phobos | 763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2023 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntiRecuvaAndDB.exe
Size

50KB
MD5

1cebf0114b0d9d55a9be7e4448052033
SHA1

ae4b6043183c32466e3eccce346ebb2b53298a7e
SHA256

763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb
SHA512

385c37b924bbeba706807e2f6bd023c8fc0ddb757ba8374b5a11eec1fd507ae0a9635fadbf1dd33d408ccd903247daa9b38c1eaa6224d133676885d7e187327d
SSDEEP

1536:IDOnfPe1Vfn332CUhMAB/TeduudGaOQQW1:0Ony3m5hjB/T0l1

Score

10^/10

phobos evasion persistence ransomware spyware stealer upx

Malware Config

Signatures

Phobos
Phobos ransomware appeared at the beginning of 2019.
ransomware phobos
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
ransomware evasion

Inhibit System Recovery
T1490

Processes:

bcdedit.exebcdedit.exe

pid process

468 bcdedit.exe
3064 bcdedit.exe
Renames multiple (433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Modifies Windows Firewall 1 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Processes:

netsh.exenetsh.exe

pid process

3048 netsh.exe
1488 netsh.exe

pid	process
468	bcdedit.exe
3064	bcdedit.exe

pid	process
3048	netsh.exe
1488	netsh.exe

Drops startup file 1 IoCs

Processes:

AntiRecuvaAndDB.exe

description	ioc	process
File created	\??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\AntiRecuvaAndDB.exe	AntiRecuvaAndDB.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4776-0-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4320-1-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-361-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-904-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-1925-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-3435-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-4092-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-5809-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-7936-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-9487-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-11186-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-13142-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-15180-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-17465-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-23403-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral2/memory/4776-25127-0x0000000000400000-0x000000000041A000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

AntiRecuvaAndDB.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiRecuvaAndDB = "C:\\Users\\Admin\\AppData\\Local\\AntiRecuvaAndDB.exe"	AntiRecuvaAndDB.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiRecuvaAndDB = "C:\\Users\\Admin\\AppData\\Local\\AntiRecuvaAndDB.exe"	AntiRecuvaAndDB.exe

Drops desktop.ini file(s) 16 IoCs

Processes:

AntiRecuvaAndDB.exe

description	ioc	process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	AntiRecuvaAndDB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	AntiRecuvaAndDB.exe

Drops file in Program Files directory 64 IoCs

Processes:

AntiRecuvaAndDB.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hr-hr\ui-strings.js.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\PhotoBase.dll	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\STRTEDGE.INF	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-100.png	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Java\jre-1.8\COPYRIGHT	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-400.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\ui-strings.js	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ui-strings.js	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\dropdownarrow_16x16x32.png	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\acrobat_parcel_generic_32.svg.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\RestartSearch.wav	AntiRecuvaAndDB.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-125.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\Windows_Insider_Ninjacat_Unicorn-128x128.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-48.png	AntiRecuvaAndDB.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\share_icons2x.png.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-150.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Social.DATA	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-ppd.xrm-ms.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.config.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\check-mark-1x.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-lightunplated.png	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\Pitchbook.potx.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailBadge.scale-150.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-lightunplated.png	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_filetype_psd.svg.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime2019_eula.txt	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-up.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\ui-strings.js	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ui-strings.js.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\ui-strings.js	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.177.11\msedgeupdateres_lo.dll.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOffNotificationInAcrobat.gif	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Sigma\Advertising.DATA.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60_altform-unplated_contrast-black.png	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fi-fi\ui-strings.js.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Retail-ppd.xrm-ms.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48.png	AntiRecuvaAndDB.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms	AntiRecuvaAndDB.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_radio_selected_18.svg.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml.id[A5464AB3-6666].[[email protected]].VXUG	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-125.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\ui-strings.js	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_altform-unplated_contrast-white.png	AntiRecuvaAndDB.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll	AntiRecuvaAndDB.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

1376 vssadmin.exe

pid	process
1376	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

AntiRecuvaAndDB.exe

pid	process
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe
4776	AntiRecuvaAndDB.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

AntiRecuvaAndDB.exevssvc.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	4776	AntiRecuvaAndDB.exe
Token: SeBackupPrivilege	4780	vssvc.exe
Token: SeRestorePrivilege	4780	vssvc.exe
Token: SeAuditPrivilege	4780	vssvc.exe
Token: SeIncreaseQuotaPrivilege	772	WMIC.exe
Token: SeSecurityPrivilege	772	WMIC.exe
Token: SeTakeOwnershipPrivilege	772	WMIC.exe
Token: SeLoadDriverPrivilege	772	WMIC.exe
Token: SeSystemProfilePrivilege	772	WMIC.exe
Token: SeSystemtimePrivilege	772	WMIC.exe
Token: SeProfSingleProcessPrivilege	772	WMIC.exe
Token: SeIncBasePriorityPrivilege	772	WMIC.exe
Token: SeCreatePagefilePrivilege	772	WMIC.exe
Token: SeBackupPrivilege	772	WMIC.exe
Token: SeRestorePrivilege	772	WMIC.exe
Token: SeShutdownPrivilege	772	WMIC.exe
Token: SeDebugPrivilege	772	WMIC.exe
Token: SeSystemEnvironmentPrivilege	772	WMIC.exe
Token: SeRemoteShutdownPrivilege	772	WMIC.exe
Token: SeUndockPrivilege	772	WMIC.exe
Token: SeManageVolumePrivilege	772	WMIC.exe
Token: 33	772	WMIC.exe
Token: 34	772	WMIC.exe
Token: 35	772	WMIC.exe
Token: 36	772	WMIC.exe
Token: SeIncreaseQuotaPrivilege	772	WMIC.exe
Token: SeSecurityPrivilege	772	WMIC.exe
Token: SeTakeOwnershipPrivilege	772	WMIC.exe
Token: SeLoadDriverPrivilege	772	WMIC.exe
Token: SeSystemProfilePrivilege	772	WMIC.exe
Token: SeSystemtimePrivilege	772	WMIC.exe
Token: SeProfSingleProcessPrivilege	772	WMIC.exe
Token: SeIncBasePriorityPrivilege	772	WMIC.exe
Token: SeCreatePagefilePrivilege	772	WMIC.exe
Token: SeBackupPrivilege	772	WMIC.exe
Token: SeRestorePrivilege	772	WMIC.exe
Token: SeShutdownPrivilege	772	WMIC.exe
Token: SeDebugPrivilege	772	WMIC.exe
Token: SeSystemEnvironmentPrivilege	772	WMIC.exe
Token: SeRemoteShutdownPrivilege	772	WMIC.exe
Token: SeUndockPrivilege	772	WMIC.exe
Token: SeManageVolumePrivilege	772	WMIC.exe
Token: 33	772	WMIC.exe
Token: 34	772	WMIC.exe
Token: 35	772	WMIC.exe
Token: 36	772	WMIC.exe

