azov | c80fed268a0c461e382fe561fb0e94f41f4d1c4d611858bc56ea6118293e3de1

Analysis

max time kernel
1793s
max time network
1486s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
Size

32KB
MD5

6468ee100d88c71d55dfdcf4e30f991e
SHA1

5c520d2d7dc4c9e5d536d3aff998185657d40ac8
SHA256

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801
SHA512

41913eb5adaab42c7ebff547421c0faedede5a3356cb2aa8b92ab20320f73766101056853f450435281cf31e7f32603c62fbd88fa3a680b19abda5d8cc9a98ae
SSDEEP

768:QzG3EG0IUJrd6dQar/MjfW33AMar6q3Fu:QKEG4Jx6Ky/Mjo3AMa13U

Score

10^/10

azov ransomware spyware stealer wiper

Malware Config

Extracted

Path

C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt

Family

azov

Ransom Note

Hello, all your files have been damaged without any possible way to recover. Feel free to commit suicide. [Why did you do this to my files?] They asked me to do this... The hatred is that what makes me feel alive. That's what you secretly have fallen in love with. The hatred is the force that drives the life forward. The hell is my paradise. The suffer is the bliss. Others say the hate is what destroys yourself. I say that the hatred is eternal cure. If you feel desperate you lost the files. Use this despair to create the pain for others. Make them hate you, it is the source of your power. Do you think why the people go to schools and kill others? Why do people make terrorist ideologies? Why do governments covertly makes you suffer? It's the essence of the future life. All we are immortal beings. When spiritual is not a way, the antispiritual is your victory point. In the manifested life you have a choice to be with us either be against. Sow the evil, reap the power is what I say to you. Saw the good, reap the weakness is what spiritual says to you. When you hate, you feel the power. You feel the flight. That fly is the antispirit touch. Use this to multiply the suffer. [How can I use this power?] Find inside the source of bliss. If this bliss goes stronger when you see the suffer. That is what I call the source. Check that by looking through the news how people kill others. How the people dies. How children are being tortured. How animals are executed. The death is your key. [How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text. Am vizu der strotum la fictus om spiritus.

Signatures

Azov
A wiper seeking only damage, first seen in 2022.
ransomware wiper azov

Drops startup file 1 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened (read-only)	\??\W:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\A:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\H:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\J:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\K:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\U:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\I:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\L:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\S:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\T:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\V:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\X:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\B:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\E:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\O:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\P:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\R:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Z:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\G:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\M:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\N:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Q:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened (read-only)	\??\Y:	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

Drops file in Program Files directory 64 IoCs

Processes:

b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-125_contrast-black.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-48_altform-unplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1850_20x20x32.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-40.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\BeLessThan.Tests.ps1	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1851_20x20x32.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-unplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\PREVIEW.GIF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\InModuleScope.Tests.ps1	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\bg_get.svg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailLargeTile.scale-150.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-256.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\THMBNAIL.PNG	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_scale-100.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress-indeterminate.gif	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\faf_field_grabber.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarWideTile.scale-400.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\3DViewerProductDescription-universal.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SPRING\THMBNAIL.PNG	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlFrontIndicator.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\create_form.gif	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-20_contrast-white.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ro-ro\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\variant.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessCompare.rdlc	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-100_contrast-black.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-100_contrast-black.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\GR8GALRY.GRA	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-BOLD.TTF	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-white_scale-100.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\s_empty_folder_state.svg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\RESTORE_FILES.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalStoreLogo.scale-125_contrast-white.png	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\music_welcome_page.jpg	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-cn\ui-strings.js	b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe

C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe
"C:\Users\Admin\AppData\Local\Temp\b102ed1018de0b7faea37ca86f27ba3025c0c70f28417ac3e9ef09d32617f801.exe"
1⤵
- Drops startup file
- Enumerates connected drives
- Drops file in Program Files directory
PID:2680

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_sv_135x40.svg
Filesize
17KB

MD5
ceaad5d14ccc7f0053805350fa246a4a

SHA1
a3cd9d559454bb0c15be6f2f67352cfafe65ea6c

SHA256
3ee9d0c25cbde6085751fbb5f549255bf27f8a4176af20bb1768da8aa0bba35a

SHA512
4a2e91a73baec71cf5ef9ff230a99b1a9bee549d9e9f3155ce2f4ec782dae6d0006d9a547481cbb5e9b8fc48608d95ef7f5014a24496c442dbbf94938eb7cb5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\de_get.svg
Filesize
5KB

MD5
93ba2e44191e8eec33ba3bc3923cdd5f

SHA1
d6ba96a703ab0efe4398cab6b71a7f39e9d66ebb

SHA256
e8ce2a66863b7d4c4fa44f0bcf863b66aca208425a563b881488da240aae1b42

SHA512
97ce5e4d417b05137352a8e5147da713d758f9d20163a6b8f48191213f06186a0be9179dfe386ea8579b94665f378ab0469837390b8351743c3aceeb87250b77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\id_get.svg
Filesize
5KB

MD5
d7a3c3934b206ac0165b6e95e10e487d

SHA1
e63fcb650741c4a0e9d8c99b7d47896a8a6ad750

SHA256
6f37d1d3a11d63045bed0eb062f85a09c3be0df184b47633626f0c0ba5845e0e

SHA512
328865c36022ea72279a29d62e71f87d85f6404b50fa168173c69c18362a8c358b7fdea327dd144bd42274523bcc196cb7d2be00e7387cec5969f9af6b0867c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg
Filesize
5KB

MD5
9fd09e86227b6120116d5331126af9c5

SHA1
2a66251e75109babbe70050590e1dda981132d12

SHA256
a218b5b3a714aa675506b495b3cd21c1c039511c494e364b05bdf101363d217d

SHA512
aa8cc1cd1521331d693eb4ab472a88ce6a1800cc511e61f25593b666be19a704eb8fc7a51e692b045b438b6f20362c17bf42d367b101912c58564b4846a73f0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\id_get.svg
Filesize
5KB

MD5
d89244c228dde9e2b95bfb563370526c

SHA1
974bf5fddd5f74c7fe6eda3511ba6a468496602f

SHA256
964d0d30a836abd9cfc0afbd81d92eda8f07474555101c018a45d0b33aae73f7

SHA512
692250e9cbeb97f956e8d638c487e3db542c04bc32c2e5d8d1902a0e3a7ef66a4b9dd243b7b573e8d00dde4c0659397700f019690b815329483e2ee2686cf9ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ui-strings.js
Filesize
823B

MD5
503ffcc4fe5f52d02d3fc4f5cc8d6266

SHA1
ea5740aec7de05418dfb22a1ad2de2b0935f0c35

SHA256
120a5ea0023d1d1d1ec5a884a47b72eae4e20232b678cbe7a9de341897845f8d

SHA512
ecbe585eca57c20b73ad8728a31392ee4c6969615c720e28057a117dd57a479c798147bc3830cbe42539490963e3730d62abad82f4ba7039fd077076fce3663a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
Filesize
295KB

MD5
dda60decf114a32c340493432f7e46ce

SHA1
c14a5a32bed5c4afdf2a707993a5ceea35e27db2

SHA256
eb32cf2ae03f0bfa658df94077dddccd73e435c4e9af3cb8b4ae93a9e5e72db6

SHA512
ab0eb74c72b9266c18d126f1106cb5e71624a70e418aa8cb849d1e0af79d53310ea32ed44a39e71468a22fe134fe2d618934076201e8f73dc3697da65c7dd2a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT
Filesize
9KB

