Analysis Overview
SHA256
30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27
Threat Level: Likely malicious
The file 30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (8558) files with added filename extension
Renames multiple (7817) files with added filename extension
Drops startup file
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
Unsigned PE
Browser Information Discovery
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:16
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:16
Reported
2024-11-14 02:19
Platform
win7-20240903-en
Max time kernel
122s
Max time network
124s
Command Line
Signatures
Renames multiple (8558) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\LATIN1.SHP | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Dialog.zip | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13 | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187859.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\SpringGreen\TAB_ON.GIF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\TipsImage.jpg | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18227_.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Common Files\System\ja-JP\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\VSTO\ActionsPane3.xsd | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\SPLASH.WAV | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\EURO\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD15277_.GIF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145707.JPG | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382927.JPG | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\attention.gif | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MSOCFUIUTILITIESDLL.DLL | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Slipstream.xml | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\POSTL.ICO | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02446_.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\AUTOSHAP.DLL | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0185774.WMF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\LINES.DLL | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ar\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDRESNL.ICO | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\COPYING.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\ECLIPSE.INF | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SECURS.ICO | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309480.JPG | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe
"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"
Network
Files
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt
| MD5 | 740589569b04d248a322588a6a3ba703 |
| SHA1 | afa81f06545da432a7e2f5d32574ea8dc17f3f53 |
| SHA256 | 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410 |
| SHA512 | 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d |
C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer
| MD5 | 596c95ce042ed68f51987a68abfb3fea |
| SHA1 | 981a0a5a6250dd8b01e555324a403710ff9fc006 |
| SHA256 | 23a28a84bc86cbfcf476aae0297093cec09d6674ba1d9bbfddec43ad170120fe |
| SHA512 | 21d7840649f1ab6e5bcc0421f06e49b6f9fa6cf5a9dcc028c94e43617382556fa35bed3ce395abc7f3e9836875f7b078e1603929225344d0ee27dd42f80309e3 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
| MD5 | bc630eb00a4f74a15ddd0a128fbf4874 |
| SHA1 | 4c75f9ac3e5c48fb81bdf2f2e1b44eee544f479b |
| SHA256 | b139fd53dc3ee127c73f3d085e03039507e144ea93dcde000c39689d3202e0fb |
| SHA512 | db8861e668aa4984e987bd5f2b803506441424d3ed0a17f4f74e1befaaf567ad13e9d6f3c41f652246013eb5bf63bddaebbdede0ad7ad5193366a2384e2f8ea5 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT
| MD5 | fadfbe76c49ec890dd656a8d0bdbff1c |
| SHA1 | c9901acff2dad088157d77a235f119d19a62d522 |
| SHA256 | 55ec3bfc06a19b1ba759e9fbe388faac2a89240040953fae959e00efe77b7439 |
| SHA512 | 4626be9f4cdd7ccc3d5a047c61adfc6ed18aa71b4e3499c86d0834e6a6e11791203610208df7f58c708bcbdb9cabd55b390330a99e66893ae8bd256d1d66f572 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html
| MD5 | b3d450347fe900717a988fc68e450089 |
| SHA1 | e008d185700dc4e36bca65576484d031fe786488 |
| SHA256 | c927f96e8e66d50af03dc4c7c7b74395670144f38a17a232abd072387b1be6b7 |
| SHA512 | 26af9a8bbecccb65d7ebe7ec69d802620dfa1da535f6d62de1b270a6bc28fdf377364f1a99409fafcbe03ea2fb77a6ccf4992bb24d42ec0df4d86c7c6970d227 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | d9480a7cdf4a95d05d747dd18e91b22d |
| SHA1 | 254539d0724faf3212b293910b85bb2f26144280 |
| SHA256 | 9a772717e8a6f02b609c5696cf8f7314b6d5c0a53a9b7007925bf382a24955c3 |
| SHA512 | 2c6be4d23a0bac053888aec625bd92a1e0515521938ec1ec72a0b874a0adcc3dfcdaecd9f25b28e2aa2a02b4edd72804fda1ca4fe3d4a41d80bd2eae89f48890 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | e937801392073efbd2894c0c8d49e447 |
| SHA1 | af7654c87d73ced97a86716674f5842bd59f4f35 |
| SHA256 | f19824edec9482064d1dbe759b395e91cae9b2978d6a6e0bc94df0ce88033349 |
| SHA512 | 8b55e0714439a03e087703cef29c9a2ea5e3c34a78141d33e71e5514e5ef9e124295c002695676f8bb809b0f2188aacd6f7370d0dc1cc82006524d83743a8142 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA
| MD5 | 7018219e58a4414d2fed182b0c1cbe1b |
| SHA1 | f2618ce7e99b1118df6358423d828a2cfcc182cb |
| SHA256 | 90286d6f593c51da4ae6485f5c5dbea6404048b5664bec21d6bf806c73e62c64 |
| SHA512 | dfd406df50ce42bffae72abeebc81d6d282802aa9086aad6499135c3aaf9d87ed2607ae0e039f0a9b6e52a25d4e542c82a247b38a4e8c1abf4d562450ba9a1de |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
| MD5 | c2860a8961cd70f59676ffabd661a46a |
| SHA1 | d7618489f6ed9e621374b3765d8b96a6ac040b0b |
| SHA256 | 54972c2b13568d3e0c8084abe7a74e810e1bf3ba15a6c7f9382879e06ffefd80 |
| SHA512 | b2aefee0da64ea531ed13d3ea21511a6e8ee6e4798a8f8e6c15ebdf627864951ae33403045ec2e82c62314720ee535e0ebb9217f078e66941c0747c3efaf0e22 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA
| MD5 | 89ef26415c167eeb88c517a229aea5cb |
| SHA1 | 3688b760d20e30970eadea5e75e4ab0200fc847a |
| SHA256 | 8a958e5b72d2f681ea2c54b6e154d83c5940b39ad4afa130e168daeef2cec257 |
| SHA512 | 716c915f6990db33336f90248d648cac4e890a2c70d9d896acbfe7b0ddf632e7eef27931c43aa849b8c1b927ec7792b6f8b1dc7fe0165316eb7078ff43e49910 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
