Malware Analysis Report

2024-09-23 05:00

Sample ID 230607-pdbd3saf8t
Target 06911599.exe
SHA256 1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43
Tags
bianlian_ransomware ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1fd07b8d1728e416f897bef4f1471126f9b18ef108eb952f4b75050da22e8e43

Threat Level: Known bad

The file 06911599.exe was found to be: Known bad.

Malicious Activity Summary

bianlian_ransomware ransomware spyware stealer

BianLian Ransomware

Renames multiple (7852) files with added filename extension

Renames multiple (7785) files with added filename extension

Modifies extensions of user files

Deletes itself

Reads user/profile data of web browsers

Drops startup file

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-06-07 12:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-06-07 12:12

Reported

2023-06-07 12:14

Platform

win7-20230220-en

Max time kernel

30s

Max time network

36s

Command Line

"C:\Users\Admin\AppData\Local\Temp\06911599.exe"

Signatures

BianLian Ransomware

ransomware bianlian_ransomware

Renames multiple (7852) files with added filename extension

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\GrantAssert.tiff C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Pictures\NewReset.tiff C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\GrantAssert.tiff => C:\Users\Admin\Pictures\GrantAssert.tiff.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\NewReset.tiff => C:\Users\Admin\Pictures\NewReset.tiff.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\StopBlock.tif => C:\Users\Admin\Pictures\StopBlock.tif.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\AddClose.crw => C:\Users\Admin\Pictures\AddClose.crw.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\ApproveMerge.tif => C:\Users\Admin\Pictures\ApproveMerge.tif.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Deletes itself

Description Indicator Process Target
N/A N/A C:\Windows\system32\cmd.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-2961826002-3968192592-354541192-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Marketing Projects.accdt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21339_.GIF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0382944.JPG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR31B.GIF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SIGNL.ICO C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Dubai C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Northwind.accdt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0384895.JPG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Slate\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGATNGET.DPV C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\NEWS11.POC C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCHDREST.CFG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Wake C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR7B.GIF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\FrameworkList.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\meta_engine\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Common Files\System\it-IT\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLOOK_COL.HXC C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\gfserrortogroove.ico C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH01213K.JPG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00640_.WMF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\RMNSQUE.ELM C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21316_.GIF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02443_.WMF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\ja-JP\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18189_.WMF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\1033\MDIParent.zip C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Hardcover.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\06911599.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\06911599.exe C:\Windows\system32\cmd.exe
PID 2040 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\06911599.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\06911599.exe

"C:\Users\Admin\AppData\Local\Temp\06911599.exe"

C:\Windows\system32\cmd.exe

cmd /c del C:\Users\Admin\AppData\Local\Temp\06911599.exe

Network

N/A

Files

C:\MSOCache\All Users\Look at this instruction.txt

MD5 46bfaf26de54de2cf393f9a6356aada0
SHA1 210792c0c690d52d2833e9b0077c4f71ffcfc2a1
SHA256 e7cf0dd9d5808c748208ff3fa4c91d3073643ff088826b4f7592b0f3867a2b77
SHA512 e60dafb09e7dab66c9305b1d35d81ef197a76753a0fb1c8818069bb66f0106224e0c6967d622364ec3fbcf181b890bff8d094ad586d0c7b3d031362652a389e8

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 62ee4c8038d38835a79c1dad545017a5
SHA1 b2bcf2b149dade9f701064cfe8e46c799a01426e
SHA256 add3c3f303d9f15c7c0db7a2fed014a23f7f71020a5bef8b87f874412f22f4ec
SHA512 2eb2b6cb42972f90f3e55fd609f800ec93f7b2dc6473b45e0f75fd709796355f49662d8473e13151491388035b77a28604d8534f871b63275e7edde76293b01b

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.HK.XML

MD5 aefb6e81ae688499b95dfd2ea52f8988
SHA1 1ac5d52f4d645a1e0286c95fca9b61f09a9f7a78
SHA256 a94dfa596feede8959aa72bcce3dae3dbe3bbb40c6c3a08cddc4fa3e0e079781
SHA512 e3fec973df53ac9deeadb79e20f8cad02158b5cee064ffa956d20be9f0ede924391ec9dc622a8a3db307bf225546e7299b549d9b30500003e176741a449337d0

C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\branding.xml

MD5 e48114e0b8ba94895ee48bdf84f39f6d
SHA1 9468d5ebec69e6d8d41901c9caee1f64691bdb50
SHA256 e42ca4ccc543f72408d187765586f66b8f9c39e899111d3f546ac2da1f8c7d67
SHA512 11e601e019c2ab29a87f50867601602726a12031aee1d7e5775679f60135fbb8c274abee8c3139235553d2f99e8a4476acc39ef0851b9bd822c9a294e385166f

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 747752b2ea070d9f9fef2e3b93680185
SHA1 dc8391b66dec8d181b8e68308497ee080fa0a010
SHA256 a38ba4e1cc77e60331d411ff48b056a8a8cb4ea1baa7f87fdd2f221a70537035
SHA512 039d0d43b6475e8e8afc8be7826e97e2daad96dad1fb585a5b53c343348a22be759a49c82a7c2fe5db3558e9cd43f592faa4856d1c9ac17264ad07950885f189

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 5fcdf94d6421c2238c00af57df2c78bb
SHA1 7f8b45136d0d40b21d8f71d49f755682ac10bf2c
SHA256 e9433c872571c6120d165ac958d70a95b2347c4f581c60913566214039f68e3c
SHA512 b7fa3561655c970902724b9f1219e78660ce831f297ed635c133bc5e7326f3e7e70ac3663b9f294a3ce668359274481093f21b1cdec0669db1b9ee5df280c4c9

C:\$Recycle.Bin\S-1-5-21-2961826002-3968192592-354541192-1000\desktop.ini

MD5 99f8fb971e6c5f17935076f119131e2b
SHA1 d149df87bb6cfe06579284ba6428e212c3fc20f3
SHA256 3fe9280f6b27bcdd81791ae59184daf51aeb30800529efa163793b53a7ad02c5
SHA512 8127d45767a8410528856f9ee261f729ee95ce3ece0617e7583e74cbbef19cb707269e7e91595047bfb52db82a78cc5fb39abe648bc3983533fae6212fa8e393

C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT

MD5 0378fda0eefe503e4c17884860e17337
SHA1 8af732647d2f4c8959e38bc2779a90fbd7c0ee01
SHA256 ef021815a9475f7ab569cd1d3bb01a6b15845444665572baeeb7ba3cc998561e
SHA512 75961aaa5d67a440eda5db85b9e53a76fe3a834c508014ac031a9bed311134a82219c61604561a149e34e4aabf05c9699f6e3471f8cc9c6120b281fa13b666f6

C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE

MD5 c244267698c11f12859ca4a1cb1a9800
SHA1 29de00f912f72afbd8adda0219f1277ec29052cb
SHA256 5f00db21f74b5e6a4acdcce38b1fa0f81db6dd62bacb125dc632f0f75751478b
SHA512 3c7d009dead52d5336b864247388b4ce478d7cb5aa542d9e055dbc00917c3b6aa9fbd51f04b40ea7bbf11fa9c74e4ceb3ed70de3df3ac14d28651057057b7dad

C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo

MD5 80bea4526be83a7c510f0c6250035fd5
SHA1 4e3271f611f4c2906f3970e3288e263a4ceab4bc
SHA256 651825969eb6c02dbff324aa93456096f65f87edcb63185061b4d23118362071
SHA512 91769ee3005acec9ff541347174360cceab9b09f09cd1361d42fdc22abdcdc075c0580c05d59b123c774dd14fe41a95a0bdcd482c1d8b2a994018593e8f3495c

C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 51cf73927e1330ab33a90fd16a8877c6
SHA1 019f6ff1cf9bde7c6754d872d676df9bdc900e04
SHA256 47d842af9fc97c6184b59dd8eefc62a590936f550725d415dedc4fa70874310c
SHA512 6328c27d5bb24534fa7bb33597703c6d46a71dec5b4cf3241c900a39c9f34f0dc8dd8e9156313d18e8e08ea126418a075e71547e8aeaf94ee1c89014e6d6789e

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bianlian

MD5 4b6517cb6d8bedfd0e84da2011a91c61
SHA1 3f902250a78145e5b9ff6053531094a298fbe5ac
SHA256 0dff1188b39e14ac6ceafe38a5428ae84a3ca28837fd7273f198c1ae11b556c4
SHA512 19df2d0df8796f38cac9f9a36b396cd905897e4f5843ac81f21669e299c11d7f9723b9aa5d2f0e6398d16b1546939a37123db6935f8a414dad60c409d6e78faa

C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo

MD5 b4a6769da8217bd3a1365a9bc37a80f1
SHA1 c6b6648e4ffefa8dcdb2ee2c67325c015d879c20
SHA256 e9caa6286e9fcfcd8d6ddcadeff833d49e645272cfd62a60044c30a02e4aedc3
SHA512 eef451f39e9e17f79a06d43095953331221045f8c3f2193263f550d724664a1b338a1fb168d628fda1f84703fa3053bdf85501106c7d075e886477e8cc35ed10

C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties

MD5 d3d8637d50e23e015f9394aa033b1d7c
SHA1 d966b84175c17655eebeb35f23927d01c56415c5
SHA256 a0ace7bad00c974808973d286cdfef78125470cc05174b77a4e042ecc7ba9528
SHA512 fba3ef374ed8efa3d964170c169e93ba7886fb4bd9362d1e202197e8e57b5f2928f7e11e022fef5bc99f729b8073ce832e1414f208aed9ed96a2c8be7a4e7fbb

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET

MD5 a0e3f7ba79f179362a715de6b3f28152
SHA1 186a9ed8c65ae4594e5b510c84d287ae2d41c4f6
SHA256 01e6e5852daf75dc5fcc5e3f332aa6974b7e2f8498bae5a1f4774e5afdbd5793
SHA512 28dced3d6f28f832a1589de5c111e4c8b294ae11caf84103b410f4e82a6188f452f02eb71ab50cd3ab0ee4441bbd3713cb046351474a8f4c3efdd937093176e0

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST

MD5 210c522dca9567983a73de173d546207
SHA1 39884e4998110ea806cf65e26e5da5def3c04fc0
SHA256 a78d62e5c5c8bfc3f1f47d706f950e0007485dd7f541c7614e8c4ae46d1f785a
SHA512 5873879bd27e67fbcea8946a482302e4047dc9f54bf8608c9b34fe6e96c05c0e2768b2b654f9f3a11d86bfc701bdfc7b5883fd26ae666d5ce6eefa01794eba9d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST

MD5 ecc8ad934638ba14191d09c53245f65d
SHA1 278822b5dff566971da8e582387b4cf4457c43b4
SHA256 e2ada26b501f1c6908931dbab9cdd3185060b7b02af8985210292943ed21b19e
SHA512 06114e630c23d925b86a85b00b0723a60b50b7b4d4c72da81dadef962e0a68cc8817cf70e3220cba25a7d2d6624e7c03323f31a27a68d228c825b92d52ee1f38

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST

MD5 50e671a3def8c8da6da77b405d03cc44
SHA1 8b9a6e6e3ad5e0ba0d953e953cf386320e68cf11
SHA256 a3ed3b797f11c1b4cbadad66be02da01798def0981483073ba6fcfe710c42bb9
SHA512 2307e27780d24782c09fb051b8a4341991c98a56d351f757c77bdf6dd3abfc4efc0b1729504628c77e5225b546819b43fc8459b1900e960f61f04aa548dddc6a

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT

MD5 b6b999dfb633597fa784bfd24a683410
SHA1 68170e063ad8194f579267f1257cb86e33d9fe13
SHA256 362e0f3ccea64e3d4a442cacab92f8dc490af8b5086a5a8819df58fc7a68928c
SHA512 216b9000edeb4ae82f73980c5d1f318f4dad6f5be8bd4a515654d0742e3f6ecb3dd6d8facb65a8b2fd3b091503bb8d22fe325864febc7ea1a45946e5bb6ca94d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf

MD5 1e15a5c5d59829c5de486f09d43861fa
SHA1 4972d7a37a7d9f05e3a7600b7d311cba01820914
SHA256 96659773185b902f4c4a23f77581d44502ae88dc65155849d7c332a76c934b8f
SHA512 9b914c2cb63e5398e95ae2f49790a578cb3a3dbaf56eda0b8a3a63c92f409b84c349ba1fbdd3549dadb966cf433fdee38c0ac678b1463771cd2a7910e01742f6

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA

MD5 1d84f9814504f760d7a7ebdc9dbeebd7
SHA1 03478521ecefb8f0b7a422366f6c6a3dc122e303
SHA256 f9a220eeda942c3b7423d506a5a91a3f2a0c1ecb962e6392cb444519e92bfbe7
SHA512 5bef71f18ae08bbafcc957acb873ccc1ffa7fc26b35bf44355d7399af470825114a2f68b3b4fdb27d7e486e2aa536a7fb891d5f114c78601e2ebcd401d78933c

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4

MD5 080fad2a5b678282b0f9afe1719db426
SHA1 91a87e3cd848b4b77a5b3e72f2d090c4f4ab44c5
SHA256 5963e621eb57be44667a3e1c1fddd9b8e9b83dc46c16303319706da949288d14
SHA512 2df1d2b5786a8290848140c49e63d464838f9f12c3f52b233d7bdd1300730781f8ad81ca1317970354be3fe68b8ce421fbe06a3074a0ddf1f94fbc6fd379f25e

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2

MD5 b9c962dcd13376047cf0c18a402fcabd
SHA1 00937407d9af4639b1ec3ceb8ca8a83d32e71e85
SHA256 50c8f0deca81c6ee7eb840234aba5facc4837b24e256ccd6def27170b24ee0ca
SHA512 d2724c94f2284cc1818bd3098cb7bf4522969132b856a04122c1895913e43d0676969d273e50e23666346c618249612ae27d28c2cdd04cb5383afbb97db599db

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8

MD5 8f76e17cffb88076e27af6705fc1c93b
SHA1 4cccff1a9fab46140ec21d922d5d71da47271489
SHA256 00d9d837a70304a9a1ce63ce1b962c1aa461705606e5aeeb28444a86328aa1b3
SHA512 dd613519bba3b7e3a7c6828b693981a955efcf681fefb1c0703f13ca2f984798586711981cb986ef5ce9abe4517c59c76b9f9c61f89d65e335d95460948c3b51

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6

MD5 3ddee78a46a50b04bf785d984cbb4a36
SHA1 d3f760304bfe916a2a3bb3d41779aad82315f53f
SHA256 cf06c2e58c8b7cf3a29caf17c91b0b169d52d3edcec7ad39253f6f07186e4b51
SHA512 3ee096df405d17638209328eb7a7d3499e8f32c7823bb0165e769f42944b73ad4417b769ec7886210ea887454837666ea8d68704c6dd19f24ce7e09cf68bec7d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9

MD5 e9646c4e3933567dafa285694a328ea0
SHA1 4e0aa082c15773783139cf3d02c5b9ee9bf50d02
SHA256 a658182a6ee8bcc17c8a1bf0df955e9dd6b991df6fb62668b46a174dca445ae3
SHA512 28f700e3fc10fa2ad69eb1518c0d082e312363ad1e37a5be4a85d6ca1570ed80e9d146ad2de16f44f1325028f594f8d54a6611369b9f2dc315a31370407ce3d7

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas

MD5 9c63c3110cc5c35a6e4e5b1a0305ffd9
SHA1 1dc2a7afae6a1a6cd431f3a335f639974719b9b7
SHA256 9648cff05965cd5b2f98e57c499d3c4f723a86ae10b4e9c01bdbf640bfac8524
SHA512 c9b1cf2d1d88db7ee9eb2ae061712baf294dcb0517d7f5fe37c1a5e2be79470166e4336e2e006b2c3423da4f7057eae56d2d1c239ae30c729ff358e30f63c6eb

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby

MD5 6505d03881a5c0777ab255016e25db34
SHA1 ed899a38883b51603b77c4f81eca92c557b3b814
SHA256 300234bad81cafa5620bdd46eba85583c281c41cde09ad88b2f9742ba1898bbd
SHA512 89a94843fa34a545278beafc021c649a197082c21ffb1468fc200e12db3d0c5aedcb8a26c453f8f5cf86dd3be888f047cd596b715a13233436b680033cd6d060

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 be5e6407ff19345fe724dc01aeac78c3
SHA1 8e99efeed0b249916f045cbcdaf0e58256d87b8c
SHA256 75714519dce9aab1e282f840e8623036a6c036949f482744c6d3861ee36e0e16
SHA512 ef7c8f3fc88ebf6d640ddf676c35676426ec921470b2d766384f7ed63dfe0813a6f7f0e987aa2a22c90eedade13c38cb601d74850d06ddb2a1d9e91238699e5d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF

MD5 4a62b79d21f37ce66bed364aa1f91d4b
SHA1 4775194a08bb8d24c88d1473f430aeff6f49108c
SHA256 e75f75d7a46c73601af7594a4fe904bf5422cc37629f9b1ce8257b0152358a73
SHA512 8e2ebac127ce6ad5dc65b114732183e537ea6c5a51d9d513677ac7ae463a16c57c735908a372462c786f810c7cfbd0719083cc4ae9eebd1a0382dbcbf1550dc1

