Analysis Overview
SHA256
44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec
Threat Level: Likely malicious
The file 44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (8614) files with added filename extension
Renames multiple (7756) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
Browser Information Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 02:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-14 02:28
Reported
2024-11-14 02:31
Platform
win10v2004-20241007-en
Max time kernel
91s
Max time network
125s
Command Line
Signatures
Renames multiple (7756) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_empty_state.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-144x144-precomposed.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\file_icons.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Templates\1033\ClassicPhotoAlbum.potx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\resources.pri.DATA | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_sv_135x40.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sk-sk\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial4-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.ini | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-tw\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-cn\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_wob.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_replace_signer_18.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\mobile_scan_logo.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.ELM | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\view.html | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_super.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\check-mark-1x.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ca-es\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\MoreTools.aapp | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\caution.svg | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\WelcomeCardRdr.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\lib\tools.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe
"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.26.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\Lang\readme.txt
| MD5 | ce84fc74b75f880013e953a200cfdde3 |
| SHA1 | b7aee542b34765005180b89853b4d1630c21bd25 |
| SHA256 | b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66 |
| SHA512 | 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | a7e50e5995e26aa3b42aae151793a540 |
| SHA1 | adc0541e6aaa30b6f16b732ea2bc0a50554cfe4f |
| SHA256 | 23ebe5355da0e0cb4acf5bc91f74a29c9b2fa88af70730b9beaa3897e597b2b3 |
| SHA512 | fbd9007b562df220b704497aeb400a8d0788810318ee6753f52dce7249a346c7bb0529e8d317b620ca68d4ee85dd4a287c8ebcac1850ecc272331045582ba333 |
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif
| MD5 | d0c75c0d8949e4464c9b7e1af7d8b193 |
| SHA1 | b2ee9ce5645c52bf675041f1d9f8bc3b677a867b |
| SHA256 | 22a10b3de31a0efc72d0b73efee81535d92d015a36eafc8b5e5bd93020faf752 |
| SHA512 | a3bdcfe575d1cf06b462102b6a77be9148632b8175c78fb0f0801c635a99cbf91cb87b1836da460f1ad9f6514bc3ca144fd2b68b60970986997c108d92901812 |
memory/348-5190-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt
| MD5 | 21dc3eed77aa4d66a35c5957393c1e20 |
| SHA1 | 6eb75e29873b6cbc4dd650e96d55b6aa31d2550a |
| SHA256 | 4318c931fc85fae4c88727bc5ff750f4a37cb003e1e6ca9a0cb3859d2be4b953 |
| SHA512 | 8dfeda44048657fa0abce5063fc307c55cc67fd8a8f7581c018fdc37c75676927045dd053f97569ca4315be2e0afbd97995188ac7632226ee35e4ee96dc4d47d |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK
| MD5 | 0ed72bd2a966536f444b4e8c6cfd078a |
| SHA1 | 42a4c73450f57723076fbf08c219436df91dfe9d |
| SHA256 | 31f6d55871986dbfde836b3ffced994019c8912a97be81c83791293a611437e7 |
| SHA512 | 7a71f55f79c728fa0094283c0fda5bf4d0226d512a9aea913a51c4d965582916c779f723c4e1f655a0bc3ee863871f34e036a2c2f45d0fd7aaab3d18e6d444ee |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK
| MD5 | bd6ae2c462f88927573624c04382f416 |
| SHA1 | 2b9240a6af9f20e39cacf62c495d10233a3e90b6 |
| SHA256 | 97a37cabe55eeec91441a591d5cce23686a6deaf898d8ad9232d6fe745161ed4 |
| SHA512 | 9414bb69a6fea88b312816ea9aa5d8ddd0b64d928c14c9753982d4626e41d7c277fb415f7e556a09ff3eaf23efc51525af29c08d981e3e5d4c41b58323c4318d |
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL
| MD5 | f808e28672ade639940b08f12f0cbc8f |
| SHA1 | cffa9993278c71a4a335f5800bcdbd31214c1797 |
| SHA256 | 0249334ad49707e4e108a9d9116f03288fd74d899fff74e18b3858edb5c4b900 |
| SHA512 | b3e1cbcbca8281a683b776d5055c38bc05114ba3390370f0abae25a8462ddba75806d66d730558d141fe83caeabc706208fc0c5abb269e3c797688b9701c6c46 |
C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8es.dub
| MD5 | 8b065c40a189a10c974262301a145a7a |
| SHA1 | 1e322bc99f029ea0bf287610c1c5b03e19dede24 |
| SHA256 | 86da49fd49a2227c8685fd09fc6299acf27147a0046b192ca396859941419a5b |
| SHA512 | bddb513a4879e314694bb9d3c0a2dc419e91841be5c162ac7d131da55f21f467fadbaa3f0a6648cff493304aeb33583d08f4737cf3e78fd7c792bd6fc16b784b |
memory/348-9034-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo
| MD5 | 11d736bbc596603a353ee3b878ced01a |
| SHA1 | 4903d56dee5831ad5b2de362dfc6192611bd9a02 |
| SHA256 | 0e5945129e6306cb6107584d2a07d37462bb28585f349cf3548dfb8e02a7dddd |
| SHA512 | 21e4f0ea35263d5fba851c8ac4eac2e0f8c22849c7818f76c2e442ad999cea831273daf81c254d0dfbe1f11693f0565ae60de4e7445098c8a9237ec12579d817 |
C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\vlc.mo
| MD5 | 0924fa1e3a16264429d3ba2791eabb34 |
| SHA1 | 9bd237eb82968cf8889b50038f0240cc2af7c2d6 |
| SHA256 | 1b5e05342c4d9f96291545fbfca1b0f7f6eb6b17fe11595a24ac5faa9f29f296 |
| SHA512 | f2e07d0036dff702e170b79c14f4d1c40330f416a2ec3ba9a697a792b02f83e9af22f87c5ae996c35e81d0139e222850baba289f9fc3329248e83d8862d6657d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
| MD5 | 401fd5998a4fcc08b6cd02773cb660f3 |
| SHA1 | 417086d76cf016007b19f4aa6eb53a8c16b6a923 |
| SHA256 | 78535597481cef23b49cea250eae5c2350b6a0c736426828fb5d6a7b233876c5 |
