Malware Analysis Report

2024-12-07 10:03

Sample ID 241114-c42yhatcpa
Target 753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe
SHA256 753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0
Tags
credential_access discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0

Threat Level: Likely malicious

The file 753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery ransomware spyware stealer

Renames multiple (8585) files with added filename extension

Renames multiple (7750) files with added filename extension

Drops startup file

Credentials from Password Stores: Windows Credential Manager

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in Program Files directory

Browser Information Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:38

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

win7-20240903-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe"

Signatures

Renames multiple (8585) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YLJ4V77F\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\RM4QEUM4\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\HE9LBEC2\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\QJELLEL3\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\MSB1XTOR.DLL C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectStatusIconsMask.bmp C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\UCT C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions_Response.css C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Australia\Darwin C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\AppConfigurationInternal.zip C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\CALNDR98.POC C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\it-IT\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02439_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Urban.thmx C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\AD.DPV C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\People\COUGH.WAV C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGSIDEBR.DPV C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Games\More Games\it-IT\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\skins\default.vlt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OSPP.HTM C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\es-ES\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\ja-JP\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\viewSelectionChanged.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00998_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR30B.GIF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\AppConfig.zip C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0178639.JPG C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Origin.xml C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\LightSpirit.css C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSHY7FR.DLL C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE04050_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02736U.BMP C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02134_.GIF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Slipstream.xml C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\MSB1ESEN.ITS C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02009_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SoftBlue\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe

"C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt

MD5 42a549a0d81666924802245ca0a52c05
SHA1 932c0eb3f548644ce4c678863b19ed377218fa9b
SHA256 6597ec6561cad9f8a36d8230d30c9bbe5bc8e8495cce34b0c2deae1d7f5034e8
SHA512 494d4890e5b89c0439cad0ac3b51e80e8077efd876cebe84122d4c4552b966dae617fca8d5c3de7a57d49ccdbb10ada14d12b3417cd5bae4db5af376b78a726f

C:\Program Files\Java\jdk1.7.0_80\db\bin\ij

MD5 8d77c4e32561863280092465cc58687d
SHA1 0edc4e2b2dba814a5294009123790b476058d005
SHA256 c203ad9066e6b3e8a40c65315d22425c4c77fb86e91fdb2e00d9e1a160755aac
SHA512 bc3be0c8b3cb9413c7c08f09a8c2e716145b1bc7f0083b7cbbdcb9cd432935c9a7253c3256e9dfc16ee3f389c5ed66aee06025c9d67b2ad63aa9b4c7745f259e

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 ffb99e689d55a590f68703234dd59a1c
SHA1 ccadf58928b579632ded3f8bd0dd4b7583ba2066
SHA256 e8c788540f973d7e2dfe3357cff8af1fc89afd274338613d05d16db071ae0717
SHA512 a39b0eb6e5eb95b556145c6ec0c760c7a008b27edb4c8f7ca9f0ce8272c444bed409dfcdcc19d42146af750cadc69152823876da36d155999f8ad1ab9313f218

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.NBA

MD5 b961a788aa13e0d615ebe2281fec4a12
SHA1 b8854fdede1c712052b3d5b3584a17f6eb86e683
SHA256 8bb5eaaa567054fedc570df1eb598fd3dc0bb79c8ede636135d1717b2e08147c
SHA512 a9d59d8d300b47fad4fd111533ef05f0847a54bcc0190716d18104426ca5689e8cf456d4db6c18af36f05484632058af30a00887c7740f7608fc0ead79b73e1f

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 aa807a30e6c22d4f32b25608635f13c9
SHA1 aab5790dc02c1ed950469ebca27226e42f1ba38f
SHA256 55c88ebb84d1956f83bff328cb358e191c6af894c98a7830a3e9534afd2aaeb2
SHA512 421976c99dcdee0e7299fabf1bd8a98a22eb0e57f876a8032444af59dd212c8e3d5d15a0ba0ad78b96cd1cfdef1ea27de346a41bfe7e8c9ef003d50078dbb765

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 a6d7daa22637c64f05fb0cecfae30c7f
SHA1 485403ee2f3fc9ab62c1f2181a31d223047403ac
SHA256 32eb8bdbdebd6f706c144b6c2a9534c5638e6b3246fe673cdcce8f927984f2d8
SHA512 7f3acff37a6d4d53e39fb783be558701c1a6562af7d6a1935abf1f9b697dc3dec9548aaef8aad4999a118c498dff1619dfdaf87ebe440a2a284a47ee1e9b6be1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 a5bf87cfc448d357e72b409e6514cb72
SHA1 eca27923ea215102f64af90a1c31823d36976300
SHA256 ac28943601d5454dd60c7a8e7b96185a771df9876624d1e132bb74dca231270c
SHA512 7d2406e40c2f6221ee3574ab6eedf882a66038d4273df91debabef23daf248db9fe5b99ce91a33d0fb42df9be423fd3573182f631d374bccaf7da99a605e43e1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 e1d3ab702c654d389e87956d3925f3ac
SHA1 fb7bcd3820860e1f44344db8bfa2bb5bdb487ec0
SHA256 cb9d0b842054a8bb3a48b97fcf4d11fb8efe063d1bff7a37a2203ca86ffc373f
SHA512 9481a3fb7ade0e468e41e53abf07cb8a7cfedd2ee6dc109490c19d0b1b0f0cda7adf7118b99158e848e290b38d2aaf7b567ba46a12eecea6c5563d4195099b08

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 c8d9599d3facae4e156739b2b471b0af
SHA1 45136bebe04beb342d7022d7daed7ebfc5450696
SHA256 cd62cd63abe65f575b9f62b24018e19d60ae27d614ee179d531b4d9bea772315
SHA512 2617ee312c13aa2af7c43e893e601262123fc712a8d57fe73964b9828b50fb70c09f34d1fb1b8c1a7dc3bdc93d754213e5324f871a8448318953f53df6b6d29d

memory/2496-3568-0x000000013FB20000-0x000000013FC14000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 759fdee6c72d708657f75c2a3257dca7
SHA1 b6f2a12d02c91edc0371b57c8756ecd042e8dd9a
SHA256 71b0073aaa488cc3bb75ba146ebe44eb48db001972c998ec648533b651b1800d
SHA512 49854596ddcc26044a874f5d7dd497584bcd0bec7a6fc744009776adab67e0fecfe76259afdb19b3ee188ef76dd631dceecf758294aa05f07bf2abe11124575d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html

MD5 ace7bd5f27777f447fbb7947507fa5e9
SHA1 92376378442f6fc55dbf2524a5161e984df1f046
SHA256 eb4f3aaa4f0f3897bc7203b87cf9aa80ea17cb5f2e673883c99adc3b077ce171
SHA512 103d418351abbd0549cefc3d89986f694d51f52cbcb2526901b51c0d06cee5eb15e6eacc5d3455616ef55a798a3c2e52fa14685a44507e6f420136cd067738e1

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html

MD5 bb0addf47ffe07f53ad2fa36da4f6401
SHA1 5c03be73a99e1cbbd42adbb8c7dc191342dd5141
SHA256 a9d8b15666e9cfc04118a6d49cdb46119ecf926a519603c97d048de118851003
SHA512 975fbbc29fbf1fe9d821340e12428895b3cb6e9714fb640d5ce574d7180e5327bc8af77da5baae49e217d7f892ecd6f12379d560e2ec5934d392c15adfe185a0

C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 97e2e447d7096d12134fe45b10bf5f2d
SHA1 23b3c5a145ae737a956687d51d6c9585505c7796
SHA256 37cfa7acebc35bcc4cc73e3a391aa0369a0128bfd39bdb24e6424cb28f2ddd9b
SHA512 2f83ada1c88c091211f23f712acc5efa2a333c599a17f7c9ab9cf4e6e408c7424a4c8ede9ce74da01fa52c83c35b33fe178f6915591bd78bf73b6736f669920b

C:\Program Files\Java\jre7\lib\zi\Etc\UTC

MD5 3f92b9fb4fcf4e5d8061355451f5a873
SHA1 e639dc3c0afb2565a0d2967faddafd67d23af336
SHA256 dde57f7efb7904f777259f51906cd55a36fa356eea86bf116355e8b5b285a636
SHA512 3fd6d95a16dcdf3efa29ac0a3b14e25c3f50e584d3a2f6c290fc892f4c3da2686d86d4cccc094c8d438469800f6bd0e154c0e8af5fc34b856a1bdab89bb1221a

C:\Program Files\Java\jre7\lib\zi\SystemV\EST5

MD5 96521b69dd363ee13a083a4726c85dbc
SHA1 81b03c828392a96e05872342e4e4e0eca026a778
SHA256 2baa7742b70e196ceee102df2b133056f540b011759a04a36e976c0e4fcc036f
SHA512 ba4cc5e24e5cf9c2e08cce202229017116961ceea95ff67fde81cbbc3400193afb4f64070e04080969b8996122608358634c99ed71996536e64584fcc5ecc103

