d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae

Analysis

max time kernel
175s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
Size

335KB
MD5

c3d5522f176830c4a24223c96439f668
SHA1

46574cd17ee2a1f2084dc83a65df94e13ce25061
SHA256

d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae
SHA512

0ed0510f4bba6280e4319f3742d1775d7d251c35517f74f1e2f7350ac68239879b0171a279aab252947163977f363cf3852d52747b225aa160f882cb82bc532b
SSDEEP

6144:1YS9RhUoKV8TCylQ0MWNns5wiSvypQof+9RpfbMPrac6bhMq:1/9T0ylQ0MWNns5xSvyp7W6MMq

Score

10^/10

evasion persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\How_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; word-break: break-all; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">Na03TbH8ypax6HsPUhS3EQgJpAbxWMkl1Guou58E6g2qQ/WUg2Fq+kbdhXdzOTjiy9CfFnX+RNYqNyWEXGXB/0xmhEVtdlWrnOpdWCWStsPEP05pIUI3g2dbOwyhumfiQ/nKtlB1HLTZvJeRcYUaDiIfPLcMSEQ5Y6KxiPqK4leVNtFju3C6VWnWs0rHt8gRtp2l66R2jw0Jfo0oNBsH/j/TA1Bh8yKN4/zfADYtxKWDipA8EIl7WCgE2FJsFqwL8B/JXNZ36GyAxi7wU5BtnhVE3YOa8xhcqVz9F/D1onX0p9dAN+QZIVjr2SXlfTIQiMWjWvInFL3Il28Rzyvci+t2B82HnRn1fkjD+ORDxqfdbQS0+hQu9z/Uo9giJeYCzGhmpEudzjnutNVhQdyLkXH+qhdRmxm2a4xILS1NMuIPsbiHuoy3gfcFIAzO+VTOTtlaLL2f+EDIW/g7fb76k63dOq9EvuPanTxYHX2wYt//kLeQuiRt3aI6vZfwtkoLLSJd5np5mc211MFxW+4mxKewl8l2DjpHkts49ULH+s5J1E9+BQEIcY7o1WcI17DFIwIW5heRdiICJujMY0E2roEn+5+UczScHXOPjCVaLn3hvkBJ/aGWE1VHDmMFlZ2Ba4vli7+So4h3XGe0brGa5OIjL13D+rD+j4wxil5MR5lLfgDKtMYqAtGK2D3HHhY8aySG8DbnJCHnrrFzZGjbxlWHVRmw7NWrOQzo6SHiodAqjDU0lGj9uczwbDUZzgwRNWwDyY6YWkHRQ3A4QJKoTXg8q3723r+xNmGyIiLeWsBGS8xAQUL5zNhEVI2oeFoOJq7lrUnDrYAVWdHQknboIrsXeBkpn6pz23D/roRJflRtf1aP1teGCYx/+MekLYKpNhMlGsSMsIq4SobnJCMZBNet1SfbEwZ0Vd3oueVNdmIydptq3sVMnlmr0ncPdQD3A6PmuRv/ED54BRtZBdmfYtfNWk9xqW62tRxYKzbVqf08Z7umiYwDeP11fxTInyQFwfdtC4U+b1TpLUiNLZ3ydcClefp0SVEcJ/m36r5BN6rkkflYs4c7G1BT6wLo72It50vfzab46PhpR/pZK1EI/GL+fPnlsOfjrsi22d7FWC6qrxeJCGm1e3UA9IlMvRwup6s6l/G5xvMFtzioszHfF7Xpmafj6AB5eEf+eYiNHuWEE8z92d+idZ3rvDbuQ9bPRETtAtIuTNfq0yLiSt1SHgTnXhoQk0oW7xx6APiEqBLTsOL2oi32WCsD5z8jMRi7Gu/jzSjgCeuqQt56hIHmNtt2QWVesCPjyelvByM/S5BEbDUElBb5kE0dmbJ/1HWQuCdkTKOU272C3/OTD+Z4s8m8mLAHTnH34kvNNpJXNnQ0objHJqhph7o2H22hchKe6zJe44HxvEHygslFfNDAqWaVkgGBALSN6QCS62MjhBy9ysVJWz9dGWI+M1bzNFOqtkpO005VCT66i+3FIZr4e4jtRTgf9vhzyQUHaCkh6B9TCWmDFmX3Q+VPNg6wxtJ4qQmqEYTA5CuIPYqxdWUzVeqeGYK9ZQNtKhLiPjLrI7COw4L/3p8Pkc74tMFUFITg3M5NASJ3DBzk4SAQguWKlKAbB0Rvw/Pq/X31IJKeZyWJiM7v0nUu5BsPVZt6YReWGotUh11Rm2UwMD5FvN6aR/gfvMPmrLeP1NiXmg5dZRM=</span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <hr> <b>email:</b><br> <a href="[email protected] ">[email protected] </a> <br> <a href="[email protected] ">[email protected] </a> <br> <p>* To contact us, create a new free email account on the site: <a href="https://protonmail.com">protonmail.com <br> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> <p>* Tor-chat to always be in touch: <a href<a href<b> </div> </div> </div>  <b> <b> <b> <span style="font-size: 22px">qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion</span> </b><br><br> </b><br>  </div> </div>  </div> </div> </body> </html>

Emails

href="[email protected]

">[email protected]

href="[email protected]

">[email protected]

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2000 created 3580	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	41

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
2164	bcdedit.exe
856	bcdedit.exe

Renames multiple (6498) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Deletes System State backups 3 TTPs 1 IoCs

Uses wbadmin.exe to inhibit system recovery.

ransomware

Command and Scripting Interpreter

T1059

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
2932	wbadmin.exe

Deletes system backups 3 TTPs 1 IoCs

Uses wbadmin.exe to inhibit system recovery.

ransomware

Command and Scripting Interpreter

T1059

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
3552	wbadmin.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BabyLockerKZ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe\""	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BabyLockerKZ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe\""	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\Z:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\F:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\B:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\G:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\N:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\S:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\T:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\J:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\K:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\L:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\M:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\O:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\I:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\V:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\W:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\X:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\U:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\A:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\E:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\H:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\P:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\Q:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened (read-only)	\??\R:	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125_contrast-black.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-36_altform-unplated.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\ui-strings.js	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\dotnet\host\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\BLUECALM.INF	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_altform-unplated_contrast-white.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\main.css	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.scale-200.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MarkAsReadToastQuickAction.scale-80.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-100.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.map	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-IN\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\ui-strings.js	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\EXPEDITN.ELM	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-100.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-unplated_contrast-white.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-48.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\holiday_weather.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-40.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Light.scale-125.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-24_altform-unplated_contrast-high.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\eu-es\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-125.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Images\fre_background.jpg	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\MSFT_PackageManagement.strings.psd1	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-lightunplated.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-24_altform-unplated.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\plugin.js	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8FR.LEX	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\it-IT\wmlaunch.exe.mui	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\meta-index	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\How_to_back_files.html	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lt_get.svg	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-80.png	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\WindowsBackup\WBEngine.1.etl	wbadmin.exe
File opened for modification	C:\Windows\Logs\WindowsBackup\WBEngine.3.etl	wbadmin.exe
File opened for modification	C:\Windows\Logs\WindowsBackup\WBEngine.2.etl	wbadmin.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Interacts with shadow copies 2 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