| MD5 | 1df1aa3fbee5b3bfdb0b455f2999d175 |
| SHA1 | 18fd34374034e815b7157b572e292c91156bf682 |
| SHA256 | 3be5840be95d553090c9eec49abafcf52219fe589eaf34536e71274bfb12560d |
| SHA512 | 8951624afd581738057b24a74b252039e488adeb8fc47806fbb693182fd6e6b3e974181379127ef1fb9d44aedbfd316e17d421cd0fe168751bb87d1eddf46d6d |
memory/2504-3688-0x000000013FB90000-0x000000013FC84000-memory.dmp
C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 1c2ba2985218421af45ade6acb4942aa |
| SHA1 | 2a5bdf7087de82b8fc948c52b98f66603db714b0 |
| SHA256 | 6124870ead7262746b6dfdb03fdf99904b73ba720425d23f88337f61fb3a7c35 |
| SHA512 | 72297ee4acbaf7164532a94ceff176db47c646f03a6b3e7cef9301ba797da77526b7341964614499d7a9c58419b1a36b04496e0100db81d2fe17f287ef40ff2e |
C:\Program Files\Java\jre7\lib\zi\Etc\GMT
| MD5 | eb69258ae793774b1aa0a34bd5e88de3 |
| SHA1 | ff364b39feadec91705f0ba3c5d114fa1f9039da |
| SHA256 | 9491ba6641b30525483e41a471ab476496cdfc616a3cf9d4520216a97dc0d5bd |
| SHA512 | bc116b591267981b731436e9d30b164b9951cf2bc90f4b1ca2e012e67fcaba106a00bb954ea6f91230aa3f12963acba2b80b113945956bf6da43a6c041094fbc |
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo
| MD5 | 1c647b088183139884238eb9582f5be1 |
| SHA1 | 87ddacae1c107dff2748baee274a671b0aaca3f0 |
| SHA256 | ecea0db5ffb0220d81e8f1b279251b8dacb0de740752879acc35ae4e54849376 |
| SHA512 | 2a369faa8b7b3f50fa8f01ae07ac09e5d09627db68f347625305b3fa0c195593788fdec0d0371dae01f31ce63864e9226b5d7e46444c9262ae00d5a51ece5c10 |
memory/2504-7358-0x000000013FB90000-0x000000013FC84000-memory.dmp
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | 361e16d86729e35ff54ce946705c3917 |
| SHA1 | a316ee67d2164ac24549a5e11e9098bcf04754e1 |
| SHA256 | 8f49a55d9e108939ee6aae5f0c1b25b6451a1b56c8829f17ccf85312acc6bffa |
| SHA512 | 09661c895140b9339e1a2961d10ecab6d144c17b9a4c622badea65603ea19709a201c157c25c341611b832aaaa6a945b8f70633c5041579e9da57215283043c9 |
memory/2504-9999-0x000000013FB90000-0x000000013FC84000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK
| MD5 | 1bcfa5cd544151ca8a7d1beb73c66e30 |
| SHA1 | 6f04d2106118e465e13e6564f90183c5136869fb |
| SHA256 | b4f68a99c2a569ae6e8fa1fd8adacc9252390aa967f04c774f6943055d24135c |
| SHA512 | 2f0ea77c1bc9ddcbfe6f6ec442943af503aa15b89e314160c95325fa554889e0977db0e02f310274cf6d91698b9bbdaa089d878a13cf3e6e6c41b7da5281613d |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK
| MD5 | 556c7dda6bafc31b4379112aae7a51a0 |
| SHA1 | d93981b983d7ae290c00ef69398e43367e1899fd |
| SHA256 | 6132c2bf14aeaa2a9502d25907edd1cd087869db05de19b1d8da504c14e8f93b |
| SHA512 | 2af2e2c8392de22ea88cc0ba89222be1f627d712ef93f1e8f0d77a7238abb09ed512ac9ec917810214abddd387de1c6fc62d9414efc6fd8b8080528031d7b485 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
| MD5 | 88b4ac008247d873b085c2b79af09391 |
| SHA1 | 9196985c7a580903e6256625ab75d83d9202fe20 |
| SHA256 | 708737729a910af56be5b7c950ceb0f9105e3d8a8fee4a83f597565c297463ab |
| SHA512 | 7bb559c297e91e0c18561db227622f9cddf08b008afaf5215e602ff4f00d0089791c595ec6807e9dcb10d486e4ba3b6cb11873dd800e908f042ffb2e74b8167f |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF
| MD5 | df2cd47749b283d16b6b882ecb29e56a |
| SHA1 | b89a635f267e7f875895bf3febf36b71ce05157d |
| SHA256 | aa33c210333af8ae64f871229476e4db535c8304b8d4645174cbee8c1e362ec4 |
| SHA512 | 6a2416705ab88cc4eb2999a65ce46e59ad649aeaeaef53efc579b791930ad6be59dfe97121c4256b4c745264e1d937a9cf8860d1d87121bf097c230d6405f691 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB.DEV_F_COL.HXK.NBA
| MD5 | 0e540128c931c13c5f4350c7266d4073 |
| SHA1 | 7f44d18086cbd616cb19a74e483a21e0adc50280 |
| SHA256 | b73fc33083eb8ce61577ef3f8c164fd6ee67faaa6ea1050508eeeb0295cc2abd |
| SHA512 | 76e56c3cd031e093b816df6affaa86c513391a2e482e8d12ad41fc299f4372470da19f2f1d6e1b633ab2c9636fecf3c4621995620d0775d573e7aaa9285aa242 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSPUB_K_COL.HXK
| MD5 | 9526123ca33aa95b8ae415961cb4f04e |
| SHA1 | 6a0df1301fd83d09dece23ace966b1def2884c55 |
| SHA256 | 34cd8b508f42f2f16966c84a731c358b4dddee3a0909ea53d5f1500c22e57ab1 |
| SHA512 | a3491b8d788b5a1d8528c6852e582ba2f3848a0515626d41591cfd1362ff1d0ddcdfb18dd44c1fa33d127d5cfa6e334800b8e00af91dbe4df12bb7028aa47b87 |
memory/2504-13696-0x000000013FB90000-0x000000013FC84000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL
| MD5 | 01c4dcdb3b1a926f106cb1db10e92981 |
| SHA1 | 6aa5b99da33a2a74dc4f248cf994d21b1467d03a |
| SHA256 | f6d1d24cc9f818201bbcb831b0aab30caa0f04715837e93d066b26300c4e1067 |
| SHA512 | 76d297f934c89b0bb5f8edd1bc726a4e3b187cf18bd1b451fb1917bdd1ba4441ab1cf672366f95cf45b00e192b87871dfad81a866991b37acdb30ef29ae7e4a1 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF
| MD5 | da812cae8f757b8c1f8a5ab4a17a40a8 |
| SHA1 | 88fdeb3f18b1f2422ca37bb6c181327b16d96fbe |
| SHA256 | d48648d539f77e01061922021922cbd5d0266b0145271e2c55a3774c361f6369 |
| SHA512 | a79e7510d3059d97d09387a32cbb29901bf98619ea1378ed60a6f48b7122b9c432ca4907c886a2acfa6985eaf8c54023035d97056649c1d80633ee31c62cef3e |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF
| MD5 | e15711e520935b8a6c1d2d772e1d6c99 |
| SHA1 | 1693f7f0278a0e699a70edc44debed8a99478615 |
| SHA256 | 1df367afbff4fc512937b85a5b0d57614ddb62d75e525601aec76ca35510d3d2 |
| SHA512 | 64dcb5185d98f4935e13a97fc3664f43ffcd36411c0055fbfca46e81a344093d994e4d2bc51e900b4e1095ad2e2f6815db5ca676eca7c11738850f7e98e05dd4 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF
| MD5 | 3dfb9fa1f6e2c3bb7088d2bd0607e8d4 |
| SHA1 | 8d5577dd2a9fb8ed78da8a4e03daf92adaea90d4 |
| SHA256 | 677c37e3eda47782fbab8dd587923a73ea423f6491efc28d2decb6bbb835391b |
| SHA512 | 937d96b2893ef14b5b9b8f21f60e47bc9af4c5840a77c99bc2a6d8c56222b026726b13d1f10add356739df426f7d5c3537621b91a0e65ca93e16f360ec311dbb |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_OFF.GIF
| MD5 | 2cf371017151ecbae0198167d3d03631 |
| SHA1 | 527ff60b0d078bab9ec0e8c0d53c2f66a734b77a |
| SHA256 | 7528e1de85a0fac32ca91fd44efe93b4b00d4035b25d23d49ba111ac4daae50a |
| SHA512 | 5c493f741e8693a724678a9211817734b3c0da31a6b077c3660f2ade4f48bf21a50ed26341e63cc00c64514253973f2a4a1bc94136cfa72c9dc97e42ef9710c0 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\TAB_ON.GIF
| MD5 | e54e4265734843c9c22e02395cb794a9 |
| SHA1 | 2a2089579f83e95a736d8e33d29c131e3aeebcb0 |