MD5
3a93dd17bebe6a365538fcbfee2b0ab3

SHA1
144715c0d04806259ae4302990b5e21c06b66dd3

SHA256
3012c612e2ec5c5a682271409232a719891e966e6db526edd0262943d3393f01

SHA512
c9c707e0d3ee7010f12234955a7ed84570a9eb6623aea6c4fdeaff0a776b950ec32a91c3287d3678e58630d8b42b1f052171be5ea68214265935ddf396eb1860

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_74000\java.exe
Filesize
332KB

MD5
3ec94de83fa881fa8259043c3e95eadc

SHA1
ffb3043a6ee9965ea6f0c6f504b04002183c2f62

SHA256
033654eb8893f5e2b456f0669648143548ac9a1a03da710fffb4c0d2696dc13f

SHA512
8b1510f518b7f15f727e4a6791174ca529c33c26453f482b53154dea6e763efcb89f1c346d828decb3a4a3a7536d8c1db3f1902f750d8123809e3afb05cd84f0

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_74000\javaw.exe
Filesize
333KB

MD5
48f6f9fcb042e687bbcabf99d373b13a

SHA1
aad4fa163c46827fbc2a2706f126488629e34aad

SHA256
4b9e8744da790db5ea73760e5cafea4418baa1ee089acdf2c2aa07a0cf43026d

SHA512
8c081593dace6246366230e41922db9230e00d71ab1e646fb819a06c7e1b10b29e94a11c0932e7b0d2484908b556d66c10b82a00679d54cae115d3e7d423f9ff

Download Submit
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_74000\javaws.exe
Filesize
540KB

MD5
21e1d1c8c4fa48201f99f748f1665977

SHA1
baa15854004c0816902c6f287c634239375cc27b

SHA256
6f6e6f62455e6c1d4ab223d499254bb19fe05b7ef8da2d84e3a12be912ecd1c5

SHA512
57369b69985a45570e8e13e04badbc6a10fc0ce58fcf8eea381e746115b7e0bde08789093d96d1c527f6c02e751aad11e70e898180a0fedc6cf540f2d8931eef

Download Submit
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
Filesize
453KB

MD5
e7c0ae1fbbfbcc51a8ea85af0bd028a6

SHA1
1f4c86ee1137e9ac70ec7c9b3312b5421dcd4e1e

SHA256
276ccf83f3c4f8f0e1c3d0d3780f48b44f49147c763df70203c5a6bb5a35fa50

SHA512
49dd5cf9611d7b7f37535dbd2ba04a9501dc569e9541cc2fd4bd8bd41c36c507a31935136622f37985279d5f68ce99bd42165bdbff7a8667cb6d1be667b3e71a

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.29\MicrosoftEdgeUpdateComRegisterShell64.exe
Filesize
265KB

MD5
905e91f6e3fe011048ab8494eee32a5f

SHA1
8f1abfbcf1fb50978d96dadf8b8c811126cd8292

SHA256
f44508a76d25f813da29e8682c856ac4eef9de3092fd8274272ac5b726ee640c

SHA512
1ff517fdd983dc1abb815f30900c132f53c94ba3d81214c5cd794f77d6cd53d7c8b373471b810168c67a5fe18f380bf6644c9cba0e38263f825b0daddf36740f

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
Filesize
544KB

MD5
0c7ecf931a7ac5369284153ee31a678c

SHA1
93198eb6465c7fe1c305c6f6db5a714a6f17f03b

SHA256
59f5ec5fa63363451a179bdc8e1feaca60cfa14f4f3ca9c0a783318caf884c3e

SHA512
d9df96e5e4abdcfb40dbe867088b3fe39b03b18c768cea7e1372b79126969865820aed2a04382cff05f53268e124d2824ec8dc73d2cbc8a0beda127002ca19b3

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
Filesize
3.7MB

MD5
5df8ac815c4cfba5074cb82dd8545100

SHA1
70433b0ba268d349dad8c24213d0442a7a6085b0

SHA256
a6049dd17349bbf358c6bf4799cc2d6badbd15c66f1102d11c5521854f18b1eb

SHA512
d8c42e4e1cb760ee4f2b1f7bfcd351e6054affe7ce16b64bfecc361f20734d93fb53f03a9767ef3af7076df691ab488cf1c4fa26f765d2509b52f1b0ad09bee6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
Filesize
1.7MB

MD5
24abb29134c7c316abf24da18dc45f50

SHA1
4a914a8d3ec0856b1dc72677e8792d63f1e0373b

SHA256
18d83bf9ab81e35f0e8e44ab495f58557b2fc74138a11538524af4f9537db256

SHA512
9afcab5104ef12aaaa56f778733946be92bee4f96d2b3af9737c0eae25a4efed8aaa09c3c2581cad559d9929d1cd59b0c15baca86a7f04b807fdb3f7d757401a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
Filesize
1.2MB

MD5
24808bfed531689952579f1e9b934027

SHA1
dec754afa60f18fd1a4a33f945aee2594c0d74d4

SHA256
8bbe7cb0e99233257b1c9bbca9b3ec5eb1ffaa8a97388be243df9eb01fa855e4

SHA512
4463ac6cfcff909984cda23ead3ca286ae2a82f113712a3f346fe83bf560a50c3c98c26ba0fa9b8278265052210292b8528cdcbb1fcb8e32326d731b17953ad2

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe
Filesize
3.3MB

MD5
c6341e450ea6c1cc8d3b2617696910d7

SHA1
d9340d353011cec5ca0bfd585748e70d373a5abd

SHA256
2d73de8d4c2bfc748d4a811d49509c952dd85d375309dbd024277497709173d4

SHA512
38216e21ece227dff201b8235eb72650658c72c6b98e4dd41a8257a2ab9fcaf4c367be9a0e9e9d42e9e8234a4355198ba621105cb09e809bf69770d9f3c27efd

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe
Filesize
1.2MB

MD5
fbd57f75a73f84f995438c58b889d404

SHA1
6f35eec519dc9336a5d224aaf9970c4b3ec81a65

SHA256
51479d1f099bad004b665b125f93f229408954fcba15426f97ad69cd8630a2f1

SHA512
15ed6eb6a33904627c1c7671daa02d5ce51fe3bd34ee6dc7ed4186600036017bd3a16bf5936389e350049798d09556829e965ee90cdae98313f3e03e5e6429ed

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe
Filesize
1.7MB

MD5
41b9339137a3e2f4e570b9799150179a

SHA1
91d96d20dc55f6409400e25136de3a1e71dbcd34

SHA256
a0cb09d40f22eb52f6765ad71d0de19faf953d64e4ae24f640bc15b8587a2418

SHA512
d4d2afe2abd4a4553f76fd3dcd31db83a99e63d7988670ba79b2a4766d4d8a83bd2b77d2183990ef5d5e7889ce73e319296940c6ae77d05897a951db838b390b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe
Filesize
2.9MB