C:\Program Files\Java\jre7\lib\zi\SystemV\HST10

MD5 01fa5e5fde58b29786f0e5a94a4d1d8c
SHA1 0897bff8b2d61fe89e20eba74bbc894d4ae1f530
SHA256 252a85d5df5ee4083fdccb3823c0696bc6e6e3544b241835b240bfa3e50a0f12
SHA512 450363b33af1e17e4bbd81c14e6d5771d4bc979d79c09eb7efd1cb2c3649f723ec8336106935c070345e7e8b7a585b2787572b91282b6be9a9a5bfd2c8b79b2f

C:\Program Files\Java\jre7\lib\zi\SystemV\MST7

MD5 ac4c6cd25f031c74b52d5687397dfda9
SHA1 7a8b09822ca150f75f51f5c7e17dee67367aac87
SHA256 6d4ea3ad64edc962fbefc1e79725c0f9788cfd01424ec92a3cb2f438565fca4f
SHA512 1a3694200082028f01d1df11f9236f5fbe4a12ce4a3b5efe01549d133277dd9073ae5e06e3fc606c68154563a782fe084656248bb08e878d647d4a6ac864522d

C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo

MD5 1a16cdde712d16c54087324eb5c2ac37
SHA1 c9b143692fedf09d8786da923eb578cdb99fa5d2
SHA256 b5186cd10c9ebe3b785f8eae41a87dfacdbf297762b772f06874dea38782a0b6
SHA512 c0c7d7fbc35403bc319733c5acc32655360c55e17359e3cae67d22f9c3ae53c2024bc1a23df2aed23b1d615abeb33a1945de4f05ed74eac98160a02a60bc3f21

memory/2496-7046-0x000000013FB20000-0x000000013FC14000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT

MD5 0c4b3fa8fb27e15cd3c5c320716d82f5
SHA1 49933f5f4ce40a93154bc68f6901a8eab8b009fc
SHA256 8fc582af36f6aeef638ce18920da0eed57c13ccb8535cef37f0089bd1edbc557
SHA512 ae05460ccf42f91fac891061c3dac023ef16afde151d64c5baee2fd8c7c1f98e1abc54b0bdd372a39c1af124b076118fb11ab06910e0e28f816f5bca424a9c7f

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt

MD5 8f39fa67b89f126df571e353ee3e238d
SHA1 5e7928e0bd328beca7dcde3ef30a19809b1ee04c
SHA256 40328b776404666834d7ae1c45a1e0be27d618c7ab4013e314823f2a2ed9e677
SHA512 303d2841e17c71dc30e5dfc97e457f2794cd2801d80da9a80ab09e6c8b62987e6801d156a114bff98e5d5e76da4982ca4bc52e0f9048d9c4b0e8530122489c6e

memory/2496-9995-0x000000013FB20000-0x000000013FC14000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 2da419fb2938e5a730c037c39193eacb
SHA1 8c5073dc60bd4ecb6e20543268232f6107c79be0
SHA256 df62a0e1e544760aab10b5e57c1b35e6c73d4a4eed5d691c70c66fab465dd0f8
SHA512 e24ca1a15aed9849a6a3e6bff3663c286802ec11dadc632cb32638f46cf34f896dbcd09d46b03bed9e795e00ae60814b1cd19fee24b8375e2bc80c3532492a92

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 ffe9092e9ea03d907fa72091f8286457
SHA1 639e6ebca8013fc9b45ef586f1e9fe414a9c2b28
SHA256 8ed6c1fc18020365ad6ab663cfe2447b056d159559e5d6105a9b1b124735fb27
SHA512 486bcc77557453463a478a91b7c351ae77d1cc1ab0c3c0feba73ebb3f2eef0bf3a9520051a8c0d55e307a58905fd482238b2e755fdc82cbdb699a10b51f58ce8

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 8e0c2b18d3fe5c39702860e8187605d0
SHA1 d7db05e6761f08eceaba96fec55f14c5e78b13f7
SHA256 730186ccf2596c615d42875b2c0a6997ec6b33e11f2cbf75af367225cd0dcc9d
SHA512 141b6d141e1d86d6b9a33f4102108b0122aff0c3984640ef3bb2d70645febda909abfbee402b77eedcc5de3dd2f6571b0089ab1901c2e4d25a80bf364974157d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 73c43d61d008bf27a07e1ca77e512a66
SHA1 60b0dd67ac60b8330846f447ddc5f3aaeb1bc7b7
SHA256 4d6dde08a4660716b7524f0ded92f4b977c82b1fe864be89f86a95c629c4bdb9
SHA512 b15ce931a7bfd8605657d48107c1e70e6e9e02ee0dceb763a8a2315b107af7461bb0fd20214abbf1bbe54abf91c36af3997a707d89a8dac7927895d7081e86a9

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK

MD5 736ae3d81e7237a41e866455dca036fb
SHA1 c7e02e1c6985b4c3c19dcc8e99c8864b8de6a98f
SHA256 a6f9675c25d3c1b66361a06bf7e743d003d579f6babbf0a42ece4c6e5f0dea6e
SHA512 6119d223bc943167da713241923ddea8b0e726d2a57f1a69ce63f24e883696caee860c75ca163ada9c6238d8075c142c73c95095025b422a12e81987e6e9e216

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK

MD5 5b94918eecd0aa8b155cfda038259168
SHA1 367882a7b5d116c1678a2771ec1d0e97d0eb56b9
SHA256 f6e79ec9c0337058aa033090c6324202a80ba8bbd1dbd6edd9b55720de1e86ab
SHA512 a7260d9c29902e1ebe05904c19d6879d669fd5c74740063a612c23a4fa7a3c4b569c0b2de9e0e4268bebf28a159cef727269d2e7148d1df5beeb175b570f25b2

memory/2496-13699-0x000000013FB20000-0x000000013FC14000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK

MD5 654beebf7b8c31471ddb2848f48d66ef
SHA1 f95c720dc2015e20dbddc4fcf41469496b4ad091
SHA256 b474007461b1aaf6b3da866a0c3d5f3216d7edddeba5907332736e5fad924d87
SHA512 ccaa6b9777073bd766cb8b1782c0950804d90f34ac733c4859de599a9a57c9662b3205b3f27cbe13b8887ac5ab9a86b0edfac926340e7b9c97e7794b66857488

C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK

MD5 6613a9786583236e7dc4af313f3c47bb
SHA1 a0d2349443e6fed86d32d7661b2c8b7ace36dbce
SHA256 f49b8de4ce0c2dedfb5de02bed4875965c5e55b3500233226d1f3bf391a53425
SHA512 2b4df461f2c5b1cceffffca1ff8c87e15e206caa2f8067b5e00251d9094227d88f079682a79ec519589cf28200beebeeca7a66aa7f755cca001c58847283b3a4

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 e49bd53ada844ba57971f539043dde39
SHA1 9fa768d041a32c5baa40b17a7f8e1c5b1f100571
SHA256 6b6dafcb861f00007cc0fae619c52b9bdf9ba75ea8447f1fdc45053e1263a615
SHA512 ebbe2abdc3770b8e74eb320c08c1b5e8bcb23376f7a2099f234eb3a3d83a0575a0d174aeb71136ccb73d3d00a3b61fd4e893fe1570842da35aca9d41606e2b3f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF

MD5 3423c05c264f041a3d8b90a31ae610f7
SHA1 c54da445d4f8765f551a3e776e94f7949b39bbf4
SHA256 57b20d5cd9565b924a2a575238b5dafd6dd35a8336b9d2b5e69e2013d319fd60
SHA512 82fffa7daa3745434f3d7d37cc0c28c1074380d023549dc05ad733393e80a3e669ac4b4f00ab6449333185ac1bdd44411ffc2b3e37900b23891c6d3549c8185d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF

MD5 9cba3cf29f3de6930e6ad66387d55b81
SHA1 0d9805bf731dc257dbd9b0893b981200a7589cca
SHA256 38b570d644b71b78dbd970cf5ebdbbc80f6a08b158af25ac2d807f2c2cd09f8e
SHA512 274537a675bb6a50c7ef0b660c57571a1797bbca32393e91b2bd60c9e2ce27d4b298ac810309f0270dd68e0f905b02d1e23a5b1bd162d8913c0e16eb515534f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_ON.GIF

MD5 edf2702c8f91871f1cc8f5cf7e8c9c27
SHA1 395052854b07166a73f9dbd057d23aa570b442ba
SHA256 6c4b2c14157bc25803e04a5a6941d9a04315714987875ed81dfddb214e3a7496
SHA512 4cc962b940775418b4690beb9b3413a6e5562535962ba351c51ce95d0f6b4a48600d7ceb885e6f934c6aa277e42c31823b2ca8c9fb3b30a4d1ec1800256a7212

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\TAB_OFF.GIF

MD5 4abb3dd3a9bd9bc57430b311a14007af
SHA1 3bed3f1e11f4044ccecc6b904938991549c0c4d7
SHA256 0b5c58ffc6fbd04c5fa39db747b07739dcaecb81d9b128136d5accc5c7c27a2d
SHA512 642b2764cea3e3b7344e194254d73a2e2933c75359c5e46401935efb7cea32abe48a9d04227c097a4e9484c5b295698d0511dd803e60f7bd0be795483a8a9e3c

