Analysis Overview
SHA256
d13931f71eab276603a9481b49b920c18ef418d3272241ad622dc73ada992d0b
Threat Level: Likely malicious
The file e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Adds policy Run key to start application
Executes dropped EXE
Loads dropped DLL
Deletes itself
Checks computer location settings
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 23:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 23:51
Reported
2024-04-06 23:54
Platform
win7-20240221-en
Max time kernel
55s
Max time network
154s
Command Line
Signatures
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\windows\alg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass = "C:\\windows\\alg.exe" | C:\windows\alg.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\alg.exe | N/A |
Loads dropped DLL
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX8FBC.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\alg.exe | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe\Updater6\alg.exe | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\RCXB262.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXE51C.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Google\Update\Install\{D9005A2B-BC2A-4153-8911-AE3B3F543790}\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX8F4D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXE49C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\RCX9172.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\alg.exe | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Internet Explorer\ExtExport.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\Source Engine\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\RCXE933.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCXA4A9.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX8F7C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\EQUATION\RCX926C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\Install\{D9005A2B-BC2A-4153-8911-AE3B3F543790}\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\RCXA38D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXE54C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\Install\{D9005A2B-BC2A-4153-8911-AE3B3F543790}\chrome_installer.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Internet Explorer\ieinstal.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX7580.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXE43D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXE40D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX766D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX75EE.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RCX764D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\alg.exe | C:\windows\alg.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118.exe"
C:\windows\alg.exe
"C:\windows\alg.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\E394FA~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\temp\*.* /q /s
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
Files
C:\Windows\alg.exe
| MD5 | e394fad5222cb7aa3d076402b99b37f9 |
| SHA1 | 3a26acae79ade36db50d5e6e1eb25011dbf64da4 |
| SHA256 | d13931f71eab276603a9481b49b920c18ef418d3272241ad622dc73ada992d0b |
| SHA512 | 9cf5b848deae580e16a83d4a1b18e611d6a31ddad78661ce2a7bf17eac0ca2bcc8cec22e68a77de380fb865b82598902f9259f81f8e4e063e6f1ef6bde785aea |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | 9d10f99a6712e28f8acd5641e3a7ea6b |
| SHA1 | 835e982347db919a681ba12f3891f62152e50f0d |
| SHA256 | 70964a0ed9011ea94044e15fa77edd9cf535cc79ed8e03a3721ff007e69595cc |
| SHA512 | 2141ee5c07aa3e038360013e3f40969e248bed05022d161b992df61f21934c5574ed9d3094ffd5245f5afd84815b24f80bda30055cf4d374f9c6254e842f6bd5 |
\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | 4d92f518527353c0db88a70fddcfd390 |
| SHA1 | c4baffc19e7d1f0e0ebf73bab86a491c1d152f98 |
| SHA256 | 97e6f3fc1a9163f10b6502509d55bf75ee893967fb35f318954797e8ab4d4d9c |
| SHA512 | 05a8136ccc45ef73cd5c70ee0ef204d9d2b48b950e938494b6d1a61dfba37527c9600382321d1c031dc74e4cf3e16f001ae0f8cd64d76d765f5509ce8dc76452 |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
| MD5 | a41e524f8d45f0074fd07805ff0c9b12 |
| SHA1 | 948deacf95a60c3fdf17e0e4db1931a6f3fc5d38 |
| SHA256 | 082329648337e5ba7377fed9d8a178809f37eecb8d795b93cca4ec07d8640ff7 |
| SHA512 | 91bf4be7e82536a85a840dbc9f3ce7b7927d1cedf6391aac93989abae210620433e685b86a12d133a72369a4f8a665c46ac7fc9e8a806e2872d8b1514cbb305f |
\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | c87e561258f2f8650cef999bf643a731 |
| SHA1 | 2c64b901284908e8ed59cf9c912f17d45b05e0af |
| SHA256 | a1dfa6639bef3cb4e41175c43730d46a51393942ead826337ca9541ac210c67b |
| SHA512 | dea4833aa712c5823f800f5f5a2adcf241c1b2b6747872f540f5ff9da6795c4ddb73db0912593337083c7c67b91e9eaf1b3d39a34b99980fd5904ba3d7d62f6c |
\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
| MD5 | e84927bc7e4bef6af8daf8640d95325e |
| SHA1 | 796cfbd54995d1340e3bdd9329e6d165af8c3859 |
| SHA256 | 7744d4c0da090157809e65259fb2682e8149b3fcf64a055607ab04f0cb732ea6 |
| SHA512 | dd8c9e848100b8c67f8ac5a01e76bc11843e36824d501eca797c9560b0c99a1349ede26e5da0f57a1c66c817d0caf99284dbf968e9f5df442a7c64c88dffb261 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
| MD5 | 55e392d1bd55a1292b6ce766225416e5 |
| SHA1 | 06d8134a3002e6974407fb5da0a59ab43415a52a |
| SHA256 | db42cb95904cfc6891df2aa736506fb34a26cf9a26e88ab0ef262e0459344a3e |
| SHA512 | 0c55062cf8debbdf1a7a4f41527e43cd124fb7777e9b930de9cc900abf9c27a1956a536200e23dddc9a4068ac5bc9a8052299a4f2cf010cffd205a32d99581a2 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
| MD5 | e16dd9faeca97b4c185426e5672becba |
| SHA1 | f32087a346bcc58dedcfe1bc32f221d486a385c7 |
| SHA256 | c21bfc263890f02763f56b4e9f5cf9113656cf09d7864b53ec2fd2024bdadd60 |
| SHA512 | 582180e0c7b35660114d5b1d4d5c92d75615321a74d160c2c7bc92b91a2c2b7ed758d63e2bbbdb1658992da6fe7ac546d7f4ea9a6c73a4a503989ea6e1a22d6a |
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
| MD5 | dc6311fbfd49f41fbf35860a30e68355 |
| SHA1 | b08b15be412e843acaf7ad5e6df0ef1e8bdb465c |
| SHA256 | ffdf81680522029c2eb578a9f442fd9692900a5c782c711e35203fb2d25620ba |
