Malware Analysis Report

2024-12-07 10:03

Sample ID 241114-cqgqeatblj
Target 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe
SHA256 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27
Tags
credential_access discovery ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27

Threat Level: Likely malicious

The file 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe was found to be: Likely malicious.

Malicious Activity Summary

credential_access discovery ransomware spyware stealer

Renames multiple (8558) files with added filename extension

Renames multiple (7817) files with added filename extension

Drops startup file

Credentials from Password Stores: Windows Credential Manager

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Drops file in Program Files directory

Unsigned PE

Browser Information Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 02:16

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 02:16

Reported

2024-11-14 02:19

Platform

win7-20240903-en

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Signatures

Renames multiple (8558) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\LATIN1.SHP C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13 C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Common Files\System\ja-JP\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EURO\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOCFUIUTILITIESDLL.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTL.ICO C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\LINES.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDRESNL.ICO C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\ECLIPSE.INF C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURS.ICO C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt

MD5 740589569b04d248a322588a6a3ba703
SHA1 afa81f06545da432a7e2f5d32574ea8dc17f3f53
SHA256 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410
SHA512 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d

C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer

MD5 596c95ce042ed68f51987a68abfb3fea
SHA1 981a0a5a6250dd8b01e555324a403710ff9fc006
SHA256 23a28a84bc86cbfcf476aae0297093cec09d6674ba1d9bbfddec43ad170120fe
SHA512 21d7840649f1ab6e5bcc0421f06e49b6f9fa6cf5a9dcc028c94e43617382556fa35bed3ce395abc7f3e9836875f7b078e1603929225344d0ee27dd42f80309e3

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

MD5 bc630eb00a4f74a15ddd0a128fbf4874
SHA1 4c75f9ac3e5c48fb81bdf2f2e1b44eee544f479b
SHA256 b139fd53dc3ee127c73f3d085e03039507e144ea93dcde000c39689d3202e0fb
SHA512 db8861e668aa4984e987bd5f2b803506441424d3ed0a17f4f74e1befaaf567ad13e9d6f3c41f652246013eb5bf63bddaebbdede0ad7ad5193366a2384e2f8ea5

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT

MD5 fadfbe76c49ec890dd656a8d0bdbff1c
SHA1 c9901acff2dad088157d77a235f119d19a62d522
SHA256 55ec3bfc06a19b1ba759e9fbe388faac2a89240040953fae959e00efe77b7439
SHA512 4626be9f4cdd7ccc3d5a047c61adfc6ed18aa71b4e3499c86d0834e6a6e11791203610208df7f58c708bcbdb9cabd55b390330a99e66893ae8bd256d1d66f572

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html

MD5 b3d450347fe900717a988fc68e450089
SHA1 e008d185700dc4e36bca65576484d031fe786488
SHA256 c927f96e8e66d50af03dc4c7c7b74395670144f38a17a232abd072387b1be6b7
SHA512 26af9a8bbecccb65d7ebe7ec69d802620dfa1da535f6d62de1b270a6bc28fdf377364f1a99409fafcbe03ea2fb77a6ccf4992bb24d42ec0df4d86c7c6970d227

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 d9480a7cdf4a95d05d747dd18e91b22d
SHA1 254539d0724faf3212b293910b85bb2f26144280
SHA256 9a772717e8a6f02b609c5696cf8f7314b6d5c0a53a9b7007925bf382a24955c3
SHA512 2c6be4d23a0bac053888aec625bd92a1e0515521938ec1ec72a0b874a0adcc3dfcdaecd9f25b28e2aa2a02b4edd72804fda1ca4fe3d4a41d80bd2eae89f48890

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 e937801392073efbd2894c0c8d49e447
SHA1 af7654c87d73ced97a86716674f5842bd59f4f35
SHA256 f19824edec9482064d1dbe759b395e91cae9b2978d6a6e0bc94df0ce88033349
SHA512 8b55e0714439a03e087703cef29c9a2ea5e3c34a78141d33e71e5514e5ef9e124295c002695676f8bb809b0f2188aacd6f7370d0dc1cc82006524d83743a8142

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 7018219e58a4414d2fed182b0c1cbe1b
SHA1 f2618ce7e99b1118df6358423d828a2cfcc182cb
SHA256 90286d6f593c51da4ae6485f5c5dbea6404048b5664bec21d6bf806c73e62c64
SHA512 dfd406df50ce42bffae72abeebc81d6d282802aa9086aad6499135c3aaf9d87ed2607ae0e039f0a9b6e52a25d4e542c82a247b38a4e8c1abf4d562450ba9a1de

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 c2860a8961cd70f59676ffabd661a46a
SHA1 d7618489f6ed9e621374b3765d8b96a6ac040b0b
SHA256 54972c2b13568d3e0c8084abe7a74e810e1bf3ba15a6c7f9382879e06ffefd80
SHA512 b2aefee0da64ea531ed13d3ea21511a6e8ee6e4798a8f8e6c15ebdf627864951ae33403045ec2e82c62314720ee535e0ebb9217f078e66941c0747c3efaf0e22

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA

MD5 89ef26415c167eeb88c517a229aea5cb
SHA1 3688b760d20e30970eadea5e75e4ab0200fc847a
SHA256 8a958e5b72d2f681ea2c54b6e154d83c5940b39ad4afa130e168daeef2cec257
SHA512 716c915f6990db33336f90248d648cac4e890a2c70d9d896acbfe7b0ddf632e7eef27931c43aa849b8c1b927ec7792b6f8b1dc7fe0165316eb7078ff43e49910

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

MD5 1df1aa3fbee5b3bfdb0b455f2999d175
SHA1 18fd34374034e815b7157b572e292c91156bf682
SHA256 3be5840be95d553090c9eec49abafcf52219fe589eaf34536e71274bfb12560d
SHA512 8951624afd581738057b24a74b252039e488adeb8fc47806fbb693182fd6e6b3e974181379127ef1fb9d44aedbfd316e17d421cd0fe168751bb87d1eddf46d6d

memory/2504-3688-0x000000013FB90000-0x000000013FC84000-memory.dmp

C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 1c2ba2985218421af45ade6acb4942aa
SHA1 2a5bdf7087de82b8fc948c52b98f66603db714b0
SHA256 6124870ead7262746b6dfdb03fdf99904b73ba720425d23f88337f61fb3a7c35
SHA512 72297ee4acbaf7164532a94ceff176db47c646f03a6b3e7cef9301ba797da77526b7341964614499d7a9c58419b1a36b04496e0100db81d2fe17f287ef40ff2e

C:\Program Files\Java\jre7\lib\zi\Etc\GMT

MD5 eb69258ae793774b1aa0a34bd5e88de3
SHA1 ff364b39feadec91705f0ba3c5d114fa1f9039da
SHA256 9491ba6641b30525483e41a471ab476496cdfc616a3cf9d4520216a97dc0d5bd
SHA512 bc116b591267981b731436e9d30b164b9951cf2bc90f4b1ca2e012e67fcaba106a00bb954ea6f91230aa3f12963acba2b80b113945956bf6da43a6c041094fbc