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 feb9253170bb7ca31e17ee64fad83832
SHA1 22a475ea5f8f2ff028ccf03837f6ecb884d8b66b
SHA256 44a9fdebc9f2e7b3044d9ec4f58dd9618873064abd900d26aaa361e70f846c48
SHA512 691ff0270116ee8d54dd3718f78625bc8d5447221713f6d170762112190db013a88282cc6763a9f5c0f5db69f8eaa5ac4a5480f7f6835778cfa95ab0a05347ac

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\BTINTERNET.NET.XML

MD5 3e9f4952ded7990aa3083ddc7486c807
SHA1 cec5426f4bb01b16500e9156f67e3fd5f94f9024
SHA256 4c7fdf302530787b9afc4bda99312a4710a6de60e9a076650d757b105685b9ca
SHA512 9533afcf759defe50b8bcd83ca9b534e37bf25cc73bddd8d2292d57b95359c0121d832889aa84780a51e2654257f1edb5b498110287ae8eb4e6f7da61815f100

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.NBA

MD5 f63b2c2725ae794ab3537d492aa77252
SHA1 955b90458be4bf089f11209e43e98d6440182a14
SHA256 2a5b8ab27c5cf856bd0868c0bd036b7bcaa4e99e95cd74a6b04a5e8c729a1230
SHA512 6f1403c03320f6f484e28b2d9e763155f3720a8c6f2dd2fdfb62b5f0092e43180124e9d8162f82b0492bed7850556ff455fa42e189b763cc165a4d8094d51b4a

memory/2496-16685-0x000000013FB20000-0x000000013FC14000-memory.dmp

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 b17f044c5b639ff40ce6172e4ca6e775
SHA1 0e177158a1d2be2ab7136fd8b3fb3a95cd51da0f
SHA256 1b5c769c7fbe2dc68f95b1e7b07e9dd16feb08e78e82a771e5cc4c53f73b9ec2
SHA512 88a08f3c8397c14ddec0ac16444700fd78242bf6f897021b1cd6fa7f49f32e64a17e9a15527c1f1c24aad7ba30056a4ba95900bee31db9519b6f4cf5d7a1890d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 73569e8586b501cc351293e164530cf9
SHA1 114eadba8bd70456236239070620b2258a64832e
SHA256 5abc362d00f56c2e8b8a5a0b73efc96a1c4f536535ee964dd549091ba01d6582
SHA512 d8c88d87fc1515435d1d6b588b71f15b20452bd093ba672937414ac255bb7a024861671bc4a9bf9efd33acf027f6e03a90b9a8830669e1f64030cbfdf22a6350

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 a59d9a04a5bdb63f2beb52b123d0849c
SHA1 6a1f5528afb2baab1daf450bf1fa5a3ae9343b54
SHA256 1d4730d34b610c2fa87aa6ab83f82cda91ff5a57b3f82116b0138b8cc56a37d8
SHA512 58ca1ccf67cee83905f143fc944481f6e90b787fcd6d8388dae08ca5fb5a4325394a0b67bc364591cdb705730d6dc558867deb41fa94cc2dbea95647f6886e8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

MD5 0dd96cd7d3d460cfcbf0c2bd9245c597
SHA1 5520aa290e9807b6ccf2819674a7f1ae886c8324
SHA256 71491442b4cca809f08829e78fd69c6a63a8648f2ba7246853d3756377dfe647
SHA512 e61413524b149fde656792fd7fe301dd533d633870a84699dc6630e497511c4ea765fc57bd0ea972cf8244b9b00abaae85ba52d995a9265c3558ed66caba2a85

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms

MD5 75e23671f27208364b8c7b84aa18594f
SHA1 077588d1600cea73aac3f54b23a88cc52dcca280
SHA256 2bd7b367d0dc4a67f05260b2747e665e4190dadb3c7830a8eb208d1237d1580a
SHA512 ba5273096eb04a9b48071f65739c64a27baa8caf06194ec3db1e6488818fc2a7594f86620a6a1bad54872084e20f1d572110be0ba57fb6288ee6b1439d1bbd22

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\RM4QEUM4\desktop.ini

MD5 cdd6b979272206f89024dde30e62f6b9
SHA1 8c65c7f9bafe252b40a9d11735b8a0cfec5e7f82
SHA256 67520bcb6cdd25deda3a123c6b97f24650ea99681bf43fc1fb512c411090f8fc
SHA512 d64509ad4a252cf2e03413e3ac84faab86571d30b0a1955503331de6aa151310031c5dc63252740916cd9b65b656e4205f5a2be921f449880b22f9f8268fedaf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 3352f730b85ae61300218c7839c27d55
SHA1 bf1705b9105bcba0a4367a802a882a6229bfe5f5
SHA256 5d1360198b2226a16f64b5e9beddd2736bcfb91013f5f8be8242bc3db55b0eef
SHA512 afafa882d8dd3c5782c79f697d2149dc87a133359dbd053d8b999e950993bce061d558399550ff86bbcf55675464b033f597ea310f57b57e5c4235321a02fcb6

memory/2496-18948-0x000000013FB20000-0x000000013FC14000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:38

Reported

2024-11-14 02:41

Platform

win10v2004-20241007-en

Max time kernel

91s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe"

Signatures

Renames multiple (7750) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_18.svg C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fi\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\cs\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn_IN\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\print_poster.png C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\da-dk\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_F_COL.HXK C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\XLSTART\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\ExcelCapabilities.json C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\ARM\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sr.pak C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\SYMBOL.TXT C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Uninstall Information\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\System\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-140.png C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ja-jp\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-140.png C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\skins\skin.dtd C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hr-hr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\readme.txt C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe

"C:\Users\Admin\AppData\Local\Temp\753f9b5d1014db1c944f285810e7f23273a8899dcc6b84651d7fa06b47abc2f0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\readme.txt

MD5 42a549a0d81666924802245ca0a52c05
SHA1 932c0eb3f548644ce4c678863b19ed377218fa9b
SHA256 6597ec6561cad9f8a36d8230d30c9bbe5bc8e8495cce34b0c2deae1d7f5034e8
SHA512 494d4890e5b89c0439cad0ac3b51e80e8077efd876cebe84122d4c4552b966dae617fca8d5c3de7a57d49ccdbb10ada14d12b3417cd5bae4db5af376b78a726f

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 97b91a3479fabf63851638d018b6f19c
SHA1 88964d865806a78f9df849ce46a34b8d9a5147ef
SHA256 cf762c4e6a88f481a8dc5ed226055a3c3104ad948723fad1bba5edbe009a281c
SHA512 f33bcf5fa68ba8d95cf56c00ca1bad64e11bc59c16d72bac8bb065dd8187b4a5127a137d0b12b065bde5e0dcdd767d9f7f6e9613a7ae23c3e7313693491a8096

C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 27b861e7455389aed1bb85edb4ebd93c
SHA1 c1ee675be87bd4d7ce7699e8bb1e983a6d3a6989
SHA256 409dc4dd22ce99988cd9b0d86e8b49ab38f60caeb3292c1c604191930c63e229
SHA512 62b820dece1b9e5d2d695b5e26b03669be4c2f55fc520c295aa06601d74e6bc2d9b3fc48bb97fa91b2eba1a4c4ca4ac427c55bcdd356d67ba84b380ec0aca453

memory/2432-4891-0x00007FF67F270000-0x00007FF67F364000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 80786d8495ff2d5f031e97cc7319fd5c
SHA1 8f2dff22f82572cc7ccc02a60cdf94aec6237a84
SHA256 06fbd7386663b3a407e201b3e286ade8e0ae27d51dc550b8d52325bdb3a7e20e
SHA512 f8c5aa89044b5a1b2eb9f143ea105084fed27a71f87c5659526422dd534e2635c972d0d944559206030b7305e4307836b43ebd5851ac52bbaab79b3009c1ae66

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 f406b5ef0a4720a95dd928a2c7088059
SHA1 e771b3c08b95b4d8ab6e40fbeb68ddef9267c010
SHA256 586533e10b6383cc111a1c160d9ee5e257962f9c9b6e508625fb63b78e6d3cd5
SHA512 87d26b99bacd4e6895775cda053ae8f290d5a019404fc8b748621dfef715568fd9a7d4e3849722a04db0272f5019818fb47477d4f626cd098e1969f48c8c465a

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 e8a712d7b17f7884ce77122327d30d54
SHA1 f88d34d3ecc3d0eafff6cdf50b45aec67a709c9f
SHA256 08c9931bea72b8fba8614ac6d5c9b9431317d2af6633f414d707c997b9c6ce05
SHA512 23475758c64970688930b95fe8ba98c95a2c58b11e8d761b0fa6e4966144540ccabce71e4cb186505f73d4c153e73c0e9c07989e9188ce70deb8a37f55ed6c83

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 2f579bba791e0ec5fdc3085ddd4bf460
SHA1 7e7e54498ea3575a877d5ba79a81676809ab150a
SHA256 0a9fbaf81910c4aeebc9594f4bcf2cf7b548113635b253574c01f82b3999a4eb
SHA512 8a45520a079f4cfdc352d92a56b4b631fbd5445b6742c078e4b519920466fdacba8acba75ab3e1a4f7a4ff93e9d25bf3f1e153a879984fb6d5fa1f9f9509baf1

