Analysis Overview
SHA256
7e1b08f1bf854d0fd5db42ad378300c5d20d859875e53ae57a2b110dc9594b69
Threat Level: Known bad
The file 2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos was found to be: Known bad.
Malicious Activity Summary
Neshta family
Neshta
Detect Neshta payload
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
Renames multiple (309) files with added filename extension
Renames multiple (505) files with added filename extension
Deletes backup catalog
Modifies Windows Firewall
Executes dropped EXE
Reads user/profile data of web browsers
Drops startup file
Checks computer location settings
Modifies system executable filetype association
Loads dropped DLL
Drops desktop.ini file(s)
Adds Run key to start application
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Modifies registry class
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Interacts with shadow copies
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-10 14:27
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-10 14:27
Reported
2024-07-10 14:30
Platform
win7-20240705-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (309) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Windows\CurrentVersion\Run\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.EPS | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0188511.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02886_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18223_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\SPACER.GIF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Grid.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01358_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00352_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Apex.thmx | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\ACWZMAIN.ACCDE.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00685_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STORYVERTBB.POC.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\WORDIRMV.XML | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SL01395_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\GlobeButtonImage.jpg.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\TAB_ON.GIF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Europe\Prague | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\THMBNAIL.PNG.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\LightSpirit.css | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309598.JPG.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\PASSWORD.JPG | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvmstat.jar.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\gadget.xml | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTFORM.DAT | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\1033\POWERPNT_COL.HXT.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00736_.WMF | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\BZCARD11.POC | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\APPTL.ICO | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\LightSpirit.css.id[9A0164AF-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SysWOW64\mshta.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta"
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "F:\info.hta"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
Network
Files
\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
| MD5 | 6b1885fb6b9cd1c1708c1d820f14f5b4 |
| SHA1 | 237da817af14ec1f4432de9a55d4a4a7bca04c94 |
| SHA256 | 21acc3a155986b946eda9951f0fba061542b1376d8da9984d3b4952d848f2835 |
| SHA512 | b944595d1c594bf295e7b71f5736488e88f1af5ff85f2eaa5e74b76c1acde57103e118e5e773ea922a77d1778321520220472f3aae4bb1d76a906ca812557c5c |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
\PROGRA~2\Adobe\READER~1.0\Reader\LOGTRA~1.EXE
| MD5 | 9e2b9928c89a9d0da1d3e8f4bd96afa7 |
| SHA1 | ec66cda99f44b62470c6930e5afda061579cde35 |
| SHA256 | 8899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043 |
| SHA512 | 2ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
| MD5 | dd88cd2e2873a04f1b44b81e2a40ba87 |
| SHA1 | ee29ca31f99fa067cde7d35cec7e64cbb9111650 |
| SHA256 | 83cd4395b42a80615a1267bb2a2e71dd8953f253f3d50b1d2020c3bc975d0678 |
| SHA512 | 580c8d2ef4a58ef64885455b4d92dea544e7e56181629cd0146433990f7d8e94008c1b7ab8c4f0dae5ed9b6f14208b5c70f48d0c2168b3258a50ade2ec094fe6 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll.id[9A0164AF-3509].[[email protected]].faust
| MD5 | 5ba5743733597fc2f74df18cc190e914 |
| SHA1 | 157206c95465764e8fc15bd6845de4f749e40ee8 |
| SHA256 | 2f8377bcb615cf0635520a89ec6b021c98beeebf9a2d599e04a64d400ff0addf |
| SHA512 | eb0ca534d197d9d263358b9b93dbe5d603ae8c9ce0f70fab0fb71d375357100c8b7d43a2a82250ed80a689e218d7d2af8c6359432a4726d9809afdac082cfe7a |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
| MD5 | d059b46b8bb34111db0040eec1d29a04 |
| SHA1 | ed1d6d999e0c514b93c67171b47c41483ed18166 |
| SHA256 | c7b86c8d4e21008b8f24cd003ae7725cda9fbe15d83c9b5d60f01d529adf2588 |
| SHA512 | 5d599d0c00e80cf92c4fcb9360d889cf4d46e4214ca533e5b4f73e51a23d1ed62467e3e21a04f357a299650d0a56803e3df079f862397430b639f71d95e7a5b2 |
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.EXE
| MD5 | e424c3d92556770ad18fd5d047aaba0e |
| SHA1 | c536cb16083623b0d88e30a8cedf31a9c68b537f |
| SHA256 | ac327239db5f45a17110026b9eda0563208ce275a6312c6cf8085dcb7f8a3f00 |
| SHA512 | 5dd51eae4039e98631352c1d8eedc7aa98be21b4256051011236c9d4e9f1779b1d711872366cb19a3ab67c17d5e5d43ea5a48aca891075f9795fdeaf69dd2b0c |
C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.exe
| MD5 | a8043d056f7e9d6bd7ff6ba21cc2c572 |
| SHA1 | a16fd0ee71e6ced4228a18bd2777ea7e3409acb8 |
| SHA256 | 36342151b6f1266b99259e43f4c00e54e7c27fc2e17622ecafb06daaf53c25ac |
| SHA512 | bac4de63ebe7956399d944522682f05e0f02e896681b4b5ae3b7035aef93ee70dba5eb89b5838f60adcea157fc4bb25187784648dd52f4b7cf0ed2500463ea9d |
memory/2752-793-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos
| MD5 | db10fd32bfe67918ed177579d4be9d76 |
| SHA1 | 44ecf4c5a6fbbd1ace84d0efe91f13d6ba6bb738 |
| SHA256 | c936ab1da7ef4314182c8edabaeae90f8d51ed45bc48848d35670adf5b470d31 |
| SHA512 | bb574ef876e7529d4f3c4c52cc54aa1814f2c02030b83a5bd7223d4b31c992668c00e4a7e68d4f1caaa6493db4ac84eb649fe59e98feceb9828119cac1e74b05 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao
| MD5 | 2b62a30906a2b8bf3b68abd2ef9d105b |
| SHA1 | 9898d25a214dba04ebd7e3030ac9e2e90ea7a369 |
| SHA256 | 075561eff2cd3ad586776fa904f0040282c5f6a261f6a8fd6a0a524d14cd2d2c |
| SHA512 | 6db5955477a9bb5386c1af03df526496f9e64533e6c3071c8e5c44062541e91e9bb39096da947a91bdfa5e7de53c1e047dcf427c1dfde94554d7458f8f0862ea |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil
| MD5 | 1ef5e829303a139ce967440e0cdca10c |
| SHA1 | f0fa45906bd0f4c3668fcd0d8f68d4b298b30e5b |
| SHA256 | 98ce42deef51d40269d542f5314bef2c7468d401ad5d85168bfab4c0108f75f7 |
| SHA512 | 19dc6ae12de08b21b36c1ec7f353ce9e7cef73fa4d1354c436234167f0847bc9e2b85e2f36208f773ef324e2d79e6af1beca4470e44b8672b47d077efe33a1f8 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana
| MD5 | 71c7e24524aea1022361143d0a876c84 |
| SHA1 | b141efff466f27664599dd2aa91f0b7c50736f1d |
| SHA256 | 07a692cc9bc920ef8caed75ba9af60ad2d6b144c83bfde3b91a77b5bcce277a3 |
| SHA512 | 4cd51849de464e0139ce77de3003af1ab1b6c639862fb7d5e8362f33ef0a9828f8af9ebd6d4b4ce9dc5a67084bc5c1106fd3b3327fc428e25c75b780e98d37ff |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk
| MD5 | 985f599bb4b81c01d5b5d16ad241d5ed |
| SHA1 | a90b24a33383273378fc6429b95fdf62c4c2e5d5 |
| SHA256 | 36bce57f9ab26334f370d700cd0a853618cf2051afbe561ba09b0aae5dc371a4 |
| SHA512 | fd8f3414083a7b4c75e9a5dc043f38db062971dcac022194c274d5f5816867961736dbf0e17b7da19ca9c835f2e11864e0f305895e8c76eee3d0c5ecdf3e0239 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide
| MD5 | 0a876dfacfdabc170818581a2e6e6d54 |
| SHA1 | 376fd52e52867f959cb2076fbbc4d214778a7fc0 |
| SHA256 | e28b98a94e0077340a3aece749f2d400c3f06890cec9447f4c2567bd1e7a5839 |
| SHA512 | 766fb737e92fbd233563887cf8335c9aa4e96d3a970c28b7ddebbd21ca764dc85ee4ebd805538f697ad8b2d59ed0c53bd46d9fb7077d54c136f9c22bedae9cba |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11
| MD5 | 65435a5d117aa6b052a5f737d9946a7b |
| SHA1 | b8b17ad613463c3c9a1fe928819fb30cb853e6b1 |
| SHA256 | ea49aa9f6f6cf2d53d454e628ba5a339cc000230c4651655d0237711d747f50b |
| SHA512 | 4f85061ef6c66bf0e030af017af8c7154ed3f7953594ae2cf6f663e8b95ba978a54c171b01f212880e2711c2fd745a12b959ed27e7f6b1847273f70a4010ccde |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville
| MD5 | eeb20c9bc165677800b6dc7621a50cc9 |
| SHA1 | def5026103297fa44a2185104f2ee400cb93329c |
| SHA256 | 6a3a9301bb8dd782bb5c170bedfa73e9e7c60235e6e1840f14bd14b812127ef2 |
| SHA512 | d4e72f43c75de83deb0526233423726503354d7112618b44c94e695d159a02b6da4823a2c9a2be8cf71d2c7e42108d0db7edbb54a640579f853e6d110e7599ed |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury
| MD5 | 335a7c8e767a2dd0ecf3460eaabb0bbd |
| SHA1 | 111ffd83edcb095d251067456a3a60b754b4c717 |
| SHA256 | a0bf83b3948dce6afe987c170a5cd711a3d65fcd5c70e3b7bbfeeb1578544609 |
| SHA512 | bf0772423bdc11a4029439acef8922c6c541519ce98bce97681d1a1da32bbf3a73f506138d494d9cc860b6afb3584094565db7683f6b2a2cb30e3e94430d1933 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT
| MD5 | b8d5d64c3ef0b30644898a80682f5121 |
| SHA1 | bbc7b3902250307a2cdbb314abe98e34795032be |
| SHA256 | 2f329134686a44ee0362fd0c8b5d071e38bade32a5389e31282f64f565e76759 |
| SHA512 | f1f90923769648e585f3f38724d203e4bf6a10cab7c6708f7791a83dd6348b3b9948eaf481baa7bef31ff63d75b6fe1ec00cb888dc1acc8b65b90d96bff39638 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | ab9d8ef2ffa9145d6c325cefa41d5d4e |
| SHA1 | 0f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab |
| SHA256 | 65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785 |
| SHA512 | 904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
| MD5 | b85026155b964b6f3a883c9a8b62dfe3 |
| SHA1 | 5c38290813cd155c68773c19b0dd5371b7b1c337 |
| SHA256 | 57ffc9ca3beb6ee6226c28248ab9c77b2076ef6acffba839cec21fac28a8fd1f |
| SHA512 | c6953aea1f31da67d3ac33171617e01252672932a6e6eae0382e68fa9048b0e78871b68467945c6b940f1ea6e815231e0c95fbe97090b53bf2181681ecf6c2dd |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png
| MD5 | a2bb242dc046bacdc58e7fbbe03cce85 |
| SHA1 | 052ab788f1646b958e0ea2c0ef47d00141fc1004 |
| SHA256 | 486a8212c0d6860840d883981ca52daaad3bf3b2ab5be56cdc47ed9b42daba22 |
| SHA512 | d9bb4c0658f79fbcf22697c24bc32f4ef27ddf934e8f41cf73a2990d18cdb38379f6b61e50edef8ebdf5a2f59a0f8fa40e000b24f1c55a06cfa161db658326ad |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml
| MD5 | 118db038cff249fc1b96f7a8f2b27620 |
| SHA1 | 6f804438c7a4af3c57191138510a644d24bde92b |
| SHA256 | 8d43407158818d7f3e03cc0a6ae6d789e9e393467ba847a998214eb4e292b989 |
| SHA512 | 4ee3a5d2c49d50ecd97193828389d3339661f90d8b8d41bea5fc4ffedb26578c738016fc772217f3f5049adadcf744273f6b9f60ba379a8e39fc60188be5dde5 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml
| MD5 | ceb1e6764a28b208d51a7801052118d7 |
| SHA1 | 2719eea8bde44ff35dd7b274df167c103483b895 |
| SHA256 | 99d48b66d590c07b14f4cd68adac79e92616afcf00503a846b6bf4599bfeabc0 |
| SHA512 | f4a2df6229bca6c6ef9ef9f432847683238715eddcb1f89c291da5f5900c9a3461204d8495c3450c8bae1c1a661424089554d316468ba1b039a2c50d6e69bf29 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml
| MD5 | 2c16868331f82ff43059dcb0ea178af3 |
| SHA1 | 983589535e05c495ffeae4b0b31ddcfafe92a763 |
| SHA256 | be9ceb4464b22203feffd3700c5570b7d6d44c5d0d357148e1e6d5be5e694376 |
| SHA512 | 184653d3e40df84cd0052e5d9477201f276ce0e8cbb5e4b7bfac86fc7da325eef476982910be24c20725a6db6617fffd88998d6053c1b694718bc7ab0bde9ea1 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml
| MD5 | f7c78514872f9cb5585f8d69532cd2d0 |
| SHA1 | ff9dfbb62a3b48c85b6434ee831fb33a8dba9526 |
| SHA256 | 5f7bcd85900e62abb00ce739eaad53d80170a4a6152d951b6825110d2fc17965 |
| SHA512 | 50ee6ae916ea0e806b73c2e5bb727f6ee4837a696c5bd8559ede78148b40a5d5cdd135e28c8b5153a8fef568fd21ef0708ca198ace89e7120ffb84fd9bc91c01 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml
| MD5 | a75d7d422fd00bf31208b013e74d8394 |
| SHA1 | 3d59f8de55a42cc13fb2ebda6de3a5193f2ee561 |
| SHA256 | 7a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5 |
| SHA512 | af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml
| MD5 | d7d2fed9b7c55fe72a6cda66725cb7e8 |
| SHA1 | 2cb154a1c4a0553658801a088edf87b5816cbbd2 |
| SHA256 | a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5 |
| SHA512 | 0ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml
| MD5 | 437687da72730cf42ce36bd093b78b3e |
| SHA1 | 693e31dc362426bc4d7a6b2954f7c80267476d66 |
| SHA256 | d0d0b1face19fe4a88c6b51f6ced55ae0e00ac548b75809d88089ad431da5d3a |
| SHA512 | 7d05e270926dcb452ce405dac9dab6e9e1a0dd247bc93f0940826eb4abecf827acb6f42ef32d3b6f6ac4b46b28d522e0b25f6b8b679affb9a198db8ba4fe2daa |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml
| MD5 | 48e296d8287ae11c252e4277ee885161 |
| SHA1 | 8a75b573549c2791d38acb3a4d215fa2153b37eb |
| SHA256 | c94a9a55369ccc4b41a71b9c18b04e1778a0913447ca6b5a630135f7a7ac0c1b |
| SHA512 | b17a5a8a6009bfde681829bd7be3b550d8b8bf6bfee19bdd55567163890550980ac0633fd956f117006892638f408c63449d4520b0716e6866ab0858cc3f743b |
memory/2752-6363-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml
| MD5 | e7b188938a141c90dda76cc258c01f8b |
| SHA1 | fdf0e86d2f90e51797779674e429b6f826107a5b |
| SHA256 | 77cf0aa8aa6d73f27ad7faa42f7c9a76a689a60d74483f96050dc1cc0adb88c0 |
| SHA512 | b106fa59882b0345ce6885d902317af39a3f538731d100e4a92920ee7895ceab8a62d563c4137f8e3e1c7bd61ad6c017ddb301adbc01c7463984b3b245b3da54 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml
| MD5 | bb95a9de280c528c32806d0d5231de6d |
| SHA1 | bbffb8596f1bc68df5603a10a3672a02ebd3ea8b |
| SHA256 | a7ca0125b93e1a5681d5a9c294ec3a4e5680cc58e44fd223d2dac04232b7367c |
| SHA512 | ac4cad4f24495aa6b0d5ed8aa439554f479cc2fdba4d5dd256f1983fa43a4121c8fdf79ad7ec9d9a396a73fd480bf2f5141ab5303d50c8b6d2ce47d158010a80 |
C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml
| MD5 | c9580e2bd3527b65bf5b812b477ffe30 |
| SHA1 | 66e921f302739af54e7a991ce38a1d37ead7c7c2 |
| SHA256 | e77bb87374bd3a9b3ccdf932d260091a3ffeb1d1ad9d236b54f0f6797585ebd7 |
| SHA512 | e86e61aa09e93395f03b9976d6af4f775be3e017ca371a837e538d440e04b7813d2855c3b7c2444aaa357c9d7a3b5ccca7649c6c557bc3f520b953d96aa93577 |
C:\Program Files\Java\jre7\COPYRIGHT
| MD5 | 2a79a18a4fce30f9d28abe3b0174812b |
| SHA1 | fce91cb769cb486bd59d97a59943e69418c03e06 |
| SHA256 | 46570844fde2506ac28543dcde5bd20877b0bb2522a0cb11671513722ddb842a |
| SHA512 | 4ed0cfe9d66106e365977378a53f7881d1bd795fda7e89bc8e879888b54bae79ce80746bde779c9aad058000f06d1b96d8e0c7bacb0b871d3fc075e684a0f2f9 |
C:\Program Files\Java\jre7\lib\management-agent.jar
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg
| MD5 | d1950d80f172e80f1c48685c51835807 |
| SHA1 | ae9fb8e72137c1729ffb559aa5f541bff78661c9 |
| SHA256 | 523c41464ee47d61350e15bc091bc970d73ae2d00bfe7a88bc7fe00ae6202c75 |
| SHA512 | a6af7912278d814025fd2825a16943917461c881a8f2ff1972497a3a9f6998e349c5e375d69bc8697ae7197054083e0988198c4fc57cab3184f98f82a07a1a1d |
C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi
| MD5 | 9e0573ecb4a0800788a3aa64ad731bbc |
| SHA1 | fa205d2a65684c6245a2272facf45fb12ace4014 |
| SHA256 | 136dd1a7d0a62859f2077a62b7673c5c712fb750604a15f5f6140ab2c5112327 |
| SHA512 | 3c01530d43156962f4a2305472eb5dc77464ae3bd88f932a2f55e72355c4c1db1df050c94951a1375ed6f69bbc4102ef6ea45574f4ca293123685564a1334596 |
C:\Program Files\Java\jre7\lib\zi\Africa\Tunis
| MD5 | 66663b7d29e1bcbcfabbf26496f44d28 |
| SHA1 | 652e5ca160b40dbdb15b9a3b89ef967d6d44d455 |
| SHA256 | 8474486baa45dc211adc58156a75954f3542dc65326d6e5b157288711ed74e75 |
| SHA512 | aae76395ca6c3fe5e58a64618fb00ba73cf1198450da008edff89366bb9fb5bb62ad91f06b65a3af57c45aec92a67b2d51075c9438b526f5edc0aa4d4f38e17f |
C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan
| MD5 | 128e5d8a837d1d9b540b96013e4c9f19 |
| SHA1 | 641eb152f889f8027c1fecec8fd81df2540400c0 |
| SHA256 | 58bd661ff1a892697366215a8938d1c616cb4523e1ede78b49d155b132430917 |
| SHA512 | 2a64edb3c126e9d432f8c8592af3121423a93af9d266649bb33b73e3d65a5504db3f00e268a51fb59ddd3e279f03d2048b3b243e9f5602b2399584928ff2a316 |
C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon
| MD5 | 90c805bcb9fa376aacfb38d598ec7bb6 |
| SHA1 | c264d31acdf5c68a97ba444c7fd7e8af853122c4 |
| SHA256 | dbcfcc77f5774ed3333f3963eb84a324fd967de4d62c96631be6af1d6b3fe136 |
| SHA512 | bdd9bfe471648e8a116ab65d97e56f38b2d7516e0ba522de25b284c7b29d089dc039bb653f1b08e6ea0792150cad576adc48890dd6956a6aa29e5175cc5e2f0a |
C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica
| MD5 | 1135e286fb5224ef530f4ce0ec4a2835 |
| SHA1 | e1ef9d5aba553828ff9b4ff2cf9c1f25b085c6a8 |
| SHA256 | 4a93894f08d98d707cd9a0274f4c9a51bcfa27e701359e12befcc78ffb488817 |
| SHA512 | f57b77dcd655d347fdcfc3a1beada329998824caa5db061553a7c784a163b4641076ba99677a4e648d0477671aa14da7f883b2df8b9ed6eed3985e7c2c8ca4e2 |
C:\Program Files\Java\jre7\lib\zi\America\Matamoros
| MD5 | 93a2fdbfe3bd18cfa0620f2632efa4d4 |
| SHA1 | c0b705de8aa572a851737c34f1721c501473d31d |
| SHA256 | 3e84c247e11701fb5451865acb6262c8495d47c5f397a772a7bc01c9ce9f5b12 |
| SHA512 | 1e5454026ba8100ebf7a32dbdda862c9c315b1f6a758242a7c451ade0ff87ef3757fd8caf58c96a0bd63e7bde72217b9664edfa2bb426f50a9ca9cbc2dde655a |
C:\Program Files\Java\jre7\lib\zi\America\Nassau
| MD5 | 4401d715587a3bcf3830b14dd764a25c |
| SHA1 | 33117586fe2f2cbfde2a7ff3b1fbf74927a65e42 |
| SHA256 | 8b3827b7bae22f976e2a59e9957ba8b3b9cee57a4cf923a4da970a8f3c1e79c5 |
| SHA512 | 7b63cc90c5cb65c3a54ab7249b67d9f12eb86237410eb51e961bd39777f517d65b62a08f018e8d8ce89745c2222b2302a9a007c88771968e81e97a60ce037def |