MD5
5ee8a1a1e4bc44ace25e55201921072a

SHA1
c748bac1db025a77cb183e548362e70dd78e793d

SHA256
7b591ad50f98a7064a149a829b8eee3507b120c285f4a04e4b45a0056c4e3814

SHA512
e18dfc770b40467a6b28f83bf165ff7bfd760340232affd2a8180ae89d447a28d28d003530ae197fdc79623e9de0eda1d8ef008855f01a2a43661f47bf5d0b5b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe
Filesize
1.4MB

MD5
8b0dd966c141e42e9b0d6d5f91c1c205

SHA1
661c72889378a4c5068be5b42170dbbc46fcaf8e

SHA256
963a7d3cfe53562c97cc2e84224abbda8c09bdf8334612fb928537eefc93348f

SHA512
0879b421f69eb809bcd8703a5499a3f3b0af9f222789cc1bb1bcf0a4d06d7b0f2d9618d666e892e3e58571799aa68db060e1a0759fc0e60ca64e7078bc63a0de

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe
Filesize
1.2MB

MD5
a8a89d45ced86da61ef2b53fea482fcf

SHA1
983bc782b294172cbfae2e6873346c1cbfba4e7b

SHA256
511496bd73932c00e8cab94121c314c88f5487ca73365e7d86d1358c2f134ab4

SHA512
bccdf0d1d4bc93bd456d89d55ec6d7ac595600a8a140aae271fe5f9163670138eebf2ba1a11c32b05eb11a8da074371030a2d6f9526f2ff7e1ec5af163af090e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Filesize
3.3MB

MD5
df20a12c7774a4dbf4d262a7588cf782

SHA1
3d5cee03b0e094b0a96f124af8034bf03e4293b2

SHA256
53c9ebae3f84b4b13614f21da6e98ad9d4998b0b5a6c2c55f098f25fb404d5e6

SHA512
18cd496c7bfe570100966649c6526051c070e483bbcdc3c0b363437b1eeb80a0e816114249acdf55852eab1a3f584ed14984f21acfd21f134d4a6a01ccc7f8e5

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
Filesize
1.2MB

MD5
4a22789329d53444846fc0dd20ea7bc3

SHA1
11db5da427bcde41b16c85daa0f75e769671a65f

SHA256
42aad15267ae407705947d8798064db9c3fbc07bddd21ba54369639f49553366

SHA512
715181eb1c46e1c32fa3cf69cab18710d688bd4edcc8740eef68c5ad499f57176bd7d6eda8524b2b4ec92fcd0036c275ec740695b4b4b3b259f62e6714205299

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
Filesize
1.2MB

MD5
31710364d212abbab230ee06c733f46e

SHA1
1a052b42365634dcbaaacc71cde478d292dcd80e

SHA256
04b01348378a0448f7fa832ee8e122cd6b375517f6384490880285b98cc3b6e3

SHA512
6070f0bf0d1a7d73c02407c12d8f37d1505d2e5947f23da717c48ec8df1976df40013dd0d0ac144b08bd9c8a7227850893ac13bbcd3d7c8d4c5fc73be56b72c4

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
Filesize
301KB

MD5
ab4b1ad43a06cc150fba7ae74e024751

SHA1
2b37b5152b66ef4028ef3085b99266484b0e53cd

SHA256
136557e8f053f09454e99b81ccd9259b3277733a1a22df15170ff38585d3ecf4

SHA512
48c18fbe53ee63521d7a45a1412fe46677f854a9161dfbbb912de40da36bce044c3dc23ca19b180d53ca0b24df50998d1d8c327fc98ccae104cb06d06e39f453

Download Submit
C:\Program Files\7-Zip\7z.exe
Filesize
666KB

MD5
601ffa91a2c9ed87a53e6663f834f7d9

SHA1
0a4a94e58315ada9b9a8e82b1310fce7821b985e

SHA256
47f3ba7dcb6097d00c2fe11dbfd8bbc75a4051e4b7370dd46e95ee6acdef9bc9

SHA512
0ed1c31dca2002e7e6096d971ad06df691050fdc613c94cf3b24ae8f110b17cd589e7a5834662fd8f98fe5067afd1db8eefb23dd79623be73d405ac19cef29c0

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
1.1MB

MD5
4f01d93fa0904828044245b95c73b7a2

SHA1
486be46614a5c9838c9cb4976ba0b94b57b45f5f

SHA256
6a18043c99ae36ba3c9e267d2c194b6914362920d7a9a43857c7a14adab9dcdf

SHA512
2b873a7a98250ecf0016d86a875460dbb538fefc6d6f7e743bed30d532b0a85f7155ae9dfa64c4dfa36660fc0624b1ccb7b6170d81afcb5353c1b71fc2d07bd2

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
832KB

MD5
6ebf00fd805df8c7a95f6bcb39861da3

SHA1
949f6a31bd24f0dc545fb11e456bd572d3c71020

SHA256
2626fc2d1c8f034d83b4f31ce6cc66e291a1e70f6dcef325d336d3b1738b8770

SHA512
c5f379feec83e35071c38e86490e166b3033ae166ba489e10b5c61ef54c16f6402ca643e7167c8e2505c21595dc42dff9efbc70393e3ffc335b61c0436762f1c

Download Submit
C:\Program Files\7-Zip\Lang\RESTORE_FILES.txt
Filesize
3KB

MD5
4f3332a48d767cc5bdfdab755d84a450

SHA1
d7d583c08e82f39637d8209447c2c9cad1478f01

SHA256
a04e8cc0ea5f7e143eba012c2bc470161f1faf9c904eb233f777ced8e6e706ad

SHA512
0f60de7622aa69ae0b209a1ed54ec7ba0f6b81b597565e64d41845bec8c471a768ca8622964260c448530f637492aac31a4fc5ec95de147ef2c0d89149c2a66f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
Filesize
350KB

MD5
7b5ece259e0f376c6bd806c11b1a9151

SHA1
387cf62ae915e95149a0f7f5834d730b6510a802

SHA256
1f2366e1fcc45aba7ff05703ecfc993d7f8ba57a8a40b13dda31411fc205e61c

SHA512
292707ef926db63ee236551e7d5db2ff6a4035e89073ec92c98386b0118332f0e4df255945db5d7c8ff01c5c91280b2c37398d05bf61ad51232d7ee2bbf8a90f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
Filesize
4.2MB

MD5
aa5f3a02ca014aba0cb6da993ae74868

SHA1
7821e97d32dd29bd63cff750415a9d526e83b0fe

SHA256
a303273ff095a6b2dd8f25cfc91f67ebc6d42671ccd7fc4fa527701f69e67404

SHA512
781999c2658211661c660596fc94390292bbfd8e7a05a033a1efaf5ddd929d3bb7cde2fa93ebf85ffa2c1aef45681c4742bb83e7f139a967252fd495c8c38caa

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
Filesize
2.3MB

MD5
d8995194ede1e2b5b2727776e989bfca

SHA1
3f2e5d42201363b0a467ce7239bf052bc8054fba

SHA256
879797ae7213ccde4d42341a64b781d59c27b3f8cd9ce579bb4340391cfe0d27

SHA512
1276c1488c310bdcfb263463cc537a8547ce4083951138974818d85aba4a4e3cf8a351672e0d055ebf18f771b30c4b7ebb9b89b9fb4945b9031c0b27fbe52807