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

MD5 52cd4aa7a7f608feec1b3259dfb40e88
SHA1 93512a920b2605177f23fff974f2c07e598140e1
SHA256 fab51b80167af3d35ef14cd6326c877998c78bdb2458de9d3393f8ecb9e2ca6c
SHA512 30b212da3c684cb8339662a434803ba86736c7e8ae72b0fa2bc38fb1761f141169d02d3f6d32190a017f6c6f6078ba1f30911269fd491290fff028285ef2a864

memory/2432-9222-0x00007FF67F270000-0x00007FF67F364000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 494bb71f678e5a38e6278af6a9890d33
SHA1 d45b6a44244f86b5800f31864f392f32601541ad
SHA256 df6a431fdd94bb794cea685484cbb45bae7a9621559efc72afa350e3197e25c0
SHA512 426f51929e2f6b1e64c808e87a2be696dfd673711bd4aa299df8f78e8c6720e8616730b519c849cb21e2d794f0d72b2506a08a496cd6b232c1cbad8ac1ba87b0

C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo

MD5 cf9e0917f43706bcd52ab88581f386be
SHA1 3cb953631f4a41ac71b7d10ddff36def69a59490
SHA256 7fe831156fe3e8bf15f849784568f4743afdb1eeff2191ee0a0c9cccfbb1c201
SHA512 c985aa8b62de0323414b928d55a8ee872fbc743a260ddba542fe2174c5b4f00e2e7ecad4de0738130bf912c0e7287fec850e58ca43708b408972b6302a803dd1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 71cc108b305d7e838e2ed67a5e8d6497
SHA1 d813df5bb561d52c9de0bf29ca587e5cb6418780
SHA256 4bd4def61a5c0a0c78230dcac4ad5a435512d94d407afeafc851a963fcd0825b
SHA512 10ea7799f232ec72aa23e6bc7b4fb7ef848e46d51baf6a7a9f4c002bbc957a6fbe33e90b263ff369771d363fdea3158f5de0f22a327a3da8759382d03a9badcb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 dba77721d23e7885f5c94bf90f6bce1b
SHA1 33a747af7e4f24c8a3d46f7a016a49b6872f77d4
SHA256 f2f07c2aee0028c22ea6b696d70ef322eb12a2af194c37cfdcd6d1a6e6b07902
SHA512 252b1ceb1a6c586711e4b050499f4fb17c0766465f67cfa1e6931ee0a7283700267c361349446662fdcc20f0656548da5547fc3d90a0e2f176191fba5ef029d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 0bc0ebccc7dcea56e2f70ae4f34f3ddd
SHA1 50559ed27508089c70e5580fad7b3106f5df812a
SHA256 b3a0c2bcdc6364c1e6b6edd235645c4510b6888da494e9c931e22fa948e5ca41
SHA512 0b352b9eb32c7596671b1e13cbdfefd0de9aeaa2a8c053b515d7d9c02709d6a84c8061acd3bf125c75ce53a198f0dddf343cb12615a5e8859ce023f87f13ce05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg

MD5 864c6db5a04b0bc8f22c784816f033c3
SHA1 33d0736cf2234195ae3653881737857c876dca6e
SHA256 8d5877591187df6399f00dcdd4be20c647a28742db55ec083cd71237f9924ec3
SHA512 2dee9066a65f7a540f194b677117b34bed72d8a33ad6cc5cd9f9f9dd80055b37785d08ce94b733a981d7d3291a027737129d505c5d7eae61db0c84cb2f231ffc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 936e8d57d2d790b779e8290cb1fa7d7c
SHA1 4d1dccc1c0819f6c31931f489c6cb4e4fe811013
SHA256 426866674e7f10ae5bbc3a3a978e94064435e59fc17c6cebd2cb942525945df5
SHA512 4b4eb3d31093dd5e0d92e9a37069981d0e4e55a9d2f87b3a30fa76ca331abcb03dd2105f21b666ed695ba4c855d86b4105e7799ae087d59177ffc24f72ae79af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 6bb9d3ae3e9053eb65ee9a7f18f07b91
SHA1 7b79c70daca0d0ab85dd5d6f895859349961b63f
SHA256 3b8a306760fecf8eb4378e620a713d72253f8b62fdee02b91f0327e396f7168b
SHA512 8aa415e3e2e09b1c95744248713133065a075d7386b17949535d14e8900f1ebd253bcc3cec4d94cd149083c023c957202d42077d3e95a54692b2bf801fee5a30

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 6bc0e248646b8d852b0fb16bc8a85a51
SHA1 415b17e818a1c0f264491536d2ec021ac57009bb
SHA256 3fdf4dacc732c5bdfc9bc5bd0fa821225a7a26f0964b8fbce8c7ca724529c17a
SHA512 5e7357dd4557e790f0ffbc46229aeeb10ce5fda8bb2fa7c628a9cfa0e2649e50cc5f6c3089e162c74ace045c9b67b695bfe9d90dcfb4149b8fb57ea7cd8de5f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

MD5 7e928f3cd4497a87ca1579cb615f1794
SHA1 93bf5da1d8a2b962c25aa59d737bc4c4572dfabc
SHA256 ce84c30215d9f579118e2342e46c055b3332686a1601a6ed724e03b2e15af615
SHA512 3756bbce870f1d8dd7798d566965b82bb10abdf8f3b161e92c0acd78ae1f70babeedd533118c5f7a38014f085c7ea526a80f3d7dfc4d1bd7acfe1eedf5cf06cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\ui-strings.js

MD5 4617f3e8b05bd37d16b07148f8f8b9f0
SHA1 07af86f45f095d2529dcae6c76e9b9218d85bb10
SHA256 0e51774f05831bbb1dc5d2e52353f1f75ca22ca32e22e758c173c90c7686729e
SHA512 f3bad46be4d9d0e75d254881b7ed54004cf67cfe97226adc11b48cbd8635b84c2822a89c77318f42186e26d6361b522cdbf1c969621600dbc42f7a98fc0f1788

memory/2432-12295-0x00007FF67F270000-0x00007FF67F364000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js

MD5 27eca4c9e372a87e4ea19015827fc723
SHA1 7a7b875352d5f7220fafd7547af05e7c947bfac5
SHA256 e890973037306b9d7a094818d126237bc5a39dfa9e29e190813b08149e468e99
SHA512 70def48882dfc8bfd3bfb4eb87009256d0ff32f6a93be6d9291ab72ca7889a0fcd4bedc08f0c99035363c79fdb1b8e705094f44b2a5bb778529b4bb4e0075b19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-tool-view.js

MD5 aa19eaafa60e8699c2c9998e448b1e64
SHA1 bbba2e568d23120a76915bc105acf3804a7942f0
SHA256 6895f98f5668b10d95c43974057099211fdcc800828e866d9e5cfc7824610e32
SHA512 afb2381aab8f1a0c635e6ebc72b65cfbd42ef29686cf4a5d46504526bb0b94635dfd7fdd576a9f521ae6af510b2d2572c9d063313501a50de604a0f4cb8a6255

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 33e7139c23ee450626d5681b52443e29
SHA1 ca20e59069912d14cba8367fe518c5e786d41702
SHA256 54fa8ab5fda49bc855897fe7e00c3affca608e7448a7d59fd1de3cd4a2699278
SHA512 cac96087f42f36f1aa7e0cc941a306931e3a9edd6c53cdf5532ddc895ac10a735f8dbcbd74d968fa7f18a611b2fccaf717381372682fb1dfb336e10bd888291a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 4bfdad01caeed565c9debd209fcf8333
SHA1 aa0bb584791f3d563bbfee159414124a4ac573ad
SHA256 6418cd57e34864a45d3a8d15dfbab942008a7cd6afdc33aed875f326cf053637
SHA512 26b0218bfcd5d534db968bfb6d3d68ce80dfabb458b5ba5a00c7c6a3577a16388b37603c37b27071c91f26fb4802f49b9016dfaee9a31ea42b025e05a7697170

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 2773b9bd6d9928689ad79a646e8d4b65
SHA1 188a2fac834375c5c4783f421da027f54c06c971
SHA256 50a5e00dcd195967df4f5f12bfeda431dff2c65dd2b3d45115b82f021e9797c6
SHA512 86392147e50354a8128d37d9273f6eb901b504de10b8a6649d8f87f2f8ec22b6427030e3c7b2424a56031c5dd73524646fc6360bb54920c9919a05cbe9d98e32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 acebe9c004b3aff37859e4b9aab6d145
SHA1 e5017af2c48b538a2f781c7a5e20bbbce4c03ef7
SHA256 32b82d73d7f6d02740a2b87da3af325e21ba8eddd858de8edd25786e83c05bf3
SHA512 724d82f5cb32643bcf252aff094ae732b955f5ef6bb386e1777864f1d00c8a2989d09d21b971342043fdd6f05398d424a7bf1476fa5e6ebc753d14b004bee049