C:\Program Files\Java\jre7\lib\zi\America\Noronha
| MD5 | 527e3a39bc066f9dfcc85c57acc8d262 |
| SHA1 | aed5fa100750d77de0ce7e7c2e6d7a322131c910 |
| SHA256 | 43c2ae1019ad57912662c9bd170d8d6986299bad4ec76811e70c98c4a1ffe3b6 |
| SHA512 | a1a0266e0c1b0e8b33e4dd242be63b258df4f2d1ae748583649dcb22ba82c7cd27c4ed12f632f7fd745f484621a303f8ace8c8f91646c74ffc71cf0ab12275a4 |
C:\Program Files\Java\jre7\lib\zi\America\Regina
| MD5 | 05640f18f5c0807dd96697e31fc5d8ba |
| SHA1 | 659edaff37a05ac603d08c90d2b5d26d9c90c78b |
| SHA256 | 86fbc959c7ffdeba173fc2baa99a8a93d75ba5d6a83a3e3300bab1b0a46b1d42 |
| SHA512 | 000113934c92690a06eb580a6128941aef65c5d9ac043811627175332a0a6aaa4f55bcae211aafed8c5a7cba9dae94a162785c749c08392cd42978cef1771b48 |
C:\Program Files\Java\jre7\lib\zi\America\Resolute
| MD5 | cb97b848abcb6376d491ac6bd9cbeadd |
| SHA1 | 3800020090c3bc180b0cf63fab7b39905680453c |
| SHA256 | d6369598c0846422df1f6e1029041784e34d3b6fcc12a3ba0fc1613a0f80530a |
| SHA512 | 5c910d7062750c5f76f87e174eb0b1225453fbf36ba072d04ca025579af6a051c7af85c7772a4756876659ab6f8cc4429c11b3620c3f5298e0599ea4f8d5a644 |
C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund
| MD5 | 81ed540e1204e3237f63da49df05a7d5 |
| SHA1 | 88176d30b1bf7d6f87f1ba92dac451b883dc1432 |
| SHA256 | 256fb9c4796b15a7ec4b0d5319e9e493ca4cffda658310420bdfd31e1c59da79 |
| SHA512 | 92b183b168ad7cf33673e688094d8199cff7c3063aa3e2b83891838f02ac1a79291e6a36e8216040c588306191634cf51484c79f56106492408dd09079e0f807 |
C:\Program Files\Java\jre7\lib\zi\America\Whitehorse
| MD5 | 1036f4aae37bd39b2ecc451c487e33c1 |
| SHA1 | 8d60a72a4873cf55fa7bac47dff692303d17d157 |
| SHA256 | b61465acf0031e6a4cc34a66d568bd1735668abf591a6badb1f5f5bc20bf9919 |
| SHA512 | 3ac2c8d3259ecbc41b186c2861ea6be3e6f9cc6b673a2ef610d42c91b359f31e941aa7de1d6ae801191870acdd6590ec788839cf9c069a7fc658d84582103a62 |
C:\Program Files\Java\jre7\lib\zi\Asia\Amman
| MD5 | 227fd460860a3ad1fd2b245793c07f95 |
| SHA1 | 71d8da21d4bb33f4cc32b70b174815e40eda657e |
| SHA256 | 693195cf289838146418e1bd05fd1a482c36ff75a77874609d615247285d5b99 |
| SHA512 | ce035dbe02b8e15091f7fee997a823dc4a0ef12c14e4f7d8441b9d3d9878bd17036db61e24d4e67db2a6e1f8b50168f6f03311b19713c688691ce4298b1deb2c |
C:\Program Files\Java\jre7\lib\zi\Asia\Colombo
| MD5 | 5f54d1240735d46980b776af554f44d3 |
| SHA1 | acf7707c08973ddfdb27cd361442ccfba355c888 |
| SHA256 | 2c80619d7e7c58257293cda3a878c13e5856f4e06f6f90601276f7b9179c9e07 |
| SHA512 | b1f542f68a48608ae53904fbe2105bd8f3e544941abb38ec9d24cb7a26f916ef94cfb431cce0c64077dc2934913130d78492914a5e9ffc52f311e68217caef15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka
| MD5 | 709c6a80af0276b170c521117ede47c6 |
| SHA1 | 8e6d9001ca20e76482e1ab88d54d47c65c8c7836 |
| SHA256 | d8129de4286dc4fd245c7776b51d76aaa727956e8fc88ff928eb69ff7fc17e0b |
| SHA512 | bef13fa741340cb7c1174406f76f9c65445c76ec091e47daa8537b5f769ad2231347c61144ce8f6e4cb16fd5cd27bb169930c3f8c3b5b9e24e6609491fbbd4e3 |
C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe
| MD5 | 0d4ec840c1db49efd9ea0f2dd0a7c66e |
| SHA1 | df44812586d12298c713564804b42142fb68a8c9 |
| SHA256 | 2091501cde52f2dd75b74ad947075b6381c5f503af97a66b592b7caebe9e36cf |
| SHA512 | 85585ff43a93051adce2aa4f7213bb5a8e4b4160bc1ba20eb061fe1b7d489cc07676b512e00c37ec63d76e08cc98598901ae6babaaf57a0c59eda9f621c1bbfd |
C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem
| MD5 | 433b6e531d44ca54bab63198a3f6b388 |
| SHA1 | f1dceea33541fd68c8e9caaacc76f062da393a90 |
| SHA256 | c00b114d3e1a4d978c0051e7e8503f7fd30dea142240d6b950164a37cce3edaf |
| SHA512 | ca77aab2370179c0f5eeb6b8ed8b56eae5c3083860f51eda2031f7d5772e2018011ad5b004b1db1e1b5bc2e4c0f300735eac814cf913f54791fa26375d3eaa11 |
C:\Program Files\Java\jre7\lib\zi\Asia\Manila
| MD5 | 38397588c4d02f8b95c263852e9aee7a |
| SHA1 | 80691ad30930c04fe1bb2f645f9c6c0548ece80d |
| SHA256 | 42d699d9e89e439804c0981f96b1a3fa7dbe42c6be1dbca6211c6faa4e0e2463 |
| SHA512 | e46b5c1865b53513bb10be9e3a2c2a54ee9e88f83e8802e85e728a2364ab649ecd4af605b41d7583688f8a78d1b49e36f1ef5b8824ab89885578eed8ebdbfd15 |
C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk
| MD5 | 88a4ef65b666e053c28c9e023d8579f5 |
| SHA1 | 4a9c1d641605648e7e0ff0f87d1ea6d21ff42a06 |
| SHA256 | 88d5d20f83be8b19edd7cf53771fa94c1a67429f7bf9cec90822dc84a3a434a3 |
| SHA512 | 9ef796e128b899f33feb0fba39017a0365e6289c3249ef6d2aae61c6c0283febf89626323bcee6e1e3fb9e80c4908c2ca09ddd53396ac41c78ba2e5c47500f0d |
C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda
| MD5 | a1534d6e98a6b21386456a8f66c55260 |
| SHA1 | c7239c0fe3b7a00d812e548f4cb9d8d863e8c251 |
| SHA256 | 4c555a3d8b83f80c2e0d0b647769e82148ebe7e27811d0a63277d6f61abafbbc |
| SHA512 | af0302203a3ccb765aa4ce1b1ab524ffa500d62e179ffb527b76d2b62f5ba31b037902d8d46278378e7255a91251f06c0779fe4940d47a582415a201b0e401db |
C:\Program Files\Java\jre7\lib\zi\Asia\Seoul
| MD5 | 64321e9c7da09049fe84bd0613726226 |
| SHA1 | c2bed2099ce617f1cc035701de5186f0d43e3064 |
| SHA256 | e43fe96a7f7ec0a38984f78c064638b2daa75e261ab409bbbe2d3e590265ec7b |
| SHA512 | 4f56b895d0ab27f71ad4f5e54309538ab3052955c319ca5f718e6b8f8fbed1bd5f51f036eff7cd82d4403ad4b93395ddf75dc8621041ef5c5ca916c1113104c7 |
C:\Program Files\Java\jre7\lib\zi\CST6CDT
| MD5 | 359a1339722ce22ffdafcf70fb387a3d |
| SHA1 | a958f03b193b09efcd8d35934c33b524b4e0cd7b |
| SHA256 | fbb4fa31c3fa0c14ccb3fe426e39dcad529b17e379309c0adbe27fcc93feba50 |
| SHA512 | 4a90df2fa4bfee474f9e79570ae05a26b6752f0244ab755a49ac0d38f69f28ed97b134092f353ded2c968a3d9baf2d08a73eee2943e8116b65c4c8357bf2dc0b |
C:\Program Files\Java\jre7\lib\zi\Europe\Oslo
| MD5 | 677bb0dcac881a5a4638ede690ca721c |
| SHA1 | ab8e52e9f345d8152a39110c9ebbc07bfe37b182 |
| SHA256 | 97d364e2d3d35f030a038c41bbadc42d0c15fa8d79ba569987e19fddb2e80f9a |
| SHA512 | 6485b77c5bd7581ba0f80318493879df55d29606e30bd8a609f18a94da581c46e2284287869d3d1b7dd2857a5388fd97c87070279305b66e10d67430d5c96a06 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vienna
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius
| MD5 | 515d8db6175667b02ed715ba8aff0b2a |
| SHA1 | 44ca509396091b269d47da24e3d7e09fd8da7268 |
| SHA256 | d50e2d8474134908822ade46e27717d1a22aaa2d4ebd66ee14c988ecafc01461 |
| SHA512 | b0003c56ca6ca6789847ca2d75eb762a7da8870cde67cde39baa6d8a50c0a4c62fa1cf67bebb892ea50515ea7913209bdd0ae946b76ddbb1aef46a8f9cba5b8b |
C:\Program Files\Microsoft Games\Solitaire\desktop.ini
| MD5 | 22577911e88af39f79409e6de8eed4d9 |
| SHA1 | 93436ea60c5dcdd2e9893a025f560ab72422ae8c |
| SHA256 | e08dd9962eedb16e12840ea2a977cc07bc5fa8d96259682edaa080573d525e4c |
| SHA512 | 2db5f3b0000212518614c74c73dca3205cda5751aa2504ad9bf9b98be46e98143c064980dce9a8a6372305840946717c38e244d9e1f2ecbdff683fc1f0a8fbb5 |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | 69016e6a597d194701476b8e04d4e028 |
| SHA1 | 71a24ddb0c5bbd321d3f09d7b322c3655fb5e129 |
| SHA256 | 4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a |
| SHA512 | a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae |
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png
| MD5 | 6294c74db1a4aac788765b4e0a0278b5 |
| SHA1 | 81e9bbc06946e3c078d1c1aa150ca93e501ace6d |
| SHA256 | ab3df617aaa3140f04dc53f65b5446f34a6b2bdbb1f7b78db8db4d067ba14db9 |
| SHA512 | a4a83643031063cab4226cef7e215765e6f997ce7719173632a66a45bfc0a710b3e6bc19a590108bda91576030e2e37f77e339a3f4e71478d96dafb0d46d2941 |
C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json
| MD5 | 994efe849df864c50be59da9ef5cf50c |
| SHA1 | 1d3915f08d43fffec3900735e0518dd6381f0ef8 |
| SHA256 | 52dbd4365b026555e3382c056240376d3aa319c7e46c1aa7c38caa4883570517 |
| SHA512 | 80ff4b5e8dae2c6eeb0a8e392a61ae2d7cd5f23867ab6d7c386a2a1440d10b461b517f6719f5e5559efb7bc2100e24eb3bdc3e922f83195dcde9876b509fd8c7 |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe
| MD5 | f4988d7ec7286976af1ebd5c7443be9b |
| SHA1 | 5c9d293127395d240112aca3191f6763e377ea69 |
| SHA256 | 365151e60b6d5d3faa3b6bda819524b98e96b66913d74cd1911010389583a237 |
| SHA512 | 9cb87e2c8d83a7f52700626d1b774264a164ce44d920c4a083754cb0105884e51345e422176fafca3f36262d978ddbedd01c9e7d934b66b42235287bddb7586a |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
| MD5 | 4dc4b898f7b739c87c41a173d02803a8 |
| SHA1 | 5d1812d2050aee3a27afb4f3e83ce2835596fe63 |
| SHA256 | 091a39a153caf196b46dd2bb14953fdf8594cb3f09051d829ca97c39720c36b0 |
| SHA512 | 8b8d21b9ff14b2d15944814edeea4a6826916ebeabd28ab8e3d85accb8b08fa984546277c2ef954313627554201fc7e8e6c88a4383772b6988c09ed9d171be37 |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
| MD5 | c1c197ea35f355dd77226d0c9f97bb4c |
| SHA1 | 701421a95883d9ddcd2f57de5e65fde3d3c4a289 |
| SHA256 | 1696f25ea7574d62ceb2e0d786a7edf9c98e74c1322927c3f32d3e25ef5814f2 |
| SHA512 | b414f7efd5d68a5a2640771566572576b7498d0a7c819cbcd4c8b4c982a416de2fae8ef881f88a2a9ede5f2475452c330266dd778f8d0441293f584b27712cb8 |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
| MD5 | eef2f834c8d65585af63916d23b07c36 |
| SHA1 | 8cb85449d2cdb21bd6def735e1833c8408b8a9c6 |
| SHA256 | 3cd34a88e3ae7bd3681a7e3c55832af026834055020add33e6bd6f552fc0aabd |
| SHA512 | 2ee8766e56e5b1e71c86f7d1a1aa1882706d0bca8f84b2b2c54dd4c255e04f037a6eb265302449950e5f5937b0e57f17a6aa45e88a407ace4b3945e65043d9b7 |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe
| MD5 | fb54e7953d62fa86aea496cffd7e6498 |
| SHA1 | b34a52b311a4c9420e244754e5d47d2bbdade2bd |
| SHA256 | e390461689549b8570fb395e5f68c343c09e22619e402481ca5ff3069b884284 |
| SHA512 | 44616503ef0c1b4359eed861ba87d912c75f006d50a27652e0bb0f4f69c0c44386b2eb419513fe29f0e11f0b223c31850acca348bc359a7daa7f5b901d3dc0b0 |
C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe
| MD5 | c74f93c66e3697959f51dfaecc97b447 |
| SHA1 | b2e42e99ca934f08e61ca84305bd340b6273e725 |
| SHA256 | 475d4713e415a585739ef1bd79fb2a7fa6cde6d06bc19059c619a4db361a99d4 |
| SHA512 | 00818d2f5528ddc11f717978f3b1e079d8e4ac808ea8c04b8a7a6841d5a122fbb8b1ecd263c162cec697be8d1b7c19992ab36fad8f0e6baaa08994cf2aee0e25 |
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
| MD5 | c754e5bcb565af01cbfc5ccd352fa660 |
| SHA1 | a8ca6f5b6b9fd13065c9ce1534d01f948d88a050 |
| SHA256 | cd173e4e93bca55c348186e094146812128d23502765f730be58ed7b9617f103 |
| SHA512 | 1f4760f911859d583057083b550b112c94bc48bfeccb8d8dc4a2edbeeec7eb43f8d556002f362e3ecb914a792933a189fa4f916db53ae749a1f0368537d1805f |
C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe
| MD5 | b639c57bbe4c959037646f075ccc8734 |
| SHA1 | 5495bd2d5edc42590a24768e2086a0763501df65 |
| SHA256 | 3dacb82dd5e01cf0d80fa98f8370c33d4b08b427ec5f0bbd678e6484d6ed7003 |
| SHA512 | 3b099a6ef57e8c053a405e2ef28d91c7cc684001640547aaa12a0fd97443f69f16019045ed5348b08b2c9160c34592e2760e2af19f855ecdaea5318bc4af4946 |
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
| MD5 | 35863ef4d1f320b6b9e74371f27615a5 |
| SHA1 | 236f55f4462859528225f6198ddb22b5a1e14cdb |
| SHA256 | bb74b30efa0fcae915d0e09da93c53620e1ff68b07db81d1c6c4ff8ea1581ee8 |
| SHA512 | ce2d7c131b9c0fdeae007134139a4159b4bbf0788bab0acaae3d0ee91afbbabce1d5ad5a115ab0c7f376b131eaeff88096ab6e43bbe18fc609f71a43b60a562d |
C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE
| MD5 | 3d61271ace86b39362890a3a907d8a58 |
| SHA1 | b2df357e3be90b759e727e5b84dd4a3caa1f9275 |
| SHA256 | 05e3d39ab7491b779fc9dacaea3ddec4c734960cf8564dc606f3db76336b48d2 |
| SHA512 | ef3ec4c9d09c7cc171f56f2ee65d974f186045aea5430cb9649ec45866e978d2a623d47ccf3dd8b15978ab483a493c67403a47620b084c37159bebd20f10dd50 |
C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE
| MD5 | b70e12a99078046b5137685709b549ab |
| SHA1 | 05a8ca2e6bb4769b81f99d197a26d33201c1f726 |
| SHA256 | 472490b5d497151edb0ce65fec9f236a262a39a17f5340d2f94de49e2d2c4a24 |
| SHA512 | 76059ab7a263a13d2fb44d1eaaf42c6b5d6cbc6f3617f9d8aa1f304e43a9e8e8e287f7d5c32284165e32ff3c22bae06e7ac25174161490063120ea27628d67c2 |
C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE
| MD5 | d4fdbb8de6a219f981ffda11aa2b2cc4 |
| SHA1 | cca2cffd4cf39277cc56ebd050f313de15aabbf6 |
| SHA256 | ba3dc87fca4641e5f5486c4d50c09d087e65264e6c5c885fa6866f6ccb23167b |
| SHA512 | 7167e13dbcc8c96114fef5fc7ae19afa31173617db153dd283aa6d8256f6b8c09c8f906f5d418efe9f7f242cdfaef24b93c11c451701c4d56eb48d18de4e88bf |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE
| MD5 | dccbe73913319a954a16757a7fb32666 |
| SHA1 | 19459aed373fde7454780528c95f028d01fad60b |
| SHA256 | 7a269b011185240d5b215e2537c6988d10987c528b1d4ca7d2c7ad88558930c9 |
| SHA512 | 6ef2b55b3fc7721d00100bc6713e3641747421c96521267fe083379d606f740fb973c653e8313b323856ccca884481fc0f389ace2b39a1d91b91afd6087e4519 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE
| MD5 | 2be931ab5ece54c0873ea6ee3ed9d87d |
| SHA1 | 3f5bb105b77992cefed28a022073ee604d9b237b |
| SHA256 | 64d6095b7577169b3d44d56856fce54b90b8ad429861ef2acd96f6003aaa9e38 |
| SHA512 | 3e2bddafe57dcd441f500d923590118e4d844603fab2ab40012c958b9da4a01f473fa83686206e5fb174daf1a0e6a6649454d4ff6c3819c764af2ea8f67997ed |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE
| MD5 | 6a9923c8c67b4465b580b943f8b4bda4 |
| SHA1 | 6e0aea882778d0951d13d7142ee74af5bf399828 |
| SHA256 | e81e33c42c06a473d56fb42d47b615fe26cd51df523ae0b4323f0018d6b8a0a9 |
| SHA512 | c2af649221b1905f54a0d1cd2abb2190a0fa1a61c3bdf0ef26a81e20e3890def8cf36121e1b361c86d7149243088d0afcf0b34a4f25fbdd90a3850777b475d3f |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE
| MD5 | 31f86806bc6b3a572acd3026177423c9 |
| SHA1 | 04120856da3311bba44f74d8b2ab5d3af61af700 |
| SHA256 | 17636bb3ad6745beb6fcec16e8f30870a17493a04b0f32fa8be5fd6e4ca55d4e |
| SHA512 | 8229dc8c6bab17f7e195ef45f7838c13dd289648ece1ac01dfc09e08dd081af8a0117291d7c4405601ce4948896574ac4233d88e21b5c5a2c81f71161277f07c |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Oarpmany.exe
| MD5 | b546740b0db37565ae9d7a40975a759c |
| SHA1 | 8de20279c0f84703c203f85b09ada3729c638de7 |
| SHA256 | ec497740ded5f7f7a251fb183eca5253b98c63a0a318ad5d827db3b2b609c244 |
| SHA512 | f82f472527c45f786df840c5175ef3753409c98cff8ce04a1d2029c4a5364163f05442ccc25c5593e193e28f97566dcb9c6a8bc559f0cbb2bbdece9ddd1252a1 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe
| MD5 | 0cd3eaeba1cc190a69716bf8a196d3ac |
| SHA1 | 0fd8c86ce940ca4d180f6751ce11abcb4e077935 |
| SHA256 | bad633bc7bc69506ff2137d1f92831c4ba1c9ccc77abdbf05509537c1250c562 |
| SHA512 | 5a54cf817afe9f0d7ffb3ea95ebebd8c0b5305864fb63ca251cb40e5b388568c59e73984964720b9123e38b767daa3b66859aded06708004e802c2fe12b5abe2 |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML
| MD5 | 05fc90d38e2468528ad10b5ce0bff46f |
| SHA1 | 3e50a6510e30a9183cbc4a727d4ee3a6e3786102 |
| SHA256 | 4f969244f420a506355a2c1e81bdd9841f1263818b9189ac31c5c5e14ea41acc |
| SHA512 | f6e585b7f0046e95b5c808133f17f131ac9c50ac41f0f9c09d7e17509f77891d5e3d9f71b7b0322fb4ed187d98425f2a45f6addf428a9436bec7af74fbe679fb |
C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML
| MD5 | 950ebe96859f7ad2194cce45ba32bede |
| SHA1 | ec77126b84fba5f858a84cde4373e1724c86d481 |
| SHA256 | 1db92b26f408ddb6f3ac47574cd49cf4dc131efa8090477bf6d0a5feea4bdf1c |
| SHA512 | 4755508c6a9fb44d196c2fb4de3cd229b5526f48e1baf0057db858930d5e940c0e7c2c62cfc1e66e558987f2e93d11abeded72c709020df80c0b773607c33d8b |
memory/2752-12035-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\Wkconv.exe
| MD5 | 467aee41a63b9936ce9c5cbb3fa502cd |
| SHA1 | 19403cac6a199f6cd77fc5ac4a6737a9a9782dc8 |
| SHA256 | 99e5bea5f632ef4af76e4e5108486d5e99386c3d451b983bcd3ad2a49cc04039 |
| SHA512 | 00c9ccdbbd6fd1be0c2dafd485d811be9bf2076d4efeabc256179befd92679b964e80edcb90ef21f3e874578fdb0003878227f560ca76498865770280f87113e |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\PREVIEW.GIF
| MD5 | c42c94e7e22da680544d2ee9553f5327 |
| SHA1 | 318f931facb45612173e8f845305001d1134d88c |
| SHA256 | 0ae208d8333b8d56b0871129f974ea63ad90303e5087fd1092d7cc7a66e85ed6 |
| SHA512 | 23bf222aaecef148138b5b2cd55e46084913986a7ebab17ab82011890ee179d00403bc5573ba7a783f280ef829e6cd5598a3153aac24d8fe5b2992064c30ed15 |
C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\LAYERS.INF
| MD5 | decc47bad99272317818a41e7a522d85 |
| SHA1 | 8d92c3a841aca4b24ae76a488c4e9985570c81d7 |
| SHA256 | 153e9423e652627ab50fe46f33f0ee612adefaf54ad06bf70947650cdd32871e |
| SHA512 | e8982763416ce78756050b0383398505979193e92a5cd7541758756a7e1c188405073329fa8f737861b4de5236c8a88f797cd0bf0083245349eee2905d906a7b |
C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 46e43f94482a27df61e1df44d764826b |
| SHA1 | 8b4eab017e85f8103c60932c5efe8dff12dc5429 |
| SHA256 | dc6658dec5bf89f65f2d4b9bdb27634bac0bf5354c792bc8970a2b39f535facd |
| SHA512 | ce5bdd3f9a2394ffda83c93fc5604d972f90bd72e6aded357bdf27a2b21a0469f6ac71ce40d9fb4ed8c845468c4171a3c5b4501edbae79447c4f4e08342d4560 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe
| MD5 | 11b451c2e975762872525c82aa5b9833 |
| SHA1 | b48e982ab1536e7ad6d720c697c1d4fd25d1f3f4 |
| SHA256 | 8ed25372d619195d707074903687f64d7ae6a40e29666bb73ab9fea682ebd2af |
| SHA512 | 5ccbd2c45ceaa71b8d18d4243d5ba154bfe35439498649a1d8e349b06023fc120561d4db7d0604e71e8c492de1baa4e2b4c4b28140ee9d1d8d1a7ca2d087c445 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe
| MD5 | 6393e803f97c7fca713d899cb9886d18 |
| SHA1 | 9172e7ae4f35a478cd416ece868cf308d303c3ab |
| SHA256 | e7fe1ff96b2dcb1512bc530e2ac86ded63c495618d18aaf3c3db52e6ea3e2b0b |
| SHA512 | de53203ad785d523124aeea4f5ede064dfa635d13b99db991728976bef4af2fa9afdc17f27a31c2b854a38cd2f37edd2343a2bc14581141217d09495dcac9970 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe
| MD5 | 1b9cc7e46765f3a07113568a76fa2f1f |
| SHA1 | 6c7b7494d4cd17c8f2fa99313a0ddadd45bdd471 |
| SHA256 | ae5b8d19cc48f20ba8c466e0122ed37279e9ba335d751e9f7bf6e3f5aab608b8 |
| SHA512 | fcb61565b91f3d58a207a7893be8ce808bf6d6f582ee353e74de2d284ce81248904b7f7eabc179666764704c386219786599fae61651c071f063a6bd9b5c9746 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe
| MD5 | 9720bdee25b644b741320be75451e56d |
| SHA1 | b7affe351ed0d19a68dfe300b1ee3295d7be3d24 |
| SHA256 | 7dda7c15a30a39775c68255b0c96ad78bcb76c43654438c4d4bdecbfaad9ae39 |
| SHA512 | 6993108b3633759d2d957b31b40b4e8d553df70716196bac27710865e48c2ec5061c8e8273f32fb3fc7af3a02498ab52af9dcf77394bac02888d0df36160abd5 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe
| MD5 | e472b575386bd2479328e54421a165a8 |
| SHA1 | 6edfc84b4e024846777a26b65f230ffd7395bdb5 |
| SHA256 | 0fd053caa7121a3b6bb1631f268ebf3627fd1cec54c038ac681d8ad3b995d01f |
| SHA512 | 843ddafd3716f0c0de9a93111c2c561dd6e510db755e251f968341ea25ae9b7030b3576546034f75b6fa08a6d66d1bf4e28f16b8a1ce5b719673db4426dd61b5 |
C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe
| MD5 | f7c714dbf8e08ca2ed1a2bfb8ca97668 |
| SHA1 | cc78bf232157f98b68b8d81327f9f826dabb18ab |
| SHA256 | fc379fda348644fef660a3796861c122aa2dd5498e80279d1279a7ddb259e899 |
| SHA512 | 28bc04c4df3f632865e68e83d045b3ecd2a263e62853c922b260d0734026e8a1541988fcbf4ddc9cf3aba6863214d6c6eb51f8bbb2586122a7cb01a70f08d16c |
C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF
| MD5 | f08b597fc0dad2e60eb47c729ec5a0e8 |
| SHA1 | 6102ed704c46ebab3fa452e0978e001f6799e7f0 |
| SHA256 | 86d911c492b42593042265fd0e6f48a2cee1f9090238e1d849420feae106ccdd |
| SHA512 | b64d872c27d5fd0918f8b6df4c9834718f669ddf7823e191115e64f1784961c0ef384b9de3310bac1e5c10fc52ccee0a94392c5c595f271e169649654e2118ca |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF
| MD5 | e3d6d9c99344bef76ff5e6fa940c1379 |
| SHA1 | 84da7a8bafe3d5898bef2d806b318af5adcd85f1 |
| SHA256 | dd0a8ab83ad0ac36cb27968e73c3b8c87f5d3080854b214a74b53c152f534036 |
| SHA512 | 63184737bdff4cc24545d32c83df3656d772538a91644870386aba113dbb09763d4357a45fc5e9197bcb0f3b5aa519d5f8fed6ff48d4d8f953e56b96fd43209b |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF
| MD5 | b0d582502cd3ceeca01a0741bc96982c |
| SHA1 | 015498c371e78b8fc5ed5d0831bf2f8fcf803d05 |
| SHA256 | 255c3a22d46b57e3f291eac23e404ce7b331400041930a0b43eb777bf8ed06fb |
| SHA512 | d0b92159fe96a71ee641bb11365923eb89c391045c2b275e5fec0512ffca3c430cef1c25270c7440cfbb36d2e525675fd80b69ae2a9273f27ea384d19c58cf07 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF
| MD5 | 42968ab756f9db46dac524acd13c5283 |
| SHA1 | 6cb4841f1adb1015105a551e1de9a673f2169650 |
| SHA256 | 7fbcfcd86bdfa943dbd68f67c3fcba6e7ab86fda2d14d28862c176bf18579fca |
| SHA512 | e42291e186e3b3f2e0dd3325d9ffee51a5b1b80fb0125a9fed79926f95f400ae38e7dc60c03718f3b6c8ed970fb9d2d9902bc8648c9d8f0fdf0f9fba8f735dbe |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF
| MD5 | dd7428c326b6303dcda2df68badec0ef |
| SHA1 | 83d0d1df0c2116857baa8ab9c2d5f856e29d6b04 |
| SHA256 | 59f4c13183ac051510c1eea1127c45540085a860875b07d4987d64ddbf46acbe |
| SHA512 | 402a8282fd6f050b125d6ae5efb9fd2bc9976356101714e908743d20f0cb317e43180936e44b709cf83cd12bc628674b74d46a1579332e54d0176484274bcb67 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0152702.WMF
| MD5 | e6cac7c8bbd43fe2143bfd898b8482ed |
| SHA1 | 39aaa86b0b3ffae902d53caa85b2fcee95c08ac1 |
| SHA256 | 83e89195b31736ad0c35ecc6fe7132f35f7195bd8b0b9d49fafbdc5d8353c5b5 |
| SHA512 | ad1e842da94eeb805c396d3c416f15a1db6d2e8300900fb48a3776545da4dc0b960da186d80d8d72071dc80ea7fd5de81b1bcbb364db4fad4a6148680bef4a38 |
C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01745_.GIF
| MD5 | 2b0c8bbee7ca3327c8a7feecfc38e496 |
| SHA1 | a9a272d5884ebb929b7d6d6573fccfe9f588b7b1 |
| SHA256 | 6013c9170030c639b5465ea1e72f12c4e045fdb481d07f964c37e5fe44ecb355 |
| SHA512 | a3aa35b4b089507b6ad63a81043b1b5e121f9549b151811cd05e6605a848616d68531d400990bdd493ab88d19142616c41416004519083f2c8860e77aae8935b |
memory/2752-18201-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Essential.xml
| MD5 | 7e5a19c335555b4fcaf22078f0a5e362 |
| SHA1 | 55079ae8c6067cd839503f9c3ae7ef9deb72892d |
| SHA256 | 202115097d1bee389d4d4d81db00117252be97d5691af316941f3843ef7a05f5 |
| SHA512 | 371b8cf9a6485a2c59fb928a8b460caec1f7a572126641f568f77133b78e0e7b91fd52c10e6089c286d4162050ce50f9aeb1886784d75d338ab02a6b7d357a68 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Hardcover.xml
| MD5 | 0fb569bd35d44c9ffa7d4728af4e734f |
| SHA1 | b41945703b8efdabbb18c60ccd93d2115ceb78fa |
| SHA256 | 788ddb3f7716950d0d204e6cad9fe3cc1dddb6140f615cb1c76bea0541722c20 |
| SHA512 | b94c1fd2dd103b19b5fbac6c76d3166be91b01d659e1c912a26ccc48664a153c62cbbbf15ab3869aef08fdc8bb3918e4ce83bb97a1a428f55ce12793d50ee646 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Module.xml
| MD5 | 5360b12f6a07af7be93437d215f72fca |
| SHA1 | fe12fecaca49a131167d88817c4941514ea408e1 |
| SHA256 | a0cffb66ffbe1d4701a3aa75ae66af7ca178b45f5c722de3d9021a543129f80a |
| SHA512 | a0b23b148cd30b1d4a41e81aca63179eda341bac1d1c3bf83924d0bef90a47e11f2de08b4cbb879331d507184ec1df9b59c18951e740b94247ef726b15fcc410 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Pushpin.xml
| MD5 | c3c9945cae188df73afd04c6251ba98d |
| SHA1 | 4327d33b49b3c7046cdff83bdd31c724bdbf4118 |
| SHA256 | a2a40bb99c6a44d49eeb216549045620e8cb9fb90fb165eff71f846f30264096 |
| SHA512 | a674c78678624d59cff6386381c0e4e459836484aca4e617fec26729878743d2ffa5dd4a3bab0a0f0f27d60095739cf4ee0a6b0f4a5d79d31b43a7ecdbba02a2 |
C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Urban.xml
| MD5 | e2b1e53f26985bc0bc2a99c7d107a1d1 |
| SHA1 | b0b9bccd847f973baaed9790a33f3f77d2d1db1c |
| SHA256 | 3dc463a76fc170607c07b104c3cb531362ce7d6e10c1a34e0c0f370aeae08ce8 |
| SHA512 | 0c53d4208a6b0cc0e6959d7eafc24012efd854316ac3830267861fd02f1da0246a268e75a7549b8b5ede05d08798f22f87c7bc305b62dbf76632cdff107ff718 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10264_.GIF
| MD5 | 6f6b5e30af6a9e64b7b6a19c39de7e0c |
| SHA1 | f4e37133cd52efd2967e90d645332c44a56b6832 |
| SHA256 | babd6f664158d665504571b169a1e81ef75470cdca4fdd7d95be6cdb7826136d |
| SHA512 | 4521a9829f60e2f4af33d4f72dbeedac048fcec352554b449ca36bcc32b64b65151bb7fcec78b389c37ed5819acd4c7f61e9ec08591408dd2400cf78ab5d67ed |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21333_.GIF
| MD5 | c7ea739796f77dea0edf2dcebe980a6b |
| SHA1 | 5bab75849b9d716b8fec896e7b0f2d37659b3bad |
| SHA256 | 4cc7e6272db6b1ad7581f76c63c694e926e20698e9b02223d5041a55960463f2 |
| SHA512 | afa36a9eba55e94eaaa5c64129338d6af50a0a485c2b37075594e0415b8d2f2d181574a8b99969a92f90790085f761fb66b1a03020afc715fa17121b803ac534 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF
| MD5 | 60c6b126049a35e50fffeadf17279275 |
| SHA1 | 1d58c87e67c4b9d2c7ddd6b1f9c033eff16ca9b8 |
| SHA256 | 77133f431d5e12dd850002c0d3d4e0fecbe3a7a699d604dc8c5eae9976e1d260 |
| SHA512 | a3e171c1c71e0c8fb05df6d783f5ac9c7ce0f9c3bbe653952ea048adce025192d5eba4ed8cc7800bd52afd265256ecea887ea63725c49cf563455ff321d45e76 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21434_.GIF
| MD5 | 81e4bf29a6552cb0df60980b937ed4a3 |
| SHA1 | ca18e846361c6f84ae934ac108d5df987e977925 |
| SHA256 | 8d84ef2aa665b1d6e1a15112d9c53eab04b68a09a088de5392ee63d51060db81 |
| SHA512 | ff58938f4d4c80baba6b15d20744b9762757cfc6834d8a5023b209f07914793881361ab457eed2fb0d17e28a8c99c541a142809f19715d0350c4487e78846ed2 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21505_.GIF
| MD5 | 6790430bcb39e961b83668cbaa1573dc |
| SHA1 | 9f01e584f766dfbb5e49d6e32f7dc51fea2d0d91 |
| SHA256 | 5514e3463923ca8257bc073bf34413d0426a6b45bf569b5a5b74c7c5298c57a7 |
| SHA512 | 6fe6a31054dc68ee8c59da7de683ce56963f27b6a3e8ed634184c5ac99b6cb4dfdc2ab7980b4acb1f9b2a44ed61cd363ebb388b44cf466c736789d9bda98573e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115836.GIF
| MD5 | 4df019b7bb2ba1e54ed725a85be04261 |
| SHA1 | f40905a7a7dd1623fa8f075715c862f6b944e961 |
| SHA256 | 33c35642a71ce7d31f92ebe614045d206968f058cb345c7df4ab397a2655f16d |
| SHA512 | 654f35be8431fb1e9995a75ea93b9fb04fa12e7ed94923df34ec99bf8052c46effb28ea46417357e1a6ce6f9a8663525d5ad48cd74942968df2a178396024ac1 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115842.GIF
| MD5 | 5dc32f41bef844b95b3a8d79e9633c42 |
| SHA1 | 50cf558caa78030567cf4e265f7c9cba3a2d904b |
| SHA256 | 86d2cf5b090f43ee54d8f7c1dcf746a853951191457ff6dac96269a9d24860b9 |
| SHA512 | 99e7e8bbb58a6727ddbfa71f9dbb7d02658a11d7e735367ead3cea004ed3edba9cca8997117745fb40733672879b5f466a7e39cd5684729eb413bce49c2019ec |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14595_.GIF
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14768_.GIF
| MD5 | e0a6fc12e9cddb11d637714157db14e8 |
| SHA1 | 5c2c7b2a90861b03082d3af01f802d42b937476b |
| SHA256 | 2f1411c6a9eed5ac2ccf7eb35456b8601e3c96907765746895325407cc307cc4 |
| SHA512 | 3f30489d8544921a38f743f905aded78827948c695acce03cf892121893ad7193f7810ef5e5941e2183483e27cd384fa37dba257931f392fe0781eebce384ebe |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD14801_.GIF
| MD5 | 8edc22fedce822ad66c7733ea98784b2 |
| SHA1 | 9c0986ff2345b18e88d604e24a105ba386d87b21 |
| SHA256 | fa807c957eafe34b850cb453a096df2e5899f0902a837fccd59f9aafa869fb44 |
| SHA512 | 31bdbaf34b4e8f2edff432a5f1ee5fb571105081cea907b6cd41c529f4a9ec4956d009378f3b4fd912abab84605d78da298d4718b75780814e1fa1e86386d20e |
C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\J0115875.GIF
| MD5 | cafc2a2dde2f05e2a60677690d2ca245 |
| SHA1 | 8bd9c447b79435b8497212ef76f5b43dffb030a8 |
| SHA256 | db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e |
| SHA512 | 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\EXCEL_COL.HXT
| MD5 | 0ec3bbc188caf04134280e5a95f00446 |
| SHA1 | bd398b51e76ebec0b43d756e04548a1907e8d2ba |
| SHA256 | 97779f7cae716a4243ac78cdd8c051cfbefdd111d26740978dd0f4c962c2aa7d |
| SHA512 | e67b8b8f0a30a663360fbac820bfe536abb5534db6e0475424ad3dfd526793663ba5e7d866ebea85f67c9154d6bbda2d38789255f83567be05848cc0d7c1934c |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\TAB_OFF.GIF
| MD5 | c2dc578691371996eab94eb37f6896e4 |
| SHA1 | 9c09715d6b50b203e161cfb59bbbfaa7837532c4 |
| SHA256 | 9f3a97071dc41574af5b54e44945fabef8d5da339d179476a78dbd624a60033e |
| SHA512 | a3778926bde4b74eb0dbda8c7857f2f05c6abfc39222f80332bfdcf7fcfd4db9b81ddca44c45a1155244e667f98f07c7211c25a29c68a62d89b8637e8ae05e70 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
| MD5 | 3e586cd8128ba5d03ccbc121909e7421 |
| SHA1 | 140dc52658e2eeee3fdc4d471cce84fec7253fe3 |
| SHA256 | 1207fbf437a6d60bad608c9c4a7397194c4f3768142a32c7e5f3a1415452a992 |
| SHA512 | f1759159e90975a7baf3c666e402f9063909bb11f47371c9472ae40315ba13454f0ff4aa418c7d0079eebc09909268b5d2d39ef871f0e5850544b1442f9d6f1d |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\TAB_OFF.GIF
| MD5 | 9cb5fb90f42219febcadbc6eb57257f6 |
| SHA1 | c948b86625804155f9ac9478a07cae11d8021563 |
| SHA256 | 1093af6901915021573eb2e3bcb49af7f1eb79df351806d325b80f1baedaa185 |
| SHA512 | 9c9031770c5c67f40b93dc7dac91822f3b5eabe1deb83eceb2a878afc810a810ce0521f966e68fa49aa1973cec342cd3ef6096ebaaa191b885a542e4a178ca5a |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\Main.gif
| MD5 | 79b9e09ca5f8f8ebd840da4c96afeccc |
| SHA1 | efd9e4cb4eb7a896db0cd0de5138eb5be50864db |
| SHA256 | 318e9e1df845c4135ab519baf8e2c9e617df90e2b3020741ab5d926bb0d4cc93 |
| SHA512 | 2df29a7c367151d76b4adab7002e0e90337c1ee07f935545cf30cb729ae91171bceeec0e2611e50d91d097797bc221ff63f949e225629f23a0dc5de3dae851da |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSOUC_COL.HXC
| MD5 | 59bcafcabdd1f16e7b9889ee10dec858 |
| SHA1 | 116cf3bc4321fa20352d009e1d0cea588a9b61e0 |
| SHA256 | 006f8885e892963b3d4a0b53141f888ef5d0b36770d43b82296bcbf800a89d13 |
| SHA512 | 2d0fe70022c2bd7397b94c78b27d6c3d2426a644a1601b6381084941e9b1dca913d0e0787d8e463d69d7730031233f5b85ec76b480b736ced324fbd45727dfad |
C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE
| MD5 | 69a90c625e4f2da17fe8c9b0b3c90e74 |
| SHA1 | 16d29fd72f21d382a670cd093702e5efa81f26e8 |
| SHA256 | 0d811192c78e7665d8492c6fe65016138ba890c646106aff1c69f58608a6ffcf |
| SHA512 | 0909a2bc6e887b10ecdd9e237e902e73ed1568b301da70e2a8c3fde93f4b3cfe061ca26e47de60bb43fa592dc1e668752fdff0fcd5b41b557d3db392ddf208cf |
C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR00.GIF
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE
| MD5 | 5487f81961cb746bcb74339ae7098aae |
| SHA1 | 46e37634e267a264e191d63e747c3b563d73d3c5 |
| SHA256 | b360af62e24707366af4c41ec118ae38a8a2b61c499db7dfe293c1c92a765ca4 |
| SHA512 | da6346b8f07cbd673b85f011f69fe1ca951b12b3d4e4364f2794cf42a2bbbd4f06433925eb2c53ba8c1740b7346d81a251e0cb7cb3ea466ace174cd49c1796d8 |
C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\MSOSEC.XML
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
| MD5 | 1cf09023314d9efc8ecaa71fe78575f1 |
| SHA1 | 6354db38d1ecc77081e367351addf50870e9187d |
| SHA256 | 7f02e7b949cc56b23f2a426c8052516dda19bdbd0c770cdb1bf16a0b1b1ff46c |
| SHA512 | 68c49ac4fd378fbd8bcd0800c4c44d275c29bb5fe51d767047ea6995cb28af3646735fef7703dd11fe7a0d37b029a2ecfa3887cd1d5991ebfef94361d9baa84e |
C:\Program Files (x86)\Microsoft Office\Office14\CLVIEW.EXE
| MD5 | cd819dbf93ee8c5eadd421e38acbf174 |
| SHA1 | 123307b3482dbd6a7c2d4d7843c48aefe3761631 |
| SHA256 | 26aeb0b866244e98a930c558441cb9972a378041f284d1abe80f4bb6f7f46de8 |
| SHA512 | 0f10cb8a08b3d6a1b179d47bb4e69ca76f650cdc01d2028fa9f320167ae0db3b14c158c6de59895c38e91cf62aa5b326ad421ba16a707089f7c3ba88d2e5e749 |
C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE
| MD5 | 92ee5c55aca684cd07ed37b62348cd4e |
| SHA1 | 6534d1bc8552659f19bcc0faaa273af54a7ae54b |
| SHA256 | bee98e2150e02ad6259184a35e02e75df96291960032b3085535fb0f1f282531 |
| SHA512 | fc9f4569a5f3de81d6a490f0fff4765698cdc891933979a3ce661a6291b606630a0c2b15647fc661109fcea466c7a78552b9cfbca6c5b2079ea1632a9f1b6e22 |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTS.ICO
| MD5 | d4a7e4b0851785143ecd98f019ace3c9 |
| SHA1 | 99d3d7b7167a9ce2fe67a0d296bfdf60ba7a8a8e |
| SHA256 | ea3a2d1ae34d98f545d82a53ff2d1c6e5334ab4a0a4cd902e3fcd0fb697bf32d |
| SHA512 | cfaa3e8c5f61f0b662c6e04296ae67b83d81fe96eed7872bc503c131cdf47576777d1857d0575ca309652f63f5de2a8ad6fe072bd3c3127eda3d353e61260c2a |
C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTL.ICO
| MD5 | 8722af8683c6dedfa35cf708f04e507a |
| SHA1 | e411318d7904624a56946cec0059e380b0a4bd0f |
| SHA256 | a338f849bbccace695e284ab83c0cecc84876fdb292078f1186b31e9b6a07127 |
| SHA512 | 1341ce0453aeae411696a7343f2f6a6fa991fbd483433841cfd4b202ad476d77ba62b66ff547baf4e29a5bd38e7c1f2f78ead201ed1bb8ec50b98eb763bb11da |
C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE
| MD5 | adc3d3f724068486877395be429e840d |
| SHA1 | 0e1201cb9fd9988fae7cef8cc12138a83eca7f86 |
| SHA256 | d86fecffed99ce87859dd096dd31d32903f80b7cf357cb1c5ba8f0588ad0923a |
| SHA512 | 9324d45871329180f2ae9b5d0aa9346ce41fb693d8917195120e500b26b4de0c5bbb0454b5ccae5a7ae2798acbd10c0b9c7b2b3958ccdabf88fd16d1774a11d4 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\DiscussionToolIconImagesMask.bmp
| MD5 | 79f7ca0fba179cb0bc93eb2f178e4ace |
| SHA1 | a529d3822d5bbe18f6c3acfe44b19f0449e76f9f |
| SHA256 | 86a618c687c518ca93f7151a26391ef0e19101986d30f7eeefa420b0574fc5ec |
| SHA512 | 3924f19e1a9e1b9b9eac515c1d5dffff2aafde9745ad8d20b0d71dfede631875c611b58b2624fef0273830341b497fe7b554710d18bdfedd57c36ac0a764947f |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\StopIconMask.bmp
| MD5 | cc084392f2514a4337b42f4865e2cc83 |
| SHA1 | 79ff391fe2ea7244cdb5a1e1e5bc68ee0cc1c17a |
| SHA256 | 3bff857daf1c246b3ba79bff08805f403b65b0e2a5cffb40b078a383eb861514 |
| SHA512 | 9c19d048cc3c0b34e8191368b9d243a4a9a25bdf4c55b3d51da4e97a679ca8507dd7368fe3ba22cb32451d433533d215549a276271462f8d1d1c2a9ff37ab68e |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp
| MD5 | 5b4d40b272eb1356f8a88982e76d4451 |
| SHA1 | 4344a4f7503185c3830fdc877e6d44ac0f1198bb |
| SHA256 | 90ebb694c6e15523caa8196f148f47d1c9c477a48c49d638354530e0c2b811ba |
| SHA512 | cee35a29ad193bb1f672cd69fb0c6ea7d35ab7427c5a33757842881d8db17b0eed1e1c59dc52e577ca29f5b74f83f9b023a61b844eab469eeedd04195293654d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Earthy.css
| MD5 | e2bdd4d017ce36dec632e386e894a4e5 |
| SHA1 | 973c9f51425416d311a4fb1b502de562b57f152b |
| SHA256 | c23a5cc2d7277749c47ddcad301aa92fcbbaeab54e552813333c1306c5cf2425 |
| SHA512 | 85878f146a7bbcbea9b35cb48c79bfafa27d7872c4c312e824944d9bc70f1548624a2f58839958c8033981b6aeb01b65ab2f454a75963f91c282871d9df90075 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GreenTea.css
| MD5 | 6c3081b7bee29dbf58f91f2e18d844e2 |
| SHA1 | 9437dfc92ec5cc8e0b938a23d11f43cc3d1739dd |
| SHA256 | cb973b51d6e0730a068671ec24e50257ecac543574a2678214b7009fd6620d9b |
| SHA512 | 2d12c25529f1b40724e5d4e452bc5c5fbe196646e29411c5cd8dcbc2897c65cae881d9be2ca5a9a18c36e2e62127a625271c3c0f5970d52fa29c4c4a9b52cd75 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\VIEW.ICO
| MD5 | 385592b8ece89d5bb6c8ff79b132c562 |
| SHA1 | bc14ffc7e1686ee066f445f1ab95714ad631b9e3 |
| SHA256 | b57536fb8401facf2e6aed14ed0f15e42a4f38b1e05eebc1a8be1613909c5165 |
| SHA512 | 62ad043d2e28c8e5eddfb9d46edbacd40ac092b3fcc0e5bca70ac0d07d9d4b80cbf194f99803bbac70f3b963f9a3e7ae2ba29ecf3d71535ea3ab257115862bc1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_Groove.gif
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right.gif
| MD5 | 697538917066fbdc54bb7922e0f2eef8 |
| SHA1 | 21cf57e715733ecaadd17747a6956fea5dfcc3e9 |
| SHA256 | 1270be94b76ac32534581f51fecec7ce90ed9e0f3693f310058fba0c6ca8aaa7 |
| SHA512 | 26806e433c67cbcf7bff91a47e214a312929f279739bdf2ca0b5d26f04e40f76f6350161c7aaa44de48fe70aa6bb67293d9736aaac526f1f794e94f135538be1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif
| MD5 | bd38f281632881248ac7f09eef8a6319 |
| SHA1 | 5a40ad5f3ec39d2ad991e0b94683a0ce987d5066 |
| SHA256 | b92428daaf38be6775a2b1ce78f5c8ce213b90c6e6fbd95bae56458ab90f7437 |
| SHA512 | 1e102e101b9c679ff5bbb874806650bc12a69dbab6fd446617e392c99620c81e35c2233a745934692b2e4f20b46a7cf5e90cf38a97b87ea588d525ce356b6099 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_OFF.GIF