| SHA512 | 5e2938f5a8396154928a7d093db3843d73497cea4f49c0f1b77e3aac6e29d1db7f0ad4518587c336f0dfccb67ff33aac8e12afa70503504c5d8d46d12a86e453 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe
| MD5 | 6ff84be315cfafbbdf36aa01af8389e7 |
| SHA1 | 2c550a4059ac331f5f5c9d3f218e0f6184aa27c9 |
| SHA256 | 47c67c1c88ceaee3cf1667bf956a3e11a84dea2f7c2afc634777aa5f1bf65c76 |
| SHA512 | 72498b009573a9cc9b5554e61d56b68f273682bfa2e13808f4abd5b2171aa59dd4a64bd9f68a3a416cfaceacb0041df918d8a84f28a5fa7f204fc562c5b6b174 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
| MD5 | cca0c5482b8a6a275d9d49433f435dfa |
| SHA1 | a72ae8621386e13c34055f612ae7612b8a18a39e |
| SHA256 | 6ea08bbcedf7cb51cfbe4896ef8c589a4568b1d5240265b1dcfda83dc8b55365 |
| SHA512 | b88f5cdb4bc08429ca40d24cef490128d341e10615d1d93d084b3247c2b28573d177d878c1385d3941e16a8bcc8a9f6b7870c152f4a43d02e69c05defcc9196e |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\alg.exe
| MD5 | 46f55d8b10db5301ef18aca673a3195c |
| SHA1 | cc3bb971866ea08d17fbeab2a3c4ee972261df67 |
| SHA256 | eb10846a56e2d1b191a505b6bbc1d75786ebd33830a7946d547f69c25e252ced |
| SHA512 | 44345d274b3688f28c05c6448542b30cfcde67335191fb7900e1f91a1b040f005148b452c441dd952da921d1c6abc9fdc850fbf4aed1f9c9a7b25c7dbe95b159 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
| MD5 | 713a30695b671b6e3b19b7d09f9d8409 |
| SHA1 | 83916537c86d7dc1043c752f195f04fa42813afe |
| SHA256 | 6b42e2e9822b99f5f13a6d1f639fa64cc93001266ceb7a7d342da1bce84d5c08 |
| SHA512 | a450c691e0c8d16519b418b366a260360a57e8511c6975f2e3029c41f30a68d83448126c3d57c9fb36b3a44e839d4bbcaa73e0adfe305a71e04def2fd990cbf7 |
\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
| MD5 | 69b16c7b7746ba5c642fc05b3561fc73 |
| SHA1 | 83d80d668dca76b899e1bf662ddee0e0c18ac791 |
| SHA256 | 0deceb6b1b7a2dd1f13133ac7328ff420dad4610cee1fa7466e8e0f6baa39116 |
| SHA512 | 6b8eebcfe5b04141640047fe468371ad02bb115ee9ef00260c0b33cfd56b142c2e01b3b1c6f07281aa57b1f3b9fdb1f1082fe5620f88a57b92d8f547267ef154 |
\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe
| MD5 | e5b38b9828293047f0352f7a38a22fb1 |
| SHA1 | 681311628ac93f84371b2a069fa220dc89a3f672 |
| SHA256 | b85aeeaede189d9f56c843281a492cd8ada329f0b5b8b03d5a813eba3a290b61 |
| SHA512 | ed3e369451b938a556fb561afd6fd3ff5cfc93e386b035014fd4824a808f1e92e6d095ab33c340e6cd64ee00122fbd882abbcf0e15f3ffdb29a4fb9febe42920 |
\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe
| MD5 | 27f8ebbdef6e8fa26f02d74263610729 |
| SHA1 | 2ecce90a5b5661dbae6cfb890443cf8d47f052bb |
| SHA256 | 9feda23e175fa401fccd34614e2c3afde740c2ebab9a8fbc710fb9d08b712829 |
| SHA512 | 71884b8e1d7042813f9ea6813565807cfe7b57b7c2d838ebf90ec2f34ab2a6acb36458d0e5b7f8a2bb07f03cbfd9cb145dfc72dae1658d1c514ef18a025c9a28 |
\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
| MD5 | 34c4db669b76a662c5fa7c199e4f7519 |
| SHA1 | b047730ff73cbb63a540a2a0cd4e632ad594bbc4 |
| SHA256 | 5a9619856991c1184c789d732f7c597cbe8d0add0732660a4ba358c6a3f258f8 |
| SHA512 | da596adb60d4c5ade81b196cc4277c3bfd523e70d72ed2f27d4426833f72182a99fa4bc8f069805deac958e65a4ebed7f43919853fc5fdc5b91a6e62089f2c09 |
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
| MD5 | 5e9d2fccad3b9edbc0a8ab0fe1e5e510 |
| SHA1 | 4f74227b71e570f57e0bf611de8fe2b73cd3aba3 |
| SHA256 | ba7cd3c2ef37746576ea934fbbfe6ce0f659977f604cb6528e642e6d82e60ff7 |
| SHA512 | 8e5ae33075564851f1534767558b1be79894858a912e5f53b00c98ad38e46bcdd17e225e32acea78b634221b506a312185ea155faaac976642c6fc8ed352f035 |
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\RCX8F7C.tmp
| MD5 | 9ed832a67586bb7f36bd246b2b327e40 |
| SHA1 | f28d26c6792489a7e0e57b83e98224d688e198fe |
| SHA256 | 94ba2d9f93b77588bc2da431651a8ff20e11cb306d18d589a20ca0cd8d232653 |
| SHA512 | bbd71fb0dd458bbf9480f288089852fe59ff7c64af587c0ef3b0c1439a386b6763159d56f00c5bd3854db135bf68d4a1ab18e341c532404ecd3e1cd05956df97 |
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe
| MD5 | d598a0818ec112074e4ecadb7fd83414 |
| SHA1 | a7154846b004135ba3e95e1e175d08bc9aab2e60 |
| SHA256 | d8fdda58db1a84ff2868d0d24bda9d9b496347a35008225f15c6599aa2f1c4bf |
| SHA512 | 5cd13c6b4247854a65f7322eafcb06d82c574384dc996be3bb3ab8f185818334acf6858e90136a321664543f3eb9d1b0419513ca254e4ed32959489653357240 |
\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe
| MD5 | 9c5b124efd76128d26d3bcf85a3f2092 |
| SHA1 | 6f4a3a1b7d4fb47aba5b1c1bfc151f6eb8d2b3b0 |
| SHA256 | 5fa546e912a3fedea19477ba68bb127cd2867170a2bdb831b78549c6190d55b9 |
| SHA512 | ca13ada6916ac4b5277cb7684a05ae2d36e61e3a5dd425cdcce34b8461b2337aa9c81fde1e08d9f6d24066f103bebbf135c6f66ac76bb2767eabc93f2e47f7f3 |
\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
| MD5 | a87236e214f6d42a65f5dedac816aec8 |
| SHA1 | 601f4e8cd6b1c5fcd8f0be4acf01a08261a07b94 |
| SHA256 | 3c4a68070f3d7f14e488ae4f7ede8e7add0f8029995dc800833126ca062a2c6c |
| SHA512 | 5db8f065c02ac6a014ee407e3d64ae68fc9c9ae814532e58ea3aa27491baed8a15b5b1f90369eff37fb399c0ee96a92b3640110e3730084d3f0687734c41cf18 |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE
| MD5 | 55d4acd4b1f8c060e4e880c213e5eb79 |
| SHA1 | c902866e5a10554e44b4e743ceabd5d687a51484 |
| SHA256 | 7a7f3d1d777a49848bb8e4e344b7e6d75819345b4fe27b8ebf836618a8ad8d73 |
| SHA512 | b60cc303c2324ab7d93b8afa479a868d98ea117968f4d7233c27f5c9856f266e245324634548daadb32b9b9affab1e2530fdf9bb8248281f2fb671153f334bda |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE
| MD5 | 37cd4ed547914384c817aed45b50b8a4 |
| SHA1 | 20c7daf067634dda7e1255e7ae3ef934d1fb1522 |
| SHA256 | 7021a2b725aecbe925986bdb969f016b0c5f9c7a42301182acb351a1db66c19f |
| SHA512 | 64e535f3f91656d726896abc3d5a50782f38cbad30d17da810b113da24e7ed7b2a5ffbf85247859854264ca6da66458d9d4622f088b98e6a881afc3726199e19 |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE
| MD5 | 66c88b6782b844bc169c7f792936c0e1 |
| SHA1 | 50cf028b05ede61c89d4fb3fde4caaae8b1a94ff |
| SHA256 | b13d6112575cfcebd36ed20222b95c3869e7d292d36fef126324be8f29002a7f |
| SHA512 | 7e7825848ed26c5c04a61951139fc8c1ccc3f916f6c3616287a5fe707b59fd8f272bf0b30dd776632d7d8620217964e1a1b5381cfc7fdb6c2e8c45b829cbfcab |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE
| MD5 | 6ed32d3206c69fd9a591976e64003b18 |
| SHA1 | 8e8aa84fa47579326aff29113db6b0e825d3f947 |
| SHA256 | 542a9b77fe0f2adc61d3d2323d046256cb8227e09f337ff7355c489165e95e9f |
