81526629...b98f

C:\Users\CIiHmnxMn6Ps\Desktop\fcrypt-ransomware.vmp.scr

Sample File

Binary

Suspicious

»

Mime Type	application/x-dosexec
File Size	1.95 MB
MD5	ada50b802b8b2e3ef1dc496ec2d5eaf7
SHA1	2c8dbf44496a345f033acfaed3f8eea81977f666
SHA256	815266295c3c3a238e23d4e16d109acf3d64567da5e33059c976e1440a64b98f
SSDeep	49152:LXuQNJZu+4IbPSDJiKzvj1P5sIoExfVR:VrBiSIo8fV
ImpHash	3a4a15452d027b88a583f413f321764b
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

File Reputation Information

»

Severity	Suspicious
First Seen	2019-02-09 12:15 (UTC+1)
Last Seen	2019-02-09 12:19 (UTC+1)
Names	Win32.Trojan.Hupigon
Families	Hupigon
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x5e1304
Size Of Code	0x45e00
Size Of Initialized Data	0x18e000
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2017-09-06 00:59:47+00:00

Sections (7)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
FIFCOMm2	0x401000	0x1df60c	0x0	0x0	cnt_code, cnt_uninitialized_data, mem_execute, mem_read, mem_write	0.0
O7elUBKK	0x5e1000	0x2000	0x1600	0x400	cnt_code, mem_execute, mem_read	5.99
HzF9bTTq	0x5e3000	0x1f1000	0x1f0400	0x1a00	cnt_initialized_data, mem_read, mem_write	7.79
xHBLo0RM	0x7d4000	0x1000	0x200	0x1f1e00	cnt_initialized_data, mem_read, mem_write	3.57
FhT69BO5	0x7d5000	0x1000	0x200	0x1f2000	cnt_code, mem_read, mem_write	0.15
f6OxfReR	0x7d6000	0x1000	0x600	0x1f2200	cnt_initialized_data, mem_read	4.14
K0tPe9mi	0x7d7000	0x1000	0x400	0x1f2800	cnt_initialized_data, mem_read	6.28

Imports (7)

»

kernel32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetCurrentProcessId	0x0	0x7d40ad	0x3d40ad	0x1f1ead	0x0

oleaut32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	0x0	0x7d40d8	0x3d40d8	0x1f1ed8	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExW	0x0	0x7d40fd	0x3d40fd	0x1f1efd	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxA	0x0	0x7d4123	0x3d4123	0x1f1f23	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxW	0x0	0x7d4144	0x3d4144	0x1f1f44	0x0

SHFolder.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetFolderPathW	0x0	0x7d4167	0x3d4167	0x1f1f67	0x0

oleaut32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SafeArrayPtrOfIndex	0x0	0x7d418f	0x3d418f	0x1f1f8f	0x0

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01931J.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	38.69 KB
MD5	9489e27d85f2a71e4f45a740dcce2a78
SHA1	72d46622fbb3f2801b528145b9e2a9590b29ca87
SHA256	7a0622a05d1a592cb8f8c68e4783596a7231cbccceed133cc7b56cbaa5be9191
SSDeep	768:F6IkR6i4puIuwg26hWPXX+fokX/Wj9Pr35ZZFEHsGRijkdyzs1NQIa8:1kvNbwc0PegE/WpPr35HwRij8yzeNQIp

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\MS.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.04 KB
MD5	7aad4a05f74f8a4213144cd7a7e95db7
SHA1	6f06ea0581609b66c0ef5678d3ba42b8987dfd8a
SHA256	3f5582797c5806a933821d8e4dace7784b5969b1fc66d713be18627860c75648
SSDeep	24:6iWvs7YHB/B0Gx+0jHk+YZlpe9+pu803asmU1yCuK:6iWvs7Yh/eqlHhY49+pu1NmUwK

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\AppStore_icon.svg.FCrypt

Created File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	18.01 KB
MD5	70ea77d0387d7bfa3d74db13438605f1
SHA1	119a0bda2e6602d6342c9f4b058159aad6fb6e3a
SHA256	0df5ce2ba321768a01e9e07b076f4bc300ab3b6615de850d23d889a9cd0d7079
SSDeep	384:2cvXh4slEGSGXnrCQRp3v4fEFDfaFzA2Fn90PVXwN1ds0X7ex5PfwvxNaouCW:2AXhPlEsD+ia9ASn90PVAN1ds0Xix5nN

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02398U.BMP.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	0324a993c022d842a843eac974a68db0
SHA1	740b71c44de37c354cea24b75e2c6b56a482bf9c
SHA256	b688ea13d4f117ab2f8c43cd83f8f286f0b6b8fba4bd32f054f239a36c675ffc
SSDeep	768:YfR3udc1BrFM+7SQky1vOj08mgB4CQdr6sKpdZpFwED:Yuc1BrFLYAp8tBYCZLwED

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101856.BMP.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	77.00 KB
MD5	b63e9e7301e576f2ecf700431d5695d1
SHA1	abe3ec752dbbd03b50b179034a4fefdf2659cd7c
SHA256	efea2f6ded2764b0ba1a9838b21a94738c21caf0b08768a72a574d9ebbbf0c44
SSDeep	1536:iboEZPckcQEvh2n+msCPXxAapKho1mYwioXShvIlWL2mH3EAqO:qomJSpm9XOakkL8XShvvNLqO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\AppStore_icon.svg.FCrypt

Created File

Stream

Unknown

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ko_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	17.19 KB
MD5	28d84c5cc49c8c45237906d7c4f1ea05
SHA1	f8c229cb1ace2b99d86a7cf602a6fc9f1ece404d
SHA256	1c9c59d9772ae0983b1ca1b47eacacc17f1e7dd5cf36c4d77fbf1d476c872aa6
SSDeep	384:bcvXFqHi9aMU8htkN5m8lL/hqi1AWBPtkVVZfEwHuOz2MSFt0FNLU0DI:bAXF1aMU8h+u8LIiyeVkVT9CMSt0FtUf

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02053J.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	26.75 KB
MD5	aa92420a9a7ce246224ec0f31f6cf463
SHA1	a9b6132aaf120dc32294bd8d9de03069dd8455c9
SHA256	7811531b6fb4da87c0b3b6b56e564a9583f4aa5a90db831482e19c533a2576de
SSDeep	768:Ck6Ms3XfldcQ3Eoit+nRu6BnAG8D5+/LGtN2zUulKj9h:CEs3dI+UanALDQ/kSp8P

C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	101.86 KB
MD5	78e7e694c247f7112fa2191d5b42ec23
SHA1	049b401bd3bd34e9612a6201a110f51e10a3c28e
SHA256	a7636b6f3e4998d5de740dcda694e3b9380cd94f32037273f7a469d5a4a0e9c9
SSDeep	3072:fiopkoKCEa41SCfWuICBLUxZEgbjgdJ4u:fiwKClO0dxZNgdB

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02208U.BMP.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	610520d995516d7e6d9adf7af67f7982
SHA1	337e5d91ef89e086ff26164b80bfa6ae99831aa8
SHA256	bc16932c576150f388197828676b4ed46249794bae830b07ef5e7d7508a1f0ff
SSDeep	768:tFnFdJVO35hOjc9v/CalIGw7LdVt6I3e2pUKucKmnpc:LNOzOKXr2Gw7Lnt6I3e2pUtcKmnpc

C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	8.40 KB
MD5	35395961499a0d4bac67aee3fc6387e8
SHA1	f893a53eb22a4ef80d98f890281d519b4b4865e8
SHA256	b0f55ac3532ff67609c77af5ec0bcd375b33726af8fcebd6fcdbbaf213939a1b
SSDeep	192:XDi1E0S0set7pW1fucSsNK4VBLknmYq/oxh3lcA2BjB2qPSlUplS5:XOPrWtvc+kM/od9egqPSQlm

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02470U.BMP.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	18.25 KB
MD5	f470a3da610ea08da22eeab8ecc8068e
SHA1	34c1892acff8bbcdd69651f6ac3942ed44331bb7
SHA256	bb749d70b3c0be4d72c6ce80994264a456a10d0516b154b7f5070b923806e817
SSDeep	384:W7kf0wIA5WIGTnb2G6tMAgGYU2ClY504jBFLsUh9gJ3+h:W7kZVGTqG8YlQY5fBFRsJuh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382955.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	87.99 KB
MD5	3111a1f76f636852dfcf885df1b40015
SHA1	33c593d808eaf3e109215c37f83615681e681700
SHA256	cd62c0288fce3fc056823b0fa6721ed297f0aa7ef6a5934ace79deb589f91d0d
SSDeep	1536:qpqA/laZT0A5NcLW9wQQDEkln4+Vm35BU/LPvUDQ8PqEAm6P20gSiJwrmJzzQdpv:qdlaZoA9vQIGn4x5BUjPvf8noODSiZon

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02748U.BMP.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	31.64 KB
MD5	d7049ae614561c1fd30a51fb43ca5ab2
SHA1	d5ef66731b0e4534cc7b29801bdcfaf330e238ba
SHA256	c58b62027fe3acec76a1d3a2cc8c41f0804c79ab3e2cffdacc7cd44bf683f124
SSDeep	384:C1rY+c+4vJS7sCduH+A+fu+BuStwjBN8spK+:Srw+4vJS7duH+AGcS2jBqSK+

C:\Program Files\Java\jre1.8.0_131\lib\jvm.hprof.txt.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	4.13 KB
MD5	b9b9e85944d54245ee72c22804b7b405
SHA1	1b5686279ad02f6f5d19edfcc999778ffa7c6c30
SHA256	a585fd8ab89ddc7da1fb43f3b42eabbed1c825d591a47af51ac3fca9e502564e
SSDeep	96:YauQmimeyhHn+D8e5apCZGNV3uSZ7J3hF/uSyZsMIceJkc3B5dhpRZWsPh1FN2Q:vaeyhHn+Dv4pCZGNV3uC7NuSBMIce7BJ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382944.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	79.53 KB
MD5	47426f8f8c567f40da2cf7a80c3c04a6
SHA1	0934af3b0bbce9289eb27893680b8571bccaa935
SHA256	da3652e208467d12f1139c6c942192ec067a98d57ccb806b59bd7e4fcce13267
SSDeep	1536:zTmpNP4AALZdNGp+Cf320oFt8F52Sf0M5lV7WGWTKNoViLEXr3dUILC:fBLxRCjoDw2y3V7WZTKNiiwdUILC

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382962.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	111.75 KB
MD5	3d03c2a749824a477e07864a500ab9dc
SHA1	e792e463ddeabe539de5db8b0c1756b2727995f4
SHA256	c909edf28a389b4ba9f2bb47c27631e5a69fb238b7b9db491a1ba3a923b6afa6
SSDeep	3072:qmaBQpxa0YgCfXNfG0Q7MbUB5bdqPJuPD:q1BIf/WNr+WC5BqRuPD

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099168.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	19.71 KB
MD5	3e12fc5020b548f9cebb614fa6ff65ef
SHA1	48f91c455bd76ceaf30d6f2e5d42c36422496148
SHA256	b985790b1f554421f51a46000d5bbafb79b8cf3a08934df6ee5340642a6efdf6
SSDeep	384:LOE1Psm/Ao8eQTStDYsC5AgYnaLGWfPhhbZBi7Qfytg6WfCs/VfcJNH4RjUxo5l:rv/d+wbIANTWXhhbHi7MyNWashcAjUxU

C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	9.54 KB
MD5	af8c192d510fb8b08bc4752d1d63c9d5
SHA1	1d3e63f55e74dfecce4b377f4cb6d31420a0d28e
SHA256	3767297f411fe49d31f1f5e47357ac8d94104f28e28314444d35e7b21f7210d4
SSDeep	192:hx6fdwbXekyOnxnHxT0qTFSvdT4bDK6fwj6gbt9FvKLQSuhwysog:hx6fwXnHlnrbDK6fwj6gB9FvWQdoog

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099189.JPG.FCrypt

Created File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	7.89 KB
MD5	99a017ec97e24bbd018f27ddfd769cbd
SHA1	5dd501ff4af5602121711bf4b6630a6745e82ec6
SHA256	70d85d75d89c4b592a3749881b550cac2ea9212e06a64da985b1586aabac5aed
SSDeep	192:ZvXRkAzq9r1npM4vBwijQ/5+3E4KtixUlYDPDJmUM0lSlcl8ecZ:ZJHuBpMJis/htWKYYUMg8eo

C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.97 KB
MD5	3fb8a4bcbfff0f5e0525fd1ee2868dba
SHA1	e3f49be5dd35d54b1e4b1b6d3e733090d8058991
SHA256	2878d48b858b29cd0d26b6be28dae499ccb7cc27fbba9b791a0587388014a484
SSDeep	192:OVN/d0D3x/xYEV350wQnV6bnsmc1BFi/YiugLvfxdKjjkWvDK:OVajteFngwB1rd/k50AWbK

C:\Program Files\Java\jre1.8.0_131\Welcome.html.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.94 KB
MD5	52233fa1fd1e86ede34d7e7dfd771a8b
SHA1	e30081e8d8dc2cf43d6633a2491586a088a8e654
SHA256	cfda0c621092d4603fe41f94a9921d59f43e69d921b24209879643485df8d962
SSDeep	24:krJHpaFH2nD+GUqFA714fw+ltyhMlDr6U8+uUawm:kJ6E/UKX8Qr0+uUBm

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.XLS.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.50 KB
MD5	f537968f83775bb47ffab7d9be4350c0
SHA1	a82a862eaa52ac05c174c697fcc0af7a195c8377
SHA256	4420244df13822e67b47fcda459bb0750bc6705117bef30c13982dc25d9b1fda
SSDeep	192:LPfRRRRRwpf8wPBeOOOO6IUGiUX3iTDXeO7HaEiWya:LfRRRRRwpJBeOOOO6j1UXa7iWP

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099156.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.63 KB
MD5	e0cbbec1cc6a8b552b41833e4d343aed
SHA1	854d16018d28af612d1cfa27fcde6eaad1a1a5af
SHA256	a7f5aa6cf512029e10e01d9fbb5cccf8fdcd62be690fcb7d4898e047bbd870f3
SSDeep	384:LM0B905BMZTmfViq50WsyABPnMMxeQkJeg:g0BA0m750Wm9PeJX

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099161.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.99 KB
MD5	92fe89ce47047d57a21e40bb8d38facb
SHA1	dc5e1b1beeb331faa56eb7b60753a2ab9e62defd
SHA256	f22827f3b261c7786fbe6e0a7bd8e17f7b155830534a6b95f529b8acad9dcf92
SSDeep	192:LgTcCRkfiOJ2N/NJMyWdnh069taaq7OvPpVE:LmGfs/FWdh06nB2MpVE

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099187.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.96 KB
MD5	07fe63a6fe45bd68c591f4f686d21bcc
SHA1	46b2e02c13e0dd969c08b284256785c95b37d0dd
SHA256	23ac6d6bae34d96b2b5aeb9bca152533e05c99cd24643a4691240682d1507e12
SSDeep	384:MdVOnRNWsDs4LNoyzNPdSy2O77HCzenWO3YUk/2+ako7bm9GRi0PBRuMxd2:GVORsQLNoyzNPAy2O77HCSnZ3YN2+akh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341447.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.71 KB
MD5	7eada0b91b50f94870c44ccad8d47858
SHA1	d1096ca56c02c9df54045b31350c3b29c76d7e57
SHA256	f1e1eff7cd270a97a78aa20872e04c30cbd5286b5def0aa36bb2c0f12b687f50
SSDeep	384:J68Y1wtbCZDHDZwTpjaDjr/X9cVA1sQeNHiqdPFk5Uj9bunA9sf:J68Y1wtuhDZIj6j5cVCsQeNHY6Jha

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382925.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	115.59 KB
MD5	51252e60aee8e2a35605a06883f204b8
SHA1	53744e4331e91b29bc5f0b1fb95939edf085499e
SHA256	de8b31fddbb0d56cb390f08cddf448e839e0cb61a51bc2af090eb265b87528cf
SSDeep	3072:0sWB0Nh7/zmo3QSLEVpCLfwCVnLGSIzJde1swWW:dWBK7/zGS4VgD56hzbDwWW

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	57.67 KB
MD5	39a2a6a835e25fe6d346b77ba3c92b88
SHA1	3622026c0e68500dfe7cf1c721435ceff0767994
SHA256	0cceccc784a43e8c6e80c6d4ef2c95bf936d41acc66f8f1c67e6e9557f817f80
SSDeep	1536:JtzVgcvv8RRRURGJgRu87i8RRRrrgZrjopsbdkBvTqTpB:vV9vvCKGkeWsbuKB

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	274.53 KB
MD5	f35d1882aceb27b753ee57f0f712d43a
SHA1	a24cc0310fcd5c6fd29c3baccae8e6bc3f9b4fb4
SHA256	55db8ef7e8209ddb9b9663a670c8f907f791279e8515430e196fb4c508ecdc1b
SSDeep	6144:/LT0xYjtq/kK4ULkldqOm6wBLXPnn7ODx2Vgv0kjy++me++7QTAV:06pq6ULkldq36eLXPn71g/0z8sV

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02738U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.28 KB
MD5	bb1347680f8f5e3feb40c5b008f20507
SHA1	e631323972457c5796ee9e41184984d17f423671
SHA256	a756d71c3f4dcfab9f6296852d9974d888b7f723536c0bd10fabdbab7740613b
SSDeep	384:71H81bMMQEBVdS2syXYK8Z2m4z1Nt/kBg5tUQXhu/BzFvpnny:7Mw4BpXYDZReOBgDUU2Fvpy

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ar_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.40 KB
MD5	2ab4eea75b7f1f3ff914d402d7a6328a
SHA1	676a58ffcfe67a217d1b14792d7eb45af33ae45f
SHA256	6a204c5607c69f71a19b10cea0dc3cdbf4205fd9f3c3dc4b060dbf93844bc230
SSDeep	192:tPkb242I4aD7zbEH4aoyxBrsoipQcKRBJpB1i8olCyz5PQvSpKq4:qbp9fDLRao6xcKRjj1ijQvX

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\ORGDATA.TXT.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.82 KB
MD5	f10129dc707f81d14099cf69e7beb716
SHA1	0fe68eabaf7f69f32f94e37699c7bf7ac6905634
SHA256	636a71a6c342e3c61aff7c3911950d730b9fec868f9003222398e416d10386a5
SSDeep	96:wKoL436AbExNQrPpmJU74xKt8fkd4z8pGpZyCHIlAH2HqqPk:/3/xZ74xNA6y8f2HzPk

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\help.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.31 KB
MD5	83c9cdb4ba289a595acdb86ea2c5fd75
SHA1	022f4b35b85b9ae300f55b17ad40d1322711586d
SHA256	fe4575334293f9e57f0e27cb229126fd036f8fcdd5f958cde35db0b029cfbd9a
SSDeep	48:nv87OgnRhPPZnXdgyuTKVYQz02Ba6Draqe/MWXCfXwq61y5P+o:noOyhPPZHFYQz020dxMWSfx6o5Go

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.58 KB
MD5	3f3a5a3bac284b9714585ae827796f2d
SHA1	fe26682db5f0f0c988b459db4436455e1bfcd033
SHA256	6d47cc31f9023d178f4f5ad0cb325440b77a9bcde90ca55ef0fd9e1188da81ce
SSDeep	192:tPkb242I4aD7zbEZElWubAjyoH7RM0f+ITBDSmOPVo2:qbp9fDLmElWuMjyoH7jf7AmMf

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0202045.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.27 KB
MD5	098f4f5cef0d6cf3b50cf4490799f9d1
SHA1	9a9462658c3bda93fc5d92acac12bc284f12be70
SHA256	6b26b92d6bd80a74905a01d5a630f747744709baab0c84bcf743d8a8a488287d
SSDeep	768:0Vp4J8/5xp4ivV9nm4eDjY7WlGApbS/t39Jz8IbUdBQQ5SEw:0Vp4q/5HnODjYilGJF3rBUXQfEw

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-hk_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.10 KB
MD5	826008dbf2b46c20c4df17f1a7b32d34
SHA1	98e9466d86dd16f8dbbc35f175e005d28882665d
SHA256	afb2c77ecf81f15f39cf40dc4523a30b03eb5c036d287104f7b909cf74de5000
SSDeep	192:tPkb242I4aD7zbECElWubAjyoHNudxGONB9gx:qbp9fDLlElWuMjyoHNxsbgx

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.50 KB
MD5	48379b69ada6f198d9203e9b37c58d13
SHA1	777fae7ad2a14ed5957334b5c8ade21b011bcd51
SHA256	f3470dba7d1475aa4ecf6cae25b8506d8755df649ec4b25e04b1f9d7c25d8218
SSDeep	192:LifRRRRRwpf8wPBeOOOO642+jtolxf83hHaElWyx:OfRRRRRwpJBeOOOO6V+2kRlWk

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.50 KB
MD5	d23bab7880ff39ff07199ce9b72015a7
SHA1	781f6ffa23bfcf40c02d2aa6c78e5257785f3be9
SHA256	582517671fe11051080a6e344224d36b976ec2a49da1edc2915604724d1aa436
SSDeep	96:AktHe0sSo/f5pf4dSui0l3otJ1HqcULxc/sOkox5+ikKnKpKslhoFg8s9fUP18:L00sphx4dviwU7Hexi59krcQoefUN8

C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.63 KB
MD5	676eb44b2c809fc9d8ed2195c4272fb9
SHA1	d9a16d01d04c951ecfd2180dda053f63861dcbd5
SHA256	8ffeed72027a5ac82a64773b7a093a04f7ef8a2189da430bcb5cdca22fa512d7
SSDeep	12:5J0iGcdDQ55JQMeRnj9dMRkOBLlZ1OVCeWoE3VOFaDb:5WiBQ5qZ92RtBLlyeowTP

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.05 KB
MD5	c9842d46b138843a2e183e50d6810d01
SHA1	5dd514df332aba91afeefc4a90ea7602809f3a26
SHA256	1b95e454c2131861554bbdea7d39c42dfd9ce32bf5f68da5da515bcc54955c4f
SSDeep	192:tPkb242I4aD7zbENElWubAjyoHBNps3SR3r:qbp9fDLSElWuMjyoHhr

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341654.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.38 KB
MD5	606f54eb1979ad968bdf0bffcc2fc5a4
SHA1	3bb7da501f560e2eb3b8f065285054bc5c6f08a1
SHA256	81931e91b67be0350e19eda554fa407b18ac2f182d087a2686b3e238e87ba172
SSDeep	384:OhQ0q68fKA1x4KtbLqwgBOjW4kyOcb0lCr5tn/ZNTJokZAMS:ODuh1xzJhgBCCsb0snZ7oJ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149118.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	63.29 KB
MD5	07779561d503457fab11572e01415145
SHA1	f3771726b1807bd178e18da0344865b53dc18b95
SHA256	e99e2df92c40400d04ed77e1f8929928457b05435381dc2c2639b6adfdb892c2
SSDeep	1536:zT9XZfbm6Iwsx+Z+vBMKlr1sqAYVhjTovQUkCh9ZABRaMWVDgr:La6IP+o68n+vQUk4saBx2

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382963.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	95.49 KB
MD5	b8388956ec4174af6f33b2a2ec925124
SHA1	af12881acf6e567e655c140700a28824ae66e626
SHA256	60f28f65e7f466c8a4a55c795689a5c69a8f47bde3c06d0fd8270086565e8adb
SSDeep	1536:HDwAG0So+rUWweSp7G1yjfiG87lfPBoFqQ207F7xCYWbp4JYckKq7ho8e/SBby7B:jvSvrUWweSo1y2G2fi37F7xsp4J5kS8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.44 KB
MD5	34345627c655ee7da4f4a922c420470d
SHA1	ee4bddcab1ec689e29bc8ffbd863316176bc6e71
SHA256	265e8190a8fb5c57c0c7d98128093be50ee7354b4ba211cd7df3c38861b48e39
SSDeep	384:SnUYIC+yxYneZ1cxoFO6786SJzQoNwXiTxzENnY5Rr7Hh2HGKAbaWBRQXRdlP0pO:whIXyb46w6kQutEa5RrLs702HqVQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382939.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	106.92 KB
MD5	e5085fb8471069be1746b8ee45c4ab3b
SHA1	d25e3f8181639d71be64c979ec1c1c6dc06a38f0
SHA256	ce80240aab10de3bff2768492dec1a970964806f553637a9930c5fed16334b3f
SSDeep	3072:r8XFoqlQbsTc+Ey3BgF4sF9CGLWydfkIl:wXuqlDEy3+/Flrnl

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	15.00 KB
MD5	fb38e51d281f230adcbf754af41ab32c
SHA1	9d85b2e20c72dd30e49ef79b3e7f52b3be28a9cc
SHA256	c262df767ebdc3aab347c7ab92499fdc23208bfe225d4eb66e449f84f83f3604
SSDeep	384:S/pErSuv0st7nCYbptP0xVYqSw8nw0BKy9Qft:OE+lhYdR0PYQEw0BbQft

C:\Program Files\Java\jre1.8.0_131\lib\deploy\ffjcext.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.83 KB
MD5	0471ae23807d376477a66ff8a2de30ba
SHA1	be71638143ddf10a8e6a582e7f6f3fccfd8d4932
SHA256	16de0e07cf92aed9b30184972474a13a9040f692cf839f49341bb6e95f83807b
SSDeep	192:rBACKTCTPMjxLZ1tvLiqDGAIAErDTezuJM7ogxvlySwKduNUNtDL7Ad2xxcKlJqi:rBANYPE/jvL8jTegM8avlnBQSiS

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Travelocity.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	77.72 KB
MD5	521e990425588187ebb651eb85edf588
SHA1	955d82f6c59492f75ba7852fdfe110f0eb2db176
SHA256	1a963336c01c964b63364a170ef5361ed3ecbe1a355d7282153ee44056bad001
SSDeep	1536:mtu8UbOBYEtKPisurpSWKmrzwkAOmT4NVdF0gMPMZWgs4ZbEdJnT9HkU1DZA1YbI:mX38Pqrp/z1AOmwfm0wNlJnTVkUHRE

C:\Program Files\Common Files\microsoft shared\Stationery\Small_News.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.95 KB
MD5	72526c818e5502f7b0a679dd3a7ce697
SHA1	cd1eee6b08f9e89ac8edb145cb2688000ce22ab8
SHA256	7a397a2b02222116c8bce9517ea85cc892fb98c01233a31ff463d556643a266a
SSDeep	48:+ip0Rc6QV4ypjgaStvejraIugl6RQiO+vP0JkZJh3DxoTg1RUwW1R4ok1EKf:dp6c6oVZga+ejrdJlOV0qZfDEcR1WQou

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101860.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	f76f7a21cbc3ce877b4d2b58a597db4f
SHA1	cf6dd6b4fe6a66a4333c233402662d059b2359c3
SHA256	249b7f553adf3ca45056a83be59a5af835f8d48415f78d1cfccd794e84b11f7d
SSDeep	768:DeNPfWvpDVWjT0oe5BM0WDdVEUfHE+Xp+HRZZ3+CfT7fz:iNnWvpJsjwKhfHJoDZOCfTP

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341448.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	20.69 KB
MD5	6b7b8f72e8efd37b3756e4ca5f17f480
SHA1	33f37962b282d78d956f5bf43d0db28ad433b130
SHA256	ec863f21306b987cf38db89d7afb5c6f625fd13e9a5b51192bb16fcb2820099a
SSDeep	384:zIdMERpMmhlrHdRc9FIe4mIbw9OJ1pxsIgWiK/5cgspv402HvMh6I30:8rRpMmDr9iPIOXOJ1bis5cgspvjNh7k

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libgpg-error-0.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	79.50 KB
MD5	9aa905acc39af13db389534328057de5
SHA1	bc3f310e7d37b6806aca0e898620c1b2507b3afd
SHA256	350669fcf97e7e64df21e5d87f3933f09f9154bb69a0a721522aea97c6e76ec4
SSDeep	1536:xxTciopnAjw1rMY4tJ0YwZrpruKEVu24+GC1JjaMtzY9QvyyHf8DLGbm4656Xdlb:xdto0u0HVutMtdvyjL6m76XfQwtd
ImpHash	52fb3f6982b1038f908d356d570649a0

PE Information

»

Image Base	0x6b480000
Entry Point	0x6b4af001
Size Of Code	0x1c000
Size Of Initialized Data	0x28200
Size Of Uninitialized Data	0x800
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (12)

»

LegalCopyright	Copyright © 2017 g10 Code GmbH
InternalName	libgpg-error
FileVersion	24.24.3.7b08307
FileDescription	libgpg-error - Common error codes
CompanyName	g10 Code GmbH
SpecialBuild	<none>
LegalTrademarks	-
Comments	Provided under the terms of the GNU Lesser General Public License.
ProductName	libgpg-error
ProductVersion	1.32
PrivateBuild	-
OriginalFilename	libgpg-error.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x6b481000	0x1c000	0xb800	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	7.98
.data	0x6b49d000	0x1000	0x200	0xbc00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	3.42
.rdata	0x6b49e000	0x8000	0x3000	0xbe00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.94
.bss	0x6b4a6000	0x714	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x6b4a7000	0x2000	0x1200	0xee00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.99
.idata	0x6b4a9000	0x1000	0x800	0x10000	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	6.89
.CRT	0x6b4aa000	0x1000	0x200	0x10800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.73
.tls	0x6b4ab000	0x1000	0x200	0x10a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.rsrc	0x6b4ac000	0x1000	0x200	0x10c00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	1.03
.reloc	0x6b4ad000	0x2000	0x1600	0x10e00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.76
.fifcom	0x6b4af000	0x2000	0x1a00	0x12400	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.77
.adata	0x6b4b1000	0x1000	0x0	0x13e00	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (5)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x6b4affc4	0x2ffc4	0x133c4	0x0
GetModuleHandleA	0x0	0x6b4affc8	0x2ffc8	0x133c8	0x0
LoadLibraryA	0x0	0x6b4affcc	0x2ffcc	0x133cc	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegCloseKey	0x0	0x6b4b00ba	0x300ba	0x134ba	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x6b4b00c2	0x300c2	0x134c2	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AllowSetForegroundWindow	0x0	0x6b4b00ca	0x300ca	0x134ca	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
closesocket	0x0	0x6b4b00d2	0x300d2	0x134d2	0x0

Exports (156)

»

Api name	EAT Address	Ordinal
_gpg_w32_bindtextdomain	0x29a0	0xb
_gpg_w32_dgettext	0x2d80	0xe
_gpg_w32_dngettext	0x2da0	0xf
_gpg_w32_gettext	0x2d60	0xd
_gpg_w32_gettext_localename	0x2dc0	0x10
_gpg_w32_gettext_use_utf8	0x2e20	0x11
_gpg_w32_textdomain	0x2ce0	0xc
_gpgrt_get_std_stream	0x13480	0x2f
_gpgrt_getc_underflow	0x135b0	0x40
_gpgrt_log_assert	0x13d40	0x8c
_gpgrt_pending	0x134c0	0x68
_gpgrt_pending_unlocked	0x134d0	0x69
_gpgrt_putc_overflow	0x135d0	0x42
_gpgrt_set_std_fd	0x13470	0x2e
gpg_err_code_from_errno	0x13240	0x4
gpg_err_code_from_syserror	0x13260	0x7
gpg_err_code_to_errno	0x13250	0x5
gpg_err_deinit	0x13280	0x66
gpg_err_init	0x1cc50	0x65
gpg_err_set_errno	0x13270	0x8
gpg_error_check_version	0x13290	0x13
gpg_strerror	0x13210	0x1
gpg_strerror_r	0x13220	0x2
gpg_strsource	0x13230	0x3
gpgrt_argparse	0x13d70	0xa0
gpgrt_asprintf	0x13860	0x5e
gpgrt_b64dec_finish	0x13a70	0x73
gpgrt_b64dec_proc	0x13a60	0x72
gpgrt_b64dec_start	0x13a50	0x71
gpgrt_b64enc_finish	0x13a40	0xa8
gpgrt_b64enc_start	0x13a20	0xa6
gpgrt_b64enc_write	0x13a30	0xa7
gpgrt_bsprintf	0x138a0	0x60
gpgrt_calloc	0x13960	0x8f
gpgrt_chdir	0x13a00	0x96
gpgrt_check_version	0x132a0	0x64
gpgrt_clearerr	0x13520	0x37
gpgrt_clearerr_unlocked	0x13530	0x38
gpgrt_fclose	0x13400	0x27
gpgrt_fclose_snatch	0x13410	0x28
gpgrt_fdopen	0x13380	0x1f
gpgrt_fdopen_nc	0x13390	0x20
gpgrt_feof	0x134e0	0x33
gpgrt_feof_unlocked	0x134f0	0x34
gpgrt_ferror	0x13500	0x35
gpgrt_ferror_unlocked	0x13510	0x36
gpgrt_fflush	0x13540	0x39
gpgrt_fgetc	0x135a0	0x3f
gpgrt_fgets	0x13650	0x4a
gpgrt_fileno	0x13430	0x2a
gpgrt_fileno_unlocked	0x13440	0x2b
gpgrt_flockfile	0x13490	0x30
gpgrt_fname_get	0x13850	0x5d
gpgrt_fname_set	0x13840	0x5c
gpgrt_fopen	0x13340	0x1b
gpgrt_fopencookie	0x133f0	0x26
gpgrt_fopenmem	0x13360	0x1d
gpgrt_fopenmem_init	0x13370	0x1e
gpgrt_fpopen	0x133c0	0x23
gpgrt_fpopen_nc	0x133d0	0x24
gpgrt_fprintf	0x13720	0x50
gpgrt_fprintf_unlocked	0x13750	0x51
gpgrt_fputc	0x135c0	0x41
gpgrt_fputs	0x13660	0x4b
gpgrt_fputs_unlocked	0x13670	0x4c
gpgrt_fread	0x13630	0x48
gpgrt_free	0x139b0	0x4f
gpgrt_freopen	0x133e0	0x25
gpgrt_fseek	0x13550	0x3a
gpgrt_fseeko	0x13560	0x3b
gpgrt_ftell	0x13570	0x3c
gpgrt_ftello	0x13580	0x3d
gpgrt_ftrylockfile	0x134a0	0x31
gpgrt_funlockfile	0x134b0	0x32
gpgrt_fwrite	0x13640	0x49
gpgrt_get_errorcount	0x13a80	0x74
gpgrt_get_nonblock	0x137f0	0x6b
gpgrt_get_syscall_clamp	0x132c0	0x70
gpgrt_getcwd	0x13a10	0x97
gpgrt_getenv	0x139d0	0x93
gpgrt_getline	0x13680	0x4d
gpgrt_inc_errorcount	0x13a90	0x75
gpgrt_lock_destroy	0x13320	0x17
gpgrt_lock_init	0x132e0	0x14
gpgrt_lock_lock	0x132f0	0x15
gpgrt_lock_trylock	0x13300	0x19
gpgrt_lock_unlock	0x13310	0x16
gpgrt_log	0x13b20	0x7e
gpgrt_log_bug	0x13c10	0x82
gpgrt_log_clock	0x13d20	0x8a
gpgrt_log_debug	0x13c40	0x86
gpgrt_log_debug_string	0x13c70	0x87
gpgrt_log_error	0x13bb0	0x84
gpgrt_log_fatal	0x13be0	0x83
gpgrt_log_flush	0x13ce0	0x8b
gpgrt_log_get_fd	0x13b00	0x7c
gpgrt_log_get_prefix	0x13ae0	0x7a
gpgrt_log_get_stream	0x13b10	0x7d
gpgrt_log_info	0x13b80	0x85
gpgrt_log_printf	0x13cb0	0x88
gpgrt_log_printhex	0x13cf0	0x89
gpgrt_log_set_pid_suffix_cb	0x13ac0	0x78
gpgrt_log_set_prefix	0x13ad0	0x79
gpgrt_log_set_sink	0x13aa0	0x76
gpgrt_log_set_socket_dir_cb	0x13ab0	0x77
gpgrt_log_string	0x13b70	0x81
gpgrt_log_test_fd	0x13af0	0x7b
gpgrt_logv	0x13b50	0x7f
gpgrt_logv_prefix	0x13b60	0x80
gpgrt_malloc	0x13950	0x8e
gpgrt_mkdir	0x139f0	0x95
gpgrt_mopen	0x13350	0x1c
gpgrt_onclose	0x13420	0x29
gpgrt_opaque_get	0x13830	0x5b
gpgrt_opaque_set	0x13820	0x5a
gpgrt_poll	0x13800	0x6c
gpgrt_printf	0x136c0	0x52
gpgrt_printf_unlocked	0x136f0	0x53
gpgrt_read	0x135f0	0x44
gpgrt_read_line	0x13690	0x4e
gpgrt_realloc	0x13940	0x8d
gpgrt_rewind	0x13590	0x3e
gpgrt_set_alloc_func	0x132d0	0x67
gpgrt_set_binary	0x137d0	0x58
gpgrt_set_fixed_string_mapper	0x13dc0	0xa5
gpgrt_set_nonblock	0x137e0	0x6a
gpgrt_set_strusage	0x13da0	0xa3
gpgrt_set_syscall_clamp	0x132b0	0x1a
gpgrt_set_usage_outfnc	0x13db0	0xa4
gpgrt_setbuf	0x13790	0x57
gpgrt_setenv	0x139e0	0x94
gpgrt_setvbuf	0x13780	0x56
gpgrt_snprintf	0x13900	0x62
gpgrt_strconcat	0x13980	0x91
gpgrt_strdup	0x13970	0x90
gpgrt_strusage	0x13d90	0xa2
gpgrt_syshd	0x13450	0x2c
gpgrt_syshd_unlocked	0x13460	0x2d
gpgrt_sysopen	0x133a0	0x21
gpgrt_sysopen_nc	0x133b0	0x22
gpgrt_tmpfile	0x13810	0x59
gpgrt_ungetc	0x135e0	0x43
gpgrt_usage	0x13d80	0xa1
gpgrt_vasprintf	0x13890	0x5f
gpgrt_vbsprintf	0x138d0	0x61
gpgrt_vfprintf	0x136a0	0x54
gpgrt_vfprintf_unlocked	0x136b0	0x55
gpgrt_vsnprintf	0x13930	0x63
gpgrt_w32_iconv	0x41f0	0x6f
gpgrt_w32_iconv_close	0x41d0	0x6e
gpgrt_w32_iconv_open	0x4160	0x6d
gpgrt_w32_reg_query_string	0x13dd0	0x92
gpgrt_write	0x13600	0x45
gpgrt_write_hexstring	0x13620	0x47
gpgrt_write_sanitized	0x13610	0x46
gpgrt_yield	0x13330	0x18

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02755U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	105.96 KB
MD5	f443175511e1f7e85b9d873c5b353fd6
SHA1	dbfbf74f2225d376219357ca2213e7e53429e182
SHA256	d78642466795c5f79c39c74a79435489bf749d8d2ebfd27e36de448f391fe7c4
SSDeep	1536:URSLZZx5QvX8aP8gxvJMP9y9cmmBvGZBvZR8FwImlJOMpUML0ueg6+G:dLxyL8ExMwimmMFImvODMLwgHG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02753U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	105.68 KB
MD5	e46d6ea75b81b7f48d2938464632856d
SHA1	29729ca8d93e479e9ef5fab3d919d246a8eb8c41
SHA256	1a253f9ed1b23d86ded316c46f3b7cd3e6c65071f211e2cd09a08b56dce4f43c
SSDeep	3072:dApAGrs2vW6Rl6qarYUFkuQUb8T27+z08XbO+xZ:mpNsqbRl671muQUb8TRnLxZ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02040U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	0f25b3fb22c7578bdaf98d49fce12a88
SHA1	3a76d7d484d6a768603c937cca9f8de979685a19
SHA256	d2a7c49c920b61f52647bda8f79b18745f2de703f5d6d4e44394a969f5539887
SSDeep	768:UXL9vGzU2YEL4ThRM5z7LgIDq3OnIBPktkDMfWZlDgRW9o37hqCVS:U79vCU2HLQI+eIBPkt2Qt37vE

