Analysis Overview
SHA256
44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec
Threat Level: Likely malicious
The file 44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (7778) files with added filename extension
Renames multiple (8600) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:22
Reported
2024-11-14 02:24
Platform
win7-20241023-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Renames multiple (8600) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Common Files\System\msadc\adcvbs.inc | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0200279.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02756U.BMP | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Perspective.eftx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLBAR.INF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSSOAPR3.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02214_.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR48F.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Text.zip | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0237225.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00828_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\CDLMSO.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\FLASH.NET.XML | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\America\Cambridge_Bay | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382836.JPG | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\EquityMergeLetter.Dotx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\CAMERA.WAV | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\SY______.PFM | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\J0115866.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02793_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\NVBELL.NET.XML | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Equity.eftx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\OFFRHD.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02466U.BMP | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\VVIEWRES.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGNAVBAR.DPV | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\MSPUB10.BDR | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Verve.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Checkers.api | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107512.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0145895.JPG | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GRINTL32.REST.IDX_DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe
"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"
Network
Files
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt
| MD5 | ce84fc74b75f880013e953a200cfdde3 |
| SHA1 | b7aee542b34765005180b89853b4d1630c21bd25 |
| SHA256 | b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66 |
| SHA512 | 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337 |
C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer
| MD5 | a5bce4073ebb8704c167c09a1fea8c82 |
| SHA1 | 60ddc5fa8cda42a6770ece2217c54607952883d2 |
| SHA256 | 28dab4dcd4ddcb8b990401b256513ca0240aef855351eabcef2b0e16e970bbc0 |
| SHA512 | 44e12a0c093b2474d62feafaf234020d9b3a34532b3b1bf4bb3292a934d2dbb143a9d83a72c48986c676d6f8a8476bbb5ed6b2670f4a486cb4ae6d20f4220aac |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | d3089ec1492cd4176192750b3b11947d |
| SHA1 | 51bf2cf3dc5d8b995bf8c24c2474769dbfda107c |
| SHA256 | 308a342732914b370aafdf3337ffe701e275a493592af78364fc16d87726bc5a |
| SHA512 | cf95b216ecd602786624a60e7d8b6018bf8540e5d1a7e6cfbbe4864014f0282ae2ce3d9cd0d0c1414943afbf89e5ddb61b6302554b782ea2097ae19f325a054a |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.NBA
| MD5 | 30c729dd3e47dcb9ca70119e9068ea14 |
| SHA1 | 99297fe75569bb287e50871bddafa4f785b3c1ab |
| SHA256 | 2a7012ceca91dded80ffa754561eacd44f04b30c85170f94c2ec5132068e4ae2 |
| SHA512 | b26646c36b9cb7f3f8887476694f6cef85784ff0be92d4513f5f35d6390263bd51f29d1cce016983d26c409d23cceded605197bac636ea7ab8a4f83dc4f5f4ee |
memory/2408-3257-0x000000013F980000-0x000000013FA72000-memory.dmp
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | bfab3ff9677fa7a95e16428202df5697 |
| SHA1 | 29a80800d1574d431984e4f25360c783450fa65f |
| SHA256 | 83dcfd34af8ab140be16b7216f7acf84dd35b445ad6e2f42b9a9e8022c9bb500 |
| SHA512 | 17bcba9f1e3446b632969787ff4748061620395f6de7684fc295f6f7f898e42699aec90aa0fb0960ab0416c90f89064cc2290078cbbdcae4b3babecedb34e3e4 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | a4471e790ef5d81884debeaf5ec691e8 |
| SHA1 | c2cc06c4b28f8a512f3b021fee0120c45a584c2e |
| SHA256 | d094baac33b585a6c37cdba400e57d6e8dcc8b8c9a0b207426fc33c232ac8500 |
| SHA512 | 0e84d5018b35ff3a33443b27f3cd11ee9e55e5128b094f6583cdffd055ee06d5aeea1fecdd27475839cfac889a8c960a4c6de5fe3b53068eaab9f623ddc28c48 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
| MD5 | 47b3f76682d45d62a1e46fa26affa688 |
| SHA1 | 037e156c49d3edfd8303c338f4ce5edf5e52e533 |
| SHA256 | f19d884538ca29496d411831ba4facb325ab60167a3b6476c8d4ce0a5985ad30 |
| SHA512 | b50065ec307dd4741384d3a0fbbf7946340455558efba787caa0f18ac9e7dc5a7a101a21864f15b344526b686b2dc9862cc2bcbb489ee8ee16f2570aca568e4e |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
| MD5 | c1b98565201510341c89ffda2a3a3b2a |
| SHA1 | b42541ff887dd8b58cd63bb384d67e3e8b401fc7 |
| SHA256 | f4ededac0e459b9ba25f05730b0a571f6329482a3f394316dbbae228a8847914 |
| SHA512 | c93888acd96848c80cdd1e0316394e3abd0fce886eadc93a4f609362e7adc62e96d906fa8d91870ccf3cea767fda3ca88390411a39e7c6bce39a43bcfeb901ca |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA
| MD5 | 283bd95da76ec53136fc284061fd1d0c |
| SHA1 | e03e8ecbab08102932b1289ff6424753cf64a195 |
| SHA256 | 2757e1e235f2afd0b12a8724c9b6bfea11d7908e0e63e7e3431051f9ac2b7028 |
| SHA512 | c1d2b12b1923c203a5db8f68c0b1bd4cf1cc88b6d13c79b91dba416851b5579a0c7b8c5a14cc32650ea658a85648256073149bfeb193090e6803972bc29d0891 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA
| MD5 | 0c5f05ad621ab4b715c5cc6e178f723c |
| SHA1 | e9ccfb9ad1fd22db01c908d12b9f2f0d96693e12 |
| SHA256 | 3c269fddbf1348d9cd92f63489062d25da7ebff99178ad294df6ca1387db4615 |
| SHA512 | 747524fa6034370789b585c14398b130227afbb085856e91f8e4045d134535da26d5f0e037d2d747348e799f3e0429ba66abea596c68d30a6f1a74a883acc342 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF
| MD5 | 3dda26aff9c69631eb4e28606d70e8e0 |
| SHA1 | f7a62ba3ed9b88ff18ce8c611056584f81f90d49 |
| SHA256 | 8e8195a860640a6281f07ea4600f2be7cd347ef5ef6f4dcdae87f2f31247d699 |
| SHA512 | 70a0703be6c59fbcda612828b7a03dbe8f3bc17f1af029904f0c8a7d7a48d0a1a0aa9e646766db216f834860e08878e6127fb71797335ae5d0dc0cbe814deae1 |
C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.NBA
| MD5 | 74920652d5329fa71a2deace9e50d25d |
| SHA1 | 35f606d612245cf30269d0bb99fd73636d93cc83 |
| SHA256 | e4138fc3451d00dda87627b6cb5ff3bba28b9ddc87740d13865ec2fea77762be |