| SHA512 | 0f931c940112d232d7d4b360418fa23463bf9b7bc4832f2a394186ce859463076288f97d781bf5473cb47061fd648203729c0d2586dde2759a50da59f00015c7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg
| MD5 | 739206d0d29793a0a696a5b82d60efe4 |
| SHA1 | ede9c5c52769755f438a61614e9cc6b8e33b6540 |
| SHA256 | b68a151581153f85b13abe461d8fc8af5ebf2991deeb4d4d95e6f7fa13438d32 |
| SHA512 | 9d11cde80f67e498232aedd483fba80e8b1e071c0f573cf8de7743138cc483ea72b30705d5fa2373f336688e26a5f076b9520685b897e0a9bf9404051ce9272b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\ui-strings.js
| MD5 | afbbcbb2e8849cb8e554c2cafb88ed08 |
| SHA1 | e3fbb281eb8a5ba37951f05d14d3972131c6862a |
| SHA256 | 12852abc229ffe995227a679bec326be8dc8be196fb07a5e34d8532bb10b0d33 |
| SHA512 | f07c0287f7ae6aa9d8b4c75807d640e8c73d20ad6b58edb51d9445b11e2ada8b08e0a3f1ebe6f5f1fb463c9ce3d59d68784bf95c96156e3e0b261f894f2e79a5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\ui-strings.js
| MD5 | d4d28909ad8ab9573c04efc1dec881bf |
| SHA1 | 12c421bb79999ef9e8934f22f5a8111d0675144e |
| SHA256 | 35419b86b2e09c13749feaf4b4d549caf29090ee8cc6c7c88275f7bc6b4a9ae8 |
| SHA512 | ccb0437b4bdd4b7fdd7020877e16e9a04ac06bb936be271c7cf50ce8458c5d6399c89cd895a4c47c3b1a2f6c9a8ca208a2a51632f7643fb6ce10c9f20bc25a1e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js
| MD5 | 4a946f8698cd656e26defea51fa637f3 |
| SHA1 | fd4718459470277a96f6811b0d540c21f1aa5497 |
| SHA256 | 2c37a43a6c674d70cea4b25987d4f4572487f2f0daad9034c1ee095ff0e8779d |
| SHA512 | 3b40ad7df51904ab5b5e6cce368c5403934898326800d47151d81130019af5d5ff9895ff7d1ef01827f3c6c053dd088ff463e7fc6b48a8750a2664775d7fab94 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js
| MD5 | c54f7ec8de367a7dd3b76563de4ff09d |
| SHA1 | e7809088de1d3d02c6d842b50a1c9b80e26baac9 |
| SHA256 | 115a6c09eeba55aea44fa9088de73baf722f569cb72740c955c23a64aaba111b |
| SHA512 | 2a440e707bde336c79271027816f55ae1e3910d4cdbf34e2e12658d318cfd1a80b1c46dd39c2561e2203b2836ae64d1be857958c9f17a104be5616095ebcd2bf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js
| MD5 | 6e9a6d15919deb29f0e1d5c189337082 |
| SHA1 | 9a8327361dbe06f82e4b9c4efb2bce27e4331546 |
| SHA256 | a42229f8edf0f81d63feaa5feffb45558f539cc0c3a3bd295baf245c1bdc6391 |
| SHA512 | 6a777a05b745e6caaed9153e8d5e5f4799c219e19e66e4ae2ca356d3c33b65ecc44651c673464be7d50b68540ef4ce3ff92aae0c8caa9f806381bd78a4360437 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\ui-strings.js
| MD5 | e88869b8ec2d357cb1bc40444a20af83 |
| SHA1 | 9f7517302397bf318c6793368ec12a473c17d84b |
| SHA256 | 5a8cc455077e440ec295330ebe7eaf1f3f954577b10beb866fb85fe203a2bcd2 |
| SHA512 | cee2c630d3877109a1d94f6ac5648a2d3c7bdc987b7b4775a6f447c7c0acc3d5a6189cd5b1741b678e4bb5c4936ea7bbe43ce7fa4c6b759daa6b55e9bd1a8233 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js
| MD5 | 540d46834d7be6365b3dec8bb46cfda7 |
| SHA1 | a4449010c349007b45301688e519739b9d7f5609 |
| SHA256 | da16cb6a2e07a155906f8ccd925cc568fbc420f5e79df1624e4e46ac42fd57b1 |
| SHA512 | 6a055e6c97ba45e321bece86c9012ee6bc5b0f93989d27396042d9ebc222210bdf6b6cc551bfd70d3ab5dc48b7d0e8cd0b90367733cfc31aae9cff861b0f25c1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js
| MD5 | e15edfebe24a21270bc2e704364606c5 |
| SHA1 | fa99fa436a5d51cb7c51010d58def53cc059b806 |
| SHA256 | e23d18ad1e45a86b1804d5ec229d3a533c9161e066435b66d7721659bc56057b |
| SHA512 | 55eeba815e04ab7ac6ddf5f646f50014cb96bddd13d34310169e2c095624c0bb8652986131198419b9548d016b6995016c7a12e83013591578e8678009657fcf |
memory/348-12430-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js
| MD5 | c39ea0d1f67901afd46bfbddfda0e302 |
| SHA1 | 3b7b92c3a9d60a05ea1bf0052b18376526f7f156 |
| SHA256 | 85380924bb06d2f9c981c68479a5a352e68b859be67c920b9dc4161aa965d1ee |
| SHA512 | 23bb787fda88d5a411ca9ea01f9148d454fdebff1bb1d93a0b835034a89fcdb515783739c1733c740482a022db79c6ed04066bcf6ff30a1485db85727029b5fb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\ui-strings.js
| MD5 | 0b9a01045817d29059ffdac036778581 |
| SHA1 | eb2fd4c2685b8dd93aba86d71791dad16c3e98f7 |
| SHA256 | c331790eb0b1bd7d1ffa03eb9fb4dd1eb6d02d61e63b997c137289fb26880ed3 |
| SHA512 | 8e5cbcad1569e1417c7e4438bee7214b27255cf2161ac49843548103b2a9a932c7a72e899518f4c01e9e9d8ebb8b2e3096b6bd4be1f4c453c9af9978d82fe404 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\ui-strings.js
| MD5 | 2ac860732ba357bcf0773789aa25fab4 |
| SHA1 | aa27ac4d8c03b598cc2ead1516b6c90f1406f1c2 |
| SHA256 | 4df37f2d96d08d98b6817471014fd6e99550ee27a553f0b7cdc72e069047be47 |
| SHA512 | f718e60a752b8c89af9ae9bedded4be4d4f73245da71ab722011b64907db8aa5fb1a67e0d64f05ff5bbfdd3df6c7a243c6d8cbe83de7630f304429e18b41ba0d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\ui-strings.js
| MD5 | d7f90fe353af7dcfb31c1ba2bc1607ca |
| SHA1 | 7111c363dcdf6c7cff1ebbd6c7114aa12b317ecf |
| SHA256 | 4c5f7dc2886266381b251fb3e188ad973e76a0a7928bd465c12dabb57fa41689 |
| SHA512 | 06e148f6b157d9cfb32e087470c6eb2a9011369ee46682a517bd25d367ae4e28705b4841a90acf5d19c2162f3b4d8fb5b3dfa02a8c07a41ac4330c9a19c2ec6d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png
| MD5 | 00e3cded1921143f49d27733b569caa8 |
| SHA1 | a9b76decd1f305c5ecdfa7e03a390704da89d367 |
| SHA256 | 5ec79a32927922379622468cb01d95aec1a9049a00a1a26a2c50e1b17af6ccd0 |
| SHA512 | d2daa78fc9f4b502a9a8f9c46a63fe25475f9b6fbfa66a9071934f4209136d625bdcb03bca65d2ff9f0eccc70e17ce85ff8f9b903cb77437cc487018ac141744 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 565ccd063d99402f589980c72d280de1 |
| SHA1 | 456a971be167f411fdaa25fed6efb59f45db3951 |
| SHA256 | bbf1ecc9e1046d2f7ad12aab03dc9bf6d47768ae9fbb4f213ec89212bcf55bef |
| SHA512 | 17d7a0d4df5b411ffc2262b9c1c65ec7e182a32b82d1db41bc357143d350e00144814500a62e6388bdbd60fd9b4ccaaa3f6930155ba225918ed171844a15ff16 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\root\ui-strings.js
| MD5 | 004f845a9a9915c4fdd8f139c62d1ebc |
| SHA1 | a13cb7125b4835cdf2f780d0d6d3dfd237d26917 |
| SHA256 | 64368f7652613eda0fb50582db2861795011305215c6c975d1a5814d8bc4a971 |
