azov | b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801

Analysis

max time kernel
140s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Size

32KB
MD5

6468ee100d88c71d55dfdcf4e30f991e
SHA1

5c520d2d7dc4c9e5d536d3aff998185657d40ac8
SHA256

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
SHA512

41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae
SSDEEP

768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U

Score

10^/10

azov ransomware spyware stealer wiper

Malware Config

Extracted

Path

C:\Program Files\7-Zip\RESTORE_FILES.txt

Family

azov

Ransom Note

Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov

Drops startup file 1 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened (read-only)	\??\N:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\O:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\P:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\T:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\A:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\H:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\I:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\L:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\M:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Q:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\S:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\U:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\B:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\E:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\J:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\V:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Y:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\G:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\K:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\X:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\R:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\W:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Z:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Drops file in Program Files directory 64 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-125.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlOuterCircle.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ppd.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\autofill_labeling.ort.DATA	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-400.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\LargeTile.scale-100_contrast-white.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Common Files\System\ja-JP\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Tented\TentDesktop_144x56.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ul-oob.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-100.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\34.jpg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleSplashScreen.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark@3x.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\SmallTile.scale-150.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\call_failure_post_purchase.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\AppStore_icon.svg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-100.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\GlobalMock-A.Tests.ps1	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-150.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSmallTile.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-32.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FirstRunCalendarBlurred.layoutdir-RTL.jpg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN089.XML	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-100.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\meBoot.min.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Common Files\System\fr-FR\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\x_2x.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-48_altform-unplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-36_altform-unplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\logo_retina.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\HxRuntime.HxS	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\3DViewerProductDescription-universal.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Glasses.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
"C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe"
1⤵
- Drops startup file
- Enumerates connected drives
- Drops file in Program Files directory
PID:1760

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_sv_135x40.svg
Filesize
17KB

MD5
ede3866723e52edfff56afebe2697f63

SHA1
fbd371c525306cc84a1a98bfcaceb1585589fe49

SHA256
98284a97a7fede901d412ef95a8e1fb2fa168d46a9f6bce0b660e63431aef405

SHA512
3544e99097a7665b47b2b7a3b955d71adc39af4fdc37d99c27a5b8377035206e094342e557b5e2ad0a514735173f7f9f5334981a0accac38ed24d4b94cebdfc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\de_get.svg
Filesize
5KB

MD5
3d8c6dab0b08dd6c3279bae4be2a1ba1

SHA1
687cf472969338df9aa297db30313d03576ae0ce

SHA256
431978c0af7b4e5a8253081828be0540d0647b5968cd426b818394c3a021dcce

SHA512
439e43fb011b97497aa9d31cf93f1361ac9b934d602979c6c4e8393a596138598d2b5951bcfa180cefa1735d4153fc45cef3f2599081e74f00b6b6de1bf1b542

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\id_get.svg
Filesize
5KB

MD5
3fad98e29b7962e4d979bba6d911c7c8

SHA1
2beb4b19d9f48097733763ee50456c6c0e78b426

SHA256
19bb6db5013f30ed20301eca3ec1a8facf3b65f3c0960a1a71754af6eb9d4c06

SHA512
680866bc5c99d5fc48bc6160750b4275d747bc6110b3f17b0c4c9102dbb37b401ce8d597113b2ee45b95d5a3b4b7f2309da6d0f14c1e71f72cdee0d49d3f781e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg
Filesize
5KB

MD5
b2da5aa379003951dfe11811c2344177

SHA1
340da63f754a6fd99a2f1f5d0d68c5dc70b1be6c

SHA256
bc9a3febac1ae26012931549aaaa80a7b31b270bc4e7e031c46e0869f6b0420d

SHA512
651e76c2dc1ac3989f6ad3fad3c6987ab1535dfb34a5811d53fe66d0180bd3b9ec74c21bee72b728406e53870e3928f7d0f62fbd9fd0c017268b9c775478cc0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\id_get.svg
Filesize
5KB

MD5
bb8b6cd18ee0af155ea465514d9a8026

SHA1
e5714434f662a20959e34e8338933017c9816ccc

SHA256
e2a8e0cc5cdfd347157246247e275284a6b4a0823d6fc2b5afb73a318845270f

SHA512
71ecdecee307d5965dadb00f72fc3f0e7a70fcc5812bca39b825a0225f53661cfe394bba52d3a6e904e416f2d9cb206d1378f32b0c5c9d8e3d1d6fab1037f1a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ja-jp\ui-strings.js
Filesize
823B

MD5
3c75c9aed9cb504dc7eb63ddd782c3e7

SHA1
8913bcc51f12159bea350bf59c88880b8deae184

SHA256
9e09341b74634c4f25b97c78cf9a7735f8df99ca52f69c2b9b0fabe87d3f904c

SHA512
4b7b053135f4c073cb90ccb0fb21ca96e0d375f1655580dca2fdf4af74644a441d467575400e178495bc9e1f2b63ab76a8e0e3ce8d6f40068d48d279faeb8a0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
Filesize
295KB

MD5
f7cdb82aa34780c70bbdc10269cef656

SHA1
207bf29d98701509c2d9c7415cc8455b3340d1b4

SHA256
75e4f288a00716462e40b35eed1dacd32447e0a7c75e643d8106c2d091becb42

SHA512
9d9ee2d8b9ac07f5d578ba37d9d6889d5c6130213b8cd25e343d249fcf34e2254f446a60874c03152f13f68addca872df75440acca509c021f825b27527330f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT
Filesize
9KB

MD5
aeada2544e110423d4dd5090fe89a99b

SHA1
164c24c125bb6b5954936d99538aa9821cc44443

SHA256
d4d020bedb655d73c61a152e2cab0aa4528b3d6d802dc79f303b316c8ee6a924

SHA512
1380d4f834d7ead56e605d7b86d0abd2b3b83cf0ebe853c1a85b1bfbd3a6719996fc28461ef66749163ee93d7e4a6eca55ce02f5c8f2712328d5c8a704e3caba

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\java.exe
Filesize
332KB

MD5
7ee8c9b3078b2ed148010bbd417c671c

SHA1
a5d8b1e7d256de44d45c9f5839d6806b951093fe

SHA256
4ff9eaeef713e1b0ebdeb48f5089520fa96792e0c98df1b6bdbfc1df732bde51

SHA512
c7b31f558c905bbf73af9a3a1a7cbdedba60320588c01a9b605bbb7333965d8a919fd3a30138618b445f19c8046e129d3f8cd7930c806f82fb2730a62fefe50f

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaw.exe
Filesize
333KB

MD5
bf5ef6e8ebaa34af8b79914193db3a8d

SHA1
2f290da6e4ee13fb4e29ade130791acb1e113774

SHA256
a3f6ff1915e7edee5a23f8f4cdf771540ea466a38f5e21522f3a921d97909fa4

SHA512
87524012a302e6d6da2000c83f3b8f39e6dda8b17685246402b7b3befc256274df15a4297e2565df9471a27793f0dc3830ed90cbaa451b0b0db0c91e8f46b3cb