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

AntiRecuvaAndDB.execmd.execmd.exe

description	pid	process	target process
PID 4776 wrote to memory of 656	4776	AntiRecuvaAndDB.exe	cmd.exe
PID 4776 wrote to memory of 656	4776	AntiRecuvaAndDB.exe	cmd.exe
PID 4776 wrote to memory of 4692	4776	AntiRecuvaAndDB.exe	cmd.exe
PID 4776 wrote to memory of 4692	4776	AntiRecuvaAndDB.exe	cmd.exe
PID 656 wrote to memory of 3048	656	cmd.exe	netsh.exe
PID 656 wrote to memory of 3048	656	cmd.exe	netsh.exe
PID 4692 wrote to memory of 1376	4692	cmd.exe	vssadmin.exe
PID 4692 wrote to memory of 1376	4692	cmd.exe	vssadmin.exe
PID 656 wrote to memory of 1488	656	cmd.exe	netsh.exe
PID 656 wrote to memory of 1488	656	cmd.exe	netsh.exe
PID 4692 wrote to memory of 772	4692	cmd.exe	WMIC.exe
PID 4692 wrote to memory of 772	4692	cmd.exe	WMIC.exe
PID 4692 wrote to memory of 468	4692	cmd.exe	bcdedit.exe
PID 4692 wrote to memory of 468	4692	cmd.exe	bcdedit.exe
PID 4692 wrote to memory of 3064	4692	cmd.exe	bcdedit.exe
PID 4692 wrote to memory of 3064	4692	cmd.exe	bcdedit.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\AntiRecuvaAndDB.exe
"C:\Users\Admin\AppData\Local\Temp\AntiRecuvaAndDB.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4776

C:\Users\Admin\AppData\Local\Temp\AntiRecuvaAndDB.exe
"C:\Users\Admin\AppData\Local\Temp\AntiRecuvaAndDB.exe"
2⤵
PID:4320

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:656

C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
3⤵
- Modifies Windows Firewall
PID:3048

C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
3⤵
- Modifies Windows Firewall
PID:1488

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:4692

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:1376

C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:772

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
3⤵
- Modifies boot configuration data using bcdedit
PID:468

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
3⤵
- Modifies boot configuration data using bcdedit
PID:3064

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
Filesize
1KB

MD5
eedd2d13e3671d589714446755b78b38

SHA1
2fdd23507187a259f5a7edb01611a37b6b09f4da

SHA256
467082e15a8ddefd51088e12a6189f9923dadfdf363ac1b0448ec43dc483cb3d

SHA512
ef47a62ce6ffb0c5b34b2c6d72f5874dbad4109b98aaa21f56b8b2d83471f5ebf983f6dfd889399abe4fead6296cf2ca3f409a4aa4badad8cc3c48f688323837

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg
Filesize
1KB

MD5
b651e9101be833e87337050028831efd

SHA1
ee594ba38a6324369ffc7b4dc89407d3436e34d9

SHA256
4717e5fb82c0ee85a7c97d022f410990a62efa2492070e42385cfeab67afd619

SHA512
3552858c2a688c95a76c0bb8a6a76b119b744b2e8ae7e7f30135ccd8a145318762faa52c1783a639fb179056317caeaed20c15f211db1d45bc957bc3ce591aef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reminders_18.svg
Filesize
1KB

MD5
3f16cc51cf788a50e6cc1ae60897bbf7

SHA1
e5a8c8f5227ca6da79589192892e81b6a3f43686

SHA256
30f1d12f90b61f22130b22667f722aeca0aadd59ba3e19d866d72a99a3f0ce3d

SHA512
17686bb9e01aa108b9b62b33bb70bb8aa35e4d88199281aaacbc8d8da7d54f1f353bf31a109dc22a4e404780ece4cb3d23f0ec81f80e9553ef060011e568134c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg
Filesize
1KB

MD5
1bf37c0336c12ccaa1c62386acacc858

SHA1
f1e187c79588e4e9fce931997443d7e5cafd1db6

SHA256
a9044f3c6877f4fa6789bd90f11813a22696bda53e0be17bf52229b70fa87673

SHA512
f75100874b1dd43c49f54a9aa4621e8bd1efa84359ce44ece2444b639c7bcbddf6564f6c4be089f5d656550c7293b9f5ec4a4b20880939fbeb5ebc21e30866b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg
Filesize
547B

MD5
81cfb9735fea15ca8791a3c34a78d992

SHA1
9b4962166a47f5edc62e5fe3c4f8772446db9296

SHA256
3d89171c24a889bce28f04adb60f08a141584b7c345b158536a72a8070c252b8

SHA512
f6ac853f4012ddcb29e5079ec00bf058343af1a6d6cedbc9613056db0575c77e964b0864c9693a6e02a525d5e13ccc54e0e7fd938ea39c3d2c6005db959b346a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg
Filesize
642B

MD5
55215e8f92d35f26cca06fa9d5d221e9

SHA1
994838c8df5921e3828749a7703ebfa8383e43b6

SHA256
e94ac27227c8a25c3f8ede219fd80ace01e7176a12111125b31ae1dcddd487ae

SHA512
7972d3fb8c305a1b41f3ec4a618c9904c1e655fc757f1dc83f9d9041433f3c30e6708ed3d4fb3166cc41d9773df3f159aa44333f76fdde28f317676046bc9c67

