Analysis Overview
SHA256
a99cde4467e750e6d5f95b8395f18f5fdc308cff2b120563cb822aec488891d8
Threat Level: Known bad
The file shao.exe was found to be: Known bad.
Malicious Activity Summary
Phobos
Renames multiple (63) files with added filename extension
Modifies boot configuration data using bcdedit
Deletes shadow copies
Deletes backup catalog
Modifies Windows Firewall
Drops startup file
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Interacts with shadow copies
Uses Task Scheduler COM API
Suspicious behavior: AddClipboardFormatListener
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-07-08 18:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-08 18:19
Reported
2023-07-08 18:22
Platform
win7-20230703-en
Max time kernel
50s
Max time network
156s
Command Line
Signatures
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (63) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\shao.exe | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shao = "C:\\Users\\Admin\\AppData\\Local\\shao.exe" | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2859459355-424593036-1984306042-1000\Software\Microsoft\Windows\CurrentVersion\Run\shao = "C:\\Users\\Admin\\AppData\\Local\\shao.exe" | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$Recycle.Bin\S-1-5-21-2859459355-424593036-1984306042-1000\desktop.ini | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\si.txt.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-2.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\CompressBackup.vb | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\fur.txt.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\msadomd.dll | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.id[348544CB-2803].[[email protected]].eight | C:\Users\Admin\AppData\Local\Temp\shao.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\shao.exe
"C:\Users\Admin\AppData\Local\Temp\shao.exe"
C:\Users\Admin\AppData\Local\Temp\shao.exe
"C:\Users\Admin\AppData\Local\Temp\shao.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\ExportUse.pptm"
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\ExportUse.pptm"
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\ExportUse.pptm"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef65c9758,0x7fef65c9768,0x7fef65c9778
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1308 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3692 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3936 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4056 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4204 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4424 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4528 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4272 --field-trial-handle=1236,i,15019814980462502526,4374254129397191389,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| NL | 172.217.168.238:443 | drive.google.com | tcp |
| NL | 172.217.168.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| NL | 142.250.179.170:443 | content-autofill.googleapis.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | accounts.youtube.com | udp |
| NL | 142.250.179.206:443 | accounts.youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | signaler-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.238:443 | drive.google.com | udp |
| NL | 142.250.179.206:443 | accounts.youtube.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| DE | 172.217.23.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | lh3.google.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| NL | 142.250.179.174:443 | lh3.google.com | tcp |
| US | 8.8.8.8:53 | drive-thirdparty.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | drive-thirdparty.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients6.google.com | udp |
| NL | 142.251.36.46:443 | clients6.google.com | tcp |
| NL | 142.251.36.46:443 | clients6.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | udp |
| NL | 142.251.36.46:443 | clients6.google.com | udp |
| US | 8.8.8.8:53 | people-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | aa.google.com | udp |
| NL | 142.250.179.138:443 | people-pa.clients6.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | addons-pa.clients6.google.com | udp |
| DE | 172.217.23.202:443 | addons-pa.clients6.google.com | tcp |
| DE | 172.217.23.202:443 | addons-pa.clients6.google.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| US | 8.8.8.8:53 | contacts.google.com | udp |
| DE | 172.217.23.206:443 | contacts.google.com | tcp |
| US | 8.8.8.8:53 | signaler-pa.clients6.google.com | udp |
| NL | 142.250.179.202:443 | signaler-pa.clients6.google.com | tcp |
| NL | 142.250.179.174:443 | docs.google.com | udp |
| NL | 142.250.179.202:443 | signaler-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
Files
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\OWOW64WW.cab.id[348544CB-2803].[[email protected]].eight
| MD5 | f262e8cefaf0c3a86b9dbbdf939a6b47 |
| SHA1 | fb7cd276ab13d4fc9c25c50731e357abf58465e6 |
| SHA256 | 065ef2bf60bc3417e5b1167bc04ceaa873115e0a908a1605da19e5e6390b454e |
| SHA512 | 2a82753361d2489317a7c9594f85cc81d0da57a33822f471285bbf743d0407eb5a984ee420647860c1918ccbc87735215583f1c611386fab80c3302066cca376 |
memory/2868-237-0x000000005FFF0000-0x0000000060000000-memory.dmp
\??\pipe\crashpad_2760_WAYLYZJGFXMAGQSU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos
| MD5 | db10fd32bfe67918ed177579d4be9d76 |
| SHA1 | 44ecf4c5a6fbbd1ace84d0efe91f13d6ba6bb738 |
| SHA256 | c936ab1da7ef4314182c8edabaeae90f8d51ed45bc48848d35670adf5b470d31 |
| SHA512 | bb574ef876e7529d4f3c4c52cc54aa1814f2c02030b83a5bd7223d4b31c992668c00e4a7e68d4f1caaa6493db4ac84eb649fe59e98feceb9828119cac1e74b05 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao
| MD5 | 2b62a30906a2b8bf3b68abd2ef9d105b |
| SHA1 | 9898d25a214dba04ebd7e3030ac9e2e90ea7a369 |
| SHA256 | 075561eff2cd3ad586776fa904f0040282c5f6a261f6a8fd6a0a524d14cd2d2c |
| SHA512 | 6db5955477a9bb5386c1af03df526496f9e64533e6c3071c8e5c44062541e91e9bb39096da947a91bdfa5e7de53c1e047dcf427c1dfde94554d7458f8f0862ea |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil
| MD5 | 1ef5e829303a139ce967440e0cdca10c |
| SHA1 | f0fa45906bd0f4c3668fcd0d8f68d4b298b30e5b |