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe
Filesize
5.0MB

MD5
67db663553f3f1d9106872a7afba325c

SHA1
26c782350f9a4ecf24505826ce508bcc31cceb64

SHA256
fede88ea9b37629baeb746f2f8f5731b60fa04bf8d8ea36b77a3c5fe2ea6067c

SHA512
305148ce175d1407a62f9f6a13b8cae038f9e87c4151c6ca3f92cceeeeeaaf8f90d82324cc7fd631ae2e5b41ffce4b03ba036af0240ae528571560ea91e5fc8a

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe
Filesize
1.6MB

MD5
d3abb46a637a3d8821f62043bdfbcb15

SHA1
72e68cf68fdfac18366e126c34d82fc7db29a836

SHA256
c6ffe7f99273b483b3e18e4a69f21ee6caf8b3c4e6e7109757fd47162721be36

SHA512
7710422d7f57ddbd106df08fcd14a1f460141cc1cdae9ec9e0a5b43c2a9ae2f5bf7b1c1a80c4a6ad6828d1a531353a929c322307b99697a8ed0dc369b49d72c2

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
Filesize
1.8MB

MD5
de61c3e433bcaa7a159c63c5eb74f6c9

SHA1
bd7bd1c244d70fc8b6cc0871152406e3818ad4ba

SHA256
675662e35b1ddf4abf3dc2b20aa2b046488cfd35b243205dca1974ffb02e8b65

SHA512
d2f492112bc95cee3435c6cb30e7ff75a734a9c1f7967853090da54c48a48e7b78220017cc44e26d48b56fe53357cec4e4753aac417cdcc670d4bc9e220ee5d1

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe
Filesize
1.4MB

MD5
1a2bfcbbee8ff1c8f7e5388ddbb5370a

SHA1
278a0352c5d847b6f565462aeeed1e5e0306adf6

SHA256
e88e9fdf222082105e00ee58c35f41118095f7341d443177dadd401f3911ed79

SHA512
ff9c73b20b3db85a3c12d076eff5fbc75463a5b49d67902b6c115b674cfd79fca0567f69d351f2f01dfd6f4ea713a8369978a5b56cb2edda874cdcdffbaebfd0

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe
Filesize
3.3MB

MD5
b747c233eec9b72b67e826e0d5dce0eb

SHA1
5eeacde38f6e68878212a5cc0ce0d8a33cd6da8c

SHA256
2e4e2932d0a99449af55b8264a1b698f05d75e19f7f4733dc1a7f1dc64d40337

SHA512
f921ae4804bc59a591e8db57e3bf8193580850fe277cf55b53bbdc0d75fe8abb4f3e299c283683da4d84177bf7ad7d0122fa6beb15fb5d92f350dffe92ff3507

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe
Filesize
1.3MB

MD5
61728e72784a5cf2deb4fd6a28b34345

SHA1
9a6e3c24b1827d2a44538637e01e022eae83d855

SHA256
13a47c5812206f5753d6cd8ed46222350b78fdebacf1d3ade907eea74116245d

SHA512
3683b9baad37f41d14a4b408750ae5a02649141d722309a908f88dd6541c3275b5176d6664d3a7c5135222777c16dfb9b1d278d1b514b03d51d75de58380966b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe
Filesize
332KB

MD5
4d5cbbbeb70843b9a11411a67bc8b37e

SHA1
389a9e5159134ff81c90675b8cd8e09d335f1970

SHA256
0ba15e1b29f6054bdffb5792e81080208b4d8568df44827bbdd9d99609383c8d

SHA512
5db49a2441f1e56e41abc1ef4a831a3fad945efab7b11cb5848080ee4a85c3da92358db1e9ff3ad932679cd1b66541b88237b9f31dd1e8843151ae66996f71f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe
Filesize
333KB

MD5
fccca957d1d1de20dd3a96e39b3979cf

SHA1
a3d205c0e28d279a98b816e46c321a442766594a

SHA256
571e055ebe41e60427c97e94d8457f473d39527ea828d7279b25593cbca47097

SHA512
e5747c1245e081825dc65d7e9c909d1e2be5468ea070231215a9d85e484cb5ea93b00c39795a411ed17f050123a8b4dfea1c3efc0892222474030cc5bfc9279a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe
Filesize
540KB

MD5
72f60eb2f28235f2986886446c3f0b95

SHA1
23031b6400e4a6b3f991e028eee5873add374c6d

SHA256
b2fb807d06f7427d3162e9d9d4c5578ca790c256a84b855a7ba6f4972f77dfc8

SHA512
bb2c890e29ff8a60c99ea90fc7873bb40a4d67af684a405b89f6be7830d4180a81be431bb87492940d17f99fceb9099709838bad0e1d6b34a8ddb21f00d05838

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\java.exe
Filesize
332KB

MD5
07d12eba9d68d22b7028c09a021b4522

SHA1
8f0ce0c7d2068505cc3f9c01f560dfd1bf33df3a

SHA256
b8fbdad83f436fcf185b2d3ac138170d0b3f4b62505b05064a097fe9dd2875f7

SHA512
eefd3985e233a0ef4904e988e8d0526a21c90290e1c28a0aab05b36dedae7a12a91182961339e7cceed914f1ece1a6218d5b6e12a1d9218331f0d958eb5d9a50

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe
Filesize
141KB

MD5
433548beb835b87b3cc8b92c2e3d2af4

SHA1
42a13905af9b77e77f5b55cf0bdfdcb24dc432a9

SHA256
2b8b1909796778899e65f173082ae0bbd0674c873bf6091cf638d9a91db073ad

SHA512
ae911681ab22fe675985fe86ee211e86d00c857b1771640aae71557712ad7727496dcb589c65f1dca6c8f09926177001e0cfb15ecd0fc80d6ebecac3f6942bd9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe
Filesize
333KB

MD5
4cb7dc9964f05dcb2d969d06d6ac65ea

SHA1
722f27f8aa67f71eb3b7ac085209772e28943036

SHA256
bf720011bcd45e7c8d329a547062f246c1e7efbead1d2ac3b23917d923c234e2

SHA512
84cf3d63d393b06f6d66175b712971b4dcf62ca3fd8bdb5d181281a012ec51efd3438f166f739cb2df10acecff19f4256c6b363b0f25aa0a1725f014b9613dd4

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe
Filesize
540KB

MD5
d8f7b5c3c24227612b018d684b1336a8

SHA1
48dd5124663410d57f4ed5fd67e16b07cc186eef

SHA256
b0240bf7b5cf106af29db78550a234f7b5e4b8307c6232fdc4ad305e6fc8410f

SHA512
140115ec2cd711fc96b46f5289b1a0768a0ed8a6ac60014fd8c2de5960d7f22418323973481ac3333e6a56f18b8ce0131f2e84e955b0c445958698bce908d40f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe
Filesize
195KB

MD5
573dfbc9cd7b801a480796c36c7caa70

SHA1
0e7e99cffafabdd20aaa0c7afb0a4a1ae88a423d

SHA256
fbee2e6ed117163cc0ee8d01eeb1ad67780541513210b1f9eac6f631ac17611d

SHA512
b7040f93b37db26d57963d2cd0af226516b70e8fb0877a58f255e2b8886f6530ac427712f13dad57be1bdb699356455dbea667ac4170a54a1843b7295706d5c8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
Filesize
137KB