C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATHEDITOR_F_COL.HXK

MD5 9b2c529bca83736bac2b752fb032eda1
SHA1 3fba6cbcfdb74a05da8682b1ac0566f39953400a
SHA256 25d82eb9b112389a981ad29b1edf64881a8d6603a29cad7f1b98af88079f6eb0
SHA512 bdc1d1a38bfad07ddf1a39da18b592df78f3ef9c89af176e0e590b556129f397c2e636952e5012a6037b887f6ab99b4b5b4391a68f1ecce2663759074af8d0d7

C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATHEDITOR_K_COL.HXK

MD5 aa880d673d0f8f098feefb52cce18cdd
SHA1 4958b26d72b6d91e13ba03f70027bf41c334036c
SHA256 fd5df107f60119765abb01499f82343fa71765037fe58981633e5908c5638815
SHA512 a21a2290a6d00445fb2caa9eb109ea0a285dd2d02b9d6f939b93eddbe76094093c8f21022cb72e6b6c65759f98cc1545ee570f855b0b01d4f60d9783e491eedc

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 cc5e6f0574afc20dba12027043f2a8c3
SHA1 f598804e64c327cebf427df4c7ec8dd76da3db2f
SHA256 801ba3e9472212f937b7e2f510d5f353c623e293c646661f231c2a18ec98480b
SHA512 0a4627748a6fdb80610387b92343114a730f84865c83e1f9435568b24be99c788570a18ad70c2cf09c4dcb129ccb31033b11b33f2d4bae3a4516b23fd0c3c7e1

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 17a688c5901d6bc57af9970ca0af10e7
SHA1 d3d1873a55114d8031b4e8a9a24196e11f853ebe
SHA256 9a35d614106a1028bc1fc6c11b9a4b68f3571bf32866155c1893571fe4a32874
SHA512 ad21abf65bb889d7df46b1740ac0b958373590649f98371ae89e69e4ef1cfeb72c2035ba5956e1aa510cfb626dacebb7d0b03911e187a7829ad51a9e50b725f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 b6a71e38b17d2a4aeea132954c3d4ef8
SHA1 f4c2173766ab6aff12c8c4c5293faf9fdfd3b17d
SHA256 37acd4467669909d9438d386df3822daaa397ee8143d6302b0990b0c9f362943
SHA512 273886039c0684a0e18bde999046a165390baac52c73522f4c30e68f2e5d41422f4249b39013f7240f8798e6857ab4c0b9f4d0ed13476cbdaf0832b1469dee6a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 8319def3041ec4d83f121a0133f0e787
SHA1 82c87d62c60a4d4a077c9a61318178f83adcae96
SHA256 70513a142161fc416c4411f605949939529082fdc69c65e2242cdc62bb062a17
SHA512 87f9c5ff3d2305715b1366abf914e982fa055f630dce0cbf616d75f07279749211e13118e2b96347e49f51349238e9aba5cce7d122e3c134536083df574efdef

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 b24a44b13cb79d532a415dec9a85e4ec
SHA1 e075561a1ed0b4099cc76b5f4134c6a591382c47
SHA256 6648a4424b9b88d5a368b30509678577f7ba028658378135d9f681adbfdadb3c
SHA512 59b4ab6fc2734939f7fb51375d50737816dd1731d2af0baab1e1ec7b59d83e578ad4fab778d7167eef3916831e36f1e839893df03c767eb66b8fb9c4fd7c4d2a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 37520e102f699efb59e8353a30d9a49b
SHA1 2d54f8e46dbbb1e4884b00318f7a29c49c68a054
SHA256 ec8405fd45783d260181b7b26019ae866dec6e709b8f7276b637e0bb94b480a8
SHA512 9677bf94a7813c99036b8722a1da4eaf1a0b92d6c72454c35abd9288a3822254cb8368044b75bbcfed3154add9ed6b887a090d18ebe4466470e3443b9c18c851

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 d94b0f9e119744f3779b3f90914e7fc0
SHA1 d83c82d8d123d5ef3a40070425d7b5d9491b72b7
SHA256 a83200f8157897bbb7707fe5ce08832e0886e3df8a8dd5f22a1620d89bb3c81e
SHA512 01d65061700eb886cc430bf3f3de1aeebe45b1d6dac0274d4f44ffdcc9acd14affa66c0de56af301e55f86c83c012519e10822cf598b9f9c24f25814f6e5f535

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 c53dd2734190cfaee09054581f21cecb
SHA1 c6b05cef367e4e91958b31793eae0ae145e38094
SHA256 698d2bed491caa1df7b74a2559dcaad506b30e0e4d942ea1e0fa7684d430548c
SHA512 39996d9f6e3cf99dee75b5ba5fbbe83f8a936525c5c1c63ceb90148900b52bc2086bbab5bc754476c64f5a6c0fb03ea1e58257495d61b146d0bf00573f575cb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 825951f81e94047832f04dd78d0c2055
SHA1 293fcb68474dfd1e41bfd94f661f937cc6cf0297
SHA256 a0e721d9333264198843202d41555d121ed085c4cb092d768a84cde9752319ee
SHA512 a4a3610f41c2666f4c59a21e6c46f5494357cd762d3cfc6303f100e68648b5f8d24cc25fddb424f0be98bfdaa3b6a3ae98818670c53c0a40df308c6cfe898f06

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 77ef91692bf7091e4076c6068a94b85a
SHA1 79371e6e6dbcebae890eb6773c05c8569d81595e
SHA256 b189bde7398e927bfd7b36b1d352542f0d5bdd9aaade19c228d003cc6be574d7
SHA512 fe0374468f2a0c2112633bf6c5f767d6c043a3eabda2a9aa9b1b8ace03dbdea2df754c376c608ffa2b8ff42426900eabfe42cf1c9b3f45f2fa3bb47fda172c35

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 07953303bbe3b83ed2b75986eea133c1
SHA1 17052a5dabf921b5fe3641328ad85cc0fceba707
SHA256 6c848a5a551e08a768e24151590fd22200449f69a0a8d535cbeed20d83b4169a
SHA512 790e439a3107cf274fa5d2a6f367702904a05dd3b10c68f4bf44500c9c525e48224bb5d980320626db336fa7358f6ade3f759c352eb108a445937ecf306249ae

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 d57560f28925b5fd829edced3b8be94d
SHA1 8d77f47fa0d76e8d75e07687c357a8d74554d99e
SHA256 128c568f597b3f7b89aa7db66e71a855157ebf956e06b50a6a9bd0431eff6b8e
SHA512 11e742f7fcf2e76433f2d8e2d43e16a24bdc0f37b2be7fe7f5d8a13b4747be497079a693bbd57f1266f02bc1b6d86509564e7d84bb2ad954f0c60e1a4839565f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 7a5eee39a5062f00e2ed47ffbc3e2834
SHA1 ce0d6dc1d95b3188936c4f8858ac622e1f8d85f9
SHA256 3d0fe265c73573487417f6228aa33d8697e7f585d9d19815f37b58df75570c52
SHA512 518c49427389ea8211fd2c1de2227ad11caa6aae5344b84c8733420d553a8ed0cb19a8e6ab7889df5888d3430a85f3903bdc734ad27d4155dd5fd7659f98ba1b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 cc5cf38ed546010e53c5acb150c430f9
SHA1 5e30b528626c4f5f8e1863e9ee73edabaf493d3d
SHA256 a4ddec5efe53b603c532967f44c4281b5aef2b87ae61d621c2a32cf3b30666f9
SHA512 36616ff5554f3e007f814aa5ae9223d3b9ba05e49aaab77967d5fd7b58d18b6390e47feff30850fb0970f94c059484db89f3c0efea1ddede235ff5e549999a1f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\attention.gif

MD5 fb4834007826ee1dd66611dbe0fe5516
SHA1 ebfd92d0a6119d07b1c2e83db853274fae13d397
SHA256 12f34ba2a32a5bd069129c3c4022485e0d3c75bf7d6d4b28f61655f29bcdaa2d
SHA512 e1a0c601c8d0db6a7026d9e12e2a2ac61ee04ecf072220666171b1fa8ca08f6b6a6df97c9df99331a1abea8bd6dfccf911a13b6c96b51dd16c2dffc51e5a2fa3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\BG_ADOBE.GIF.bianlian

MD5 410fe9f3fceff4b76e7e77e7f5a65305
SHA1 39aee5f28542cb9201ff7519f96aa70103f281cb
SHA256 ed8c5c3eb311643ef151542a5a0ff2bb4ab71bc54156a03fe5930d0da693cd96
SHA512 bc15e95a6d94eca681be6e8cca7151c3e46408fce2c8b66aa2d32e5b70f0e1b2680f5cfcae34d6f4f7c8c33687b4f1332ecc46a448b1bffcac16db3d435e7585

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Casual.gif

MD5 13a70915fe1d0e1add324b4da5f7fd62
SHA1 4e08e32d3e3d622ef0c604c75ef161cb21c1f155
SHA256 c4590bc8d4d11f85fc0bd4ad3367903c6de88b7611b21a425cb456fed1f8edec
SHA512 cf155c85db4dd4a59b840a3cb5ff2a7182ac8cd3d123b782da3a128327e5eac96a8c27569d145b62cfe4952298911b26de995d6cdbfd182f6adaaf7af308c117

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Country.gif

MD5 a72e2ee7619b54d062e3db8467e28d62
SHA1 f7cc88b05c60f78ea21a522e08ec22d8a45ed333
SHA256 8d1841307b307e7d6517c19b3ad77d93b0144191947751327f42f90557299a6b
SHA512 e14d74eaeb8b398624ae55ac79a1cd0d1220eb67a7da832704ed62ed54f6ca38e1f15b5c25cbbf87cd08bafbb69cbab55a3c2af4acf609b09fabe694645e0302

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Earthy.gif

MD5 f71ac2ecdeaeb7c470fe45fd54f655d1
SHA1 ba32b70849551905d8c4c6f6c5431c2fbe90acb3
SHA256 6b3c55743ffcd20ef748eed208bd6ab746647acf060ef9cda6e6ce868233955f
SHA512 ef37f392c51655f9609c8fd1bccbd65ba3f3a58de3234c654dcdf3a1a667e37642635902def649ca6d0852643f6fd0a3876feeb778f37ed2770c5628f5ba26d2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_GreenTea.gif

MD5 d2e9ad8ec57ceb4a675071a63f38fb32
SHA1 b332334c7a7416b3b0571a365b901092d3da610e
SHA256 144ddee682c7e8c5af40cf3cc712d6e2ef824cd5fdf104d2143b5dd870776e69
SHA512 b9b86e0cc7ae457536c6bc04a2b498b793bf735a413e23236ed278df81bbb234573ebfa418d7a45974f19270a2586a433d93d4d6c870a36ed7b8651ea3249476

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_LightSpirit.gif

MD5 c4f8a1572499b223b4fca31bc78d8764
SHA1 1c37337cb056937d02944f3df6c03d5465ef254e
SHA256 8a790f307719893a1ef37fb32002a343e2d221a0a72755313f99d23a98f62988
SHA512 a65d6b700cac2f592b3a8a5ad170c1bdbe66e0e074d5998831958a46673d537677a4336df5bc6b93708e87d0e2d42bdf7e81db68af14a6731504662bd629a965

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Groove.gif

MD5 075eeb90aa767e7d0303736cfcb3e3fb
SHA1 e1c71019bf60f2243e05e29970ed08e30a1c93b9
SHA256 3874ae72d3d496f7d665900e1f8073caeb38d4ec64ca679af9ce402b1c4aabf1
SHA512 9b81ab15c805e20b6cd90ea7d3228bb27b99c504c0daed1fb0ac4e1736e9af062171795a7eefaef5d2ad95cf5e4719a76bc0b267058416c631a9ccacf178e7b6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_OliveGreen.gif

MD5 a1555a0e36034c43b0f14de5f6fa52c1
SHA1 c7da5b6b8f189d68728a6c891e4b922404db68d6
SHA256 cc15c63b64fc80e9e390187aa185db8a1278814726a5a5f6ba40dbf1c35270ba
SHA512 fc00a00b3b244c3c590726d752e78fdf5701fb1568b4d299475a31fc8d577427d5ecc9552c959e1d2532adaf4c832d521a726a2e7b56f05ae841de972f4dcd43

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_Premium.gif

MD5 5f263a5937062f8c981ec3e2466e83d9
SHA1 32da3c1c8cd5af239db175cc1a78ec7d95c0bbb3
SHA256 e0bea00e87a5684f54c4c4d6e8f243b8f0ae66d887ec789fd2410df106c17cbe
SHA512 504ecd1f019d773c4ec38d05030aa5655133648d270b28269832e4b480043775f43728075e35f9ae49481a85627764ac891e8b23a57873d9db4a461b19faaf2f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_SlateBlue.gif

MD5 5e337608e005b7f93c4dc810308b8383
SHA1 f43c7fb39565190f27396d1f75a7fee555fe4f2f
SHA256 c84d390b17a33bbab518254bf209bddac8ff635a82164fc9b081626c427ddc2b
SHA512 bd9065df200f937994e3762de49f43dd3b34d7fb9f5872f43fe8538e944e95142d962ea4fe2c3a60ab39c182e96bfe489e5cd63b92feb73c37e016d73797139f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_VelvetRose.gif

MD5 18dc541b91c14d082730cf0cda9542ea
SHA1 74a744021635f6d4833440d51e004379df66656c
SHA256 662c36cd309c2dadca29eff6155755846ce9480fd9dbbe70b66652a05d3bbf36
SHA512 0f0fa58cdeb3e35a4f4bb7b097bfd4d71012375030539dc1e1ffc801a4481410530c403650596f65b7ec2b5e6ad74d01b29269316683619daa94722c65c9e6b4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\bg_TexturedBlue.gif

MD5 e3c77def62fa2df7f76e124f71cd33e0
SHA1 77d33569b8a1646f7a3b733d2c3cfed2a2fbe6b2
SHA256 6d06ce53400c4f1c0a57d09694d6c28afd9c39ca120ca97856a46c47ff4bd634
SHA512 ef1aa5f6d00519385c87fac1a6b2bdb74a624759ff5faa8c29a89d313db9dfb710acd5488516ec00b8178b3d4c9d0b19a667b798686e11dda108edbaea050005

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIconsMask.bmp

MD5 8421816ca9b17b1dcd58e001802b4968
SHA1 6e7c0e52be711e720b94d0efffd33cedc2cec34b
SHA256 1e295a0a16612108ce648757e25231fd2f8295e3fef59cd33377010359912337
SHA512 eb20e7b7ea0dd71a269977f476d836ae83966349daad87d32c2088216ad7e74e284be297111fbf02f8914e7cf59f396df7b5e49819dae881334cf5c9a0c60888

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsViewAttachmentIcons.jpg

MD5 cdc05c96da812e63096e8d0b38e94209
SHA1 8db0c685ae6b76640539c52f7b91cc3a188e56ab
SHA256 c548c8e2b14fd7f776cda5f950bab99b8fb511d72458014c31d7e6414ddf6ddc
SHA512 963933ea64be2dd6ed725e6197bf86cd915c55042c9f4dfca34a8ab28c4f9689019a9d0088df9aee095ce8afa1fea3645b703e21b910fc8c1ef67c8219746cc3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\VIEW.ICO

MD5 92d60d374fccae80025d8adb9ca624c6
SHA1 03f545ffd0a33b9e3ce5ac11696da0a28d829d18
SHA256 e83f778507a8223609a90273eba2f8a9f39a67ded8012f40d0fe6260c5fde7c9
SHA512 d293a5ad8f4b13944e7a979054e54b1612f6b8556f729b834d5cd0e6ed1cd4450d1af0003a3913ad21599b0159d2d4733c0e8277899d2ee5b12698d263d3187c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\ViewHeaderPreview.jpg

MD5 67959d200ba7033b75ac4d0f53bd060f
SHA1 012187b15617aaa1585e9c8dbe032d06f2a304e9
SHA256 9e43d574acc94a34140e26e4f8128d05703c1ea2bc1684cf81dc2fdd177eedb1
SHA512 72b5f02c0003cf8595af964b4c5706e63301214f2a0dadeb1dec95a75a562ea8e72420d4262ab1f484a30b90bdcde1b74e1c7916a10dfaee255fb3c20a9e8ff5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ADD.GIF

MD5 d07bca280f47978b0f6cfebfbac925a4
SHA1 9dc221c4028073d019e075d22c39ecf8dee684c6
SHA256 4f1179f8988f641bf5a2a20aa1e7cbeac997e5424869bf822751d8b3434efcfe
SHA512 2ded7d4fd008e8d2aea5e12b5d962454791cce8041d8b171282d4e082a12fb1bf6d41edd3b908f9635fa11932d78e0c50f5292dbef2562c3ccde78e5cd6502d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg

MD5 7eb17b3f9bb83d3039c7ffba2ca07ac7
SHA1 819113e89e6d37dac2aaadda5e27290e074a08c8
SHA256 32bf1f46743689b59ce4c9eeac27a57d89d42a5a44db1baae26a129c6702e9a5
SHA512 f46ab72c9610785a7b8c990e6781f7bee981596ac59fc7fdb4c1b6ae1a9312e83b88868121822dd5457cdf2113c112f32c47799f87435a3711f3490680986bf6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrowMask.bmp