| SHA512 | b612a732ad3175c1060a8e9e92ac3f5fe80fbfaf3e32a73b956b1f3b10ad0470df875fce8615b8affdffa3df17eed6d1bda9b27bae5d0ffbf9d4e4b37770494e |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe
| MD5 | 015751930f57a169f41b4142869cd139 |
| SHA1 | 6690556f3cb5677a4d35fba7bd6c3f6c9d0f6761 |
| SHA256 | 23e40ab5500599c794559e6b02ca1a63c436544ba576089e6c13c8759fbaece5 |
| SHA512 | 740882f2527047ae8c473a038e2ab3179672e0eda7ba06d35034dfb3d7e686f10580f80d86e3553ea9870ee89fe34177d2b4f2f6f2557a6e583e9163c03c5ebe |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
| MD5 | d63cb47f665ff3caa0cd0db21b50345f |
| SHA1 | 7a8b5c9a9b2dcf08a0622f3475f0fc486dc8ecd0 |
| SHA256 | b237f60afbf0ff3680d68b673b4f06072249fce099f943dc731e0cccb4437576 |
| SHA512 | 830c4820393557adcae93e625aec760130bb569b3eb3255338dd8c5935e236a32aeddbce2a44cd7347c9dfd8340e5888748e74e4a8bf3f9cbc7b7adf8669ea8d |
\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe
| MD5 | 988166248240a383a509be7d026e3ab0 |
| SHA1 | cb1f5e8941bff04f11f9bec60e1fa9d9e708b510 |
| SHA256 | e89ac835ed17dbf494434fd54adfcc1d7c2a6a57e2d7ed35abff4f6f1d290524 |
| SHA512 | 3651f7e30b85449714183c5b3268f214c4ad463ecf62dabaf058b6beb482eb4844679d36217950d86a1e5365b9607c00dd6117a81e13dcf7e359ffe023816123 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\RCXAAD2.tmp
| MD5 | d58f6a0b520ffc128ea1958e779d3fa9 |
| SHA1 | 2db301e54d8665130e062afcbee4ce14e953c0d7 |
| SHA256 | e88fe2f732cee4847f721884e16fa86d59bc781b6af073993e772ee5afc22101 |
| SHA512 | ee38295bfec189c2186575707eda8870f755a228d40b89e65771efe4e8516583d8b96e6608aa8753de4d7df25b7da7032b30098b5f36f3a4f265b367f6543353 |
\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE
| MD5 | 7ffae006610a85317fbb092a2d65d1a9 |
| SHA1 | f61f245695232ada51d81671e9918d54d9f35575 |
| SHA256 | f10acd6e32bc4d7cc74feb9e84fec18a77aeb2838ebf2aa7e3280ba1c7f3fca2 |
| SHA512 | fa163a348c7e557d12b24f212eede900dee416f54557cc6cc1a18c6cf2d4d19e049e4e03000abaada320c80dbabba4a4eb028ace629442ecea8dab0add9ccc9b |
\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe
| MD5 | 20d3e26304e9366c2e9ebc18df8d6e53 |
| SHA1 | b509c0db36f01849a9267544545bb6d5e6d7dbe4 |
| SHA256 | 36d845e96a732363f43534376dbb776041ab6df86a9ec1cf0419e74e89855277 |
| SHA512 | ea5f1a35d3aada483e3fc60b83b2de5339e8095294a8eff4c66131dfaee5b74ba2e9dcf5754d95bedb72ef2aeb43ef47c16d8b3f062a00408242300082263964 |
\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe
| MD5 | 41bb0ce03e066012f36f5ee81aa5a737 |
| SHA1 | fca620d6e7b7c6513ea93f6b5d657b39bc7bce40 |
| SHA256 | 47687c7db0d4107b82898d92a45992858d9452089d2ff7a3290ac79e4f5943da |
| SHA512 | 9d556b991aa3227f2ed4e079595a8fc574cf5bf560049a101d32b53b01aef41eede22ddb82f6f3509eb1f9a2f6fae2eb97d8060f2a6aa4fd6d73aa6a31117f3d |
\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe
| MD5 | 7a2323a4ef4c2a7651443239552581f6 |
| SHA1 | b3e6138072d303fbfca579a15ac86bd7572a7c2c |
| SHA256 | 18e279d77b8271a37bd9077900e57880f3cb3d2d9e5235ffc00f30752592f491 |
| SHA512 | 39e6a802b7d64bf9547d4f93ff52004dc97bfe22f1363aba20b47e652dc5c27fae3a7b32fc10c585ca5e9621d7abd08888e25162991988f1b5d28e054f0fdd63 |
\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | ee0c93a37a7549bb3398c6093f25c9bd |
| SHA1 | 02ea12b829f147a5c6345f99ee4d2fcdd2cb7d4d |
| SHA256 | 604e2abeba3f46842e49c0d5dcfdaaf2746165f595f9dfa8ebfe03ffdd372c09 |
| SHA512 | 1a5833d091139859847745f77032f6a0ff447d07f3c609d34d205ef63e68705b7232a72eba5315829ab52980d8ff5a9d2c9db59af056cd2517f4122db93010ff |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
| MD5 | 381c22092074255a291f4c9946a5c28f |
| SHA1 | cfd3817b09553851738818c55a01d18c7591f95f |
| SHA256 | c94dcb40543cb405474597c7e7c9d8ef558b1422797752625db9ca4faf53689c |
| SHA512 | e1f176f4d3f9b7ac057fa427d006e1d6c918e3bb623a713435011e6e27ba7728b22d501789f449cd54e5a58d19d62c25c7f55f8185b022b22cddcab070a385cc |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
| MD5 | f1de10a8b9909a4af635112c8866d534 |
| SHA1 | c340effbaed989e7f8ffc6f7574856cd8ed0d18b |
| SHA256 | 5df635fd14558c0a25ceecd2ad51fbc0d129a8fe681d36ecc9e7254ae0e0a40e |
| SHA512 | a227edac6a6d440da6e13a7d0ecbf42f6ac6acecd7591e0a105bf5e8e417d54e0610d9d28c649c510dc91c454894bdeef7f4c4d3463c57225e1e7cbc142b0924 |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
| MD5 | 54a010c60be10b65eee5506720fccabb |
| SHA1 | 18cfa274db7d6567441db036eb2b25b720d58884 |
| SHA256 | 9a4b728a0b652056cbd312dd917adc08c72c89b6f666472f4e3d59a1b8039d89 |
| SHA512 | afb51acc8b684db72d5ee9ad7c340d852322af0862a80976c6830330c9e094bc77e760a5806ba883b437c0d10139aa783c21cd87acd405c453df98422d6b99ae |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
| MD5 | 9482267d8e065d5c3cfe30c69b41b30c |
| SHA1 | b0d7b3b52fc3faac508a01a61ff9e9e7ed8a16fd |
| SHA256 | 23085b1bbb7d7b175ee9c4fc9db4e7dd8981a3f5246cd864ab178c53c0612758 |
| SHA512 | 33c19803c00834755d2a6e75481b0bc0d50dfaeb4cf95d34bc4bd22b82cb58ab72f7e7af9d1e56c19e68374365d4fd095b8a4121c0c0099254a0bdba2dd86c63 |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
| MD5 | 067c069e3a48184c32333ebbd152eb01 |
| SHA1 | e13808892bb9679a81d0ebdf5f51a6df42400149 |
| SHA256 | 55f4339688f1e72f5da0819abaa1d1f0630f39c496ec1ea0ad8e3458c8df6b02 |
| SHA512 | 74b3aecbf11f94948264b29481839bdf48d7b37f966cb5e2aa3062e66cf3587ecf247563e3bcc1837e1fb89602d327fdb4f22fa98c695b4d5768bc3f1903a2b4 |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | d4b257c01bbaa68d15d8368475a4e227 |
| SHA1 | fafae083a882e163cfa8c77258baaab891c17df2 |
| SHA256 | dd6dd981c7f1a6673dc8cc3a0fe1fc8a54e059a9fdb0545b0dc9258299c0c546 |
| SHA512 | 167494ecb32196e8e199d7d14a1c0498eee45ab8e8862e5441539fa569313bb602b9e979935c7cc5ba39300e54e8bdbdf2f502e4ea24b5e8339fd2c3685ca502 |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
| MD5 | 27a531be4e959f1d7772133949832a10 |
| SHA1 | da4d3202e33c4a4c9480e8bff7726bbe0bc88e84 |
| SHA256 | 09b9f613621fa39c97de92265fb886be93be5b37fe0985c54eb358efbf8befe3 |
| SHA512 | 7e4e78a2f6ad80ed822c40dfc4466da49a4941f42ce92b78f40f0b0d3e22c087985efb134515d5592f7b86a4bc583733ea9eb7d33fe6e29d6e771572d75421d6 |
\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe
| MD5 | 39d8c47c2453f0074ebc0b4faff008c4 |