MD5
f372b48535d5b756f0804d56b71f12cc

SHA1
12b0a469fc8777f4fc849dc556e7c8e1ef826ec5

SHA256
7ab6977e8b72687cd5c8613462f5aa9922694a78aa46360eab016ba8bd5d64a5

SHA512
1f0888354c22314a0109191448bef884963bd908c9d0b22b65861d9effe0ec4613df74c1842b65e389cc2c289e533335537bd22f2e80d422312fb0c8b3103ab8

Download Submit
C:\Program Files\Java\jre-1.8\bin\java.exe
Filesize
332KB

MD5
d114500676ae7fd789e0fd893428c7c8

SHA1
3718274fcea552b09e819b662f06c1382dcddf29

SHA256
95790caa1bb8c9f325701b033a1ff31bb3b2d7954e643bc45ce6f03c3937acd5

SHA512
721b9e6f5aa3f38f3452fc65c36514fb46f23816c9a5b729d23e021a3b42fc21d3a94b0732797274092a20b43addf590bf2efa1efca16797ef4e8ea8fce27dcd

Download Submit
C:\Program Files\Java\jre-1.8\bin\javacpl.exe
Filesize
141KB

MD5
e07625d238c32b4f6c80a5b751b01e27

SHA1
54eb56d1b0fbd89d0c72fec874c770a7a9c9442a

SHA256
5065f6ebc8b0eb5e23776d4b73c5ed8d57171704958c3e7890d355c07cbdcb59

SHA512
51bf5827466df7abe948d408e4daa77b87bdced201fa8a5dbc2cdc428e4e58a5bb5fb881a3eb30b72f8e1d5ce860d4fb4f8c4ec949c130626518bc8886888d58

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaw.exe
Filesize
333KB

MD5
d1019219a82ac163e44b573df1b2df87

SHA1
602b7de41379df58c9e82b5a7036a1b65994e750

SHA256
ee179aafef20f263f34679db5816f83912038688e0c46788b4572bb61f2227ac

SHA512
03a7efcfee1d9374704d4b5df69aa2dc51a5a2f0d747cc01d1bd837e623626f2f2e0deb4e18dbbff921e402d62fa51b654ca5f14414bc20f115749751c8df150

Download Submit
C:\Program Files\Java\jre-1.8\bin\javaws.exe
Filesize
540KB

MD5
9eb4aaabdbf2cf800ca4233fcacd4b5b

SHA1
e85c3b35185099e39f912e74b49b4c8d0e43baa1

SHA256
0ab2657e6820990a1e613aaecd0dda65b0ff1a67cad23c8b0d5ba888e771c624

SHA512
5349c330661fe80039da3649a392d5e240c7b8a6b76eb7eec6635cb776c642954623cd41dadb8997583451d823adbf88ca72cd34c76d0cb59b76dd24f4290fbb

Download Submit
C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
Filesize
195KB

MD5
e194070fc36094dad5f4c144a49adbef

SHA1
0dd0152fae296f392421aa41cde145fd386d582b

SHA256
c0bf3e3056336825e41174b409da79b060afe5ac31a6fab12fe1bab45ace3c33

SHA512
24b15e92e12d2e3a4b4bbcdac62ef60dac9c681ff6a913760f40a12c4d5614e55324d0f0085875ac66898239f385ef297bf28af4f4a0d33e0c5c91bb5d374f60

Download Submit
C:\Program Files\Java\jre-1.8\bin\ssvagent.exe
Filesize
137KB

MD5
fc3db7ae7148f1257985f7818e3c8be1

SHA1
b6a95e13aa022dac46df68526f81ece491efe0a7

SHA256
c0bff58205cd125c570ecf53ee2d9edba6cb034d9ce4e8a47ba0cd1b9dc7c739

SHA512
2d79f635af2d71be1a6a362d8fc78e82d1def34812095d9bdc6a8d8f908d171e40053d748309135a48abe58a364bce8d14d99ca4a23d040d93b235547f57a169

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe
Filesize
4.2MB

MD5
123460db2c01d8f2c92060325dc7852a

SHA1
73bbeca7307e359a6b0c2b0283bd12b6924ea06b

SHA256
0a3496945aa1fecbadc4f3a013de662699492f3ffdde5e5da59a29821e77fb8c

SHA512
db5874e04e019727645257c297fc9bb4f6b1c13ba08112a29233395506dc628ba13ab511686c823707b23de41c8c4bbfc6e3b4409dda959801b7019799a5330a

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
Filesize
4.2MB

MD5
afd77b9368a6e292923ef6f6be5f14f3

SHA1
08d7974e0c879903743d1aca484d7e799ced082e

SHA256
8f4611ab4f2e2a612592c9941267347d987ecf4c7c0d91eff6e57d096a767079

SHA512
3e30dd705c87853886602de7d1520510d1bdaca2aba2e69cb9a435f407003a59b9da37393c5128499f67c14f500d86442bd96713ce96724896d2225576656480

Download Submit
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml
Filesize
1KB

MD5
b7870807928e05347720f846883e4933

SHA1
5012ff7cc55f16a229034f2dadfe7cd893761e10

SHA256
263f9b2ea8e1ef36fbb1a1b3a0c208382a999255ef54c8ef9d8d82d3c3239d05

SHA512
94a180192a4281cf9308b8c43e79b4e5c66b91f1443c43eec2abdd69c29e9fa52615413c037a253e4e31422b27f90d769e817f3b83362164dfaf954020a3d630

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe
Filesize
274KB

MD5
eafea2f675ae199e7898306f70bdb35a

SHA1
43e37b5cca4b9958531ae0b3fa020fdc1a90d6ab

SHA256
1f48854c155febded38594acd198953897c592c3d7b0713fbcc1f79a317a8bca

SHA512
c826802c13f641660873d861d0f72f7ba3f0a8c67cf14bfe99c7504eae649b245d9b4148a0dac213d03fa960f5f713e4da81ef98fdd0108077a228e30407ed7e

Download Submit
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
Filesize
588KB

MD5
17315b3ca9c6e05eb92510fba6952125

SHA1
d97253ef66ab089f422d294ed613a6bac29fe7bb

SHA256
fdaf804a86c8fcb4aced0f6fb105d99d565c4b3236743fe1d2bb9dbc4b0e4230

SHA512
27b2ef58fad856476c66f8eef44e47ff319cf2963214d73b9900224bacf1dc973cbea062ddeccfdbe3f3eb75a64f3a72107996433f6fc00c75f16f9e0f456d8e

Download Submit
C:\Program Files\Microsoft Office\root\Integration\Integrator.exe
Filesize
6.8MB

MD5
701557ff55d6839af9273029dde19370

SHA1
1f875e9289117f593bc3c4b90fb0e0754c7fee4a

SHA256
e68533d2c40b6e662650d76f27a63b3e8c6da13272df534817185d2244ef1d52

SHA512
e02b84e60810e76beed76bb9a5a4a970ac91b4304b6a4bb543bfaefc10e819f29fbd71849abdd6e3671b7cb602b7ff2c78db1af6ad7a553b66a965e9ef4f95d6

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK
Filesize
666B

MD5
2f050e7ca222db861605c4b73a1ba9a2

SHA1
4875e7a260516526b3f942bc0e1f38a24af6336a

SHA256
c1ce97e06fee21a9a96a60c5db0c931f07dbb2008408826b705b8c6e53309191

SHA512
e83afdc5793791d1c6b92ce54c86e5091d327d9ac4cda641227d6727ac162c627f0a487fd1f11272419d8903a7d676c55797021cfe27846d806848e3a6136a1d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK
Filesize
666B