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg
Filesize
552B

MD5
2807924fc18c958c38a7004a5dbd4091

SHA1
85534040543c3306284e6a475999c46249a35e4b

SHA256
0345bffb28f80f4d0ded1a2af09a337b18ab3a80c68205bc8321a6ad4d409500

SHA512
264d29c6b920b3005ebda1fdb0e0ee6e17059c69d63969c61ea4b5c5464022166ccc04b2c1f69b91052c3e3dd551a087e8e5379d2a62c452184a12b278a8ac3a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg
Filesize
711B

MD5
cd5d2472a2bf9ac7eb4e15146b30bd2f

SHA1
bca600423f99b87df44fde9d96ff874017037afe

SHA256
038589c0f8f0b9fbed7fe7835de0237de4a28ea404078955a78c0b8145fa323c

SHA512
dde83047b85cf0afd4ac77c9f4e850ebba48a1e1d581ed78c30733f58a9d5e2e22d34a2b2e57e4527f3c314f84922c3aecd6366052d46e0d6157990ed888a27e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg
Filesize
783B

MD5
0498cfb8aae1383c049e8ccdd85f3abf

SHA1
c5fbfcc70b441e91a5ecd23295c745aaf076aa4d

SHA256
ad125b854735c81b5782a65b5b006c7c991e28688b6dd8e5998f432976b9223c

SHA512
113f19bf726f79473ae2b4406a76676ec0bc4709a26f374aaa3bbd9d0b5790ee4fdd8ebe1a3ab68995973923ae33df7c1c6798e93bf060643c14acfabd4e9302

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_hover_18.svg
Filesize
979B

MD5
30c9bd1aee3794fd46bc99fc2a359212

SHA1
9817640da0b98babc461d277a39b323dc9a76cd3

SHA256
4b10fc416763ad7b65a6d6fb3c0016505ec5aaa7a117021a26e4dd6d11fe7d1d

SHA512
bae367b7555f5f7f677abbad1dd548225c2580ffe21bcae5022f8eecf8c97cfe8f7813fd86c31a7f9052c174610ae9d2ae21ac22b381701975492e2386f67f94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right-pressed.gif
Filesize
56B

MD5
e3c4dd21a9171fd39d208efa09bf7883

SHA1
9438e360f578e12c0e0e8ed28e2c125c1cefee16

SHA256
d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb

SHA512
2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js
Filesize
3KB

MD5
0d3a12fd3f68decc694da04b57e61d8c

SHA1
f73d4d591f6ef0b2b04fc90d2e840329f7590743

SHA256
ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76

SHA512
2c58a879d4022b441056c85c301ce26401da5f7bc9619debd35fa3bd98b5f1cab8f21e2ae5a177865c64e741dae18f39f99fac1cf00c468ba0e281037d5e883c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js
Filesize
1KB

MD5
68b6f0644d50595a97c9fd60b8d8e697

SHA1
a4d0edf9264ce1922dc419c7f3b3cedb2814bea7

SHA256
bf9b3f1f9a3a163d41b1b20a2c410355e6ee72ae97725a7bad97ad23993b0b5f

SHA512
d1a26cc27c302f06419abf97507c0a4d06729aeadab615acaaac0c3fcec6d7715e10642121a4d773ad3d5f613030728e49fb3d07303fad05f7a342352ebad003

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png
Filesize
388B

MD5
65c9f3fb24b80d8c470d518f901b9c60

SHA1
b9521c39944357d4b55b91f9f3739575d1f3bef1

SHA256
8de76ee7eb6b32c307d4a46a43ac55bc15b917e2a24d36c3d001878a97fd39d6

SHA512
6572d65abd587055a69980558b2568266ff76555faadf3ddc93fa65bdd7a009a2fbca10f37f44c27ae889d3de99a3673c2b9ba6e6456242e951703fa32d9c636

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\ui-strings.js
Filesize
1KB

MD5
a778c47dd8521d6a12093b3e97ed8474

SHA1
2099d940cc672373884e1c622bbb606e9e9438b9

SHA256
d5343776747d802d64faedd9954d2a4bf555a6cd85396c55c39a8fce4c5353a6

SHA512
7c9c9b406c1b79b3298e975abb3f64927b6beb9e8784b75927e19ba649936c19f04d958d07499a5d5c52049cf2d3600e32f6f437c98b2946a977ca82c71e7224

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js
Filesize
1KB

MD5
dd24e91615f1963a5c64bc9878a0a8d5

SHA1
407ece3322d57d16a448b5522d4f29229f80b8b1

SHA256
4cf9816ed1062189ff0c8d427fba5e912cc68fc9af76cf7f08fd255977de3b33

SHA512
a88d5e6fcfd998b0abe79b5b314f3f83f424be9447dca01e1a64a3e7313eb247baa894c10c5758c6788cad27582c09207d00d2e7bc41515e7f1751e05aa812ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize
683B

MD5
3f7323acc829bc8b3799148d439b3d47

SHA1
3d3c540c4080462a8013d6db9383ad69606779e8

SHA256
d9de646d51650572b66a6cf8a52ad1efd46b7a47830fa7972da0bc05baa2fad0

SHA512
09e2a175dd874ac369331fbfd863be20c9ecc005bfd6c7eeadac071804653265e4f7195d70058f2f73951a6a6e202fc96930f2ce71c2d815b228edf01729b559

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js
Filesize
1KB

MD5
fb4aa89fb89bf94d0590a3174d1193ff

SHA1
c3812f2105099071c24141a994a9d5087199dbf7

SHA256
655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273

SHA512
a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
Filesize
1KB

MD5
7ab2ac51d33778dac850c5dd8b4ba45d

SHA1
b3f47f20c438aa488fe835e0145c014853ee48aa

SHA256
ca17d6cc1f7ab317c34a7cb767ad017163e71726ac648518679c6b1c59fa86dc

SHA512
c14ac0ad209625e0acb2ca9e0afc5f6c98901b01f92b675d073b72929455f47ccf29cbfdaa248c602b02fc2bce484c56753b1a54e66f6ce9df2ea57bed88962b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ui-strings.js
Filesize
1KB

MD5
07bcf4e882ae521ec6ddfd0bb2a608db

SHA1
88e2ab25dec6ba9fedced9bbd21da03639da9409

SHA256
bc9df2774317cdca8e5a702f249a6994fa3b63852e7749124e82ef1f37b89aa6

SHA512
ceafee63fb03e94b418bd87c6af91a53c9bef53b86eddb51a7aee77d8ad5e6654045da12c3c28f3ab4486d2f6f135f7f834790991037708b0301085f62e22fa7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js
Filesize
1KB