| SHA256 | 98ce42deef51d40269d542f5314bef2c7468d401ad5d85168bfab4c0108f75f7 |
| SHA512 | 19dc6ae12de08b21b36c1ec7f353ce9e7cef73fa4d1354c436234167f0847bc9e2b85e2f36208f773ef324e2d79e6af1beca4470e44b8672b47d077efe33a1f8 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana
| MD5 | 71c7e24524aea1022361143d0a876c84 |
| SHA1 | b141efff466f27664599dd2aa91f0b7c50736f1d |
| SHA256 | 07a692cc9bc920ef8caed75ba9af60ad2d6b144c83bfde3b91a77b5bcce277a3 |
| SHA512 | 4cd51849de464e0139ce77de3003af1ab1b6c639862fb7d5e8362f33ef0a9828f8af9ebd6d4b4ce9dc5a67084bc5c1106fd3b3327fc428e25c75b780e98d37ff |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk
| MD5 | 985f599bb4b81c01d5b5d16ad241d5ed |
| SHA1 | a90b24a33383273378fc6429b95fdf62c4c2e5d5 |
| SHA256 | 36bce57f9ab26334f370d700cd0a853618cf2051afbe561ba09b0aae5dc371a4 |
| SHA512 | fd8f3414083a7b4c75e9a5dc043f38db062971dcac022194c274d5f5816867961736dbf0e17b7da19ca9c835f2e11864e0f305895e8c76eee3d0c5ecdf3e0239 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide
| MD5 | 0a876dfacfdabc170818581a2e6e6d54 |
| SHA1 | 376fd52e52867f959cb2076fbbc4d214778a7fc0 |
| SHA256 | e28b98a94e0077340a3aece749f2d400c3f06890cec9447f4c2567bd1e7a5839 |
| SHA512 | 766fb737e92fbd233563887cf8335c9aa4e96d3a970c28b7ddebbd21ca764dc85ee4ebd805538f697ad8b2d59ed0c53bd46d9fb7077d54c136f9c22bedae9cba |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10
| MD5 | 65435a5d117aa6b052a5f737d9946a7b |
| SHA1 | b8b17ad613463c3c9a1fe928819fb30cb853e6b1 |
| SHA256 | ea49aa9f6f6cf2d53d454e628ba5a339cc000230c4651655d0237711d747f50b |
| SHA512 | 4f85061ef6c66bf0e030af017af8c7154ed3f7953594ae2cf6f663e8b95ba978a54c171b01f212880e2711c2fd745a12b959ed27e7f6b1847273f70a4010ccde |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville
| MD5 | eeb20c9bc165677800b6dc7621a50cc9 |
| SHA1 | def5026103297fa44a2185104f2ee400cb93329c |
| SHA256 | 6a3a9301bb8dd782bb5c170bedfa73e9e7c60235e6e1840f14bd14b812127ef2 |
| SHA512 | d4e72f43c75de83deb0526233423726503354d7112618b44c94e695d159a02b6da4823a2c9a2be8cf71d2c7e42108d0db7edbb54a640579f853e6d110e7599ed |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury
| MD5 | 335a7c8e767a2dd0ecf3460eaabb0bbd |
| SHA1 | 111ffd83edcb095d251067456a3a60b754b4c717 |
| SHA256 | a0bf83b3948dce6afe987c170a5cd711a3d65fcd5c70e3b7bbfeeb1578544609 |
| SHA512 | bf0772423bdc11a4029439acef8922c6c541519ce98bce97681d1a1da32bbf3a73f506138d494d9cc860b6afb3584094565db7683f6b2a2cb30e3e94430d1933 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT
| MD5 | b8d5d64c3ef0b30644898a80682f5121 |
| SHA1 | bbc7b3902250307a2cdbb314abe98e34795032be |
| SHA256 | 2f329134686a44ee0362fd0c8b5d071e38bade32a5389e31282f64f565e76759 |
| SHA512 | f1f90923769648e585f3f38724d203e4bf6a10cab7c6708f7791a83dd6348b3b9948eaf481baa7bef31ff63d75b6fe1ec00cb888dc1acc8b65b90d96bff39638 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | ab9d8ef2ffa9145d6c325cefa41d5d4e |
| SHA1 | 0f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab |
| SHA256 | 65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785 |
| SHA512 | 904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
| MD5 | b85026155b964b6f3a883c9a8b62dfe3 |
| SHA1 | 5c38290813cd155c68773c19b0dd5371b7b1c337 |
| SHA256 | 57ffc9ca3beb6ee6226c28248ab9c77b2076ef6acffba839cec21fac28a8fd1f |
| SHA512 | c6953aea1f31da67d3ac33171617e01252672932a6e6eae0382e68fa9048b0e78871b68467945c6b940f1ea6e815231e0c95fbe97090b53bf2181681ecf6c2dd |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png
| MD5 | a2bb242dc046bacdc58e7fbbe03cce85 |
| SHA1 | 052ab788f1646b958e0ea2c0ef47d00141fc1004 |
| SHA256 | 486a8212c0d6860840d883981ca52daaad3bf3b2ab5be56cdc47ed9b42daba22 |
| SHA512 | d9bb4c0658f79fbcf22697c24bc32f4ef27ddf934e8f41cf73a2990d18cdb38379f6b61e50edef8ebdf5a2f59a0f8fa40e000b24f1c55a06cfa161db658326ad |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml
| MD5 | 118db038cff249fc1b96f7a8f2b27620 |
| SHA1 | 6f804438c7a4af3c57191138510a644d24bde92b |
| SHA256 | 8d43407158818d7f3e03cc0a6ae6d789e9e393467ba847a998214eb4e292b989 |
| SHA512 | 4ee3a5d2c49d50ecd97193828389d3339661f90d8b8d41bea5fc4ffedb26578c738016fc772217f3f5049adadcf744273f6b9f60ba379a8e39fc60188be5dde5 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml
| MD5 | ceb1e6764a28b208d51a7801052118d7 |
| SHA1 | 2719eea8bde44ff35dd7b274df167c103483b895 |
| SHA256 | 99d48b66d590c07b14f4cd68adac79e92616afcf00503a846b6bf4599bfeabc0 |
| SHA512 | f4a2df6229bca6c6ef9ef9f432847683238715eddcb1f89c291da5f5900c9a3461204d8495c3450c8bae1c1a661424089554d316468ba1b039a2c50d6e69bf29 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml
| MD5 | 2c16868331f82ff43059dcb0ea178af3 |
| SHA1 | 983589535e05c495ffeae4b0b31ddcfafe92a763 |
| SHA256 | be9ceb4464b22203feffd3700c5570b7d6d44c5d0d357148e1e6d5be5e694376 |
| SHA512 | 184653d3e40df84cd0052e5d9477201f276ce0e8cbb5e4b7bfac86fc7da325eef476982910be24c20725a6db6617fffd88998d6053c1b694718bc7ab0bde9ea1 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml
| MD5 | f7c78514872f9cb5585f8d69532cd2d0 |
| SHA1 | ff9dfbb62a3b48c85b6434ee831fb33a8dba9526 |
| SHA256 | 5f7bcd85900e62abb00ce739eaad53d80170a4a6152d951b6825110d2fc17965 |
| SHA512 | 50ee6ae916ea0e806b73c2e5bb727f6ee4837a696c5bd8559ede78148b40a5d5cdd135e28c8b5153a8fef568fd21ef0708ca198ace89e7120ffb84fd9bc91c01 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml
| MD5 | a75d7d422fd00bf31208b013e74d8394 |
| SHA1 | 3d59f8de55a42cc13fb2ebda6de3a5193f2ee561 |
| SHA256 | 7a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5 |
| SHA512 | af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml
| MD5 | d7d2fed9b7c55fe72a6cda66725cb7e8 |
| SHA1 | 2cb154a1c4a0553658801a088edf87b5816cbbd2 |
| SHA256 | a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5 |
| SHA512 | 0ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml
| MD5 | 437687da72730cf42ce36bd093b78b3e |
| SHA1 | 693e31dc362426bc4d7a6b2954f7c80267476d66 |
| SHA256 | d0d0b1face19fe4a88c6b51f6ced55ae0e00ac548b75809d88089ad431da5d3a |
| SHA512 | 7d05e270926dcb452ce405dac9dab6e9e1a0dd247bc93f0940826eb4abecf827acb6f42ef32d3b6f6ac4b46b28d522e0b25f6b8b679affb9a198db8ba4fe2daa |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml
| MD5 | 48e296d8287ae11c252e4277ee885161 |
| SHA1 | 8a75b573549c2791d38acb3a4d215fa2153b37eb |