C:\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.13 KB
MD5	82684b24f966bb25340ca076cb762e11
SHA1	46332503d439c9a24cbabe7e7b3766979c68ad6f
SHA256	697aabcff73e725c93013cc0e952942c83e3358a8b2a8abe4777deb17fdf7e6f
SSDeep	96:fRTeoAVcgaRjg12Z95zp0vcbFseI/3LtyOw/ulfV:fRTUVvqfJzphe5fV

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03143I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	29.08 KB
MD5	e6fcf34879f8b14dd8065918450ee7e3
SHA1	de5edfc8675aecc4bf4cedac05bd5b1aa83bacc4
SHA256	8a343825a2700d3eded980cbd75abe4bed8ad16849025991ea2987b8193874b4
SSDeep	768:M9GVYf3ZNnZWCCbEMZB/80AN4UDYWVza8h22/tKYHK7G5rL4:M92Yf3ZxZEeTMWVzth2ogsKsQ

C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\TPN.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.80 KB
MD5	9c2ac9f4c88e89e3931b0dfd810dfd5a
SHA1	a94beb36eb344b22a865f4cfed2f335597571781
SHA256	c149a0bb27cb2855c62144a943176e7a9f4ba5f8ff6e1c0a49962598d436285b
SSDeep	96:EZaQiwqou6S4PMxqYTom0+cYfleJXVhWO+kJNT/UPBRmAt888pGPr+e3uJO5Sgw:EaEqoKneJXrLf/UPBRvt5AG7zO

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\zlib1.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	57.00 KB
MD5	edf5402db50f838318b7988c8e21affd
SHA1	00139dc564151de29ab484e0ed4d19291c66dfd3
SHA256	300289cba960c78117cd86f5cdfbe1a663616834791283beaebe2a11161556d1
SSDeep	1536:mwbxU1ek6/3eTIy1BdyJPd0b+OaiX0QKSzFUBw4NS:k6/uT514PdoDEQKSRSM
ImpHash	49e5e6c5caa89689c04714911ded264d

PE Information

»

Image Base	0x63080000
Entry Point	0x630a0001
Size Of Code	0x11a00
Size Of Initialized Data	0x18a00
Size Of Uninitialized Data	0x400
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (8)

»

LegalCopyright	(C) 1995-2013 Jean-loup Gailly & Mark Adler
InternalName	zlib1.dll
FileVersion	1.2.8
Comments	For more information visit http://www.zlib.net/
ProductName	zlib
ProductVersion	1.2.8
FileDescription	zlib data compression library
OriginalFilename	zlib1.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x63081000	0x12000	0x8400	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	7.97
.data	0x63093000	0x1000	0x200	0x8800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	1.65
.rdata	0x63094000	0x5000	0x2c00	0x8a00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.97
.bss	0x63099000	0x3b4	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x6309a000	0x1000	0x800	0xb600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.76
.idata	0x6309b000	0x1000	0x400	0xbe00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	5.79
.CRT	0x6309c000	0x1000	0x200	0xc200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.72
.tls	0x6309d000	0x1000	0x200	0xc400	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.rsrc	0x6309e000	0x1000	0x200	0xc600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.73
.reloc	0x6309f000	0x1000	0x800	0xc800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	6.84
.fifcom	0x630a0000	0x2000	0x1400	0xd000	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.91
.adata	0x630a2000	0x1000	0x0	0xe400	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (2)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x630a0fc4	0x20fc4	0xdfc4	0x0
GetModuleHandleA	0x0	0x630a0fc8	0x20fc8	0xdfc8	0x0
LoadLibraryA	0x0	0x630a0fcc	0x20fcc	0xdfcc	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x630a105b	0x2105b	0xe05b	0x0

Exports (78)

»

Api name	EAT Address	Ordinal
adler32	0x14b0	0x1
adler32_combine	0x19e0	0x2
adler32_combine64	0x1a90	0x3
compress	0x1c00	0x4
compress2	0x1b40	0x5
compressBound	0x1cc0	0x6
crc32	0x1e70	0x7
crc32_combine	0x22c0	0x8
crc32_combine64	0x22e0	0x9
deflate	0x3d70	0xa
deflateBound	0x3c50	0xb
deflateCopy	0x5bf0	0xc
deflateEnd	0x52e0	0xd
deflateInit2_	0x53d0	0xe
deflateInit_	0x5820	0xf
deflateParams	0x51b0	0x10
deflatePending	0x3b20	0x11
deflatePrime	0x3b60	0x12
deflateReset	0x3950	0x13
deflateResetKeep	0x3870	0x14
deflateSetDictionary	0x3650	0x15
deflateSetHeader	0x3af0	0x16
deflateTune	0x3c00	0x17
get_crc_table	0x1e60	0x18
gzbuffer	0x6c00	0x19
gzclearerr	0x7310	0x1a
gzclose	0x5e70	0x1b
gzclose_r	0x80a0	0x1c
gzclose_w	0x9120	0x1d
gzdirect	0x8050	0x1e
gzdopen	0x6470	0x1f
gzeof	0x72a0	0x20
gzerror	0x72c0	0x21
gzflush	0x8cf0	0x22
gzgetc	0x7c80	0x23
gzgetc_	0x7cf0	0x24
gzgets	0x7ed0	0x25
gzoffset	0x7230	0x26
gzoffset64	0x71c0	0x27
gzopen	0x5ed0	0x28
gzopen64	0x61a0	0x29
gzopen_w	0x68d0	0x2a
gzprintf	0x8c20	0x2b
gzputc	0x8890	0x2c
gzputs	0x8970	0x2d
gzread	0x7a10	0x2e
gzrewind	0x6c50	0x2f
gzseek	0x6f30	0x30
gzseek64	0x6d20	0x31
gzsetparams	0x8f70	0x32
gztell	0x7180	0x33
gztell64	0x7140	0x34
gzungetc	0x7d60	0x35
gzvprintf	0x89d0	0x36
gzwrite	0x8860	0x37
inflate	0xb960	0x38
inflateBack	0x9460	0x39
inflateBackEnd	0xa920	0x3a
inflateBackInit_	0x9360	0x3b
inflateCopy	0xe540	0x3c
inflateEnd	0xdf70	0x3d
inflateGetDictionary	0xdfd0	0x3e
inflateGetHeader	0xe230	0x3f
inflateInit2_	0xb5b0	0x40
inflateInit_	0xb780	0x41
inflateMark	0xe740	0x42
inflatePrime	0xb8f0	0x43
inflateReset	0xb3b0	0x44
inflateReset2	0xb470	0x45
inflateResetKeep	0xb310	0x46
inflateSetDictionary	0xe050	0x47
inflateSync	0xe270	0x48
inflateSyncPoint	0xe500	0x49
inflateUndermine	0xe710	0x4a
uncompress	0x11890	0x4b
zError	0x11980	0x4c
zlibCompileFlags	0x11970	0x4d
zlibVersion	0x11960	0x4e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lv_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.59 KB
MD5	122069facba83ec15077ae0e0994ee93
SHA1	86ff268585dcb201fce00173ba6259f7f303c777
SHA256	180177c2e40fe0d89660dc1dd865a85bf109ae262882d3a4090fdf51b81457a2
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EcEBhpWufTAjyTsmkHWeFscXP31lsTL:tPkb242I4aD7zbEcElWubAjyoHWezf34

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	80.15 KB
MD5	d6542b4ad02ec76b6be36248654b0a1b
SHA1	2837f95338412dfa6685ff3420e82b82294b621d
SHA256	0f88ea501246d76dae967c56c41355cab56e17fe09f8dc97eec451528facc65b
SSDeep	1536:wrz+tZnG6vtZvJzE4P0WDO7Vod3Bp3ggeV1CY3gnZ70ZoAFzkbAKTpWRRRRXRRR8:Az+tZnrvtZvZE4P0WwVozp3g31ClYKz

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386485.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.36 KB
MD5	d20899ded50e95cd83c78a5cac566ad8
SHA1	2cc4bee6a0eeff0de437f8a357772a7d99af87bb
SHA256	0e89b595956fba62bee4e47dbc192979084e330a6506cd46725986ee83593246
SSDeep	384:YoXMfg622lVr3/SyWKYI29RtFspBcq8gwedNE:Yfg6lV/yI29e+qZNdS

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341551.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.59 KB
MD5	66a0de22bd88b7142b5fe256ecb662bc
SHA1	e60ecc1007e229b6a67febc32289e3cce53c99ed
SHA256	c21bc745519f6691f25628d56979dee2e36d8d1b29db3e4cc218e9e8726cc49a
SSDeep	384:qcl2rLhYGxpsqrNzE0OSeyOZOjgfNar8WkiMw7SH+67ca2udv6YCTLJQs5X:3QrLhYQrdHeyVkNarKiZ7Se6Q1mCTLJH

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02746U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.38 KB
MD5	6b2bdea683518254ed8e047c1b92d959
SHA1	6f531ba79db6615f7bab86d53ad88469c961e710
SHA256	a7e0e80f99d540049e8640087f258dedf0cafef60d2f78b3d82561b494007e7a
SSDeep	384:4XhbL4TBcPKfCoFIRRXDZtWEflwZc85bEtvd35G01Sj9P8JbGNV:4XtL0BcPK6FRJ/FlFYbid329PBV

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145879.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.59 KB
MD5	0b74bfd9101ecf60555f7f5db2b8f16c
SHA1	f0efdd76e5e14b0ccea2f74d31f422965e5e115c
SHA256	f0dd6a87846106df8c1b69d6e7c614c473ccbcb1e27085ebd758aa34bbc1ea38
SSDeep	768:9txlHWTC3c0AtVUICA/vvYj3AhZ7tDGgi+4DIKa7Jz4a8J892:L/WTC3c0O6ICA/vvSQtGgCTa7t4l1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382958.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	100.98 KB
MD5	23395149601b8152ea39f39cc419a5f0
SHA1	5d8ba84d5893bbb99775c437a41f5ed1d0a67b67
SHA256	5cb0b26730fee0cb024d46deffcfa0eb4b8d702f9cffe97208135ad7448bd673
SSDeep	3072:l2O/uAapRggV+LWaopTqKQtXYXrvbq3Giv7/eN3Hohe:lJ/iPnEzopTqZO7bq3/eN7

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382959.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	83.89 KB
MD5	300d58b06d6498e9353e40b5936a8968
SHA1	53c8d08671a76e36c75e68ccbb46ec1334e29eb5
SHA256	4404ec6748fb17f69832d1a662acfa8fe76d08b8d1d4990c3889bbeea990f446
SSDeep	1536:r7xs5Y8BfiPj8YfevGeA+1WGabPVRpmV1Z/sdHnxLMXKroF6T3oB:hNEM4Y2GV+yRIsn4KrvLoB

C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Model.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	87.81 KB
MD5	4cade2f5a63e89d2128d774c0dae7c16
SHA1	90c33a49a368035a47682df1c813d0f686fee910
SHA256	b20b131ed33c49bc21cc37f8af97dfeed3be3c7634b2f211945d7f1022fd9d66
SSDeep	1536:q22l8ZIVYi2iAdoG2nAFjY86wu0Gsui/uU98IzbG0GMI3R5bS0BFA:Jq8qRBXGmO4T+n/uUKI3Ij1BFA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148757.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	65.96 KB
MD5	d4b89aff93023f0a495fab68bcbbf9ef
SHA1	c4c9595ca3083197a4c7cdd3a1cf32517e48c5ce
SHA256	99f648ded52d4af09706b2cfef35305232736008ef5e1d9761a6eb2df67cdd69
SSDeep	1536:zTDQ2EAZomBhNBtWXilY/tgFwvVYMb7odJ/QAgWoOW68KjTp:U2EYB6yKEwvVbEdBQHWoOWvU

C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.06 KB
MD5	7f94469d722314429fdc104a5c5fbc94
SHA1	718338d6fd5c91d631a03ed2134a8c0579d9b49a
SHA256	b1ac5d21c6c26c2de2bd7ebe66025a03af1ecdd149cdcfa8bc1cd1e1ec3b8757
SSDeep	96:uxl4JlU42pURT51qa2TiwgNO192rV2S9/:wl4ofpUV51DWiwgNa92rVR

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.64 KB
MD5	6a3c918a15ed8e3937568bcb814bba6d
SHA1	70de924784604faf911bf447536370ec68c80114
SHA256	0fb34fa9e33dd121e5ebeba7088bf80ba06a0137085dc7cec79e8fea7913233c
SSDeep	768:UDn0hYtdTYO3LGJ3bBEITJA9fnVNl/aEpTClI:Uz8mLYBd9kNNZ7ClI

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libsqlite3-0.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	279.00 KB
MD5	34e235774c4a86d9e07aa0f1c1fe9c9f
SHA1	77e11c2ea30a86067762b3b619d1d2c768f825a0
SHA256	4210828192bcf8845df1e94bc22ec2f7060d312485be31243cf086432889bd8a
SSDeep	6144:Chw13S8bXGTQ0UjNgeGRWESlEvgQEDfuRiIl:fJS8OKOxSyvEDfK3
ImpHash	49e5e6c5caa89689c04714911ded264d

PE Information

»

Image Base	0x66580000
Entry Point	0x6664c001
Size Of Code	0xb2200
Size Of Initialized Data	0xc5a00
Size Of Uninitialized Data	0xa00
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Sections (11)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x66581000	0xb3000	0x3a200	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	8.0
.data	0x66634000	0x2000	0x600	0x3a600	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.88
.rdata	0x66636000	0xd000	0x5a00	0x3ac00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.98
.bss	0x66643000	0x954	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x66644000	0x2000	0x1c00	0x40600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	5.38
.idata	0x66646000	0x1000	0x600	0x42200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	6.93
.CRT	0x66647000	0x1000	0x200	0x42800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.74
.tls	0x66648000	0x1000	0x200	0x42a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.reloc	0x66649000	0x3000	0x1e00	0x42c00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.97
.fifcom	0x6664c000	0x2000	0x1200	0x44a00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.88
.adata	0x6664e000	0x1000	0x0	0x45c00	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (2)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x6664cfc4	0xccfc4	0x459c4	0x0
GetModuleHandleA	0x0	0x6664cfc8	0xccfc8	0x459c8	0x0
LoadLibraryA	0x0	0x6664cfcc	0xccfcc	0x459cc	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x6664d05b	0xcd05b	0x45a5b	0x0

Exports (225)

»

Api name	EAT Address	Ordinal
sqlite3_aggregate_context	0x3372b	0x1
sqlite3_aggregate_count	0x338d0	0x2
sqlite3_auto_extension	0x62dca	0x3
sqlite3_backup_finish	0x2ae77	0x4
sqlite3_backup_init	0x2a2a9	0x5
sqlite3_backup_pagecount	0x2afc8	0x6
sqlite3_backup_remaining	0x2afbd	0x7
sqlite3_backup_step	0x2a74c	0x8
sqlite3_bind_blob	0x3401f	0x9
sqlite3_bind_blob64	0x34056	0xa
sqlite3_bind_double	0x340ca	0xb
sqlite3_bind_int	0x34139	0xc
sqlite3_bind_int64	0x3415f	0xd
sqlite3_bind_null	0x341d5	0xe
sqlite3_bind_parameter_count	0x34542	0xf
sqlite3_bind_parameter_index	0x34630	0x10
sqlite3_bind_parameter_name	0x34565	0x11
sqlite3_bind_text	0x34211	0x12
sqlite3_bind_text16	0x342cc	0x13
sqlite3_bind_text64	0x34248	0x14
sqlite3_bind_value	0x34303	0x15
sqlite3_bind_zeroblob	0x3444d	0x16
sqlite3_bind_zeroblob64	0x344b1	0x17
sqlite3_blob_bytes	0x3e884	0x18
sqlite3_blob_close	0x3e67c	0x19
sqlite3_blob_open	0x3dfb3	0x1a
sqlite3_blob_read	0x3e824	0x1b
sqlite3_blob_reopen	0x3e8af	0x1c
sqlite3_blob_write	0x3e854	0x1d
sqlite3_busy_handler	0x8cc22	0x1e
sqlite3_busy_timeout	0x8ccf5	0x1f
sqlite3_cancel_auto_extension	0x62ebc	0x20
sqlite3_changes	0x8c30e	0x21
sqlite3_clear_bindings	0x328e3	0x22
sqlite3_close	0x8c5f0	0x23
sqlite3_close_v2	0x8c60b	0x24
sqlite3_collation_needed	0x8eb51	0x25
sqlite3_collation_needed16	0x8eb9f	0x26
sqlite3_column_blob	0x33a1c	0x27
sqlite3_column_bytes	0x33a4f	0x28
sqlite3_column_bytes16	0x33a82	0x29
sqlite3_column_count	0x338de	0x2a
sqlite3_column_decltype	0x33d44	0x2b
sqlite3_column_decltype16	0x33d6e	0x2c
sqlite3_column_double	0x33ab5	0x2d
sqlite3_column_int	0x33ae8	0x2e
sqlite3_column_int64	0x33b1b	0x2f
sqlite3_column_name	0x33cf0	0x30
sqlite3_column_name16	0x33d1a	0x31
sqlite3_column_text	0x33b54	0x32
sqlite3_column_text16	0x33beb	0x33
sqlite3_column_type	0x33c1e	0x34
sqlite3_column_value	0x33b87	0x35
sqlite3_commit_hook	0x8d35b	0x36
sqlite3_compileoption_get	0x154d	0x37
sqlite3_compileoption_used	0x14b0	0x38
sqlite3_complete	0x8b237	0x39
sqlite3_complete16	0x8b57a	0x3a
sqlite3_config	0x8b89e	0x3b
sqlite3_context_db_handle	0x335db	0x3c
sqlite3_create_collation	0x8e9f5	0x3d
sqlite3_create_collation16	0x8ea9c	0x3e
sqlite3_create_collation_v2	0x8ea2c	0x3f
sqlite3_create_function	0x8cffb	0x40
sqlite3_create_function16	0x8d14f	0x41
sqlite3_create_function_v2	0x8d047	0x42
sqlite3_create_module	0x76bdc	0x43
sqlite3_create_module_v2	0x76c0c	0x44
sqlite3_data_count	0x33903	0x45
sqlite3_data_directory	0xc3024	0x46
sqlite3_db_cacheflush	0x8bfe6	0x47
sqlite3_db_config	0x8c0bb	0x48
sqlite3_db_filename	0x8f684	0x49
sqlite3_db_handle	0x34777	0x4a
sqlite3_db_mutex	0x8bf51	0x4b
sqlite3_db_readonly	0x8f6b9	0x4c
sqlite3_db_release_memory	0x8bf5c	0x4d
sqlite3_db_status	0x171e	0x4e
sqlite3_declare_vtab	0x77b8c	0x4f
sqlite3_enable_load_extension	0x62d73	0x50
sqlite3_enable_shared_cache	0x1ce51	0x51
sqlite3_errcode	0x8d879	0x52
sqlite3_errmsg	0x8d709	0x53
sqlite3_errmsg16	0x8d7b3	0x54
sqlite3_errstr	0x8d92b	0x55
sqlite3_exec	0x623f1	0x56
sqlite3_expired	0x32661	0x57
sqlite3_extended_errcode	0x8d8ca	0x58
sqlite3_extended_result_codes	0x8f00f	0x59
sqlite3_file_control	0x8f050	0x5a
sqlite3_finalize	0x3278e	0x5b
sqlite3_free	0x5604	0x5c
sqlite3_free_table	0x72a03	0x5d
sqlite3_get_autocommit	0x8ebf7	0x5e
sqlite3_get_auxdata	0x33766	0x5f
sqlite3_get_table	0x72816	0x60
sqlite3_global_recover	0x8ebed	0x61
sqlite3_initialize	0x8b63a	0x62
sqlite3_interrupt	0x8cd4b	0x63
sqlite3_last_insert_rowid	0x8c300	0x64
sqlite3_libversion	0x8b612	0x65
sqlite3_libversion_number	0x8b626	0x66
sqlite3_limit	0x8db0a	0x67
sqlite3_load_extension	0x62cb4	0x68
sqlite3_log	0x7d01	0x69
sqlite3_malloc	0x52f1	0x6a
sqlite3_malloc64	0x5326	0x6b
sqlite3_memory_alarm	0x4dc0	0x6c
sqlite3_memory_highwater	0x50f0	0x6d
sqlite3_memory_used	0x50c0	0x6e
sqlite3_mprintf	0x7bb5	0x6f
sqlite3_msize	0x55dc	0x70
sqlite3_mutex_alloc	0x4a3d	0x71
sqlite3_mutex_enter	0x4abf	0x72
sqlite3_mutex_free	0x4aa3	0x73
sqlite3_mutex_leave	0x4b02	0x74
sqlite3_mutex_try	0x4adb	0x75
sqlite3_next_stmt	0x347e7	0x76
sqlite3_open	0x8e8a1	0x77
sqlite3_open16	0x8e8f3	0x78
sqlite3_open_v2	0x8e8cb	0x79
sqlite3_os_end	0xf96c	0x7a
sqlite3_os_init	0xf90a	0x7b
sqlite3_overload_function	0x8d209	0x7c
sqlite3_prepare	0x6862c	0x7d
sqlite3_prepare16	0x68836	0x7e
sqlite3_prepare16_v2	0x68873	0x7f
sqlite3_prepare_v2	0x68671	0x80
sqlite3_profile	0x8d310	0x81
sqlite3_progress_handler	0x8cc7d	0x82
sqlite3_randomness	0x7d5a	0x83
sqlite3_realloc	0x5920	0x84
sqlite3_realloc64	0x595c	0x85
sqlite3_release_memory	0x4dac	0x86
sqlite3_reset	0x32840	0x87
sqlite3_reset_auto_extension	0x62f52	0x88
sqlite3_result_blob	0x32c9a	0x89
sqlite3_result_blob64	0x32ccb	0x8a
sqlite3_result_double	0x32d38	0x8b
sqlite3_result_error	0x32d61	0x8c
sqlite3_result_error16	0x32da6	0x8d
sqlite3_result_error_code	0x33053	0x8e
sqlite3_result_error_nomem	0x330fc	0x8f
sqlite3_result_error_toobig	0x330b5	0x90
sqlite3_result_int	0x32deb	0x91
sqlite3_result_int64	0x32e0d	0x92
sqlite3_result_null	0x32e3d	0x93
sqlite3_result_subtype	0x32e53	0x94
sqlite3_result_text	0x32e83	0x95
sqlite3_result_text16	0x32f31	0x96
sqlite3_result_text16be	0x32f62	0x97
sqlite3_result_text16le	0x32f93	0x98
sqlite3_result_text64	0x32eb4	0x99
sqlite3_result_value	0x32fc4	0x9a
sqlite3_result_zeroblob	0x32fe1	0x9b
sqlite3_result_zeroblob64	0x32ffe	0x9c
sqlite3_rollback_hook	0x8d3f1	0x9d
sqlite3_rtree_geometry_callback	0xb1972	0x9e
sqlite3_rtree_query_callback	0xb1a04	0x9f
sqlite3_set_authorizer	0x4f7b4	0xa0
sqlite3_set_auxdata	0x337be	0xa1
sqlite3_shutdown	0x8b818	0xa2
sqlite3_sleep	0x8efb6	0xa3
sqlite3_snprintf	0x7c4b	0xa4
sqlite3_soft_heap_limit	0x4ee7	0xa5
sqlite3_soft_heap_limit64	0x4dd9	0xa6
sqlite3_sourceid	0x8b61c	0xa7
sqlite3_sql	0x2cf80	0xa8
sqlite3_status	0x16d0	0xa9
sqlite3_status64	0x1624	0xaa
sqlite3_step	0x33460	0xab
sqlite3_stmt_busy	0x347b0	0xac
sqlite3_stmt_readonly	0x3478e	0xad
sqlite3_stmt_status	0x34828	0xae
sqlite3_strglob	0x5a8bf	0xaf
sqlite3_stricmp	0x9034	0xb0
sqlite3_strlike	0x5a8f1	0xb1
sqlite3_strnicmp	0x90d3	0xb2
sqlite3_system_errno	0x8d913	0xb3
sqlite3_table_column_metadata	0x8ecad	0xb4
sqlite3_temp_directory	0xc3020	0xb5
sqlite3_test_control	0x8f156	0xb6
sqlite3_thread_cleanup	0x8eca7	0xb7
sqlite3_threadsafe	0x8b630	0xb8
sqlite3_total_changes	0x8c319	0xb9
sqlite3_trace	0x8d2c5	0xba
sqlite3_transfer_bindings	0x346e7	0xbb
sqlite3_update_hook	0x8d3a6	0xbc
sqlite3_uri_boolean	0x8f56a	0xbd
sqlite3_uri_int64	0x8f5b7	0xbe
sqlite3_uri_parameter	0x8f4eb	0xbf
sqlite3_user_data	0x335cd	0xc0
sqlite3_value_blob	0x32996	0xc1
sqlite3_value_bytes	0x32a02	0xc2
sqlite3_value_bytes16	0x32a1d	0xc3
sqlite3_value_double	0x32a38	0xc4
sqlite3_value_dup	0x32b24	0xc5
sqlite3_value_free	0x32c08	0xc6
sqlite3_value_int	0x32a4b	0xc7
sqlite3_value_int64	0x32a5e	0xc8
sqlite3_value_numeric_type	0x34fb2	0xc9
sqlite3_value_subtype	0x32a71	0xca
sqlite3_value_text	0x32a9c	0xcb
sqlite3_value_text16	0x32ab7	0xcc
sqlite3_value_text16be	0x32ad2	0xcd
sqlite3_value_text16le	0x32aed	0xce
sqlite3_value_type	0x32b08	0xcf
sqlite3_version	0xb6040	0xd0
sqlite3_vfs_find	0x4614	0xd1
sqlite3_vfs_register	0x470c	0xd2
sqlite3_vfs_unregister	0x479a	0xd3
sqlite3_vmprintf	0x7b46	0xd4
sqlite3_vsnprintf	0x7beb	0xd5
sqlite3_vtab_config	0x787ac	0xd6
sqlite3_vtab_on_conflict	0x78790	0xd7
sqlite3_wal_autocheckpoint	0x8d46d	0xd8
sqlite3_wal_checkpoint	0x8d618	0xd9
sqlite3_wal_checkpoint_v2	0x8d502	0xda
sqlite3_wal_hook	0x8d4b7	0xdb
sqlite3_win32_is_nt	0xb688	0xdc
sqlite3_win32_mbcs_to_utf8	0xbac0	0xdd
sqlite3_win32_set_directory	0xbb3e	0xde
sqlite3_win32_sleep	0xb635	0xdf
sqlite3_win32_utf8_to_mbcs	0xbaff	0xe0
sqlite3_win32_write_debug	0xb59c	0xe1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341636.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.52 KB
MD5	cd818bdef94628dba5ba5442e5f5f52d
SHA1	d265d0fd3bba005f8b62894f2b74f8009cd99e5e
SHA256	1b9ef63a47cfb4001b9d44aa1b9d2504ce83f4698d91e266d61944a48215d2fd
SSDeep	192:FWDe1wGmK3mD8HMjzvXqkBCrFr+EgPsg+IPOhXOkvDXJRDqF0pbBsKJ94Or3hvhg:44+GmDn/HiFqsg+IGFLXJ8FI7zPiDMs

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	17.30 KB
MD5	ee60f266f955cdd8757d55d731af7199
SHA1	60df1ca20698a63945c75c7d2330381f94612ebc
SHA256	29fa0482dbaf1acdba4da9a382f1e0df094b1d7082b074c753be39e83c1828f4
SSDeep	384:RcvW0td0AFhbzym5aCnOJA00Ull0SABYJfazL9yDbmog+LWZ0OvsU7ya:RADBFp3aCnOJAHy0SAuJfazL9yDbmWql

C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.06 KB
MD5	9cd3b5995283cdd3bcbc2d99012ff4bc
SHA1	e06d3877d26b8e2697e3e3eb3b37fb7804b16f99
SHA256	a176e338c99fb38060db7c642f92dd229aef8822d772cac3e006612b16ca6c3b
SSDeep	192:vW0+EYK96DI1V7/O9HTb0NRgVWWx2LuNcBPgdbWhHN8JY7:vW0jjkDu7wHUEDfNcBPgFkwK

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145810.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	35.93 KB
MD5	9429b07b1d202416cf2d2aa732cf08c0
SHA1	59531732388a7b19547e43318b959b03bb22632c
SHA256	0856552194fb3a441a00b51a8cfdce1d3f0cc949d85e3f4e7445dc4f7b16b844
SSDeep	768:QeTgJVFqd8pv6xDFjy85rOj03/cJSVWDA+cgAIFTfL5RXn20SX:PTgJqd0yxdy85DPrADArgAg/5RXnfSX

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145669.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.11 KB
MD5	ec04853332b299959a55b21485f524e2
SHA1	00bf3654fdf57e37933db31dcb27ab689cfc35a3
SHA256	67a257dd2fbf8276e01e1600a3f7205bd00870c38a690c02723a726c7c528d34
SSDeep	768:xxlh22rS3sQTYQiLbv6hLLMFicYptaeoxn2aFOaDEP9B0RN:xlFPIYPv6hL4UCnFFTEPjYN

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099147.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.81 KB
MD5	e2d4182eba3215a6f00b78d38a9ee60f
SHA1	8dec5a7bcd6919012cc827e28b5307fe5a53a8cb
SHA256	343f4db66397da6765efc0b05a575ac50c3e9d0a02ff280a9cb279d495695652
SSDeep	384:Lqo+r6wh/sfIYmi4jiY3f0+Sfoz9/03Gu4KY4CB0Bc6F+NJmxuZ9NiKonrTW8Swj:Woirax4eYP8Qz9sW9yCB0hF+3mxEkaDY

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\be_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.59 KB
MD5	1f8a0b4361ea67ca264af42650ff9b58
SHA1	eb3dffe7e5bee6362de4ab66a4add0a5980913c6
SHA256	8b1acb2333b6027e4877636fbd353ccef8c8d2f760b2456798b0a4ae5714ec56
SSDeep	96:tPkbMn42IK7aDz96V9yz4+ElFFOt8MaOXyxKXAKOJlwD4M5vSGdBrvOrhC07ScVg:tPkb242I4aD7zbEl4aoyxBupSKBZ07SB

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02058U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	3ff222d4cc640c806186d04043b90bc8
SHA1	926b1ccc3b0d2bab592678c61aa4b9a94a74305a
SHA256	a222dd8049c0a54b80cb09641b17a3b75c281aa769e26127fb5b0731cb4c7ad8
SSDeep	768:wQ4YY22ZPIuYk3ffZjjxixyXbmTvIHhgz1pKARfF0Z5mNBeA:YYY1F1vfZX4xqbTgz1pKARfF0Z5ieA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341475.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.47 KB
MD5	d92b4255bed88bfc1464574136a98516
SHA1	0e23a94474cc8bad013ba44671e8d4620a334b89
SHA256	82dbd729bdb6d5dcbe2b0f2b2fd432593bd0a239f55e45448a8876da8ff464a8
SSDeep	768:IroMtMKqHJ1XFE1pFkb3STWdjM5QLB7MFXp3KsbU0OVUrDHR9S887iEvcLF1:tMrq7G1IbiTWxpklSVUrDS86cLF1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	7.64 KB
MD5	6a160bf3824581c5899153537abeaf63
SHA1	4ce3b8b745a9ca59934e8772ec9f596bacd85ba3
SHA256	376840a6e8657d5fe13f780826a96d981276b12419b8f8223662aed70a330a57
SSDeep	192:tPkb242I4aD7zbEsElWubAjyoHh5LUeSpS1wZ7CKfRv03rWyRs:qbp9fDLTElWuMjyoHh5U/fzvgrWos

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0227419.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.71 KB
MD5	63a1db04505c26e9fd4997c3420c80ad
SHA1	ea29d577228ec5a023419f6922c6b603d97b5c4f
SHA256	34999286bc324e5fa1867fde7d7b7fdd0a9fc21585ea77da0ea5d0134fc31311
SSDeep	768:dnHvl3/EbiJ4XiXTfZDIfX8R8kyplJ8e/C3z2HgHT:XyyXTfZDjR8kyplJLG2HgHT

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	106.22 KB
MD5	cdd336f3bfe90704dfffd104abe22cde
SHA1	6a6767b6aa35ee7db621c67db2cc76c70b419fa8
SHA256	23af61009ae77bd3e272080cee6d50be6cdaf7f19b5960edf0b3d8e2bb6e2ba1
SSDeep	1536:FRcyV0d8hrkd+KARcHl3WoGEhkvA/909W9yQhQaw1l+wA+z8xb8uSGdA9Uu8adJJ:GdsjKoWOo/S9InhQaA+28tiHJ4E

C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.30 KB
MD5	0f0ff334e985ced5f3a711bdf81bf2d9
SHA1	0156f727b48082a87b67dcecdffd272d1bf0363b
SHA256	b43cde4418189b0f3c18cc1304b1d98c454191f2ca16fa8e64777dadabd77acf
SSDeep	192:XO4reHhYVnsmpI/cnFV3XzjWq+b/SKMPyLXi:XrV1smpjnFVHxRKMPai

C:\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.24 KB
MD5	bf3bb70c5829aa720628eb2b87a0f5b9
SHA1	6b97589ffa377cee397c66aa7023217e8c2e745b
SHA256	f17f84ab769b196754b9901d47b4a2942f2796d37c50c60832e79d254279e372
SSDeep	96:EasAls8eAKNlLAATSFcVYMhKqCQtyxqmEdmP3rCj9rw7it0nfMd6UOa:EaXsvNyATrCMhKWyQ/kClt0nhC

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099155.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.62 KB
MD5	4713ad560efe9faea05ef9867f4921fb
SHA1	b7110c175817c7aac7dd61b1d497f5081982beaf
SHA256	79b3da90d772e94dec1afd7f845fdbe1070644d7a61088cc8c5d71674a59fae6
SSDeep	192:LgTc0+RkKJDfMc0inxh2XabsRdtAlRSZwD+CBNjBkt7U1:LqoVRfVthU4sHCw0XjcG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099148.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.83 KB
MD5	e786511848801dab58e5d930bbe92299
SHA1	f0a21819f6e6c8f912d72e6987d8a99fca19ddf3
SHA256	2077c40f2cd67a7d572d4b30ba26a38545d39dba287bcc1f3527440bed285587
SSDeep	384:LvI72WGFAnodJDFQVYiKtbs1dr/miXQDmuJGl2N/NsNGveeU4:DWtnguVdOihLvuJ22N/WNIR

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01221K.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.15 KB
MD5	4ac04f94bc5ee58b3b0ade2317c0ecc4
SHA1	cd94e7815d15c847c6976693d222697de2636ed4
SHA256	9d4b564aa66a829d95490eecb5609dfe1716c1d54910567675cc1cb338c2a362
SSDeep	96:LwR9uyvOSJbcuIKRUVEUsACiReCYLmpk+kcY/3LLWcS3ADt47KUv/qRzAXYxNokH:LwDuyNOuqAuVQco3cdvYLbn0hdp1Js

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\optimize_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	65.33 KB
MD5	0759d15be3f84b6ba5b41641f0c6050d
SHA1	94984423bfaf62241456c94dad9162f2e2887f69
SHA256	ee31183fc2d2a8c80510c2358f07d56d59ddfcf8b04d7927d67a0037ad090715
SSDeep	1536:YTO+wZOhbQmE03RREF9D0HNdB3dRjRDJnt0+cq49DAMzpBuiH3:kVwZGsme4NdRmavgTuk3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\scan_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	29.64 KB
MD5	93f94267526f9b7fcc12fa10e34db769
SHA1	cbc3fd1b7e76b25648e2f0a4e3c8733c5f36d536
SHA256	ad63a1e9fbccbc5899a879a79e24650269624b53a1660c95e0195b9867f6a404
SSDeep	768:LLmw8jonEnLYsu+51LGJ0MtzW/OGqvp5B65SwUpLrhullC:+w8joEntj4Bvp5Rz5rSlC

C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\en-US\about_BeforeEach_AfterEach.help.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.04 KB
MD5	c1ed408d37b9c7adfc38c8cd385d7c04
SHA1	9f10bd0f834817c32e389a798852572fff8e54c9
SHA256	df31c70d9ded0e7e76f31414c061df59e7da6fbaf24b3147c443ee16be4c9157
SSDeep	48:08mhdzLcI7esoyd6nPAe6jYI7tDsmKC4du1YGxy2g8gsSnE7rA9DB1hpWaMM:sTLcx9PnP5TIemKC4du1YkxRcD1TRH

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\FCrypt.txt.tmp

Created File

Text

Not Queried

»

Mime Type	text/plain
File Size	0.52 KB
MD5	6cdb4b118b36eca23531b02b3d4ae9be
SHA1	a5f966c66fc76791020a72de23dc10cd24e88dfa
SHA256	79e78f76823f5023a836da8e16bf6169c0f89ecf4fc12eb5588b1a3659a2fa84
SSDeep	12:HBM58XgeGEFUFrKwR2lCFmA4bkRCqw5F5Xb8Gi8zzDWGBmr:HBMfXDElGmLbkRCN5FJq8vo

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382942.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	89.31 KB
MD5	961447270fb40fde7943b1bd9048f566
SHA1	3543bc4f5e33a654ab96e11080885c5b86569db1
SHA256	10f133b3eda47b5090f026b468f6ed2cb10e147d58ccaec27da91545aa32720d
SSDeep	1536:+Yx+v8mjxGDkh2akDcxE/auTr4a8yvkwRJ0UQpIKW8Lbc:+YxqdGoh2akDTTQeGFnc

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101862.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	03b346d50a4b496e15e6ad5b7d8c89c8
SHA1	3c0f91f17bf098f19a36d2b0e69b2b0dc35b5250
SHA256	477fe66bcbdf418830ad19237135294788034fcc9aeb6ac917f479f5f0af154b
SSDeep	768:tcFoun3Z7tjWM1ioiBLQJx/FJVRWu3TW/ZO/T8K:WF+Uioi2JVFJVcu3p9

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382961.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	98.70 KB
MD5	11f12a7f049761bfece8d8aa0aa437c2
SHA1	a826c3bd0e5baafa124ad6363a14d92042da073e
SHA256	18c895bf984f464e3afa49deb3db0146c715c0c33a9f865a6fdee3761104a370
SSDeep	1536:YgXzVAsXHrgXpvIov30FD72GDHh9PYdBlaykAFX/IfjBTc4ZhKsqy:/Gy0pCFD7F998BlGisjBTcMh5qy