MD5
0ec670fd70f5e89c3d2727df9f2a5398

SHA1
d19c88c8e11361d4f29719518b8543e0ecf5ff09

SHA256
8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3

SHA512
a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png
Filesize
445B

MD5
2a78f84427d1d591409740722e60d793

SHA1
304f17d9c56e79b95f6c337dab88709d4f9b61f0

SHA256
4eae979bb805992739f77e351706e745076ed932d3ef54dd47ba119c4c2fb5c6

SHA512
d687c646bba8b801511a17b756f61a1209ea94938940fbe46d9e4893f14606f9e1e5ff468ba4a77474603f5cdbe0cb9df3d24767e5c9ac81a0b373dcf4a4f3ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png
Filesize
611B

MD5
c7fc95def1d53bd3e747248ecbd3cd5e

SHA1
1b251f02465f9c7dce91aac5aa0679a3c34318e8

SHA256
4049b739e6322c7d7caa241ac41c8e0b1f2893957204a910c9708c7731a7a8b5

SHA512
f4b90435a3b250c1d3dc8df9bb4d331dfe9b1c0212eeb1768073afb81b3915fe61a7c4af151c8090565f778dbdf1f4fad7b5f545c9a21b7782cd7671be2ac96e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js
Filesize
1KB

MD5
1ea3b76135bb4a589027d6243075a936

SHA1
2951fdafcb862ef53fcf213572368bd5e08094ad

SHA256
c960c819e997c1c9d080235a5e24e65059b63cf66b95ff3da9a44773ebf81c1b

SHA512
3c10075e71d2e44535e19c8660bee7071a110d07dbef67ccc4cc94c45f93afd72f8ce6b24be31e6193549823b7db204e20950e5c1a075ae159c39682db295d27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]
Filesize
162B

MD5
6cbbe3240a203b0ff387d9bbdadd49ef

SHA1
2c65f6ea9acd8d164ece87edf2f142942d8cdb42

SHA256
7b3bae54e7a2931a1957c1ca23189cdf913f567e92af15089f033b99e33351f1

SHA512
cdd8e32fdf610a0c00f7e8093c98d421f6c60bb75be67fe0a22ca1b5144351526a2b56ffd955f350039e4dca823e45a3f1f4595c3f9f209b3de28cab972cd140

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png
Filesize
550B

MD5
b513ae819f7d8d10fa4f6cbfdf055b22

SHA1
b4228971cceadd4a698f3c206d8f4bc24a37f991

SHA256
25778f162c4243167f8eaa876f1b0619e67afc158de7805600471a563ec5e8b7

SHA512
c11266406d79494f7d74f8f8a5f955e2bad14b8924877e882fb3e7cc7442998cf6e7a9be3aa7f1a945af8bb2add9dfcdec0ef54239f6ee80748d77444dafe6fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js
Filesize
1KB

MD5
b17a6a8826832fc2e1098d0286242861

SHA1
8ce2bb5944d61be2b628fc80ebabc769768e0b48

SHA256
82a1cc52037ccd1ee4a73cc41b86ef4c9b45db28025d56105566bbc9f06bc41f

SHA512
688757cebb6aaf1a9948ce1dd30318ac2b7afb7a47938e6eecf1bbbc1be058ba78744c208d71a9747ae514242b09322489ad314119cf612a7e4a717907521962

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js
Filesize
850B

MD5
d3e4c2fefeea6e6c467df305f7a8f3af

SHA1
a4468bf4d5abcb4d720b0fefb396dce5864e4717

SHA256
e9288289beec2fe3b6ac24c1311451c8d079786a09515b95cbf2eda7f87f0b22

SHA512
b81a9d38a4a6cd54c2081289192ce7aee3e34d71f834c9b94eac8cd79a5cb90a0dbd3ee0da89be68e4fb69a82903c658addc272a9d70d8f8f8f8cff5c2c18f10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js
Filesize
857B

MD5
a3f07671642038caece41ff2a52d8673

SHA1
53442624b01b79a3729a23d4f12efc8dae4b1002

SHA256
088d391d696ec15140e7b4dbe6fe17e95296af9d09c7eeff17a0a9c241925b89

SHA512
5d1ab4b072eec924d13d760da6aa958cc81fa58cfec3de8ff239d131d37b31cdd547eac0fa5ab34c060f0f28a2295e071a1a9573815541c5b92cf0c63f11bdb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js
Filesize
856B

MD5
74ca2c01b07af0dda4bb39ac330fc49c

SHA1
7cc7781cca7798ce0940fe9be999e85f8b5064e1

SHA256
ab9ac8d62fd064748c921e6bd4c123f5cc8910a384d1804bec33ffe27da27c4c

SHA512
cd71201d364c7cfc9d317f091a9dc318d77bdc7340ec4abceee2fa23e3f58cfb1a8f45b5216f5ebb40b3738fef28eeb37717b2508aa1369316da6b7c82c510fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js
Filesize
1KB

MD5
df3b4d35decc08d05ef8ee0644ab7274

SHA1
6b0381b9ee40dc8470a63218e5cc5feb579f7334

SHA256
e27e5eb93a24a2d866e30bf027e4f0c3da9fae8968cf5eb69446e7f668356164

SHA512
257c770416a94f5b79ed837fa0f5e7926cede3ce06c1a9b819c1ca77c645f37bd366564cb028b0ba6afc5444aa5ac774c3af36cd7c108164d1000254cf85c94a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
Filesize
802B

MD5
651bcf535ed50ffa7724c8751bec1a66

SHA1
5758c4862740517ba28026c298d1b3a61f43716d

SHA256
359f38eef400e2fa3924a3258652e74ee19cd46cb92e47bce91f1194fce25e9e

SHA512
492b73f1622e8a1a064141a2edbac9fb29e5f604b629b063fc7251289d237e50721e1295b4f3450322fe72f01b57561a79f0ad4b3a20290cf3214ccf0204d372