| SHA256 | c94a9a55369ccc4b41a71b9c18b04e1778a0913447ca6b5a630135f7a7ac0c1b |
| SHA512 | b17a5a8a6009bfde681829bd7be3b550d8b8bf6bfee19bdd55567163890550980ac0633fd956f117006892638f408c63449d4520b0716e6866ab0858cc3f743b |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml
| MD5 | c9580e2bd3527b65bf5b812b477ffe30 |
| SHA1 | 66e921f302739af54e7a991ce38a1d37ead7c7c2 |
| SHA256 | e77bb87374bd3a9b3ccdf932d260091a3ffeb1d1ad9d236b54f0f6797585ebd7 |
| SHA512 | e86e61aa09e93395f03b9976d6af4f775be3e017ca371a837e538d440e04b7813d2855c3b7c2444aaa357c9d7a3b5ccca7649c6c557bc3f520b953d96aa93577 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml
| MD5 | bb95a9de280c528c32806d0d5231de6d |
| SHA1 | bbffb8596f1bc68df5603a10a3672a02ebd3ea8b |
| SHA256 | a7ca0125b93e1a5681d5a9c294ec3a4e5680cc58e44fd223d2dac04232b7367c |
| SHA512 | ac4cad4f24495aa6b0d5ed8aa439554f479cc2fdba4d5dd256f1983fa43a4121c8fdf79ad7ec9d9a396a73fd480bf2f5141ab5303d50c8b6d2ce47d158010a80 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml
| MD5 | e7b188938a141c90dda76cc258c01f8b |
| SHA1 | fdf0e86d2f90e51797779674e429b6f826107a5b |
| SHA256 | 77cf0aa8aa6d73f27ad7faa42f7c9a76a689a60d74483f96050dc1cc0adb88c0 |
| SHA512 | b106fa59882b0345ce6885d902317af39a3f538731d100e4a92920ee7895ceab8a62d563c4137f8e3e1c7bd61ad6c017ddb301adbc01c7463984b3b245b3da54 |
C:\Program Files\Java\jre7\COPYRIGHT
| MD5 | 2a79a18a4fce30f9d28abe3b0174812b |
| SHA1 | fce91cb769cb486bd59d97a59943e69418c03e06 |
| SHA256 | 46570844fde2506ac28543dcde5bd20877b0bb2522a0cb11671513722ddb842a |
| SHA512 | 4ed0cfe9d66106e365977378a53f7881d1bd795fda7e89bc8e879888b54bae79ce80746bde779c9aad058000f06d1b96d8e0c7bacb0b871d3fc075e684a0f2f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2eb9a737af4f9776cb2d296af305ffe2 |
| SHA1 | 0ac5e49bedad287692430cfdd17cbcfd1c83d76e |
| SHA256 | a8e8999379f7eccdf13bda78f7d9d0eb1eb6e2b5eef45cfcc64d585fc6239995 |
| SHA512 | add5d29496e59ed7e150551ac6659102e7d7978d7e897c95e1bb8eeb8706c400827bc1b90a9afd1e083f71761f3858d8543c1a9f74e16fcfd94791fe6d6cd2eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5750ebba891e6fbbf47baa40f9112f4a |
| SHA1 | 0195de63a9fee04e53f15ebae2b7dfee935f7769 |
| SHA256 | 79cb56496dfe0c004e2e123a0731cc847b6fa146a733336237a5714d9c7e0568 |
| SHA512 | 47edd3750ec201662dcb3cac268c886100ae5b6d18e203e1360ff8cebc3b3d06b1cf197685b01e964e2b051ba32d08628d1aa85aa617e6d74513b0bb58a562c4 |
C:\Program Files\Java\jre7\lib\management-agent.jar
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg
| MD5 | d1950d80f172e80f1c48685c51835807 |
| SHA1 | ae9fb8e72137c1729ffb559aa5f541bff78661c9 |
| SHA256 | 523c41464ee47d61350e15bc091bc970d73ae2d00bfe7a88bc7fe00ae6202c75 |
| SHA512 | a6af7912278d814025fd2825a16943917461c881a8f2ff1972497a3a9f6998e349c5e375d69bc8697ae7197054083e0988198c4fc57cab3184f98f82a07a1a1d |
C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi
| MD5 | 9e0573ecb4a0800788a3aa64ad731bbc |
| SHA1 | fa205d2a65684c6245a2272facf45fb12ace4014 |
| SHA256 | 136dd1a7d0a62859f2077a62b7673c5c712fb750604a15f5f6140ab2c5112327 |
| SHA512 | 3c01530d43156962f4a2305472eb5dc77464ae3bd88f932a2f55e72355c4c1db1df050c94951a1375ed6f69bbc4102ef6ea45574f4ca293123685564a1334596 |
C:\Program Files\Java\jre7\lib\zi\Africa\Tunis
| MD5 | 66663b7d29e1bcbcfabbf26496f44d28 |
| SHA1 | 652e5ca160b40dbdb15b9a3b89ef967d6d44d455 |
| SHA256 | 8474486baa45dc211adc58156a75954f3542dc65326d6e5b157288711ed74e75 |
| SHA512 | aae76395ca6c3fe5e58a64618fb00ba73cf1198450da008edff89366bb9fb5bb62ad91f06b65a3af57c45aec92a67b2d51075c9438b526f5edc0aa4d4f38e17f |
C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan
| MD5 | 128e5d8a837d1d9b540b96013e4c9f19 |
| SHA1 | 641eb152f889f8027c1fecec8fd81df2540400c0 |
| SHA256 | 58bd661ff1a892697366215a8938d1c616cb4523e1ede78b49d155b132430917 |
| SHA512 | 2a64edb3c126e9d432f8c8592af3121423a93af9d266649bb33b73e3d65a5504db3f00e268a51fb59ddd3e279f03d2048b3b243e9f5602b2399584928ff2a316 |
C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon
| MD5 | 90c805bcb9fa376aacfb38d598ec7bb6 |
| SHA1 | c264d31acdf5c68a97ba444c7fd7e8af853122c4 |
| SHA256 | dbcfcc77f5774ed3333f3963eb84a324fd967de4d62c96631be6af1d6b3fe136 |
| SHA512 | bdd9bfe471648e8a116ab65d97e56f38b2d7516e0ba522de25b284c7b29d089dc039bb653f1b08e6ea0792150cad576adc48890dd6956a6aa29e5175cc5e2f0a |
C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica
| MD5 | 1135e286fb5224ef530f4ce0ec4a2835 |
| SHA1 | e1ef9d5aba553828ff9b4ff2cf9c1f25b085c6a8 |
| SHA256 | 4a93894f08d98d707cd9a0274f4c9a51bcfa27e701359e12befcc78ffb488817 |
| SHA512 | f57b77dcd655d347fdcfc3a1beada329998824caa5db061553a7c784a163b4641076ba99677a4e648d0477671aa14da7f883b2df8b9ed6eed3985e7c2c8ca4e2 |
C:\Program Files\Java\jre7\lib\zi\America\Matamoros
| MD5 | 93a2fdbfe3bd18cfa0620f2632efa4d4 |
| SHA1 | c0b705de8aa572a851737c34f1721c501473d31d |
| SHA256 | 3e84c247e11701fb5451865acb6262c8495d47c5f397a772a7bc01c9ce9f5b12 |
| SHA512 | 1e5454026ba8100ebf7a32dbdda862c9c315b1f6a758242a7c451ade0ff87ef3757fd8caf58c96a0bd63e7bde72217b9664edfa2bb426f50a9ca9cbc2dde655a |
C:\Program Files\Java\jre7\lib\zi\America\Nassau
| MD5 | 4401d715587a3bcf3830b14dd764a25c |
| SHA1 | 33117586fe2f2cbfde2a7ff3b1fbf74927a65e42 |
| SHA256 | 8b3827b7bae22f976e2a59e9957ba8b3b9cee57a4cf923a4da970a8f3c1e79c5 |
| SHA512 | 7b63cc90c5cb65c3a54ab7249b67d9f12eb86237410eb51e961bd39777f517d65b62a08f018e8d8ce89745c2222b2302a9a007c88771968e81e97a60ce037def |
C:\Program Files\Java\jre7\lib\zi\America\Noronha
| MD5 | 527e3a39bc066f9dfcc85c57acc8d262 |
| SHA1 | aed5fa100750d77de0ce7e7c2e6d7a322131c910 |
| SHA256 | 43c2ae1019ad57912662c9bd170d8d6986299bad4ec76811e70c98c4a1ffe3b6 |
| SHA512 | a1a0266e0c1b0e8b33e4dd242be63b258df4f2d1ae748583649dcb22ba82c7cd27c4ed12f632f7fd745f484621a303f8ace8c8f91646c74ffc71cf0ab12275a4 |
C:\Program Files\Java\jre7\lib\zi\America\Regina
| MD5 | 05640f18f5c0807dd96697e31fc5d8ba |
| SHA1 | 659edaff37a05ac603d08c90d2b5d26d9c90c78b |
| SHA256 | 86fbc959c7ffdeba173fc2baa99a8a93d75ba5d6a83a3e3300bab1b0a46b1d42 |
| SHA512 | 000113934c92690a06eb580a6128941aef65c5d9ac043811627175332a0a6aaa4f55bcae211aafed8c5a7cba9dae94a162785c749c08392cd42978cef1771b48 |
C:\Program Files\Java\jre7\lib\zi\America\Resolute
| MD5 | cb97b848abcb6376d491ac6bd9cbeadd |
| SHA1 | 3800020090c3bc180b0cf63fab7b39905680453c |
