Analysis Overview
Threat Level: Known bad
The file https://github.com/NTFS123/MalwareDatabase was found to be: Known bad.
Malicious Activity Summary
Fantom
Jigsaw Ransomware
Renames multiple (1483) files with added filename extension
Renames multiple (3742) files with added filename extension
Disables Task Manager via registry modification
Event Triggered Execution: AppInit DLLs
Boot or Logon Autostart Execution: Active Setup
Drops file in Drivers directory
Possible privilege escalation attempt
Loads dropped DLL
Reads user/profile data of web browsers
Modifies file permissions
Executes dropped EXE
Drops startup file
Adds Run key to start application
Checks installed software on the system
Enumerates connected drives
Drops Chrome extension
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Kills process with taskkill
Modifies registry class
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-21 23:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 23:46
Reported
2024-06-21 23:58
Platform
win10v2004-20240508-en
Max time kernel
598s
Max time network
688s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SETE5F4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SETE5F4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\help\SET9624.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETE5E0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET95AD.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9167.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET91A2.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET9612.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET9634.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET9189.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET95E0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETCCA1.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETE5F0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET9167.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SETCCB3.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET9624.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET95CF.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET95CF.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SETCCD4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Desktop\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET9634.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETCC80.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9168.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETCC5E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SETCCD5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETCCE5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET9167.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET9613.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETCC7F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SETE5F3.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET918D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SETCCD4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET918E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET91A1.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET95F1.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Desktop\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SETCCD5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETE5E0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET9167.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SETE5F2.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET918C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET9169.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETCCA1.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SETCCB3.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SETE5F0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET959D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Desktop\MEMZ.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\ = "Microsoft Agent Character Property Sheet Handler" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ = "Microsoft Agent Control 1.5" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\ = "Microsoft Agent Server 2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Control | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0\win32\ = "C:\\Windows\\msagent\\AgentSvr.exe" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObjectEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\CLSID\ = "{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32\ = "C:\\Windows\\msagent\\AgentPsh.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\1\ = "148628" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31C-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\HELPDIR | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\ = "Microsoft Agent Character File" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0FA9F4D5-A173-11D1-AA62-00C04FA34D72}\InprocServer32\ = "C:\\Windows\\msagent\\AgentSR.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control.2\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 1.5" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31D-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\shellex\PropertySheetHandlers\CharacterPage\ = "{143A62C8-C33B-11D1-84FE-00C04FA34A14}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ = "IAgent" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\Version | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentAudioOutputProperties" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ = "IAgentEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FF-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\8\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\MiscStatus\1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ToolboxBitmap32\ = "C:\\Windows\\msagent\\AgentCtl.dll, 105" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\CLSID\ = "{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Control\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\explorer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NTFS123/MalwareDatabase
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1720,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4548,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5032,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5340,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5916,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5768,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5512,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5752,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6348,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=1304,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6520,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6524,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6528,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6080,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6868,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6768,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5564,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5532,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=5560,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5552,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6740,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=6724,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6036,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6008,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5992,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.bat
C:\Users\Admin\Desktop\Bonzify.exe
"C:\Users\Admin\Desktop\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\Desktop\Bonzify.exe
"C:\Users\Admin\Desktop\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x3f8
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5372 -ip 5372
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 776
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4420 -ip 4420
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2156 -ip 2156
C:\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
Files
memory/4192-2-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-1-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-0-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-6-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-12-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-11-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-10-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-9-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-8-0x000001F69A130000-0x000001F69A131000-memory.dmp
memory/4192-7-0x000001F69A130000-0x000001F69A131000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KillAgent.bat
| MD5 | ea7df060b402326b4305241f21f39736 |
| SHA1 | 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2 |