C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo

MD5 1c647b088183139884238eb9582f5be1
SHA1 87ddacae1c107dff2748baee274a671b0aaca3f0
SHA256 ecea0db5ffb0220d81e8f1b279251b8dacb0de740752879acc35ae4e54849376
SHA512 2a369faa8b7b3f50fa8f01ae07ac09e5d09627db68f347625305b3fa0c195593788fdec0d0371dae01f31ce63864e9226b5d7e46444c9262ae00d5a51ece5c10

memory/2504-7358-0x000000013FB90000-0x000000013FC84000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 361e16d86729e35ff54ce946705c3917
SHA1 a316ee67d2164ac24549a5e11e9098bcf04754e1
SHA256 8f49a55d9e108939ee6aae5f0c1b25b6451a1b56c8829f17ccf85312acc6bffa
SHA512 09661c895140b9339e1a2961d10ecab6d144c17b9a4c622badea65603ea19709a201c157c25c341611b832aaaa6a945b8f70633c5041579e9da57215283043c9

memory/2504-9999-0x000000013FB90000-0x000000013FC84000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 1bcfa5cd544151ca8a7d1beb73c66e30
SHA1 6f04d2106118e465e13e6564f90183c5136869fb
SHA256 b4f68a99c2a569ae6e8fa1fd8adacc9252390aa967f04c774f6943055d24135c
SHA512 2f0ea77c1bc9ddcbfe6f6ec442943af503aa15b89e314160c95325fa554889e0977db0e02f310274cf6d91698b9bbdaa089d878a13cf3e6e6c41b7da5281613d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 556c7dda6bafc31b4379112aae7a51a0
SHA1 d93981b983d7ae290c00ef69398e43367e1899fd
SHA256 6132c2bf14aeaa2a9502d25907edd1cd087869db05de19b1d8da504c14e8f93b
SHA512 2af2e2c8392de22ea88cc0ba89222be1f627d712ef93f1e8f0d77a7238abb09ed512ac9ec917810214abddd387de1c6fc62d9414efc6fd8b8080528031d7b485

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF

MD5 88b4ac008247d873b085c2b79af09391
SHA1 9196985c7a580903e6256625ab75d83d9202fe20
SHA256 708737729a910af56be5b7c950ceb0f9105e3d8a8fee4a83f597565c297463ab
SHA512 7bb559c297e91e0c18561db227622f9cddf08b008afaf5215e602ff4f00d0089791c595ec6807e9dcb10d486e4ba3b6cb11873dd800e908f042ffb2e74b8167f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF

MD5 df2cd47749b283d16b6b882ecb29e56a
SHA1 b89a635f267e7f875895bf3febf36b71ce05157d
SHA256 aa33c210333af8ae64f871229476e4db535c8304b8d4645174cbee8c1e362ec4
SHA512 6a2416705ab88cc4eb2999a65ce46e59ad649aeaeaef53efc579b791930ad6be59dfe97121c4256b4c745264e1d937a9cf8860d1d87121bf097c230d6405f691

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK.NBA

MD5 0e540128c931c13c5f4350c7266d4073
SHA1 7f44d18086cbd616cb19a74e483a21e0adc50280
SHA256 b73fc33083eb8ce61577ef3f8c164fd6ee67faaa6ea1050508eeeb0295cc2abd
SHA512 76e56c3cd031e093b816df6affaa86c513391a2e482e8d12ad41fc299f4372470da19f2f1d6e1b633ab2c9636fecf3c4621995620d0775d573e7aaa9285aa242

C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK

MD5 9526123ca33aa95b8ae415961cb4f04e
SHA1 6a0df1301fd83d09dece23ace966b1def2884c55
SHA256 34cd8b508f42f2f16966c84a731c358b4dddee3a0909ea53d5f1500c22e57ab1
SHA512 a3491b8d788b5a1d8528c6852e582ba2f3848a0515626d41591cfd1362ff1d0ddcdfb18dd44c1fa33d127d5cfa6e334800b8e00af91dbe4df12bb7028aa47b87

memory/2504-13696-0x000000013FB90000-0x000000013FC84000-memory.dmp

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 01c4dcdb3b1a926f106cb1db10e92981
SHA1 6aa5b99da33a2a74dc4f248cf994d21b1467d03a
SHA256 f6d1d24cc9f818201bbcb831b0aab30caa0f04715837e93d066b26300c4e1067
SHA512 76d297f934c89b0bb5f8edd1bc726a4e3b187cf18bd1b451fb1917bdd1ba4441ab1cf672366f95cf45b00e192b87871dfad81a866991b37acdb30ef29ae7e4a1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF

MD5 da812cae8f757b8c1f8a5ab4a17a40a8
SHA1 88fdeb3f18b1f2422ca37bb6c181327b16d96fbe
SHA256 d48648d539f77e01061922021922cbd5d0266b0145271e2c55a3774c361f6369
SHA512 a79e7510d3059d97d09387a32cbb29901bf98619ea1378ed60a6f48b7122b9c432ca4907c886a2acfa6985eaf8c54023035d97056649c1d80633ee31c62cef3e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF

MD5 e15711e520935b8a6c1d2d772e1d6c99
SHA1 1693f7f0278a0e699a70edc44debed8a99478615
SHA256 1df367afbff4fc512937b85a5b0d57614ddb62d75e525601aec76ca35510d3d2
SHA512 64dcb5185d98f4935e13a97fc3664f43ffcd36411c0055fbfca46e81a344093d994e4d2bc51e900b4e1095ad2e2f6815db5ca676eca7c11738850f7e98e05dd4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF

MD5 3dfb9fa1f6e2c3bb7088d2bd0607e8d4
SHA1 8d5577dd2a9fb8ed78da8a4e03daf92adaea90d4
SHA256 677c37e3eda47782fbab8dd587923a73ea423f6491efc28d2decb6bbb835391b
SHA512 937d96b2893ef14b5b9b8f21f60e47bc9af4c5840a77c99bc2a6d8c56222b026726b13d1f10add356739df426f7d5c3537621b91a0e65ca93e16f360ec311dbb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF

MD5 2cf371017151ecbae0198167d3d03631
SHA1 527ff60b0d078bab9ec0e8c0d53c2f66a734b77a
SHA256 7528e1de85a0fac32ca91fd44efe93b4b00d4035b25d23d49ba111ac4daae50a
SHA512 5c493f741e8693a724678a9211817734b3c0da31a6b077c3660f2ade4f48bf21a50ed26341e63cc00c64514253973f2a4a1bc94136cfa72c9dc97e42ef9710c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF

MD5 e54e4265734843c9c22e02395cb794a9
SHA1 2a2089579f83e95a736d8e33d29c131e3aeebcb0
SHA256 1a8e86993a3eebcac93e724286b280e75ac414b983520b89bd7595b21335fac6
SHA512 229843f73bcc82cd8fe8da30d79f8c420bde0f4e4c607b459c1febb0a3a8ad0cf1f44e6ec67e3b7a30fa2e785893354c1c26b47ed9ba4dc6aad6dcc7288ac0db

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 d78b5aba08f454df5ac7d3f7744ddccc
SHA1 0bfe0f3f0cbdd219575a4d54c8b85d2147da2a54
SHA256 2dc3c534bbfb646f30333b85f8ebc1873977fdb762a3376e32f7d6289264632e
SHA512 d001489b070f3a77caddbfb7af5608a630eaf3dfecad63af78e214c7a7f52cdb7a611d7b80d6b4fdb06843cac1198a8452a2273e1dabb9378ac5a6938ef17c29

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 abff9f75eb8c7ff1ddce9e4483af0aa6
SHA1 e30eeb2a8c7af936919eb30d46f6b412e269e3cd
SHA256 f5610e9aa51af74502a872147d2f76c9ffceba71ee6637e8cfd2f8a61dfa21fa
SHA512 7b730db447928e43e3e66f5ee501330b5f8b2195cc5d5e4aeb2b7052e074a694a7d3e5962e0cefba116097f69be023ccca60cb7172fb38ef0c3b0254ab9b19b5