pid	Process
4200	vssadmin.exe

Kills process with taskkill 14 IoCs

evasion

pid	Process
1740	taskkill.exe
1716	taskkill.exe
4720	taskkill.exe
4340	taskkill.exe
2144	taskkill.exe
1408	taskkill.exe
2228	taskkill.exe
4300	taskkill.exe
4472	taskkill.exe
4508	taskkill.exe
2108	taskkill.exe
2088	taskkill.exe
1700	taskkill.exe
752	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	taskkill.exe
Token: SeDebugPrivilege	4300	taskkill.exe
Token: SeDebugPrivilege	1716	taskkill.exe
Token: SeDebugPrivilege	4472	taskkill.exe
Token: SeDebugPrivilege	2228	taskkill.exe
Token: SeDebugPrivilege	4508	taskkill.exe
Token: SeDebugPrivilege	2088	taskkill.exe
Token: SeDebugPrivilege	4720	taskkill.exe
Token: SeDebugPrivilege	1700	taskkill.exe
Token: SeDebugPrivilege	1740	taskkill.exe
Token: SeDebugPrivilege	4340	taskkill.exe
Token: SeDebugPrivilege	2144	taskkill.exe
Token: SeIncreaseQuotaPrivilege	4580	WMIC.exe
Token: SeSecurityPrivilege	4580	WMIC.exe
Token: SeTakeOwnershipPrivilege	4580	WMIC.exe
Token: SeLoadDriverPrivilege	4580	WMIC.exe
Token: SeSystemProfilePrivilege	4580	WMIC.exe
Token: SeSystemtimePrivilege	4580	WMIC.exe
Token: SeProfSingleProcessPrivilege	4580	WMIC.exe
Token: SeIncBasePriorityPrivilege	4580	WMIC.exe
Token: SeCreatePagefilePrivilege	4580	WMIC.exe
Token: SeBackupPrivilege	4580	WMIC.exe
Token: SeRestorePrivilege	4580	WMIC.exe
Token: SeShutdownPrivilege	4580	WMIC.exe
Token: SeDebugPrivilege	4580	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4580	WMIC.exe
Token: SeRemoteShutdownPrivilege	4580	WMIC.exe
Token: SeUndockPrivilege	4580	WMIC.exe
Token: SeManageVolumePrivilege	4580	WMIC.exe
Token: 33	4580	WMIC.exe
Token: 34	4580	WMIC.exe
Token: 35	4580	WMIC.exe
Token: 36	4580	WMIC.exe
Token: SeBackupPrivilege	1068	vssvc.exe
Token: SeRestorePrivilege	1068	vssvc.exe
Token: SeAuditPrivilege	1068	vssvc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 4236	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	91
PID 2000 wrote to memory of 4236	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	91
PID 2000 wrote to memory of 4236	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	91
PID 4236 wrote to memory of 4084	4236	cmd.exe	93
PID 4236 wrote to memory of 4084	4236	cmd.exe	93
PID 2000 wrote to memory of 1512	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	94
PID 2000 wrote to memory of 1512	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	94
PID 2000 wrote to memory of 1512	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	94
PID 1512 wrote to memory of 3360	1512	cmd.exe	96
PID 1512 wrote to memory of 3360	1512	cmd.exe	96
PID 3360 wrote to memory of 2108	3360	cmd.exe	97
PID 3360 wrote to memory of 2108	3360	cmd.exe	97
PID 2000 wrote to memory of 4200	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	100
PID 2000 wrote to memory of 4200	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	100
PID 2000 wrote to memory of 4200	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	100
PID 4200 wrote to memory of 3172	4200	cmd.exe	102
PID 4200 wrote to memory of 3172	4200	cmd.exe	102
PID 3172 wrote to memory of 752	3172	cmd.exe	103
PID 3172 wrote to memory of 752	3172	cmd.exe	103
PID 2000 wrote to memory of 4580	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	104
PID 2000 wrote to memory of 4580	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	104
PID 2000 wrote to memory of 4580	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	104
PID 4580 wrote to memory of 940	4580	cmd.exe	106
PID 4580 wrote to memory of 940	4580	cmd.exe	106
PID 940 wrote to memory of 4300	940	cmd.exe	107
PID 940 wrote to memory of 4300	940	cmd.exe	107
PID 2000 wrote to memory of 2472	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	108
PID 2000 wrote to memory of 2472	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	108
PID 2000 wrote to memory of 2472	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	108
PID 2472 wrote to memory of 1744	2472	cmd.exe	111
PID 2472 wrote to memory of 1744	2472	cmd.exe	111
PID 1744 wrote to memory of 1716	1744	cmd.exe	110
PID 1744 wrote to memory of 1716	1744	cmd.exe	110
PID 2000 wrote to memory of 640	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	112
PID 2000 wrote to memory of 640	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	112
PID 2000 wrote to memory of 640	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	112
PID 640 wrote to memory of 4444	640	cmd.exe	114
PID 640 wrote to memory of 4444	640	cmd.exe	114
PID 4444 wrote to memory of 4472	4444	cmd.exe	115
PID 4444 wrote to memory of 4472	4444	cmd.exe	115
PID 2000 wrote to memory of 3724	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	116
PID 2000 wrote to memory of 3724	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	116
PID 2000 wrote to memory of 3724	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	116
PID 3724 wrote to memory of 3552	3724	cmd.exe	118
PID 3724 wrote to memory of 3552	3724	cmd.exe	118
PID 3552 wrote to memory of 2228	3552	cmd.exe	119
PID 3552 wrote to memory of 2228	3552	cmd.exe	119
PID 2000 wrote to memory of 1500	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	120
PID 2000 wrote to memory of 1500	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	120
PID 2000 wrote to memory of 1500	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	120
PID 1500 wrote to memory of 2552	1500	cmd.exe	122
PID 1500 wrote to memory of 2552	1500	cmd.exe	122
PID 2552 wrote to memory of 4508	2552	cmd.exe	123
PID 2552 wrote to memory of 4508	2552	cmd.exe	123
PID 2000 wrote to memory of 1636	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	124
PID 2000 wrote to memory of 1636	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	124
PID 2000 wrote to memory of 1636	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	124
PID 1636 wrote to memory of 1316	1636	cmd.exe	126
PID 1636 wrote to memory of 1316	1636	cmd.exe	126
PID 1316 wrote to memory of 2088	1316	cmd.exe	127
PID 1316 wrote to memory of 2088	1316	cmd.exe	127
PID 2000 wrote to memory of 5028	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	128
PID 2000 wrote to memory of 5028	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	128
PID 2000 wrote to memory of 5028	2000	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe	128

System policy modification 1 TTPs 4 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1"	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1"	d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
"C:\Users\Admin\AppData\Local\Temp\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2000
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c rem Kill "SQL"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c rem Kill "SQL"
    3⤵
    PID:4084
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1512
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlbrowser.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3360
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im sqlbrowser.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2108
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sql writer.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im sql writer.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3172
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im sql writer.exe
      4⤵
      Kills process with taskkill
      PID:752
    - - C:\Windows\system32\taskkill.exe
        
        taskkill -f -im pg_ctl.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlserv.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im sqlserv.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4300
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im msmdsrv.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1744
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im MsDtsSrvr.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4444
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im MsDtsSrvr.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4472
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3724
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im sqlceip.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3552
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im sqlceip.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2228
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im fdlauncher.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im fdlauncher.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4508
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im Ssms.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im Ssms.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im Ssms.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2088
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE
  2⤵
  PID:5028
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im SQLAGENT.EXE
    3⤵
    PID:396
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im SQLAGENT.EXE
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4720
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im fdhost.exe
  2⤵
  PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im fdhost.exe
    3⤵
    PID:4164
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im fdhost.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1700
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe
  2⤵
  PID:4744
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im ReportingServicesService.exe
    3⤵
    PID:2240
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im msftesql.exe
  2⤵
  PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im msftesql.exe
    3⤵
    PID:4480
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -im msftesql.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4340
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe
  2⤵
  PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -im pg_ctl.exe
    3⤵
    PID:752
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c taskkill -f -impostgres.exe
  2⤵
  PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c taskkill -f -impostgres.exe
    3⤵
    PID:860
  - - C:\Windows\system32\taskkill.exe
      taskkill -f -impostgres.exe
      4⤵
      Kills process with taskkill
      PID:1408
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQLServerADHelper100
  2⤵
  PID:4732
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop MSSQLServerADHelper100
    3⤵
    PID:2676
  - - C:\Windows\system32\net.exe
      net stop MSSQLServerADHelper100
      4⤵
      PID:920
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop MSSQLServerADHelper100
        5⤵
        
        PID:2292
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$ISARS
  2⤵
  PID:2468
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop MSSQL$ISARS
    3⤵
    PID:1064
  - - C:\Windows\system32\net.exe
      net stop MSSQL$ISARS
      4⤵
      PID:5016
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop MSSQL$ISARS
        5⤵
        
        PID:636
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop MSSQL$MSFW
  2⤵
  PID:856
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop MSSQL$MSFW
    3⤵
    PID:3724
  - - C:\Windows\system32\net.exe
      net stop MSSQL$MSFW
      4⤵
      PID:2180
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop MSSQL$MSFW
        5⤵
        
        PID:3596
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$ISARS
  2⤵
  PID:5024
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop SQLAgent$ISARS
    3⤵
    PID:1500
  - - C:\Windows\system32\net.exe
      net stop SQLAgent$ISARS
      4⤵
      PID:3788
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop SQLAgent$ISARS
        5⤵
        
        PID:3620
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLAgent$MSFW
  2⤵
  PID:4780
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop SQLAgent$MSFW
    3⤵
    PID:4960
  - - C:\Windows\system32\net.exe
      net stop SQLAgent$MSFW
      4⤵
      PID:2956
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop SQLAgent$MSFW
        5⤵
        
        PID:456
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLBrowser
  2⤵
  PID:2504
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop SQLBrowser
    3⤵
    PID:3248
  - - C:\Windows\system32\net.exe
      net stop SQLBrowser
      4⤵
      PID:1360
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop REportServer$ISARS
  2⤵
  PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop REportServer$ISARS
    3⤵
    PID:4456
  - - C:\Windows\system32\net.exe
      net stop REportServer$ISARS
      4⤵
      PID:4236
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop REportServer$ISARS
        5⤵
        
        PID:3564
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c net stop SQLWriter
  2⤵
  PID:1080
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c net stop SQLWriter
    3⤵
    PID:3532
  - - C:\Windows\system32\net.exe
      net stop SQLWriter
      4⤵
      PID:2044
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop SQLWriter
        5⤵
        