MD5 0c6b4e1f07bacd43e3533c108afa200f
SHA1 3096f4593edf7df62bb9d315c7510fcc22e46273
SHA256 532d7f6d487bc0d32e09f93d056cb19d2c5f2a8b25821ff1dfff6e7ca35429af
SHA512 9ca7561adc2bc0565d6515185fdcb767fc7c84516871a34456d1f7e2969fac3c3b9bff0a41af6d9c002ecea4707c30ea3fe7999524abfc7243c70a9765101740

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_FormsHomePageBlank.gif

MD5 8b19520fe7460e0f227b53f4c6e5af0b
SHA1 c231fdbb8d24ebd2657e518bc7ee6df9ef97d466
SHA256 d2ca76798cb1bbffdc797c7726fc7dda995048686a0e3ff90efa134e9d93a40f
SHA512 6a22dfb1983c1ef2bc36e06e06872747995dacd2d9fb9d71e064d64291bf7522fd3f4b7f9e19b46c1e046457ea97cc839e0424fbf7a0aa43174f4f5e8575fde8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\ERROR.GIF

MD5 57693a9d3361f2bf818e5e7f3a8d8964
SHA1 4129ffbdf089897869aee0859efbfd60a7dc32fa
SHA256 6e3555e7fab7ed8a64abbe253c3b331687974f48cb3bec6332755cc645905bcf
SHA512 59a19cd4d1d11a5ed3347d61b6fcaa8fc7b97634e9f18980a1277ba8e5bc63ce18b59f62551c3c4a242643d2a88d27e80c8d0b39adb4317a45da2b7de9a9f15d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FORM.ICO

MD5 a9f27d923cc090384388b9c2dcb6f3b7
SHA1 3d94d639fd1932b6a9aac75f575606c2b3e67dc0
SHA256 93089058797660dcffb91a9058a4ca2113e5110edb8796a22493cf6052f70306
SHA512 69537c03151fa31f586164f3d2462e43ec858af8bf6fd841c5fcbbb57780f2bd4a9a481a9ce88974563aeefd48dda4f49f25428be6efb53144dae1dc5ff60508

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\LAUNCH.GIF

MD5 a622a21272b9fe4b95c3f5afe37e5c23
SHA1 32b49f0959aa814b7c13cf3999a94841cec1c1e0
SHA256 23faf1d9477f293fd5043d72e9e5a8c3e95fcee42cd2301c5df95db073eb012f
SHA512 32f1f96ddb8c4c3176c61c9b8929841130bc42054960dfa841c2c69d7a960b7556d14a25c8c57883dd8f218537029d9a6a6516926912727eb20d55939f0ab3ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormToolImages.jpg

MD5 cfa83120a111b9dcb3bcdf82e5cd4e5d
SHA1 b52e393f1fc38e3c65e153d8fb6472071243d304
SHA256 7a8fd8e0bffb2dadcff4a3e9ae364001cdac16cb233ad6316255b55889111163
SHA512 84e5f6f1a1fc7086e84b71e1a677c5dd1120e37f20643fbf26464ce4588d5f17504ff150fb555c1fefb894deeddbe53f1a14b20c906950b90665e7cb4cbfa137

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 eefae8cb42e618dc9c75dc75780583dd
SHA1 fbcbb5e566db27c63824a18e2e51fdf065f0e446
SHA256 fa4a8294b0079cfb5f1825b180c8939277afe511ea5ffa018e48bcf607b2b6a8
SHA512 bb6ac2b736932a8798c40ae76a60ef1676c315ef0ea6198bad520c4599316aff589e4a22d58b97afa95e14c4bb5de258731c4af53821c4e34f6296dd71bb2b03

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 5b773d56d8d5855b6549dfaa4aac4851
SHA1 0447acc124d31e21f608d49e5e8c35717c4dc933
SHA256 89164b0860fb6acf6fd24773285a45560834a59e60cd8ec1e423f80f30fef579
SHA512 4f0cf82d28f2a82ed58805fd068d44b619d2f8501392493ce3309047ba3a5e3abfca98675212364d39b335f600c946e518991c60da07132e2f2ebd4a89447cf2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\TAB_ON.GIF

MD5 2fe966c338d87c2becc5cbd088844f34
SHA1 84543b2310c30a58a551a77ced8a139dc7c3c50d
SHA256 f7a55c60c7c626dea2cfd44e3f306b983873e51ae190f73332c420a60ec52685
SHA512 4956bf22f1b130f7b084c8bbfb41aca9eedc39eff8336e010aa107932b81830dc9921779feae9b59b14f9d8cbecc6572368c7822b69306830d09fb67d79dcbf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\tab_on.gif

MD5 8e59c315a93d3b430e49ba81542ed02e
SHA1 07e8b3a15068fdc483aade61b91beb73e57feba5
SHA256 e36a598d8b90f63d74f281505bf357bfe5cea52c92b96f2a1f55d9155a3b5f1b
SHA512 6e8615243f89084861ea8a8986d003c152e9433bffab46fa5f209d3749cda8041f85c6a008e86ce2736126d97076e222457b6a73252372189f2a890873399ec1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 7b44d8e7ddbf48ee8e826197598e9a37
SHA1 f24a9fe91ed0dc65509d38fecccc70d3f723b3fa
SHA256 b3cdbd5477af204460a472a5e196a033afd8ef146aedfcd2a903198bfaae98ed
SHA512 db991bc5ccfff913e18c5ae0e4906cdfb373731f6838cda633265cd3a15847bd5b97324a93571f376c7309fcfae0e2754b37e89f45a14a0494efb90bfc85b24b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 be59d8c958d68868b2ef289c0ad00a86
SHA1 eb48d8f090bd39eb2bd26e054de1fc65cea647ce
SHA256 d56c51ba63d4db1b691667171f75f43274ddb25ce4804f8a978dc681e1e19d3c
SHA512 249b43dbdd1dae154bdd3a369bbfd3def4fb3bdb2e02244b96c8c83b79895f40ac721986ab22d69fc6e4fc41ecccc61059137089f0fdf6dbaeeb01955657ff07

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 45fbbc0d5ecf7f6389c4b0ec77c0bf49
SHA1 6ee38764fa91cc68d62ad4af89f082a171fdb938
SHA256 f08730ada4dcdba7b592bd3d5a73ee7d78030c8fba6ed7d4e3bf96073d4d22db
SHA512 a913c3d95ee68fa3b46ee87685026ef527e46eb1ad945a5c18e62779b24d1724dfaa92e8da936e58268d1684c5001865a1f23dfd50bf545a1ce243f917c25fb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 951a166cad8bdcf7ded414db9f6bdbb2
SHA1 86955c195d71b9387a71d2caa6858aeada3e0dd4
SHA256 ee467fb1644401bc20a5ecca31bf4e095ac57a15cf7d122ff5672071faa2dc48
SHA512 b261fcf51e752d8f80a25134a78c8719257a53ba9acc8587232089490a0ee148e04163b84393e34ee40fc729760a6f73bc00a5b2b2b54741ebd803dad27dc3f6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 b324277a095205035dce2299e20e679b
SHA1 9526a340c4beecea7e2209d8a082da8500680235
SHA256 867836fff1d965a089d0bc8a23bdbab850019f17d1a67c9b502882a153fa9d3c
SHA512 a97a2cd9ae9749d73db194987858d3c7965e4132769f3fa950ce4e3fa081b32d4353b84e91a26563cd045bd89e2c5f82e3e4796e63b4a15f44fbd3d3844f0adf

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 125c4e8738f433a7b35655a34f14aeb4
SHA1 942b71df46d388b0496dfaebc6a97d5a496f250a
SHA256 95781df93c673755588b890ffd9bd8b920d86a74adfd760c31521da7988ea6d6
SHA512 c662977c58a1d7e8d487f228c9f557134299e089689e21e80655f580030be925f57f7e7b32750887287593a8a708efdc208b8627ca94bfc9e59d4f9652466ae0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 3180d455611f34434b5631a11013db89
SHA1 99fe283133ed4d4703d608346c5d8e2449bc42a6
SHA256 df354673f5b1fd0cf358b66684147c391e7adfd82de4016c0a7c508b80f96840
SHA512 f62da228bba58c6c4d5a1238958429fb49c8f1d5b9752d35fb309be99e4add963370b0cb11c6124a0e8c72ef69493a007f63a7b495717c98332bf25b179bfdfa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 749ada1a79102c34056c174d1ddad873
SHA1 c20a8872ab36c5834068c1e6274b386f31d4c578
SHA256 28adc840be329cc5c41eabb3df8d734a478649332304ebf7420eb3e772a14dcc
SHA512 e38c7f61786d08e98bb465fef37a7b85b733c1df7c491cd01c843c56e843fd681aa8bfb7574481cc7362006c145924942c2c88d0082ff0ffb6d20ad272deb08d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 d5e0e2c9a96295b05ef49fd492d5e433
SHA1 6e96971b805bd0c853e6f2e4dd5e0abe8e58ce35
SHA256 8a27b75bd18fc7e1a95c4472e6a6cc370ccb9a0e15750e5a71a9a1d607664165
SHA512 e3065e044a1ec1ea474024c6a1036e5b47cc3beb303adf00b0ed7f32494b4060d0307c05d3ba16fdfe78e75d1c45c45e9c316a9fc6291b300a810c856624f709

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 1987b7b8f563d7fd34c18126c976418f
SHA1 1d54ddc797e74914f18093e709ad00aec6ddb26c
SHA256 4f52e24e379d98e82438d68452d59cae4ac36541966df615e5dffd961c0d7693
SHA512 f9abd9b50a2f356da2cad60d9e83930e3dc8dbcf6fb9881a57d45a6851bdf18c010abd03d367fb70bb9589578619c8c0bc31240e68d162658886eceb381908d0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 38d48d5d19a84cff8bb875de7b08905f
SHA1 19bd6c11c1719cc550547c518e8c67acc6e72e88
SHA256 2942f178cb6dd24627d529c928ff9c9f5446f7ccc143fe42bc68255bec1680c9
SHA512 8a74555e2cd4ad50f410f6ed0683d624d36584b79b6be2873ab85bf9b78d5aba3a98a075c46198c6ae57520f2d3a6f98be31fa6404290b27ddf1a93c105e142d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 e676802e3cff7878de24a433edefd78c
SHA1 3966c4952c2bc86504d236da7ad9ffee19de444a
SHA256 da24533227f3444c43c16ebbf8971de34892d6382a42eb2267b3b4593cbde066
SHA512 43b131d065f51d280e168fa39591fb8554360f19fac918245db3ed04030d55d2a6b8d941c53e8f9ccc0e950c64ac2f6c58e03c253ffecc649249ff773cc54aa9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 45b1b42da26d091f79b3482b2b62e4b1
SHA1 efd78f1f5a67184472097d436288bb2e18555a5c
SHA256 e77ba93a713f4bb0efcce5ac3bb22a14c3aa9eedb294a94e27f6da7e889d6042
SHA512 a902456578190496fb58a08de5e57d8f8f688f808c5517418fbb4f4c0e229e387fde6905826a196e144c8d162b6679738f26b0dc17bf73ccb9a18c3414241e9f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 c48a2f75d123e9d14be82b928f95164f
SHA1 c4fd7f7b8d977cf7be637371f92d5f87a5ce51ae
SHA256 d22f412a45fd8a6f94b6912fdf0197f0fbe05511486a34221787b11c2d500423
SHA512 3f2eeae6b276ee6fb8932e8cef03ac4d488cd5e728a3aa64ac162b4ca2619b1afeb545e78ea091101fa274e5f6c70ddac6b8c0c54ca562e2d1da999208df7b4d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 c2d1568631a76fb0cabbcf883caaae54
SHA1 391341f179d34470e85961c36b6c47cd9f2a9a30
SHA256 9b5c625e0397c160014d296fad2d3a551f6485f69bbbf3b4dda69719521af6a4
SHA512 fa93947be6201807234fa5d8e0038532e621682bf46c9242e8a7c3c47cae20d373bdabf50420fc064eb4c357dc874b1a012246ac830fa494a03674aefc50b7ea

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif

MD5 4159f6ff6697b46188060aa3cdf4f72d
SHA1 ae1aafe6f2373aefd32d2201819406b07d02b142
SHA256 2708699f2f3c20c78a8d30a5bdd09fefe05a8b5a6458076f0fdf97f4296dcdcc
SHA512 9e66135bd0bf1324cf14f985f7bdf9969c37969269771b1c7d16ffcac8215a1cad59b19fd767770c0a6c4e4535360140623bbcd4ecd7f36b231d35ccd380efeb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 d1bcb0d833b14fd1f0fad81834e8a76a
SHA1 3b4867c1c3ad9c51109f70a90154db23374f1162
SHA256 cea7f5ac5e491aeb550fd8959fd3325c84a9b2a434ea448835b0bac5d9b2924d
SHA512 3106bfea44980ece362b2de8e15d7720d781707fd703fa3f5cffd68146b28631a1c252c899418cab61dfe32f6de5e073dac20e28b4297fc4f3721d787bb04363

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\DELETE.GIF

MD5 9bdf53a2c130741c413dfde717e6992f
SHA1 2ef7dd902c2add72d083e058d72562ef7702aba6
SHA256 78d0dd7fc0c1e5f4aaaa1a62a5275d99ecc49f5d42e927f96bfb53f258edd4c3
SHA512 4b458e3340bffcf0c21898c888bba4a16ee6f05b752f5de6129d984ea2225ae3922205ce4644896e7645d345b5dc47e18ca6430a6e73e9f1330fcd8c17905081

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\CALENDAR.GIF

MD5 48a1591867d068efd7412a18af168d50
SHA1 56bdf2ee29acebc76882b4b1545801aac1c66519
SHA256 bbe31cd1ba52b48f53073ff5a09029ec57c817cabd57c3059be4f1010f94d969
SHA512 93e08a0966ca6ba260d2a0f50e6f16a984d145749a9c379ed20a9af2ef6bf57a269b5448f23e4b1aab1e64296ad5c0dfa4b2a8eda7072c8757162b29e9fab6df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000002

MD5 14d4efec49eced566eb562d7de0845bb
SHA1 15ad6879331199ee8e65890d2eee51f4c933eba1
SHA256 1dab878d5b1aca566b88323f829d1657988497d55ae2c3cd93ab0522f4c19515
SHA512 9e92e32eaea952bee815240b931032957e73b896eeaf131532e962f2514c4df3664f0f5953aacdba6020f206a9ee3fb04a7141ca7b0bb3f9d0980bc673d80642

Analysis: behavioral2

Detonation Overview

Submitted

2023-06-07 12:12

Reported

2023-06-07 12:14

Platform

win10v2004-20230220-en

Max time kernel

95s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\06911599.exe"

Signatures

BianLian Ransomware

ransomware bianlian_ransomware

Renames multiple (7785) files with added filename extension

ransomware

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\DisableSkip.tif => C:\Users\Admin\Pictures\DisableSkip.tif.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\ExitSuspend.tif => C:\Users\Admin\Pictures\ExitSuspend.tif.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\RegisterMove.tif => C:\Users\Admin\Pictures\RegisterMove.tif.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File renamed C:\Users\Admin\Pictures\RegisterPop.png => C:\Users\Admin\Pictures\RegisterPop.png.bianlian C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-2275444769-3691835758-4097679484-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\PlayStore_icon.svg C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\ui-strings.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\CompleteCheckmark2x.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql90.xsl C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\AddSend.lock C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\CompatExceptions.DATA C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugin.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.GrayF.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\ReceiveClose.vsw C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\redact_poster.jpg C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sl-si\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\WPGIMP32.FLT C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\da.pak.DATA C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-fr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\ja-JP\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Bibliography\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Times New Roman-Arial.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423496926306.profile.gz C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.DATA C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\management\jmxremote.password.template C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hu-hu\ui-strings.js C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\rsod\onenotemui.msi.16.en-us.boot.tree.dat C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-focus_32.svg C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\da-dk\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pl-pl\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\uk-ua\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\bin\dblook C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\mr.pak C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\Look at this instruction.txt C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_all.gif C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\IRIS\THMBNAIL.PNG C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\JOURNAL.INF C:\Users\Admin\AppData\Local\Temp\06911599.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2128 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\06911599.exe C:\Windows\system32\cmd.exe
PID 2128 wrote to memory of 4412 N/A C:\Users\Admin\AppData\Local\Temp\06911599.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\06911599.exe

"C:\Users\Admin\AppData\Local\Temp\06911599.exe"

C:\Windows\system32\cmd.exe

cmd /c del C:\Users\Admin\AppData\Local\Temp\06911599.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 14.103.197.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 20.189.173.9:443 tcp
US 8.8.8.8:53 2.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 71.121.18.2.in-addr.arpa udp

Files

C:\Program Files\Look at this instruction.txt

MD5 46bfaf26de54de2cf393f9a6356aada0
SHA1 210792c0c690d52d2833e9b0077c4f71ffcfc2a1
SHA256 e7cf0dd9d5808c748208ff3fa4c91d3073643ff088826b4f7592b0f3867a2b77
SHA512 e60dafb09e7dab66c9305b1d35d81ef197a76753a0fb1c8818069bb66f0106224e0c6967d622364ec3fbcf181b890bff8d094ad586d0c7b3d031362652a389e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reject_18.svg