| SHA256 | 1a8e86993a3eebcac93e724286b280e75ac414b983520b89bd7595b21335fac6 |
| SHA512 | 229843f73bcc82cd8fe8da30d79f8c420bde0f4e4c607b459c1febb0a3a8ad0cf1f44e6ec67e3b7a30fa2e785893354c1c26b47ed9ba4dc6aad6dcc7288ac0db |
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
| MD5 | d78b5aba08f454df5ac7d3f7744ddccc |
| SHA1 | 0bfe0f3f0cbdd219575a4d54c8b85d2147da2a54 |
| SHA256 | 2dc3c534bbfb646f30333b85f8ebc1873977fdb762a3376e32f7d6289264632e |
| SHA512 | d001489b070f3a77caddbfb7af5608a630eaf3dfecad63af78e214c7a7f52cdb7a611d7b80d6b4fdb06843cac1198a8452a2273e1dabb9378ac5a6938ef17c29 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML
| MD5 | abff9f75eb8c7ff1ddce9e4483af0aa6 |
| SHA1 | e30eeb2a8c7af936919eb30d46f6b412e269e3cd |
| SHA256 | f5610e9aa51af74502a872147d2f76c9ffceba71ee6637e8cfd2f8a61dfa21fa |
| SHA512 | 7b730db447928e43e3e66f5ee501330b5f8b2195cc5d5e4aeb2b7052e074a694a7d3e5962e0cefba116097f69be023ccca60cb7172fb38ef0c3b0254ab9b19b5 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML
| MD5 | 1aceb4429f837a0d186cc896b9ef6c36 |
| SHA1 | f1aaa332ef18566112d0d1457f09207605f993ce |
| SHA256 | 5078c6c0c6489bcec9814aa52969586638d95d7f306399eb9d6a0376a5c76e60 |
| SHA512 | 7f78accd986023cd30bed28cdac0e4ef68c4d3faf0160e4d757c611bb9d356fedc9106bfb7fc75f96800fdcbecc4a322bcd8d2bbc02b0edf44390d9ea828bf4b |
memory/2504-16839-0x000000013FB90000-0x000000013FC84000-memory.dmp
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck.NBA
| MD5 | 2569d9b03f18313b684756be26ad654c |
| SHA1 | aa3b419dcd0aa9af5a4fa3158b38698beaa18642 |
| SHA256 | 97fea2512a57d3a7cf839a93815eaa657d9bfd984a37cf787ea8f3aea9ec8c92 |
| SHA512 | 487d0eef75eb4bbbe934345298a98bc045a5483b3c0cb0bc95dd019640a127c8fb46ae68eabc0ff13bdcc2774692633338d4a0858adc6c5f19e81ae5853140c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
| MD5 | 557c386145ecc8e4156b8ca169b51ff6 |
| SHA1 | 698c7095f73a2528584b19baf67052cdd737f10b |
| SHA256 | dd25be9f7c107aa0c5fa28bc42eb45f41446de19d2bfbcac5434558f84feecfc |
| SHA512 | 6b7cd616d3ca575f4fd895c2d7095c077eb82015ee58af143b2158f7460163409a2814ded9132473859a5c3eb29f7a68630c4c6338e9ecc69dd9ca51b45e7900 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | d97a7b51d0f8416cf5c04f5af7cfe262 |
| SHA1 | eecbb4812c6f185abffaab84a047beffeaf38672 |
| SHA256 | 3a69f1b9f87d4ba62a19a4341684912ca51af07d3f5889a10eb6ef9fa0fb2d3d |
| SHA512 | 3df2e3696e2dcb56faff16e5d3c962a952ad9f3cc856f4ea9d36e63e3f0ababa0e88b73dfb132ecc129b02c860f62220cf1cefd0f0c1852d02e606feab367068 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\USA~dgov Updates~c News and Features~.feed-ms
| MD5 | d114cecd2f867abcd8aa13ea743641bf |
| SHA1 | e629ac834534e92bfc8987e466f325c5bfc89040 |
| SHA256 | 1ba0537adf0b4c2b9985a79e883e8eb70517d7c06a75e1fbb31cbd0e29787a5b |
| SHA512 | c711573b0bd26c1397d8759622c6286423250b00e0aa207d7a71d8432f659199557eac0efcdc6054d33e901c5f70cc3982ef4fa3df05c4810aa8cd38f44f1e56 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini.NBA
| MD5 | 6a463f5cf0cb1e5a18a52de9960e8a29 |
| SHA1 | 8491dd0d7561f8703d1ddb71c09ef4a4f7a5ecd7 |
| SHA256 | 50a17669d7eb6db13c7d0dd00413fcb75c3a7aef07eff0de206a2c95e1785f84 |
| SHA512 | ac3fc3669bdbb9a764663303f5cc78c1fec3fcdda4b9436c9d1ad03a320dd2a3b2dcfad104fa6efb502d07a16c839f53559e27b65aa8ba0bf1c783e9173dffbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ytcgl2sn.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | 4541ed02f2a9483413f1e6bdd6a735cf |
| SHA1 | 136cf894688c626e3fab09918ca153750d09c288 |
| SHA256 | 1c234d0fcbe67e23202735259ea6a056f389337c99d30db58d77c458c8a48455 |
| SHA512 | 0823b8e701abaedb4ee94a6f0beafa112b703e5775e8edcea01ea715c9e73c96351ae40329108344a5d522f424271878fdc919b166ba6b1c81f39df0e9c12519 |
C:\Users\Admin\Desktop\OpenBackup.xlsx
| MD5 | 1328c6ecbb4117df3d2ad8f888327f14 |
| SHA1 | 39f161165e1dc7d38d86f8da7c69b6fe46a92b1c |
| SHA256 | 839dda8ec5f53f3becabc065c29dfa30e75392c99544eba8e6c7446facc1d3dc |
| SHA512 | 11e75b2c822118fcdd7d70d1e3840716523834b1d7263d2dc66ae037cf3c3a6f26ee205f01880fec164375f2faab9589cbd8262d0af6226726faeeb86c25456e |
memory/2504-18894-0x000000013FB90000-0x000000013FC84000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:16
Reported
2024-11-14 02:19
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Renames multiple (7817) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-down-pressed.gif | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-sl\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-180.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Internet Explorer\de-DE\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\WordCombinedFloatieModel.bin | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-ae\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\MEDIA\TYPE.WAV | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\classlist | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_K_COL.HXK | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Acrobat Pro DC.pdf | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\exportpdfupsell-app-selector.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\de-de\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNG | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\manifest.json.DATA | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations.png | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\sv-se\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\NAME.DLL | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-sl\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\SmallLogoBeta.png.DATA | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\he-il\readme.txt | C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe
"C:\Users\Admin\AppData\Local\Temp\30390db8ef77afdb6add86f7f2990a142823401078ab237020933d0423374b27.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\Lang\readme.txt
| MD5 | 740589569b04d248a322588a6a3ba703 |
| SHA1 | afa81f06545da432a7e2f5d32574ea8dc17f3f53 |
| SHA256 | 3e5e8c57f927e2fad1d577f52e16cc76f10d86013f921dcc85a129c67ddd3410 |
| SHA512 | 0d337f86cd09ac78d33f58ed7c4585648db036d12721ffe202a8d9ac239ddbb5e34e9ee7430e9720787d4e3c1e37c2200269fe62cfb4f21a0de49a11fe5ae91d |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.NBA
| MD5 | bc630eb00a4f74a15ddd0a128fbf4874 |