| SHA512 | 9ae962fc09d0ff561641dbd7612a805b60e6b99f10301553f945f858e48978b6d642d67f5683b7701d0beda06b60fc658286992bbc0578626f0f6e3eebfcd16c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js
| MD5 | 581ba38332eb5592160095ff3b4157ab |
| SHA1 | ed7049a94ca086eea00240956156b74c6e41881b |
| SHA256 | e38c11195cac2f7aff16640bc114bd9ff035433a7b141d2b0df897463b26e1df |
| SHA512 | 6e0ea8ebb50b05c4fe92f8b2e2ad345e08b8de016f1df1cb1df69e7b96fbc9f647367d7a77d97437f070188397e45e99486267cc1b691ee668132612aacab2cc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif
| MD5 | c737091977b81b13c0e5b77712b32227 |
| SHA1 | 0a3e006ee72061d75379412b9e44997ce6475149 |
| SHA256 | 9bf32cee9c5ae6344afde105bee31a33cb99aba38ae9482226e2b1155676c20e |
| SHA512 | 995173a9cc28e59f403c58bac3cb1e060596c747005746edf38c05d70cf26f01a8489f148af7915ceb7458e7e682f5c051070dbb43cf62fd15e8e2964e57fa23 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png
| MD5 | 75aeba3f58ee2c3cfac28a8336bab724 |
| SHA1 | 020bbc9c04baaf3a4ce915af8975dac6bdfd3e50 |
| SHA256 | f92fa739e5419631afeb2abe76a242faae301de9e874061b028798cae4026f04 |
| SHA512 | 5062f78fef28560c8aa8d6f05cf51c33c03592e21c2417c78f0d79f04d46568ddce9648aaa8a60b765819f4cf63a6d44490ad8a7050aaae4cb13849f4d7dee05 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png
| MD5 | a6f303e66b598d68504c29add2e53e08 |
| SHA1 | cfd7ae0fb732d62263e97e9f462eb1d7403408d9 |
| SHA256 | 14b4e6e9e227ab45157c9a0694e68b84655e58000cb943e4afb7ceaf5a9f9cce |
| SHA512 | a8fba955e6f889ff6fb60b30f89ffb28f81299ce2f6e9d98a885df01c382df672c72ea8715e9a34a122a34f5326f57758c6927e8686fe14ac0a96b8e675874cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png
| MD5 | ee00be3c352df44af70050d965b3fb2c |
| SHA1 | 7842819fd61b968b68950a7268aa10cd90150029 |
| SHA256 | d2f660bf8aefa61a12f98f62494f4846db8f92f37bb643de69f3f0bd5b98ba01 |
| SHA512 | e8ee79a5a5b82712f3c4a73c87d2975c38761d14f310057605dcf65a7d8e2152533a60d9052debb6a920dfef519d4950db6f65c13916aeca48c1b8a39f9ab4b5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png
| MD5 | 92147c5b10be810fa9d2ea57bb8c23e7 |
| SHA1 | 28791671cc9fbfc6ad75e7aaf32683880437e4c0 |
| SHA256 | 38ecdf3c9dd0a961e10f5f951548e52a00b09d9eb2a0393253ed51b6b46622f1 |
| SHA512 | 999bb13ad82cc401c85198384425e8c583da4273ebd028ff0bf2afd0bb6355a8bda1447bcbca04a9d9bad84d329e64f899e4375116ef6f6ecb627494eef4458d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_retina.png
| MD5 | 4119f49bfa50c55a10a2ae55132d186f |
| SHA1 | 5c0eef4a93ea5a556e51ddc7d120a19ecc73a4e5 |
| SHA256 | 07590b3820e6a3520a383840b0e829807670acb074a851f00fa798ef3d5ef1e8 |
| SHA512 | 5b228f32562e4667dbf38fbc5f0269a89627feb3441193791495c383b5371a459448e97f52eee9021965fec80e6db9a690c56f27d3f2c74f6d92e62e57a7c38e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png
| MD5 | 5752608540189a3d00dc02e40614216e |
| SHA1 | e7f9e62555f0f51855d756db55f02ccbd9b12ffc |
| SHA256 | 9a73a42b193483e0f8d8c35a9c40502f00b602061ed845d2b97d8ce76fadc9a7 |
| SHA512 | 32ca99e813d95362697608369f847972d47e4c7e057926676aea11f51ee6c1d9c54c7e4633e0f7c25bdc2ad4e73e66cb44ef020f97225a31654e1fef0075735f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ui-strings.js
| MD5 | dd91d683dbc957a6fb2a96b443123895 |
| SHA1 | 6cd71ff3936afb0d12f47d23fb5563e029184daf |
| SHA256 | 65c8bdf89674e90227eb85cb96daaf8fa3658a9713c77aa01bbd683963067b0b |
| SHA512 | 2ff3235f565588458133755c8176f831d4098cad7e8d710e5627687768a96f0deea9b1ab67c9b057c7467b8e096eef6e0a09d16e3f804a324c094521ccd50dff |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js
| MD5 | d2116ac81cc38a1b6f8d5ae7d48dc94e |
| SHA1 | 2680c2d9a3b1fcf9d994d8272be7c039c1b3c819 |
| SHA256 | 8ee03b2d0c7776be077d8add44f8bea0fc3b8c6fe87c000f4d5e4dafb9a8fbcf |
| SHA512 | 99bf9cae367959dbffacce6160b14a29018c615056a92f1c47219a798ffdab8d53ac3c644bd1a861f533cf40deb0a00e80d15ed9e12677901c852ae1d5a6be0b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png
| MD5 | 254306412a7e998b0bb781b01bf48c87 |
| SHA1 | 6fd0aa7acca7031d85269cc987fbbc099681ad32 |
| SHA256 | a6980dfac5956dc1b15a01cf91b0f213ba81bb1d156b7e44f021cbfe5c2abf98 |
| SHA512 | c38422eb0d5a0aec4a0c8e75943c720af19f34783a9b19760e151a84139b0fa708147443b61b257f9d971c7ddca7525ef263a5b2ce152e88289261da1c373303 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js
| MD5 | 1f77fc8d455023871b602a9625ec532f |
| SHA1 | 97259ced71a7920b9bff1b43743948b222b41640 |
| SHA256 | f71504fca925a11d4eebee3e566652422b899811436c4124ed77f8f7a423fa76 |
| SHA512 | e2580b698d1ed863bd83588397a33bd88ba0f8ca76a705cf2262744dede080d200d0bf627c89416804465ed0d56cf7427f33d06454c2dab8ce16c1979c7f73c5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | eb72b015e0189db9800ea31cbac1b353 |
| SHA1 | 56fc23a846663fb8665c80433d29bc2030e44f8e |
| SHA256 | 733b67a5b281bdbe9eaab7378804c44b04a6fe7df9d6927ff7156fcb3f892441 |
| SHA512 | eb5d68570ef3ffe7089406f5080eebaf2b44a91a769163a88dedb1e1e50e0bf5d23e28139bbea792246dbc6f5d257cea370ffdb0f4527a6bfbb38cf95d7d034c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png
| MD5 | ab0a1f05063b85b2444734022aa22ec3 |
| SHA1 | a4aee0f42c8f0bee9134d861ea7b6f75bf5e8dca |
| SHA256 | 7ad0feb31e9c4e828a4780ae1b7ce66894e2e7c3674d8f19caccdfa5da5c2ae9 |
| SHA512 | 1bfbb3c7ce989cfbdcd30885c34c8bba666982e81005d81efb0242f4187ef6b3e5b8a1834eebb0e023b3b83ebabd5848b9e55ae0eb740e98055695a1c41094b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | 3e2a65bd46a25ad48112636a58e49ec5 |
| SHA1 | e0fceac52d9c0016ce373acd0874d47f3eaac472 |
| SHA256 | 5f46dad45f8739f63c22ab59a5dd83c985fa9b61d81467c28ca31cf54d81f049 |
| SHA512 | 22f5e28c2381780ada7cb313870f43710ba049088336fa253c4c86f27a62ef9702e5314eb0605a4f1f391cb40a9c53f068efaf02115cb4a46c43c02235a16dc3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js
| MD5 | 129a85866aa297254b5dd08631671876 |
| SHA1 | 34ecc3381d5fe1517307b615c8de4091f71bfd54 |
| SHA256 | 384e763d0107e82a8c228d7f723df9619ef6697a7318da57cfe9e06438d7b528 |
| SHA512 | ffb3272f4abbbeb2c300e06fa3582a081770bb42f6000eb3b45cd9054e6cde9da730b48ef0b3225764e1a3fb3f64cb89af65d43ed8f7a10c95615c56f6e16939 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css
| MD5 | a197a0b2a849487b9131effa771432c2 |