| SHA256 | e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793 |
| SHA512 | 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0 |
C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat
| MD5 | f80e36cd406022944558d8a099db0fa7 |
| SHA1 | fd7e93ca529ed760ff86278fbfa5ba0496e581ce |
| SHA256 | 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7 |
| SHA512 | 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2 |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\AGTEULA.TXT
| MD5 | 7070b77ed401307d2e9a0f8eaaaa543b |
| SHA1 | 975d161ded55a339f6d0156647806d817069124d |
| SHA256 | 225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712 |
| SHA512 | 1c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
memory/3432-1197-0x0000000003510000-0x0000000003511000-memory.dmp
memory/4184-1198-0x000001843CD00000-0x000001843CE00000-memory.dmp
memory/4184-1203-0x000001843DDF0000-0x000001843DE10000-memory.dmp
memory/4184-1206-0x000001843DDB0000-0x000001843DDD0000-memory.dmp
memory/4184-1234-0x000001843E1C0000-0x000001843E1E0000-memory.dmp
memory/4280-1348-0x0000000004610000-0x0000000004611000-memory.dmp
memory/4836-1355-0x0000018B5C590000-0x0000018B5C5B0000-memory.dmp
memory/4836-1350-0x0000018B5B640000-0x0000018B5B740000-memory.dmp
memory/4836-1358-0x0000018B5C550000-0x0000018B5C570000-memory.dmp
memory/4836-1363-0x0000018B5CB60000-0x0000018B5CB80000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\OE9DJ3LK\microsoft.windows[1].xml
| MD5 | 0f6abe1ee9fa77b6b269e1a5401bbaf1 |
| SHA1 | e0805afe225412725e7c5e902fd5d7cfbfc30437 |
| SHA256 | 6133a01b57b98ac5362bc51c436b99e58ba44d9b0e7db95b43dfb7d02423e056 |
| SHA512 | 2a810ccad4f37df09425138c474d947223fe7206e045b117991ed6210101615b0e503eeb6c7454ae98b2aff0e52dcbbf4d041f728d0c7d7cf00c1f4c430cce25 |
memory/4624-1486-0x00000000031A0000-0x00000000031A1000-memory.dmp
memory/4644-1492-0x000002972BF60000-0x000002972BF80000-memory.dmp
memory/4644-1496-0x000002972BF20000-0x000002972BF40000-memory.dmp
memory/4644-1487-0x000002972AE00000-0x000002972AF00000-memory.dmp
memory/4644-1521-0x000002972C330000-0x000002972C350000-memory.dmp
memory/5760-1631-0x0000000002AA0000-0x0000000002AA1000-memory.dmp
memory/6112-1632-0x000002B9EE140000-0x000002B9EE240000-memory.dmp
memory/6112-1637-0x000002B9EF2A0000-0x000002B9EF2C0000-memory.dmp
memory/6112-1663-0x000002B9EF260000-0x000002B9EF280000-memory.dmp
memory/6112-1668-0x000002B9EF670000-0x000002B9EF690000-memory.dmp
memory/2088-1773-0x0000000004780000-0x0000000004781000-memory.dmp
memory/5856-1774-0x000001D45DB00000-0x000001D45DC00000-memory.dmp
memory/5856-1775-0x000001D45DB00000-0x000001D45DC00000-memory.dmp
memory/5856-1779-0x000001D45EC10000-0x000001D45EC30000-memory.dmp
memory/5856-1810-0x000001D45EFE0000-0x000001D45F000000-memory.dmp
memory/5856-1790-0x000001D45EBD0000-0x000001D45EBF0000-memory.dmp
memory/5148-1915-0x00000000029B0000-0x00000000029B1000-memory.dmp
memory/3708-1918-0x000001C6D3740000-0x000001C6D3840000-memory.dmp
memory/3708-1917-0x000001C6D3740000-0x000001C6D3840000-memory.dmp
memory/3708-1921-0x000001C6D46A0000-0x000001C6D46C0000-memory.dmp
memory/3708-1916-0x000001C6D3740000-0x000001C6D3840000-memory.dmp
memory/3708-1952-0x000001C6D4D00000-0x000001C6D4D20000-memory.dmp
memory/3708-1951-0x000001C6D4660000-0x000001C6D4680000-memory.dmp
memory/1844-2055-0x0000000004C60000-0x0000000004C61000-memory.dmp
memory/5756-2057-0x000001DB90320000-0x000001DB90420000-memory.dmp
memory/5756-2062-0x000001DB91480000-0x000001DB914A0000-memory.dmp
memory/5756-2066-0x000001DB91440000-0x000001DB91460000-memory.dmp
memory/5756-2073-0x000001DB91850000-0x000001DB91870000-memory.dmp
memory/4324-2190-0x0000000004980000-0x0000000004981000-memory.dmp
memory/3592-2197-0x000001866BB30000-0x000001866BB50000-memory.dmp
memory/3592-2192-0x000001866AC00000-0x000001866AD00000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-21 23:46
Reported
2024-06-22 00:04
Platform
win11-20240611-en
Max time kernel
1049s
Max time network
971s
Command Line
Signatures
Fantom
Jigsaw Ransomware
Renames multiple (1483) files with added filename extension
Renames multiple (3742) files with added filename extension
Disables Task Manager via registry modification
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\UMDF\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gmreadme.txt | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gmreadme.txt | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\gmreadme.txt | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\UMDF\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\decrypt_your_files.html | C:\Windows\system32\Taskmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\Desktop\.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\Desktop\.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\Desktop\.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe" | C:\Users\Admin\Desktop\.exe | N/A |
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\manifest.json | C:\Users\Admin\Desktop\windows.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\nl-NL\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0e26b08ddbdaf7e6\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_da1669e192666780\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_7b0f18e4ec78ba07\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_cf61c05bbeae918c\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\spp\tokens\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_9969a93554339919\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\MixedRealityRuntime.json | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_f7062136d4517896\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_ef4e0305d74ad8fb\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\fusionv2.inf_amd64_67dbc844df96a03f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\slmgr\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_5a56c9dd7b93e187\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_4956d054c32d4945\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_943d027daaa73255\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\0409\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_5653ba7de4b18c6f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_da1669e192666780\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InstallShield\setupdir\0804\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_f0308fbfa34e312d\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_5ffb208a9c6bdf94\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_e23eff8e7d8b4753\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_9ed90f5def4c42f8\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Configuration\Registration\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_c555077f85b83e3e\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_ceeb330db4f96bf3\Amd64\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\InstallShield\setupdir\0014\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_ed22441c50b68b84\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_b473310160ada3ab\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\InstallShield\setupdir\0013\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Tasks\Microsoft\Windows\PLA\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\@EnrollmentToastIcon.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_1dae44969c093bcb\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_20a757541647917a\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\ko-KR\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_c9f5a9d372016276\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mbtr8897w81x64.inf_amd64_0d8225e7d2696ece\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_ce299fd89f5ba974\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_b0d591b9cf5aba04\Amd64\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_23ba7bba92b967c5\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_c08055d49efd672e\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_c8ca8ff061822634\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\setup\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_62eee5ffb4fab318\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_b6abae2a982c570d\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\2d5s8g4ed.jpg" | C:\Users\Admin\Desktop\windows.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\contrast-black\CameraSplashScreen.scale-200.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-white\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\selector.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\NotepadSmallTile.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-white\NotepadSmallTile.scale-100.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-36_altform-unplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\Autofill.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreSplashScreen.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-80_contrast-white.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-125_contrast-black.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsBadgeLogo.scale-125_contrast-black.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\ui-strings.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_altform-unplated_contrast-black.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\CortanaCommands.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\ui-strings.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\ui-strings.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40_altform-unplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleBadgeLogo.scale-125.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\ur.pak | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-80.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\SnipSketchLargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-150.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\images\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Snooze.scale-80.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MicrosoftLogo.scale-200.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsSmallTile.scale-100_contrast-white.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardActions.types.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-lightunplated.png | C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.targetsize-32_altform-lightunplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-30.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-125.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-400.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\PlayStore_icon.svg | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.targetsize-32.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-80_altform-unplated_contrast-black.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-30_altform-lightunplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.scale-125_contrast-white.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-300.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\keyboard.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\ui-strings.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleStoreLogo.scale-125.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\WorkingElsewhere.scale-125.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.targetsize-256.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-t..icenseserver-tlsapi_31bf3856ad364e35_10.0.22000.1_none_7d42b5647709e3bd\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.22000.1_none_28587f5d588ad881\Exchange.Theme-Dark_Scale-200.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..erprisesn.resources_31bf3856ad364e35_10.0.22000.493_sr-..-rs_a8e530c264e8b436\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\f\Public\wsxpacks\Account\assets\__\lib-localization\dist\resources\km-KH.json | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-onecore-embeddedmodeclient_31bf3856ad364e35_10.0.22000.71_none_53f97f403e3fda40\r\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.22000.1_el-gr_84786703ab86d2da\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\Assets\SplashScreen.scale-200.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.22000.184_sl-si_03352bc645f9e874\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-k..eo-capture-plug-ins_31bf3856ad364e35_10.0.22000.434_none_f0c90445c5ca9e68\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.22000.1_it-it_56f2d90e6b4233d4\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\f\webapps\guidedsetup\network\area-content\ta-IN\area-content.local.json | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_10.0.22000.1_none_cae427204b5afeb7\manageAllRoles.aspx | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-a..managerui.resources_31bf3856ad364e35_10.0.22000.1_en-us_a4ffa7394e50149c\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-dhcpcmonitor_31bf3856ad364e35_10.0.22000.1_none_36979d18a3dd8b19\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\App_GlobalResources\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-wsp-fileserver_31bf3856ad364e35_10.0.22000.1_none_99db10cf43ec5809\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\msil_microsoft-windows-d..ivecenter.resources_31bf3856ad364e35_10.0.22000.120_nl-nl_f17c43b5df7d2fce\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorAppList.targetsize-30_altform-unplated.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-r..izard-mui.resources_31bf3856ad364e35_10.0.22000.1_en-us_e4b93d55a5ecbb65\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-sqmapi_31bf3856ad364e35_10.0.22000.194_none_f95b359f8a30e666\r\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\Cortana.UI\Assets\Icons\WideTile.scale-150.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\ScreenClipping\Assets\StoreLogo.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..terprises.resources_31bf3856ad364e35_10.0.22000.493_lv-lv_74cd05d253f5f9e2\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..i-appcore.resources_31bf3856ad364e35_10.0.22000.184_ca-es_6dc86bc871763165\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorAppList.targetsize-16_altform-unplated_contrast-white.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..ets.icons.searchapp_31bf3856ad364e35_10.0.22000.1_none_6f0cc71f80b32941\WideTile.scale-125.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\Fusion\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_none_eaa49612b1f5b2ea\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockscreendata_31bf3856ad364e35_10.0.22000.100_none_2b00926198580f9d\f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.318_none_b139c7be49b8cbb9\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-taskbar-dll.resources_31bf3856ad364e35_10.0.22000.184_th-th_aa628dd9b9f610a7\f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-hgattest-wmi_31bf3856ad364e35_10.0.22000.1_none_6b9b8f3effed77b8\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-f..overy-adm.resources_31bf3856ad364e35_10.0.22000.1_en-us_a3f71f4fd80c83a5\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\assembly\GAC_MSIL\System.Xml.Linq\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ent-platforminterop_31bf3856ad364e35_10.0.22000.120_none_1807ec018e857484\f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\global.css | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_10.0.22000.282_fr-fr_bf0b07dc6ae3d739\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WaaS\regkeys\90eaab3b92938b566b871d11d7a2c86b081b26d4.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-a..on-wizard.resources_31bf3856ad364e35_10.0.22000.1_en-us_9613a409cb5ef47a\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\objectTreeView.css | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\x86_netfx35linq-system.web.routing_31bf3856ad364e35_10.0.22000.1_none_f539c3d4e67b1722\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.22000.493_zh-tw_52c419951fe23543\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_netfx4-mscorsvw_exe_b03f5f7f11d50a3a_4.0.15806.0_none_7d39f9a025126e55\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\diagnostics\system\IESecurity\en-US\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.469_none_fdfb724cd2e5c0ff\xbox-ui-light.css | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.22000.1_en-us_3d82920ffc966edd\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\webapps\scoobe\media\oneDriveLottie.json | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\Boot\PCAT\sr-Latn-RS\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..rests-adm.resources_31bf3856ad364e35_10.0.22000.469_nb-no_2c319a633927bed5\n\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_th-th_a80317cfbab109f0\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_hyperv-vmuidevices_31bf3856ad364e35_10.0.22000.194_none_78bc83f947f020db\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\FormattedTextMapping.js | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\webapps\guidedsetup\network\area-content\mt-MT\area-content.local.json | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\FileExplorerExtensions\Assets\images\contrast-standard\theme-light\windows.iconsize.medium.svg | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-win32k_31bf3856ad364e35_10.0.22000.37_none_a546c4a4eae9d2fa\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000440_31bf3856ad364e35_10.0.22000.1_none_476889f59daaf0f2\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.22000.1_gl-es_f9894945d2439cd4\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-s..spaces-controlpanel_31bf3856ad364e35_10.0.22000.1_none_7b9be3b54f6eb652\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-i..tmlrendering-legacy_31bf3856ad364e35_11.0.22000.493_none_5106affa612e6474\f\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\Square71x71Logo.scale-200.png | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-videodiagnostic_31bf3856ad364e35_10.0.22000.1_none_d325c5ba43a6fab4\VideoPlaybackDiagnostic.xml | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-c..rs-serverdefinition_31bf3856ad364e35_10.0.22000.1_none_694695cec9caca83\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