| MD5 | ab58d658c2dfe0393df78f57740dcdb8 |
| SHA1 | 096427e4fce6a16c49a01f645139172fbf077ba5 |
| SHA256 | 882993b55cc0c527f0a6059b69b3faf4ef3ccb9cecd3d8847ca0e49a1444debe |
| SHA512 | bfbad9a939371aa29f4ed8c5bcad0d0299766bbe6dc1d9d6233ae0c060a394c0b8bf665b11a28c3713d434340dda690cabb578ecf3e2a4a462d797f0b3f30df2 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\TAB_ON.GIF
| MD5 | 0ad4cf7b35f62b8ff9c73f481594fbdd |
| SHA1 | 08b895c85051d99477cdf56d80c4006c262048ef |
| SHA256 | c55b90509b8cb9bac53fbdddfc93d4e572685c509f1218423c43a5d6013bbd48 |
| SHA512 | 697f1c0117c89ea0486b5b8e9dded787eafcfd710251cef4cf5cc275b1572a5cf9d499e44fa672aca8a77521a33b2e5040cf69c7cc3947fec2cd75d2296edecf |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF
| MD5 | ec8d9cf15661e1e246997637ac868ca2 |
| SHA1 | e172de70f1a3707fc8501f5a2207613f376169dc |
| SHA256 | 82f9a5d07d2ed70801a407aefc9336fb4582b17a23686cbd30ce31881a289b85 |
| SHA512 | d87760b7b4b1b286af229762c9c2b81847c803410a2a36834861ee85533ff2c2614753db56db863c73dd6ea6807c1074a317e62f066870dfb6fd4257bbdefa2d |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF
| MD5 | 9d1101f2c45ce53f2ead40247bc2629f |
| SHA1 | c7c2770645e7611ae33bd7a0b3ed948d39f17c06 |
| SHA256 | 47f0149b43961165c5fa224dbd2d1e956cf0a26b86d15ee3e12652c2a6e013ca |
| SHA512 | 91ae75b332bb98b6116352147701514db0426f710600bcbd1bdfe31f20ab83c2c21c794244055372e5d11ee177f8dedfd31a1d9a744b84be0f57b580a8464ec1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\SAVE.GIF
| MD5 | 9c1b2a47c87f33de47ccfcdc098e1806 |
| SHA1 | 4ea8f90ce4f6569e41788252674776594ca668f8 |
| SHA256 | 8d77e83b50a81c442acd64cf5a57ee30906256da88e661e87cba51320f2cdda9 |
| SHA512 | b317fc3bea365325bc928e347d081bf019c0dd35e764172ed105212e86ab4ab303b92bd1bb0752cc27c0a7d46548e199df353fb84873e812a744878d9d34bd30 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif
| MD5 | ccd9d8aa4c9fbad1069e4dd2c4982652 |
| SHA1 | 58cc653eba0694d39e7615ee7e049c8441fe6600 |
| SHA256 | 35e1150f8a8236fd8c2be2c6da618b5f5366caabb763b7453201f5c430441aae |
| SHA512 | 7530335f5f01da26479349321531093d3da8a1cefd4e916496dd254273076df9ef5eb91ecde1221e37a2525e76a8578a6859ec79a15ddb0a69e2e39578afb8f0 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif
| MD5 | f25638c3ccba37aad21daf44d061ded1 |
| SHA1 | 2db65949b3b8b9f2ec83a7aebda1d4379c17391e |
| SHA256 | f2d7df9f7c7a829d151f2d26f67f11bb6b824fb5ed649c159dd6124c4b4dce60 |
| SHA512 | 362d8d85fb18947f6924d956f93d8cc8eec7febac2cc8aa5bebaa983ce257c1f0eb416663d650c0958d33d7ddadbf79e636a26cd6f592ab38057d7dcc2227c3c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\messageboxinfo.ico
| MD5 | 46b109680d8e37a25b4ca79ff35e270f |
| SHA1 | e1d4ca57aa3114a7931c7a5bbc8be1ecd8bd7882 |
| SHA256 | 54a918ed71329a2e6af831153825cb69b8cd45938a352d3b0882c92969a353dd |
| SHA512 | 7533cfb7af8b272d23734efddd2eba7524a746ac0664621ba3c05f139417f6e68bdf6e38c57ea16e8552d0b491a37f320f8f95d7b9e39e3c171a28f81643197c |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OnLineBusy.ico
| MD5 | 175b6d3035eaaf10bcc78b54ab021ecf |
| SHA1 | 480f5c00b285f824d6eec209d6937e05c34d1805 |
| SHA256 | 868d0516a42b8340eba07ffaa00f5928e1d6a7daf2a3c4d96c1b86b80e2e3e81 |
| SHA512 | eb0b26da872e4e957415ca60d0114903a3b62dfc6f4b02db745004a32ce55d791baf8d550284be03157a59a433fdc9e39a3129155cc0a73cef87febc51fb2f6b |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\PersonalContact.ico
| MD5 | d33c6324366941b3c100293e79426478 |
| SHA1 | afd047c1461a2ce36b775cc94392672eb43f1463 |
| SHA256 | d2a2840f1282913c2678160f13f3204616a9c302ae3b8f47bf17783ef3323aa7 |
| SHA512 | 7cffef992a6008d2d5b1cd768ae722d533a7e2a637b421ab67f16175328ffc9f3a4cd72ed5db695796d335371aad94c4bf9003fe685c3833b7687b59bbb6b940 |
C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE
| MD5 | 06ac9f5e8fd5694c759dc59d8a34ee86 |
| SHA1 | a29068d521488a0b8e8fc75bc0a2d1778264596b |
| SHA256 | ab6a5bfc12229c116033183db646125573989dfc2fc076e63e248b1b82f6751d |
| SHA512 | 597dfd9cb82acc8f3033f2215df7138f04445f5826054528242e99e273f9cc4a7a956c75f280e6145fcdb22824a1f258246e22637de56a66dcae72ac2c1d14fe |
C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe
| MD5 | 7edab6d619b457241241ef62ddf90f73 |
| SHA1 | 6c1ddbe90cdd79759c11a471e2373085440ffbca |
| SHA256 | 715f27fadb7a11200fcfc52ddc90197b4ad3e5b3dce31ba63775902894af52ef |
| SHA512 | c0ac06b8052db4811c34edc28b0fda61edeb686d05f1788a4fe212cee32181aa81ad151d7a9829bd5a47f06c29e326a558fd798cfa434036c976cc8953ae3591 |
C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE
| MD5 | bdf60fc669af0dfdcd543c7f43fc5464 |
| SHA1 | 1ecd544ef70a503095933f150406a37ecb6f1cec |
| SHA256 | 2a4e7c658bef80886736c807c9dbdb5905c14414b1feabfe43b39cbfe7542c89 |
| SHA512 | 07cda08c28b56be1c48f5d53b6ae49cdfdaae55e82bd5e62e918cec81f00211f28282beed74952698637d7161d76bcb76e8375c9a4082788ab94c2d097ad6c0f |
C:\Program Files (x86)\Microsoft Office\Office14\misc.exe
| MD5 | 4b9f8fdb84906485c04e480d5a90c607 |
| SHA1 | dc5568ecba03eed566f768e6cd90958d78c0f3bd |
| SHA256 | 955baf0bc471e146678e7559277f6bfe2dabc67492d030366ff56a162c191adc |
| SHA512 | 677a8167c3d98e25fd3b6a67cb3bf514ef4ee9d70267cbd26fbb0f455f4d47548b95217b813e61591401e463007e18c8b075485d89aad065e783e0ec14873df2 |
C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE
| MD5 | cae066fa2cef1dddf17a314dc4339357 |
| SHA1 | 6548207f4e6430a7953b3a49fbf43d717bd2e459 |
| SHA256 | c0a60957b1c3ff4c0482eb05a16a37325c0ba1454d59474af269f23f2184db5a |
| SHA512 | c5f242a288ee6176e4d2be587d895fe43cc55d880cdecbdec7e97a316e4f7474d45743e44bdb39ddcf7ceb5dff4c6efeddede0c9b6880722e0565dd236471351 |
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
| MD5 | e979fab6c7e61e07553fd41bcae0d24a |
| SHA1 | 06acb7016997126e7b72ba53877ef97fd58b57de |
| SHA256 | 059a69863a328c53380ffea4329f35e964109608fdf9b214a60659edf3063a3b |
| SHA512 | 992d658515eb8478e8f241e219b1ea278e6ec91c439e3ef2e011955f3c2a762a26e092b52e22df6b0f35f502ebf453dd3821f9fcdfb66a4a62037aae484eee72 |
C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE
| MD5 | 6b53560b0d6081aafa69ee8687f3f169 |
| SHA1 | e7e7a0fe35e4524c1e97f7c4648e87e7bb0381b4 |
| SHA256 | 820e94d494329c2b5c4c8abebbf0c413af0c18f2b02693cbc2dba587fffb2cc3 |
| SHA512 | 11369b380a51575148826d945f14a087e2062a52978b2739140bc2d584aea7a98e683303d59eefc8e8181bb5122023b1d21cf2f45e73e2cd3e3257ae848a381c |
C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE
| MD5 | ee2881f27810a544c36ba98f208b955c |
| SHA1 | 3d07297466693331ff2c01d31f4208a7e61b1bed |
| SHA256 | f4ac2436a046fcecb4723531f4e03caf6bbdb9e43daf4798823edacbb121289c |
| SHA512 | 3362ecefe69c6ba8b4a6491dd133c339be5a47c68bff204fc086e4db27f3b7a761be52c1f2fa756bae7e4563b6537cd9f4c670bd2bdf98fe943ea9f33ec2a270 |
C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE
| MD5 | 526cca34631317573365de4de897bde2 |
| SHA1 | da19936b8612f80b164182d6c254d66a4dbd0e40 |
| SHA256 | 40d31925b374031a3e935d7cfbc1fca8487221cc89f8d9372ab77789e1a2e069 |
| SHA512 | 56b0a4d0d1ce57d30c210472521bffdd27ff033e81c147c096e3ae8793a0110e56d31e65691af95563ede587da70265498ea782951202336b9ed1c81167b32cc |
C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE
| MD5 | d69c90688436599c02adcae443d5066e |
| SHA1 | db630b4b8ea4b1f398f489bf63a24ef718013c00 |
| SHA256 | ff2476e26f6fe1ba615d7c3b4f9dd96a1d944c45569be1a22529ee48cfd6a891 |
| SHA512 | 53e55fcfc0946a172d9d30a8f953c978735e39eb6ded62d4df073d49c958e389054560678a6db0629bc53e41c7aa65646a8c9d8ce146b73b7918033460a662c4 |
C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
| MD5 | da71adabdb7764dc087f1059e5725051 |
| SHA1 | 2527de36ed3ec2e3738b2739d2561ea83c6d8f40 |
| SHA256 | 905ac18511faaf3927c5b4adff8428eadb90310976351c7295f537e90fd2db65 |
| SHA512 | 6062692f78c68af0714acd834fd61b804a915742afa9baa4cfd426f301057a501bed146e269f8cdb830a28b126b04654dcf3bc22a3e7cd72d8cd7537d714a97c |
C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE
| MD5 | a42dad802d28bb23964c726b6df4a7e3 |
| SHA1 | e781e9120dad101caab3c21aa3e236feaf898b2b |
| SHA256 | e48cdc6c411889025c285a3b2d2bb70a6a4e9c9a67c47618970db964ebf058a3 |
| SHA512 | d28512cbbb97eacd754f3c30755a008ccb88a47704b2f6d7f7fe69184250bd754af4fbc5839970576a6f8d37724a910ea25111152fe445bd2950fd53b6194d92 |
C:\Program Files (x86)\Microsoft Office\Office14\OneNote\SendtoOneNoteFilter.gpd
| MD5 | 9546c10433c45bfb9947449dd8d304de |
| SHA1 | f8ebbbe3ad6a8cfd13607fd3a7fad7a3a7a50158 |
| SHA256 | 6778c7c7b6b6c1c273e668169a7652a681da86ad62d03f7c5aa120405069feb2 |
| SHA512 | 90c6dda39740f839fb470f838c35d5f264a0a8664c57cbc66c431082710ee633ca4672b3b64902e7bbb7a61e9b9f4eea251a7d8b6d5126de6d73d3480fdede5d |
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
| MD5 | 9d5a239365b0ad0d6d3833edf8f6380c |
| SHA1 | 14bfd515a15d34149d5269ea1fb909f38b188ba5 |
| SHA256 | e080731cac6f28a52cc0169d252470233723df65c505edbb6f219a239db3af63 |
| SHA512 | ea27783c5792c1a26b971e978831d202b671e97d1893c0fabb4441cbc726e3c2e53df1fca780a27b9d20ca77acaa0cf1ca5712d656940625707a6dbcca6b695d |
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
| MD5 | 0c567b63dbd294c74b2af44ac55bae60 |
| SHA1 | 3bb524c6c6c5981a36ea7018c2319e1441462006 |
| SHA256 | 9749bef3ff4ef9f4c9aa4a4991c3c6e943b2443c0e24efab2f33315c7bbd7b8c |
| SHA512 | 1c504d5383a0f50dfaa2852c549b4e4b6196daccd9c625d9cfb098a247d35b33ca5f5536fe3bc34ff6e77e6685b49f5c0abc2c19b579b60e9196333c5a85d87d |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\AMERITECH.NET.XML
| MD5 | eb74234cb882f0fedae27f0b9e9957d8 |
| SHA1 | 973377cb3ecbbe475ec49d45f15ced0a02143a1c |
| SHA256 | 0645a4a67dcec462dc9f335bb0564e6e39bf12ea7e40cf8de81418210102c2d1 |
| SHA512 | 480e05680cdcb4d72456228a7a61f2577eb2e412760fce40a5b4066d140d41545110b830851b764ac483a6630dd5ff1e27ba1f95643fa3fcb801eed514ba4b29 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTOPENWORLD.COM.XML
| MD5 | b024a04198ed894b334178e411856122 |
| SHA1 | ca7552399eca0ceec6a3dbf393396fade2f5f550 |
| SHA256 | cadbea407cb411d2ed1c47c77536b622eb7d53d4fd3ee3b9897d554298683fe3 |
| SHA512 | 466ef38a6bd49fc816e208b408e5bcc7d366dc7eb9072600ab21510b6e1417894bffeee5ec96f5a0a535d8e541fd505ae3450f2233e5a128bb073394c530e879 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\WANS.NET.XML
| MD5 | b4052c951a5d5df0482bec08dcd1a1d9 |
| SHA1 | 99f3e0929eabf972e94c276c6423499860202f65 |
| SHA256 | f860ea6cfbfe8ddb3862a09c1b443f3273dac1a4757ce9e7a3b34d46f971ff10 |
| SHA512 | c26450d504e58cdbba0ded009158837855dadd8040b0c05845ee25b540567758c650df3d6b28c3571adff47e39d8ef99b30144250477524a19ab172d0870ef82 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.CO.UK.XML
| MD5 | 938fcac2676e99d92efee069eacacc37 |
| SHA1 | 575b35480aab9ada77d22f922bc57cb49a7580a6 |
| SHA256 | 9b8747ddedfdcb06f34ca5161281e28aafe3bec2e4b21aa731e17bb46dabc6c1 |
| SHA512 | 515074b8b8c14986ab86913a659ffa007cab07db5c6798ef6a4e12279ad3bf68262ac42ce991ed20a06825a8e5b8d0efc48aca38dad5503178d1dce0ef68c33c |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.AR.XML
| MD5 | dc5794fd7e35debdd2e25f3e22761cce |
| SHA1 | 348034e08eaa9434bcf5713e9880f60bfd33ba78 |
| SHA256 | 15dfcf446deb114d465215cf49907aa5efc5fb8531f97607d50148cb4b680288 |
| SHA512 | 6a9b27a6702e40ef03367ce611716816cc4debac9086983148ff75c4e8656f10ff5edf73e95e18efe9e0ef7b721350e86a20919061d0ce1266258384ef98b1d2 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.IT.XML
| MD5 | 0b0d4b77b1494ca873f4311cc88a9fde |
| SHA1 | e88f8c3100290bbcdc224f4db05a77811726fe90 |
| SHA256 | 60107be66c9efe4d6aa0a3864f71d60b3800c8d6400daa36c05609d099b5f891 |
| SHA512 | 0a2410540f096ebd0464f16681b7375152fe8844ad2fed5fe86b352a61d6c65695051c82a36b77156a79ac633943463739752163d48b26abedf2db2c49ba794d |
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
| MD5 | 00fc6e52a02a2d65cb6c59216f43b611 |
| SHA1 | 5012b2d02e3eb8f41ddd23ccde44ddd0354aee46 |
| SHA256 | 3e91900844259ee7bb5ae29930cb67262cdeb1dcabde9450b707cd8e325a9fb0 |
| SHA512 | bc9f9c6461d5b74aa0e504266f5ef50a25838be8056ff2c8542d0df5f04093401baa165421082f8bffc534f498bcd934de58185becbc88d07e9602ad8b1bea75 |
C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE
| MD5 | 059b2e47a0f997e78bde074f1156f795 |
| SHA1 | d281b00145c27096e22fc6b49595c1e7f3aa0286 |
| SHA256 | 19d6fbc8d86304704e2da8fa0ff389f918e967693d844ddd57cf0fbc4ca10416 |
| SHA512 | 8c933b0f842bf105a6aa6b20439e475fe71f27ba35a2b6fa9345dda8066c290d04d0783f096fc0eee07d1c156874c50de8f9ac69a27568bb63b4eb448aae382b |
C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE
| MD5 | 61631e66dbe2694a93e5dc936dd273be |
| SHA1 | b1838b8ca92fa5ca89e1108ceb2630a6ecd2b8c2 |
| SHA256 | 5811b7b694d99c703b4c4bc72d6b7d846d05b2b0f45a7e3e4279cdb6fd81265f |
| SHA512 | 323463c267ccdb701d5967198f4f72158056f5a6e889c47bf19d1a670233ab071a5fe8c108430beb67753b77af1c59028007101a8e1266618fe91fa0127b4dcf |
C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE
| MD5 | 8fa124cf201ec07397fba4db9d1510b5 |
| SHA1 | a0367918846f7c2a5f4d629e5cba1aa59d538411 |
| SHA256 | 6dc9288f5eeb9474b40e1e00757fb9ea004c13cfbef8f02a2904dd85e4ba3001 |
| SHA512 | aa624a167c7e9f7b9a26035c90ca4c491acdecd3f8ae9ef6937b9fb4a4873c97b4eda6951da6cd3801e3c99863bb9d1e5af89fc1d598ba8a2408e96d27b5960c |
C:\Program Files (x86)\Microsoft Office\Stationery\1033\JUNGLE.HTM
| MD5 | 7d0a27db87cbd4243eacad312e5d7f41 |
| SHA1 | 9b077bbd55fc3718e25dd9b80b89423cd9495633 |
| SHA256 | 8ae7498b01f40e9d2a04df8a8a91cc0b180eb9eb64b78129f59a6d6ab547816b |
| SHA512 | 88ed00f2eba7cc1e53fafddcb74c2c1029f2866c4379816b0c53a6230dd5a06eb33092647b36c90f29ebbb7c705fcb065514977acb06fea4cadd43ae144f73ed |
C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck
| MD5 | f1d3ff8443297732862df21dc4e57262 |
| SHA1 | 9069ca78e7450a285173431b3e52c5c25299e473 |
| SHA256 | df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119 |
| SHA512 | ec2d57691d9b2d40182ac565032054b7d784ba96b18bcb5be0bb4e70e3fb041eff582c8af66ee50256539f2181d7f9e53627c0189da7e75a4d5ef10ea93b20b3 |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000
| MD5 | cea67ffae620e6410ed0590dc6ec9b92 |
| SHA1 | de0e7c9e496fdd650fd8ab826e84b256eeb85812 |
| SHA256 | 2dfba633817046c7f559ed4b93076048435f7e1a90f14eb8035c04b9ebae2537 |
| SHA512 | ba21e55aa88dc8b12e13ebff9e67570177db6aacfb606658650397e6423937d882b1e1c93ed62d12de0dfd59791d78c6a73d68e55f343cfa1f85235daf3b89ec |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
| MD5 | 0a9c72f9db202d3c13e46b9a902f4a6c |
| SHA1 | c0ef3c5679f5c071f592f49042733f9542a59e4f |
| SHA256 | 57eb66eb632b72c290761008baf8118400f3a914e5ea4ff8621c3d61d529c89c |
| SHA512 | 2788ba119c86c5f806ac04b1435d0ca668ae665d843d99128cce7b2d79726434d15c2dc0d3d991cd9fd2a492f14695f01a7c5e825211e7a6a593cfb6a85360c9 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk
| MD5 | 3acc3cc8c26b9cd4f8db480174d5210f |
| SHA1 | 0084bb4735d725d16042918ea916d3e39d379177 |
| SHA256 | 18df269c236e68e99a2e97691011172e3c2c600448a13dca21118370bc226335 |
| SHA512 | 614d3e11bf7670772edc4135db9ea0056d23b2b7374bfafd47bb3de080cd2e35b83b336ce3eadda374b869af5f28b0b29998f011455b467cfd4cbd47bc1ab7b3 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
| MD5 | 17240404cc21fa5bd98a4a03b059f656 |
| SHA1 | 17bf789e27311a0ab774e7a293b834c82c425d49 |
| SHA256 | 54ad5402b99458324b0e2a71fb21fe7c0e16eccf508b444034a6585aae645053 |
| SHA512 | d05635f214f250f97319544464039754e289ee5424729d053b5efa90159ddeb6b1ae3902aac8ddc711b5ca51e78aab299f06fd8c19f0d14c9ab621941983a7ce |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk
| MD5 | 98ca7859082dd1dc8570f548fd1a4894 |
| SHA1 | 4687cac842d71ea8ddca89cc681dbc83df8aa787 |
| SHA256 | 56ef96896db0a2f66b66a8513c0c1f699c5c67f1b23d5e7daab3e679e37d48e3 |
| SHA512 | c215566e992e46e77bac8dc462301b82206f499d46153203129bd4b05cd1d22621afc2ae828a998369fd0e3578f575fcc53b429023f74c3d7eaf01a8a65b040d |
C:\ProgramData\Microsoft Help\MS.MSOUC.14.1033.hxn
| MD5 | 80bda6f948a1289beefa36d2ba38194d |
| SHA1 | 948905d56e776f1efa1e026b309c6669b089a2fa |
| SHA256 | 9cb5d05f0db60b9e0d1b76af229fd2a705903d6a1278d4b815faa536a60c118d |
| SHA512 | ebbc2ac06f50c65430f2d3df2dd94434a6bb0e431a48e5929d57b944882f66e488f6abb668535f0bdd5007b92d18d2c4b726ccbc547c60c6adb3c8f5b7f4e586 |
C:\ProgramData\Microsoft Help\MS.POWERPNT.DEV.14.1033.hxn
| MD5 | 55b53f1413edc16c71b2ed8377f7cebf |
| SHA1 | c4c7cc19e754412b38845e6fa4c48d20b1c51da4 |
| SHA256 | 3eefc4790b52024832ea4c03c6e7a781f3ef9416866a959b2777fce101ad9d61 |
| SHA512 | 23301467411dbbfc5b302282dcb483e3d2758f7b4f999f32717e2d758479fab08e553149558c4a0c2f69b8db739a3eca67e78ef8ddf3d6304e5b577044d55b8f |
C:\ProgramData\Microsoft Help\MS.WINWORD.14.1033.hxn
| MD5 | 565aba2aa486212bffe024fefb3a8ba0 |
| SHA1 | 13f8e2befaf22d391595db2f5bb2efd761cb41ac |
| SHA256 | 891c1644d5e29e33e5bb88666853f9531b93a3d6fbbd4a8b01e4e8701f836bea |
| SHA512 | a7a9610937383b8b9feeacacbda08f5d05692cd1550b238caac7a94d17399d689bc95e5afbd7a378e4cb2524d59c3bc3591e975a6aad65bcb6f6cd2e65cbe8ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old
| MD5 | 28e37d39272f9d6d788d86cbf1810af5 |
| SHA1 | aef68a573fb6ec07b0188e2bda3be86c0e79c299 |
| SHA256 | 06ea118edadd836a02b202c05bc7e47356b57e28c01edf1dad6cc4cf90c662e2 |
| SHA512 | 1546ae0b5381c79337a67259b889cbceb216358ecd37e7e70d34ebcd52e3aabf1f13952240670884c8fcc705fffb339d0b6ad63c32e412e23fa70e47fe489473 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000005.ldb
| MD5 | e62da29ac3a82185101eb38cb426322a |
| SHA1 | bb7cbd9ba983f9dceb9fdeaa062f2a142bc84cb2 |
| SHA256 | dc2021c180e2d8367d094b4c07d11bd556d64b33d1fe8bf58e208e8da8f5dd55 |
| SHA512 | 158c590f882fae0fbb8c8bf37e30401272167b76cf26736d0633d4af28c70e91ddefd155090ba13e19c027f8c0546b8176049132370a0068f9c41a413aba5558 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004
| MD5 | 871bdd96b159c14d15c8d97d9111e9c8 |
| SHA1 | 8cd537a621659c289f0707bad94719b5782ddb1f |
| SHA256 | cc2786e1f9910a9d811400edcddaf7075195f7a16b216dcbefba3bc7c4f2ae51 |
