edf4b63e9918c27d65871b06f43a9 |
| SHA512 | 03a5434f25209a74a0abc6045c66a45e098d487227cab71004363c8c823840b49596857e8f757f42b8953f9bc2066209b1e8f52104d1837705828cb2676119cc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{6ec4c8da-1c2b-4b7d-bc1a-606357866e4d}\0.2.filtertrie.intermediate.txt
| MD5 | ca9c491ac66b2c62500882e93f3719a8 |
| SHA1 | a10909c2cdcaf5adb7e6b092a4faba558b62bd96 |
| SHA256 | 8855508aade16ec573d21e6a485dfd0a7624085c1a14b5ecdd6485de0c6839a4 |
| SHA512 | 65faa9d920e0e9cff43fc3f30ab02ba2e8cf6f4643b58f7c1e64583fbec8a268e677b0ec4d54406e748becb53fda210f5d4f39cf2a5014b1ca496b0805182649 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749
| MD5 | aba916524277db53210ede106ba4f0f4 |
| SHA1 | a1e373efa2f5820871e207361b899f5cb1a4c76c |
| SHA256 | a365b37a503f29488c93f2656419e7d591002904360f6bdeb2ef2067fff23741 |
| SHA512 | 06741f2b929c8b8df2769b42c2f12385739db4e0457215990e46bc86d4630738245b06fcdb001dd32fda4192e3fb2247bb7f70dc184abc05865d6c45969dcfb5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini
| MD5 | fc91658bb81ea407fd37a59d65f0d86e |
| SHA1 | 6cb269ab1a592dfd2039dc8c50c00b86af94d3e6 |
| SHA256 | 4bafbcbc4cbbda94d0a315a09176de0ce6872cf1d85113539a7b04ff2360efa1 |
| SHA512 | c5b8832097ab5e74a0c31cc243c98c6a2b9734da4eb6e25cfc28070529ff4b6d77de1e97388f188f00148cd8db32f3ea62dc86aa841d47e25da8d8dd2267061e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\shield-preference-experiments.json
| MD5 | ff035bff2dcf972ee7dfd023455997ef |
| SHA1 | a770e927c71c77a0a9ba32e12cd7eae07148f0e7 |
| SHA256 | 60daa3a5f7dbfa200f8c82840ecf5b42640b70f3b7218a4c6bbd67db542e75a4 |
| SHA512 | b6814eb4bf32768b13c7a5dc04f7efb18d5fbb48f561505511567f7ef183a03b776a097aff26f098703766e1c97940c087e3e0a4f6e2ad60646ec9d3218c6aed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
| MD5 | b4ee9176e075b2b97e1963a7143428ca |
| SHA1 | bcc1167965772cd8dc088ec6872bbc5d11e37659 |
| SHA256 | 2ebfa13695595b3856650d89fd17fc815b933796f3ffa6c55f712fde489fb500 |
| SHA512 | c722cd8adee2a5fb48f2b5ffc101fca75aa65b51089ac8c90b31016600ae6a93c585bed5798d5f0b89e7872b25efde3e3599cd692aea4d6911778439896166d7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 85bfed08882c96f0bc6db6c5432e3daf |
| SHA1 | e627353318fef798861c0d426768194cad8c7449 |
| SHA256 | 1a1a8d51c9826cabc42425fad7cf87ddc930db364c40ef949b4c804021067db5 |
| SHA512 | cdcab73777536b35fe12f316526d4aea7752666f7fa36abe7b7e200a0a18ca41e4ba07ea3021bc25036dfaa946e16ea6a8c86d8bb8b69eac60cfce1f09a4a215 |
C:\Users\Admin\Documents\desktop.ini
| MD5 | 28bd444caa20e5092d21f0b7b4b032f7 |
| SHA1 | 1e48b6032154b884bb7016b0abc5129f7aa7761d |
| SHA256 | 645c0f377debd8df3a455c47dd552bac806a6092e929b5580ff8ce25fcdd8e09 |
| SHA512 | d625ef09ec3940f367b993f11bfeb49f12ed68c85dd8c9959690b6aae277091858398b64dcab69d9f67dc87142224cac0f0fd6a002ae72c1eb1b80e0e1bd6070 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
| MD5 | 7a4228aa2003a72a296e741bfa8246f7 |
| SHA1 | e94ca8cb43d671cdc3ed759980bfbaf73cf4c6f8 |