| File created | C:\Windows\WinSxS\amd64_microsoft-windows-csrsrv.resources_31bf3856ad364e35_10.0.22000.1_en-us_d43bd47699ab7106\DECRYPT_YOUR_FILES.HTML | C:\Users\Admin\Desktop\windows.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\Taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Users\Admin\Desktop\windows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings | C:\Users\Admin\Desktop\windows.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\Taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\Taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\Taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\Taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\windows.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\windows.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\windows.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NTFS123/MalwareDatabase
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd6eac3cb8,0x7ffd6eac3cc8,0x7ffd6eac3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\Desktop\.exe
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4720 /prefetch:2
C:\Windows\system32\Taskmgr.exe
taskmgr
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
C:\Users\Admin\Desktop\windows.exe
"C:\Users\Admin\Desktop\windows.exe"
C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
"C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11834316276323127927,12251462280019620666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\delback.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\update0.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\update.bat" "
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\delback.bat"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\update0.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\update.bat" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 45.60.13.227:80 | content.screencast.com | tcp |
| US | 45.60.13.227:443 | content.screencast.com | tcp |
| US | 52.239.221.4:443 | tscscreencastliveeast.blob.core.windows.net | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
| US | 67.225.218.40:80 | templatesupdates.dlinkddns.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a74887034b3a720c50e557d5b1c790bf |
| SHA1 | fb245478258648a65aa189b967590eef6fb167be |
| SHA256 | f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250 |
| SHA512 | 888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3 |
\??\pipe\LOCAL\crashpad_4620_XECJHBMXFHTMOSRA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 64f055a833e60505264595e7edbf62f6 |
| SHA1 | dad32ce325006c1d094b7c07550aca28a8dac890 |
| SHA256 | 7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99 |
| SHA512 | 86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0079ef25a3a32e01a4f17254a4f6578 |
| SHA1 | f00e680e0631f4b4b41bd8f7dd8b57d0d8f73360 |
| SHA256 | 11c2b2cc44ab7c8fb10ec8a1276f723a62313fd45ee3b7bbe2cf1379f9bac23e |
| SHA512 | 5dbe07649fc0fa0062100a3fde270837e5fd9668ed002c3e72b8f122ccdae1513b4fd9ce39a1ed0b946c916677265424b73a3547c38a1a33c11e69fd49a1ad69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e0236413295e49948baeeb46d884acef |
| SHA1 | c24f80184264ef596722c1a84b8dedde9bdad557 |
| SHA256 | 11af5d1895a6e5952ebf08f72ad5121d828a5e2f8dc0656875d527e886ca54e8 |
| SHA512 | d99fd945c37dee141ea4e4f2e2460f482230bb679d8a63131348685a7dbebce074c9543161672fc525cd0c84d41d29e2ee78f6e3a7b8f7d18ca40eefcb95e5c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 324b03c0a17422d53cdc16ba8db0e3af |
| SHA1 | 2e3da714b05f5584745960a9bae2afe8571c21fb |
| SHA256 | b9e0be50a39d305a052fd3d8c1f41513eb8646d485a01f299160c5cce90eddc7 |
| SHA512 | 4fa82c7f39fe7e3e48763ba18ec6a6852b55f35faaefc054df8160d81fe055a1f4815a77a7963cfa791edeb07cec272a5a75ed1deefdaf0d370696f1186d050d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18d8fd65f330b7c4e987fcbac94cd8e2 |
| SHA1 | 85eaf60570a55b2a6adaeaceb4e164e6dde81348 |
| SHA256 | 7b99116c94ad0269846a44e9cf43e1cab920b78abcd5881fe239e656596f9d03 |
| SHA512 | e4e3b86de71101049705b2a867866356ecc0e0351c33e6dbbb529b12edce971408815e2080451ed92e78eaa4b65e4aae3e4a04bb09f66b11c95215c04e2a4467 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fd4c9ffd5f192d83d28081dd587e7195 |
| SHA1 | c8b1686a5e5fd5127ac4cb3614172e86b121bbae |
| SHA256 | 563893ca255d03ee22dc13575ebd1e85dc1d51f1102d78223e41f0c6a73b071e |
| SHA512 | 8a24705a898fce6d6beb4c1b7de2cab1f07575442bdbadcfc25a3975e8430291fbc67c866a34fe6bfdc696c0ca80171fa47c813efb8faa882d4f74e76e784d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae32.TMP
| MD5 | bf0eb6e7284fd651995b158a4eb47f67 |
| SHA1 | 4b0ec56af480c67e542ea4baa989ad5b2db0822c |
| SHA256 | 24baf66cefa3b12a4875065f13d74e0f2f793e7ddc7d1520f0f5dbd3bf5ac20c |
| SHA512 | 1e50c8d534806669e748ed0ebfe9b5852271e48d6195c7f03eca65a6689d631d58e09773a5ade3aff097bf1cc04fb35884c3514c756e37fa66dbde1a545cb814 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0fd7f31bed7c692554c05e8927ea5913 |
| SHA1 | 0f1d158d507f3910b8c0aa77f436d9dd7530898a |
| SHA256 | 07253a8f4c59216eba9c3d1be2611e6791e298b14eace51ef102c1d79fb5960b |
| SHA512 | f0da52becad6d70841d86d181da73e9f0d895bc7f1e622564b8a6622af6e4b0dd0e55644a6ed3ccd5dc2ccee4da900e34e3d8c60013ebeb9f5b6cd17cddab437 |
C:\Users\Admin\Downloads\Trojan.Ransom.Jigsaw.zip
| MD5 | 9577a08f7a835f97b445947c7df0ecbe |
| SHA1 | 1a26cbfdb91e282245db7d9f335d44c20ae25857 |
| SHA256 | b92ac7c4c8a0f9383777911a1647ae701eb9259d0fad9751abc992ea575108c3 |
| SHA512 | 46c89cfe94b0ab33da7401c704523f8ea4a1a9aefdefc1631b51c04d6c34e28318f2e8fc26e91cb4c3fe874fbfe1c263d462bea19994e72c7a8191bf54913aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 336fb19114aba5cadd2cdaf113565f8d |
| SHA1 | 6a7e37c68404ea26d33b4c89b636ccebca6d3533 |
| SHA256 | e04c7f01f116ba93c4189ade0ae229ef80034c749fc155c19844005ef3a484da |
| SHA512 | 87f8e484405b4dac1bc66e9c0c4f297500438ba9fc3c2d733eb83f18aa9cde3ccb16e0af10ae3ff1fc85825bbaad66e903f15aeba9e9d24f81fd55fa7fb3917f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 220c3adadd6ec30482b2972e8e281390 |
| SHA1 | 3a0c4f53f6ecc51d2196eca3881d82c31ce3db1a |
| SHA256 | 707bdf9e9d8bc37bda550361aaa8ee061aa81d4c41729b33631b963b43e52bbc |
| SHA512 | b56d67a43258a244c197a294a81dd66eca5ac28e39a05ad17057fe822912dcfc5c160f7836a44dace894deb1c53728ba55c986ebe20713711e082d3a75e85ea8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 43a1b05891a022edc53a349d2fe418e0 |
| SHA1 | d0e2e5cebc0b000ef3bd29b7128d18cd137cd27d |
| SHA256 | 5bc0dbec544b18dc29d95bb0f98ed94426a3319a4406da35c7d6131f8caf996d |
| SHA512 | 3a4192d712fb6a18016e1286242e8ff6fb68f649e467104dfeac67541d2401b9a3a0b11e1a3e365186aa8c62345150e67ff20fb752075c587d04f0562cecf7a4 |
memory/2052-321-0x0000000000E00000-0x0000000000E38000-memory.dmp
memory/2052-322-0x000000001B880000-0x000000001BD4E000-memory.dmp
memory/2052-323-0x000000001BDF0000-0x000000001BE8C000-memory.dmp
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
| MD5 | 2773e3dc59472296cb0024ba7715a64e |
| SHA1 | 27d99fbca067f478bb91cdbcb92f13a828b00859 |
| SHA256 | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7 |
| SHA512 | 6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 46fa4f5f7344089589d117bd7599b3a9 |
| SHA1 | b6cc1fe19e527d4a372c97e4d195ed94eee40030 |
| SHA256 | 223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a |
| SHA512 | 6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c |
memory/3340-360-0x00000000017F0000-0x00000000017F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\.exe.log
| MD5 | 0f8cc27b4ec8bee2903d3969f1ad8e13 |
| SHA1 | a81031f14b00befd6efca920a59b7e0152fb636b |
| SHA256 | abe5fca3a6b5c786e6a09485fadfa3afb526a3b2370908f68fd326711a80052f |
| SHA512 | d089107231bf46f4ef36987f4f9e4378391f2c8e783e79dce4e5453faf3659f35f5451fc236d32bba2ccca06bad85ce935bae7eb927591f239a6b767b5819380 |
C:\Users\Admin\AppData\Local\Temp\.ses
| MD5 | 93d03a82183fb3f7065f33f7fc06c2cb |
| SHA1 | 84ac8e17335f71cb034fdea3344ee343e8bf986e |
| SHA256 | 6aec0b88377e82aaef17ceed9b381d5ae59c8d0e60910770043aa714736ab01c |
| SHA512 | f5e90a1e1b056c83ab8b7c6ab4092b498a507796cbd3df96ef9c81d6592b2045a0b0ab5db3063757a1bd11d5020e6b1c3f8a7cd22fc2e3e9bebd3ab3692245bf |
C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1718141704.txt.fun
| MD5 | 8ebcc5ca5ac09a09376801ecdd6f3792 |
| SHA1 | 81187142b138e0245d5d0bc511f7c46c30df3e14 |
| SHA256 | 619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880 |
| SHA512 | cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650 |
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun
| MD5 | 580ee0344b7da2786da6a433a1e84893 |
| SHA1 | 60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e |
| SHA256 | 98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513 |
| SHA512 | 356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba |
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun
| MD5 | 829165ca0fd145de3c2c8051b321734f |
| SHA1 | f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e |
| SHA256 | a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356 |
| SHA512 | 7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun
| MD5 | f22599af9343cac74a6c5412104d748c |
| SHA1 | e2ac4c57fa38f9d99f3d38c2f6582b4334331df5 |
| SHA256 | 36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65 |
| SHA512 | 5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4 |
memory/4872-1875-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1874-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1873-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1879-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1881-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1885-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1884-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1883-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1882-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
memory/4872-1880-0x0000021A7A270000-0x0000021A7A271000-memory.dmp
C:\Users\Admin\Downloads\Trojan.Ransom.GoldenEye.zip
| MD5 | 46bd1f5dadf959199e0914cdcfec75f3 |
| SHA1 | 31f40405bbee9398a8a21f138a3b0b5741f583d0 |
| SHA256 | 86d4ce5d51a7332ce275d64b8f5499795153ee0a80cf5f74bdbdd878d7617864 |
| SHA512 | 8ecc8db22cf65e86530fa893b6821d0dc4c2f42964e8a73da23ffb42184ba86a43b0a110ca27e36fdd6475c27d0ff765059b5385cb0ddb42eea047a555274683 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9425351851b5b5becaa4f7f0332d69c |
| SHA1 | aaa0ebb04c538eaeaa64455ef9db25d34e82321c |
| SHA256 | 89a93a86d9756875f1127bdb266175bb38e36d4549e64c8ba5870e1f0e0e906e |
| SHA512 | 4e152c9cef58f32809aaf43ff8c1f7bb9d75af467b56eed830229054d920be789271175cd590e1c09c73e72ff36d90321ee747fabecab4d1c4e3befe62e7c4a1 |
C:\Users\Admin\Downloads\Trojan.Ransom.Fantom.zip
| MD5 | f36d0e9f4e70d18b74c76a8cb027deb7 |
| SHA1 | 727947218d3f0ac56a8993313a348bcc0287195d |
| SHA256 | 425f542648e37247955e63eb71ae6c5e3872b9777275442ab3f7f39ca63007bc |
| SHA512 | 05c855bee0062096a4a037b269d450dcb15aba8d44080db1a9c2f086df7dec8e9d75f1e7e61197ead2c4d33b1f2df90e009b4b9a6a3737c41134c06b9d8c9c38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e31a1ea3cfa380dfd947d5b1c37bdb6 |
| SHA1 | c1859d0a06d11e07eeb1104ea208b3cc93e419e8 |
| SHA256 | fa1961f95a7ce166568833960e9c385835b0921e432b26c7950d1f5395060e1d |
| SHA512 | 7ac909eec1edc9845619c4941080f320e0b32ab81953405be08107f329c6873e016e2a237a23d9444326800db34329648451ccca71975ab4d40f4436a4899b5b |
memory/1840-1956-0x0000000004B10000-0x0000000004B42000-memory.dmp
memory/1840-1957-0x0000000004B50000-0x0000000004B82000-memory.dmp
memory/1840-1969-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2011-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2083-0x00000000051F0000-0x0000000005282000-memory.dmp
memory/1840-2082-0x0000000004BF0000-0x0000000005196000-memory.dmp
memory/1840-1997-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1993-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1991-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1987-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1985-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1981-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1980-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1975-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2084-0x0000000005420000-0x000000000542A000-memory.dmp
memory/1840-1973-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1971-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1967-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1965-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1963-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2009-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2007-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2005-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2003-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-2001-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1999-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1961-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1996-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1989-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1983-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1959-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1977-0x0000000004B50000-0x0000000004B7B000-memory.dmp
memory/1840-1958-0x0000000004B50000-0x0000000004B7B000-memory.dmp
C:\Users\Admin\Downloads\Trojan.Ransom.Rokku.zip
| MD5 | 989754a8972f27d43715158b0b685a2b |
| SHA1 | cb2c8ce4715d0e737e7c876269af49a33cce8449 |
| SHA256 | b12c69b0b3cda9b5b27a23430a79b34fff10fac5a1148b1d25ff2462e66f6a0d |
| SHA512 | 7affc44455e0e67ca1915b2a7f2068e1633dcb34956a5ddabe6b914207c8c809ee182ddced549ef03dbf8dcd6da39a5edf3c802ed43c691aeb444e81f621d332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 22fe1b648cfd11c29a0c2ea7cbb93cac |
| SHA1 | 639f655acd892ea02e0839a7a899152447a0398c |
| SHA256 | 00303d6153339f4e4b407c9ce67c5a94877a933035f968cc632e5a0b4f07093b |
| SHA512 | 42362c9117d39d4452ca138a329f2eb293f43a1e8f0b88a489ea0be782160838858ab787a9c4a2812055e137ff8a72391276469c32eeaa3426190298c9fdc0e8 |
memory/1840-2377-0x0000000006070000-0x000000000607E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
| MD5 | fec89e9d2784b4c015fed6f5ae558e08 |
| SHA1 | 581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2 |
| SHA256 | 489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065 |
| SHA512 | e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24 |
memory/1116-2389-0x0000000000300000-0x000000000030C000-memory.dmp
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML
| MD5 | 2c0fc2f8a448d90aa032e3bdf384b31c |
| SHA1 | 44a86ed2be377be5f89e62a5cc0afccee6fab656 |
| SHA256 | 8f91b4e3fe8b6def42ec1e6da42be197bf16c4a1adea5e6f9e68b80f7f140c3f |
| SHA512 | c6b04f810a4b68fb37c21e83c541a212165cf3b89e7f4dae26b659ff8d2db5bd49784b8e06949892296f6d1ce52f814e4a611d132d626a9ada786bc0d23b1403 |
C:\Program Files\Common Files\microsoft shared\ClickToRun\DECRYPT_YOUR_FILES.HTML
| MD5 | dfd544f0c6bfbdca5e39e1ef7c7095a5 |
| SHA1 | 0dcb30b8b915e4cc6a427dfa081b94dd0e29b841 |
| SHA256 | 24dd165ffad0d3a451456dbe005ec66aa3f514c2e19ceec8f4e6cd07dec31c75 |
| SHA512 | 392ee931c40d8fd29032896aad57bd14202ad57e9731891bc5e346d7ad338ccbc2b338bd43ff8b3a1b5e7634fff851e7b849177da6a75574c6b96bbbc62a2fa0 |
C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML
| MD5 | 4dafc7cdd980d16c864f673d863a93bd |
| SHA1 | b1f063a66cefd668c263af80ba5b3ca1ba45126c |
| SHA256 | 67de61d84d3a72df3d96497e8d282375a65b0935745c87b882d573565dec102d |
| SHA512 | d83187416667d0d03d6ead2f88c858eab45fff8f98b7a4aa37e92f4e2fe7a169c9e31d76d003f87e4db2d61014acb178c73dfcf576c5e1341cbec4e7adf45094 |
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md
| MD5 | 15d09efc5729fa0e7ade84e76c83509f |
| SHA1 | ff48cb80abcd95d88b8006eca5686e64e1e81cba |
| SHA256 | 83992c6715b5b545af618ddd680b49a618effc3acb81daf49c3121529d0ffb84 |
| SHA512 | e046267ef7f2d82a70565cf1735c405df29527af87f6e0506420d8f3680b503776ce76befb1738b182cec207f5e6b3b0a9a83cf55ad3848be756b81dacaea1eb |
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md
| MD5 | 59447c2ad0be295aa8e25127b00cb7e4 |
| SHA1 | 9a5eb98af9302d2c9ac15f3318dd40e8c6964030 |
| SHA256 | 5de04fe0959527e6f6575f497306cbe0d2896fc7dd809f74592538e1ac52739d |
| SHA512 | ee45051576a0921de89ed9aa917fac014336f80bb0d19c528b6f4fa4547a8c3e0e9af34220d16acc841c7abc6e97ae41f2546f993e2ca41d0dd8092259290614 |
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md
| MD5 | 529986b204d35bd502410efa87e4d60d |
| SHA1 | 89563aff29d29727bc9e115b2317d390406545ae |
| SHA256 | 00c0f971a73d6a591452e40a04192d0740b355cda6f730b0c69f5f692bf84f03 |
| SHA512 | 1028210c559ef6ae2a6d40bcf63afd02d51cac6c62114acc45f52621168962549720dcc528648d0d17050bb465b0e7e2f3d24b2c5cc897b20d78e72c7ab815a9 |
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md
| MD5 | 614d979be3687a0b57f0bca84bc6e5e9 |
| SHA1 | bb343d4ae8cf3d42e5817aaf9867cd3d9093d2c3 |
| SHA256 | 918d979db19f4b22db4e2f75701539e932ca4ed07e276a21feafd8d081c4c4e7 |
| SHA512 | 17df1040c83695a4b64a3e2becc3d0bb605b2e8d6e581f1b58a8921af82a04567ef06ef507ca0bda9e9d420a80d0094ae8792e0eafbd4ee092b99e275a6c3400 |
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md
| MD5 | 1b0e3c2ca7af6af1f5e78babce19b5fc |
| SHA1 | 67c9044cd238a6a7c611cd9b9125d7f6025bb3b6 |
| SHA256 | 7ac6b54062882e5f48db4afc7e6b0e79c54a5b6d1ebd098b7255ebb53818bff0 |
| SHA512 | d5711a90e6ba7c3c231ca190ba0475cca51d9c0ea71bec26b244a2401afa118b1b9b0485227f3682bf33fdf7dda96e2c8ed24a6c3164bc660215b3e599fc32ea |