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 4f24b63e47540306d6bdd9cf5ac1b534
SHA1 5d7e40c9bcd416729bc8d70a91ead79e39b9d1bc
SHA256 cca04db043264df4e38f618b4cb28e88f6cc8a68544e3a2353dccd38c75bc895
SHA512 d7e68500ee7040312a41b769e280afa4927973f71e50d454c1be7df439fcbabecb4bd629f9440c8d8f09f353e5166adfa9d6f60ac04ce0e53b25324f347dbdaa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 e5b3d55af290879c260ce8ee0058d981
SHA1 111973026cf2cac11705601a81771ea5c8f93eb0
SHA256 ea3ab03c7f120dfada6b52ec3a89e1ceb85293966853f3f89985f89e023a09f8
SHA512 c90ddec0bb9a6f5cf34e5ebd184ee099d71a5faa0fa28076693f2aa9e93961ddaa24ad84a07970d057ec62c9aa46ab29b02055e6bf235ef458bf2ac4dbb47807

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 d7b65b140ca466374a7240cce4302616
SHA1 d7fa55e3acb9d27543810162deea74a12da5cff5
SHA256 a3b182e513d367645cf7a6a40987c60bf0d94b21a3b3c8466d5c71591e921904
SHA512 1c8ceae0c54cdc7d99537b1461edd2527a43250c9c0d5f6668fd41f28d4447dee0d7129a2c19f59432d50783a8e3171fbdfe0b34e3da00bb935c5cd394a8b4fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

MD5 2278e14871506594fd3a6fed313581f1
SHA1 0beba6aa0f53c10c5139021e76fbb83f90004cad
SHA256 7057a7ba42a5ceb4f6c97d515645058fea564f21d63eb5ec25dae7dbb9f3af4f
SHA512 3210a8224103063efa50cccf19616b9f054fdef381b1ad007243e9db43a7782ca592682d6e164a75f697e091217ca4d7f51d33843bfc35eca7698b45504f4390

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 2adbf6a09b2595545d49c4e32bc77441
SHA1 634c5f47ed45ffb77f60fc7e94381745e9c36468
SHA256 30c8220d740bb003fa6331ad465fe153b01bd222e61a0cc8d1a73259487ee8ef
SHA512 94e4d4b7439eee5d26ba8e637afe6a166bc6f9f692dfed324fae6b1459ce717875158330d1e9f7816e7fb1478c510b1caf23c53690c35d78cb7876c7dccec3c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 cfbf317898832737846b86390754dfd6
SHA1 edf5ab939f74c0701500b3681855ba9e723d19e4
SHA256 40fe3c8d246d976597a9374ec89c100403406da7e1b09e80edd45013b8e982c8
SHA512 67fae317785bdaa691809e098a8f40eaea7c1a066cb03b4e0cc04aa2b55a0e8df04e3b19bce54cb8eb5e3f4fbbdfa779de95fa5559d647cb3ab18e44bd4a6bd9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

MD5 5e4e13a5df58f16bc778825e4c4698cb
SHA1 de8b1d54ebf42d66f176d3f9cf8690d1d3128ce8
SHA256 9c39dc08ae9ad357535c4ae2c0dca2241b9888dfcd04e44fcec108a6c199ae83
SHA512 4bcddd0c04e8796d34204fb4b2042dcfec4746b4f7b712746885d7fb8072b87e04afe2cd83078b68254d6fbba7706e0af3e73d66db7cecb42b019e4aace46f72

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 5b2d8cd1509c4b26c9628d21c602edd0
SHA1 aca8244ea0b34a9bf5def66f1e1bfe4523c8b3f9
SHA256 b60e708d4929379438da70c3d01e6462b0e4c970a74316f15cccc5d6a5a9f6e5
SHA512 6d5119dd5979f2de16bd9b597d3f4b634bd20fbaffa99a56f6cd8491398a21eb318ef523717b62bbf86a70a1521b047511bec898faf339e0e7ee6a62e585b0c7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 134c96a244774ea5b4a70b45f02be6bc
SHA1 652c0142adafc94c957193ed05bd2498375ceb81
SHA256 8c39339fd26eccebdba5136a9d08b33d6c25f71a3d84bbce8a18b243a7900a71
SHA512 a135397dab3f60d5e4c4143d5c57ceb7616492cd58de8e00d516d6a578764910006ae52ff22af23a546db9ae3490251debb3d195a3a782ca5f4900855f345b6a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\ui-strings.js

MD5 02837931c60d27761fd499d644326800
SHA1 f4d8daa9075c793abd1933cf21a8c09048d65079
SHA256 9b31da7dab9ea02272619ac35e567a9a4b29f625cd0cb970c14020aa913e254d
SHA512 cbf47ac0e1e5f1dbd10d49f7f8e95c8ec3c72f5fff27936381e07765dd775513f26f13e16bb811a3509fa3268e8227cc0c1efa67dfa7182817b29343aeea2913

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\ui-strings.js

MD5 8c617a36bb0bb724e1b7aa69043c087e
SHA1 e2a4c036d92fb78f0f02e670e646a8faeea7605b
SHA256 e4b981e730eafa4b71c285b616f1a5d417db32ca0dda27b174a1fa3e4a8d3a58
SHA512 359e198a66706d84ee104153b527f2e7fd1f7b446f6faf6870a01dd6af3bc98ff0b08c2a8f162100e6d6378fdb95d2dde37472cf1ab9629cad31a55219cbcfe5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png

MD5 bcac2f63bd0861a6c7bf83ed5f757074
SHA1 857fd0203191f29da40cb65a6d2d03b368fa5990
SHA256 228dffb0505a0ed3937ca5623ef0c4df18542901d3b9e7bfe77e653f67a4b979
SHA512 a0b7d0d3393449c8b4119f285555c657827efb941403acaa3661343fd0a40757f0c7322814939f3f2d60f6770c4d4ff97e3c6df392fa1b69f8ba8b3ecacf342a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ui-strings.js

MD5 8ee9ed7752ec7e372749e31843cc12c5
SHA1 08df167ad7741d2be3ebbfd54a6aa3eb1eda925e
SHA256 64d59879e83c0ec43e38cde49805acb201a483f57f7668a8043af3de2a1c5497
SHA512 5fde56f370aa085ee778a3e84a55a2a5dd2fa64faac34cefc6d75d3e6d59c24b45e4dc2db1e93b560b41d94d6259ec986b761b56337259c4a984ea2ffb32d435

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons.png

MD5 298e1b2e787d7cd7f120c33fc8cb4e55
SHA1 7cc51248b2daf559fcede508b6092e396554e8dc
SHA256 ef31f3aa106eebd6de2553aec1650457f7a760d00b1dd1c0099ff83b2fd599fa
SHA512 0f3f07bd9b1cac18ca587b6208514d52aa4ecc550c964be9745321cc217010b071bb1b53426ffeab4a45229efea79a8b7c5fb7c3d5da39c2dde3ba7cb8ebfc6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png

MD5 9db6e66cf2a5819c623ef47313faa283
SHA1 4ed115f081892eecb3300ee5b12ca25ed1c4c489
SHA256 e7b6eabefb5f003ff52a2aea4d65bcdb3b2b520fbeb0e925d1ca02a13d327792
SHA512 c69c3e00490949d7b00da1da9ed93921236d58ee6c97df153b0258dc3af31c3837ce6e67bdd2e1165cb6a101a8f95badc185679821eda1336635051396703f46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png

MD5 d5a22e8787cec628beb288cd0d80a066
SHA1 dd266283e844ee602d6dcbfd7417ce520c5010e0
SHA256 77ac1912d5dcad39f39ce3d600bc10a2cab1cd46bb76752c4a57ded2d717c79e
SHA512 14c8e1b9422ed9e3cd2bf806538c96a98ac157ee5ead564d6753e8051f00158ab0eb4dcd05a0e01f38f0b118421bf1059c7852313af5a762d924db809facf700

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png

MD5 fe8cd8fb987ab3903cd56912e5dea2ec
SHA1 fce03899288f0abd0c2e31b1a1c89f003c270f96
SHA256 068790f7acfd8202081b541d2673d21116deefc176245a26ec795cf37f566f92
SHA512 3364f301b2761f0003a794d8beaa848d7614738e4c82f55c90cdee3b710d64f4c834c3e62581d69a14b0723a5e37cae6ba22b659f4955bb0bb2ff26d8bc9d564

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif

MD5 383c8baee9c47838129548ddd759721e
SHA1 490b1fb295a8873ab57aae0e55187ea3274696d6
SHA256 c737f805b8b03291ca75a6761b8816693d314b6a2d1c8a87bd736f9c936aa9cf
SHA512 79af0bc457695f74abd78cfbd5130b601150b2892edd70f54065da43dc5bf20a9e46a07378ca8e6a659f1ce24c2efdad6b671d76a615ec5b074266250b2c52dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png

MD5 f4c035b784e0eea55b7c8eff332652ae
SHA1 83d93816ec7f8650efe2601c224fb1bb8af978aa
SHA256 24d384ddc34d24daddb1a8e3e6e6c6f50b047c9572e72c97b9d73e80fe21b1e3
SHA512 1bbc032133bc7d66e4d62a588a0ec0306a5b2ea077b603ceb2cf1e83d5e695d68faadf4b7a70e223fa74d4af30e3511d52f671b01978684bc582088f9de54e07