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 1aceb4429f837a0d186cc896b9ef6c36
SHA1 f1aaa332ef18566112d0d1457f09207605f993ce
SHA256 5078c6c0c6489bcec9814aa52969586638d95d7f306399eb9d6a0376a5c76e60
SHA512 7f78accd986023cd30bed28cdac0e4ef68c4d3faf0160e4d757c611bb9d356fedc9106bfb7fc75f96800fdcbecc4a322bcd8d2bbc02b0edf44390d9ea828bf4b

memory/2504-16839-0x000000013FB90000-0x000000013FC84000-memory.dmp

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck.NBA

MD5 2569d9b03f18313b684756be26ad654c
SHA1 aa3b419dcd0aa9af5a4fa3158b38698beaa18642
SHA256 97fea2512a57d3a7cf839a93815eaa657d9bfd984a37cf787ea8f3aea9ec8c92
SHA512 487d0eef75eb4bbbe934345298a98bc045a5483b3c0cb0bc95dd019640a127c8fb46ae68eabc0ff13bdcc2774692633338d4a0858adc6c5f19e81ae5853140c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 557c386145ecc8e4156b8ca169b51ff6
SHA1 698c7095f73a2528584b19baf67052cdd737f10b
SHA256 dd25be9f7c107aa0c5fa28bc42eb45f41446de19d2bfbcac5434558f84feecfc
SHA512 6b7cd616d3ca575f4fd895c2d7095c077eb82015ee58af143b2158f7460163409a2814ded9132473859a5c3eb29f7a68630c4c6338e9ecc69dd9ca51b45e7900

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 d97a7b51d0f8416cf5c04f5af7cfe262
SHA1 eecbb4812c6f185abffaab84a047beffeaf38672
SHA256 3a69f1b9f87d4ba62a19a4341684912ca51af07d3f5889a10eb6ef9fa0fb2d3d
SHA512 3df2e3696e2dcb56faff16e5d3c962a952ad9f3cc856f4ea9d36e63e3f0ababa0e88b73dfb132ecc129b02c860f62220cf1cefd0f0c1852d02e606feab367068

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms

MD5 d114cecd2f867abcd8aa13ea743641bf
SHA1 e629ac834534e92bfc8987e466f325c5bfc89040
SHA256 1ba0537adf0b4c2b9985a79e883e8eb70517d7c06a75e1fbb31cbd0e29787a5b
SHA512 c711573b0bd26c1397d8759622c6286423250b00e0aa207d7a71d8432f659199557eac0efcdc6054d33e901c5f70cc3982ef4fa3df05c4810aa8cd38f44f1e56

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini.NBA

MD5 6a463f5cf0cb1e5a18a52de9960e8a29
SHA1 8491dd0d7561f8703d1ddb71c09ef4a4f7a5ecd7
SHA256 50a17669d7eb6db13c7d0dd00413fcb75c3a7aef07eff0de206a2c95e1785f84
SHA512 ac3fc3669bdbb9a764663303f5cc78c1fec3fcdda4b9436c9d1ad03a320dd2a3b2dcfad104fa6efb502d07a16c839f53559e27b65aa8ba0bf1c783e9173dffbf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 4541ed02f2a9483413f1e6bdd6a735cf
SHA1 136cf894688c626e3fab09918ca153750d09c288
SHA256 1c234d0fcbe67e23202735259ea6a056f389337c99d30db58d77c458c8a48455
SHA512 0823b8e701abaedb4ee94a6f0beafa112b703e5775e8edcea01ea715c9e73c96351ae40329108344a5d522f424271878fdc919b166ba6b1c81f39df0e9c12519

C:\Users\Admin\Desktop\OpenBackup.xlsx

MD5 1328c6ecbb4117df3d2ad8f888327f14
SHA1 39f161165e1dc7d38d86f8da7c69b6fe46a92b1c
SHA256 839dda8ec5f53f3becabc065c29dfa30e75392c99544eba8e6c7446facc1d3dc
SHA512 11e75b2c822118fcdd7d70d1e3840716523834b1d7263d2dc66ae037cf3c3a6f26ee205f01880fec164375f2faab9589cbd8262d0af6226726faeeb86c25456e

memory/2504-18894-0x000000013FB90000-0x000000013FC84000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 02:16

Reported

2024-11-14 02:19

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Signatures

Renames multiple (7817) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-down-pressed.gif C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-sl\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\classlist C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\exportpdfupsell-app-selector.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\manifest.json.DATA C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations.png C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\sv-se\ui-strings.js C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\NAME.DLL C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-sl\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\SmallLogoBeta.png.DATA C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\he-il\readme.txt C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe

"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp

Files

C:\Program Files\7-Zip\Lang\readme.txt

MD5 740589569b04d248a322588a6a3ba703
SHA1 afa81f06545da432a7e2f5d32574ea8dc17f3f53
SHA256 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410
SHA512 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.NBA

MD5 bc630eb00a4f74a15ddd0a128fbf4874
SHA1 4c75f9ac3e5c48fb81bdf2f2e1b44eee544f479b
SHA256 b139fd53dc3ee127c73f3d085e03039507e144ea93dcde000c39689d3202e0fb
SHA512 db8861e668aa4984e987bd5f2b803506441424d3ed0a17f4f74e1befaaf567ad13e9d6f3c41f652246013eb5bf63bddaebbdede0ad7ad5193366a2384e2f8ea5

C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif

MD5 5828d1de8490d00870eee1d629536aa8
SHA1 eac6dfd244311261292f4176565e6b7f6ca83fbc
SHA256 860bfac8c72c28d4d47b6874bd01a1cb6e4554d742f27638fcd48a2f37a07d05
SHA512 173722d84dc6408d187412a1bf1f425b8390db765c3385dde15c1ca02aebfcaed74d995eaa7409f468cee132341d3e6ce8b7cef6438f1adcd78a987386039f41

memory/4972-4427-0x00007FF614D50000-0x00007FF614E44000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt

MD5 531060af180ae2349f980ff458455f6d
SHA1 bdfd759a89bd805dae00b2afc0173d80d59a3adf
SHA256 a861b8f97961f331af2fbef420491e140d38e13e0ca12e1d03068e70d3eecdfc
SHA512 5af4cc7f5af8ada5a08ebf797eb3a43d831ca757b676262b7950527f944b852e045fdda212ef934d1befe97c40af776a1d9a2c7b0281857b9ede999851a5884a

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 9d9ade423328187a893c38870442eca4
SHA1 d41e63d1398d1136e9ec26aa23746094d40b8f6a
SHA256 dd854aff13173373b892445e882f88598eeafec594c7b23ab1ffda23eaf11451
SHA512 0cb980157dc6a67d9cc17223be9aa7835a3ca92fdca3ab9e0ac76627a13213ae7c5d1cf095d7b1e5d4dd60088492a935f89dbe6c2fcb6eac897a6325eafd3fa8

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 d7400440e0a5a3f598bac9b860905653
SHA1 bf2536c8e7f72da00c613059a264889e5dd1d611
SHA256 1d68146e76eade33798ce73ed20f35e4bd6cd8ef57620c6e8df94df4f0645c80
SHA512 0e9787ebc6e8daacdaf52d41a100e99492190ba5f96c0a16a5c2f2d5d8e8ab128703230956ff979b71f34c0e304f401d378d8119a617d8e3bdd01901ef44935d

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL

MD5 8d3cf541c2cdf7a82bb39ca0ef003ea0
SHA1 5b0e23775ad91e79ea34619b5dccc16a6731955a
SHA256 81858ea438ac91f8c67fcce69ac8e01ab2b09d536cd11e9a7aa5a147f5aa2810
SHA512 dba7ece30b9e8ec227b747b98775334069d49915a2b412fbd0b124c2988ed6be37cf6d71d4b373050fe70045c51d3ba9758c865761aefe2f6a873217147a1c22