| SHA1 | b49396795e44941b20fdb2cd89501162313c0404 |
| SHA256 | ac04d5603d858fac907777cd3a931d0d4e3713cb8ec4446f62d630d28e9ed47e |
| SHA512 | 62398a0c8e414ad9bac9c8b5c2af95b654791b174ec04989eacff0881d3da2902f099059a8a3f87f2efd4980c2ca59968229e0aea591cc0aa042a732d105d3d0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js
| MD5 | 73fae56b826f6d434f745eb4dc1fe6a1 |
| SHA1 | 8c0edd9f0929f7ad9251ebb8bda3777c01bcdd8b |
| SHA256 | cadfa650cc861cb8f6d28022e558e61eeb341480570130d91c9738900a04c9e2 |
| SHA512 | dc6ece4671798c16c6e8bf8d63fdbabf7c72699c4ebe8246d9beb2cd5bed8455b00b47ca82f4bdd7f0d5e3eb936358717c0aa39c7037270786d2e6c61355e05b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js
| MD5 | f2c723dedc114cbf26ca837779ec5ffe |
| SHA1 | 21b157a80d3d9c72e6151e0696cfc6d46a557ee3 |
| SHA256 | 83323a095b8b059c66d896215b75ead692e28c485c17c6332b5dbca8c832ee76 |
| SHA512 | b73844b53ea69aa2964c31ce225ef08cb413bef71ac2deeb498cfdb865e1902184a8fd5caa382a06bfcc07e63a09bfec6865570bd1470ab771876535615b408a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 228dc36809c43b6f8bfac72c58950fdf |
| SHA1 | f7e0391881302f80d7b3e0678d2da877f70fd6ad |
| SHA256 | 94e9e42b90d03f9011dbd2189f08886f77b8578b26d47248e6fd5e06206d06de |
| SHA512 | b2069c29e53f6d2261a27eff58ac60adb34de87ad7f90d0590ea9ed31d554a35f9bb99d54e8187c8ef0db6c6fcd7c9243db7980134f9e19b21e2886a9c99fb7d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\ui-strings.js
| MD5 | 90fcd132faf0dd35a761e44c461da735 |
| SHA1 | 156d82603621e052490a989e5eec945ee61eb399 |
| SHA256 | fdabe563e8fe098c4421f4cce909e93b64874562889f18c48d814e5b1113f935 |
| SHA512 | 5a1e5fd67181a15ccbc3414403b849fedacd11851f0cc2d96b7538f60b7ffd1fcb9047f1a17f3eafc3517e9e864798a451ff15381616b767e27b355836e0d502 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js
| MD5 | f2a31aa677839bf49a5315e700a47a72 |
| SHA1 | a5f99f3ff7f6b1fd8fb8a349f6e22d34a33d5b62 |
| SHA256 | 57f6335e435285b8513b949923361f8a80ffdb667e85f51e05e87a2638cb4ef3 |
| SHA512 | 41396fbb37311a1026ce345e0099b7c9dbf74cf5a229a7c61af23e36970836b6c993f957d16587cbd2355c1baeb8058c9d2361d69bb0b21f78f4fcd42651e4af |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js
| MD5 | b1f482c3c84d707a442ad936143d7251 |
| SHA1 | b077cd1726ae70b1087b7a53ed546cead256ffb6 |
| SHA256 | 48356f6ff79a727050b816155dab2dbb575f51e5b7cd530bcdb197b5ecf0f31f |
| SHA512 | 491a7bfc8356f4cbb16ddb5aac5698c9a792a7af793b34690b33ce5b67cdc16974788a57b870e5dc9185bb9f7a63650c0871622f174b138ed5009f0d8edc9c89 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\da-dk\ui-strings.js
| MD5 | 458f4257400623af72eee1fb778d7e57 |
| SHA1 | 138b8a6c5d3592d3b03c09ac1489b0f9cc23ccb7 |
| SHA256 | 4e0c655309b175a3263ee9e44000832ae80c92b73448b855f387f588e028a9d3 |
| SHA512 | 712b6ac73d14da70ef39da2bb035b4ae8a5243457ce1ed2095177e9258915398cd7daffad851b432db1947c14c4d313cc8642b70c803b8f7da29fe674a16745c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js
| MD5 | bfd1ccd3ca3d764a18da5d5e9db9606e |
| SHA1 | 33d5ff65facce1926edf83c072fddadda9515423 |
| SHA256 | e0ecc4d073fd87584a6c5f20a189560b823af545feab70ea56637dbf0694dd31 |
| SHA512 | 97af626c05730506aa3540b5a85c7f414f06ce9c683916ae47fef1742bac26a7b8650e5b33e680418209ba98c2c93980417060fbcc2d11b64b78e0fa293517c4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js
| MD5 | 1221243fccef47e66b8055a754618a33 |
| SHA1 | 3d7b3a55068b751ca23258970aa4b8c8ce7f7bbb |
| SHA256 | c5998a52e986cab71a4131fa8716b76ad76acb2d71ad0b31a957efb387e81e69 |
| SHA512 | dda1fd498c672235b9672a3494bb1f01b9d531eee675e8da4b5173f4cfaf29c091732447924e6aa365374cf23df8a654f2ca1d3b8c735e11e55c8bb0f3bb4886 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | 6532cc4353d6a689e520b781a83d7d1f |
| SHA1 | 8018398b51e8a0af212f98c90e305fa8c31f5c3d |
| SHA256 | 0d28fb3eeaa6238f4b290419193259194cdc7704cc7e5af0d1bec74958b422db |
| SHA512 | ea54e2a815e76ea18138677861f9b843c133a7b11b3c5ad7c819ac6cb9ce0108a880f02124ddd374d8b57c7538c1a715f382cce79e311da403c28cfa4b74c416 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js
| MD5 | 394a96acec2c4899b84463f2f9d2b76f |
| SHA1 | 2c74fd950413a4e8a10ca4455956f52392417ded |
| SHA256 | eef39226e5306eb01624ec1131a99709140ae6e8fffbd64e091b990bb686baf6 |
| SHA512 | 9ad478729ac7cc003ce87fa55148628005ef38fa7ca6b38f3ca8dd00c7a0f60239c1594abca16c1cb3bfa54b626d023a0e1f577c2860fbab8bea56b30f4f7504 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\de-de\ui-strings.js
| MD5 | fa1e277b0087441f286d1085b2d3c879 |
| SHA1 | 5dfb4bd5d92f3ef30df3a44f8a8dd758bd9fb118 |
| SHA256 | 012821555888181e192ae1693fc4be94564681d96832fb11e79973608f5710b8 |
| SHA512 | 74a229e6e81ce9796a2d9a572f4cb661d8ce6ffe8f869dacf89d0c6ebaaab66279416329a70525d8888858bbf1bcf6fac7a599b157e897427b180ef738094c3b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js
| MD5 | 8e421fc8aa0cb2bc2cfbf5e8cac074eb |
| SHA1 | 91c0549f9d9cf1b31cdc70e871e6bbe7a713e606 |
| SHA256 | 78d174c6208a1cff6705fe1c13b1550f9b0cd1105c99c0e69578aed02bd161af |
| SHA512 | 532348ddd2f504fcb6603ce9bd0420f95e1a368451370784b5379a15c966a0a728c9f81a6562e04743de6f5a4315ada59913468a53a34106d79a613eb36e2fcc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js
| MD5 | 55be1d24e0bdfc0b5a0faab80aea2155 |
| SHA1 | 31bc27f44bcc29c9baa6e029aaa6b75cdcecb0e9 |
| SHA256 | 259c5a3aa2197a81e072270cc729b2706fd6d4934c972d09578f18782affc8e5 |
| SHA512 | f2104f4b195f93dd234be22a947e4a69c63708869d972b42d6efe06e3b3bebadc30500e8e69ddb0ddc84d5cffbd0a81fb24c4df9587a6eda83bc192420671d6c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js
| MD5 | cf4749ca9b66ed250cd4e1d841b03859 |
| SHA1 | 64f382ffc904c61f8113ce6802d13d42eca224f7 |
| SHA256 | e84e46e5aea95436ad9a3b1ac370f5a7d80dfa0aaa4b51b46e7cdc1e7dc9e832 |
| SHA512 | 0f2cca8fca06f861b540684c9669a05489f9a2bf46985c4d44700aab3039e9adb3e21205f17bcd57bc5e1fee6fcbabe2abe621e8176be551ea745bdb76db5c45 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\ui-strings.js
| MD5 | f451dfe205e7bb59a13ac314f62c3b95 |
| SHA1 | 80490b4366b26a850c6eae176a7a9b16cffe7b74 |
| SHA256 | d997d12e4de788085d52830faa76b7d028544889102d4c6c6544968bf9326685 |