| SHA256 | d6369598c0846422df1f6e1029041784e34d3b6fcc12a3ba0fc1613a0f80530a |
| SHA512 | 5c910d7062750c5f76f87e174eb0b1225453fbf36ba072d04ca025579af6a051c7af85c7772a4756876659ab6f8cc4429c11b3620c3f5298e0599ea4f8d5a644 |
C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund
| MD5 | 81ed540e1204e3237f63da49df05a7d5 |
| SHA1 | 88176d30b1bf7d6f87f1ba92dac451b883dc1432 |
| SHA256 | 256fb9c4796b15a7ec4b0d5319e9e493ca4cffda658310420bdfd31e1c59da79 |
| SHA512 | 92b183b168ad7cf33673e688094d8199cff7c3063aa3e2b83891838f02ac1a79291e6a36e8216040c588306191634cf51484c79f56106492408dd09079e0f807 |
C:\Program Files\Java\jre7\lib\zi\America\Whitehorse
| MD5 | 1036f4aae37bd39b2ecc451c487e33c1 |
| SHA1 | 8d60a72a4873cf55fa7bac47dff692303d17d157 |
| SHA256 | b61465acf0031e6a4cc34a66d568bd1735668abf591a6badb1f5f5bc20bf9919 |
| SHA512 | 3ac2c8d3259ecbc41b186c2861ea6be3e6f9cc6b673a2ef610d42c91b359f31e941aa7de1d6ae801191870acdd6590ec788839cf9c069a7fc658d84582103a62 |
C:\Program Files\Java\jre7\lib\zi\Asia\Amman
| MD5 | 227fd460860a3ad1fd2b245793c07f95 |
| SHA1 | 71d8da21d4bb33f4cc32b70b174815e40eda657e |
| SHA256 | 693195cf289838146418e1bd05fd1a482c36ff75a77874609d615247285d5b99 |
| SHA512 | ce035dbe02b8e15091f7fee997a823dc4a0ef12c14e4f7d8441b9d3d9878bd17036db61e24d4e67db2a6e1f8b50168f6f03311b19713c688691ce4298b1deb2c |
C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka
| MD5 | 709c6a80af0276b170c521117ede47c6 |
| SHA1 | 8e6d9001ca20e76482e1ab88d54d47c65c8c7836 |
| SHA256 | d8129de4286dc4fd245c7776b51d76aaa727956e8fc88ff928eb69ff7fc17e0b |
| SHA512 | bef13fa741340cb7c1174406f76f9c65445c76ec091e47daa8537b5f769ad2231347c61144ce8f6e4cb16fd5cd27bb169930c3f8c3b5b9e24e6609491fbbd4e3 |
C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe
| MD5 | 0d4ec840c1db49efd9ea0f2dd0a7c66e |
| SHA1 | df44812586d12298c713564804b42142fb68a8c9 |
| SHA256 | 2091501cde52f2dd75b74ad947075b6381c5f503af97a66b592b7caebe9e36cf |
| SHA512 | 85585ff43a93051adce2aa4f7213bb5a8e4b4160bc1ba20eb061fe1b7d489cc07676b512e00c37ec63d76e08cc98598901ae6babaaf57a0c59eda9f621c1bbfd |
C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta
| MD5 | 5f54d1240735d46980b776af554f44d3 |
| SHA1 | acf7707c08973ddfdb27cd361442ccfba355c888 |
| SHA256 | 2c80619d7e7c58257293cda3a878c13e5856f4e06f6f90601276f7b9179c9e07 |
| SHA512 | b1f542f68a48608ae53904fbe2105bd8f3e544941abb38ec9d24cb7a26f916ef94cfb431cce0c64077dc2934913130d78492914a5e9ffc52f311e68217caef15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem
| MD5 | 433b6e531d44ca54bab63198a3f6b388 |
| SHA1 | f1dceea33541fd68c8e9caaacc76f062da393a90 |
| SHA256 | c00b114d3e1a4d978c0051e7e8503f7fd30dea142240d6b950164a37cce3edaf |
| SHA512 | ca77aab2370179c0f5eeb6b8ed8b56eae5c3083860f51eda2031f7d5772e2018011ad5b004b1db1e1b5bc2e4c0f300735eac814cf913f54791fa26375d3eaa11 |
C:\Program Files\Java\jre7\lib\zi\Asia\Manila
| MD5 | 38397588c4d02f8b95c263852e9aee7a |
| SHA1 | 80691ad30930c04fe1bb2f645f9c6c0548ece80d |
| SHA256 | 42d699d9e89e439804c0981f96b1a3fa7dbe42c6be1dbca6211c6faa4e0e2463 |
| SHA512 | e46b5c1865b53513bb10be9e3a2c2a54ee9e88f83e8802e85e728a2364ab649ecd4af605b41d7583688f8a78d1b49e36f1ef5b8824ab89885578eed8ebdbfd15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk
| MD5 | 88a4ef65b666e053c28c9e023d8579f5 |
| SHA1 | 4a9c1d641605648e7e0ff0f87d1ea6d21ff42a06 |
| SHA256 | 88d5d20f83be8b19edd7cf53771fa94c1a67429f7bf9cec90822dc84a3a434a3 |
| SHA512 | 9ef796e128b899f33feb0fba39017a0365e6289c3249ef6d2aae61c6c0283febf89626323bcee6e1e3fb9e80c4908c2ca09ddd53396ac41c78ba2e5c47500f0d |
C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda
| MD5 | a1534d6e98a6b21386456a8f66c55260 |
| SHA1 | c7239c0fe3b7a00d812e548f4cb9d8d863e8c251 |
| SHA256 | 4c555a3d8b83f80c2e0d0b647769e82148ebe7e27811d0a63277d6f61abafbbc |
| SHA512 | af0302203a3ccb765aa4ce1b1ab524ffa500d62e179ffb527b76d2b62f5ba31b037902d8d46278378e7255a91251f06c0779fe4940d47a582415a201b0e401db |
C:\Program Files\Java\jre7\lib\zi\Asia\Seoul
| MD5 | 64321e9c7da09049fe84bd0613726226 |
| SHA1 | c2bed2099ce617f1cc035701de5186f0d43e3064 |
| SHA256 | e43fe96a7f7ec0a38984f78c064638b2daa75e261ab409bbbe2d3e590265ec7b |
| SHA512 | 4f56b895d0ab27f71ad4f5e54309538ab3052955c319ca5f718e6b8f8fbed1bd5f51f036eff7cd82d4403ad4b93395ddf75dc8621041ef5c5ca916c1113104c7 |
C:\Program Files\Java\jre7\lib\zi\CST6CDT
| MD5 | 359a1339722ce22ffdafcf70fb387a3d |
| SHA1 | a958f03b193b09efcd8d35934c33b524b4e0cd7b |
| SHA256 | fbb4fa31c3fa0c14ccb3fe426e39dcad529b17e379309c0adbe27fcc93feba50 |
| SHA512 | 4a90df2fa4bfee474f9e79570ae05a26b6752f0244ab755a49ac0d38f69f28ed97b134092f353ded2c968a3d9baf2d08a73eee2943e8116b65c4c8357bf2dc0b |
C:\Program Files\Java\jre7\lib\zi\Europe\Oslo
| MD5 | 677bb0dcac881a5a4638ede690ca721c |
| SHA1 | ab8e52e9f345d8152a39110c9ebbc07bfe37b182 |
| SHA256 | 97d364e2d3d35f030a038c41bbadc42d0c15fa8d79ba569987e19fddb2e80f9a |
| SHA512 | 6485b77c5bd7581ba0f80318493879df55d29606e30bd8a609f18a94da581c46e2284287869d3d1b7dd2857a5388fd97c87070279305b66e10d67430d5c96a06 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vienna
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius
| MD5 | 515d8db6175667b02ed715ba8aff0b2a |
| SHA1 | 44ca509396091b269d47da24e3d7e09fd8da7268 |
| SHA256 | d50e2d8474134908822ade46e27717d1a22aaa2d4ebd66ee14c988ecafc01461 |
| SHA512 | b0003c56ca6ca6789847ca2d75eb762a7da8870cde67cde39baa6d8a50c0a4c62fa1cf67bebb892ea50515ea7913209bdd0ae946b76ddbb1aef46a8f9cba5b8b |
C:\Program Files\Microsoft Games\Solitaire\desktop.ini
| MD5 | 22577911e88af39f79409e6de8eed4d9 |
| SHA1 | 93436ea60c5dcdd2e9893a025f560ab72422ae8c |
| SHA256 | e08dd9962eedb16e12840ea2a977cc07bc5fa8d96259682edaa080573d525e4c |
| SHA512 | 2db5f3b0000212518614c74c73dca3205cda5751aa2504ad9bf9b98be46e98143c064980dce9a8a6372305840946717c38e244d9e1f2ecbdff683fc1f0a8fbb5 |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | 69016e6a597d194701476b8e04d4e028 |
| SHA1 | 71a24ddb0c5bbd321d3f09d7b322c3655fb5e129 |
| SHA256 | 4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a |
| SHA512 | a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae |
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png
| MD5 | 6294c74db1a4aac788765b4e0a0278b5 |
| SHA1 | 81e9bbc06946e3c078d1c1aa150ca93e501ace6d |
| SHA256 | ab3df617aaa3140f04dc53f65b5446f34a6b2bdbb1f7b78db8db4d067ba14db9 |