MD5 88d6c3add08665770dff1109710ef08d
SHA1 f0c0ae4ae739e68fcaad0b820c433dcaf0b8700c
SHA256 f6da09cd0b375f6c0f0f6a043ea69476124ef6b44c0e447754de2cf98b76001e
SHA512 e442623a7b144b0141212ab13ba3410cc93703182295fe83d7aabbeb4cbbebb2f184d4afa708160b2fbf7ef24bd329b877036da62269582baa825617788716ac

C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bianlian

MD5 4e00ab37b6b6096efec9a0fb0677112f
SHA1 62337f77c71765bd837a5f18ff387ea1172202d0
SHA256 56c473093abb83988a3820ed6eabbab60047f203aa82ab2bb8b6dc67aed822f9
SHA512 e281abdd046a308ea42e2bb5a5c53c34ad6dd48d09c0b280c9bde90d4254489e90eda75c9b6108f717ebfd18e643d2f5675122c93779e5f671bb3a4b00cea1e0

C:\Users\Admin\AppData\Local\Temp\wctF4D1.tmp.bianlian

MD5 9738a6464bf6348e2e822aa8d9baf894
SHA1 98f149c6d31f60f28923b105ea178a57ea457c24
SHA256 07d92d8f24dd93ea09c9613883699e9f3bbdddbf633c66e7e7ec788b43c64afa
SHA512 0e60db1b6e5d0bf0f2f7fe1eae22547bd430d147ca4fd850b7598a22e26a6e908a384437bd13e6b0d2956e1edbd40252bc19b1ab1ae481b5ff7cb72f8c9b004a

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690.XSL

MD5 e589380972e941cec676276177af4884
SHA1 a1206e6054b06c690c3198828692067f357ef850
SHA256 3e58bbaa45e9c5e28e74d2c6a8fdd5387ee3cfb9461ca4489f3f6fbdf14c0a07
SHA512 29b3c218cb3c8367ca62fd0acb05a5af13e58ae44be67679fb2ed7d0908f099801196f81076d0aa59a82bf8c53f318bad782669b8da4ca0230dd9572d62d3ef3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_selected_18.svg

MD5 38c48a9980673d20197b8ae19aed0c58
SHA1 1dd11b20e2f9f0edfe1b4e2db5c065b7891238d0
SHA256 8c8354470ac656a520190055d7c3241473236d54b84690cd150ba066abbd31fa
SHA512 dc993ff6542fa6b64943d658fb543142236ae4bf7a915f18f39a5796aabc5154e2986258e4feb2827e1c7bf47f7febf1b70dfa97ce9206ae894d7d4eb9045f08

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_unselected_18.svg

MD5 bbd2d96f4780e56687d73ab2cc982f6a
SHA1 850e196e8be30567d1f46ba77913207614278368
SHA256 458180f3f4fcc2b1d8a8a09d3fcca7d09f7d2d7ae889b2ae0c890136c1d94eda
SHA512 c7e0a4f731a48f5641764f30e36658ab75106ad666dbd335dd9d49507c7fc63ceea56d8432e8b8b3081cf18be9f5ed73b65e352aafb63a4d95d83185e1ac5bf6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_thumbnailview_18.svg

MD5 0fdd9805a84df1965e292532184f95ad
SHA1 1e1a6b104297d83a8d88d3082a8c2fe07a0c67d5
SHA256 191a19c2fe886f609ad82139df5a728f2461cf44c172787bb70247bb9ba1258e
SHA512 3e32e25007dc4ad5da1f18a42768a094344a69ff25e54facac7de0eafe5c09797f4fc9cbaf8f674a0ff4c4bd6df053622b296f1a458432a8abfaba096eb0d2ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_listview_18.svg

MD5 1554d2665bbd3d6bb5b1dd28d02b9de0
SHA1 7540496e434c6232c4091cbe12db6eb8e6600bc7
SHA256 69ce97e7ad7e40519741c83242a867031ad4f2a45cd7d94dab6ac8259678810f
SHA512 63ce94ddddf50414204912b5ee0e7c3bad04c7dea370d2a7850c94f8b1d95215973b668acea58e57d445827645f81f6f23b150366cf3abf63e817c277acf69d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_opencarat_18.svg

MD5 f9e7adcbc8f3c724fcae1b844c600b41
SHA1 7248e2cdefc90e12bd65830aba34ee2209f2fa9d
SHA256 f2765f6b65b0de36ba2c157355608aea67fd78d85266bf46f5b0db03ace19aa0
SHA512 2774caa1d9ea1e8c68235ab14dd34e1af0560cb5ea1817ba27b1efb66fdcfaa28e39d85558264885087a6f1e4b6144c556f2c143cbd02955d97da6254e18a856

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg

MD5 0da17798b584c0bebe302f3293563107
SHA1 bea5584ea680ee02753c3e06403dd516e2055c40
SHA256 f9f5438c5ede2f20c76d4585b93817795897bd1d08d182bd66978c4e5768ac0e
SHA512 d2f82c7f8fbc2f6fa914a40f1b580cdb7fc088d3c5b377907f39421d55e45098b933fd5d64187216fe9674f2182eb0f7520d1e2b68ddbf88d08ca65b1e123987

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\PlayStore_icon.svg.bianlian

MD5 cbad3e615eb4325fba697c7c9a93646d
SHA1 ed3487104d0789a9e9888e1698c62ab9efca9d49
SHA256 377008e7415f54f3e5a1c58eed1d86e30960df2284dc145b3948eecb73b86c34
SHA512 b1d4ac85f84b8817a11cfee5f11edd8bfe27f9ef831511d26419da0fa338c8a9abea8b9c3d601fb304cd40edb165e7a2e3cf09724bca9bba9f093b7e14299b28

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg

MD5 56cdc4797448fbfacc3f8f9f4da841dd
SHA1 78e0ef5107d07cf0889ddbb4199471b28932f5ea
SHA256 107ca7e26acbd6575e91f62e88a2f4c7ec5088edf2d144db2f7adebf3b576294
SHA512 d5fe3c1e71726b9a7d0233e189dba9f308206e11b98978ead2585552845a7f66b8a5ac528d053013fa00a3691a92a8ae8b538707de6339b94d63db2acbf85285

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg

MD5 956dabf9a02f8d4f4d212c14fa2c340d
SHA1 b343b65e9f6fc785c15aeda7164717425ef60bd1
SHA256 d6a9febd3743c40562bef47ad589a3096e25ae7606045af1ea627249716dface
SHA512 f4f4e7281b765149fcaea79b9fc71a35aaeccc5d6f5875ef7e5b1db87a7b0714a27f32c90f0e811ccc1ae53f2b20365d299c4a8ac938083eaed7a4853e5fbcb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_export_18.svg

MD5 86bd16dcffb45bed394985a1d458f2ac
SHA1 462406e6ce5e563f2085eebabba96fa68d42cd70
SHA256 2e9e88a6fa5d52cdf549416497ee7cc0cad1ce8c0ec3b2992a82da635f57d7ab
SHA512 574a0135ffcbc93fcd4e7463293175b233fe80f723b936ad72636353be4375788544c87f9edbe46d2a9eb5a633d90475974244afae2280508dc1ab1583fa231b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_nextarrow_default.svg

MD5 7c486c77b90af172eb08cfee004b799e
SHA1 7aae93d3b4b3a3058ef2c5517e2058ee09cbe622
SHA256 707a43e2f5238606b1b8573c69d4e6aa3f53d8565d74ab8f81c9465d34751ce8
SHA512 f31c82ef352306ee1d041009bc085486779d9c00a7a78f6fd1f04433fe644781d63d010cd0ac3de4a03f0eee2737d8c4a728bb89179eb4cf982483a34f77f959

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-default_32.svg

MD5 9504d9097d2710899fb9ee764369a38e
SHA1 4adf2d5b77cb4ed222e4b05e86c61a6f26c41035
SHA256 c568b2287c85fe5727572e8a2b857170a8b2be971166e591f384a6296a3eca24
SHA512 aa8fe3fca4b5990b72624ac7cbce9b710fd6e75b06a62206f6fecb7dd22dbfc286ca69779c097c3855d1cea8b71f57671566e812d31ad48b92600f3e85f66191

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg

MD5 d43439765c6e240f822ac476446f41c6
SHA1 4b000d5f8b0c34f19b9d11aa695eb1a3c74d4669
SHA256 acd56ae6c4d9ba3fe1a17f129e59f96a435bb2d712aa8afadab833073cccb6c1
SHA512 c9dd8b0c66762168b7873e3799e106cfb7eb15acea60494f69e00d695705852b663ba6b186d629d00cf1a6f263f9585918830a7d1179867ed66315c62a72ff84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\AppStore_icon.svg

MD5 6cff0953ed56fedc487cb74bc78ffcdd
SHA1 80e7cd9205193c4135e8e6e14e2bda33f9b857eb
SHA256 5b26faec5fdbd19068eff40122b2ed22657c28232b1055d492ecf4f8113ce715
SHA512 3fa0b74ca53736d11ff677a2a8613b4b7ed417cb9a97240df32424d7efb43d7cb2560e2821b7ba15e5f7cd93cedd4d44d23c19fadb285c3c7d4c4c09c696aaca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\PlayStore_icon.svg

MD5 db4b7aeb38fe91770c6ed22984899b19
SHA1 905f1e73859f895f61e35ab4f275aa54a6a6e91a
SHA256 fcad1861f2532bffbe705686efa17979417c4e0b661bf06f653bfa285d9a9509
SHA512 b78eaaed0c01e27b69cb4b92ca52c5714cfc97fea5e9e89b9f267ee190401ca5872bf272acc73405e41a8a268a315ed4e1515928eaabd8cc14a526adbd72a69e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\AppStore_icon.svg

MD5 64dfb83058a4481086ccfef8c98f57bb
SHA1 03f8b32a02735a1e62beb7e9d7c5a0ac81e538a4
SHA256 11d7ce98fa7ca746f8ed5989c5c65d9a97c618a3a4c782960f902643db413114
SHA512 0554775ec9ae7837071d8fe1f7f6904fd21cb1518f4f4f7e43ac184013974461c907e0a70e7021994b70a059b3b333e45d3e3def35dc7e43ba3c10da4734c031

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\AppStore_icon.svg

MD5 02b02eeefa5c35be77d3c052ab06d12d
SHA1 3afb1f5ea567accccd4b47906079c26026bf76c8
SHA256 c27a9cf438d1237145f3604e1f27196476f4e9d6a31a70cd291e186b29d48c42
SHA512 7b0d5a75ac5d35d3f5cafcc324c9b8a0b251d3f781ccd3b0efb7e35060797638fd09fab4511581a79ffd77ab5517bd86c05fb9739dbc18998346b917ab1aaff6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\AppStore_icon.svg

MD5 e7c93c9663be9fff7b25be8aa46abdc8
SHA1 1af218639aede0293fb573fa2c37a033aa1e72d5
SHA256 f03564ed795ca752b435b58cf29b4e42453a3f30f523ad65cc86415fcb5036d3
SHA512 80dbf35f9547d204786b33d3577937ec80e8cb8304ac8df43cf956b78830cf5bb29f85db5a0742432deafd149f7c3bd959074cc112b1297a0331eba2ba0b218a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\PlayStore_icon.svg

MD5 9b07f55482e1b4c8ad1a00bc01a5a2ef
SHA1 11e77b5707985a1f3140ca88fb5c9ef72b0cddda
SHA256 29f65e2858a2228b0d23e0c8b66b001f09725e1eb8689054443ed669edfc8884
SHA512 8782afc6d8645cbd1fb26ce01022451de4f29d9813f44514ce57af34ed54287da50e41110491cb01ba65f556fd7b2a9c478bfd772335fe03251edcc549bef3e2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\AppStore_icon.svg

MD5 a668d11a2eeb7a5a88c4f3b28eab2806
SHA1 20a65e04af5078008a66de8fd9429c9503cae1cf
SHA256 5504ed49c76082b653c3973f4b187f5db2403d9752895919db71fad0b7548450
SHA512 4ff4431c1a361fa292fba757c8ed14aba166048d14a8646ca53bcf3eddd07d7bc4fd19ebc1b44908156a7ff48215e98968782bf97874ae8dd5160749c9402732

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\AppStore_icon.svg

MD5 dbbdf60884d33d6d0a7838803c8acf40
SHA1 ed068d3919e4eaf2f6112ff440699a2750bfc77a
SHA256 a142067d0a204d5cb223014cfcef481ee2f0528d67276a44aa83c780a5b2ee98
SHA512 6406c40caab43b5f21cf3265be92dfae2c9613c8f77e5d13844b9321d127ae7c8947490e1ff4238c3d41011b6a4cb8f72a1d65fd0c351dc554120b71985c7c3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\PlayStore_icon.svg

MD5 ca77727937b25c967243ea3818ca595f
SHA1 75af8e9e1fa4dcc37ef08cd004ccc0976daa5fd5
SHA256 1ac8b061afb877c55d9079a170e7593080281744e784154ee01bb9e4173f29c0
SHA512 d04540b387b3c0e328695e45b6d5ea7a91669f2ffc4f040bf42c270266c897b4268eea5f1675ad22316f77bc7150420b975f1b76f8ad39ee458b60755a348793

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\PlayStore_icon.svg

MD5 050f10f6661a5b15eed1703556d78562
SHA1 a753bca05fdb3f07873169a605bb495c5efb7f49
SHA256 1544f59983e2334ccd9520b4ec6ddcc0b13126b958a57616bdd050260c79f5ae
SHA512 32fcaea6180e7d28e2d25f5fc3aa370160cf141c013c009adfb3aabc7e6a3ce492fbce8b316628ff1775e27b166612b670c343b7944148dfad09b28d2ecbe35c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\AppStore_icon.svg.bianlian

MD5 dd70fadf5e9e4866224e46e5006d7ea1
SHA1 49e874d413f67db5c04f4fb677d4887c81e0c1bf
SHA256 986a166083b66f8753f45830672ebcff7948996b4882edb8784588dd928efe21
SHA512 c798df75a827534238fa451474aad71b9017cf2ee0947c7cd93a400ca347c5c21efe20e20ef7bee25c8d722edaddf8b35822ccf9640dab4f430e40f62687836c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\AppStore_icon.svg

MD5 bf7d957dd69e9b4bf837ade5815e3fbc
SHA1 40260de4eeb6bc830b7c9814475ccd3d7d124e35
SHA256 07448ac8b273bc0b2ec414cc368d8e7b8bb6046e79d83bdd9c58b998da7a8252
SHA512 5a9abd7a005f54a46621423f91846a7d3759de8aca57879b22e535d65747d2b8bd1b9125caedb4a8dde8c0e7f3696d97b201708c98f08b0cb9b162b3d6618b9e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\PlayStore_icon.svg

MD5 f2429cb17a1f3ab13959f30079354884
SHA1 2b8cee49a87f26df27022c922570910cac3afa1e
SHA256 84ba17335378b4143b3aae9fa71888f62fe6142d0c2ef770dc9b988f305db31c
SHA512 5664f64948d74b84c188e04852e960c030111fda7b09d8105652d7373511835596301ede86d0da974ff6055a740153fb0cad14abbc840b0a3512ea8510c5c8e5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg

MD5 03c851e52443d3597b5216915ff9263e
SHA1 cf97874065002a32ae02e5efa115a19f335fbcb9
SHA256 9a45be0c548ae7c9849cc202769b900411547d8109b2934257b51e8f2581d8d8
SHA512 56762eb1facc8b4d79d76065a78680e805c8548bf59629ae98b9a74355ff3c1c9e62bd9ad9fddc104500a5beabb386187fcaab374e8f4d3584ebdd8b9a1f8200

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\PlayStore_icon.svg

MD5 dc24b80cedebeec253dc6e058e4b2844
SHA1 7b688b3f5e6fa9a1ff4f95053d1c9b4ce324ad7e
SHA256 6865e29dedf9334f35900b514e415fb465752c3eded4c65e6020248fbad69573
SHA512 0185689bcab0f67da36e1b3a1858464f0dc2ddf1f113773ef6573f0785bd541ebeeccfc3678a9870b66a370fdbcd3c30f8fdb8fa155bfaa3e29f61e4331c76af

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\AppStore_icon.svg.bianlian

MD5 b89732b3a03cf6720b07d4b58ab68264
SHA1 b6704e6cb8028fb4c088d406f034cddf0299e453
SHA256 71ba10a10d03f68a1ce8452290ab624ad5d367674661a1600a9312ee310dd3ba
SHA512 d5dc66a5427e7be69e4651deba7a0b6c89cab05a683964f939e17a18534ba606bb3f2b3724bf0c229330a3148c353753cf4e925dcfd525980c2de41e6652d025

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\AppStore_icon.svg

MD5 16014020b62eb375beab9126fb164423
SHA1 a77736ef357653050ba12a4241af6ae29710643b
SHA256 9d4395ba48d2d1fd99aab50f86458c95d365fa1abdf720109fc6e570b01153bf
SHA512 5fe5d641a584cab555da65ba2e7fe35ff0f5c1441ee74fffd88b2645ff813ddf29ed1bcf61ab582c9797d75014336514416b2372d37f91ee0fbdb305d664e97e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\PlayStore_icon.svg

