neshta | 8347f09726c227a84c5c051c3cf8e8754969440608eba9f149f6c62f64f9fda0

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
Size

460KB
MD5

b94b826c85f65dc56bd8a15af66ee0ff
SHA1

4d485a02a72fe62dfc308b01826ec0c37170053f
SHA256

8347f09726c227a84c5c051c3cf8e8754969440608eba9f149f6c62f64f9fda0
SHA512

a1cbd3090c19b321379f35a235249e3dd0c076e316217f020c00047f8a498344295a6f0d992e773ea83bcfc45140c02b933132637f23a59802ede42fc59709c7
SSDEEP

12288:B5hVCw+jfJX2iazXZXsFy+n/GoJ+3Pj1d:B5hVD+jfpabwuz3r1

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Signatures

Detect Neshta payload 42 IoCs

resource	yara_rule
behavioral2/files/0x000b000000023c75-62.dat	family_neshta
behavioral2/files/0x00010000000202b1-236.dat	family_neshta
behavioral2/files/0x0004000000020352-238.dat	family_neshta
behavioral2/files/0x0004000000020340-234.dat	family_neshta
behavioral2/files/0x000100000002029e-228.dat	family_neshta
behavioral2/files/0x000100000002022f-223.dat	family_neshta
behavioral2/files/0x0001000000020299-240.dat	family_neshta
behavioral2/files/0x0004000000020313-242.dat	family_neshta
behavioral2/files/0x000600000002021c-215.dat	family_neshta
behavioral2/files/0x0006000000020228-213.dat	family_neshta
behavioral2/files/0x0006000000020222-211.dat	family_neshta
behavioral2/files/0x0006000000020237-244.dat	family_neshta
behavioral2/files/0x0006000000020220-209.dat	family_neshta
behavioral2/files/0x00010000000202ad-208.dat	family_neshta
behavioral2/files/0x00010000000214e4-264.dat	family_neshta
behavioral2/files/0x00010000000214e3-262.dat	family_neshta
behavioral2/files/0x0001000000022f33-271.dat	family_neshta
behavioral2/files/0x0001000000022f72-281.dat	family_neshta
behavioral2/files/0x0001000000022f70-283.dat	family_neshta
behavioral2/files/0x0001000000022f31-279.dat	family_neshta
behavioral2/files/0x0001000000016802-285.dat	family_neshta
behavioral2/files/0x00010000000167b0-300.dat	family_neshta
behavioral2/files/0x0001000000022f71-275.dat	family_neshta
behavioral2/files/0x0001000000022f32-269.dat	family_neshta
behavioral2/files/0x00010000000214e2-260.dat	family_neshta
behavioral2/files/0x0001000000016970-338.dat	family_neshta
behavioral2/files/0x0001000000022e70-343.dat	family_neshta
behavioral2/files/0x0001000000022e6c-341.dat	family_neshta
behavioral2/files/0x00020000000215d4-347.dat	family_neshta
behavioral2/files/0x0002000000000727-345.dat	family_neshta
behavioral2/files/0x0001000000016914-336.dat	family_neshta
behavioral2/files/0x000500000001e0b6-349.dat	family_neshta
behavioral2/files/0x0001000000016922-334.dat	family_neshta
behavioral2/files/0x0001000000016919-332.dat	family_neshta
behavioral2/files/0x0001000000016913-330.dat	family_neshta
behavioral2/files/0x0001000000016917-328.dat	family_neshta
behavioral2/files/0x0001000000016915-326.dat	family_neshta
behavioral2/files/0x00010000000225e2-258.dat	family_neshta
behavioral2/files/0x0001000000021539-256.dat	family_neshta
behavioral2/memory/116-375-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/116-377-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/116-379-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Neshta family
neshta

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Executes dropped EXE 2 IoCs

pid	Process
3392	Logo1_.exe
116	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Cortana.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\pipanel.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateSetup.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\SoundRec.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstaller.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\setup_wm.exe	Logo1_.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	Logo1_.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
File created	C:\Windows\virDll.dll	Logo1_.exe
File opened for modification	C:\Windows\svchost.com	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Modifies registry class 1 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe
3392	Logo1_.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2340	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	82
PID 2492 wrote to memory of 2340	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	82
PID 2492 wrote to memory of 2340	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	82
PID 2492 wrote to memory of 3392	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	83
PID 2492 wrote to memory of 3392	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	83
PID 2492 wrote to memory of 3392	2492	JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe	83
PID 3392 wrote to memory of 3352	3392	Logo1_.exe	55
PID 3392 wrote to memory of 3352	3392	Logo1_.exe	55
PID 2340 wrote to memory of 116	2340	cmd.exe	85
PID 2340 wrote to memory of 116	2340	cmd.exe	85
PID 2340 wrote to memory of 116	2340	cmd.exe	85