| SHA512 | a4a83643031063cab4226cef7e215765e6f997ce7719173632a66a45bfc0a710b3e6bc19a590108bda91576030e2e37f77e339a3f4e71478d96dafb0d46d2941 |
C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac
| MD5 | c3e4eefedd55eae4334456daa4aa0ad7 |
| SHA1 | ba9abe2d4d40bbd94530564b6eb178ec02a47204 |
| SHA256 | 7081ba3d8887be22551f56b5f50da675bda7dd02f40e9fcb150ac84fccbe387f |
| SHA512 | a302516427a81e59fe955f4316fd56b8e5207542b1abdd7eb3fc2e9dbc669849dce90d12d9160b59d45af233e63e2156f3a3f1e7807b7ae1b1225a94d472cea3 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML
| MD5 | 05fc90d38e2468528ad10b5ce0bff46f |
| SHA1 | 3e50a6510e30a9183cbc4a727d4ee3a6e3786102 |
| SHA256 | 4f969244f420a506355a2c1e81bdd9841f1263818b9189ac31c5c5e14ea41acc |
| SHA512 | f6e585b7f0046e95b5c808133f17f131ac9c50ac41f0f9c09d7e17509f77891d5e3d9f71b7b0322fb4ed187d98425f2a45f6addf428a9436bec7af74fbe679fb |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML
| MD5 | 950ebe96859f7ad2194cce45ba32bede |
| SHA1 | ec77126b84fba5f858a84cde4373e1724c86d481 |
| SHA256 | 1db92b26f408ddb6f3ac47574cd49cf4dc131efa8090477bf6d0a5feea4bdf1c |
| SHA512 | 4755508c6a9fb44d196c2fb4de3cd229b5526f48e1baf0057db858930d5e940c0e7c2c62cfc1e66e558987f2e93d11abeded72c709020df80c0b773607c33d8b |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\PREVIEW.GIF
| MD5 | c42c94e7e22da680544d2ee9553f5327 |
| SHA1 | 318f931facb45612173e8f845305001d1134d88c |
| SHA256 | 0ae208d8333b8d56b0871129f974ea63ad90303e5087fd1092d7cc7a66e85ed6 |
| SHA512 | 23bf222aaecef148138b5b2cd55e46084913986a7ebab17ab82011890ee179d00403bc5573ba7a783f280ef829e6cd5598a3153aac24d8fe5b2992064c30ed15 |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.INF
| MD5 | decc47bad99272317818a41e7a522d85 |
| SHA1 | 8d92c3a841aca4b24ae76a488c4e9985570c81d7 |
| SHA256 | 153e9423e652627ab50fe46f33f0ee612adefaf54ad06bf70947650cdd32871e |
| SHA512 | e8982763416ce78756050b0383398505979193e92a5cd7541758756a7e1c188405073329fa8f737861b4de5236c8a88f797cd0bf0083245349eee2905d906a7b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08ed06ad67f5a6fcdcaca6fb0d22f136 |
| SHA1 | 078f7fc0b1ed71fbbfc68f78734738440eb956dd |
| SHA256 | 24b3ce270c0bd4ebf94f43e505cec87629ae386afaa352c152835604255b89a5 |
| SHA512 | d7b7822d5e70e0a54ed2847fb8ee7e6854c340f09a18a6a07e8f9712d453cdf9b5e026ff5bf552cc99b8f126f8884fa96502a610db760bd6b4fb6d73f792a275 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF
| MD5 | f08b597fc0dad2e60eb47c729ec5a0e8 |
| SHA1 | 6102ed704c46ebab3fa452e0978e001f6799e7f0 |
| SHA256 | 86d911c492b42593042265fd0e6f48a2cee1f9090238e1d849420feae106ccdd |
| SHA512 | b64d872c27d5fd0918f8b6df4c9834718f669ddf7823e191115e64f1784961c0ef384b9de3310bac1e5c10fc52ccee0a94392c5c595f271e169649654e2118ca |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF
| MD5 | e3d6d9c99344bef76ff5e6fa940c1379 |
| SHA1 | 84da7a8bafe3d5898bef2d806b318af5adcd85f1 |
| SHA256 | dd0a8ab83ad0ac36cb27968e73c3b8c87f5d3080854b214a74b53c152f534036 |
| SHA512 | 63184737bdff4cc24545d32c83df3656d772538a91644870386aba113dbb09763d4357a45fc5e9197bcb0f3b5aa519d5f8fed6ff48d4d8f953e56b96fd43209b |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF
| MD5 | 42968ab756f9db46dac524acd13c5283 |
| SHA1 | 6cb4841f1adb1015105a551e1de9a673f2169650 |
| SHA256 | 7fbcfcd86bdfa943dbd68f67c3fcba6e7ab86fda2d14d28862c176bf18579fca |
| SHA512 | e42291e186e3b3f2e0dd3325d9ffee51a5b1b80fb0125a9fed79926f95f400ae38e7dc60c03718f3b6c8ed970fb9d2d9902bc8648c9d8f0fdf0f9fba8f735dbe |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF
| MD5 | b0d582502cd3ceeca01a0741bc96982c |
| SHA1 | 015498c371e78b8fc5ed5d0831bf2f8fcf803d05 |
| SHA256 | 255c3a22d46b57e3f291eac23e404ce7b331400041930a0b43eb777bf8ed06fb |
| SHA512 | d0b92159fe96a71ee641bb11365923eb89c391045c2b275e5fec0512ffca3c430cef1c25270c7440cfbb36d2e525675fd80b69ae2a9273f27ea384d19c58cf07 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF
| MD5 | dd7428c326b6303dcda2df68badec0ef |
| SHA1 | 83d0d1df0c2116857baa8ab9c2d5f856e29d6b04 |
| SHA256 | 59f4c13183ac051510c1eea1127c45540085a860875b07d4987d64ddbf46acbe |
| SHA512 | 402a8282fd6f050b125d6ae5efb9fd2bc9976356101714e908743d20f0cb317e43180936e44b709cf83cd12bc628674b74d46a1579332e54d0176484274bcb67 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6c3501efc7b5480d2b3aae01f19a382 |
| SHA1 | 677ad74d10e08a8eb8bb8939cb4bf392fbddbc70 |
| SHA256 | 7e6a6f9dd0341cc926f56cf9534e30e846a1b6650eeacc9323d097e1573265a7 |
| SHA512 | 2a6983b8d6b51423949b38791c8fdaccccf7f0d2922b4ab28f040ffe9b53faefb08e68c7aa8663c58d95f5063da38b3d35df9a578d1d5ba69f2e8ae36a225f7a |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01244_.GIF
| MD5 | cafc2a2dde2f05e2a60677690d2ca245 |
| SHA1 | 8bd9c447b79435b8497212ef76f5b43dffb030a8 |
| SHA256 | db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e |
| SHA512 | 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml
| MD5 | 7e5a19c335555b4fcaf22078f0a5e362 |
| SHA1 | 55079ae8c6067cd839503f9c3ae7ef9deb72892d |
| SHA256 | 202115097d1bee389d4d4d81db00117252be97d5691af316941f3843ef7a05f5 |
| SHA512 | 371b8cf9a6485a2c59fb928a8b460caec1f7a572126641f568f77133b78e0e7b91fd52c10e6089c286d4162050ce50f9aeb1886784d75d338ab02a6b7d357a68 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml
| MD5 | 0fb569bd35d44c9ffa7d4728af4e734f |
| SHA1 | b41945703b8efdabbb18c60ccd93d2115ceb78fa |
| SHA256 | 788ddb3f7716950d0d204e6cad9fe3cc1dddb6140f615cb1c76bea0541722c20 |
| SHA512 | b94c1fd2dd103b19b5fbac6c76d3166be91b01d659e1c912a26ccc48664a153c62cbbbf15ab3869aef08fdc8bb3918e4ce83bb97a1a428f55ce12793d50ee646 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Module.xml
| MD5 | 5360b12f6a07af7be93437d215f72fca |
| SHA1 | fe12fecaca49a131167d88817c4941514ea408e1 |
| SHA256 | a0cffb66ffbe1d4701a3aa75ae66af7ca178b45f5c722de3d9021a543129f80a |
| SHA512 | a0b23b148cd30b1d4a41e81aca63179eda341bac1d1c3bf83924d0bef90a47e11f2de08b4cbb879331d507184ec1df9b59c18951e740b94247ef726b15fcc410 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml
| MD5 | c3c9945cae188df73afd04c6251ba98d |
| SHA1 | 4327d33b49b3c7046cdff83bdd31c724bdbf4118 |
| SHA256 | a2a40bb99c6a44d49eeb216549045620e8cb9fb90fb165eff71f846f30264096 |