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md
| MD5 | df9e1ef09fee925ec2c6c813fe91db88 |
| SHA1 | 1e72500b39fc79afefb0bc90a4d6b90808f640d4 |
| SHA256 | e605e5ba5ba0a62db2baed121451fe27ba5f53275a0c483e1552d04197bb4e74 |
| SHA512 | 773daf8e7dce66bebed1777c5c22efb48a7bc5bb401613c3932ff6ffb9d6857ee71d4e465ec2801319c498d9d187728e70f5f483222a584fd38a4baa70a176e2 |
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md
| MD5 | bb6f9f13828ca298d849d3adcafa5488 |
| SHA1 | 11139012feb0c3a4a3bf2fb461d7b900af85616f |
| SHA256 | 6003824b0bedd040c05cf82f4a6d1311698e6737802cc3dc125474b0e5b78912 |
| SHA512 | 523006980d6dbd75ba1dac785748c12b4e81959574ff24e892d5ce6d75f7f0023ce5a5305ab75b95b5d3569a7a28b1714bfaefc4fd824bb61834555d28859e72 |
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md
| MD5 | 85446b6fadee3c838034f8e88f54bca7 |
| SHA1 | 95f6ed7db1591dfde0da77b5dc416511fb064e0e |
| SHA256 | e9c4ffc4b6bb5846cd97aa2298406229f9f504103fe2bff1af7d0c369a866559 |
| SHA512 | b64602381cd12deb3f42d63ed613ba5d0204f48189b346245268c0a26f00d34d8286c869190a59fc610794e91c192ba896f1fb729a5339c672238edb63313ba8 |
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md
| MD5 | 74d5eecff77dc387ccea2b64dbca20ec |
| SHA1 | f443b69286fd6b6dc0355c7223c145f7699e9d87 |
| SHA256 | f8f516105de9b0eadba1b23697266d8cf93519bffc250ef128fbcd2aa4528205 |
| SHA512 | d0d005f26d996fe6465abff1e6336d5fb850440fd20c57b80ef91e5c3b51a7d03971e8ec62742dc4fba069dadeb0d64c409c2941b1c8641382d5bb59c4371312 |
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md
| MD5 | c7b01196860af1b9f2f6329714d6af77 |
| SHA1 | 95c772dd0b1b345f4a2de5a83957379b89f2c188 |
| SHA256 | 1430689a4eea554e9cc6972e147b868f0ac1725d17b6fa60a2e85481157e1c4a |
| SHA512 | bd8ec8e4975a26f33aee2fe74f59cf0e365e6b8a7403f1239f775565577e747dd5c008361cd61185c744488fd13fd157acbe968e0ba76352932dd143fcc88348 |
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md
| MD5 | a29b0931ae3a7d0869a1afda439d4d9b |
| SHA1 | cce7bb573059df9156f1300e6616f4c134be5683 |
| SHA256 | 85189089671503be20b8864cf2f14c264047563c82a17d7878134a6e20b42762 |
| SHA512 | ebad6fffdfa6c124cf3fda7c19f422bbd9120024b042d5ea79cae8f582233afebabafdef7879434dbfde70a7f8cee05339522f7e497746018917a54392a7e2ac |
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md
| MD5 | bcc29df80bf9faf52257b94c50113b0b |
| SHA1 | be77ce4a0564f9a85a388450aa63080ef59b0388 |
| SHA256 | 075f5afbe438c8440730e0eada3c642b2daf41e6da6c43151045c19b118b250a |
| SHA512 | fbf23e868ec6655cd2c2f21754f86d06cecd05b900b6119b93fb427328acdffe82e968e0f1c45c6b19cf9d5f0cc91534f88f1f5f6e621c4e3b3e5b28d32252f8 |
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md
| MD5 | 08ae97e298196a48a90e5cbd5605da22 |
| SHA1 | d37510a617231dde92a5971a6c40147d75af6502 |
| SHA256 | 90912579516cc4b468685981e9a3dadce84d95114bf0b205d437c793d32fec89 |
| SHA512 | 350d1b7b860e3b20ada24b1240a356f7c91ff8691b473ca6a76515ca281acfeaaf4749513770bcc32af42db647430ea8c298e612a2047c05b63d52c18f4be4f1 |
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md
| MD5 | 3f80776e63b3ce40bd492347a81f6a17 |
| SHA1 | e0f5e84f3a000231bd824a4b44e56962c00d0771 |
| SHA256 | 22e6969dec9810ac573fb32f4555c82daf7573b1556a533fda4e81e17279b41c |
| SHA512 | 20c3ccc1df8810ec20be4f29fe0d91b214d56d8209d9ba61222a382954df77ebb049e4ae40b1cbd5988d18149ae6b690e21be0722abcf4e1ece1c3538db96791 |
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md
| MD5 | 949b5e3957f59c366223582bb7958f13 |
| SHA1 | a2e0602544a9961b55abebab83857e31ac00793f |
| SHA256 | 0f0acb00f673c04f28f6997fc31565a156f86bcbdbaf8cfc0564b7cdd9fb9e46 |
| SHA512 | fce7c970ed90b5124fc8a65c6d11edcc836f84c0dbd1b6ab26aede5c90d91c214fb1b17eb98413435097d37ba72fab9f93a585f38acc4e2b8faad5232ac45ae7 |
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md
| MD5 | 1dc21b697b7d198093beaf36801f4db5 |
| SHA1 | 6ee5d11164a4fcb4276309e31469c2a85325601c |
| SHA256 | ee5f1026d6525a5bf9a981f95ab1f0128c4cd8abc0d346f3f1facd753ba1b540 |
| SHA512 | d7c124f9556626e7837972debbc79b8580ac5893697e5cd63681c9641f1b9cdefc77c74958839054bc3a8f85fcabce4b874a14a9ccb24b0e73795326bf5c7aca |
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md
| MD5 | 6d0de6aca58fed273a3a2e3ce8f57bc0 |
| SHA1 | 52f4c4c6bb096862b5d039752f883174a60c8d4d |
| SHA256 | 3624d1683181a1e352ae583ef0cf0972e30d8c8bb8c075d6fd6c7dc90ab813d2 |
| SHA512 | 91e20cfd1c9b87ca50b429bb57fed7c71b2421f2a33453d83702aa8418bf24a31b37eff824024829d8ce68b91912eaf227108bab8685695e476697880647471c |
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md
| MD5 | 32133aef3d011fef9d652c6d7d9bfe72 |
| SHA1 | baab8e0b7352657a402d1edf35b11cbd8ba41137 |
| SHA256 | d1847bc04dfe6a00216dd367c0b9711084cb0bcc8e82d0de3212aa8d913fe029 |
| SHA512 | 19f01aa5841f067a5098086bb02a1cd72b764b3fd239b2dd88c8a890de9bc58876f997210e4123da2ed04f37920c3010c223671f1ce94fe2a7c77d26a2b3c5db |
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md
| MD5 | f5d7f11a3aa8ab6ffad86b6adf037822 |
| SHA1 | 46b33dc2a17c5b6a07feb1be95fb04b433842715 |
| SHA256 | 96220b3cebe4b1cd05b69ebff8056627a701063acda3bf75fbc1f113e9d50b04 |
| SHA512 | 745d5d7341a080b8c76e8086145e31528fb59bceb46523d9fd7798217d1c28cdf9008ee9d9816bcd5f919e33e4c7ad9acfad84acfa709d0970e46aecb92d4245 |
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md
| MD5 | cbe04cd8f7b458149516dbd78049dc44 |
| SHA1 | 5e3576d90ed253349cd4c4381d99ce4146ee2dd1 |
| SHA256 | 43e556dea2527786c1097a5e5bd978b7b3043df198637102e6145f86c6e0d1b5 |
| SHA512 | a42fad5270f89dd91e9d284c3ca057cf116832da5fa66192be112989a140e516c87888667b7c003e117bc8675c407e238657aad6a2aa640d03bc02377baf4bf7 |
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md
| MD5 | 865072cabdbff7aeb353fb477c52aa4d |
| SHA1 | 01d8044f13e5dbc57ac77f23b9b8ba3ece4e2ee5 |
| SHA256 | 67582cda0fddc2c839aae46ac87b9b7bf5cfcec6a13e698f2587e32571b5efde |
| SHA512 | 9fe317b6163709ec9cfac6ef0e331a31722c1549fc1866270d6179f5e0253d597f65263c0049f15412f0d86e2f01186454a6f59a5a65307bf37221acb945506c |
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md
| MD5 | ff7bdaf6b79c148c737d138829428b15 |
| SHA1 | 702b0bcdae0559d4670958fa11699b5706aa6674 |
| SHA256 | c2999896c4f2885485df017b8486d885522b6c1e71ebb61d5a435d81f0f8aab7 |
| SHA512 | e49c52f1d358e9240f836c350411185ef5d6b1eff6098802a742e65ddacb9ee204288a72449fbc566107887b44e6092894a69b96295b832eff59dd4286e4c80f |
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md
| MD5 | 178d04224a509bb985b24a697eb52536 |
| SHA1 | ad26b8176c8d54627242c2291f67869cf09b29d5 |
| SHA256 | a5175d7df93755dc484c8d5927e91239279c8330568322d03c68a72a54493f23 |
| SHA512 | e4fb7ecb915f97270e48ad4e01ad949d56fd6909bb994c78bf4dacc8729a29905056d46726a9de0123faa141d2e2e1f3b75414d6746487b560882905b7c9512e |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md
| MD5 | febd50473d9c63553f2ae46fb0dd72b0 |
| SHA1 | 914b2e9d1daafcdc34a4d99fcc18f3f478aef17f |
| SHA256 | 26c6a3fe4ccf7f7c5cad991b3dfda0487d18c5b02e59a191cc38b8d64a80bd7f |
| SHA512 | 68c40ff0743d5fc9c9caccbc8776037d24990ed6237420842c085a42a490c64bb7dadbfe26f1d2da186a5be21fe816d4f5186ed4b797570673ea1a7cd31293a5 |
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md
| MD5 | e079a0d33b64a668c21bc4748cc4278a |
| SHA1 | 37f60e88f6a2eae38f87128a9fc09254abbb55c9 |
| SHA256 | 78625193d519d6ed522aeb067e612afab65ccd0678c5f47ffed103967452b524 |
| SHA512 | 95de62b3bc822a57bd86ef9a6f79af08314dfe0817d007db23972f67d692f974e8c552bc08b9976d68f351245ea94d0035f3f413d344d81c4db4aa562a1f1945 |
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md
| MD5 | 9afbd3766c8ba9089f724bfeafe6d147 |
| SHA1 | 9eca20ac17d71e74d8c765d1b5dce71f22ea5aec |
| SHA256 | b43af291d9c6e76509039f3c45376183e2e13116e53c46b6510d956e5e3cfb55 |
| SHA512 | e6bdae6182c20216bed108ba0777ddc838ff862154438afc70e2cbcb0459b095affbf911206e71879a7a6f5d7ca6aa2d974e79505f1d037da106f22b865d4e2c |
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md
| MD5 | 2261b6f73021a83b7be90655cc664507 |
| SHA1 | 653de105eb3184ea5551d83c0ed53dcae5ef0889 |
| SHA256 | 604c164e3e890dcba3b0e4241dac169eb3cf4a54088c78d49316dac4dee003b0 |
| SHA512 | dcb93e68b97c092e5b479b30d8847beca4d24e647abc7fcb85fe04086fa2e5a25fd8bdedbf6401ee5df5c8fc02e7da577c6d19b56eb8196a377b93dc28a10479 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md
| MD5 | c93f7d12244a468e41d82ed9888ce948 |
| SHA1 | d2253bef08cc4f61024b992d12e752177b8d1f6b |
| SHA256 | 6809163b9063d0b07723d4407311e54eac9d28bfbce30b9932b0909846017aa9 |
| SHA512 | 27fd078fd6f90d5592faf5a62103b9e0e3d4249a4dcb480ea8fd332aae93cd25452bbdce1dcd215b2e2f2c5ff5a5b1e5dc4a2f0785232bf0cb0a15f986a16e06 |
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md
| MD5 | a94eb5056ac4306c7b9bbf436be363af |
| SHA1 | 15078935c264d5a1cb225138991e319554250546 |
| SHA256 | f89226cc9c63ae161b54a2918d7d10b16556afd5e75e428ddf7d63dcaff2daff |
| SHA512 | 0eebdf0c0c8625f36af52e7d286170e97cc370c5d7c97c564b3be03c1483c4cd589afecef6843ab3d0fa79962b6d374d33cf5dfa12e2805e19f1a3db3afa9dc4 |