MD5
2168795995b47334c53613c9dea921b4

SHA1
432b61d358355f589cf0443566c4d2c1250e3c5a

SHA256
3166e2a6428aac65a1048557b49a70d9f53efb2a08e86a8af7adc5ed775f49ca

SHA512
6943d434c53c59af8889c5172cd05cfa7bbb54c4ef9ecd03035b4a9799f6ef0d29b97586d1fb3f2b5f4ae185aba418d6fecf865d5c3bb550f6716aab11d79f56

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe
Filesize
100KB

MD5
964c9a9fa204b8477e3a8404295d12b9

SHA1
5cab2e52dd077d502874d705fc79def9cd938def

SHA256
64507c4fcacd7829e9e8a42dfd40096e9eccbcdf492a3d9bb785cc53ef57356c

SHA512
ae5f42ecf225fd67a97450c10cdeb60c08c72c758fe6284ef5d421ad40842b465363ff2211daeb64fe88e42a750e07fc56a01b543d1e5c9d37e20e15c4d87508

Download Submit
C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe
Filesize
448KB

MD5
739f72c427d4456ecf3288419cc54c20

SHA1
fa3d38fc19c185ca863cbdfa79635f4fbb4946e9

SHA256
49f1948bfb61d055aef9f05c3ed1095b78438c691378e5694540709f31df40a6

SHA512
f23ec185e0f1d5b3dac85304c8c0a5bb4e8267c47f3597ff5a7b546c2f1ef53d95dba86c5eb2438daf42690bf3ab24ba89256bebf64b2212928817aa1ecf0ab4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-140.png
Filesize
666B

MD5
0924fabaf52ced977668811948d1327f

SHA1
c7940bbf8ec1e116e57bb0d8f5450e053a4f9c03

SHA256
416665e6666c9a6fa8dbd80d0539d931c1f2c2e000b87c64f145751ad3139c4d

SHA512
302365b3f9541e36f6aa95293d658d667829798f60a63bce29114444060b42008cc599c5eee73509e91ee7e5e5e3d4fc4af30cbfe1069e76ea1cec8b4ff1502e

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png
Filesize
666B

MD5
8542a56601fa0159594f23b3f8838548

SHA1
67c6670da3c7fc0b78d6c344a78541622dfcbe6f

SHA256
736752345cf387cd5b537d90a7b5d0fdd11ff7af955009dea42eb9b40a73ca1c

SHA512
ba6e9ffd49a552821c42e8bbf18c47eed7bc4651551e31bf03118d3993719d796baa5cf394557a504a148c1799b747f70fc3426018f31a28472b2654d955c1ed

Download Submit
C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-180.png
Filesize
666B

MD5
c60dfee24ffe5bf94cf7ff6255bb6501

SHA1
ce38a3b5153e6d6f84f29555633788bed008e7e2

SHA256
36c941204c85c46f9088f9f754f6de33dde5ed9843a5b16cd63801f40c04672a

SHA512
6054a5b267c27c7689abbd7032bdb35f55f82f5223fb032637df56f99493079511981a34a3feeade59fba7870381f2aca94f8e8d053fabb5791a64f0f9e69fa5

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub
Filesize
666B

MD5
1b79eb28f70bca457efa815380d73c6a

SHA1
21a831bb6242207e25a774807678c701cac3e27a

SHA256
7bf67352ec737107d2164f83e0bd1e8f6c6f5e82377872d5b01bc9fbaacbe410

SHA512
6419cd3c92a997a285c4274473e19832c8bd129d23bacc7d05c4625af1408c9971e7cf2de6688dd59ea5abd3f00b349a34ed1a934cb99a552c2a9a4e5b3c36a8

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe
Filesize
876KB

MD5
e6d9428a0c314ab15b941fcfe1c06b44

SHA1
d4dd4e99456a462f9101f89cb997ea4b01ff9d40

SHA256
6cbdf85fc6dd9a7956ed35f223221f8944f40358987fd9d21946a4cb98b79339

SHA512
082c06a5636320657f29c161f3452b3fa68ac571865dac9c8c66a83b704529fdbbbaf836b07b5a1c5fc35c569b86f94291cc10b9ce537e5389c6c4dfbf0154c3

Download Submit
C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
Filesize
188KB

MD5
a383779261eb1b504eede0f28b67822a

SHA1
f946df9e38174ea92eb484020c4ca5a882f57abe

SHA256
f274e14763fcfc3fc68d2823ddb27a0345b7081accc92f6d38024b60d86105c5

SHA512
d72845ad43f2b6b52acbb49f586d634200ff26c9bd11344a458747ed1911b2ae9a306d0b089451475bf9416f24b5287747f728835b1a5a361f00732314a69dbe

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe
Filesize
2.0MB

MD5
f8bc52b94b50035c0e26f2023d7ee411

SHA1
7ffecddbb891dbdf8913bf252d4c52ef11a55158

SHA256
ee32a027e86c6e8070b6a638bb742568b90661cf01de7fba7e6cc4cac1bda29b

SHA512
37669ca2b3102f70b60e4260f5b95ae0a682083f5e0f57075e92b71843cdf94c900f5ffd250780a1f066d2fec8c6e9df240a0337a806d6bc16b0b544edbbc012

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoasb.exe
Filesize
340KB

MD5
b032a9a6e1e8c24e322697590d1185c7

SHA1
cdb704b6434cf20a846d18d0c2197bc57073a1c5

SHA256
cca3774877d5730b3097029cc44014fc409c866c10a71ad6a4332b6ccc18893d

SHA512
6a780b4c205e07897881644b511a5fda63676e6579b2d0103ef21c8ec5c6ea36c73f77c8497318e36b34b740eb52ad1e211fa5655f5fc353c1527c675ffdceb0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Filesize
6.0MB

MD5
318d6d8004d254626be48592a02f88bc

SHA1
59c2244abcfa40a8ca4b25c10c7afca98fe0ace0

SHA256
f22e1a66bf9a0f3a39283192df8019292e673b52d1bead08f99b70342198cacc

SHA512
b7fb8ea39ae1592fb7a7805952a0dda072e33af59d75e73656f9913965165255f90e26373dbe9b4e835f6f5084fa82574994637591f4ea41fa806d8e2e7b1050

Download Submit
C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe
Filesize
596KB

MD5
83c7447c6e15491183b09244d4546cbc

SHA1
74f46cf52be8b336feda31d6b88f0c4a5d1ec0c6

SHA256
9c021d47195ef6d3a6bfc7de2adb05835a2c2895ebc68de74e7a4fb3162a5b2e

SHA512
29adfdd7453cd06f6c2f649fbe64d2463c34a1b9cfade165840100a4185342297f9a1cfc9f40a06f5244687412ed51e9281fd12fab82dba6401505112836cf98

Download Submit
C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe
Filesize
6.4MB

MD5
2a9e8cbe913a99a3befd4143733a63cc

SHA1
9d33145c6bcc1047a06a219f7907708332ff7883

SHA256
bf692d70db038347d7194a4e08624e6835a1f05053bd78f5e919c2670f412019

SHA512
eabd5832fb58f62c1c5c6093c322a198fb35dfa338d1f35c48a389602613cc9a0d296504ec2948a0eaafe7f828b03a287f6946e411b6f821e748eed04598fcc4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark@3x.png
Filesize
666B