| SHA512 | a674c78678624d59cff6386381c0e4e459836484aca4e617fec26729878743d2ffa5dd4a3bab0a0f0f27d60095739cf4ee0a6b0f4a5d79d31b43a7ecdbba02a2 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml
| MD5 | e2b1e53f26985bc0bc2a99c7d107a1d1 |
| SHA1 | b0b9bccd847f973baaed9790a33f3f77d2d1db1c |
| SHA256 | 3dc463a76fc170607c07b104c3cb531362ce7d6e10c1a34e0c0f370aeae08ce8 |
| SHA512 | 0c53d4208a6b0cc0e6959d7eafc24012efd854316ac3830267861fd02f1da0246a268e75a7549b8b5ede05d08798f22f87c7bc305b62dbf76632cdff107ff718 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18255_.WMF
| MD5 | 68a8b1b2741f9c2ba2c58d3afbeff021 |
| SHA1 | 7ef6db0684eda77c6003d00c98da41a3e76556cc |
| SHA256 | 3b19ee6de90710035284dadad89bb5ad0057db27c79ad2eca5f5d5e540a892c1 |
| SHA512 | fb35085a488c6f3cda39a51a67d32a8f88f8ca8b68fe07d68f2a86cfa28879b4998bdec237ee28e61a1271a5cd9f5705e1cf8bc6176df8a2cb3f410da2f90d5c |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF
| MD5 | 6f6b5e30af6a9e64b7b6a19c39de7e0c |
| SHA1 | f4e37133cd52efd2967e90d645332c44a56b6832 |
| SHA256 | babd6f664158d665504571b169a1e81ef75470cdca4fdd7d95be6cdb7826136d |
| SHA512 | 4521a9829f60e2f4af33d4f72dbeedac048fcec352554b449ca36bcc32b64b65151bb7fcec78b389c37ed5819acd4c7f61e9ec08591408dd2400cf78ab5d67ed |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF
| MD5 | c7ea739796f77dea0edf2dcebe980a6b |
| SHA1 | 5bab75849b9d716b8fec896e7b0f2d37659b3bad |
| SHA256 | 4cc7e6272db6b1ad7581f76c63c694e926e20698e9b02223d5041a55960463f2 |
| SHA512 | afa36a9eba55e94eaaa5c64129338d6af50a0a485c2b37075594e0415b8d2f2d181574a8b99969a92f90790085f761fb66b1a03020afc715fa17121b803ac534 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF
| MD5 | 60c6b126049a35e50fffeadf17279275 |
| SHA1 | 1d58c87e67c4b9d2c7ddd6b1f9c033eff16ca9b8 |
| SHA256 | 77133f431d5e12dd850002c0d3d4e0fecbe3a7a699d604dc8c5eae9976e1d260 |
| SHA512 | a3e171c1c71e0c8fb05df6d783f5ac9c7ce0f9c3bbe653952ea048adce025192d5eba4ed8cc7800bd52afd265256ecea887ea63725c49cf563455ff321d45e76 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF
| MD5 | 81e4bf29a6552cb0df60980b937ed4a3 |
| SHA1 | ca18e846361c6f84ae934ac108d5df987e977925 |
| SHA256 | 8d84ef2aa665b1d6e1a15112d9c53eab04b68a09a088de5392ee63d51060db81 |
| SHA512 | ff58938f4d4c80baba6b15d20744b9762757cfc6834d8a5023b209f07914793881361ab457eed2fb0d17e28a8c99c541a142809f19715d0350c4487e78846ed2 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF
| MD5 | 6790430bcb39e961b83668cbaa1573dc |
| SHA1 | 9f01e584f766dfbb5e49d6e32f7dc51fea2d0d91 |
| SHA256 | 5514e3463923ca8257bc073bf34413d0426a6b45bf569b5a5b74c7c5298c57a7 |
| SHA512 | 6fe6a31054dc68ee8c59da7de683ce56963f27b6a3e8ed634184c5ac99b6cb4dfdc2ab7980b4acb1f9b2a44ed61cd363ebb388b44cf466c736789d9bda98573e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF
| MD5 | 4df019b7bb2ba1e54ed725a85be04261 |
| SHA1 | f40905a7a7dd1623fa8f075715c862f6b944e961 |
| SHA256 | 33c35642a71ce7d31f92ebe614045d206968f058cb345c7df4ab397a2655f16d |
| SHA512 | 654f35be8431fb1e9995a75ea93b9fb04fa12e7ed94923df34ec99bf8052c46effb28ea46417357e1a6ce6f9a8663525d5ad48cd74942968df2a178396024ac1 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF
| MD5 | 5dc32f41bef844b95b3a8d79e9633c42 |
| SHA1 | 50cf558caa78030567cf4e265f7c9cba3a2d904b |
| SHA256 | 86d2cf5b090f43ee54d8f7c1dcf746a853951191457ff6dac96269a9d24860b9 |
| SHA512 | 99e7e8bbb58a6727ddbfa71f9dbb7d02658a11d7e735367ead3cea004ed3edba9cca8997117745fb40733672879b5f466a7e39cd5684729eb413bce49c2019ec |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF
| MD5 | e0a6fc12e9cddb11d637714157db14e8 |
| SHA1 | 5c2c7b2a90861b03082d3af01f802d42b937476b |
| SHA256 | 2f1411c6a9eed5ac2ccf7eb35456b8601e3c96907765746895325407cc307cc4 |
| SHA512 | 3f30489d8544921a38f743f905aded78827948c695acce03cf892121893ad7193f7810ef5e5941e2183483e27cd384fa37dba257931f392fe0781eebce384ebe |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF
| MD5 | 8edc22fedce822ad66c7733ea98784b2 |
| SHA1 | 9c0986ff2345b18e88d604e24a105ba386d87b21 |
| SHA256 | fa807c957eafe34b850cb453a096df2e5899f0902a837fccd59f9aafa869fb44 |
| SHA512 | 31bdbaf34b4e8f2edff432a5f1ee5fb571105081cea907b6cd41c529f4a9ec4956d009378f3b4fd912abab84605d78da298d4718b75780814e1fa1e86386d20e |
C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL_COL.HXT
| MD5 | 0ec3bbc188caf04134280e5a95f00446 |
| SHA1 | bd398b51e76ebec0b43d756e04548a1907e8d2ba |
| SHA256 | 97779f7cae716a4243ac78cdd8c051cfbefdd111d26740978dd0f4c962c2aa7d |
| SHA512 | e67b8b8f0a30a663360fbac820bfe536abb5534db6e0475424ad3dfd526793663ba5e7d866ebea85f67c9154d6bbda2d38789255f83567be05848cc0d7c1934c |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF
| MD5 | c2dc578691371996eab94eb37f6896e4 |
| SHA1 | 9c09715d6b50b203e161cfb59bbbfaa7837532c4 |
| SHA256 | 9f3a97071dc41574af5b54e44945fabef8d5da339d179476a78dbd624a60033e |
| SHA512 | a3778926bde4b74eb0dbda8c7857f2f05c6abfc39222f80332bfdcf7fcfd4db9b81ddca44c45a1155244e667f98f07c7211c25a29c68a62d89b8637e8ae05e70 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
| MD5 | 3e586cd8128ba5d03ccbc121909e7421 |
| SHA1 | 140dc52658e2eeee3fdc4d471cce84fec7253fe3 |
| SHA256 | 1207fbf437a6d60bad608c9c4a7397194c4f3768142a32c7e5f3a1415452a992 |
| SHA512 | f1759159e90975a7baf3c666e402f9063909bb11f47371c9472ae40315ba13454f0ff4aa418c7d0079eebc09909268b5d2d39ef871f0e5850544b1442f9d6f1d |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF
| MD5 | 9cb5fb90f42219febcadbc6eb57257f6 |
| SHA1 | c948b86625804155f9ac9478a07cae11d8021563 |
| SHA256 | 1093af6901915021573eb2e3bcb49af7f1eb79df351806d325b80f1baedaa185 |
| SHA512 | 9c9031770c5c67f40b93dc7dac91822f3b5eabe1deb83eceb2a878afc810a810ce0521f966e68fa49aa1973cec342cd3ef6096ebaaa191b885a542e4a178ca5a |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif
| MD5 | 79b9e09ca5f8f8ebd840da4c96afeccc |
| SHA1 | efd9e4cb4eb7a896db0cd0de5138eb5be50864db |
| SHA256 | 318e9e1df845c4135ab519baf8e2c9e617df90e2b3020741ab5d926bb0d4cc93 |
| SHA512 | 2df29a7c367151d76b4adab7002e0e90337c1ee07f935545cf30cb729ae91171bceeec0e2611e50d91d097797bc221ff63f949e225629f23a0dc5de3dae851da |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_COL.HXC
| MD5 | 59bcafcabdd1f16e7b9889ee10dec858 |
| SHA1 | 116cf3bc4321fa20352d009e1d0cea588a9b61e0 |
| SHA256 | 006f8885e892963b3d4a0b53141f888ef5d0b36770d43b82296bcbf800a89d13 |