| SHA1 | 614256aa014809b46ec5bbcf2c30856e30389062 |
| SHA256 | bc8f9a43dbabec6eb061269eefc681e937b05fc1dd7edfba24a85b0a968e99fd |
| SHA512 | d8bdd79d39ade1e1f2ddd85bc1861d30e9e3da139cdd629cc949c486c833dfc44d3ce20575c134c5b74ff66179a4872293917883e7b40fa1d631bb2c5cb48eea |
\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe
| MD5 | 6bf0aa23d501646478d247db2d61032a |
| SHA1 | a7aa82ed565c4c67929519e3109d17ca27e05d08 |
| SHA256 | fc3363d9b00f1e3eb408bdb353e2ad14a55a650390e85a51a0067f023cccd4ed |
| SHA512 | 7e5c3c342c5535e753288595b8b8acb8f0f6a73b8b614931b1715eca1e83dd61a2b88987740b507c48d23241379c822268614c41b1de7baa54edda9623449ca3 |
\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE
| MD5 | 987f657313a388148599a9baebb9e7dc |
| SHA1 | d4071ab6e1895ec19eee2254a39b9cb6096b4ab4 |
| SHA256 | 83dbcdb3aa38fe0f77fa8734eed8917001163ef321b1ec418b6f87c7dae1259d |
| SHA512 | ecb700e94740944cb4027137774448aee938e88645ebe34b250d1f1256efd099bfe48b50aca3935a48bfd9da0bff5473a3384f36cb3724b0fca90658b17a0aa7 |
\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE
| MD5 | a1cbf221f65a4a957a1561e94c05d2ba |
| SHA1 | f737fc584cc642e8b808a316faf0eeac8360d344 |
| SHA256 | cf4c6c14eca09ac8345555b82585c6138f7388de63fcd626b0c19bd88b9231a8 |
| SHA512 | 83dadebac14d91aa9c41d8b516f369b2a318fb58bf1e05437468d4f339639e431f981b8841f3bdf84b0d8b86b9e0a918900b559d1a327abebeb25a35a8954295 |
\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
| MD5 | 901aa7a38ce13f14b6bbec38c0595698 |
| SHA1 | 6abd81a46557f72680eb9e5fc74223b8c9c32088 |
| SHA256 | 1e95f2048e2a1782807d52e9816ed267355718e24d01ff07ace73d965ede388a |
| SHA512 | 34bb4f656423021873363ec8dd1908fd1d01017e607ff8bc79fea3176ffb18f3281dcf21f7bedcd96c4ddbcff70bb2943435a18e31ddfb6f6c5bd226bf901672 |
\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE
| MD5 | a351a9e5b19018821ab612496da0c2c3 |
| SHA1 | b040fea2e94e6bfdef05540061b9f9a9f9ca17cb |
| SHA256 | 6bb70e81edc34e15d9798b317300d7758042db033a91efd7a40efa5e45a3cfa5 |
| SHA512 | 00e264e71f1f36be5bb284f2d281a9e2e11b050c4e07c75c975b1fbe19be57b89f651a9b0a9dd338ae7b8ed68ce733c872d7763698c234353354035d7b42371e |
C:\Program Files (x86)\Microsoft Office\Office14\RCXC44A.tmp
| MD5 | dfd6ee69d37410e02b7adca7e3a03ef0 |
| SHA1 | a599f2bd41089f2268a1d3c936093ce2d6025b06 |
| SHA256 | bfcbeda0fa6bef1c8034f2c7d1922907af4ca1ba826a5c913937feaed9a8cdb0 |
| SHA512 | e77371044323447c9e47885d9d525e6ed009c0f11e2bbc2edd0a17b04c3e621818bd40ede0f5a19a34e0b6af6698a711ea4101bac839b819f39c3027b7c5ba82 |
\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE
| MD5 | fc860959580c124e7e4781bb08437681 |
| SHA1 | b551dd88a1d3d5f277dc174f5d9d11eeea0dafb0 |
| SHA256 | eca127142a480fe51e7748159c8d219313a4730d60dc22c4dbbc1bd4d6a67b66 |
| SHA512 | abab3d964d5e7b1bdf365a429cbc5b48614f4fb64281d5c0a4b0ce0ab3580fa539ca0f33bc4243dbbe5c6649fa0ce1a2a89de12725a78971001cd768aeb075d2 |
\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
| MD5 | a53cc4c0fa7da7cdc8dddf4a0e6123f9 |
| SHA1 | 09aeb141350d8d3ca91ac4cf902af9d6b2de3bf9 |
| SHA256 | ead4783058efc1fca6e92266cca02ae8ab79105405775208167d280c14d98914 |
| SHA512 | 32a383f768d90c1eb5ffb8fffe6810ad90d76e6c65716819d4296344b31a3858db528eebc40d0561ae2be9d5f14533ecd44a0a783164b6b57e2588788209f665 |
\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe
| MD5 | def8d3ec3d85dc8dae33683766d0be5e |
| SHA1 | 7f13856a4f5f2610485de33546416917838270a0 |
| SHA256 | 0f63e7d7cb8923fd0b8de1d135883b9b50b453f1093c3ac9c6e2a5cc1ff9d8ff |
| SHA512 | 3a9af3e8b506739e15f2a8ff7e39fd495f5a8e84df901fdccfdd855403359552af33dc805c58e2348ea8544088dde2d96f76b29e7aa93c5fa60cffc49ca25762 |
\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE
| MD5 | b6aba3b6872d0e4957d860bf050fbf64 |
| SHA1 | d1e55e141c402b45c6578758a72b52d112f1b16d |
| SHA256 | a98aadf44727be20c0550b457a2e741c6fc6173f2eda2635c0213a1e509d9a24 |
| SHA512 | 47f9184977e3a1f61417151b3678b41c61a9a2f30d12fa2bcdd006d8c32126ae7329a1e8a0816838d0940fda6529c7dc0931e9f5659caa9b780be7f6a5588766 |
\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
| MD5 | 334a6b52049c0a30a89369785e05027a |
| SHA1 | 8881925df0de69ff7702313b182c31e6b84c8886 |
| SHA256 | 086d9c660829c978140eed4851715224f4653a4b66e7a147b52fe5604eb514a3 |
| SHA512 | e59351cc3e1d59ba0e34235f33ee7316c5d44217c5b3dd8708504c86a3253a0e38c2be04430ed84601f0725857826a49ca9dd2f216e28e4a4ff74001453ffd02 |
\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
| MD5 | 818cb3b1d36f079b03e79e23d0fbd83a |
| SHA1 | 2a60afd7bf7d1b198070ab199691bb2c0cc315c3 |
| SHA256 | 955601226a4e610d3ca43f6b6fdca64e274187148be5b2ce60db05aea233625f |
| SHA512 | d6f9d21b45289ac628af525f8197d429b3ac70dd59f68e0ab04da115e7bfa97ad2c9d34bdc0c805671acc9923e71818e226b2b4287f19f471f4863d7f00664c4 |
\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE
| MD5 | e7667239fc311cbbc86e84c7d4ed1f23 |
| SHA1 | ba55b9c8d2edca3483d600616cb1a9114d4f625f |
| SHA256 | 343883df0625d9ab21c3de31c2c5fbcc24c6d0c151d2dcacd2ba1f04e6a40ad6 |
| SHA512 | 7a8423e2d236f1ded8b51779519dfb9cce45bcb5d92503b35651278a0108e3b3e7b35fd266201e14bcaca76be99218481e9037d95394ea1442c204e66439aa7a |
\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe
| MD5 | 42d927353ebd38247c45f73be30e5438 |
| SHA1 | 4c09cacb7ff6f2daad8b9171f1a4811f57f460f2 |
| SHA256 | 46b682a6e218066005b4691c0d16254607c41c51c8711558740d4a62beadf4d1 |
| SHA512 | 435b77c1accae88db0ca27bd152c1bb374c47617db66fac72bd1f41bb8784461cca8bb36c3002bf0124c033273960b57af3514e05e5222f8b2220b5583da997e |
\Program Files (x86)\Microsoft Office\Office14\misc.exe
| MD5 | fb3c8178ad435b5b2194d5ce774e1f53 |
| SHA1 | f8ffa7825a628ae2d3be6d1a82281985f8029427 |
| SHA256 | 8263b2fd09374585546353e8b61439dec4fb6e26d547d5ebed7696cab7dc8060 |
| SHA512 | e0ee5d6d9d0eb5b9724ca2cbfc642241c5b8e7b48d4b724473a5af7665a25442c22fb365e1431f567cf88c3f550d411d99818bb9346e29dd1730a43712425a7c |
\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE
| MD5 | 87232c8139f1cd82a2c3e39070d30b52 |
| SHA1 | 13e2beede1ab86a3a12277893570c320e375d191 |
| SHA256 | 8b8ad6ac7501d2c82eca1197c0310fa306b05d313d1b75c1020bc2b2965272c9 |
| SHA512 | e0032aa0182b66e3edbb7b76dd9411a6839e10cd3749337449dedd706ec8ff387042349fbe56c9d4b76a1aa095d750b6bd5e4a180ba7c70c144bf0fe697846f0 |