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77375\javaws.exe
Filesize
540KB

MD5
ececb0b706f3f2d045ae2cd1b6a8b773

SHA1
44b5891c0b65b7f654dcff078549db4777a293d0

SHA256
f61da8f1ef4daf4b2413e9c48b57e557551e30aadfbcedd83bef219485fa70a5

SHA512
bda4d0e3e5e6119d156396921693ca3e0f8f5e5e2b656ba3b9dc4f8a083ac4b1476c3e55de31faa1b32bd6ca7882b0d3553295d92f2ae45bb1bd84a26e8e83f6

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
Filesize
453KB

MD5
ca0fcb225ef26daeb2e67b61f08b8427

SHA1
e79cc69fde2f3907a910df4b6938bb9fe59eab9f

SHA256
322c5ad91e0320a64d226dc11b76104419cc4b88b72e89f4df1de6f18c445e9d

SHA512
2a7cad6268fc21806a75d93b9f3ed093a00fefb6f711ce5cd2eef517d9bf624e5cfe79e3c880aa4d4932291543a2dfe199f3f9dc81455e2314ef44c50b469dc7

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
265KB

MD5
daec282497ea3fbace82d0745544dd3e

SHA1
486e0fca9178d0709c719240378e20e391bad779

SHA256
fdd277ee87d9d82b47485f6873039b3be96fabf8e723fef515993f649a5f4066

SHA512
9f1bf7f9cb96ebda799d505c99e42d17ee500e6cfa32a64b9e6997f42d96ddb3ba2dced9e8acf58d256e2f63605e80b42567202e72e995e11992178316422300

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
Filesize
544KB

MD5
2f9f17f846e131917ee01d4aeaf665ee

SHA1
059a08052da97b9d74e9981011906029c0235f62

SHA256
dd791f269329627516c8bf4bc2ddfca113ef173ba5c6247dda24d92d2a28b9ad

SHA512
4e56302746b3e5ae3210e110374a896f6008054e33b7138b0a4488e88c722044854669bdfff8b8eb5cd9c064e6acab77f92d0319cd40f700c8d3a854cb2843ec

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
Filesize
3.7MB

MD5
dde83430dc458fe0c8a35f13493ced4a

SHA1
99e3bd5bb2a9c52b0ef23ca8397c93ee94a0557f

SHA256
664d64681b4a17fe6efbecf66d9f7e2f4067bf62ab71edc2a9c546cdc7c38e55

SHA512
f96597cb4f9f00e86b8bef469360e12c6faac86d806201d4981ea49043cdc477785124318ddc0d6908c3a17cbd7ed8c704a566bb438a5bc8ce34ae79e5e1adb4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
Filesize
1.7MB

MD5
720123a2dc510e755859aea4040f69ae

SHA1
91edc20655f9c91b1072a15f345245518199ab18

SHA256
627e76b7451d217af22979b8ce2c11d3c5f966233210bd390a7a4bb37e419c58

SHA512
a57db29bb9d565a9ea5333f7e666ffb95a80a65f1bc282d6ec5aa2b57ba85c306ae60526b9ec1ed26f0cd3196ecb621d075cdcac983598fe650e6e7f57858575

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
Filesize
1.2MB

MD5
716b4ebe43cbb4049b9f9c8f16a93266

SHA1
f9ac27edca59aaad090657d5a971f1417b90079a

SHA256
c0805d1c739f24424507a455fdb54591a7dc3edab1f1616deca782481238f71b

SHA512
6a3e0f27b9c0fbd7287cb8aa143f6cd63a84511e2082b05e38c9dd8b2514828089a92b70f637e11decb916d7e2376d0a38f0f5da53c378b5f4b660ef6840cc79

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe
Filesize
3.3MB

MD5
382d02118fb180f80a7cdb1be072315c

SHA1
c0d3fe917aba95438f1b2a9fc670eaed252dd647

SHA256
20192a41f99e1c48f70caf6f9cda69647366bbf55d5b570643101cc1f0eefcff

SHA512
6460962e92e2594cd5e5086f2c251485a16f4b76e63d6bdba66a98df7f7c27e45b6d69002c68f6bedf8568e5e4e9f11cd0e736f4385d45434fb8f1164704c9fc

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe
Filesize
1.2MB

MD5
026568573d5f1c616871dffc7a652562

SHA1
22de47ecbfcc533292d8d1f5fe08212fca686281

SHA256
58fc053a81f89067dcaa85350a0720605639a440279ced72172afec177b417ae

SHA512
8c0d2ea03c2bf763fa3fc00d672524033852b3274dd84db4eb63c056d0f369d5a3461b9150a7cfce9fa10656d7be517a69290e6ec49e64b8855b62fcb4afd8b6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe
Filesize
1.7MB

MD5
13aa4c72310b86939739811d820ed707

SHA1
50a6c61c4088d375aceb441d8ca2d86353a3aa4d

SHA256
89ff5701ba59ec617d14a3c712e8e1fc52b15f5cec1acf9de602395e79625276

SHA512
885b9f387f6d599ab2394a5de937d08aa0cdfcb97e7dd78fd43385d46f4bbb58513998f9d91f1c1b4bf0303b2fc539f23a2f8a7355f790e438b5d16b31d696e4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe
Filesize
2.9MB

MD5
e21ee9a01b2183a61b181e43994cd840

SHA1
b98d591f82fd6f9a8ead3206b89ca0d59b4218c6

SHA256
49d0e08a3d463c4c25342154e807edf2eccef2008c9d83abceb7091809460cc4

SHA512
51e0dfa834990ae224e5421b97354a05f8af2b60ad6ce2c5003fa9601e0368567ad5eee414f90e3535f993123a36f29bcc48042aea3cec5c30d1dd03d116dac6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe
Filesize
1.4MB

MD5
5e1d496312e7b661fbd4614bfb6187c9

SHA1
ed6cb45f892586ab887dae4586bf088fad7eec19

SHA256
cee0e93e34cf472ce1a9344db0456fa8a5a206bf3fad66c1c9601572094f8129

SHA512
dbbebb2cc50ea6ee1e0018c0ebad1f92351b48f85902e374751f1a79a89515efb25648f4702fc0afc04cde58b75abacaa8cc36fd142b247918aefec37e774cbe

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe
Filesize
1.2MB

MD5
d5f78e46410e8d29abc73f490fcdd30b

SHA1
058b29591d96f3ca92bf7c656fde42a9a2dd2fdf

SHA256
71a7cfc0e6c646f7962dfe196ae43e9ecf0765610b8af6a0e9500cbb8beefbc0

SHA512
e5a658a525289d2dbf63d6d626584b05285f1d4fb68de4f7a7a77c755b3c9ff4d3c84d7d1ac077b5560c19b748b532e4b87fb05b7e79f9759841daa4eb006449