| SHA1 | 4c75f9ac3e5c48fb81bdf2f2e1b44eee544f479b |
| SHA256 | b139fd53dc3ee127c73f3d085e03039507e144ea93dcde000c39689d3202e0fb |
| SHA512 | db8861e668aa4984e987bd5f2b803506441424d3ed0a17f4f74e1befaaf567ad13e9d6f3c41f652246013eb5bf63bddaebbdede0ad7ad5193366a2384e2f8ea5 |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif
| MD5 | 5828d1de8490d00870eee1d629536aa8 |
| SHA1 | eac6dfd244311261292f4176565e6b7f6ca83fbc |
| SHA256 | 860bfac8c72c28d4d47b6874bd01a1cb6e4554d742f27638fcd48a2f37a07d05 |
| SHA512 | 173722d84dc6408d187412a1bf1f425b8390db765c3385dde15c1ca02aebfcaed74d995eaa7409f468cee132341d3e6ce8b7cef6438f1adcd78a987386039f41 |
memory/4972-4427-0x00007FF614D50000-0x00007FF614E44000-memory.dmp
C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt
| MD5 | 531060af180ae2349f980ff458455f6d |
| SHA1 | bdfd759a89bd805dae00b2afc0173d80d59a3adf |
| SHA256 | a861b8f97961f331af2fbef420491e140d38e13e0ca12e1d03068e70d3eecdfc |
| SHA512 | 5af4cc7f5af8ada5a08ebf797eb3a43d831ca757b676262b7950527f944b852e045fdda212ef934d1befe97c40af776a1d9a2c7b0281857b9ede999851a5884a |
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK
| MD5 | 9d9ade423328187a893c38870442eca4 |
| SHA1 | d41e63d1398d1136e9ec26aa23746094d40b8f6a |
| SHA256 | dd854aff13173373b892445e882f88598eeafec594c7b23ab1ffda23eaf11451 |
| SHA512 | 0cb980157dc6a67d9cc17223be9aa7835a3ca92fdca3ab9e0ac76627a13213ae7c5d1cf095d7b1e5d4dd60088492a935f89dbe6c2fcb6eac897a6325eafd3fa8 |
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK
| MD5 | d7400440e0a5a3f598bac9b860905653 |
| SHA1 | bf2536c8e7f72da00c613059a264889e5dd1d611 |
| SHA256 | 1d68146e76eade33798ce73ed20f35e4bd6cd8ef57620c6e8df94df4f0645c80 |
| SHA512 | 0e9787ebc6e8daacdaf52d41a100e99492190ba5f96c0a16a5c2f2d5d8e8ab128703230956ff979b71f34c0e304f401d378d8119a617d8e3bdd01901ef44935d |
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL
| MD5 | 8d3cf541c2cdf7a82bb39ca0ef003ea0 |
| SHA1 | 5b0e23775ad91e79ea34619b5dccc16a6731955a |
| SHA256 | 81858ea438ac91f8c67fcce69ac8e01ab2b09d536cd11e9a7aa5a147f5aa2810 |
| SHA512 | dba7ece30b9e8ec227b747b98775334069d49915a2b412fbd0b124c2988ed6be37cf6d71d4b373050fe70045c51d3ba9758c865761aefe2f6a873217147a1c22 |
C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub
| MD5 | e40411d36272d888c4bd25db36f4bd0d |
| SHA1 | 3bdd77fbc7c852b9fd85896d4d8e3fad63879023 |
| SHA256 | 2a3da4ba7bfdd23438994e057e2beb09f7706ad57fbd6745a0762f144b32b239 |
| SHA512 | 9bb2882331378706f3c27c106fc13cb7b933bb0a74e7f12ad0ca41ea9af2d87fe96df7a1bea838fec7af1717abf2c86a2629afd47702172ac491478247131e2e |
memory/4972-8894-0x00007FF614D50000-0x00007FF614E44000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\vlc.mo
| MD5 | 35ff364dabcb965f59de63f98e6096db |
| SHA1 | 60ca6f99e033c2c89f783cc57b1687b430f5b462 |
| SHA256 | 2a57521fd00687049710f932196d225f6083b0d9c1af709636c6da872dbdd11d |
| SHA512 | 9a366f09b491affa4f6bec36c221dcc344de68a6acda53f46b4f691bfb8fe3b66785ddeda3958ca8b936c270faed26316bd23cb483e299d0b885dec8767772d4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_highcontrast.png
| MD5 | f40ec610bcd152bcc22a2de5b6f7d149 |
| SHA1 | 041338ffd911454c0969935a9a1cc394d9ac7942 |
| SHA256 | 18d60026b347b9abeaf21dc12b3b508e0d21ca8bad3037fc272afb58f965895d |
| SHA512 | 5148e5adeecb1b295e1fba8ec456474521247350c7b91496ae862f9efffae1989f010b001fe09f12d61367ad22f38b5549203d9f16979c519736c0970ba74fae |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
| MD5 | d8b27bf321982c7b5d8e80242a7f68b9 |
| SHA1 | b48e3302f4c12dd2ec1a1df31f7ff74f4351ead1 |
| SHA256 | f23e734bd334485591a82b68db20b8da2b2ad40934ff0f0558698715d5c0d3c7 |
| SHA512 | c01c2fbe2ff13d99982a6e806fe28e301bb925cde75e2b5144e62c658ad1694d5d838fd7af014f0e2f0079a7e8734ee0683ba6c325bcf05e1f6a3d4f5e5398ef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
| MD5 | 5b0582a83c6f2704ce93ac90bb491ffe |
| SHA1 | 5089697bf67d91f5a4f63388e33ac836411176de |
| SHA256 | aed598926b352b745266ec68ce44ecea849099cf9393c05acb74de36101aff5b |
| SHA512 | 045b9cfc5b0262d689d4ee7dce48d79dc63debb51ca01932244ca6e63a0e644bb27ff301f3d8519b65c2dcf3e81ae02e14782c2397f3664fc554b6bbc61207fc |
memory/4972-11781-0x00007FF614D50000-0x00007FF614E44000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reject_18.svg
| MD5 | 34affb58aa024c3de71d55c98c5ba7a4 |
| SHA1 | da17b35537c65b053cd6f9a69b25553886bffab8 |
| SHA256 | 1e335af68501b3a4783f464d05bdccdd6200f1c71ab7458723fea80f23a4138d |
| SHA512 | 8940d90687d5301a56c6fc9ad7b7dcfebf9f6ffbfdbb74e018c17d633e97be9f1ae1eb52c20f890fa204eb218f210bf414f7b8a7b20e123c86897b9608096a41 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js
| MD5 | 4b34936ebe47e28df116261470a3570b |
| SHA1 | f0b25112eb1d26b47f21abda36fca858603e10ba |
| SHA256 | 5aabd5ab3a1b4cf07accf6000062e168d06938994ddfae785b789795ef66c58e |
| SHA512 | 3f4d20cec0d7182073b04a476a4f2ef1b605cc27a576c706977fb504bd95ec6a1a420e08172cfa58f753313b260da4de09e34df1ab5c4eeb026549eaab8f9fa7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-il\ui-strings.js
| MD5 | b2ffd9ffb5f346e91e963cd078948f3f |
| SHA1 | a269f2a945dea6cd3e6c5d5bb9170134fa649e16 |
| SHA256 | c4edd97d8874d5e9a03b75ac91370075abac1ec93014fe9819a2b0ba9b532573 |
| SHA512 | 83b787b9dde0b94124f6ecefc879bd5f3e134341839a96d6b3c1fb6bf4014a340d5f9f635a9fa619babb873eda2e7b4cbdf0636e774089af79d2e640cfc6c3a1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\ui-strings.js
| MD5 | ba0d1f0daa7b091fd2ffbf45a469b34f |
| SHA1 | 17da1c1914566db4420a29938d417968653954ca |
| SHA256 | c3871bdb475e21ebccd928abd60522a2f7616dd4bf1908a33968a18f65751642 |
| SHA512 | a620bfa5a486e5e75acd68813f17da57ac15e1e32ca52c5dee34d090566be1db6df04baccda6c0018d8176015a3915ab6cfc298a9cbcd988f3b68c961112acb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js
| MD5 | 695eea897888b306eb7aae90ccf24645 |
| SHA1 | c123bd3bb55f9070f8f0c5cc10701b6e6f9c0f2c |
| SHA256 | a33f0b406d68f7628af7784c0950ddad772e95cefe31a2a11f1ab02b44a525b5 |
| SHA512 | 1270116d0bf916cbef90b05ada5ce9fca9c6887167fb6fea7398a0367eabf3c977f2abab4f69c8c92f3690fa0325aad1a41aeb2846d0e1d2fa8c9adbb8061688 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\ui-strings.js
| MD5 | 539bbc9e2fc434e3bc33dea0ea69f7c6 |
| SHA1 | 53b37c4f6cea1c2eddd8278c9b0d2393c356f2ea |
| SHA256 | ed56de15f302112d10ea9dbe9df1990608eebeae215d79dbf41b972daff3b1ae |