| SHA512 | 4c447bec2b32419b3449665bd75b54ec6d200aa9cacef537ba891e45619f211ab6464ff27d84f0957198cbed781f148cb046fe4c3df2d596d0bbb00caaabc2fc |
C:\Program Files\Java\jre7\lib\zi\Etc\UCT.NBA
| MD5 | e1a77710c4d50dba1523ae9f5adb67ac |
| SHA1 | 2b30b065a420b39d2ecbe1aa13cd736157c6605e |
| SHA256 | 6a4b9239939778c318118e2bc8fc79daefe3d704fa27120ff5676bda5c53e586 |
| SHA512 | 16429a1a61ca5a70452ad3ef206ad69ce4316d34081bdf1f4ab2f1533141250077387774ecfbe4fedb9c542c47687b439e7e49f1bf75549535cb35f6a9244d7d |
memory/2408-6472-0x000000013F980000-0x000000013FA72000-memory.dmp
C:\Program Files\Java\jre7\lib\zi\SystemV\MST7
| MD5 | e88899b0e31101f5ea9b10e1c82ed52c |
| SHA1 | fc1e81f2271955ec580704ca8d05fcded14dd22e |
| SHA256 | e609ce9a03e63961d16da96d438ba378a62eca41b483a2cc76fd4eb7a56b95bb |
| SHA512 | 6edfafcad155a1ce995bec5f2bea9c7a308e127c870f701f7a3f42d0089368ef70eecf5d58ee8f12d82ea1c1187c4a98079d84d3fcba2b743e014cb2c87ef0e7 |
C:\Program Files\Java\jre7\lib\zi\SystemV\HST10
| MD5 | 0a15dc2a6a20153ed6cbed37c461ed70 |
| SHA1 | 0552d392713a83b759fc98d197cc3367aa98f511 |
| SHA256 | 25f50b04c8239389fa26d2f0b400f25102c8496ca2b29a66215f7c169458ca89 |
| SHA512 | f898e292754ddf7c77e55d21bc07c5b10659a578f992581b19b6de50ccf88ec0bd48d7e50aace12624e460e123d7a88af90207a782ee2f0923e5fe6c158257b0 |
C:\Program Files\Java\jre7\lib\zi\SystemV\EST5
| MD5 | 375379c84db7a669a593752ecaedd968 |
| SHA1 | 644830ffcd4c22668fe90b21de297ab4cc1de789 |
| SHA256 | f90d22e2e987a5e763af9d80971ab88933f9a2c9c6df0521184892d66a5bb639 |
| SHA512 | eea1baaced776303dcaf1ea3fb3473d433d49c306d22f46564f7d4681d75595097e0bc229d2abb3a6501143517794812591a2aa11064265d09b861c4cdbf1b72 |
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo
| MD5 | 3c1e1a8dccdf60747910b112815c4bf8 |
| SHA1 | 8ddbbd732de2e73c1bf14d0489447640fcd664e4 |
| SHA256 | e2f7f16b0d0744ee2e70ff5e9dc21bb86b87b075b071533a61780b3cfc8fad2d |
| SHA512 | ba21f7a06891f9cd646a476d8956fb9bd03b03fdaf2bff7bdf932236496bb27e10d3d78d1ce6629fe9504ec4fd7edb5e83fda7298eb4bbf9b1097074da221b34 |
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT
| MD5 | 4a7087ed6c38c648cf6ab1b4bc0e8898 |
| SHA1 | 3854d32a753fe6123ff65c985379462b038184a0 |
| SHA256 | 13c5e26c8b1de1914517eec0634e0eb84ea858b4d3eb34e3afd9ab61b10ddb66 |
| SHA512 | 2ba1d2010db932e90a8b8cefcba6a32bf944841509d398e2afd4f40404c97e6de5f3eef455fa8df8d055c41344b27c1d4294085a0c343fbce6b61966b416cea3 |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | c57895703fecfb9aaaa9ad7574fe1461 |
| SHA1 | 32fa9fba95f33a7c883357a4c46a873489f1b811 |
| SHA256 | 7b768b6d48433d407c6f1ca5296f90d8cb9cb9df337552c1dc0e01d6e0ffc1ed |
| SHA512 | 2ea87b613d1916ccf63f918b6f623eb979d8f6790b7080c675a708f0701d90cffd6cfdd9d51ec54ce5667d78ace801a68e4ad862ef867b568f3eae8b11bfa103 |
memory/2408-9502-0x000000013F980000-0x000000013FA72000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK
| MD5 | 5a7178fe710cf9a92843c970546717e3 |
| SHA1 | d5c5148bb6a5f600891c43aa0783cf8501a1605f |
| SHA256 | 2b5f97f9502222a6793343f21bd3c9b49ff44b00b27b076db25aaf7db4dd98be |
| SHA512 | a2509707e03d283602d71243c2410de970d7a355671f80e5f853e485c541592cc912201dde73bb912fd1ff8df285b2dfbbfa6dab0dd583547bd924a05c2d8e3d |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK
| MD5 | 2aeb8c81fefad28921b4673609cfcd08 |
| SHA1 | 198c0fefe3c239f187fdfe166fdcf06e5679173d |
| SHA256 | e723275f45b6ad41263f429ef065c15703c60f194db99c886aa4a93b0d9a9cdb |
| SHA512 | 50c0bd7a34ac5dffce18c2ff3a0182243e6efab9c220a45711bfa9621c51ed8baf1e756aca601238fd58bdb95fc83f5ae12db5384b0dfd2edc715771c142d8a5 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_OFF.GIF
| MD5 | 3f1cf54de20215467695a16b4fbfb2ee |
| SHA1 | 864d3b4852da8cda947f20b3ef24c9ad69b1e3c1 |
| SHA256 | befb7142ef2505f30bddf8a55395d0db09ad281aadc115ce2f5aeafdd4e796ea |
| SHA512 | af534022f1b3f1965e5f6fc28d7112bc1ce98ad37de57bc75c57cd0314e4d72f62501e792fd092bcf82e70c2bf3af4eb955ce4d85fd9bbfe2fce85c4086e1190 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF
| MD5 | 5cb9157d9d8abbadb3c1f11fdd6fa07e |
| SHA1 | 3c795c350ecb12a7708546947baf49b188e5a7d1 |
| SHA256 | de68d7fca575027820f23c895cf990ae1e414b8ca560297144e166e0001ee9f4 |
| SHA512 | 2a86c0f54a88bfe17891ebfdabd35349037ff917c1f6bd252caf573fcc08697590871b5a0b6f739d821adf50dd268ac838d66a4ff33d8bed5ec84c3aca168772 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_ON.GIF
| MD5 | ac8a6d20049544f5824bddd5a05024ff |
| SHA1 | d5ea77b5172f978be158e90f5cf9d6b20b364cc7 |
| SHA256 | 13402002bc66553da349c7202a65784ecf929c02a0e8c8895341db465522f8d6 |
| SHA512 | 1d4852a66e1b544e43ce231344bdc9cb50c59bc64a0726ee9852374c4f2e9da75a0836198446a4e5fd8dec0a76cd6febcaad2c02fd4ee756e96110b98f8f8a87 |
memory/2408-13287-0x000000013F980000-0x000000013FA72000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\TAB_OFF.GIF
| MD5 | fd971f2ae7e4bd7a82c6d3601d663465 |
| SHA1 | 03eca0df376a255932c2af73a5c83f7b5335963e |
| SHA256 | ec97829a832b6d0d6c1b662277f093007b4b67fb2fd6700e1ab3a960bc77291e |
| SHA512 | ff661c933e91e5d5cc70d158a8420f8de4864ac64e74679666c2aec7db2c9a50f8d3e84d4eed72c8cbab993baddd0e46117607c58b98f8ca5756924e3cfc6517 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK
| MD5 | 2326cfa941727960e182722a073b2a6e |
| SHA1 | df9fe9077fe4aa425bdeed3ef7bcebd068fc2a4e |
| SHA256 | d4e149bbcdb2d5737fca08511101b3687971956b9237d2ac7771bdacc2273f68 |
| SHA512 | e2ca0842195a4cf171b1cfb30d25a0989e1edbabb2234b15473e150e102527c5233065525cba4f6685c4b04e6be24fdbf853a8f0d0badb1bd428f7b6db377b3f |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK
| MD5 | 7433f45eb36f85c185204cf54e67841f |
| SHA1 | 5da91e1560e5b798e29d39c581d6e902d8ba4d39 |
| SHA256 | 6404de63e58ea4c1fda83ff2268277f8c831129646e1bf73c797db6597655578 |
| SHA512 | db862a456b1d9ab812356f6b0d6e69ac23c2571720f7a6d6b7e277458cdf45a509c6858b7feebab750a963765603a7ab8f1e8b18e3ff585a4dcc801aeb1d67e5 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_K_COL.HXK
| MD5 | f1eb6a12a586194e2c324e3fd2adaa41 |
| SHA1 | 567fd58be4ac210f8b68a4c54f1b2df704c0b960 |
| SHA256 | 4146e2c8b88b25581c8f3a49dda88e9bb845513fd8fa66b9f3754136607b030d |
| SHA512 | e9f71fbfcbd16fdc959f3022000db37d464bd040148e6bb39bfbe9fb999099e38f71a0f013af18c9d0d4d8316cd827fc8d1f67c55344e2b1212a805274cfb446 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\WINWORD_F_COL.HXK
| MD5 | 4ce663a95a9e674444e70ae7e82f8853 |
| SHA1 | 410b69515d69508d2ea615c2cc3474d811963786 |
| SHA256 | 50a52bdb29948e3ddb89a724beb38456a3369af02ee842d63f8bfe453334cc07 |
| SHA512 | 1e9d201eae00bc4cf656e18771babc1927dfff7d9bdb11d0f9d64a09aa13bfac81ac0d7fff119161c6788ccae16efaa8c9726a1981c4327ad001b4d423fe894c |
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL
| MD5 | 0217da4245cd6bd491f73b9d260a0f7e |
| SHA1 | 24f806d7538becffdbd176d7f6d8f62ddff878a8 |
| SHA256 | f7f8e7e39ad100d0836a24593b19224f15f1c39574e17c6b4b5de2da72a09474 |