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md
| MD5 | 87843d7d72c34905dbfd6ee575407744 |
| SHA1 | 285123b888aa3c48e4e7f13ba03cb9af6e2848e5 |
| SHA256 | f19fb4360ee3dc2cc8ae79c7a6c0d56ac9302dd12d43e2d285ac526d1462e15d |
| SHA512 | a07466a301555b49eef71eb5408c0785969f93ec2d725304c98bfbecaf638dc6bd02df290ddb2968403114a2fbdbb18f4614c15ca337f2981dccd51fbbab1960 |
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md
| MD5 | 8488e2c47b533f21bce06b01a0804d72 |
| SHA1 | 9aeea06f1461f22c22a89ad0586d435d095188c3 |
| SHA256 | 2c5cf3561103b5602d7b6114d360885370c99cee2f05d8685e138ba860a32451 |
| SHA512 | 802e9269947ffc7380f26c69ed01905f08caadd350d11fa91bd5467abd33f6127e284f08fc66be3829baaf4e20d079b37faa560e27dfb4c133a537ca1ba940dc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak
| MD5 | d2c2c92862582800496a057f6891ccb6 |
| SHA1 | 250e92fbeee3816ff318c6def810fde3384113c8 |
| SHA256 | 7cc146abea5907a4cac29bfb1b667220f118023a0666fb504f6cad7ac679ae32 |
| SHA512 | ad2afc8d2d24962a051753350311c24c128dc7da0e052d17eaa3b91e8220cab478238d81eb2f6bda97cad81e98e6e270ccb12908cb0ee533c79fd8780eb48b17 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
| MD5 | ee32de71a6f155b0b753b25bee817e3f |
| SHA1 | ccfe558c3cb483719f288d7a6fe8be5a83b84ec5 |
| SHA256 | 822df17f03241bf7365afcef219b12ff1e71a8c2ce00a05ba646573482e0140a |
| SHA512 | edfc8c78d35a10d7e7bc8293e0d0110f9a55bf95b7de8cb02356285db1aa7572f6295283351d6b4ad61b21c62cde95cea21f8c1c0c79219a5b82ec973c1dc494 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png
| MD5 | 0c2a764a63c726c15580f344f0d33258 |
| SHA1 | 7346de5c011faf8324f30c486dacfb019a94b3b9 |
| SHA256 | 6f5b764af210247e45dda373e898d6c217a5ff4020a7dddf26c0b180b9770228 |
| SHA512 | 5c312c52542c5aa11b437cccf17e2c4ff2eabf84234434f0d9c68f7a364e4ca356886976adcc8778fb892ac51e7a627ea913c8d122dc2bab47d5ee4f7501fac0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-down-pressed.gif.fantom
| MD5 | 77b91e953adb1b2e6d5577ff31c71b4a |
| SHA1 | 0210d98ad318e6f968144cf19baa90b6ec4e4094 |
| SHA256 | 44dbfe136aa8ea6421b4788fe892e8a09bd9b7ce82a1ba24534ab8723ef2e011 |
| SHA512 | 3ef7dde23b6ec500242279b342d9f4981296a1c66f36c1533bef5c27bcff1bf0a39e731d4bf5fe9b744e21940271e481567e80b294a10bcaa1c863291bdb6335 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js
| MD5 | 577dfcddc0becdfc8d579936da30dfbb |
| SHA1 | 6bd691068b448bcabc9940e9b06b704204b7f159 |
| SHA256 | cf172c7be0f6d700f1de7dfb3429f7a4822f0b75b09c2fdb3aa77d773e2b3a9e |
| SHA512 | d17890b4945ec0110ee2a0bad93bde9446a31103a91fe44ba56c7d9e099427654fcba3d21fc8f2a884e22a92c5674a64f7a40e75e6dfc15cc266b9fa25c5c117 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js.fantom
| MD5 | ce161d26b3f72ae40026e2db7507e3bd |
| SHA1 | 77ac2712529aec2f8a868407e3966b23be9d42d0 |
| SHA256 | 85d7b660ee2a3abf624eb15fe18c39184d2bf85e6c9a434d3ebc4960705556e6 |
| SHA512 | 4505e1bfabe809eb760cd7b38b63552f10ba5b02561a1036dd7e2a200c47e0a62ecdc6d52dda0ed9795a16622db18e689cb0ef3254a568c51a7aa357938b8c0d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js
| MD5 | 6319ac4b98a9c68c1a5b9060a06a9d75 |
| SHA1 | ebba7079130af009ab0de2582164e5142cdeb163 |
| SHA256 | 64ec85962097b3506286514e59dc970750f6910af13e65a0ca7348291f852286 |
| SHA512 | 80f945f8d90c7c8e1f7a2f845309f8dbd7f2785a9a5d21d31dd2f8fb3487bb9801bb81227d55c104ad1cc778f4225606ebde27d93e17705bbd6538b072ce03ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js
| MD5 | 74fe5875f1331e553373aa0d9a90a5a3 |
| SHA1 | aad2025dc4e0e799dfedcf33b91b514187cc0647 |
| SHA256 | 05cfabbc397647f43b88d2b809609ac5cb3e7d00fcfdad4207e1055c2641ab03 |
| SHA512 | a9466682045e499e76b708ae70f149f3656695b06268885414639f618918ebc1d630a6e36a5a80bdfc3b4cc0a7404b265a78300e82a8368bc708fe5f32610c89 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js
| MD5 | cce2ad5e2b6166ec31169a1f82e71da4 |
| SHA1 | 086da5d8d7759d6ae24b2419ad3dd21b7f21f7d5 |
| SHA256 | e7ae87d362be82f924b84a67270d8fbaa7068792c2a0f24aefae7a68ddc961d4 |
| SHA512 | 46a90849b9e601b1ab2ac19102b18dec9ca981a013a185dac0fc41728651f804d0d43414be931ae1d0a66f35749c8628977febac74ff261129659eaf4c787ade |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js
| MD5 | a1547d9439a3058cb8f4293fed827a19 |
| SHA1 | 738b8fc0280e2d5d6007c84a83dcd8d2fec9d3e7 |
| SHA256 | a2a3559f69703cfbc28d268fbdf834b747363022e21f23e28caa334457e54a7f |
| SHA512 | 900a20e9b317a497950e892a72ad84222dbff349782da2425f48fa955cc255c09efbc674fe259c098efa4466a489e546a253f23cf3e9d3c26fc01e4c314d3256 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\ui-strings.js.fantom
| MD5 | c81a427ee598f2e84eb882fa194410b6 |
| SHA1 | 4b5d5f2d7ba71f208fdfa0cb700c425980a04f33 |
| SHA256 | 4d35276866e52fed06e3b63c93a2dfd8f8c960b4df0c5acf406ad51b1fa2a084 |
| SHA512 | 7d5ea3d31da0ee1736ca18b1c504f6d04f893fe8f1c36007d7caae30d78794157e13fc7c9c556e20a59432916915ef34e1cfead0fe6db3fab604a0e995358b2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js
| MD5 | d5825daf9c837fd1b32664dd6bedb90d |
| SHA1 | 1842feb63bbe5db0d2ca0a6731be1014c0506694 |
| SHA256 | 8cdee5670927de84f16ed68113f17c2a503080747628e0a612fe1a2da80b3dda |
| SHA512 | c44f05620f1249b75a0d3ecb10229e39459e98ee3954420797fe22164a0514ef9b1f7b0b81d12797fed96494e322e397f7d8b818d4cd3a3bd28affc8f661386e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js
| MD5 | 5c2aecd52210eac983d7a29d80bf7906 |
| SHA1 | 3102f92801ed9bf7eed6e4dec59b7f7733df3c0d |
| SHA256 | d14dca5811867e66d196d39cbdb507a09c65bff03998d9ca5d50911ce35eefcf |
| SHA512 | 1eceb2e67325076ddd93e5b17c9c9b031b06fa45318aab0a479d5c51aec1ba3ee643ab4948ecabe3d17d57c07f0cc0aa7de7ce5155f004b520fd36d08a59635a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js
| MD5 | 5eed4157a189a9c308af561c224b4e03 |
| SHA1 | 3fcc59fac9aef8bb9dac9d74781465ae51242adb |
| SHA256 | 08f1bf24cfba8606866f8667fc0d17c01c53c96d4636971775d717a62994c5f3 |
| SHA512 | a6f03b9ef8f718eb91287683c83c43052875a3212b4889fe6261acbe0a645786c416027a54a77f1f88c597b58e347a6a5ee1e85277bdf046f53befc51a2e6cc5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js
| MD5 | 1c4953c1e858118ac117423ff967a1d7 |
| SHA1 | 4ceb64b376f0cce1c6ce19259edd3c6432744c88 |
| SHA256 | 3e75eda08541ab8b451839aa36caf6301836cd0a55d932a35aead450a0a73c30 |
| SHA512 | f90dde4750a2057f6ee940e698c1111bba6d54471b6eda8fc0a1b82ab1c371e06782c2c0dc08bac4172d0d3680a8b2d0222339a9d489abe5cb9faf8c401b69f2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
| MD5 | 9aa4e5e3ff23f94ee55231cfc9e0d243 |
| SHA1 | 58de0e67e3a0191655114c3fe29b57b6aa736a00 |
| SHA256 | 521af6f39d2d45aff1e62e8ecb988e094890710c1dbd50cb582a9a62e905301c |
| SHA512 | 334f4de238f85949cb5a07b9c7f61f92973d9d685bfc3d0b6b0450c53a1586769d0d26892ced17e3d0684239bb3c1e7cb68498c0386bb6dd8b3c28291385f59c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | e2dbb31ebe9771dc262964dd6b33e523 |
| SHA1 | e679ec39a90f23e340f5eaf6f9ede8b57d262965 |
| SHA256 | 5fb3db47b5c2fbe7f567529a7f4c0a850115158589090edfe37b7401760e21b7 |
| SHA512 | eec203c0cd9073beb8df0d6fcdc264da67cfa1211fa633806103ea46089fa7d457f7a834beb763f8e47f4ec89c015f9ac46715e3cc5e4e176027f908da4ce48d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
| MD5 | 5b074c10db064a29c30796c8ae43fab9 |
| SHA1 | 36141bf201dc523f9c9405d838ba7def049b403e |
| SHA256 | 46c6ee128660577a3e68b4a687da8fcb6c80fffdb368a32d002e0b5eb6aa92b4 |
| SHA512 | 296d213a07f3c1499b06abba5ee51b404255a13184fd951b4680324b959c7c947bd55476543db58af19bdbfb3d443f16e1c77a2b74dafe48af3a9ac7edfa6135 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
| MD5 | 257615cc8b1662ce42147a6f9089e83b |
| SHA1 | 522076e07034acc9cf9f28d1c0e1eefcb434ccbe |
| SHA256 | 213b9273ece39144bd1149bafd0b3a81e0bd2b391c08b886a5bcf45a571b841c |
| SHA512 | 4234d1b039df8f1151e6759992fc2f117d653951bed0e732272e45e2ede3c45920bdd105f432dae2d581eecbc61e06050e71e4323d44bc3db7bfa2063c7690cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | ed996eba3104b9accd4c296cd4ab7392 |
| SHA1 | 9a893dd2b14dab220644e39d2a7b2a832d32677a |
| SHA256 | 754b7bdbeda0390d51346e7e8884270dfbf5900ba1924e3efdde0486e37f9ad3 |
| SHA512 | 4c13f4a2c80fb4f1461393bf05d782f6e37d4ee911bf7e68b25137c4ed421b3540b6c9e9c506c5652914935aadee518acbe902b5c4ed278c2c0aafe3c0391561 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
| MD5 | fe901670a4c69f64ec73376cbeab69ef |
| SHA1 | 65bc0c4d5b7af8c5c48c6c278b7484e1285df44c |
| SHA256 | 85c3b19203a599e76289db657efd7e456cfc58cae416ee2eec065984f5c3f30b |
| SHA512 | d4ba8ed30ccf3365e31230bf071c5ded5f318270635a8357bfd8c641d6ee39dc8d41ebd2668fd83116489801d904a482831eda5ff26e8b33db6a5f6637bc98b5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | cf539fc36d3167ff1d915e9ee33c0588 |
| SHA1 | 7ac0df2892f10ce567e6cd1fbbe9a2e7f78c4ec6 |
| SHA256 | f7732201988a9cd5a640862c73194c91f77a238e301d25aef31e9609527a2946 |
| SHA512 | 83e2a660f7ce9877fb410f24bc86de9f4ff5f387ea60f6bd2a69e9a403c19b1e66b7174a5ef510d341e25737ae33fd9ca90941dd037d94d9a21a6cac8c12780c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