| SHA512 | 7963901691c7d740de5ba7dab06bdc8c8e3a8e2433c2c53682eda06600f1d27a89791cc7b28a67ef5deb4235d61f7860e4dfd108622b108ff9457d610e2a128f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js
| MD5 | 829cad1945d3676763727686263903fa |
| SHA1 | e90034951c6955910416d788ca201c5a3061bdbe |
| SHA256 | 28cb582e9bd585de1abca2a97200e9678d1e870f287790afcfe7d2f9d426a987 |
| SHA512 | 7df1d609d56ed8e5d10198783cdec53f42bd0aa034e98cf67d0f346e90d6e349bd2bdd71d7720200c68161cdc826524e923203860a9e0c2e9b0cd1b678f325e0 |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt
| MD5 | fa771a47aac2737782577ae5dd073540 |
| SHA1 | ec06e2d718f0d5a3a445d4cbc733075870406a0b |
| SHA256 | 6c822102e835d1a4caf37278c644e25bcb6f14821e36c260a797445d7f89b302 |
| SHA512 | f1dbd2835b045b9f2282e4e1aa084f669ebd5476eee61cb37f105679f62ce13f07efdd38b6fc6cbf990335c9e0fb27617148acdc20aca265b65f583b585430ca |
memory/348-16269-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log
| MD5 | 0708cc85703bf987fdc93b50035230c9 |
| SHA1 | 8b2d33983a2a3f36e5d254f4d3091fdd519c6b7c |
| SHA256 | 2b9ebd2eeae023fc0651b237fffcb86ee057d326ebdbec14e5de5b3ea0d245c9 |
| SHA512 | 2e99b9141cea7772ed10ca42cc1c7845f21f034d8435ba69d3c32f1c9b845646e46caf79c90349ce1f89ac6089ed39d8895ac9e255c14c7fadd6a5a9da7c4300 |
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00002.jrs
| MD5 | 718272089fb5084157eab90795241034 |
| SHA1 | c6d2e537f03f2b23b2997768f9077d187489d31a |
| SHA256 | c3e8c5d57cf7264c9ea020d10ae7f5abd9383abc2eb65325346d4748049b4968 |
| SHA512 | 074de8f686c9825c110933e7e34e034e304fa3d46a092dfe36ff92ffc7da53897c217715ccef8a74f3f30da9789770ded959a3f95c1598ba19621be88f8593ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
| MD5 | 1c223acf09451c81d403a210cad2572b |
| SHA1 | 35ed0c747fddea099a062807f3d40dc9ca633936 |
| SHA256 | 8407e23529854e62433448860cbdfd07d0f610be20e2ab86a27760f69fd161a5 |
| SHA512 | 55c05fbc12c28053e4a89f90267b215fd13077dd1d156067427125614dd6a6602e1a1195549dc5aabb2b75dbb9852585259fab850dd77c34c211bc5c7c3d2b8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
| MD5 | c5ee68d50d16154fc78f34702456eec1 |
| SHA1 | b78616d0206caa7dba02bfbf7638490641c42034 |
| SHA256 | 9e419a2343632f44d21a4099956c53333b7946d70662ea7a5dddff4cdea12c66 |
| SHA512 | 06ff23bafa2c12e98e95f5ec8616fee86ff572abab8e6389f7e9dbcfb792d785f987cb1b3ce4a5a0946188adde89d29c84d8ef038a88fdec7d332cfae1222a89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 30fb5828576793e112c7573d6b7eef40 |
| SHA1 | df76731f8dcd536cca47cd1762d6c1d8443123df |
| SHA256 | 628fe07bd7f0bf54672f08fe397b6c48efbd128db37432a65e87538a3082c6b3 |
| SHA512 | d7a01eca4fd186fd98b48b83fc7e42bbf5ec81ba28707916ba1fb937a25d2265920f2a37b24466baa32c57a46508eba6f6fbe450a0c8ee52b7d974be293f09fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index
| MD5 | ecc9f2d4285f53bfd620983ea6b1747c |
| SHA1 | fbe0b0a837061866a8d51c059ae92c8f683438af |
| SHA256 | 4514c592f3af2a6e4bb1345f99915fb6b27e28e73b66a9787e241bbeacb60f7d |
| SHA512 | 3e2725273c441d605c53164fde5c78ec76c8af0d57d525ce16405d283373892800120a524bfeff30efcc56dad795ed0950ec73d743de5ef0cf2e5576e374a67c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001
| MD5 | 6dfabf6a2afad0cd5929bc202415d4d5 |
| SHA1 | 68025c0d1d475b8cfd3b41b8231c7ee9b59fa7a5 |
| SHA256 | 24f2f8a5f3ddf695910b5bdff95d44572be43c71f09dda538ea950950d38efa0 |
| SHA512 | 8fa09e33e11117afbb8f70fed7874c95fea877928ed34e893fdd4dfe2cca7ded3e7670c4af8b3b570e5c5504e4e403d3875855391f4b2528e417938758743a9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | 63ca691b0d68f6b84346269a67be4a2c |
| SHA1 | 9f94c1d0ab6f3a466ba6f21ba981146435b26012 |
| SHA256 | 5eff000b7f1ad338cb0f25bc74c78390d77f32d5f378cae86cf3709e9662aa48 |
| SHA512 | c0f2ebe68c0cb16e8f0979cf5db92464c863d5839ad1463faa3b07a8b182785924b57a3d828981545e63573fd888f5f6224691fa7eb2c42a7e2e4f9e111cfeac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT
| MD5 | 57287b87c633965d23e84feb0a6167de |
| SHA1 | e126d9381889f6efecfbd874ae8463c3d49b7515 |
| SHA256 | 860b8ef292e358656507edf72be2c4593458cbe3ef049496f7b18cefb35ac418 |
| SHA512 | b1dfbf3ca3de08c2f69815bd9a23e58a2ac4c2bc2eac197cf6512591e40bd02a6147b348034ecd82718afe9baca34b340fecb4efa191dea5a50130f3854b2f23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3
| MD5 | 5d31b4f8b646502277c37536ce983b8d |
| SHA1 | c3fb963e757083d6047745af08a6f2dabfc5bd96 |
| SHA256 | 7e16770c85457afe7d5c4b80fa46d9cbcd6acdc5a7218b2c9e7d7c5a75483726 |
| SHA512 | 8b4032c5ed00e1aaff137def1750685b6a36fdd4501e7158829f8e26f77ec9b3709ee352c1d636f19ce4481f83812937ab656b687309e795fab1428da667fd61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2
| MD5 | 7f9f75564e14cf46cb366a9732dfe647 |
| SHA1 | 23f4786d309180364c283a8345255b7dd3f7dc22 |
| SHA256 | 98934d31982faf65555bdf86b091f81f75badbe2980dc863d03beb68fe8e8c62 |
| SHA512 | 4c7c9c9dac3cf352e4fa97ed50e045462e432cbfbd2d8d5889594e94bcf0b259f5da3f4b82cc6908f0cdb960139d6098d1bdd7025f0e5631444f5cb4a1c44185 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001.NBA
| MD5 | 274a86f7d11529279d0cd023fde5d612 |
| SHA1 | a1c5909243e9f19d46fa3cb4bbb21ca36a93e859 |
| SHA256 | f063697add08a27147e912511ce0eb4aadfaa13556b3c609c83d56c773812564 |
| SHA512 | 050d4962498db986ca825621af7e967d5c5cd1906484044fecc3a680f66c618db8d7eb08e5361965c48f7954c01045eecf55ca02c533ec8d1ec4f2dbf9fa2a96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT
| MD5 | 229106de9bd50f89f16fbad6bdeedbac |
| SHA1 | 027ba5179d95d73d27dbf9d55883334e9cb15c5a |
| SHA256 | b831f3502eb236d667548c58406847d7def8b902fba3e04cfb107b811633503e |
| SHA512 | fe5f0a6c0e205210748328ebab07f97d27bcd07dbafe840e597f31ca3b4081f489492c0551a2866877afb3bdc910bf8e642e8c75394e43d35f9949da3fc3fb28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
| MD5 | 38eca84ddd385533a8a78933011c759d |
| SHA1 | 986be8ba048d6d09550982472a69aef7217e135f |
| SHA256 | ab71d284dbb1b71ffca75aab946f82365520534ee7cf518f5ccddd8292b4e590 |
| SHA512 | 0f4b08c77b1e5c73485406a139ec0324011ac33b1e20be968faad75c39d5897d96ad6afb9c6321726615ce0f08298b5aaeab9285bbbc0163e43e1e621647026f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0