        PID:2108
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet
  2⤵
  PID:1088
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c vssadmin.exe Delete Shadows /All /Quiet
    3⤵
    PID:4464
  - - C:\Windows\system32\vssadmin.exe
      vssadmin.exe Delete Shadows /All /Quiet
      4⤵
      Interacts with shadow copies
      PID:4200
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet
  2⤵
  PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c wbadmin delete backup -keepVersion:0 -quiet
    3⤵
    PID:4716
  - - C:\Windows\system32\wbadmin.exe
      wbadmin delete backup -keepVersion:0 -quiet
      4⤵
      Deletes system backups
      PID:3552
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP
  2⤵
  PID:3324
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTATEBACKUP
    3⤵
    PID:860
  - - C:\Windows\system32\wbadmin.exe
      wbadmin DELETE SYSTEMSTATEBACKUP
      4⤵
      Deletes System State backups
      PID:2932
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
    3⤵
    PID:5056
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
      4⤵
      Modifies boot configuration data using bcdedit
      PID:2164
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No
  2⤵
  PID:3172
- - C:\Windows\system32\cmd.exe
    C:\Windows\sysnative\cmd.exe /c bcdedit.exe /set {default} recoverynabled No
    3⤵
    PID:5072
  - - C:\Windows\system32\bcdedit.exe
      bcdedit.exe /set {default} recoverynabled No
      4⤵
      Modifies boot configuration data using bcdedit
      PID:856
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  \\?\C:\Windows\SysWOW64\cmd.exe /c %windir%\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
  2⤵
  PID:3012

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3580
- C:\Users\Admin\AppData\Local\Temp\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe
  \\?\C:\Users\Admin\AppData\Local\Temp\d9de562ac1815bf0baad1c617c6c7f47d71f46810c348f7372a88b296d68cfae.exe -network
  2⤵
  - Adds Run key to start application
  - System policy modification
  PID:3460
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:2956
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c pause
    3⤵
    PID:3212

C:\Windows\system32\taskkill.exe
taskkill -f -im msmdsrv.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1716

C:\Windows\system32\taskkill.exe
taskkill -f -im ReportingServicesService.exe
1⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1740

C:\Windows\system32\net1.exe
C:\Windows\system32\net1 stop SQLBrowser
1⤵
PID:556

C:\Windows\system32\cmd.exe
C:\Windows\sysnative\cmd.exe /c wmic.exe SHADOWCOPY /nointeractive
1⤵
PID:2464
- C:\Windows\System32\Wbem\WMIC.exe
  wmic.exe SHADOWCOPY /nointeractive
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4580

C:\Windows\system32\cmd.exe
C:\Windows\sysnative\cmd.exe /c wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
1⤵
PID:1120
- C:\Windows\system32\wbadmin.exe
  wbadmin DELETE SYSTEMSTABACKUP -deleteOldest
  2⤵
  - Drops file in Windows directory
  PID:1992

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.readtext5

Filesize
1KB

MD5
e0b21c7b10bfdb25de93ac28386b6064

SHA1
484fb132fad6d0603900c874c3fa92dd6cf8e251

SHA256
abe10712630c6b915105d367e03b30aac9afd6e85a14d85636e6127697164fb9

SHA512
916cbe82edd7fbf98c5a421e9fe9383e1a68e4117002cda085385e9f3e97f83e00af43b7dcb4b890ab91137156d4900f7604485184ffd3b8da3be8395d248c62

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
52KB

MD5
e12280cedd720cf96acda1d44497a536

SHA1
7ed257e9fb2975d811959512b418f0c2cafb17ed

SHA256
954c8356c3c02cb14711288d3c07b1dc8e9aa33d12b1aced44ee07776078c364

SHA512
d143890932d9cf22dfebff8ad3dcf6d10cd40b579d73df33ee3c3a3d10a696558a4296e2513f2272fb418b14d1ed8911809c4d21cf5bd341b8558bb15dda8dc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg

Filesize
2KB

MD5
8a636697f3897a2628796f213441c034

SHA1
d149ea1a44eb1650bcbb6bc048e462cee4db4de0

SHA256
47b8addb64dc09fb01f0cff14c2dc381a318cd33ba334710bfbbe9076bad730e

SHA512
755581577699127cf606296cbbed39949fe01afb1e0ab6eadcc684027941220c198147011aa80a5a0e365892ad70337a1a1db807b936651663ba331840619941

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
3KB

MD5
8ba559ef3b3b50793b536c8c6cb66bc8

SHA1
91180469337426a5fc630ff80ede974034d5bb8d

SHA256
21eb3e2ed4e7864a39951d9171988f8f1d1646cbfb391b60651df945e4dc894c

SHA512
f2c2c49dbf2d66e1085cac59566b5de9c3a2ac3537bfd73e7bd5154f075c0204da42bcd8400f716284f98c428846df2129b1351e4fc87a663306ab3a87fe2e8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
5KB

MD5
c98c7db42faf463ff87b24e821cd921d

SHA1
33927673373c18acc1b4f33fce287662ebc476ce

SHA256
f24fa65a0ae73b0acd5b67d4432377fc449d4ea8b44a9950537977dd2ae7947f

SHA512
ca7284876c0b1b56199ce3d9fd550edcc5e523fd4fb83bce1784e0aaf1b0d03990ba558a2fbe31d971722298d829e9a1f8b934c6ef2b288879a022cd36a1304e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg

Filesize
3KB

MD5
1330856c250afc1c94bc0734e89af747

SHA1
0da9ef0a40d5c22031c1eecd4189b7cab8dc1e91

SHA256
9d15995d975639c452988e2fb17df65659f0dd6697d7f1c7a15f5923939f8358

SHA512
f854fdcec0ddc37a1ae9778dc2e2998e5e4f6dfee3989f823a0e5e6b28020c9519bc4e1034bba69124c7edb995eab30ebf5d6310122d266a643790a42da5792a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg

Filesize
2KB

MD5
35f5935f9dabb1e27f9539014cc52f93

SHA1
792920ea5037c06d8c09e3945423d17d1dac71ec

SHA256
1f75e909c81457beb50024bef8bceccbd338a3845d030a29908f338ce20a0d71

SHA512
3e88ecfe24762e969f24abad83abefc1c4326cd9ca70a993620cfe12c35f0dd2bbe271279decedc73222326f1ac73211eaf8d2d194ee05bd2c463800aaf6ae93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg

Filesize
2KB

MD5
ad0b35967fb97e7d86d2c963b7916b55

SHA1
1219e9d2e297d9690cde1f445d5df9f0e9cd98d4

SHA256
e3a8fdd4d7e12a68e7f817a7073bff07ce3b1762d966a6ec39a9e435c55e8680

SHA512
d103a73b61c272fa3dd3e18e74103e717109c83e5a7f73a3ebb342a9f9cb114c2b9b27f1a58e6e1f4f35689deb4ed2bb69b6c184b29ccd0d8e1b33ea9ddc67f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg

Filesize
2KB

MD5
85f26d59e97e443abb7ceb5c2e380eca

SHA1
cd952930be3e2bf09effc526343f92182d6baef0

SHA256
1bcd64dd9be31260c3331d1138db1957b629145af074a933fdad88e85ad16389

SHA512
a141467c1807bfffb507727f77ad4078b2396d1b50c200ca9dd09fc243266d6564666c2a6508f164588eca32d54b4f20f0408b2b05acaa786db266288b1435d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg

Filesize
2KB

MD5
bf272935c4d51d8d88151d0eb43df458

SHA1
7ccd29097ff8018a82a49835dc8db2901e5d2d75

SHA256
ab0347f28e1dca2e91706c8973d28979c9e79d0bbce06e89af55e30704334cde

SHA512
00d168b964f106b6b76bd93f32295879aa693bc233d3ebc25cb29997b75ca7d668fb04a20cfee53527b255907b3590b7d1938494b28ab7feb60b066e753913cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_export_18.svg

Filesize
9KB

MD5
6384ccd76513699dd6de4d0a83d96aa2

SHA1
e71ce4f9656fde27ea38d86acd6442f712f0f79c

SHA256
56f1b413ab0d57d9846e45800074bc8372d3992d2a53eff0234f00346b4cad07

SHA512
39e67c4096767bfdb72c1c3046e84cc30db7b91947e662129fcebfc6b051c8dd4179f6b6b92a1f04209c5d4f14a506333a026a15c2c5fb2f1932edfcf21870b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg

Filesize
3KB

MD5
a42e53e05a02f360de75b5f5fe95d513

SHA1
f517a40ba31d30b8d63edb62299970657485d6ba

SHA256
e8d41ca496a13860cd8fd917bb331f6f2a3a6bcb8814ef7fed3bffb148134ebd

SHA512
13e7f9d2661a51b9e8fd77e315beb97841d930abbf67f3681c4739c5a585e1f1793cf0413c41e9b08dab2fe564f72569e1dad35e221a7dd47ecc7aad1ac4b8c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-default_32.svg

Filesize
2KB

MD5
158c78ad4b5191d3b0fce93f8dd88ae0

SHA1
bb5b08f5452835768013d2da69efef913192bad6

SHA256
ae7a85b625be5b4e7ec7b9cffd08bd5f8e4b8c217ddf90d1fc25750dab947927

SHA512
4f31b6def2f3852453ddb8a89d5d3d5fb9fe0c3f603db5b1c36d0f97746a9ff0aa8accb4c41298721629ef4e8cbcabe8a51f510ba16183bef9d81ac4a220265c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_move_18.svg