| SHA512 | e116d2d486bc802e99d5ffe83a666d5e324887a65965c7e0d90b238a4ee1db97e28f59aed23e6f968868902d762df06146833be62064c4a74d7c9384dfb0c7f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\64.png
| MD5 | 5eba5d7f4a561ec133faf5a6fa54a84c |
| SHA1 | 8ec9a9b74632a3b8ce7189f9c58ab3acdf5aaa12 |
| SHA256 | 0abe90866c4fbc89ae5b4512dde9df1c441a2f5923ee3e7932cf34532a6bf773 |
| SHA512 | 5730894b7e0e4899ae77f45c6a63e02f4a7757e9f9dfcdd24f1029a72caed7f6a40d5bc52cc711a5b4b4e2ad0567ac25373cc019736fec38ec19235e0fb7396f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\32.png
| MD5 | 251a7e1401487e69a415fde9d5128b27 |
| SHA1 | 9bb2d9b5d93e8f9dfe5337014008bce57b3cdb18 |
| SHA256 | d1db33e3ae5c6779e11ecc0ddf3962bf0559582980b5e5a92fd5caf91cb1bff2 |
| SHA512 | b572720338c60d4c27870e563145269d62470bd32cfb6ba4dbecc881632273189946d813fb6c6f4ea0539f9f0a6975c89b1bcf7fe7c297a005a4b15d8a4eccd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons\64.png
| MD5 | 1b09d4b3b183d0e78c9627ba6b0f925e |
| SHA1 | fd441ff31ab04f40acc054b90c34bdee299017bc |
| SHA256 | 2555bb5583cd7eecea012833776c74683ce3479d1c1553733366905bc820ea83 |
| SHA512 | 5426ddbc2ee693f1397c0a44ca5c6f1f8b763189326edfbdae4e82157ffa525937f78f0461f9d9b284a4a2491c7b1fe20d887adeb3ab7a07186b46ab6f5f8038 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\RZDJXGPT\desktop.ini
| MD5 | 53553242d57214aaa5726a09b05fe7bc |
| SHA1 | 931613845dd0e72f1b1a5ba0c89f1c34e5cc089d |
| SHA256 | 1be2b3990b410ca4fb38d1f79019c4018cd8820b69618646c81d22dfcbddc802 |
| SHA512 | dd0a0b9213182c99444bb7fb2eba5b28f521a768880be2539706730693ed9ea462feb4fd46b1deb5e7d4f31a284f2803b476209b451c9dc4d6ed056d71736d64 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7312C164-3AB4-11EF-9889-CE397B957442}.dat
| MD5 | b4202f7fe985b9648b4676e6f70832bd |
| SHA1 | d37c2b3927946ed617455b3c5913fcab0bc1af52 |
| SHA256 | 6cf1b57d59e7111bc218dfb01dda93ac0f776715599a1c69f89035bd20c16a10 |
| SHA512 | 447ea3de41bc400836a5a3df01efe61c2b3d5d646e9310f399c4842c5268d96042d8432d85fde19dcc8f43a2243626e9de850c9ce37d46fe0d0dd0fe5b2b6a88 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
| MD5 | 897208d5df122e307ab837d982b2c085 |
| SHA1 | cf4ca14a7adcbc197cd84c1997efdd076911d608 |
| SHA256 | eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4 |
| SHA512 | b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
| MD5 | 68cf4c147c95c7e6a1e5a6ee6dc7a185 |
| SHA1 | 4204d04da17eea4650c1e921106988ea61c97d40 |
| SHA256 | c38f1294a259a7e943728e76d1a9d2e0992d22f4cebf6de1fb42204e7126d19a |
| SHA512 | 94dc7f770068c869ac5471148e7ce30670a0bde0014c98a295b4c9b68bb5aba33d39fde081be849c625f501bbd66014214e2c5561b8c0c0deba02e9c788ef098 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
| MD5 | 6df9012b2b7cb3c55963499a26309bba |
| SHA1 | 6d7aaa7d2bcca4a8758b398ab7617839203c828a |
| SHA256 | 80bd5cb5a9ca35dcdea1d59b5f1778f4114f6215af38004a02a99a1d37383648 |
| SHA512 | 32aa05aca47a17b6afdbadabe83e929e5a55777c5f5ddb0c854ae78ef403a2baeda46e7f1f1fd7de5237749f43d5f8ce0c95e260ef25e27e20cbdffde41bcaf6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | 3561c0dffdb90248fa1fc2d4fb86f08a |
| SHA1 | f68f30ee52133e400606a6be91d2d982388b43a2 |
| SHA256 | 4fea5e6a3ec5f5474a26d858bc77b6d7bd3ab864ea02d988683fdc648602b248 |
| SHA512 | 6b83e8fc9a2ad34694319eff2972435d2facffb23f6e5d6b2eb7381bd9012a489912c56ab6dfce07ca387b777496f612e63842aa294a208f5360077f37e87b1d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset
| MD5 | 654285e76e3062621bb2a7abadeb9214 |
| SHA1 | 90514492cfadee2303e64fe5bb1c852fc7caf2bc |
| SHA256 | 6c2b87f2b54344778d2eb7f85ae86f2079206f40d185896f7dd3df446533e8a1 |
| SHA512 | 2ddd07e926504fa628db2e422ed2975fe4d0d99f8effbe43025e19634ad34b7f54b5de7be5dd32972377fe67c5a6d8436c525a1fc9db2d8ccfe676c1d9084c99 |
C:\Users\Admin\AppData\Local\Temp\ASPNETSetup_00001.log
| MD5 | c3eef41f29629d2c7796d9c3ee638df3 |
| SHA1 | 65c07cdd1c2108cb27649aad8690f2643d018e41 |
| SHA256 | 04893027370077030b48fd90535706dedb3b2d31e4f6ce5bfbcd1c8578017383 |
| SHA512 | 96898187fe2e319b120c3026a300b06109bc1c9720660a30d8a3705d7cf58f37162d61e904f64b798c4368e4716c3adbbbdb8d047dae4822c131f4526d5b331b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76
| MD5 | 5d52c133dbb0c7dda6de26ed1ca2c54d |
| SHA1 | d61596a342190277c0440fb1eaa096e22ec92a23 |
| SHA256 | 913c6e2c32d99e4baff62cf421a494730cb043924f2c6bf46406573b59c641bd |
| SHA512 | 60bbc39283fa13b09473078627965c153aa35cc330bf37ad9b0827725b1f0fa81e72378d0b88194641cf2c4777a9c4148e6925df180d1315f7b674b860a3d944 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | d2a70550489de356a2cd6bfc40711204 |
| SHA1 | 02ec1f60b2e76741dd9848ac432057ff9d58d750 |
| SHA256 | e80232b4d18d0bb7e794be263ba937626f383f9917d4b8a737ba893a8f752293 |
| SHA512 | 2a2d76973c1c539839def62ba4f09319efa246ddc6cad4deb48b506a23f0b5ddbc083913d462836a6eff2db752609655f0d444d4478497ab4e66c69d1ef54b5c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\TestConvertTo.docx.lnk
| MD5 | 6d17312941a1faa38d468ef03a87a5d8 |
| SHA1 | 8baf3ff443136610abbd848af36f1b68be067910 |
| SHA256 | f3551a0e22b2419de950c0494634af8056cef97bc28f4e7baf17528e5b328f20 |
| SHA512 | 448678214e1eba4aea1e61c332cace9ea65daaca8d6f4e52e274b62430ee81e7dcf8bdf70462b1642f153c656252a2310eee3c7c4e90d49918785370d3479f7c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.Admin\times.json
| MD5 | 0d7db7ff842f89a36b58fa2541de2a6c |
| SHA1 | 50f3b486f99fb22648d26870e7a5cba01caed3da |
| SHA256 | 140eda45fe001c0fe47edd7fc509ff1882d46fbcb7c7437d893c1fb83012e433 |
| SHA512 | 6e6570a7cc802760730db659a4ede4221ac2cd944f4b0d97b0a5c8a9f2a072899e3c3fc5dac336b53f8accde81cbeeca6c5998a1471a2f91eb60e3e13620368d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9tg2k5l8.default-release\SiteSecurityServiceState.txt
| MD5 | 8e19213e1156d922d41679729f7ba8ad |
| SHA1 | 0feefe21a8a6e907bc59f677a1445c27e235504c |
| SHA256 | 44b8aa4d28701168922acf61435ea4bb442f97b0b14ad7a2510ed68874ee2a72 |
| SHA512 | 73fa23139775bb332d83bed892c293331b1b092da27796a9f105321a4a1cd109635940a899ab4527e819a60cb2623da160ca7805ba5b16f992a53f915e873689 |
C:\Users\Admin\Downloads\desktop.ini
| MD5 | 65fe580cf845ed035c4e57ad02a987cf |
| SHA1 | 6a7fc08e53675bd325b0e6426eec4ce52db7f2a6 |
| SHA256 | 4afd6e7f6ef862c727cf5780abfde2094eb56e93383b6e9d4cb7fae81dd17cd1 |
| SHA512 | bbc34c4f8892aaae0831e02cdc146ffca22efff5e70601bafa084bb0824e88c87fd20988e602fdcf649ba0322ea1d74cdd5bc7805525987c4115096173e33b76 |
C:\Users\Admin\Favorites\Links for United States\desktop.ini
| MD5 | 59763dea4943fa0a7ec51296d5f2c7b3 |
| SHA1 | c3b3795c396c3f64ac68d9304f97b34adfdbf206 |
| SHA256 | 6eb69e26de2a26eda48af77d4cec893aa0cf4748a64cbefcfe11a22c1e680ad9 |
| SHA512 | 92c41f07d1aad07acbe943f36731f4739b5bd84822f660459e464262d45f4970203210180655683feb51868735d9deaaf37fb8308d415376bc631ce887b94fdd |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
| MD5 | 393017b9101a884b66d64849d99a7d05 |
| SHA1 | 6fbef1dbdae7b9c1eb817a8c762704f4301192da |
| SHA256 | fb701ba16878b120e90469d8238b8765f8a157f6aabf76d94fd6aa09b591cf93 |
| SHA512 | 175fcd4da63f57f127b2382965a38a9359fee7f7a694803bd4f76e8715ac9c607e6ea863b2d938514e727f539613b7e93ed3110c47b30ff4530c3e142237c555 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
| MD5 | 1477fccb6f5105178b8a4959217a35a0 |
| SHA1 | c66fa5d6d133a7cb7247edd1b32fc6b82dec3dd9 |
| SHA256 | 118980fc1bef9a9da8a06e2a864d3f5f5573b37786bac8709746a8ca26a12523 |
| SHA512 | 1715a141037d97e12c98f91a62bd44e76364af02e8ad5024699e9dc3951d005eb3471de1bde3569a61af8e5127883cc1133b6274928bde3c5ad5840e36ee764a |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
| MD5 | 25a495be8250cc90b02a483e82df99c6 |
| SHA1 | 0f8ca0d9fa83bb38a8a400a893185e589a968742 |
| SHA256 | ba1d859d62b101dc263d6834aaa81378941736dfab33b15243a4bf3b45691735 |
| SHA512 | 6926347d0da33ecdf2af9d5ef5966f2108da941447c4e33ca90eeebf82a4171a1439bb3b285c31387e08b5fbd964851fd98d4c352975802de74ce02b03b7bd0d |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
| MD5 | 9081505b52708b1cf5f639883942d813 |
| SHA1 | 1efd3054cc8a59abfc3e52f5aa5702c8fb18b0d5 |
| SHA256 | 5cad8b3db8fbb29e0cabbd785e1e3449ebcd5b04544cde14c93812a93860cc47 |
| SHA512 | 23b0249a981614c2ac604fa68be9876919513ebddff84aa08e98f05495531f0c4ff7f1dcf19e2b7d9b6040c65e96dc3c210a695f66b20c25b020461cb9c116d0 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
| MD5 | 6ef918fec6062ec3fa9aec3515ff22e9 |
| SHA1 | 7b97afba8180e32e17cf04e2ebc14306fbd37a63 |
| SHA256 | 9df18e83bfce0d614cee8a1ce8ab9500f4fc8c1b39f41acb9b7caaa317fb55f2 |
| SHA512 | 03c347f8c31b3aed7c3b73450b774fac8a917d2ce7ee9bb58e9da6c3121dd6fd88334ce9ddb56404c1d9c9a964319808577f62855d559a66606537651780b7b0 |
C:\info.hta
| MD5 | e750a6453e5279b00edc9ebf45957525 |
| SHA1 | c02330e44f4bdf2a6577d69a3d2caff33f352e44 |
| SHA256 | b8f7f203986267543fd405449544b3f5a4d4e34bc4e0f5daa85789aade6bf884 |
| SHA512 | 80b9244f9960855717213c0f15fc6b9029d6bd81b239ade4390ad6a9e477fd8129df87e16dc98e138ee0da30df590a37b52fb21112accdf742044980c94a6ce0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-10 14:27
Reported
2024-07-10 14:30
Platform
win10v2004-20240709-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Phobos
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (505) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Be.Tests.ps1 | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-400.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcor.dll.mui | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\LargeTile.scale-125.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-32.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PowerShell.PackageManagement.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-100.png.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\AUTHORS.txt.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO40UIRES.DLL.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\THANKS.txt.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.dic | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\nn.txt.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\officons.ttf | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\s_agreement_filetype.svg.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-pl.xrm-ms.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\updater.exe.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-down_32.svg | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GooglePromoTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Movie-TVStoreLogo.scale-100_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\java.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ul-oob.xrm-ms.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-150.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\MedTile.scale-125_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\CompatExceptions.DATA | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\plugin.js.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ui-strings.js.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\complete.contrast-black.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-200.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\ui-strings.js.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_cs.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClientSideProviders.resources.dll.id[06C230A5-3509].[[email protected]].faust | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\ConfigurationManager.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Moustache.png | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "F:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.239.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\3582-490\2024-07-10_405aa37c8b55e9acaef4119148a1800f_neshta_phobos.exe
| MD5 | 6b1885fb6b9cd1c1708c1d820f14f5b4 |
| SHA1 | 237da817af14ec1f4432de9a55d4a4a7bca04c94 |
| SHA256 | 21acc3a155986b946eda9951f0fba061542b1376d8da9984d3b4952d848f2835 |
| SHA512 | b944595d1c594bf295e7b71f5736488e88f1af5ff85f2eaa5e74b76c1acde57103e118e5e773ea922a77d1778321520220472f3aae4bb1d76a906ca812557c5c |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
| MD5 | 3b73078a714bf61d1c19ebc3afc0e454 |
| SHA1 | 9abeabd74613a2f533e2244c9ee6f967188e4e7e |
| SHA256 | ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29 |
| SHA512 | 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4 |
C:\Program Files\7-Zip\7z.exe
| MD5 | 26f7a83fcf6b31b786c91895d1bdf46e |
| SHA1 | ee774dde283164e3728f154a218de091f87d161f |
| SHA256 | 3701a7e99b37d6738cf1406569b5b3a7aef28ef55ad7def4191ba57835d502d6 |
| SHA512 | ffdf7aced2f86ca568eb13c1b44458b5336aefe5c8517c86d3171766f7694f7a6ba112a6ee3511eb50712b9f954d1c3de12e3e68259174efa8ad41f8d55c5991 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
memory/2780-3327-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md
| MD5 | ddc4cb14453391bcb5f4d645b2916a6c |
| SHA1 | c4738d174c90c285e17bf51a9218256f45f96ea7 |
| SHA256 | 0c19ba9eeecab3cbbdf38da08c3fa0266f10ce8166e056715931efc543335eeb |
| SHA512 | 34a32b92ffb2945608439653b5ecacba49fd3312ba5487ba14796c75b07655f0d8f735453dac117d46d204d3f810126f8a189f82c015fa8bb6ea37d9b8e0e30f |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | c5b7a97bda04c48435a145f2d1f9bb42 |
| SHA1 | bd94219a79987af3e4d4ce45b07edc2230aaf655 |
| SHA256 | 07ec9bf950252d0254d4d778698c2e4173f36dbc3f57f51f34d1b85a07c2eab0 |
| SHA512 | 7eb1a26cf8ef725ba6d1934ca4802f70cc22539017334c1d7a6873afeea6236bcd643b52630f7fa9d8a9e692f718ba42cc704ed5f8df17757028be63c3efad80 |
memory/2780-7900-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml
| MD5 | 809457c05fe696f5d34ac5ac8768cdd4 |
| SHA1 | a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9 |
| SHA256 | 1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be |
| SHA512 | cf38e01d3e174ff4b8070fb88ead7e787143ce7cf60b91365fafd01cacc1420337654083a14dfb2caa900141a578717f5d24fa3cadd17c1a992d09280fd8dc44 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
memory/2780-13939-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html
| MD5 | 3be680b6a8edfdeed37bf5068a37dccd |
| SHA1 | 75bc261fc558634731e683e431e4a31c5b463107 |
| SHA256 | 1777e4f7955cb5900c97d92081efc4b11704ee3b265717a7d7152972b49a36c4 |
| SHA512 | a3c8a91689105a14c49b020826944d32540353c56fb9e9a011639ff5107d25e1d3466f0fc487ef953c6bbf0c006abc5204e3a8f0093e1c633013a547f8ecab21 |
memory/2780-19095-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe
| MD5 | 3f08f2e23dc44990f0ef9b9869351758 |
| SHA1 | 8026b7e51c8b3fceeaed6d1c2a6671b63249e183 |
| SHA256 | 75cce63070db3d924f709518399ada2531d12adec577bff86f23be7ea392bb3d |
| SHA512 | 086645cb6611bb2c32b73297b35ba642d6720c18e4da66cad9e1e5902aabf631320407e19be9920b1dd264299ba57c1bd2aa6310c2f9e08c997b2698c4aae68a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
| MD5 | c48109271963548726208b49390415d4 |
| SHA1 | 8e82e810ad9b08f6dea6902c66c36773ed8b4a54 |
| SHA256 | 848a3fea70227011179e46c098c6dc668bc9e19059656d3b32d91e8e819351e8 |
| SHA512 | d3df744d23264b7577a3764e766e94a2a49ebf76b7d0bb59c41dd2ca931341d2104ddb6876d9632f625955925bcc8333c360e6ca44a824cf7958cb1046d312ed |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
| MD5 | 23428c43d7d5f9261115d0dd34e27ddd |
| SHA1 | 8f50aee69b1eafa3801760a4114fddae7f37e700 |
| SHA256 | 04801c256bfd4e1365d425883ef20b51ab4af6c45c93a221bf63fda418b395eb |
| SHA512 | 4846f8b6b6e6d323f3ebf6f43d0ed501520901157506f3d31a29e7885186288da4c0c6123effa944c63948b053546fec64d746eb5a6185bce6dfc5fa9e1d09ee |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe
| MD5 | 1f2faf4cfe37cd2c874c9646121c214a |
| SHA1 | acd0b74b2a39f2b58c2a45c1c4d29e0573f7d638 |
| SHA256 | 666a4b362d5a895ce7e20c15a8743ef6d838bcea568619f8d4a607338617c1c2 |
| SHA512 | 2ca20ca809338d248b76ee0fa30789ab173d8176f7c0d957f3ffedd8780643e7ee89653aebc7d2c1059ef725494f402b51e36d87f625bef3665488ba1c04cf13 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
| MD5 | b43a07a463c9ad9d8419d986dc6211de |
| SHA1 | 8c8db898325d2d3bddae171773ec374d85fef90e |
| SHA256 | e0d6fce3bb1d440b19a18a3deef77ab4b9e24dc342ed0139492328d638178e54 |
| SHA512 | 6036525f03bcd817b80283dd18ce3f30fd09f2403429c056c1f62d59f44179a9e0061bc72fb3921f56393cad82c8c6597b7929d87c8abe57991e595956ff7f73 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
| MD5 | 53c1fe84fc104fc689bc136aa75c3495 |
| SHA1 | 5a7e7781ce46ed6769b6f1abae9e06e2b18e9656 |
| SHA256 | 4bfc03ddc91d5df39ab8ee2e50b83907ed9459c5553e671fe547cb31ff85b1f1 |
| SHA512 | e6d298b4970cd7af6e7b95242477ab38184592517ba297dc56ca8d6d66d3d0c1a7c594087ea434e97f6c1924ee86e952b487c552c82ab32d3f856156836f7125 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe
| MD5 | 1f40eec06bdcc9e949b1259c5e61991a |
| SHA1 | 2cd91e12afb44b2ca62e9e82e95aed01fbca00c1 |
| SHA256 | cc43063ba6f50fb20a2632be4fd156d388c4ca6d527594c70477f5c4b6e13795 |
| SHA512 | cffc55896afe44dd3ee213425ac1bca9e9104ecc9e283844709764a828acafd314d251e14a78cf8062d58447a20b59ec340159264e290b779bfbac7557b4d636 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe
| MD5 | cf9ffb7ea7001f26fcb3d5f6da2aed64 |
| SHA1 | 479e5310378d1e773e4b38cedaa5266eb82cf79b |
| SHA256 | a4a5394541eb8a08d54a354f9cb445e577e54d22ee3679391f9c0ca07672fcc2 |
| SHA512 | 1af42e32c203aec582a0f561297c1338cdf92be5b46a02984515a6c4ca5cf45429c79972f8e1ab5f1a2cc0162ea5e61995f01c3179f303a5c95419e360139736 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe
| MD5 | 69e4ba1f83980700b6676a20dbf7b3d0 |
| SHA1 | 030edea5f616be1bddd9af64a23aed89f5e14d5f |
| SHA256 | b5ed2baef8e4752fa2f84d711597c0b9db1d501daa501067c5345d8cc2c73a6a |
| SHA512 | abcad716ffc648bfb6380125e9e1f2f728e39b380ed6757961fb8f4c3b87506e70db0f7a0dbc69636b6c7c75cedc978cb4e917b63db1e22f97b29de9e3a72267 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
| MD5 | 33ff04415f2d8f2a29ff3908429a3c23 |
| SHA1 | 294ea591d235a728e5023397e1aa32e7f9cce2d8 |
| SHA256 | e3fbb185f7debf1ab7dbb0bea1c19b69473806855bb8efb267606baa3b01964f |