\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE
| MD5 | 325898762af50cc9d7a4c504b7cd6206 |
| SHA1 | 94bb4333872c472fca319c5b59aa1f1d0f651b7d |
| SHA256 | 293eb1f421601477e48119966adbd2d8be68510334c19a8377c5e772e40e039a |
| SHA512 | ac780fe9d27a92699e4a5d6d8c29c7c69ca8d298717710b06fabafa66e5422e61e2bd02b8245fcf7543e3a4f7fbcb2173feb7160eb8659a769b19a1169406ab8 |
\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
| MD5 | 7aff1c22e8bc6d8181053fc3590fd0f2 |
| SHA1 | f81c044f3ed14a7c5ef33495891a846b297d5353 |
| SHA256 | 7ad0bf719597cd4770a45e16c4f45f233f99d473aa1f4f0b0fc0f8d26976f883 |
| SHA512 | 2a8c89e80371413e1458270fe2a1c963e085e8fbf2af5ecf921bd075a73c6f08333ade3cb6993a0db3ac5a008d0f3b80c9c5248a38d7e70842fe084df446f121 |
\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE
| MD5 | 84b5e431dd9e08590e15ba29d85964d2 |
| SHA1 | 738daf1cfd697baa77bc278493d985de3ea4da27 |
| SHA256 | 28b7f8a6e333c8347c8472ac6bc9bb3caf4b505cc1a9bcd92c3db21947c04127 |
| SHA512 | 484f62cef80d58728df0e1f255fbb62121c5d9f12eaeaa4fa0bf73d57b9f8accac598b1c3bd03c09aeae014d2687fa8bc06bb698af15f53f20b7bbe6b4021709 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 23:51
Reported
2024-04-06 23:54
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Adds policy Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | C:\windows\alg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lsass = "C:\\windows\\alg.exe" | C:\windows\alg.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\alg.exe | N/A |
Loads dropped DLL
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCX17A.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1918.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\RCX2C82.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\RCXDC98.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdateComRegisterShell64.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Windows Media Player\setup_wm.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCX108.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1916.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Windows Mail\wab.exe | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCX402C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXA4.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCX129.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\Install\{AFF521F6-AE33-4DA9-91C8-593A92655606}\RCX95C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Internet Explorer\iexplore.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\RCXF16D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.17\RCX3385.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCX375E.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\RCX2CF8.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1949.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\RCX2B67.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RCXD5D0.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1A5B.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Mozilla Maintenance Service\RCX360C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Mozilla Maintenance Service\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\RCXA5.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\RCX2C83.tmp | C:\windows\alg.exe | N/A |
| File created | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.17\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1A5C.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1B77.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeComRegisterShellARM64.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Java\Java Update\RCXE3BE.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCXF2D.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Mozilla Maintenance Service\alg.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCX1A49.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Windows NT\Accessories\wordpad.exe | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\RCXF2B.tmp | C:\windows\alg.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\RCX3443.tmp | C:\windows\alg.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e394fad5222cb7aa3d076402b99b37f9_JaffaCakes118.exe"
C:\windows\alg.exe
"C:\windows\alg.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\E394FA~1.EXE > nul
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\temp\*.* /q /s
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| IE | 52.111.236.21:443 | tcp | |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
| US | 8.8.8.8:53 | www.365xinyu.com | udp |
Files
C:\Windows\alg.exe
| MD5 | e394fad5222cb7aa3d076402b99b37f9 |
| SHA1 | 3a26acae79ade36db50d5e6e1eb25011dbf64da4 |
| SHA256 | d13931f71eab276603a9481b49b920c18ef418d3272241ad622dc73ada992d0b |
| SHA512 | 9cf5b848deae580e16a83d4a1b18e611d6a31ddad78661ce2a7bf17eac0ca2bcc8cec22e68a77de380fb865b82598902f9259f81f8e4e063e6f1ef6bde785aea |
C:\odt\office2016setup.exe
| MD5 | 54b36bbcb3aa2103e2e5106c5c3821da |
| SHA1 | dd5a6599d738eff2882400327acc711b0ddbc30b |
| SHA256 | 8813ac7c8df8801c47b8a6c5fd512678c8c7bd8cc86166ff97fe7307094a80f7 |
| SHA512 | 15e85c61c7ee5e35adb974ed1fc8c1aa592fac52c6a446192bdf3782920d4f10711d1abc56e8564b2889b6b1168f0db835f67bc6293cb16f10b73e6c78767e05 |
C:\odt\office2016setup.exe
| MD5 | 2b2335870b0e65775e32cdf8ac181a6f |
| SHA1 | bfe5930729cc695c5b399d60b20ffbc820be18f1 |
| SHA256 | f309f998a68290259310e6115008f27ed9fc4d63e69f0a7672581083a8f54a98 |
| SHA512 | adba2e93b18a683b512e33ef54420de807adb19b2982cff1a995cd56494759aa03497f8d751662a3aba28ab87d4dc56fb1bc86e14f8528980e7e3144598459ed |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
| MD5 | aad5e555839d9d3361d03c1129cfe5cf |
| SHA1 | 8738ca8faadcbe4566819d18a8930002d867e0ab |
| SHA256 | 0d9d89d4d2a1fbc16a6e3bf213abd2962ce5aacd8d1a86a8e44f83e5009a2bca |
| SHA512 | b70c3250331a006962cc9d5753ebde2cb7d7e5ff3816b06ee5fd3af1fc1cd2fc974ed58fff06299486e6e88e0b56af41795040b2c58c7d6eae02ba66892d24b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
| MD5 | 6c42db74262ea0e2a9a552ca6c343ad4 |
| SHA1 | c3234f2b15d3f42d7d450dee287b50973bda8948 |
| SHA256 | 87a9713309c9ee5628ff54494fbb32f100f863f4f53c39fa27a8a7b67f7cabbc |