| SHA512 | 2d0fe70022c2bd7397b94c78b27d6c3d2426a644a1601b6381084941e9b1dca913d0e0787d8e463d69d7730031233f5b85ec76b480b736ced324fbd45727dfad |
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a84fdad317b6f83b71c24cdc6afed16e |
| SHA1 | 7087b88be8a6192978cf7459dcab8a59dc9a0da9 |
| SHA256 | 6540078fb95cb267c367e3dc327f3d70f00124c746e9237b66650d4fbe24383b |
| SHA512 | 4a15156d2efe9079040b0eb38cccb8786db931bdcc929e554e126e1b48dbdbd208efc44e386f8235b764bfe7ac83cdba19ccddc87b67b2cdb4b2e877d8d2f533 |
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\MSOSEC.XML
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTL.ICO
| MD5 | 8722af8683c6dedfa35cf708f04e507a |
| SHA1 | e411318d7904624a56946cec0059e380b0a4bd0f |
| SHA256 | a338f849bbccace695e284ab83c0cecc84876fdb292078f1186b31e9b6a07127 |
| SHA512 | 1341ce0453aeae411696a7343f2f6a6fa991fbd483433841cfd4b202ad476d77ba62b66ff547baf4e29a5bd38e7c1f2f78ead201ed1bb8ec50b98eb763bb11da |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTS.ICO
| MD5 | d4a7e4b0851785143ecd98f019ace3c9 |
| SHA1 | 99d3d7b7167a9ce2fe67a0d296bfdf60ba7a8a8e |
| SHA256 | ea3a2d1ae34d98f545d82a53ff2d1c6e5334ab4a0a4cd902e3fcd0fb697bf32d |
| SHA512 | cfaa3e8c5f61f0b662c6e04296ae67b83d81fe96eed7872bc503c131cdf47576777d1857d0575ca309652f63f5de2a8ad6fe072bd3c3127eda3d353e61260c2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_drive.google.com_0.indexeddb.leveldb\CURRENT~RF6f17d5.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp
| MD5 | 79f7ca0fba179cb0bc93eb2f178e4ace |
| SHA1 | a529d3822d5bbe18f6c3acfe44b19f0449e76f9f |
| SHA256 | 86a618c687c518ca93f7151a26391ef0e19101986d30f7eeefa420b0574fc5ec |
| SHA512 | 3924f19e1a9e1b9b9eac515c1d5dffff2aafde9745ad8d20b0d71dfede631875c611b58b2624fef0273830341b497fe7b554710d18bdfedd57c36ac0a764947f |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp
| MD5 | cc084392f2514a4337b42f4865e2cc83 |
| SHA1 | 79ff391fe2ea7244cdb5a1e1e5bc68ee0cc1c17a |
| SHA256 | 3bff857daf1c246b3ba79bff08805f403b65b0e2a5cffb40b078a383eb861514 |
| SHA512 | 9c19d048cc3c0b34e8191368b9d243a4a9a25bdf4c55b3d51da4e97a679ca8507dd7368fe3ba22cb32451d433533d215549a276271462f8d1d1c2a9ff37ab68e |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp
| MD5 | 5b4d40b272eb1356f8a88982e76d4451 |
| SHA1 | 4344a4f7503185c3830fdc877e6d44ac0f1198bb |
| SHA256 | 90ebb694c6e15523caa8196f148f47d1c9c477a48c49d638354530e0c2b811ba |
| SHA512 | cee35a29ad193bb1f672cd69fb0c6ea7d35ab7427c5a33757842881d8db17b0eed1e1c59dc52e577ca29f5b74f83f9b023a61b844eab469eeedd04195293654d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css
| MD5 | 6c3081b7bee29dbf58f91f2e18d844e2 |
| SHA1 | 9437dfc92ec5cc8e0b938a23d11f43cc3d1739dd |
| SHA256 | cb973b51d6e0730a068671ec24e50257ecac543574a2678214b7009fd6620d9b |
| SHA512 | 2d12c25529f1b40724e5d4e452bc5c5fbe196646e29411c5cd8dcbc2897c65cae881d9be2ca5a9a18c36e2e62127a625271c3c0f5970d52fa29c4c4a9b52cd75 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css
| MD5 | e2bdd4d017ce36dec632e386e894a4e5 |
| SHA1 | 973c9f51425416d311a4fb1b502de562b57f152b |
| SHA256 | c23a5cc2d7277749c47ddcad301aa92fcbbaeab54e552813333c1306c5cf2425 |
| SHA512 | 85878f146a7bbcbea9b35cb48c79bfafa27d7872c4c312e824944d9bc70f1548624a2f58839958c8033981b6aeb01b65ab2f454a75963f91c282871d9df90075 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO
| MD5 | 385592b8ece89d5bb6c8ff79b132c562 |
| SHA1 | bc14ffc7e1686ee066f445f1ab95714ad631b9e3 |
| SHA256 | b57536fb8401facf2e6aed14ed0f15e42a4f38b1e05eebc1a8be1613909c5165 |
| SHA512 | 62ad043d2e28c8e5eddfb9d46edbacd40ac092b3fcc0e5bca70ac0d07d9d4b80cbf194f99803bbac70f3b963f9a3e7ae2ba29ecf3d71535ea3ab257115862bc1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif
| MD5 | bd38f281632881248ac7f09eef8a6319 |
| SHA1 | 5a40ad5f3ec39d2ad991e0b94683a0ce987d5066 |
| SHA256 | b92428daaf38be6775a2b1ce78f5c8ce213b90c6e6fbd95bae56458ab90f7437 |
| SHA512 | 1e102e101b9c679ff5bbb874806650bc12a69dbab6fd446617e392c99620c81e35c2233a745934692b2e4f20b46a7cf5e90cf38a97b87ea588d525ce356b6099 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif
| MD5 | 697538917066fbdc54bb7922e0f2eef8 |
| SHA1 | 21cf57e715733ecaadd17747a6956fea5dfcc3e9 |
| SHA256 | 1270be94b76ac32534581f51fecec7ce90ed9e0f3693f310058fba0c6ca8aaa7 |
| SHA512 | 26806e433c67cbcf7bff91a47e214a312929f279739bdf2ca0b5d26f04e40f76f6350161c7aaa44de48fe70aa6bb67293d9736aaac526f1f794e94f135538be1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF
| MD5 | 9d1101f2c45ce53f2ead40247bc2629f |
| SHA1 | c7c2770645e7611ae33bd7a0b3ed948d39f17c06 |
| SHA256 | 47f0149b43961165c5fa224dbd2d1e956cf0a26b86d15ee3e12652c2a6e013ca |
| SHA512 | 91ae75b332bb98b6116352147701514db0426f710600bcbd1bdfe31f20ab83c2c21c794244055372e5d11ee177f8dedfd31a1d9a744b84be0f57b580a8464ec1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
| MD5 | ec8d9cf15661e1e246997637ac868ca2 |
| SHA1 | e172de70f1a3707fc8501f5a2207613f376169dc |
| SHA256 | 82f9a5d07d2ed70801a407aefc9336fb4582b17a23686cbd30ce31881a289b85 |
| SHA512 | d87760b7b4b1b286af229762c9c2b81847c803410a2a36834861ee85533ff2c2614753db56db863c73dd6ea6807c1074a317e62f066870dfb6fd4257bbdefa2d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF
| MD5 | 0ad4cf7b35f62b8ff9c73f481594fbdd |
| SHA1 | 08b895c85051d99477cdf56d80c4006c262048ef |
| SHA256 | c55b90509b8cb9bac53fbdddfc93d4e572685c509f1218423c43a5d6013bbd48 |
| SHA512 | 697f1c0117c89ea0486b5b8e9dded787eafcfd710251cef4cf5cc275b1572a5cf9d499e44fa672aca8a77521a33b2e5040cf69c7cc3947fec2cd75d2296edecf |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF
| MD5 | ab58d658c2dfe0393df78f57740dcdb8 |
| SHA1 | 096427e4fce6a16c49a01f645139172fbf077ba5 |
| SHA256 | 882993b55cc0c527f0a6059b69b3faf4ef3ccb9cecd3d8847ca0e49a1444debe |
| SHA512 | bfbad9a939371aa29f4ed8c5bcad0d0299766bbe6dc1d9d6233ae0c060a394c0b8bf665b11a28c3713d434340dda690cabb578ecf3e2a4a462d797f0b3f30df2 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF
| MD5 | 9c1b2a47c87f33de47ccfcdc098e1806 |
| SHA1 | 4ea8f90ce4f6569e41788252674776594ca668f8 |
| SHA256 | 8d77e83b50a81c442acd64cf5a57ee30906256da88e661e87cba51320f2cdda9 |
| SHA512 | b317fc3bea365325bc928e347d081bf019c0dd35e764172ed105212e86ab4ab303b92bd1bb0752cc27c0a7d46548e199df353fb84873e812a744878d9d34bd30 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
| MD5 | ccd9d8aa4c9fbad1069e4dd2c4982652 |