Filesize
2KB

MD5
5fd4420aafc2ef24d58bb404257f0cd0

SHA1
7bb11222d12df4d6f7437a5d67108bba05ae88a7

SHA256
5e6d1345aa6a77b639187df34b6b9e63d41ce01279ab423db03b106c2b9a5fb6

SHA512
b7dd982791dfb1c36a52bfea123000a3b1f5e3e4ac86405a0d65e41f608336b164543412e8201826a0319ae530e7af68531b29773c7f1cf0f3b558036f26df85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_nextarrow_default.svg

Filesize
2KB

MD5
983cd0e0a752cc4873cd09e898d5f39c

SHA1
c857e4887a540bda6e94dbe3daf83dfcb68e7ad4

SHA256
1d3ff7508abb3f9a3dae34ddd3b752137debec5916d62bd42f1e298d7d0626f7

SHA512
130efe39655ce0d04f3f3da1e9fa73f9d665be391bffc15b04ccfdab64bfb7d02bfea563419a5875763ccb273be50c3d8b887c564aba1d72d056155cbb695168

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg

Filesize
3KB

MD5
d27faca5f219bea0ea80ac5154357088

SHA1
542680010cb78209e8731909dd300eaaff11c48f

SHA256
265fc4c8df49cbdc52c3997ba0c3d8b53854754cb57fb04a75cf7e6c5bc7ce17

SHA512
d0727a07dcb95a4c3ec589a2604a81f662a822eac1408c6a17ec8ba29f3821370b5797312c5cbb0e83a795b8c3254e9d444b0a65bec1fcd01f0b84f24966b6c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_rename_18.svg

Filesize
3KB

MD5
b1c7c3bb45bbd269f1436239826ed330

SHA1
19779a9b5c42985c85d4814a2f28449877aa8055

SHA256
61abde2e25248f15bc869e350ccfb71b895d17c0baa7278852660dbd105ed785

SHA512
ce678f3e6ef08f00306700e43111a78b06decf3c151c6d6f0cd2ff31336b77f9c126018a7ad5de496241b0a0bcf9a9cfbb7d16b1d2c4fa8bd4026e8f470ca8f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sendforsignature_18.svg

Filesize
3KB

MD5
a9c0452306b66ad230d83a9316ff3de6

SHA1
e6e73b80b67dcb6aec0152f6a5560cae5db6e959

SHA256
06808530309ff357aba04cae7ac6ba21efabd6efedece6f0d272fcf261b161da

SHA512
acf03fbcd344fb0c4201ef63cdf02169ff584f545e0e2395f91645606befd0b692a67864427cdf4eb76353a9f0b4409838d24766235da3c0fa0c8624604db14b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg

Filesize
2KB

MD5
ee27801c5a93dce3b96e48a642aa26e6

SHA1
42f3ccd34264e6273c5c8420ed57090a1ef72ba3

SHA256
e82ffd63c7fcf58f3472add77ab12bd8ace4bfda25daca988d9ecf31e723749d

SHA512
4ceb377cc4bf3bb1b1dd14b5b7e637e87bde641a5f0158e36349b3a209e8176be1eb0873c0e12198ec0f7ef843f04fdf0351de3bf2a95b0afdbf6d5ba32464db

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

Filesize
5KB

MD5
7b08e529313b6d7394708bc0752f17a8

SHA1
60f4f1498f7140cf199a4edafd728ca2b07527aa

SHA256
2fe12e5821adf4fb46ddf158698657be655700fa3e365a169cadfd29b72a4d1d

SHA512
e12542476cd2177395c1029c4e931f8000ced770b8074f84bc03d9ae13dd51c768a8f471d041a6a1fe3a1f4410be9e7da38a2f294c4e289efcb2eed74199f905

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

Filesize
29KB

MD5
b78dd3ac5e0fe6998f5b78a14771ec08

SHA1
6a9a666f9d8cf66ba070ed8d93312c7941a51cf1

SHA256
19ea80dc6f5c057b93680db78de72c1f2f514de9bd69021a7aada9196aa7c74f

SHA512
6eabe29b1b626fb98d553fd43925fad61dd340ac3d3cfdb99ee9cb589cee0a255f728975c8b44caf76a72da712f0de1ff96cb529e23d78d6ed5179dc359d3e29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

Filesize
9KB

MD5
bd031996cc15dd90759b3239aaf913ae

SHA1
295ddec4ca4a0ab06b2ddccf5c99a1d87ba06264

SHA256
2615a4023b9bb0971736f76e45b7fb9b301a4a586636a68f29cc154ba6bbf21c

SHA512
c991ab6c24d4fd02f84c003c334d8c87f19c286c75eed9f5bd8f4e7f2fdda0e36b8c82dc3c5c160b395f6688096d4369ff1e834e9275729ed7a224e34c19224d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

Filesize
2KB

MD5
baca624fb30a3e3a4437059bc96d402d

SHA1
3385192e8245f046ddfa35cda9c562874d14fbb1

SHA256
54e907f885ecb1842248ff1eb8b14662700955a594ba566fae2668f22759858e

SHA512
5b80c6d77463dae198a194c113f62c861e3aa5d61a2f222e1361393d8a39845b2882c99ea51673b5da11d6152f4409c2faf0b9c48bb8c7f169d45f85799ce0da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

Filesize
3KB

MD5
62052fcfef87b292559095c36135b788

SHA1
373a81d59c64fffd9bda6ecf378de25aa6b6f169

SHA256
b751ed684f3361a0dc7eabf957217aeef22d734721af9aaecc076ed73e1fb8c8

SHA512
ec4e48e762ccdd4d4a2a391f7d43d3a36112f033b50dda0313c6c90b7e4d3d5b63571a3bb821cf692d9d15c6087cea99f123b9d9eeef8a79ec47c2a30e3d6061

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js

Filesize
176KB

MD5
560f59e812cf601f3f52be0a19cedb2a

SHA1
df92ab106569933927a47b189e3a5f70358aaaba

SHA256
332850bc89f89cfb037d70da9111e0cf6d8a4c347f794004818833604bad1740

SHA512
c2646c8012cc1617e5bbde1776a38c378ea7bbc4616f437a09248423e869db099ddadccf6cd6f4bdbc8b63e27125d67d8cae5c3206f833df9ffb3d46cb150df8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js

Filesize
377KB

MD5
356867fbb2dac0b545df2ebe55157ec4

SHA1
d98b2491459246e8038ed6c2bdd4e32d6f9cb69d

SHA256
79ff5186518a81a964cca9781738ec6f1da8ff2957b0775fd89a70cb9d0da048

SHA512
223e59868c2f137349daea85b2c3cc6d600aeb09b762af9c40fc50ba2ea6ec88ec53d8fcc7fecb1f56d724b5c4d87344299505e51955c86c1f7197c2add810b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

Filesize
4KB

MD5
098cf8cd578b09e52dec761b93173540

SHA1
b5b2b39036dc1f1164019ccfc9c37a538ec62189

SHA256
829837b537fd38a994b56b0f6ab80d178f8f0c45fce3068015483dabebbdfcd7

SHA512
c73533e4abfc853fb94b89d4c33109e33a4da1f19a122ee9f60de700f330f77509d29e512b960cc7ceb73b169eda5e75e6786fb608e3a70b4f8670dffa1000f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

Filesize
2KB

MD5
d488bc8e0359134e8bac21c3fb32487e

SHA1
46b368cb8ce7303747b5ba42cb386e925881e74d

SHA256
63930409e05cb0e258a4c3afab64ffca3d93266573b015638cc6f53b46f042e1

SHA512
f23db6de91040b12e3db8480882f58c1c23537bf0efebde2428f066ccd3bf7d5925dbd3ca37fb19d437c0826ad420ce6edec71ce5d15ce74a24404f22fa56fe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
2KB

MD5
79dd110e8497d020b79b813f38efad95

SHA1
eca926ba581ae8662643ad6d800d80e5ded69d78

SHA256
461c40bcd7ff5105139564467d4a323d036a5a759c8f07835a8b43a214ed8943

SHA512
8be262dc46bc050fc4155e4cccb9dca8f67b26f905160f20c4a496df0d3293626dceb303e64888ed1c479664f899146225e4c527ad8b67a8dca4c2d99533e758

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
2KB

MD5
83ffe5bd62541b41ae33ac9c2b2a8128

SHA1
9ad48da6d929606e04534b6c8dd89ad5671d48fe

SHA256
c36454dd59c34dd135d464276731f25a5e2663d66d269a4ed28d2d0f6b271de5

SHA512
d9188794d2f3c3971920e750df1eb68e11df36c7b1d1a83f24d26c390688988bed4f1cb0a38f838d35e55bb8fce99954cb38ed81751c5b2e2f0760ff4ca710d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

Filesize
2KB

MD5
9b0af9843c4ca04ee756035c318e0cd9

SHA1
53abfe3b140504229b46647e51b844433a6cf1a7

SHA256
885b2102ce4e0b03609b81e6d07192ba445312687e51a77e53d4ebe2b326cd45

SHA512
01b9a7769bd290d3e6234108c74f406c30e069a8b9ef5e489bc2b713a7297245a9cc6d3d8f00d8468b532c595ae943c285fd1c5a8b134fe4c14bd6905ecbf188