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png
Filesize
179B

MD5
bec4473fc43b77e28e60f89da4e29c00

SHA1
d5dbc7c6642a8a23da14f952a0f64fe874e8191b

SHA256
5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96

SHA512
ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
Filesize
703B

MD5
39e7048d412b94bb2dad145a2daa5875

SHA1
08778bbd84d9411f2e531867dffe45fee5d60d24

SHA256
4985216f1f370fff03c45d4a711c18b3f49165f8278e6cfc231bb38b920095a7

SHA512
65803d69def3517f0021a291748b55cb5bb2e8437732e6cb9b99b1f778f766fbff2c484b664d16ccbedcd51c14f89e99cd5f977cf97d680eca78a9d4f8b87fb0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
Filesize
823B

MD5
92f1f77de0ce17e9486d53787f69618e

SHA1
41198fdd6a18321c15c3d4647962e687fc036af6

SHA256
4ecb5e390829b5b11dd02db2f22ac1349e32a24e5bd3a8489f6fb5fb0f07eeb6

SHA512
b389c8364936fbb96a407fb1a848254fd8b7bcbde05637ac1acfb48ba0b30e887dd44b2447e1e3eb75a902241d67571584a819927cc8d0a91d325f5df79f12ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js
Filesize
1KB

MD5
72542b122d453927f3d6c59552165606

SHA1
6e2b7f049b60f10edcdec06f357114448c0896f8

SHA256
3b17f8b83bec3e72acd0d014f58e7de206106a7644bf3293f93c7456ced47419

SHA512
25eade5c88cc35325978ba2e103050608fed4330a1677280eb2e0445946a3367d26796ca1233aa6d7ec4c87f04faf7706d82c72b3f3485d80c18e088813f7a1f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
Filesize
924B

MD5
421cd12b43e660f10da31bee36e85f4b

SHA1
b568bb931d5bf4b5805d20fc339b06f9b3763c9d

SHA256
ce7c16adff608d624a412164fdc692305fb461f4b14f9167e6efa78dbbad12ba

SHA512
f56bf5a7a713cbf018203c24a7f9dd426a2cf018cb3ddf9e27f3a7765be3571339421fa5a2cc68f677eb4929a2a2835238a723db4de07bb0634e3f151878ac86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js
Filesize
931B

MD5
7d8302df4582de342a31d0335e979ae7

SHA1
7a3e918e23dc8002dfbe1695f8e8fd52db995d1f

SHA256
899ad5e0b3501d7e00d2f3bd3c7729b4223839e8629c61328db0f818ba0870c9

SHA512
cbc23b3285f6d8d72221d0fc05ff59336402005e7d3f50d66249ef6076648ec2e22d33ed64f5436767c123f59d37dae45270a259153ed98b885f9c43ec9bc2aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\ui-strings.js
Filesize
1KB

MD5
0900039f6502c5c4418f5b712f0dc94e

SHA1
cb39e28be0988298003a966ac208c54f83a6ae27

SHA256
7037318dbcb8809fd3d03ab0293d58666df18363f0144ef65b738ca3fbe028f0

SHA512
be9fc36c81963737569c65e4f295f347585bcec88b4fa6ef9da1478f4e0f947b64b8ccaaffb816a74216f713060ae0a56f58c3bea1d12b16bb8488a7663db391

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js
Filesize
1KB

MD5
35d5c7b80ed270a94872c0e56a6c59c6

SHA1
bbc4ed04ea6c922213d7cc19c62c3c4cd23b7113

SHA256
5c03e31975b96b3d151d9e034b884cab9c6fb29576d2b5653c375fc5661b6dd1

SHA512
57ec341f6ff49f24516e117d5c0b119ba4c62dc0537cfcaa15bbba248729c06d29ca224462bb331c44ff1b3abd724df86d0b2ec473ae9f5d54e31ae2002e8bdd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js
Filesize
855B

MD5
29dbb24810bdd7f802c1165f8bc3a714

SHA1
9ed5ed2ea58cb6d9196e8d88fccdd8f0d522ea47

SHA256
c9fdf06266cf9e6d61f7989471abe569239a93cc2c0f65a7c596a81af8d6a67f

SHA512
3802320bcf7b20a6656460456d5b03ac4f85e4572d7530518dcf99f28162964adc211c5adcfb7ace603b6734271581cea26c9e85821b88b1915e13780a19ec24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\ui-strings.js
Filesize
851B

MD5
b54b9c5d611b062aea9d8ec0d192335d

SHA1
a6a96602b80181ef494a0da49dacae1c44f7c739

SHA256
d70a13e9b9e9f4026679200872160d667979bd0ae57e6527d44090e49bbc2c83

SHA512
e56e4a0dba26c3bd824bcd397d495249466a3732bbe1466f9ed1c23ec3a25d79e44e360fb5ee5a229fb24d6961ac32a2a57d0a29fe669e767bd33b956f57ebf5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js
Filesize
849B

MD5
7a232b079f30771ada44ab6a1843ec14

SHA1
72349db2853443af021d538be9417fe32369d2ab

SHA256
e33edcde1654c47b3f834797623932ff5dd99a4331b255b60452d69d61ccfb4c

SHA512
431073f497196ad03ba92a8087aa6c50717ae137b05aba341cd8f7ec1705b46f2878b30455c10d7339f89ef16022ca5d054b0f96e5956ef0590121ad8e1a6638

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ui-strings.js
Filesize
852B

MD5
3b8883ab58438b245c89bc76ee848752

SHA1
7b01b457344fcf92362d14247f2c389ed0c89b6c

SHA256
b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697

SHA512
200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js
Filesize
1KB

MD5
edbd91ead174c60fdacb765349ea4fcf

SHA1
e55660206658be80e2033a93abd8854653246eea

SHA256
dfd68e26d32c27e8c7d096cd558b12da3228019525baaa2d4b32030339fb0b6a

SHA512
9c664370c6c102a0e6992f2fe711e7fe7f6ac732a8562bcc1839a0d99d828e4ab0b3dc70f33f3cba444d04161d0df13b70e72b9079c5aabc7a85543168d58854