MD5 b3a6715a882124cbb5b19626990f00de
SHA1 6c93400f0360ff9606da03a83f09348eb0907636
SHA256 855c2c5d282e9b3eac384136bfc996fa0a5b40333039190c3017b0f24e357578
SHA512 83a65cd3d20df19db934034152cd94684f8348bbc5dc89c03bbb81215905af1bfb7383463dac4868231a9f86d31b3322326942564ab91d5fc8f19021310127c2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\AppStore_icon.svg

MD5 db5f31cc71aa6ec7850b1cdf62409b81
SHA1 384087b18bf414cc72e2e480dbeca078c171d616
SHA256 29c4eb83282846cd5ad8490c6bd898fd795d455c80369e12fb0e823ad3343234
SHA512 214d84b6892b0321576414f72de083d60bc0515df713576f48318948424e87d2e09bec7572cd71ceaab8d3a0fb9bfc79b729b0e121efb88dee4e0065da13b991

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\PlayStore_icon.svg

MD5 270355442926e5669db291e0cd23bc13
SHA1 accb317c8141c930e5efc209d32cf1c7e41ced58
SHA256 b42789eb851bc9aa53ba5ee893552812ab412faef2f600a3617fa4df6a64b628
SHA512 dde3e0b72ef224ddb962097ec595374574b5e798cb078dfea4c97bcf6ed3b526f4e4a9c74abeca9a31ca286ae1a392ef2a4140168797c2aa885904f3a8877605

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg

MD5 1470b15f6d45027b67895e5e0c7353b8
SHA1 fe10f064871a01ea84f11dfab896e7e0eb9bea05
SHA256 b645d365a2e01b646673fdae9ff6a7defe7fa7605cf76db1e90a19c06954475b
SHA512 68f776a9aaf0f57a79470afbc22f83d75658d0fb901e20d536ed8cc0d33b207f3cb03794f4a81f9f6714903e3e037b9979ca96d24e1ae582f6f47ed48ce5367b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\PlayStore_icon.svg

MD5 c820a1c0c8087b5dbfc6e2dae08e8e6c
SHA1 a40fe89d2b8d8920ad49beeaf9fc9088b31ab142
SHA256 ba9f77a6a4d0a5124f5038df28d81936f5e1276c336dc03b52f4c125c46c1a7a
SHA512 5a404ded32bb2a52250f7a33f64e1a39eb4f036853f904221589c1c08c4098365d4a6b8c00eb0552b7794fabdfe7c6d7af8296c41a97b2c01b2a39a25949eccf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg

MD5 42bbdcfdd2cd7d8105105ce5e92ca43d
SHA1 063d34c4c46633a32e3def0e4d0d12a926dbcced
SHA256 77295d49e7b3e84a52ef9b9e2783c9d5c1364e22e440a2c47d9f6657c9158ef4
SHA512 861ecd7e4c8887c5627473a4672bdabb91262626cd38e6818590caa6564f8fcc428e18828c8369b47a2cb38c0b73c10a6e392239d7700ecf80af14cf17ef8086

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\AppStore_icon.svg

MD5 ac9ee8967c35a7ec666576deb2867c22
SHA1 df423a0995a931a4ba04b496783ca9e1e70582c4
SHA256 db7c8464a06f6c3828a2da9ce03a75485c920f132e68bd5295d3fd25a001508d
SHA512 595cb53a054183d5e40132d1d4e8dc7f5ced2e99af36e3e3fb33a47d17be62f5fea7c2082897d0c7c46a95bc04e7c93427291862108ccffb52df2f8e4033c386

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\PlayStore_icon.svg

MD5 ee0aadb536efeeae5147699edc00402a
SHA1 1241affb66595eec24a369987bb524e9968cc352
SHA256 3f72e5db3e8875cdacebd62cd455994e9e3a9220842fccee14112059624b3b29
SHA512 e4a92f70046b25d9e9292555ac73dda590c0c7caa08b89271924fb211835e50770f22f704cc854ce379bb5434573d1a133fa99a864f739418184f7e23d209e41

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\AppStore_icon.svg

MD5 fe28c86c7292d9ddfd850e903aef3ce0
SHA1 c822f4679a8864c1a96b4e3b9f3dd829ae99fb80
SHA256 e6337f82679825ab126275453b724f1d1ba17961896ad9ee010ea4428e228008
SHA512 9f28019bfc8f0a14da7be2fc6b91bc30053b3bbe3784ec10510419388b49ec9fb31573233448eca3b12f4e0a2170283c9d94e99750e9f754a86901b0a08a4a7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\AppStore_icon.svg

MD5 e96288646da561be4c319a122081880c
SHA1 138e1b17b735decbe39245f7c1f44e2e2db42029
SHA256 d76ff25d43ede174ffc77d6b3f8336b34152b5a31eba68cfd87cc8198e07537c
SHA512 9d66627a98888997e240155e4f73d2381b04f0115e075fcf2c87edabc72c4caab166e42962ba01b47234e732f8ffaaf0f86fd3ab72f05f18c353a17c045d1b8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\PlayStore_icon.svg

MD5 d34bde63e28723eb3695f0fff3124705
SHA1 f7746c76643576b722e1f9688e1933e9b4ca2b4a
SHA256 d09579f56cc5b6b5273c0cd7af752f9f64228ad0c3907d91c7b8d6b13d2bddcf
SHA512 9e6e079183607b5418dd51e046ebf3de2181ec4cb28f23c7460069f815e49f4bb1a8ec1dce713fd215b59373b521e183c11c7cd078d4eacbf60fda6fe491f7e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\AppStore_icon.svg

MD5 496e251c7bc5d5ad0e336a8b26d500ca
SHA1 0e44dec6bf6027f6321bbcfd972956ebf7b621d8
SHA256 b3cf4008d6c487233c8d44ee58f896e97aad137c84ffc097f2824c6a6b4a4dc4
SHA512 750d142fbf49efb5c154e5eaa940af8ea2231cdfb63dbea5b66b2efc935a13ba1034f5d34af3fdf9d9ebfc75beeba833c9e25396ce37ab8f8a063ca188ec16c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\AppStore_icon.svg

MD5 ae0266c0ab62a2332f74b6b4e8d8317a
SHA1 aa8990e2dde1f5dc574103ab07809f6d6ad8f1cf
SHA256 1b0c9cfdb0fc068a5674adcb24c6466f3fc3a78a5ec5bfe25dcc41262445a096
SHA512 82601dadfb2e82e589db516196a173a2a75116d860d638f021fb4c51d9a1ec356433ed1b16cc8297c54154060c9535d12d6625cec7d719491276b9f82ece5c0b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

MD5 1c50862ea408c17aa4028b29e79e91d0
SHA1 fdcb4882d8c0d21cff2f25b2e1e7d7c0db50d356
SHA256 7da6c375f4e07723b2b46bfa3d49f6057e7e15303683f43767b6b0b645b40184
SHA512 698a35f6bb303d424eb250cb8009f9beda0eedb42cbf4c941e8ae3f65daeb1f1e66fd56115551a0488c75892ca688c6805d98d509460ac36e1c0eec3f913c3dd

C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl

MD5 8377515d90075552cd59683fe1391531
SHA1 9cab295f8575fc5989fa047c5edbef5b0006b17a
SHA256 6e1c63e80ba2bb8f626623c90be5a8fdc2f3bec97bf08382da00a9cf8f92fd0b
SHA512 25426dffcffaa9846ad246d6ddcb306ee7dee6d1286d5185ef41ed3bc7a752d07a9b6303fcf5eed233ba08f9966626c6cceabf6baf3b3da63296e51cae00a8bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg

MD5 40f93ea6179eac0c8b2f921fdf03e3db
SHA1 d1d6dc11531b370941e10d5ee9868e6fcc635989
SHA256 270a8c4f0f6f6bd13d8528af3da67d8b5aef4c278d49cea70c88a3f9a3225770
SHA512 0969384716e99e624950f5e33378e1e7c79db93b312e1445509f3fa196c23464ae194307a60960f35b7c1b764893128bad4be6a6e56e1ea270d487d1d4216cf1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_move_18.svg

MD5 c22d9096f7f17db03d38d43c52aea3b1
SHA1 e0831052f5f748035938e80ce3bc17bea82a4bd4
SHA256 8536ac370cca0a27ffbae603cf8c32297ce8f329f2895a17ed9bb0d2917de7ba
SHA512 eca34fcf91da7178daa6ee5afcfb1dd7e829493513371f7d651736642a8d1fa5409da31726c1fdc3aa1c35f11215369908c895d807d8920488097b807fdb06b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg

MD5 95bca4dcdf6d640f8c77e3f2715cff6b
SHA1 19dfe1fb17d3341065dc2871b4b5667330fbcf11
SHA256 25c90225300c0eb56ad81cf3f3a8c975fe8aae33df43b1e137110bea4c2a4397
SHA512 fb956867a6c3bf052438dfc57f3757e57b0eefcee69e9ca56052500753d5d37f630f4abf7aa01da4e0bf91203d2e5e8ffc5e3dd11c65c18b33b7f3b885aa4537

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg

MD5 c4c774d6637f2ac48e3c3ed237a747d0
SHA1 2ab27f809c7500c4c07358ba31064b216856948a
SHA256 35f092e8fe03b8ad52989740583f2297833588fc178c18f2ea30344b8d2e1e46
SHA512 a17290c9e0fb0fec57f1e62168333d788ed64194e3a490b7265d68e058e9f3c6d6355da9589edfe506ad85735f56047121f5cd4f0445f0901426ae0f639f7273

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_rename_18.svg

MD5 860f78ecc43a69d919e53e735d8754ef
SHA1 68f269522637701abf56ec33e36f1ea55a61c7eb
SHA256 cf6d23b822b0da2faf9cf498a33fb0511d2fecd64917040b212cf732dd8d7588
SHA512 0486fab2bc8c8f7287a47850a97eaa34c113846edbf0c1c06dfbec11b4a57f08b014d414961468d6906202a5ce4b3e92d9a1bd2753cd43aa1b87275586a9c901

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg

MD5 9964792097e787b97cca94c3e645391d
SHA1 d22c2eba32e07ef09b2a969a248f197737efc6d2
SHA256 6c45ac7e74d285b4f4871723365cffceca2de6908f1a1651c6de2bd9aaefef36
SHA512 8884c11f6ff0aec9f7e559e9a6e6f3dc6904facf9d881d36fbbc4c891d8d66818b3c6dc332da5011b37ac0d9e909f7e5ad87142994abd293e5388d07e5b23f2f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sendforsignature_18.svg

MD5 9f0056cbac924e0ec4d4edafc69f8007
SHA1 8e13dbe71235ef50208390f0959c1e072c5b5e9a
SHA256 8ee55d21c73d79899ed0da3b5ca3598ec9a2bb6dbf4027445d895ff8b2ea19cc
SHA512 8858737092a020dcbba0a559ce58d3fa650ca1db4b7139338a28a5e3888098a05fabd24207994f2028a6df4647771b904081f7c9c527045bd6346951082426d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg

MD5 619f2a82a4d77cc60286087fbbd6c4e1
SHA1 172547e48275c9ce7e90f76e97ffbeaad947bcf3
SHA256 81b7dce5672e3819d80c7fc5645483f3f2c064d404f366d33c1115ed00a3f171
SHA512 d543cff70b02aab5f70c7c4fcd8c0381d9456872c3015dc1945b0bae123d9621161e7e6939f2e789c9942a5a37d61256a393783459519c694298eb4bc01f2127

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

MD5 e4b452d45a51d9497d480f5daef1a1af
SHA1 35d6880710e802be86f0905d094e3b5c7e7b814f
SHA256 77d712ddb5e7ccf7c0ea0eef6099ca05766033155e0bd29bb619fe2119f46bc7
SHA512 1f10526e114b5af7d65bd2dd34e9cda85af949d969b93efec61932e781ce5971877a4e35270b52abe23036efbd98469bd26d6aff802a6717cc88b5cc2300d70a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\PlayStore_icon.svg

MD5 55d18be747fc1d7ba22872db561771fd
SHA1 3ee937580a3ce24224f767c94ca2cd577f2e2d44
SHA256 60b97cdb424605cea907d609c4265e24a6e7f573b6ef2b633da94869fbfff69b
SHA512 ccd17feab5799e7b7296b11c8ddb3eae8fc465d1504a512336a3311e4d91a602145e05d187b0a7f7af7d99b6ef7a3f71673999ca5a1c30c58a207789fd5a3e39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\AppStore_icon.svg

MD5 fa346faf3264b768440305ea8e471715
SHA1 11569c7b6cb424f606f70941fb6cae5991ad0b24
SHA256 ba016dccb59bc34be68c1669a262898b709b403c1c3a48d54452d50241edcf45
SHA512 9c12e4e31038f925f3a26884ec1d02bece73d372b0f62743b8ca514288e8d72648de85241397ea6bd4a92c17c29abda921f0dd33bb9b8acfb1f35d697d383ddb

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

MD5 334382b27c824002fadafac05859565c
SHA1 9a4b14a84ccccc9d7ffbf87abee319ee3e26470d
SHA256 dab64dce116dcbf5c0521e347bd1e45a5d8e1e655dd014c012c72b086c7b33d8
SHA512 a0ee04056d23f63bba9f0852392ce1d49f8c0a904b5b9eb2dfd844a7148c75299a2d55eea7d245cf60cc2aebe741eab402ff15320bb69aec505b7adf903e3893

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

MD5 1274d17304c80f2cc057176fc2c8fde9
SHA1 7d054f198f924198791095ed869fc5adc6a6cc82
SHA256 dbce0083ad77ce445e5455f5fac5ca78f7574fd903255a9622f28cec77f30c15
SHA512 95727701ba0510bb3295e35fb544b850f3a5f0a2a24012b1ab6b8a46e469edb435669232c2e0e819c7cdc4f4d72a5514ca016d627417b619ebd35f006bda01bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg

MD5 a2dfdb4392dcb252acfd9c179a36a69d
SHA1 dea5b1c2e5f58442703e11f007043f2e448bc1d6
SHA256 e13825f9f174cfbdb68edbe0b6fc2d1554af93d18e0fd3d95b0acad9f68693eb
SHA512 689455e98d6525b419f0c648d8f17badc1948d40b6d40345d55dd52e07705f99a57734f7aac9263222f3fec8110430f412c5fa629f9393447abb76a48a220dce

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

MD5 6661df64172acc886ce13386e0044d1c
SHA1 7bf829e3c280c6283a9645406a6220c7d3dc13a6
SHA256 232907f8cbdfe06349868649e4de92d186528a5a85dde5423c459a72b504d0f2
SHA512 7dab8883702dc2570fbb4bfe9b4432249f27907435cbf930614a07513a08286a487d3b5eeb339dd4c831551def4822096fea374dec9aa5fb0cd63801d935333b

C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.bianlian

MD5 5da57fad0dafa418eeeb1aaea75205c1
SHA1 14fb341c612d16a90812b1f6a23572ddc1814c32
SHA256 e4fd8cbe9f20770d325521614934a6078869ece9c490c6ff605a2faf1b69642f
SHA512 e6cf58cd0e678b4d1849c080667efe92acd319a13e01c96a0b45d3963e5e735228c911276f4e5dad7d32b952f91fa0460ac2d8f24ae0e83c3c0e4913bedc028e

C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.bianlian

MD5 8e874f17958610123be86057b1764752
SHA1 40076cabb3b773b82f938015f0d2c6a7e47db0d9
SHA256 0d43d7263814e75b7da946843b7c21af6865aef562be44902a174275c2ef6f5b
SHA512 b494bf0c1cbcf54638a84f17ee98e7d34e04ee675830064be0b009823c5dd19a5ce5dddb09f70937a9932f05624aa9c8b654943629e2de8a31aa842cb6dc245f

C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.bianlian

MD5 984caa892eb7ec94a0fe0c29e9a79f67
SHA1 54184f692246b952e3c9071b03b622fb79f5bbe2
SHA256 053c402f2e087411c12add8a7af47b48d0339a813183e1d3d966f8d5d34dffd8
SHA512 e8ed856569c574b05acfcbb02336151c9e70028c9cbd3e552bfc16e41e1b56254865be2931f30f4428cd6ac41c32bfc46b19ff0bf5abfe3f0a8254a9cefa49a8

C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.bianlian

MD5 5e654b19ffcfc34c05fe1ade00389767
SHA1 590d87208dc0a998e2e7a7f5e33aed7e1ce71b80
SHA256 061bd02faf711dc7a3de9f48a169bf1522fa69c091433db1222f43129ebe21a0
SHA512 0ce4321c750beb78493979659dfbd663c449bb6613bc0f2c55053aa2644fc9a68778d319951c4a8ef45a94eb2d970bc499f6cbc3825270c291733568f911a19e

C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.bianlian

MD5 4af36dad71b9717e7b72102c58c3f477
SHA1 7cbcee92283746a72841f32b3c9ab2e44ac4b23b
SHA256 b97ea0f6b4f1ea5a5978fb9998ce9e290f778b7cc3a79985bb9013c3168e3a33
SHA512 6563364b4b8662fd5bb1e73b1455d40c36838748e79c1bb03bb42edee02504a48a18d4db52741c1145635dba5d40f310dccea3269b3e971a4038f19960fc4c4c