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

Filesize
2KB

MD5
514d27bf7575420e47ba7caa1e4ca1f1

SHA1
4a9888366e0159931369c4e420a5347df36179a5

SHA256
156c7c005b649c0a8f1637e7de83100adcb000fc2bc244395c318107d33502c7

SHA512
5f29f93e96dcb2a279c7fce0fae559c65accf669230ad1b0dc27ba6dabc2d12be99e292a30cc856e0a7ad039aa05ee18f86bcde764fec52016f3ab552dc3d2bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

Filesize
10KB

MD5
b2b5bef42e4e1f51866bf887f6add2a3

SHA1
51d634be32afe254b86d8edb2f37cfc7abc3da26

SHA256
921e7f27a028b34c535de212ce31bd9219438ed075fedf4fe32aa406569d92ef

SHA512
3c7d567745f73cd1af7a019e817846ff7758ad5723b05d2fdb1c26347911753fed19c0733bbf5f983178c1d4f1cdaab22074046e07c1e6f04f01bf2d8882c046

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

Filesize
2KB

MD5
da9d916e34ad214ab4f72ad691a44ea9

SHA1
532b8dfa7233e74d493941a58fdaa14291e38966

SHA256
e93ab66381b06f924bad9c81e22a5e1548d5da164386f581d087241a337671ef

SHA512
15ac8e3c7fda7888e2809b137c2a97387e25eca9c9d27815ab65be7e8c2dee0e983bacbf7d07143c24d5cf1582405a1ffa42c42ffd44f7de5df5c04f412153de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons.png

Filesize
2KB

MD5
390a38700a8db590ad1763ba5ad52ba5

SHA1
3c95c6fde4b72520c9758034422c75c978ddb475

SHA256
16dc10c830d4dfa1f58f49e53f817051aa9e3dd57000127a1ecc869afb476b48

SHA512
2b6596ec8a11dc477ee054e0d6290d141799507fd2bad9c253da609429555aa736cf43b12ec18ed490076de42d4885959ccca5d4296550df63df3a33746fb99e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png

Filesize
2KB

MD5
b956a35b154e7a0ea9307cb06e0d38d2

SHA1
77cb5a60bda26268c9e43ea6780c4854b04e930c

SHA256
896dd88f407a0f51e76e3fc845ce80bf7a92e6a60fe0386b2a57e7ca1439f2f2

SHA512
fa34bff3252f396a922ee3bb81556c7b7574cdfe56f462e20abea3fba01c18c6c9b7fb1b8e3f97c8aa56b1f0a93674c2ea828cd5555eacfd0aba753c4ff26acd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

Filesize
2KB

MD5
70d62ca9b7435d9ace241d4a95358eac

SHA1
f78e5f3b3ef6e474de3785369c49e1a141dd93f2

SHA256
0787084feaf9ca98eb12b763bab5949b81e0387485ad8ab566e56154e79dae41

SHA512
ccd0d2cbac0220a3cd42c4ecc641f7177599ee51da3cbbf107efc885043cd737f13748f2053ecca4ccb28dd0f0aa24dc05a23626387d155809355d6eeaa86ce6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon.png

Filesize
1KB

MD5
82742996caaa3bccbf48c7b202211f23

SHA1
a712402beb255c6f735fb34130ca7557b53f3973

SHA256
ba3e41beef3f79cc63129a86630def4cc00ee13401ad9fc67fcbb0c464192261

SHA512
560d5de129e4d1fa19f5a0319f5a3dbc4e3e81d09674ee1e6ce60248274f9d25ddc6ad078ed6fc780b642417b5feb576ad4f6956e0ac4bac27142a262a32132b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_2x.png.readtext5

Filesize
2KB

MD5
bf80064a3c6b9347bb0a9100d7b9f85b

SHA1
6fd94eb1d0348881f12c4dc79c2339d558de2d29

SHA256
bd75fad83033a4955d01755bcbc1671eced9de603c1ba8614ffb328e493e9d82

SHA512
a16e13b778c0004a22883398830923866671c49f54411d46c0f7015fa6eab7936b34a52b9bbfd63768b5d2f53302dcea85efc744e610792feb19593bb341b333

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover.png

Filesize
1KB

MD5
1b096ce10cbdb56fe230d440a17ed26c

SHA1
77a09a8082c6f2342d08adb31f07e08282dbca2d

SHA256
637ccf8be9b85961a5ee7e6daf1ad35bbb2d9991fd0704ed72b8f480076c4291

SHA512
d5d8ae7716d9e9cb9164f831a4b3d2b32e6c9246d7105cc54a085211646a3a18f1937eec477cedd974a0bb89b2cdbb78e8175ae14e85275beb0947be3644254f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover_2x.png

Filesize
2KB

MD5
7b7eb8a07056fc1a8e812d32e0af5072

SHA1
2f9022b26bfdec4c7b69651b75deb1666f457fa6

SHA256
3dfb1b6260483f05593e0970a496e4f9a79260217e034ffa2fe10b4dbb42120f

SHA512
8cfa419403eea416839cc6752eaa0e7537e8f61721d046e2359c367a5014e7dbe48e6726e230996550c1c5af6570dd4fb5b5c132e7791d38dac3f3f27babc9b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png

Filesize
1KB

MD5
9e7f8c701d7aedca29b2a0481159730a

SHA1
a59c986993fccb187d02dda2a7597a858218faf2

SHA256
6d6486fad1aaf072a116fd04f75c4422c9f554426dd2a58319f76dd72fe60ef9

SHA512
e78794fc4f930b4a57c5e655baeb1c7b883cbb49ecc76f104133c171a4c2199be027b0e596f32bc43789db18e83ac03f094a6d08b43d8debf5c2168b2273abb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
2KB

MD5
a816bf3de1b484a40c33a7031dd1700c

SHA1
a129952759c9afb3fb5fe17af5bf8a45aa2f422c

SHA256
97742e317c2b7379d21956918800d30be542675729638081d8bba44dc03cc585

SHA512
c938599c343db584b8e86a701f868ce1b75bf96001fc9753296961ac19544c0e61073adc8fff3d6664489fc6a8f01292d155734fcdd27396239bb38327840ece

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
1KB

MD5
f85b62bd0a3d8afbf725a6a50a91eab0

SHA1
df9346666a5e9bc532238d4efcd65cb8db855679

SHA256
4d353b42219cce9e489029642c45448f949b336cb4ddf3e48988fff9a2842e1a

SHA512
18a2b154adff286eeb86b2f56ac4f515e8b6d229ee7a964014e69599fea6f63fb419106fe6e4e8a9df49e880147c1c32180daa082551217dba81d04c8c547d37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
2KB

MD5
0056b798ad004296cdf9bfc022336619

SHA1
0e24937a47599df80672600e0cab4459a418e60a

SHA256
52b55e2cd5bce249e3503798f7a100cbc19d1a4469b5f24236beffddd8c26ddb

SHA512
b559a6efe75d8ea8f3deaf9d38c28a603f0bb8e2cf6ebddf0cc569345729bf82af8093b8f534f4c5d665bedfe72bdbd94eb3d2b55fb59b753554960322946354

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

Filesize
2KB

MD5
8ec18a06f65551d1caa59d5ad5ca5223

SHA1
9b58d62812e388c6d02d2e4ad799ae51e4335f6e

SHA256
526f648ed9453e48cfe601a108fbb810363f789cf1e0841f51884d7362284b8f

SHA512
aa70b71547bd5d60b784e7a3574cdb340d10981c12054d3e61c3d04291b63aa1f35a8a7c3d07be0d78e115a9d1985bc89728fd43f1dab73569b34eb016e7933f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png

Filesize
9KB

MD5
8c4e2610b1204aa8f3030e73bbbca1e0

SHA1
7528b539e4fffbcf9d055f950e0553cdc919848d

SHA256
f6987705a9c9eb08190c9795fa852442f25680c57c51f2968ffef8cf235f0e06

SHA512
095b2b2254d66d09c34b35100465b5d165d4527897b0e000f9f1e63f53ba784569ba045055fc25f7592257b5b7830f495a9161c51ece45f6f39f1c656110c1ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif

Filesize
9KB

MD5
c696c0010a8e4d00f82f43b2a9cc2f74

SHA1
b0b50a66eb1d9a4ce7211b0d320f118f6b641894

SHA256
3dd715930b384ff391969b468aca70991e68eaaddee127eeebd0587d5972219a

SHA512
cce82c0089fc4dca3b8415b817bfe09468b5f58a7b1e581704a182e489835048343629c75b97b76c993c433b3357fbb6ed2526394772882ef08b33ddc3e7c7f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png

Filesize
16KB

MD5
b25f2d0229d4251ed4c95f636daafb5b

SHA1
616e6ffa80fb994fb711678720ca31fc918aed04

SHA256
c65a15d306aca6a808dfc7f1ce22e803edf13e92368b06feb19effc049c7785f

SHA512
cb5fcc9ff2a12d30a4ad2b8333c6acbb79f8b7bbf3647f3d4ee78203ea072a78f67600e45ba55b72fbc99f2cd3aca08163a874579a79d1bbba8783aad041655c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png