| SHA512 | 99b14b21d06ba857b43d9b6db6a11c6feb95e6f279e8f7aa182d92a2688bb2f946c75cdd7b4849d937944b1f164e22f1ce4cf1c6352367b47b22cfc800c33d52 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
| MD5 | ddd0389389450f55ce1a1154fc6caca2 |
| SHA1 | 7dde57eb3afe8d0f1d413c278e342604e1df2427 |
| SHA256 | aea9fd9958934efe57f14b2e375af4bea0acb728a61a8ee3664efa938cb840bc |
| SHA512 | e6e3efec88f74a862371e3a20404ea043f12b1a86f84db25dfc3eabc185b32713b8c168b7ba285fe2d7ac8bb1900ba421a4b1e49b78b6eb36a09478afd7bba38 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe
| MD5 | 30d7d53969ea68a8d4b36ebb2cbba7bc |
| SHA1 | 2456c3af5412ede0f510db4f65569433da119f27 |
| SHA256 | bbebb679023fd1768537ac4436a0a4ad0bf86a162eb04b3e02e66059f097f905 |
| SHA512 | 8152071217f67a8f816822f2b6941036d4256dcb24e6b7cad9cee99c7cc7cc0deff61340f43f4e4a925100b771a43b1fc72fab3a521601adbce693b4578449bf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
| MD5 | 92a8dc9a920ba826b3b157b0ebbed944 |
| SHA1 | 7c7591dee9a384881dfc06ecaf609a76b22376a7 |
| SHA256 | 0a01fd1ced9979f1e2803bd3623a84c6a1cff9d7d76b474ef8cc49e5e5be3e66 |
| SHA512 | 43fd6cc0fd411cbf263c9bf7c5d785c1581851cc8689d1e4e3b7e04f86e109d5bae9367b674c799156747ac24b1295164dd982766f02004acd75d306f38d149e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
| MD5 | 95610f9dcded01432d179f76a715400f |
| SHA1 | 435b7845b5dc5c1d3348640277a231be146ff646 |
| SHA256 | 4f97cdcbaf61c668233cb0ffe7a4868e287bfa2ba969760ef70c20a703354dd3 |
| SHA512 | de4b305b541a1511780e6bc3a759fc1c64addb96290decc9fba6d4ea42a320aa422c8ed55a7b7fc91d308491f711243b42cdecad47c39c47cbd418106a8ee0f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
| MD5 | eedd2d13e3671d589714446755b78b38 |
| SHA1 | 2fdd23507187a259f5a7edb01611a37b6b09f4da |
| SHA256 | 467082e15a8ddefd51088e12a6189f9923dadfdf363ac1b0448ec43dc483cb3d |
| SHA512 | ef47a62ce6ffb0c5b34b2c6d72f5874dbad4109b98aaa21f56b8b2d83471f5ebf983f6dfd889399abe4fead6296cf2ca3f409a4aa4badad8cc3c48f688323837 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg
| MD5 | b651e9101be833e87337050028831efd |
| SHA1 | ee594ba38a6324369ffc7b4dc89407d3436e34d9 |
| SHA256 | 4717e5fb82c0ee85a7c97d022f410990a62efa2492070e42385cfeab67afd619 |
| SHA512 | 3552858c2a688c95a76c0bb8a6a76b119b744b2e8ae7e7f30135ccd8a145318762faa52c1783a639fb179056317caeaed20c15f211db1d45bc957bc3ce591aef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg
| MD5 | 1bf37c0336c12ccaa1c62386acacc858 |
| SHA1 | f1e187c79588e4e9fce931997443d7e5cafd1db6 |
| SHA256 | a9044f3c6877f4fa6789bd90f11813a22696bda53e0be17bf52229b70fa87673 |
| SHA512 | f75100874b1dd43c49f54a9aa4621e8bd1efa84359ce44ece2444b639c7bcbddf6564f6c4be089f5d656550c7293b9f5ec4a4b20880939fbeb5ebc21e30866b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg
| MD5 | 81cfb9735fea15ca8791a3c34a78d992 |
| SHA1 | 9b4962166a47f5edc62e5fe3c4f8772446db9296 |
| SHA256 | 3d89171c24a889bce28f04adb60f08a141584b7c345b158536a72a8070c252b8 |
| SHA512 | f6ac853f4012ddcb29e5079ec00bf058343af1a6d6cedbc9613056db0575c77e964b0864c9693a6e02a525d5e13ccc54e0e7fd938ea39c3d2c6005db959b346a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg
| MD5 | 55215e8f92d35f26cca06fa9d5d221e9 |
| SHA1 | 994838c8df5921e3828749a7703ebfa8383e43b6 |
| SHA256 | e94ac27227c8a25c3f8ede219fd80ace01e7176a12111125b31ae1dcddd487ae |
| SHA512 | 7972d3fb8c305a1b41f3ec4a618c9904c1e655fc757f1dc83f9d9041433f3c30e6708ed3d4fb3166cc41d9773df3f159aa44333f76fdde28f317676046bc9c67 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg
| MD5 | 2807924fc18c958c38a7004a5dbd4091 |
| SHA1 | 85534040543c3306284e6a475999c46249a35e4b |
| SHA256 | 0345bffb28f80f4d0ded1a2af09a337b18ab3a80c68205bc8321a6ad4d409500 |
| SHA512 | 264d29c6b920b3005ebda1fdb0e0ee6e17059c69d63969c61ea4b5c5464022166ccc04b2c1f69b91052c3e3dd551a087e8e5379d2a62c452184a12b278a8ac3a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg
| MD5 | cd5d2472a2bf9ac7eb4e15146b30bd2f |
| SHA1 | bca600423f99b87df44fde9d96ff874017037afe |
| SHA256 | 038589c0f8f0b9fbed7fe7835de0237de4a28ea404078955a78c0b8145fa323c |
| SHA512 | dde83047b85cf0afd4ac77c9f4e850ebba48a1e1d581ed78c30733f58a9d5e2e22d34a2b2e57e4527f3c314f84922c3aecd6366052d46e0d6157990ed888a27e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reminders_18.svg
| MD5 | 3f16cc51cf788a50e6cc1ae60897bbf7 |
| SHA1 | e5a8c8f5227ca6da79589192892e81b6a3f43686 |
| SHA256 | 30f1d12f90b61f22130b22667f722aeca0aadd59ba3e19d866d72a99a3f0ce3d |
| SHA512 | 17686bb9e01aa108b9b62b33bb70bb8aa35e4d88199281aaacbc8d8da7d54f1f353bf31a109dc22a4e404780ece4cb3d23f0ec81f80e9553ef060011e568134c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_hover_18.svg
| MD5 | 30c9bd1aee3794fd46bc99fc2a359212 |
| SHA1 | 9817640da0b98babc461d277a39b323dc9a76cd3 |
| SHA256 | 4b10fc416763ad7b65a6d6fb3c0016505ec5aaa7a117021a26e4dd6d11fe7d1d |
| SHA512 | bae367b7555f5f7f677abbad1dd548225c2580ffe21bcae5022f8eecf8c97cfe8f7813fd86c31a7f9052c174610ae9d2ae21ac22b381701975492e2386f67f94 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg
| MD5 | 0498cfb8aae1383c049e8ccdd85f3abf |
| SHA1 | c5fbfcc70b441e91a5ecd23295c745aaf076aa4d |
| SHA256 | ad125b854735c81b5782a65b5b006c7c991e28688b6dd8e5998f432976b9223c |
| SHA512 | 113f19bf726f79473ae2b4406a76676ec0bc4709a26f374aaa3bbd9d0b5790ee4fdd8ebe1a3ab68995973923ae33df7c1c6798e93bf060643c14acfabd4e9302 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right-pressed.gif
| MD5 | e3c4dd21a9171fd39d208efa09bf7883 |
| SHA1 | 9438e360f578e12c0e0e8ed28e2c125c1cefee16 |
| SHA256 | d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb |
| SHA512 | 2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js
| MD5 | 0d3a12fd3f68decc694da04b57e61d8c |
| SHA1 | f73d4d591f6ef0b2b04fc90d2e840329f7590743 |
| SHA256 | ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76 |
| SHA512 | 2c58a879d4022b441056c85c301ce26401da5f7bc9619debd35fa3bd98b5f1cab8f21e2ae5a177865c64e741dae18f39f99fac1cf00c468ba0e281037d5e883c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js
| MD5 | 68b6f0644d50595a97c9fd60b8d8e697 |
| SHA1 | a4d0edf9264ce1922dc419c7f3b3cedb2814bea7 |
| SHA256 | bf9b3f1f9a3a163d41b1b20a2c410355e6ee72ae97725a7bad97ad23993b0b5f |
| SHA512 | d1a26cc27c302f06419abf97507c0a4d06729aeadab615acaaac0c3fcec6d7715e10642121a4d773ad3d5f613030728e49fb3d07303fad05f7a342352ebad003 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png
| MD5 | 65c9f3fb24b80d8c470d518f901b9c60 |
| SHA1 | b9521c39944357d4b55b91f9f3739575d1f3bef1 |
| SHA256 | 8de76ee7eb6b32c307d4a46a43ac55bc15b917e2a24d36c3d001878a97fd39d6 |
| SHA512 | 6572d65abd587055a69980558b2568266ff76555faadf3ddc93fa65bdd7a009a2fbca10f37f44c27ae889d3de99a3673c2b9ba6e6456242e951703fa32d9c636 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\ui-strings.js
| MD5 | a778c47dd8521d6a12093b3e97ed8474 |
| SHA1 | 2099d940cc672373884e1c622bbb606e9e9438b9 |
| SHA256 | d5343776747d802d64faedd9954d2a4bf555a6cd85396c55c39a8fce4c5353a6 |
| SHA512 | 7c9c9b406c1b79b3298e975abb3f64927b6beb9e8784b75927e19ba649936c19f04d958d07499a5d5c52049cf2d3600e32f6f437c98b2946a977ca82c71e7224 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js
| MD5 | dd24e91615f1963a5c64bc9878a0a8d5 |
| SHA1 | 407ece3322d57d16a448b5522d4f29229f80b8b1 |
| SHA256 | 4cf9816ed1062189ff0c8d427fba5e912cc68fc9af76cf7f08fd255977de3b33 |
| SHA512 | a88d5e6fcfd998b0abe79b5b314f3f83f424be9447dca01e1a64a3e7313eb247baa894c10c5758c6788cad27582c09207d00d2e7bc41515e7f1751e05aa812ba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | 3f7323acc829bc8b3799148d439b3d47 |
| SHA1 | 3d3c540c4080462a8013d6db9383ad69606779e8 |
| SHA256 | d9de646d51650572b66a6cf8a52ad1efd46b7a47830fa7972da0bc05baa2fad0 |
| SHA512 | 09e2a175dd874ac369331fbfd863be20c9ecc005bfd6c7eeadac071804653265e4f7195d70058f2f73951a6a6e202fc96930f2ce71c2d815b228edf01729b559 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 7ab2ac51d33778dac850c5dd8b4ba45d |
| SHA1 | b3f47f20c438aa488fe835e0145c014853ee48aa |
| SHA256 | ca17d6cc1f7ab317c34a7cb767ad017163e71726ac648518679c6b1c59fa86dc |
| SHA512 | c14ac0ad209625e0acb2ca9e0afc5f6c98901b01f92b675d073b72929455f47ccf29cbfdaa248c602b02fc2bce484c56753b1a54e66f6ce9df2ea57bed88962b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ui-strings.js
| MD5 | 07bcf4e882ae521ec6ddfd0bb2a608db |
| SHA1 | 88e2ab25dec6ba9fedced9bbd21da03639da9409 |
| SHA256 | bc9df2774317cdca8e5a702f249a6994fa3b63852e7749124e82ef1f37b89aa6 |
| SHA512 | ceafee63fb03e94b418bd87c6af91a53c9bef53b86eddb51a7aee77d8ad5e6654045da12c3c28f3ab4486d2f6f135f7f834790991037708b0301085f62e22fa7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js
| MD5 | 0ec670fd70f5e89c3d2727df9f2a5398 |
| SHA1 | d19c88c8e11361d4f29719518b8543e0ecf5ff09 |
| SHA256 | 8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3 |
| SHA512 | a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png
| MD5 | 2a78f84427d1d591409740722e60d793 |
| SHA1 | 304f17d9c56e79b95f6c337dab88709d4f9b61f0 |
| SHA256 | 4eae979bb805992739f77e351706e745076ed932d3ef54dd47ba119c4c2fb5c6 |
| SHA512 | d687c646bba8b801511a17b756f61a1209ea94938940fbe46d9e4893f14606f9e1e5ff468ba4a77474603f5cdbe0cb9df3d24767e5c9ac81a0b373dcf4a4f3ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js
| MD5 | 1ea3b76135bb4a589027d6243075a936 |
| SHA1 | 2951fdafcb862ef53fcf213572368bd5e08094ad |
| SHA256 | c960c819e997c1c9d080235a5e24e65059b63cf66b95ff3da9a44773ebf81c1b |
| SHA512 | 3c10075e71d2e44535e19c8660bee7071a110d07dbef67ccc4cc94c45f93afd72f8ce6b24be31e6193549823b7db204e20950e5c1a075ae159c39682db295d27 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | c7fc95def1d53bd3e747248ecbd3cd5e |
| SHA1 | 1b251f02465f9c7dce91aac5aa0679a3c34318e8 |
| SHA256 | 4049b739e6322c7d7caa241ac41c8e0b1f2893957204a910c9708c7731a7a8b5 |
| SHA512 | f4b90435a3b250c1d3dc8df9bb4d331dfe9b1c0212eeb1768073afb81b3915fe61a7c4af151c8090565f778dbdf1f4fad7b5f545c9a21b7782cd7671be2ac96e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]
| MD5 | 6cbbe3240a203b0ff387d9bbdadd49ef |
| SHA1 | 2c65f6ea9acd8d164ece87edf2f142942d8cdb42 |
| SHA256 | 7b3bae54e7a2931a1957c1ca23189cdf913f567e92af15089f033b99e33351f1 |
| SHA512 | cdd8e32fdf610a0c00f7e8093c98d421f6c60bb75be67fe0a22ca1b5144351526a2b56ffd955f350039e4dca823e45a3f1f4595c3f9f209b3de28cab972cd140 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png
| MD5 | b513ae819f7d8d10fa4f6cbfdf055b22 |
| SHA1 | b4228971cceadd4a698f3c206d8f4bc24a37f991 |
| SHA256 | 25778f162c4243167f8eaa876f1b0619e67afc158de7805600471a563ec5e8b7 |
| SHA512 | c11266406d79494f7d74f8f8a5f955e2bad14b8924877e882fb3e7cc7442998cf6e7a9be3aa7f1a945af8bb2add9dfcdec0ef54239f6ee80748d77444dafe6fe |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js
| MD5 | b17a6a8826832fc2e1098d0286242861 |
| SHA1 | 8ce2bb5944d61be2b628fc80ebabc769768e0b48 |
| SHA256 | 82a1cc52037ccd1ee4a73cc41b86ef4c9b45db28025d56105566bbc9f06bc41f |
| SHA512 | 688757cebb6aaf1a9948ce1dd30318ac2b7afb7a47938e6eecf1bbbc1be058ba78744c208d71a9747ae514242b09322489ad314119cf612a7e4a717907521962 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
| MD5 | 651bcf535ed50ffa7724c8751bec1a66 |
| SHA1 | 5758c4862740517ba28026c298d1b3a61f43716d |
| SHA256 | 359f38eef400e2fa3924a3258652e74ee19cd46cb92e47bce91f1194fce25e9e |
| SHA512 | 492b73f1622e8a1a064141a2edbac9fb29e5f604b629b063fc7251289d237e50721e1295b4f3450322fe72f01b57561a79f0ad4b3a20290cf3214ccf0204d372 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js
| MD5 | d3e4c2fefeea6e6c467df305f7a8f3af |
| SHA1 | a4468bf4d5abcb4d720b0fefb396dce5864e4717 |
| SHA256 | e9288289beec2fe3b6ac24c1311451c8d079786a09515b95cbf2eda7f87f0b22 |
| SHA512 | b81a9d38a4a6cd54c2081289192ce7aee3e34d71f834c9b94eac8cd79a5cb90a0dbd3ee0da89be68e4fb69a82903c658addc272a9d70d8f8f8f8cff5c2c18f10 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js
| MD5 | a3f07671642038caece41ff2a52d8673 |
| SHA1 | 53442624b01b79a3729a23d4f12efc8dae4b1002 |
| SHA256 | 088d391d696ec15140e7b4dbe6fe17e95296af9d09c7eeff17a0a9c241925b89 |
| SHA512 | 5d1ab4b072eec924d13d760da6aa958cc81fa58cfec3de8ff239d131d37b31cdd547eac0fa5ab34c060f0f28a2295e071a1a9573815541c5b92cf0c63f11bdb7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js
| MD5 | 74ca2c01b07af0dda4bb39ac330fc49c |
| SHA1 | 7cc7781cca7798ce0940fe9be999e85f8b5064e1 |
| SHA256 | ab9ac8d62fd064748c921e6bd4c123f5cc8910a384d1804bec33ffe27da27c4c |
| SHA512 | cd71201d364c7cfc9d317f091a9dc318d77bdc7340ec4abceee2fa23e3f58cfb1a8f45b5216f5ebb40b3738fef28eeb37717b2508aa1369316da6b7c82c510fa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js
| MD5 | df3b4d35decc08d05ef8ee0644ab7274 |
| SHA1 | 6b0381b9ee40dc8470a63218e5cc5feb579f7334 |
| SHA256 | e27e5eb93a24a2d866e30bf027e4f0c3da9fae8968cf5eb69446e7f668356164 |
| SHA512 | 257c770416a94f5b79ed837fa0f5e7926cede3ce06c1a9b819c1ca77c645f37bd366564cb028b0ba6afc5444aa5ac774c3af36cd7c108164d1000254cf85c94a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | 39e7048d412b94bb2dad145a2daa5875 |
| SHA1 | 08778bbd84d9411f2e531867dffe45fee5d60d24 |
| SHA256 | 4985216f1f370fff03c45d4a711c18b3f49165f8278e6cfc231bb38b920095a7 |
| SHA512 | 65803d69def3517f0021a291748b55cb5bb2e8437732e6cb9b99b1f778f766fbff2c484b664d16ccbedcd51c14f89e99cd5f977cf97d680eca78a9d4f8b87fb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
| MD5 | 92f1f77de0ce17e9486d53787f69618e |
| SHA1 | 41198fdd6a18321c15c3d4647962e687fc036af6 |
| SHA256 | 4ecb5e390829b5b11dd02db2f22ac1349e32a24e5bd3a8489f6fb5fb0f07eeb6 |
| SHA512 | b389c8364936fbb96a407fb1a848254fd8b7bcbde05637ac1acfb48ba0b30e887dd44b2447e1e3eb75a902241d67571584a819927cc8d0a91d325f5df79f12ce |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js
| MD5 | 72542b122d453927f3d6c59552165606 |
| SHA1 | 6e2b7f049b60f10edcdec06f357114448c0896f8 |
| SHA256 | 3b17f8b83bec3e72acd0d014f58e7de206106a7644bf3293f93c7456ced47419 |
| SHA512 | 25eade5c88cc35325978ba2e103050608fed4330a1677280eb2e0445946a3367d26796ca1233aa6d7ec4c87f04faf7706d82c72b3f3485d80c18e088813f7a1f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png
| MD5 | 3d55e1e012d3824e53e84d404a6e2f2e |
| SHA1 | 9983296698d4e2736faf1c529e8d27f8071d7939 |
| SHA256 | 6559f403524ea6ef9bf2e1d0bb66d1af8152920fb002ec2c4ced993083124a88 |
| SHA512 | ec75d4dea30bf7567b2f6e30ffed408815c57680a38659f6055d770c85393d8a5678d38a066ceb7fd0ff9c5ef49cf9fd73d7e8eae5a9a83360a41ca74343f576 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 421cd12b43e660f10da31bee36e85f4b |
| SHA1 | b568bb931d5bf4b5805d20fc339b06f9b3763c9d |
| SHA256 | ce7c16adff608d624a412164fdc692305fb461f4b14f9167e6efa78dbbad12ba |
| SHA512 | f56bf5a7a713cbf018203c24a7f9dd426a2cf018cb3ddf9e27f3a7765be3571339421fa5a2cc68f677eb4929a2a2835238a723db4de07bb0634e3f151878ac86 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js
| MD5 | 7d8302df4582de342a31d0335e979ae7 |
| SHA1 | 7a3e918e23dc8002dfbe1695f8e8fd52db995d1f |
| SHA256 | 899ad5e0b3501d7e00d2f3bd3c7729b4223839e8629c61328db0f818ba0870c9 |
| SHA512 | cbc23b3285f6d8d72221d0fc05ff59336402005e7d3f50d66249ef6076648ec2e22d33ed64f5436767c123f59d37dae45270a259153ed98b885f9c43ec9bc2aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\ui-strings.js
| MD5 | 0900039f6502c5c4418f5b712f0dc94e |
| SHA1 | cb39e28be0988298003a966ac208c54f83a6ae27 |
| SHA256 | 7037318dbcb8809fd3d03ab0293d58666df18363f0144ef65b738ca3fbe028f0 |
| SHA512 | be9fc36c81963737569c65e4f295f347585bcec88b4fa6ef9da1478f4e0f947b64b8ccaaffb816a74216f713060ae0a56f58c3bea1d12b16bb8488a7663db391 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js
| MD5 | 35d5c7b80ed270a94872c0e56a6c59c6 |
| SHA1 | bbc4ed04ea6c922213d7cc19c62c3c4cd23b7113 |
| SHA256 | 5c03e31975b96b3d151d9e034b884cab9c6fb29576d2b5653c375fc5661b6dd1 |
| SHA512 | 57ec341f6ff49f24516e117d5c0b119ba4c62dc0537cfcaa15bbba248729c06d29ca224462bb331c44ff1b3abd724df86d0b2ec473ae9f5d54e31ae2002e8bdd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js
| MD5 | 29dbb24810bdd7f802c1165f8bc3a714 |
| SHA1 | 9ed5ed2ea58cb6d9196e8d88fccdd8f0d522ea47 |
| SHA256 | c9fdf06266cf9e6d61f7989471abe569239a93cc2c0f65a7c596a81af8d6a67f |
| SHA512 | 3802320bcf7b20a6656460456d5b03ac4f85e4572d7530518dcf99f28162964adc211c5adcfb7ace603b6734271581cea26c9e85821b88b1915e13780a19ec24 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ui-strings.js
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js
| MD5 | 7a232b079f30771ada44ab6a1843ec14 |
| SHA1 | 72349db2853443af021d538be9417fe32369d2ab |
| SHA256 | e33edcde1654c47b3f834797623932ff5dd99a4331b255b60452d69d61ccfb4c |
| SHA512 | 431073f497196ad03ba92a8087aa6c50717ae137b05aba341cd8f7ec1705b46f2878b30455c10d7339f89ef16022ca5d054b0f96e5956ef0590121ad8e1a6638 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\ui-strings.js
| MD5 | b54b9c5d611b062aea9d8ec0d192335d |
| SHA1 | a6a96602b80181ef494a0da49dacae1c44f7c739 |
| SHA256 | d70a13e9b9e9f4026679200872160d667979bd0ae57e6527d44090e49bbc2c83 |
| SHA512 | e56e4a0dba26c3bd824bcd397d495249466a3732bbe1466f9ed1c23ec3a25d79e44e360fb5ee5a229fb24d6961ac32a2a57d0a29fe669e767bd33b956f57ebf5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js
| MD5 | edbd91ead174c60fdacb765349ea4fcf |
| SHA1 | e55660206658be80e2033a93abd8854653246eea |
| SHA256 | dfd68e26d32c27e8c7d096cd558b12da3228019525baaa2d4b32030339fb0b6a |
| SHA512 | 9c664370c6c102a0e6992f2fe711e7fe7f6ac732a8562bcc1839a0d99d828e4ab0b3dc70f33f3cba444d04161d0df13b70e72b9079c5aabc7a85543168d58854 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ui-strings.js
| MD5 | 5af99e838bada8e34b660d7fcecae2bf |
| SHA1 | ead4e402f4696ede69adb3e4cd694e7d52925844 |
| SHA256 | e3f604ce27fb93d417b9e8a4a5f10f6fd17b59a76aad9754ea0cc5c56b31687a |
| SHA512 | e69f6f12a51382491b4bec6f19260df249dc6dd9a33fc590a90a055baa5f6dcc80894e2c65ecc7dd0d10040c90740dcfcd2f98dbd1f2fbd94c34941897f6ecd9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | ffaab524b0c94fd06a44c1b5b683e0dc |
| SHA1 | 17dcce5e4d3b9f718c902863652cb67e060e2f3e |