C:\$Recycle.Bin\S-1-5-21-2275444769-3691835758-4097679484-1000\desktop.ini

MD5 99f8fb971e6c5f17935076f119131e2b
SHA1 d149df87bb6cfe06579284ba6428e212c3fc20f3
SHA256 3fe9280f6b27bcdd81791ae59184daf51aeb30800529efa163793b53a7ad02c5
SHA512 8127d45767a8410528856f9ee261f729ee95ce3ece0617e7583e74cbbef19cb707269e7e91595047bfb52db82a78cc5fb39abe648bc3983533fae6212fa8e393

C:\Program Files\Java\jdk1.8.0_66\jre\LICENSE

MD5 ae39bd84f4fb8d6c032b34fb2a3d5f17
SHA1 27c1809a132b6aa73b76beaf46238a2fac57b5d3
SHA256 d1d926d5fd6d98fd0a8d1e47619a8dc66d57915adb124ad4adf7b265dc9251f6
SHA512 e2414a00887c9c80aabdbde89b89204266038981fe69dfdd6b59b2c70eaebe06097c44233869016571da6d3bfc1a8954d401a89cb7dc856c5976c6980567d33f

C:\Program Files\Java\jdk1.8.0_66\jre\COPYRIGHT

MD5 959360dbea5eb614c97ec4878396dac4
SHA1 578234ebe1b9aa4a3eb69718353dd3d68cd1f59c
SHA256 8f2fa2ad09179c8bd1fa3add554ce67acf594aa4f86f4f445e73012649c1b38f
SHA512 1f87d901af0df574e2263fbf64c9d5f7d0fdd47bb19d1b1a08cc81d62ae695a5b33ef41660521b977886f2000f98a3730475a796918466dfdccc7cba6df36ba9

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK

MD5 9b2c529bca83736bac2b752fb032eda1
SHA1 3fba6cbcfdb74a05da8682b1ac0566f39953400a
SHA256 25d82eb9b112389a981ad29b1edf64881a8d6603a29cad7f1b98af88079f6eb0
SHA512 bdc1d1a38bfad07ddf1a39da18b592df78f3ef9c89af176e0e590b556129f397c2e636952e5012a6037b887f6ab99b4b5b4391a68f1ecce2663759074af8d0d7

C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK

MD5 aa880d673d0f8f098feefb52cce18cdd
SHA1 4958b26d72b6d91e13ba03f70027bf41c334036c
SHA256 fd5df107f60119765abb01499f82343fa71765037fe58981633e5908c5638815
SHA512 a21a2290a6d00445fb2caa9eb109ea0a285dd2d02b9d6f939b93eddbe76094093c8f21022cb72e6b6c65759f98cc1545ee570f855b0b01d4f60d9783e491eedc

C:\Program Files\Java\jdk1.8.0_66\db\bin\NetworkServerControl

MD5 94df1bcd18a4108216a1efae8831564e
SHA1 6a28ccc839e4d5eba5d858c295c13324458b1e51
SHA256 edd0e924e35fb72b24c70ba1fca289e63a34fdc28e1f57fbd2787ee71381d0dd
SHA512 2c976030f528365ef6ff68419825456156c7f96c4dbd494775d10b92745f86bce68ae49ff6b73065022db8a436e5302c02349bce60fc71b69f496c7add699c63

C:\Program Files\Java\jre1.8.0_66\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 51cf73927e1330ab33a90fd16a8877c6
SHA1 019f6ff1cf9bde7c6754d872d676df9bdc900e04
SHA256 47d842af9fc97c6184b59dd8eefc62a590936f550725d415dedc4fa70874310c
SHA512 6328c27d5bb24534fa7bb33597703c6d46a71dec5b4cf3241c900a39c9f34f0dc8dd8e9156313d18e8e08ea126418a075e71547e8aeaf94ee1c89014e6d6789e

C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\vlc.mo

MD5 4c493922aea620a27ebc437c0be50f37
SHA1 cd6989043a24972e803e4689605a832a1d580325
SHA256 16bf2ac99b334132d6a583dc55bc4dce37637d9f2c5a45001d05be427d31fa46
SHA512 69820532ebe024ac593fefa799de2251173f4877eb06e8a6b33e3ce315a4b84ba1bb57ae7a960e24af0d70bbc9c5dbb5b62aec1f5ed800714563254a27c61604

C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.bianlian

MD5 7a37bd6be6e8a3d77fb2eb8d0eac9f7a
SHA1 2d9c1109c5dd336d9ef7cc8c0ab90022c7c8edbc
SHA256 a376014e75ff10ee7eed7ba6fc3c480f2203c1578031df594a6fdf2fd44a25c9
SHA512 1cd6f71589ae72c5c3697f1a59439daf165cc81fdb8b8d661f21cb2f9d859a07f19f18b96313733d87e7bda64464be7908b79cee523125d6b3dc6afa75eea64f

C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms

MD5 3d501bc7073b0eee0242e397b61927b4
SHA1 35cca1ba98abcb999dec0e06d75cb42decb5ee12
SHA256 ed0dcba84249347976ee7600b5c93d5fdf4880e7b7a35fc77fbae9d99de6b6aa
SHA512 68e7deceb3bd9ef97ede38377d90f92e8e6352ca86ed2a0869ad483443f35f225760094e458eba1e41c51136fa9e4541e4e00b505fb44c3b02a60af291267209

C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_zh_HK.properties

MD5 0bf088d0db8dbdf29bb35d4275f1fac1
SHA1 ee3f84f272f8fa34eff3701b62d98584c0349961
SHA256 7c8fa0aaf2b5a387c5f8ab227e871943cd8d2a1b307e315a73cfd84626463020
SHA512 f11701d2f3ab07f67f4a2b187cb5ea46ffe340795f190dfc90fb8016678c891af3dd08deb4d161aa90ecb0b32977d27ea0906e70aa3db45968fac0efde996e6b

C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf

MD5 1e15a5c5d59829c5de486f09d43861fa
SHA1 4972d7a37a7d9f05e3a7600b7d311cba01820914
SHA256 96659773185b902f4c4a23f77581d44502ae88dc65155849d7c332a76c934b8f
SHA512 9b914c2cb63e5398e95ae2f49790a578cb3a3dbaf56eda0b8a3a63c92f409b84c349ba1fbdd3549dadb966cf433fdee38c0ac678b1463771cd2a7910e01742f6

C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 be5e6407ff19345fe724dc01aeac78c3
SHA1 8e99efeed0b249916f045cbcdaf0e58256d87b8c
SHA256 75714519dce9aab1e282f840e8623036a6c036949f482744c6d3861ee36e0e16
SHA512 ef7c8f3fc88ebf6d640ddf676c35676426ec921470b2d766384f7ed63dfe0813a6f7f0e987aa2a22c90eedade13c38cb601d74850d06ddb2a1d9e91238699e5d

C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.bianlian

MD5 1d84f9814504f760d7a7ebdc9dbeebd7
SHA1 03478521ecefb8f0b7a422366f6c6a3dc122e303
SHA256 f9a220eeda942c3b7423d506a5a91a3f2a0c1ecb962e6392cb444519e92bfbe7
SHA512 5bef71f18ae08bbafcc957acb873ccc1ffa7fc26b35bf44355d7399af470825114a2f68b3b4fdb27d7e486e2aa536a7fb891d5f114c78601e2ebcd401d78933c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\stable.identity_helper.exe.manifest

MD5 58f65e1613ac44f14b3ef986d9988dbc
SHA1 addb0d625b848e71f2f74a565ca824bf5d7f504b
SHA256 b9221921b8e82bb0924c1395502885ad9740e93e7dcb2215e7744379a0dd765f
SHA512 22a2dda443480d55e4d4d6bf1764cdc5a5b4a676900b776f039ba3d59114634505357aac1dfe41181ee9234ef0987362d86b4f2121f03aeda4c49b773cbd3ab0

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\vk_swiftshader_icd.json.DATA

MD5 be6cb0166eb85477ffd9172631c644ce
SHA1 f5ba81f74c55e44fc64e216cdd61397c00a1aa6b
SHA256 38794403240b3b54b66233cc7483548f8b92a8fdf04965a3a9f27490c0dfd08e
SHA512 6aca78286e1438273639c2c225e4232f0b7563c0d2d8aa83ab13cea06abd3421702784aee29daf62d4c697012019515983cf1c841d40e6e591866801a151be3b

C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF

MD5 4a62b79d21f37ce66bed364aa1f91d4b
SHA1 4775194a08bb8d24c88d1473f430aeff6f49108c
SHA256 e75f75d7a46c73601af7594a4fe904bf5422cc37629f9b1ce8257b0152358a73
SHA512 8e2ebac127ce6ad5dc65b114732183e537ea6c5a51d9d513677ac7ae463a16c57c735908a372462c786f810c7cfbd0719083cc4ae9eebd1a0382dbcbf1550dc1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\external_extensions.json.DATA

MD5 d5f5c84c200252ffd202b6015e3c4916
SHA1 f8037b1f4a2be07fddb1fda6bf05bf6e80c8b062
SHA256 534300f5f50d776ebc32a36f8dfba21375e7f95c5d4a0046c3fc335e060e0ed5
SHA512 3e3648dcc1ae55c5e4c94cd8a214fe56475edcaba7e4d75f8711b7d5c5d46c51b1277dac1f3863aede902e21cd49fc573e8007971025ce261b228f1465e4872f

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\identity_helper.Sparse.Internal.msix.DATA

MD5 6bd9efd101a3d9a886d8413c182af392
SHA1 21c583325b484089ac4143ee97df0ded26d1b504
SHA256 706561c40d4897caa80e8699d554b616b650dab0e6aecbc1ff6cfa30fe3098a9
SHA512 e84603c8f5193a65d3af98559772c150cd3cc4c94be90e56efd7855baf8bb889bd8f0b9c1566deaf7cf04568f4345f3aa1a53b717340fd03d70f50ad830238cd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css

MD5 4a68869fb7ac05d47438dce23df95173
SHA1 2761ee9b23c25cb8b6ff832a5bc7baee8caa20d1
SHA256 8e14ad7aa06c018c6532369dd0f2af8d4f153dc30d84d411f69ceed314ba05f0
SHA512 9089119606e35b46f629fea834b8cf0aad4abc535cd9947e90df7437d8d810ba6f56334287e460e732abfe51fa1d71a27ecdec0224ee11b02a227ccac1f86bca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\css\main-selector.css

MD5 5c195d12f94d3ee7a82534509fe7768d
SHA1 8375da400cd7a3003c1521033811909fe240e34f
SHA256 6323c6864fd0f1b1fff940a665523860bdb5ca2db9605bb66871007f6988f0a9
SHA512 c4ddc3c3ded3933ac521fa36b512100561046afbbfb8a5c76547241e1c420a2956eb834276afe67fae7268aaddb0d7d5e669a264aa34d11234c3ec855ce57090

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\illustrations.png

MD5 867e65ad473c15fd02b484685975ed0b
SHA1 48af80815b2d7547fcdb97450d04dd6614be9f0f
SHA256 6f02089eb83494f8bf201c9cdf73f3bd0d05b2d7660502476c3a5f40a692be7a
SHA512 610ee6bf624115490f81da408f5e4e35369b3c6b41b70b1aba21835f9f89d51e59318f5470ddc4fb5713202bd056e4ff53d02731a9365f96bb981c8005f215b1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ind_prog.gif

MD5 6c2cf116dc6267eabac383e0bcd121f2
SHA1 1611b7e3c20a4369567d8ce7fa730e7b414b5673
SHA256 177593dac235e9abd598e01b3cbf6413f8e0060212caa0a90ea7130cac47d3a0
SHA512 b4758d1162ae93c6f5969fe9be6deb328b469b41fc1e2d9e97b83de72edf5a0aae4ce73a62c10a5e705b4b1f10a2692bece13d24248c3232e2b5a34625c25c77

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png

MD5 84baaf989189fa5d10caa8f765479719
SHA1 86f695fd0c9f5c17e25c75d4e5415a06f87870f5
SHA256 13c30ecd5cb3fa376bae0e60b274ef1f8c7529aac4348af39e82f7c5a12c7682
SHA512 e8a3d6706760ed00f2e18689534d9c65dd2d409f5700fa37d34be2cc6eba050a3bf2a284721fbb4c96789708b810422c97be7ece581b7fde9f104a68fbc94f6a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon.png

MD5 0ea30c28ba2272e01d3be72f4dcee260
SHA1 1e0211d4790c91fc89cdd24922f0b290c74f595d
SHA256 6531125b3ce896152ce923159d41e9e661bbe5dda0a3e2dbdd8a34675905a628
SHA512 8e84bdf4e96534febbe4449c2b4fdd9aeada2813af22c52456eed0ffebbcdbfa837af480bbc69e9d19882226e532398c20fc621f7184a005c20c602522ce47de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_2x.png

MD5 3969f9c6964b7ded49b794e3617ec276
SHA1 463a1ccd48e7028c30d000702558778aafe335a0
SHA256 b0051c328aacd1bb69798ccebab0820363a66f2c04ede8e0edba8db2ccc3acb3
SHA512 24077a5916244ec790042fdd94ef53879bc92cf45960bc4c98ec1b5c4f699fe45f0c02657dda12731c90959beb1c26732979fac050150a1f788e938ff217781c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\main-selector.css

MD5 ad5a59d647f231e516596b4953cfe377
SHA1 9aa47e5a5850273b130328eed39e7829968f7f55
SHA256 c106547271647f90912af2e423ede42dd39ac6c93e69c4cad0f191da13984785
SHA512 3de726edc4f279ded347af9f2cc0d7d36a1ec714a97c133f05bdf5e710a28103c8c7fd6124c8a061dc2833215d3f81aeae2e849142c511e0f893132fa0bd2aba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\rhp_world_icon_hover.png.bianlian

MD5 4aef93138f34ee36fbf6ed53474b47a0
SHA1 413dfa8730f967d9e90f341bc174542e78fd2379
SHA256 e7ae72e0f19159e3e9d83359659b2d5d7f4669ed61223d46f438d8aa14e4df7a
SHA512 c476b42051f9ce2567da29ffdd38eeff0e369916cca799d4c42e67af50f6bfd1488c0c62886ca16b607471d51a269e2b26fdf5d400a8bc2d14931b97dcbcdfdd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 891ed6cc2d3d61d4d1a5d2cfa7b96e55
SHA1 dc6df31a17db46cd903c7b0442d9c5b66b9e8e59
SHA256 8c122dd0ccc7263d0bfb823dcbd81b808f6db1438d35dcbb5de1b5bb90a72bff
SHA512 87a9f1d102a33e79cb118d43d189887b218d165cb5ae24f8037672cdba8f2c2954da96afa74c46b79c721f67cb45ccb4e2794d4b65bd16c5e7d24d15314ff502

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\main-selector.css

MD5 120fe3b4e713fc7fac9f857e401e1669
SHA1 26714780de291f0323c8d6cf75432c6f37f2af95
SHA256 c5367a15ee5fd29ac8cf37bba3c559581f85b305666eed88d7561586d32cfac2
SHA512 7cab57e16fee297fc873d9bbdc916d36d4f5ac9acddb5cb58fad5ccede3853e7829b799c5f12a2e2ede3040b898d044e0359c09c6708a717852484018ba5e654

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png

MD5 b6bfad59efdc6615e3e171d5decea344
SHA1 dc7ff2508144a0c11ffa627f3d3e1851d28894d2
SHA256 e98b4f7b930af7c1a457f0aeb548e8ed4c7f2e7de931766aedaec90a228d4803
SHA512 1a22e695123820eaf71555702b938bad14f15f539dfd0b221164b63c0db704f5f371c3ace6bb8850b4a266e80d01bc03be9efeaf77b7ba067c0a607ab55504c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 ae9e52b33e1941c3dc171fe750ae83f3
SHA1 c3f47f882232ef0603a5a65e90d75c6683fe11d6
SHA256 19cb8f1d16ad20ea115646b961f5d172ebd0f812c23106e84c2e9f4be720fdfb
SHA512 4204aee45a4fed29370a77959b01f815a66dd78e309f6327afdc69251501a752e1982c7824f0d98cfac5ec6278a996c0220d5655876d6e9b08c9db1f1a077ab0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png

MD5 6c256bbb91dac04dff7b952b1d9e6fe6
SHA1 c51dacf8e5df88e5ac361f7092427f8fcd2d38bf
SHA256 8753daa3a49f9a48ef101b5a229bcff792302e01ad4a5ffe5179078b1d0aa6c5
SHA512 bc62dbd52e722816d8b9d86d77b85a0e7826916d44218dc8dd7ea39bef073a0fabfdaa12fa46b52de85be6c0246a7555ff0f26c5761ac452e0182b9446b724a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

MD5 4c1b85d649b570353bf0e9367c1c9448
SHA1 ad190630f4e55da2e549864928ddbdd48d2f1564
SHA256 44e4bc5ba18ebed6983a37694a57f46554d68a03b1c685dcae7fdfde5f3b578d
SHA512 8b41adde0fd4caa69ee7e08353891a856c01fa9e2067e2c6bed4fcc55b6bf78fb393be5060bd963c68277afbbd97a7e714447c5afa3ab099fa981bb04ab41962