| SHA512 | b414381437b2fa334c11c0934436e01b7d13f07e251ca684d247d8472362bcb31e6f8b64ffe36e593665ac5e87e4ae356b819d6d64b7aaae92a19714b98eaecf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
| MD5 | 2e9d0375413b2038637444eaac727d60 |
| SHA1 | f86d322bb4581d4ae297d9f29c47d85da5e07ad4 |
| SHA256 | 7fc047742ad9f3bbf84c3ea07d42340f12ba953fa50ce9f77773e665b3b10b40 |
| SHA512 | e53c6cfdab6e0c4c3230997d56c12585dc1a7f30e1047744ffa0a51c14b92fbdca935970a1a6aa248304ee2684f285eafbd56ca1b4c930d34578caf8135a2d8a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
| MD5 | 9c62dbfa3377a86e66c39d4afdafaa78 |
| SHA1 | cec46071df2296184f3044c48e0da91bfe8bf89c |
| SHA256 | 22dc83b268ef20121521b803ecc6f58f98a418a3ff389e4ce52955b060ed3c8c |
| SHA512 | 718ec756656fa8523e371696e10a55db390a2d4922825ff8c7e5df23f31fc894a7cb9695c58ec9c1ace3ad96aff03b1537bb8c88ee34739393cb2e87d99da6a0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
| MD5 | 3d483b4cef7c539717f130af53a58c13 |
| SHA1 | 1cc649dbaacb7ce2392f234ac31574a0d0b8a18b |
| SHA256 | eae92f879a34a0c150a9718071bbb661011a361c4260edb53c9f2852c199a8b5 |
| SHA512 | fedfeea33a0bf07e52dc101c11910cb2f9fd3e2c8bacb8eba431f12a1e21381691711d0fb494c4441d0ff5a2c3cd67e61c79846fdc77291f8e9cef9476dd9eff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe
| MD5 | 33e9825fbcbd6f6359940f91eeee8c60 |
| SHA1 | 30375e6a76145aea51fb33614a4fb8d4ef5b5751 |
| SHA256 | 4a7a01c3310d45e5b4a2977bf24e96e151003720ed4fe2ad440add3f5b9310a1 |
| SHA512 | 91128c729b699bc3ca41b139b5a14cd12777dd829f36172fdf9afe4a3f6978566a103c2c548baec2892260142e35d44f72b47d73ae2eff71653f94b47823155f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
| MD5 | 5f66a7e9846586056a13ae0229096d8f |
| SHA1 | 282b0dbed4987a70993fdad73e5a14ec8479cd76 |
| SHA256 | 570dfa37df14a2a468af7fa91e67a025d3ced1e1856d3c76f005df2fafcde515 |
| SHA512 | 5a754d3923ffd07f786f2a86161dbd1ae49eb34044051eaf7b94a66bafab4a21dfd289bf5c451b137831650a62171d0d4da0b16ce437ccb5ebecbe455c23cd50 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe
| MD5 | 99df3bd0ed9ed5ca40b8bde28dda5a31 |
| SHA1 | f3f015157770459c326f0ae6dda754fe11cbfe4c |
| SHA256 | f10c0129b96b1603d7c95722589814999c6c689d6905eb4f23dd36ea0150903d |
| SHA512 | 74984c20631dc453e2787b930d0f3734412ec4d690d5c7652bf5776fd0bb5942be1f8f44c08134fbcd1232321b3466ebb386004de772b11a12e6b1e766e4127d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe
| MD5 | 448c60dd4083f4ade92f07b225f46674 |
| SHA1 | 6a5b259766e93c9a70ccc52fafed6ea72dff1229 |
| SHA256 | a95261b5a576285af0b5f625a79dd995056fd335832b84484ba4853ed42c6c59 |
| SHA512 | 81e5f1f918cd7c579909b8d68012e9860333e49f1af05e120187edb3cffc648933824355d1b5bec647978a5c8a3ad084065ef1bd5500e29fc144515a6a524d1b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
| MD5 | 3cf95d493512bce6ef3c2ae801e635ab |
| SHA1 | a17b755b9aa149612b8d63c75709c1c748e43e25 |
| SHA256 | 159ec34eab74943de299f0fa4ef40399a4be6aa2db029703d1ef5683b810305a |
| SHA512 | a71015cadb2f3e870b2307b8c8e9b2508f64e6ec4193f3494ff5a0fb8331d1ebb78803f6b37c03f44733ec073760c931d7a1dc84f3d2ac9cdb0cbbaef10b03cb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
| MD5 | efb51dbe35135e405b2e50e40e8c4897 |
| SHA1 | da5083e7d3134773fd527b870c17871261a629ac |
| SHA256 | dc8d0857bfe5860053c8de5151a6e6f31a5c41f8707fd0d320a6964035ba1b4e |
| SHA512 | b4979d6bf6c1722a82c0db6277b821974390c09a0ee2f41d3f6a895c54009de3bdb2697904c8a52cb37cc1126571482a1dff34ba66e05dd9002620492fcc624e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
| MD5 | ce7e826ae231e942b2418ca5c8c9c5f3 |
| SHA1 | eb5d222daff27b4c1209ebdbe01879c0822e3777 |
| SHA256 | 0cd0ca42eac63daa372fcb87c54b63981229491414c78ea623bfaead52c09e6a |
| SHA512 | 39ff8fc9d82dec29e3c3b3681e938ba9ceaa54edfd9461553880ad7c749f1525f879ace66c265cff1f883c4e1ff1359bac01a03bb05b293c3e951307df304916 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
| MD5 | 4547a521bac17153aa12c9ba103fe357 |
| SHA1 | 8109f3876056264a8653a0d7cc50695ffa873a4b |
| SHA256 | 38af6e1045095f1b3446d37d1eb5e097f6a05f0af27ec68ad3cf7b24680059ff |
| SHA512 | cbabfa79fb20af8c4dd6c656cb88af98afba7399026d746a2df29a95a2fa5d2f7f680b030ad9ad1f08902b9acc5a28673f61804d271ee46834c1143364e31bdf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
| MD5 | a63888353da51ff85c1678faeaaff1a8 |
| SHA1 | c3cc95f0ca29e6bfc7bd5a6e9102bf2e9f7247e7 |
| SHA256 | 86e0f32ab0833986f4c346ccf485e8d2b02e6aca507b8bcaea5b0093e023489e |
| SHA512 | bfca11f9aecc4a6daa1dea522b6a6ced59031d0a72f665fd7ed03c0c03bc68c4f57f9fed0e594ed291f3643e97a4f6ce001d7913020bcabdcc93f6016e2f694c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
| MD5 | ac24b2e599bf20389fcfc23bcb3a4c99 |
| SHA1 | 1e61ec8cca652edfa2ec8e12ff3d4d0194778b72 |
| SHA256 | 02a3fb05af7b74b261478346fbfe6d8e9068fe8491080bf19a2008ad9b0b1466 |
| SHA512 | ad85dc6493496260eb161413adf84f2f4d82f97e7440ea441356e81ac33148a991ce015d34f5a67eedfc9b260d07d754f88f2a700e93a5f54d71564520ed2d15 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
| MD5 | 4443b2be3d0f431f25a282579f6095df |
| SHA1 | f72a0b172dcbc69816e56112df1a74e3d4732713 |
| SHA256 | 37df447fbac3e4e04e49a0c5c3a47a11e455f07261ea7cc04d2edbc8ae829229 |
| SHA512 | 90160c9d9d7a236c60a3295e8d1ac31846a266828153f8b1ad323810609c951d777f42eed7f4da4471975fb12a3536fe86caea85598dfce629d0d066ea8aa150 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
| MD5 | 5c89f0ae51183891b681859a6095d5f8 |
| SHA1 | 2d0e5fb887f7c64f6d6e707b7a56b0a765a43805 |
| SHA256 | 12ccec8c295a5819b66894dbea5a4c2cd71929170d85278df03e8238979ea85e |
| SHA512 | 2e932103e0ea3d453e8f51eba79a5b88df3e960cdf854c37b121c84a53d962d3a695510997b514bd3635974efae00ca2e23bd72d863e709db30df58b3d3b6e6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe
| MD5 | 0aefd5632e60fcabcbe794c65690d2fd |
| SHA1 | ae829a547bdc6d0ac7138cf01098e8ffa3ef9b99 |
| SHA256 | 112378ab7262b022338eb47dc81fdf6ad895755af6b55397d8502182897e986b |
| SHA512 | 4a07e15d785436e74b941d37d38a44c195eacf306657933f8d119047cc90c67df7f7604890b9becb71c6c40924924b45cdd26e020a6f7a06a084200f728405a2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
| MD5 | 458a3e883deb741d2103d88341bb2bd1 |
| SHA1 | f3fe50cfc7dcf2d2934d762f70996992064bba64 |
| SHA256 | 635dadfc77c370c4ee76c130f9f0d636d4a7fb04c5a0a6858eb204b8cb6e0a17 |