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Filesize
3.3MB

MD5
18d852756990d270314e23c3e11bdae7

SHA1
09576ee80adcfdd98ad9a4b9db7217e2a54018af

SHA256
e916e604ea8b523131e7fda0e5432d687b8c453c67068d1c524d84ba7944cb39

SHA512
dda651492626813e166ebf8fdacab14c0295ead4a85fca39671ef3a22dd18817cfec91efdee983223fc30899eee3661d5179118e9230a7c8a026356931e140af

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
Filesize
1.2MB

MD5
bb0d86cf291a9ab42e93a30ce3bb0fd3

SHA1
d9727374ecad5a429c77a5f927726f54dfe0aa08

SHA256
0e1c4603f9776bced861dd245337f83deb5d89754843a902fa0eabf6344aee00

SHA512
189ee2711e52a607a24b84d2d81c97fa8f1280318b3da9730a52eab34d4c8e7e5b92a19caaf23298ded45e87a38f4c59ca1e3040c236f23fd7815a1e64046059

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
Filesize
1.2MB

MD5
cccc44a4ec075bb6077fb6b199af063d

SHA1
f1deeba38dc861192bf990893957af892d582442

SHA256
604097a5d7c662dbccde2dfd4e667679dccdc97b6743ca976f6c5f9706c00158

SHA512
5c5acefc2f79c23fe612c6158b89f48771743f39467ed1437fffed71f12abdcc3e461da76d80ef99f3cae66e705afc3a0db1eb69f5bf6c4906b69b8bd2a529b7

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
284KB

MD5
927a71cb217c3590c7f9e0f42a222a8e

SHA1
7a99acdbf33893613df24aa709346d24197a1afb

SHA256
2eb5ba1ec4d3706fb197c6ba13b3a7ed7267a26ffded26f89e3e2f6bafc9ca4f

SHA512
e567058008970bbe19926b7e22577e3246fa4a8e97a2728a12ccdbe67fa0e8db9c99769b444d69bf1b8f9ffff7a0b808ec502a8fd3ccca4a4b96bc6247f5afe5

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
666KB

MD5
42414fb4d6aa2ee706a6ee9d84f28843

SHA1
59f683e90bfe8b482fbb92d5e4e2f11d9bc2f53b

SHA256
7692c9498cd37434cc0d8907221b53360ef3af98b57523500b9a685502dcbad8

SHA512
77bcff161eb25a3407380c43f749f956327c80c34b656f86e050fcd528674eae3ac97746970ab6f489b7dc5f04219b1c5325b59c5f7d400446fbf7b6d2009323

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
1.1MB

MD5
0d01b689bea76c00ee88730ad29b79c4

SHA1
5b85b430826bc291fff467719d664acd89455b01

SHA256
3e91f846e5cf9a03fa8532dd76126bc398014d9601cdbc2f784c998347f7eaaa

SHA512
675a210a0b7605e39c182a368b79e724b7b1bc55ad770861174bbed8c598055a04d9cef7754e8e2356f7a7ea08f54e36b95fbd9de61d23fece30669339459bfa

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
832KB

MD5
d786511aee594e3e967ecf1a29e5cd0d

SHA1
077581f5232298284e6295f3c4ec50b89b9dac57

SHA256
97389f3a2fcfc66868e7561562c440b31af01d045cc17a270cd4acf7565faa8a

SHA512
64060753cbd2c7bcf9282184fd91820d670844814293886aad16048740b0d975e86085b1ac366313aba14ee1abb37b92bab20e98c2eb64934928143aa0094187

Download Submit
C:\Program Files\7-Zip\RESTORE_FILES.txt
Filesize
3KB

MD5
4f3332a48d767cc5bdfdab755d84a450

SHA1
d7d583c08e82f39637d8209447c2c9cad1478f01

SHA256
a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

SHA512
0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
Filesize
350KB

MD5
09f8b58507fb502ed9105eea20eea7a7

SHA1
cdd52dbdf33b17b1206b46ccf875cf334d0bf5ca

SHA256
f8f9380004e7e27203d4a2ead80c6a37c87303146f497eb26f045ce8dd673877

SHA512
51a419780037ca98fed4efca050d29b305fe303fc4154a31c49d176e373182b5cb3c5d0e6d174604805e51a8a2a07942c67d71e870c84837177a0b792599ecbe

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
Filesize
4.2MB

MD5
88a7309fa4e0e8c7315f88f1d92bf660

SHA1
4cf8dd0b31dc89c60490b1764842bc886070d9f7

SHA256
0c8a56793f2fcffe43d1100ef3dd999c806e7ef0674095761039079ed6055985

SHA512
cfe9243612935a774823d0d95c5b691b51dcebddbc99bef39d24b89ae86df84d49d7e1dbb5514d8b16041b599db1236b78b7f0c4e24bf29848b16158f58cea11

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
Filesize
2.3MB

MD5
519ed4af18a7c69e6d7e1e9003eb3240

SHA1
eaa147f4044f40adc0dca1881b47c8383d404948

SHA256
78565fe14c44912d31767fccdea9e116c0b9d012819825fa30c40641777cd5d8

SHA512
c9d1519dc4776418e108254dab9c87675bf156d31b22c4697f1bd8b11119ba163289e097f3fc3c865dfd78e5a98e46a506377672c0200f05982799e60017e425

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe
Filesize
4.5MB

MD5
114048ce6a8354a9c18879417717cb78

SHA1
43bc47b341672ac39092fd4b11c21097827ebc90

SHA256
3ec90474f9a613ee628f5ba8e609faf220fc96429bd92131c33547bdd8bc0be8

SHA512
3f74c365e6685e16f90c05276a0ee08148cfa93718e47053b65845d3ef73c961a29ae457d8cf5133679d77ffe9925abad4398f359f0a719832ef37452637191f

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe
Filesize
1.8MB

MD5
a4ce1df618e4adb751538835867f1076

SHA1
7d34a889d4bfe5efa2b684062d27d248c9d124d2

SHA256
ec90c3dc7e66150e35456452c7433235615af936f96f50a003f1b425780cd80c

SHA512
2f39041fd9bf6f5fc22b023086a04db99a68cdc9071b4dd38921d034d0d76e1274997ed66d9b5d40f37d3eb4d23121a043f094db77d79ea0897cfd002dcaaac5

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
Filesize
1.8MB

MD5
a28729c1a9a76247c4ae82ed4f0e434d

SHA1
07fe7a620f18e3fff14a2223bcfa06839d6761a7

SHA256
c185273fa8a168d17b575ca06dea2503d13e1af8e2555ebaf4fdf15e47a556e7

SHA512
b79894bf2237bb3b11e0f253c132f22e2b5066eabab0d177dd77a8195f20dce395aeeed72607f12d62f32fee0e48f6bc26c110523b946daac490a6268ab79642