| SHA512 | e1ad8ac31b3d45f4ef666f5f7c492555b739dc3cd8fa6f7e7fca54587fe6488640cb8f40f10b8a261c372578e02ff9db13c2ec64fb0a1cf2f711cabf270f14e3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js
| MD5 | de4c57dd9b7fcabfa2c581890271197c |
| SHA1 | 8f81c80be092dcb5b5a3a98ca6f50ae698056191 |
| SHA256 | 1779d6aef411b667f364d99e13965e0afe6729dbed75e0208aff65bd1acf48c3 |
| SHA512 | e8f8e6dbc650ba1e8deb86a3a563c74e1d8941d195cc693654824309d1252783d88a88b740cdac4af83243469a7b34cb9a4f38ac609013589ccbd364de3c7f47 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js
| MD5 | a3054ea624d6771fde215e2b1161a0d1 |
| SHA1 | bc5cd84d9717902adc7a1f1bccc4783b040b6708 |
| SHA256 | a35c6d7f3c19f956f63a1af586fdf077119af6bae61d8078e359c9228da635be |
| SHA512 | 755707bac219653fa34bba2e40341bc55e92b45d50720c2c125776b27b91abc538599461992826b97df5e7ce5a2a940b42d13081159694cdca57022948155710 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js
| MD5 | 92f0e003bc80cc2a7f02bdcf4c2b515c |
| SHA1 | c003c318d2918c83512ba098d5dd3c8f456bf649 |
| SHA256 | f65528db5d5be67cd72bc6486789be727b7900e151d285650a014ba40443262a |
| SHA512 | c255813b9a754667c819597e803c8ef8eb5b9f43b94f87a6724459a42db63af9a53fad2c340210ac236ef5d7dacda202320adec41e51ed8ec6687d61fe3ce546 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js
| MD5 | 47377514745769319de0115b9c48d6d7 |
| SHA1 | 7b0aa6d33e93e9a9f035bde5367cacb189976e32 |
| SHA256 | cbd8875ca85ba308675ec795c655bc1aadaab2656a3e0f32ef1eb5054a74e564 |
| SHA512 | 16a1ba053131e87c09de752f9bbfc5d8a0efe27cf9143d4f241d398077941066009653ee0ad08e9541bc46def1829cdc26f8a4b6f484addaafb7f8ed4e78cbf5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\ui-strings.js
| MD5 | e78b45154c35e4e4ca0fc1e7719ae15e |
| SHA1 | b3562a89329ee3fa6280af7d118d51b6db1a6612 |
| SHA256 | 2cf649457defdedbed9b4724cca8a74b71a57cdb5c44353dd72ae896414de955 |
| SHA512 | 5d4d5f7c7f1caf2c2ca8a049a873b546700b37e61896697de7c4e6d236a54069f2f033cf9bb296c2a280a960fec310eb25b2239b57aed616fb92c1271d966263 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js
| MD5 | 6b87f270bc6c98d4ea5e85380e3a3163 |
| SHA1 | 78cdc4782e1399d5461bbcfb62bef4b05cb9c27f |
| SHA256 | d17e9a805a2742b071df72b46c69b4a780e5a956cfbbe94ea9aa877b8bea3809 |
| SHA512 | d75bbe27a1cea23621e1dfc8e5c9831d8514e35a90732abf689ba6bdb9b956dd2e686d9dd1fd0a3cabc4ae861218fb1dc0dd1f4c01089a8314d5285f497c23ad |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 3229aa5130c18339db9b04a7b5076a51 |
| SHA1 | 525d790dc32392e4998751d396dcf513d97efdb5 |
| SHA256 | f1d2ba2baf436054d07b361bdeaa8e1e431dccb30b375479c6937469991bf3ae |
| SHA512 | 23adf453555c33c8d1d9ff1b61407164e6d24d1dc20a5137d08dce05c2f3c504cde135a035acae42b96bc78d05c946002c327ab6539bfbd6cace5690697588e3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js
| MD5 | 2be2a9679d577134dffa56f0287c3476 |
| SHA1 | f1c72a4cfc76300660f7fd520274ccfb68765444 |
| SHA256 | 3f13fbc6ddbb069fd04e932c345851d65e28e281b7530ba984e5b14a4627e21d |
| SHA512 | f902f83d30befa21349cea90f4a633260b71c8cc4d5c9d39b81388ca34270b3d7c6e3c07197fc3a4fab7a3038c2a5f486d16f34f1dec958d0700df2a5aae5e41 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js
| MD5 | 03cd570ed9e8edf517b616f385ffec1c |
| SHA1 | 471faf33791d35e10ae6e1971f9352af3a964eb1 |
| SHA256 | 2d549465ecfecd6f7acc061adcfc9f3ece8da3c547ef0ec977076399c4ad4460 |
| SHA512 | f3853de01a1bb9e1dafe5453598af1d8ae36d997d1629351cc10ab8128d9364e0430ce1c1146f103c49b39a1f757674a2ec1d912e168f2e886d1ab329cb5f806 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js
| MD5 | 50c7b187421976fe6f7798a49519d6a1 |
| SHA1 | 4f6ee3adc69dc0e0b669156118d6fd75063da3cf |
| SHA256 | 1c197af84692e0b7c309afe072b611002ff6e6d85477622217b83246b03be94c |
| SHA512 | 20e7dc9b41fa88f654ffc4854c0007df9381bcea92fc3d9bc9fd72e9332868e41b75ea1484656d98dad94c95a3c2e6ef889666ec420bd2b1398aa98bb8d2b2df |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png
| MD5 | 543ff2f09f5d7b16fdfa478d8cffed2a |
| SHA1 | 1b8fec79a5eb25097de0dcddc176a949f105a540 |
| SHA256 | 4cda4e0c93f245080322c424058a330ac311b14fd0c53a69611b717c1bbbe65b |
| SHA512 | 6a61c4f2d868ce99e1210e147c282c1f63b6a5383d04064b7d11fa91d6174cc6365ddce296d7eba3776f1f68fd8228d096e5811d1e44ca6834bd4fe3f4656d4d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png
| MD5 | b42149cc6c60859800ca841fef330e00 |
| SHA1 | 9c1df86a4f961b095ba0d680e4a9bb9b75ea4f54 |
| SHA256 | 03b8b269171f3c4b99bcc8c8de5f3259dc95f8324f6cd632dbd6ad58e5eab2db |
| SHA512 | 0b7f89ba0dc1fbd5a70b9916d9fc54f38632027c8313aa67c2086b894811e32f1b60a552ba9b642dde54cbf731fb120414d6088dd0c71a15abdfe5d4a94b25f9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif
| MD5 | 51a0bf5b68a1db31f2f92d487504326c |
| SHA1 | 9c5db32b9873c5713b99f005d5c20c58c53278f7 |
| SHA256 | 16f4e282a6a37498d172ed44ec5d8efa2f1f25d3b926f0b5cc7be582af4f77a3 |
| SHA512 | e0bbdcb751dbf261ab0f8e5a8a177a3604e362b1ca8a7a5a383382c900a67ac90fca9450f5203e6883f1e6787f15297011bcc6873edccf63d0f415459cc9ee5f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons_retina.png
| MD5 | e3903c9ac3c027f30e9961a30cd26f2c |
| SHA1 | c7a3411405217bd43e163d1bdd8c321efbe8b485 |
| SHA256 | 911a172700a5655e6203ef62901957f30d47d9479862e1a925cdf26a2b607c9d |
| SHA512 | bd141da90633dd5d341a26f71c2209b21fd611112881d3586bd664aea6878edecdafef3048085cdef8cda98d7156c2dca036e51d570d845011a466c6c448b9a7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
| MD5 | b60c1b9d5a7ad17f30e4594789f6ab32 |
| SHA1 | 46f57a69de22ef378d5d9e362c91dabebfc0d319 |
| SHA256 | 3fb7ff43d5c6b30ae950bd2fefcf47dbc0bd61b71034621d8220c767212bb5ab |
| SHA512 | 3728e3585384fc13c358772da8a77bae355e205552a1826c0d22e32db08c2726256394c10caccf535bf69f9b8916dd8a4b0dce06f0b419dfe8342337b9478198 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-ae\ui-strings.js
| MD5 | 72bb50c6f1b647d71d2ed2a5515a3d6b |
| SHA1 | 774f590f658357a077f061c04a37710984da0a36 |
| SHA256 | b9d4f1fa430ddb51d810a3246a3f2a227616a9a8568ce96e779ee4a67bc44f34 |
| SHA512 | 6f940b06d402eb16b93b8600f2af7172e82804b8bc2340266172f2ff4ad825c2717e4dfac37d5b1f9c989eae3d6e186d011763e3576901efd653834a38c6021a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png
| MD5 | 20b9fc7983ed660ebb3e41e6806202ef |
| SHA1 | 0835974d95857b850e7c522b82d08dc281deade2 |
| SHA256 | d488e5cdbe34dde56b8fbda231c3c7b5729cd26e629b73d54cebeebf2c9b9a72 |