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub

MD5 e40411d36272d888c4bd25db36f4bd0d
SHA1 3bdd77fbc7c852b9fd85896d4d8e3fad63879023
SHA256 2a3da4ba7bfdd23438994e057e2beb09f7706ad57fbd6745a0762f144b32b239
SHA512 9bb2882331378706f3c27c106fc13cb7b933bb0a74e7f12ad0ca41ea9af2d87fe96df7a1bea838fec7af1717abf2c86a2629afd47702172ac491478247131e2e

memory/4972-8894-0x00007FF614D50000-0x00007FF614E44000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo

MD5 35ff364dabcb965f59de63f98e6096db
SHA1 60ca6f99e033c2c89f783cc57b1687b430f5b462
SHA256 2a57521fd00687049710f932196d225f6083b0d9c1af709636c6da872dbdd11d
SHA512 9a366f09b491affa4f6bec36c221dcc344de68a6acda53f46b4f691bfb8fe3b66785ddeda3958ca8b936c270faed26316bd23cb483e299d0b885dec8767772d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png

MD5 f40ec610bcd152bcc22a2de5b6f7d149
SHA1 041338ffd911454c0969935a9a1cc394d9ac7942
SHA256 18d60026b347b9abeaf21dc12b3b508e0d21ca8bad3037fc272afb58f965895d
SHA512 5148e5adeecb1b295e1fba8ec456474521247350c7b91496ae862f9efffae1989f010b001fe09f12d61367ad22f38b5549203d9f16979c519736c0970ba74fae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 d8b27bf321982c7b5d8e80242a7f68b9
SHA1 b48e3302f4c12dd2ec1a1df31f7ff74f4351ead1
SHA256 f23e734bd334485591a82b68db20b8da2b2ad40934ff0f0558698715d5c0d3c7
SHA512 c01c2fbe2ff13d99982a6e806fe28e301bb925cde75e2b5144e62c658ad1694d5d838fd7af014f0e2f0079a7e8734ee0683ba6c325bcf05e1f6a3d4f5e5398ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 5b0582a83c6f2704ce93ac90bb491ffe
SHA1 5089697bf67d91f5a4f63388e33ac836411176de
SHA256 aed598926b352b745266ec68ce44ecea849099cf9393c05acb74de36101aff5b
SHA512 045b9cfc5b0262d689d4ee7dce48d79dc63debb51ca01932244ca6e63a0e644bb27ff301f3d8519b65c2dcf3e81ae02e14782c2397f3664fc554b6bbc61207fc

memory/4972-11781-0x00007FF614D50000-0x00007FF614E44000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reject_18.svg

MD5 34affb58aa024c3de71d55c98c5ba7a4
SHA1 da17b35537c65b053cd6f9a69b25553886bffab8
SHA256 1e335af68501b3a4783f464d05bdccdd6200f1c71ab7458723fea80f23a4138d
SHA512 8940d90687d5301a56c6fc9ad7b7dcfebf9f6ffbfdbb74e018c17d633e97be9f1ae1eb52c20f890fa204eb218f210bf414f7b8a7b20e123c86897b9608096a41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

MD5 4b34936ebe47e28df116261470a3570b
SHA1 f0b25112eb1d26b47f21abda36fca858603e10ba
SHA256 5aabd5ab3a1b4cf07accf6000062e168d06938994ddfae785b789795ef66c58e
SHA512 3f4d20cec0d7182073b04a476a4f2ef1b605cc27a576c706977fb504bd95ec6a1a420e08172cfa58f753313b260da4de09e34df1ab5c4eeb026549eaab8f9fa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js

MD5 b2ffd9ffb5f346e91e963cd078948f3f
SHA1 a269f2a945dea6cd3e6c5d5bb9170134fa649e16
SHA256 c4edd97d8874d5e9a03b75ac91370075abac1ec93014fe9819a2b0ba9b532573
SHA512 83b787b9dde0b94124f6ecefc879bd5f3e134341839a96d6b3c1fb6bf4014a340d5f9f635a9fa619babb873eda2e7b4cbdf0636e774089af79d2e640cfc6c3a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\ui-strings.js

MD5 ba0d1f0daa7b091fd2ffbf45a469b34f
SHA1 17da1c1914566db4420a29938d417968653954ca
SHA256 c3871bdb475e21ebccd928abd60522a2f7616dd4bf1908a33968a18f65751642
SHA512 a620bfa5a486e5e75acd68813f17da57ac15e1e32ca52c5dee34d090566be1db6df04baccda6c0018d8176015a3915ab6cfc298a9cbcd988f3b68c961112acb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 695eea897888b306eb7aae90ccf24645
SHA1 c123bd3bb55f9070f8f0c5cc10701b6e6f9c0f2c
SHA256 a33f0b406d68f7628af7784c0950ddad772e95cefe31a2a11f1ab02b44a525b5
SHA512 1270116d0bf916cbef90b05ada5ce9fca9c6887167fb6fea7398a0367eabf3c977f2abab4f69c8c92f3690fa0325aad1a41aeb2846d0e1d2fa8c9adbb8061688

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\ui-strings.js

MD5 539bbc9e2fc434e3bc33dea0ea69f7c6
SHA1 53b37c4f6cea1c2eddd8278c9b0d2393c356f2ea
SHA256 ed56de15f302112d10ea9dbe9df1990608eebeae215d79dbf41b972daff3b1ae
SHA512 e1ad8ac31b3d45f4ef666f5f7c492555b739dc3cd8fa6f7e7fca54587fe6488640cb8f40f10b8a261c372578e02ff9db13c2ec64fb0a1cf2f711cabf270f14e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js

MD5 de4c57dd9b7fcabfa2c581890271197c
SHA1 8f81c80be092dcb5b5a3a98ca6f50ae698056191
SHA256 1779d6aef411b667f364d99e13965e0afe6729dbed75e0208aff65bd1acf48c3
SHA512 e8f8e6dbc650ba1e8deb86a3a563c74e1d8941d195cc693654824309d1252783d88a88b740cdac4af83243469a7b34cb9a4f38ac609013589ccbd364de3c7f47

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js

MD5 a3054ea624d6771fde215e2b1161a0d1
SHA1 bc5cd84d9717902adc7a1f1bccc4783b040b6708
SHA256 a35c6d7f3c19f956f63a1af586fdf077119af6bae61d8078e359c9228da635be
SHA512 755707bac219653fa34bba2e40341bc55e92b45d50720c2c125776b27b91abc538599461992826b97df5e7ce5a2a940b42d13081159694cdca57022948155710

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js

MD5 92f0e003bc80cc2a7f02bdcf4c2b515c
SHA1 c003c318d2918c83512ba098d5dd3c8f456bf649
SHA256 f65528db5d5be67cd72bc6486789be727b7900e151d285650a014ba40443262a
SHA512 c255813b9a754667c819597e803c8ef8eb5b9f43b94f87a6724459a42db63af9a53fad2c340210ac236ef5d7dacda202320adec41e51ed8ec6687d61fe3ce546

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 47377514745769319de0115b9c48d6d7
SHA1 7b0aa6d33e93e9a9f035bde5367cacb189976e32
SHA256 cbd8875ca85ba308675ec795c655bc1aadaab2656a3e0f32ef1eb5054a74e564
SHA512 16a1ba053131e87c09de752f9bbfc5d8a0efe27cf9143d4f241d398077941066009653ee0ad08e9541bc46def1829cdc26f8a4b6f484addaafb7f8ed4e78cbf5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\ui-strings.js

MD5 e78b45154c35e4e4ca0fc1e7719ae15e
SHA1 b3562a89329ee3fa6280af7d118d51b6db1a6612
SHA256 2cf649457defdedbed9b4724cca8a74b71a57cdb5c44353dd72ae896414de955
SHA512 5d4d5f7c7f1caf2c2ca8a049a873b546700b37e61896697de7c4e6d236a54069f2f033cf9bb296c2a280a960fec310eb25b2239b57aed616fb92c1271d966263