| SHA512 | 43863586ac7f74ffc2e0d3859d72d339343a612f173fd8fe699e69ef89fddf7111a53b3021494eea7bdc0ca3a83b33d572764ae95189c9565e4cbbf5135ea5b4 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_ON.GIF
| MD5 | 1ad0309f8aaecb58d241239516eed97f |
| SHA1 | 77197cfd38553126e1643b55fc7d40d0620bc940 |
| SHA256 | b5895a4436c8d12d1db56584ea2485bcf37ad764144df67c268663231ddb0d11 |
| SHA512 | 502f1358f99853fa29a7b3fe546ffea5085436b2972bf1a8383d2d73b2288e1370a0ea3128929c573bf8d5ea05f7379f3bd437ee1fc81464a4b398f1350aee88 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\TAB_OFF.GIF
| MD5 | d44f37b42ca0ddccab9a98c2855319d6 |
| SHA1 | 70cd03e2ab061c179f52a980298d8e536c3ddd0d |
| SHA256 | d796aba5117ebbe36de9f686a0ac1bd582bfd84c3a3957c29fd586572193e219 |
| SHA512 | c5add547da265266b10eabacb291abbae06f0817713d09b6b85f8a3ef190219e04e8b012c42d26c4a62d5afe7cff99d4d8168823f72eedae1db3332610ab5b12 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\BUTTON.GIF
| MD5 | 7777c5ac1daacd689eef030b39feb40e |
| SHA1 | 14c742c83b0471b26da84e8cf0f67286568d0025 |
| SHA256 | d97f8454cffa2dd55e746d818aee97ab9ceed167f0f1818b2675d67b8a3eb7ae |
| SHA512 | 36714d30508233dca78a2cc45f1d02fdc33d3bce5329ff33ae7e4963426c0121924048d819b6b05fbc1eac604657e3aaff90a384dad7d63a542b2961d641dbdf |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_ON.GIF
| MD5 | 4d7cfdea73371e27d1cb257f510d93d9 |
| SHA1 | af21c5f5a3a6fc347a4c83b3087ff6ea67e35070 |
| SHA256 | ebe8c0f75d12e2f2351d714130cd7d818064d07d63db9046f76b58edfaca9b11 |
| SHA512 | 5ad197c39277767a38cac1276ce58a4a818cfaa48b078fedfdd1f19367f37b0785f3dbfa5aaa58fe1d0c8cec155bd6d4e18027c2c20b771ba8d0a33cca3834f7 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\TAB_OFF.GIF
| MD5 | 595692f002ecbe3db42b3ed6e63f6c71 |
| SHA1 | a574cdd67c1922109f7d69b2c398c369dc07e30a |
| SHA256 | 9fb82c329d40f9ad84a10e5e19a0f98f8ec33248b2ed1ddc4e40ad27a7ef772a |
| SHA512 | 0c40bce0a46a3976e29d6cb4b5d9102587f753893df3d94fe854810bcdefc573baebf254b06bb17f27e33d605eac0ab9988953640867a3b8436256275fb43715 |
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml
| MD5 | 6da01a767686e8eec68b7403d0a725ae |
| SHA1 | 19141fffb671b3f89a2d029fa6ca2ca7d34241fb |
| SHA256 | 35de4bd214d59c68d10c304a99a98b3d564f4e428542ef2fc4cf4b665610cac9 |
| SHA512 | 3d4af81d4691f920db191e75346c9d33faa7dddfc3980989fdf7d6aea84810287c5b9284256ceb7253c04cd6ca3263d00ab3a09add92bd9397181a266c017233 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML
| MD5 | c367cbc3d3439821f57787e83653bc51 |
| SHA1 | 87ed31fa63c87ccec63b4aea1c4b66e0d073d0d0 |
| SHA256 | 066f305667d179528a7fadbf893e683f78e2939690433da28846452b34d07fc9 |
| SHA512 | 7c309bd9db0cc959a48439a3c0d8e6d352bcc8c781b957cf3823b3a731087e4887cf703038504f0147a3bfaff3a7fcd8692082860362623c06c03e7f9528d4e3 |
memory/2408-16096-0x000000013F980000-0x000000013FA72000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.MX.XML.NBA
| MD5 | a0d59a8ae79833fb12bbf72f20f89ccb |
| SHA1 | 5d1fbcf610054cf4055343f17b0fb712f140d875 |
| SHA256 | c13e1fc95f176f1871954703528b4b935b99fc93eae46050171cc700858b3888 |
| SHA512 | 750e77b6cb887ee00a2a4f705f34a993d623f8e3fb82a082853f5bd2266fdf8889574fa1bc62bad475d88ebd137ab2613beab98dc4dc4c9bb1a559c2caca6181 |
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck
| MD5 | 9e50f2aa4c36acbcdaaa5b9a6c842be3 |
| SHA1 | 072845e13f66899c377f674bf21da051da151888 |
| SHA256 | deb60305344a60f88322bee84ad1fd088a775bb778b08557240b4543df2413ca |
| SHA512 | 53aa6f6a99ac84add3661e0f5eff38d961b87c208b933688100cf77a00d33acb466146fbdedbf1f1896b19b94ff917e7f75f82ff851f0f523179587a386964cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
| MD5 | 2e636b4a3beac6ce959208aed8d8461c |
| SHA1 | aa257cc1d4000dc1558acb08cb6a1f4b07239bde |
| SHA256 | c834738ef106c65071e3679b30304652a9dbc30975fe0ec094ecba8f0ca06332 |
| SHA512 | 8386c5b7fdd5d8a9edae4adb1f74d19bdf849168c89c236d08991cea6e9fa768c6f75f58d8705adaf8e0d71d9147c03c513009b4a2bbec69538d443ef89884f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3
| MD5 | 16806f0f0f16f96dad3fabd7a0656112 |
| SHA1 | eed9c58df68a9de0d876742deb4f84fabcf3fffa |
| SHA256 | eb391c4636a32c4651c10891df4bc016ff65254cbc6ae1a420da2aee0989ce02 |
| SHA512 | 1f39f2cfdb3a85e31c3d76e2b9717a258ff6019459280f3f644cab03b0c2b92720bcfa5bc6bf26684482e70db5a0305a2121417a1f79a6e772ea4b1722c52181 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0
| MD5 | 13287e58866bdd2483ca9b44ba72f86a |
| SHA1 | 0032fbc4b23306b3163983dd7c69b17c22976833 |
| SHA256 | 59a5e11f645652ce76f024421104c312bd4dd8e3d42e99333f10c32aaba34870 |
| SHA512 | 8cc69a3e0ae17c9fed6221735f467bb0391c5060c009b8ca6717eb9886b81e53620b3511951465860e9d389b91b416ca111b03cb1d1aee8d7c43df7c4bfed8a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2
| MD5 | db77a7615f90146e02be087bd8ecf2c0 |
| SHA1 | 539f4c6f3f960f20b8ffca275da2fa0232c5606d |
| SHA256 | 7d93cc59cf2b90745abb17cf51e93865fc7655c7b9074512e18f107a1e4334d8 |
| SHA512 | 8e14495eed2ef58afce7bd61a6b2ab5ae715da5344544e4132ff962645b9cb05f4530010a37d59f873b61780e54f99e95be62334ed8577d055b9592bea8dfe29 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\JEDNWX6E\desktop.ini
| MD5 | 9bbfc5e711348921a182e24353b853f2 |
| SHA1 | 1a7c03782ddc9d4292c9a9a2ced0f51b1b64c507 |
| SHA256 | 724f8e7b6b3a99c7261aa6486bf77d1cb03c899b028bc65229d31f95d7e5a4b6 |
| SHA512 | a4655cfb9d6224a62e5584d59744321e813190027de3e66c99e6990fd3856a357ba1ecf5988849c60d57a1105244b3802c34e9ea3215015be1b904f3d9910826 |
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms
| MD5 | 3624df8396c38fccc9ee94c3583d2222 |
| SHA1 | a2dceb388996d4f49f295095baf74787c73e673f |
| SHA256 | a5ebe43e78997d46facad4282f5d1ff53237b917269232f70c81ca3e1ff5fefd |
| SHA512 | ab615669df11b9978466968138e7b08ec418a9158d0530c5a23e47400669b253f5039a9d6f4f76f12848ff45b8be0441f0d549917ffb33562949606234104811 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | d8a8ff0a509f879a22c00574e7ee65fa |
| SHA1 | 58e6867c0121c2269cce94bf8ad523fe8a0cf5dc |
| SHA256 | da20022555c8926cc55a1afea9d83832b46a19b409656009156b6dd4d3bd0a7d |
| SHA512 | 458835eddff52594c534ff3a14fb9e93978010acfeee81795d06888b4d0731642ad601301832ca6ef74370470c6586b1b38b869e4e2a028eb2651d88b451d969 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z3l10m6w.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
| MD5 | 528c8cdcd6b96aee1e9469b9906f6476 |
| SHA1 | 32131f2b1fa02b422daaff053311a4d6a375380d |
| SHA256 | 37aab0d946123ea9ad1a053509cb1903d7b96338218bbe7654af705d74897d7c |
| SHA512 | 2a61aa17c97efbea22e4f1a626aba1a5bf305499569b179b61e5ac21841ccff9d31e7160c9a1f729f6f04a2f499899e2c276143180a45aee0fe7a1771ac4d7f2 |
C:\Users\Admin\Documents\DenyShow.xlsx
| MD5 | f71e9c6558892abdc80d2f4bba78b1d0 |
| SHA1 | 3931f5b5a9f729cf323ae874e37d2f0f9278e73c |
| SHA256 | b5237278ce5626889ab3c980d0aa1e49fc79b25422d7ab70e251d1f9d57dd437 |
| SHA512 | 0f90a97d791c17711c48ca2ee84afeca96c97a0dacdbb9318a3cf7e7ce5b1e5645882ddfb525fdecd4c6caad44653fbf6cdd56eec7438797d1d12d990187b73c |