| MD5 | 701a72b914b457c2e47a5c1a5cfd5ebd |
| SHA1 | 64ab317e5e29db69db5151efa7b582cc91a49e8e |
| SHA256 | 45d445de5ff398f40225faab7f40c79ce270084efa1a685805a0e87d18efe1e2 |
| SHA512 | c1830ea0ee53eaf04a8d74ff472568b0d2afed056f5fbba54e5bc13b700acaf19b5aacfc92ff2c3405d5d17aacac96f991f50bab16e3a4754024a86ea07b487f |
C:\Users\Admin\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat
| MD5 | e1be4ba45a66e8da104c1ea8d2a09cff |
| SHA1 | 4b76869404fbeacaf069a5d3abd4bd54d7e73668 |
| SHA256 | 0b96a075b84770ddfc81b7d6982b20f63f24327a6d9b5973522ed56015686734 |
| SHA512 | d3ec9880dc0f23abbab5de0cd9d47a21b5b5f4104b0274f3ab86654f45b1681e1d8133edc218ddf0d1aa859bb406a8c837c57f1b1976d5c912a2bba17412f18e |
C:\Users\Admin\AppData\Local\Temp\wctF5BA.tmp
| MD5 | 5babe35ee55f0cd2771d50ed9a73f6ef |
| SHA1 | e25114c122b4f5b75f3972da97139f93beca8340 |
| SHA256 | 53b4633ea193fc9e41689ac7f5be88876c75ad14ed20b9631c60b4ff23fa003f |
| SHA512 | bc9699a1c7614d55bc54d5f0619147ca60852557e53e06237856171d3e9d67ac4b25ff66558e568b19dc8619dc9986e7f0d0007a2f28f5f76ae74d81a00daca9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | 881fd0d6f2abb641fa790cb854ccff7d |
| SHA1 | 1bb97ee063e4a9b9f7ebe3d053fe72464e8380f5 |
| SHA256 | 841dcc94870d4aa6b5abb4d8b33b57ea999c4731e9a588b160c2f3d71d3e13ba |
| SHA512 | a25130b228058cb9fe680a0da3e3d5237b7f90feff2e2855bc041828d18a86fff2b551bf5591b0becc8c67e0131832b09365861300bca627e5908299ca64c1e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm
| MD5 | 7b928f2182820831d5b493c10e3922fc |
| SHA1 | 98e63e53863cd68bb2746f771fb5ef70f38bd946 |
| SHA256 | ec19c54f1bbb07b7818b7fc5637d03d3d0accf312f8e860ea3721b06a62634aa |
| SHA512 | d091726ba94d61cf8aacea4b98ed666d28500037be6457023d0259d66a05a9a8607cac6a9f05fea4fdb796d57f13781ad59a1451822cda029aa7ff50012e9989 |
memory/348-19335-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
memory/348-19345-0x00007FF7F0CE0000-0x00007FF7F0DD2000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 02:28
Reported
2024-11-14 02:30
Platform
win7-20240903-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Renames multiple (8614) files with added filename extension
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0238927.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CONFLICT.ICO | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL078.XML | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\INVITE11.POC | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\header.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Oral | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Austin.thmx | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Angles.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\BD21427_.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_center.gif | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0294989.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\PICSTYLES.DPV | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0153095.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02223U.BMP | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\MAPISHELLR.DLL | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mscss7cm_fr.dub | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DissolveAnother.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01046J.JPG | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME14.CSS | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis.css | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00704_.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\HEADER.GIF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\mset7en.kic | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\STRBRST.POC | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107742.WMF | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.ths | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\VeriSign_Class_3_Code_Signing_2001-4_CA.cer | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\de\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File created | C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\readme.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt | C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe | N/A |
Browser Information Discovery
Processes
C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe
"C:\Users\Admin\AppData\Local\Temp\44f40b79a12c1665987fe0d6158731d79e7ec9662dd7b30b9e0c63a2c56667ec.exe"
Network
Files
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt
| MD5 | ce84fc74b75f880013e953a200cfdde3 |
| SHA1 | b7aee542b34765005180b89853b4d1630c21bd25 |
| SHA256 | b48f0c8b5ffdb91885a6e11cf49287ab1451f7a319302ae0a58441fe14791f66 |
| SHA512 | 2793c772dd484ecdb98100739d2fbcd3f27daf641d5dc94892bf56d3ac93335e38fcb58c6596819334a609371336e74ecdb98994523752804f535bba219b9337 |
C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer
| MD5 | 7d2d35fcf5f90106e4b64679a302e4fd |
| SHA1 | 923c429447528e6f3e354eed2751d222856639f3 |
| SHA256 | 0cb00dd7daeb9983c4719505fcef58d1ae4518f314732fa499ce27836e6caa9d |
| SHA512 | 9d243a51b8ecbff1d6c8044b00ef3cf515557ca14c742873e1b6eac041fdc47e7cd45c0d810ac99776edcb440f7108d21771907bbddca1a63d0bef7064c595fc |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
| MD5 | a7e50e5995e26aa3b42aae151793a540 |
| SHA1 | adc0541e6aaa30b6f16b732ea2bc0a50554cfe4f |
| SHA256 | 23ebe5355da0e0cb4acf5bc91f74a29c9b2fa88af70730b9beaa3897e597b2b3 |
| SHA512 | fbd9007b562df220b704497aeb400a8d0788810318ee6753f52dce7249a346c7bb0529e8d317b620ca68d4ee85dd4a287c8ebcac1850ecc272331045582ba333 |
C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT
| MD5 | d2068879730d03cfd349c7a47a24499b |
| SHA1 | 6cf261d9a2f21ef58a8f976ebbe54744635dd8e2 |
| SHA256 | ba70f53beb95f19fe68a9b7febc0f95ae3e5fbbbc513157c8ec3ac604d349814 |
| SHA512 | 855e733c01bd01f19461e0efbfc9762dcd14dcdb47196a06f1bdc6941f1adec4bb6858d55fa8b9d5b8721672a74224dd702fbc9784fd5f5fe18044cd5a2c967a |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
| MD5 | 46ceb1167c443d6de731626c9e075550 |
| SHA1 | c7df5d7ac2836885fbfd193fd8c3411126bb99cc |