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3352
- C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
  "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB371.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe
      "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Modifies system executable filetype association
      Drops file in Program Files directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:116
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

Filesize
386KB

MD5
f758179768f6494368c90e4a140822b5

SHA1
7db74d6ff9bc60c57db9a5e7c0553ece5812636f

SHA256
284b1b83edcd6ac22c75b2e75762106f841c86580516616ca2b3e28d307d6d1a

SHA512
fb5964b59e0cf2530641f22330b5ebd9f077949af6782f8d5f11654d40a52001760ac8c874f7780e048811c36ea8466bfa6f6c871b7fcbb192e40f032a06f6c4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROLA~1\ACROLA~1.EXE

Filesize
111KB

MD5
00a9b0dc005ecfa728664533c14df8e5

SHA1
8e6f7986ba670f2c6a5bfc7c9545e26b9ad767fc

SHA256
4fce71ece6c64d04075af6447e89833d327cce38606bb4b4ab3b534243456491

SHA512
ca84afa172b3d6104d33e95c1071f06d10ee560d6a91099a38b8429faeccd9b43a0e0843140d1deee7881ad48fc2112f5ca4ad93037d08efec8ca1b4ea7103be

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACRORD~1.EXE

Filesize
127KB

MD5
fa25bc4ed80b73e2c92767592209551a

SHA1
188710add62a513a5f2a737e6723f569f61cec67

SHA256
c8c2c7cdb46582d99014c8fa8a7a0f110421669826cce3dc0fa0b0ff3064da12

SHA512
bf5497a9e22f3cf7bf4906940b7eb9f37dac2f08848578ec3890a7b3b90fdea58e0c4da2c1cc980fefd1d56c8a7aa13a1ff62522fd8a56584e9361271ce73cc4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

Filesize
145KB

MD5
5ffdc63bdecf8e9471d8286498b83278

SHA1
ae8a79a575ac33f377471e1c4a9916cfeadfb677

SHA256
fe583dff376dbb9d0c901581e2eeb8a44901f1109effd642c8f26bc914a1bef4

SHA512
4d24d39e209db7f7b1c400d82f32dd6c32587dca6ec75b482fba3da4c14512b4d99eff25ded80edcdce7077b414faf655b1047a57c08ae91aa083e928e440204

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE

Filesize
5.8MB

MD5
218a1f7a4d9bd8e18a22088b2c8d5c13

SHA1
0face8f97fdd9e716fa6835a29b1de3c51d7da7f

SHA256
014d4a2a13d3e34380017c9392341d5aa83c7a88bfcc3fde06ef6659f29b3e16

SHA512
eeaf24eec2feaaa87a334720e1886f3f8ee366d686b79a2bf42ee40922898b8ba09ffa1e21c5012d800ff51c2d7f71bb26e8076ddd47dad6c8fa5c33ad9da46f

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

Filesize
234KB

MD5
e3986b33d837172eeb53ac7bc120f748

SHA1
7fc3cb3f33332fc041d0d200648f5e4b9e6bafea

SHA256
c6f09d9b3b8e8a187963b78d2580ed3772fa614d31586c392797b5eba2409387

SHA512
c2a51a176fcc74f8a4a018b33a145182354a787f869e1acc81829cd06b525fd104161bc4b332da0f9651d4b9f7abeeaf72c60039f1a8e29600b703a867487606

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe

Filesize
9.4MB

MD5
6f165dc829234abd1424ee1edd7087c9

SHA1
07e761b574b6029cac607b955100cb63447d1600

SHA256
daf6b65d595207e04d3ffaa1995df5698a139fdb0207b12d3b17141b82499f64

SHA512
6fe347e40cb85dbb198ca0fa90ec34bcae0f3a7bcd586ade765c96ef8d04fb25b1ef194c7f5c0496df76122cdcb2246d091ef8fbb216ff0e7662158625243fd4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe

Filesize
2.5MB

MD5
ac049ce15afb3dfd8aadf7bd6a5813dd

SHA1
f5a1d11172e6c0625d1b258d3b456d525d29d12c

SHA256
8db794e1a8b26cba8af78b0567dcd661b207a6b05d20e22f2951ed3e599ec196

SHA512
900b5f6ee4aa81ce1eabfd415897a89e26d3b8b7cbc8f309682e372c988ab0a4b4cd63f49069bbaa4e7d4741c3a8e30b535baa1501c3ecdbeff8385c8d59c8c4

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE

Filesize
242KB

MD5
de4a2c2c9eb5f6ae62fc956f1c18a154

SHA1
95c44467f17f54e69bbc967a8e4f8c14d38a253f

SHA256
c0ca778543dbbb86688491942ec79832126a2c63142c7e108027b5102a521929

SHA512
12ba7c6a3ea431ccf274bd2b364688f9188f10895f4cd9fee4f853205bb37ace5e5a0972dfce7e0757daf623af52354c8dcca5a9f50e266ce06c66cc22835fc1

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

Filesize
190KB

MD5
5095c78cff4fe9c67c31b28d658e6724

SHA1
99ee23990d3dab5c30b149acc1471407541c12ab

SHA256
39a7e029144f72a603c1ab0797ffb77a26b8e87b04fa4129374cfe88822adff0

SHA512
d20b544690c75f4a2827a3bb159f9a504bb137a612c83c548279bdeab0bae59c9360873c1fe4374eb67e5ae086b30e5375bbc99783444e260505194c05de4654

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE

Filesize
312KB

MD5
9c0befe5cd6ef8778f46039872cb572d

SHA1
374b54b3fc1a40134035ff77e142995980e11719

SHA256
494b506b2d906dea699cfa3de5c72ed391e74565a216c67bc143bf95501d8856

SHA512
ed9f7a0e50116dd6a219aec1d4d24c928603193203fd1789afade162a61409d692fac12bf417d13411774f67e4f3950e2d7b0b10a350f9a9143a6487c0e73f6b

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE

Filesize
444KB

MD5
f08b1b44b96503e41d1ca5baf3651331

SHA1
62fefee5cbb89dfc3b181715d79a85389d06dd53

SHA256
25373ecfbf1cf9ace35ea65b2db22c6593a7c858e0e70d4b237c61f289219217

SHA512
d668cad0c484a5276a8383b46ffbf0adca131f90cb9a8d992482b035f93f8bf38b7afed82ed410a5ba21065a0bfa592efe84e4c79fefc3826e8f6f7c5d96e77d

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

Filesize
151KB

MD5
669d4178af61086e68984c8542d55186

SHA1
c1c657fd237d8e7c515c7d4098b98f55a74c7cc6

SHA256
033e534e1affe37d1b5b44c05bef4c1a2dd9517ee84b3df3ea1d3371109b9920

SHA512
a90cf1668556edb33a8a1fe31fea94fa21c8f3a06452e42a6c9dcdb5f9fe2e10ded4101d1f3a5ecaf7eb1fbeff3850090ca90a6cc0be808d2160e0c293c1ebfa

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE

Filesize
206KB

MD5
6cdd1dffb04ad04565b2ef4d634fd266

SHA1
b951c111ef98554760f55282fed471ef1f2438fb

SHA256
efcfdc2efc15d9504857083ee359db7a1370412272b0b7208df347b94a1d3ff7

SHA512
92d5af1cf53f1a52b405dc36b5e70ee5af960653078b25cc5d6cd317c5f535ca2113a01bba66868690e05c1a4e0d07a0fb55d691f3221d1a27bde5eaa1725681

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

Filesize
183KB

MD5
9f20d1818350481c80a3ef9c2d1f2617

SHA1
0a363160b3dd4a23e33be94f340d0ae41e70c3fb

SHA256
28ec79a2a804f97b4fce296d18dff9239e0437ada0ce436ef358f5c8a6ba42fe

SHA512
7352d10a5bf2b01a189a5cbb3a1db766119eae9a32ebf63be6c09357906c8c88001eadad1c186b70c56541e9f7089251f199aca2b93ee272984e4cb24f20860a

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE

Filesize
201KB

MD5
944856135fd1448b637994fb6ce2647f

SHA1
76f1eecf002f3c0a22d7bddcd6b5c480319b111d

SHA256
aedc2ec4dc35e7de5bc7da51caeeb48232d332a1a00f7d262d143af2ceb6432b

SHA512
d8202b57f9c91d93546a5941341a1303aa4eb2cb0fb965e6d9e2fabdbf42e7c325c2a327e4f3b79338a74948f535cd9f861bc2dcdd754b87ddcdeae8179a0a8e

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

Filesize
336KB

MD5
8940dd833b1f2beaa2992cf5a605bcf9

SHA1
f3cd32b9e0eb22ee0bf6729d1f97db3cfa1f5fc0

SHA256
fece8fc5d891babc545c018abcfa03c4f6fd4776f56ce3e51df59cd56b28f5ac

SHA512
4de2eb9c23744a84907e80c27950c86929ffdf8e7cccf3336956b26b7d60fa447fb12bfb94afb8d6d16fa475d448aa766066af5e512fdffbac791818c0f4ec8f

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE

Filesize
512KB

MD5
05abacb20fcadecf87e3706eacf8dd2a

SHA1
b6ee1d810deab24846228c1b022d1bc60e923734

SHA256
d66b9e05a48e1b1c707f182f58976c0d72dce577fa850ff2da72b8ee79b57d72

SHA512
f32bed6404181122d09ecf15d2a6ab9ee1b80c4592dc9dab0408bcb1d7e49dd2f99f84fec965b65e07b04b7fe796f76b162d4a9ccd88d27b7a3c44ab7816e40a

Download Submit
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe

Filesize
1.2MB

MD5
90ed1242018ff0ac3be619b8ac2c83f5

SHA1
21f8c021686f24a85bb9dd9c54dd4bf4cdf05c75

SHA256
37b3b520cc95c58598e015dc9e0115b77f6a802554c7b834b5e6d5cc3565d607

SHA512
7a229a7d8365ba2312128a50fbb6b3caa7d72b75b2ea1c85c3b84d76ab8b96929494497941d3ffe3442892ac93ff7bbb657610c8b13f4242f70f106765f7eebc

Download Submit
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

Filesize
613KB

MD5
138863e18488b66aee4cae88df4ab63f

SHA1
02d5310ce5c931346862c6ebb2da8f95e3b6189f

SHA256
c7a9044d9a708457fbba82a866e27a2ff4a330f1fdae68a2991af38a7d9af550

SHA512
bdae768b2d0d8a1287a3a718a2d436c4c56ddb6248509f2552302bf461202814639589f9aa765ba38cb72e7c1946b260b914b1c2d579e150f98f2521a6f98d7c

Download Submit
C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE

Filesize
179KB

MD5
7ed620e8741830f4631804aecfd2903a

SHA1
3647c5c28aaaa585e3e5e5abf8e931ec5dab6ed9

SHA256
a74dd18695d7a1308f4a6254f603d55f6f37d98d64fa84e96bd10aee1196e293

SHA512
4da983ac0fa98af78fd327ac7c4192d9ac56fe9172372a8c4697f7d4465dfef5145f630c2d856efa83514be2a9363461c133f840a888792ccb230f1a674f1f4e

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\java.exe

Filesize
384KB

MD5
0623cacb3198e500b979b1a1f4f831c8

SHA1
c553cf31ce3fb66ab29bcea34264eec973bb1068

SHA256
50291c933e116040b37208e9e6afec2bb67a953c5c391c3b8e1418356dd17dd1

SHA512
c5a817cbbd32c94033fc55694a7b2c66e993ea9c05c212d8d0e7eb17b90f7e125985fd6984c1c586e51a0f51a1367440f5d4425e0feedda164987775d4f3caea

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe

Filesize
384KB

MD5
fe41c48f4fad71790c522ed2763704cb

SHA1
b7bf8b27316cd9db3fb5e009bb28f24b227a2047

SHA256
d797fef023146980eb0bbf2842059bb4a48a141cc34224b3d0aaf0c0ff7137f3

SHA512
c226606910e5b11c609d661ac9a52f46e88652779200ed10b9fe580965297696ba1f99d6a36e1631fc331a26633b5ca8563ef5bb8470a2da4861dfba7b2a65f5

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

Filesize
564KB

MD5
2b19a22e404ccfe95cbc5dce20ccc8f9

SHA1
a88e3a6a22aabe4a3acebc537a285f50a0eb109f

SHA256
e5ccdcbc7f0808988d2eab583d6bd8b613dd5099776be5a17c90254d3db8f9dc

SHA512
e693c67a33ddaa4ef126e7590d70a853245f74271484476a2711ac9adfce569b751a4904b1f59e265c9b08dc8fcea2d507d212fea8949a486c402d4e502695e2

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

Filesize
204KB

MD5
bcd3949db2e5f26d2f4da6c38c4e2258

SHA1
a94375948474eaac5f5c668458026ef53480e40b

SHA256
94847aad549aa5413fee97bf0db2db515eb7aa13680ec5f53bafcf881cda218a

SHA512
6fab6efb58aea64a10dec8ec6ca2fe15e1b33232ee223d7d7c311f769d64f8d04cd31619e74893f8bcfaa617187f1fdbcece8010bc44e84d073bf637953129a6

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

Filesize
280KB

MD5
7a58a9447ef11df50c18656b7afdad1d

SHA1
2f1fe5f4f1131286583762c8fcfd69de2372d76c

SHA256
5c4f0c2c9bc4fd6f4577c0fa340d04484b92cae9005b84e194fd24fb0cb24e82

SHA512
1b7f8c22ef825d4a3ec79da41a56b1b300902763b4234d1cccd9c6fc190f41f7ab6fe92edb29e10fab2f6e5c166553a5013a6f56865a7ebccf2f8596891c1aec

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

Filesize
204KB

MD5
1070278f08f0087fb92f4d4b45b201ac

SHA1
034bcc22d55e66fd8d67fd5f583d36956462c8c6

SHA256
4cad23fcb479c33f86e44f519be01f06a21536d86ea20ae5efb7c28548a1fdf3

SHA512
474dccb7c5fc3f07f823adc281c47e6dce79ba51ea535f4d58201afce61279b21e30cdc5be47ede872fbaa8a0f39738e48864582e0e700f2f6dc3ea30c195ce9

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE

Filesize
316KB

MD5
73ca50e69f742d40a76bc25af9cee2f4

SHA1
2d933ab263cd0103e91029e8bc93b4a5870b7f14

SHA256
424746b3ee5f10c6b6e1e05e3408367c66dc5b2d7e209a295a875f08a612b424

SHA512
5a5ee91b7e39e3d26e2242b2b807f24b5a91b520d65de158ad1ef15320317af3040b6b6ccf379b5e86eced22db8164c09f512c5ce63449750e4eae6fe2845bd0

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE

Filesize
393KB

MD5
b7948f0077c2796d7b147da52954676d

SHA1
b736a390f27c235061665c98495a374e3fdfbe66

SHA256
0386167169d1373c0ee4d27f9e78511a24de210cf8f5e8f4b1dd352c3b3de4bf

SHA512
9d9ef4081a613421135d637af7cd5124c3429c038aafdcc38a873aa154924cd3d08a735d5394fc145aa12e2cc12236800b0d5bd9fb990307d33e4a1579421a56

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE

Filesize
491KB

MD5
6f7448470f04d611e99d487c8b355f6d

SHA1
c07b3c7cb6fa3532be23abcd8b59ebaa26f46419

SHA256
e82d026e2d11f429c81c2c48fff6c11975beff8957b4ee481ebc9f5017961a80

SHA512
62ecdaf8a8ae3f055e00680ca2e40571113da0faf6dc8de65722a5f8af48594cdf4acc8b9d94396dcf200ccb406dcabac60769763258794c74bd5b9d6f14a751

Download Submit
C:\PROGRA~2\Google\Update\DISABL~1.EXE

Filesize
257KB

MD5
b031a302c7eb7f3c8bf385daf0de9f5b

SHA1
0d72293e00c1d57a23cd7581c04a5ae366ac3290

SHA256
8508058206f23591074cc445dcc0eb807ac3705ca985c1dcac9f980b0e104bf2

SHA512
8240c2a4cb54760da174518ba9bcecb34ecaeaa413682912801c4ca3984d235dc962b0e6ee3cd7060adbccebc1bb3d802539b03043b3ae7803c072f396ab6510

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MI9C33~1.EXE

Filesize
197KB

MD5
470ff84c7e527982bef713626aa0fef5

SHA1
61f89a8ff45b1e50d350db9a4346379390a45b38

SHA256
7b8e61b95e57ee213c4238e7f72578030fc5845f03f44f3fcc8e08558c1488e6

SHA512
96e08dba6ad0890a24a52de76f52932bb8427438bfcd2b95cd475457feb972726d16705dcba25f92a174d87fc9d4aef95586f8f225bd0a61dc928533fb9f8911

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MIA062~1.EXE

Filesize
1.8MB

MD5
feccf7a297fcd3beeae5e64dda9b9374

SHA1
5c0462d7b859d5df7b7d7d655c9ca9e32e9c32ed

SHA256
7eb7450cc9052b71c9d64f5cd5d8c3f51de736db76ee8157079bd5c2fd2cde9d

SHA512
feb0d52c638a12c6839a3bf7f884496119b8101e79b98aa58f6e5805b5981c4b66e5166844d4845ceb8708737a48b4771fcdfc3ef15b1a3e1b15f4eefc1f5c18

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE

Filesize
259KB

MD5
1b68665e88cace903fed23ba7bd3584e

SHA1
8320949e1d46239e6aa796f85b598bdc287266b8

SHA256
55a7fd79953c35e87fde29cb26a78fc12c621d05a980d7b6c8aba415f9107a7f

SHA512
ccebdedc4548bd94d99347c2800e059bf4747b6a1cedeaaa53249dc43934c4c24e35342c92c7b1d08c3826d04134ee16681dac628b43b7d6e574db6cdb9e775b

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE

Filesize
308KB

MD5
d161131ac800f70d682f054ae3a4271e

SHA1
49a03e5d0734f3e3e1da2deea465c6c9e8f3ca40

SHA256
f332a678589bdd73cafd0dbc7dc8fa7d92edec40c4be1e287e58a3968a048ae2

SHA512
1d1cf5aa6ded2583e0f1a70cd6a2a970102a333647096d40849a2c1c7a39f168ffcb57850bae95ff767609251f4ab70c6db84834eda5b1f67b67e02c08600ecb

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE

Filesize
197KB

MD5
32782f33d3330ae2b2ef67bb8a7ecc8a

SHA1
b08b8adc9b428050974cd50622b4ae40e3cbed6d

SHA256
5525477b6a890beae8e06d2e298a9c5e04f478af49e4da9cdca0f5026831ffea

SHA512
518e990fcaf384274330ff20fe551a004bbed0973efc23e62195ae4d0c836dfe5065bd349cad01838ce1a49253a5543de68cfc12a9bbc5dc9d52edd89e35f108

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE

Filesize
303KB

MD5
e82dc4b1a8efd94ee40ca03ef472206e

SHA1
60205c88cf0ea0ea313e5817714a5cabb49544f4

SHA256
eb6acd3356312362e25c7a4b79e885ee1978289f6f6beecaba09debd37e2d618

SHA512
514eeea62d71bcb6294a0aff5df26556a01dd8c0cd35faf08d45c054f012e667f2c2665a896fbbbbe7e68300a8f3a7ca4f459d23a15f3a0608654bea13ee8781

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE

Filesize
335KB

MD5
eaea08a36d39ecec158454d80672d1c4

SHA1
e0bf8540dc4a750ad5758b92b78ffb35c03fbb18

SHA256
6e47fd38f999d1bb1c7b47873bbe47326ae889272d78be53e029552d867a8866

SHA512
914f6a22f62f24b7283e57cd96c55771f7e100ee723388fd6e366b767c47ee3dea3fb686b8d7a34c9aa7af3ff89e24eae71976a37c68df71333f5062fe10f676

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE

Filesize
568KB

MD5
83dc27b9c0afa7ed6524ba2786db8aa6

SHA1
bba3c30d5b5ce3f3f883dd4989e24a3e46960a74

SHA256
74a27309766fcca5ae588d10072cb2c9f3908eb9e6ddbe0d8f22d49da2e9fbaf

SHA512
289439ebe5ee95922839f57272fa620de7bcac1fcd2fa68bafa5df443895b3936a7f58e14b95a8042422e464fc2c9e42d351b4cb3490e3bd4728a44687d76adc

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE

Filesize
196KB

MD5
706b95e43d5265203975254106167b65

SHA1
87868ba0a11eb058d41eba0dd897a3c883603090

SHA256
99ce6bf48541b35841ed50abd7eb19475de079257f49eea972667d4ead898957

SHA512
607078f99df7dd9fd521395ed6b11d03fb3c522794db45abc9cd88dde07c96f8447afbc88ac90e758cdf3490c26036386ab7c67f4d823771ae68a7f060137cc1

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE

Filesize
1.7MB

MD5
ff6792e6c9a296ce16767e8b40632a62

SHA1
c0ae10cf11d6d18ced38b8b81d832df5e7b5731e

SHA256
df554d1758abeed114fb612e757ec942a58fa161c33151962141f90f304c5262

SHA512
81aa4f32c8568a54d39065f429f302412811b8c866f29fe6ecf4bf1142affbedda1d8ac646fa0211e4db2d0d6025590f8fe13ea6084a5c89701498bf757f7280

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE

Filesize
1.1MB

MD5
93d63f6b3fdcc059a7b34008b46e0ba5

SHA1
96a328f03d0d85a7ee5b196454de042e399e113f

SHA256
cb0c33d4924436e442abce72c6b1ad33bcf7ad21261050c7c7eba6f7c2bee403

SHA512
accf4dcea7861ac5695f257e1c688c63a7e5800679f5f600939c86603d0c6487c5ca047d356a39c80d2233bf8b0f1bba283b8baedde1b43a2caf89497a657d06

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe

Filesize
3.7MB

MD5
8f4ca50f4c8731f826fc76343586ec38

SHA1
a7bd469ffc61424374f7299227f350493ac71100

SHA256
c92c1596d5e84e9287cbc4285a00f04e618029ad22976715cd144289ead73591

SHA512
c5b7af7377eeac32e2d0412a33b3a779179b7aa2e6aeb4d4596b1934e13bff3091d2c4164d74d4a9091183088a7a63cb77f668e6cea66422fb32a5269eb8d737