memory/2408-18733-0x000000013F980000-0x000000013FA72000-memory.dmp
memory/2408-18977-0x000000013F980000-0x000000013FA72000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:22
Reported
2024-11-14 02:24
Platform
win10v2004-20241007-en
Max time kernel
96s
Max time network
147s
Command Line
Signatures
Renames multiple (7778) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_f3\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\svgCheckboxUnselected.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ro-ro\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Other | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\ado\msado27.tlb | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL048.XML | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark-2x.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-il\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLTS.DAT | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-cn\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Social.DATA | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ja-jp\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_selected_18.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ar-ae\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.GRAPH.16.1033.hxn | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\PREVIEW.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\tesselate.x3d | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\gu\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sl.pak | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xmlresolver.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\XML2WORD.XSL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\added.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-il\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe
"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\Lang\readme.txt
| MD5 | ce84fc74b75f880013e953a200cfdde3 |
| SHA1 | b7aee542b34765005180b89853b4d1630c21bd25 |
| SHA256 | b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66 |
| SHA512 | 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | 130e4eaa6215a59eb728513ba516f847 |
| SHA1 | aa1af6a6bf5140ea7b1f3f321a207e53d81dbd74 |
| SHA256 | 34f824f38a2e482ef1da1c2f7831c7d8d3ad2af9c9bf040a8ac3a3d5f00c6f80 |
| SHA512 | 94f0088f300691c5cc33afe371c29131ebdca1472619214068036b129df18d958d378e425b6c46457ee9cb47cefaff07831afb4e123a3cbf1a10ed1f435d2d2e |
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif
| MD5 | 44622bb50c1fae5e217fc369f2a92375 |
| SHA1 | 66bd166ed3bf1934a416bdf2f8a4faae87f2bd37 |
| SHA256 | cefee8cfb0df123027950ec265eeed7a4a398837f7f54349ded3eef8f7830b43 |
| SHA512 | 56a2012c8a85b97fa38e3133a24c000835957f26680a611ab6aab2778d3dfa803052f32e3f8ce0e1bd5f0e46b2474cb031a0787ef6e29c8a6c4acbfa1bdd9233 |
memory/3452-5497-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK
| MD5 | a7f8c1209b2e9cebcb46b44919fdf986 |
| SHA1 | 3d134df739ceebb38753252a4c99e444276c0722 |
| SHA256 | b16e024842c8d31b07eabe020b081bf37e6a88ad4bf45fdc2b4eba9df1b98c4a |
| SHA512 | cfa7a8fb5df653a06532fa5ef50d4fe8348576d954be5a17a1c1b10fac831393f2f1bafe1ac300e527016872ec5c0df66a90fc757e2815b6f19fd2ab298cfc09 |
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK
| MD5 | 382f153285f47d9bf505ccf0ed660002 |
| SHA1 | 39dd912b24fdaad233390a3d227d83462bcbaf95 |
| SHA256 | 051bc2438200fd025290509a529870c534359936125b5cbb8b81e8c4fc3aa9cb |
| SHA512 | 649d36c3d60007360776b41e673b7f4257673f32f74fbeea3978bb067cd1014b7f01ee907b0d371065fe37bdd0ee62c6b2f8f5b670604b5c00e614f97440ea53 |
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt
| MD5 | 88c0717c31c64dc22c03d0ef7e7f73e7 |
| SHA1 | 134689a958e83aec0c81c50b106a066692f975de |
| SHA256 | e8505ea0e38e9edb4f637f8537fd05c8b17700aa0b64b3b1af737c7c447ca65d |
| SHA512 | 4d31eb19f33908e4e4652c41f9585b947adc98fb2dabd4df61be5b9a8c7abf3cb0f146792929263267ce2fe46b77363470297f0ee7618b0800d3bb9c4235685a |
C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK
| MD5 | 4771aee3e9c778a3dc89182290beabea |
| SHA1 | 1aa494d3fb98db1276aee7a4dda3796207f670f0 |
| SHA256 | 4bfbedf1d60d78fdff2db423e4b230cd7a8eae9ff6966528927c88169f45eab6 |
| SHA512 | a5c8fdc8a9017e63d6c9eadc8fd94c4ff3f30fc72a76141f02c4891079af67f880792671c86f094efc672855312b3b300d5148410e9958f9ad7f168f7afcc87b |
C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK
| MD5 | f143165091948fb1f9de6138b92fa27b |
| SHA1 | 0618184532a66fd25aebbd060a407ddc4690e87d |
| SHA256 | 223dc669312bc42bb7e6632aa83a33c89f91a132f09c5875f71a1f31caf5c1b0 |
| SHA512 | 9fe443b4c73ff5113ae46242bf04af4ba9922d363ad3dd5805ee18acbc2731db27f046a281d5d21f25507d0dd797363466343c3edfeda7cd85f43b8bb32638a9 |
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL
| MD5 | a372fb56cfae3c977a1da72b2764441c |
| SHA1 | 7e7d4cc931aef3235996f4462a96335565edaa07 |
| SHA256 | a8bd8ba2b373ae651d564060888a74793b6ad02817193b239d363dd4edeae2f8 |
| SHA512 | caee5a2d578a4a64fd26a0b6debcfa9ef79feb4c22e573b8860ea6a0af6844e5b2c2262b21c41e96bc3d89270cd81a2f5d49bfff55603fb0b7014846e10bba01 |
C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub
| MD5 | 98db013e3a8e9503880fae3b53bbd5f4 |
| SHA1 | d21d8145f6e7b2f8d5b21393026adf009a58b064 |
| SHA256 | ccbbc79b2f6c1a8fdc778401aaad2cffa146e0138819f37068a107d09c84da80 |
| SHA512 | 7425557a4eec030c34071bf1cd90a90499343369aaad18dcc046760e81c546434848721eff4d0b98bbf3b95a9a548b705e3edb70322460f6445bbf4dc8040c02 |
memory/3452-9323-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo
| MD5 | 43a199064b5076d2a46dff72c9efe5de |
| SHA1 | 8c943ff2b1ea1a62eafa6c44f6057ff42d33acf4 |
| SHA256 | 6f91e85a5e588c99be6583bcf76dc0e67be3eafc006c0b9044fbe2195b1fe81b |
| SHA512 | d20ffba32989e29e4d8ac78313f4652b42e74d81b890bf1b0767b69ca6d763b609ccfb1cdff2a0b2626ee2f837d716050b72f5623a18e43fba70d6bf545cf94f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
| MD5 | 0db4bbfaff0cbd8e197268823e0b93c1 |
| SHA1 | 99fccb68d53afc4b03b10438d506a522c72d227e |
| SHA256 | e020e5b69af2b663ebd79aa3f3da777feb61129425c970e8c7d4f483e48fb1fd |
| SHA512 | 6113aae3db515a0781a8748b5310076178e2e8882c645ec02c61554b889738430d3f178e15f6778a88933601e225c80dab00274d3f2e0820a9fc0a3a5a38c41d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png
| MD5 | b30e9ce23dc3e2366149cea2b70d6ece |
| SHA1 | 256c2a218a62e4669a7f11eb74580831bf52f0b2 |
| SHA256 | 8fb6e8f9e6c20b8c5f41aa77cb641fb6533a0f5f0633675fc42e48f464a398a6 |
| SHA512 | 39a6e76c1236e866b85169af89bd2395a4f85d111971ca38707d036d9d4e15428f078c0d7d3dc06eb47efba1d9e00785e4e63403605d961714f68e7af54f9561 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png
| MD5 | 8a064eeb8f8b688ce2dcef6c18bd33c3 |
| SHA1 | 2aae540d9ee976cf52a2533fc2f40cdb00c31177 |
| SHA256 | b97cd54061ab0565ab2ef80b110bb2e53993cd7281196d44cb76e22d429ab07e |