| SHA512 | 9f2bc42fea49cbf0e692f82e4e4410da8e4ab7e6320c03927af43309d15c0d92d61994e89764628a74c27ddd2c5d3f39ab1fec98d049ab297657bc9bff8b645e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js
| MD5 | c3cf466dc95962d70111aa7c0dc8cbfd |
| SHA1 | fdd1da2a92a7dbc69a6cc09a6786a6c5a39f398c |
| SHA256 | 95d7946f224c451b9c7b92bb5b47294b3bafad163f4016295180f6001702bee5 |
| SHA512 | 1846ba5f33d206c3102704317f6a3e21d804530797b683d7a92486be60ea8f4c509f9b29683c86ad9018ec3cf604339c1d4d7f02c285b7f067685d8ee6044625 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png
| MD5 | 8baf4575c6aac8e19d97df03956fc470 |
| SHA1 | 30a5be5e5ffdcd456b468e4f1b57a5a21523fc56 |
| SHA256 | 65d606251123390b40b2eb6f969b5df28b7c81ab2abde817e816a4096c20f495 |
| SHA512 | 3066ad3c83e94346368449304fcaa3c401c6859eb195ba69188d0e15f78926dd5f44e5b2b51a5f86bf63903320eeb9456d613ee058bde21a962fdce5aac9b72f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css
| MD5 | 9ca1cc9b4eb674387c35fdc4aea3b24e |
| SHA1 | 6c1f1b59f202e16d1d64b764bebb55b889b3bb79 |
| SHA256 | 2e832a1a3ab797810c77e1577b8d3d0522704f63505881545c7ee2ab4da8468b |
| SHA512 | d640be83c3054cca1673ac38aa0863b4a23fa6804cd5e2af1b04181789e1a4aaf4575649ced8d0212c30d989e90c190264377889fb0ae574863a93e47cae40cc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\ui-strings.js
| MD5 | 42cdef7c471cd7d4ed9715c7f10e6351 |
| SHA1 | 3015f6606ab31b9e415152959855946728a30015 |
| SHA256 | cc99d6943f7472b297d93e38cc23e182ec30f695c0d7a4f2d9e42408ebcb45f0 |
| SHA512 | 761bb64e1b27fe14e6f12f7a99094beb05c72b38df73781018cf61094b72c079987d06c7427e4f1c94d9f42381e832a406036253fafa2b6fe6fd95fd2612a42e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_pattern_RHP.png
| MD5 | ec30c2545e1415e5f8d517b719eb5cbd |
| SHA1 | db02f0b1e7df246e846a259e5c3f000f98243a46 |
| SHA256 | 52e44a1f9232b67a621c1ec1292b2ed5f40ed94974e84538aef13e45ee5c55cb |
| SHA512 | 89e2b3a87f4036bf08292714147fecbeb7888b68c2f92e9a70c7181c9244ca32a525fc78105aa725de78816119f5291aa4c20969651e82fcd2e3603552df4b8c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_patterns_header.png
| MD5 | 738497e48cbd4bbfdcf70a173646a0c3 |
| SHA1 | f87c668468deefc1232a1e01f647b61788054f01 |
| SHA256 | 108899bb944c4072055c1e113d486c648f761d262724b7d97f256cb54458e835 |
| SHA512 | 972b78b0414ed80efca7ed195aa3b18127ae3fdf785c3269f72e57ec718b41773cdeb26f8c1c75714401225b773ea23f9c304478144e38b946a1e0bf197fdaa2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | 9d1499e61bd29c174cb93b1406113b48 |
| SHA1 | 58930692faea1740e282e7fe7879cfe4a098cae1 |
| SHA256 | fb9e871a3d8c636e4ee9adc608fd852f7511e3797e7929eeee24a49add0c5fd9 |
| SHA512 | f3979f7fcb77232bf2ad22e0209e63d16e39edefed579ed6603a52a4f2fd36bdb914842ca63c98a3f8cf1aa36c05725a680bfa92216d4b883c89dbb98ff37a31 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\ui-strings.js
| MD5 | 4648d52d328d9ce75bbe66a066f36103 |
| SHA1 | e1e77a87c651c3086f7299b4ccb621bc9893d807 |
| SHA256 | 22347f917b34c79d12366f4fe0c32bb7ee61188e155127bcc943447604617b50 |
| SHA512 | 9c4fe057824d6d5fa5c65a2263e4fcadb26b6de9d24c428c318b8315756fcf17449e155b4c77e871fef5c0acc2811031d4e58c74a6a5ea3259b6460fab311caa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js
| MD5 | 73130c4806e5cb31a3151e908e78e8c4 |
| SHA1 | 9839a9bf8938310035d04968b6d5b6a537b18ecc |
| SHA256 | 6f366141b138279998185ba3ecf9d2dec0b627bdc14ac3c4ac8349e158651f76 |
| SHA512 | 3c5fdd4ec7ce5118026ce5e2692dd373e2fd76895a3aa9fa3f6f7fa88ab4761b7f7d5c8072d241ada8f5131d2104e023717ebc8c1339696fb92325545b5d5f6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js
| MD5 | af7a94dcf6a1507caa0616421a309986 |
| SHA1 | 6acc85e6d5cf57efb8bf00f71e862308a10c758e |
| SHA256 | 8901f002478b066826ab413d5c922ecf3b1a202b17f738c5b21d5409582e885a |
| SHA512 | 9c4340330ef55fb9caa94d5cbd92a76fa417c1c11efaac8244ca03e77a2081480326463648b0828ad9f121a1a548dbb750d86429b67d5aaf4c5b019bd41d7441 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js
| MD5 | 01606ec5a9eb32ff778c2c31895f2f2a |
| SHA1 | 5b9f552dd9c6fa8fa42128305a53555d668059a5 |
| SHA256 | 33c324ebfbf8a98c5c98b1fd7c65ffb2b02894ac2aaec9d5670266a55ebc7ec6 |
| SHA512 | 63f5a9d893c0762b3afdc81f45f7f52bb500fc6edb5f22312d00ffd42a9c89c436d92fbf5ec200431e63f5c753254fca37aa2f9b51245c57cc7b595f286686d1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 45e22e36f1cc8f153432da89f1a997d8 |
| SHA1 | d609562a32df29ebec9bfd4487d53fa9010c1a59 |
| SHA256 | 591b8a7280e52a6dd4d1e5ff8ea0a913ec73531a4d655773111552a8fd7890dc |
| SHA512 | 842928ea8e32ee33ea6fe1d6e8f38f2868ebd666c22f3f2af347b4aebc5a029f88ab6eddec91054e7945b4377a3a682b2890a21f1d6d1112cd74cc8fe09669d3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js
| MD5 | 44cdd1627525486ec1d2a6ef75f47d0d |
| SHA1 | 7cfb8a593462f0aedfaeb02f5e4ee735d094802b |
| SHA256 | 19e97d813ca189d3a972aaa135f18fe0380d489bc807ef6354c265dba302139d |
| SHA512 | 8289a0e923cdc1a3423cf2c55cba80dce981cc4d4b6bc9a52d0d02e0394f3da3f57fb75e77a99fb91d91d8566f67809caab2fc720276d5368c641655002cc47d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js
| MD5 | 63470abf49c0e1cc7f31aaef8740530b |
| SHA1 | a50b0bbb23a574de3bbd17701f414a08513aa055 |
| SHA256 | 990badfdf05a5d3c37807a3dc2a0bd126baec95f830af89e155541a71e2f6799 |
| SHA512 | b03ada893592c07aaf0939bd348151172da4755793907040536296fe9adea5a956f6bd9df5afb2b26f539724e745d2b73f1cb87180f1b630e73ad0946b15d724 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js
| MD5 | 3bb72aa6b8252137abdd4df14b9ea10a |
| SHA1 | 328729b2e80d2496a92a25a1f63ebc6aed25bc3a |
| SHA256 | 902f1293d3fc5ecea2084549f796ead611461582e57092188c2dcd719b03ebf0 |
| SHA512 | b95589be0f309fed41964a5b34db0533d33f0a50706cbff6bd95c78c1b5a99fd39f34ca0ca667d562b0a0ef0608154caaeb4d43a5260b833e90f71594c21e0f3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js
| MD5 | 27780bca31dc48b97af69c19fcc1eea3 |
| SHA1 | df9c0c5bcfc5d353b8b5e7cb8486e75233583cd1 |
| SHA256 | 257c1fa3dc73c6e2fecfc90975c490823640ca4f4f4ee0b9feebd1a7ea7ca705 |
| SHA512 | 1c71f8aebdc736f45061587336f682825db21a1f0a2f66ebf7d5915d68a4d84fb9fef26679b9ad8fa64d9da2bcae49de734bd1899a7ccb48998399bfbf547f29 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js
| MD5 | 5f08b48677490af0565a825693695419 |
| SHA1 | 2c105343a91aac0daa8d8723c432abd0e1b7d35d |