Filesize
9KB

MD5
2d042c0266a8354802090f1f00236267

SHA1
fbcc099b66d8c8f00ab024222112398adb2a32b1

SHA256
37ee3f2ad4a81041132dfcb56fee9beeb822754655071cc923075322aa1e1f98

SHA512
b1185b6b857520ae824c37fcde514e7ff5eab138da33cab48624735a0c46f34f57156c7758ead3742a2e111a9ea687edda00568405afcdaca70817c33cf54104

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png

Filesize
18KB

MD5
82132b42886cfb1ed503ed7e96babba2

SHA1
a89a67eb857bb2dc224768dfe21c5aa92466af5f

SHA256
c117abb781a1528a58caae1935a32053ddcd93665ed72b9fd4a3fd1f0ce17e2e

SHA512
3ae055dd2fc8147b7ea0893f2d03578c0d1854be743229067111f50753992675114c37cbfedda3f5499b08e67e8606431baaedaf4b1102e06780b72250bc1aa1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

Filesize
2KB

MD5
d1286d0f4b4ca62c222b3b738887f503

SHA1
2a9f66d92b8bab1559d5ca52c732726342ea61c2

SHA256
e30225bf18f3faa99e5daf42dc5020a0da27fd8019949cc0327ce6517379cdde

SHA512
41330566587cb832c89a0eb3794c392d6cde727e61ab757d906add08c002de63bc77c138391b552024e8de1d45e533b94c03cbc778e89b463799407c662d02a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css.readtext5

Filesize
2KB

MD5
a56fcea06c6f665050d08ce68abd9429

SHA1
998fac662928b2f0c847806041ee98b7acb56ade

SHA256
21d601054f9e78d95fa0296045bee7912056aabb2a572e51a7eb8bb552cd6070

SHA512
6a2506ccc0c3c636b6bd0eab977bfc37c85456399508cfa3855d698edf3c7c0d3d3be46743fbbe71399facd5840db6cb2136524d93c41a512343f8c388d9f8bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

Filesize
2KB

MD5
a97da5611891128ded0c5fdb18306e20

SHA1
606db13f61cbbf6a0c954f7a310be8f39629442e

SHA256
745a689e3e34996ffa65af47069f8551ee4acab8a341accbf1053ef2946d8e15

SHA512
b24890b46df744cfc3bdb7b8b8cf2e15de55d8829f3c591ce7df947b32be37d2a93cc3e0a6ddeaba4e60605e3b9f86e4e5326ede9ae9185de793c030c5e27f25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

Filesize
2KB

MD5
f1160a642ced9d88fd6d9a7b8b590c26

SHA1
58144f7d5e83b87ac0d6fd6f182cd715363ead2d

SHA256
9b04a9c2f1704e44c838e884f2fd1d7bc5d01e081934abb90b6425f170716a7b

SHA512
0323b89f3bccd1752afb46a26d3ae45d76b6a77fb3983e0e82f32e21f90ec3d41490db30cb06386171095e768baa05aabaeee71913c756f57268e7703813639d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ui-strings.js

Filesize
2KB

MD5
334c7b25d7520df8d86eb5a8fd284515

SHA1
b9d6e914bf0fdba7f92469784059a37035519355

SHA256
b723cb9a81cb752884545b6d0f9bbb1d693cce4fec1f2ad068fee7adbb900b0d

SHA512
06f1c6a327fbc6969922d134563157d925987ad6bd8ca3e8491aa3a5f4224dec2f0f38fdce793afe00d97130a7d38577ba9c43ac4ccb8f112df9ae1afc952de8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js

Filesize
2KB

MD5
4fbd137642fa5614377c6fc120b421fe

SHA1
48a705d256439ac9149bb0f58a1a086fba98cc9c

SHA256
9da3f7f58fc344b67842a6a001a48004e27210afbc7e7d704099f6d42046879d

SHA512
b8fa05f281f1dc0c41fa830e7a34fcf61729355d596db2c96932ca6203921726b0a5444caed69cb1a488510ca0c9e081f509e2ae3cde86c4cf70fc00b2f907e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

Filesize
6KB

MD5
9fb42be42e0fb5f76e83ff1ae85e4e1b

SHA1
db03cde6b4965a09ab776e198b77f2649fcff520

SHA256
c000e1ab80eb23259fdd2159aa44f888326e2791f614294073f87f711702fb49

SHA512
f28c93433a0a7131890b4ced78c566da337364b67ccebf8435d16100977a1c99f6dea47d055fa26cf53800c994d69379abe15851bdcb587f936f00987c14fc98

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\PlayStore_icon.svg

Filesize
6KB

MD5
9db12ac4f09b61b47c2668a2b69422e1

SHA1
ac77177b3a5bb39baddb95372cd15972462eb4df

SHA256
b6aebc152bf4c849b698670ef0aaa74f94c30f0be5d8a637975b5aa5e4f95cf9

SHA512
b2ede3eb9b9838a3f4d4c03bbb0edbdb465d98cd7d3851aa3d1acb1f25f92f75f4aaf2ee04e6703f799741c9db409eb1843c09b982c375c06102595987e1abba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

Filesize
14KB

MD5
b65bf4565deb69008a8b708a6abb8763

SHA1
a2ef21ea12f759eff386fc462a50b65713dd8049

SHA256
6b2b9f2354445066448f34235e3aa6e010059ccf16b054b9699a0a19a025372e

SHA512
207fc0d4f1cf972e5bbdb6b3d0fc34ba64ccb8a6bee99fb8333d7586334bb86e69be9ffc3619ad2773e7561687f774bd97b75770e047b5ada06fffd922a0e51c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

Filesize
15KB

MD5
ae92abbf5d2853a31df11290711808bf

SHA1
4dfa83c5ef67a05b14a8386402498fb926345e77

SHA256
5c72ae35968d538f66b2fa0d7b2f6772f7133fd38251d9cf770ddff8df2c749b

SHA512
34391bf423f41ab74209cf150a070dae2fc1d734965af0a577bea44b6a3d231e6e48b304f37c0cb5c925a3eed136d1fca8b36bc33b1a3846786479b5132cdf25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

Filesize
2KB

MD5
f38c685ba62bd218223bdac62e1f164e

SHA1
c3f826282b9214d41dfc30bd1d5e4757a18d5a91

SHA256
72553126ab32cdea3eaac948073c0033229ed4bdaf2437be6f2fe5fbd6da8b9f

SHA512
c0fc9225aff4ea6e728d5c0ed9b33a8d77c46f620d17f536890accadd4f4bb82c9feccd291ffd112603c98c9b22c9ec904299ff709b8ba637f246d6763c94df1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

Filesize
2KB

MD5
6fe90fc1b8504eda15c35306c0c9d880

SHA1
e35e21c92cde53c949777e0bd91102a0a9e2dac0

SHA256
e36edaf452554550196570d6b4667d4908fcff33406957562751197f64982f01

SHA512
0ab7d6a6efca7f904617dde95a7721300794462d4b665008c1a64f5a8f52bf7e594ffab4f69f5053592b63ae57ef496ad49ecdb3d9dae0ec7346d103cb5dbdac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

Filesize
2KB

MD5
f711f2680a8c895f6b1781c49e747b1a

SHA1
ed2f29303958e23751d7d3702a90054425536df4

SHA256
b56e7625b5e129d56161b66b95d4bf9e5b3d6bf9c4f63be86d1b1ddb81384558

SHA512
38027ac6332f09298919b6740325ed66ce68662592d315c3d339f6440400398c0d66c94a05476dd01aed8a8068f01914254279af72e9f04aeff02cf974732d01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

Filesize
2KB

MD5
cf80f1e11435abe311d3b29d6463a0b0

SHA1
5fbee0ae9a9a70c8a7bddbc7e9720a9d5d9145ca

SHA256
f7596aebc9d52b0b12a80576a1354f6094a0df6a63a90765b446402a3f5c5f48

SHA512
e13935b47e16ba3c4eb451e47034aba51a14df17e380c2a5d5b06ad13239c04d06c4ba174a3b468ca1df39b1b1f32c6d2b496c73776fc904113121d24dcb43fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

Filesize
2KB

MD5
4818eb51261b44bb405839bf3159c0b0

SHA1
1c6b21604572c8e8e6b4a9c53924b87416f7bf6f

SHA256
216cc04bed6c7754d57faff89a5f31050a9d64dfce2ec2d5d6bae841fcf3d03f

SHA512
244b9c3dfd9203f3fd24db905fb131d144bbcc752655a0ab727265f27facbfc2509e9c28884af573d7e067aa443891927604df66d92954b3fbec491b70789694

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

Filesize
9KB

MD5
4770e9736b594a9b289040fc36c754dc

SHA1
7e8f534360402d78957a6d51cbe6fa56728fabb1

SHA256
d14c9cf9f7672ead3ab558617f44eaecc6e5b094b116897e57c70ce182bd08a4

SHA512
bc328bd35c9a4d81ba74a5fb78d36e1f5b18b01a384084e0da5e3ba8cb2a2a4a3259e0bf06515d1418e5edecfd43f33a235e5ded06dc6ac363b6b0806a91de40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