MD5
612208df103968372818929d845d8a34

SHA1
61f033ee363bfc2013b66b12e04393d01357ad2e

SHA256
c90c46b71fe1d69bb52a36d23d60108e30425baecb29834f171b88e6299486f5

SHA512
6d2ba316be33d021f40bc7e5f2a597bb46f7c8147dccaf955de68214c21269261beb1d69c5aa4c9c9efc66fff867425e5f6112285c9c55a115845c70985e516a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages@3x.png
Filesize
666B

MD5
9cb1aaf00212119718b1cdfa5cc8b499

SHA1
2f269c67274aeb1babe225bd3c47d2ba5a4d936e

SHA256
06e81cfcd9acabb3b7f2dbc72b79602fc1713dd42ecdbb970a8b04d8dbff4f45

SHA512
357ab4aa9e78aa157d4b5cc43b248648349a95dd73d874ddf9f2f46f76eb106e400200258d5c8756418c4bf8a9781ffa5449902d4831cfacfd2b6b6a168ea308

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.White@3x.png
Filesize
666B

MD5
bb866828f83c029e50bb6d5e5a6cc484

SHA1
2c29db79af9e670d3e5de301c49eef1f6cbe714b

SHA256
037aebc58fbbb2882b3c94e79b944dd73cf38fc2a46893b26fce72bcb72e7aa2

SHA512
74472685ec27af4becaa9b46108b7e35bcab3f952f0386073a99fa661e6b712c4234e49fc6da946289a58a82259c5827ee0b3e3a17250a9b23f6bbfc3a8d1717

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png
Filesize
666B

MD5
3917bd21e7391d438b1c98f2ba198a82

SHA1
e45967b881c53cb3a70b0388d7d17fca825f5455

SHA256
1485ca723decce87b402edb2be2ed1d8fc93c4577101166d3b89e5258b1377fd

SHA512
b2a840174a75bac46eb9410a9db2ca568e2f11ac31853f609cb552b75313552934b9ce1273935caa7e86356e8a7560492fa88240c73aa37c81e217798e2d3a00

Download Submit
C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Unlock@3x.png
Filesize
666B

MD5
581e9604cb9e5017155bf0b65bc7b6f8

SHA1
ae7f105decc050177f92edba89871076c0df51a8

SHA256
3657016f786de9c440570f1ce1fb4848ec5379e7b7d7167acbd95abd0deaa96c

SHA512
f09ff348f4f15e68f2253e0dca0ccd6c66c4587a71270fc79b382a38865cd48c44cb05c72c51a1adf2b4291b2a01f23a89b94ee1a40d71cfa8bfa73d1c445cb7

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe
Filesize
2.0MB

MD5
88b218fd6c21c13f864495982039138a

SHA1
1369d07d4cc27efd488c7d65ee2fa1ee21180f83

SHA256
ddaafa00a9cede1a3c1cb8738c35527c97f106380c99c924e2076da096f05d0f

SHA512
f77704777465eb37acc886ba947bf45e00d51422cdf97e4c3d959c90075552dbe8fb715354d67b579246e771faa97d74d3fe7d69f5fb342b111d1e3e10a74471

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EVRGREEN\EVRGREEN.INF
Filesize
666B

MD5
1da5e04a9c0188e03e7582b51e9fe171

SHA1
46312a61af0bf4face7481c2b08172810f4e4684

SHA256
62990ae0d52df9df2fe69002a299deb91fd771d78a802f0d274020cdfb512a53

SHA512
eecfc167e687a60b516a2bf6819f4624e45fa9f7e02573c6b27974158fa3290de64d7c8e8d3767263bc11e4d7323cd74b94058ab3cf55f1fc6c008235b4d0683

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\PAPYRUS.INF
Filesize
666B

MD5
58ef76944e9d2169f133fa32407cf3eb

SHA1
2c49956da3d89e2c35fe49e9a97b55bacbeadd75

SHA256
bd715e70332ceefe869e77b6130c0eb873e93572ca819675d2faae00f7414f81

SHA512
94e9fc9e29a4b5b67d7b6234ee375740834e1513cd170e1162b65430829bd7ccd3aacb08c8fdb84915ca25d52861fa12cfeceedfe61b46006eb0a4b28d1ad572

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe
Filesize
222KB

MD5
3adff62dd483a06d22b3df18b61e8c5d

SHA1
8a24e69740702f43ec0932936e9c0e52a8e03279

SHA256
e03c28074f09b611e0a5a202790b0402b6798f2d3cda83719ee6e5c0953d4fc0

SHA512
34b9c4fbf484305d9e0b103f47eca3ebb901f666d41eedfd3c9f6cf09cf5fca2876c31f26b70d8d6d2423034e4b3168e1a3ce87cb23e855820b0b8a951a49e84

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe
Filesize
2.0MB

MD5
0e36ac6a1d00e870c9007197df121728

SHA1
bc3afa14685338727bc27d455413919f3d58d626

SHA256
83b83f8f6e4d432d823a131d13ef25f7d7bd56f40774096c2227fd8c1efd1fd5

SHA512
230a0d5be7812a33a316c0b0cbb46c76cf9f66adfdbabd44af66aef1cd191efaaf941dc77d7af26fa7dca30308eaee04ca7c357d667c378aa04312fddf336303

Download Submit
C:\Program Files\Microsoft Office\root\vreg\proof.es-es.msi.16.es-es.vreg.dat
Filesize
64KB

MD5
0bbeed7de655f8428ed3e810388c76a2

SHA1
cec7f57783efd3b5cfdff80127c8261370ba0be2

SHA256
cf88e70ad415a1acf7b6aeaf4e29855e1b7082be18be1b85020865ccb10bef65

SHA512
a954885576b5c2fb845e7327f0d3c861b0823531504806025ef86afed6b755a9a62174c11008c41e8d0840b5bb49b8a6ab6be01ac7f486c79f56889f10ffd7e9

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe
Filesize
324KB

MD5
7da8284213cff35c8118f215dfae4003

SHA1
a606122a5a68394461dad4b2f42ecc440a04d23f

SHA256
ef7d18626a2a0a6283a288661877c78618f3068d3d162105ccf2dd58b994d7d8

SHA512
d118c6378172d17a5375e1147a1f80b4b8cd8a44d1ecfbab16c188f459ff0dea4c1a561bcf41e47ed7c7ea09af93b6e6895f0bcc3f53d302ba18af110e53c110

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Filesize
802KB

MD5
07f26a2d830ed8b6e0866e7e732d4756

SHA1
f6fcd005bc6ecadbfec16216f7e38a8e3eb2e6bf

SHA256
cdcdad122b64491e7c7ba3dc9157eec926763e977881b2b657a39a7606a1d8f0

SHA512
e2458ab8e3b754b24341d728e6a78521669cfee51b3e4ef78542e994a28ad224a2a88e450ed19aaa84d2de93b97f02fcec6657a5631bd9fbdb6239c73418d89b

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize
777KB

MD5
e94f8baddb2dec70d86f0905b9dd5d8f

SHA1
ed24f79dd59cc3e68cdcb0857362639852437db6

SHA256
138918b1d30588e26f260e16bebb56c4a180f82558dfec2c558b540201bacbf2

SHA512
9b3b42c352aafe602870134561f06e52bc645114142d1711e348b9095da7c775b8f2fa9833821797fe5053efd2fa92d9a1788c9f3c03ef47b093713eaffd7403