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

MD5 70b61248ee0fb3a9e44fc6488fe6770f
SHA1 4b4ffed2afa2cf83e03189d89a904e64d631c66c
SHA256 c0fc5301f676e34e07cc53d0ba6264b29e4064fa3cef0bf0ae3ad30c3c7d9dc9
SHA512 51230822cf06e17bfa98aecc083d18b35718a3fb983a334f0d0e94fed38a1b4b6c934b9eda3d80199b3c1fd98a470686807133775eb66466add91bb355444f4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js

MD5 e9f126950eb6972b989b7a8ae638a334
SHA1 53baef80acf137c0f5fdc23b7484ec3f8267082c
SHA256 ac71ef54408dceb43f979d1f4326efb2d539323b87c55abf9606e3d835c732ef
SHA512 be744924ed319d312e5cecf45a4e3f9592491bb16d9585bdf806c26cbb16c6ba9be2b93cb8d05b7c69a4797eb5bd44234e287eec8bec6d440697385aaae4ba0d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png

MD5 ed4f30fab404acc00357d9847e4a54bd
SHA1 c2636d5761627872eb2584d550650e3bbcf35b3b
SHA256 6e113bf007f3c1cfefc6de4cf20be2abe9c8c99752f1e83d6abe3b5052c9334f
SHA512 da803b6676bf9764b7781e24517c4fef0305f88ed5f8aa096f75359d89f9ab3ab2ac5dc339bd5c673a557cd65fc73c736631cd977fb30b8b56f886ccca5ad2db

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 105f090b50f163eeb8983a26d13866a4
SHA1 0bc5e4e56fafe7bb66d00df0b41c9df100ffcb45
SHA256 5ed6f615375d8c94fa6487fb41eb6e46955ba6233d721f46b354c87e504487b6
SHA512 17fa87dd8712066b1f194e4912d179c5f600f139d9b4eeff3db973ee9682d1deae7f9249c8fdaf126e0e057b9347b086c64953f0d2d5b4ea8e4ac8506858fec7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\icons_retina.png

MD5 a138e69326c1d4c3fb761a8aaeed54ec
SHA1 a6f9e4edd0896dc2b3a0af47f285dd2fdc0f8252
SHA256 ce71a2a01a1bef4fa0684a0dd040ca60d6ace3f094824fc216c0f0886a03f020
SHA512 8a81d15959ecbd260a1ae4d8f47eadd17d0d3953d091bc9aeba49b227e686f11175e65a458052c1937c5ba7e41c0c5f5a3dcab2f98677af1b0d7fbd938f25bf2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png

MD5 f363a6dfc257d28777ad40c4dee81423
SHA1 e13d3245b3e7d3a841b4a2d443a822e010f07905
SHA256 492794ed0d90a589185cca36d0e7c3627fa89d66e6c19185995a0b5b65ea2c54
SHA512 b055917f3aeb31cbcc23a8472fb0dbf93cfa69c4fd87dc98aedbdc091c3fb19c5964a619b5f6b6eb69f774ecbcf2df90000471a610f4ca724a29d68560d742cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons.png

MD5 1a5b5aa9896e815ef720077b97ae0f1f
SHA1 00423711d287af854af51b9d16c764a183b999ff
SHA256 4c032b0ed0b3820ef31d8f930c9dcf25501a691a7a1e343ed27593c0b53ab890
SHA512 4ea978af6fc848cd9f645372fdbdd807e7ac7ffaa61f5cd9cf123d44afff165394c276be097cae0b85ba2c0910c7a4a5d7a0cccf54c68fcbcceb1b75abb37ab6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png

MD5 e143788cd2369e7cd73628cd634d3735
SHA1 2591af6e6a2152b99cadb4f92659ae317ed98f84
SHA256 7855c617ddceb8ee7d12ecd4fd32998de8239f851994b94d58de661d515554de
SHA512 9aaaa1e3706109e460f730b9394b406f4a996bdc58651c81799c675edd282560973865607d4680076d03f8e1d25240954cbe93457b9784b4120ca68eed1d9c41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js

MD5 24393b9cfc7c7e74b3e120c58525264e
SHA1 d3b6c5ca6846adc839d90168dfb5a45e403e26dd
SHA256 3e2ebefacfdc65d9284ec20019100cb0f10b9470092032b8006eed761a0a719e
SHA512 178c7a52fa952507a44de198d31388de674252049e06001899c8e2ac2f3e21e4de460f051819cefbf591e0793d5c9e22ade6068bfedbad5ee39d966dbbccc4e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ui-strings.js

MD5 a57ab2169fca5b24ec22f916c35808ef
SHA1 373b45842ad02870ebbeed2ac540f2703ec1c6c8
SHA256 5b46852256b6cff667b6872e4f321df8594749e1967bf491d34a1db87b5a84dd
SHA512 09910464aa387439d438832e7b0c50d64e8870bda4b4998eeef7e87e329510127209e7fec87c2705b3738d11abf00a1051d3c4f912273cfc906bf584658a0642

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css

MD5 593d7d57bb15f390392c4f4a662c1fd8
SHA1 e5cd0254077c4681b79db534645e08f1cc2e8a12
SHA256 08c1c93d6d6fdc7fd446ee2c48ae0ce7d28caa422b58bcfd170f73af5cfaefdb
SHA512 a2a62b5a906d9ea5d6d190d173f491a18558e5424b424ab944fc0c43a63f675915be679fe6ba64c67211df902c7e34e88e6bb638d58f9f84d4daf00acf19d2fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

MD5 afd5ddd1fa6c9737d3c595094ed2020a
SHA1 028142be985dddf79bcf398543b67b8cfbceb47b
SHA256 3c86f2b7512cdea14b707d8f743b16868c03b41d893f68b8dbfd2b4985fb9506
SHA512 5035c4c6131bc6436f380ed25cccaca53dc008b29a5aee645204ae58fabc4bbdc3b6b7cebed08441a3a7f7a75b2da42380fc0e6abe67c04e4b72d63144294c53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js

MD5 31f00ce0c87bd206a5ead0f313a9b0a1
SHA1 38d20eef79eed5380d9e5c747433008b9dbbe402
SHA256 3520e15dbebe06fcea8b9e8151666034394177e900812a73ded7c8c3d08ca680
SHA512 3fcda7b83054a77b280ce7ac6f6c59fa47d16d88ce7b2ce09d540ecddd02f821c089166aac28223844f9bab1c4ed52b81e51f141833b395c136f752b066e114b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\PlayStore_icon.svg

MD5 3eed7939615ac4bd99f5e5b192851298
SHA1 5ef474841eac2832cb4a53ba207c564a88535b2d
SHA256 87b377127e8f1bc8e4738a3414890f6193ad7a4ffd25d170664c257e64bd755c
SHA512 d2e2f70cebbfcea3eead93bf3b281eabd87dfc54b316a6eb39fd2f15076a318c989ee6926a167f0ca3af96614c32f315e8c28cc02b4ad144f0953e1e8ac7dd44

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 ecdf4c00d91315dd9e8a6cc13b1a85d4
SHA1 d8355d347daa993b3bce36b542b0689469b1d4a6
SHA256 8b08a3f7c606751202346603d02fe0c393bc15a7306628dbefd633d0e252a33f
SHA512 3f2b1db0fd901a34b56118ea6fea1294207dc1818b7bd497a33618c6de31a12a85371dbbbfc3fe2b531061ae53a0f59797a584e298cf8f279cb37ecde663e805

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\ui-strings.js

MD5 ff6d9bbf46591013310bc615b1dedef7
SHA1 1fd33bca73b130744501b61f7abfbaa9dcb0ff0f
SHA256 d0dd5a8fc3d2ec1dfa76299dd0b64a8c65ed0f5a1784e29776e9cd60a200dfed
SHA512 cce9cb93590abad1759149055144981e050e22dbb8f954b8157c83aa40c8ba91f5a703ea1fbb5568243eb270b17a3b61a2195b92bc98530f65c9ef1cd74518bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\ui-strings.js

MD5 e1426e35a68175baf15b2ca2c57073dc
SHA1 8f357142dfe99e1cf830ca2418e555e45a997226
SHA256 9d0dfe4623aba409c6b54150df3f83910bff3513c45b8fc02487192e855198f3
SHA512 e1b26eb56ca41dfe227773cb5173d721a6c471b01cb15d80eef16502a1964439bb1b31af4912b8dedae83850e72450ab1dfca67a1c0ac063ff065f5f3fa6e323