| SHA256 | 5bfd9a6a58c34afd6d2680af1981963f813432d65fce5d357c831d845c7451aa |
| SHA512 | 977615d74e31d011ae0a2ab021f527d5bc8608e6e1c4ddc4995aafb1d1a06fbca4cfceaaad3edaa02f6580f684e4a8875a2d84d2aea21587dcfe0ea6e4ada408 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | fe722cbd612002c20e8991364f385e0e |
| SHA1 | 1add9fb3685adf7dbf194249036512eee983b265 |
| SHA256 | 5dfe7adbcaaf66fc7d927970a61434e12b41d83fb8ca75061af98d6b926181f0 |
| SHA512 | 3da74ba64e7b95afb6e6359c07c347795040733a0f2ba03a6340b4fec08d70f1e0f687a9eae2e8f83fe27503f497ff2e9753fcb8ce0850ec022c4a6db8a62eee |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA
| MD5 | 59434840f69627f69fff80f81360d0db |
| SHA1 | 2c9c71ec9f730c96b16fdf86e1ce7493e9d5828c |
| SHA256 | bb53d2cadb2c9f1e075a9b7ad681dbe17095c5eb45146dcd5f525271753cdc66 |
| SHA512 | b7356444ebf5750e6edeb41c1cf2f53a4c86352b62606423607651886eb340334a38a244b19c3dc1c307694f57398ed56cdc339cce9bbd5976df3a39e2236b14 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html
| MD5 | d2599dd1e50e2e3c9249192c34924df3 |
| SHA1 | 516570797d44bd84e4d05647699cb35408d23bad |
| SHA256 | 34bf7375b839263e888c228988df3d7e64549910df3c8c3f6c99e6ad560cfb17 |
| SHA512 | 04e71fd74f51bd94e1c489d41e878a4288139215cbf582256125af03a1decd83865edc19ed2e491bf53e4eaf592f014afcb9c5e4d3d9f55eb5e98b9db042a841 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
| MD5 | 097ebdd46c919ec17c73c5ebd338f9b1 |
| SHA1 | 8e1c01079d21ae0b9f51027f23e431148ee379f7 |
| SHA256 | 428f33027bfbc19e18dc6eef407eed88db35c8595318543895ec1600abddb205 |
| SHA512 | 853f7e209f82edb94116e9c18f017229b0462b8aaab49baf8fdf7f18ba0ac2babec37922e50b70a86e1e198bea78d646199155320922f8d0b6f8e6e81c6bde68 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
| MD5 | 6b181f8e383dbd0093795844c5253012 |
| SHA1 | 14e475a49c6badcd5a404f397476d3dc83fd04c1 |
| SHA256 | 16f52d4e3529b7321de576485ce7e8d260ddf8dc471795bd2cd51e60f34eb417 |
| SHA512 | d6e511f24ec1b9d9452259a48ee61eae6206042f5e73eb90f7899d0b3e847e01c3006b111b08da29b31044a4ac07c57b2d097aef7df89fa6af12ae4bcd690f82 |
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA
| MD5 | d766e3ffcca5b5705964bf3da79e8be7 |
| SHA1 | 7e450e79462312a494f51a59da5b10712c56067c |
| SHA256 | 8aab782c117b114dee65f2a1173be81523a59f61b6dcca91fad74341cff2c299 |
| SHA512 | 0a25bcad44532c53b0f03986878566109ab900b9c4d50ae1986cb7b34cc2f013322f63aa591467df279102654b2b350ff4dfe251bd2c1e0e2c0b353eff7e61c6 |
memory/1964-4177-0x000000013FFF0000-0x00000001400E2000-memory.dmp
C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.NBA
| MD5 | 3ca0ce89daeab8ad064185e44325aadf |
| SHA1 | 492d0454c020f74d30d7419626b25feead122e61 |
| SHA256 | 50df8e8fcfa9aeab89e81537d269a0d461e074623c0178bd9023daf2a70ebde4 |
| SHA512 | 40a667e0dc3204bd280a17109c02c5b4a19e22c56e193ce4caf958aef8a91923274e3c10736d341dc3ac9d38408b0c704b55cab3fcb771f0e0bbadec4e7f99ac |
C:\Program Files\Java\jre7\lib\zi\Etc\UTC
| MD5 | 48bc9d21af89d25187b6a03d54571c17 |
| SHA1 | 3e5e6096d5064c23eb01a8ae258f10b32569f092 |
| SHA256 | 4fb576ccd90044a810ea9bc99dbff8cffb4dd5ef354fdcb7f5a4d2278c60e368 |
| SHA512 | da454f9deadd259f533048a8b0ad5b49c26296cef13a323c840bef8542bc24e0c8d749097363f9e6115600761a9d67dd65c68f99bf831ca82fa93ca0ee1e46e0 |
C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo
| MD5 | 25ca5734dc5e678e1b16e4b3a8da8ab9 |
| SHA1 | 1f62e2fa65c122c40cdec838978e015df0851d29 |
| SHA256 | ab8e9c6c0ca0010923502640f37e62930b96ae4a6125f5c326be1975b8008685 |
| SHA512 | 20b371e6dc29e7d84a9041a8f6b53cf152045903dcc58a6e91e99c79f7c1911d529a18b8644dcb7947040a4ccb0b05f3f95dddc04bf891db0e0d3d43dc39e17c |
C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
| MD5 | 8cbdc60bcc115656518b459dfa184bf9 |
| SHA1 | 9ba0a52d74202ada01bb1b4cd0253c89e9b5bf55 |
| SHA256 | f34c18fd82075818d2dc878877e8ae92b11358071f982477334595a97f2f3719 |
| SHA512 | f53f3bb7b3ad7f9185e1f5529f6ed84ef86e16817f3aa0ed117b8b92fc68a2e2df5cc08c6b99227e0f9b2495d589abadd6c4b01679197e2d935e14271ca475d3 |
memory/1964-7752-0x000000013FFF0000-0x00000001400E2000-memory.dmp
memory/1964-11214-0x000000013FFF0000-0x00000001400E2000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK.NBA
| MD5 | e30bec88c64425811d02b20b1e03a086 |
| SHA1 | 392ee6abfaf4ca17a59a2bcb7280d187762e3d15 |
| SHA256 | 055619afde5036ef95659f68bd1994ffbe3e099de7ff54bbd11d5027eeec7211 |
| SHA512 | 8f61e64da69ccfbfa572f172d2357e4ee7c0698792e55cc31a4e61d58cc07a4eb1c3e09b8e8e6456c1d46b0bcdecba451d64990b30b8ac6fa0ff0f80e5d62d97 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK
| MD5 | d127daa495312de0edd610ac1523f221 |
| SHA1 | 756bfea80c0cb16abd8dc59783d45cacbef21a22 |
| SHA256 | 4a4e8650a66ca7032c19a895c4bc63fcc1a5b856644f234c6e2bd2dc6b5bac3d |
| SHA512 | be001927264ac2194da920c1b761196155406baf8740d8e6646160cd03d05da866d29bd3eb639978bbe2cea6fb0c7cc1b5530711fb9393ba081f10723ab5bfb3 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF
| MD5 | 8d173dd3dc7a1545e22d994d837aba7b |
| SHA1 | 6538613e6e308bfb28d109d1f8c697c3475b9249 |
| SHA256 | c66109e99bb691c3789a59c5a01263452e09697d1991b255bfe8702d083f40d6 |
| SHA512 | d905e8240ca9d8fb490bc10f63e8d5fbb0e910c6656839c5886f9cfd815ca865851f5b677e2932e3d315dfe52373af3ea9f05a04a0dc6e287eb91317a90a38f5 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF
| MD5 | 1b2d87b5e923f5db015bd1eb33f1cf15 |
| SHA1 | fb2730ddbd67320c0784c894a7b63013d831b6ca |
| SHA256 | ab8f6ea3ba4093a6ec7461c78593235d152abb1b4dc3337f3cf6e1f5f1ef9d9f |
| SHA512 | 2e0329aa3a252a499eab305d25d12cc913f62650f900fcd6930d48f5de40d18ddf220cfb5e338e5a738fd8c87e7524ddc49b9595d92870642c6089951ba463e7 |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_F_COL.HXK
| MD5 | 79709a3157139aee6f75c52cfc8970c9 |
| SHA1 | 81229fe513583180a28e3dd5be9530bb6581613e |
| SHA256 | 7ca23a93663fc21af924a39a8887c1e44b3978d2770eff07c5750204a60f9266 |
| SHA512 | 018031c9979602691a8f239f08e1f6afb962002a0b2c01ae7ec990bc3a9c107e656b0dd3b550293dc3cc03a826c685d8b45cd1aceeede6c2dbc1d5ddb38fbe8c |
C:\Program Files (x86)\Microsoft Office\Office14\1033\MSACCESS.DEV_K_COL.HXK
| MD5 | 74b05ba90fa6882749a3e73cbcb1d56f |