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE

Filesize
1.2MB

MD5
323d7076241155212600f128d0d8d64e

SHA1
625f48fc912b0e488c5c11f96ea794a1c81587ad

SHA256
9bb97e47565dbe98c319097c1e1e4bc2a3e852b2051f2531cff51833cc8ed81d

SHA512
3d4f2b28dab9b9b3eb8fb600a6e2d32b2d26436757ee12bb480c2205e7d961f37eb3b37e5c415598c4c07a2ecfb06439b744c9cd11b632989201ae2efb3e6383

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

Filesize
1.6MB

MD5
82f9143875f813235684eb76c413701e

SHA1
cc7167004f5d9d750e5cc65c2426169f622f7e83

SHA256
ed124752ac566f67cda6c832832687de062c4ad0ca87ce337024e0155a92d61e

SHA512
6ee28548345f46ab5641ca88f1cd831642609e5ae41deb8cfc319811f69405c366e4a2aa322d411881c504c2813f60cc30ac3e250ecc9371c55b37281c771c54

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE

Filesize
2.8MB

MD5
0153c3d5bf55223acd4cf9f2f910bbb7

SHA1
df23919ec21d66ac16bf1a5923167cd698b5453c

SHA256
fb008d858b1a5526894c7fd9c510f90a3d20557b9bbac286fa09ef14db25677b

SHA512
72f0e18bb32a9d77334e4c378da829aac43653e1e203d219f3e2140325912e324f2005e28cc2e239cc26c1dffed4366bfc069d769aeaf12f0012f5ee0ab028c4

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

Filesize
1.4MB

MD5
73ffa5ec9c39972d779d835ee000a152

SHA1
fedf44c8fdc9f785f95f40622dcdf5adcdd7b1a1

SHA256
ea102a93d3c3559d10a55db3e1cc29ec4b778aa1d82071f8daa50665733185e2

SHA512
99ce983b79e5734f704f67ffb51367d273ff0ef3044f0230c8e817261c8caed6f71437293890db00dccbcfe7643232d4d1cabdb7c93ac6ec9d754dd48740bae3

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE

Filesize
1.1MB

MD5
2c12eda8c443e5478fd08acb05ef93d0

SHA1
fba6fda42e2531eed8f64cf7d94cd7b0370d081e

SHA256
fb95c372c00fffecae1ef25be402db12a81f9b429e6468998f16405d74b99689

SHA512
029447471b9b7bab5306075aeab2473c6b4e1f5d73e38265a5ec6998575259251e7ba7a8e7f0933428ff9edaa8ebc738591dee56db57d03eea7e8b39603e8230

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe

Filesize
3.3MB

MD5
8b1440cd6724181fc27fa6fee49736c5

SHA1
9fcd36140628bee4b870ed76ce9e418e679c09a0

SHA256
b9f323800ed556762a99d16274244da912e8a56dc9bf0e981a83e1369ee43bbf

SHA512
0717bbd445536397ee01fee1ee4763d84a85c74f1dd64275b1dfbfd8a6f0257d180be31f6cee339b51830cb76cca4c8cab29206fdf5833af1ff18231406e730d

Download Submit
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE

Filesize
332KB

MD5
bdef83bc4fe134e737a0b36eed37cf41

SHA1
03c13972e1d6e289a0f34e738fbfee03b06e102a

SHA256
414310b96847e9b058f0b6cab2b5ac21be92174c6841671625220c34d173e912

SHA512
6635522abec894dfe6183ff70f8ba98562f8f9d4338a4c73c040d383a7ff5d20c9ac4d85a2c031c02b1dffd4fdbd6a6c817b70c82d5e2d8675b0280b1bccc158

Download Submit
C:\PROGRA~2\MOZILL~1\UNINST~1.EXE

Filesize
199KB

MD5
965c0e43ed78b20919cae9f97ff1cee5

SHA1
81206b0c03c0b3ad39cb823858f61dd208c4e5d4

SHA256
cbfa35df6108261d8a31ce786611c2e32ed90f0c9530e1ab4ab062c3c47dcf6a

SHA512
becc78163bacdf8579e19a07f3444e09de4d7f9f0f0df021e44c3552f3a01aac47e0987e003c0f15dd9a7334b0b5fc92c29c6b7d5647a3287bdce29368fffac5

Download Submit
C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe

Filesize
552KB

MD5
52dc790be9c7a817c7e1f6dbc4f03937

SHA1
94f1082d6f3c59601bfd2563ec72b5cbe993cfc6

SHA256
569247ac8cd19091086747f59bb83ae5e7dd34a4b10dda945fa2279c933748ac

SHA512
630597726b185e758e370bcb2fb94874c7f0cfc43eb01025cb5666ddd0a46681eaf33f8f4dce65aed928e28002101355556aa73da80f6113a1919d43d00c5f1f