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
Filesize
301KB

MD5
968ed24e9478ea8da2cbeee265218826

SHA1
83d704dc57f33b8ee7540899f86a0702df03cffa

SHA256
905a477c0620cf03266dcfc6385e62c9f9bebe98e0a309116eb5c2a35cd6edcd

SHA512
ba8a1c5b645b8969bfa39eea327131bd4d59d679ad16e89e04ee88154180b71ddc6fdaa9b0f9b29eef34e603608a28c6ef5b5f0e20c259380976c8565818226f

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
Filesize
828KB

MD5
f5b2384285cec043f017b8714c780d48

SHA1
86656a9464db3fbde50a00903231bb1c42b95aad

SHA256
791727cc3a58c166403918bc0cbda5606c455c935a04ed6a59bc3646d654810e

SHA512
5d781f12a9cb20202f8d579168f86b2f556fff8e64b58ffe22d17405d0daf4d3c6d2332b4d2ed8dd2e9581ad2897ecda5c22fc23e2c45d1b32ff875d906ef772

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe
Filesize
121KB

MD5
c9e29c6fb3a5e9d475c2761cc69d55a0

SHA1
729ce0ca238c55eedd182c7eb3c9a56e235b595a

SHA256
50719fc220cf97a6c2c5f793658a1fb4c8d6ed91d279a1170451a45af10843f4

SHA512
66f107181cd3294b124bd8da6c276fc2862634fab455d761e4b3c512fdfb39b89890746cb6a0695d323410c0b4dd4d58e6ad682eb79602ab3543ff17378b8b86

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe
Filesize
392KB

MD5
0d5e38d50b842d3f96cad2bdd79a776b

SHA1
7d75a96d33ed051238dde9c2c1c9413cab7e1666

SHA256
335a34555393b5adf4e8bf371868b357567de0988e566d5d4bebbf7f2801aa1e

SHA512
679f74921631329232b1b927666f939d46a282d067467f323de744bc81470dd921b4ff30965094975f9f10835138829d07aa61d4ccee589db381ef899cb34956

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe
Filesize
464KB

MD5
fa95add134dc3f36ba9d3d03f30a0ab7

SHA1
c2cd1cb16158a98fa0074ac102e2237a73ddc6fc

SHA256
67b42b6a605465b0761ce48b2bad21c4e4b37f4a7354d5d600d377690ab97cb1

SHA512
2aaa00edd7c0118ac27d0a8a02fa1c118f6a364df25c2550b9fc233480167a047569a97309036a971051d6f9c7188ef9db7d55ce8167da395eb31e1d57a2bb9b

Download Submit
C:\Program Files\dotnet\dotnet.exe
Filesize
188KB

MD5
d8890384743d3c2c31b2ce185382bfa8

SHA1
d8687b198df9c961c40184ebf3963aef2ba19798

SHA256
e737335efd1366fcdb1fc9eba228669f0cebdecd6abe5bfc368732343b2f98a8

SHA512
336c48ddbd8ebc5246eb7e067d5a53cbc72d9d5ca6d82a7ad1cced0195bca7aeb189e12b5ba51552303f9df4c45b67298902161a9de61b7657a66fa68c2e5e07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi\messages.json
Filesize
666B

MD5
1294fe93b8d8678319e8d994702c5d68

SHA1
4c243084a1ac5a2fc37c6f0c962e0d6db9fee148

SHA256
8649be67240ef5925fbcd8da937a932e2a3ab196b0f0af681e59d2287060745a

SHA512
6cfa61f1081f8843964e17ed0fadc7be0f0cf474cfc07839962806bb999f6ea8d706c059c2925d83c7178e3a32cc3ee933938de7075f57155d967214355255ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveSmallTile.contrast-white_scale-125.png
Filesize
666B

MD5
14c81a169ce675ca5d53d57ea91f10a9

SHA1
237a9b148489bbeecb2d77241c690af8485e8cb9

SHA256
85c8f40737d30b852e443e30bccb78923cef38edca75eb24fe77aec958ca3f26

SHA512
278ea175135542dd266d15610bf68f841d84f6a664357269727925aa7a8a1674115c64e44634f5e322bb4b0a674b5698e6ea4db296428438a12aefd2336c0614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
Filesize
666B

MD5
7a85c982c5516ec2b242e9278cabcf59

SHA1
0a66ca5e2b7cfa4fa5f46ea334abb9492b20a934

SHA256
fb1a4a114bbbd3386425ce91ae7ab3e81b03d842128d202f038fab97e374159e

SHA512
08a9a91b5e02e6f8ea3f4dca301b7fd2fc6ec814b6eb2cdbfd9313b8fbd30e48b2a2f53d3d74dd45b6ead51afacf57ad0ff0014471584a15886073fcd3f855e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\134FJJJO\Windows[5].json
Filesize
666B

MD5
195af91fa3bd05a9478a2b5041c40610

SHA1
4f228fd91bd2127b7cf1820a799bb2eb38e2dbfb

SHA256
20d126092699afa7853710a4377f9939d4b9955550b12906e65d8075301836dd

SHA512
bad99a4042293d0e1d24b15e0fe65acf631ebb6412adf7bfa84cfaf59d06875c060b4864c42db3498db069e827a1c7a49ad59dbbbc0c7a60d5ddd04c086c3960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4CA6IJ7Y\Windows[5].json
Filesize
666B

MD5
3d316408bc9d402cb86a35bc36d6fca9

SHA1
b984df1a3b1d8ec66a63378b8c3f5cdc9d763158

SHA256
c40a88d7cc722ca3eb2ebb599745e0ff8c9716ef816b1c807e75e0dceb580743

SHA512
3efbd6724763e37d2f3a42c483f09eef7c46baa35b2d33f87346c2d8e32a6c45e9ea823a4c20a18226a4eb8fb6d5dc23198aeb8ebbf93e6b36a9ae733ec32d8b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573956823211941.txt
Filesize
48KB

MD5
a95bcb5c8c70265130e9602573ce5587

SHA1
7c2c0c6f0131d3cb5bffe7b2127d06e117330ac8

SHA256
2ba13fce87ebffb8a91c85df2254b0868f2236af51f87aa08b4f87fb85d9cd03

SHA512
b6360b81f58e7f5933761db2bbae4ac40bea2864172cf5867ad7181eb642b8da53d7186ae7c29ac546a27461839324d78bbeb8a25fb0701e9e5035d4fcb3e884

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133573959573406897.txt
Filesize
66KB

MD5
1879725f460c11ee29b4f00635f2e869

SHA1
f892b980c34ee9fc360b0449b5654199476adf05

SHA256
16a4658045f94a568ed009598491d379a6367f89e9bbe9b4318779cda1e72c08

SHA512
9bfe8b15f3d33e3c99bd659ca994a62dfb779f90df476dd6f1031d83d7975ad88d6e23870fff7a787963c08c8f13aea1d0518e1b45400da8cc3759d92ccc95b0

Download Submit
memory/2680-1-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download
memory/2680-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2680-5-0x0000000000190000-0x0000000000195000-memory.dmp

Filesize
20KB

Download
memory/2680-0-0x0000000000190000-0x0000000000195000-memory.dmp

Filesize
20KB

Download