| SHA1 | 58cc653eba0694d39e7615ee7e049c8441fe6600 |
| SHA256 | 35e1150f8a8236fd8c2be2c6da618b5f5366caabb763b7453201f5c430441aae |
| SHA512 | 7530335f5f01da26479349321531093d3da8a1cefd4e916496dd254273076df9ef5eb91ecde1221e37a2525e76a8578a6859ec79a15ddb0a69e2e39578afb8f0 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif
| MD5 | f25638c3ccba37aad21daf44d061ded1 |
| SHA1 | 2db65949b3b8b9f2ec83a7aebda1d4379c17391e |
| SHA256 | f2d7df9f7c7a829d151f2d26f67f11bb6b824fb5ed649c159dd6124c4b4dce60 |
| SHA512 | 362d8d85fb18947f6924d956f93d8cc8eec7febac2cc8aa5bebaa983ce257c1f0eb416663d650c0958d33d7ddadbf79e636a26cd6f592ab38057d7dcc2227c3c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico
| MD5 | 46b109680d8e37a25b4ca79ff35e270f |
| SHA1 | e1d4ca57aa3114a7931c7a5bbc8be1ecd8bd7882 |
| SHA256 | 54a918ed71329a2e6af831153825cb69b8cd45938a352d3b0882c92969a353dd |
| SHA512 | 7533cfb7af8b272d23734efddd2eba7524a746ac0664621ba3c05f139417f6e68bdf6e38c57ea16e8552d0b491a37f320f8f95d7b9e39e3c171a28f81643197c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\PersonalContact.ico
| MD5 | d33c6324366941b3c100293e79426478 |
| SHA1 | afd047c1461a2ce36b775cc94392672eb43f1463 |
| SHA256 | d2a2840f1282913c2678160f13f3204616a9c302ae3b8f47bf17783ef3323aa7 |
| SHA512 | 7cffef992a6008d2d5b1cd768ae722d533a7e2a637b421ab67f16175328ffc9f3a4cd72ed5db695796d335371aad94c4bf9003fe685c3833b7687b59bbb6b940 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OnLineIdle.ico
| MD5 | 175b6d3035eaaf10bcc78b54ab021ecf |
| SHA1 | 480f5c00b285f824d6eec209d6937e05c34d1805 |
| SHA256 | 868d0516a42b8340eba07ffaa00f5928e1d6a7daf2a3c4d96c1b86b80e2e3e81 |
| SHA512 | eb0b26da872e4e957415ca60d0114903a3b62dfc6f4b02db745004a32ce55d791baf8d550284be03157a59a433fdc9e39a3129155cc0a73cef87febc51fb2f6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1647ee338a9840d322be8679a72d06cc |
| SHA1 | 3da55b666f3098da14d22b76ffda9c6b296e7841 |
| SHA256 | 4e23e3c3b051b4f789ac5363e6137ebd8ca81b6685994a18b37b5b0f1e990c29 |
| SHA512 | adac98814c9a073c11c29a3a7193220710150bb6a5c8c9d78f02de5202ac9997040ae3fe9c54527518ee6687386a82ac2e3f98e680e293aca2fadfa027dac3c1 |
C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd
| MD5 | 9546c10433c45bfb9947449dd8d304de |
| SHA1 | f8ebbbe3ad6a8cfd13607fd3a7fad7a3a7a50158 |
| SHA256 | 6778c7c7b6b6c1c273e668169a7652a681da86ad62d03f7c5aa120405069feb2 |
| SHA512 | 90c6dda39740f839fb470f838c35d5f264a0a8664c57cbc66c431082710ee633ca4672b3b64902e7bbb7a61e9b9f4eea251a7d8b6d5126de6d73d3480fdede5d |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\AMERITECH.NET.XML
| MD5 | eb74234cb882f0fedae27f0b9e9957d8 |
| SHA1 | 973377cb3ecbbe475ec49d45f15ced0a02143a1c |
| SHA256 | 0645a4a67dcec462dc9f335bb0564e6e39bf12ea7e40cf8de81418210102c2d1 |
| SHA512 | 480e05680cdcb4d72456228a7a61f2577eb2e412760fce40a5b4066d140d41545110b830851b764ac483a6630dd5ff1e27ba1f95643fa3fcb801eed514ba4b29 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML
| MD5 | b024a04198ed894b334178e411856122 |
| SHA1 | ca7552399eca0ceec6a3dbf393396fade2f5f550 |
| SHA256 | cadbea407cb411d2ed1c47c77536b622eb7d53d4fd3ee3b9897d554298683fe3 |
| SHA512 | 466ef38a6bd49fc816e208b408e5bcc7d366dc7eb9072600ab21510b6e1417894bffeee5ec96f5a0a535d8e541fd505ae3450f2233e5a128bb073394c530e879 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML
| MD5 | 0b0d4b77b1494ca873f4311cc88a9fde |
| SHA1 | e88f8c3100290bbcdc224f4db05a77811726fe90 |
| SHA256 | 60107be66c9efe4d6aa0a3864f71d60b3800c8d6400daa36c05609d099b5f891 |
| SHA512 | 0a2410540f096ebd0464f16681b7375152fe8844ad2fed5fe86b352a61d6c65695051c82a36b77156a79ac633943463739752163d48b26abedf2db2c49ba794d |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AR.XML
| MD5 | dc5794fd7e35debdd2e25f3e22761cce |
| SHA1 | 348034e08eaa9434bcf5713e9880f60bfd33ba78 |
| SHA256 | 15dfcf446deb114d465215cf49907aa5efc5fb8531f97607d50148cb4b680288 |
| SHA512 | 6a9b27a6702e40ef03367ce611716816cc4debac9086983148ff75c4e8656f10ff5edf73e95e18efe9e0ef7b721350e86a20919061d0ce1266258384ef98b1d2 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.TH.XML
| MD5 | 938fcac2676e99d92efee069eacacc37 |
| SHA1 | 575b35480aab9ada77d22f922bc57cb49a7580a6 |
| SHA256 | 9b8747ddedfdcb06f34ca5161281e28aafe3bec2e4b21aa731e17bb46dabc6c1 |
| SHA512 | 515074b8b8c14986ab86913a659ffa007cab07db5c6798ef6a4e12279ad3bf68262ac42ce991ed20a06825a8e5b8d0efc48aca38dad5503178d1dce0ef68c33c |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML
| MD5 | b4052c951a5d5df0482bec08dcd1a1d9 |
| SHA1 | 99f3e0929eabf972e94c276c6423499860202f65 |
| SHA256 | f860ea6cfbfe8ddb3862a09c1b443f3273dac1a4757ce9e7a3b34d46f971ff10 |
| SHA512 | c26450d504e58cdbba0ded009158837855dadd8040b0c05845ee25b540567758c650df3d6b28c3571adff47e39d8ef99b30144250477524a19ab172d0870ef82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bfaa674433d17b8a1e124d9fd51598ef |
| SHA1 | ff43e2a499a3968b06a41a5e86eb1e1be524a158 |
| SHA256 | cf2e66600bac4455d7fce2494f14abef0513c4e082efdcec54f930f7901cf18a |
| SHA512 | f4a49a382dae5037667341b6205f7a095640c01a850031f33cd21b908b0049e409f0e2ddc5de9202625c193d38de1b1a5e8a7bcb155e55c5e826ff4619fdc4bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM
| MD5 | 7d0a27db87cbd4243eacad312e5d7f41 |
| SHA1 | 9b077bbd55fc3718e25dd9b80b89423cd9495633 |
| SHA256 | 8ae7498b01f40e9d2a04df8a8a91cc0b180eb9eb64b78129f59a6d6ab547816b |
| SHA512 | 88ed00f2eba7cc1e53fafddcb74c2c1029f2866c4379816b0c53a6230dd5a06eb33092647b36c90f29ebbb7c705fcb065514977acb06fea4cadd43ae144f73ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | 869482d59b52790359ce6680afc9a8bd |
| SHA1 | 2541ecf08be4a9e42490d8dcdea3207b7dd97f27 |
| SHA256 | 7a0499352b42d2e8b0c8ac12c2ce1b65527d091582f222bf4d0fec05a28ef851 |
| SHA512 | df9f74566f8fc81e2f03235321542e53d763d39187103988f9c47c79e509fe4d5811276cd37a09ab01e62565f469500ce3a73117c5504115aa2155c0ba37ce67 |
C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Form.zip
| MD5 | 1b09d4b3b183d0e78c9627ba6b0f925e |
| SHA1 | fd441ff31ab04f40acc054b90c34bdee299017bc |
| SHA256 | 2555bb5583cd7eecea012833776c74683ce3479d1c1553733366905bc820ea83 |
| SHA512 | 5426ddbc2ee693f1397c0a44ca5c6f1f8b763189326edfbdae4e82157ffa525937f78f0461f9d9b284a4a2491c7b1fe20d887adeb3ab7a07186b46ab6f5f8038 |
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |