3aa7c31ae3996541e7030a866355bb36d5c223578ab00a8c89cb8df998c4610c

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 16:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RefinitivWorkspace-installer_1.22.303.exe
Size

100.4MB
MD5

8c8929e102e7856b1303c1038d8c3c7f
SHA1

fff09360c00331fec2899ddaf1235712d46100b1
SHA256

3aa7c31ae3996541e7030a866355bb36d5c223578ab00a8c89cb8df998c4610c
SHA512

9f3ee663fcab9915ac64ca60e259f405de59b132a90435592d8ac8e15a778a8f9755cd16094387049d2589332a9da5c0072c1724e164a1afd30c8c5c3e18c7c8
SSDEEP

3145728:UKouAED2LF56e5nv99pjybvWDh3ifH9J3o/ERqffK:YE85VhpjWvWcfPocRWfK

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Control Panel\International\Geo\Nation	setup.exe

Executes dropped EXE 5 IoCs

pid	Process
3936	setup.exe
4920	setup.exe
2584	setup.exe
760	setup.exe
1440	setup.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4012	sc.exe

Loads dropped DLL 11 IoCs

pid	Process
3936	setup.exe
3936	setup.exe
4920	setup.exe
4920	setup.exe
4920	setup.exe
4920	setup.exe
4920	setup.exe
2584	setup.exe
760	setup.exe
1440	setup.exe
1440	setup.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3936	setup.exe
3936	setup.exe
3936	setup.exe
3936	setup.exe
4616	powershell.exe
4616	powershell.exe
4616	powershell.exe
4960	powershell.exe
4960	powershell.exe
2076	powershell.exe
2076	powershell.exe
1656	powershell.exe
1656	powershell.exe
3824	powershell.exe
3824	powershell.exe
3976	powershell.exe
3976	powershell.exe
4672	powershell.exe
4672	powershell.exe
1656	powershell.exe
2076	powershell.exe
3976	powershell.exe
3824	powershell.exe
4672	powershell.exe
2828	powershell.exe
2828	powershell.exe
2828	powershell.exe
1564	powershell.exe
1564	powershell.exe
1564	powershell.exe
1440	setup.exe
1440	setup.exe
1440	setup.exe
1440	setup.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4616	powershell.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeDebugPrivilege	4960	powershell.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeDebugPrivilege	2076	powershell.exe
Token: SeDebugPrivilege	1656	powershell.exe
Token: SeDebugPrivilege	3824	powershell.exe
Token: SeDebugPrivilege	3976	powershell.exe
Token: SeDebugPrivilege	4672	powershell.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeShutdownPrivilege	3936	setup.exe
Token: SeCreatePagefilePrivilege	3936	setup.exe
Token: SeIncreaseQuotaPrivilege	1656	powershell.exe
Token: SeSecurityPrivilege	1656	powershell.exe
Token: SeTakeOwnershipPrivilege	1656	powershell.exe
Token: SeLoadDriverPrivilege	1656	powershell.exe
Token: SeSystemProfilePrivilege	1656	powershell.exe
Token: SeSystemtimePrivilege	1656	powershell.exe
Token: SeProfSingleProcessPrivilege	1656	powershell.exe
Token: SeIncBasePriorityPrivilege	1656	powershell.exe
Token: SeCreatePagefilePrivilege	1656	powershell.exe
Token: SeBackupPrivilege	1656	powershell.exe
Token: SeRestorePrivilege	1656	powershell.exe
Token: SeShutdownPrivilege	1656	powershell.exe
Token: SeDebugPrivilege	1656	powershell.exe
Token: SeSystemEnvironmentPrivilege	1656	powershell.exe
Token: SeRemoteShutdownPrivilege	1656	powershell.exe
Token: SeUndockPrivilege	1656	powershell.exe
Token: SeManageVolumePrivilege	1656	powershell.exe
Token: 33	1656	powershell.exe
Token: 34	1656	powershell.exe
Token: 35	1656	powershell.exe
Token: 36	1656	powershell.exe
Token: SeIncreaseQuotaPrivilege	3976	powershell.exe
Token: SeSecurityPrivilege	3976	powershell.exe
Token: SeTakeOwnershipPrivilege	3976	powershell.exe
Token: SeLoadDriverPrivilege	3976	powershell.exe
Token: SeSystemProfilePrivilege	3976	powershell.exe
Token: SeSystemtimePrivilege	3976	powershell.exe
Token: SeProfSingleProcessPrivilege	3976	powershell.exe
Token: SeIncBasePriorityPrivilege	3976	powershell.exe
Token: SeCreatePagefilePrivilege	3976	powershell.exe
Token: SeBackupPrivilege	3976	powershell.exe
Token: SeRestorePrivilege	3976	powershell.exe
Token: SeShutdownPrivilege	3976	powershell.exe
Token: SeDebugPrivilege	3976	powershell.exe
Token: SeSystemEnvironmentPrivilege	3976	powershell.exe
Token: SeRemoteShutdownPrivilege	3976	powershell.exe
Token: SeUndockPrivilege	3976	powershell.exe
Token: SeManageVolumePrivilege	3976	powershell.exe
Token: 33	3976	powershell.exe
Token: 34	3976	powershell.exe
Token: 35	3976	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3936	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 3936	4964	RefinitivWorkspace-installer_1.22.303.exe	93
PID 4964 wrote to memory of 3936	4964	RefinitivWorkspace-installer_1.22.303.exe	93
PID 3936 wrote to memory of 3592	3936	setup.exe	94
PID 3936 wrote to memory of 3592	3936	setup.exe	94
PID 3592 wrote to memory of 1264	3592	cmd.exe	96
PID 3592 wrote to memory of 1264	3592	cmd.exe	96
PID 3936 wrote to memory of 1384	3936	setup.exe	98
PID 3936 wrote to memory of 1384	3936	setup.exe	98
PID 3936 wrote to memory of 4616	3936	setup.exe	99
PID 3936 wrote to memory of 4616	3936	setup.exe	99
PID 1384 wrote to memory of 4136	1384	cmd.exe	101
PID 1384 wrote to memory of 4136	1384	cmd.exe	101
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 4920	3936	setup.exe	102
PID 3936 wrote to memory of 1064	3936	setup.exe	103
PID 3936 wrote to memory of 1064	3936	setup.exe	103
PID 3936 wrote to memory of 2584	3936	setup.exe	105
PID 3936 wrote to memory of 2584	3936	setup.exe	105
PID 3936 wrote to memory of 4960	3936	setup.exe	106
PID 3936 wrote to memory of 4960	3936	setup.exe	106
PID 1064 wrote to memory of 956	1064	cmd.exe	108
PID 1064 wrote to memory of 956	1064	cmd.exe	108
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109
PID 3936 wrote to memory of 760	3936	setup.exe	109

C:\Users\Admin\AppData\Local\Temp\RefinitivWorkspace-installer_1.22.303.exe
"C:\Users\Admin\AppData\Local\Temp\RefinitivWorkspace-installer_1.22.303.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "chcp"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3592
  - - C:\Windows\system32\chcp.com
      chcp
      4⤵
      PID:1264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "fsutil dirty query %systemdrive%"
    3⤵
    PID:1384
  - - C:\Windows\system32\fsutil.exe
      fsutil dirty query C:
      4⤵
      PID:4136
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\setup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1908,i,8266040938987563454,2473680856763921936,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "fsutil dirty query %systemdrive%"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1064
  - - C:\Windows\system32\fsutil.exe
      fsutil dirty query C:
      4⤵
      PID:956
- - C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\setup" --enable-sandbox --mojo-platform-channel-handle=2288 --field-trial-handle=1908,i,8266040938987563454,2473680856763921936,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell /?
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\setup" --enable-sandbox --app-user-model-id="electron.app.Refinitiv Workspace" --app-path="C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2840 --field-trial-handle=1908,i,8266040938987563454,2473680856763921936,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1384
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3976
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4672
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3824
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1656
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
    3⤵
    PID:3396
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /d /s /c "sc query RWUpdaterService"
    3⤵
    PID:228
  - - C:\Windows\system32\sc.exe
      sc query RWUpdaterService
      4⤵
      Launches sc.exe
      PID:4012
- - C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\setup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 --field-trial-handle=1908,i,8266040938987563454,2473680856763921936,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1440

C:\Windows\system32\findstr.exe
findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
25d7ac29d798600ddc5fd880b162958b

SHA1
a2ba91e14155cfa5c26670e17ac606f3f28b0be2

SHA256
3c6d5ecae46dd9f6756e444bc51635cdd9696f3ed9fe0601cf41059a04085f88

SHA512
d91a9028c0fdf3761edbccddaa460573281b7d390efc7dfe3ebef46ce5ede53d36a7148c523e312b5daedc91c11cdb2cc8d0f8b475339cd35dba044595778d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
a26df49623eff12a70a93f649776dab7

SHA1
efb53bd0df3ac34bd119adf8788127ad57e53803

SHA256
4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245

SHA512
e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
28c65370f12e84b734af87ad491ea257

SHA1
402d3a8203115f1365d48fa72daf0a56e14d8a08

SHA256
4ea873fb3d77a2f8eefae82c943f621f16723516e181bde133568f8f0c91290c

SHA512
56eb34162b0a39da4aaf66aad35ef355a7709982b5060792e3b4849c36650725176e927815537ec58e7ddf0fb1763066b203d6b7f9d1b3dd2c8bc091c0c850cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
28c65370f12e84b734af87ad491ea257

SHA1
402d3a8203115f1365d48fa72daf0a56e14d8a08

SHA256
4ea873fb3d77a2f8eefae82c943f621f16723516e181bde133568f8f0c91290c

SHA512
56eb34162b0a39da4aaf66aad35ef355a7709982b5060792e3b4849c36650725176e927815537ec58e7ddf0fb1763066b203d6b7f9d1b3dd2c8bc091c0c850cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
57f53c9c19496529a31ac5f2c980052e

SHA1
fac4d6fdb13b0409cc08cfb096c80cb977b9900b

SHA256
a45498ccb15e37f21c29183adbcc7f43925078dc1592ff4b24a8f0d8275015f6

SHA512
e8f17f33a6a3808881d6023586a43a5ef33370bc3771c716313eeef401259ff647cf59c4ef5eb10f1fefae174cd1b72e2eb1242c1fb8147f16ea5c6accd053b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
a9e48e682694f819878cc84dbc3f4daf

SHA1
5e036e23852e80b22d23ae85f45ec42f9f0ca228

SHA256
5cc6deb57cdc37481e563d4499de102a4f9a023c69a42afab947a21651bc9761

SHA512
aed42da56d19e35629e8b714036acd4332960f197fd85b6df50355d3cd742762b026e43006603a5262c346bab309d4a4c12dd320804482156d8b239e70aff433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
547cc6e8442a89f6a5aa1efe966de1b5

SHA1
9ed53776a975821a2ec4736bc0590c1340bac4f8

SHA256
f0d07d371970681c1cd91630d5d8ffad34e569fb9e52000b5537ef206cbb9146

SHA512
d340c9d09966c73f3f14a0dcdd5e0e081d3a1e849a5bae7e1ca70326da3807e649f4c1925019e7b4f091a123887803c833b0bcfc8f16ae5a236e4510965abe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
da1cc86e395910962d8dd1aef7877a27

SHA1
aa9746f2afae6919e90aad2c52364ab63bcc00ee

SHA256
0242de71a315395b1334090a4fbd25622f70da5b3ebd6fc152f19664ec2e470b

SHA512
b757c672a7d72296196b3efac1de308ab11811ae416659630fec7d8da398c13e87d52b31764d9858c47dba116beef60e9e777a955961c6b31b20ed2306e1be04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
da1cc86e395910962d8dd1aef7877a27

SHA1
aa9746f2afae6919e90aad2c52364ab63bcc00ee

SHA256
0242de71a315395b1334090a4fbd25622f70da5b3ebd6fc152f19664ec2e470b

SHA512
b757c672a7d72296196b3efac1de308ab11811ae416659630fec7d8da398c13e87d52b31764d9858c47dba116beef60e9e777a955961c6b31b20ed2306e1be04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
8a507aaf17299b70ed7ad6b7e583eecd

SHA1
245d602516d0aa759ff5274614769d15170f729b

SHA256
fa60b9a0adb0fe87b44d50c72fe5fd4eea7944fefe4ab9407ba68ad99d1f0ac1

SHA512
7a613211eb237fe061c125233a3adc3cc1b8fd12ed719ee61f79998b8d4e7587127a2401098bbc65ec198159b4387aec2046d1a2b7297dc7272bd8ddcd8b28c4

Download Submit
C:\Users\Admin\AppData\Local\Refinitiv\Refinitiv Workspace Install Logs\Install.20230718.170234.p3936\main.20230718.p3936.log