Filesize
5KB

MD5
ecb7f342f654494a99a171dc58c7bdf8

SHA1
27a95fd6bf4e4deff4eccb09cbea27568391aecf

SHA256
e37afb2068c5fcdb2e1e126c31837197c81a5b30a248f87981516ee6418af9f2

SHA512
f8975044bb1dbb89a32387081a955013a752a3928a7ae368622f637a5839c15a5a958f8144682e281b1ff92b5bf26e3306c412e924500e77343230b531bb86c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

Filesize
2KB

MD5
e23651cd0d884cc71a7a687b9e416ae3

SHA1
eb81c5b3e835193f1bcefe63f8c400694711bd72

SHA256
e0f12766bfb430c4b7c24b6635cb4f14e3c80d68b737a2e6c67b6c87a71f10ce

SHA512
65b532a226d7f86df63d9e0b9c1f8b802bdceab2c6f637906bedddbee36fdcfdf2239a6929eda1c44b4ccbb927ccfcec1a9576a374fc2af38e1501683a1ef378

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

Filesize
15KB

MD5
9fe3e8308b0edafd4d800372d6d16c49

SHA1
9db9eb2fc4bcf958f2898c19c54285cb32de81cd

SHA256
e165f6bc97795ef2beb1eef49cb3ee7eeed97769019d5af3cc272d34e6abf7d4

SHA512
6ade12815c923b012514c341eb81535cc32f175bd52b7cf9efb3a3666651eb0959534a09ddf6e98c79048d5ff80ded6ca5fa054f103e16bbe47d21f773ead3c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js

Filesize
2KB

MD5
61616a7cfc279e86b81b642493515dd0

SHA1
598ab002bb462aae56fd948404392cbe57cc0098

SHA256
736916341b441ed7b7fe629feca83fcaadf76d8c83f0c9b0b6b95912e938ede9

SHA512
aa8c54910a0b98298572a4a33a98d7e799a134d424e178d5e6b0452220502431d4bafb857d630e027d0e5541575bf8ec74c6d9de3ca7aaa35ee284523e7a1021

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png

Filesize
4KB

MD5
7c1f05100509dd5ffe78e6e358194a17

SHA1
299427ddaa935b22647d41bae777dd59e2f47bac

SHA256
80bb09aa02b23eae0ff546be3114af50953b418b89bf8d176e9494e1eded1782

SHA512
af2421ad40e9f41769b18e433e05316f92ecaaf06180e1cf857dd8ffdc6d32ccf42c5ead205ffc79c2f0c5dfa62dadf321625f865ab488340145422c984c5be2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png

Filesize
3KB

MD5
77298670b6dc671e2a14c577a7b2ffb4

SHA1
7a231f4acbbbce89bc5e4fb20061ed100efc88fd

SHA256
f492b93cf76a6af79c2f301f04d9a7c85104dde8db6e32915de7f8c0bb47cedc

SHA512
c8bc7d8d43768b67c9fe18bd03fffc32e8fc9ad610620476e7f360e001a1352c99d488722e66ac576716e5cc92cd3a623a305464755c11cf47392ecee14bb9a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png

Filesize
6KB

MD5
c20e00ccf828430fe6fddedf2b51b48f

SHA1
c9191f281d22a987a1e5782396206778f4e11178

SHA256
ca45aa0b7a495d6d84b9df934f61074166750e9a0bd16dabc0498d14d469a58a

SHA512
aac952dadac676956a1d6f3df74680aae8cf24e1578c5503f46a5490e1db604a1e0295316ffb457c0663e4f7df7a9abda47b9279e582255e1f508a6dcbb08e10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png

Filesize
1KB

MD5
e079c3c6faba13a5af31a31682001bbc

SHA1
c8268b9ff13c2947e6366c653860deedb7e69db5

SHA256
33d49f660c3eeba87905a241521aa2d16e7e666b07c285dcc7f7e098b4af7f9c

SHA512
03351e50a997c7cb9a0243de00a50e13146c5e03d1cbabcfc8d1bf10422ac2ea46e9e90397230251ed6e98d8012e34bfcdf29f8db2daa82a208378b9af982602

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png

Filesize
1KB

MD5
c241d529e8ba40ca57caaec6404eaad6

SHA1
b974a2510c9dbf8f6d32dd0564b0871a3a2e7485

SHA256
55403a0c88ef6205df93bd4ae66c9bcde97883837a194b74b2f2550879db287e

SHA512
58af05177c9095c3783de99516e2cafb550398d4f709d87019c1b6b0170205a0a722b9ce28f43de37c31b137e2eea2f8e75d0fc1881f6e74ce16f9214673cefe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png

Filesize
2KB

MD5
a1f007357f9d909f02336495a5851cb4

SHA1
8f187758c3488dce2c7a4dd023254da72a9113ed

SHA256
4896eb4b6273bb0c042180a5bd2516e282f9728292df657f33c8f4792a3b4ca2

SHA512
d043459619bc0cca1d3f376ef9c4be3cee89702210a825460f6312f181b57c5261c4543787a6f1a0dff4263a6921a4808200db5ba04d20a149ff454a92c87837

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png

Filesize
2KB

MD5
a1e7f7c09c4ebade9d310e41a26468f0

SHA1
301566bbe28949b43aadc9834e6a6d47d448f65f

SHA256
2f3684ba8ac4262b8f36716e9856f9292956a3a81214507d5b2bae3ff643b534

SHA512
be3abacdbe4523de9f902734be9056d17307bba9de32842402c8143c72dfdfe2ee9b473e13e9d392fabd001f9f9855143cd5d988061010c7595a94cd1798bc2b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png

Filesize
4KB

MD5
63fca1febf1805acd446b87761fe3a38

SHA1
b885230b8a0ca4bb03c5a14d4e933f77f9fa50c4

SHA256
66ed0ceff884e090bc071d067703061e8798bf77c48e525c06e8770fb82680da

SHA512
f452b075d34495b752200368e234e11eeab760c123a995dab1dace84a6e73e4f8a4593453ec2b0770351410162cc09da4d577ceee9e0c570ddf27960c2b2bc67

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

Filesize
15KB

MD5
7a7127a0e368ffd51c41d30694eb7eb6

SHA1
c1bb98d136c0a1595c62ee893f719d63c66971ea

SHA256
00bdf6f27b59fa3caab289f9b27f897575f4b99eef0e0e34f1a75a692ecac227

SHA512
a1730b64a2d67b0e5fd694f0b7f75f2abee1223dae143929eaee09361b9c8ceaf17e973541959b0244171c8381268c3d12619db926552411e636a3b23a1e0fd1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

Filesize
2KB

MD5
d6cf7a1f0d4fc1f32c4a60c126cd2568

SHA1
72e86686c1469ed885a43bbe5d6e4ec3cbe2c799

SHA256
960f7700d1660ee014040ccca29cd1004e48251800408f2e9a36dcccd5b37434

SHA512
9c1b08e40c20426dae852854f8914b40dca60cff1b4a08f0923db44f1a9cbf5092b0e8e9d19bb9f919c9fbf59177575bc443f1ecc98ffe84403f5b3f99305512

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

Filesize
19KB

MD5
ce7e94b842d9fe779ce8c88944cb544f

SHA1
2790c21fce6f1bb0b9c83da4f17d60bf68682bff

SHA256
12685d499fd1c5d04c959a4244cb54f505d4c4df3c00ebf6cc29ad6bf9f61afe

SHA512
9113c083b03f134df016cba0b32abed898b1ae66c26e2c406afae4563736e83caea2fb9e150955c4e904a41f14a30b2e37a0a78c767682ab297d32b626af9d26

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

Filesize
2KB

MD5
7997fd2c3995464b378df69ad2f9b160

SHA1
8fd7a38c7f3d931d88b903f1df48646dae89a3c8

SHA256
29da126209b6cb588fbc55a520aa53db882f413ab73be63ad4668080c373ea49

SHA512
03d94b423ce26c5371b6444ae745df367554de97ec0c159a072b3d772caaba71ec7599c54d75f835f17eb890c5d2dd40aa477c12a44f42a901642dbbd70d3d96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

Filesize
3KB

MD5
3c6f716a6b0361bf8f06558437c78800

SHA1
30fe0ec656378b3a877070bbc01ed86974858c30

SHA256
c1a0e3d378111735c10a4239871f1232b9985141291964a261d008dfcd59abe6

SHA512
fb7c6f8f91b37938b3cc15520dafb1e9e5b3395b10ad5878f2d6a162a0f7d259f67fe044faee37483b839f87a7b8db542d7a95ba678cd0311c930d910f08f18c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\main-selector.css

Filesize
2KB

MD5
b2439444bedc87872354358e84e6eb37

SHA1
960453da1c77b6a528ff6fe8db5bab373753471e

SHA256
c08be86c5f243f6cb04e001e2239b8f366c06cc2068f3e55c068af90d9428651

SHA512
9864b3c547a34df572fa2cd5483a5069ecde94fd806972d97d3fa3de2e02dec2aa0a8ce7933702107a4612d69a94814c46f99430ecbe11975be78f418153019f

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt

Filesize
34KB

MD5
9777901b1cec50745a0541bf4cce1cbc

SHA1
d10c6edbbbd163816035e764a266ccf03ea7d3ca

SHA256
a2801676ae4a44458085322ac50ae3960c45c7a3d7e5dcacc55c2812454d4bec

SHA512
95c6523e78f7c38c5684fb142bd50cc7e834205df980481ae59911c7d7a3ab5ac8c26d649f501a4a3779d913ffdf82d0671e37be7a381445625fc4d4e68f91f9