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	17.53 KB
MD5	6ee372b9320f5f39ef30b6976a8b5776
SHA1	587bfa83cb0587271a37f5cf01697d01801325ae
SHA256	1dd8286bf41cfa55dcdf67713ce6d4316dd4c222934cf4fc7c582e644e38b6f6
SSDeep	384:VcUlV3/PtOQKXTMz2kM/sCLxSVrSxxmdh/vSSrhn0E4Adwq2MG8+v0oNV6ntCAo:V7/+ygh2rSmjrhn0JEl2X8+v0oNV2Ro

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	47.10 KB
MD5	cfc0a02d137654378d43b9dbe3a6202b
SHA1	5f71ccbd761a1c60154f4179856853f380358961
SHA256	1c88d653fa36e5f782c59ecb83b206d163060324e540e60e5d107d0571c7fd81
SSDeep	768:fXIRANA1C7DaccdAnNtiCQsF3yEeQA9xp2cjZqRo357r85Of6PVQ5F5ixLGBCUCK:fYReuC7OEn/iCQsMt9xpX37r85zdQ5Fr

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101866.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	2a9b783ee0c012ce51d53897a2a0b77e
SHA1	c00b3719256d2a108f5478d44f50fa7a3cb53bf4
SHA256	0f5cc832b68313103ae34098ed79b158361bcf231020f7b4a61b7abd2331a5e2
SSDeep	768:a9XN0UBqXpTp0xXeAy5IZ+Mu4YTwEaeN+3KccdPlrbdfkh:a95BqXpTpkX3yGgTdaPBc1pbY

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149018.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.75 KB
MD5	6bdc4546b367cde49d288ac86afdc337
SHA1	08f02de089b005d6ce50dd3b97bba11cbcc86ad8
SHA256	ab3634f53e3b6aa81e22bd114cb88147f29cee641d81fea2fedb387378b2cd90
SSDeep	384:pDOI0l6BfTSXlI27stXTGxVkTKCvtEmuGLdQb5v/TRblNspRkCx7t921hnBhnKij:hOh6NSdstjGxo/DuyQNvfTD1BrKMwcYQ

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.92 KB
MD5	b68b05b32aa939ca47b9bb8ce57e1641
SHA1	2fe26206e676da9fd76ccece74f432b486077185
SHA256	5e442de68bd7cb994e23173e8b98deceaa7c545a356c10e52c4ac549c1591368
SSDeep	768:2Osidno9iN8X5uXf/MYUwfrh8CGg0yXlNEAEusyvzO:rsiK9JkXf/1frS7KXlNHi

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099145.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	24.18 KB
MD5	d3aac246bb82899d0645b1f785e759e6
SHA1	e41b8bebd75eed76d66b2fcaa9fef85b76ed891f
SHA256	387730834dfcb139338782a0107a789299976a49c2a1eda3d9abb2f09e698255
SSDeep	768:WoSDwsidJr4Tu0hiMEzepb2yeYtgGCOhSPMqkd9snMxD7g:RuDUrUu0n+ybGYtpSUVzJg

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01179J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	40.51 KB
MD5	b258adbd8fafef0e8a2d3df161c109df
SHA1	d5a16910ae2d750bf0535a18ffced13dfcbe2920
SHA256	c2a199e1d60f5804b3b62c833f68ae0e5ba3e7c641578994c830de1c79dc3e89
SSDeep	768:l6Fjc7EeaEprvGD4Mj62rjIHu9BokdThenyIOhJ283iL70U1NAvQgfyqH1hQ/rf:IjcItaDcj6MIMoVQD2AU1NgffyEhQDf

C:\Program Files\Microsoft Office\root\VFS\Windows\SHELLNEW\EXCEL12.XLSX.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.61 KB
MD5	14781786db1a4c8b178b8a6fca4cfc59
SHA1	b22a753de2868ecfa18f2bdf70df9ed2b8cd4df7
SHA256	bcbbf2b6602b69dfe1efb26860492e2ffa5ddeac3bb8221191aefdae470b9f94
SSDeep	96:g2/Xz9TcmnwdXMIufLGO78dkq9oYq7czFn33643jLlyOyxuw2lr/P9Z2YfNvThmf:9/RTvKXMIud8CCoY0onamjLhuUJH9ZlG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382970.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	86.90 KB
MD5	8e7e0d1fbb4bb03ed2cceea2f5454b7d
SHA1	083eb30e88031da4fe3cc0bac23e328aa302e325
SHA256	17584f1d386baea72036f6e73ce781126d481f681b530fe961295d3aa63b1be6
SSDeep	1536:HLhwDzjEcr2qlzteEfS9OZOucDx8wJ/+Eq06nwf74NNte11yv79oikLBst1NgBON:HLMfDpME68ZlcZ8wDIjeOx6ifFHmQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0175361.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	45.38 KB
MD5	72b5145ba52078d75ca25ba7a7e9e76b
SHA1	fcf5f5d0cdc51304dfb9a3102693c4cdb6262f8e
SHA256	225593b6ffd2a63383df0a22261a7d71b0db6bb36b42a5738fabb3515ee8c276
SSDeep	768:AOCFNYFho0zasJkdc8dtIR64Efuz+wcZMP1pNbClGp8Iv4cibezNvZ+JYJ5BOTK:A5FNYzWsBB4AcZ8Pqb4lR

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sl_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.65 KB
MD5	1ff95b6fbc3b3290bf7bd62cea4e77fa
SHA1	497419009b24ab370b5d1a7e128581560068882f
SHA256	5d54f93d5ffe54cf33a674b07d9d0308f55b253008c39ad0a9a720ee8d9c90e8
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EKEBhpWufTAjyTsmkHKhWae:tPkb242I4aD7zbEKElWubAjyoHsWf

C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.24 KB
MD5	eae94306719061eb7cc62a758c4e2c2c
SHA1	8f0d5a752e8db1c54b9ab15263884660494c0d38
SHA256	f49a5db483338efb9a014090bb921777763c6901f8dbe88fa77e70d9e1fa3172
SSDeep	192:hmYjPGT0tm1t2SMSReCGaY0el5KwxgEjMrMzcKLu0bEjMrMzcKLce8kvL0MMSI8f:hmYamSReBll5Kwqhwzc+bhwzc1WQbSIg

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099154.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.77 KB
MD5	2f00fb8173e74aaebda86f6204ee38fc
SHA1	0132bc31c82fd03df46088c6a54353c330bb8938
SHA256	9f5cb1e14b977f8df4c001e125a3160ae99384df6f5eef73a8261c32282e8706
SSDeep	192:LgTc0+RkFwjTC16ym86qyf/dvY9NQUGxoLKHwbr0nSKiV:LqoI6Qw86qQ/+9FGx5Qbr0A

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287643.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.65 KB
MD5	f581e5f5402569197b7eca538d1920c2
SHA1	ccb6a0538e9578906b18512f14ea3143ae2af13b
SHA256	b272b402f432e720bf027568019a092f056b2e51030cfd072683024640614534
SSDeep	192:MWibLJ8FCCty1pQjIHSDU9lNZPXpTjsQZbco/8izlLuA7/sH14j/hRhl6aMF:MWa8FCCt0QjMSD0lLLdlzl6QuWRhlQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03011U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.12 KB
MD5	7fb73b642ed41d59178c6e0a9c91588e
SHA1	e4dc3b9c21df663929391d5893b4f791437642b5
SHA256	72853eafcecbc99a5c259eba275be063c78d6fbcb9d3e0ea0255d7c0b04dd092
SSDeep	384:RZi8vm7OvcHP0516jZDxwzRB5XcX6On7c15o07osOj+u:ziEmCvcHPwdcd7cro07WCu

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02062U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	cd9031c257a257f72a973c495f9776e5
SHA1	33b280f76c0c5b7cbc091e6dd87c8f700d71169c
SHA256	40192c9bda9a53d64d96ea3f1b4c621971147e39b428cc47a819f82eac7b491b
SSDeep	768:+ikVUsLBvyCoFOeimJz6q1u2Zr7sRschU:+rVTWFzlJz6q1j/70U

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.44 KB
MD5	8e30054beb34d91d62a2e6df0f6df8f4
SHA1	32f02607aabe2e4205869f318c931b39a84c6efb
SHA256	7af4a25fc422a0c80d2a975eda759cab850be812952ce43f643fafa5b474a251
SSDeep	384:SPUYIC+yxYneZ1cxoFO6786SJzQoNwXiTxzENnY5Rr7Hh2HGKAbaWBRQXRdlP0pk:ghIXyb46w6kQutEa5RrLs702HqVK

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\el_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.20 KB
MD5	674664888fbf8040eb18820bfd57a115
SHA1	d10de04824feee1b00d39862e846c18b61fc30ce
SHA256	bd902f8acad8ee9e88f4a709754101385f566d6c4ba9ce53faedb2bd1f2bac91
SSDeep	192:tPkb242I4aD7zbEUElWubAjyoHXWrIC5oV7Gmgm:qbp9fDLDElWuMjyoHOICuVCmh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01265U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.01 KB
MD5	757ef5febb138a7f9b063b2cb3127d84
SHA1	d3e04c94b41871ac0d5e90d8c2b957c8b507189c
SHA256	18314291efa4b48648bd61ca943badc9fbe42546edef715199272bb95a4f9d2a
SSDeep	768:LD8wUktrtxHJ6ihvswnnykemWGCPhKMoK:38bknxHJFswnNe1PEk

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\cs_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.09 KB
MD5	2ff3a672aa6760df4c8c28540d97c691
SHA1	466d856a74a6f0d960bec80dd654b4c3a68f32bf
SHA256	ff97b03202574f660a88b77e0af9f2fd58dda86c14ae07a54d4ed728f7d2a359
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EFxFFOt8MaOXyxKXAKOJlwDNC8DFhtl:tPkb242I4aD7zbEz4aoyxBQjZh/

C:\Program Files\Microsoft Office\root\Office16\System.Windows.Controls.Theming.Toolkit.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.26 KB
MD5	9e90628a09e84f86855f661905f7024a
SHA1	bddf265abb6b8415ef180f53c5f765bb7c39bb43
SHA256	74f0c9ef1c48d25f8964607b6c1831593a63cd8da4d4e49a1560bf1c7ec94cf7
SSDeep	192:erEA94EBd+FCwKbZRVK3lASaStNe8yZq0ITplvIVbur988yzA5YRNqLJxN7/VwSQ:eN8FCNYASrNe8y8nwVbyaRzA5Yngx97c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.95 KB
MD5	97767acdfd8cafc7dc748372082277a7
SHA1	d021c153a4845c669cbc60ece5f7f51347a09a9b
SHA256	5c343a9a04b006f9977f8dba5712ac112546d35ea9b1ab421f89f14826b2b0d4
SSDeep	96:nBcJqal00516V1souPVjUDYsaRGpwDTpR527BXYC:+qE0ZuPVaiUw3Wn

C:\Users\CIIHMN~1\AppData\Local\Temp\FCRYPT_PASSMD5.TMP

Created File

Unknown

Not Queried

»

Mime Type	application/x-empty
File Size	0.00 KB
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::

C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.20 KB
MD5	65c6b9494d478f27052b1b7b4e0981fa
SHA1	c55346e8468966524ade591a1e6e4c16a985aac4
SHA256	171e6ee788f6013617b3631d9d06ad961045490ee62796a6043ca672bf5a6610
SSDeep	48:rRuvAnphi6zSwz5mEtSB49PF5qs6PC36xJ322nBCOY:rRuvoZSYtSB49ms7I22YOY

C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.21 MB
MD5	8ca23a82ba5e1c8357ae8f049aca2a65
SHA1	ab147511535de7978bb03346eb1994c3819d392e
SHA256	ae37f255df816663aa8c9278e8fd09851c0a6dc20d896edd5f3bb3d411ea209a
SSDeep	24576:ZsXRkogoN4G1Whsm7QgS+NfshL2O9q+JiRbmzMmmoej1fB2oM:ZsXRkoD1WhX0+NfsJ2O9q+JWmQPTpAoM

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.80 KB
MD5	a9908993a46399356f344925c41c97f0
SHA1	affb7735f8e4f4a1f3d1dc4a1a4a88c5c7669341
SHA256	0c9c70fbe1b1890c6efb458e8136f136e8f302a755a846e00e829238d8a9b167
SSDeep	384:SgN1zSp/wYDYn0MNK7dyq47ngis9ANH7Y2QctNNNmpoqWgXEILkoCbdvhZ2u:7N1OpYYXkJcisu7lQsNmwgUukoUgu

C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	116.00 KB
MD5	b6cd6358dc815eb3c9b67457fb484478
SHA1	615d76576f8db6ee18f4462b04014b89748be60d
SHA256	bc2dc9bf0f45f98be4040ad506c6d184355954fb37afbea205cd28428af3b47c
SSDeep	1536:K3RRRRjSiIdnc6dTloSGKjrUkXZYoNdB6TLg9QbryAY6dDenxyqXIdgKsvG4yENJ:KyGaXXjdcGQbryAYmenxXYdRsvhWZBG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178523.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.47 KB
MD5	f4d75814df031ee87f7707e689d277ad
SHA1	e4875a8a5512a02a21e720542b69535f0852cbba
SHA256	e95738aa6f0634e62d3c6e3720fe19c7b9e23754a79ceeff195bb72cdd9ff8c0
SSDeep	384:ocXTWWyp2Cc5WQpUM/kQQTriSPSJ8oymbwRpCvZ73oigCLA0KazQ7RnQbrfN:ocXryFiTkQQTri6Seoy3pCvZ7Bgj0lzn

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101864.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	5cd0da50edde2d71c0ac81973f8dda93
SHA1	0eb53b7d861539a837f90ef58674977817a325b5
SHA256	b5f7da9e694f088f25b938edcd30ae87df23054cbe8e0295a5e08d64110e44dc
SSDeep	768:yDZmmKucjYmN4DRrYcKDH/18TSOyZUhWmESQxaH:m5cjYjZkUiicmfQxaH

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.46 KB
MD5	b3baf0a6e6ddaa5f989f306578a9139b
SHA1	88ba2d44c0d08d8b43426a15a3829ec8c6b500c9
SHA256	3d73aaf731f954ec82c603be705198700921c223c6cd559de64091aca826d179
SSDeep	384:ShJ9RP7cTPfoV063BHBeXCGyfGmO2WaO27HWB4uPSeNmy0qrF7Iwoc6V/SXMG464:+Kbf/6bJOWWoW4uVsyjboVtS8G4z

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.48 KB
MD5	40014d7a791edf1656b6638b7ae4a96c
SHA1	f350814265fdb0a646350c4ea942efaf8208731b
SHA256	4154d481dfe066bbf1e12e02b14315516ec656e021bcb70e3570d625dc5add7e
SSDeep	96:tSMIFteud4BY98PnU8rWDVTHezMdGm9/HpGPljZCnroT/SPX0+40UGNmwoqXBiQ4:tSj6uduE2nZyoYdGm1AljZ9TkX6j6xF4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\id_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.60 KB
MD5	21f79ddec6065e6192e430edcf90889d
SHA1	21bc33397511e6281ae48f2b99d24efdd7e28263
SHA256	43b8c29dbbfcebbd42db35d8985847b97b0ea044320993615bfbe3eee0bf9f11
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EgEBhpWufTAjyTsmkH3k3MdGbLFCEJiw:tPkb242I4aD7zbEgElWubAjyoHWnF/p

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	457.24 KB
MD5	98bd96c8196856b2f7524e593a3927e8
SHA1	0663bb3b5a59dbbc759f028bfe1ffcf470886b67
SHA256	04f3f2316d8b6fc537ee4d4a31f7ac4fe1710958ac3de253e45ab67f4674dde6
SSDeep	12288:KjIzl1unBbjPmi3FVb5/bk5O4gLRsQ2ckl8n6cxuJ1lC7cNIToOrUNQbplrPIyOm:+wunB+i3FVb5/bk5O4gLRsQ2ckl8n6c3

C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.50 KB
MD5	7ee9eb968f76bc4dab148134ba08f69a
SHA1	f27511036c78a72cba059591f5aa362a568cb94d
SHA256	bdbdcdddcccefb058687d38dc5839ab64f24de8e762dfe350e69bb9f6c1f5dde
SSDeep	768:RUmcCrtDPfqK0pZX3RnbugingaPK9teBBtJVH9UbQC1:RUm7xDp0pZtRYgay981H9YQC1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341634.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.62 KB
MD5	0e043539724b3168e5474ebdb1c26a1a
SHA1	f6ba80e58c7c0def8e1063e23936f5638476d1cc
SHA256	74e92339139f97b790650699ecd2fcda32cba7ec6329fbedaafea4cc8915cae9
SSDeep	192:j8qndfVKzbv/1m3gU8tIV8twbpKdj5zIGDEn+NBxjjk60TGRLiazoAW:flkXv/1EgU8tY8twajSGE0Bx5hLhz8

C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\en-US\about_TestDrive.help.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.13 KB
MD5	a0bb391339e1dab8354d6deb53e7a1ce
SHA1	c7ea96ffea0583ee07657809c8bdb74517cb2333
SHA256	bc0459fc5ce7a008edaf9ca5da7c0888dd37fc2b28ae1c6dc6602dff9b7db4a8
SSDeep	24:8nMFMp/ETklI006I16p3c0ShuHdnRmtTVMGOe7XQK3CAhU3vQQf:iMFMRET8ZndwTM6/ju3Lf

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02750U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	91.82 KB
MD5	49472e093659bad7227fa9b6ca86c2f2
SHA1	2337ad2852defc13f9753b51ba7edad1340acfa6
SHA256	f37fed72d648eabaa6c8c01c97101bdc40bc64138bf64ec54bc8b3995c74313d
SSDeep	768:6EHvKrKaXeVNIgHw+tKMHycTe0L8Yu3wi14z9GxQx+InwC5jb/ZB6izshh2tBKKb:6EyPXOLwCFmr4oG+kjZ/zWGKKb

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.50 KB
MD5	353aa1c7f142ef8bd8ea70a2bcab162c
SHA1	2bce381541dbf016eba057343d830272e4fc4b5b
SHA256	e03541e6076e2c8a6ac886c4a3d9c5229737794804d64f600f3cd0a43be15d86
SSDeep	96:Ak2I0ACi8T9fcadNotM1Hqg+jUUcNibfmhFAH9a1TpKL860s9fJP1g:LPm5UgHt+AUccoAdOcLFfJNg

C:\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files\Common Files\microsoft shared\Stationery\Pretty_Peacock.jpg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.00 KB
MD5	5de7d0cd308b80979ebcc8a312ac5af3
SHA1	b758f590baf08d11b24c6ac0c2a74f795c1e7346
SHA256	d01bfa973e4060da0d5efa0a31c5c91f3bee0feec075c82b4bdcd2748eea44a9
SSDeep	96:SWk2YoZYalnpjJNvkNkogqT2AlqlqYRW8BxB:KoZY+pPvkJgqKAlqfRWkB

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02756U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	193.01 KB
MD5	3cef36b6a567265043741bbaa7cf46e8
SHA1	d51bdd9de342252e64e30dcecdf8ef9ea9105fb1
SHA256	3453ee4c23ca2697804a7a6df3b9c30fc3c3b47369d32bd70ae61341bb8b40b1
SSDeep	3072:WLhA+7amIDvj78LpszkjKmCI1CgURUsLgw6nOlBt2NTpib2AFN+bqTzdXhSw5:pTm6f8tVjrogURUzwYO7t2nEi6/h

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.91 KB
MD5	ac8cc2a7fb12c7c514eeee9942c01c45
SHA1	e1a50346e69d3bcea0045640d57a5f877e880fe3
SHA256	e87b15f0e824395a795f951bcb5e6c4ccd7fe5ee8c9e3263f593df2e34eac210
SSDeep	96:tPkbMn42IK7aDz96V9yz4+E4EBhpWufTAjyTsmkHB/YOP2RO:tPkb242I4aD7zbE4ElWubAjyoHF3eA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145168.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.87 KB
MD5	9353d6bc1c331a1dd4a2151fb5daf737
SHA1	383a3cb267f7b2f0d8e7f65937ca9d716954ade7
SHA256	abace08b985ff8001adcafdd905cdddad31c9fdbb9d439f02741172b1c2c604a
SSDeep	768:YdMFmCQ0+zQG/nUWNayFq0lX39AfLIV9nF5MD:d0FRzN/UWNayF/3Af0bF5MD

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ro_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.58 KB
MD5	72845a58fd07c4e43cc3918a724d43c3
SHA1	fb850ab1206bffae128e7fd5243c92a64f3638ae
SHA256	c0cb5c675579c45311a37acad511d7d657f52dbd6d7085476e478e76cbb07c34
SSDeep	96:tPkbMn42IK7aDz96V9yz4+Eh1EBhpWufTAjyTsmkHY1CVC+Ke/Np:tPkb242I4aD7zbEh1ElWubAjyoH2X+KO

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02759J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	40.21 KB
MD5	7e92ef9164ce1274d9ee7ec85e0a2a38
SHA1	6dcea130d6c347156944f67c742e6deb04f1b26f
SHA256	75b88226d7ef3763f3e67e92a03a3f4fc51f77df7081ef47f12279fb950059a8
SSDeep	768:Pnh7I6cOuCEAspih1CT8edc8KmiDEYxQDh1+zRseESJrC1QaIdpYPpXdjHI3uCdi:PNIA4AokWFlKAKzRsRDCYh23uCdTW

C:\Program Files\Common Files\microsoft shared\Stationery\Pine_Lumber.jpg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Stationery\1033\PINELUMB.JPG.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	3.89 KB
MD5	8e10383b9a90cbaecc2fcb11105bb4ba
SHA1	08e1f062a6f712829f95140a9edb6eaee1ba429f
SHA256	79022501e2a9fb0f224bf568acee7d3155a640b54a1737442ec58b668ac1171d
SSDeep	96:tMyxDVV+SoU3AhCdJnv40bNH8tVBdE4tDggBHv4Dh:dV8Soj+nbbByB9tJqh

C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.57 KB
MD5	f61899337e06eea24eee84a86d7b4e27
SHA1	20cdb31124b90609c471716bbe4899a0f160c42e
SHA256	9445c72d7c7bf66d66da90c261b3bf17d0065e48a1d4035a2ce45182e609f44b
SSDeep	12:lwQ1iPOmDkrIf4AZnlZwemxftX6q/16tzqdKnujalrZica2IznCVMCpoV2I5DjYn:lw6uDQaPlxmxVqq/wQdWPlrZqTCeEojK

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	18.69 KB
MD5	9f7b365e120f88c28b2379bceae1fc28
SHA1	297e07cb577ab7e0046c53975992a9ae1d20d496
SHA256	90c83a66e45869b654039966bc3b5a6fc263c751fb6b8fd082fd276adb10475e
SSDeep	384:LcvXzi+kEPl/uEBgFXBblIRNvPmTtdBRjlIRjw0D0Tl+Lz/fCMoJsZg71YWuf1fJ:LAXzijEtWEaHpI/gtd3jl2jw0ITl+Lrh

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\et_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.18 KB
MD5	d8a711ea80ee0d2d418694dc857ea823
SHA1	4034874212cfc943d33e287428971e2bb6aecf89
SHA256	a551e88899a148135955e2d8503a43fc6b5448c8fffbc3ceb37e82e1f2ef7257
SSDeep	192:tPkb242I4aD7zbEfElWubAjyoHW3gzGQx/1:qbp9fDLgElWuMjyoHI3+

C:\Users\CIIHMN~1\AppData\Local\Temp\8U6Q7AC6.bat

Created File

Text

Not Queried

»

Mime Type	text/plain
File Size	3.30 KB
MD5	5fd5aa3dc35b7ef0aba291bea7868912
SHA1	c50ec777ede8494450b9f5daa2e944e7e9cac265
SHA256	fe76f72665b182205ad6f1634b03ebd8813210faee8f8dc4a2cc385570dd1cd0
SSDeep	96:qUTW3TdvrffyZTg1/X6P3/Pi/taaxnnZfG:qUTWpvTSS/KPvq/taaxNG

C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\en-US\PSGet.Resource.psd1.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	46.88 KB
MD5	fd364c06f8a9def07ca0465ebbbed607
SHA1	3687b4fd640a584049949853665f72852d51ea86
SHA256	a96372b05a1b8bf47b31232a8f7859a0476fca6dc83f3e1fe03722b3c7885883
SSDeep	768:Dc622YdvxL+wvVsYd129j+5M9DRRkOiXZT+A614FD1TlxT/fXIuy5M:DcjdN+wvu44zRRmZ6tC1THLYM

C:\Program Files\Common Files\Services\verisign.bmp.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.64 KB
MD5	c309776befba16bb17c89991fafbeb5d
SHA1	88643189c7e192dfeb27313dcc6ffe02507b949c
SHA256	4c386071b9b516ecbdb7f0921dfe0bc35c515032f482ff5f1288f14c54b6f744
SSDeep	48:Vl+BkskBRq1UAwBUD3zk1XBteESL3BjQTPBlDBia4BubpBo2dMBkX:v5sOqB7DY1vDS5APBlwatbg2dbX

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313896.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	36.28 KB
MD5	5090dc11f763f74d31ad4d9ee70514f6
SHA1	e5579e58aee3c2cbaad84299db50ca5422eafea1
SHA256	fb368a49dd0161c35bc110428e283880e3d4d76df1fb5b56dd24e4d10eb0df67
SSDeep	768:3Xaa+YXAPPiqEM1rjZbypI6uWs/jm+UyA1AYt7Ax2xas0aUN83uN9Cc:3XbwiqVrIpITWEm+Ur1ftMxCa9bkbc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\optimize_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.46 KB
MD5	4418dca8e718437f87598b64786f2613
SHA1	de20b18cee33acf6039c46d25e1e1d3c62782fde
SHA256	dd90062e681c74da9fddbc40a9832a49d7e262bccf0370787b12cf061c1e8df2
SSDeep	384:S4J9RP7cTPfoV063BHBeXCGyfGmO2WaO27HWB4uPSeNmy0qrF7Iwoc6V/SXMG46C:DKbf/6bJOWWoW4uVsyjboVtS8G4l

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.24 KB
MD5	548c9e2a5300b3c2e58b6f5052d7278c
SHA1	b4753e5e23dc097b1b21153c5aefb47a1c572563
SHA256	b138ecfe18bfe123309d7d34de62031d8ca9a6f19a70b1238967b8c698dd011b
SSDeep	192:tPkb242S4aDhZbEB1qnKNzlHOwfW8jj+qQYKrWXz5R8dzKXPMXJ0yl:qbpPfD3o1qnAHn+YKrW60C

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lt_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.08 KB
MD5	47e8cf3d754b51b27636778122f0785c
SHA1	4d588912dabbbfb85d68291468ae7a79a68d0a25
SHA256	e5ced9be49d7d342c54a3016f38750abe45b87f57f2a35f90b5069d6fd98bcd8
SSDeep	192:tPkb242I4aD7zbEsElWubAjyoHxzu9H3KXaxtU4FD:qbp9fDLfElWuMjyoHFMXO8UeD

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\th_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.46 KB
MD5	8c272458e88ecc4ecc10d3030d96ae0d
SHA1	8ea939a02462f4d41ec42cf0e7925dcfe641afe1
SHA256	cb1252b102267cd36f1efe1486711b7ad3d6a6c5f284e562c8d2a346b877ea59
SSDeep	384:qbp9fDLBElWuMjyoHoVxsu2yEkFDON9HkL2SvcsQKL0TXtumsFx3rDV:q1ZpE0jjnHoVd2aFDOzmGsDL0TXtulNp

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386267.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.28 KB
MD5	6460224ffe6553662fd4cccdaa98ebc5
SHA1	904f682dec7b8cdb232128fe150e7007081adbbd
SHA256	10a718d7a46cbaa792bfc355d026f274c181d269d3697392e4a089c1137554b8
SSDeep	768:FRzmu7IVkkxRquYUG80oOd2+0Ja+INE+eqnw6RRV53:WZVTqu1G80Hv0JaRNEfqn1RVt

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02736U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.64 KB
MD5	71876c3d7ead1802fdd05bbcdb33bb73
SHA1	4db96ea6c975db4b6c83e62fcc68d2f810eb8cd9
SHA256	32e96c8294a06cc168feb555f57a9169642674bfacf9fd893fd2abc07ddbb4bf
SSDeep	384:sLvllDp30xvfIxLG4yaftA16x5FzqMi4C5WA/lWK:wbIIxBPx58ESX

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02752U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.01 KB
MD5	eeeef7a8fc97ac3d2ff1175431a93c67
SHA1	57f38f4614ec0c12475cfd946b755463c05812e9
SHA256	75cba32a1a0f2405a6612233ff398fd9cfa3c60efb026541961aa6a34e7a24ec
SSDeep	768:m6llvZd1QOQPvPSu8q+ZoEJisj1hhnNoK:Dlrsfn8q+rJis1J

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0216153.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	21.12 KB
MD5	0b211c8be181b8ed538c659239a6f4ab
SHA1	a08d02a24040cf115a157a2af321da2d952caf29
SHA256	88aa8cc72e8c40240b1dded7abdc3b9cfe59bbd63458384d0bb9624adba24fda
SSDeep	384:/4xvmabM9c/D0IqC+EQfLU2jcdR3EAiWOHVd2RpD92JrggM4+sOo6DaOwqFTtZRI:wxEc/D07CGbcZERHbiD92RgKOGxw5Z18

C:\Users\CIIHMN~1\AppData\Local\Temp\$

Created File

Text

Not Queried

»

Also Known As	C:\Users\CIIHMN~1\AppData\Local\Temp\FCRYPT_PASSMD5.TMP (Created File)
Mime Type	text/plain
File Size	0.03 KB
MD5	e5fe3b2f80bbc6add0d55eb181df3d7b
SHA1	43da156ce5078867738f438e9a4e72fda0f562d1
SHA256	d6e9bbcd69b9ae1fe2e2f227536869435a311d9dce8afa1687d7ed9762b6a086
SSDeep	3:wn8D4d3KUQ:wng4dfQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382947.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	84.78 KB
MD5	05e3bb1b7a9cd2514c70cc1c68ff15e7
SHA1	0768841ca78b0eb81df78b396ca9169f9c124e9c
SHA256	69dc752eda03cafcd40425dc011a77f4e34372cbba543d8dbb5328dd21255977
SSDeep	1536:Y31hCSF/sccpBSQoi71jrVPsSdXVqLRusr5js/nwWoUJ/mcsK2N86sJC32z7cnNt:Y31wSSccpBZ75ZP5oRBrxWyh+R1/cnNt

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0146142.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	45.42 KB
MD5	c8c83bbba18c008d8e8ab1f01593179e
SHA1	a1f451c35200fa92012e8ad564893bf498743458
SHA256	9bc5265e911cfe71811908618f0692e0897fab04f2c0a73d22f475474d7b198a
SSDeep	768:aAfvHMYMAE/FUxbbpg6ACP1Of6RcnZGR2onysO+b/MDlNJ13p7NZUbd1LPqhfW:HfkMdAaYYysOy/MDVxZIPqxW

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.04 KB
MD5	645f29bd4f9b853db033bd0ab002c623
SHA1	192095dec3774f798946e6aa20933d49ad80857b
SHA256	1e42440af83fd0ba61a6742b941883616e7860a8f559b902100464b81e3c7120
SSDeep	768:eXaBTTB31NNGw1aJtr884SL9hvlNR1MjeCZps+:maBTTNrNGw1aJzr9L1keCZpH

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0144773.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	39.29 KB
MD5	0fcde658b2a065350f27927fb28a752b
SHA1	b2187807575ae3980717921e8d2a3364af77bd15
SHA256	cf6adb21cf58fe9f2c2c7b68f5bb90d3ff08054863b027610c6afc103d66083d
SSDeep	768:FkXdWed5eEl/q4TBxp4AVNDmMfxMXj+xVCpkxRBjc5B:aX04/TBPH3fA+CyxReB

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384888.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	80.05 KB
MD5	9814ac738cc40995b115bfbd5b85fc35
SHA1	988945c4e516c289587b73e124557f1502fbcf2c
SHA256	6fd7eebcf54dd2d264ec67587cd4dfe216dd9bd13a6a402cba121f702aa968a6
SSDeep	1536:IGHWFUuv6B7i+ArHiy4wj+zJTtkbXDd623UlX90yA+EGYfm95fMgG:I2WFP6B7i+ArHirTzb+ZLE9zEleJMgG

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.17 KB
MD5	69840f39220a7f56fef21d2da8eb6542
SHA1	8e4da2f4efc148e7ade3a27087403d96036630c6
SHA256	d87997749aac0b5b6249bd1ea431b046310be92e9df3ad14f48d7fc2fb1ae064
SSDeep	192:tPkb242S4aDhZbE611qnKNzlHOwfW8jj+qQYKrQsPS4Bt:qbpPfD3b11qnAHn+YKrM4Bt

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\iw_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.50 KB
MD5	1c87865b204f504998bc6ab4d0a6b35d
SHA1	63fb466793b51f21eeb703012527abd0c6b6c168
SHA256	62b4b8d7e6ec2a3279ae113d451d9b492ddae2266d63b9bcd28a94f554ae34bc
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EYYEBhpWufTAjyTsmkH1n4Y6C6X51s/6:tPkb242I4aD7zbEVElWubAjyoHNS9MC

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	29.64 KB
MD5	475a04d701da4b490c342b53c0e9fd3a
SHA1	cb698178d80a03a79a7846b0534df491122d18fe
SHA256	022c7c7eb8bc9abc8d96ad96715d6de2f016228f34121af83441168d5fa19c10
SSDeep	768:2Lmw8jonEnLYsu+51LGJ0MtzW/OGqvp5B65SwUpLrhullc:Xw8joEntj4Bvp5Rz5rSlc

C:\Program Files\Microsoft Office\root\Office16\AccessWeb\SERVWRAP.ASP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.73 KB
MD5	f78562f6cc5a5cac5b0cfc16824b815c
SHA1	d52e36d6c4529083ad22ab0464e0a97b7deffbc3
SHA256	b1f45655ee7ad824bdc05b047b6ce56d4870ee42d84b7b8420d9d24d4105258c
SSDeep	12:y9kigS0wm7ucepmTmmZXwVLz/JF+08y7xgjaEj0ggI3yJHa+CsZPpZZQWUM:ukIfmLepa5EJF+08y7x7EQnGmCyP3Z0M

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02749U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.28 KB
MD5	47eaac460f046b6b19a0483a80d40289
SHA1	2fbf3f992e0d549c915d6d0f451d0e153ec8e266
SHA256	07f21a045fa6ec180b137bd0ac68710395109febac93ee92b3ec66da1d8119ae
SSDeep	384:7hDXHrOy2TKkg2UwQ9zl2jv/p+D13yRZrjngV/PSrFnB:7R3y9TKkgb2S13yzzU/PSrD

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.64 KB
MD5	5ff36b9b2b8113b2d8a97419462b245c
SHA1	34ed5c539893407135438359486258ddee0a1d52
SHA256	aa63ca2953c55d0d51dbafa78a6e7d1dc9008c4483d533719644d2dc1e07bdb3
SSDeep	768:h8n0hYtdTYO3LGJ3bBEITJA9fnVNl/aEpTClW:ha8mLYBd9kNNZ7ClW

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0174952.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	24.40 KB
MD5	9c82d222fce139d4eb2f3500601d1c66
SHA1	44d977bfbf354a332b34a85469be73ffc538dc0e
SHA256	7401540547d549c6973f7e05d293e1e1d23345524f56b7dac1c0d50f4cbbcf2c
SSDeep	768:XKz4shlCm+2DrbXPQ9YMuZTPbZkyq1RMykCRTexwhKb:XKJlTHjIXupPbFqsy5pha

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02466U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.01 KB
MD5	2d875ee9f860d5e6b317cd03dc3e8c60
SHA1	9d44f5752a94dbc1887b3f3f6e75471bbc98826b
SHA256	695435c7df33d6cf10878f15c0b427fc28f7eff593acb26cceb5b47068b27e4f
SSDeep	768:H0nR6y+zTq4d20lo/8gxC2G26WllK2/qKTh0HPkp:Q6y+Pq4RKkVq62iKThGPG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382950.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	94.21 KB
MD5	6d7b3c5bd6d570a157688ec5e6e6916a
SHA1	b87622fbc56c324a640ba5f21a31d2273782243f
SHA256	dd0c1030e3070a0b5313c9eb961f9993376f7a793ae78c1444c5080cec97da29
SSDeep	1536:RIey45ifw0bu5GKuNu8UpzCRdmd6zvuKD6bxEMN3LkDk5l8DN5zZuROF:WeH2bueu8BO6z2KD6byuLkDilIZH

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341742.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.44 KB
MD5	3a5c0f3e83abe7b4b330f8448412ee93
SHA1	119da8e03d7616e12c9c11d4fb4ac761bcaecb83
SHA256	49f1815f17c35c42c6889bbdaa8c3e019f4f290bb52f758588d920cd52b7f875
SSDeep	384:csL6jc9eXfPvUYkleLRQbKeEvlOL6+H/7EV330UhAZd9AC2:csLl9eXnvUYxe+eENOL6G7Mn0SEg

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.30 KB
MD5	9f1e0c3975c3765bd2be132c2d5fd20e
SHA1	b3e571bf6731ba26087cb4adb24178677847e84c
SHA256	de40d8d3ec6ca2c9858a3dfd2cd7f08d081ae15e07bab1807ad5329dab16f0a9
SSDeep	48:4dI7PVpTgTioJEnu1jKOjCtvPj35osxyTR2iq1WBYUDiSbJVHCg7OixR1VOEJ0V:4dIDvnu1sL3mKycW2gJccOixRnOEaV

C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	62.44 KB
MD5	6dfcf26b3620e41d51512860b53aac43
SHA1	f52bab1885d37cf7a8e3795ad8520841edfea1b4
SHA256	80d61c9d80f1b73502a695a3e5662714b1e59838b5a5f40229501db4f5616dad
SSDeep	1536:6PtdQeJ+nOY1BAqJ+u3oG3LdYusnmNdIzDO2NFdKARLUhb:6PDQhO6aqJ93VB04sOG/KqL8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	23.43 KB
MD5	1c79fa93538f2597e7f10b06efb23534
SHA1	78cc95b8e306f855106a8dae935ff00767c25c00
SHA256	f0b45a18d52d7788fd8ed1922fe839beb766054bb6821206c76d6d86b0c8ddaf
SSDeep	384:GcvXVZm1/PEQpO2Q4ccAexlg2fO8KhFAo7yoKI7Itlkds0yzW0aWi5DMrHcH29bS:GAXVZm1/LOF5qlgoLKhFAo7yVIgkds0z

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	57.67 KB
MD5	91eaaa63a79470d70da7ec516c9e0752
SHA1	943a436d0d8d6cbe978261153aeff917c24da95e
SHA256	79093a1b0269a46092595fd583c9a660fd564c9960af9ff32738fd28cac76042
SSDeep	1536:otzVgcvv8RRRURGJgRu87i8RRRrrgZrjopsbdkBvTqTp/:uV9vvCKGkeWsbuK/

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178348.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	36.13 KB
MD5	5736d5958f1a765acdc569302f325a1a
SHA1	b2d0d2a7dc7368568c005f101d04f69d17ac1324
SHA256	a7e796698aaf9ed0dafd3c801801e18f8e8d055627989fbea6537c42945c9c56
SSDeep	768:+jnYKaDapwoSS/NdXgDStuo0mYAr2ZZq10eCdB+n:+LrsaeD1A2ZZq10eCdBU