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 dff89047f07cfae8dbc2843f8471ac2c
SHA1 18704ecd329f0d1192ac34598ebf50e8c57192a8
SHA256 9d8368844b4ca2dab3f2a24775c22554ec1ddeb2850f50e12a6e8febe9894aa0
SHA512 c66e534e8032c69ac31b492bb262f35c300d168990292b9d7f595b652a07860f58f23b26dbd1c44de55686331faff99dff111b2d61eddd8b36d529dacc5294dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 cfd74f513815dead2717b015c1a44fd2
SHA1 831d8a2f8e4494b3c35daf60dddb98529655498f
SHA256 7ce96339d7c4d053bc3ccd2dcfac83f38285054ef1bba6925986f5e371890474
SHA512 b674caaf58887f31b0b90994e7cdd5d47f11ae61b0e89ef412ddefc6b2731d5c97360161c8babe137b990e714abc11621a13166c51d2a9439d2c7cb0bf700a66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 472bd4d51b4ded5ee2e2edef3ca71527
SHA1 97502b6a80e1d7d28c3d5f9ac78ac9da5bbf4a6b
SHA256 6ef9c83c49c01f65f6a4f5e9f4fa85ff6f07a60caace834e74e2b6960336859f
SHA512 9ccd3957b254895994709a69a5a62f42160a62d00fb2b97f08092337c97969f687cfc930692be65e0e2b522812f101c09515088c9766eacf4bbe8f43455ee168

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 921f4982fd9c41ea3a07debf26d96b84
SHA1 499e9a6235741f721e564e03cf1f1bab3913620d
SHA256 733ae757d7eea98d3152c8e2abfae2746ca4bd957c3c5bd428a6801a92f8475d
SHA512 675270c8372d5a6b5e97f028b1e6e417cada04191bd5ba817fd8ac821b743474920b1ff25883b1c54697309d34e3b89a866cbc3407599030528ea191217aedcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js

MD5 3cf1ca6ce5e1b596d902e37b3003d5a7
SHA1 37a342a4a869547884bd1f0a0ae94e6b17b40ff4
SHA256 60b554afd65d223acc0ba6b7aa29859510ff0430f582734d942eef0f6139f9cb
SHA512 5936924a3376b0eaa58902f81fe6f0680bc10cc7040566b3fb7e1d34ecf4534fe3e1ab3a16033c66f924d54a6ade2f9b5603e7f73cbf5a19df821e2eea412ff6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ui-strings.js

MD5 95afae7e04d17fda9ad7f51621570340
SHA1 7e12cf9fdbc2e947b6df2cfd2a599270107ccb88
SHA256 61b531dc6184de934c0c959f2b836cfb636a409cfe14f8887de317871e7f0046
SHA512 9c2c2607ef1eee99a28b8563ec0deebd1085368647385d7801b4feef4f005d11706c88f0068915b655f8ff9e39a8885bac4b483e6c15d6669ba0da18e582b488

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png

MD5 4996d0a537cc82c3ff118fb9bf8a6ee0
SHA1 48a40db2df162c9deb38294bf139ef6102e600d1
SHA256 c61c5069590f933baff19a0eb9bfbce9cc092920184595363fef1662d4d6320f
SHA512 a0d716e83022aae156a4ddf42077567dbbe285f7dd7ce0e250b7f646c2b44c1bfada2f883e09823ad92bd2544e3636878c2741d796eb548ac0489291ed66057b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png

MD5 8b80969b2cf0eeb326c3c3f9ea0a8476
SHA1 d9d94f33c9e61d1c94b7b66dd9968264db927e9c
SHA256 ddda03b9b3dde95f321b98d7a3cb03885434c5b2b35d62621f779c039351ab6e
SHA512 f75587afe2cd0f3cfec9827a2c3bff695c966deb9265e93a4296a07f6d6d6512605fa04bcdfb505f8af21981f5bf4f2ee3c0ed6ba5b4418781e0011f9183867e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png

MD5 1145740a9f3afb85b20181252d6b4a4b
SHA1 a3f699bd395c3e6890d138f9ff174f84ee81da8a
SHA256 debeff726c744c0f47dac892e5d229d99808bb564069456e47b2c762d93873cd
SHA512 564b6d05bdc14c446c8ec234886320b97d11c507ac95f8b02b733855fef18d95533c8a970355713ffb01a0bdcbeb2e4914b3d9bcca8c8156ba923f13177ada3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png

MD5 ed24072b61908241027fced7e39fb0a3
SHA1 88874ee5120820953038cc7113a64e8159ebf409
SHA256 8a4037597ede2616ffaca4463a6bb8bcdc214770fef5883f7a1415eb4dafe322
SHA512 8ac830cb354906317c69d89b539a17594e1efd8a98288b38fefabe91c08fd131108f897a7954e821d918bef20c1f66b7dcd579ed278165ff3729c0e16c95de04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png

MD5 949b2172fc4e1acd2983d766596cd218
SHA1 5273aa6951e00bed27fd91d24a71a311bec312ca
SHA256 2c8753ebc3a5be96ad463d77b9ca96cd953873ff25ee0b3f34121d2f8110e616
SHA512 b91c39a222c9923d48f00213455ed431d3f4bd4adeffebe461d0844738998b016b3dbfd54740b596f3d4c06ee5ae7a3bf2c2b4f1a6ce05eeb0558f418710b025

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png

MD5 5bfd821bb546cc53dd2285d65637c606
SHA1 f53b0ad8127ed88ab7b5b29d4125a509f2d78d53
SHA256 f7f8204bd6c68916ed8bf4f12f87402a8bce3beaca724b81a308b32fde506ad1
SHA512 f9e96550602c893f6ec8f356062c7d1017af2eb55e5f9a6c9c8e1f9e4838f1f4d328b907a5ab0b2d7aa25fb50241110358f10f658e47c1a847192c1e47cc6e1b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png

MD5 1ba0bea287784df826305883393b6933
SHA1 2290a2d86c4704e89599821103ba8959edb6f61a
SHA256 1a1807b912cad456ff7ba58126b29ef74e0a0a69d654b6df004652eba0a66f2c
SHA512 f99c12bd643bdf72089a777f0816f457b00c8530e4cd1baa519854151287dfe48107df7dfb6b6f0b22938d344353be3f0b5081d0065072f060e3c0288043b70d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

MD5 3bab59fdd59613073b483cd5caf50071
SHA1 8cb8e248db8d7eb263443ad93b7191e30f51aed6
SHA256 7e5b66bed8afd1a8ec0ce2bb72e789468189b6d36b01620360cfb20fc1079f33
SHA512 ac9e544f497bd61b25d3efb38011658413b7fc3ee7177f8d8d33f4a8ddec797bff8e168c92da43adc9b8ec95c95516c5d7bf5779ca0c1858c4937df57a264bf8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png

MD5 1e65c39c091fd5772497e5c996d2b3bd
SHA1 fff308d6ccfe3bfff0ca7fa115c5678bc5a2f59b
SHA256 207e44e510a01b83cde75eedb6ddd39c4c66b666dec22ecec9b69f668a27c50d
SHA512 ce26557e271f2c36f5cbc13891a0e816d18e38af7c2746899d691f54c6c439ff981e1780c1f94a04944a02f1ec9b27d564f09c14c396256081363aec4b8f0701

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

MD5 bd2ec5aafd98804fd7a704c4a572b326
SHA1 8a7cb4f5f5364a606c719fdeb4f7800547fee002
SHA256 998b29c39a90e82e267f6d1f7a9314da4cbd63e6ce8112a15e1922077942e1cf
SHA512 435795842663ccda64a3b8340d64aa29da256d593942387a61c4404535864a320b188f73df5dc7cbc19b55ee65d8923e9d6f96cf7a23a9064c055a06af9f1e74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js

MD5 7812b44b8134119a8fece026dfc223bb
SHA1 54cbbd0f22f3efa4c354ec56c4e27c3504ff3bd3
SHA256 d5b13cb6c6429d557b71f6058ce6559c998105607e0af052e64536e529715b9e
SHA512 04d8566a4c119963e7b91019ebc6c9bd5f8682509f738b5d73956f69026daf207d45746e7a16db29164bcc31ada2acc14c86d01c88c05eb375828f41200923ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\ui-strings.js

MD5 ee6b89c4800659361f0a1ccfda1f4471
SHA1 ccec0c748e95c3de693c7bc8a812cba3d699c3d1
SHA256 4dd6cd37aa538b7b59be9d42aebc4526519f6e13731ebb611fcba86f253f49bf
SHA512 61ad7ac5539636b457728189fc3fcf95eb8f1b0f815a889845fbda5b5a5ae1477fc8ac03b3c514d75db3a2b848c0a5815aa1c8dd52f3c8297c01c259781603ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 02489c31b63be98da117399e73305891
SHA1 ac6500b1815d4157fe462d54e7b0ec3e9e7f7cad
SHA256 c9fab132e64fee5c240fcf491cbc1dd6f89b4a47acabd79fd65b9c1f0530594b
SHA512 790d12bdb1a1755ea147f2e964595ee43296b84d200cf752ab98f54f941e6f6656be373f54b4325aefc98de92096aa38f03e75273cfa26215ce2f56c99567948