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
Filesize
1.4MB

MD5
4f695083dcc677b0e8475536d2d636b1

SHA1
e9dece1df97f57f7852f93ee32c6f1c26b31ba02

SHA256
60e8d252fba744f2c3eedb86f0501238c9f6ac16e19bd3918453b6060160ec10

SHA512
3eced7d15b2b9053f8664fdbf5785fcf30d61694cb845154fe443beb0537512044134eb69f4ab9b5c399ec4a00d6fccbae73b6b5ea66721b99c7861ab08da2c6

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe
Filesize
2.9MB

MD5
895bb92f029723a760c699264cc68ab8

SHA1
1bbeba20e8d7adee8c3130adf75f20499dfaf156

SHA256
aaee9b3efe11ac4236b69011ab58b01e0e2c8cabe4229d7da13f6685525452c8

SHA512
1a707b0aba7cd1c82f8a58f78d8e73b98b38ad226aaa6e80df5f767b37963da7372aa35e2f09886b2cbd10fbb476211b7b85e2f0b4c04d4ff37b0bded81de495

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
Filesize
1.2MB

MD5
99a31dad840eeeb564aeb4972c3829ae

SHA1
b80d4e73220ee11833fe5d40e78f76c8ac861028

SHA256
691b1a20494bbd229c24bc5ec22e4861c37fb33bad613da51b6fcedb302a40de

SHA512
9a4614fa64f70222c1e5f64a569184456248ae6ee71a9f3a7e6a7a3c0c19f4b8facb6d9a53c6ab61d1bdbb7c59b515cb2f804a17bde82cc8826f883127ae124f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe
Filesize
332KB

MD5
97fb0f2a45c1d7a190c34f9626ac1edb

SHA1
56c4214920ddc9f73a81bfa9281b007ee5e2f501

SHA256
799315c4a69224ca5dea53639ddb4d005dca07161b1cd3c2cd88628c252c1fd6

SHA512
c7c64c36cd178c1fcf463ed88d0625d4680a6e235b02c02ee2b8eea8c0675271b66ec4b85a7abb1fa54e4046929f4dcee8d695a238cf2cff31d749895130ca36

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
Filesize
333KB

MD5
c08f125e94b7193ce3ce2cbcfe64ca79

SHA1
171521f729ff1dccd929b568cd59f948f95e744f

SHA256
dd2c8ab0d1be29bd35cc694cfadd10c6db610d9f1858ce43046788bc85196e80

SHA512
8c9378ea044fc44d1bd27ac0ba66359eb476340872c2b028db91f6a94b4f2fd999829c2fd12da8d4c4bf8db80711b3b228d9aea06b5da9566da5ae44ad801937

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
Filesize
540KB

MD5
e61395d390b9a78a9681481c41de55a2

SHA1
39b4c025fb32e8162a4eb4bb393db40632873872

SHA256
6985e4a0210614b0703c0942799007198144cd1217130d9931a33bb2bc307576

SHA512
08cffed319fb93c22f5c1d5fc0a53bb6943a7e85d074474a07d26666edd546b5f53314ba20723376c35dd824f813f316ad37cb4d4f549aee3bb89625512e5641

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
Filesize
332KB

MD5
42013264291d093d7009026751a7db43

SHA1
bfeed6632585df0dbd26394a0bfa8ea8556f2963

SHA256
c490aa2d6795f84da94f9bf382bedddf8b810410c0c350ae2b5d053a0cc59986

SHA512
f87d99565ec3096dfe5ede508aaca83c12015fcaa8fd30dd41047f2967422038c6c5fcb4eb7d127a137751a5ecbebeccff0ac2b67df8364261c0d42db58d0adc

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe
Filesize
141KB

MD5
9c88ffb69d73cdb893adb88ec5ba7624

SHA1
5e8d628709fd7948e19904c30dea1b1698fd487d

SHA256
df256f69786d5a926320ba4a18302643868a786419acb423ce67eebb5fa01f26

SHA512
e091da0b1747278fa3b9e6430046891c81383b5fae046d6719857d7d8e099529f7cda365292223b3c69255fdd8cb19a8370287fd1651ae4314b19fdee7fcec2b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
Filesize
333KB

MD5
bc732a26cbc919ee54e86d7cfd7b3b72

SHA1
5ececd9ac41d6e1eae487e909f30171b0aecbe3a

SHA256
8ddfabcedafc2dbb935c28e2a113f308378024a783283d4c297baa7e0ba6610c

SHA512
2424289972af9f0f2a4636d6412e5b00ad442524d59f0d2cb5f013504213ce5dd9d6da8ce99a54d3f8d1bc8abf60304cd46fe0f28faf01137b8bc0404c1e6bd9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe
Filesize
540KB

MD5
849bbd1af0eaa05a30057375ca1cff39

SHA1
dc9e7cb92c4b4daf04d19cd8d352724cc7305f43

SHA256
05c25688da58c29464774b7e76e0433c56f9f56c80249f010b22e1b1916b0aed

SHA512
b4c409490909bea73bac0ba9f2fef7326400ca65c90cc8dea9dc6bf9d4df82ba831dd0fbbcbe3e944206e52118ed71b841988cc17e9b7bcaacd2dd581770a523

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe
Filesize
195KB

MD5
2a173f6d10bd1983e90349866eab545f

SHA1
4897d28e8cf9e879f58d69c56deadda2d7e7a893

SHA256
bc7f64eeb7c9493c09e626326e21082e7b1f6164b62330b371529952834eac76

SHA512
79ba434d4f8ce1b037b9cec29e5ad6ab0cca5683bad0e349b637bcf56e7665dae89460704d81d4ffb60367d78d8b3881a2aea2372d9e5dd8096809db36f426ff

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
Filesize
137KB

MD5
50ebcf53eaa2faa1ba3e2f15167b60e3

SHA1
0086a3ba78220763906348a9a8b1a910c74adc8f

SHA256
0e0c1f66e71851cc593996fb8515856965d2ccbbc81466c256f0e466c42c8c9a

SHA512
5d5d694d03531682c3d0135173aba1cedac8854a36870d1e7a57aa2a31a7a520702433ad1fc80c18ddd45e3052b09afe9a360f07d91f1a12423ab550aa7c8c44

Download Submit
C:\Program Files\Java\jre-1.8\bin\java.exe
Filesize
332KB

MD5
6e6ae11b5358a64785acc136000a7a7a

SHA1
1122cf5eb9d6e296071bb29cbe0eb9f2181bf120

SHA256
7ef002382ebc096d12f801964bc05da41de1a491a6148296cc74caaa630259cd

SHA512
b44642a5a2c00dc090d37d4a27cc57fa40679648c49b93269e6462bfb27d94539452dc34457b7a0735d0228937106a7e7f6cccf310d50173cd75f5a81ebae5f9