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 6b87f270bc6c98d4ea5e85380e3a3163
SHA1 78cdc4782e1399d5461bbcfb62bef4b05cb9c27f
SHA256 d17e9a805a2742b071df72b46c69b4a780e5a956cfbbe94ea9aa877b8bea3809
SHA512 d75bbe27a1cea23621e1dfc8e5c9831d8514e35a90732abf689ba6bdb9b956dd2e686d9dd1fd0a3cabc4ae861218fb1dc0dd1f4c01089a8314d5285f497c23ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png

MD5 3229aa5130c18339db9b04a7b5076a51
SHA1 525d790dc32392e4998751d396dcf513d97efdb5
SHA256 f1d2ba2baf436054d07b361bdeaa8e1e431dccb30b375479c6937469991bf3ae
SHA512 23adf453555c33c8d1d9ff1b61407164e6d24d1dc20a5137d08dce05c2f3c504cde135a035acae42b96bc78d05c946002c327ab6539bfbd6cace5690697588e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 2be2a9679d577134dffa56f0287c3476
SHA1 f1c72a4cfc76300660f7fd520274ccfb68765444
SHA256 3f13fbc6ddbb069fd04e932c345851d65e28e281b7530ba984e5b14a4627e21d
SHA512 f902f83d30befa21349cea90f4a633260b71c8cc4d5c9d39b81388ca34270b3d7c6e3c07197fc3a4fab7a3038c2a5f486d16f34f1dec958d0700df2a5aae5e41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js

MD5 03cd570ed9e8edf517b616f385ffec1c
SHA1 471faf33791d35e10ae6e1971f9352af3a964eb1
SHA256 2d549465ecfecd6f7acc061adcfc9f3ece8da3c547ef0ec977076399c4ad4460
SHA512 f3853de01a1bb9e1dafe5453598af1d8ae36d997d1629351cc10ab8128d9364e0430ce1c1146f103c49b39a1f757674a2ec1d912e168f2e886d1ab329cb5f806

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 50c7b187421976fe6f7798a49519d6a1
SHA1 4f6ee3adc69dc0e0b669156118d6fd75063da3cf
SHA256 1c197af84692e0b7c309afe072b611002ff6e6d85477622217b83246b03be94c
SHA512 20e7dc9b41fa88f654ffc4854c0007df9381bcea92fc3d9bc9fd72e9332868e41b75ea1484656d98dad94c95a3c2e6ef889666ec420bd2b1398aa98bb8d2b2df

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png

MD5 543ff2f09f5d7b16fdfa478d8cffed2a
SHA1 1b8fec79a5eb25097de0dcddc176a949f105a540
SHA256 4cda4e0c93f245080322c424058a330ac311b14fd0c53a69611b717c1bbbe65b
SHA512 6a61c4f2d868ce99e1210e147c282c1f63b6a5383d04064b7d11fa91d6174cc6365ddce296d7eba3776f1f68fd8228d096e5811d1e44ca6834bd4fe3f4656d4d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png

MD5 b42149cc6c60859800ca841fef330e00
SHA1 9c1df86a4f961b095ba0d680e4a9bb9b75ea4f54
SHA256 03b8b269171f3c4b99bcc8c8de5f3259dc95f8324f6cd632dbd6ad58e5eab2db
SHA512 0b7f89ba0dc1fbd5a70b9916d9fc54f38632027c8313aa67c2086b894811e32f1b60a552ba9b642dde54cbf731fb120414d6088dd0c71a15abdfe5d4a94b25f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif

MD5 51a0bf5b68a1db31f2f92d487504326c
SHA1 9c5db32b9873c5713b99f005d5c20c58c53278f7
SHA256 16f4e282a6a37498d172ed44ec5d8efa2f1f25d3b926f0b5cc7be582af4f77a3
SHA512 e0bbdcb751dbf261ab0f8e5a8a177a3604e362b1ca8a7a5a383382c900a67ac90fca9450f5203e6883f1e6787f15297011bcc6873edccf63d0f415459cc9ee5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png

MD5 e3903c9ac3c027f30e9961a30cd26f2c
SHA1 c7a3411405217bd43e163d1bdd8c321efbe8b485
SHA256 911a172700a5655e6203ef62901957f30d47d9479862e1a925cdf26a2b607c9d
SHA512 bd141da90633dd5d341a26f71c2209b21fd611112881d3586bd664aea6878edecdafef3048085cdef8cda98d7156c2dca036e51d570d845011a466c6c448b9a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 b60c1b9d5a7ad17f30e4594789f6ab32
SHA1 46f57a69de22ef378d5d9e362c91dabebfc0d319
SHA256 3fb7ff43d5c6b30ae950bd2fefcf47dbc0bd61b71034621d8220c767212bb5ab
SHA512 3728e3585384fc13c358772da8a77bae355e205552a1826c0d22e32db08c2726256394c10caccf535bf69f9b8916dd8a4b0dce06f0b419dfe8342337b9478198

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js

MD5 72bb50c6f1b647d71d2ed2a5515a3d6b
SHA1 774f590f658357a077f061c04a37710984da0a36
SHA256 b9d4f1fa430ddb51d810a3246a3f2a227616a9a8568ce96e779ee4a67bc44f34
SHA512 6f940b06d402eb16b93b8600f2af7172e82804b8bc2340266172f2ff4ad825c2717e4dfac37d5b1f9c989eae3d6e186d011763e3576901efd653834a38c6021a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png

MD5 20b9fc7983ed660ebb3e41e6806202ef
SHA1 0835974d95857b850e7c522b82d08dc281deade2
SHA256 d488e5cdbe34dde56b8fbda231c3c7b5729cd26e629b73d54cebeebf2c9b9a72
SHA512 9f2bc42fea49cbf0e692f82e4e4410da8e4ab7e6320c03927af43309d15c0d92d61994e89764628a74c27ddd2c5d3f39ab1fec98d049ab297657bc9bff8b645e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js

MD5 c3cf466dc95962d70111aa7c0dc8cbfd
SHA1 fdd1da2a92a7dbc69a6cc09a6786a6c5a39f398c
SHA256 95d7946f224c451b9c7b92bb5b47294b3bafad163f4016295180f6001702bee5
SHA512 1846ba5f33d206c3102704317f6a3e21d804530797b683d7a92486be60ea8f4c509f9b29683c86ad9018ec3cf604339c1d4d7f02c285b7f067685d8ee6044625

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png

MD5 8baf4575c6aac8e19d97df03956fc470
SHA1 30a5be5e5ffdcd456b468e4f1b57a5a21523fc56
SHA256 65d606251123390b40b2eb6f969b5df28b7c81ab2abde817e816a4096c20f495
SHA512 3066ad3c83e94346368449304fcaa3c401c6859eb195ba69188d0e15f78926dd5f44e5b2b51a5f86bf63903320eeb9456d613ee058bde21a962fdce5aac9b72f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

MD5 9ca1cc9b4eb674387c35fdc4aea3b24e
SHA1 6c1f1b59f202e16d1d64b764bebb55b889b3bb79
SHA256 2e832a1a3ab797810c77e1577b8d3d0522704f63505881545c7ee2ab4da8468b
SHA512 d640be83c3054cca1673ac38aa0863b4a23fa6804cd5e2af1b04181789e1a4aaf4575649ced8d0212c30d989e90c190264377889fb0ae574863a93e47cae40cc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\ui-strings.js