| SHA512 | 5929a1ea6c603ebae883092f12581569a537c7816531886282de031fc779960f22691e4c1194c84cba48609b3671e83ffa96d711f8f981a2c21a7122d1db1b21 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
| MD5 | 0eda0996fc9f77692d090220e8410df9 |
| SHA1 | c57e1f4bf37395014556524c465cb26dbcabc51e |
| SHA256 | c2022bab3ef70b7f47667e4c8291b6a34189f445b1580b8b63f963bfd3ad423f |
| SHA512 | 43ec62413cc40ca36c1e7ece7af006fe6925114c3539618d701191d6ab2e294fc785431afe3c7a027a3adedb8fcd15b1595d3387891383912897a9630a37d3bc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
| MD5 | 3229e3999ccf8d183204c581beae292a |
| SHA1 | d43ca513ac0621d43fb8a66cd60b120bb0669d6d |
| SHA256 | 4e21e57785870f0ecf4f626a7951b9e0b94effff89549bed18012a51e458935b |
| SHA512 | 8da8aeae068a5ebd913fd44c4227686485bf96ee775a0512368c8668c0cbc6a98af0095030f19dfd4d9560f33f5f9e59d032324db313674e2845201294c52597 |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
| MD5 | 546c2b31f081955eac939d7000cf0c92 |
| SHA1 | 11d2f636916fb464163bd0e72d02c05b3fbec577 |
| SHA256 | 447ab32bc41bf6726704eca16ad036ef64cb69f33f8abd74c8e2c8d08ad26a23 |
| SHA512 | 4bd1de4057ceb7138187a83faca5417582e21456620c60da7a4fa62538225150ec79b8de7bcd3805d687a46471b03ef83cc2a6dae10d7dafd144f840edcaaf1e |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
| MD5 | 5b5a6961cb5404f80ec1fcb7e27637cf |
| SHA1 | 725ecb6ce470bf819ac4064f6bd432cd641db605 |
| SHA256 | 53c4b40495b194946806f35cdaf435b23f60e92e2ffec376c875d73e5b66f625 |
| SHA512 | 3902999be2ff8d4f51252e470b7eab199206deeebbfcd0f0b4d067ca383d18ea80e254bd8feea421c84c0227afe507c36b28ef03c39d549bea3a0386f20601dd |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
| MD5 | 03d551e0b3a2e32ad464062621e14915 |
| SHA1 | 1355886d444a6785094ce6d79d41dd78772edadd |
| SHA256 | a9e80929eebe493cecad22d3e5ebfd2eb8a868ae49faff22087f7419f9540392 |
| SHA512 | 053081ab7ba608ca803fa86c4b0738111d3956787574b3350e0c198f560007f808d49aedccfb587589a092b58facb5e46bbb11ce9c4aab4c0d6ccad7c1feb6b4 |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
| MD5 | e2ed58e86cfb36830eba3810bcf69240 |
| SHA1 | 0cec725b93e787d7f91108308c83742d6b9d5cec |
| SHA256 | 793208014a92f551f11172a450f9ae7720402f132c9fdbc5f38cfc12bf8905eb |
| SHA512 | cfef208e91a2924f412c943796cadc236b75b6efd903fd64aff23c4603f114b18d9640036e290b78568750c121880f48d69c3ea296454162efa5009dc790ab71 |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\RCXDCA8.tmp
| MD5 | 190a871eb0da5d20283aaa460376fe6f |
| SHA1 | de535a9c13b4cd754b857c8eb1628039fb884db1 |
| SHA256 | 44e1b1b4695a679348d39e0f11b8065565cc9360b5da166db014fa86a739de1d |
| SHA512 | 4e119e9d3f1f16cdd835beb8bc9ed30598c778b4da38d246ea2fd23d012cfed3719f900a0d829ee52b78695cf3ed6df3a041091bece46a983adc17bccd00d0ab |
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
| MD5 | 517f434f2ccf37aef7c4a22113d9030b |
| SHA1 | 1af128796b6b992585c3fcfa5d74af503402ce36 |
| SHA256 | 113a4bbd37715b0ad2bfbed287cb5a6b22f9f1d120397f688a4f5d6801040cdf |
| SHA512 | 3045921ac2b7981509f4d6cba277b5cdc12028e1c471557e4c3b97b91e936af986af17478d8f7b4b6eeb56e95023ae36466a3d246f31c467bc6f4380183049a4 |
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
| MD5 | a17b680bcd39c4314ec39ad326fb54ad |
| SHA1 | 0da2d1cb1713bcf27d9c7033191d02982644c568 |
| SHA256 | 33f0d9de49143454bb588ee53ce83dd1323cff032ed919a214868f8e285a74bf |
| SHA512 | 837192c087ed287ea1df3854b8284c1e7fc2c6061ce9905fbbe5bebc375f2eb224854f0640749c53b16483acc5922d31f9f25dd6fc43879f5d11edea887ae176 |
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
| MD5 | 79f977d7df61805e08f72e82951625a0 |
| SHA1 | 718ee6d80134235cdbce003d0defd203e729520c |
| SHA256 | c1cc99b8c18d19f2aee81c7a538dc7192c3d235b1f241f0f3604086475b69da2 |
| SHA512 | 875d9d3efcb5676bb61debe5d39e248ca7b74d6a43a4130a0036e91b1323e043905fbcded45fb75f32cfd93aecc3da4eed1bc6709c414b3fc1de249e0ba1362d |
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
| MD5 | 2bccfc39659f3e209025ab58e7431888 |
| SHA1 | 22781ede6aca605a413ae0a80a5bfba615d65756 |
| SHA256 | 65862481df247f829d14ae240e989495b51aa52c138ae08f44c4dea448a94a48 |
| SHA512 | 02aeb0d5e65432944d866d47b5a1843a65b981d4d9b45e9bf99398ba9669d54bf3269e2efcc1d5154f1eb25fa419bdd55c76f4bd4c8b2316a47b382c3bc2dd03 |
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 1a756e4f29ba0629750ecc04430d2342 |
| SHA1 | 5f4e756639f8a370afc6d1a8596a59d96252db17 |
| SHA256 | 3a08abec47c7fb83175ee767f037f6b7e1c6bc645e3828d7d753d6b9e5aa7a62 |
| SHA512 | 5941385e70e7cc15ead334dad876c8aab49ac93d9d63389c293867d5773aa026e77140db41a9c10bb313a7b882a955c31a2aa68aec27ac381f56dd6075f8fc3c |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe
| MD5 | 14609b4085dc1bad15f78964fb7030e8 |
| SHA1 | c8120ba0efdd9cfed4787fa6ff9760d1b27d34db |
| SHA256 | 8a651ad03d4535c96c9ca95a6870c12b04ecf58a1a20d95a500a3694be256a0e |
| SHA512 | 77eb42b5fe193a2f076bb076af5b2cd10bbade0f1bed654949ddacae15cd5666eb04353c30aef40381206fc38a4bac9669d0b6bcf85bc9beffdb7f19b1bbf1a0 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaw.exe
| MD5 | a8e2ff027588b72611aa367b006917d3 |
| SHA1 | 0ed7665b23d2beff061d2b6b107afba9e2ef9bac |
| SHA256 | f82aa9e837d37b643fc19ecda89d49fa9672f04bf3c9d89915c8cfca3f98a89d |
| SHA512 | c0e866d5f75273be0c80165ef356eaf4d9ff30c3e432e928a5082f6d172a4d47c316fea915c9f5bcc8d397c2119572a6403b52d733566ffc553534a6dc279d4b |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaws.exe
| MD5 | 46e49b8c3cd6a5fa844647be4997c37c |
| SHA1 | 70fb652c4bb0704dd9249e7c978c47a9056c5928 |
| SHA256 | 7dafc268244da92a236975f14b3bd9accc1c5dd482709f7a24de745f7aa070e4 |
| SHA512 | 8e03c4159cff4cf7d010a73e8bec69568b5700e6b7518783df5bd984c7a22f38baa006121bffc188a1d4f3721f87a596ffcb24d04412773f7693c17a0799317e |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe
| MD5 | 6cc76250d4fa4ba1b1134696907cc260 |
| SHA1 | abd6ee655394d7a13d1634d8bc07be6491c22e9d |
| SHA256 | 8ba3a2e571aae60ee2f0c25237ec94a63869c2e5239895827d377e12e707dc68 |
| SHA512 | befcd8b51b6f088e6ce586b385fc1ae07574fdc30c5d0c88762db52d12f6c06e61a5bad057782fe989910f323f639288492ce3c267dbe637762ddb9fde4c350d |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
| MD5 | 381c22092074255a291f4c9946a5c28f |
| SHA1 | cfd3817b09553851738818c55a01d18c7591f95f |