| SHA256 | a1ebf8a451aa9e1c83eb23ed5ba6bc669e3d04234c43f1462b7b57fe79b54cdf |
| SHA512 | 3e72007554e935cd3aaf24301a81743529749708ad39f61aedc5d33f638496ea0058964e019a0dc0f10ab6484a1071fcc1b32549620d1b56524e5378f93113f2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\ui-strings.js
| MD5 | 3e4d83ad6113d00ba013e533e4bafe7a |
| SHA1 | 0316d005c42de686d78ac29c533fe387d260c4eb |
| SHA256 | 011a34084a7a3de35d1b146c12d6c5a44d0ab7ddaa23038d3d6c09a7d82989ce |
| SHA512 | 520605dd7d39989bfcb43e50e11c174555209405e333c72f8ee174e46ee6e406a058daddcd136ebb6435822c0fade9edf095991dc2a7eef005789ed69af8ec1e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js
| MD5 | f4d463ade79e3a527f148145fd9da0e9 |
| SHA1 | 0628a38557bed0b0af4319fef55169830dc77c68 |
| SHA256 | 1262cfc2fe7d649487738d35ead4639ef620a0b66aa7bf0021f9f4cc925aa291 |
| SHA512 | 9e683765e3b5a59e4514df3664c7dda93faa7ca609960e85a1217c28472849d11bf3df6f0af4edf7748463d92108a987c176bb31dd0231f8a308dd0468de9fcc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js
| MD5 | 115e6d1d4e3ce259d32db658e3c5f0a5 |
| SHA1 | 116b29336909ea73b39194c1e5e1ffb691bde2fc |
| SHA256 | df36e477fa9822278859b50e7443dc194cf2d706105347fe095ab4909f9636cd |
| SHA512 | be3a7deef8c819753994523329da94096c04d0fc6947c5ccd552f9a4b043e1581cad0243cf57ae9154a16f52c9090d708385d172d4c86ec9c62999a0f8e1f300 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js
| MD5 | b46e224164e55b4ca215c1b0a24e8504 |
| SHA1 | e65d9d67deed3dafc38e8f2018129081caffd54d |
| SHA256 | 6a31e35f9709fbc38cf2bd0032f6d949c98786241f1de3b6c492f2e708fecc4d |
| SHA512 | d469909f48df21bdaf06ccca4b192bc54f6ebc38e78572b8ac571e6ff96e85fe81ab5e87eba9635ce3f58ac83cc3046af45e2583fbb92eecb86486e5d231f0e5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js
| MD5 | aea69e6d41f5366b530c6a1a81a31e97 |
| SHA1 | 0395141df0673f5c242400c6039316d86502a466 |
| SHA256 | c1d82e4650fa9dd694899d177b74cd3600e374504804a47e50ce58c2d88e63d6 |
| SHA512 | 171abe137e0c582d06777d8425ed3300f9b4cab1d41d197c9fcca5f4042b85f71f828ff039fafa6dd95ebd554364a59f180f82ef7f6421890be8c204f2bfc7ae |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\de-de\ui-strings.js
| MD5 | 6d1c493e16ce1e9b57d5638c7395d206 |
| SHA1 | 15e7af8c7762a6c317c88ff954ba8fb061c31cd9 |
| SHA256 | da4bcca86751bfd8d128dccfb2cc58830af7c94ed8e4c4c04202371d62d0e410 |
| SHA512 | 594b65647791d5485b0d74f18eb9c08698a6bf5bbf6f59a0ad8cc281b55bd6fc940726614f2498e41693a29bf1eae1d54544135f41342a18d690286ae3f01523 |
memory/4972-15374-0x00007FF614D50000-0x00007FF614E44000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js
| MD5 | 9b0a4b57ee1bf4b8deed3b3b83735123 |
| SHA1 | 59fef1808157831c91438d4783408d62c0a389b7 |
| SHA256 | da1425b8005198a77ca50d44faa3128da0e3907a584258e95535c1368d5c7028 |
| SHA512 | acf827a3b97ac7592f229aaf8c9380ace55ffcb4a332dc9f084e7f2750525a71a5be1cced8481b8a0cafb53719b6201c64b302c6394dd901f5c727b6f80718bc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js
| MD5 | 6287ce61beded9be74bfe37b9dc56d63 |
| SHA1 | 1e4d480226de2231aa361d863b6747a782e4dd47 |
| SHA256 | 86120574e2503d248f9cd817e713a78631f14f23d3a4bbfd8773067838ebf689 |
| SHA512 | 813bbc6e1426095bba5ad913ad2db0a67b489c6cb1780cf77ba45204c3d1a1c5e560c393a69aaecde06d78eb7d70b4dd518ab18a13f684b14ebc8e1fd277b03f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
| MD5 | 59b64e9ba419db24dc3ce6e555a8c70f |
| SHA1 | de2aa1e7fa66be89ff96c592c8cf667263dc6524 |
| SHA256 | 28656a182ad79c086c18e598acbc1b3bee6cfa10212f3b164a4903f705a356e5 |
| SHA512 | e780a1d5b2ee6667fe1f3ed872a44b3c7e382d25222004a6e49082a037a71d658e1a569bfd70aa8f57184a206da66d35c90b7c530e9c9e795ef16fa51db05055 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt
| MD5 | 62fe760a18ce8d8c7e8cb67289c3e6cb |
| SHA1 | 63a95c11773855a03d73d0c82982b48ae746bc0b |
| SHA256 | ebcbb804c0ec6762cf8349b1881e7dcf73cead3113e653fcc9627f60cc3048df |
| SHA512 | 1aa8221eda7cfd4f9de7b887a4e39cf6ecf012b081322bf7cae2df183c41bf255c49f2de82cfc95980ad5890b729522388d774e52b096b03e49c5c220237ff8e |
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log
| MD5 | e48ed55e3afa099696666296980315a4 |
| SHA1 | d630cd33de6c823d2df9cc21e29fad7c91a1d122 |
| SHA256 | 45c5cb372302d8aedb9a57122ddf4e8ee8abaa1aeb96adf05566ad4dbfa6dc80 |
| SHA512 | fddd1b3d67d2713645391e0af51b1da60773a4566c9f1532f132026e6566e10331fb3c3f0988e8781be02d3a38dcd1d281fbe0744f1cfc9f264ab8b5aeba3ee7 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
| MD5 | 4091565cdd8a24e219a3d3b68fd42c0c |
| SHA1 | b5d7284139becf6b6cfcb882279e1e13f3220b57 |
| SHA256 | a15776d907610045583066358ed5765f27c11314c4ebbeb101ce74eef7699488 |
| SHA512 | e21d5307006d4c999034429af9af1c1508dffeb1c21adbae45d1981faeb14980258b266dacfd15442dc7e67e68fae1678cfe1baf68b7c3434dd2bdf2a92e4859 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | 895e5c89665e4ec0dd1fc4bbf0084084 |
| SHA1 | 796a7bfb8ef4bb08148dc7107bcfec514ddc4e0d |
| SHA256 | 49c82e7267c18617a9b68b89865a00e824da382acae85a0a6449e32ec5cf8216 |
| SHA512 | f53ceff1a3eeac3903de2ef358e502f2ee73257aedeeca0ac38524d1c4ffc3bf6e68c2180895925e415ba90e1703705a26d234a82df351e3427fa1ac6b83eca4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001
| MD5 | 22d6504165ac1f03afaf4d244448ea20 |
| SHA1 | 4d94e8df1658e2dbb040bd9e2bc0e04cfd17c1af |
| SHA256 | 9768d890678a929c78aca1dee0fb003220cb4338339c0529b08e6ddc67aa7b60 |
| SHA512 | b764ef182c1945ab9b054a794bca0ab795cdf698a4f9174e78cdf3f554869e165248a50404fd22214dd8ccb3bece75c82e070f792f8b9fafeffb1d44bf8dd58a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | cfaa54cb4daea7353dc4ccf0433a66f5 |
| SHA1 | a2eaf6a5e7a854cef2d5d3df5c265caf01508b21 |
| SHA256 | e3f34182d0df06e49b8403e2f6e8c78e69599cc88111a69c627e739a353ed6ec |
| SHA512 | c51367040f0331d2981c7f476c180ce8098697689ddfa18d8b04eada191dce1e83ad702ce2dbd6d71fcbe52399c7962676cedbe99041528eae708cfd493d8ad7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | d974d02b3938e6d2435e4c95cabd017d |
| SHA1 | f6440a075aec804a3657ee3d6058c385b35478b3 |
| SHA256 | b39d9fd9750017e7b10f205ce73cb6bfe0ca7c61d9a723ace67cae1e42821494 |
| SHA512 | 064779e21cdbe40335e2fd4278d579a037a1d574542e462821e2c8c3ae07ec1a2b856a0e4d0bcfe8b05188e884a206cce4a23c765ac1474be43aae47a9fa0115 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1
| MD5 | c1017abf600abfb3611d5c8141a8411a |