| SHA512 | 842758046c0a2395f080730753aa0a023cbea124ebb16daf3f464b113abd36018270ad1980ebf030025bd35ed3c4e1099f98ac3a4dff8bef45d18b65b43befcc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg
| MD5 | 1b0c7fd3a49708ea41b69bc2149e6d19 |
| SHA1 | 362f8e2d87e868cd97cf0838819aa06925108b16 |
| SHA256 | 062ba5ef629b3345156e513815fcbf70b33e509da6ad3cea437f81d7f09b2fa1 |
| SHA512 | cd2364c46100688590089b1cd02ca3a23081ddb41efa83be96dbc88334028bb7b2bb3a102ee9764ebce329487e78c51b73e3c2670f7e6626eb43d90776eafbfd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ui-strings.js
| MD5 | 2e1cda847b8ad9937b518f6a775ee516 |
| SHA1 | 0bdd93e35570bc3694002aef353e11b8c973e9d2 |
| SHA256 | 6f5310dde996bc4d9c59e50967c089995ea1819962bc5f4bbdfc672542dcd380 |
| SHA512 | f4a9556d084b6dbedf4d8acbbb4167594e9764a4a70156c333c40275d9ba500100b120671eb8361190a2c6ffdb2ca4f00725c4c40097ad47b4cf32c78dc7cdfb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js
| MD5 | ffb24e979617d52f10ac8df7f607771a |
| SHA1 | 8a47c6d18728c3ee079e8e7482bac93a023e1139 |
| SHA256 | e3aaf6189104d4ba8cc0bccc3aa92a8cf50e049b54c4a9e99be2574d624e6f17 |
| SHA512 | 75ba6fc74be8bb896a0e7134700cb3cdad8b74a0c31d2908df2790fba31350513924434a167598d68bb5cc1b3a28841fc04796a9a66c2595da93dc3aa36a1fdd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js
| MD5 | 5b10a5b963a980f610d398b05784438d |
| SHA1 | c89079dfce81706949ba8951d2e36c4ade1e9480 |
| SHA256 | eb5b872f9a6022ef70f927ad807ae9397b2247ac00b22d27ae8ef8f0a1a878e0 |
| SHA512 | cf387fb399fed966e7e22d1d5332943d18435ba81954c11c7b85f74c46a081aa6bc1f93b48d639a795794c4e6e0afc1e525d8ad5bd20d37aaaf9f411ffb3e06a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js
| MD5 | 7ef7d1dc8ea606ddf9dcc0eae45053db |
| SHA1 | c7c91ef0115c5f6c0622808f0620714a07af00e7 |
| SHA256 | 60415f6b7ecbe231bbd6aa55b9e63c4a431aa32d1269bf6481f0ee9176e54fc8 |
| SHA512 | a95b4c72e635be4ffc2ecf03e522a7b4cf6651248f2c0473cef35984f6bcd2f058501cb8e67ae08184b9484a9529191389144122bfc76a4237db863929fa7853 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js
| MD5 | 21f2ca476ed257d7e66c00b67fc96634 |
| SHA1 | c58b27c34bbfacbd897807b14ff24ce136731068 |
| SHA256 | 0e11870242a2e733563c2df93154b3211a8ea0c8f88ea238d0bca0b741cea30c |
| SHA512 | 06b97ed7709837fa224de1f5f07632bb53a227066f41f70e1eba747aa7185868f19503d6daa2e598cc8e9267b8ec743502ab8a01210b7387a67b6fcd1c78bcc4 |
memory/3452-12230-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js
| MD5 | aff732a35945d784e248e4885b99e103 |
| SHA1 | e6c6103672db50598b79836483d115104f5c41f3 |
| SHA256 | 89793a216a11c25a3d04523f4ef7bf518aa15431650c9f559616c4379e5bdeae |
| SHA512 | 65c9810c959c382a10e8b7c0166483391f094f738cbbde16f86072eee0f2c61e7744c3bea83d55dfc9d7d901192b81ce7292f29e3fc5201efefda73c19f4f9a9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js
| MD5 | 4c1e06ee07943595be07e523dcb058dd |
| SHA1 | f188b18cf9fbd713083825978db50dae3b34413b |
| SHA256 | bcbfc040fb68a1d22d25adbf99e053002245f8e7a238560e501ae5f21fb5e230 |
| SHA512 | cd9ca2788db95ecf8f0567161aeb07ef1ea8d185c2c03f638f22a34c973145dab818ab49f19e2c31c29b889cb9855264c9fbb8d9d30a943f22c5414e3d5d88c8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js
| MD5 | 1bef3730805f22730d810159bb5c8ad9 |
| SHA1 | 73f31f9cdfc0c603509b5efbd8e6bd58ce622f6c |
| SHA256 | 48f5a1325cb20164d1c05e4cacbffc82a130cd573c624233f642a9c49e683ab9 |
| SHA512 | 097d8cbe4ee22ff10b1825369e883e2a0be4839d6c9518170f2b88042167d3b51f2e600a9c5583b07cbf5bc7a603b2d9af3a0009718d366aff489c9a4e170258 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js
| MD5 | 2744753292c5241070212dec4f2c39b6 |
| SHA1 | d7802267799886f94a2714ac5a83b8549d6ec4b7 |
| SHA256 | f5a31ce30e168b969ee444286bf56491bfa9d3c5af80a6ac99a44e15e923b126 |
| SHA512 | 9b74980973430b62f628dd3f432f0c5dacd0b3adcca964df3ca280045218b6298a18b9b360c23b2ba29327669dcf5da023700e811adebbb3a8d0e7bcb96312f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js
| MD5 | ceeb186db67d7f0d32edbef4a3e1657b |
| SHA1 | c3b36e286b6b309f50217e1372a97d94fb6aa7ea |
| SHA256 | 29429773709033e63b4c8e07e650f781cfb3ae999023de6ef619081485d39253 |
| SHA512 | c6025103d8248950555885771decd603feacdbb151c3ccbd371e462fb60dd07f7f0cb689bf4625d01a6f73f07ee7634895f5e8b2b98e94eccc9e4fedadd62f40 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js
| MD5 | 222609bcd971fa3c564feb75e0c3c64f |
| SHA1 | ed61ad50c89daf2c5ea0c69ed4e7f79aea8ee4f9 |
| SHA256 | 4a18d854f1cf465597309a8bc5147fbca263c211e535058ef50bb7604b4be61d |
| SHA512 | 47825070b4fdccd03063bc9191dab10c5873a7d6d5049a80c610858c1b332c06609dd16d5097fa5c70bccf571e3a05e0945df87da089bb8b28d5eff89ac14ab2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js
| MD5 | ae920a285896a617e84426755a2a56c1 |
| SHA1 | 122ddfe0a9e5a88e7151cd732915c6e4f9e70d32 |
| SHA256 | 48e46c90e105ec82548791d1b80f2b28b589f743bf82ab7d10831e5c0ef571dd |
| SHA512 | e59c3242abcd1215581938dae140b6a038578fb33e7e773b557691bdfbf33fd5561095822b027c7963b83f4ccb14da40bcccc8152d9775e5a30b8c62d6f46e6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 94852414d61cf7d10884b9e07f2d4cd5 |
| SHA1 | dad7f0afb2925e41432ec66b074912231932c2f3 |
| SHA256 | 76186e4fabe9a1abd594b7ab17e35c06c45997b75dc3a0ea6a93ff7df310b415 |
| SHA512 | e282070bb1dcb66d2e4e113007a60dc6bff35d305f9f921c06b5767fd29a13caa17cb2b54e11f36903c1dd560fb08251f5c1a6e0ef1f628f2cd63a4249f88b9d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png
| MD5 | b534c145de2e57c25cc19971482e7f80 |
| SHA1 | ed7610bfc6c8555702c97b374c398267d739047b |
| SHA256 | 253893e386208402ecb9a8a4ef5d88006083f340e20c80653b3d7b584344affe |
| SHA512 | 6f6443efe877a066221bbdbd969ac699b1827de1c8c24677ea7d4e343114211ad7877726674c81b02ac3ecd7c04ec73939d1608f56230cd95343341795dd1c7b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js
| MD5 | 5759f1a633b7d2b4efdba6f5f16ed12f |
| SHA1 | a44e9589f073379d995691d7c1ce4d1fea3fba86 |
| SHA256 | d2e215360e7253c5ea2f00fce527b1dd18a9824af0b177abf3a96bbaee09718e |
| SHA512 | 00add3770e7e845b4521a40cc9c22e638ef68d6486078e36987fd614b0c6112871232fae1ee46f4bf2d7b211f096ab58877cd7a59e3e57f73c21991e9e05f3cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js
| MD5 | 1ebc675ac6d1517e717a52b6d2ce33da |
| SHA1 | 73f4ba794f36f5a0a3517546bc69a0adfbdfcf10 |
| SHA256 | e27b1250131d485e95d03a55118e4471471df1ce8a82e45a1f6f6b221c1096c4 |
| SHA512 | 1244718928f35965ffb8e0b3f62680c5f905d480d9e22bf73eb097e4c62a82e49c0671c3eb627c335aa01eeffb2363cdb88babfcc19f499648672931629c3af5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js
| MD5 | af2ddfe39b73a92ff445fef1b4559c5f |
| SHA1 | c5598d57571027eb0cdce6886a0dd615021f6eb9 |
| SHA256 | c7944101c7d83932c58a32d71b3a19ec1298ff468f52bbc58bbb7276ebe09414 |
| SHA512 | 248702df1ad84bc75dba4ee29e8b34c1f5c11eafc5f6d5f11d0531b2d7d7595c93bc67c04c8b8ed2d0ca6f444a585d57668997087ff1db60ee1b34460ca5224d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png
| MD5 | a0c6a4c12fd1904f26a6cd0ad8a5edf4 |
| SHA1 | 785a1285d41fc2588f84f49a1f4d6127dc4531a2 |