C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\en-US\about_should.help.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.10 KB
MD5	787447dca7e480cd6904f639959690b5
SHA1	f06842179be2e31c9f6108cf9469c772a46bce9d
SHA256	eb395d4b79d1433389172662e83413d7e7f41ec5818b3e434884d3f5112f991f
SSDeep	96:bPPAyrRDzyD+gzQCGaPxs1g6Nlz7s7/cv77hI/wBNk+/ttJaP6llDW:7PAjl/PxYhaC+wBNk+JaP6lhW

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0177806.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	54.26 KB
MD5	c8c9e38406f80cba975d3caca72752b6
SHA1	9b6adf7454c2633cd362fa0ec4b96fbf0174456c
SHA256	3618986dffe90824eadea37862eec9318664fc26cddb2c7085b2eb604a1a238d
SSDeep	768:FuVczBgSw8uGefS69P4hMB822bHtX43KBHdgUrgsOXt7Vtv7CVu0XS3p+9CXoR+k:IVI1u06BEtI3keUsP/vOVRo4Vkg1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148798.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	37.34 KB
MD5	4b978bb87931ada5a4788fd7d2e8008b
SHA1	f09f6957791e2e1709ef0fa861e5d52b3ebc3696
SHA256	45be6c269339679257ad77d8ac33b35a8665c28720118c0cd0a7f31f62d9be83
SSDeep	768:zT7glsY+lrxpd5QdVKZeQgut2pwe8dnZABrDkWGbQ3vQCG3:zT7IsZxpg7i5gut2GdnZ8r4DbivR0

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387895.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.49 KB
MD5	a8bcd9d78039b5fd3bcd9008554b1caa
SHA1	ff54cd778346d6533ff73cb4e8d678529a179d40
SHA256	938534c5787f03b4527035c6e5fa57a5869b64ac8b20aafd2fe2ab8172e4bf59
SSDeep	768:BZqZN8BHrcmkFfS96kvCRW2FCpk5TB6bajPdZ6V:B0EHrcmxRLS6bKZI

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\am_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.21 KB
MD5	d05f3340feae735e779b966049a27e12
SHA1	424398d9d0d82b9dac7ea128564335e192dac7b6
SHA256	d2b98471d18887cff11c3a6a1bd5fa068071a2cd2359692dc403f32f279a9b39
SSDeep	192:tDkb242S4aDhZbEtZE2UsBR/O9PimSFm0pLgsUa5+LttVN1M3Gx5Zp:ybpPfD36aPihm0isV+htVNC3AXp

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309664.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.69 KB
MD5	d885457e42c29b6dc3d83ec76b96f6ca
SHA1	28978a5ec01a7fcd58d42dc0cba933c19443f429
SHA256	bff16e2ef087915636ce56f3993db27a9262766ce3337c767670f1a61ce586b9
SSDeep	768:xQtk1mUd5VYOdCYCThCRizdWEWDOJ+272KkRxDl4lSTuuUPROzkA6KsF3:x4k1N5VYOdClhCAhWOPQRxeUhUPMzKj

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03425I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	47.42 KB
MD5	d061cab60f24dd50242fe7bbd554a6c0
SHA1	b3d5ddab731e35695733ed038cd1000d9639a4d5
SHA256	0b7cf45e8648a19e5b464627c78591b5fcb2bc677ffa3cdf1bf19c8eea945812
SSDeep	768:bV6T8kxYr/g5U2VeHp+otg/8rl03QQX8E4c4G4R6iTytD58EiTaHrPivgDd3tsV5:bV6T8kxk/D2QUovtQX8E27koqbmaHbw7

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341559.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.12 KB
MD5	9c3873906a1bcba557f994de2479573a
SHA1	fc12bc3a721d4aacee78365fe44a068826858852
SHA256	24404cd83526d74c5e815b649145f9db09722351ebc89897b691f95fbb72856f
SSDeep	768:AJMr8v1fu03K5T3OtjpxEwjAXahMHtrEbJN:AyKm3t3YDEwiaeaN

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0315580.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.76 KB
MD5	00e3aca850e5c554e92ca6ca23b758b1
SHA1	a5af8edacc3168cd482dfcb3f92009441663f62c
SHA256	3a5967a20ed4af8f4bc068ec172bb827ef839ae71f8d992c827dd575f37d637c
SSDeep	384:1gZjqsNi2QNDeHWrz8IOkYeGzH3RpjpGJllFlXFwih/HohkLyyfGJ0:mZjqsNi2gispOVfzHhpjelrT5IAyyfG2

C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.63 KB
MD5	88ffd6eee8f99886d109d7af8393dc20
SHA1	a01a38637f58937b71d53c1569aaf0fbef00b531
SHA256	3ba47bebf07b9fd1f099683bb2347413cd67ec5c233e5e14bfc399a46d269e31
SSDeep	192:Se3k2QsuvmiC01cnFVl5tUXICDwmnzOJEgtRkN:SWkgelCdnFVl5+dHnSJBRkN

C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	957.25 KB
MD5	c1aec3160814ecbebbdf28dc180401b9
SHA1	8d92480c753cefbbf16e59cf839f48a501215718
SHA256	65ee7c3add4a061e2e653de6f38e3cd832fcf43f30682c71fcab944033f8acd2
SSDeep	12288:DL+cL97wGW0KYaUjNX3gTEgorxyhFWXzvFQPZ0qXVoE+hRc329BIMN21J+4fRm0t:/HL9FX1NvLdyh0zSh0thRc32oMNodbr

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01247U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.01 KB
MD5	038451db6552d135dce39af7153ace7e
SHA1	080d2dbcfdb610aeae9bdfbf76fab9ab32e3cf54
SHA256	574a6c1111853e651c6ed2c0b0889106f713038ff96c09df5d2f1a336407ad94
SSDeep	768:fAUZyeIw1NeyBUZ22JhAefDyMn0EYhFWSvIHidh5rL:fIeIw1Neyq2WhF0D4wIHi1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01236U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	7e0afd6834fee2ee19df8c08765898e2
SHA1	44b38b10a975a8cd1ac0e116efc56e0b6fc41f69
SHA256	337928f87c9d5989261a2b1fc2a975f8889936de79acf5161d274e33319b322f
SSDeep	768:/rmy6lZ2uFcp+mOgwWmvMnw+HHb8Gz7L6:/B6vFcp+mlwBuHb8Gz7L6

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309567.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	21.08 KB
MD5	a16dda60ba0695b2a170f1101c293949
SHA1	da90effd01e07a95e86d816fc4bdeba35527b038
SHA256	4208f3e427124e00a287d49b86113de9aaf5cb539188da9bc78e5d40d2a6fdb2
SSDeep	384:9UijW7b77vP8VV9QI8rzr607Qk1AvK7TRHqwcOprIdZdQx5MEjQ+9r0EnNgll:6ijs8NQI8z/Z1Ai7TRKw7IdZu5T9e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	13.75 KB
MD5	8cc02b10f45b96dcb1d236777f828694
SHA1	34ed203daa4891b472bf27fdee2412136e46913e
SHA256	81e8d2b0352bc1894e9714729503f8bb202273d95efba3231ca1c4eda0853072
SSDeep	384:X/pErSuv0st71rgA9rgIBZNdQwS0qEJ/LwXP5Ev0qo5q:hE+lCsvKZMwS0pqXWv0qB

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.80 KB
MD5	f73d83de0bf520397acf7e6aaac0068a
SHA1	ae7c44acbe5d56333db556961995e9d3dedb53dc
SHA256	a0e76146742799f79b5978334baa2bd54cbf215cf56a554477f0c80bfd86982c
SSDeep	384:S3N1zSp/wYDYn0MNK7dyq47ngis9ANH7Y2QctNNNmpoqWgXEILkoCbdvhZ2w:8N1OpYYXkJcisu7lQsNmwgUukoUgw

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341455.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	29.09 KB
MD5	f4298bfd233a4fedd2bc5e9bd5a8816a
SHA1	c8c9a0d24d253ea698ad517aecfbcec3481a51ed
SHA256	9a52939e75d5896d773bb38e6b8e9856fb058e00b472c0d4dff5467fb462f247
SSDeep	768:YKXd3eP8eGAYvEWLw4h6pGNwxInSXYFjwPSq:tAy5EpGNSWy201

C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	69.03 KB
MD5	3083f1bb1825736b11d5f438edbc7a46
SHA1	aa014d7e285ce1a30b626c30a18e8d4989b1498c
SHA256	ed4631d6ec4ac90ec3bd7f419bcd015794f2b6aed406a304571a394b841d4bbc
SSDeep	1536:665w4qVAPb7XQ/DspqJwMkW54RkCLYy13PQr0vkRvMmUDh:VPqVAPb7cIpGFkW5VC0y2r0vjP

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02503U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	a283c0afc543879d1ef55ca6cb555795
SHA1	e0b76794bdab6a99520fc9e8011bc9f75be09f41
SHA256	7ea46ca5239d7a741ba4edc3859a511ed8f73374ceb3bf8b4e578c6ddb317afe
SSDeep	768:hF0tl3VQAa8ASXgqWmz+MElkvuNXHU870lsl9rTOoGSlgcYqUN:EuAhAwgqWYUT0lsldTOoGSl8N

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02291U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	b2306066533d82f9ed5b3454818da903
SHA1	85a31aa759a46e6a40e3fac7146a3a5530b9333f
SHA256	3edd637b6467117d1ac375d0ba141652a94be2fcd1d1927679cd66c7ed27f011
SSDeep	768:xgDZUmzTL2bw8ZpegM0K0HiFvM82DHkYzsXGYVOqzBN5:ivz3CpegM0sJM82DHkYzsXzf1N5

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02074U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	6153ac51b6e5216e2e5333fe8d1f2c9d
SHA1	5b86ebe5ed1588b5ece63da578ed829381eb6249
SHA256	72bfb8c2f68b36cef7de3ecd326962075b97b8840fe36ce2e8ed95c47c50c5a4
SSDeep	768:ZKgs1fdKhx8ZT+wW3yznZJodY1ohgeHAeXR0FcaZfFL3HpHAD:Z+kx8lWqZJodY1ohHHAeX6FTNL3Jw

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01239K.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.85 KB
MD5	13d8e9762c769a664593ba94b525b39c
SHA1	956f461e51c5f15773969f3a28ce5f4f7e593616
SHA256	55e35ac42dd734fa6c49d199c266c3113c976c23ad0c09dca904c7f45b90a9f3
SSDeep	96:B/czOYVrdfiqWPNVBb7XGqyzvfpUwpbeq7LNF4fnBi78giHru8dMZw6a:lcCG1IXHyzvawkq7LNqOqh+O6a

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\md5.exe

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	24.50 KB
MD5	ff2c1dff27a7326197651f9bc33bb9af
SHA1	655e1bd24f804d7b467aafa17f223c6a1f078b89
SHA256	21379520e63262e60d94f7d7b1a1df0c9f192aabf537301c96bfac8aa504a3cd
SSDeep	384:NBVvRm80yjxZYXSuss6VoRwxbR9bMXfQQvXhxmbIwOXXphhpbL7T6o3wSEnMOvhV:zVpmYuqoRwxREQuhQ4XXpZ36DYOvhi
ImpHash	6ed4f5f04d62b18d96b26d6db7c18840

PE Information

»

Image Base	0x400000
Entry Point	0x40e910
Size Of Code	0x6000
Size Of Initialized Data	0x1000
Size Of Uninitialized Data	0x8000
File Type	executable
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	2003-04-15 20:04:11+00:00

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x401000	0x8000	0x0	0x400	cnt_uninitialized_data, mem_execute, mem_read, mem_write	0.0
UPX1	0x409000	0x6000	0x5c00	0x400	cnt_initialized_data, mem_execute, mem_read, mem_write	7.86
UPX2	0x40f000	0x1000	0x200	0x6000	cnt_initialized_data, mem_read, mem_write	1.44

Imports (1)

»

KERNEL32.DLL (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	0x0	0x40f028	0xf028	0x6028	0x0
ExitProcess	0x0	0x40f02c	0xf02c	0x602c	0x0
GetProcAddress	0x0	0x40f030	0xf030	0x6030	0x0
VirtualProtect	0x0	0x40f034	0xf034	0x6034	0x0

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0164153.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	45.40 KB
MD5	648d1f3f8a18d7d3a3dc21199aa88731
SHA1	6d52ed2a3afbe86e9ce786183e4e10e7ba838699
SHA256	4e7774b14812f440f4fbff4e01277a70b34f8e4fc519da5bbea95d366e42bc5b
SSDeep	768:zT3jkQsDihdmne2Eq7Tzp6ICapMSZGd+F9HEFFEdgOnkvwRDZ8qlAsedOERxZSZm:zT3jkT+hdrWpMSQd+FBmEdXn/DZ81seH

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02039U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	5723f79dbed9bdc638d6c1f30e361f25
SHA1	dbe99da2e43a1cfa1fda3fc0f73ceaa80f59a21d
SHA256	054c735fa59525ad1513e15573c8d7731e328be2425bd39035c7a09a3aad0d5e
SSDeep	384:xTs/On9fLLnCVwnZeLPb15nh+StL9eWYRoAqCdkV1iNAO8iYSR86x58+JgRajRCX:Vs/OnRnCAZc15aPdq0zvRjRpl7M8qMDG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287645.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	35.38 KB
MD5	93e801753be34bda7c9f5a2540629352
SHA1	ca45a684456f48d67ccf2d90fb430cbd90ccaf21
SHA256	54858ac1451a3721361715f2ebba3fcaf8a1b378986b81a566c950e1ee1cd886
SSDeep	384:ySyjo1dJlm8QtwOhGkCqq9pL1Ib1m6ODgivZagzVhTSk95aqmN4TYeLkuI8lPxzw:ySe38QtwXomwERBXVp99MBuXZzGNFr

C:\Program Files\Windows NT\TableTextService\TableTextServiceTigrinya.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.55 KB
MD5	6e6601f6d261898725201790ea01a93e
SHA1	92ef5bf92d32290ad268453fa75e2c39d52f89fb
SHA256	6f10443e747d2608577044d3c4b36e8a38bb7c4e818f6f03fd807072a646586d
SSDeep	384:mXdrEslyb+g4Yd9PvEWdqNJDOA1w6uyGyb68S:Gdcs8hPdMqSnGybE

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libksba-8.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	72.00 KB
MD5	f778daa0fb9e2496c5f0677b2539de86
SHA1	837b054c2a3595ad21b4a993a33bedda7e95de65
SHA256	98d9dbbbc262ddc0deb619e536f31b157e18c6bb6996b24b6d9ebbf91ca38112
SSDeep	1536:Ebvk9VgGcLVICQLouRcY9fObO6OPgIn0TQNMmmmXhLxw6ZI:Eb2q9LmChuFGbOZn0MWmLVp6
ImpHash	407ac7f1b336c294a36d308cff50d795

PE Information

»

Image Base	0x64d80000
Entry Point	0x64dbe001
Size Of Code	0x28000
Size Of Initialized Data	0x36000
Size Of Uninitialized Data	0x400
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (12)

»

LegalCopyright	Copyright © 2015 g10 Code GmbH
InternalName	libksba
FileVersion	19.11.6.25cc42c
FileDescription	Libksba - X.509 and CMS Library
CompanyName	g10 Code GmbH
SpecialBuild	<none>
LegalTrademarks	-
Comments	Provided under the terms of the GNU Lesser General Public License, version 3.
ProductName	libksba
ProductVersion	1.3.5
PrivateBuild	-
OriginalFilename	libksba.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x64d81000	0x28000	0xa800	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	7.99
.data	0x64da9000	0x1000	0x200	0xac00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	2.71
.rdata	0x64daa000	0xb000	0x3000	0xae00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.98
.bss	0x64db5000	0x3b4	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x64db6000	0x2000	0x1400	0xde00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.85
.idata	0x64db8000	0x1000	0x400	0xf200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.39
.CRT	0x64db9000	0x1000	0x200	0xf600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.76
.tls	0x64dba000	0x1000	0x200	0xf800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.rsrc	0x64dbb000	0x1000	0x200	0xfa00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.72
.reloc	0x64dbc000	0x2000	0xe00	0xfc00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.7
.fifcom	0x64dbe000	0x2000	0x1600	0x10a00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.72
.adata	0x64dc0000	0x1000	0x0	0x12000	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (4)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x64dbefc4	0x3efc4	0x119c4	0x0
GetModuleHandleA	0x0	0x64dbefc8	0x3efc8	0x119c8	0x0
LoadLibraryA	0x0	0x64dbefcc	0x3efcc	0x119cc	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gpg_err_code_from_errno	0x0	0x64dbf0a1	0x3f0a1	0x11aa1	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x64dbf0a9	0x3f0a9	0x11aa9	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxW	0x0	0x64dbf0b1	0x3f0b1	0x11ab1	0x0

Exports (151)

»

Api name	EAT Address	Ordinal
ksba_asn_create_tree	0x245b	0x9
ksba_asn_delete_structure	0x2475	0xa
ksba_asn_parse_file	0x2404	0xb
ksba_asn_tree_dump	0x2439	0xc
ksba_asn_tree_release	0x2425	0xd
ksba_calloc	0x1513	0x6
ksba_cert_get_auth_key_id	0x17f8	0xe
ksba_cert_get_authority_info_access	0x1841	0x23
ksba_cert_get_cert_policies	0x1795	0xf
ksba_cert_get_crl_dist_point	0x17c9	0x10
ksba_cert_get_digest_algo	0x1683	0x11
ksba_cert_get_ext_key_usages	0x17af	0x12
ksba_cert_get_extension	0x1724	0x13
ksba_cert_get_image	0x1641	0x14
ksba_cert_get_issuer	0x16a9	0x15
ksba_cert_get_key_usage	0x177b	0x16
ksba_cert_get_public_key	0x16fe	0x17
ksba_cert_get_serial	0x1696	0x18
ksba_cert_get_sig_val	0x1711	0x19
ksba_cert_get_subj_key_id	0x1820	0x25
ksba_cert_get_subject	0x16e4	0x1a
ksba_cert_get_subject_info_access	0x1869	0x24
ksba_cert_get_user_data	0x15d7	0x27
ksba_cert_get_validity	0x16c3	0x1b
ksba_cert_hash	0x165b	0x1c
ksba_cert_init_from_mem	0x1620	0x1d
ksba_cert_is_ca	0x175a	0x1e
ksba_cert_new	0x1574	0x1f
ksba_cert_read_der	0x1606	0x20
ksba_cert_ref	0x1587	0x21
ksba_cert_release	0x159b	0x22
ksba_cert_set_user_data	0x15af	0x26
ksba_certreq_add_extension	0x20df	0x30
ksba_certreq_add_subject	0x20ab	0x28
ksba_certreq_build	0x2128	0x29
ksba_certreq_new	0x2014	0x2a
ksba_certreq_release	0x2027	0x2b
ksba_certreq_set_hash_function	0x2055	0x2c
ksba_certreq_set_issuer	0x2091	0x95
ksba_certreq_set_public_key	0x20c5	0x2d
ksba_certreq_set_serial	0x2077	0x94
ksba_certreq_set_sig_val	0x210e	0x2e
ksba_certreq_set_siginfo	0x2163	0x97
ksba_certreq_set_validity	0x2142	0x96
ksba_certreq_set_writer	0x203b	0x2f
ksba_check_version	0x14b0	0x1
ksba_cms_add_cert	0x1b28	0x31
ksba_cms_add_digest_algo	0x1af4	0x32
ksba_cms_add_recipient	0x1bfc	0x33
ksba_cms_add_signer	0x1b0e	0x34
ksba_cms_add_smime_capability	0x1b42	0x4f
ksba_cms_build	0x1906	0x35
ksba_cms_get_cert	0x19d8	0x36
ksba_cms_get_content_enc_iv	0x1954	0x37
ksba_cms_get_content_oid	0x193a	0x38
ksba_cms_get_content_type	0x1920	0x39
ksba_cms_get_digest_algo	0x19be	0x3a
ksba_cms_get_digest_algo_list	0x197c	0x3b
ksba_cms_get_enc_val	0x1a7d	0x3c
ksba_cms_get_issuer_serial	0x1996	0x3d
ksba_cms_get_message_digest	0x19f2	0x3e
ksba_cms_get_sig_val	0x1a63	0x3f
ksba_cms_get_sigattr_oids	0x1a3b	0x40
ksba_cms_get_signing_time	0x1a1a	0x41
ksba_cms_hash_signed_attrs	0x1ab9	0x42
ksba_cms_identify	0x1891	0x43
ksba_cms_new	0x18a4	0x44
ksba_cms_parse	0x18ec	0x45
ksba_cms_release	0x18b7	0x46
ksba_cms_set_content_enc_algo	0x1bd4	0x47
ksba_cms_set_content_type	0x1ad3	0x48
ksba_cms_set_enc_val	0x1c16	0x49
ksba_cms_set_hash_function	0x1a97	0x4a
ksba_cms_set_message_digest	0x1b6a	0x4b
ksba_cms_set_reader_writer	0x18cb	0x4c
ksba_cms_set_sig_val	0x1bb3	0x4d
ksba_cms_set_signing_time	0x1b92	0x4e
ksba_crl_get_auth_key_id	0x1cfd	0x5b
ksba_crl_get_crl_number	0x1d25	0x5c
ksba_crl_get_digest_algo	0x1c9a	0x50
ksba_crl_get_extension	0x1cc7	0x5a
ksba_crl_get_issuer	0x1cad	0x51
ksba_crl_get_item	0x1d60	0x52
ksba_crl_get_sig_val	0x1d88	0x53
ksba_crl_get_update_times	0x1d3f	0x54
ksba_crl_new	0x1c37	0x55
ksba_crl_parse	0x1d9b	0x56
ksba_crl_release	0x1c4a	0x57
ksba_crl_set_hash_function	0x1c78	0x58
ksba_crl_set_reader	0x1c5e	0x59
ksba_dn_der2str	0x24e5	0x77
ksba_dn_str2der	0x2506	0x78
ksba_dn_teststr	0x2527	0x79
ksba_free	0x155a	0x4
ksba_malloc	0x1500	0x5
ksba_name_enum	0x258a	0x5d
ksba_name_get_uri	0x25a4	0x5e
ksba_name_new	0x254f	0x5f
ksba_name_ref	0x2562	0x60
ksba_name_release	0x2576	0x61
ksba_ocsp_add_cert	0x1ea0	0x62
ksba_ocsp_add_target	0x1e10	0x63
ksba_ocsp_build_request	0x1eba	0x64
ksba_ocsp_get_cert	0x1f80	0x65
ksba_ocsp_get_digest_algo	0x1f03	0x66
ksba_ocsp_get_extension	0x1fd7	0x74
ksba_ocsp_get_responder_id	0x1f5f	0x67
ksba_ocsp_get_sig_val	0x1f45	0x68
ksba_ocsp_get_status	0x1f9a	0x69
ksba_ocsp_hash_request	0x1e65	0x6a
ksba_ocsp_hash_response	0x1f16	0x6b
ksba_ocsp_new	0x1db5	0x6c
ksba_ocsp_parse_response	0x1edb	0x6d
ksba_ocsp_prepare_request	0x1e52	0x6e
ksba_ocsp_release	0x1dc8	0x6f
ksba_ocsp_set_digest_algo	0x1ddc	0x70
ksba_ocsp_set_nonce	0x1e31	0x71
ksba_ocsp_set_requestor	0x1df6	0x72
ksba_ocsp_set_sig_val	0x1e86	0x73
ksba_oid_from_str	0x24c4	0x75
ksba_oid_to_str	0x24aa	0x76
ksba_reader_clear	0x21a4	0x7a
ksba_reader_error	0x21c5	0x7b
ksba_reader_new	0x217d	0x7c
ksba_reader_read	0x224e	0x7d
ksba_reader_release	0x2190	0x7e
ksba_reader_set_cb	0x222d	0x7f
ksba_reader_set_fd	0x21f9	0x80
ksba_reader_set_file	0x2213	0x81
ksba_reader_set_mem	0x21d8	0x82
ksba_reader_set_release_notify	0x26d6	0x92
ksba_reader_tell	0x2297	0x83
ksba_reader_unread	0x2276	0x84
ksba_realloc	0x152d	0x7
ksba_set_hash_buffer_function	0x14e5	0x2
ksba_set_malloc_hooks	0x14c3	0x3
ksba_strdup	0x1547	0x8
ksba_writer_error	0x22d1	0x85
ksba_writer_get_mem	0x2366	0x86
ksba_writer_new	0x22aa	0x87
ksba_writer_release	0x22bd	0x88
ksba_writer_set_cb	0x232b	0x89
ksba_writer_set_fd	0x22f7	0x8a
ksba_writer_set_file	0x2311	0x8b
ksba_writer_set_filter	0x239a	0x8c
ksba_writer_set_mem	0x234c	0x8d
ksba_writer_set_release_notify	0x3014	0x93
ksba_writer_snatch_mem	0x2380	0x8e
ksba_writer_tell	0x22e4	0x8f
ksba_writer_write	0x23bb	0x90
ksba_writer_write_octet_string	0x23dc	0x91

C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.06 KB
MD5	6a9083cd2ccb86c7170f5ff0a23c6ec0
SHA1	49e03dbbb1f3762bc0f8fd3586412f49edb8cfc9
SHA256	1610426345dc25d6e9ff00a64cd0bfd116d3ebbc010ee1e9e21cb62c2c1cb43b
SSDeep	96:rKwcg4k07Qytj5h58teegidm4R3RqO09iFKAFh2ZJz3:rKwcg4k0EMhqtvdpNRqO09KKuh2Tz3

C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.41 KB
MD5	61a5d0590fa5517ba5f15ec53c6e6233
SHA1	b29f4210e0b9ce7f4f1ebc7bb6da0b5101ed7aa7
SHA256	5db31e6509f3e9e269d5f1db4a76ae925dfbc7a60201b741dfee98dd798e22a1
SSDeep	96:3n8IScKotWMz/cyjqv0046+i+9PSi+wQJ9a6TcPGRnPh6yT+EK4X4lXfy:XBVt/E2aF+HSi+FUjP4PhfX4ty

C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.98 KB
MD5	664947a174b5a2408c6c11b5725cf703
SHA1	df1f6e9136dead0da5c4cfa02f09825f81f96d6a
SHA256	e28cc73764693a249f84c20ebb603aa9ca688b72b656159522f7c81c7c240f76
SSDeep	24:APBILMBCwCdXTqi2QKO+oIwtd5DzAvPemCcJaRmx/:8BCdeiAOKwv1AJkml

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099157.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.45 KB
MD5	64b73b1928bad75f3864d1f343b57bb2
SHA1	09978de1c501fe7a85a417afb6ce2084de7767ad
SHA256	1845200b7e74cdf4919199a4e43fa6a4c7f1800d3d2bf24857b0992964e3204f
SSDeep	192:LgTckRkaYJrTGCtDtxlDEl4XpS6FIIyJZeVQgz53A3mz3HisgOLmJay/Q9HRUHCA:LMOJG6r5rZPFSZeVlz53A3mdgMmSZRzA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384862.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	100.23 KB
MD5	680fb2d5f48b87736ff0e0bff4f81f0a
SHA1	3d67099a5dd2547e6e0aefca43e0e8a9a61d7dcd
SHA256	5d09e186c322a6d115e38e0b5399f28fdeb2799e52a4f1e9b18f311d09ad3c66
SSDeep	1536:xQhk+x6Lvo29wcyp9BRYNEftluxgkCQb/WeD4r3pnmWJ/Mkh+rvMMhY06hyuLJd8:w2Kcm9/YNEft77eD4DxiDvU8eJdiX7

C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	360.95 KB
MD5	f6fd94b7a94adeae4c2f08186c689de0
SHA1	4a039a38b0fc2600e33dc49fdb5230c33475373a
SHA256	20e64f549fdf16214baafa267267b03feeed32fe14abb74a856366d0014f1759
SSDeep	6144:amqiS6BxY+n0Ir2WtZXP9VQ46dg9kTCokxGdMHYNKVSNL9ulIlEi1+ooIkYkpnxI:Wi/3nVrX9z9kGEM4NKV0L9RlEiEskpn6

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341344.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.22 KB
MD5	9a6a8f4338b18d9dc09ace7ab9975b50
SHA1	65394fd38cda96413861d9cecda5efd29dccc8f8
SHA256	b97b470ce9fa12274312a8c11fc5f86cc3e014af7b6286a34cc4c1fc4b129f65
SSDeep	192:LfWekEnH1JX7kTHDmxT4FT4E9AO/uFpQ6EK5QUoCxCYC7DpTNkaK1dyyFNtw:LOlwdkuxkl4EluBEKQUZAYwdDO8yF8

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03041I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.17 KB
MD5	0d7b8615b40b55b2d50a6d6e3c08635d
SHA1	bb85683aad6b98d8a11ec01b232cbd45959e31be
SHA256	4870c79452cfbae01d777bf3bcf2afea86d240f6ac375831491df9afb0b3555b
SSDeep	768:Ci4Uhn9YPspRDLM9J4Z6xgiVhyKY62Svb+uZzA:Civk0p1LK4ZcvR2SvbnZzA

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLDGPLAN.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	54.42 KB
MD5	a7c874dd011fb7aa43cbcef247949d7a
SHA1	fd74ed3ea7f3048fef119abb747a54314c955a0c
SHA256	4fecdb9dffa86f9155b5a8bf5ec2fe5d60e356ccb9cf40941eb94c3c7fa995f9
SSDeep	1536:bqU1wb03Wu6/T66TrmnvbzPHe9+/kiyX6F:bcetUvTrm/CJimG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178460.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.91 KB
MD5	00d4666d4427493bf8d6e305bc2707eb
SHA1	83007dff3b805897df7146a19245cadc2af3704a
SHA256	dddda659f2557501761043f06babc86c275b0b757e5df3589e84d990de28a04b
SSDeep	768:CKmDTzCznEb1aL3c/2Qaa91kOv5Q7Yo7F/Dxl:CTYEbENaIOvcYcF7

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178639.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.29 KB
MD5	73840a0c3968d10b7d94c0935ca10534
SHA1	d6342f05b5211b903972347a89bfa7cca3636a4c
SHA256	a804365f302003f2adf683828cb3d1a47d3d65e14449f659a3a97f951e136034
SSDeep	768:j60czRXis9hKCtd2BfZdbN9MyB+5FcxykndybzkCAq:WJks90csBRdbMAs2fwQq

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145212.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	60.19 KB
MD5	2563cee9eeb8217e7d1e6d5bdb08c1ec
SHA1	6951b73acecce068eeb97cfa5f8d05ed67d87ca5
SHA256	2f605234fe16a30f146cb04102e99ba9463b117ca8a65596adabc20de73be74e
SSDeep	1536:H7LS1YhTF8+htGHOoBYQMgOx3bajApWGM2:H7L3TLhkOoX7OiAp02

C:\Program Files\Common Files\microsoft shared\Stationery\Notebook.jpg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Stationery\1033\NOTEBOOK.JPG.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	2.88 KB
MD5	9c2e55a1727a5e36e99b3ee351e887da
SHA1	f03faca0678561774674c5042c46175fe51321ed
SHA256	aad014d076d49adf1b2756c9fb4ec5c86ad32e54eb340d073d5b3ca46351ff33
SSDeep	48:wIWrA0iAaa20Gx0EVG3ze7SYLUWl6+fw6qEn+0YbUAKUYU7aUAKqPSt9fvfvfvf4:J0RalxDVGWSoUUw6qEn+YATFAB6jfvf4

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\gpg.exe

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	411.50 KB
MD5	f69e1e09c69ee8c51d6f5cc9f87c0167
SHA1	a51ad691386bfcede43ab742ea40691382931da6
SHA256	9788f0591fce7cbed90ea43faaf1116c47c538cc3ad54aed260aaf8a2d6920bc
SSDeep	12288:dOeWectwyRDS7hizA5C6NXPmwe7lGAbXIAro:dx9c9Dmh0wC+PmweJtbXIX
ImpHash	bd10d439f7a8a13d4f2f1cd215461c12

PE Information

»

Image Base	0x400000
Entry Point	0x519001
Size Of Code	0xdf400
Size Of Initialized Data	0x111e00
Size Of Uninitialized Data	0x1c00
File Type	executable
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (9)

»

LegalCopyright	Copyright © 2018 Free Software Foundation, Inc.
InternalName	gpg
FileVersion	2.2.11 (cb46b7875) built on autonoe at 2018-11-12T11:51+0000
CompanyName	The GnuPG Project
Comments	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
ProductName	GNU Privacy Guard (GnuPG)
ProductVersion	2.2.11
FileDescription	GnuPG’s OpenPGP tool
OriginalFilename	gpg.exe

Sections (10)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xe0000	0x53800	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	8.0
.data	0x4e1000	0x3000	0x1200	0x53c00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.85
.rdata	0x4e4000	0x2a000	0xc400	0x54e00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	8.0
.bss	0x50e000	0x1afc	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.idata	0x510000	0x3000	0x1000	0x61200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.79
.CRT	0x513000	0x1000	0x200	0x62200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.92
.tls	0x514000	0x1000	0x200	0x62400	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.21
.rsrc	0x515000	0x4000	0x400	0x62600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	1.69
.fifcom	0x519000	0x5000	0x4400	0x62a00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	4.8
.adata	0x51e000	0x1000	0x0	0x66e00	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (10)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x519fc4	0x119fc4	0x639c4	0x0
GetModuleHandleA	0x0	0x519fc8	0x119fc8	0x639c8	0x0
LoadLibraryA	0x0	0x519fcc	0x119fcc	0x639cc	0x0

libassuan-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
assuan_begin_confidential	0x0	0x51a16d	0x11a16d	0x63b6d	0x0

libgcrypt-20.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gcry_calloc	0x0	0x51a175	0x11a175	0x63b75	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_gpg_w32_bindtextdomain	0x0	0x51a17d	0x11a17d	0x63b7d	0x0

libsqlite3-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
sqlite3_bind_blob	0x0	0x51a185	0x11a185	0x63b85	0x0

zlib1.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
deflate	0x0	0x51a18d	0x11a18d	0x63b8d	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CopySid	0x0	0x51a195	0x11a195	0x63b95	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x51a19d	0x11a19d	0x63b9d	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AllowSetForegroundWindow	0x0	0x51a1a5	0x11a1a5	0x63ba5	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSAGetLastError	0x0	0x51a1ad	0x11a1ad	0x63bad	0x0

Icons (1)

»

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384895.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	54.24 KB
MD5	f01c6bd18af38ca629086e88519c778d
SHA1	7be0281d7aeb5dd44ef8627c91c25c34622c7edf
SHA256	46e8a173a178779f65dce536d2edb46b632cb6603f4298e416363b1e1ccea7f0
SSDeep	1536:1bPNiHgl9LxNyhx4gEmuqfOoQJxiMrbQqs/qtC:1bUyHNwxQm0oQ/PQqswC

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\svchost.exe

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	19.00 KB
MD5	a2513042788c030af676cde9873fe359
SHA1	ab8d7ae15ccb15e3b4380f0224d365f5d1f4fe39
SHA256	9a092bfbeccf373ec97400240a42d7483e28c940fdd39fb119d99117d908ef1c
SSDeep	384:Zo+LNuKp2r6ZTz7Qm6bR8ZNKDQfD37rHv8SsmaNJawcudoD7U5:Zo+LA4QcnOmZNKcfgNHnbcuyD7U
ImpHash	33cb6cc9db81379f2d4afd3c388e54dc

PE Information

»

Image Base	0x400000
Entry Point	0x40cc10
Size Of Code	0x5000
Size Of Initialized Data	0x1000
Size Of Uninitialized Data	0x8000
File Type	executable
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	2014-10-07 10:33:35+00:00
Packer	UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x401000	0x8000	0x0	0x200	cnt_uninitialized_data, mem_execute, mem_read, mem_write	0.0
UPX1	0x409000	0x5000	0x4800	0x200	cnt_initialized_data, mem_execute, mem_read, mem_write	7.89
UPX2	0x40e000	0x1000	0x200	0x4a00	cnt_initialized_data, mem_read, mem_write	1.99

Imports (2)

»

KERNEL32.DLL (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	0x0	0x40e03c	0xe03c	0x4a3c	0x0
GetProcAddress	0x0	0x40e040	0xe040	0x4a40	0x0
VirtualProtect	0x0	0x40e044	0xe044	0x4a44	0x0
VirtualAlloc	0x0	0x40e048	0xe048	0x4a48	0x0
VirtualFree	0x0	0x40e04c	0xe04c	0x4a4c	0x0
ExitProcess	0x0	0x40e050	0xe050	0x4a50	0x0

MSVCRT.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
memset	0x0	0x40e058	0xe058	0x4a58	0x0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	19.62 KB
MD5	3300b1daca8d561fef4e5f87fd29b24b
SHA1	427ae140b5706c9375f8beecf04ac8392957c3a1
SHA256	fe991fc899b711d2e4395ad04ba0ab61ebabdbe8a6f52ac3e89d985a4cfaf5e6
SSDeep	384:McgZTTS9pWOSXL9VJUaksAkqBqnaaApy7yv0N4wcJeVkOiKA4o5CoguhUnY1h/yp:MLS9psXxrJksPna5v0N4wcJREA4hAUnr

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03379I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.91 KB
MD5	f224bb58f98ad0148f30ff4ef97424d4
SHA1	783c7f19c72f66bd90992c4e2e2e5026eb488347
SHA256	f105e7016bd5cd1a53b483522ac107210a7dc496db24df08f8350e0bbff561fa
SSDeep	192:MBO7Bsm7azg1gI2HoTkYjh6ZH7ePBQ1OAGCH3XYHh5W4KU58NniQvk:B+zgOI2NchAHcQ1SCH3m2R+LQvk

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382965.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	110.76 KB
MD5	e6dc47e9ce39355e94148dae5a4a4a1c
SHA1	973f7385486bdce16c15e30c863e67c95af32e50
SHA256	30d06230334d9e9b6ac3510c9268b59acebf56efe7c8c01e321dbfff759bb3a9
SSDeep	3072:md61gddYH9DXcvE+nNvE30dGzwa8gJxHFu3VYbWMix:l2ycvE+nNvjQCgJ/u2WM0

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341561.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.15 KB
MD5	0ec5743d335743732d3d467b7dbcf066
SHA1	10b3458dd68d846f806976f68e20ae9c6543e4d7
SHA256	b61d4a56d99ded2e72b06ae25436dcc00a96f698f75b9d6fd8191ac62abefd66
SSDeep	768:TjdCvkDR2vKb0QGr9KGvKQ5u2TaMZv9UQxKVM7ShrwjBCFFawrcJi:Txr6KQBvvRumxwzdwIaEn

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101867.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.86 KB
MD5	9b7e76b995776ddea474bd471fdd632d
SHA1	0196e6efe9b05c2f86024a9e8ff96078c0386c29
SHA256	ad9e8a23625b6782e459397cb1c85aab508254ad86160289ce12a9adefb84256
SSDeep	768:g6Be2K92sdM/ViuAGq/DwCwEVn+hFbLnpjw:g6B49hFdGq7l8pw

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02897J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.07 KB
MD5	76ee8de9f700980a44561a72407d0649
SHA1	f9e29b53dc4c5da3b8d6acfaf27edab197f4cc18
SHA256	1c0f882c7c9b886e07379d33f2a4a6fac170ca80a046594871f89a96c7ceefea
SSDeep	384:PuwQCgAArdiGt0x5pT6SE/8WXRxc1ZbgQgdRtcJFT91N9PsL:Gw3oeL5nWRxc1ZbgQgqxvPsL

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178632.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.79 KB
MD5	33ca95007ea6ce0b06398547060bb5e7
SHA1	46008f7821255e245bb30ab16288e881960866fd
SHA256	8a75f8efcac57f273889a727bb6a8ab45e8dccdf3bfd35d24fc614c3984cb86f
SSDeep	384:VtCZrujvQQQcZwlMZjCFFou7xxjRC/+AMUS1BrfU7/JdRvKFLF6zg+xCptoKKUyb:/CZrujvQQQcKYjyo/JMUQB4vZKBFyXbF

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101861.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	2c5b9f8ff6f24084d9ef547415dbfa13
SHA1	b58dc4b34f6eafd3213971aa468e6ba18e8df02a
SHA256	cd7c59e4e5afa4eb88fd2d3cf1b7ff12c4ccb64961405911b6d821187489b710
SSDeep	768:A52T7TB9fQzBZha2jh7tZSGsjNJxXxK45trqb:x7t9oBauXsjv5tO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ms_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.81 KB
MD5	84a38f1d2248b7b46c9605315907972d
SHA1	f026e719238df84baa3d1d0c002994468993f680
SHA256	025f40befa61e84368f6d292eb1c69f65798fbcb2f26cb48ca0bb1a0b7367a61
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EKEBhpWufTAjyTsmkHm87BZmOz4HSmbmIsK:tPkb242I4aD7zbEKElWubAjyoHBd4Oz2

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02412K.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.46 KB
MD5	a2560d5fa047f4d9653f5d7f97943a77
SHA1	510968c8a525b569083bfb63a017f589fc4b68c5
SHA256	6fe23ceebdc49521aafbe71396db56614a03be4f238995bdd3ff2a7a64e80cb5
SSDeep	96:MY44JS5IP5HbEH62P3q+3GxG2uWhI3voYk5dVT:MYFvhHbEHVfd3263vop5dVT

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	13.51 KB
MD5	80626af8d2e92f31cf0ded3160f7483d
SHA1	dc3995866e5d23cc265088851a9d73978d81378b
SHA256	d309473c76bafd56e52860813bbe010e3f193726229abe5555ab07dc32857ab6
SSDeep	384:7RWiUiuVhk8NIpWy33U5i3PJSaMBC/uLOk3OIvWtJd:3xuVhkw2B3Uk3PJSaMoWLELtJd

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libnpth-0.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	18.00 KB
MD5	d2d78437fd6ec6f86486759811c5b32a
SHA1	513b0da897415dce367b7021d737e9906bd9cc67
SHA256	ce803fe292987a894634a62f674f82a7d7e38a501a1f8021238c4faf396e64b6
SSDeep	384:JUlnIFYh7HtLcwBqJtQw9AVX01s/wSG0AxKr6+09PfL3v:JUVIFYlNYwBqZAVXX/wSGHxVv7f
ImpHash	725bd6792f5d01f5795d27fe718d0981

PE Information

»

Image Base	0x6a800000
Entry Point	0x6a80e001
Size Of Code	0x3c00
Size Of Initialized Data	0x5c00
Size Of Uninitialized Data	0x1400
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Sections (11)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x6a801000	0x4000	0x1a00	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	7.76
.data	0x6a805000	0x1000	0x200	0x1e00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.38
.rdata	0x6a806000	0x1000	0x200	0x2000	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	6.58
.bss	0x6a807000	0x13f8	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x6a809000	0x1000	0x800	0x2200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.42
.idata	0x6a80a000	0x1000	0x400	0x2a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.01
.CRT	0x6a80b000	0x1000	0x200	0x2e00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.76
.tls	0x6a80c000	0x1000	0x200	0x3000	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.reloc	0x6a80d000	0x1000	0x400	0x3200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	6.61
.fifcom	0x6a80e000	0x2000	0x1200	0x3600	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.9
.adata	0x6a810000	0x1000	0x0	0x4800	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (3)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x6a80efc4	0xefc4	0x45c4	0x0
GetModuleHandleA	0x0	0x6a80efc8	0xefc8	0x45c8	0x0
LoadLibraryA	0x0	0x6a80efcc	0xefcc	0x45cc	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x6a80f07a	0xf07a	0x467a	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSACloseEvent	0x0	0x6a80f082	0xf082	0x4682	0x0

Exports (61)

»

Api name	EAT Address	Ordinal
npth_accept	0x30c8	0x33
npth_attr_destroy	0x1a8a	0x3
npth_attr_getdetachstate	0x1aad	0x4
npth_attr_init	0x1a4c	0x2
npth_attr_setdetachstate	0x1ac3	0x5
npth_clock_gettime	0x1525	0x39
npth_cond_broadcast	0x260c	0x29
npth_cond_destroy	0x24e6	0x2b
npth_cond_init	0x249b	0x28
npth_cond_signal	0x2580	0x2a
npth_cond_timedwait	0x281b	0x2d
npth_cond_wait	0x26a3	0x2c
npth_connect	0x3084	0x32
npth_create	0x1c0b	0x8
npth_detach	0x1ee1	0xb
npth_eselect	0x3236	0x3a
npth_exit	0x1f34	0xc
npth_getname_np	0x1aea	0x6
npth_getspecific	0x2008	0xf
npth_init	0x1911	0x1
npth_is_protected	0x322c	0x3d
npth_join	0x1e28	0xa
npth_key_create	0x1f8e	0xd
npth_key_delete	0x1fd1	0xe
npth_mutex_destroy	0x218a	0x16
npth_mutex_init	0x2102	0x15
npth_mutex_lock	0x22ca	0x18
npth_mutex_timedlock	0x23a1	0x19
npth_mutex_trylock	0x2346	0x17
npth_mutex_unlock	0x243c	0x1a
npth_mutexattr_destroy	0x209c	0x12
npth_mutexattr_gettype	0x20bf	0x13
npth_mutexattr_init	0x205e	0x11
npth_mutexattr_settype	0x20d5	0x14
npth_protect	0x320e	0x3c
npth_read	0x315e	0x35
npth_recvmsg	0x31dc	0x37
npth_rwlock_destroy	0x2c8a	0x20
npth_rwlock_init	0x2ab6	0x1f
npth_rwlock_rdlock	0x2d6b	0x22
npth_rwlock_timedrdlock	0x2dcc	0x23
npth_rwlock_timedwrlock	0x2ed1	0x26
npth_rwlock_tryrdlock	0x2d22	0x21
npth_rwlock_trywrlock	0x2e34	0x24
npth_rwlock_unlock	0x2f39	0x27
npth_rwlock_wrlock	0x2e70	0x25
npth_rwlockattr_destroy	0x2a50	0x1c
npth_rwlockattr_gettype_np	0x2a73	0x1d
npth_rwlockattr_init	0x2a12	0x1b
npth_rwlockattr_settype_np	0x2a89	0x1e
npth_select	0x310c	0x34
npth_self	0x1d6d	0x9
npth_sendmsg	0x31e6	0x38
npth_setname_np	0x1b39	0x7
npth_setspecific	0x2020	0x10
npth_sleep	0x300e	0x2f
npth_system	0x3049	0x31
npth_unprotect	0x31f0	0x3b
npth_usleep	0x2fc8	0x2e
npth_waitpid	0x307a	0x30
npth_write	0x319d	0x36

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02069J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.65 KB
MD5	a81d0477162cfe174df1a701d8382020
SHA1	c7ad5d8a4c1ff07d1bd2b38fe9678024d4124500
SHA256	a2f54f131e99df4d436253b78ffb18448266765a7a035bcadce2ec58a15f10e5
SSDeep	768:V6BpsMcJ5nUANS+vwyjA2BAW6uyjgOLcQYLQdVmhkzSSota6eCy9m:MpsVUAIWVAYRyjAniVVzdo9ezE

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	109.87 KB
MD5	608286f37a3def191323d99a7cdaba1f
SHA1	62b6eec925058d62629e3b7f138a10f59cf0f541
SHA256	978d29945d832dab81c16e32efd4bf01ad2a4dae80779dc8e876a5304cd8f33c
SSDeep	3072:i4w4JUHYQk6emhPiVTFRDb78seivoGk7G9El1ZKp:iBHYQki58Lb7rvol7GY+p

C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	102.50 KB
MD5	b42443fea4bcc3b11a3a4726514d3f13
SHA1	3b562bb6c8c386a384a811a90b22795ee0559c71
SHA256	d26c87df269e3f75ef6b1c7e5253f5d32550094377d6a85ab343eda55b1016a9
SSDeep	3072:BgpnFLJTRFtbcwzAI/GSJJwN0TM1i068WIAr5uHN2RX/F:B6pJTFckJJwN0w1i068WIU5uYRX/F

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02754U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	105.96 KB
MD5	1f1a4b5d7f93e147e4d691b6cda9eb6b
SHA1	adbf887d88a42f8a575f8190049bcf4d8f60fd25
SHA256	0751f663ff47942e4859eb38d328e3d10ac7222919dfe763abf14aa70023bca0
SSDeep	1536:3ouReugV44lHO64ps7sdVVxIyInujCPJH8qARVlah1untClmUjG6zpbmgOG81ax:4uReuAlHpgl0FPR8xRbsuntGmUjGq8Ox

C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.82 KB
MD5	9e31bdc25ba1cabf9c2dbe6f3efba653
SHA1	ce23b07256841f91abfe1f54281366cccd36f886
SHA256	6917adb837ac7c2a7685fc8d72af37c525174fceda02c643661367f91f19d7d3
SSDeep	48:VzIBfenL2d4hIeBcmMGhJiFEwJ9FzF/I3BxH0R2B:68yeBcwJWJ9FB/4/0R2B

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	7.44 KB
MD5	a6b2ccbb6e856d69f701ca338afd4525
SHA1	e768a4abbf04adf405e981acfcc2cc6fc44b82a2
SHA256	345ae4bb32cea9d7b26a29fb1c974f9248e5e1087f5ab8217928664b774f3b62
SSDeep	192:tPkb242I4aD7zbEkElWubAjyoH+3bX5UeSE8XN277Dv:qbp9fDLTElWuMjyoHipUCj7D

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099150.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	21.40 KB
MD5	ca24eca74b3d4f90edfda0269d8a1e38
SHA1	d2e965a3bb27e436f19f8b7cc65b036add2290bb
SHA256	394403933aa9c3bc688e252c450445552f7626784f7088145c7ef3963ecaa287
SSDeep	384:Lvzl/BJ2lREAoBY/6UnUQtKeS3OYmuZFIZOzQt4He3xTkZ:Dzl+PesRBS3VZFAjvdO

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0390072.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.28 KB
MD5	fad0201b8363c4556a74ef981ce20f2c
SHA1	90026e1aeef9f114ad4b1799f1a2d287723fd586
SHA256	d28dd7955d87f7240a7a84f2b9d3f96ff2e74615c2d43d18b59a4a6937fe8429
SSDeep	192:f4E9Lt21Gcq8qP/GwiE9Q4cayjGFBqpenXpGUiyowC4Y7KqYRI/J2uXfNtEOy7o:59x2nlwiWQFsgpez8w9YbYaR2uTEVk

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148309.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.65 KB
MD5	9ad8442996d1fb8873f801f0ec9a1417
SHA1	8d21de0a5c99ea92a00b290d9da043b848850757
SHA256	ba56116d8789566b0ba1432dc871183d9af1810c5a976fffdaff2e5be92e0efa
SSDeep	768:zTTu0iQml+dYFtFAbKiDKT11+udwlWR/cxkrJosrWsjB/JG5+jd5i/Vfsz/wwFu/:zTTqQmsdYjZbouh/sL1KhJfjqfQsg/SF

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0315612.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.56 KB
MD5	043d133739a3b3146b4c5ff085a5ae81
SHA1	ea381951a40314d81db4ee316c27e3150d4f09b9
SHA256	0263066415d51acf1d2a2cead818d3fa7103bf951eaff80339800c4d2f7aae4d
SSDeep	384:8/giliXG74FbiKbcFB95eEERhXrbcBv4VOpB:8GG74FbLecNhXrb84V+B

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382960.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	104.99 KB
MD5	949d0266144a39506802f8a844fa205a
SHA1	77014eb1ae0541937c3ea8c1a4ff9000bbeec7ca
SHA256	419b9d6f9053921db4aee546a78539dae6bd4861416be19884e7cbbdd68a8c2e
SSDeep	3072:f1HBj5YlM0+8ayRV0KdPLb69VkfMQMJWJ6aQ1h:trYm8AsLnfMVYJpWh

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\az_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.95 KB
MD5	9a938cfbe947ae87bd82a8faf4d6a805
SHA1	b1a5372bdf587e9a9e0ba3674d9b04b49d312e6e
SHA256	773b999b4f3be290164163de0d4161ba97474fcaa997c8edfb893d5a356cf520
SSDeep	192:tPkb242S4aDhZbERZE2UsBR/O9PimSFm0p47LSinv9H3WEE2PfW69F40HU:qbpPfD3OaPihm0u7LlVXWEE67m

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.92 KB
MD5	f3f642028a0a9783d0247e639d4974be
SHA1	857421b13044b1384e3d28348fe91a73e71dd292
SHA256	1a60c60df2e88166af37065ee7d3591577f3f5e39bc9fa7ec1fd05d635654892
SSDeep	768:MOsidno9iN8X5uXf/MYUwfrh8CGg0yXlNEAEusyvzJ:VsiK9JkXf/1frS7KXlNH9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-press.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.55 KB
MD5	28f303e36cf042f0d0f22c301f51d1fc
SHA1	7a2700b7108e27a7b4cbdc963ac37a312ba505b8
SHA256	ece7cf6c7d28cafa54bf6877992b975525606cf81838459c7030c116ec18daf9
SSDeep	96:nBcJ6BgbLncChUx+dhrLONE+ol1vyqE4WB7qaDmL2DO9q:+6BIA4eul1417qimL2yq

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\close.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	1.36 KB
MD5	9ea02f48249f6d9b81c9759b1716ca5a
SHA1	baf74e35a4d4c0110b57d6556f5aea298b2ed73f
SHA256	53c02f4d709a7734fdc7a985339bba7f39929494419f35efab9e0ecccb899ee2
SSDeep	24:+2elyfx88u1Qig+Jiw9RzxJ776UEZPKH1474u/uQyqyohCVc:nZ87Ob+XzxJnR3H1e4u/+qyohuc

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382968.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	109.85 KB
MD5	c054cd444b925fde11b8048254f79945
SHA1	3679cbf2f471d6a3caf470b5325cfc1d52930c08
SHA256	a359b99feb1434bec179c35550073517e9ce1b488a9d1378bcff76b93ae12c9e
SSDeep	3072:ZwoZjVE3q7MSUUJQRt2kbjkKS3CKuzNvjidOJ08f:1hE3GfJQyFKV96Oq6

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099160.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.79 KB
MD5	50826b7852ef18d04daa8e56a0b05fe3
SHA1	0250d5d87ba2926c1d302b2ce49c7651109b71bd
SHA256	ca718e951a3d327e176318e31bed529882c446372047d91b70614ff709f65e28
SSDeep	384:LlQ9MkMXqc9yuTxD2dlwuahE6L97/h0Yc2gpQtWeCxh0Q4z:JQ9cqc9ymx20F7aY9gCWB4z

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01607U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	69b7295a84ce996a0a70ca1539951370
SHA1	fc5f3258fe028ba8443b53fe409be7dd689a241e
SHA256	8b58d289ea2e6191a4a5145e351a57bace8433063ca5d84c8970029cb1655a07
SSDeep	768:BS7BMlmFeseAcI7whdBBFv9dbNom611syWPxEo6NRIN9OD:Bu4mFesX/wh3VjpyLhPh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341645.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.04 KB
MD5	dc1d416301561535f15d9ff1a65b3609
SHA1	3420342233b705fb5b149bfb27815451b6cbe1f8
SHA256	da4a1d8f3324686fcf5699935fecdef44ad6efe757e3641d435423aa34f2f93b
SSDeep	192:zx/iSQYw54mRO9KFEfn4pOCQXFPbLJb3CCz:ztHBw5C9/fn4pzeBLJbyq

C:\Program Files\Common Files\microsoft shared\Stationery\White_Chocolate.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.10 KB
MD5	228cf88e33ee38be67df2c303ba1fd13
SHA1	da7ca9d0af9e747a7d198667439cc12aabf8e8f4
SHA256	ff0016bcab8833a3547e6962ec4ee768ce417c9c3dfc1c2bd6463ee73a2bc40a
SSDeep	96:SWk2YoGYaiRGLpcxQpvkqXQxdxsoETFU/:KoGYJ8WMvBAbk2

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099166.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	63.25 KB
MD5	9aa42fa7fdf742bd60a0b9d8ee7d3d1d
SHA1	568cc0b1c29fa72be666ddc33b102638590cca69
SHA256	2948bcc95bbbe26f4abbc04ac925927b0dcae96781d309113f50ff58520de313
SSDeep	1536:fjS9g439DsG1OFnNxxkU091vpGx2K783/cWqWqQI3s4c0rVwNpzLp:fG9Pp1OFnXxG91vpa2K43rqhQI8cr2F

C:\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.33 KB
MD5	7f2936f57ef1707cff31e37594d6f4c4
SHA1	7c98dda0e41bbd87c212c0c2a383df6b45217d77
SHA256	0a35d5454800276c926d386da46f0bae599d4dc61772571d0a90270c373a28f9
SSDeep	192:EvYs/kLiPVqaN+h6kwfvEMwRwDAsUY1bac6Jvf+Qv/UK0IVSpZCPvVQhRVKxNOhQ:EgDLGqlbwfvE1KDAsUWbatxf+QHNpXVp

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101857.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	2261434501467bd6fcf21ea420dc2c52
SHA1	e07bff862c018ca5bdbfa1aee001c6711d392eca
SHA256	ef3768ae7ecdda6e7ea27f4c51860b5186a7e565992c3c1f6dc57f3a12b8bc2f
SSDeep	768:rXvCh/029QcDAUMhrOqKAvUVr+AxTGMi3t3LkOOLcoALO8Gt:7x29QcDAvsA8VCuYt3gOac3q8Gt

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.96 KB
MD5	2871e5eacf5c62bebd576d26f26b5f19
SHA1	e0617dd443c3a8cc9293bc858e2f5c5d87fcc812
SHA256	779651ded86a2d5889fb80515153166c21d6785686f855d3c6bddf77c6259472
SSDeep	768:mz1e9NVvRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRh:mzkzvRRRRRRRRRRRRRRRRRRRRRRRRRRr

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313974.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	46.46 KB
MD5	0a6a1c482bbb8b3789f4f608365a3823
SHA1	45e31ee94d70f8007b00be4ecbf8588f56f7d93c
SHA256	23188d7d2b49a4347737d7a5586ea50f3470473ccd3c117831762d80f15dc160
SSDeep	768:sz5jc6R3wO9q2olmZBA8w7TNilcYgwm6uwldA4OnliOuiMBJJcYIFh:S5jcpO9q2mYMTsloviOZOoph

C:\Program Files\Common Files\microsoft shared\Stationery\Monet.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.16 KB
MD5	a20d429a7b888b03ec5c9730be303a0d
SHA1	cbe2c9371ffe47f3834f9d6c74289d08a58adbf4
SHA256	22f0220968d398123d0bd5cd1cc41e7ca4e6aa5f0e729544f4f104d8f10544d4
SSDeep	48:oSOp5VEDqAjrj8Gp7alNkqQHIEmSKWS19Yc/5pqB5LchvS:oP4TjrjRsNzTEm0SDHXqrLcZS

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099167.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.92 KB
MD5	bfa7251a131fd02be14b90097e4b2cb2
SHA1	2fa2c2bead38adfe1df85fd7ecdfb6ac63587712
SHA256	345136065bd58456d979574ee854dca90a99128c0662ee856f2fb98b41a99a4f
SSDeep	768:wamzXTY39XnWfJznO3J76Mm1njSkfwxv51/ALUzcQ33xRqmF3aS2Udv:w7Tk393WlnacMKjTaL/Awx3ymJanW

C:\Program Files\Java\jre1.8.0_131\bin\server\Xusage.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.39 KB
MD5	b2e7187298ae2edb5f03892489797924
SHA1	84fb8c83fc54cb762b61c3fb9a56377eefc5890f
SHA256	cce226bef2b7501cf7a258d62176849e386459610d711fb7bcb9fec1fdf7249a
SSDeep	24:Rro4DhyJXAt9GWUt+jXJFfg3hyJlt9jeReh0Qs0Sk322C7COy0VwR+rlCx9naOeF:R3FyJXkGWS+jXJFfKyJH9je8hc0Sk32T

C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PSGet.Resource.psd1.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	48.33 KB
MD5	b93f20448e815393aa3110f4d196b97a
SHA1	62ff0e893959bdd052c429a7409e39cc39e47155
SHA256	275b0c8c125544c804714eea10e7914c6a9df058c427cceef45d05fd7c864aca
SSDeep	768:VfX8Sz8ZRNYDjluk7AfOALNR3OuQMZOkB9hx7IXHBBcAI3SIKWL4u+eiBqpCem:mh7NEjlHAzOVMZvB9h1L5T4u+Nqa

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0337280.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	12.60 KB
MD5	75435675045acc14e9ed1fd8b27ce250
SHA1	06941092b6dd6344018bb02288c24bce65c2e16e
SHA256	dfbfbcd5731d1ae9013e792ae978c17dd11a5b803688ce3c32475ef5b6014aeb
SSDeep	192:nDhXtlNhHTpTd2U2UG1OYyvxqTRdm++mUsYVJAVgjk7JRFtdmBGOLaCpQ0taWucP:RtlnpBXGGvGCrqVmSRM39tZdigxf

C:\Program Files\Common Files\microsoft shared\Stationery\Blue_Gradient.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.52 KB
MD5	33fdc93b77c0fed9cb502ec1a71efd13
SHA1	cfc21efcc9541c22f3044378d541943a774485bf
SHA256	bc88fff61fb1aa7b494f4b7ab138897288b2446c2867fcb7858b613e621a73ca
SSDeep	48:OMGqEa+n+vnkx1hAZrJoQiPFn5iWSpuQWNZsKvd1/lDNUj3L:OOGgk3eZrujF5owQMsKvP/peTL

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02742U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	c4434e1eac479b803c231add5289c9e3
SHA1	95f33d36a2e59417719c7ee4b5fb6a17e48c6b90
SHA256	7ba24b1e470afecf4efa0bee49db28cd748da901540b71a30fd818feab286475
SSDeep	384:D2X/bPxfrfPRNIXGW3gXL2DvBKbJHSukC7:D2XzPxjRNIXZ3O2DvBKbN7kC7

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145272.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	48.09 KB
MD5	3ee1a1f18845b22c5f75780307bb7f6a
SHA1	c2689600b2a7fa88670435573c11468c54c06b8a
SHA256	bf263668ad14fcb0e6c5c47aed79d6b504190f83f045c7f66b48fcb03099d683
SSDeep	1536:xFX58I6qeUvyys/72GY3xLiEw82gvoO/Y:xJ9vyYhqooWY

C:\Program Files\Windows NT\TableTextService\TableTextServiceAmharic.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.54 KB
MD5	43a88d3e52a58485780126725614730e
SHA1	bb7388bfa123bd8478141d98851ef935b9e2ca03
SHA256	62490ab1c4cc03b838d87e37a77bde9cb0fcad42c58df21bb1ff5ae3011a6107
SSDeep	384:y+4X98+uO1ohL4HJMI4SIbNTiG5Z8IFGG++i:498DhhLSMIZSNxeki

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382927.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	126.11 KB
MD5	7af865adb18a235db29bfdc872afa5cc
SHA1	78238d9b242871ea28dca608f683fe9e2f8c8a1b
SHA256	1fe07623cae3597f943d9fc800cbc47d4443645fbf8ca1716cf0503270d50218
SSDeep	3072:ydUnyHLmKQbL5wtJVX9+xePE7xMf5FKm5HQilpffzvv7:GlMxOE7xtmv7Hzvj

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	78.79 KB
MD5	cb847a4418a46e48e533241b2f2cf2b5
SHA1	c224a29dff8149dd1d3154439c3f7a41344ee2ac
SHA256	5a647e371d26742e803ad8e98743dbd2cd306a13685a6ae8f7b2f687b2c22f33
SSDeep	1536:NrscO7C4zAaDuO6AllhmNwEzDqGDh8mqrPzG9aryLLCiqDuWc1rT:NcmMZaSmqrPzga25qD4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x.jpg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	67.60 KB
MD5	d6d2e5eec1849f0a3f4d5083102f0daa
SHA1	da802154efc526d44a91b9705a5ac340c5b6ffe2
SHA256	0d8a01d77e6357585e07f9eac5249cb0638cd1f3de3265f0808f07ee618bbc7e
SSDeep	1536:1Yhcgjy+U8TDF3fRRRhr+vCGR22FGtRRrjf0J+J6MsFMKoM1:1YnnTDF3/gCo2uGpkmEMKom

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01235U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	8c501479a29216ee94d01450de6974c5
SHA1	e9c9d4b29c14d1d37afbd483908dfddde210541d
SHA256	c3c27006dd4ceeab2c6340cbe2e3005b01e8c7ab5b84eaff7e95ec1f64b3ac3a
SSDeep	768:0uJetchRWaKj8w7QUlbh6X8+U3zR1PVoEWkwLHhthQZ6Mj:04RW7YYbh67gzR1PVoEWkwLHhT+bj

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\close.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	1.36 KB
MD5	a78f4573c2e000e4dd73d288aa30f39b
SHA1	bfedfb8c436819d9861f7900215100bd45a0a871
SHA256	0c422397b872f8d1c86fac1fe928fc14db054ad64fa59c1d01a031eee07ca374
SSDeep	24:+2eAXx88u1Qig+JitXzxJ776UEZPKH1474u/uQyqyohCVt:nTB87Ob+QXzxJnR3H1e4u/+qyohut

C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.47 KB
MD5	ab298f18e1168fef5a082b943d7d4932
SHA1	05a1097358ff2b45ee638e7a0cd19a98ec552f3b
SHA256	e0fe1ac2f0c3809b8f53fbf93cfbc6d2d17bf2df6e740cf18d090e4f369c4f6d
SSDeep	6:2ZXZ8me8i2MectRRb33WGTQvYaClw89PcpWm9rBy85hjVE/qOtV70lBW3IiobhpR:IXI8K25gL9cMKfWqebIiAIvYEf4R

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\no_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.67 KB
MD5	c205e8a05756487fac37fb33e9ab36ee
SHA1	4a64974b00e3f6fb7f6bd527b7ee4c705821eed3
SHA256	fa45b5e563f6061dfd035eb1738f7ecdab48909c0e6ad5b3993db6564c4b5f7f
SSDeep	192:tPkb242I4aD7zbEfElWubAjyoHKcLi0QzgC+ogw+9uu:qbp9fDLQElWuMjyoHL

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\help.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.31 KB
MD5	367ce43ae6c2a4318ee92c7ab455bf70
SHA1	5910f6b9a75182de45f32a8bd1bbcd0e1287d4e3
SHA256	5f5d8e56f633b55847749f5cb3d40f533d0ea2bbb459cc9ef92e89e25ad58750
SSDeep	48:nv87OgnRhPQ6/nXdgyuTKVYQz02Ba6Draqe/MWXCfXwq61y5P+d:noOyhPQ6/HFYQz020dxMWSfx6o5Gd

C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.85 KB
MD5	cd64d0f8592b2f4dcfd86d898b75834b
SHA1	98d92e0489daca1f87e4b724b20b1c2c04043b45
SHA256	225e6eb7143ac3cc6c220ed1e7fabf8dfa54773bf4c7e2d00b5ae317fb493220
SSDeep	24:EaIAct1kzqRFDUoAsq+q5uidSSjUrkFRMajXFLvuZwcPk97V0YcgNc:9+FRFDUH7DUQUQ7MQNX4U5cT

C:\Program Files\Common Files\microsoft shared\Stationery\Sand_Paper.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.41 KB
MD5	734f1562f0330fd9ffe6e669e15d52f4
SHA1	8506bac97a501db228f5523b16970a423b265b56
SHA256	94e6f72e2443995cce4acaec3f9627778c3bf2ee9686a3295becec40baa50a36
SSDeep	384:LlUmG17d+aYViqLSQmwb43eus3QwU8YCF6h975Y4lZDEl1qa5:Lah+aY8iS5+435s3QwR6hPhlZDoH

C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.51 KB
MD5	c80c335f8839227c626828b972e01e20
SHA1	4f58e15174016585f3a50117a03d7fd00e12a693
SHA256	bcd62f9072f166739b79eebc6fd2c25dc3986da3bf13915f1a8ef4d51d9425f5
SSDeep	12:IXYUoAz+6Pd5cZLSGGL6D9JfUokpKWfxlPMxk6/wstaX:4YUrz5PrcxnGSJfUhQp9wX

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145707.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	35.96 KB
MD5	2c4c37892485d55a0dcc72b5a4d2dbde
SHA1	30ca38f1d035d0b8e52e2683dac8573489afac66
SHA256	35dfcb5cf65e2fa0adf4ef6f9b943c52f2b10da439f82d394634ae775a9e8827
SSDeep	768:TaUww99wpmOnPgfydObPKhu+IelPclOHiLm5QfVaX9RVEDcP:eUvfwWbS5lP5imacXLKs

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	7.25 KB
MD5	294a098becc8f5ed135374f6a8658983
SHA1	ad08b3a7e1add79b19c473e49a8d9a5918fb586a
SHA256	b4f2ae4629f7bd33f6511831c86bec2443f8fadd36dd29c20cb31fb1a1b57e1a
SSDeep	192:tPkb242I4aD7zbEuElWubAjyoHkCypkEMBEARTY4No:qbp9fDLhElWuMjyoHpyu9R86o

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Document Cloud for Government.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	110.77 KB
MD5	6d0a11021c19d9ee9a51791b07c282c8
SHA1	c2404ca8a808141aa7fec6ad5794c819e3881788
SHA256	2901ee75d3eddbbe7367d10cca078f1c8969e41e1a36a452211f6d64f84b2342
SSDeep	3072:G1clxWrmQJQIeI90Q91WxKLwx7RoGsmfVEnoL:Qclsm6Q2t9QxKsoGdV2oL

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0177257.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	44.30 KB
MD5	6e2775f371ff963ff6be89d3168787b2
SHA1	2824e74d7b0b535225c8a0c56a0b86650d2cec23
SHA256	2c31a30cfa4c4d5209f045603dbed41382f65e3d75a668f8d5d90b1f7cf12013
SSDeep	768:Szhgo8YeQaR0xgTbXhpVrWQVLmRCvwTDbubn52+UP5fwpprn5sENE30Rd5MJCf5b:greQaRd51LmUvKbuYJUdCUb+Wb

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.71 KB
MD5	22c2026979e3bb52d0f3b14657e98805
SHA1	af8c7309d204b1c10814b61edee70df5dc1137af
SHA256	f5ad7fbae36f334501a56e71bf2c228ad7478bcaf9cb2c88c7e5cfc2774b5a75
SSDeep	12:h3GqYGiuwVJ4lpZNx4SJDa+Bi86YJjEmRjHJV4LwTvOz7sfeIWcU9FomPUn:RGqMVJ4ld+SJe+BD6YEwjtTGsmIaomPU

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341534.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.89 KB
MD5	9f44b526d27fd3d67f6ff84ec8f2d489
SHA1	b9bb2f623db45a136c96c1e13c951d07beb352fe
SHA256	015fbe6f3b0a4f54c7851856752af1e07f2739acd4e8dc1a074f866057dfe247
SSDeep	192:QwWKpBdaUMqJas3iFGnugFeF3YxqTXzCGXH645hIe6ckcgr0:BWKpBd5H3stF3wqTXzCGK69b

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02829J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	61.06 KB
MD5	199a732a7e1ff2df4430afdefb1b7139
SHA1	63f1f8a605b4d81215da5eb0a6482aa4558d2ea0
SHA256	ba5bf82a4216cbc710e6088f89ceed6fbf7023bd4707724af542abfc4b00a4a9
SSDeep	1536:PY2GiGjotCx6pp3mo1AiduElWOieWKjUithuPvyxXxq4130qKI:PYi8x6vmo1AN0idiuvKxq44I

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.26 KB
MD5	1065fb85fc52a231f31e0d25c04fd7c4
SHA1	a3e9f740462dc8b484beb65ba9be55f9cfccc991
SHA256	a877e4f7f18f920a65bc7b67c944bb1b85b02fa94ff4cda862929b46b74936a0
SSDeep	768:35O/J5ZFAIPCLindmHlmuFMfZcI1wDRiHQjrt9MDA+5lqygnenn34sMP+ew3CJ/x:35O/J5FSsdclSRcIZgrt+vlkB5xKm

C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\PowerShellGet.psd1.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	21.66 KB
MD5	e61ad48a45b6c87d379ed1b51933643e
SHA1	485104f8eca0dd7e917e399add2e7c6704e6ea30
SHA256	e94ad3fa8e68092b2a7b8bf8c67db6e2ac34ac2142e1570f92c6e3401dea370b
SSDeep	384:k79fC4toxjsorEY9cMAGWv2a4Qb1FoR1D//iHdcwRFQvdbl7KcLRquswHcgIrw:KC4aj39l7Ob1FGZ0CvdhyRgh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313965.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.84 KB
MD5	0f09c7754194502244a032449b041152
SHA1	29f01593657d973b2719a1510e9e89a0db69ab03
SHA256	53574905d32bfedee62acb3f6989dd0050bde77e04011eeeed1de3b04062d0a5
SSDeep	768:HfDTehiA9vjD+C3UmC74odrN9cehym2EzpZm1XCqXTc7k4QMf05N3meZOuM5qSp/:/DTQiAtjFkPPxN9ceb2ykSUUQWyNWXuA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341554.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.82 KB
MD5	986a617ee280cc4d775b9048d7362625
SHA1	856df9cd74f825db6a474e6aad4be171535498a3
SHA256	b3a2d171eedb5a41a0b4501e91fbd172adb5f5d9cb3b3f3a2c6f764669a95256
SSDeep	768:ioJKv7cV27+B5TU504rSK7soXsCEETmQvgR1neRuuvL:ihGJU50WSKPXsCZTmQEDuvL

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.32 KB
MD5	3c58d5d254833c3dd7cfb240cf23584a
SHA1	57abd3694a311013445cb35781925954e83b0d1a
SHA256	a60b88863baee6764db66d292a6a5d49c54ce05c3fa243b2a7e699c5fc783ad6
SSDeep	96:tPkbMn42SK7aDzz96V92xZ4+EdSA1qZNKNzlHOnwfW8EGj/2qQYKrxF8PY0eScL:tPkb242S4aDhZbET1qnKNzlHOwfW8jjk

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02417U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	bd832735bed5829a71f8a9f0af7456de
SHA1	f4123136c0f185254a87508f94ad90a17d9e1afc
SHA256	8be5398dbcb2a6448aa99f2679d650f26b964d8bf7754c5acb28b16945e91580
SSDeep	768:PkGKhgz2vlewAnxOUe3wa/gKnlxiHmsFvm2l5So2LT3p1E:PkGdOEw8OUywa/g4a5SL3p1E

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287641.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.41 KB
MD5	4f209f079787630ea2d58a13404acc62
SHA1	9d6364ff13c6e85002759227cfbafde4c69e0e3f
SHA256	347c61a3d1d23abe613df96f1a2d03f309ff1108b89e0d6721a07fc73ac0a2e2
SSDeep	768:3b3TBRsY9lmI8ZrT2YyzdG0rK0r7VHaMcYIpALDM5u7Msg:HB598Z2YyQ0m0PVHaSIp0A

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\bg_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.58 KB
MD5	d8ec507d49d58a64519df92680946e6c
SHA1	e8bdb3a3d7d58b5fc611b3bad225aea86c4c915d
SHA256	68fadb7934f61ba41c1e23bbc5ea60f7826ccf6c52ee273ed779ba64e10445c0
SSDeep	192:tSj6udum4pU98Hh5649f7JElWubAjywmL:cbwsah5l9f7JElWuMjywE

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101863.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	c63ecf9ef5bb1a8f722f26d0da8950b1
SHA1	04a3ca2dd33686713a4e299298b3a8e985427648
SHA256	81ce0592ce7fbeae1255b6a4a8a02824376ab1a3936fe9e9c00b82948b09906e
SSDeep	384:eUT3yl2DrwPltscADHQ6i/oVfEchU29K+aE1beUkTR61nh/1CQEhiP3myjPiJ3sa:5WNvEQYV8RdNGbCiRTPmyjPK3Ku

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	26.06 KB
MD5	986512b085c1ca3c5abc29bbe1935e7c
SHA1	06923ca75cec16daf713d21afd5ca2f6d8331402
SHA256	6a2119563ad1780e895c7554703a994e5fb67ee442988da4eddc2bb2f6899cb9
SSDeep	768:Fp1nBwQjQ7bf6cERKICVeRNCZ9Sqizcw00237g4W/iExo/le/4f3jAAmm:F7BHjuLE1vNCZ9S5zcw0023s4Wvxo/l3

C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.27 KB
MD5	77ec95be81cddb609282f392698a1789
SHA1	c54cec6f4988d53bacb28b9fc805010bed25877a
SHA256	545a65f9c0e71e9dd6e99af073d2e099a6cdee0ed3150bd09944ab1a6fb60270
SSDeep	48:VzIBfenL2d4hj5iBcmMGhJiFsQXxaGzwTHEHvOuGIhSZrImx8:68GBcwJq8FHEHv5G15B8

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382836.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	66.97 KB
MD5	7164bc6dd7978c8c4ca00dc6bbb130e1
SHA1	8a7e11d132beb284cdd780c870f060deaffc2e32
SHA256	2f46d6abf50fa841e261dd5fa5f0bb3f2b9bdb115b719f715b692ea21b6d5b58
SSDeep	1536:3s94mQpDoJHk2/NKJsc0XuS5axIc4WgmwQeqfyIk9uGZn:33pDO+n2uSD9WgOL6ICJh

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309705.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	18.72 KB
MD5	2e5aae8a77a721b788ea5266fcd6bb78
SHA1	df0520115951f226e238b08e1ac0c8a3de0f58af
SHA256	dae0b10e075c863d733619d8567e7fcc4d87eab383e67340fdd441ce450fcd14
SSDeep	384:Qe4QaIGrEPYZsnSsMfajgE9gKu/vIgEkrsE6jxNP82ntQ/NhK:QXPIGrgmSjnxYdbMPk2Ku

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101858.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	540eb0e3321966b8bea2b4e72556bfa0
SHA1	b9f1262b32e79f541a563de71cc582360b48bd72
SHA256	519f0fcb41fa273a20d4c8a2c1e1b7bee3570af56c4e24f3778bd4a12a35b733
SSDeep	768:Tu+083iG6z6q/aBNXlumzXOxHYeHMSIsA6RoWu2TxvYlcga1Yy+k7u:TA8346+atuNpQYR9uovOe1Ydk7u

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	75.68 KB
MD5	9192fac5520354dff52d79ef3310a163
SHA1	d048d6a20450b88512dd13347322717d560b7c34
SHA256	cace59a8870127773db1a45acdf927c7b83290ad63d250f4cd26628aebebd6bc
SSDeep	1536:TwS1uisQXE5zlrG+Ac9KJtGZwDvupW5xATN3GsRynR3n+zCNlU:Tp35E5lphOa1pW5OTPRynR3n+zCNS