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt

MD5 35c2d4f6282a554f6bb98d8e993358aa
SHA1 43a366bb31b0ebdb3df9e07edb3e7fe033caa144
SHA256 4251d5c4ad7fb811fbb9adc49e6a73560e42dcc5318338db0591b9856cfb2c5b
SHA512 89215a6d8d7c9cec09c1e554f679ae54b569c205d5af99ea0998f6c89736ce01b101e3d33c969ee3047e9aa83c213ecc9af9435424d14190b3868a92693825b2

memory/2432-15763-0x00007FF67F270000-0x00007FF67F364000-memory.dmp

C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs

MD5 d4da3e45cd172f9b26b6de87a677cdee
SHA1 6031ed4e10233760f2d37600ec334fd3c530fcf1
SHA256 685aef91e414ca387470dd6291edd7c89e87fa5e4f5b6e889bb1dd36a4fae75f
SHA512 5ec68f8c92519874ecfcb1785ad37181d66d055272010f951d8ce042075b189bb7121fcb63a58400e76be677baf50debda73cae107f9df9879a3719b8818a996

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

MD5 116fa755988e66ff7a894b08c3ee2934
SHA1 1e7e757734962fe71d67ba920263e25add2519fe
SHA256 814382f9380b9c06665a4975b57eacb95921854895b41a73808ad8ca471e2efa
SHA512 73e625423f5b07c8ddc4bce8837fc903f20d5a813379d8d6c0d62a89eac15622cb6dff3d173c39fd88baeec49e6bb9806db53e7b53104a0c28bafd8a36bf23c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 45c5608031be3ed8d5fdfb0ac5887726
SHA1 ffa229dfed0f7fe4de1ac7f715586ebe596a6009
SHA256 04489dc8b777049eb126440de5a0788c8eaaad86b5a5fe9088e75cdbf2f3fa02
SHA512 63eced726cc258b9458bebfca943d971fa13003f8ea16f4212d062a4b61f9532cfd8c40b082e135618ff86c54ed85eef3c6a8f11f24cf376a05da4c3494e362c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 84af79b948cf73b4f9f9069db1034615
SHA1 edbf68bbaf68d46fd886d530ea137f02c68ec58d
SHA256 7b9cd9b171f50266666bb4b12c4b694a5db99e3675ba4e7bcc55743049e0bc32
SHA512 21a43ac5cf3e5aefde97361b6241ec236da220954094112ee79de4dc1c7481dc05196780600e25f6eceb9ea4b25e6c0812e3b6be8b886d48b21e7246d1a17a23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

MD5 138fdf0082deee4f7465d0a35862f367
SHA1 1e23f1dcae7a22feb704ff5d1b78068298c2c641
SHA256 7170663b15a33e6bbb41188d28198a5b5f0a04f06f911c9cd77300cfbbcdc0b3
SHA512 a141b6e48327be05e7854788db14d4bdf015b17f7f18acf179579af2e1fee784377bb694074355c547ed34de6b44247be71d0027e651e7f1100612fa5e93a431

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 f63b6152fc9c13f21947a7007e73c8c0
SHA1 f278de878ef75179a5d402a8fd268eab5b74f8e1
SHA256 81e37d9627c6b78d3fe6058b58def5578ed0b57cfb1c3a5e1861248bf75acbe3
SHA512 a2bb541f58f314b217e778bb9deb1e413bdb51fc4e71b7d2c4dfce8d6961b7b89fcc547067c94a031904f9acf50dd0157a575eaa393c8f3eb3a377c41a842ebd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

MD5 36830c700f9f6f2f86757220793229b2
SHA1 bd077c2238701e4c98f9aa2d5197882c80b0b38b
SHA256 f9e3d766dd4bc0b90f5261330bd1c08a5484bea309b89cb705928033871433fa
SHA512 5741b4eafe54a1863c2b7d89bd4dec08974c42889e69e287979e7ee84ebd32a2483ae54cf7c1a1f4ec124a0fb5880133b9387455d40c68a050b209a35b99bced

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 11e11a78ad3da59a69447d27541f1ca5
SHA1 8aff2950b87ff0336e6261f00c4dac9c190eedae
SHA256 39a3b5d732796e606e604b38c19e093987461b1ac430acbad1ff0ada4fc5bade
SHA512 c6968c8dcc845647d6d039407ae5b4550391eb5b8e7bb9ee607105601ca245417209d29a2fed3ecd625ee4d56be9fec80b5e15a6d8c03e456c22bb81e246e836

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

MD5 592882107bf5bec57067783dec19e5ab
SHA1 257bcb6fabb7ac0d10a70f853a3ef8a09de30b58
SHA256 9d3a4f28cdfcbae83ec9acfe16b035e0de48506d55c3fc7fa997062dedc3d6d1
SHA512 6dd8b5bf9b075f029ada6875c2f0cbc69c549040286aadeb4bb013cafc6120ab4a2ebdb95c23e8d9d36672bc22776d338ca9f6fd000eecb04cc5fda5c2265845

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0.NBA

MD5 5e01348993ae02ae5f5660ed92cb4d0c
SHA1 26397a0b8fe1e05dec080ee5f17c73945f1b77f6
SHA256 92d5227510912533d93548bc666b73e36b22fc9b3291cefa027811451cbc3c6a
SHA512 cc4b4f4d5ade28499da6e01e03ad2aa44af2344f78c6d812aaca8fb801a775c10bb50f169ffa7abde2c3be99e7c79f8fd3d089b55887909d3157dee7e8558ff0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 5d27cb03fc90e2d62be444e1e029749b
SHA1 fe5f921f4f3a9a73d3a5303c93689a04d011c7b7
SHA256 249fd23484ecc9044c78f47e4c178d52d71b88ff644436c47a4d68609bbe54a4
SHA512 cae2fe210ce2a94f660a415570f1764daa4740b2499d405bf78eab57c039473abd2829af214c4d1472d8227bff531e43b391e5f9a219cf6f3da13f6575ee47b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 f7fdf0d80b9c9957bdfe8d41cb2a937c
SHA1 04d1dee67e762b69739e9a1fa75dfec02653765e
SHA256 0e126317e670d72009a6b64f5935a6dbd1b81048ad32b2ff3e4617e1cfbf4098
SHA512 8895dce40c66d57d0be5bc79f2df1d991692afd1e0191132db0f5b13e11acd8d06da7edf04b7e418bc9f0d768a963c6ab48817689dc61e3808fc85787462f61e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

MD5 35346d5de786e0954610734dba1ad9b8
SHA1 9f9eec178655b002565ed3230adf0efcf7d9900c
SHA256 a69d67a73c823e229695006d518d8a965461f6b86f695f5d9c3a8a2b6567ec86
SHA512 a35cc208426c00726c9639dc3c5da3b057cc1c50441dfd6476930187d30416a61fbe00bc2677aadcaa2caf0e05f2f276d89167427509ab69ea7ee8d1691e93ad

C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

MD5 d6eca2bb2c0688bc4f4af488f29ec493
SHA1 6b4ff23922ec52d877191407789713e014db602d
SHA256 5de645137aa9d8a0abac868d6c961a97a3d9a3e7e9c63fa086620c793a5dd71b
SHA512 00ea25ae8911213912156165f44b8ada3009722f5eb90ff3a65da226f127f66400a3ac001e80a50795f2547554329ae0f9db58ff19593da52a874a6b769d158a

C:\Users\Admin\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat

MD5 b6150681d24f025694cfe0841dd76bbb
SHA1 18578e4229f66e98dcd3e1c32c33df5b14084a46
SHA256 cbee8d246d0f76a3a5d7f07e0fa3ffaa28a4e3719aab36f23e8f1cb7c9c1fd2b
SHA512 47e3ed590ecded90cce6fb7c83aa9498ba3dfc915804bea865428c8c9a6a090f59490afc52ac7238686307d7ad268482434eb08d1fa2f434b0d4d2a771615f15

C:\Users\Admin\AppData\Local\Temp\wct3C87.tmp

MD5 beb4ecf634f7e84a08b054f1599435a6
SHA1 08b7bef93a8701e11f1c22e26acbbd9897ac2a60
SHA256 5919deade0d39cbffe1454bce472d38b036417f24159eb790898eb7e01f65619
SHA512 fdfb8a571fbce8447832fc2e2f7600897e82fe29555c054e9b634e5bd5eee50a7e29baa3a6bd3246fa9e3f42ebe43349e89d95a9bb1d014c33e17fd96632ce48

memory/2432-18619-0x00007FF67F270000-0x00007FF67F364000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shm

MD5 dc1f7174f9785521bc19d10949fe06bf
SHA1 fd05196ae32f3c926ec530048b0258b1f5b23ea9
SHA256 3161dd9fbc30bf0a432aec4383c65b99e34b6a5e264a9928681d199cd82dd173
SHA512 a7e3bfce540460405b0ad9d5637f0d10b0aa54f59713c9ddb7bc0a477cc10702ccf53f751ba30a221299ba591d67f7cd05d0305ca7d4ee3ca085b286e08625aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 f1839783c787a26b517809653992195d
SHA1 fe4e43652b51f85256ad522d6906c1c6790e81f8
SHA256 c77c3e63960322b8e001c26c2017e00f06419afad0a23d81e319be4d576ebdcf
SHA512 77e83cdaf96c5539e2ecf860595445de3e7aaad2ce428cf394e4d88cf6af79786e34dcf32411a405efdd97863844827640d9faa83cfdc483e9a511a3a26d1b37

memory/2432-19330-0x00007FF67F270000-0x00007FF67F364000-memory.dmp