| SHA256 | c094b7487694de34a197f98e3b8e39e60e9e4b7cfc3e9f2971b9c9830ed90cbc |
| SHA512 | bfb7e96111e2a9686c46ebb95e42686cbfe09ae68915d81df729e223f4480ad279f99c5329e31e451dd4333d816ee11d310d9eace0b52e9dca1f4b936dfeba5d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons2x.png
| MD5 | 8ad5a40524a07b5d772f85947cc50acf |
| SHA1 | d2ecba7ed7f7923ff5b28cb8a78567f04dccaa10 |
| SHA256 | c1e7bf2367f965c65f26a50bfe515d75a1569832c9266a92cb9f6b2137a13fa1 |
| SHA512 | ea3d9f23cac71efc6b6857ffda2b73f2390eea355a8bb1d30c98b87182525a213032ff7beadba1eaf3906254ef9578c711006ff0c659d048bd7726518d7d25ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | b3425f24f3cb8303eef08a25a812add7 |
| SHA1 | ad7f99ba65d1c4c7eaa75044d0fd0b2320aad5eb |
| SHA256 | bb3e0e1cd627671d1508bbc4fc473c04f86efe90b5a4658b64223a6c66a8fe66 |
| SHA512 | 46d423e37af8e0fe44a32221d4a31ff7249007159fe44fb18f26d5302cc8ce15ab5a60b1d6b868afffea3a9d59a6616339b360878970a243d7a5d86894a23653 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png
| MD5 | 1d35fecd18d60098725fa9c74cbbdad8 |
| SHA1 | 00be988fa444c76d47918a526847d60da01adaa9 |
| SHA256 | 7ab62ce91f1d548097116d4e8d38a12718a905d7b833b30e88f7381072b879e7 |
| SHA512 | 6d08ef0be0007bd03900153b309377779929f7f6ace2aa9e1569aad5d73020b9daa2786a7e46d9c716e4a062c4077948b7ecb2e548876180bf4facc88bd1707b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.NBA
| MD5 | 2376b131621f62d36a020e64f93d3013 |
| SHA1 | eca668a186d76c681b82423e396d99e34e426ffa |
| SHA256 | 0aff63ba73abf91da4527b211a7be4c9b99bc764e2a7013cff963ff32f761ddf |
| SHA512 | 056e544e6a7c903f5877ed36b5d8940044b073dc1b2e224fb1a3c6c6d33f8b2af7c259a7cbb53052d53f4505c69de96203af5077b652b1393a2a443dd57c0ece |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png
| MD5 | 013b09bb9a22039c9aea3655d1c299bb |
| SHA1 | 116716d570afb66b530ba8ca954db1842e6203cb |
| SHA256 | dbe23a36b6eb375bd4b12e0716b30be75aa53de5ae371e01d52e49122877997c |
| SHA512 | 2b9fb30452563ac05762123361bd46fdb18cd3ee1eab9ec8f3c4d466e27820188af94c7fdad4c143a4a2d90cd36ecc7f7d0e9b142c682b405339af4a3f13e257 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png
| MD5 | cda1e392433ac5643c1bb0207f3abab2 |
| SHA1 | 9b7728cf176d4995726868221c7c9f2e7902f28d |
| SHA256 | 256b3f948b0930118fce0619201302bfd16c9d342a9e029cde207208b03148c0 |
| SHA512 | e0d2624090f13b7467e913461f82b6bee850e357ea6da4ea1588f50546e30230793fef4745c2003ca04dd19d09ad556e5ada81f7822e75fb418f8e8afa95b53b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js
| MD5 | 13dc1ede123f70c325ffd41ff8d39740 |
| SHA1 | 34a6c929647bfc31363c9b6d4ec94f796bdaa67a |
| SHA256 | 0cf45539d95b1a93212e98df6edff762ae9677bba1e1a43b2f86b67cdd54a1bc |
| SHA512 | a936863939f8215440949e583e544658dcd55cc2f126e2a866929539d08d3b5034c26dead71bcc29e4e12b900a2fc822b73583337361ec0608bf0fe9a2900171 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\ui-strings.js
| MD5 | d9a01d7ebec3af432208d53001993d05 |
| SHA1 | 451909a1c25d5ea570953ceda1957590c02e0bfe |
| SHA256 | c2e4b93129bc4473826a55e20078950c1f0ea27e9a215c9d906a7f6e579b4f39 |
| SHA512 | 5ff02123af6dac2f7022bcb96f8a5a692ac4a9701fab643683aa1f1efe0df68b498b7df1dd7b15091d45fbc9c57fe5ff18b792ae033ae39e66e4d92d3d27e075 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png
| MD5 | 5261058cf46a134216d5389aedaaaf0b |
| SHA1 | fb101a0a8e023c6509f2d2f90a48f94e442a86d8 |
| SHA256 | 737a275d9b20bb9b3ae87fc1802593bd585d37190290ebf98cddd02dd1d0da53 |
| SHA512 | d81d1223f87d28112ec8a9efd8fcb789dee646dd5e35fe35a4108ceb88109cd8bba600e149fc97d69800c1a2bc5acea31d359dae980cfef14ddb9ea5733a0e19 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | f443755a58b995d1cbd9089da6003c85 |
| SHA1 | fa954e7e88ba3c4ff3e6ce5efa45ae2a61787244 |
| SHA256 | 8370c69c87a36ceff10b1cc81d4dd220849ad8f0551c43763e525c20a8c4973d |
| SHA512 | 3e816e853c332d7fffb5232318fa1d85ac06e5964825229f1ad04c589927958a195e08aeda8399fa62b3ea3a3735b1f89eb7db7328f749d7f71271cedad5f557 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js
| MD5 | 29e8cfc08816f04fa0df6f1f8c006ff2 |
| SHA1 | bca6af52fff184837b05871ce5ef98eab8dfff5a |
| SHA256 | fc36aec682f51d420803103fd5a8df5580c4fdf4de74eb0e92683cdd8fb74ea6 |
| SHA512 | 116dd7668fd95f4bdcb1f73044d3f97064615b49cf82ad4e1f60a98d4e467a7293351c6646b0ab9ced5aec039f9b9afece820e856f5f44d5cdd861dbda6694ef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | bfc7999d96c3a9522ad4e0e884788624 |
| SHA1 | d67c54d416de5ab7823c3f9b76310b86f602ed31 |
| SHA256 | 026ef1be4f4895ac19e27abef42c5952e9b5fa90ae4c228644ea248d59f921a3 |
| SHA512 | 27ee309016308f7fd9fa17afe542736b789a7ca77db2a0577a695d516c60bc6292302346039e35115a2d66735828b9a40b01c5355abcde636e1edb5ebd7a21b9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png
| MD5 | 11a7f6bf1abc54249bc55dcd77586597 |
| SHA1 | dc49fa4b394523cf3be36518b43429f575caa765 |
| SHA256 | 7dc1d6f93190a9df2e3fda49ace1b4a80df27b6f2024a9c4f3ba52b7ffbe5149 |
| SHA512 | 9f9e030029f5733ee91d41bf5f5ee9b9e50a82cab432a775e00ef941a11f62c035b2f885c259a9753825f82b311efb06128189bf48cbde9196201f7493721c91 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css
| MD5 | 0b3db481d965e9222f2cbb36b78ec07a |
| SHA1 | 2bd3056242275b28e41c857045e94c17ab07e324 |
| SHA256 | e7455ea9c9467972e56d7e30abd353ef2f06b3470552424e5c5d0911ed84b698 |
| SHA512 | f0fcc6d3e4ef53d0fa402177a97ffc8da5b4ea4855031f7fa78eba264d2cacfdd982df91567a6195ad51b2348270b438606fb9322b2d3eaf1e2bf1d87d412e17 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js
| MD5 | 5cf13605759f88106fd19f699be37790 |
| SHA1 | 93103f6d4f91ee8676b237baffe99e52a749ed36 |
| SHA256 | c9c36da5fbd3685c498e136ba702c147fba2548325275f74a159b493fdef122a |
| SHA512 | b04fefd76022461a5275ba47c69f9cb39a80829c148c724ffb6db0106456a1d549965d2ab57fd772c8f914ce9aa9f36ebaa168ac54fa91b5429e9f6a657f762d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif
| MD5 | 7c9d1f3e97721610c86607981cd41cdf |
| SHA1 | 7cce2e72e90294126cbaeb50cd7849b1bd2d98fa |
| SHA256 | 32588324e6db03d9faee2d121264c27f6fb06ef078d76df7268c5045bd811d9d |
| SHA512 | 9b018261485ceb66cb69ee092a6088511424440e7febd3948b0c05c7381a63f81f63370bf6e03a6e619d055d3c77baf71eab23ed643d57412be7d49aef83f539 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.NBA
| MD5 | 67fceee06ce3e15527f448b756eaafb9 |
| SHA1 | 462587a1628418b351442430477b03d8cc7343d1 |
| SHA256 | 95d0a426160d7b46f2ebec9efc5d77e4194cc91685feea7cd9d7cf0fe4379a12 |
| SHA512 | be363fce941ce0d455c308a7bfec079a2ffbf2979916b90941bdb4ab4a5ad86ceb3537ee1a6b39d276c1b8d08f0f839b8c0a32e4c20bafb2eeb3268386458768 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js
| MD5 | 0c9f07221fbfd942cd1f4ada1a714367 |
| SHA1 | 7bd02ec7535725d9e6bf04147d1b5b82073c655e |
| SHA256 | 45770d7d95e5f4b2f454fc1cfe6167301cd64b89f1a6b58b0f6d439384fdb3c2 |
| SHA512 | 08ba3ebcc99b73afc6efe3e504579a90dd9ed29540182cd5cc0f889027f72d9eb5ebd2abec22524a82537715c2262a5489565e4f216c6bc4b2a4c652a846d8f5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js