MD5 42cdef7c471cd7d4ed9715c7f10e6351
SHA1 3015f6606ab31b9e415152959855946728a30015
SHA256 cc99d6943f7472b297d93e38cc23e182ec30f695c0d7a4f2d9e42408ebcb45f0
SHA512 761bb64e1b27fe14e6f12f7a99094beb05c72b38df73781018cf61094b72c079987d06c7427e4f1c94d9f42381e832a406036253fafa2b6fe6fd95fd2612a42e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_pattern_RHP.png

MD5 ec30c2545e1415e5f8d517b719eb5cbd
SHA1 db02f0b1e7df246e846a259e5c3f000f98243a46
SHA256 52e44a1f9232b67a621c1ec1292b2ed5f40ed94974e84538aef13e45ee5c55cb
SHA512 89e2b3a87f4036bf08292714147fecbeb7888b68c2f92e9a70c7181c9244ca32a525fc78105aa725de78816119f5291aa4c20969651e82fcd2e3603552df4b8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_patterns_header.png

MD5 738497e48cbd4bbfdcf70a173646a0c3
SHA1 f87c668468deefc1232a1e01f647b61788054f01
SHA256 108899bb944c4072055c1e113d486c648f761d262724b7d97f256cb54458e835
SHA512 972b78b0414ed80efca7ed195aa3b18127ae3fdf785c3269f72e57ec718b41773cdeb26f8c1c75714401225b773ea23f9c304478144e38b946a1e0bf197fdaa2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png

MD5 9d1499e61bd29c174cb93b1406113b48
SHA1 58930692faea1740e282e7fe7879cfe4a098cae1
SHA256 fb9e871a3d8c636e4ee9adc608fd852f7511e3797e7929eeee24a49add0c5fd9
SHA512 f3979f7fcb77232bf2ad22e0209e63d16e39edefed579ed6603a52a4f2fd36bdb914842ca63c98a3f8cf1aa36c05725a680bfa92216d4b883c89dbb98ff37a31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js

MD5 4648d52d328d9ce75bbe66a066f36103
SHA1 e1e77a87c651c3086f7299b4ccb621bc9893d807
SHA256 22347f917b34c79d12366f4fe0c32bb7ee61188e155127bcc943447604617b50
SHA512 9c4fe057824d6d5fa5c65a2263e4fcadb26b6de9d24c428c318b8315756fcf17449e155b4c77e871fef5c0acc2811031d4e58c74a6a5ea3259b6460fab311caa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js

MD5 73130c4806e5cb31a3151e908e78e8c4
SHA1 9839a9bf8938310035d04968b6d5b6a537b18ecc
SHA256 6f366141b138279998185ba3ecf9d2dec0b627bdc14ac3c4ac8349e158651f76
SHA512 3c5fdd4ec7ce5118026ce5e2692dd373e2fd76895a3aa9fa3f6f7fa88ab4761b7f7d5c8072d241ada8f5131d2104e023717ebc8c1339696fb92325545b5d5f6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 af7a94dcf6a1507caa0616421a309986
SHA1 6acc85e6d5cf57efb8bf00f71e862308a10c758e
SHA256 8901f002478b066826ab413d5c922ecf3b1a202b17f738c5b21d5409582e885a
SHA512 9c4340330ef55fb9caa94d5cbd92a76fa417c1c11efaac8244ca03e77a2081480326463648b0828ad9f121a1a548dbb750d86429b67d5aaf4c5b019bd41d7441

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

MD5 01606ec5a9eb32ff778c2c31895f2f2a
SHA1 5b9f552dd9c6fa8fa42128305a53555d668059a5
SHA256 33c324ebfbf8a98c5c98b1fd7c65ffb2b02894ac2aaec9d5670266a55ebc7ec6
SHA512 63f5a9d893c0762b3afdc81f45f7f52bb500fc6edb5f22312d00ffd42a9c89c436d92fbf5ec200431e63f5c753254fca37aa2f9b51245c57cc7b595f286686d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 45e22e36f1cc8f153432da89f1a997d8
SHA1 d609562a32df29ebec9bfd4487d53fa9010c1a59
SHA256 591b8a7280e52a6dd4d1e5ff8ea0a913ec73531a4d655773111552a8fd7890dc
SHA512 842928ea8e32ee33ea6fe1d6e8f38f2868ebd666c22f3f2af347b4aebc5a029f88ab6eddec91054e7945b4377a3a682b2890a21f1d6d1112cd74cc8fe09669d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 44cdd1627525486ec1d2a6ef75f47d0d
SHA1 7cfb8a593462f0aedfaeb02f5e4ee735d094802b
SHA256 19e97d813ca189d3a972aaa135f18fe0380d489bc807ef6354c265dba302139d
SHA512 8289a0e923cdc1a3423cf2c55cba80dce981cc4d4b6bc9a52d0d02e0394f3da3f57fb75e77a99fb91d91d8566f67809caab2fc720276d5368c641655002cc47d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

MD5 63470abf49c0e1cc7f31aaef8740530b
SHA1 a50b0bbb23a574de3bbd17701f414a08513aa055
SHA256 990badfdf05a5d3c37807a3dc2a0bd126baec95f830af89e155541a71e2f6799
SHA512 b03ada893592c07aaf0939bd348151172da4755793907040536296fe9adea5a956f6bd9df5afb2b26f539724e745d2b73f1cb87180f1b630e73ad0946b15d724

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js

MD5 3bb72aa6b8252137abdd4df14b9ea10a
SHA1 328729b2e80d2496a92a25a1f63ebc6aed25bc3a
SHA256 902f1293d3fc5ecea2084549f796ead611461582e57092188c2dcd719b03ebf0
SHA512 b95589be0f309fed41964a5b34db0533d33f0a50706cbff6bd95c78c1b5a99fd39f34ca0ca667d562b0a0ef0608154caaeb4d43a5260b833e90f71594c21e0f3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 27780bca31dc48b97af69c19fcc1eea3
SHA1 df9c0c5bcfc5d353b8b5e7cb8486e75233583cd1
SHA256 257c1fa3dc73c6e2fecfc90975c490823640ca4f4f4ee0b9feebd1a7ea7ca705
SHA512 1c71f8aebdc736f45061587336f682825db21a1f0a2f66ebf7d5915d68a4d84fb9fef26679b9ad8fa64d9da2bcae49de734bd1899a7ccb48998399bfbf547f29

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

MD5 5f08b48677490af0565a825693695419
SHA1 2c105343a91aac0daa8d8723c432abd0e1b7d35d
SHA256 a1ebf8a451aa9e1c83eb23ed5ba6bc669e3d04234c43f1462b7b57fe79b54cdf
SHA512 3e72007554e935cd3aaf24301a81743529749708ad39f61aedc5d33f638496ea0058964e019a0dc0f10ab6484a1071fcc1b32549620d1b56524e5378f93113f2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\ui-strings.js

MD5 3e4d83ad6113d00ba013e533e4bafe7a
SHA1 0316d005c42de686d78ac29c533fe387d260c4eb
SHA256 011a34084a7a3de35d1b146c12d6c5a44d0ab7ddaa23038d3d6c09a7d82989ce
SHA512 520605dd7d39989bfcb43e50e11c174555209405e333c72f8ee174e46ee6e406a058daddcd136ebb6435822c0fade9edf095991dc2a7eef005789ed69af8ec1e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

MD5 f4d463ade79e3a527f148145fd9da0e9
SHA1 0628a38557bed0b0af4319fef55169830dc77c68
SHA256 1262cfc2fe7d649487738d35ead4639ef620a0b66aa7bf0021f9f4cc925aa291
SHA512 9e683765e3b5a59e4514df3664c7dda93faa7ca609960e85a1217c28472849d11bf3df6f0af4edf7748463d92108a987c176bb31dd0231f8a308dd0468de9fcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js