Download Submit
C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE

Filesize
6.7MB

MD5
afafd98f675ddb4d5130a011732dabba

SHA1
e7d35a56c0439d2062c3065d8f87dd0763383267

SHA256
6f87b3bbb97b54519dd7e03dc065184af5bdfae0656c09adc0ec196d6c5e93b8

SHA512
2e249c969867e2a86601c9b40b7056bf4e618711ed13f404993d372c38818a2ad9fadcfea45aee41d6c3472e8323c0831d79e7cdc9303477884dd6a58b3afbb7

Download Submit
C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE

Filesize
544KB

MD5
e759482243474ce310b855f35330c52d

SHA1
df2f083eee7a497f00df02eaadcacdaf2678ca21

SHA256
07b7185f26832bed26fe8c0866d9d852de21786f1228cb8718e59793008d175e

SHA512
083c6eff7be2514d8b45ec14ff41d60b0f5ee3a71f2acf7ac7d9259487a738b7bb537ca5a03dbfafd0646087882fa911ecf244081660bbf28ff0585cc3b686bb

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
742KB

MD5
5730ed8d149cd744e0e56e894b754b54

SHA1
b3f2533f503075a0684ccad9dd17474a30b6af2b

SHA256
fee85da90fb1b8fc3c154c44323eef8ec87e131fcfeecc635504b38b2947f85d

SHA512
1c4c9120546b9b4633d6362bb52571a82d410cb1586e0cfde506b41796c4a7beb97d975f1e6817b840bddf0e174e5f0b21e01bdfc63527220a314e9262dbc096

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aB371.bat

Filesize
614B

MD5
6d387d569ae8be822fb20ea5f80092f3

SHA1
125329f5d43be12c8f032e8057b1bb31b3eeffed

SHA256
a5b6dca36f81663dc84f20bb269cb8c166ae9d09f1fbaea17d6d941b2fd4a56f

SHA512
1647ab1f951d194893d6892b287e880782ead03ef5e0e405ac414433898b4f488f340722f32aed4d90f68f74456fd876ff7c0de8d825397c88cb59201b21925b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Filesize
361KB

MD5
027b5fa5c36acd50afaa54f8dae5433f

SHA1
ead247367f648f94db9ba795e761946430031fc5

SHA256
60512f80d6baed41530344d46eac0a9b03aa7bc1a05e0aaff7bb2e218ce5ac32

SHA512
633aba99901f2f186e06030ae5068fc431b2594e322d9a844b34956ce1013ce004150d7a5e24f897f824f1a7d70d687cdd7d5739f9113c5e0b187973f50064b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe

Filesize
419KB

MD5
52238a913915c1a4d846612791f46597

SHA1
74b52aa5136512ca235649dbbb2bbc21257f637b

SHA256
130606603a13928b525e8ade272a0ca6b1eeb55bd045ac544de57a804c03df04

SHA512
5b5686259ee371d566b8a7c08a6a0f0c823e41e5a8d60c13a4d4f6f85135009972ee36bcc6216f7c8d1900fdbe9813a3e4d164cc180bda348b54b0a551bb24b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b94b826c85f65dc56bd8a15af66ee0ff.exe.exe

Filesize
401KB

MD5
0c7b87ecbf2e1bb217d37b4da476b593

SHA1
cd7a547a07eb0b314e30d0c4dc8a7d82b70c14b4

SHA256
9b7485230085a4e8136baf2dcfab2502d55d122826c027c1b15dc96865b1cfec

SHA512
07d8516c39670670d6d7cc7da4e8971fd107085975cb52fce7e14ae85f287317621d246bf9e49a987eb9cbcc24950a2f0a877628dcc6583db741c3d55158d7ba

Download Submit
C:\Windows\Logo1_.exe

Filesize
58KB

MD5
40e65e3ec7edb93eedade3469d4ec59b

SHA1
cbf5862e3a44e4f6ae1cb46c2f5b574d5af3ec2f

SHA256
2ff5805f07ed1c9727f281db9cb1645a55ab9e3523104c83e114109197a4e8f3

SHA512
6ef2dcfd0d2627951c782296fd6f9b1e610d95001a87b67f345b9ccc3fac735b030c362702dab9795fdbeca167ec19b1d777183acf4c1aabb36e6378c781cf0e

Download Submit
memory/116-375-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/116-377-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/116-379-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2492-6-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/3392-374-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download