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382931.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	119.82 KB
MD5	cffa011ed44b0ea68aa1c4479f17f1a8
SHA1	a12613f066bcb97278badf49dad7b5d1f6b8318a
SHA256	df2fda2236aebbd4e8af42b411ab8493c8ff18ca3357ce91d2577b4f47311546
SSDeep	3072:Ry6oTMWa/oAPPbaABxak14P6BC3/7nlP3t+P0JC:RnTQAnbaAzsP6kTvI0C

C:\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	7.33 KB
MD5	b62c6e750a43565a116fe1c97ea6059b
SHA1	d88e7c8c4051ee10ccf746629a922fbc6cd80d57
SHA256	8895fe296344d13d53e63b200c8c0bbb5094eddc7908ed497b71440f2fc0e578
SSDeep	192:EvYLWTAI+PPXhzz69FZwmBoADQlAu4cgH0v7dOYLkdn:EgHnhze9FZwmBoADQlJL80vpOYLe

C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	115.53 KB
MD5	d3f3fabdbe883b666cb84a73cfeb1bd3
SHA1	ae7d8a340bed1dd817a560b67fdf29ba803f9daf
SHA256	35e64d3deb34f943daa67221f034e74dad9f2a6fffebe3ea7ddb21b31038ddcd
SSDeep	1536:x3SIE1Yl5f+a/6kbzRC0OI9zQoKvogORS9YYGRHii8NtHfA4cSEfhskmGYXhZrAw:x38cYzkDGl9aj4KyMhuDhZzzCn+ikF

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309480.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	10.45 KB
MD5	1161cd9202b9a830b6ce7cbde8c771ee
SHA1	067439e06bede542ee68af794c811453c6e4cb9a
SHA256	c29f2605b983e281cce5088ead815e4e79607ac6b9e582fcfa32ed9873155c08
SSDeep	192:mjUVDEgtLfFO7RKbPaI6vn3HiDYhcrVzQwd/K6iW2tZ4VSBVWDhRx7:mjUVxCO6vnCY8JQGIbZKSBY1D7

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02758U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	194.00 KB
MD5	c174006bf46d51ed70808aa14a0d3503
SHA1	39fb54d7ad651f27e944bbbe428ff0975aba9720
SHA256	7778705debead1c2087defd265fe59b8748a104e35e8e4616379d58adc5472df
SSDeep	3072:Mbdm4/2mMy60Uv5F4c1gGmq2OsHkyPbcweW1S6GRQgTzv:MknMUv5F4c1gNq2OsHbzcwehQgXv

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	68.47 KB
MD5	7ad15b19b6133ad0cb878ec252e8978b
SHA1	bae908f58d8954d84c7cd6bb56869ddb81528a06
SHA256	a3959c8af4b57400d9d39d48781c6a9e33edc5cbdedd4bfc0d5d495def6ceb6f
SSDeep	1536:BHj2ZRQCRKDJSxvYNbvouYLwU1ElgftKraN11LddI7RSZQTg/ZSPG9BkBfmk215c:BD2fQCRhYNzwkZ40rahd4sQU/ZSe9Bkr

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close_dark.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.36 KB
MD5	ad753e0434a443b7912dd05965a2e7b3
SHA1	2b4de8662e1ac31347d4b3dc15d70e538a89fcc6
SHA256	75de6efefbdfbe6b259a5aa5ea59aab526be41948bbccee7fff8a0bb530066d3
SSDeep	24:+2eAXx88u1Qig+JiPzxJ776UEZPKH1474u/uQyqyohCV4:nTB87Ob+SzxJnR3H1e4u/+qyohu4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x-dark.jpg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster2x.jpg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	67.60 KB
MD5	0d71104b413f9c5d49bd3ff092653f62
SHA1	3af37020e11a9ffc841c9b95ed35af5da4ccf383
SHA256	393a3fb0bb350d9792c05b8d6d6ebf300125adaab6b6de0d22f924381aeb7737
SSDeep	1536:yYhcgjy+U8TDF3fRRRhr+vCGR22FGtRRrjf0J+J6MsFMKoM3:yYnnTDF3/gCo2uGpkmEMKog

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.66 KB
MD5	41248c7903006b565c6547187eec3f24
SHA1	d3346865c651d3537c1833f5ac6cbf56b3a11cb9
SHA256	18a46a97827a7c253e94f923f2e56541d057fbdbf2aca63f76ea8dc6e1c64acf
SSDeep	48:O0NGI3jsgHIdt6+aU/rf+pNx2YP6cuEO5THH:OHpt67kfK8STuNTHH

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0182689.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.23 KB
MD5	442e79564154fdc5b88b94617c6d6bf9
SHA1	b985479b5a38e00792748eec10121388cc7a08fa
SHA256	1fc4dab2fb29babaf9f8e9125599b08418cc2474f1c889af733acedf95bf51bb
SSDeep	384:rd/o553i4a/Mcssan7E0NFoZkzxYmZvOXpom/UQ:rd/aFP9E0NTPvOX7UQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386764.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.31 KB
MD5	ebf8c5489e5926efe6b6949c367ee8c3
SHA1	f38bed892513d60df276875d80359784883562dc
SHA256	f3e18a56afaaa4cb26632747880c36934b19d107868b54d62b37a224cbc523a4
SSDeep	768:P3hHXvyfDdLJIViyfxN6X6v0Be+lbKUDiShGo+B85fzO0v1:P354kkyfxwi0xllDiShNH5fzO0v1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382957.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	106.49 KB
MD5	20be056129123bb6e1ff7d3d8c81ca6c
SHA1	57c346e96a7ff667b6ded3ae8e05e1ad67a48299
SHA256	f94be9956f4881397cd4da6cc891fcf3e2c99dd5e706601a2d8d358b3e8f1ce5
SSDeep	3072:t2IpgTvYd5FnSMAz0o5mzV/aUhb6I3HRd5y:3OvY9SMG7ER7xdA

C:\Program Files\Common Files\microsoft shared\Stationery\Psychedelic.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	13.72 KB
MD5	8ec4c72cbd3570ea8e3ab87ba3be621e
SHA1	09c934f6cda53a24d15d67c8d931d7ecae9dec6c
SHA256	877a8cf2358ad8037b302eabee5235dc15969138f1c2ac4450c446d29040f515
SSDeep	192:qzq4TjnjEx7wBuufNitW5dAGD2NWvN7X9tAM7ALfvGIQt7A8fZP+zCgOzdZtXlXA:qzHT/OwYVedcg7XLeLgpZR3gOXlmCYL5

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341653.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.50 KB
MD5	75a4d64fbdfe16ecae735889d9e052bd
SHA1	827516b6e361d753cf53f3c7c4d353498db9df74
SHA256	bee46f081c39f780992fe00aebae8d3f1c85a75fc90448a9297bd8771ab924dd
SSDeep	384:Il7F/yg9zHDci9lwLZwnD0DXdhGOxmOI2:IfvFDJlwLZwn4zd1B

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382969.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	93.91 KB
MD5	e425aa522eeef4b686223b2896020a11
SHA1	818363fe375fc08e1016ffa7e46c9762c2c73e71
SHA256	f84eec3d932e669002814ab22e37b38d1f43d712f2f3f37977d7b1ae269ebda4
SSDeep	1536:MzkIOBzDHWlaOatLSHH07UIx8VzGyCjpRSeMEv/JwsfrxuUtU6vjhJFvSfXbF6:uAfH2ItWHHuUIHyCt4ewsrltUYUfI

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLOCKS.DWG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	60.46 KB
MD5	01dbc2fd913f6484222710a0097be5e9
SHA1	1719ff1b352c6e87b5060951660677b64b3a6e9c
SHA256	567e069b42535390370617f3020b5bc703760b5d31844343594cf9e98235af3e
SSDeep	768:xVdBUHAlklKQp1B0MbQSR7S5DQgHvfkj1H9bfqjJjWP5aceM:rUblKCr0MbjiHvfI1H9bijEPLP

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	182.46 KB
MD5	0b240bd871d3d450705f3b46f66087d1
SHA1	8ba3f38ebd9e04877fc5bb47a2ba09a64d43a328
SHA256	9f076440f0d6c4414f98d2644fa9ab032e930aeade6d711cc3032038629d1bfe
SSDeep	3072:Os7g1sROESY4h2YqSqOzBydJ4OySyfHzPaJp6SgA7QbmfT9wK2En:pg1eIaOdygOySyfE6PAUUpzDn

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0313970.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.42 KB
MD5	71259638358a105d8812cdfc3bb552bb
SHA1	208a7ca8e39d658e561e4a42250406dd74c81281
SHA256	18fd5784c69ba0340c0ef96ec3a86edba50d40ced573ce7e2d42677b5882b0ee
SSDeep	768:FAmEcgOR/pfvVLFJPar59ztTHSaKxCGXfrgNnxdb:FMzO7xyHzVHScyOdb

C:\Program Files\Microsoft Office\root\Office16\Lync2013_Third_Party_Notices.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.56 KB
MD5	3bfc33e7bf2923c9ff2fd4bc44078991
SHA1	edca2190e69d9a9adc94c0fd208791bc46eadb5c
SHA256	35436572ab2252cb3cf17cdd1433f272d4ab7dd304f2e956068ae7511d0cd7ea
SSDeep	192:pKrO8Z0vLtV4XbsfngKjJL4Yc8vuvLuStEGpyq6VN/qbwHNMNiXI:IZ0vLtVqYfgKjJL4Yc8olzpoVpqbwHNg

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145373.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.45 KB
MD5	53eba7cf9a5e7cdf7a0686f6653b8afe
SHA1	80131662bfdad017f4d517016a5bb66287333e8d
SHA256	ecd1f4133ed71cdc4eda24f115fdaf296cfe75c2eb6005fc578d7554dad90e07
SSDeep	384:vRIZ039umJgO/WqGlTtii9nNI8Ym2W+/R+EaVsv5cLXlPrQ:vK9+/Wq+n9nN0l/RlaW5cLXlPrQ

C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	44.12 KB
MD5	ff54ac33b1e2191b53830955d95dab22
SHA1	47af243a7e62dd68cd7d739d13621d64b350a33a
SHA256	2de4c198186d281bd78c8256c6b71b3edb78269064ba7242c430ef16332a8566
SSDeep	768:PLXoc33hWauzuCaY8OZWHd1aN7eKx5IoB7SP/A2NaZJ1FJVuoFZZ:Prj33hmha7+WGAo7J1FXHZZ

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libgpgme-11.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	96.00 KB
MD5	2ce5a2811db63ab6863ed28b59611d28
SHA1	d51221dced185f0bcd40a261f5cf0dbcc3145ee9
SHA256	4a7eb50b48d7b5ce40f81b8d32b7136857d559d0236e74b89fc8a92dd88f5930
SSDeep	1536:jsz8ddnp6a15KzfDtzuCmL/WuUc62aeMGo+9JmEPDjG09XB0+tGgPYiB2Q87wnGf:jsz8NNwluCmTWubAlGo+bmEP+09XB0+0
ImpHash	c76512d931a3cb59ef06690cc653d07e

PE Information

»

Image Base	0x6f480000
Entry Point	0x6f4db001
Size Of Code	0x3e400
Size Of Initialized Data	0x4e600
Size Of Uninitialized Data	0x5400
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (12)

»

LegalCopyright	Copyright © 2001-2018 g10 Code GmbH
InternalName	gpgme
FileVersion	32.21.0.1aff2512
FileDescription	GPGME - GnuPG Made Easy
CompanyName	g10 Code GmbH
SpecialBuild	<none>
LegalTrademarks	-
Comments	Provided under the terms of the GNU Lesser General Public License.
ProductName	GPGME
ProductVersion	1.12.0
PrivateBuild	-
OriginalFilename	gpgme.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x6f481000	0x3f000	0xf400	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	8.0
.data	0x6f4c0000	0x1000	0x400	0xf800	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.3
.rdata	0x6f4c1000	0xa000	0x2600	0xfc00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.97
.bss	0x6f4cb000	0x52a4	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x6f4d1000	0x2000	0x1a00	0x12200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	5.15
.idata	0x6f4d3000	0x2000	0x800	0x13c00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.68
.CRT	0x6f4d5000	0x1000	0x200	0x14400	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.79
.tls	0x6f4d6000	0x1000	0x200	0x14600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.rsrc	0x6f4d7000	0x1000	0x200	0x14800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.73
.reloc	0x6f4d8000	0x3000	0x2000	0x14a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.9
.fifcom	0x6f4db000	0x2000	0x1600	0x16a00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.85
.adata	0x6f4dd000	0x1000	0x0	0x18000	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (8)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x6f4dbfc4	0x5bfc4	0x179c4	0x0
GetModuleHandleA	0x0	0x6f4dbfc8	0x5bfc8	0x179c8	0x0
LoadLibraryA	0x0	0x6f4dbfcc	0x5bfcc	0x179cc	0x0

libassuan-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__assuan_usleep	0x0	0x6f4dc125	0x5c125	0x17b25	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gpg_err_code_from_errno	0x0	0x6f4dc12d	0x5c12d	0x17b2d	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegCloseKey	0x0	0x6f4dc135	0x5c135	0x17b35	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x6f4dc13d	0x5c13d	0x17b3d	0x0

shell32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderPathA	0x0	0x6f4dc145	0x5c145	0x17b45	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxA	0x0	0x6f4dc14d	0x5c14d	0x17b4d	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSAGetLastError	0x0	0x6f4dc155	0x5c155	0x17b55	0x0

Exports (204)

»

Api name	EAT Address	Ordinal
gpgme_addrspec_from_uid	0x2f0f	0xba
gpgme_cancel	0x349f2	0x37
gpgme_cancel_async	0x34b86	0x83
gpgme_check_version	0x375c6	0x1
gpgme_check_version_internal	0x3765e	0x87
gpgme_conf_arg_new	0x31192	0x7e
gpgme_conf_arg_release	0x311b3	0x7f
gpgme_conf_opt_change	0x311ce	0x80
gpgme_conf_release	0x311ef	0x7d
gpgme_ctx_get_engine_info	0x36a88	0x71
gpgme_ctx_set_engine_info	0x36ad5	0x72
gpgme_data_get_encoding	0x408b	0xb
gpgme_data_get_file_name	0x44be	0x74
gpgme_data_identify	0x7895	0xa1
gpgme_data_new	0x5443	0xc
gpgme_data_new_from_cbs	0x5caa	0xd
gpgme_data_new_from_estream	0x5f14	0xcc
gpgme_data_new_from_fd	0x4c51	0xe
gpgme_data_new_from_file	0x655a	0xf
gpgme_data_new_from_filepart	0x609a	0x10
gpgme_data_new_from_mem	0x554f	0x11
gpgme_data_new_from_stream	0x4eb0	0x12
gpgme_data_new_with_read_cb	0x6be4	0x62
gpgme_data_read	0x39f9	0x13
gpgme_data_release	0x401e	0x14
gpgme_data_release_and_get_mem	0x578c	0x15
gpgme_data_rewind	0x3f29	0x63
gpgme_data_seek	0x3d77	0x16
gpgme_data_set_encoding	0x40f2	0x17
gpgme_data_set_file_name	0x42c3	0x73
gpgme_data_set_flag	0x4553	0xab
gpgme_data_write	0x3bd6	0x18
gpgme_engine_check_version	0x1fa47	0x3
gpgme_err_code_from_errno	0x37b95	0x4
gpgme_err_code_from_syserror	0x37bbb	0x9a
gpgme_err_code_to_errno	0x37ba8	0x5
gpgme_err_make_from_errno	0x37bdc	0x6
gpgme_err_set_errno	0x37bc8	0x9b
gpgme_error_from_errno	0x37bf6	0x7
gpgme_free	0x5b31	0x78
gpgme_get_armor	0x35651	0x1d
gpgme_get_ctx_flag	0x35a22	0xbf
gpgme_get_dirinfo	0x33727	0xa2
gpgme_get_engine_info	0x1fbdd	0x2
gpgme_get_fdptr	0x3cb56	0x7a
gpgme_get_giochannel	0x3cb4c	0x79
gpgme_get_include_certs	0x35f00	0x1e
gpgme_get_io_cbs	0x367de	0x1f
gpgme_get_key	0x156d0	0x4f
gpgme_get_keylist_mode	0x35fb3	0x20
gpgme_get_offline	0x35de3	0xa6
gpgme_get_passphrase_cb	0x36130	0x21
gpgme_get_pinentry_mode	0x3607d	0x9f
gpgme_get_progress_cb	0x3620d	0x22
gpgme_get_protocol	0x3520b	0x23
gpgme_get_protocol_name	0x3538a	0x19
gpgme_get_sender	0x35579	0xbc
gpgme_get_sig_key	0xfc65	0x67
gpgme_get_sig_status	0xfcef	0x64
gpgme_get_sig_string_attr	0xfedc	0x65
gpgme_get_sig_ulong_attr	0xfde4	0x66
gpgme_get_status_cb	0x362f3	0xa8
gpgme_get_sub_protocol	0x35310	0x97
gpgme_get_textmode	0x35ce3	0x24
gpgme_hash_algo_name	0x37270	0x1a
gpgme_io_read	0x36507	0x88
gpgme_io_write	0x365e9	0x89
gpgme_io_writen	0x366cb	0x9d
gpgme_key_from_uid	0x12199	0x95
gpgme_key_get_string_attr	0x122f0	0x68
gpgme_key_get_ulong_attr	0x124d7	0x69
gpgme_key_ref	0x11f82	0x32
gpgme_key_release	0x121fe	0x34
gpgme_key_sig_get_string_attr	0x127b3	0x6a
gpgme_key_sig_get_ulong_attr	0x1283c	0x6b
gpgme_key_unref	0x11fb0	0x33
gpgme_new	0x342a3	0x1c
gpgme_op_adduid	0x1be12	0xb1
gpgme_op_adduid_start	0x1bc63	0xb0
gpgme_op_assuan_result	0x1e7c0	0x84
gpgme_op_assuan_transact	0x1e94d	0x86
gpgme_op_assuan_transact_ext	0x1e526	0x90
gpgme_op_assuan_transact_start	0x1e340	0x85
gpgme_op_card_edit	0x1dc06	0x38
gpgme_op_card_edit_start	0x1da82	0x39
gpgme_op_conf_dir	0x312eb	0xc7
gpgme_op_conf_load	0x31203	0x81
gpgme_op_conf_save	0x31277	0x82
gpgme_op_createkey	0x1b43b	0xad
gpgme_op_createkey_start	0x1b278	0xac
gpgme_op_createsubkey	0x1b92b	0xaf
gpgme_op_createsubkey_start	0x1b76f	0xae
gpgme_op_decrypt	0xc84a	0x3a
gpgme_op_decrypt_ext	0xd177	0xc3
gpgme_op_decrypt_ext_start	0xcf99	0xc4
gpgme_op_decrypt_result	0xb898	0x3b
gpgme_op_decrypt_start	0xc6a2	0x3c
gpgme_op_decrypt_verify	0xcdd0	0x3d
gpgme_op_decrypt_verify_start	0xcc28	0x3e
gpgme_op_delete	0x1cab0	0x3f
gpgme_op_delete_ext	0x1cdf0	0xc5
gpgme_op_delete_ext_start	0x1cc25	0xc6
gpgme_op_delete_start	0x1c8de	0x40
gpgme_op_edit	0x1d879	0x41
gpgme_op_edit_start	0x1d6f5	0x42
gpgme_op_encrypt	0xa8e5	0x43
gpgme_op_encrypt_ext	0xa953	0xc8
gpgme_op_encrypt_ext_start	0xac30	0xc9
gpgme_op_encrypt_result	0xa39c	0x44
gpgme_op_encrypt_sign	0xb1ca	0x45
gpgme_op_encrypt_sign_ext	0xb201	0xca
gpgme_op_encrypt_sign_ext_start	0xb4de	0xcb
gpgme_op_encrypt_sign_start	0xb193	0x46
gpgme_op_encrypt_start	0xa91c	0x47
gpgme_op_export	0x196a3	0x48
gpgme_op_export_ext	0x19b84	0x49
gpgme_op_export_ext_start	0x19971	0x4a
gpgme_op_export_keys	0x1a280	0x8e
gpgme_op_export_keys_start	0x1a00d	0x8f
gpgme_op_export_start	0x194f5	0x4b
gpgme_op_genkey	0x1af46	0x4c
gpgme_op_genkey_result	0x1a697	0x4d
gpgme_op_genkey_start	0x1ad6f	0x4e
gpgme_op_getauditlog	0x1e081	0x7c
gpgme_op_getauditlog_start	0x1dee1	0x7b
gpgme_op_import	0x18927	0x50
gpgme_op_import_ext	0x1910a	0x6c
gpgme_op_import_keys	0x18e9f	0x8c
gpgme_op_import_keys_start	0x18c48	0x8d
gpgme_op_import_result	0x17a7e	0x51
gpgme_op_import_start	0x18795	0x52
gpgme_op_interact	0x1d472	0xb9
gpgme_op_interact_start	0x1d319	0xb8
gpgme_op_keylist_end	0x1567a	0x53
gpgme_op_keylist_ext_start	0x1499a	0x54
gpgme_op_keylist_from_data_start	0x14d69	0xc0
gpgme_op_keylist_next	0x150fe	0x55
gpgme_op_keylist_result	0x12a45	0x56
gpgme_op_keylist_start	0x145d2	0x57
gpgme_op_keysign	0x161b3	0xb5
gpgme_op_keysign_start	0x15ffe	0xb4
gpgme_op_passwd	0x1ef11	0x99
gpgme_op_passwd_start	0x1ed71	0x98
gpgme_op_query_swdb	0x314ec	0xbd
gpgme_op_query_swdb_result	0x3140e	0xbe
gpgme_op_revuid	0x1c184	0xb3
gpgme_op_revuid_start	0x1bfd5	0xb2
gpgme_op_set_uid_flag	0x1c5ae	0xc2
gpgme_op_set_uid_flag_start	0x1c577	0xc1
gpgme_op_sign	0x10f57	0x58
gpgme_op_sign_result	0x100e3	0x59
gpgme_op_sign_start	0x10da9	0x5a
gpgme_op_spawn	0x1f2ef	0xa4
gpgme_op_spawn_start	0x1f1a4	0xa3
gpgme_op_tofu_policy	0x177ad	0xb7
gpgme_op_tofu_policy_start	0x1760d	0xb6
gpgme_op_trustlist_end	0x17276	0x5b
gpgme_op_trustlist_next	0x16c8a	0x5c
gpgme_op_trustlist_start	0x168dc	0x5d
gpgme_op_verify	0xfaa3	0x5e
gpgme_op_verify_result	0xd51f	0x5f
gpgme_op_verify_start	0xf8f5	0x60
gpgme_op_vfs_create	0x303bf	0x94
gpgme_op_vfs_mount	0x2fe77	0x93
gpgme_op_vfs_mount_result	0x2fa4f	0x92
gpgme_pubkey_algo_name	0x371cc	0x1b
gpgme_pubkey_algo_string	0x37092	0xa9
gpgme_release	0x34cbf	0x25
gpgme_result_ref	0x34de2	0x8a
gpgme_result_unref	0x34e66	0x8b
gpgme_set_armor	0x355d3	0x26
gpgme_set_ctx_flag	0x356ca	0xaa
gpgme_set_engine_info	0x202a5	0x70
gpgme_set_global_flag	0x341a3	0x9c
gpgme_set_include_certs	0x35e62	0x27
gpgme_set_io_cbs	0x363c0	0x28
gpgme_set_keylist_mode	0x35f4d	0x29
gpgme_set_locale	0x3688d	0x2a
gpgme_set_offline	0x35d60	0xa5
gpgme_set_passphrase_cb	0x360ca	0x2b
gpgme_set_pinentry_mode	0x36000	0x9e
gpgme_set_progress_cb	0x361a4	0x2c
gpgme_set_protocol	0x34f77	0x2d
gpgme_set_sender	0x35410	0xbb
gpgme_set_status_cb	0x36287	0xa7
gpgme_set_sub_protocol	0x35285	0x96
gpgme_set_textmode	0x35c64	0x2e
gpgme_sig_notation_add	0x36da9	0x76
gpgme_sig_notation_clear	0x36d58	0x75
gpgme_sig_notation_get	0x37003	0x77
gpgme_signers_add	0x7aa5	0x2f
gpgme_signers_clear	0x7a5c	0x30
gpgme_signers_count	0x7d33	0xa0
gpgme_signers_enum	0x7d4b	0x31
gpgme_strerror	0x37b4e	0x8
gpgme_strerror_r	0x37b61	0x9
gpgme_strsource	0x37b82	0xa
gpgme_trust_item_get_int_attr	0x165a0	0x6d
gpgme_trust_item_get_string_attr	0x1651c	0x6e
gpgme_trust_item_ref	0x1644e	0x35
gpgme_trust_item_release	0x16508	0x6f
gpgme_trust_item_unref	0x1647c	0x36
gpgme_wait	0x9105	0x61
gpgme_wait_ext	0x8cb9	0x91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.40 KB
MD5	9d74ce45de12438f692ebdc600a3e1eb
SHA1	63fb91a6a87788c7778b21bc4d8ec9e8495e0c19
SHA256	aeff4f3a7994658bc47eee19ed0d06366c8763261e71b3a7925181644ce17050
SSDeep	768:ezK3QuxXPqaVbxJXhHtr9Ggj4NI1nrB64gFzIk1T/Iq3En2kcZeTl:eW3LVbxBht9a+rE4gtTTIq0mZwl

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.54 KB
MD5	65a6c22d9597b4b7e2cd9b6c319c8d97
SHA1	30ff461c4dcd1aac69a26c80644d2948c63639b4
SHA256	587035790b7a7187488aeab4db18aaecadad80e3a977138033039616dfdaa500
SSDeep	48:JDmlIxmxpiW8iwxlF7KKfRuiABH1KezlWBM/ABu+xMD2Avfg:xmltxMmfKo/VHWBHBVMDJI

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03380I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	12.53 KB
MD5	a6ccb2376ed42a10f11194f629d4f7e8
SHA1	942607e8616e85dee6e2556a71d7b47448152d81
SHA256	0549471b5065a66d65d09539774e3c6b3aed4ebb5e237908259c64893faa1c2a
SSDeep	384:TX9yZ+z1KIlEzSXKT0B+Dl9eROcnfZhNfGWL:TXg+oU0SXKTQ+ZhWL

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\scan_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	82.48 KB
MD5	f208c7d6f6c02bb3dbf1ad830493e5f7
SHA1	380b3b19aba2bec216c640f693c4e132178c0a28
SHA256	fa090de9678914a25f2a043fd2dd50f223b3a3d8bc26da60139155ba414ec922
SSDeep	1536:vC6MZwvNcSk8BZRo5YdkPBlftdRIbe7rHJZpTgB8+62gJf3Cbp2b:vC6MZQNJk8RRkPTttrHJe16ZN3Cbkb

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099162.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.20 KB
MD5	69dcffef19bc6cb7dbe4dacfa81c461f
SHA1	4464606601ddf08c06b8e83f00da515fca488acc
SHA256	e96f9eee556ceeabb3f035715145d5c727d7ba2836158194ebb78e47e7e0b101
SSDeep	384:LnklYYYYYyZiuGTMeItZNl9gyXhMzeYQCsHI665F6Ob6+lIMwg4Tg1reW:DsYYYYYsGTMeIZliyh4eTI64yTg1rR

C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.1\PSReadline.psd1.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.77 KB
MD5	31accb79c73314b3792c3466296144d5
SHA1	6f50591b83f0e9abcbb4ca3725ef45a735a64e45
SHA256	a5b4197a2a41c645facbc7c1ecd423b798f04d7df0ce975b4378e2d00c6a0cb8
SSDeep	12:xCmV+pDR8v3ttjVIQNHmNT6NxgZR717H1vf7yp/0+CIzA3qk9jk1KJVVDVrdz:xC5R8XpIQVmNGNxuR71a/E3qkKcJtdz

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\PlayStore_icon.svg.FCrypt (Created File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\en_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.48 KB
MD5	86fcbec1a88cfceac5379f095d7f56aa
SHA1	1430d9a65c8516c5ab046bf8e4df6f4ee65cbdc8
SHA256	6d6b5f1894d8480f5b55af58370cecb35eec72738ea7761a060da6011fc2e9dc
SSDeep	96:tSMIFteud4Ba98PnU8rWDVTHezMdGm9/HpGPljZCnroT/SPX0+40UGNmwoqXBiQ2:tSj6uduK2nZyoYdGm1AljZ9TkX6j6xF2

C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.20 KB
MD5	a6be8bc3bd6799b37f34e6b6c82c22d7
SHA1	b38000dba6856536fef4218d483fc52616114051
SHA256	2a3501a7d4538807b80b2c85da17ab2156f9b62500bb7a657d6591a02b54baff
SSDeep	24:qBp5F3tXv7Dlj3pbPqvaIMzm2FC4sdaDc6SJ5D5j0WsEJSvSA5:QDVj5GvaIMSlzd35D5j0JEYvSw

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01332U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	3a185623ac97fd73cc8d618253fc79f4
SHA1	4e215d882b1542cf9ed15acf7ba881deda24285a
SHA256	ceae03d436c4e2e443b7802cde26752ea60206d69a37165cdb157d32bd42e97b
SSDeep	768:/Gllb1rUrpIJJxNZWzbD7y5U3HkWxkpSsUfnkc:ullNUrpcNEze5UUWxhsSkc

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\ORGDATA.XLS.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	25.50 KB
MD5	4ba1cbebeda27343c93b6836c93076c3
SHA1	bdb694b18e837808ce761b79bb1817d8f1420abf
SHA256	36c37df1caab3bfcff70ee0ee015fedbac9dcec1738273a7abc7788033982420
SSDeep	384:l7RRRRwj4IPefgLLfrDzOUHlqjJTuJ5GDWwP:l7RRRRqefcLz2nVuJ5GC+

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	78.76 KB
MD5	90f9be0c83d7b6a43e59dabfb62f96a8
SHA1	47db02f903a575ac891e654c6ddcf51235b2b73a
SHA256	c79329bff55e145323a6fe5ecb1baa9b3c1b416a8bd1c3d477e85806c01e763a
SSDeep	1536:32o3/T+6BmCCEi9rKVpOEDBGOgOhlNw3hM67JiWi+HVpmhVO4UEMMW1yxpmX10OQ:Gg/T+6BmC9i9fEtG5YcBiBUkh21yjmXu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fil_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.21 KB
MD5	ef403aefcee8dd54b4f83eeeb4f70b88
SHA1	eff6baab2846e462b2c079696bbd5a44f5d726d4
SHA256	86733233eb32ccbac99f359e3150685e1faca90d6f88cd3591ee26e7e8411a38
SSDeep	192:tPkb242I4aD7zbEJYElWubAjyoHCnH662uOj62:qbp9fDLpElWuMjyoHa2X

C:\Program Files\Common Files\microsoft shared\Stationery\Tanspecks.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.57 KB
MD5	14cc1a23805c56873a3b4522ac8d09d5
SHA1	7753846e1690a881fe42d3a66caa53ccdd07b5da
SHA256	a3442e99e80cf95d02fdec2e5d97b85f5cfa745fecddbb7e297dbc8f2ff63672
SSDeep	96:jgD0FcBR4bnb9Iwcut8yP3KfltClFJJBJa/jG/smCa:kD0qGzb9xwIZojG/6a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nl_135x40.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.09 KB
MD5	434e63c06f80df313da52d239da8866c
SHA1	c77e4818258a3e261b1d03afd44c77e317ea2377
SHA256	cec241e5086e547ef3957e40bba9d980a60873d94472f332b6cae46ae340d467
SSDeep	384:PEcvXzi+kEPl/uEBgFm62KBHB6JvE9lE2CFAo7yoKI7ItaVY6cl0aW95BgJQoAS4:PEAXzijEtWEaoXKBHYJWlE/FAo7yVIzj

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382952.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	93.83 KB
MD5	e504faa08c007f24b25d3679063ad033
SHA1	57297a84aad15ae696bb8a5c672cef7609238aae
SHA256	0fdfaf335c4750916c9aa00125f76fa06a6b3e9de5410d665829e7342fefda83
SSDeep	1536:328SgBSN/+vwCiRI6qIwUqjnUpO0hya0/LLmqbAQ5moBap9zrd2+aHF0Gmb2zYf2:3tSggFmwCQpcjMO0hZ0/nmbQ5yfzr4+6

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382967.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	91.26 KB
MD5	377130e94bfee4585704519e4ecbb925
SHA1	1be9302825862ae97c5cc9612c2fd749e174ad12
SHA256	5ab2228cd5ce8353fe355c93cc74ac3e4d29d4fb3c23fa3b1f6af05dc9d4d9ca
SSDeep	1536:NYQW/Mlxs451UUgO9LBAW+BfpeiIURxTjR24yw7bEFZSbofVUIwG:NYfMr1PUUgSz+B02vR24yKYFZoodUIwG

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01213K.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.19 KB
MD5	343fa38a9650d7908fe6283bd915155f
SHA1	dce5a14a5007b674e427fe920f245cd749bb15a6
SHA256	a1b00a3313a5dd6481d8bf9cb32ccd5e1fb9f2752be9b21d357706a4eb343f19
SSDeep	96:PA3NgDqzmFfqGEKxrmswDGDhdaagSKKRc+Ps6GhG68ZeuYN02OT4UWffIhuJ:PKgO6FfOK10KD2QKKR6hGneLY8UKMQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0227558.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	56.73 KB
MD5	3be978f27ab34ebf5eeb7e57ff7bccce
SHA1	38efbee6d56eff6a853d93f0a5549c081fb7ae48
SHA256	e6a0c225362a38c30007580c8e4116add974a77bc8b5e07f14ce4d2a817e6e9e
SSDeep	1536:m1LmEw+/w+s+dE99w8/RlCV7QAwJItYOD834aux49C:mR6QE99xRlCVWMY1m4Q

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\nl_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.00 KB
MD5	cbe2be333ebacadbf273affc70faa090
SHA1	e19fbd18c038326188200f8ba690587954b391a2
SHA256	86b3e9c583e9701fe214c76507ee59880506aebaf9c3621c722e0e1a4f267374
SSDeep	192:tPkb242I4aD7zbENElWubAjyoHIjNSzu6jgWsdHr5:qbp9fDLeElWuMjyoHIYjWV

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382926.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	89.80 KB
MD5	6ca8630605065e42735be4c62c9ea764
SHA1	eab18b66eaf6a2712085288488750bf489a2ef4f
SHA256	e8f341c4abbbc48e29eed57f43505a48885edf5da77d915899df206c7f997058
SSDeep	1536:+MEVl6Q53oscbHs6+5pOARK8aqh7MY2DC66eaydgmNWrZqopOGZ+kv:66Q53zIH/uRK8SPC66lySmNWrZq2N+a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	82.48 KB
MD5	326ced47a213144f4c53fb18460d5516
SHA1	4142057afaee6ad937a7811b431c46eca8c77ea7
SHA256	c35e397726f1c435b67a93917d8bb8f12ae6f103a7ace27d5f21155f516ced63
SSDeep	1536:QC6MZwvNcSk8BZRo5YdkPBlftdRIbe7rHJZpTgB8+62gJf3Cbp2c:QC6MZQNJk8RRkPTttrHJe16ZN3Cbkc

C:\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	172.95 KB
MD5	9c5a08aa0720bfb47ffa660bd5cd657e
SHA1	c3f46413a035f8fb09efaa93de3e4a37f3833fba
SHA256	401f07c20afef27331a058370e86c010cbdf4892c29ef5b2b56cf5b62ed5f680
SSDeep	3072:uaA7ZiwtF07S+emFF98Iuv8/YFOuETeZmsMHN2nq2y3ul0Nzxsj5:upNxtO7ShkFVg0dT2wHNb5uwzxs9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	14.99 KB
MD5	17cdaf973270d22a2ddc74d172cad0de
SHA1	c2506ed2257fe9d41db0282d4d7f7feeff1dc77a
SHA256	3eb8f52de1fbdaa263880a78e2bd7734c962a2ae76c2d7851abb00d51baad5d7
SSDeep	384:ZcvXVZm1/PEQpOAmdxS57trP5n0VEFv06P0+uc0jCwyoM0R684P0t:ZAXVZm1/LOAEY57trP5n0VYv06P0nc0N

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\gpg-agent.exe

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	163.50 KB
MD5	aaa40f1dbc2aec1a284be23aec599d7b
SHA1	90fe6f67f28f826f6cc4530111e408630fe2cfad
SHA256	610e971123349d22d35ea84526bd8d7dc115329ad47434cbaa04e13eaeaadff5
SSDeep	3072:+go7uN7HO8Ksrf3G9AzxpL0VURuEivNPv84Mck4rCRnetBlv1BxacCqa5Ejdddd9:+gkK7uZuG9WRRuEivNP1rk4one/lNfCi
ImpHash	d8ec0542ccc0d9d420eac70a195d4a3e

PE Information

»

Image Base	0x400000
Entry Point	0x46a001
Size Of Code	0x4e200
Size Of Initialized Data	0x63400
Size Of Uninitialized Data	0xc00
File Type	executable
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (9)

»

LegalCopyright	Copyright © 2018 Free Software Foundation, Inc.
InternalName	gpg-agent
FileVersion	2.2.11 (cb46b7875) built on autonoe at 2018-11-12T11:51+0000
CompanyName	The GnuPG Project
Comments	This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
ProductName	GNU Privacy Guard (GnuPG)
ProductVersion	2.2.11
FileDescription	GnuPG’s private key daemon
OriginalFilename	gpg-agent.exe

Sections (10)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x4f000	0x1e000	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	8.0
.data	0x450000	0x1000	0x200	0x1e400	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.59
.rdata	0x451000	0xf000	0x4e00	0x1e600	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.99
.bss	0x460000	0xa68	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.idata	0x461000	0x4000	0x1200	0x23400	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.7
.CRT	0x465000	0x1000	0x200	0x24600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.91
.tls	0x466000	0x1000	0x200	0x24800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.2
.rsrc	0x467000	0x3000	0x400	0x24a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	1.54
.fifcom	0x46a000	0x4000	0x4000	0x24e00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	4.69
.adata	0x46e000	0x1000	0x0	0x28e00	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (9)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x46afc4	0x6afc4	0x25dc4	0x0
GetModuleHandleA	0x0	0x46afc8	0x6afc8	0x25dc8	0x0
LoadLibraryA	0x0	0x46afcc	0x6afcc	0x25dcc	0x0

libassuan-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__assuan_close	0x0	0x46b14c	0x6b14c	0x25f4c	0x0

libgcrypt-20.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gcry_calloc	0x0	0x46b154	0x6b154	0x25f54	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_gpg_w32_bindtextdomain	0x0	0x46b15c	0x6b15c	0x25f5c	0x0

libnpth-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
npth_accept	0x0	0x46b164	0x6b164	0x25f64	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ConvertSidToStringSidA	0x0	0x46b16c	0x6b16c	0x25f6c	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x46b174	0x6b174	0x25f74	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AllowSetForegroundWindow	0x0	0x46b17c	0x6b17c	0x25f7c	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSAGetLastError	0x0	0x46b184	0x6b184	0x25f84	0x0

Icons (1)

»