MD5 115e6d1d4e3ce259d32db658e3c5f0a5
SHA1 116b29336909ea73b39194c1e5e1ffb691bde2fc
SHA256 df36e477fa9822278859b50e7443dc194cf2d706105347fe095ab4909f9636cd
SHA512 be3a7deef8c819753994523329da94096c04d0fc6947c5ccd552f9a4b043e1581cad0243cf57ae9154a16f52c9090d708385d172d4c86ec9c62999a0f8e1f300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js

MD5 b46e224164e55b4ca215c1b0a24e8504
SHA1 e65d9d67deed3dafc38e8f2018129081caffd54d
SHA256 6a31e35f9709fbc38cf2bd0032f6d949c98786241f1de3b6c492f2e708fecc4d
SHA512 d469909f48df21bdaf06ccca4b192bc54f6ebc38e78572b8ac571e6ff96e85fe81ab5e87eba9635ce3f58ac83cc3046af45e2583fbb92eecb86486e5d231f0e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js

MD5 aea69e6d41f5366b530c6a1a81a31e97
SHA1 0395141df0673f5c242400c6039316d86502a466
SHA256 c1d82e4650fa9dd694899d177b74cd3600e374504804a47e50ce58c2d88e63d6
SHA512 171abe137e0c582d06777d8425ed3300f9b4cab1d41d197c9fcca5f4042b85f71f828ff039fafa6dd95ebd554364a59f180f82ef7f6421890be8c204f2bfc7ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\de-de\ui-strings.js

MD5 6d1c493e16ce1e9b57d5638c7395d206
SHA1 15e7af8c7762a6c317c88ff954ba8fb061c31cd9
SHA256 da4bcca86751bfd8d128dccfb2cc58830af7c94ed8e4c4c04202371d62d0e410
SHA512 594b65647791d5485b0d74f18eb9c08698a6bf5bbf6f59a0ad8cc281b55bd6fc940726614f2498e41693a29bf1eae1d54544135f41342a18d690286ae3f01523

memory/4972-15374-0x00007FF614D50000-0x00007FF614E44000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 9b0a4b57ee1bf4b8deed3b3b83735123
SHA1 59fef1808157831c91438d4783408d62c0a389b7
SHA256 da1425b8005198a77ca50d44faa3128da0e3907a584258e95535c1368d5c7028
SHA512 acf827a3b97ac7592f229aaf8c9380ace55ffcb4a332dc9f084e7f2750525a71a5be1cced8481b8a0cafb53719b6201c64b302c6394dd901f5c727b6f80718bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 6287ce61beded9be74bfe37b9dc56d63
SHA1 1e4d480226de2231aa361d863b6747a782e4dd47
SHA256 86120574e2503d248f9cd817e713a78631f14f23d3a4bbfd8773067838ebf689
SHA512 813bbc6e1426095bba5ad913ad2db0a67b489c6cb1780cf77ba45204c3d1a1c5e560c393a69aaecde06d78eb7d70b4dd518ab18a13f684b14ebc8e1fd277b03f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 59b64e9ba419db24dc3ce6e555a8c70f
SHA1 de2aa1e7fa66be89ff96c592c8cf667263dc6524
SHA256 28656a182ad79c086c18e598acbc1b3bee6cfa10212f3b164a4903f705a356e5
SHA512 e780a1d5b2ee6667fe1f3ed872a44b3c7e382d25222004a6e49082a037a71d658e1a569bfd70aa8f57184a206da66d35c90b7c530e9c9e795ef16fa51db05055

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt

MD5 62fe760a18ce8d8c7e8cb67289c3e6cb
SHA1 63a95c11773855a03d73d0c82982b48ae746bc0b
SHA256 ebcbb804c0ec6762cf8349b1881e7dcf73cead3113e653fcc9627f60cc3048df
SHA512 1aa8221eda7cfd4f9de7b887a4e39cf6ecf012b081322bf7cae2df183c41bf255c49f2de82cfc95980ad5890b729522388d774e52b096b03e49c5c220237ff8e

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

MD5 e48ed55e3afa099696666296980315a4
SHA1 d630cd33de6c823d2df9cc21e29fad7c91a1d122
SHA256 45c5cb372302d8aedb9a57122ddf4e8ee8abaa1aeb96adf05566ad4dbfa6dc80
SHA512 fddd1b3d67d2713645391e0af51b1da60773a4566c9f1532f132026e6566e10331fb3c3f0988e8781be02d3a38dcd1d281fbe0744f1cfc9f264ab8b5aeba3ee7

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

MD5 4091565cdd8a24e219a3d3b68fd42c0c
SHA1 b5d7284139becf6b6cfcb882279e1e13f3220b57
SHA256 a15776d907610045583066358ed5765f27c11314c4ebbeb101ce74eef7699488
SHA512 e21d5307006d4c999034429af9af1c1508dffeb1c21adbae45d1981faeb14980258b266dacfd15442dc7e67e68fae1678cfe1baf68b7c3434dd2bdf2a92e4859

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 895e5c89665e4ec0dd1fc4bbf0084084
SHA1 796a7bfb8ef4bb08148dc7107bcfec514ddc4e0d
SHA256 49c82e7267c18617a9b68b89865a00e824da382acae85a0a6449e32ec5cf8216
SHA512 f53ceff1a3eeac3903de2ef358e502f2ee73257aedeeca0ac38524d1c4ffc3bf6e68c2180895925e415ba90e1703705a26d234a82df351e3427fa1ac6b83eca4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001

MD5 22d6504165ac1f03afaf4d244448ea20
SHA1 4d94e8df1658e2dbb040bd9e2bc0e04cfd17c1af
SHA256 9768d890678a929c78aca1dee0fb003220cb4338339c0529b08e6ddc67aa7b60
SHA512 b764ef182c1945ab9b054a794bca0ab795cdf698a4f9174e78cdf3f554869e165248a50404fd22214dd8ccb3bece75c82e070f792f8b9fafeffb1d44bf8dd58a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 cfaa54cb4daea7353dc4ccf0433a66f5
SHA1 a2eaf6a5e7a854cef2d5d3df5c265caf01508b21
SHA256 e3f34182d0df06e49b8403e2f6e8c78e69599cc88111a69c627e739a353ed6ec
SHA512 c51367040f0331d2981c7f476c180ce8098697689ddfa18d8b04eada191dce1e83ad702ce2dbd6d71fcbe52399c7962676cedbe99041528eae708cfd493d8ad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 d974d02b3938e6d2435e4c95cabd017d
SHA1 f6440a075aec804a3657ee3d6058c385b35478b3
SHA256 b39d9fd9750017e7b10f205ce73cb6bfe0ca7c61d9a723ace67cae1e42821494
SHA512 064779e21cdbe40335e2fd4278d579a037a1d574542e462821e2c8c3ae07ec1a2b856a0e4d0bcfe8b05188e884a206cce4a23c765ac1474be43aae47a9fa0115

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1

MD5 c1017abf600abfb3611d5c8141a8411a
SHA1 bc70b03157f07490f818b6d3989f89abf49ad6c3
SHA256 f46d4a41cf1e0ec6442cb1d86a96b60781c91352b239ce07b99458ff5ff93ffe
SHA512 e0ba446adf000949a6fd1c74746c54fce9e207928d2c1f5d4ba95fafa770c722f5af4b21f50a31a1a78d50f6275e80c102b45489ffcb8781dfbcb1cd563b0016

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0

MD5 b72b35e5ffab2a4e9b4dade1678abd1f
SHA1 65e7fc5bf57e994e011b2e219aa3d2eb49a343be
SHA256 b72f3a27f4637a7c345193b8118a8a0f0f044c10b1c29a7c3572a91e8cefcb0b
SHA512 2f8cf2e3944af933848979e17a192eea4aea9eb9bd932f90027f4b2f1ca6e12e2c474623c5a060a80aebe2a9194d88c9aa2fc9e0f362c86f53c608f07154c861