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.exe
Filesize
141KB

MD5
f5b0160be2fd8628747fa8b39ba1c528

SHA1
65539157877442eddb3a01ea15c33d46fec89661

SHA256
d5ccfce455a7f993af66796412c4fbb9a8f9a080a1cc9909af97e846907e76ac

SHA512
205d27175d6af58f7a73bcbc0710b233aae8364b589a860e605f3dd3ba9076681b6fdc1e5902e41981a4621ba685381b29fee7c9995bdd0ab30f90f2167ffcc4

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaw.exe
Filesize
333KB

MD5
d0ed81659af0d95f3767d8bd4590b806

SHA1
a252752c6d7055c392585c4c28bd60fa4bc55e9a

SHA256
f9e3ed7238f6d74050f32d4423264c49290b11900506af36dc0c806cd531a921

SHA512
9a09b30fe54b632d52004358e9657cf3790c34a0b9f157834940c319f4e1546162778b6d913aab1e07ef969d75148218273326f837944720b21fe48a169d1421

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaws.exe
Filesize
540KB

MD5
0c1b2c755431c5c78a43ecf5a0ff7f04

SHA1
7f5070854eeab93585fa63f65cf8ff729c446324

SHA256
8e0084427579edad22364d576d888f570222a47bb5d72c642d3e5f3dd38b0df6

SHA512
75910bc324fd3862cec061224036f8ed028423861cf433867f2dce114ed0b3cffa2c1d76cafa4e1380bc61fd6ff06d962d645cd5408c51163ba3e52acc48d852

Download Submit
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
Filesize
195KB

MD5
545f75a4447ad62226c6501148c71f69

SHA1
22d959237fbcadcdbb991be7ac87fa268e7b1aee

SHA256
9670ba11590bc53013e8c3266a134ea5d7ea439dfe2627ce35f768e174ffea74

SHA512
d320c792aa0fcfc20fd3b7e2038fbce764b18142c4ea63e9d91dbe44b885321520735bc1dc8a4106f467775621861a3d44833d4a6dea3ae047ebd6963c16d06f

Download Submit
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
Filesize
137KB

MD5
84b82b95f22fd9de639e3805d97b0146

SHA1
0341b9f4b6b7c97e294bbd479af52b47b9e7d312

SHA256
89893431198b9e1c8c801d54037cd73e41dc57de01dd7c25f3f34e2595365d5c

SHA512
bc8866ba550516c3dd2300feeba1d8a38536e43806b8825e825a2854f14ba68c2bd4584151dbd0c51734e9ee2b89a2d299237c541c5fab98b2a522eb0b2247db

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe
Filesize
4.2MB

MD5
336b1fbf494d81f1411e7921c0431a75

SHA1
ad2f8a2f43e514e8e0d158a98e1866d5ac9d2a2b

SHA256
5a456ee56c907cf96501e8efac2e228f5cfbc076a1c5470241a33f086d59c15d

SHA512
1fb72d1390dfa966307d4d2044c4f3079ec02f0f318b35439c985222fa2616df3166c9b7c6a249cd6e54208d0fb80abf46e07cbb34c9050637c37189524d9785

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
Filesize
4.2MB

MD5
995d6d4a62876b26f0ae2f1e5d107064

SHA1
05da168d1efe47bcacdfce8be59d853dfa1cb039

SHA256
c99a9789661701c3fead23485c317b5fc828c3ed9af60e6c3bb7256e9e5fc020

SHA512
d39f09e993a316975b13ada444e15f8cd77b54affdf85de12bd0ca6979c4313ceed04a34ac398372e1c63f6b7da01151319926d85009dba6fd735db16f760ea1

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml
Filesize
1KB

MD5
3a15abb83d06af497832b2e731f8ac77

SHA1
9ec0f3208b32be383616c719172fd6281d4bc2a4

SHA256
9936e1104bc72fd260b27caa74cf214d20c3ea1cfd525bc81cd10f622be45d35

SHA512
f44016dd7b219e359b6850056c44412a51da0e78df7b5578de164ae9c2b41a5e923a83c2ebabc4802caf04760759d8dbb82eaecf1650a40b42386374a1474084

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe
Filesize
274KB

MD5
b9134b02939dc7fe6173c47a98abb43b

SHA1
c845532b86c1ffd868b0721088e1efac542c4097

SHA256
6bb136b43fc9c22f45a184e24a4f46af2131bc10648f205d50b883cdffa82f63

SHA512
13a67d7d8f2ccdc58f88e407ce0bcc3ba5701d0ac804a842250a27e85a57bf60fbcfff8468a48bcff9885459774304ecc871a0120a3d4381e7717dc33c068872

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
Filesize
588KB

MD5
a63b85b78ab64518b25475722a7f7c9c

SHA1
e2fdea594fb528ab1633000dffdec6ddce76264e

SHA256
28d01f623107dc2d6548870cc464c6b1c08d5c66b55d47da065deceb2b114f1f

SHA512
57e6516c3dd792ce51010d0a1550e0d43c7858365fabc54f357deac527d3812b06197f4abd776f7bf3fb586738ccf0ef7019598f22f48320977d33169108a279

Download Submit
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
Filesize
6.8MB

MD5
8cdae5798b0ef2195ca70504c88e41c7

SHA1
fe5aa0b00fd0af576be1edb21ab9f4d22d6dafa2

SHA256
ba55ac382b78fc1536470e0361cdffe6a661d8257dd45876d7f9155c0a8c8052

SHA512
225c54d61755285ca9dcdbbd1aa14e6e882221d7cd672c135db67684ca131d2650ee1f6fe131ab544648741bd0ebbfdb62b81207eee2481e1d2e0653a534e73f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK
Filesize
666B

MD5
52e6373ee2ecf674a4cfea91c12aabca

SHA1
16a95aa5208197754417bae84c7b61faf6cc8e95

SHA256
7f6c3008e9ef21baa082c0fe302c6e32c21d17c6ba415b4bbde59d5b97922be9

SHA512
63c28129dc23f731ab588e0239f50369720deb6b37dd8e6d527e0aab1e9cfb6672db0e6b53f7a452d629db87f2befe6b5f3e26531801b90ae230d4fb7a1aabb2

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK
Filesize
666B

MD5
ebe6af9f59b1989a4d69281b4dc84733

SHA1
bcf2be79d2f700f5cbff4f3f72ec5b6f93960e23

SHA256
80ef0a702594a26bfd398a0faa747e153823b4e6c69e78cfc714f880b33669f5

SHA512
7b843e2303b29dc0c3118abd1f202df3a4cc8c7e1cf67b1def681134dca884701dc7b8eb05f3390d12c5de54feec8ccbcd9c2bcce30c64ab7e4b6aaf4196da83