| MD5 | ac571e13c70d2dc0b494600c5c8a20d1 |
| SHA1 | 2bef6a617b15e236ed74a14951dbbdee6382971a |
| SHA256 | ee29a0a20c683246fd398c8e10609142476de1cf8149f1b2a10ec295a912c95b |
| SHA512 | 2bb118a5b90e31be4842402171d7fd497a420220768adb6e3a6086224a50e61e592c0e34932bd99020e55d9cc5e1990d96872859acbf4cf36a1246de4566fda9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\ui-strings.js
| MD5 | f7809d92023ce23252220ec2956347c0 |
| SHA1 | a0d8ef852d338e46095336a031aa9f917754dda2 |
| SHA256 | 9c81f360a30be8508ebfa75e7d4dbdb6276dfe5aafb9f4d1cdef0a61d7a66333 |
| SHA512 | 39dc4e4ca8d8453d382a61df4c9e2237342a9a74727ef9d121b989026017a7010e267e1e17e41887049154ace2ee780fe7020a83cc8d4f7a574e8bbc31b493d1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\ui-strings.js
| MD5 | d3fc02c621256b9d911ba57ba8c837d1 |
| SHA1 | 05e167e3fa868026137768e52fcd58226f246ccd |
| SHA256 | a6ee1cd724c729ce81aebc388370c42e4bc3a2eb561c1a41cb1ae592380a1c4a |
| SHA512 | ca7a8b5b05733589f494648d46394d246b680770d77cd0a77e66237d9dadfa2a348b2d134dceecc3ad8f5a9dfd66ef24e88345e71fe3a89dfac0ed708b35970d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js
| MD5 | c277e763bc7322ce1634d33756e2b0b0 |
| SHA1 | 3a8c7e07f49e2e2e311b75f0f17e4a96d835c53d |
| SHA256 | 7eba9ca5945748c48325394e984b17181f1542ee58ca3d5661bf3129c0dd29a5 |
| SHA512 | 96b76903b6fde91dc98c35b31eee775c43fd0a2f8b7d3b0214e17c4a6f1f93dcd30fe50f87e0230d7f6b1cd8ed577285fe535dfac524aa4cf85635995ad4f67c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js
| MD5 | 6f8b5a95a174f7cd5afdecf004b15c05 |
| SHA1 | 2dd30c94c19246581580209bb246277e8c4f0b8c |
| SHA256 | 53aaf08a700cc1ba71b7dd05fb5c0c9b0127595b51f6482542e77132de057727 |
| SHA512 | e8e1ea05324435a2ef6be83e2bb7e6b32f3081caee537d1a32b72cf6019234c8a54fb4acf0600b3a1dcf5c51bcd32e5ada923b989be4060068223df085e44cda |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js
| MD5 | e146671466464ea4e3033744071c93d4 |
| SHA1 | c2fd8e2ac73276a191fa98d89b5e3a8f17c501fa |
| SHA256 | 46a4b9e7040f957f997548fecf08ed62444fb8726809cd5c5f864bc69991a787 |
| SHA512 | 9650b831cddeffa541e8223e21b96a8c4ec7d22cc8be07adb7d484cf7a2bda6c98047eab2502b4eb4309589eb97ea5b1eb58c796c8d7a5a02cc4e347ce987050 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js
| MD5 | da3cf1dde6259520a2c00306abe30f52 |
| SHA1 | cde688f1fa1bc3bd2b95e4dc5b72cc24d9c8c13f |
| SHA256 | 669cbb3e7fa224f0512f723f3b9c581c173273bb644df57258e9166791be0e6e |
| SHA512 | 75ec03cfcc4c4ffd95817e60c070188293ae5b81d9df9a52bd48e532f986bedf65ff17fe34406fbe2e94cba5b05df9a14214a811ddb48ffdf4e28a1a78cb3bd2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js
| MD5 | 11ffa592aac0fb92122c8488438a8ce4 |
| SHA1 | 4f6a3231e6d3b608bb3b5f3cb1be143ad2b84be8 |
| SHA256 | 108ff6626dcaf6ad7db0ef10d31309b352939c8e217644ea647cdf9459cc0e64 |
| SHA512 | 6c679f6047b093ef0b4853fc40325fa5a00e69efb1c6013b27e9cd245f4caaf4d0306500703a96b9395f4fa27c8f77e304f152bc945fdc45cba09651fc01af03 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | 7405f1200f2b7a1a0f84fd829637656b |
| SHA1 | 107334392b419bcf6118ffa7eef2498efea5d103 |
| SHA256 | 150ef6c8d42cb62405c5e32fff40c0caab1e5961e9632dd6087c550bbf4df451 |
| SHA512 | 51a4976873e157ab13bcfffa160e97792fa2ac86af6cc6da7c04819d5bdb03eead5144eac7bd291112e3495779c375337b16bed6f5a71c5e7e3714493a8950e1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js
| MD5 | d05d5e7bc4f514adae7f22785980f6e8 |
| SHA1 | 7523ded3da3699f4c25c617fc7a94a8d91515242 |
| SHA256 | 92c44c8ddce1ebc61bd65c528b3b3cec6de4c55c9e2cbc52cfcd7a30d0423fea |
| SHA512 | 636e863a7f120630ae87070bc4b41273358e06b143c77c34fd14883e8dcbdb37bfdb47d4d3a1303d58dc972b971aa5109bfe23196da82f555aaa7e0a55ef783c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js
| MD5 | 8069d8492eec5dc3f2ce903f988ce7b7 |
| SHA1 | 97948d891b4146954d57d075bb4e9bec746c2df1 |
| SHA256 | aa1f4f0bda17ea6989e2ac4b061c9966d8f02c60ca1d54c76d4da41d60bf1fb9 |
| SHA512 | c57aafc2578a40f6061429cf6c70f9061d78e9c94f1737e704fb906d52ce31b36bd7da8c7a44028577fb2700b459a9fa68324474c1a3a2ba321811cefc68787b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ja-jp\ui-strings.js
| MD5 | 197471a06b07536b3b21d80c2b2e0a37 |
| SHA1 | 1ebcec912448e78493d8cd423a6055734cf0d56f |
| SHA256 | 81b239811e0a4c3eb981eda8d588544167377362047ac00f2fcaf220b332c0f1 |
| SHA512 | f9e1bfa24361a1969fb6b482e9356feb2159ee93d447600176a3ec8ef203fccbc3650dc21680132299ea740f0d3c0c551aafab2afa4d5165748363e76030859d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js
| MD5 | ab71e3b694ef1d11dd575f153621bec4 |
| SHA1 | fd49795c80b327ebdbd08b207ae06f63e77efa23 |
| SHA256 | fe3c2ef049ab6ad7982860fe33cce3c0e1757105a983b540e4f0034c469c07ce |
| SHA512 | ed8c016b984ece3697bb361f77814889552b8095f965a22b217052d2c0969015b3bd39a96a1576acfce08f73feac5e8165a59840cefb0f1dd6871527698de227 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js
| MD5 | d89801ad6065aeffcfcbb6a4ff32e403 |
| SHA1 | 1919a23b68bfe0210d9635d2dfd9593cdcbb1eb5 |
| SHA256 | 4846c02f811e4c23baccc783dde31dc366560888b43904ba1a42c2e34f815531 |
| SHA512 | d98cb8a3042180e23ae7672d45da034e5c1c66914841c5f1f371ebf2b9a4b52f1ccb7862ec044c9f41e34104be8c351627c6d78550828cf969fbc5087080ee48 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | 15efa47730efd12261723b65b82dc8cb |
| SHA1 | 399d96477a0185a0403e439fbd8f4a2c36ea4ffc |
| SHA256 | c9d52db405887e5189536e42e15b72cb9baf4417e77683c369b4e64ffe51deba |
| SHA512 | 9e48417d48f68c12c03b147bcac10f7778868dcadbedc24f071e666559e7248638c9bed5edff725a6307c2b114d7cc6b13a12a368b7b62e130854d3e63fb788b |
memory/3452-16021-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log
| MD5 | 6c32f3fbffd083f91a1e0432da6d0199 |
| SHA1 | 67d3ed99e5a1869546fb3b1f5906c219cf3ccdae |
| SHA256 | 59de9a5c63ff901267b7ac688663d8128910ab235b441f33a04788d8029ee379 |
| SHA512 | 0f04ca56be0d0e2d9ad740f55722e984369205572636fb8a3608ffeaf2fc3bc3545ddee2bd384eded2f11b68123a7b421b1ca8a883bb0143077586ea2bb6985e |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
| MD5 | 229db2414b4c2c8cbb931f25cfb0e386 |
| SHA1 | b9f45f26f5af1bb64391864cae31f83519d8937f |
| SHA256 | 426384f82fe4e01543a11fe9206f85e07dc678263857212c66d918d41e52c84f |
| SHA512 | bafba7081dc5bf37ae1d5ae2e53aa1df6f9e4f280ae084521c94ee71cf631c4ba089b3d29666af8a50eb958cc0d0f0058dba9dfecb1702d71e220b99783be320 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | 5e0e7923e5fbb326d5f405d3ba95fb52 |
| SHA1 | 91e7c8874a5cb52df8e5a123d38a69498f2b3da4 |
| SHA256 | 29f9bba582d5857e5f230d9bee54a8585b1356afcf32fe14a1cc20bcc43c4652 |
| SHA512 | fd49da866ecdf106c8854d45642698c1cd6eb524fc96f705ba524020ba31d3e189e777d88b8758e479e5d77146da08c4af5cdb8786db3dfd8e6e7fc8fd4eabc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001
| MD5 | 03506305bce7cedc8622b968bda97298 |
| SHA1 | a242fa7682d908974174e5455b511b771600387c |
| SHA256 | 5bc28330cb16d33243ba77e03fe51337c17d1ee02606c344dff93bb003af8658 |