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
Filesize
1KB

MD5
ffaab524b0c94fd06a44c1b5b683e0dc

SHA1
17dcce5e4d3b9f718c902863652cb67e060e2f3e

SHA256
d0a34414103960973357a239952bb0fab5f988ccda1b67ff8e6864afcd806272

SHA512
a7ecbd3e9656cb0fc1304b4b86980e97680c73b673c4284bbca08c4a3f3ade0699a7de61f0905aee9d521da4beaed61d3ec943090ecc44833118f1f5a29318ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ui-strings.js
Filesize
1KB

MD5
5af99e838bada8e34b660d7fcecae2bf

SHA1
ead4e402f4696ede69adb3e4cd694e7d52925844

SHA256
e3f604ce27fb93d417b9e8a4a5f10f6fd17b59a76aad9754ea0cc5c56b31687a

SHA512
e69f6f12a51382491b4bec6f19260df249dc6dd9a33fc590a90a055baa5f6dcc80894e2c65ecc7dd0d10040c90740dcfcd2f98dbd1f2fbd94c34941897f6ecd9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize
289B

MD5
3d55e1e012d3824e53e84d404a6e2f2e

SHA1
9983296698d4e2736faf1c529e8d27f8071d7939

SHA256
6559f403524ea6ef9bf2e1d0bb66d1af8152920fb002ec2c4ced993083124a88

SHA512
ec75d4dea30bf7567b2f6e30ffed408815c57680a38659f6055d770c85393d8a5678d38a066ceb7fd0ff9c5ef49cf9fd73d7e8eae5a9a83360a41ca74343f576

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg
Filesize
1KB

MD5
9b4c8a5e36d3be7e2c4b1d75ded8c8a1

SHA1
1f884298931bc1126e693e30955855f19447d508

SHA256
ad47fd9e87159d651a53b3dfba3ef200684a9ed88c2528b62e18f3881fe203b0

SHA512
e1acc0b10c92c2895fc916fc8feead869e04315e5e6e279f8e61b344545103b4c9ff808c9ca2121d1b013879071364f677da128caeba89bf918ec2791e5ed094

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize
1KB

MD5
45ad813c887294a1c5c88358f6e6fd12

SHA1
45266d0bda31888b67b10c601d303caca8786d30

SHA256
91ed5badd0d99f45c65c0ccdec04fc59fffb1f6d055a4d2722dccde82a6bb73b

SHA512
b06ab5889fdf50735ff0c3cfcac3e526b9f32d694ac631e7c2a06eceff357f17e92540df5f84426f8e8f75726c1e7df3592f1620728b70a4b5290c9e49e377f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adc_logo.png
Filesize
1KB

MD5
5c4cbc56377969e41dcf39d60690feeb

SHA1
a20120d0d043af4d3b6a72db517ab8a623b3febc

SHA256
c0601bc1bac97e69da3ef3e2898aafe64aec5ae4f3ccbdb7649471f76da4ca0e

SHA512
4accc91aeb47949f1137ac69a0740a25c957853f59ff8d18077e64b1a3262488b71fc4bd45714075a0652328e1a49a602c7950b86edabbbd7e5abbd9000b705f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
Filesize
2KB

MD5
a7a19c86ac01e03111c30032ba417b55

SHA1
fd7f42ef37d82cf1704b65762a8bc6b4a868234d

SHA256
494032a3293df271c7cc5d26a5753acffc5f6df811d024e9b573f2fa380f3591

SHA512
728d4755dd7d21c5ca285906d5f043728fd089de42d2fd04beb514563224104f7672e5f5144e4ed68770b933dd1069d76b26d140eb692d83d907176330f3f6dd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
Filesize
2KB

MD5
f2f1d5a683617b2bdb6cb0b1eae67135

SHA1
3e0dda160b0f8b963dde8036b45aabab5d86504f

SHA256
96497e49c11ebeb0f73bc01b033b7f45cd9f8eee478176e11b1c7342efa63569

SHA512
cc9688ee19a6391296abbae9fb1422a6d72d87b7abe8552e860eeb092f8cf7e6864a7f06dae6a60784b77353c38103abd3632492f8b33b7b3d900531cdb673b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
Filesize
385B

MD5
4eefd60f439096ed98b6d8a585da12ef

SHA1
75cb70498807b0c823cac760e00652842c1a63c3

SHA256
e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c

SHA512
78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
Filesize
1003B

MD5
5991993dd41d6d2b062d58bb70971e0c

SHA1
1a75ce12ef1c4cb6a85225d0bf4f68d4a3edfce5

SHA256
bd66e8f62d34f70917102405af895c0b07b79c13fd2d1ea65ebfba3bd4853aeb

SHA512
75511589b1937aca668348061728734718d02065ae76446b61e3292834709e3b66f2a453717fd593a8fa1db92ad7b97af03f7d2e7f5538716582ae7d8c11e09b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
Filesize
2KB

MD5
6018a4862e3cc6b434d517a47858a2bf

SHA1
23769e9ae485bb2c35630db9a6ecc8a40c2207cf

SHA256
fde09d85ac7ec84dc0b5f2bf1c1f935b80a3e45dd9257af499d412302602f310

SHA512
4fae17ef027649315cbc73ea47a2fbdd8c8c05b9d818af5b41439e9e5fd81d62ce13f6ad125a2817d0bb4b24a831358803c53003628520cb9c2a8376ac8e1aa3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js
Filesize
840B

MD5
cf69901e6d4609009dff8be5b3045c96

SHA1
712afbf4bdf24b6fa059f0fcd837449d75432800

SHA256
16d0edc8b7ad7705b23a14058f366ff1c0dfa16a0ad14f741924c308754cf8d1

SHA512
84b63e071f56e8e406fe361473dfd6eb17daec1809eed425b1b977f0135d6a78a3375c9bd1a65daf1ac7977f712b63ed735eac8ebc91e55c1a3f366e288a9ed6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg
Filesize
952B

MD5
8c8fd1cfdc60f513bf20132a1d5aeea2

SHA1
40167e542ddfd848fd138e2914dbb7f116a8f99f

SHA256
f438a4e713df6a982afbe2eec993cd582edc37a876fee88e1ddabb478f2b5ee0

SHA512
e5a985404619bebfb615d4b5378942b56089b40170e4072c61eb9ddf722639941e820f039437b59cd3859944b3e06ed72ee49e879522e81fd9d49b56c8e40d35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png
Filesize
631B