| SHA256 | d0a34414103960973357a239952bb0fab5f988ccda1b67ff8e6864afcd806272 |
| SHA512 | a7ecbd3e9656cb0fc1304b4b86980e97680c73b673c4284bbca08c4a3f3ade0699a7de61f0905aee9d521da4beaed61d3ec943090ecc44833118f1f5a29318ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 45ad813c887294a1c5c88358f6e6fd12 |
| SHA1 | 45266d0bda31888b67b10c601d303caca8786d30 |
| SHA256 | 91ed5badd0d99f45c65c0ccdec04fc59fffb1f6d055a4d2722dccde82a6bb73b |
| SHA512 | b06ab5889fdf50735ff0c3cfcac3e526b9f32d694ac631e7c2a06eceff357f17e92540df5f84426f8e8f75726c1e7df3592f1620728b70a4b5290c9e49e377f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg
| MD5 | 9b4c8a5e36d3be7e2c4b1d75ded8c8a1 |
| SHA1 | 1f884298931bc1126e693e30955855f19447d508 |
| SHA256 | ad47fd9e87159d651a53b3dfba3ef200684a9ed88c2528b62e18f3881fe203b0 |
| SHA512 | e1acc0b10c92c2895fc916fc8feead869e04315e5e6e279f8e61b344545103b4c9ff808c9ca2121d1b013879071364f677da128caeba89bf918ec2791e5ed094 |
memory/2780-26370-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adc_logo.png
| MD5 | 5c4cbc56377969e41dcf39d60690feeb |
| SHA1 | a20120d0d043af4d3b6a72db517ab8a623b3febc |
| SHA256 | c0601bc1bac97e69da3ef3e2898aafe64aec5ae4f3ccbdb7649471f76da4ca0e |
| SHA512 | 4accc91aeb47949f1137ac69a0740a25c957853f59ff8d18077e64b1a3262488b71fc4bd45714075a0652328e1a49a602c7950b86edabbbd7e5abbd9000b705f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
| MD5 | 6018a4862e3cc6b434d517a47858a2bf |
| SHA1 | 23769e9ae485bb2c35630db9a6ecc8a40c2207cf |
| SHA256 | fde09d85ac7ec84dc0b5f2bf1c1f935b80a3e45dd9257af499d412302602f310 |
| SHA512 | 4fae17ef027649315cbc73ea47a2fbdd8c8c05b9d818af5b41439e9e5fd81d62ce13f6ad125a2817d0bb4b24a831358803c53003628520cb9c2a8376ac8e1aa3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
| MD5 | 5991993dd41d6d2b062d58bb70971e0c |
| SHA1 | 1a75ce12ef1c4cb6a85225d0bf4f68d4a3edfce5 |
| SHA256 | bd66e8f62d34f70917102405af895c0b07b79c13fd2d1ea65ebfba3bd4853aeb |
| SHA512 | 75511589b1937aca668348061728734718d02065ae76446b61e3292834709e3b66f2a453717fd593a8fa1db92ad7b97af03f7d2e7f5538716582ae7d8c11e09b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
| MD5 | f2f1d5a683617b2bdb6cb0b1eae67135 |
| SHA1 | 3e0dda160b0f8b963dde8036b45aabab5d86504f |
| SHA256 | 96497e49c11ebeb0f73bc01b033b7f45cd9f8eee478176e11b1c7342efa63569 |
| SHA512 | cc9688ee19a6391296abbae9fb1422a6d72d87b7abe8552e860eeb092f8cf7e6864a7f06dae6a60784b77353c38103abd3632492f8b33b7b3d900531cdb673b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
| MD5 | a7a19c86ac01e03111c30032ba417b55 |
| SHA1 | fd7f42ef37d82cf1704b65762a8bc6b4a868234d |
| SHA256 | 494032a3293df271c7cc5d26a5753acffc5f6df811d024e9b573f2fa380f3591 |
| SHA512 | 728d4755dd7d21c5ca285906d5f043728fd089de42d2fd04beb514563224104f7672e5f5144e4ed68770b933dd1069d76b26d140eb692d83d907176330f3f6dd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js
| MD5 | cf69901e6d4609009dff8be5b3045c96 |
| SHA1 | 712afbf4bdf24b6fa059f0fcd837449d75432800 |
| SHA256 | 16d0edc8b7ad7705b23a14058f366ff1c0dfa16a0ad14f741924c308754cf8d1 |
| SHA512 | 84b63e071f56e8e406fe361473dfd6eb17daec1809eed425b1b977f0135d6a78a3375c9bd1a65daf1ac7977f712b63ed735eac8ebc91e55c1a3f366e288a9ed6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png
| MD5 | 5e0d423694dc87169e1124f26d755117 |
| SHA1 | 340b47ffc7ffe45c30ce927f1c839d01600f6161 |
| SHA256 | 68df674391ddb32170020e5b55b8df9ac1bb5274419dbf8748ce53efb18584cf |
| SHA512 | 17ace592b7b00dd530d923711160c39417b6c6412c3528cecb002fc065a16dc439555f61e4f6de7ac86291cd9cac5f5ea8411bec8ffe043faba887026fd2ec77 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg
| MD5 | 8c8fd1cfdc60f513bf20132a1d5aeea2 |
| SHA1 | 40167e542ddfd848fd138e2914dbb7f116a8f99f |
| SHA256 | f438a4e713df6a982afbe2eec993cd582edc37a876fee88e1ddabb478f2b5ee0 |
| SHA512 | e5a985404619bebfb615d4b5378942b56089b40170e4072c61eb9ddf722639941e820f039437b59cd3859944b3e06ed72ee49e879522e81fd9d49b56c8e40d35 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
| MD5 | 8ab4b211dc3d2947d2466033f6d524f7 |
| SHA1 | 7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb |
| SHA256 | 5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee |
| SHA512 | 0b7e9cda1a82a15fc9492a35808bd1ea43966cf5e55d84b9831f79d64f36a66583a14f0ba95eb12098bf9df6a95eef0bec6606aba1cf56bdee0e046aa60f8d5f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg
| MD5 | 2518c2304a390e60d20b53b101fc0056 |
| SHA1 | aae24d58011859ff6986508882dd7eecaaa7f604 |
| SHA256 | 03e98670a1d9049b8e1f02c4fdd449d098465f7578ee0eebfaf3f138a78301ae |
| SHA512 | b7457acf824d68e7728088668cd8d44e06566dc71d156db7e9480b957305f2268778907a8e93e4e2d1937b3c3cbfeeb327399cd7f33a60274d91efab2ec3f534 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
| MD5 | 6b0a4731a12f99ceab2a3a60aa2062d7 |
| SHA1 | 22105cea1a8f82d2825ce76553abffe85687e804 |
| SHA256 | da0864d98fa6599601257e4d098d40dd2a3611382f66baabf5b4bbde70c5167a |
| SHA512 | b8425eb8d548226e06e6272eb77ab6ea54549f6897881122ea437521a13acd219ee63ad0af0bdc1a107adbdfbbf92b4fbd524b5b2813a5176366eb6f7ecaac1e |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe
| MD5 | 9c59ddbd6efb94149ccba07c086de145 |
| SHA1 | e2c98419b84e37c1c4a394b8ec6451072a1b8dc4 |
| SHA256 | dec84d95197eb2c166e8a47b085b02ec2d21dd7b2f0d657d832b4f38dd257e5c |
| SHA512 | 2355f97c7435734a675f1a25068f0a77fab08e29868c82b107813626ee8f705dedf63500bc6ee5e898451de147d9a0d999217385a42050f9a7ef071974b1809e |
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
| MD5 | d47ed8961782d9e27f359447fa86c266 |
| SHA1 | d37d3f962c8d302b18ec468b4abe94f792f72a3b |
| SHA256 | b1ec065f71cc40f400e006586d370997102860504fd643b235e8ed9f5607262a |
| SHA512 | 3e33f2cdf35024868b183449019de9278035e7966b342ba320a6c601b5629792cbb98a19850d4ca80b906c85d10e8503b0193794d1f1efa849fa33d26cff0669 |
C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
| MD5 | 82073e3d3eefc7fb8fa243a4c831b5e9 |
| SHA1 | b224632b7d1aa39c6157954da8b89a5c1fe75661 |
| SHA256 | 674b7f9b455c1e5880dd8176192aca1ff4c51f575d6241a1ba57d699b8b07a59 |
| SHA512 | ca8434dff0ead0067c93453cf19ababdd3d4bfcc1b4d894faf40cc1365792c4b30bfb7c5ab0caea17ef7a30b119e7161da04b8b22613edf689a287bea75ec8dd |
C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe
| MD5 | 648a2de249b93c97992bfa1b091378b7 |
| SHA1 | 8ebffecaabc9bd80da4ae8e543dfe2f195eec3e3 |
| SHA256 | 79cbe36f204b682248295dfc99ba1838b9b473d61c81b0b12811dea9c15e04f2 |
| SHA512 | cf4686f2a1efcfcbc87ea64a5a3621de725fea877855fd641bb34f0c898c17d07c6d8396b2e5e2075eaaf36c43060f0d71ec9711047dae56d317ba8e01a07ff3 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\java.exe
| MD5 | ec057eec99f4cbd59c76054da9636dc3 |
| SHA1 | d913e2da30bb62151fa8b438dfcf25b9e5adfe50 |
| SHA256 | 24438fd93235bad91ab49cb91607f5853770f3f5640daebd0e5433053338add1 |
| SHA512 | 3aeba75e4794bffc52197f077f4862555a091a73efdf98a22253d9c6785369e73c2c0247122b4da0523534a7d5491a3dee481ad589110e8a0fa1fecceff09731 |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaw.exe
| MD5 | 24aefd930cd0067bc1bec3a181d14570 |
| SHA1 | 218c007ee9e37224488dfb849c80f791902d78aa |
| SHA256 | 1fc7d0e532af4bd685206932715ccc46019e8333b57adf2e7417fdfa2d756ee9 |
| SHA512 | 8c9ffc265527391be4972c9d7620f00da4523f4834f9f4fe0ea79537c3f166c5f18d6cd9d5cd5444df2a420fbc1541fc78e29ae10d080413460c08c987dc80eb |
C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_86328\javaws.exe
| MD5 | 728747e82b337373a05772a52cfb2d9c |
| SHA1 | 3dbad154ba7298bcc16ec9c226f52718b778d8b5 |
| SHA256 | be1d040714fd32b9a3574d41fdfe407d1f87fdbbc568003ca06258d13d5c7b46 |
| SHA512 | 0f62926da147a65218a464d096b18c9514370f40b69fd658ad6e56cb5bc8c0f58513c1a55045cd7b805989f66b4572d30c883f42b250848c4054e8a4fd3152cb |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler.exe
| MD5 | e4351f1658eab89bbd70beb15598cf1c |
| SHA1 | e18fbfaee18211fd9e58461145306f9bc4f459ea |
| SHA256 | 4c783822b873188a9ced8bd4888e1736e3d4f51f6b3b7a62675b0dc85277e0eb |
| SHA512 | 57dbc6418011bcac298e122990b14ed1461c53b5f41cb4986d1d3bbbb516c764a7c205fc4da3722399fdb9122f28e4ec98f39d2af80d4b6a64d7bd7944d1c218 |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe
| MD5 | f8b5cdf263c438d3a7fd3c1bdcb6c3e2 |
| SHA1 | 882067795b016c2ceba87dd0aed8b232604dae87 |
| SHA256 | 3289b4d9951e9b50e615772159d3579925a90ba305cd9ce4f7fe0e1650795272 |
| SHA512 | f9623d69e0401ee5241bba9fd3c0014bb9a43ad3f7093066ac687b4f9c09b7cd1da872b17bc1f686af01715d4744c9a762e21d067354cc54d8b8b47802261f72 |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateBroker.exe
| MD5 | 14c6f18f8dbcd81cca8cf135a0dc12b8 |
| SHA1 | a80d4a5d1f6c0437dba4b47a345df4e585fe0466 |
| SHA256 | 7f8e3001edae97eb9ce987289a405ae22b9fe3e08709bce8ce999bb78b93a8bf |
| SHA512 | 18a2894973349131fece5ea1df043bc5a5c00de053a26f79b0cddc187b1049b2f1916b0771b8c3784db226d2f3a61bea38dfac395ca1dd335568b94d73336370 |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
| MD5 | 8f27ca0b1b4e1682bd8bdd253b6df0ca |
| SHA1 | eeb3ab1275bfb4f850f977036c0d6b5d8583dc68 |
| SHA256 | bbe1d5bba7e43de8f114db1cc1ac039ba583d68e98f62db15cd94060339c424f |
| SHA512 | 5c6489df9bde856f6d2e782d42d9f18702076ee9ea92197f0185e36be39085530247e0f07caa5b8dd89cf8bfa38ba81d6e00454ce2a63853c23d21355880ea44 |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateComRegisterShell64.exe
| MD5 | e41f64a9383686865e0ca65b74cd178c |
| SHA1 | 9fe8aa4c9b75451f33ddc6a9907fb6c6a5f01f25 |
| SHA256 | bc184bcc0d3c228f65e9918b8187386cc2df831966c24f65e1c58e55aba86ef8 |
| SHA512 | 3bfefe7242fbeca32b9619cc578d09d0717f02b0dbf39bee3ea17f3024d8a2239c8a81902720259fa5b220e1e7dfbc33a5eea40a3341e92a2ac6a3dbec00bb08 |
C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe
| MD5 | 632d22b27614dd7f5ef714207646dccb |
| SHA1 | 628c55f8cff3fb42903e4b4739ffd9ae0edd0374 |
| SHA256 | c7b7948c81a190f2d0139405779590e9cf745a05d606b41439b57ecc8ca07949 |
| SHA512 | 24ecffe5e8d7d06b57e8e7c2a15ab323850630008e018d6c07bbe701b8426124e8ed9008d9fa7045d63ad9e0badedf186233dbe682844e9d3a293f57ff2183be |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
| MD5 | f56016801a5b2519db6b6494fe7ce550 |
| SHA1 | 9d0ce2450c5159c6a8b1c31378ef1796761c4793 |
| SHA256 | e59d39f2567740c96310849df1e9656b804b60e64c5783e0aedce95508fb5d79 |
| SHA512 | f22ba79c36d513ced089b5e3a89fdc1e0caa3ab19265fcbf665e99c0575318a4d91682774c7252c8dc3adbb7ae02892ec7bbd9fa975e9d76b411dab4d430bf84 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\cookie_exporter.exe
| MD5 | 026c541324e53acd6dd7fa5990f515e7 |
| SHA1 | 031761f07d0b635f90dd976f5f8e09a4a5e19aa0 |
| SHA256 | 2468840dcaf48964b4fb38e0b7eaf75f6e9fcb4b39a3c9a518539111eb3cbd22 |
| SHA512 | 8188bc3a11afc42007501137cf7c220ac488175b75c9718ad65497a0ed4186bef2836a49eaa1fd2c9f63647d58e2dfb73d90a5249ac558b30b1f633adda32eed |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
| MD5 | 98b6e84301c2d5201e374e77a399d180 |
| SHA1 | 9dd33519a860c1b9704ec783d753f43667b43f54 |
| SHA256 | 7d995e16664532844897acae013f25c5df7142e933968a3259f799762f612356 |
| SHA512 | 4ce78a900d40f621690f6ab74a11ec211b446af529c4a20176476eb291efa25ef3f119ec49dfd722ae09f9be6f4b0e034d944a8e3edb72cda508a122f3ccceb3 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
| MD5 | f2c13e37d477a5ef7b0f0886afbed857 |
| SHA1 | 025587f7b15dab4e98503b7d703ac3b295af4b9e |
| SHA256 | 4f55e11b91801073662bd201d1352c873f5b4e7587bb883bcf03787b16a2d840 |
| SHA512 | 69856b7b7f9056173113ee08deccc9e47ba773796e0b848aaca303b4c5bc3b8524f3470db4a1294fc38cff9f3386c37565b56f50d14ea76642486fc15cbb91a1 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe.manifest
| MD5 | 69016e6a597d194701476b8e04d4e028 |
| SHA1 | 71a24ddb0c5bbd321d3f09d7b322c3655fb5e129 |
| SHA256 | 4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a |
| SHA512 | a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
| MD5 | d0e75d0400bbf386fb67b4e1a5364fe0 |
| SHA1 | 231758ef5410e4002ed73d9c03a254e350137c2b |
| SHA256 | 011eb322885c2d3bcb935c17e5127e17829b17a2bffda1a22d81c5ba54dc8b48 |
| SHA512 | 4c3db3350d08e867582106fd6619a066ebfe0b1a79aee740dc109089cdd5fa9f32d71a79a4efe1fa8d2167d8d8e03284ec4060f3f76c0ca4a72e41889dddd7c4 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe
| MD5 | 4c017b65739c067f2cff0caba00502f3 |
| SHA1 | 4ece75de62393153ad17f6f716da9cfdee5b8029 |
| SHA256 | 71ea8cb3470b133c0c72a3a1211baca143798e8e10494da6b42cefa2e07dacb5 |
| SHA512 | 59a3ee205928cbdf7096d598deff727b7308f1128a73e1bb6b7048b0c3fe701ca9aad27d47f7dcb08926c3adb5000587ac4f045755cecd74aaac45fa5992173d |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe
| MD5 | 0815b7c9f09f2839186360fd80fd9ae6 |
| SHA1 | ded66fd006f2737fc4751c740698c2bf1109030a |
| SHA256 | db9f8fe6161c5dbd66b5767de97c75d06d0e0874fd91c47c726efb6d771731f1 |
| SHA512 | bf009b0f91337b71beef48aef86f253847f34da08a3afa2963bb44e2fea61ac636dcd9480dcb3100d64f180b1f1c6cd5f9cce356d606dce11c2e67b3d6c4d59f |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe.sig
| MD5 | d8d0face111912e6dcc93f665bfa10ad |
| SHA1 | e171cc8b4abd73e2e6f9e0145e8e3d46e333133b |
| SHA256 | 5efe288bf88e3a66ead387ee327d7f2ae6637fa507e14271cd1c30024279945e |
| SHA512 | 2bedc86a79225d3c23067a042a219976a670ee164222cbde077edc2bf5618181eb5e26edf86946e2797016c5a87f3534e47dc4ac76d40487354a701ef77aa51a |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe
| MD5 | 56868dc18ca2a7b382a6f793d46f6c5f |
| SHA1 | b1e9cbcc325dc1a643a25a87a84bb858a783446c |
| SHA256 | 85e818b844c8a3a70141ea2c10afc9f3382486c06e5f757ee98475555e315c25 |
| SHA512 | c0b20c68b4075dcaed8f95fdc7644326e272cc4c258b1dd74c227d3acf4aa5169f8025899c44dba4caac5b8588491284b7999fdd59957f9c885a20ba7c9fcb42 |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe
| MD5 | 1edcbcbd17397bd9041dfb2ed6950f75 |
| SHA1 | 3f544d8b80974b6093bdac4c8c5a1f43ea3156f0 |
| SHA256 | 6df1d5bb9cf0afca524d204cc5eb6ff01b41031c4fbc5392da7b417892fd4d87 |
| SHA512 | f92b248ee772de87dc7e077d515e37a2ca4845a135b2c1481a0222a673297e65d8f8e9ea40e1dc1d580361616d5b4ee48b459fd7354334577087ad100004dd6d |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe
| MD5 | 27543bab17420af611ccc3029db9465a |
| SHA1 | f0f96fd53f9695737a3fa6145bc5a6ce58227966 |
| SHA256 | 75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c |
| SHA512 | a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\pwahelper.exe
| MD5 | c9d5dddfc861cc4d45299759c3bc4d28 |
| SHA1 | 265104cc490c6928ec1926fa34f9214d9395d46f |
| SHA256 | 321d1163fad8646d2dc9c9a2e168e66ca5727edf489a339dc156304e2455df7d |
| SHA512 | c8df5d807da6c4d44ecaa9bc8df3e50fb296eab8a8fbf2445af7dbdf1644fe6ece02c7b753fd8caf8d7d93f09b89a8b16d46409773f040eaa177be7c1d9c765e |
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Staging
| MD5 | 27418f9aeb0fae483bcf13272efe6310 |
| SHA1 | 9a28ce8233f1be05276f787e06f872f7dd49f8ed |
| SHA256 | e3c2af35d1dfc500e16f826a071cc311bf55003a3de77de7ea3376c6b6fa2857 |
| SHA512 | 35386ad7cb2b39b8d9dc94599e08bd68cc60e3a192090b511f1a2c99b3824b7f74949ed57494ea0e4ba32d25b2c6bdc30117687a5352ec96ca41b1a927ffa7f4 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
| MD5 | a811aa8f455e236eb8686ea524ae2029 |
| SHA1 | fd9cd190e4e37cf7dcec06c45f5de33527ba0c0c |
| SHA256 | cafe649446cd2a2bab51cc5503d5d72b971fd1cdfcf708de717b80de842ca135 |
| SHA512 | 8426ef1e7f60bb740094d8b6c50285ab2a2324fbfa2baf15b55450e6efee38299aadfe4482b0422ee6f6aa7ac6755d450449f66cad0b7ec090e5e97819a066b0 |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
| MD5 | 50c13d401a7c662621840ad0654877eb |
| SHA1 | 3756e23e23bf6f220b0f139c9065c5ac341f278a |
| SHA256 | 381984016155f597e7e2fc4dfbdfe2365fcabbfd97d15ff0ac6fe24201b7e7c4 |
| SHA512 | 834c68084124e5e000e71af1b87f2ac184afd92e576ef3368e8a2fd294c1c8d8a191de4b2b4b1fa66d7527349d548cdda78df48ffe40174ea16067df92deb4d8 |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdate.exe
| MD5 | c5c4ce70ed0f3e25c7b4c7979fd480c5 |
| SHA1 | 2a3154b51ff2d4d380b6c7556537da0399ac8063 |
| SHA256 | e964b449f06ce942fb84186b7ab20f0dd77471f75821fd7949009fd91c3d5168 |
| SHA512 | 7761eeff6708c49619eb9a5e14c7516ca16107939f7a3f2873091dc5629799ea4603324cae5869a6de5912858676340e429b8bbdf1382baac9761d748723ee97 |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateComRegisterShell64.exe
| MD5 | 639fc900adfa4162628d4656394c04c2 |
| SHA1 | 30560ccc02b816cd6089b82685b2802ff253fca5 |
| SHA256 | 8cf3e564a10b44277e6f6960fbe001403d9eb3a60dec9cae26bbcd7a84578690 |
| SHA512 | 974c40ff8c734b4ef09fa4c6d098c21cc0780b684743adbe1db422b2d54d2589a4e4a18f4c53dda8c883417bc42ec597aa99cd2f74170cfcd2b3bbb5146abf52 |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeComRegisterShellARM64.exe
| MD5 | b6d902c9b56f6769048a6776240b6b62 |
| SHA1 | 7e8c4204c4049d1085b0e667bde9877b884d5fca |
| SHA256 | f71e9f586bbdd78e11ff60335632cf6b084b3f1e5e0d8495024e82329a1d6198 |
| SHA512 | 45840202ebf543e18f9f0599c33cc83bbc3bc78358a4d3831251eeb3d72391dc7b8a49a79bf10fb63ce5f1638845c5309f85b8a3bf95f92abc83f5f5dbe7b656 |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateBroker.exe
| MD5 | c3e09356a54aacffc742ecb34decab8c |
| SHA1 | 3f9daa1b96b2c4373fd3d0608c77d75709a18758 |
| SHA256 | a5a9084ddc3dc6585694b2a7c37274da99601495ed69c1f059f0d4ae6d8fdf36 |
| SHA512 | 1f0aa7bd0a318ae591fc681f04e9d8a587caa0917ce251ace5a9e2395eeadf3921144a5fcd8c7ca6faf9a2d480f21a7383857ad415519ac81fe17da905e43765 |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe
| MD5 | f6d9f6dff3fc4ad493864323c8e77799 |
| SHA1 | e7dce19c30493dbfb7208690189594cbdea075a7 |
| SHA256 | ed010b7e9f097f6ee9e9bb3ec6e776113917b9106c5d8c41314f17cdc794ca37 |
| SHA512 | fde645928c768edbed122e3ab618d2e8f01249f08d45d02818964bb1f6aa4b30a4f2bc30a74cf4830efb7e42bf7d94c9145318343ec118c0804c6ad5408e103e |
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateCore.exe
| MD5 | 1e46495486fdeb5402c53cf0567992e3 |
| SHA1 | 9a00d784d8cda69ea87842814105c8853db48f8a |
| SHA256 | 2f0a579e27d9ccee1d1ae0e400cf9fa88c5fe201074218c4dee1b71700f53ef9 |