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

MD5 629bcf03c469fa0fccd1939232a86307
SHA1 3b4beb20c9473bb43ee2721b5f8e53d1fc7cf930
SHA256 c3a941d6ded8e22ae6ca810b3034c0b0ef92ac62b6fd2f2b02272b7e36068986
SHA512 8eac03c5c3a7dca09785a7f9b9984371f12e9108fede5b61b41ac649836671213aabf71de2dca68df5a73651ac7d790ca1a0fd78e9709347453a651626703de7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

MD5 b8bbdbd6cbf832416d47c2213dfe0b4b
SHA1 457aa4b59baf983d3406054c29d9f6b64d2449dc
SHA256 f115236ba5d42c59a8c344476aad197275c0f245374223f0fd728b882ffbb3ec
SHA512 ead65af1d13f84b794d52b5b241048ceb6d81023b0851890446922a95de55ca260b6a9330a1c997bf0b358e86c9503b71a4fa740aaaa12e4d0e2d5be98b70a24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.bianlian

MD5 6c29452d9b4d79aecad96a4594ad8dc7
SHA1 88de380db59124040d7c4008ed50ea14d546b869
SHA256 ed3478bd058a7c063280bd88857445258f826035fd9b532f2b443de9878e31b1
SHA512 1b6e8ae2762e423a0f6082a43078198371626ace67a90eed47ee19f76169bba9bf913abf65f0f484ec8c89a4f87bbf5fa7c1d7a462739998ec186d45aea49114

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

MD5 e0820b7b20c5e0036440dde2a3fb5d2a
SHA1 34a22d0729557e43c9658fd1829bae31b1da5a87
SHA256 11520da86c5d3b08b9533f03670e7df0c78eb92cfdcf96f88cc837196e3115d5
SHA512 2eba23ba0bd2f2a72a8fe1eb0650f9b223294e929bdc5ee3168a119699150f75c15a764acadc260027b3dbd372d007c9532473a3b96f41e5b756d51670cf85e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.bianlian

MD5 6a0f55ca491daa90fffc8c3d307a7090
SHA1 edd768dc5589d3e5df1b3fe1bd6115efd1eeed68
SHA256 bd13ea2b1e3a18318f54afb2f3013a5402686db5a220f46b94f9ece615597096
SHA512 d336a6f60f81b94f7883ee3d411e652ea9659ca5f283770ccd8edb401929d66ee0903f7f14aaba3dfb772a90c687e2eb38863d5c24fb34fb3cb5582ee1e7753b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png

MD5 a4d7019c353fcac90f39ede5401909c9
SHA1 0e5559323382cafd6a43b3c2c8982ac8bd50ff17
SHA256 cf29cf751a4eab52c2c2b34b1cc9e944920cfddd98710959dc33f10b4a64745a
SHA512 6a1dc35c9daf980f9ef6407ebca2b10a236b3ec37b49b7b41efe0d664a51f9966c041cffd79ad433a0b4ce0aec9473fb7f4febae00a1ca799444478f232b320f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adc_logo.png

MD5 d2db7577290da1a12a2bfeb3894ea402
SHA1 fe9b9620607b7f5bf586e8d6c201cf505eaf087a
SHA256 19ef0946680192dac4e2c0dd777ae5e46d75fe8e9d760e95185c78daff109237
SHA512 5392fcfb5ca8c81332b4bb1287f4457c2a3846d5931afc71f2290bd6bf10e169b72b2e61c872daae72574f75e9b3464ee7b9addac8dae227a1904ada8aafb53a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js

MD5 171d5456cc87fb20d7f1dd38daad62b3
SHA1 aa84ecd244ff07b24c5b92eceb4b5e4c5c0f0345
SHA256 d55a541c0a7c71f23fdef261088963c7aa9a646d03587e4513ecac543487e0ae
SHA512 bde20969e17304b4f75461f8fe3b2f55cbcf298de3702879de3af184b98cccc8f6be13d02bfbb4b1bdef5da2e5b412feed71043940f6254b1b83fa39c548f45e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js

MD5 062af153086d50018cd73a5bbc32ead8
SHA1 19851f070fb1626066b209c6d01d3ba61db00c37
SHA256 ac07c3281685a3e50bafbe9205f31e3f4867776b67a98d0529bfc63de2707d2b
SHA512 8ac4fc16aadf129066533cd9773bd2781c0369b77cda516a33056e843adb5baeff9461f3372ac23ce5365a6177c2e75605254a17d618a6373dc32dc7aad10c71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001

MD5 9065d6132b138fc7e3c0cb55b0dff8de
SHA1 c482f8a4dd2e7f2fb12755e7baf6ac03f6c1bc7b
SHA256 bb73e03e7f5c15837e6b4f3759fec3c7c96d6435d01217c89e23852a42f537a8
SHA512 6b2ca68b9d640f7ff04499e29dc35f1b8a4526ca0fe343c2a770e891d2165d7d3ad6a288ba8e5e80ec5ccb0b8459b4dc66562c249d461d670676aa2f8b9e66ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

MD5 f0e72ca43a270ca19456161bdb9ac90d
SHA1 981e8d01f43e8155d19525c0f7e51c7d57b80e18
SHA256 0412260e9c51c3c37578274909f7f9f3e0113e71d5230fe83b0f3a0c4254f625
SHA512 855e253f50ce0ff139090544ddc9c7286f9ce40a8f985c10d964c1efb056ba5beb1fa9a9a834fd4c9494c676dc8d6bb65fa4e40cd1e2633cd8577e1963590b82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ui-strings.js

MD5 b4b7ae30556ac0f5eb52ead06a852019
SHA1 6e9048ba47449220429bea17d788da56eb9655cd
SHA256 5caac861450fdb27029ed387d8a4020e96f0526546e747c3ff73ef91f136d737
SHA512 a396b7384585fbc36730614964e96ea12ad07f87b9d5f7d6008ecfd46b43946120b3f51434bfd7800e0ae0a8418db6a4b83acc1bcf285bdc5cf70c048b2cb1bb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\bg_patterns_header.png

MD5 29bb72f91f7cb949ed216effae6d2ea0
SHA1 316ce2f1f9f4238b82c50473673727cfcd214e55
SHA256 6d4c8d95d7625ff1177173bc90f73a1103a0a84a12db66b5144713aac22eb987
SHA512 b22bf40a1b61fdd2dc2732b1e83f04e8081797ba612b9bfa47f9314e39c870448af9d6c19cb847da1be08fedbe47e739775d2e2af93eed0225469eed949ab9a0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 fa03701835b9c33690d758adb92f417f
SHA1 3ca0c8538bd7683cfaebec4e42d682c3a5ac9508
SHA256 7394fb1a8a08931562350fdc41d2e86b020e7c7742980b73bf63baa3acf47ef2
SHA512 2151aa85daf026816fbedd68f3f0f937e21c2ee29084fa6e961b3f64e9bea7357efab901df5da60ce5e495505da874723c08de69aff7238400c575cf1926fa23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\illustrations.png

MD5 864346172419125627f8ba11f7d5aae8
SHA1 0acdc91171edec2846e2839be52bcd3a244e3f43
SHA256 dd009c9d84124ae3ae01e6f85ab38b1a16e40d0d72736a7832fbd24bbc13b419
SHA512 21cbe678b8d9d9d2c810991f2cc5619489f6577d5f6ca9e755faef204da3b2e3ec955f3994824a777751d4438aa021f0fe3bdf285ba2fea605b9c3f24532c74e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ui-strings.js

MD5 bf7b9b953bde86ae04fe7f806bcde2e8
SHA1 d4e6007749785842e40b3b3d193154a74d36711b
SHA256 59a1a32268be71340f9dac0680141fa031c585512a06c27f6ec2377d7b358d59
SHA512 a0534c2f8fc8aa9c3d62707469d5484c3f654224ba9c3f7931db92f40b91baf37cbfb98a59b26c8e26c4effb74060b63ebe18bfc92c8b57f9b9c83e41350c231

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 14826193880a0b9d64055171b032d164
SHA1 f8e310a2066567981ac3dc0f805ad44f0083cf69
SHA256 5a023178127d374749f7c97281142b210aa3687f1a0be0fdd270351afc35d4fb
SHA512 952786827fdd4d2f817294bb82c91e5bb90336217d53e00eda188b75b3db3ffd7c7e9d44d5ac79e968a6dc75239b13ee1221751102c62a9d706e4216dcd35397

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

MD5 07fe6df96c5bb9fb8266a7a359a05a2c
SHA1 18a6a1e2df9b86714c70dec2cba52aced27cff40
SHA256 da25a2c85d5608acd5cbf1317eb248174e346d081b5bfe7a4d5a34a8df32400d
SHA512 bb3f45bde411150413cd24c34e6b5e6593209c0dcfc5ecd0ec27482e30445b4a3b7a6a47a02c2f1eed39980419c68b8849dadaacc8f50032970db6018e2f0a0d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png

MD5 1dfb706beba2c8932f7ef509db42b3c6
SHA1 78a3814b8b7ade288dcca6347d712413ba290190
SHA256 6a516bc1e85cb0c6b86f049d6a855db7b858a2a8cf1c31beb4a59e381b0a951d
SHA512 209c07a81950c92afe3bf20a9c81fc962c898d6691f483c3efcd4d4b24ba1c295d1a33c790fcf3ff8515da80a559ee569461a491699c729ca37cc66b97a638ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png

MD5 7cfc1e4ef35d707beb07cd04f1d8e7b7
SHA1 03ce53cbfa26c62f1c16593e7fd94ccb1a7e0121
SHA256 74ceb8d8e01439e8413f7d0cabace5af3cb1e26fa10921d09a510ab20f4257ec
SHA512 de78cfb668a0068db486c9715686fa2bd9d63dfa63d89491226e465e48f6596960bbef9831af9870245b72a4be1d99d7208897a6d086f0a5d100926eed5d28a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\ui-strings.js

MD5 edfe9116b33c27adb7015a45a1c63444
SHA1 f93a93521588d4cba28f4f8287d232ef7a7329dc
SHA256 7b52c040fe9845aa5fc528d5c399daab8ceef99955d772281cab36c3e69458d2
SHA512 47f997ca22c0a9ddb555f6c9072a0e8d9f692e717fb57e18e17546b80d69debe3e3dc4b4e54f85a27eb4f2eba12ada4307afd0ff6543e3d72e2a8ab5d16c0b91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 9df1297ac5845f5d576551c731f6ae7e
SHA1 b1afecde461d4cf46eb0e3a23df0126178c2d7d1
SHA256 fe776dce2969b3c53c8c2b0bbf707fbda13a3e97c0482ded99360ded22215ff6
SHA512 ca09652b39b167cbff852375774a57e31284b1abad3a3b7c553c23516259337ccae075a51490a87e8face036a69f38ddef7859d3e72527c9ac6dea7a4cf7c600

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 c6043a16ea589c2e1dc38bf3cb34a468
SHA1 9ce276392777a45307f1941e72ab3e0fd7f92ca1
SHA256 dd5f74d4de7dd32f361e236221e6f67e25169491c519561d3119af054fd1c187
SHA512 d333db37f5c899a37f8c1d5a4172fed4adfc1dc362c6c88802ea9bf9f3d2570fab4b5f57e96b8805ff4ba7bb79e1b58b2020b0689e419d9516fcbe9ca8802963

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png

MD5 65ccbdbce1db3c55a5fe4da364be5806
SHA1 1efb416dcb4c12cc90a7071aa5e8c0228a789eba
SHA256 f9ae72b5240619b84461350983d1da15ad5413c29c11ca3a8928986bfad191c4
SHA512 65a03a64fff84c76002615f17ee9e09989c55c6d9bb763d339fe926fb235886535e5f29e6e8932b05c6865212d893119556577b27eb97e1010fde3213e0ced58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png

MD5 d7a390cb7636f283385d1530b20be581
SHA1 6b94fb9add69a7a13820f2256765b30f4dcecddf
SHA256 e948f473fd22d538b503d50f5fa97335ba9106f363721cd653919c1aab43c21b
SHA512 c13545adfb3dc8e092bc95b0d83692274791478ab24d60e503f06af35cdd21b1d307180294b413ec9fa9aaa4e9c9cc27265cd6105d65f0d517caad0e514702a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png

MD5 c531d77ece274cc71f6de457d2d52a06
SHA1 91119a0de284c486c624653da53fc7588ea9b566
SHA256 66e9d384f0857441d5b903b1d59f731003adf27878e4de8389bb5bc4f64fa4f3
SHA512 6e8933a89668d0db1cadd1fef00a492aa538e356e702b24d1544872291a65f66e7828c50ec2735a55de1ca33e775e232637fbeea2575547f69e07369c7c7c15b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png

MD5 c576da094efafe74d967111dc3e4ffa4
SHA1 e90e117ae6d282713dab43ed92b135beb14c9f39
SHA256 5c087447f1fbbc8d50d241b5d6f3e45697f23f435202d463607c159c5f5fbc93
SHA512 88aa10c48f392a52a9c3ec37ab0d72ba43f4fe35643edd9d2f472241f562cc2996269f3e27bdd240901eb095759da6524b16db2188a44649b7b15d429e824d63

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png

MD5 458c5263feb5025933b4746b40cfff5e
SHA1 893321f6533206fb6f8b436fb7f2715b2e987c0e
SHA256 220ccf821fa77442afb6a4bcd2c5c8a45763daa842e684be713e6cace7ff65b2
SHA512 42586cb06fb9c5952d9624f5b5fb6b42936571d93cd7fa14fa388e2305eba93cb61acd313d7ca63a6fa7286ad9aea47a75bb25d296f559792ee346264d2f2e0f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png

MD5 d1031c4720ae917689d0b7658b41ed47
SHA1 a1dea28dbf6511d29d0d9147636b5304733efa3c
SHA256 5988313a34878eb4e36c6fc3e85e76b795ac9099e36356848e82601beef93a1e
SHA512 ce05caa7b68807c82f3c6f62ad223f544c67033c03cee1129799dcc43710b2ffb5eddcad9133b7c3b94a96df68e7096c77e42e61e07e537eec1cb0b9b40f60e0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png

MD5 9fb73372ea2ea311c344704e6584fef1
SHA1 7b7257e9c7e14153e3a74a45ca3951630f7a7c90
SHA256 56a339850e4c37d4e044a4d2a3402b1c1549d90a7a35bd71e0589c80133daab5
SHA512 eb86ab86653b9c69bae897970685131c73a94c6757fceba11304342d99450f998510c6e6ab05dfdb9fe0717e1279a9e90e88790cdc968283482c67056984edf3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\ui-strings.js

MD5 4bb75c678b7168768b29830a18177d7d
SHA1 df4877bfc5c0782ec77baffe2e6b823865bd9b6a
SHA256 1af339bf0dfe3139c732d74f070c3e37f885fee9780e68559f5b2175cd15a594
SHA512 0be5a54fd9c357713cb5d05c0e6835375511d7744661d22e06c785a9c7d6c807080161da630e7c231e0a10eb0d9d26bfcb750be63991914c3b78e4521451df14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js

MD5 3550e6fc17f707c58ec3bcc983d8caea
SHA1 bd684bc850fcaa8dd0ff29ba20edd96722af1807
SHA256 6b8f38ded3f72c968499d26bec16815bc671a030361f42adc245d1df7da3f6d5
SHA512 688740530eb9a890c07bfb1de9384b196912e5a04ab4d950ea3d6b7697bf4d3b483868c9401ebe5e9a7c63049edd7ede031c080a1b8572cb28dc630a2653ee49

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 173d540e0e4a36f59aab9691e7666a01
SHA1 e505478ab23a8e68e622a547b4b852b25ef5f47a
SHA256 51d9d56edb9d93566325fe566ceb245706648e35d330af526285201d0282c8b0
SHA512 b5c9818af5c810eacfda1d7822d417541bd2e24d0682340d6e0577629024361576cbdd9d6f2fdba7f541b81b675d8b24824e9d9de1af0d9e67f49985b52866e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 e8d2f54a6211fcb83425beda6b17abc3
SHA1 e570e8c90b06552a0d4a81765b35cab7e4eba10c
SHA256 c449ead4062e1a194282c7cf54a41eb5e3b0fb3403de0b7d7066179e3eb3fc13
SHA512 794aa1e288662c65509406c9621a2d8eac5e2442768719865d53219a63d35233c68a31230e6ea1431dd7853d08ba9a083073ece5102a9fa5a12ff6a4858c8c7e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png

MD5 a8654646d895136276f55c5ba5ca3a71
SHA1 d8dd2ce049398ff07d6ab205c08002f033b7a765
SHA256 df945cdf3e62ecb3b68e5d74154094c9aae20824568c82af38edf56df7636493
SHA512 3b43dacbd47bd9f7f5432aef1706edbc214b240ae9d490fa371f4c24b6c9aa7ce8039e7fdaa8caa616d2be93f6363a1de30601e69be1fd057b93116c41ca9938