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

MD5 141d09732d797ffab43d6e62bfd5731a
SHA1 30b4ef8494b94cd142934bf05a81525c6ee52d4d
SHA256 dfd4f33f25eb8b84c73a653a1318a57e3ac9ef53d9136751daacc2314a41d4b7
SHA512 426f714a4c7741ef919fc447203100144a5d136ffe12da561cb2d3d3996bce137ecf8d028e06dc1084d32dd497c3698ee9351abb1715fbb009c2947efc529fa3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3

MD5 625845d3404e8e08612e87a0260f559f
SHA1 297123ea4e489c471813f391f1041a8d76cdb7ae
SHA256 70d61b2455b66e8938c874a0cbf836f741676c11f58e9203e2e84ce8ad1fd77a
SHA512 e8cb3280ae690e9dfb4e8d32fcb7baa48c9d81be627f065f99174962a4a2d25a100917a9e822a7a06bfe385d8f543ed88f119535cbffa686c14b0bd3938c697b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2

MD5 bda54ed0880b190d83b25ce839349aad
SHA1 038ca842b75c9dc12e05d3b9c46b0a7737ed1526
SHA256 b2e83aedbdbf7b919b1d13b1e50448d51f7c0285d0fb19a08f17aad970356430
SHA512 985b7e211bd91a905abe91c6d62f809555613b586e6c75238ddb3ec1e3d2ea985f34e53d87b577849854cd5ab7415377567ee40bc8cc7c79554455e232783b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 fd73282cc11b940177013645e759039e
SHA1 cf289b78430a853aa52bf5849ebeca0a726e572b
SHA256 d573aa92cfefb65bae73622d005fc9644d47d38d1dfc13f5cc4948dac16a6c1e
SHA512 7d4f2473572097fb49448b052427f6c94f02ac62b463687c6ec700324eebca1728dc20df16a07e089b9769f20dc48a719bc0b15da81dc046f7036783f286e101

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

MD5 bb7db92976ddaf402de7ace708420398
SHA1 1bc401c6b87618ac75d7e5d92db90c43bf763ec2
SHA256 7163c02d80389f1a80e166d3bc6ed6a421bc7a9de23b2fb0e425f0c3ea0a5f62
SHA512 c1a0bb440cc525f2449ac6d6030b6b41996f14ff6c23bbfbbfbb6232191e1355d52f3dd19bac4e03cc62c0cf21065f2f07fc7fc8b74c7cdbca6976449469680e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

MD5 37147bffca251a6f4070e311883bb66f
SHA1 b7ac2b6cc59314be5cb6001ebea1a8e901c7377a
SHA256 1895e64d37c11d180571d97c0083b8d5c646c9b4a90b7aa9f706b1cbb3e60ff2
SHA512 72b1ec6cbbf3f58629385c0215fd081c1b09c0bc7803f06c148fe33b510d1cbea9b8f0401465ba60caba7b174af07fa404a12229603e3a450213fa4dd3e96923

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

MD5 d25a836b5c0579f88f9652e8076cc42f
SHA1 21a385cb0e422a164e986c5059137101a3538d52
SHA256 38c620d864cf9e2a4f13af7280c45b4777bbc22133461eadbf89519801b2729d
SHA512 5ac472b940bb75df7fd1726ce9e665138b56ad7f6aa7ba73a2b03e9d93f0b47fee6e0e2a13c2f9e3a47b0dbb4e8f52ae1a3c9b624f8f40da4211146f2b67c2f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 859c083158eb08fa990b46dbc47ff01b
SHA1 3e1a520cc504fece66c5ee0ab5ec3d09ec889ca2
SHA256 87b961e6662a8daecaeb8ef1b2c7195a5478acd73f6c631872e279a49fb322d1
SHA512 acaccf2fcb86c6710f4d32223fe1800074b7d4a214f24b7654c96cc378265d4562d8e20e83a6c81afac2afce878202852087b630cc88d97d8b4c4f870fd53be6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2

MD5 5e0e61b27ffe0c1d74b1f6d27af9cb9d
SHA1 de3e6dd4c5e95b7ef5f53128cca3832274978d46
SHA256 8b704a3a3b23c04bbf66ee560baf5575f4b64af57f9c1e6c83c97415b8e30d96
SHA512 f4729038061be5b9a5111cf16cd8635a4adf3b494d79d87dcb7c991786476506c26bafaa6297bda25d5db8cdc1a4249ef4a61634aa20d346ecb1e471e0c1d1ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index

MD5 f694a7de4b57779219dbaf81d32f3916
SHA1 f1df96ef705195c245e448a1c55bc84f664adbee
SHA256 d80d86c5bf7e2a40d7bdb922dd83982428857f2d0b18aeca51830f415e7be581
SHA512 fc66072b062f1556592bb97ff71a384faf53b25a4155d5d39fb7ee49bb8de439d6c077c645978813f01c84fd1fd2e62126ce71d3389cd34e2d8bdfbb23b026bd

memory/4972-17975-0x00007FF614D50000-0x00007FF614E44000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

MD5 eed77b22f1c7e023b865299ab9e53852
SHA1 3340b3d52422a933e2928e08dfd742f08c3c1e53
SHA256 e6300c916ba671c861d53d6efe7ff0459a2bb5664cac90444277badb0ce2d5e2
SHA512 5076f47c94dbdbaaa8527a9231d7514270492946db297de8ecc12df71da26441065ce59ebf5033cf4418099618cf03848610ae8f2236d97954669fcba7ecc73e

C:\Users\Admin\AppData\Local\Temp\wct5658.tmp

MD5 01ecf7515fb995655ed9bc55db2fe314
SHA1 06e7ce982122d033156a10eb0276fec0feac2eb6
SHA256 01edfb42c6e7433f914eed8a3212b2ab1b1de1403b62f9914bc5fcc9c498f615
SHA512 ab0b46ea137540e597c56ba040b465621b33aea34a54c9d5ff890c9e932e27ed1d5e79fb1eab1a2d21b4a8dbf8c17a440c13b154ad81507a75d9fe6e48d6e750

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl

MD5 d03b2cdd35b51e4232b7b1accd5c3bf3
SHA1 63cde5294e9c447c50206143871d234a84f5cc97
SHA256 142f33d00c9eef43f33bbcbbad84338f9d6d329b437ac210779cc209c7cd042e
SHA512 260c01144058f96091579fe3ea2a31c7f121d6296a97b91c9f61318c229d06168da29234e10866903f9102de3dd0c96736073be1836791f0c91b0ac1e27ab2a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\places.sqlite-shm

MD5 ead2d84b8303fd3ea4c5226c0edf7e1e
SHA1 6b3151ee4fbce8b0f392e28d7d67014ac79bba0b
SHA256 96873a720e98d12aa7dcdb544079fa191a8ff4756224d55cdd6c042c5997afeb
SHA512 d5ee70cd3333ef0c2a3a3ab030ee445e8816852b1a2d058232bba2dbd51bff7236b6bb03b97d0e969b661488bba703d8b54ef99f51a8c214f488eeb903d1b66a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

MD5 2765251cc923077e562af539b0523169
SHA1 189ee98d8e63fb423d241cdb638d4f59193c604f
SHA256 b68ebd7916d5fc766b2743e575c50d606aad8dd94c57d93fd0853a38fc0b4924
SHA512 683fffd19229e769eac7bf1df3111dc196c2da0296c1c87457cadbaccce503fec9bcbc51245ab76134028c18fcb3761147490223887ac234e01a9221893b6e46

memory/4972-19488-0x00007FF614D50000-0x00007FF614E44000-memory.dmp