| SHA1 | bc70b03157f07490f818b6d3989f89abf49ad6c3 |
| SHA256 | f46d4a41cf1e0ec6442cb1d86a96b60781c91352b239ce07b99458ff5ff93ffe |
| SHA512 | e0ba446adf000949a6fd1c74746c54fce9e207928d2c1f5d4ba95fafa770c722f5af4b21f50a31a1a78d50f6275e80c102b45489ffcb8781dfbcb1cd563b0016 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0
| MD5 | b72b35e5ffab2a4e9b4dade1678abd1f |
| SHA1 | 65e7fc5bf57e994e011b2e219aa3d2eb49a343be |
| SHA256 | b72f3a27f4637a7c345193b8118a8a0f0f044c10b1c29a7c3572a91e8cefcb0b |
| SHA512 | 2f8cf2e3944af933848979e17a192eea4aea9eb9bd932f90027f4b2f1ca6e12e2c474623c5a060a80aebe2a9194d88c9aa2fc9e0f362c86f53c608f07154c861 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index
| MD5 | 141d09732d797ffab43d6e62bfd5731a |
| SHA1 | 30b4ef8494b94cd142934bf05a81525c6ee52d4d |
| SHA256 | dfd4f33f25eb8b84c73a653a1318a57e3ac9ef53d9136751daacc2314a41d4b7 |
| SHA512 | 426f714a4c7741ef919fc447203100144a5d136ffe12da561cb2d3d3996bce137ecf8d028e06dc1084d32dd497c3698ee9351abb1715fbb009c2947efc529fa3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3
| MD5 | 625845d3404e8e08612e87a0260f559f |
| SHA1 | 297123ea4e489c471813f391f1041a8d76cdb7ae |
| SHA256 | 70d61b2455b66e8938c874a0cbf836f741676c11f58e9203e2e84ce8ad1fd77a |
| SHA512 | e8cb3280ae690e9dfb4e8d32fcb7baa48c9d81be627f065f99174962a4a2d25a100917a9e822a7a06bfe385d8f543ed88f119535cbffa686c14b0bd3938c697b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2
| MD5 | bda54ed0880b190d83b25ce839349aad |
| SHA1 | 038ca842b75c9dc12e05d3b9c46b0a7737ed1526 |
| SHA256 | b2e83aedbdbf7b919b1d13b1e50448d51f7c0285d0fb19a08f17aad970356430 |
| SHA512 | 985b7e211bd91a905abe91c6d62f809555613b586e6c75238ddb3ec1e3d2ea985f34e53d87b577849854cd5ab7415377567ee40bc8cc7c79554455e232783b55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3
| MD5 | fd73282cc11b940177013645e759039e |
| SHA1 | cf289b78430a853aa52bf5849ebeca0a726e572b |
| SHA256 | d573aa92cfefb65bae73622d005fc9644d47d38d1dfc13f5cc4948dac16a6c1e |
| SHA512 | 7d4f2473572097fb49448b052427f6c94f02ac62b463687c6ec700324eebca1728dc20df16a07e089b9769f20dc48a719bc0b15da81dc046f7036783f286e101 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0
| MD5 | bb7db92976ddaf402de7ace708420398 |
| SHA1 | 1bc401c6b87618ac75d7e5d92db90c43bf763ec2 |
| SHA256 | 7163c02d80389f1a80e166d3bc6ed6a421bc7a9de23b2fb0e425f0c3ea0a5f62 |
| SHA512 | c1a0bb440cc525f2449ac6d6030b6b41996f14ff6c23bbfbbfbb6232191e1355d52f3dd19bac4e03cc62c0cf21065f2f07fc7fc8b74c7cdbca6976449469680e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 37147bffca251a6f4070e311883bb66f |
| SHA1 | b7ac2b6cc59314be5cb6001ebea1a8e901c7377a |
| SHA256 | 1895e64d37c11d180571d97c0083b8d5c646c9b4a90b7aa9f706b1cbb3e60ff2 |
| SHA512 | 72b1ec6cbbf3f58629385c0215fd081c1b09c0bc7803f06c148fe33b510d1cbea9b8f0401465ba60caba7b174af07fa404a12229603e3a450213fa4dd3e96923 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
| MD5 | d25a836b5c0579f88f9652e8076cc42f |
| SHA1 | 21a385cb0e422a164e986c5059137101a3538d52 |
| SHA256 | 38c620d864cf9e2a4f13af7280c45b4777bbc22133461eadbf89519801b2729d |
| SHA512 | 5ac472b940bb75df7fd1726ce9e665138b56ad7f6aa7ba73a2b03e9d93f0b47fee6e0e2a13c2f9e3a47b0dbb4e8f52ae1a3c9b624f8f40da4211146f2b67c2f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 859c083158eb08fa990b46dbc47ff01b |
| SHA1 | 3e1a520cc504fece66c5ee0ab5ec3d09ec889ca2 |
| SHA256 | 87b961e6662a8daecaeb8ef1b2c7195a5478acd73f6c631872e279a49fb322d1 |
| SHA512 | acaccf2fcb86c6710f4d32223fe1800074b7d4a214f24b7654c96cc378265d4562d8e20e83a6c81afac2afce878202852087b630cc88d97d8b4c4f870fd53be6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2
| MD5 | 5e0e61b27ffe0c1d74b1f6d27af9cb9d |
| SHA1 | de3e6dd4c5e95b7ef5f53128cca3832274978d46 |
| SHA256 | 8b704a3a3b23c04bbf66ee560baf5575f4b64af57f9c1e6c83c97415b8e30d96 |
| SHA512 | f4729038061be5b9a5111cf16cd8635a4adf3b494d79d87dcb7c991786476506c26bafaa6297bda25d5db8cdc1a4249ef4a61634aa20d346ecb1e471e0c1d1ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index
| MD5 | f694a7de4b57779219dbaf81d32f3916 |
| SHA1 | f1df96ef705195c245e448a1c55bc84f664adbee |
| SHA256 | d80d86c5bf7e2a40d7bdb922dd83982428857f2d0b18aeca51830f415e7be581 |
| SHA512 | fc66072b062f1556592bb97ff71a384faf53b25a4155d5d39fb7ee49bb8de439d6c077c645978813f01c84fd1fd2e62126ce71d3389cd34e2d8bdfbb23b026bd |
memory/4972-17975-0x00007FF614D50000-0x00007FF614E44000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat
| MD5 | eed77b22f1c7e023b865299ab9e53852 |
| SHA1 | 3340b3d52422a933e2928e08dfd742f08c3c1e53 |
| SHA256 | e6300c916ba671c861d53d6efe7ff0459a2bb5664cac90444277badb0ce2d5e2 |
| SHA512 | 5076f47c94dbdbaaa8527a9231d7514270492946db297de8ecc12df71da26441065ce59ebf5033cf4418099618cf03848610ae8f2236d97954669fcba7ecc73e |
C:\Users\Admin\AppData\Local\Temp\wct5658.tmp
| MD5 | 01ecf7515fb995655ed9bc55db2fe314 |
| SHA1 | 06e7ce982122d033156a10eb0276fec0feac2eb6 |
| SHA256 | 01edfb42c6e7433f914eed8a3212b2ab1b1de1403b62f9914bc5fcc9c498f615 |
| SHA512 | ab0b46ea137540e597c56ba040b465621b33aea34a54c9d5ff890c9e932e27ed1d5e79fb1eab1a2d21b4a8dbf8c17a440c13b154ad81507a75d9fe6e48d6e750 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
| MD5 | d03b2cdd35b51e4232b7b1accd5c3bf3 |
| SHA1 | 63cde5294e9c447c50206143871d234a84f5cc97 |
| SHA256 | 142f33d00c9eef43f33bbcbbad84338f9d6d329b437ac210779cc209c7cd042e |
| SHA512 | 260c01144058f96091579fe3ea2a31c7f121d6296a97b91c9f61318c229d06168da29234e10866903f9102de3dd0c96736073be1836791f0c91b0ac1e27ab2a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\places.sqlite-shm
| MD5 | ead2d84b8303fd3ea4c5226c0edf7e1e |
| SHA1 | 6b3151ee4fbce8b0f392e28d7d67014ac79bba0b |
| SHA256 | 96873a720e98d12aa7dcdb544079fa191a8ff4756224d55cdd6c042c5997afeb |
| SHA512 | d5ee70cd3333ef0c2a3a3ab030ee445e8816852b1a2d058232bba2dbd51bff7236b6bb03b97d0e969b661488bba703d8b54ef99f51a8c214f488eeb903d1b66a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
| MD5 | 2765251cc923077e562af539b0523169 |
| SHA1 | 189ee98d8e63fb423d241cdb638d4f59193c604f |
| SHA256 | b68ebd7916d5fc766b2743e575c50d606aad8dd94c57d93fd0853a38fc0b4924 |
| SHA512 | 683fffd19229e769eac7bf1df3111dc196c2da0296c1c87457cadbaccce503fec9bcbc51245ab76134028c18fcb3761147490223887ac234e01a9221893b6e46 |
memory/4972-19488-0x00007FF614D50000-0x00007FF614E44000-memory.dmp