MD5
5e0d423694dc87169e1124f26d755117

SHA1
340b47ffc7ffe45c30ce927f1c839d01600f6161

SHA256
68df674391ddb32170020e5b55b8df9ac1bb5274419dbf8748ce53efb18584cf

SHA512
17ace592b7b00dd530d923711160c39417b6c6412c3528cecb002fc065a16dc439555f61e4f6de7ac86291cd9cac5f5ea8411bec8ffe043faba887026fd2ec77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
Filesize
1KB

MD5
8ab4b211dc3d2947d2466033f6d524f7

SHA1
7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb

SHA256
5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee

SHA512
0b7e9cda1a82a15fc9492a35808bd1ea43966cf5e55d84b9831f79d64f36a66583a14f0ba95eb12098bf9df6a95eef0bec6606aba1cf56bdee0e046aa60f8d5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg
Filesize
1KB

MD5
2518c2304a390e60d20b53b101fc0056

SHA1
aae24d58011859ff6986508882dd7eecaaa7f604

SHA256
03e98670a1d9049b8e1f02c4fdd449d098465f7578ee0eebfaf3f138a78301ae

SHA512
b7457acf824d68e7728088668cd8d44e06566dc71d156db7e9480b957305f2268778907a8e93e4e2d1937b3c3cbfeeb327399cd7f33a60274d91efab2ec3f534

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Sigma\Staging
Filesize
168B

MD5
27418f9aeb0fae483bcf13272efe6310

SHA1
9a28ce8233f1be05276f787e06f872f7dd49f8ed

SHA256
e3c2af35d1dfc500e16f826a071cc311bf55003a3de77de7ea3376c6b6fa2857

SHA512
35386ad7cb2b39b8d9dc94599e08bd68cc60e3a192090b511f1a2c99b3824b7f74949ed57494ea0e4ba32d25b2c6bdc30117687a5352ec96ca41b1a927ffa7f4

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe.manifest
Filesize
1KB

MD5
69016e6a597d194701476b8e04d4e028

SHA1
71a24ddb0c5bbd321d3f09d7b322c3655fb5e129

SHA256
4740d289d0a31bc1fc00e255845b3d8ba7cec2d6d0ee92177d23aa293f9fca3a

SHA512
a9399ea57f65c6569e2a9e9ebe9fa2da7184ec92a555549f39cbbe9dff15530ad526107a2a2304d822be37580a965c6ea4e88a46adebd8ff3af402d2c25321ae

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedgewebview2.exe.sig
Filesize
1KB

MD5
d8d0face111912e6dcc93f665bfa10ad

SHA1
e171cc8b4abd73e2e6f9e0145e8e3d46e333133b

SHA256
5efe288bf88e3a66ead387ee327d7f2ae6637fa507e14271cd1c30024279945e

SHA512
2bedc86a79225d3c23067a042a219976a670ee164222cbde077edc2bf5618181eb5e26edf86946e2797016c5a87f3534e47dc4ac76d40487354a701ef77aa51a

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\MSFT_PackageManagementSource.schema.mfl
Filesize
1KB

MD5
1fb20e4a02ba1ad84aca9d99fb1921cc

SHA1
169ea6ad71a5c4f4d8312668259ffb793e6cac0d

SHA256
1c55f2acd075736d1fccd0e7bca9292072d933e2811b8e042c172e9e7f112f39

SHA512
3516ca18f6f5b64fdb2de80c950d114b2c5d979c24764cad4328411eca14c47c4758816bce45c3a691adaef50fdeeef64ca51a7ce603aa5ac11bd308a9166621

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.strings.psd1
Filesize
1KB

MD5
9cb17fa9b59645c7f574893b4565d2ab

SHA1
274e027aa39e24845fd11fcbf265523de44e69e9

SHA256
e2e70c766bc6c37a41a221b53a0e62ef616c8fbcf7a244c4863f6a74c06b8e64

SHA512
d28e543a9355274fecea9be5b1120fefea5e4652835e477cc9886527c0a67556582368618ef1ad98fc95a406541cb7541dc30451033a77b8c0f2011874b1a774

Download Submit
C:\Program Files\7-Zip\7-zip32.dll
Filesize
49KB

MD5
2f244a56091c9705794e92e6bcc38058

SHA1
3f2b518be764f29c66ba8564d1be8f4309cce747

SHA256
e322feefa8d4c76d8749f88c9b877e3e119418c4ac0b18a8cfb7260638cc588d

SHA512
3ee3835abfec9c2db4ba1f33b5e59db2400e712d5dd7cde82a12889ea1beab8ac85b923ec0447e81b3d2ce3ebd14922882653f5bcdcc81a29f225acfa4872572

Download Submit
C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md
Filesize
2KB

MD5
ddc4cb14453391bcb5f4d645b2916a6c

SHA1
c4738d174c90c285e17bf51a9218256f45f96ea7

SHA256
0c19ba9eeecab3cbbdf38da08c3fa0266f10ce8166e056715931efc543335eeb

SHA512
34a32b92ffb2945608439653b5ecacba49fd3312ba5487ba14796c75b07655f0d8f735453dac117d46d204d3f810126f8a189f82c015fa8bb6ea37d9b8e0e30f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
Filesize
190B

MD5
c5b7a97bda04c48435a145f2d1f9bb42

SHA1
bd94219a79987af3e4d4ce45b07edc2230aaf655

SHA256
07ec9bf950252d0254d4d778698c2e4173f36dbc3f57f51f34d1b85a07c2eab0

SHA512
7eb1a26cf8ef725ba6d1934ca4802f70cc22539017334c1d7a6873afeea6236bcd643b52630f7fa9d8a9e692f718ba42cc704ed5f8df17757028be63c3efad80

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif
Filesize
153B

MD5
d13b5ffdeb538f15ee1d30f2788601d5

SHA1
8dc4da8e4efca07472b08b618bc059dcbfd03efa

SHA256
f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876

SHA512
58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml
Filesize
744B

MD5
809457c05fe696f5d34ac5ac8768cdd4

SHA1
a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9

SHA256
1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be

SHA512
cf38e01d3e174ff4b8070fb88ead7e787143ce7cf60b91365fafd01cacc1420337654083a14dfb2caa900141a578717f5d24fa3cadd17c1a992d09280fd8dc44