| SHA256 | c94dcb40543cb405474597c7e7c9d8ef558b1422797752625db9ca4faf53689c |
| SHA512 | e1f176f4d3f9b7ac057fa427d006e1d6c918e3bb623a713435011e6e27ba7728b22d501789f449cd54e5a58d19d62c25c7f55f8185b022b22cddcab070a385cc |
C:\Program Files (x86)\Google\Update\1.3.36.151\alg.exe
| MD5 | 604bcedeccc1289f35439241062d7a8e |
| SHA1 | 54c8be3bd5900bb40e519412d0b4b3877ba367d7 |
| SHA256 | 974aeb6fd71af37f00e991b07df7ada16bdd84e27497b25f20b12e3063e7f32f |
| SHA512 | 54f4c7430837a06d91d765cf550992c8ac302a4383c7b51bd9bde725960dde77d78304ddf1d333ed983b484d25d14874296976c3d82776e9ef93cac67917b90a |
C:\Program Files (x86)\Google\Update\1.3.36.151\alg.exe
| MD5 | cca83f30deef0f9216e3e461bf51095e |
| SHA1 | 4fe1d50d4cbd474e052b1c3673d678f6327798e8 |
| SHA256 | 4714c98da1ac51fe77a253e9fdddb3303c2a11745e4c25ae6e83708b067d674a |
| SHA512 | 30dbb552e65de50e0b3084b518b91bd8cd20f08087a32b93bf04a2358a99d4624b1449efa407bd1d9a04cb79e6e71fcca43871be396c395e46da2d4120c7c997 |
C:\Program Files (x86)\Google\Update\1.3.36.151\RCXB7.tmp
| MD5 | efb6be4c91e76fe2d1e32129a2b7425a |
| SHA1 | c5f4c70ff8ae4c26234281590840f5211523d9d8 |
| SHA256 | 36449f6e3ab7a823dbc3f9e067a0dc3c2a52d62f84b4024b85c74dd3e38ae4dd |
| SHA512 | 0ad78bab3655756468ee68e3f0a0242a36588dceeae2f0c8e30d93e47d363f046f9afa20133b9e9dc88b0a57b2592ba06a04aa52153a67a1cb1b73dd1a443b87 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
| MD5 | 91eb6fdcd54021e26c7fcdde6dcfe7da |
| SHA1 | 87ffa911949a3031221a2e767901863a97b2ea0e |
| SHA256 | cde8abe0318faebccf6a0cc36b09dcbefa21f93e5a737f1d48e1dcdc74352f04 |
| SHA512 | 7bf0fd7bce3f723592afb175290c11a30346b900d3677d2b84004ab1101eaf2a2db7800401f081c8f385bd4c6ff89121398261dd4c09469c02fb3dea18d22361 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
| MD5 | a26e3adb5844fd586f9df61033906cf7 |
| SHA1 | 38580da920487d65191d3f3538befe47fd5502ae |
| SHA256 | ac23cc04478912924c6e849dd5f9ab67b9a2e112ee58e0b8159858c4f6c9d122 |
| SHA512 | 18ce52994c7ed762a979179218ed28720ac911ad171d7b842c05fdc8aeed0c0b5d1febc734e14c4786340e93a158c27f89f1b29b3254c5ee4214591e0dc9f7c9 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
| MD5 | 9482267d8e065d5c3cfe30c69b41b30c |
| SHA1 | b0d7b3b52fc3faac508a01a61ff9e9e7ed8a16fd |
| SHA256 | 23085b1bbb7d7b175ee9c4fc9db4e7dd8981a3f5246cd864ab178c53c0612758 |
| SHA512 | 33c19803c00834755d2a6e75481b0bc0d50dfaeb4cf95d34bc4bd22b82cb58ab72f7e7af9d1e56c19e68374365d4fd095b8a4121c0c0099254a0bdba2dd86c63 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
| MD5 | 32d25ae8a006118729dc0e75096e955f |
| SHA1 | c95deb8383fb88b711bb4619a563ba65452b7403 |
| SHA256 | 7803dff8877972da3c6d757e83a1d03486e25bf6b0f65b2119de8f16132e92ee |
| SHA512 | d9641e6415d16c889a693904f80b9391c2527d81d4316bd0a6c33ab6212a71b7ddec497e5ff60c2158a897cc47922ac1dca2c3caec2d794e0342ab295079b372 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | c7638bdff84a80f6c86484bc496fa3a3 |
| SHA1 | 7bb61cc1304e23bd7e5a2c8b4f4189b45b25aba0 |
| SHA256 | 73389e6f69020c602e5135a1b972ef285bf529a090b1e3ab17f4b82327f35ac0 |
| SHA512 | 838c4cf1c675ac0a87a9241690c85f07ab370bcc8b9d8aef5b0def96d4970666cdc63291aadd59add6fe9a8a4978d91956ee58c4d73f8813e7fbc2e98811287a |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | 5f5a39ac497130beb3b55c3b323c8e8d |
| SHA1 | 4be5a7d57ae1d9c2f76d24e63027e221f9053f02 |
| SHA256 | ab146b67f4e0988b7e9cb54eaa5c85d1894a852dd5e537b32144168cfb8224d5 |
| SHA512 | 4076c73a6b0aa04460122d6ae983db08cfea56f080cb68fcd7e0791e957c2e67d5e84f76c55dd5daf06d90745d646289039e2a62a604198d6896d6264ee73d02 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
| MD5 | e1d4524f5cd11eccfb2da873d4edc546 |
| SHA1 | 1d31c050203320d0e77ce521e276297be39eeeee |
| SHA256 | 5f56a2964ea8abf013696580d6735edcde8f62b486de3455de8f980f656785fa |
| SHA512 | 61e9f5eb6407270b3114587d474b50a3d831e2e45003e41e7a76bc3fed2a22b435bcd2081095b9518fbe09f731a5996decf19ba08c52842f1af55c2addb4e1e2 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
| MD5 | 27a531be4e959f1d7772133949832a10 |
| SHA1 | da4d3202e33c4a4c9480e8bff7726bbe0bc88e84 |
| SHA256 | 09b9f613621fa39c97de92265fb886be93be5b37fe0985c54eb358efbf8befe3 |
| SHA512 | 7e4e78a2f6ad80ed822c40dfc4466da49a4941f42ce92b78f40f0b0d3e22c087985efb134515d5592f7b86a4bc583733ea9eb7d33fe6e29d6e771572d75421d6 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe
| MD5 | c3ab44459a146992f1805629a25c2956 |
| SHA1 | 8725771da56a9a939edd681a849019b64f679269 |
| SHA256 | e58a8db56a6553a1286709aafb7da3fc36e999791fb5f49795e3fb1acba5c2a1 |
| SHA512 | db1b19d2efd9227ae13affa48adfb9e31f933ac547f37dd55e7d957c31c65d70cb1c1cb6d5c4e87321bda62e467e208184eb41ce01e7440cbc7dde21eaefe59e |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\RCX2C95.tmp
| MD5 | 0a78bddbaac8c79dffcaecf35ef89f7e |
| SHA1 | 69d89ac3cd2a5f6493efe3c6a789e63e941e7cf4 |
| SHA256 | fec908cdb8a3d90a2e55e6e305d81839b8f74954f611b3fbd1de20f03df2564d |
| SHA512 | ee1ab20373c138ae4a8c1fef314a67d9373de1bc81e5cc879e23518d810204f8fc8440786f62daf04c9109a9315f30c99174f084db74ddb9248c6f8b98aa0e4e |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\RCX2CE8.tmp
| MD5 | 0c3382db7a488f885d55f87c7cf3aefc |
| SHA1 | dd7fcbcfaa1269029cee8cdbaec853ccebb2bf54 |
| SHA256 | 51cc755a9d506c525e27e987124bedd13ab80f7c6262348e34ec2ae43dffbd14 |
| SHA512 | c9133ad963ed7f6256e8d408107eb6ff42184a8426558572cb183165e1b6b8d0520d98608e5966f160710a5e45b8ac7177f3130329bedf4d694707fc539787cb |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{7E653E23-AB74-4888-B10B-3B198241FC47}\MicrosoftEdgeUpdateSetup_X86_1.3.185.17.exe
| MD5 | 9cf8c0bde09c667534f36d3a5bca0cf2 |
| SHA1 | c0aab8f831c4889b0262bcec3745a7861a9baa82 |
| SHA256 | f2e78afb92fb4c373107bf57a229f5d6cd72e42a56dc74b48def93de122ec890 |
| SHA512 | a1938b934044603ed2f521e10e0e157bcf872bf2e0a41382e4f4c46e9afb31f0e3a883dd4d0f653a8f8bb28cc3b86f75eb7fc6bc2a613d46b93e5ea1d66dc87c |
C:\Program Files (x86)\Mozilla Maintenance Service\alg.exe
| MD5 | 56856889daa93d8f1648303ebc3680ce |
| SHA1 | da70d2c5c8a76c035e494b0350a6c37220680b33 |
| SHA256 | aefdb883277c35b9f71993c1c8b754c42d43591325d67c5b9435d5b1b61606bd |
| SHA512 | 11a3a4e38c21b2a4ba412dcdd89cb9df52f268d122138639a0466109b40cdd235dcceed15b58d8069196e2c0dfff6abae7a8577a40baf51926fd1e502bc37112 |