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js

MD5 78dd9d86b96abdc68a27e578c0f17102
SHA1 44ddc6004f488f3da972ae0f20e6f194c20b4e99
SHA256 1984077936ea56477d86082f575682820b694ca3a317117292ff0679e3f26cc7
SHA512 d20f7e83eb91c6dd5885127497f24979eae816f746395f06bbf39bbaa97f156898e0a7c0ea668c3e70210bfc2c65c99155a5264bb98d4c374ad1921d11178172

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon.png

MD5 7bd1752a3701150840bc07ac45bdac08
SHA1 fe31b11b77042b287d9a7e8f7aeb2613bdf1886f
SHA256 273381572fa2b2445f1f00c0deb8b8bb4fdd0d3dc7d4396d8f68607c77881b37
SHA512 2c4678a96e0f73eace196f41753c9d314ecb9d16a07af997667b57c976c0ee26356a6beaeb43801ae9ac2657e5a808d189dcc60a4749f735cb3b26ccad5d53a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png

MD5 cbd690772694993bcdfee86f42db207e
SHA1 985bfeb41f62437b4fa64dd704a993323063bfc8
SHA256 f9443619bf8f3653dfa3cb29b12f70a1c3629672d0d71b975119e42fc6a24da2
SHA512 9c2d8714cb1e4c636cb4ba65c826a179d7895ccaf360f20f06ca25c0f397ad6ea8ea19b255bec8b46c76b5250104ffb828ccf06514ef07b6f0b3934640ca59c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 12259718bab7f608a6712dfdb2420755
SHA1 3418f03ce11c1fc96c6d43dfba72925c625c45af
SHA256 832604eae94abecc6874ddcf7b2ef37f404cfc2d7975f05052a7aa3c0dc6af96
SHA512 8539ff04008237dc54eef9edf7e180aa91fde73cc951ab7989b5fbcaec4e45328059095a85efd54d82f07316a3882c2751bd079ca88eeff03c6ed84467507d8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 372b26db538d5bad3a734dc7e76352d0
SHA1 6c8fc073cc4408f552901b2a0b0188795a403063
SHA256 1b758ab68bf7d24ce6c9efad8e8d685582465730d8b072d2641cca3d246fb764
SHA512 ed41077097d2ae473fc3272350fc70572badcc3df45c339df0f0eadc0a90a2b961320a814e7ce77275d741e8909cead83ab15cc4ee120dd10275dba83c440778

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

MD5 f38c0de741bf2fa97017980872d0633a
SHA1 3806e46e2388fc270d3fbd9b40254379acd2ab2e
SHA256 425496d17954b0b271f39545d7c6437fa63c4c681a1ae3e31e19822d347be720
SHA512 550e6f54ed6655db90a2af17a6b928f87d824cea24acea414e602a9848e29e567559b2a33102b399f12aa406bf8a369739af3a945140d34678cd54b90bebc6ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

MD5 9c31fe35a2813695f7c184a8c2e684aa
SHA1 3d7d61fb7f4ce912197e0b9d90560cc0c569430b
SHA256 39a5d0401bb7a6a5b28aef717706fab57cb24295d013e57fe5908194318c5344
SHA512 8ae42bf7a04db19be80697363a4d05dba58056d03f8fac0ac6a51297ed7a8b2a4c8209a95de8ce2277fca68d31ff60927337572c05da946269d6bda962eb90b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ui-strings.js

MD5 58d3668d44c74fb771a1de3230bf8e7b
SHA1 e70b1d1cba864edca480651bb3c286c84aec7e4e
SHA256 683600812ea3d28d5f0b7b2589dbb70f98c600b5dc058776817e858cfef35187
SHA512 4480ffc42001868e4b10983030ed3c7e24777d571f03657a1b568b355d14e05785449378b0f7f85b44a649658b99e7071eb94cfca0cd554c5881358574838759

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

MD5 3ecef637cfcee7713e9b402e74148c22
SHA1 51799988add32bda2ca1f6f3026b43ee2fe57b9e
SHA256 fb707eeef8d9b953403fc4c596a227604393c5e6932b4d08d86246472cbdbd19
SHA512 308925b55489ff4de7e5835b2dccc5d9ed9de4c277b5040e9362007ac30b79a54c416c80880e9f47b482ca60cff6ca144995e14de05fb4be8e66c21b45a639f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-gb\ui-strings.js

MD5 4913810099394bb5e3534c604849bf3a
SHA1 1387d51f2929ba80eab21dfabb8c36f6a4dfb92a
SHA256 3ecb613cd9faa02067290af24b285fc010d021ae90500014a19ee21961ded9f7
SHA512 6d210532dac73d4c93adf30ea31e3a7d02c2d2f9c14e5a9295174b0ba5c01fed239abe34902985f8c5c8aa2a6fccd969ff68771aaf6940779cc222c35c3674a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 72ec268e30e9b554407c08e563988cb4
SHA1 15bf3cfb16e1d89b04fea3bc2ce5ace0e7a3d3db
SHA256 67e60e81423185684a06a1c4f281aad7897b35a8bca73898ad4daf3e7641a578
SHA512 81812d5606f15c38469e9e6f1e5ac29cbf9e17f6860044f5c187f6d5ec1b6132e1f1b4f2ddd43beff89806b3829170ec5aab7012354e3ce680b058e7e70237fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png

MD5 61671aefa2ad4286e2399b512d54c094
SHA1 7474131fb3908893efc0622a121acd35638945bc
SHA256 90592d71fa656008b085de40e647f0d633be55124e1412e1298df83ff6eb1246
SHA512 0f854e7d7a2638f0ed877eefb53cee100bd29bd3357e4967a363a26fbf850514375b26b1425db0e623fc93aba1f01ca051083545fd20861e3c485ef0ad2c413a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js

MD5 3a3da6535d5024a51f28e3fa2c3d5691
SHA1 673b378d9aa2249a1fbb7aa3d21939e7b3edbef9
SHA256 ba5fafc9cb56b9bea268bb967d58e71d3b69051f8772cca20398dd00ac4a502f
SHA512 641ed7ffe2d96d883204769a95fcd5f83b822532687ee4d4613eeb28bc461091abad040877b1dd3ccd6bf2caf168b9df1331cb3b8f6f7932b3fbeb7a93748f32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js

MD5 5cc3e394298229e62f59f24a455aba32
SHA1 25befd56dd6f9508aefa078854fec9e9a5144efc
SHA256 6194933c39437a02607e873e632b628d33250211fa749b2c906b650184670ea2
SHA512 104a9d4dd29e85c1e3efa9a9dd733c9267390d86a4593b968133530c6b400e18eee8e85cf835e948e9a3f0cafbb7f421c21f04f2a17652e29aa15776106761a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 870c07ef94f14b5d4caa7699c7f93093
SHA1 8196c4e28d7de66b948d560487cc6f09197e23fe
SHA256 9ad9bee1ac39a42a4867fc91ba10860ecf3a9e701776d725cf301cf7bcea5c59
SHA512 b377f98179cbe02be2bc93b21493d379340bb51a7fe176041b12d7b4320febe9861acb2e4c1a5f67feede680e2822d70649163fb33b4c181b767f4192c4c7126

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 388be75f05703724564882724d554bcf
SHA1 8cbed6430f59b3b6f0bc590c0395c65c34537e31
SHA256 79bb34ba989fa0104372a222c6e54dc4f4a9d7ba7cf9495f1bcc7ddbb4ec343c
SHA512 a1c2834b92e277ab1848a5e526b6fd7779da3e06883979761d18ae8f626c412a5a472f97d5f5240fcbe05b00a4017f49084e5ce405d447f4e009256b088fc19f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 4c203f811dfb6211fe2298440be2a5e9
SHA1 e4725fdc1292f806999230b00ebed9dfce44fc04
SHA256 6f47eaacd4cf499a2a63e5d06c19c95c72664719cd500308c1e4ff017b41eaf5
SHA512 22525335fe1e3fb0ccda24381bcfb2734905f6bbd167617ddb1441ffde147376075bfb3cd6241b63f774725d1082aa3ddb8b338a64b8691f0f9ea8db2fd8ed99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\ui-strings.js

MD5 6b0a677f1a08a65f270265b8d4ef1acb
SHA1 6b51190aeb765080b4eea344c098e9f49b9a5243
SHA256 30c56dcca2df3dbc1e8cac2c589ac5f86516f5d4a08396d912fa3c1e1807a0e2
SHA512 b68555b2591cc97e271a9bfb0a75be6dc0a1a1b3eaef32492e7a8cb87d27b2dd05569a62b58d65a886f5e419f733f675e8bc0e2d255879e1c425f439a1e62aa8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

MD5 78d7a0e79378971c38028f777f5d9226
SHA1 c5479541b931911eaf9e313b62212f53a7daa5d8
SHA256 124bd16bdda421f4be76687945a71935cf1743f965f6a69b5034ada2640497af
SHA512 eed420a122064a247c08b5ecd022f96c614872138355dceb5259828f5f20fb8a8ba7d2792899104c6d15aebca3e4906b51e1db9830393d3e808ddf024140b153

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ui-strings.js

MD5 efd1d795d5aaf4e835e4f350464f8c45
SHA1 6760b51dc0e1aeefca8effa6b0679464d9f356fb
SHA256 164889998ae3b4a643abb4212d015fc2fcc77f6aca621ffd5a20a9930eb1c59e
SHA512 3ac25c392ee6da006882fcf781269bd9815c24d87cabb331d01510a7d960fc9fe2b81c54aa57c6323bee7ceac6f12de96735935166c3e1200751ff39f7e823d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js

MD5 ec45963a685bed089cd43e00fb136a3b
SHA1 4273b7713caa9bb76ee58a04f147fb9449400921
SHA256 50caafd73b46049447c448e5e3b6439625272e6a8064849e10071f88d75d18a6
SHA512 328cb12e6f2ed13987ab24825fc2c06f03a53b58a9960f7ad99e3f856e0d42d3311c458f9ae4937ed8d72299ec5ae24fbf1e86878b69d2db72a421b347d7ebdf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 1c9fc20b5023db79cd4550ae2a7b148a
SHA1 a12783bc72ced7a045a8fbf65475d13f468717a5
SHA256 3122806a2f4134b1565bfd8433de61f57f88fc9b4f632cfd3dd3f9a64deaa975
SHA512 64a04ca3cff321dc18ad7fae02fd59a85832a709e72c98479e0702765de5a464ec19f8961463794e440d29c39f1ba7fe94793eac50538e30732a68d330e28292

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\ui-strings.js

MD5 3be6fe2c36d47fd73d6ee708b55eb3a6
SHA1 5c0ca44db2144c768c0c14acf93a693b39c86173
SHA256 48b9626fc6f8b7d5a253c29aa8e96333cbc56ee17ae1c22befa2c011332fc88e
SHA512 00f99c439ac3e6c8496bb9452703e99b2ccbeba1beb5b0ee96e508b806b37cf43521a2d938b846093b935ce6efb9c4feb21407b7343d609772b04f0a6c8f08ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\ui-strings.js

MD5 d842e13de56a177a5d71acfc81b9953c
SHA1 e23dfbd3e3c4da24af946e6526d706b6aaea7508
SHA256 596ba633c44b44553171adbe8b095ee378395d03520fd69d6f9bc14ef91cfa89
SHA512 e01c86a872705b86b77dc56f2e0271942a53a2299ef168e91f54be990886ebb186ac2fa88fa10e1f2c09cd3047ee73e7419911f75a2ece6f33dfb3d36e53bdb3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js

MD5 1a011443cd9ed730115a983e93f98747
SHA1 55349bebb8a74b2d462d11812df925cee0f4f48c
SHA256 3aa492d9bf5406ed9afe300e53f03451dcb0e519501acd9c4f67b8da62c31504
SHA512 7c84b56c9950782f079e8b72cf47313d3253dd2ab15d9cc4ccf73c5b711f865c1062c8b900a1db312bc616dd80a2a464c155279e7a2f3fd0536e78ee0bb5e6a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js.bianlian

MD5 3d30a1a57aec2ef3b8352569224d5bc1
SHA1 835c012aa647309bd6dcffb14a70f90fbb8b6d10
SHA256 c0b8214693604350c52c85d9165cf0456daaf0cbbdcd97c138ee3bd84c5af6ec
SHA512 a894983e539ff4c9df1a90c3a5e348d811aa11aaa76935b04aad54d9cea03b28603fb227636dfa012d2e732355a295bc6a143ccd0614c636a427e715e727960f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

MD5 ed9334e81de8b8bec9ea07425dbfa7dd
SHA1 967d136b750211b47ca028cbfaf56f6e679f6f72
SHA256 02552a374bfc7c0f1bc8dafc8c2dcda334f290e3063c9096c36bbde3b568e3a1
SHA512 0f9914e62765281b60d812e8b0c98e775d0d8c43e644c574bce75801dab79e3c236415c087ca0ff720cf8415b6eaf38f2285557f82a36234c73223a11ae2db5a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ui-strings.js

MD5 ba28d9b06bb0edacfaab0216969b8714
SHA1 cd0dc09ebb6023521e379246a7b8d27fa9c34e11
SHA256 894bce0a3727b9881a5324e0ffce8dd77debc64645b1ef5ea2be13f70bbf5fac
SHA512 3a69c5ce9dcc34c7cc7db51e3d6c2a6ed5afad7c76a307ec20ab869edde9da1184e1a705b9e006528eff4214fb14750d4d3d61ff9e3a0da096013e6b1d98caa0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\root\ui-strings.js

MD5 bcabee38106b5c45351e372408ffafad
SHA1 5a147bc81adb88c354ed656de2e63e97d09a6c97
SHA256 2efe83f90ebc6922e505596ac348e42fa0a55070223c1f3de15f00cae53cdc1f
SHA512 123e7034892e89ad0d3fe1cfb244af952883e8e08964afba75a3dd3ab62b7922155867fde706a8186b36a691e1089ee7706549ab8fcfcca545f869435ebc5f24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png.bianlian

MD5 9830ee9c51ff8f2232bf379a60c071a6
SHA1 71efb8dd2953fa8e34bb4a453eca883b9efbf86e
SHA256 9555a79830bc095ab4517703f88ee03164542be2685d0495be4d30fe23bdbb43
SHA512 faf3867123ae369ec5d38898b59041d8e035191f87e350b48eb6496b8c55ade5a2a8dd7b92a025c754cdbb447bf9819b12aef57063ebd83db6a98c5ab0f0a9f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js

MD5 881fd12602b34818157dcd76a2741108
SHA1 f4181889f6be2fa45fc2b7d515341e76d45bfff7
SHA256 33f977d9862cb3a50d7403b87760b0d6d469c25c42042c4df392da6c73ee9db0
SHA512 cf4c506ba04cbf8348f9d54d745a1d5d4e0ef03540468ef2ac46e9a6309572dd6d42eb5bbe9e75146232562f377bd2a3c9f484f1fa8d9406f2d895589f3aae93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js

MD5 8c02799c92325cb2b7f715331d82493e
SHA1 73cce78b84d5b5f148e2126f7ca69846d54704cc
SHA256 14c3f3ab453936d925e057ba2a04746a1fca784ef2eb412d5dbcda6a799d7ec9
SHA512 0c2921ba4173a082a5cc4997a5db3d0ac1c96a7b0cfba8cf3e5510cf432048259982c077f360e7458e647d31ad1110951fba99ad7b441cdab5a2c30fe3ba1994

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 1b0f37c720586cfc0583fc889c7fe62e
SHA1 453c628f9a285867d466620aaa731cb5850928d1
SHA256 0cafce3636360b59f798f01ec5835bbadc4a7068ab5491bd15dc42e9bc8832aa
SHA512 db6ae8ba22e8208d123d6913e5a116ccfed6d7c0c6d8b0c402ec5af0edb671f97fe9c92f550666dc462b340ec27bc9ee7c7be4a473aecb235305effdfe757805

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\ui-strings.js

MD5 2db3ea3a1325e6cdaef1581866760016
SHA1 9896f661f0b9f7f0692cc4a858fec7a27c1d2dc5
SHA256 7abcee8abdd38fefb07fd98070aa393308b4a237b48743cd6c62d4a45c7eaf12
SHA512 27bc4178e15e2d6ba6c309e478c2ad5cf2c5ae9391e8c9502df3151ce6375d2deb626a7ef248f9254fe49f4034773648e0d56e36c9064dfaf58bc4e3f61611b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\ui-strings.js

MD5 2b4bcc31631efad7c1ed1aeca9d2a3c6
SHA1 be5959389835988198f7ca3223090d811a682605
SHA256 8f58bcd6be6452af1e3b8795125a4758aa247ac2dcaf1ad20fc6346910cb055e
SHA512 b2906df2cf1069cfc861f72ea8ec953de964b736300372c18421feb3ab85b2ad267a5c0052b127a08d603a356d8d50feba0fd0e4c80d42485023b5d869787ce2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

MD5 a0be180820342e4fa98ebcff7dd93b66
SHA1 73e2f46eccaa58e96e6ab14151ffc96afa69f5c8
SHA256 7c755ff6d0794e48ad642dae1d7cbcf53723a0fafd3a1e132be9c6e7a09f2912
SHA512 62b9d313d56af9a9c8602b85f858ed89ffac52a9a340e3f47a126f90cf49ee8c8ea82afadb510ae5f0aae4cff52f9b241c1c0b383a4296bdfa59ca0dd54aeb24