| SHA1 | 10a1c9d49e3042865a566ccfe52554de3031fe2c |
| SHA256 | a0c0b58d905d969610c6f56031ab7a287d6dc3a94af6b7d0fe294ae93334ccd5 |
| SHA512 | 55020e5f382fb8f85aa42215085ca9d15ec7d0b9843c832eb59be71fad106751e0d50bf2a28e18ff48cc9196cbcfa15708e8d86384eeb6a47ffa23d7a35896bb |
C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\ISO690.XSL
| MD5 | fb9f279fbd17113ea05e404893dcf512 |
| SHA1 | e8036b5d4b16eb5d09bdd820373a5950f37c067c |
| SHA256 | b5bb1b73b9c7e38c9803a706c769e915f134436d94d083d1a81178fffa0c4d61 |
| SHA512 | 78bd4054ac9135eb138a9591e2579f84425e00ea57129f3dd6d9aba6ea6a75c902ed023300424ffa1cf692025b504ade7c4dd94717c4ae43f1c354d6f50b1053 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_on.gif
| MD5 | 9298a7dfddfcb95115e395ad610d7bf1 |
| SHA1 | d3856c93821e181ac372fbbd16c3e2b1ca7a0d62 |
| SHA256 | 67a36b97983bb90bde2fb101b47f71286db0198313c2f2aa6fd215a1300ea439 |
| SHA512 | beaa864a58de2d678a1b614404248b66a67464ad11d47a05aead24d0be114fbc7fe8b6950b62abdd676d6bee51cff883dcddb54440627819b3dcc9b731af2802 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\tab_off.gif
| MD5 | 69f956e2b6dddeb8f6d585ed0c8c7b87 |
| SHA1 | d4a0888408373cd5ba0f960bf8ae72a9c4dff8ec |
| SHA256 | 99486e1ffc0e3ae6fb9f1fea3f7b9da8f5c90f4f5f76bcac7cf2d47898feb70e |
| SHA512 | f6bf24f2e5e8c8d2f102abc1b2e7875780d04ac40688dd1451e72fda90fd2b60ee17caedfdd737d63bd4ecd8849b9482245dc8f20f60a7b869341330bc6e0bf7 |
memory/1964-15182-0x000000013FFF0000-0x00000001400E2000-memory.dmp
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_off.gif
| MD5 | 2d5112124333af3121f7d164aaf4017f |
| SHA1 | 02f339d918316b9550cd116ea015b36e76c28064 |
| SHA256 | b50e4478897e58d1f86502316a16a3fd073fe3f5755fc31c83703638060a1786 |
| SHA512 | a205ebdbec2165dfc86e18f1570b6fa69d81323a344ef1e40d03bb51c0c30478073d68c2e4bf4ffb98bc2dd3a05de0ccb0fcb4f2bf75d34e769206e66c1c8a92 |
C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\tab_on.gif
| MD5 | 82d98de5900e9fad790b043990f504aa |
| SHA1 | 13b408091d9a7ed67940c69491053c7434523412 |
| SHA256 | 208388b270511329d9fd1a9bad138f5cdf90498313d7c9e031158f2e7123cb35 |
| SHA512 | 907db5c8f1fafda2fd109b73963b65188bf8d17f0992f43420949da409caf0bd8ccc647848b56457ec6643209b175b0fd751bf08e71b77e45d046389ccbb326f |
C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\Microsoft.Office.InfoPath.xml
| MD5 | 85c24db8d41f5f89a771f892f0320924 |
| SHA1 | 69b6452792e56b3af1b1350d53620f8ddab27458 |
| SHA256 | 26b4078c79dc9f149994026e29ffd450e42cc83cfbb7dbf2f960f7209c1ac378 |
| SHA512 | 59d3ae32423d679547db063b5227da0cac1378fbb3c2a4b6f1c53b492e7445950c0897856498a5f55c43d909dd9185fe5f11d4aab2578ff5c8c21c2147a63481 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML
| MD5 | 9093456863b0fc5e70654e1a8943fefb |
| SHA1 | ffb89778658036811a1ff951e703babd408bd435 |
| SHA256 | d8d43f72417a62bdd49d9315de8729f7c2d2b2ab50aebe6d10c6a01457f738f0 |
| SHA512 | 84fe8fe6059932e128be92ba5b893807adc72fdc97f1594d13807621354c335dbe451a19400e037d0ae1c304a7415091939de5aaff9017409c9d6fcc1a476c14 |
C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML
| MD5 | 9c089d604179ae45df77d2fe8be6a45e |
| SHA1 | cdfcba8efcee76b4bee500f7948f21708aafacc0 |
| SHA256 | a6c544bd424d3c2dceef8598a7dd3c7d7f7afef778af270c5f5b7fca57e71db1 |
| SHA512 | 7b7ab7b8c6fdb03d53c117b6539d17a2a2cfe3f7f93304a283a7d9670644f6c0b88e2b3eba38eb607f2eb0a8df0d1697df441bc742fe9ccbb417cc24ef3846ed |
C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck
| MD5 | d1bbb2f3eaa59fbffd55c8b9158e174d |
| SHA1 | 827b4881ddf3d7d4cba5b6fdbdd83819855221b3 |
| SHA256 | 925483377a70521448a2e6bacddb12e072bb524c29c69e9baa53e0cd6b9bb60f |
| SHA512 | 01ee7632ac1c77002866cffe77f1ba7aa396eb2389a95b09b30b1b33b10c28fd19e915ab3df4f0103fd28e38811d305a2efc9759389879a3181596ede980f37f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | f38a0b3d8cc40022f51ca28e025ebef3 |
| SHA1 | 7c05fea0083fdc2a56102849cf4f05f155de7abd |
| SHA256 | d0af0c4f1d154d350024029291fd7f000f986465320babbf3982cad33570e23d |
| SHA512 | b8c1bdfc63993246712b793998c170186d95342a4c8f4f2efdf32904a5da7d073f2d796a585f940cbafb923e4883b46ef812279f5a0585e12efba13e91a7523f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
| MD5 | 8ce12c34b8fe4913b0b36c94f834d1f7 |
| SHA1 | 709d310770fc4cf78f99517550260783193c61d0 |
| SHA256 | 64f5c50f245bb09dd4242765072a2986d96069431ac4d028219a609d9e3df34f |
| SHA512 | 949327b5bd85d7166073934e3cee02ff0b4e6e86ab056e9c9c264aba134661e60ca4b238b7a1e107bab7c687f6984d5a707cd6e7cc07ea4dcb2e56e191ad31bd |
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms
| MD5 | a7f0ff063dd568476ef450ba71463c54 |
| SHA1 | 2812b0dd9362654793daa4762212afcf71681289 |
| SHA256 | 06100aae3261075689edad7f456f777b8474daa3d780791b6eae7ebed0155da0 |
| SHA512 | 0f0537ecc8a41611de900b087d41640858c6daef487986a660dddd3b35873592f65133105486e528acf3a3d4fbe6bfd67fb171359d6d9e6a581238ce06e6861e |
C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP\desktop.ini
| MD5 | 00462cd84e3b4a0e52b33917580df805 |
| SHA1 | 6d1b720a51bf20863e0d66e667469b4d4293ae3e |
| SHA256 | b4e8fb170fad2959ff9d51b2ea4957c24e6b5416f3e0c3bf3dac230ccc880b9e |
| SHA512 | 5681429247f6a53e5e894ebe43b47683cf40fabf45b0ee920d995ca98e47c75633fe088d1c0c9117bb360f535aa4d85adfd41eb82dc6ad2d52b7c30ed34aa8cf |
memory/1964-18114-0x000000013FFF0000-0x00000001400E2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 8c6dac87ed6e3ee1e7ac2a683294f65f |
| SHA1 | 74507101940cffcc1a34912f0bc6052c18b7eea0 |
| SHA256 | 00e22b9539ae43dc16e694b4040a1f440a6408c887f35b8dfb0b1cdbe0c3ab91 |
| SHA512 | 262bd3ca1eeacb78af6dc300891072e21d794fd15efde6f511365c56dcf40d77df58adcfa79d2783f63fbdf47d72c6f4ae483c67d953d9c414add4232d707f11 |
C:\Users\Admin\Documents\JoinUninstall.xlsx
| MD5 | 0eca4fc39e4db74c772a31a6b7115ccc |
| SHA1 | ccdaebbfaf03b3457b552ad869fca59b92731692 |
| SHA256 | 7cbee5d2fa09b64039db9afabf6bbb3b6abb3c1313f61d09146b46953135f59c |
| SHA512 | 5b1dac91beba9f66fe9311af8a434a0837ef64a5e7200115eb72c6a94b22fe186b2430f993884906e6fbd0ebd55e44b129c615e651a38801310874278c252c42 |
memory/1964-19004-0x000000013FFF0000-0x00000001400E2000-memory.dmp