| SHA256 | 462fa5c6568794276673c9159500918afddf8f170e580fd1f3d483c48934b050 |
| SHA512 | ed66dc35762f661f760eaf0feb82e22c823f11e552c9f938748a8b158ecf0828f40d48afc4d5cc07122f41a13e7b322950b9f156808b125bc7a1ae19e066d304 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
| MD5 | 6e36ba0fe61f7c6334305d61299c04cf |
| SHA1 | 646aaf623a9b65f3054571ba8680342cf02b6225 |
| SHA256 | 367467f43d580c3c07040a78c7890ae4262dad4778878f9a49d5f652c81689a5 |
| SHA512 | ee5d694d66bb3ee0d55129c96c83116e7af28b6838854d110cafe9dcb530fc05ef8b97469d7fe0c864481298fba5008c97eb2b503e90b58b1e33f8856cb132d2 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
| MD5 | 45de417378735f7d0d1d3c3148dc6d00 |
| SHA1 | 3295b1605ccb0910148b618c52b4d0c17fbf0a9f |
| SHA256 | 43782c4d9b63da7cfe64f6a9a06a6cf8007d2a793b8a5f94c9b962bb5cb25b0d |
| SHA512 | 23ee803d8a1619d5d5a3dcbdea08175b3a6dca7a29a9d37f37342bad73ad4ee383b68ebd237099cab565699150f90cfd9014aa35e2fa09a6cabc0fa6fcae9c04 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
| MD5 | 35705a33e80294bdc078f5582784f4fa |
| SHA1 | 3b8d2bc3650098d604e3363fdc41e9bfc2f4609e |
| SHA256 | d0e438519a8e2075e13430b66debeb7204e5e8ab41fb24eaab20db0bdb66d835 |
| SHA512 | e560c350940f15a8d5c5187ed833190cdef9e4862e8f06dde9b0204ad1a0decb9adaadd27c4b7015ea5e7fabe7d7a63538ba72def9997e56300cc8ddc4249061 |
C:\Users\Public\Documents\desktop.ini
| MD5 | b252d37ad6eb57bc4c866bc135cce6d9 |
| SHA1 | 1083dd42d0613fdf3ec930899d9e7129d448f7b5 |
| SHA256 | 6c3aa53f65399f08045d870f42d5ca08276b6938eee0e6a8cd61a473f8b78178 |
| SHA512 | 32b803cffc5b844e20e57a2372e797ba913578f5f8104b9c4083245647e4f65009695d0ec2397973132c570600ec39ff6a2275c9952533bdaba183ee620c712d |
C:\info.hta
| MD5 | 4707ca0174dd95bd926ec44b989c4df3 |
| SHA1 | 3637f31f93b2a3687b72a6b98c1ee2bf9be9678e |
| SHA256 | efcbd271a4cf5268d2b754620572d307b00f643810ae4933fca3b0e981a65ff4 |
| SHA512 | 81b5599af1078a270969dc4abf702ead5920ae1d30e6f87135f5e53acdc618c1904a946c2e98d2d769394d3304cea65a931fd7aea67bc6233f79244e4e8076b4 |
C:\users\public\desktop\info.hta
| MD5 | 4707ca0174dd95bd926ec44b989c4df3 |
| SHA1 | 3637f31f93b2a3687b72a6b98c1ee2bf9be9678e |
| SHA256 | efcbd271a4cf5268d2b754620572d307b00f643810ae4933fca3b0e981a65ff4 |
| SHA512 | 81b5599af1078a270969dc4abf702ead5920ae1d30e6f87135f5e53acdc618c1904a946c2e98d2d769394d3304cea65a931fd7aea67bc6233f79244e4e8076b4 |
C:\info.hta
| MD5 | 4707ca0174dd95bd926ec44b989c4df3 |
| SHA1 | 3637f31f93b2a3687b72a6b98c1ee2bf9be9678e |
| SHA256 | efcbd271a4cf5268d2b754620572d307b00f643810ae4933fca3b0e981a65ff4 |
| SHA512 | 81b5599af1078a270969dc4abf702ead5920ae1d30e6f87135f5e53acdc618c1904a946c2e98d2d769394d3304cea65a931fd7aea67bc6233f79244e4e8076b4 |
C:\Users\Admin\Desktop\info.hta
| MD5 | 4707ca0174dd95bd926ec44b989c4df3 |
| SHA1 | 3637f31f93b2a3687b72a6b98c1ee2bf9be9678e |
| SHA256 | efcbd271a4cf5268d2b754620572d307b00f643810ae4933fca3b0e981a65ff4 |
| SHA512 | 81b5599af1078a270969dc4abf702ead5920ae1d30e6f87135f5e53acdc618c1904a946c2e98d2d769394d3304cea65a931fd7aea67bc6233f79244e4e8076b4 |