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
Filesize
100KB

MD5
144af46e669c0b3766fbf8ef41d0cd2c

SHA1
0107271a4d320f399c3e4737a7fa06e121ffe5e1

SHA256
d4d6b26865fb4d92ae4f7a0e534532cc52309d8fece0bd6fef9043ddfd0bb442

SHA512
d75fe7e9542ce37a40b1bc3ef5e59c7bdf394c4d6d764a818fe641da9bf2e28e3477c8a64b5f90d6a5ad507e9abadcca52229029326d3c381a7e98ad997e73b8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe
Filesize
448KB

MD5
c184b1e177b3539443855f9806101512

SHA1
67685bad56fbd7badc49c3775dda6b9882bf7729

SHA256
c9f61ec130c49149230f9957a8be443c1335eebaf383e5161a98f4416af9bd5e

SHA512
35764fe52840e4407aafc5b0df7cafd5e23a811c2c060648d9321b51a9e537b7161ed1fd310025b3b884291ed49845981bab1cf006797bba25171b54dd9a80a4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png
Filesize
666B

MD5
865a3a87caf33991ca11f5ee348b884f

SHA1
0903c0ad837c4d8ac89770e811ba6fca6f609e8d

SHA256
6f7f286db4369f60a678fd538dbecbf704170663306e05e9e837af3469c5fb12

SHA512
1146dfccc931d725651ba9f71b3b0d63c62555e3ec7a5ef2e5717e56d7dfa00d2e6948586a44538f22e4fa487dd1f4063a921a9adccdbaa6bff718706eb60838

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png
Filesize
666B

MD5
0e5b385e03cbedb13ac82f656bb862da

SHA1
44de6bc2ae884a28bb76dfc2083cfd9b6288e1ec

SHA256
f076d50d70761eb90deb889952a2d584124b2633b7f3313973d24010b0fb05c2

SHA512
b3852ce36683579df4e26a66a37af467e130d64fbf31deb08a6e238d2c87ef4374dd4b462d67f428191507ffc604021d9f1dd704786142a319d496652afcdf8b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png
Filesize
666B

MD5
feeb0a17650903ce8a3ff0685233d8a1

SHA1
9f505e6ad59fe22c1faec632640c601d7c52ae43

SHA256
c3defb615d12fcc6120bd0ac7355a17aa680e1db1a1df139d93f24ffb88d919a

SHA512
9775f793bcfa0b054881f4c607ce7707272803c81d17a9f283aa42cd5775b5b38fde2ba050b50a1ac06f0558c1b019226446c98c7b06a87bdf2eae986ca574cf

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub
Filesize
666B

MD5
8f7dc7247439c07a0249ce31eba291d3

SHA1
bd4c3c48a1a7892b227417d20e9a1d199761a287

SHA256
8e422f1f502a6c690c3622235f9496fbd0f721c75f81d4965b853b2ae585e927

SHA512
e70a1089b3911729c54e44636e732de81be8dd645f7d07f4b851288145d66527222d899659c55264c2f3600647a010b8f3d72c45ee68de3fd919e6b474622781

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe
Filesize
876KB

MD5
6e69ee5fd638216acc063c0f2429005e

SHA1
32e9e247696f308b79c5c63c4b34b3a84de4abe7

SHA256
231f579a8ec4d71b54a10fd4a1471f60e3a07c8b4e71961c76df19dea363dd5c

SHA512
8ff08aababde670ce03be76e80349df5429d416b0835fff0149c7dec0576f981d623aa2039847b3bf0189a357b38d3051dca6c07cd3fb8c58e41bdc4202be789

Download Submit
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
Filesize
188KB

MD5
c605a1e5a66db191d77b69081847d6fb

SHA1
84cd690ff40975de9973a71fb0e866fde384038f

SHA256
f046e521dbb35c9ce8c0d7eb78c87d69d0d966f3878ed498b391ea32c4e7a988

SHA512
2aa2a1043ccc17abb904ffa16f45103b9e874f3358421904bdc8f0508b25cb7125832e6494ef550ec2e55cb73f7d589c3522a11dc56b2efe1f8d25b0d374da10

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe
Filesize
2.0MB

MD5
aef76f363be857a4dce0c06b0b2bca2e

SHA1
667676521db31224859dd76a34399a50dabfd543

SHA256
76c64e625c11bb6936fbea61d962f634d82cd0dd62deeeadcea5571d5eafc1e5

SHA512
cef736b97af58c0a69e226f32d14ce4315cd6f01f82e779bc07e1fe7e6dd89607867ce340edcb2695bec1cd718ed696ff01503674a0a7fbf8ae432d8628b3118

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe
Filesize
340KB

MD5
03f8bdeeafe1739f42b0f0bdd5ddf633

SHA1
7d995c8cdd0425caf8e4e99565657e58aba8564c

SHA256
dad516c7cd22073db0b15496fd140cb6f2dfdfb3c8ab5b5add26317410aaf124

SHA512
2150457f832f6121e6e7db8ffe7a43a29742a2808adf5ea8cc631596e9dd6e7032536971e389c3124659b8870c8c8dc690d45c766f68fc16cd1999dae9bafc1a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Filesize
6.0MB

MD5
478e269a7b63c4ed5482f4006d39b742

SHA1
f5578c31ae7d412f0b08e7c67969a88889f7bad2

SHA256
b367e923905904755d441bcbdccaaa3cdfa87df45669efb41fa2c141e18f8bdd

SHA512
b27ed1b6f514ba5ba3cc9db66b0431b27d951ebe36eeff16474a0ff37d3ea5409d7f81e707304051bcde228e20f7571d505c3c11e7e0110490b65137a490baa3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe
Filesize
596KB

MD5
94bbfcd635ce51fbefb1e3c3bbd2ed65

SHA1
38807bb45c0583da79797a229a6576a4a782664f

SHA256
9e68891ea1ce57e50fa86bf8fd26f3ba56946fd97f73a5c1e04fcfccb2a884ce

SHA512
eff4461abafb93b5856053a5b2bb4b01f80e736f5296a7a108996a72c123ffc44fe850ae55e42a49551c335cded0a0a966366b3194de58a0181fee5ea569dce9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
Filesize
6.4MB

MD5
95e6721a2a6b378df94f233bdf737bda

SHA1
0adaedabeacc97acd41ee88a26dd99c27a29555b

SHA256
1edeed717c89ddfe0c0a538678225641d7c0f7c204ee346ac566006ca95059b1

SHA512
59fc83d7f5c7962fe28a820ed8cdbfea35fe023afca1fc8e7660b02d48dba600f904a7bee0b54f7662472137239af78bbd91340b877b6930ce0a9378c12ca204