| SHA512 | c3399827ccbee6072dded2cc7c0d9961221c13e7016405ced6115fb4962eca36064fa8ab7e31a9a125150102ebbc214225964cc3a74bd47d5330e72030a114f6 |
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
| MD5 | c9752230ae2ca06c274cb3e2802a791a |
| SHA1 | 0a446c62a6a667b83daf56eb7e2f0000fec353e2 |
| SHA256 | 26cc3f8215587487b809508ea11f164cd4c82a2a68d35165180e05f20e7a2509 |
| SHA512 | 7e0db44d0923e615fb93c03db1d371b4fe0feb3692734c008f90ca1eb832f1f034438aae23a80de47bb349483ed854980d8189568f1c6f5796c8edaa48a1fd5d |
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
| MD5 | ae91d609f41c01512a760d2a48c537e3 |
| SHA1 | 3b43d719bdf38e8ba493897937d99d7b0582128c |
| SHA256 | ec9fade9478b126a77105e32fadf47b8d1cc6943e97393fb7900f1f142ff2d74 |
| SHA512 | 9247884f97caa9cc84bf46f18a97d56d85f26f14ecdf695ca57225ec9d925c84b8c48ac087f96cbd0664c36a6d54378b6d6e601f09b14326b34633f9634fa1d9 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\PackageManagementDscUtilities.strings.psd1
| MD5 | 5f3c20c13de3ac54a574e3dfec50a560 |
| SHA1 | ff983979d46433ed43e738f5c34c5340083cca11 |
| SHA256 | a6f6e59f677587238a2b472d2f214b1c95d61d86a7973cdd89a61e2c05ca7594 |
| SHA512 | 4caa9867ce2b6bb9abe419a9306d1e417a2da05d5af5624bd92f433872338f39d5b88cbb4d94efc34ff29ced991cb38ac531ff6b6bcd9f899bc7061c906f228a |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\MSFT_PackageManagement.schema.mfl
| MD5 | 125863dbbbb069fd535aaf5f8b17bfbe |
| SHA1 | ba601b96a414c6e3dddc42e6a0608ecf099e6310 |
| SHA256 | 424c38504d88d0f7b3691471d18b1a21141b9e31b1cee5dad278963613252480 |
| SHA512 | 18e068cfb976f972322e12fe755aa37a3f44fe79e2da094042f22f1a3b0a6328033e05a625f4faa2a373c654751ed1094f9c04d9411e86888448e367ded915d6 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.strings.psd1
| MD5 | 9cb17fa9b59645c7f574893b4565d2ab |
| SHA1 | 274e027aa39e24845fd11fcbf265523de44e69e9 |
| SHA256 | e2e70c766bc6c37a41a221b53a0e62ef616c8fbcf7a244c4863f6a74c06b8e64 |
| SHA512 | d28e543a9355274fecea9be5b1120fefea5e4652835e477cc9886527c0a67556582368618ef1ad98fc95a406541cb7541dc30451033a77b8c0f2011874b1a774 |
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\MSFT_PackageManagementSource.schema.mfl
| MD5 | 1fb20e4a02ba1ad84aca9d99fb1921cc |
| SHA1 | 169ea6ad71a5c4f4d8312668259ffb793e6cac0d |
| SHA256 | 1c55f2acd075736d1fccd0e7bca9292072d933e2811b8e042c172e9e7f112f39 |
| SHA512 | 3516ca18f6f5b64fdb2de80c950d114b2c5d979c24764cad4328411eca14c47c4758816bce45c3a691adaef50fdeeef64ca51a7ce603aa5ac11bd308a9166621 |
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe
| MD5 | 74b21006a8cf4e783c8a8193290d97e8 |
| SHA1 | 16523f9ec69dcb25ffaf20b404310513a61eb0a2 |
| SHA256 | ac075d5a359d8cff0aacef8220b69c540180c38606a614e101d9ebac18c66a4f |
| SHA512 | 355bd26c1f01d18493a8c1460250b2c90dc5317e8b01b2b4e7413292329fd995c50cc4dfff44552113377d039aeb9f6dd4d8ea27c303ed973ec6c420c4b84a33 |
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\F283FAB0-91F5-4AC3-9894-058F553F83EA\en-us.16\s641033.hash
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
| MD5 | 918d93fe7beb2b4ea5106f8bfe94096d |
| SHA1 | 48246b02f599915e7d9a8869ae284b1352327457 |
| SHA256 | be648998af4b1ba63970b884d9f0d9cdafb60ef2d961074f9198e41c50a6b6c4 |
| SHA512 | 8a8ce1c4affcc8459379809bb685702ed8393bed6af8fa4430b456cb67264dab41049c4ca20fb93c8fe36741a8586d79d0e17335d0ee2d43eb26b7848b62a052 |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml
| MD5 | 234c58fcbf2775edbfda910d2e0cb945 |
| SHA1 | 16314a6f5604aab01e76d5e7f7794b40c23a4785 |
| SHA256 | 68193f3f98611b2aa42be4d2995b0b9a2465277c7520231324a08460639a41a5 |
| SHA512 | fddd87a902c108de1d986dc6e4fa7347e3908076d1ec3f64b19602d3a2318ad5ee0a1d46599ba860dec61843c2954d3cc9e91aac9718a82d1043e32b3dfb6bdd |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\a1dcd310-8568-c1a4-47c2-5c1bbb51b0e3.xml
| MD5 | 703493f4417c30ed1e1856d3628945a4 |
| SHA1 | c8da0fdf2d0580a739f0d11a4322131581b67f77 |
| SHA256 | 7c23b4ec3b42f260dfffadaf7d59a0efcc8f6547149b45907b1fc5242a4e6c2e |
| SHA512 | 2876029ed71708e31bce2871dc62820c6684a16be26802560341a07dac9394095d7b672ccdfb65bcae8177539c4f20cf4e8b8b8e892fd117f21cebd3632275a4 |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml
| MD5 | af98b62b3f9d6e70c082f05969c0d2b3 |
| SHA1 | 2a78fe6ace36668a1505ce949dd5415cf172590b |
| SHA256 | 77544451f210250b90637e7ecfebfc0ce00398ef964a2d46f1b92adf4d6f97a2 |
| SHA512 | 6a8d54bbaa9d6f04de832a60fed8f471eaf38bce9f95942d2fa84dba035739b65cc4fbe58904a7d2220af89d735b96be1bb6aa43aedecb83afba6c4d3be20850 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | a781800433def8446b0b631e3b7db830 |
| SHA1 | 1ce441e9a4a9da03c5eed0a979b68f7c6961cac6 |
| SHA256 | e49020dbff46224343726fa09eed56fd05a11beeb0ccccc53c40a8a5d3d57959 |
| SHA512 | 168ca24668d05613aa129a81a9b38b902bbf76aed988facf67df25c15392d002832ab19fb19a3e6e0804490886dfd57f0c5c7acc233d75b056aba737ac4e6026 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | d85c0f88d320255dd342edfdbc42cf70 |
| SHA1 | 1cfa2795a91f4f0e783e5c95406ff265929a0719 |
| SHA256 | e2879ada105a738a7c4cfea07875c2365073cafb12b083fb36859518c06a66cb |
| SHA512 | 85f51574e6ac067193eb346f7868fe7bdcd8ecff6faed193d153afdbe7fbe67ba264703a2cae781e177d81093205b83ee6351ba324178cdd895559874e666b3e |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | 85f64c93f20f9d631ac170eef14b3b50 |
| SHA1 | a2a68471f349a69c673cb6dbd389fcf18d9410c7 |
| SHA256 | cf1d7ebb568aada6166595241aeeb1dd04120ec911402155286e5eef808929cb |
| SHA512 | 19bf775484d9062636bda8bc036dd50b36f6f5b18c9f8eca30e16d8d9711fd8904211c3872c25b753df49c15df9b5e3e85281ade4924afeb1c96755a5587255a |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | f24f4503e4aeb32e479b3f908b050cdb |
| SHA1 | 9c70778a4c5b544d6754182469ed89560c6c77f6 |
| SHA256 | cb9692ed8b4b7615f50b39afc8b86885ff4d0f2b9452a3a8cd8546e2d163c63e |
| SHA512 | 2592b75eb1ce7953326cf9f727583b77fa13268f3fcc90b11c2d231760aac66f6f10af1138d30ed73ed5a0b01e9481ac26591d045edbbe6ca1794115527deb62 |
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
| MD5 | 87d817bb0754d49365b3a34d4042f727 |
| SHA1 | ae59cdada6ce8bceb203f96af10a0526d6d34838 |
| SHA256 | 0e828965faad7726d4872a622dab5eee02751f922b774bfbf54eca954e79a7f0 |
| SHA512 | dc5e0b4504a1cff2ee616fca90d919b20dee2686e24a4f4bf029f6babeb409ee3832d5238bc725206cdb3057676074a563e5ce665f04c3f491524b02c0736379 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
| MD5 | 8ce753fd57824b2ad2257fdd5f5fa351 |
| SHA1 | e3c94558cfed2d11be6e56b66f817174bff5a47c |
| SHA256 | e559acb88af6e944565551c912c89ba6f5394db4aab32832c7c1b748d9142f5e |
| SHA512 | 1543e969bf72d6580211b89d5d291d6bbd2f3f362c6ae9b3d7b60a82876507b720bb0d8fb98fd352810826b6b087095341cc10a362a53057a6ab60f2b42ebc39 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
| MD5 | 8776c367699ad807af292f1f5d085d4c |
| SHA1 | 9209e352bf9d3999f94881a75d6f7d39bc6d7f77 |
| SHA256 | 18b602cdbb7656129a359046fc68faf1b990da88c6c3b3e6b20c1df399cc0645 |
| SHA512 | 83a17d98d175a122fe98cf89c476826769d8fae0d74dc93c8fe48d12089e26bfd501a586db3783a03e1bfe07864ebec2a6b5a48415554c61cd565131ed40a9e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\dasherSettingSchema.json
| MD5 | 310614b10980392ebdb5a5a8b90b527c |
| SHA1 | 8c8fb36e7c2a1574cde7fdea30e8e5f14fad7691 |
| SHA256 | 445c811c35e2fbd4aa59389ec805492c7b2db50d65f5d161417ce8302b103fbe |
| SHA512 | 416650adf9a61cbbb6eff7af635264e5bdde903477465cce05b63773927b8afb35e75fb68497882bce7778f524b9c7f3f2befcfe3840e99bff90ccd305bac66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENT
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.78.1_0\_locales\hr\messages.json
| MD5 | 798b4a7c5a9f20d24f36ba8daf7b8f70 |
| SHA1 | 0f007b82783ddea5da7374c96925b77a7fe9f57f |
| SHA256 | e5cbc8e3a6e843009fc9a9de7a83df9d05532e08d48da06c66f907f58d0c745e |
| SHA512 | e3faa4376d03dad6cd714dee6349733abe29d0c2118456f80bcc4c758015b12a06b4ec6532a6e98d512f5c6dec7a7ade5c1d2a418db0f739ed17f18c0cd6b54b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
| MD5 | 7d3165882b27dc69918cc2de97baab96 |
| SHA1 | 4970307efcbff0c15053a742d6db65c4528d4308 |
| SHA256 | 5cdcd733b8b630509bac08589db291ddbde33d79f64664cb9582e66589555257 |
| SHA512 | 2be106c204c36cdd721247bf95eff0f8137b67b3509598719fff28a54dab7cee596796bd356e0a31492cd3bf4ed87b5b555ec82da8a11c0f967a4c15766de28e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\192.png
| MD5 | fb2c9147b4c08176906fcbbf37050af5 |
| SHA1 | 5713791d2f134bce1867efe52df57fd8aaac3ab7 |
| SHA256 | a469add28a869f891a4a0ba4bf6cb716c4202c06e439d51b29280a6693ba93e7 |
| SHA512 | f4da8ad6192fd9777480e279362c78cdb8b5695fe0d457cda9f9002010c90bf160c7c90e0c83526eed4e154302b6501e24cf1f5bb52fedb470583a4fee5c0ed6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png
| MD5 | 0f343b0931126a20f133d67c2b018a3b |
| SHA1 | 60cacbf3d72e1e7834203da608037b1bf83b40e8 |
| SHA256 | 5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef |
| SHA512 | 8efb4f73c5655351c444eb109230c556d39e2c7624e9c11abc9e3fb4b9b9254218cc5085b454a9698d085cfa92198491f07a723be4574adc70617b73eb0b6461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons\32.png
| MD5 | 2b0e63420f5cae3932461d8c74a9e788 |
| SHA1 | d19b5095d30f9f01f09864c26386dc5b911ecd55 |
| SHA256 | 42345ab2147d5dd09780b2e286347110011a769f122210e7b9e9c2249036f15f |
| SHA512 | 11a25eb4cba596d1b203bb88e2b69231c8f8ee59786ea335a66ca77dcfbc36ebb8a9b4e957b992c3ed38f58d1ef8c7c606d8a16dc84f8220cf517999b4f7577a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b203621a65475445e6fcdca717c667b5 |
| SHA1 | c17fd92682ca5b304ac71074b558dda9e8eb4d66 |
| SHA256 | 17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1 |
| SHA512 | ed68f5f49945dcd0d81dfebe2f2fd1fcfe016807d5c64ee0377d046efeb0a7fd9b4b9589b3df8a14194d51dcffbd89c8aaa072cea2ad4e7976bdf53528ea90cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | f00346db02cfcc5b1f056a794009ffeb |
| SHA1 | 2c92a7ff0452ac3f4cc6748d34369a99f8e7e0d5 |
| SHA256 | e00f7afdb63013b706018c55b783bffedd850f191f9a3184e9b896b498077e76 |
| SHA512 | fd9e503c4d165c402077dbbc3cba76554fa0c02534fe68634d22c10e885aa2cf0b59e96beb6bc615953f70dce2921821b881b6540679297bfc1dd0e9364844bd |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin
| MD5 | 1595ed4372d33dbecabbfd411c6c8f46 |
| SHA1 | 8b8ba962b765110f762f873edbc3193adef48b33 |
| SHA256 | 8f6abb9e202dd8027ac9abbd475a24e62659a0b2683613f219c21d1238816ed7 |
| SHA512 | e0017291c0d0685ede7a6492c2683a90b37482d21037840ab3e2cef4ed381bbffa8c31ef3c8d06db0a800eff69ba4505012886f88a911997657b3f26284142f1 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000093.bin
| MD5 | 97d6d52a254a9cbd2bad939ce1926af8 |
| SHA1 | 15a64b0f07658da802cb0bdd43c9c6f2df2f0af9 |
| SHA256 | bbfa41253ad301a1cd9c7f6321bff365068178f26cd84e8afb127fb4001bc4be |
| SHA512 | 98e76665962acd459228cb9635d95bb37c6e538eca7ae50107c665c93be334b907178f87749b3a4f33db34152b9d9035163fe2429306eb3ac45ee539e242c3da |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\header
| MD5 | ac3b5a19643ee5816a1df17f2fadaae3 |
| SHA1 | 0d0e47938f6e00166e7352732ddfb7c610f44db2 |
| SHA256 | 834a709ba2534ebe3ee1397fd4f7bd288b2acc1d20a08d6c862dcd99b6f04400 |
| SHA512 | 5ec97cc048a3cb5da03093bc6d2b63cf5252abab6a72b24214ff885c062f58dc43c6cc05c0dc428a1a4e4b95ea84140a8883d81795416281b4ac4fd52290e0a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini
| MD5 | 897208d5df122e307ab837d982b2c085 |
| SHA1 | cf4ca14a7adcbc197cd84c1997efdd076911d608 |
| SHA256 | eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4 |
| SHA512 | b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\530HAD4Y\Windows[4].json
| MD5 | b30256abadd6af8badbcc07d790003fe |
| SHA1 | 3648553e655f8c752b6ae8f287a8bc88f1dd85ea |
| SHA256 | 90965c341840ec297f47e6b77a04dec7b3aad5fe2ee05b5237bc8db14d1daa67 |
| SHA512 | 49eeb1587bd07267ce70398b0793a03906c8fe1270518f2643182b6aac05fb6246467a33c1acc35ee488e482a1dcf29525bcfbe221511abc483b9638535f6e61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
| MD5 | 61d2c715839bcfa06ce4d23dd84e7457 |
| SHA1 | cdb61e6100ac4882ba4863875f63e38b8b804ddc |
| SHA256 | 1f9ec15f6ff239e14a3a243a98f19ae7db16d425a63b2da0908cc0ffcb1258e7 |
| SHA512 | cb6577068e0b746a0ff0148238fd5be9e02e4ff6218fc21d78194a06ebd3f54aa12a1a9b80a4cc9a9f66f72f49eb875eb367b344f674807af11373770f75d952 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\safebrowsing\content-track-digest256.sbstore
| MD5 | 0f4a36c4a3ee08de2cb188696ee51696 |
| SHA1 | 7fe50a4d03657c96c699ad893c375377891bb78f |
| SHA256 | 117985087e92cba0e8fdd6b35599d4ef451dda3ed40c865cad00b01708721666 |
| SHA512 | fa96916ea3ba40cf51740fa546e51ce05b32fe8f0aa564bd46a6466164750799415d9980c3dd40b9aed9c0c126418be53c2142fd84a90be85cb3dd5b610e6d2d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\6501008900\tinytile.png
| MD5 | 535ee7f4b7959a29e1d1be5a67e00334 |
| SHA1 | c8b3bcb1c1fbf79c59a847510d884da10dc62f19 |
| SHA256 | 46dcb7a9e7bde1f57e5ed2eef9257d2d0ad622c1b3da32700f6d9e2ec4a0e287 |
| SHA512 | b0f9d39cb8200c35c564053454dc9fc67e68140861255f77dbe63679375ff3f892426109e95633fcf6e285b9547d890d1281d8ae4ef97cfb78433608961934b4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\202914\eventbeacons.dat
| MD5 | 9081505b52708b1cf5f639883942d813 |
| SHA1 | 1efd3054cc8a59abfc3e52f5aa5702c8fb18b0d5 |
| SHA256 | 5cad8b3db8fbb29e0cabbd785e1e3449ebcd5b04544cde14c93812a93860cc47 |
| SHA512 | 23b0249a981614c2ac604fa68be9876919513ebddff84aa08e98f05495531f0c4ff7f1dcf19e2b7d9b6040c65e96dc3c210a695f66b20c25b020461cb9c116d0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{4f6024a1-3c2b-4570-832f-7205146cf6a5}\0.2.filtertrie.intermediate.txt
| MD5 | ca9c491ac66b2c62500882e93f3719a8 |
| SHA1 | a10909c2cdcaf5adb7e6b092a4faba558b62bd96 |
| SHA256 | 8855508aade16ec573d21e6a485dfd0a7624085c1a14b5ecdd6485de0c6839a4 |
| SHA512 | 65faa9d920e0e9cff43fc3f30ab02ba2e8cf6f4643b58f7c1e64583fbec8a268e677b0ec4d54406e748becb53fda210f5d4f39cf2a5014b1ca496b0805182649 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
| MD5 | 4f00b32a70c5d829f8199614fe56af64 |
| SHA1 | ff2afa238f88ce8cdb4430fe578c58823cd6d752 |
| SHA256 | e3833793f7412667cdbe15693f5dc4994934d1a6695392f8bebb74f985658256 |
| SHA512 | 6ca12db615454c1b842040e5047ab24906d372b15b547653553d39ebd18cf4f90a360c5032e415d00ba313cb27def27aa8eb7e94ae3d86fefcd856b693f0c6aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_D53C01423A36DBCEB0BB7256A7DA6D8C
| MD5 | a75d7d422fd00bf31208b013e74d8394 |
| SHA1 | 3d59f8de55a42cc13fb2ebda6de3a5193f2ee561 |
| SHA256 | 7a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5 |
| SHA512 | af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | fc91658bb81ea407fd37a59d65f0d86e |
| SHA1 | 6cb269ab1a592dfd2039dc8c50c00b86af94d3e6 |
| SHA256 | 4bafbcbc4cbbda94d0a315a09176de0ce6872cf1d85113539a7b04ff2360efa1 |
| SHA512 | c5b8832097ab5e74a0c31cc243c98c6a2b9734da4eb6e25cfc28070529ff4b6d77de1e97388f188f00148cd8db32f3ea62dc86aa841d47e25da8d8dd2267061e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | f7aa819535e83034f3bb522cc8c6da75 |
| SHA1 | ee55ab6faa73b61b68bc3d5628d95f0d3c528e2a |
| SHA256 | 90558d1e3a0ecb9febbb4d7abe8e9281bef8ad0e2a42fee83d3d837eb74b7f3a |
| SHA512 | 38f12c5292b494c9ee2f3436c1d939ab46bac1514b54f36b0bf27f2ca03affc1c62582daff38bea77fde5608c501c18f52ce116673b17394f022e0e92b23e4c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 80be6efdf5a776659777bf07d4aff891 |
| SHA1 | 1f98e7ba8de8c6b39f4b202739ca71fa2629fd6d |
| SHA256 | 9ebc694d4895efc802ea27714a71986f293edf4b63e9918c27d65871b06f43a9 |
| SHA512 | 03a5434f25209a74a0abc6045c66a45e098d487227cab71004363c8c823840b49596857e8f757f42b8953f9bc2066209b1e8f52104d1837705828cb2676119cc |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1705699165-553239100-4129523827-1000\0f5007522459c86e95ffcc62f32308f1_26cbe02e-c538-45f2-be7b-5c1ca47e55b2
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini
| MD5 | 6e36ba0fe61f7c6334305d61299c04cf |
| SHA1 | 646aaf623a9b65f3054571ba8680342cf02b6225 |
| SHA256 | 367467f43d580c3c07040a78c7890ae4262dad4778878f9a49d5f652c81689a5 |
| SHA512 | ee5d694d66bb3ee0d55129c96c83116e7af28b6838854d110cafe9dcb530fc05ef8b97469d7fe0c864481298fba5008c97eb2b503e90b58b1e33f8856cb132d2 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk
| MD5 | 45de417378735f7d0d1d3c3148dc6d00 |
| SHA1 | 3295b1605ccb0910148b618c52b4d0c17fbf0a9f |
| SHA256 | 43782c4d9b63da7cfe64f6a9a06a6cf8007d2a793b8a5f94c9b962bb5cb25b0d |
| SHA512 | 23ee803d8a1619d5d5a3dcbdea08175b3a6dca7a29a9d37f37342bad73ad4ee383b68ebd237099cab565699150f90cfd9014aa35e2fa09a6cabc0fa6fcae9c04 |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
| MD5 | 7a4228aa2003a72a296e741bfa8246f7 |
| SHA1 | e94ca8cb43d671cdc3ed759980bfbaf73cf4c6f8 |
| SHA256 | 462fa5c6568794276673c9159500918afddf8f170e580fd1f3d483c48934b050 |
| SHA512 | ed66dc35762f661f760eaf0feb82e22c823f11e552c9f938748a8b158ecf0828f40d48afc4d5cc07122f41a13e7b322950b9f156808b125bc7a1ae19e066d304 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk
| MD5 | 35705a33e80294bdc078f5582784f4fa |
| SHA1 | 3b8d2bc3650098d604e3363fdc41e9bfc2f4609e |
| SHA256 | d0e438519a8e2075e13430b66debeb7204e5e8ab41fb24eaab20db0bdb66d835 |
| SHA512 | e560c350940f15a8d5c5187ed833190cdef9e4862e8f06dde9b0204ad1a0decb9adaadd27c4b7015ea5e7fabe7d7a63538ba72def9997e56300cc8ddc4249061 |
C:\Users\Public\Libraries\RecordedTV.library-ms
| MD5 | a9d5728f9b0e997753288b3a140c5335 |
| SHA1 | a44e9168f2e351f3ad4ee2f7c0e0037d64f65066 |
| SHA256 | 84ba348aafb41879cfa434256c8657baff00a9bf41d5ebe041b0ef87e7419f28 |
| SHA512 | 13380300950d351ffb3256e3b65f6dcfda8c52dcedf6627e10ef231925e45b178d173e7a24406bdef42949f9919326e7abf8a9101e2fee0127c578a46a1df294 |
C:\info.hta
| MD5 | 2564f5cd69d8f4a49e8e3fa344e58d9f |
| SHA1 | d97e559f41be6c5fdabfdb28ce0892cc97576ab3 |
| SHA256 | 91a9898e152c54ddac9c118060d4d018ef8ce0dce601bb978949a557df98922c |
| SHA512 | 96942a6ab75959fbd98b6e802ad46fbd6b6ccf48037e38e05a6172eace7c390ebe8bde839fb8adccfeabf567df5aad0f67c1708cd2369758788ce92eb3b6c6f6 |