| SHA512 | fe7a3048ddc628240a098e56c135bf32327900d81d73e290e6568fdef025bb5a9e89fe0d1eb08a995473434bafe0683a1a3a7b17cee8a67ae7d996da54286d47 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 06e602198f489e491abc4475f970e9c2 |
| SHA1 | a6094b1a8de208939fd919ce377c4111f3cc71ab |
| SHA256 | 95ee54ccc523d54fb8b360af4953a9678672f156f900f5e87666b97141af92cf |
| SHA512 | e96384824af1c88bb93347d6cab602c71881302107bd005b4031f2badf6f6be86af469694d1f2b22a6d1ec3154ea727589e9598f5c00930b766c811c6bffc528 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | fb2304d453505d2ce4bcbdeb7713230b |
| SHA1 | a1bf6d0886a6923b0ad12954965550b840f5d690 |
| SHA256 | 5115fbd04c5ed8fa8020f58f4da2ece274b50a222a8c1cd96733e667001e83d4 |
| SHA512 | 5f643b0777c3f0192dae39a40dc65adf93c8fdbb005db2e13f93f5ddfc8ee4f087280faad6d922e730fe9fc80982518e874ce2f3f7cb877a0af713a485c0e917 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index
| MD5 | c274523500d4b0c141324c68bce2d185 |
| SHA1 | 16ed1828c59bc79cf9de8ed210b07d3e827ce78f |
| SHA256 | f453091e3fcdfefb49d73ec653dd917dd65016c8c807b25b149199eee4684848 |
| SHA512 | ed41a7c96698e38a021e39dd2e3ce73984c4a129cc9e7428528426732de3808f4288b832f1447de1f55e1cfe986c6e15be658c6749755ba578cfc9a6f30c2bc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2
| MD5 | dba904eb327efe76553deb13d4abb5f8 |
| SHA1 | a4141db3d3c6209f351c52a480bf6e32275fba3c |
| SHA256 | b615bc79f41666a4659c287093be00468228dddfc1687523335f38e3f8b7aaca |
| SHA512 | 29a57b58643ee4147845e90695e7930b54fcc3d06744fad30828f3fefab4b5dbfbe5f3e696c27117c65d20a9242c97561c3bc4267644a25057e4d43708d6a828 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3
| MD5 | db82c1c3a69ba657eb7f371d9ba58c2c |
| SHA1 | 6c2c5fcfe539eed8addbbd24a63739276d82a487 |
| SHA256 | e26eb58603a7c9bdd6fe9959f61e539b5948d6673563b824a5092bffe457b6df |
| SHA512 | 7e6b3a93197dd97cde319a66b84d5c71bfd654a76bc6670ad216dbe8c521940ef2b12c12e086f29f1e26b05f799589d3e22300ac93448365b52545ba1976bfba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0
| MD5 | 0b4e2c2d5ce00faca9e7d316f3011ce3 |
| SHA1 | 754cfd1e2768456f8d9bea16d0c05924979953d2 |
| SHA256 | b5d73b07a57eab8960fc36f8f2436c15390d999be2371a6241eb1962a6dd4822 |
| SHA512 | 8953d18f9f4e15772def92beb5bc9a440605b31fdd470e3eae2454e94822b74930c5cd53f59f5b21eabfed1658e59a4cf70976df102508dcd4ee9c4f697cfbf3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1
| MD5 | 8a71886e110277bd259aa193c5d4c225 |
| SHA1 | 67403bcdf32ffbaa1a05eae4eaa0b0321b778fb8 |
| SHA256 | 6d4321726c8776b02818ceb7c4990e9267a1ce32040ffc9079b81d6abc902164 |
| SHA512 | 87abe3733f69e89e04c55131e44b42f8f19d3fa5c0655c6c0b227e4cd4ba40c6cbd41dd2b409598b98d81b6eb0e37cc148c883765e05bef8d54bf774db3420fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 6eb8fa2d563e23f0210e4df34c49e736 |
| SHA1 | a5e6e04762dec9c8b660770c65e716cb8234d85a |
| SHA256 | b6a0849594927654ebfaadb5748c155f98a855e984a2b79111df990f1be14e3f |
| SHA512 | a20c2da93e338a966a689f6d695ed575085c118c7a7042e6bbd5c1e28a39f7a76b240b5723e8aaab6db0db041ee79e9e218f115e38c9352bea97ab79572ead0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 2ed5c26af6ff895beb03a8c8a73ed61c |
| SHA1 | 968616b2b3ceae9410166cb1b0040ade13507df1 |
| SHA256 | b8f3e20930d5a740a94cdc0f8cec8496a6845e2f1583a8c721ef211e225e589c |
| SHA512 | eefd53eb965991d92d4d7d50f57ec5765104d3d880f100ab722c417d251f49adc38cf7d541344756b76bf4494e4cf8bd8ac8c470986efccb0c73ea3545faed3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 9c742a8e51bac9a3bc2a890599916f0e |
| SHA1 | 647b6e8aaa16b51f0acf7240f1bd36470789f86e |
| SHA256 | 69b0c220f808cd699fbf74a66b182e49dcbe4dc1ea9fb86164d893ab09ceab96 |
| SHA512 | b6c4875fde0e4ce2b921d6127eee5f2a80096bda16d277bd8a042f28b9dea213df189f5be91baad506bffe1b12770bb7d81feac537793eb891ae939195cd23f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
| MD5 | 7a6b98bba28d158a4851092a40c5036f |
| SHA1 | 84834e912f31f4ae17d1a4fd54b20b688844951d |
| SHA256 | cd0c28809d752898931ff14e68905b74ad2220082ef3daa543c42c267adf7af1 |
| SHA512 | f87b404c2aaceba0dd9553c323191ac7fdfc7a7a365f7ea7f443622ba6afdf318f4fbc5ac1d87f715ad6a3a0c191a9978f18985a47fe052f177abee532ec23ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
| MD5 | 8789bf61415bcd55bbc5a999baa7be7c |
| SHA1 | edc83db47f30cc94399d9f8264bd8619ca2a5920 |
| SHA256 | 95b0e906713a2921da266d75d4744fa5985106dbe798fe5acc2cd3daa077c76d |
| SHA512 | fefc7b8f9e1542dc1fc0b383fe9766b142ad2734d0837a14cf8086dac9024cf0dafce90ad8fbf4ae27b04b5df760f071efbc0d617a5f0d2e7a7caa103f3fba2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
| MD5 | 337e1697c41a6b2080ceb1ccbae4e37b |
| SHA1 | 9a84c69984e9a7e3844f18c97075d81395975da6 |
| SHA256 | 1e4d9e2ad516a34f69698d508cbf1256a9c38952415868105396dcece98c62c2 |
| SHA512 | 7ff3252b80838f52826a95f0154e96ef2bf63813bd0694bd7b02458aedbca47cbf0ac1ba2ddd21ff504e2d99c91d1f1ecb791bc66b1b7733dcbbea49b28fc5b5 |
C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat
| MD5 | 1fff562aa58c9f1c222c5049e9bfa592 |
| SHA1 | 13e00d780e65db0774172e7ec9bc3622b67b755f |
| SHA256 | da2350b8d4e82cf8645213b4d48f2d98472c1e60bd1b72beacfbeb6c0d5012c7 |
| SHA512 | efc43e9ad283b6348edc1d18fe97b7ac1253de93f69be41170ae6b937074c994acd17c9333f77e616ff1ee6a47146a0ed8cd757a34f236bad8f6146880c10de2 |
C:\Users\Admin\AppData\Local\Temp\wct5658.tmp
| MD5 | cd03b86bbf96b05514c7b9537822061e |
| SHA1 | 9ba0298f3e2d2254783623055cf81199f484b10d |
| SHA256 | 616fbd1592a211e63002bdd5379ceb55b5372d1134cfaa9a7bdae2aa0f7fb3cf |
| SHA512 | 9e939ffe171cd900090bf9c1bb1d36448d8c978a8fbfce48d38abcc3c862d66511ff4b341743e5ba17c924696c98216b32fcc104a3fead4f365d288168f8ae5a |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
| MD5 | 6dd4eb5e743f5285173442a03b662873 |
| SHA1 | 2b47dcd972caa8a836dd85af02cf9c4c25de762f |
| SHA256 | 69af284cddb8c12f8bd7826af5e1ebb4a7b5ad9b5995db4d3be798fdfd51d4c0 |
| SHA512 | 59c6f267997558845f820c9b1a6de73f64a3511d5974e93185aad67f63cb84d399c724be3dedcff8a0a3e61adc28c14b095da767ed18cc2786362cd10e0b70c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\places.sqlite-shm.NBA
| MD5 | 62d3f7732141aa48a48b5630b9c923ce |
| SHA1 | 1fc82d3e929330964fe45bef2da12c0e03c4a11e |
| SHA256 | d1ef1f5dd2362ad060b4f69634c9f2769caeb75593b49199bcc34e4c3dcdb394 |
| SHA512 | 610ba77c8a54d54d97008b1e0342779896f130d1d6d176f4afbd025e82fe58eea3b77e339a87dc06d3f9f9146bfbbde247aa83980a7cdf4b3075cc333fd20954 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
| MD5 | ed7e995f0d82cb7a3923b0bdc7c2fa34 |
| SHA1 | a484ea9eddf6e5dc0a1f170ee0a2eaf63c8f4270 |
| SHA256 | 609b52fe4f841cb17500b68ea4110e42ea1d7f9e182e93601f21b0985eee3aec |
| SHA512 | 153af1cad3e76414f54b976dbd63efd41000f08dcc9d5cb3d606be5890ef3e835dc877d384b899fcab27b6bab168cd7fd7ae21e82ac46b10fe0a31b6a2777b6a |
memory/3452-19129-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp
memory/3452-19413-0x00007FF69AF80000-0x00007FF69B072000-memory.dmp