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark@3x.png
Filesize
666B

MD5
70bb3ec261095c8251f4a90d2a072aec

SHA1
871316553ec0e3e38c16a0be3701a6a594354465

SHA256
32b2b6749b9bf639da6da962797268ee7eac24a95f06de4b288557c9dd00a608

SHA512
3af133a27d41a9af93ab4b914e88a88a7610c254dc3973122784554556e29be2151887595aea121d859a8857984b36e6a5d7b2426cbcb83421fd34a60b0349ff

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages@3x.png
Filesize
666B

MD5
439c2708c26f8910cf31c463327d12e2

SHA1
b8d9acb8aa5ad7516eda77090ec59d456d1e00aa

SHA256
01a5a15e7c42a93a7461a8c10d5960742aed3613ccaf2561350e8be2f0a45f8f

SHA512
ee0f117e27b68131c5589c32087d2bb2355577ed82e0d731007ad68dee24279dd41f79e13dc492a757bd196aa08787697b072f7622ffac215bc158c4e4152f16

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White@3x.png
Filesize
666B

MD5
9066f3fb7e16794e8c40c02ec321070d

SHA1
f7b8d6ce33ff431f7f543dfdd11bd6a436563be6

SHA256
015f95266fb6dd1093ce479258900a834e66fa2c7f38ead44a5b02648fa35656

SHA512
c0c75bd029defa10ef847ebedc364cbeb07489ac9606dbb66584fb3bfaefa6c6191fa721236ff419a08248d438183182a8dc866a35596e8334a77d871f11ebaa

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png
Filesize
666B

MD5
4c9ea2743fc37027adb974be3bf226f2

SHA1
2029288d70118324540e6223db43a3a110beebcb

SHA256
6e22713f24e84eab30e49f79b7a4fd71866e5d56ba5317f3f072aa6e4803694f

SHA512
c135fe122e1c40d9526129858f094f5362a70984209b639e2fffcd6c07ec5a0440977698540e4f5834eb4f5d16017dc6c51a080eba630813f32019da7b80c2dc

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock@3x.png
Filesize
666B

MD5
be236295c59448e7f92ceceb849e7598

SHA1
ceeacc0783444142f1ec94120de3dc556f4badb5

SHA256
dec65ae0201c6ea2ee47b26dd619f85d795af9bd932f41fea448f14416284768

SHA512
60e10eab875b645f3eba39a530ee275115fd36056452ec41a66ea2578e038c0cd6c0dd1166067743af1fb36bc4f108b04aef8620bc89a1597fc9ef7dd84daf91

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
Filesize
2.0MB

MD5
e837ffb68270298f87f6017a5513fde9

SHA1
dd9ee536e870de293b550d9b8102dc2eab235d02

SHA256
2a6de9087c02b500154f6fab6bc0ac9b9fa7391fe1f825baf494e7b559116f2e

SHA512
cb98c78e69dda94b55737f20ef4ce4bef67a17162a22a6c2688158a78efad973eb3c0327999e593ceaaa072cf1114148a33372e9563119b1113941031b43f4a1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
Filesize
222KB

MD5
bea0c82ffff80d68263bbfe9ace7f890

SHA1
2a6b7b4af9b658412cb88abb6c79dbd963eb670c

SHA256
13f11a7329bfb066b8f610d95915d8d9969df288741fb1a72faf8d8b43e97cd8

SHA512
d6f515e92f477d9e84edec46afe53c238f312856055b1587ef87c8fac9185f34bfb56504c86c45a50a586f31f5a709974e3fc60dd614a0e6ceca3aa2b0b4494a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe
Filesize
2.0MB

MD5
9c9106ae1b7ff6ba65613c7b10d05867

SHA1
6a4f609667f78d23f0898554ead154feee3edd32

SHA256
5c0e8342b67ec99cf4ae46207d137f05fc1fff7911f943433651512b33ec0901

SHA512
f29d6c6499805c2abb0eccb7f832f92e0179e2187f91de44d3578cbbb33c82fe19405b1330a1ae9c08e0362d7310ee0a1aec567127653bbafe1399246719ff8f

Download Submit
C:\Program Files\Microsoft Office\root\vreg\proof.es-es.msi.16.es-es.vreg.dat
Filesize
64KB

MD5
64f728484fbf765b649b193db9be4238

SHA1
73a32a20a456b53920464298be69d8a5daddf888

SHA256
6502168407ac203bf8a25747b34656dc228ecb4bfca61e15b520823a33b3c9af

SHA512
62888d7de6dc124e9a10c28b2f49fb25286d2614ed60472e281d0a074b93024879e17bb5501c7d42540f23bba4423d64c45925223e0b7fd95cfe9dbc6ac02e32

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe
Filesize
328KB

MD5
c93da9ca96302b08deae430a57e55259

SHA1
d7437348f1b3ed950a34ade479f893b66a4975be

SHA256
6ad08c749509ffa7e137ff71d928f498d0fc65d2139fee99b3095f73538348ca

SHA512
0380f934507b1aef8d1bf86bc40ae6731a541357b407d67b12988aa018dbdaf50b8dad3bbcf2d0f006d93f146cf0b002ba1effa45a077a8fe736aae2ce37c056

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Filesize
804KB

MD5
2005e0511a22f464ec96ea04e83b2903

SHA1
b88c6da653d06a517d43ab3c14aaebb594216143

SHA256
a72ac7cb603c127b1df8afcf501bfe8bfbd1f0a7f922c25e2d0196ad8fddae9b

SHA512
4f7f6a59016bcf606ae7c5eaf515a08fcca017973a706075cbd3dea65292d23b22ac8bdafbbd9340bc0402a977c30e79e2f248c1041636691a36b44cd4d5f56e

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize
774KB

MD5
4700690c8383777ae1775d148837e9c9

SHA1
7043df6c717cc03d91b389b06ba3739af1e95217

SHA256
93ec4f628156316ee6f290913410970427f00db5e2cf30aa4aa5203156ffb8f0

SHA512
f2f023a324fca8a2526b55310feeb50b212ff98fc0e0a3c4db09cd61677248c9b587b9821589fb2875743550122f57b64d6f6eb85ae862bb739da4a22aad8b29

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
Filesize
284KB

MD5
6c9ab3f2b772b32bd67091d4d3eed12d

SHA1
0e2d46792322ebafbeb24f98c1441922a2effc78

SHA256
04b6af47c56835152310fa3fc18f25adff40ac110040a883ab5559364424406f

SHA512
519a3b0ec4b0d3249531140e069e1e3db9ceafcc2f72397b52b16bcd6c865682734f4ea7cf75d9e3f99b2414be89b56f69ad24aef9bc298320fb0289144538f5

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
Filesize
839KB

MD5
ccfb447954025a16e745bf20bcada426

SHA1
38a8e623c1b27ea28e4355b6d216c17b60f0c77e

SHA256
efde5923f7977c7d3f51a84c1ce6927b3b99f7d9a16ab26403cf50879621a3f6

SHA512
840139dfa5536679bcc456acdd41c26cde3b9db87069b353f55362af6340a6ded39e8be0e8e7e845c746a9da5364b70693081c3dd1b733a98ccf14f3c2540ee0