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\identity_helper.Sparse.Internal.msix.DATA

Filesize
56KB

MD5
c083269ae8cba2874d5e756338672189

SHA1
f473eb380758cb9cde694cac6708812eae3acacb

SHA256
bfa035fc4033fb04e930b4a2ac0ebdc0d675b227e8114e4b6101e552963d1db7

SHA512
82dce90e9f69f9d154b48ae2ce5ab8b3fd8bedb28bfa7782a59ff362b5a9204a89b2d44ab77e30b850aa2b130cf3aca601f7248b5781210f2f1d1155475a5c6b

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe.manifest.readtext5

Filesize
2KB

MD5
f0640ae35fa80abc9e157e7e27c33b6b

SHA1
d3244c4740e67a75fed45cb812fa47271110e9b8

SHA256
fa1c449a4aaf78ed0dc34a1a9bcfd907e897f8162a27821efd5fc7de097958d8

SHA512
a7202ec40ca4d715acd5ce005cf692ee101e2106b23adf4ee2e92565ce1f45bee89b0fb7f606582f1f56be1a7d84e309471f65f590ce0536cf72ac680ca20422

Download Submit
C:\Program Files\How_to_back_files.html

Filesize
5KB

MD5
9858e9d1f2941b2258d850ffcaaa2356

SHA1
ce608c4821e5bd4415850956f2dab1ad0b021a2f

SHA256
70873e4c96864ffb99a0e9a89b6f229286368ca7d8028184b3047f1465f5ad17

SHA512
2c3c5e696b72da1b9e68bf5f8edd86a2a8bcb09b7c070cce6e2879a4ae97592119423369864e9612a0f0b0de8dd638323e274e64e41cd7292f3837bc3200c1e6

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
1KB

MD5
19889766dd7cf8e3d7e3e2275f3f0322

SHA1
b671291c2ec3dfa49e4ce97960ea62bbd46c26c1

SHA256
12695ed2c7d57680012e884e42efc947af3e96b3da828edf2e23af0925c3a0a1

SHA512
5111ce76e0f916ada4b055d6412cfef07df17cae8f2e8f6181991c5d3ff98bfc90f694f956bd7f956463104426daa7c9a0b5ce9254a241ae3097b35c6607a75a

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
1KB

MD5
fbe02578509d8c833808df287925cd85

SHA1
3e960c9aeec59c5f828bad0400f3efb5dad8a1a5

SHA256
8724ccc324dfc98755ffcd0ff3cd18fe1e8862efa02b63209bc8ff5e90092405

SHA512
d09ac4de6de323eeed7a28a50cdf0a5789974341a695e0f00e9dfb0e6c8a938cf1577c1174e83126d7b8be94a0a5f60a85d6e175048f9b1d2165d03dfd69b1c0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
1KB

MD5
54ee6feb520157d05bbd72691daf048b

SHA1
d06f865c785de6f9302998942c8a0be4e581024d

SHA256
689967a493a9846a36e38a4e33a8d1da0af5113eb74c58e82e64441b6644eb3f

SHA512
1348e99857cf23d0ebeda37eafa9bef4f5e9e4323e54f5a49f65e764b83af6720e2e3cf2a5d3e0ced53105c63718c2df10dfaa018cc0ee0664bb3bcbfab64dad

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

Filesize
1KB

MD5
3db44be044dc969c9da67c8c80614b88

SHA1
f713f9686c1b174dad2c6bb4f178281cf7d28eb5

SHA256
72eabe0a3fc619630e014e6b250e21899f06bf06424677fcb03b16eecc8f9da4

SHA512
fe867f046b4193903002ef8987844e46f14f49e81503b715cb7978abade205b8ac0609d0e9922218dc8a24e2b54ebafa377a89a2a0bf1ba4d4a7c21f5d75b4e9

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

Filesize
1KB

MD5
42881c2dd316f74254cecdb08c71397d

SHA1
38b2c20c669d29b964770740651fb3d7d3aacb4a

SHA256
2d781510bca99f667fc95f15006ff91d61432d1dc9b58feb771d0e30eecbb430

SHA512
3890095f531d0cb207b899f87d634bf16e2dec0ae0c58fbd0e0c163211403596fbbb0590ff336e43196c1df73bfc924c6b22e8118920e55860b7ba3c2ca2978a

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.config

Filesize
1KB

MD5
e82facd4b23c093b2dc2d995007aad28

SHA1
4b2046da58eb7af9bcbc468d381d5d610559d5b2

SHA256
7d5e85be1583ee34cf70e3d1f9793fa7f8ba74c3eef1c4daf953fa9b2a1d0ebc

SHA512
a0af2e09da8dad0cfaff22aea2e1796ad354f0300ce083215437f27681e0d4b21361cd9bbf9407e4716673cf0036dc2d683efc54ff0b926b740512a5ec30a27f

Download Submit
C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

Filesize
246KB

MD5
907b2898779c7e074a64ba3e395ff6f0

SHA1
1647209afb35f93613fa473c7c09f4a24f241527

SHA256
221951172286748458406afcd1795e777ab43cb51f971f92917a95c341adf0ff

SHA512
463071874ef6b1b46faed112f1f8f28f06b7f85339066118162262abab270cb338a11a4f0489b9ee3817c754efe95249b9632aae6c1977e20f4d6435590e14dc

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

Filesize
1KB

MD5
50d5e245e7c130d47102dbfa8188598f

SHA1
32521c84ded4fc6ee56812a15faf5d2aa63d1762

SHA256
7a06d2891217fef4a538579b157eba9f1517d69f1dfbc340eff649e8384afae8

SHA512
fdc8bc96395b8a9918110dd83349d149768e23396edf7863e24a1c64dd0431af0eec266cb3e83d342d2275f91827480004b61cd96b04d7f26b838a4ff93d022d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp32.msi

Filesize
2.1MB

MD5
ce4e07f47f53d53b7e8085ecd380be89

SHA1
e7915903186ae5f245edfd6cb495d5bab938e8a0

SHA256
4c1e850d5acb843067407bbff7bf7982471f3eeeed1f1470749273e8a00422c7

SHA512
16fbbc7e30cca56788746f4bf33b1a99a6b67bccbd59950ac9ca7de88dfb826490001534ca97aabee1771b107f6b43c4fb94683fae1510198a037eca0c81cd47

Download Submit
C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo

Filesize
605KB

MD5
ff7bc5acc02daa938a4cefb43546f574

SHA1
0046b36d3f5a4dd6599c0d1f9388593a832b9249

SHA256
d5b905f0f68fb7d171045891f2622b63f51e90e5b54dc1f97d5d3b589cab9997

SHA512
0921b785ef9c2aaa57b334265c448b8a4e02865ae9fc206e7dc06711f72bc7252fbb694684a7175005743e09923f6b4288fd95a0aed2ee8fa23dc83f75c8b031

Download Submit
C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo

Filesize
621KB

MD5
aed4cd6f1a880b74f2e1632dbe9dcdbd

SHA1
a43053ab609d1300dc6aa0ab7125005ba4785ee7

SHA256
a4e37aff2a3e7275dc9eba385be9c13933464e79700873c3e29fba4c27fa91fc

SHA512
2f5a9115f90714a57bc2b8b03f496635494307fe4bd8e64c22a6317d493e5349529163e3a25fcf2d58b07cf9c5be75b1107fde10911042f79f3de371f89cdf01

Download Submit
C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

Filesize
1.3MB

MD5
a7c1598d2634ff69e9dcf62c6de1e02d

SHA1
5fe5c3273842ce0f784f8f692ffec0c10fc4514e

SHA256
21c45b171743bdc6a30e3f400a4fa787062c4919633462f0dc6844d719450618

SHA512
7ba5370541b434d7020f74c427fa807779a2e05f64f5b3690aa6674a3a0e570c38f5e64ed483852149c0dd0e2e19defe3eea8f8a8fb125a0d500572746e434d8

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Admin.dat

Filesize
1KB

MD5
bb802b2864b30bc03e035931d6045560

SHA1
7d6a57e622fead46243557221c0b7b50f5d6399f

SHA256
526e9f1d4b805156a5ad44407b20002a9cfd886015e0f242716aa17f012b5fc1

SHA512
fa9169d0bb30c8a5ff7ad55c474895b135c72838feb29e0c0d730ab3319690eac173464000eea53cea28ad1fcdd95501c42c6a80324b6ff953907c76e66252d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
1KB

MD5
5eb504824bdb4e852b0da4e4f13a1bee

SHA1
8ee465b6c7f4eb206dd4460819cdc1ffbf1a9abb

SHA256
eb02d078c861aac7fe64e2fd0be8b377889a6422320135f1b8fd00e84eb8ebae

SHA512
2da99b5cb86bf5b6af4ce65877a277b9ad3d9dfd3f8e253558b166023aea99fa83d6bb570c128ba2e2b65c7a88507da85205bfe872f1fedc58abc3bc1ef4a102

Download Submit