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.58 KB
MD5	973336c2f9442e6477565a294d99a0e9
SHA1	a5ed598696985acd72c85864464544ffbc33bcb8
SHA256	b7d447d808d14064c01a923d26d0d4061fd0d41a61efb261700ca12527d6801c
SSDeep	192:tPkb242I4aD7zbErElWubAjyoH7RM0f+ITBDSmOPVo6:qbp9fDLUElWuMjyoH7jf7AmMT

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145361.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	20.63 KB
MD5	2ec4dd52de36c94400176f5298a7d1b3
SHA1	eb0357f3ea0ec8ba3aed39b2543da0bbf605ec7f
SHA256	43b3603bb37546b5df0fb23278ae93b11469f886d0469d312ee47a50f0e0c25f
SSDeep	384:raA5oMYhDYWoifK+VHV14gHkZ7yWQxvgYM7k9GFQ9+q:WAqM0cWo1ngmWxvgYMlQQq

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02071U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	eccde15e081fc448a16627d1f273e6ef
SHA1	19f795840389738cda6eed7ea14cedb32db34bbb
SHA256	4a5b1c4daaae436c4a70e6bb34a3b06b84c3d2c3b1bff33e9ed7a733faf5ff13
SSDeep	768:OdysX4OPw0BJeS3iQ0lconr7/PHd80WfPhepvTSoQFLH:OAsDY0KSSQ0ldr7P981fPhyTzU

C:\Program Files\Microsoft Office\root\Stationery\1033\SEAMARBL.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.14 KB
MD5	7a0a2859fb4429e3adc4aa8556cb3328
SHA1	ee9776b6543a8180d9496f11690cfbb57796540a
SHA256	0fe688ddc82a36591f55ef94e7226cd3efb3a2d853e63fc8f5046b0c650b806b
SSDeep	192:pV1SoASYNQVO2KevaBAa6afKaFa7a4KAafa1ajobX/Aa4:bby19x5YuhCoj0X/v4

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0216112.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.88 KB
MD5	72d39e97a322ab70632f3e6fb41eed97
SHA1	9e82c09b2db083579bd93760854aa8f58a71de7f
SHA256	a7125269b9925735c27f3d2d9dfa8f4b6d83d24b606b3c42240d8252a0f87486
SSDeep	768:72HNj96SXB2NazQSQIDsREqOy56KAQYpTS/dUeJXWV7kxB6sdUGa9splIpoGm:72J964B2azjNIavtKhYp+dpdx9qGGsoW

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382948.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	107.31 KB
MD5	874a77bb15bf77b10f78b2b929494f4e
SHA1	587ec368094ef5e16db75fd564057925665667c7
SHA256	1cb01e17b92547d7db944aaee50146e4d3d9bbc253a7c2355806ad799f4def06
SSDeep	3072:JDhm76SaAIGVMtdI4VGdVG0VvcRaIs/HpyVS/:5KaAIGutdI4W8oHA2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-hover.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.56 KB
MD5	66a181fcd4d8440af0f9c6e2eac92642
SHA1	4957f4f8de0c8b72758c3ed91cfa0f88cceac424
SHA256	87f24f8a01dce58d0c48650b4e5c6bc5a10b3ec9e946ff1939d0580e985d0558
SSDeep	96:nBcJdcXp5qx9sGNnT2+V7viF6pzQVe96mx4v6hp+qszrQl:+GXzsR9T2+Vm6dQVOqv6hEdol

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099190.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	42.87 KB
MD5	fc327409a3c8a3d61eac8134b54657d2
SHA1	7ce7e885306b36b2fe38b72fe6f2861904b645ee
SHA256	3651d375d9b2d156f2c3cbd176b60bbbefab84489375d7485c0d0c7768586b70
SSDeep	768:tfa28Uou/X8pBIMsJgo30ujGOZi6zb7VRTzBDfeKMw7G98DEHEV5LJSTzK/q8N:ti9UFXqIHJp30R2i0xmcG2EHEV5VSK/v

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	68.47 KB
MD5	f97463b7449ce004c4d8366c5ace121f
SHA1	505306be639e40a5cdc24e893406b0250b9205dc
SHA256	78d070d18eacf344ee29f1db8d01ee526cb18e85200d09710cc985a0ad89f509
SSDeep	1536:xHj2ZRQCRKDJSxvYNbvouYLwU1ElgftKraN11LddI7RSZQTg/ZSPG9BkBfmk215/:xD2fQCRhYNzwkZ40rahd4sQU/ZSe9BkQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02740U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.86 KB
MD5	af814476db63f028b825d10126066ebb
SHA1	6f5841a635efe214409ac5534e1f9be44e4773dc
SHA256	d89bcded8c40856dcd5b43c0d9d489b79fea10d3bcbee1cbee2ab1806569cc7c
SSDeep	384:hkAmAWiLfZid63DkWzFUp/0vVx12GkqYtNa7sGT5xktuaawMS:DmpKh0gpUpM/12Gk9aQGooaawt

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101859.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	684171ed56c70aabcbf066e8b224f572
SHA1	e4c536f2df811271e19546f30b54951a5fbc320e
SHA256	a6f9dad1bc2b81e1be90aeb61b937fed7dc37d747d23e5a33262d75276afa30f
SSDeep	768:6EdROoU0PVqiwbVZ4mt3vbm6EUfk9BP5jv1LfM/2fAVfTRCkkHxB5ylE:6EO0PV8hZffKLU0BP5rZfM/7VlBk35y2

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382966.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	98.14 KB
MD5	3738e8cdf1d0d52632597fcae01a9217
SHA1	96fb7df6b79716c46745e74c3ac231989d58ba38
SHA256	9831b1e2031607c6b688840f82d1f0e547b3fd240d4f9f0f156057c58fa1bff9
SSDeep	3072:igO4UUjtG+eNCDZ9+nC+StZCe3V76NjK7W:igO4TjQWF9+no7VQj7

C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\en-US\about_Mocking.help.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.25 KB
MD5	ce567601ad1b80f358caa34ae7616825
SHA1	192e8de8c25fa303a02abfdcd804552a186501f9
SHA256	66a40ea3d6954c18600bd400aa3313acefa1ee7f27cc3529048c58dd52d95e8d
SSDeep	96:ZaY+K8xA2cC3noEZDkswZQddNgojodESaK0p6SwJiJ1qygij+0IKJecuXbvx:gT6Qo1sjeoj2axsyzjL6cuXV

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384885.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	94.87 KB
MD5	9b3ce09b03b0ab7a814bc5357391be50
SHA1	69141bdaf678ac7e884681c080ddb6baa53d67d3
SHA256	5c6a505e1151ad483e186b490015554c70b15360e9142d4cf0af4947f612e842
SSDeep	1536:SA+0e5nD8KKlBP5/458jJYShLNdtXASPtR4p/K9GceBp:SZ0e5nD8Koh5Q5wiS9FAit9tIp

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387591.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	38.20 KB
MD5	9ef02435d1bf02fbeb05af2f38d3cd64
SHA1	d10089e42c3912216cfa1179d1c24a9d5b178e98
SHA256	c921a13b042dd25cb8621fe857c16ba07ee8a0ce59362725e4bdf5eae12e7644
SSDeep	768:nBd7jb6QxV8p61YGigtukCEhoaI7UofzR/s:Vj91YG5wkCyws

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02757U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	193.01 KB
MD5	6eb1314ab4eec6f28786be030fd6d683
SHA1	83951f5deb75a0bd07aec51aa6702f68846133c5
SHA256	66c4f293f71f5ec3169d469f8230505c8dc5ffa0e72f06357acd5ce6b4e13b91
SSDeep	6144:QP1gPIpjievR/M2F3JqW/68kVasClTKq0PAqd:QPrph/ME3//68NpOqsAa

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287642.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.71 KB
MD5	f1bc1b414860d670c12ebb100f7603c8
SHA1	cd69ab25132f4a232a99c68aeb619db4d4ca0745
SHA256	f97910ae1396e7e389c8cfcd985ab2a67a13ed51cdc1e3552ef898a4190924b0
SSDeep	384:jZLfMnNq199bdPFTTt4Pi7kGb9U93GJTgAa+qCAJtaABD15TedB4aE:9L0nN0L9H4qRU93GhazJZ5TedB4aE

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libassuan-0.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	36.00 KB
MD5	6c7e33a5028acfe3053a08c4b432e3d6
SHA1	0d9ed29651fe21ed20ae552e34c075bbe095fbf6
SHA256	003c30038c47f4382977bb7662a22c417b8e2462f09f3ce152f07408b635716a
SSDeep	768:Dq2Kp93l4YVLrH5u5/11zig3a8s+ug/uQ0PwuGHxyv7fJ:D9K7pr5u5/1hig3KfjPwuDV
ImpHash	63c1aaa131ba06ddcc3718807c1b77f5

PE Information

»

Image Base	0x65a80000
Entry Point	0x65a99001
Size Of Code	0xd200
Size Of Initialized Data	0x12000
Size Of Uninitialized Data	0x600
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (12)

»

LegalCopyright	Copyright © 2001-2017 g10 Code GmbH
InternalName	libassuan
FileVersion	8.8.1.8fc922c
FileDescription	Assuan - GnuPG IPC
CompanyName	g10 Code GmbH
SpecialBuild	<none>
LegalTrademarks	-
Comments	Provided under the terms of the GNU Lesser General Public License.
ProductName	Assuan
ProductVersion	2.5.1
PrivateBuild	-
OriginalFilename	libassuan.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x65a81000	0xe000	0x4600	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	7.95
.data	0x65a8f000	0x1000	0x200	0x4a00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	3.89
.rdata	0x65a90000	0x2000	0xc00	0x4c00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.24
.bss	0x65a92000	0x4b4	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x65a93000	0x1000	0xe00	0x5800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.6
.idata	0x65a94000	0x1000	0x600	0x6600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.46
.CRT	0x65a95000	0x1000	0x200	0x6c00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.73
.tls	0x65a96000	0x1000	0x200	0x6e00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.27
.rsrc	0x65a97000	0x1000	0x200	0x7000	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.72
.reloc	0x65a98000	0x1000	0x800	0x7200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.0
.fifcom	0x65a99000	0x2000	0x1600	0x7a00	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.78
.adata	0x65a9b000	0x1000	0x0	0x9000	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (6)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x65a99fc4	0x19fc4	0x89c4	0x0
GetModuleHandleA	0x0	0x65a99fc8	0x19fc8	0x89c8	0x0
LoadLibraryA	0x0	0x65a99fcc	0x19fcc	0x89cc	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gpg_err_code_from_syserror	0x0	0x65a9a0e1	0x1a0e1	0x8ae1	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CryptAcquireContextA	0x0	0x65a9a0e9	0x1a0e9	0x8ae9	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x65a9a0f1	0x1a0f1	0x8af1	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxW	0x0	0x65a9a0f9	0x1a0f9	0x8af9	0x0

ws2_32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSACleanup	0x0	0x65a9a101	0x1a101	0x8b01	0x0

Exports (97)

»

Api name	EAT Address	Ordinal
__assuan_close	0xbf34	0x46
__assuan_connect	0xc97c	0x54
__assuan_pipe	0xbd53	0x47
__assuan_read	0xc001	0x57
__assuan_recvmsg	0xc3c0	0x59
__assuan_sendmsg	0xc3d9	0x5a
__assuan_socket	0xc933	0x53
__assuan_socketpair	0xc91a	0x48
__assuan_spawn	0xc5c3	0x49
__assuan_usleep	0xbce5	0x4a
__assuan_waitpid	0xc8fd	0x5b
__assuan_write	0xc1e5	0x58
_assuan_w32ce_create_pipe	0xbd26	0x4f
_assuan_w32ce_finish_pipe	0xbd1c	0x52
_assuan_w32ce_prepare_pipe	0xbd12	0x51
assuan_accept	0x7edb	0x1
assuan_begin_confidential	0x1f8e	0x2
assuan_check_version	0x1bef	0x5c
assuan_client_parse_response	0x36f6	0x4d
assuan_client_read_response	0x352c	0x4c
assuan_close_input_fd	0x810c	0x3
assuan_close_output_fd	0x8167	0x4
assuan_command_parse_fd	0x5a8e	0x5
assuan_ctx_set_system_hooks	0x1fd6	0x6
assuan_end_confidential	0x1fb2	0x7
assuan_fdopen	0xbc66	0x4b
assuan_free	0x2307	0x50
assuan_get_active_fds	0x6d47	0x8
assuan_get_assuan_log_prefix	0x9a8c	0x9
assuan_get_command_name	0x60fa	0xa
assuan_get_data_fp	0x6e28	0xb
assuan_get_flag	0x1e39	0xc
assuan_get_gpg_err_source	0x150e	0xd
assuan_get_input_fd	0x80d6	0xe
assuan_get_log_cb	0x1562	0xf
assuan_get_malloc_hooks	0x153a	0x10
assuan_get_output_fd	0x80f1	0x11
assuan_get_peercred	0x21b0	0x12
assuan_get_pid	0x2139	0x13
assuan_get_pointer	0x1cd4	0x14
assuan_init_pipe_server	0x8214	0x15
assuan_init_socket_server	0x872f	0x16
assuan_inquire	0x7312	0x17
assuan_inquire_ext	0x7bb9	0x18
assuan_new	0x18cd	0x19
assuan_new_ext	0x159a	0x1a
assuan_pending_line	0x469f	0x1b
assuan_pipe_connect	0x8e97	0x1c
assuan_process	0x6d0e	0x1d
assuan_process_done	0x676d	0x1e
assuan_process_next	0x6b90	0x1f
assuan_read_line	0x4637	0x20
assuan_receivefd	0x4e69	0x21
assuan_register_bye_notify	0x617d	0x22
assuan_register_cancel_notify	0x61e5	0x23
assuan_register_command	0x5e3d	0x24
assuan_register_input_notify	0x624d	0x25
assuan_register_option_handler	0x6219	0x26
assuan_register_output_notify	0x6281	0x27
assuan_register_post_cmd_notify	0x6149	0x28
assuan_register_pre_cmd_notify	0x6115	0x55
assuan_register_reset_notify	0x61b1	0x29
assuan_release	0x1939	0x2a
assuan_send_data	0x4cfb	0x2b
assuan_sendfd	0x4dd4	0x2c
assuan_set_assuan_log_prefix	0x9a52	0x2d
assuan_set_assuan_log_stream	0x99ef	0x2e
assuan_set_error	0x20a2	0x2f
assuan_set_flag	0x1cef	0x30
assuan_set_gpg_err_source	0x1500	0x31
assuan_set_hello_line	0x7dd7	0x32
assuan_set_io_monitor	0x2039	0x33
assuan_set_log_cb	0x1544	0x34
assuan_set_log_stream	0x9a05	0x35
assuan_set_malloc_hooks	0x1518	0x36
assuan_set_okay_line	0x6e41	0x37
assuan_set_pointer	0x1c80	0x38
assuan_set_sock_nonce	0x8a5c	0x4e
assuan_set_system_hooks	0x157e	0x39
assuan_sock_bind	0xbb80	0x3a
assuan_sock_check_nonce	0xbbf5	0x3b
assuan_sock_close	0xba6b	0x3c
assuan_sock_connect	0xbb16	0x3d
assuan_sock_connect_byname	0xbb40	0x60
assuan_sock_deinit	0xba28	0x3e
assuan_sock_get_flag	0xbaec	0x5f
assuan_sock_get_nonce	0xbbcb	0x3f
assuan_sock_init	0xb9c9	0x40
assuan_sock_new	0xba98	0x41
assuan_sock_set_flag	0xbac2	0x5e
assuan_sock_set_sockaddr_un	0xbbaa	0x5d
assuan_sock_set_system_hooks	0xbc18	0x61
assuan_socket_connect	0x9231	0x42
assuan_socket_connect_fd	0x91cb	0x56
assuan_transact	0x3a6a	0x43
assuan_write_line	0x48d2	0x44
assuan_write_status	0x6f17	0x45

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03205I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	40.82 KB
MD5	0e02295903c21d880138db6a4717e0f4
SHA1	bfe57b9367653b0877dc22b883880c538f239978
SHA256	fa850c47147009c03f0adb06c1b655d17c0fde3dce3ca847a78d62b3cd8e208b
SSDeep	768:yBUwgySgyohsdyIfLHDyXPkd6pXD57fqnZ7Bzf3VHHnujk2DiUbZxltK:qZVJDXHBfqnv3VnnWk2DimZxS

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02810J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	49.46 KB
MD5	a6f2167545c43962a7ac850d0772037d
SHA1	bd8138c30ef4d9ab22f5a4f7fed6af4403e6deaf
SHA256	6db8a8f71a8398009e09c6f319f9126da7f7d075590738118fec37520d842b2d
SSDeep	1536:PUyQRI+7KzYCJWx18n91WZKV8F1UkuXTx:PUyQRtrMeKq1UJX9

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099152.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.42 KB
MD5	801365ef4ed4c90b30d9d09bf2d3e2fc
SHA1	6cd3fada5b2102227768850e3c10234ad5827f2b
SHA256	a7cb0e4b8d6582e5cb9365c12a5306e660993a6c0fef04a5cb49ad622fa8dabf
SSDeep	192:LgTc5Rk1S1ocFxvdggZceHV2DZilS3RDtJiUvQt+o2ouq/ujRGomII+GLUN:LJCSeavOgVHVSil2n1oJQRGFII+MUN

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH00780U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.54 KB
MD5	5b5329e012a8bf501a3e91eab58448b1
SHA1	6680d23b5e2778a709a8ecce8f09bb67e8219332
SHA256	a07d6f4cf6ec61271ce12422264059672802ade0698013f1e9d64958ea4b4672
SSDeep	768:5l+JspdzmeFHEXTysKbLEsQzLf4onQeT10+Ee0k4hl+OoElXzb:8sYysKboz5NT10+f0k4hIOoElXX

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	18.22 KB
MD5	ae2be750b798b4d2453d8551c5957592
SHA1	8aec13bec3a03a90c0ffb0079c7dcd9a6c825fb4
SHA256	41d8caac46bf04e43b4aa571f81afe9c4baf652cd55896d8855356c94a51274f
SSDeep	384:5cqyTzT1p9Hd5OlwWmeWqBy+1YaKS90PVF0lDt1pcKzjqEt5u02KPp3pc01O:5Qvf5OlwWmehF1Y/S90PVF0lFcujq+u/

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\libgcrypt-20.dll

Created File

Binary

Not Queried

»

Mime Type	application/x-dosexec
File Size	283.50 KB
MD5	666ad2e6b6b33e1c34a2321381f130a9
SHA1	b540c6d0a62431dacb24682dc06bd1639621edfd
SHA256	342c3711e9e1f87daf17961dffe6550e48072cba4cebce152ce5a98e72569107
SSDeep	6144:RDjxrqEJ2vPAGOPuNzaHJsYu1QYYUzs0T6ChneTGGz:WiiIGOezaHJsY6Az0TyTp
ImpHash	0bf450501fc4d9dcd8972f4fa578a4d6

PE Information

»

Image Base	0x655c0000
Entry Point	0x656ba001
Size Of Code	0xbaa00
Size Of Initialized Data	0xf3400
Size Of Uninitialized Data	0x800
File Type	dll
Subsystem	windows_cui
Machine Type	i386
Compile Timestamp	1970-01-01 00:00:00+00:00
Packer	ASPack v2.12 -> Alexey Solodovnikov

Version Information (12)

»

LegalCopyright	Copyright © 2018 Free Software Foundation, Inc.
InternalName	libgcrypt
FileVersion	22.2.4.93775172
FileDescription	Libgcrypt - The GNU Crypto Library
CompanyName	g10 Code GmbH
SpecialBuild	<none>
LegalTrademarks	-
Comments	Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).
ProductName	libgcrypt
ProductVersion	1.8.4
PrivateBuild	-
OriginalFilename	libgcrypt.dll

Sections (12)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x655c1000	0xbb000	0x24400	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read, mem_write	8.0
.data	0x6567c000	0x7000	0x4600	0x24800	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.95
.rdata	0x65683000	0x2b000	0x16c00	0x28e00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	8.0
.bss	0x656ae000	0x77c	0x0	0x0	cnt_initialized_data, cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.edata	0x656af000	0x2000	0x1800	0x3fa00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	5.07
.idata	0x656b1000	0x1000	0x600	0x41200	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.85
.CRT	0x656b2000	0x1000	0x200	0x41800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.73
.tls	0x656b3000	0x1000	0x200	0x41a00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.28
.rsrc	0x656b4000	0x1000	0x200	0x41c00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.72
.reloc	0x656b5000	0x5000	0x3a00	0x41e00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read, mem_write	7.93
.fifcom	0x656ba000	0x2000	0x1600	0x45800	cnt_code, cnt_initialized_data, mem_execute, mem_read, mem_write	5.79
.adata	0x656bc000	0x1000	0x0	0x46e00	cnt_initialized_data, mem_execute, mem_read, mem_write	0.0

Imports (5)

»

kernel32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetProcAddress	0x0	0x656bafc4	0xfafc4	0x467c4	0x0
GetModuleHandleA	0x0	0x656bafc8	0xfafc8	0x467c8	0x0
LoadLibraryA	0x0	0x656bafcc	0xfafcc	0x467cc	0x0

libgpg-error-0.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
gpg_err_code_from_errno	0x0	0x656bb0c2	0xfb0c2	0x468c2	0x0

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegCloseKey	0x0	0x656bb0ca	0xfb0ca	0x468ca	0x0

msvcrt.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x656bb0d2	0xfb0d2	0x468d2	0x0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetActiveWindow	0x0	0x656bb0da	0xfb0da	0x468da	0x0

Exports (205)

»

Api name	EAT Address	Ordinal
_gcry_mpi_get_const	0x22b6	0xd5
gcry_calloc	0x350b	0x4
gcry_calloc_secure	0x3538	0x6
gcry_check_version	0x1643	0x1
gcry_cipher_algo_info	0x2580	0x60
gcry_cipher_algo_name	0x25c7	0x61
gcry_cipher_authenticate	0x2449	0xe2
gcry_cipher_checktag	0x24c9	0xe4
gcry_cipher_close	0x2375	0x5d
gcry_cipher_ctl	0x2509	0x5e
gcry_cipher_decrypt	0x266e	0x65
gcry_cipher_encrypt	0x2600	0x64
gcry_cipher_get_algo_blklen	0x26cf	0x67
gcry_cipher_get_algo_keylen	0x26bc	0x66
gcry_cipher_gettag	0x2489	0xe3
gcry_cipher_info	0x2550	0x5f
gcry_cipher_map_name	0x25da	0x62
gcry_cipher_mode_from_oid	0x25ed	0x63
gcry_cipher_open	0x2325	0x5c
gcry_cipher_setctr	0x2409	0xbe
gcry_cipher_setiv	0x23c9	0xbd
gcry_cipher_setkey	0x2389	0xbc
gcry_control	0x1656	0x2
gcry_create_nonce	0x324d	0xab
gcry_ctx_release	0x3354	0xca
gcry_err_code_from_errno	0x15f0	0x19
gcry_err_code_to_errno	0x1603	0x1a
gcry_err_make_from_errno	0x1616	0x1b
gcry_error_from_errno	0x1630	0x1c
gcry_free	0x3606	0x10
gcry_get_config	0x342e	0xf7
gcry_is_secure	0x361a	0xf
gcry_kdf_derive	0x3094	0xc2
gcry_log_debug	0x3368	0xdc
gcry_log_debughex	0x3391	0xdd
gcry_log_debugmpi	0x33b3	0xde
gcry_log_debugpnt	0x33ce	0xdf
gcry_log_debugsxp	0x3413	0xe0
gcry_mac_algo_info	0x26e2	0xe6
gcry_mac_algo_name	0x2729	0xe7
gcry_mac_close	0x27d8	0xec
gcry_mac_ctl	0x292c	0xf2
gcry_mac_get_algo	0x274f	0xf3
gcry_mac_get_algo_keylen	0x2775	0xea
gcry_mac_get_algo_maclen	0x2762	0xe9
gcry_mac_map_name	0x273c	0xe8
gcry_mac_open	0x2788	0xeb
gcry_mac_read	0x28ac	0xf0
gcry_mac_setiv	0x282c	0xee
gcry_mac_setkey	0x27ec	0xed
gcry_mac_verify	0x28ec	0xf1
gcry_mac_write	0x286c	0xef
gcry_malloc	0x34f8	0x3
gcry_malloc_secure	0x3525	0x5
gcry_md_algo_info	0x2fe3	0x9d
gcry_md_algo_name	0x3013	0x9e
gcry_md_close	0x2cd2	0x90
gcry_md_copy	0x2d1f	0x92
gcry_md_ctl	0x2d75	0x94
gcry_md_debug	0x3079	0xac
gcry_md_enable	0x2ce6	0x91
gcry_md_extract	0x2e03	0xf5
gcry_md_get_algo	0x2efd	0x98
gcry_md_get_algo_dlen	0x2f4c	0x99
gcry_md_hash_buffer	0x2e33	0x97
gcry_md_hash_buffers	0x2e91	0xdb
gcry_md_info	0x2f9c	0x9c
gcry_md_is_enabled	0x2f5f	0x9a
gcry_md_is_secure	0x2f89	0x9b
gcry_md_map_name	0x3026	0x9f
gcry_md_open	0x2c89	0x8f
gcry_md_read	0x2de9	0x96
gcry_md_reset	0x2d61	0x93
gcry_md_setkey	0x3039	0xa0
gcry_md_write	0x2dbc	0x95
gcry_mpi_abs	0x1ae7	0xd9
gcry_mpi_add	0x1be9	0x40
gcry_mpi_add_ui	0x1c0b	0x41
gcry_mpi_addm	0x1c2d	0x42
gcry_mpi_aprint	0x1b9d	0x3e
gcry_mpi_clear_bit	0x2175	0x52
gcry_mpi_clear_flag	0x2281	0x59
gcry_mpi_clear_highbit	0x21ab	0x54
gcry_mpi_cmp	0x1afb	0x3a
gcry_mpi_cmp_ui	0x1b15	0x3b
gcry_mpi_copy	0x1a1a	0x36
gcry_mpi_div	0x1d52	0x4a
gcry_mpi_dump	0x1bcd	0x3f
gcry_mpi_ec_add	0x2058	0xd2
gcry_mpi_ec_curve_point	0x2103	0xda
gcry_mpi_ec_decode_point	0x1fa8	0xf6
gcry_mpi_ec_dup	0x2026	0xd1
gcry_mpi_ec_get_affine	0x1fee	0xd0
gcry_mpi_ec_get_mpi	0x1f14	0xcc
gcry_mpi_ec_get_point	0x1f35	0xcd
gcry_mpi_ec_mul	0x20ca	0xd3
gcry_mpi_ec_new	0x1eeb	0xcb
gcry_mpi_ec_set_mpi	0x1f56	0xce
gcry_mpi_ec_set_point	0x1f7f	0xcf
gcry_mpi_ec_sub	0x2091	0xf4
gcry_mpi_gcd	0x1dcd	0x4d
gcry_mpi_get_flag	0x229c	0x5a
gcry_mpi_get_nbits	0x212d	0x4f
gcry_mpi_get_opaque	0x224c	0x57
gcry_mpi_invm	0x1dee	0x4e
gcry_mpi_is_neg	0x1ab9	0xd7
gcry_mpi_lshift	0x21e8	0xbf
gcry_mpi_mod	0x1d82	0x4b
gcry_mpi_mul	0x1cc3	0x46
gcry_mpi_mul_2exp	0x1d30	0x49
gcry_mpi_mul_ui	0x1ce5	0x47
gcry_mpi_mulm	0x1d07	0x48
gcry_mpi_neg	0x1acc	0xd8
gcry_mpi_new	0x19e0	0x33
gcry_mpi_point_copy	0x1e36	0xf8
gcry_mpi_point_get	0x1e49	0xc6
gcry_mpi_point_new	0x1e0f	0xc4
gcry_mpi_point_release	0x1e22	0xc5
gcry_mpi_point_set	0x1e9b	0xc8
gcry_mpi_point_snatch_get	0x1e72	0xc7
gcry_mpi_point_snatch_set	0x1ec3	0xc9
gcry_mpi_powm	0x1da4	0x4c
gcry_mpi_print	0x1b66	0x3d
gcry_mpi_randomize	0x322b	0xa6
gcry_mpi_release	0x1a06	0x35
gcry_mpi_rshift	0x21c6	0x55
gcry_mpi_scan	0x1b2f	0x3c
gcry_mpi_set	0x1a48	0x37
gcry_mpi_set_bit	0x215a	0x51
gcry_mpi_set_flag	0x2266	0x58
gcry_mpi_set_highbit	0x2190	0x53
gcry_mpi_set_opaque	0x220a	0x56
gcry_mpi_set_opaque_copy	0x222b	0xe5
gcry_mpi_set_ui	0x1a62	0x38
gcry_mpi_snatch	0x1a2d	0xc3
gcry_mpi_snew	0x19f3	0x34
gcry_mpi_sub	0x1c56	0x43
gcry_mpi_sub_ui	0x1c78	0x44
gcry_mpi_subm	0x1c9a	0x45
gcry_mpi_swap	0x1a9e	0x39
gcry_mpi_test_bit	0x2140	0x50
gcry_pk_algo_info	0x2b2b	0x70
gcry_pk_algo_name	0x2b72	0x71
gcry_pk_ctl	0x2b02	0x6f
gcry_pk_decrypt	0x29bc	0x6a
gcry_pk_encrypt	0x2973	0x69
gcry_pk_genkey	0x2ac0	0x6e
gcry_pk_get_curve	0x2be5	0xc0
gcry_pk_get_keygrip	0x2bbb	0x74
gcry_pk_get_nbits	0x2b98	0x73
gcry_pk_get_param	0x2c16	0xc1
gcry_pk_map_name	0x2b85	0x72
gcry_pk_sign	0x2a05	0x6b
gcry_pk_testkey	0x2a8e	0x6d
gcry_pk_verify	0x2a4e	0x6c
gcry_prime_check	0x3332	0xaa
gcry_prime_generate	0x32a2	0xa7
gcry_prime_group_generator	0x32ee	0xa8
gcry_prime_release_factors	0x331e	0xa9
gcry_pubkey_get_sexp	0x2c40	0xd4
gcry_random_add_bytes	0x3143	0xa3
gcry_random_bytes	0x3183	0xa4
gcry_random_bytes_secure	0x31d7	0xa5
gcry_randomize	0x30e7	0xa2
gcry_realloc	0x3552	0x7
gcry_set_allocation_handler	0x3463	0x12
gcry_set_fatalerror_handler	0x34ae	0x14
gcry_set_gettext_handler	0x34e4	0x16
gcry_set_log_handler	0x34c9	0x15
gcry_set_outofcore_handler	0x3493	0x13
gcry_set_progress_handler	0x3448	0x11
gcry_sexp_alist	0x1837	0x27
gcry_sexp_append	0x186c	0x29
gcry_sexp_build	0x171b	0x20
gcry_sexp_build_array	0x1757	0x21
gcry_sexp_cadr	0x1914	0x30
gcry_sexp_canon_len	0x179b	0x23
gcry_sexp_car	0x18ee	0x2e
gcry_sexp_cdr	0x1901	0x2f
gcry_sexp_cons	0x181d	0x26
gcry_sexp_create	0x16b4	0x1e
gcry_sexp_dump	0x1809	0x25
gcry_sexp_extract_param	0x19a4	0xe1
gcry_sexp_find_token	0x18a0	0x2b
gcry_sexp_length	0x18c1	0x2c
gcry_sexp_new	0x1684	0x1d
gcry_sexp_nth	0x18d4	0x2d
gcry_sexp_nth_buffer	0x1948	0xd6
gcry_sexp_nth_data	0x1927	0x31
gcry_sexp_nth_mpi	0x1983	0x32
gcry_sexp_nth_string	0x1969	0xbb
gcry_sexp_prepend	0x1886	0x2a
gcry_sexp_release	0x1787	0x22
gcry_sexp_sprint	0x17e1	0x24
gcry_sexp_sscan	0x16eb	0x1f
gcry_sexp_vlist	0x184a	0x28
gcry_strdup	0x356c	0x8
gcry_strerror	0x15ca	0x17
gcry_strsource	0x15dd	0x18
gcry_xcalloc	0x3592	0xa
gcry_xcalloc_secure	0x35bf	0xc
gcry_xmalloc	0x357f	0x9
gcry_xmalloc_secure	0x35ac	0xb
gcry_xrealloc	0x35d9	0xd
gcry_xstrdup	0x35f3	0xe

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145895.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.17 KB
MD5	11a614a7ea273086a824ec20486ef7eb
SHA1	6d369b9d58a89ff4f5062d37938681a1f47673df
SHA256	be67ee9130dbef1968e43879f88052e3efc85bebd9c22023a9eb2a7101a9527b
SSDeep	768:Fhcr0awZA2zcmK9S627oe/JxJQWb67YNJQ58RXjJ+DlodsoYh82N+4LK:QjwP3JQnMjJmqsoq82UZ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0314068.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.24 KB
MD5	543fa666f22d898d16ee52dffe1e3669
SHA1	09c5b6e219947153fbb6e2aab4a7f2e07fa64913
SHA256	777d63625f4ad55d2aa048f475c20399b6ffc0bd5505c9d06d3abcfcd005f3fa
SSDeep	384:EaTveBbpVSXGLriDyLJC6fr9nYi+4B8lq0zAYYV5J:EaTGBHOGLt1fRYi+rfAYYV5J

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	47.10 KB
MD5	d1f532279d96285e5737fd320a08a1a5
SHA1	ba620b1a871a254d94a714740ca13828f09ee7fe
SHA256	1b7446eda1f3c602a2a2ebf8418567a4a6f557b6dcc19884d59c8e4b06f57cf1
SSDeep	768:PXIRANA1C7DaccdAnNtiCQsF3yEeQA9xp2cjZqRo357r85Of6PVQ5F5ixLGBCUCZ:PYReuC7OEn/iCQsMt9xpX37r85zdQ5F0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	72.35 KB
MD5	1ae5215d25945f4cd845357a101a6d8c
SHA1	d94d7722ba3a9cfe0fb4538b21c98cb51d589e8c
SHA256	7fcf34788417134ae0236ec56753dfacc70a9460332ec3ca2b18458bed49bbfe
SSDeep	1536:k7qoeMUbqK5YhLRm0sQHfJaaTbrcTgvrNI/s5yHx/A933G6FxmEjTj:k7jXUb1kY0sQHxa/TgvZI/Vx/A933NHL

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	72.35 KB
MD5	2087266fca3523080177edd98c2e01a0
SHA1	a624af04369d74e2c0c59145d0127c68b1879eff
SHA256	0fdd6814db652ce284e549bee1746ad2bfa94399f57f965a228cd93704aa5300
SSDeep	1536:V7qoeMUbqK5YhLRm0sQHfJaaTbrcTgvrNI/s5yHx/A933G6FxmEjTm:V7jXUb1kY0sQHxa/TgvZI/Vx/A933NHe

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01035U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.64 KB
MD5	b04991a676ec1d5ea7422b5c83d170ed
SHA1	c9356d9e2cf8d9d10956b843d4da28a80161669a
SHA256	68594427d60ddd01675090efc79ad07c05954e3c67e78ad1b5d4621cb03bf99d
SSDeep	384:eRmFaDmCQuOwqX+qT4O37NMLWKBCt9/fb:9QUVwW7NEBi9Hb

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01478U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.22 KB
MD5	248b413cb8d5cdf2185a11c908193b70
SHA1	4402809eaf21d34855a3371562d69f63a20a8417
SHA256	6f2fab89696ec6410dfbf17c020f9c4230d0de040af1e7108c32cf8da5896126
SSDeep	768:L+eda3rtObd7TImOXvPWd0HL8pnd+WX+nAu2bscam:upgpgXHLo50AuE/

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341328.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.96 KB
MD5	2529aff18b119853884f92c37a1335d3
SHA1	a7fb7ff77cd95765269704225c3f073b0342a93d
SHA256	a98330166dbb84f690c26922abf9dc99fe2df494daf58ad732942470f2652ac7
SSDeep	192:5cCHizHawUL6r1HLScRg4Bq/ajtlB8Snw+VskYfAFhE1mKdvMTzsfeSowTVnn:Wk+UGFWN4YYJvwIvv4xvmzsfeSowTVnn

C:\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.26 KB
MD5	c259c2444b8f37e7af5c717e720f51ab
SHA1	58d82eb6a65cb6a7dcc634b70c1ae29669442198
SHA256	4487a2f5c70dfb61db923458bee8ef581a9f4aaded93ddadef3cdc03f98d76c6
SSDeep	192:EvYLjjWBiM6J/8cjNfYgL71+5xVbzEVdDbihCbBV/Xo:EgCBM/8ofj/1+ZEn2hCNV/Xo

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02028K.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	17.28 KB
MD5	09cc4ac91a89e9e699e70a399c2c7395
SHA1	535d437f7b0d5b157cf0886b0101dfe94a458b08
SHA256	0de944d78e8c332bbd8af3d377ba6c992042a9529b6d1b202c789e1485af97a8
SSDeep	384:VWHTpZvKNhL9efgoB5YJBK6ljXZ/Mi1PNm6nBiiczoMYww1y7EIbvF:VWHTvK0fDBSJY6l9MkPhSrO1ydx

C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.11 KB
MD5	e02f5abb5dc8ea3f8a888cab38fc5a27
SHA1	d9686abcf56ce4d373ccc696137e120a25d84f07
SHA256	f4c32824c736bdb7ec1c03d0848c1fc1334d6bea197b5a463c1827aa76f7c1b3
SSDeep	3:aoIhho7ZQ6zobYxJDmq87rm2IWQG3s/rDoH1pm:aVhe66zobYxvqrBE0szim

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\delsc.vbs

Created File

Text

Not Queried

»

Mime Type	text/plain
File Size	0.25 KB
MD5	4e7afe9982e0c5179841474ccc19bda1
SHA1	aaf34d7297350fef21788c0dd6470027275014d1
SHA256	d1d28b739d346b385591e49ad906da0811c09acd4e62e324831c4614357debcc
SSDeep	6:j+qohtVzk+Azt8OEf2MMkyzFDG0Emy11Grvovn:Kq4k+Yt8ZdMk+xSUvy

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01046J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	132.44 KB
MD5	a5f7a8c9f6bdc6ba0c3bb802e0cce058
SHA1	8b90ad347fb084b82568e9345b585a66b093ed55
SHA256	de80f3d060fa93ccaff0a29d7585b8a583cc72e4b64b661cb90cc2bb5c3803e4
SSDeep	3072:nbVAckPYvXtp9Kv8gD1z7OB3dswMPp66Jn5kpbPAmNGOQ+Q:ZAcdVpDSF7iswMPp7nYbPBNGsQ

C:\Program Files\Microsoft Office\root\Office16\Ocomprivate.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	86.46 KB
MD5	3c9940eaa90c740ad4d5f892b140ecdb
SHA1	18077d41f806974564ea8d1dfc1c9275f27de591
SHA256	053a91fe07cfd9e9b98ad6311ce856e98676eef92c161bdbca0cee2778dd8811
SSDeep	1536:NGZuKdpnFOuotTjcxZp6ebYtma96KIWCsMMHyfegX1g/rgTTj0z+EZBDE75:YZuKdXKAZ4Cs9Qs1cq/rUj7MQ5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	65.33 KB
MD5	958bfc7591946f85cdd90e7be0fd3449
SHA1	1098db715183eaaedebc0f34a24fcf8dfc588cb3
SHA256	01c6023465bd339ba1af764657cdf51961181415180d743582d35bd0566df4f7
SSDeep	1536:pTO+wZOhbQmE03RREF9D0HNdB3dRjRDJnt0+cq49DAMzpBuiHJ:FVwZGsme4NdRmavgTukJ