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK
Filesize
114B

MD5
301657e2669b4c76979a15f801cc2adf

SHA1
f7430efc590e79b847ab97b6e429cd07ef886726

SHA256
802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b

SHA512
e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK
Filesize
113B

MD5
b9205d5c0a413e022f6c36d4bdfa0750

SHA1
f16acd929b52b77b7dad02dbceff25992f4ba95e

SHA256
951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a

SHA512
0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html
Filesize
1KB

MD5
3be680b6a8edfdeed37bf5068a37dccd

SHA1
75bc261fc558634731e683e431e4a31c5b463107

SHA256
1777e4f7955cb5900c97d92081efc4b11704ee3b265717a7d7152972b49a36c4

SHA512
a3c8a91689105a14c49b020826944d32540353c56fb9e9a011639ff5107d25e1d3466f0fc487ef953c6bbf0c006abc5204e3a8f0093e1c633013a547f8ecab21

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\2F83BD1D-C37E-49A4-8DFF-CE9E760C8D51\en-us.16\s641033.hash
Filesize
106B

MD5
f536fbf78e26387affb82ee89943b870

SHA1
3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7

SHA256
34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15

SHA512
d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450

Download Submit
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-ARIA-d5a8f02229be41efb047bd8f883ba799-59258264-451c-4459-8c09-75d7d721219a-7112.json
Filesize
121B

MD5
709c6a80af0276b170c521117ede47c6

SHA1
8e6d9001ca20e76482e1ab88d54d47c65c8c7836

SHA256
d8129de4286dc4fd245c7776b51d76aaa727956e8fc88ff928eb69ff7fc17e0b

SHA512
bef13fa741340cb7c1174406f76f9c65445c76ec091e47daa8537b5f769ad2231347c61144ce8f6e4cb16fd5cd27bb169930c3f8c3b5b9e24e6609491fbbd4e3

Download Submit
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.P-Eco3PTelDefault.json
Filesize
57B

MD5
ab9d8ef2ffa9145d6c325cefa41d5d4e

SHA1
0f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab

SHA256
65a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785

SHA512
904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100

Download Submit
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml
Filesize
2KB

MD5
234c58fcbf2775edbfda910d2e0cb945

SHA1
16314a6f5604aab01e76d5e7f7794b40c23a4785

SHA256
68193f3f98611b2aa42be4d2995b0b9a2465277c7520231324a08460639a41a5

SHA512
fddd87a902c108de1d986dc6e4fa7347e3908076d1ec3f64b19602d3a2318ad5ee0a1d46599ba860dec61843c2954d3cc9e91aac9718a82d1043e32b3dfb6bdd

Download Submit
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\3ebdb897-991b-934f-ee13-2ca21ed81938.xml
Filesize
3KB

MD5
703493f4417c30ed1e1856d3628945a4

SHA1
c8da0fdf2d0580a739f0d11a4322131581b67f77

SHA256
7c23b4ec3b42f260dfffadaf7d59a0efcc8f6547149b45907b1fc5242a4e6c2e

SHA512
2876029ed71708e31bce2871dc62820c6684a16be26802560341a07dac9394095d7b672ccdfb65bcae8177539c4f20cf4e8b8b8e892fd117f21cebd3632275a4

Download Submit
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\bb26a0e5-d235-0ee6-0c36-6d5e185fa5b1.xml
Filesize
2KB

MD5
af98b62b3f9d6e70c082f05969c0d2b3

SHA1
2a78fe6ace36668a1505ce949dd5415cf172590b

SHA256
77544451f210250b90637e7ecfebfc0ce00398ef964a2d46f1b92adf4d6f97a2

SHA512
6a8d54bbaa9d6f04de832a60fed8f471eaf38bce9f95942d2fa84dba035739b65cc4fbe58904a7d2220af89d735b96be1bb6aa43aedecb83afba6c4d3be20850

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
Filesize
1KB

MD5
8b550761ab80413c9c09f7fb472dbfaf

SHA1
67122822562203c17dd3f762194e470f90ddfa97

SHA256
f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b

SHA512
9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
Filesize
634B

MD5
8776c367699ad807af292f1f5d085d4c

SHA1
9209e352bf9d3999f94881a75d6f7d39bc6d7f77

SHA256
18b602cdbb7656129a359046fc68faf1b990da88c6c3b3e6b20c1df399cc0645

SHA512
83a17d98d175a122fe98cf89c476826769d8fae0d74dc93c8fe48d12089e26bfd501a586db3783a03e1bfe07864ebec2a6b5a48415554c61cd565131ed40a9e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
f5cfd73023c1eedb6b9569736073f1dd

SHA1
669b1c85ecbafe23c999100f55a23e06bf59ead7

SHA256
9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2

SHA512
5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
Filesize
279B

MD5
2dcea950234175e3edf672936843ab5f

SHA1
4ca6dfb9ed642bbfc0002cd47abaa2dc895ce0d4

SHA256
74ca16b1138459ef2afb19324097332626ee7c897687c5adc5488f93bf0c11ff

SHA512
483866f3ee1d730f1052b0ce34832e0e42145296df490a68901b95e616f2dfdc39fb13e2ed80bd259c43475830f6a74257a5fc8d163e7f1dd17d39556501dfa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
Filesize
297B

MD5
9ee38aeba19f4d46fcd9eda4661325d2

SHA1
d458ade2d50d219b089b0985ef765a80843602ad

SHA256
d99258f5d81067df4e95825381104fe6c90d04d01bdd2915954dd06f75d07c10

SHA512
f352805d5ebb6b3351dee65dd1f66ae5493ea36dc342c31d8e714fd11095739f755a50d865b9bcfc40c60616c9bcee4cbbcabb6c18566fdb73e778cd41112738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
Filesize
24B

MD5
1681ffc6e046c7af98c9e6c232a3fe0a

SHA1
d3399b7262fb56cb9ed053d68db9291c410839c4

SHA256
9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0

SHA512
11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

Download Submit
memory/4320-1-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-11186-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-23403-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-15180-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-25127-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-13142-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-17465-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-9487-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-7936-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-5809-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-4092-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-3435-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-1925-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-904-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-361-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4776-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download