Filesize
1KB

MD5
ddc3aa95a2b5d7c5d1861f5df4a3c7f1

SHA1
61bc315f2c01ec8a691b0f61af320533036933a6

SHA256
f56527b693cf2f0a1b2062653f218d77686a907876c07e350957fa5da2f87551

SHA512
a3aa367c07a009bcd8dacc798339c89dafa7f62460ca40df859f48c8e88c6292d75e606fc095c24716cf13ad00b92be937a1ea90598c9cea98f74e158d1b26a1

Download Submit
C:\Users\Admin\AppData\Local\Refinitiv\Refinitiv Workspace Install Logs\Install.20230718.170234.p3936\main.20230718.p3936.log

Filesize
1KB

MD5
14ee46406be7fc095c40c56552f31d26

SHA1
1489024ba3083946f2860bd877f8ac142ff490bb

SHA256
dda90e39d9af6fd1337f7f1096f1ea772ba35d91345e1f01709cf68cac40789b

SHA512
b3247c89adce1f2fd788ab6c635cfcabdaa41821278619340a6bf77827c4488ee7714204cf2c002f54082095b954e063476cc7b6092c825cac39ecd44f8e8dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\D3DCompiler_47.dll

Filesize
4.7MB

MD5
62a89e7867d853fee9ad07b7c9d64379

SHA1
944a53602492187308352103d80ff27af1093abf

SHA256
d412909f1b597045b856caecedfc677eb4708af00e5b70788a01fa6af49c09d9

SHA512
7f66bf278222bf1079a3695ad55086ccc7d8b05d7db4f9a5bcbfe4ac8d82bc1a618b1c6dc675da61d47f48fce2b0670ce6f66db63e79e232604304cfc629d6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\d3dcompiler_47.dll

Filesize
4.7MB

MD5
62a89e7867d853fee9ad07b7c9d64379

SHA1
944a53602492187308352103d80ff27af1093abf

SHA256
d412909f1b597045b856caecedfc677eb4708af00e5b70788a01fa6af49c09d9

SHA512
7f66bf278222bf1079a3695ad55086ccc7d8b05d7db4f9a5bcbfe4ac8d82bc1a618b1c6dc675da61d47f48fce2b0670ce6f66db63e79e232604304cfc629d6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\ffmpeg.dll

Filesize
2.7MB

MD5
780ee77453af18ddc9bf9b799731b55d

SHA1
7c93b29443010f10898b3ab34734022864a5a4f3

SHA256
fb7aa645437e172d1b789ddb03bf359551c45d4006a02c18fec6e2e3b3c089e3

SHA512
10d9844ccd38c018c1850565b615a29815538ca4a32111c1492e41e340d9358a482bc403483d4acd582dcd8ce40cd7b4c0711fbb3b62afece127ce2119d3d775

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\libEGL.dll

Filesize
479KB

MD5
fe8703a253a5c7410a6d77458c750152

SHA1
7833f4c1e4a21e5f4af61a4aadb32f1cc122bbb2

SHA256
545544c4240fa8225015ac9b88cdb4475acc0fe16129040690bd65e6d81d4132

SHA512
13763d474e2ffc56251b62327a018072e9cd47b6ebb2f0eaa05d5251a702a88958d1229de2a20f236b1b12a62c9d00f6e91ccff597730322f22df28dbe826b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\libGLESv2.dll

Filesize
7.2MB

MD5
35db68d60755a992249d2ccb4a4f6bbb

SHA1
fe6d9210f5909922fdabfc6060d501e1658a6430

SHA256
82b108bd57a4351d76886181db687a83d3bea1ff25884bc932c0b6fd0ae9c4a4

SHA512
ac5b61b06501205b52dba0a1d27b4b2ac2878909e54f64f6ca5d4aecf3f3a8c064c59f6b3cff14756d83d49a746704186b7b2c16554dd1c527f884d616baa130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\libegl.dll

Filesize
479KB

MD5
fe8703a253a5c7410a6d77458c750152

SHA1
7833f4c1e4a21e5f4af61a4aadb32f1cc122bbb2

SHA256
545544c4240fa8225015ac9b88cdb4475acc0fe16129040690bd65e6d81d4132

SHA512
13763d474e2ffc56251b62327a018072e9cd47b6ebb2f0eaa05d5251a702a88958d1229de2a20f236b1b12a62c9d00f6e91ccff597730322f22df28dbe826b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\libglesv2.dll

Filesize
7.2MB

MD5
35db68d60755a992249d2ccb4a4f6bbb

SHA1
fe6d9210f5909922fdabfc6060d501e1658a6430

SHA256
82b108bd57a4351d76886181db687a83d3bea1ff25884bc932c0b6fd0ae9c4a4

SHA512
ac5b61b06501205b52dba0a1d27b4b2ac2878909e54f64f6ca5d4aecf3f3a8c064c59f6b3cff14756d83d49a746704186b7b2c16554dd1c527f884d616baa130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\resources.pak

Filesize
5.2MB

MD5
b952602c6366ba388529c93f42758123

SHA1
bf9b75f02d9b5e7e01c0b3b4a907bdd027ce37dc

SHA256
2dcb4e8d8a5c50689574c3624a6112f908a50d029f1e51ab9488e768bc3b9757

SHA512
de9c3f693f52dda8b1100e5dc35052cdfdcf0a5771c5c7d1c0d7ff18922f7a4a4c4b773ead41354849d07879957fe464efa5780f045d0907fefcbfc3917087ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\resources\app.asar

Filesize
23.4MB

MD5
e535ae2a900c1db8b6c5a7eb9f5a909f

SHA1
16420931fa925cb9d9018eb2ac954ccca31a5e4c

SHA256
a19295de91a8bb1323e54ea450a69ddba74dc529dbc9289b1836b578d768ab8c

SHA512
78d054cf4eddfc359c5a4f478a59276a3b79894fb4bfdfd6d9208b02e445f24c1317d84fd031b4382cac33921e3af1053af1ee6ee8758495cf5e9da3f87ba60e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\resources\versionInfo.json

Filesize
43B

MD5
87264dffd4c53decd614a92ed211089e

SHA1
833410c933da6d723f4326a48ce86ec320594238

SHA256
e814cb7f36305abce7df7f37e2bbfa1f5c105886889c949ff6dedb3fce2be274

SHA512
7f60d6ef77cce1db35573528ee054f12bcc0b1391ce32e33dc50bcb1faf0048ddac3e409f82cf98d0b866de607ebb3889f13b3d452ba39099cd0861545918ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
154.6MB

MD5
1b5c2c823604ee833990163f2625e46b

SHA1
b84e2bf5d7fb623c07520b33da6580d8685f9f91

SHA256
14f9b0e7b60adb24d99f1dc82559c88456d9512340927c34a8f536d2c9d31995

SHA512
902a76980f400e7d38ec458d20bcd8b03e8fd78bee763f3c9d79717b435fbeb0bbf8b8faabb01390702bebd03293dc8a3d2030aab4882cb7646acefa90730fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
154.6MB

MD5
1b5c2c823604ee833990163f2625e46b

SHA1
b84e2bf5d7fb623c07520b33da6580d8685f9f91

SHA256
14f9b0e7b60adb24d99f1dc82559c88456d9512340927c34a8f536d2c9d31995

SHA512
902a76980f400e7d38ec458d20bcd8b03e8fd78bee763f3c9d79717b435fbeb0bbf8b8faabb01390702bebd03293dc8a3d2030aab4882cb7646acefa90730fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
154.6MB

MD5
1b5c2c823604ee833990163f2625e46b

SHA1
b84e2bf5d7fb623c07520b33da6580d8685f9f91

SHA256
14f9b0e7b60adb24d99f1dc82559c88456d9512340927c34a8f536d2c9d31995

SHA512
902a76980f400e7d38ec458d20bcd8b03e8fd78bee763f3c9d79717b435fbeb0bbf8b8faabb01390702bebd03293dc8a3d2030aab4882cb7646acefa90730fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
154.6MB

MD5
1b5c2c823604ee833990163f2625e46b

SHA1
b84e2bf5d7fb623c07520b33da6580d8685f9f91

SHA256
14f9b0e7b60adb24d99f1dc82559c88456d9512340927c34a8f536d2c9d31995

SHA512
902a76980f400e7d38ec458d20bcd8b03e8fd78bee763f3c9d79717b435fbeb0bbf8b8faabb01390702bebd03293dc8a3d2030aab4882cb7646acefa90730fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
154.6MB

MD5
1b5c2c823604ee833990163f2625e46b

SHA1
b84e2bf5d7fb623c07520b33da6580d8685f9f91

SHA256
14f9b0e7b60adb24d99f1dc82559c88456d9512340927c34a8f536d2c9d31995

SHA512
902a76980f400e7d38ec458d20bcd8b03e8fd78bee763f3c9d79717b435fbeb0bbf8b8faabb01390702bebd03293dc8a3d2030aab4882cb7646acefa90730fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\setup.exe

Filesize
116.2MB

MD5
1c6b38087e1aa9d34275293aeca88081

SHA1
25b687d4ac297f26f4d3bea1abde5d622acb27e8

SHA256
79235148f7c4473c8a9315f8eb13bae784d2d040c3a2af29ca08d192e1b04587

SHA512
ea13eafa71319d468602b76bfcb58e504d66288780cd33186ab07365b7a4af8f4a474cf8f532f837e1a69c9c664c3e690f8bacda548dd4ba3394644957f0eb2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\v8_context_snapshot.bin

Filesize
465KB

MD5
a373d83d4c43ba957693ad57172a251b

SHA1
8e0fdb714df2f4cb058beb46c06aa78f77e5ff86

SHA256
43b58ca4057cf75063d3b4a8e67aa9780d9a81d3a21f13c64b498be8b3ba6e0c

SHA512
07fbd84dc3e0ec1536ccb54d5799d5ed61b962251ece0d48e18b20b0fc9dd92de06e93957f3efc7d9bed88db7794fe4f2bec1e9b081825e41c6ac3b4f41eab18

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\vk_swiftshader.dll

Filesize
5.0MB

MD5
cc942f8a26e446632795d3637279195e

SHA1
7315b6fd3f5d6aa2dbbf0a1ce8048b0aebc7b578

SHA256
5c6068debba430fe738a268c142650806a5d3898ee0a1cc37c2158568ddcbada

SHA512
dcf10ead6b32ab66f544050804def5098c2193fbed11b03dd9a24732fe81f68d10d3cd82766c5e0cf675dae3554d3760980fe3b0c3fc81e846ada94c9ea43193

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\vk_swiftshader.dll

Filesize
5.0MB

MD5
cc942f8a26e446632795d3637279195e

SHA1
7315b6fd3f5d6aa2dbbf0a1ce8048b0aebc7b578

SHA256
5c6068debba430fe738a268c142650806a5d3898ee0a1cc37c2158568ddcbada

SHA512
dcf10ead6b32ab66f544050804def5098c2193fbed11b03dd9a24732fe81f68d10d3cd82766c5e0cf675dae3554d3760980fe3b0c3fc81e846ada94c9ea43193

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7A923364\installer-RefinitivWorkspace-win32-x64\vk_swiftshader.dll

Filesize
5.0MB

MD5
cc942f8a26e446632795d3637279195e

SHA1
7315b6fd3f5d6aa2dbbf0a1ce8048b0aebc7b578

SHA256
5c6068debba430fe738a268c142650806a5d3898ee0a1cc37c2158568ddcbada

SHA512
dcf10ead6b32ab66f544050804def5098c2193fbed11b03dd9a24732fe81f68d10d3cd82766c5e0cf675dae3554d3760980fe3b0c3fc81e846ada94c9ea43193

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kn2dicrf.spc.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\d42387b8-405d-4372-9306-ba46fcec2787.tmp.node

Filesize
500KB

MD5
5a6c529ffd022eaf4e074f036b4eecee

SHA1
fb246c9075edda67244435977a121d0ff68ff317

SHA256
cec39ddd9d1153f2da50c379d4fe0fc7d0174c96d90185aa1378f604ace401d8

SHA512
73a8b48747ab5b1a5d9287006ce31ab5ab7acd5a476098c70527b6c9bc6f888be8e7cac2be38833190240aced90e8eedb657631cf8259722f3b2f2d1fa57a192

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\setup\Network\Network Persistent State

Filesize
379B

MD5
b78daf5ae0e1e086f9875a385fca7274

SHA1
8b2fb9448ef4555ba310dd301e6ec03b2d610e86

SHA256
91075eca758b0b9298585894795fe124b16b954ed49a07c7fc934a9360f503c3

SHA512
3a794cfa7cfa44444c2f274db69f37211afc7280fff88e965647f29a701d34926fa729c2ebc3b9781072a2dcb4ec546a5ad2701b4e4b007c7ea16ea7f4b244fa

Download Submit
C:\Users\Admin\AppData\Roaming\setup\Network\Network Persistent State~RFe58ff99.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/760-475-0x00007FFB2ECA0000-0x00007FFB2ECA1000-memory.dmp

Filesize
4KB

Download
memory/760-464-0x00007FFB2FF10000-0x00007FFB2FF11000-memory.dmp

Filesize
4KB

Download
memory/1440-710-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-712-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-717-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-721-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-720-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-711-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-719-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-722-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-718-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1440-716-0x000001EF8BB00000-0x000001EF8BB01000-memory.dmp

Filesize
4KB

Download
memory/1564-673-0x000001D8FC2C0000-0x000001D8FC2D0000-memory.dmp

Filesize
64KB

Download
memory/1564-672-0x00007FFB0FF60000-0x00007FFB10A21000-memory.dmp

Filesize
10.8MB

Download
memory/1564-679-0x000001D8FC2C0000-0x000001D8FC2D0000-memory.dmp

Filesize
64KB

Download
memory/1564-685-0x000001D8FC2C0000-0x000001D8FC2D0000-memory.dmp

Filesize
64KB

Download
memory/1564-690-0x00007FFB0FF60000-0x00007FFB10A21000-memory.dmp

Filesize
10.8MB

Download
memory/1656-556-0x0000024547060000-0x0000024547070000-memory.dmp

Filesize
64KB

Download
memory/1656-640-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/1656-608-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/1656-555-0x0000024547060000-0x0000024547070000-memory.dmp

Filesize
64KB

Download
memory/1656-611-0x0000024547060000-0x0000024547070000-memory.dmp

Filesize
64KB

Download
memory/2076-552-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/2076-627-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/2076-553-0x0000022DFA370000-0x0000022DFA380000-memory.dmp

Filesize
64KB

Download
memory/2076-554-0x0000022DFA370000-0x0000022DFA380000-memory.dmp

Filesize
64KB

Download
memory/2076-612-0x0000022DFA370000-0x0000022DFA380000-memory.dmp

Filesize
64KB

Download
memory/2828-650-0x00000120456C0000-0x00000120456D0000-memory.dmp

Filesize
64KB

Download
memory/2828-648-0x00000120456C0000-0x00000120456D0000-memory.dmp

Filesize
64KB

Download
memory/2828-647-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/2828-662-0x00000120456C0000-0x00000120456D0000-memory.dmp

Filesize
64KB

Download
memory/2828-670-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/3824-615-0x0000016AA2CC0000-0x0000016AA2CD0000-memory.dmp

Filesize
64KB

Download
memory/3824-623-0x0000016ABB490000-0x0000016ABB4B4000-memory.dmp

Filesize
144KB

Download
memory/3824-649-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/3824-577-0x0000016AA2CC0000-0x0000016AA2CD0000-memory.dmp

Filesize
64KB

Download
memory/3824-567-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/3824-622-0x0000016ABB490000-0x0000016ABB4BA000-memory.dmp

Filesize
168KB

Download
memory/3976-598-0x00000264A7950000-0x00000264A7960000-memory.dmp

Filesize
64KB

Download
memory/3976-645-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/3976-596-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/3976-597-0x00000264A7950000-0x00000264A7960000-memory.dmp

Filesize
64KB

Download
memory/3976-616-0x00000264A7950000-0x00000264A7960000-memory.dmp

Filesize
64KB

Download
memory/4616-512-0x00000160343A0000-0x00000160343B0000-memory.dmp

Filesize
64KB

Download
memory/4616-514-0x000001604E710000-0x000001604E754000-memory.dmp

Filesize
272KB

Download
memory/4616-444-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/4616-446-0x00000160343A0000-0x00000160343B0000-memory.dmp

Filesize
64KB

Download
memory/4616-544-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/4616-452-0x000001604E1E0000-0x000001604E202000-memory.dmp

Filesize
136KB

Download
memory/4616-533-0x000001604E7E0000-0x000001604E856000-memory.dmp

Filesize
472KB

Download
memory/4616-445-0x00000160343A0000-0x00000160343B0000-memory.dmp

Filesize
64KB

Download
memory/4672-617-0x000002021E840000-0x000002021E850000-memory.dmp

Filesize
64KB

Download
memory/4672-609-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/4672-610-0x000002021E840000-0x000002021E850000-memory.dmp

Filesize
64KB

Download
memory/4672-631-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/4960-516-0x000001F118520000-0x000001F118530000-memory.dmp

Filesize
64KB

Download
memory/4960-515-0x000001F118520000-0x000001F118530000-memory.dmp

Filesize
64KB

Download
memory/4960-513-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download
memory/4960-534-0x00007FFB0FE40000-0x00007FFB10901000-memory.dmp

Filesize
10.8MB

Download