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe
Filesize
123KB

MD5
14b7b9f4281918c1784962cb8bcfac21

SHA1
fba8957ec9f1e8824e488528600e0fb35bce8ad6

SHA256
55e1ae50a0f3fa654fa761b377741714fb8d0b87c7e189c1b5723e67606eb629

SHA512
ef1c9c1b485a0752c11b66ce513ba8773c74e78ba530b23dda1bdb5e7cebcc4eb173e344e6d7fa6621fe28c8ccbf4d0779987af906b74b38c543c3f3fd6f389c

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe
Filesize
401KB

MD5
45f63bcaaaac56c6dceb5b36014c827a

SHA1
c9deaa100eb45923a110f9cacf49f33bbe20ff1b

SHA256
8fe4b46c02e8deee923589946203ebd0ed99630e49f81cd2faca2786432c5a91

SHA512
881f8e268c70cf3c9fb462e52f01564269074ee133b9d67dba6e727e521ac7617c835d9536c5dd22bc25a08cfb0502f6fc050af1219f6f1a1a39f88b2d488b34

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe
Filesize
454KB

MD5
a5e119de4dea8a8e7bfc0dc38bfb2530

SHA1
40e19879523e69ade492550abbde6236872ca3c6

SHA256
0edd7f76a98e220f9bcf866a464bc5ee2489bb8691e70fde6845e6a3d560d22f

SHA512
b65ab8d14a2bc660afb1aaf8c47121e78e82b2f540f9f6ee0f99a685815a5d9b081c09f98f3146ab708d2326618ba2da53126e52bbb76995c547c437b5cd1e81

Download Submit
C:\Program Files\dotnet\dotnet.exe
Filesize
182KB

MD5
6d5fb63defb97ccc986f1c80205dbaff

SHA1
5a62059aa7622dbe356464eef67e619124a73913

SHA256
e44d36b89c3ee01be2184fe6c64c020058b0ef5d51a5b7795016b862c195d801

SHA512
0f7cb54398ac6ba3df6adbc2493d625f458ee14b9e491c4c9c9ff0bcbd0105b4fbe3948a66fe7106301c0fd94c289bc8dfe08ac92a392c61e93c95cd7cffbebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id\messages.json
Filesize
666B

MD5
bd2c3762c2b4fb3000ab5eb16a4c1986

SHA1
ae4430d41c453399cd75f257b4e3d6bef085be75

SHA256
95fd91af7f453ffbf2a138217d0be39c2fab7ddf40abf63213cb46573f775fde

SHA512
6fbb96dd26436826f0897e7fbe13c2b79e9544fdfb85be4ea63a341e0969751019c2cfec7cfdc164530aaf15b72b7a80d0edce6a60f49f75f5bd88df280bd9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json
Filesize
666B

MD5
b8d0e9b8c2a877d968a2174cace30c8c

SHA1
8333a954b47e301536a1a4bf8574b70f21c8106e

SHA256
2d3e18f7cc955ad35e55b2b75434d57cc8eda36e1fd22d7ffb3edebbd2c9fd37

SHA512
feb8857ea58d0999160e923ae54e468e7861cc6823b42e45f07085ed745ff9c4d7bfb27207bb86f9c3811d5efb910c12022c37e691d73b1606c983db7d71dd5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW\messages.json
Filesize
666B

MD5
3b086aed2004ad0cbdf3cdb125b6e23c

SHA1
b213459837a6fc420ab56b30deebee1628040fc2

SHA256
fd7298af398fee48691b9ee9169c03d4ac4cb234b7b1be1690340e5dd958637b

SHA512
09d7972569d23d63a9789e74ee9b7d75004cc8d385cdde9bc26191c8e2e8fb0ccf1814c9a50dcc74065bc5451972123213cc9becc245849798f50b5f3f96f960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png
Filesize
666B

MD5
7a220f6d765fc30e245956e18995d1da

SHA1
5ab0c85779ffa0ec64ec8ced5b2e0d1d529196fd

SHA256
fc8479a2c17d3032dcbe2b98022d922f6dc9e4ed360778e33b9a317ff7789c6c

SHA512
92a90b80d032d8e370d77dd6384a690c73dc1106fd489d6171cc6303d68b819a2795e24e77ca54cd36deaa97efabba48a771e92d6aec386cdcb602d045c4b187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
Filesize
666B

MD5
613ab20ee2a3d1a9ed94f65aee317b2c

SHA1
8a5815f6f715dfc30d5058a1208d334020ddb628

SHA256
c1c50f22dc462e9813542f5a3acff32d0ea9265129ced98566d3c1f804f36721

SHA512
aafb8d9c35e392a86473513b4f26e1d69e1e2c37e6eab960f4745636eedb03b287c149676d2517d3362bbd3c5a364ab1f7cb2139d42f8ad74ede0140229f9a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RXB2E2AL\Windows[5].json
Filesize
666B

MD5
85fe1484be38d813b3a642690b263cae

SHA1
6595b160eaabd10b21598788d7dbacd8b1938fb1

SHA256
e748bf22b191e8ec2b857756d9ae4bfe2c711de367ffaf2ad435c16fcb244e9a

SHA512
7f06ae96268ba2e07ff8e4fc6285691de84121ba94a452bb2af273d2ce7eed0870964a406f58b781c48720e9e6732a2d3e1941ca2663678133a3e1cc1c7e7df6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534306944423988.txt
Filesize
48KB

MD5
e306d7f147442d867dff38d57ccd40ef

SHA1
c3e9d6ad9ff45b7454c68f869907cd476cd4e249

SHA256
8e3d9e7b914fae78a26d16b36ee8c0b049693061411278165e6dbd9dec6e9edf

SHA512
289730b5ce46c67161fd4d01383614d19f98c43e1d77184613f05a06f6e20eb5e0ffc976238954728467398b45300ee6d12968c28038410d1d8d0182c49e4548

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534308575517263.txt
Filesize
64KB

MD5
93a829d9acf6479929a96e189dc83f82

SHA1
87c2371efac8dd2fdff56cb18d9bf6718018847d

SHA256
b95f6f293161a4ce15621d364a46e099f698e495824de429b9ec833d733d996d

SHA512
986963cfeccf49f2795f567f07755177b88110da5725290c480dc5d9c791411029d8ce9a41cdecc3a2ff227ac23ea99a9c38eef78db2d6987381c900a0af928f

Download Submit
memory/1760-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1760-1-0x00000000001A0000-0x00000000001A5000-memory.dmp

Filesize
20KB

Download
memory/1760-4-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/1760-0-0x00000000001A0000-0x00000000001A5000-memory.dmp

Filesize
20KB

Download