C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.64 KB
MD5	e7a24777e8a422989431956e329215c2
SHA1	9f22478474adb5f09db414e1681fde17a38b1cc6
SHA256	6357c575fc29593033c77b88704c1b6d92a7ad3313dda0e021aa421500ae44a1
SSDeep	96:68gTQN3wJJomr08a0VImWK1NQDaRFzeuFkQsisUcj/FDq6K/FSGz:68gK3wc8aTb9+RFNx5sUyx9uSI

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387337.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	50.76 KB
MD5	46ddd0aab90870a8ca48c1bc808f62b8
SHA1	aa4d0490a7bc771987d70805562558605e2b921e
SHA256	fac7bc09b23274966435f30ed6190acd14b75b5b8f95ba33f44ddbde72cbef0c
SSDeep	768:JNjpc0tTmxEARjuTyhsIhnRMrp/ctSGplp0KkstNFe8ZZmd8F/qvTChulm:J5J2EVyhBnRMrpkMnsPlZwChuU

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\vi_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.85 KB
MD5	239cb88811d7012f3215538942fd2226
SHA1	1842f59cc9bb893d57331fdff7602bd89f191d07
SHA256	3d80192a8360ed37de488e38b56f7e474214c4c516d261ab9bd0c4859c4bc96e
SSDeep	192:tPkb242I4aD7zbEpGElWubAjyoHoWpCRFLc13Gcs:qbp9fDL/ElWuMjyoHoWpcI3y

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387604.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	46.44 KB
MD5	13d7fcf29f0874b9aa1aefa385f63c8c
SHA1	db4e448a6707ccf808216eb4627425eb5f862cf9
SHA256	249437537bcbc876ceb756c6b6cd8b9c5787ce9eea9d8af420b47130bcabde34
SSDeep	768:WEij4FQYN4SOq2gFUoxE3zmuLVDeLQs6yClKgs+CES7XNYMQLK0dHA2B:WEikQo4C2gF5ibLILQs6yCTaE6XNYXd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\af_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.77 KB
MD5	376a8662be073f3e7b5ecc9ad92c29ad
SHA1	d52dc4b394ee1c5f1df59a8d042151c8a99cfcff
SHA256	4cee5c9e635b8631131fe8ff51c880496380174186ec041ca8274c93283a57b7
SSDeep	96:tSMIFteud4BqzO4DDDllBUrGCen3b8+ghU/YM4hRS5CYt3hK:tSj6ududel5fnL8nK/Jz5LthK

C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	122.25 KB
MD5	6b9b56b8a31e366a43a2e9d81a80481c
SHA1	28d7c39617fd9a16b7a8414e3093f5b0f8e1ce54
SHA256	bc36f75ccef73ac862b7e217545034fdb68555bde7c0aa16e7cbb7f17fd8290e
SSDeep	3072:F+7OlE1U2AZ4ooyZUFC1siAzW+riaZkA9W:F+amUrZ4oxUomOgA

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341738.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.70 KB
MD5	994fbf328ca9607752c160527cb474ad
SHA1	2a616162184a1738d1c3ba3f0cb2cb8fa92acbd9
SHA256	c94ff59f5e6a021d7a92051df00fbc378dc13c5af02832e1e2e3cc104d3f16f6
SSDeep	384:vSj6C9XhRZUMKKDr9ox4/rUEZjCQnkj22yKWOxl3rvzQtzpqPkCP/sm83+nyiN:vSZxcMROx4/YEZOXxWS+1q8u583liN

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.34 KB
MD5	1238d2d1698942a0ffa7f22f5e1b2089
SHA1	c0056fda681c431479ed6e19f56d3e432cfcdcb6
SHA256	1dcc150b54d0e9ed5d61a2450751cb26294124e8371ad8a662f71db98d6a69f1
SSDeep	384:SwQyW6/X1nqLBDLJguCnsjbTp5/riBzNn3qG5qd11UDO9FJeEa3NkB:3QyW6NnsDLJpCs3Tfz4RtC7NFUNkB

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit-press.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.78 KB
MD5	72e603b2b067e81ea8bfda7e67e9a09d
SHA1	cbb3f5e37cecf37cd40dcd745c1eb570afefbcd5
SHA256	27bbfc4d1117093ac1bd6c5f99674da82d587b3f4f86bf83be426975713e0ec8
SSDeep	96:nBcJlbOlY+5O9JcThceEtMzyjANs3sY4qCwnqxqNu/fyAUh:+lqlLO/gcHtqykTY73ua7h

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341557.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	26.67 KB
MD5	fb3af7dccc791c48c420b3e112dd1b79
SHA1	567104b66b6097be8466e25fc09c5bb6db571a8a
SHA256	08b630946c27e2c6ced668acb610a0271f1274dea56649fdf0fa8227fad42f69
SSDeep	768:ajVktaj5ov/57hrM4obX9ZbuQofbNwXaTE:8Kaav/5JgbX9Zb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\hu_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	6.66 KB
MD5	55ed66b122462a655586205882318a32
SHA1	91d4eb9d399251b6969e6f05c0b2760621376c18
SHA256	e8d9bb4d17df8d70ad375fe0f081dedd2e77c1e937a3e21def9b121640647107
SSDeep	192:tPkb242I4aD7zbEQElWubAjyoH+aXxSl6KZyBE71/:qbp9fDL7ElWuMjyoH+aXxSl67BEB

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03224I.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	41.07 KB
MD5	8d9bf584089ed3aea026c55f89406cd9
SHA1	cf31707077b79a1f48e15a711e7bf01281b3e74f
SHA256	71eede6dccbb6e303bbbed588b17caed04e692b144ec9c2e6fe76b3d08cd6189
SSDeep	768:sBOPpAInVdz3U+phEZgl/GLBvkmFLl0K3/JAnM7rh99xsnj:yOPpBr35pTluLBvkmFl/JAnM7zsj

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099165.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	49.31 KB
MD5	2054c63cd10766c3151ce1b7efcb9851
SHA1	2a7eb60a48451f4cc2447798e1762a7d20045a2f
SHA256	55fb59160c863750bb9848c27feb786585f4477d5024eee61240fbe052f4b57d
SSDeep	1536:klntF9ZdD2TeBVLp2LmDJJsD8hiTg+Q9e6a:kltF9bDY42LmDfo8oTb

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH03012U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.03 KB
MD5	cad910561b4b3a69add48b2cd51dba44
SHA1	87ee991153d09efd8c88a4682a012e5fc1f37472
SHA256	3609201a32723f172595917744b9e31390a9d06e5b0d4e8253787419fc1fed26
SSDeep	96:XUaZ7dWhC/C3rCWpPeeg0xHB3/If7YOiReNgKCPqN:X9Z7QEOtpPdJHB3/SIRSN

C:\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.05 KB
MD5	db9d168a1f33fe79e7f4ba59172fdf30
SHA1	7217d32ea060515b4bc5b126d921a4b0a87c0e59
SHA256	bf5bd2d972dc361dd87bdb00a7fa9bc4917764c36db6402a45870107850938c3
SSDeep	24:qiJn4ciRukbC9HLfAPocAdoI9Fwimhyin/h6y0otBzrN:3nBkQDAQkI9F/XmhJfN

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145904.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	38.62 KB
MD5	43f6a0639d9a2b4ac02c3441209e2631
SHA1	bc28a9db699c501a8a54e049087d0a401aa03d82
SHA256	da99d4149ea6c6733aac94be6d62dfc798449e8fd85e1bbe933b43c852ece98a
SSDeep	768:20Wy/Uj79/4N2aCfJOdrTpGyp0jU2/9cXMrFo5Ujzu5HDeYSww7Arthe:20r614BuJO5p0jUxXMdXuFeYVwExQ

C:\Program Files\Microsoft Office\root\Office16\1033\DBSAMPLE.MDB.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	496.00 KB
MD5	bbe14b7ae981fbebb0d4d874e52ef3ec
SHA1	053d54064f1b8b7d267b23531464ae34ab9708c4
SHA256	de7afd7b7538f6bc078ca9dce3a83ddd5e634406e9f97860598999a42ec087c3
SSDeep	6144:H2F/3ekp5k6OgkkLNVHpJ2L2jeRCdvOHLMjgI0YA:H2R3eE/km3HpJ2L2jOCJIAjN0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	55.88 KB
MD5	b1117e86de6fb34a51d23df90dc6e9af
SHA1	2ab5ccfa8544b2900303e1d2b8cf222907e40427
SHA256	03f7b691dec8eb33dd7d5913277676e51555c31816d9d4a7bd76fcfd5989a94f
SSDeep	1536:2wKHuaFaNgO1rCBdkR66dzPVZDuWG+tkP6KeTiLhSKaY0DprRRRRRdRRRRcRRRRf:5mWp1rOKR6mBZKWGyctBaY0g

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.94 KB
MD5	4c0c383fb81e3492ca06ce0215aadea3
SHA1	50b71eef7b8807bfb10afac35f2a08490e18b634
SHA256	4e9e74a0e08dcbba237c4e9c5e961fb8b4e1e0035b06cad1a38322b6fb064b37
SSDeep	192:8DhJFZaPR3rrB26RENJr82wJzXf+wazgM2FtLJZ4fW0hK7RB25/mjkIL+HKD3T3:a1ZaPR3rg6Ov82GyzgM6Jt0hK7A/cByi

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.79 KB
MD5	0cacd3b39e976d88fa5f1eb6bc8c89a0
SHA1	1e9b87a4c1acc49c2814f45316f2db16fb6a223f
SHA256	b13d30afb9de1d11b8043ddf16eaf6844d614ff38b133e4c57d34c85eae91beb
SSDeep	96:nBcJ8eZpnxvjAq4JAE40QZvyNWzZINUDWFj743K6yA1SoSQ1:+8Avjt4GE40QsAzZIyG83ldSW

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sk_get.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.35 KB
MD5	b84dc61d164914013371cc5c54096f54
SHA1	2285ea2d566eaf010e310ed54c0d143999e1d3ae
SHA256	1a0d5da34fed8e0bd633e1a516a6b79ac65dd1bf34175dbbe5f8e7be10d6c579
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EBEBhpWufTAjyTsmkH3k31/NbZ:tPkb242I4aD7zbEBElWubAjyoHWtRZ

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.56 KB
MD5	c05d4621daf8ebdbe53769d379f60874
SHA1	d1e7f064f7bc0cc41a7eb958c3b483914a155c05
SHA256	270b328fcdb60fc43d7970c5e609d6b295198cacd4e63103ab9d5636806c2944
SSDeep	96:tPkbMn42IK7aDz96V9yz4+ElfFFOt8MaOXyxKXAKOJlwDaTjTJKGFGj5W:tPkb242I4aD7zbElf4aoyxBrjTJKcR

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341439.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.11 KB
MD5	be573cd2fd0ef71fbb65adff3ec08f5c
SHA1	8f63baf227a1310bf69fa117089b1d259fb4af82
SHA256	39c5c552f1e1d5b6433475dd1902d1862c1c7bac2d8f7257ed3b982bb2d03f12
SSDeep	384:0qoL3VO1q/SSekyYVzc17f89WYJssrgbKq7u2vN41HiVLWhATboPm/ih:S7VeYVg1z8wYJVNesHkqhATTq

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0175428.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.21 KB
MD5	7c0cda923cf7058ed62e1cce534a3d44
SHA1	5d63745e66233541e85c5618c698467ae6cba800
SHA256	adf161675688a115f664b6760db0362cf01ad673878921cc2410d1812e6dc14e
SSDeep	384:bb7HR527rT7rzgDn7AyELPCNgErSIf9Im/xSw/I:7HC/ryAyEuuErfV5vI

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.28 KB
MD5	532b1526ffb5fdc6edd644d8a818490f
SHA1	53418dca532b8529d50ddfb57b7e7e17cf428dd4
SHA256	c469f3192da8cfa47f609dfce53d3d788ff6964da2c1af08935deb2f0a3122d6
SSDeep	96:tPkbMn42IK7aDz96V9yz4+EmFFOt8MaOXyxKXAKOJlwDJG0iNOzJ:tPkb242I4aD7zbEm4aoyxBYniMF

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.27 KB
MD5	c11c252337fc8ee120f15519e146c6d4
SHA1	b2269bb8cca5c11e76a4f694d09e004bd4fa6c56
SHA256	809664fd1fb0650fb488441b16fd886c90aa0764cea0e95e42c3fd110be578e7
SSDeep	192:tPkb242I4aD7zbErElWubAjyoHIOxEJtBvav:qbp9fDLEElWuMjyoHIOKW

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099191.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	60.91 KB
MD5	472d0fd2f09f044c78c2fef428b6be70
SHA1	d530d8ccb000a8bdc1cd05d595011f80c12d87b7
SHA256	c560b5a967c9fd1427ba371f7b47c1596624ab122f785bea0e227f14c51911aa
SSDeep	1536:mXyCaqqJ+sQLAYg9NmWM5iSDYIH7KfkkjwMWjlBqdF+4NofuXXPZEaZk8+:maQLAh/mNH7M6jlnd8GD

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0289430.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	11.29 KB
MD5	990aecf8d97dc1bbcc3789d6c8886481
SHA1	70cf35f047d11af17cba9d5d3162d816a3f12734
SHA256	5ad20898aeacb575c603cdca7dfe99ab093d527f6daf735cc1921e4a2a6c032b
SSDeep	192:zJVXmR15it+Jhifq8zQ9KzdaLWXzkRSeKbdL7g+kLpzVSiZf7X7CFQUibT+C9dkP:eR1Qt+J6q8zQ9KhaLUcKdngR1lfrGRqa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	20.54 KB
MD5	0e6989128b599b55c12537385780d715
SHA1	dc06a1fc091c5b198b17425743970f63c04cc11f
SHA256	81188863fc5aa0641150d9668097deede688f66d15e129a0515f2b13824a1bea
SSDeep	384:P3cvXQzn7sDCbEUe4NaR2JiQ8UTaoyyc8vXeNXBVftpBQEkcKDfbKMgmSSC:PAXEgGbEUAAcQ9+F8vujVVpBQsKDuMg1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0287644.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.95 KB
MD5	df8d3a250ff48346c59d002bfa7f6df7
SHA1	0311c52b60ee859b4703dc534603015759e4e348
SHA256	0abcf8a2a562e0cf488aff0c3c67305032a6ac22030139dc903edcdd4cd40b4c
SSDeep	384:CZsbxsM3geVwhqzqSgDTfLr40XdcLOWuPg/pGuC:CUxRmqzqDfLhcLOWcg/k

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387882.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	38.23 KB
MD5	379a14ecaa00cc140ad2e4b864e87354
SHA1	ffe4c33f4f62db911ca8d9b9f7b7e33f95392dbc
SHA256	4b1690fe7f3cd0298fd5632e0fb56b8f4912fc93adf67670a5c399008a76b5f7
SSDeep	768:GE1KJnf+/zonHo0KWcFr0EGfsNOCB3Wmt9uMKgH5S5mHFjKM:uJmLVMcFInsNOu3Wmt9uMxwLM

C:\Users\CIIHMN~1\AppData\Local\Temp\qb114A52A.6A\FCRYPT_RSA_PUBLIC_KEY.TMP

Created File

Unknown

Not Queried

»

Mime Type	application/pgp-keys
File Size	1.70 KB
MD5	1a84a8431931d63129ef7fd8269f2f60
SHA1	5ce0c1c02e5abeda48408ce2898d310d0190be92
SHA256	c2e7913e7d2ff67410c7d58807636fa3d8f68428cbb1a8b3092c8bf181c7efde
SSDeep	48:LrYyhLcjQuV0HCY2S9kfL0aeuOAU/iakemoEoG:LrYyhLcjQhCZ+kotqtj3oEoG

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	17.07 KB
MD5	91f12acd0cb6f975c4321271cd5d2c5a
SHA1	c186dfde9996cb306fee0eec19791b463bacb015
SHA256	db0ebb47388325dc21e79b5e5263c386b17078e6fef7dc26408139af5cdc5e31
SSDeep	384:scvXVZm1/PEQpOAmphiIzSIdA57Q7U8jj/VUSysyD7AL7t0k80t0hxNdkHYVw:sAXVZm1/LOAF7QAYpUMS7APt0kxt0hjO

C:\Program Files\Microsoft Office\root\Office16\Microsoft.Lync.Utilities.Controls.zip.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.44 KB
MD5	1a714ad530cc315f2ddbd25d871fba37
SHA1	e648f91845a563f02ac7982fb65ab5af22081b9e
SHA256	f949a29c7a7ce8b6d9637c50b6fbd2d6818bdafdae3e61d6a5a6fb50a59f2959
SSDeep	768:ww0AuKGyd4/To+7h28l8J4sSScD19nectQ:+YGy6Touh6qY+9ecu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	20.13 KB
MD5	10f7c4c46dd861355ce2566863924791
SHA1	a788b3dce2bc578078ab0471eafa1551825d782e
SHA256	5f9d6c7fd26545ab54c406e4cdc4f2f71f746ad09f0bf2185b2b84607b8666c5
SSDeep	384:/cvXzi+kEPl/uEBgFtEblaERb70hBEnqFAo7yoKI7ItaVY6cl0aW95B2B15i09:/AXzijEtWEaCZRbKEqFAo7yVIzY6cW54

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02223U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	807fbf7b27c94b0e5e31f34e96169895
SHA1	4714594c9b4e951c76070b65564d8ba108308965
SHA256	ba2458c0e819bd1d85c0ba7825cf7549809c6032213fa49091f6eaa441ff5b36
SSDeep	768:cF9nfxEIrprPzGTG4YcjRNpD0CE6yCsaDI9jbq96j:cf/5PzEYcjRNpD03dCI9jbqMj

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH01562U.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	ba104f8cd4a6f756a5e1e28ae442f36f
SHA1	b50a796b951dd4af5a8e43728211b7fce0efcfd0
SHA256	12067ad537276bc4302293e59b5b8eef5d2c75a9be18bff74023aa71e748ccc6
SSDeep	768:3y+Iay5sB05ezUGZ9ZIdIl1mGROI+F/MfWmK13Zb:3y+IaySDzUGZ9ZIdI7mGRO1kfWmoZb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	22.81 KB
MD5	4a00a34cebae82e372b367d480edfe97
SHA1	e8ca76b09cfff619ea05820aa53734abe763e4a3
SHA256	6e32e132d0afbb73728ba72919b7f1aa971d3018b7eb87a638b731b802db83d4
SSDeep	384:xpcvXVZm1/PEQpOP9IujapnmA2zJ8dJvrP5n0VEFv06P0+uc0jCwyoM0nvewNX40:bAXVZm1/LOP9IsapkzarP5n0VYv06P01

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099186.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	16.35 KB
MD5	abf263d07d8e9c387cdb234894cabbd5
SHA1	dbdb258bce48057a68eab8d9b82f230bc8d2ec6b
SHA256	e4f064313594d136f016d20ddd61fce77344be3b1967b44ee193da5a74b0049e
SSDeep	384:uAJ6CUe/Rze0Ds81NwEpyIGSnMKNmMZZOg:PwekT8LjAWMSDig

C:\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.88 KB
MD5	df14d76ef990c15bd6f477f2b3eef93f
SHA1	ae352db5fe566d47381ab7e579a7e4b3369d8412
SHA256	fdabe38ad572716f6e74981342e64c7e02aadec2a41a1d0eac69f3dbb5df1c77
SSDeep	48:oWR5NeAB/eqLgFzcga5A06qLLVHUelYAphSOClnzNUsB5lb:fRTeeAVcgaLHnlYCvwXb

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0384900.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	69.88 KB
MD5	5eed3f7929f3f7bebecc8cfd8cdfa8f2
SHA1	dc7d2c756d1a2bc6e2806bbec899ba5d00379414
SHA256	ee8a0d52c65810f2379a632e21b8c5c93b9db62d2abc2115d7dbd5a9cdda044a
SSDeep	1536:mKu60fs9XIc6X7hcNPqb4Wk+9lmt+HUf1c8xeAL9yP:mzsKTuU8+9l7HJy9yP

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099185.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.21 KB
MD5	7c578914342f2912aba853c32cbf28e0
SHA1	51bd53e79c9fcc291a05fc6480b5a29f3df4946a
SHA256	d204fe0e01e4db1895116f23b6290d5b563714205b4a3124ebc1ffd00db9fa28
SSDeep	96:LgiV6OfE9MiyovtlUhN7XDEONHgv8gNjfh8CbMBImgLw:LgiTfEfN+hNjDzuZNjfLbMFgLw

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\a12-pdf.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.32 KB
MD5	53fa4dacb5866a27093122e2183b0400
SHA1	5e0afe6940427386d567a6c2bf77bc19e575d5ab
SHA256	7ed503c1546b6617f97902ed5741d5e76ab84ba652fe430e3ab43a9e47470b3d
SSDeep	96:nuOqxK+3H9N88gcQ0If1/Y7px6E07J+vkd/:uOqxDH9ScY1/Y77Rcd/

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178459.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	28.52 KB
MD5	adfcd6f0ec76d1b74c74aa99f119ab3e
SHA1	fdac4c16953f8795157614e7bdd10876404e8b6c
SHA256	af311056500e71c8e6bdec381ae3c311e4eae44296c6a39960bf7b928ae701b3
SSDeep	768:T+4mbaOUTqinYdqyLikJWR6c0c9ktXG2DJN:nmbaOgqiYdn6RfOW2D/

C:\Program Files\Microsoft Office\root\Office16\Visio Content\1033\BLDGPLAN.DWG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	458.61 KB
MD5	e8b66112433991b2060ec196e17ccd01
SHA1	fc40da5225888cf9e7f2a330583c19506a2e8fff
SHA256	7519ace4f57bed41c7024e72d1338288bf9235a1f31876052bececb32a6a3c9e
SSDeep	6144:pYgdXW34Z6/1xoH/hqamFuuErhoFDpVDzqNECaP4BSrbyJCvMaP7CgUSHd6VVWP1:pY6WoizopDnyFD7DTPi4EajaS9owwU

C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.06 KB
MD5	a136991cc2637fd3ad7a8d2b87f200c6
SHA1	2ca8284d2dda5d2a1b9afaae4738fcbc6f385ed3
SHA256	087f4e60cd971d64c4711018b10a0c38b47cb476debd648820e19f62e563b36b
SSDeep	24:kwoQfYx7Iiga9d2iOCn7j4o2Zow+0H4izhSyELvEbD3bLvmwTt+:r7Yx7hgaL287j4DZF+0YGSyELs3vmH

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	39.78 KB
MD5	e3375ccc95203296a9a677afd7e4c732
SHA1	394a34bcd77f68c56028f704c3b19ae6a90ffe46
SHA256	c19e56863489cc5a5d92db3ebe6970c019853a9ca3f4bff9ca68083cce2c0f66
SSDeep	768:ARZxt4U3XtXoNvTBhWr4DpfpSqiGXJ4ue/kpakqMN1nP8GcZTcoVq:ARHhFoEr6mqbe/kEkdKVnk

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster2x.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	78.79 KB
MD5	bc1592655f7a95a07f6752dd4ebea85b
SHA1	719771f49beda2deb72721cc1ea5890060a4cf51
SHA256	91b232139de7a1a926174da42f3e31df16c582008236deba8e24c2647796e48b
SSDeep	1536:ntrscO7C4zAaDuO6AllhmNwEzDqGDh8mqrPzG9aryLLCiqDuWc1rT:tcmMZaSmqrPzga25qDc

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309598.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	32.49 KB
MD5	59f648b21b43e3d796ebf6d8462be42f
SHA1	231f772681969fd022cb848cc18f6d7094708549
SHA256	96393c20007e6b1a809d23be6ca130e36e96e32507ad75471c6519ec5e3bde24
SSDeep	768:npHcaHN4rbsHLKfgTedt4zJ7HIbbGnvlbtQKNVTbBz3j:n1E+gtQzhIbbGndtQyZj

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382954.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	86.63 KB
MD5	458f8bb2226bb87a1165829d30aac145
SHA1	98b81c47889219bb3eceddec3043051e4e7b5f38
SHA256	8dcb3037e19f821dcc367adf879772fbae66ee1314a3a1641f44ecec3f74cc5e
SSDeep	1536:ZakH9peQVe6DDGbnNJ92YVuqcFzrG9fqKVHFSMuP4JfFBfly:ZJdn/U1nuqcFzrGjpFSMuyfly

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	18.96 KB
MD5	a6b80c674d8ecb4d99d01a5a273e96f7
SHA1	a12401bbcdfdc858c823305e896faa87214d61e2
SHA256	89f93b44450aed1737c0989f7b829fe9868f2db22014871c396ef9f7474861ff
SSDeep	384:FsGnCXjz1AXEST0t2rdMiUTOJxRfBqrP5n0VEFv06P0+uc0jCwyoM0ok+x0hN6U0:F5CXHyXx8aNhkrP5n0VYv06P0nc0jDMN

C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	39.36 KB
MD5	0760ed2244aba0c30f6c6adcda26c62e
SHA1	be8fc6fc034d3f45f9458daaa8715ac14fd5b69f
SHA256	c8c7c1213c250e442b0691bcbe14b79ff2d19cc1bb2905dfedf7316958396432
SSDeep	768:QkgG1X8p609+vECohWrlSKNiQesWkju40ewf/fD2oHkUN1KzhID:QvG1XskMTJEiFk0e0fqoHkkChID

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	6.68 KB
MD5	cf73e906848ac9021a9f601c45da38ff
SHA1	ac1dc1a56276b3a898e4c0ff48a2adb3827d3e29
SHA256	33d19c4d798e3e6690cf05a9537fb9885e5a7e445b93934bfc01252b8e8f1c8b
SSDeep	192:tPkb242I4aD7zbELElWubAjyoH257UiOgS1gNX7qCIX8fR:qbp9fDLMElWuMjyoH2dUqdqGfR

C:\Program Files\WindowsPowerShell\Modules\Pester\3.3.5\en-US\about_Pester.help.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.94 KB
MD5	7ee17b0540f15c17bbeb6f8485676d55
SHA1	8a2953ddbf0b121e2e6f75afc3989728c42604cb
SHA256	f916dc74c3b54bd877e7227b085b48674ea77949cb492818cf7f81b93c90ed24
SSDeep	96:9RUpuHiQT/Sss+BymPLPbHqB4OMbwLReEOvPm3xy6Co6z7gB5G:3Upsii/ZBXbHq1BgN+3xyTu5G

C:\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	4.63 KB
MD5	0b5f0cdd8c5a3edc4c41e9d4dc1da9d1
SHA1	126572219a774b0e22a85a57e0849711defcc03c
SHA256	cb888ee228f66cf1ea47edc94417bd781aa8cd9ac06a8b3090921e8321823b90
SSDeep	96:fRTe6AVcgaArpYkwIMQrCGXyIihCeR8qC4S7HkQsmiW4UhsgIC0r0n:fRT+Vv7cIMYXl4KqC4IsUeC0r0n

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382930.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	110.06 KB
MD5	5a51e51bc888bc35076c635000a5c692
SHA1	e2d9808cbac5c65672e1eab4d8a4502ae93ad882
SHA256	64e05942157eec2dd9990cf99ce6e58fddb1e5605f4b448ec2a58c20ba35fca9
SSDeep	1536:sT2hWa5sevLej6kj35+6Jf60RtlO++7Rt1JElbk60F5estH01we2VNdItNF4kQ:aeDvIj5+W6GOtTnemFZN0r2VNdI/F4Z

C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	2.91 KB
MD5	a00df38d0cacf18fab1b2501fd857308
SHA1	7c2a0a09aca46b15b0259ee03455d480a629a04d
SHA256	7aa124221d7bef3ae10a788eb75f59922d604ea071d01ddfbdb0cdace33bd768
SSDeep	48:FoBGsSCUNVh5klxyVUxwHzl/uEEkrMfxZSIusUgIRzQzmQ90t03tROP9Cgez:FoaCrxyqf9kZrwCszmu3tcPsgO

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0387578.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	27.23 KB
MD5	565dca1827dfd76802ed7e1ec4395439
SHA1	a4ca9cb2b1d4d340640cac26ed3957e0673184e1
SHA256	422e3b01be21ec6b1f5cb5fd4bfdb6c89a6c67d59d37261280e129438e9696b8
SSDeep	384:22WorrGSd7GzMxllaB2f8hnQz48RL1t4m5UlyjByCHvYXzHdqaesFOoUYCqGmQ:2gr5Uo42fj48B4mCyjByCgXzHUoUYC4Q

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386120.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	30.12 KB
MD5	cb94ad9fd4261d6c3ada8b6307ea91e0
SHA1	7f5ab2a14e200cec071d19787325b86a0dd023a6
SHA256	b4092e7e37000b366d8064a76e7e2bf81e5c70f169f172bb5257c793bd5664d6
SSDeep	768:YcV/sZMl/uNqVgLCV/LSIuJI1lkU7GO+nzJBxiwZ:YG0guSMCVTNP7j2tBMc

C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	1.13 MB
MD5	08bb8e48d1004d7f6bd256082bb54b46
SHA1	3d8a96aa000f07d179688d9a7ae9988c1de5112f
SHA256	3bd9b46c0d0afc905a1855c8177efc171990339031da5532c6f7b80d54506dbe
SSDeep	24576:TA+EiUiH6V+2sUUCuAituGv2QcsaYhvjFAXm1i13Y2Dn4fXf5QGQaeBV+1GETRPG:TA5iOVvsUUCuAituGv2QcsaYhvjFAXmS

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	19.34 KB
MD5	e1c30f55dcadf411f28041ab199d65b1
SHA1	65b134c6ad111ea619981730e891d9687f33ef08
SHA256	4f0b0f0df578009db5618185694c03ba4b6f0f9b29d4bc1c54e84f44a92cd6c6
SSDeep	384:S/ylQyW6/X1nqLBDLJguCnsjbTp5/riBzNn3qG5qd11UDO9FJeEa3NkQ:eylQyW6NnsDLJpCs3Tfz4RtC7NFUNkQ

C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.98 KB
MD5	ec3fa1175bd45fbec5958d3a158c9f5b
SHA1	83509ce068d53b986e84168e033fe7c3aaab8f62
SHA256	ec4f7e14c2290252cd1a1fd240553bb58ff9e58f5e2885e9d2bd9dd137df2c98
SSDeep	192:rnfXxttt8oj2PVF8Zc/8kIi5SYO6fwO6gbt9FvK+GSuhwysoN2:rnfH8ojqj/zIpH6fwO6gB9FvjGdooN2

C:\Program Files\Java\jre1.8.0_131\README.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	0.05 KB
MD5	38155f5d933a608f2d27ac87028e5d50
SHA1	ca42fcd27ec10e130af014d69946710b0f2a744b
SHA256	a442c0eed4d9baad2a7dfa5885ec62dea479916695d8568d5ddf3328ffda560b
SSDeep	3:81NMhR+ij356U5AF7E:81NM3+ij356UeFo

C:\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	23.32 KB
MD5	1ecbf0551c881d8180bc477e0cc131db
SHA1	7ec76559f2cc29f29738a4337ae81ca354ea964b
SHA256	c1a230bab65e03247b976b8a9ca116f7543a27871cf4378dda0f72ba5c9fc7be
SSDeep	384:YvAcNbLDZ5YOX9nl2eoQDPhzx8vMBBWNdnD9HmZKk5/8UXOMQL8EmMGPotyrE5iZ:Yv/Lf9c/QD5uNdnDBEKRMlEmRPcQDN

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fullscreen-exit-hover.svg.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	3.78 KB
MD5	f44aacf78a335c28f7f31ac5d075f608
SHA1	10c45e6bcf09d712f58d3df60d6459cb7bf7e3e2
SHA256	cc450a060adfd94c48feda08931698438bae82485997fcf11da25b7db8efd2bb
SSDeep	96:nBcJdsv2GrF+YOY08kXl+gCb0wVNBl5swxqQls:+G5F+Y/ZCkgLuvl5FM

C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.FCrypt (Created File) C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.FCrypt (Created File) C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	0.04 KB
MD5	5d5ca125092bcfdcb0eb83bf6e114a04
SHA1	76b0422f42c1148f1d67ede302032df58f8d01d9
SHA256	b5ead67c21d561cd410badf62bb19cf44040ccd15194a2ece76bee2136dce398
SSDeep	3:49P42u8P1H5t:4O2u83t

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0309585.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	38.64 KB
MD5	a0b209c8a6cd5a3ef7a9c4d836632c3a
SHA1	68817b42ca0b6e19177206ffee4a11114df5b298
SHA256	e7453987f0e890d72584c684bd2ab3c4c82d135aeadcf065154991d5943db1bb
SSDeep	768:Kubl5415oxT4WYGULUv+h+Agj5ct2QwafvQSTBunoRrUn7Ta/U0g0HDx/5hDL:Ku3C504WpUL8Q+bj5ctRwsvQoQnosTDQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\PH02567J.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	33.15 KB
MD5	20cb4ecb127cd3e08f9247b0e316724b
SHA1	c41c3b68ddc1afe4b5d810e4fb5dc0a763cfb831
SHA256	fcd2bc8d2f308bdf7bbcf925c6f091f9c9e3ee919b62d17e9f69d38f34808a22
SSDeep	768:M6QCS4DOk8wIY2hTCw/il0emjVN/VUlEHqgAMz1VB:w+67wYthxVNdMEHqkz1D

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0178932.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	34.52 KB
MD5	a65f03f416325b4213871a87f48d2d67
SHA1	957029f3bfb74f89104dc97240f8a22b75edf4be
SHA256	b773ca07078e7891502d80306102bf39452ffb49364993475ca8d4cd1ac5c790
SSDeep	768:1oD0bAw54nRXSN+HQJepy8lVbhBq0aZPEaf2SmwirIZDKE5zBgQCgP0:1oD0R4RCN+HQ38lVbSBM81tDFzUf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\PlayStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	5.62 KB
MD5	08183b5d96a9e6cec2026ce8ece02f0c
SHA1	ccb2181415566155387bf7b1b4964b6daff1d820
SHA256	652742099caee298748cd10e5f3f785451d6bdb1c6593992fb4c42747687bee8
SSDeep	96:tPkbMn42IK7aDz96V9yz4+E0GEBhpWufTAjyTsmkHD3Vq2DZg3yn9t:tPkb242I4aD7zbE0GElWubAjyoHDVjZZ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0321179.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	9.21 KB
MD5	6ab0ed072cda78b8e9d8de4abbb943b3
SHA1	c373f5ea00770d0424ca7edb9d801d143ba8b2d3
SHA256	134095809a9bc2cea50c8820a971c1fbfc7193d3354ea25cd8d66db66a5e1b12
SSDeep	192:tWHKRpVIJtqbzZXSwnN/y3l9VhUB1qizCPp6YnKGDHrJmm1rVnBcTf:lJkqbzZfNK19LUB1qiIp6RGvJmErkf

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101865.BMP.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.43 KB
MD5	c4847ad28a0a18eeea9e171832d4018a
SHA1	f6241e5a0d750ba37b1cfbf622a88eefe9952e72
SHA256	2594e183c778ba492e190433e4f6f80f578a7ecd338b9dc5227f6c4f5cc8b8f8
SSDeep	768:YdMAu+Fc4JyF7jDlGYA2uK5icn8XY48qDbcxWZJcojH:uc4i7MK538XY4vkw7ccH

C:\Program Files\Microsoft Office\root\Office16\Configuration\ssn_high_group_info.txt.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	5.78 KB
MD5	9dea7155ebb8d57dbad36aefa6833ae9
SHA1	0f9d8dbf947869ca7ecdc0bc862fa2dcafe69c7e
SHA256	f8255ce9580e899e658dccfd8c9f62c1dc28680dcc894c730d2710382823c8ae
SSDeep	96:4m6hW2+Yj2DhYUhdiofIPL62cUi3UkVzkSWEgOyhGkO6vM0qZGG4gVclfxUNDgeY:p6hW2mjhoIIPPjiRVzpJOhDM0qZGG4gg

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\AppStore_icon.svg.FCrypt

Created File

Stream

Not Queried

»

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg.FCrypt (Created File)
Mime Type	application/octet-stream
File Size	23.08 KB
MD5	abb24fa7ba4128463d35f13aae9d7c33
SHA1	9b5260949f634176913d4ec48b386cdba43c3286
SHA256	6b4dc44ed16981ab51f694700c51f61bd771cc68d2f8d290b47b29da4e94faa1
SSDeep	384:ScvXVZm1/PEQpOCWrBaMy7Xya+TCoMWFpVpqsXT84Isfrc5Ul67DbT4aZIAHsKs6:SAXVZm1/LOCW4My7vxoHVwk8Lszc5UlQ

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0386270.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	14.82 KB
MD5	2dcada9a519ad5d0cf0558b5b76bbc48
SHA1	e097a91d0abb6e5133717e04fc22cc0009e48bb9
SHA256	8fa71f98c93094a45ee77424d21974c5675a60a78dbc34bb43eafa0bf852fc07
SSDeep	384:etG/Q8etyU9A4RZvd85yiFnsP07uuUVDv:5/Q8YyUKmZegi5rej

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0179963.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	31.36 KB
MD5	0c36ef8ccc4e14a21a852648a482ffa6
SHA1	dcfdd5f52a2f8679e26024ecab330996bb348594
SHA256	4a89351df2920aeb3e0b78598408543351614e9f0b1ac7300c2d8cbb24b2560b
SSDeep	768:1ODVPByXEi0xYkpTusLgO6UUSsZGNuBLkXyYsTg:10zyXEnxHpTuwgJjSJNI2yhM

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0341499.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	15.73 KB
MD5	30340554769d38b1de8a05d831e23330
SHA1	33a47b1a3f4940236a9ac9cfd78eb46b2066b1af
SHA256	b25da9b3215363ae4284d84cd3d620ae84db50ed283d4aff7b7d284ac3ef65a7
SSDeep	384:LBQ2OrrM60q9fn4rxF+n2ARnDwRfBhreFTuPzq1nNbVx1:K2Ur8MixonBmB0Bub6x1

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099188.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	8.87 KB
MD5	63fb3f4893449d65846dbab8f3f3d3b0
SHA1	b0f73906cf51489fc3ea6365eb0884f98abad248
SHA256	50b4f5e8fac5eb6046a89fd5438014e8109bd317e25724d5c120bd63e2400020
SSDeep	192:LgTcaRkOAlKQ4Y4tA9N3ksr0fmYGSJamY+xVoUkorSRm+36rNS+JqIFqWlSN:LOrAoQxaA9N3ksrCGS0NUkorSRclqClE

C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0382938.JPG.FCrypt

Created File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	97.21 KB
MD5	e4a4467b3318f49840f842a6fc041646
SHA1	823715e206c6c92fdbd3d18131f6170fd9b863cd
SHA256	c86aec17a593743ae8e542518af80c6b1833b283bcb15ed2a5ba9019df37567c
SSDeep	3072:lyaTSXN9xM9VexYgHX1Q5E5r8KVFYORmIO9JcEnkLYhK+:lyaTMxMn81QqBYNlzxp

Notifications (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After