| MD5 | cc67a7d5643b9da5322a027861417977 |
| SHA1 | c0abe0d917091766811c6c8625c6411b4bed645b |
| SHA256 | b2be99d3c812b07304313083941f8925772961c9d2df410a07c2eff61a155d45 |
| SHA512 | ba9ebe85478169195a4d28d6d4b1422f52c465554ad7e1c5e34726b5bcd78f277c91f5871556a31a6888ae744a2a66966b625c259951c476754a4286acd5688a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
| MD5 | 3362c5e5bb88c3a39886219d183344b3 |
| SHA1 | f8012e5f7cfe4f457e5562a8bd2f5130e6b1e35e |
| SHA256 | e2c1aac0144415f4584ee0ea1d9d144f8b538f3170968c49c7b8b608e60b7677 |
| SHA512 | 83fa2c16aed3d52e2c76929c81f526047df14473700e76d393b30e4668bb0509304bd3c4149eba3a3d971f7bdcc112bf973ecd666353a16d4b2efd38ed3fd04e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons2x.png
| MD5 | 9353c84bdb8cd3476a335dc46a7596a1 |
| SHA1 | 9353757c9b1b1bcc0786ff232e9fd194ab243a88 |
| SHA256 | c6f1d4424632cec937cfad811ebeb3f2fca16f4b2c7805ced9463573e12c5044 |
| SHA512 | b9057885f82bdece58dc57c395f5a86c8817f6d26d38782cedfd2aae590a8e44ca2b58196d1b0da8cb5096801593d6aa4f8ab685614a1ca8a82d927e4f713c35 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js
| MD5 | 28d828ccdb6a7b42a7068e2319dd2011 |
| SHA1 | 57104959b93765c837b48ced7aead151e9a45b8d |
| SHA256 | ec2cd8218de04446ef524fc4de103ba1390e5050d78157d713dfb8b9602c33d7 |
| SHA512 | 74c8cacf6cc0c3a428d7625dec86cecb4abffea307973aded5548a59fb205f278b3ff6c9f3d2172d57dff8a836b4da3781e51c9a139871019030f0642c890de6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js
| MD5 | 06c96253aeac0c63405926c64146765a |
| SHA1 | 3780432a4571dc8be6d725d691df426e376e952a |
| SHA256 | 49b4b702f56aa779cb6f3b2e8472a54555ba8fe463676885c418be267b6976a1 |
| SHA512 | d1ebafc492e287b54528bfa07a4baad4179135d348d908ad5eacf75cfe16c7aa8b0a64e80a65d6b91457871a796b252bf8c87a19b3b885637d905fba96555b40 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_2x.png
| MD5 | 82987f24c20ba52d32b688b9c026168c |
| SHA1 | f901c369e5249c72df147bed1ee64ba62c101f2b |
| SHA256 | 58b890294401456dc4f275b98199d541e62e00cd348242f9a63180995d7d1482 |
| SHA512 | 90c5001cb95c45274ea2df6de5d0a2cf052d0e97817468b071c17ec97e2472e6a59481e45d0f50ed0cba024ca6a8de4a1330f86b46b68676789f2f25214502ee |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon.png
| MD5 | 3b4c0d4833c048de8b435df3cb28cead |
| SHA1 | a4cb8eb342ce39a58e75add9f9d4f947907fe64e |
| SHA256 | efd4f0ca5a74bf91606a21b741c3a3edd680df0a2f34f2cb0aed3aab92fb0fa5 |
| SHA512 | 79c60089fb9c3d1a3723189331a1bdc79128f2f146ac4232d251138f7cd3a9d37a717eb481125fe67c5c82a3beadc3e041a8ebfec9d279fad2446d4b4998db43 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons2x.png
| MD5 | 3eae254f790b09ba29229f6fd16930f9 |
| SHA1 | 03f6986c1e42699d9066f489d1f3caf1bf0be9bc |
| SHA256 | d959fa37104c494762b1bc14a1645b07dac21cd14a137f96f064086669030ce3 |
| SHA512 | 27a00d6a5cbb2b12009a65c00be4f817c1f4640d480a9ef78c7096d41f9188d94f36ece0bfa62a4a6e01a280bbc573e116653ebe2cca622cb4178208e8f492b9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons.png
| MD5 | 21f6472b67dc83694cf3b5a28db99576 |
| SHA1 | dd1b9d838eb5df881992217ea926ce0b222173bf |
| SHA256 | 414553b78316f7a183a6a196b57e718ba16a01ca95ef786d2927aac8f015f451 |
| SHA512 | f0795af74e414adbcc27a037eb236b51498590d556fda057e478ab863a97cf262fc9abcea8cda4981eb54ec7ec991e32599baa1b4de6d77a811bcdf29756d5ef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover_2x.png
| MD5 | 475e90bdf28ec6e00c1c8771adfdd9f8 |
| SHA1 | eba611e4da4d61144b560e8821ac27b4d54926ff |
| SHA256 | 73f7119a74706b3ae0249ab7be1069a69b91f2c8c5fc94a12e24ff60a46a6ecd |
| SHA512 | 6c497eebe075e9838c26b06043652aac9296e73579de526a3115368ebfe6a27525ba5096dbca424eaed6aaea63e50264cd13e7822cdad0dcfbae98fdd7a94e45 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover.png
| MD5 | f2ee29611420416f0ecccc0ffc017fe2 |
| SHA1 | 9353abe63af4af1e6ed28ecb0decc5fa7814ba17 |
| SHA256 | 126315ed72649eec3b94e61abeac0730167a8d0102c50ebe74938d0511c8da6c |
| SHA512 | 928f262ce3aea15af770526a8ab3522a26d2a79d191420a3f293d26594ce9040a3c523328be2dd2ce07e865c49caa6b864d1722697de5b159823f55a3befc78d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover_2x.png
| MD5 | 698631e10791911ea4b5b55815fc272e |
| SHA1 | 41d4aba425e9664e288ef04b5c882a24075fd656 |
| SHA256 | ad98dc3baf2a24fe27fb4c1b7b018d10b60247cda3da85559bfa5f30079f09d0 |
| SHA512 | 37814175feaeae607d4e5ad3e1de51136019d321e12b589d39ab29ea4286fa4e0bd58a9c5731f313954e55dd56e072f0eb8d66fd774e7127602cc6144bb79e26 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js
| MD5 | b6685ad7678196494951cac2907be316 |
| SHA1 | 0b44f0917c2e10bfd7c803a8cd0525255ef4b2a7 |
| SHA256 | 0bed32c6a54615ff6f1819b89fc4d73265f335adad17e8aabab503ad8b0e5af7 |
| SHA512 | c03a9e66faf40d665f98136f1fac4a43261a6203ac5e4a217ff440d42888bd42b47d0bd4aeb965230f7a867c7abd519fa8506b3536f1b8fda7326e3301f46621 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png
| MD5 | e589d08d7b8d77de215336ebda998b6e |
| SHA1 | a2c7ab9555d4b3c67b1762b64a82c618364854f2 |
| SHA256 | 299e2edffe3d7febc3eebef4c28a8e08579149e049044220a7a2c06cbd42c92e |
| SHA512 | d93daf824955c60dddbf26531c916730ccd4a3f2897ad00be5ab25ef1761a54406af62094eb2b7613f9ebfa872ee8a9f4a02a9ba2c62024884f1a0ca16f8bff7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | 4ecbeab17c9092398e55dfc8dcc203d6 |
| SHA1 | 6493cba620570d58134f6eecf22088a688692826 |
| SHA256 | 4b0a55f005482a79921b78faae4aa9b28d6a40a7d5d5fd3efba45e38d6d47ac1 |
| SHA512 | 11bf07ba5dbe783da473e5b21053bb808f4fee2e07cd4bad1257769fcd7ab8dbb008e2e1ce18d9a4cac92634ff0e2c661bf64d83217fd7da147ea019a6dc07a0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js
| MD5 | cdfdd0a2224d29175575e5a1e127c324 |
| SHA1 | 62d49ad1737871893ef9367c16a8355d6ec19157 |
| SHA256 | 18ba4da282646907d80bf4a0e944e1bcbf330ee580771723d4fa06e34a530526 |
| SHA512 | 07a1668d6c028f4dea8ac55bd22f5080fa46acb80e581bbf501bff4b7f7145be172c15bc3b983fd83c54a13c94f3a05f6506164c0705ebebc8249210260f9992 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\root\ui-strings.js
| MD5 | 4bbcdb298573e68d360c3c79b775d949 |
| SHA1 | 72c3493a38edd96bae3efff4ad202501911de5b6 |
| SHA256 | 0315703a4fd839409532977e724727c18a7f49f5cdc30c690d165f88e69e0be5 |
| SHA512 | 1170daa9e0d7948bce9a6d78bc83e8d7b186f0ced69695729d99910710ccc759477e1dbaf1e8b508c2866dc40f13dbfa1f910244bc6f72318e0f410fbb2e8714 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js
| MD5 | 547181b22d51620b524021976cd0d43e |
| SHA1 | dc56c5ac8833da4695179e3c0454a7cb436b52bc |
| SHA256 | b5a98e797cee2dee445d5e78d23e7906214c2f83548a87879a3c5181fc941000 |
| SHA512 | 8a21d88b4cc68c96312cc9003d1c549ca0cd836dad4439eaee4299828bed24bfc8f23e50c40dcf7d60ce47d6b7d18e32bcf8ac214e9c9476b341c22918345758 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon.png
| MD5 | 4d3efa636a5fec78d83885d50f1c273f |
| SHA1 | 6d0c5a218fbeca283eebdf90d776fbe051be041d |
| SHA256 | f898cb4a0ef6929e9bcbee338c9f2ed059b0738f394dbd23846bea2bbbedb512 |
| SHA512 | 8949b443635fd7baaf15c9d3d66c232820ce4ae193f3a69865aa53059970fec81d7af4e422f87b0e958a3310c4f7ce56635b5b57db586a55b7cd21962472b92b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
| MD5 | 6f4839b1163e65b6051b7b6178be123a |
| SHA1 | 9ee13770d15960584ca1eaf21fa83cb4d1db5612 |
| SHA256 | a385cd506d84b2412179883735d3bd4a3390e7a654dda4dbc3a7b14c10866d1a |
| SHA512 | fd8110449c62a7da3c5f062c5144757867e431e630de2965353ff06c5e64666f604b8e81ed0ed931778930eb84d6d88ad9947d4d66db9766426c823fca243128 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
| MD5 | ed1d4ceaa9a41c72ebff884de2f0d2d8 |
| SHA1 | d199f6066c86dc58eb5bbac2140e1e32fc5a6b33 |
| SHA256 | 0a8d2bd9b8687ddcb8dff73f88071e74963a921d789c9ee33b8fe14b4d85379e |
| SHA512 | 6f2ad6d75dc06e5a841e1a03ddf586f0e5c278b8de83a35f6e1a6577e7df1a67fa908e4294b0e99cc9f1a05c92433a633071973acfa4ec913b27b4491af682d0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
| MD5 | c266bb837506c58096e3bbfde348dd06 |
| SHA1 | a767dcf1df87aa0990fc9107a6e700a1e91a9a50 |
| SHA256 | 0fcd06e2cefe95d2e8db77139e8ec7967f05e20b8949b67211929f47cdf1d2cc |
| SHA512 | 99faa3165a7cd44f7824f518131959fc405705a57bad086da34ef9876330ef4667585aefb41a35868817b9ed798a3a26b4e113fbdadc0b6ae811cdca75fdc3f0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
| MD5 | 5437adaaa4c9f3aca78459427fccd6d6 |
| SHA1 | 0b53e673ec783229ba1e3004a1327fffa015d9ce |
| SHA256 | 8f298f005d9c0b7e3b13ace3c257fbb2badd87dca9d7f65213eda214412d4123 |
| SHA512 | 59457e1d02211f150c39ab6b5ba2ecdf79a49f58fa84d5c92f7adc8cd9db00790636308e7babdcda0666839aa376fdbf98e0d9ba7bfc93856cbe1c7c02827e1e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
| MD5 | c62bd11c79172f8c53f965a1ab98346e |
| SHA1 | 12c8df67957cbaf36e6d7a0ed87806db3dcba2ea |
| SHA256 | 3adcb4a76c34f94e9f24b6fc4d62ad645606b70e58d33e6c0c61fd113b71c0c9 |
| SHA512 | 68ec31f50d1e02f9df824a4cc3ad49e58c17abdd5c133c6f052dc0d3db200a433f78bc16dc7173729a224d95b2500d4aa9168ae139e42cfa93ef43dfd7762550 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png
| MD5 | fd987a2cb5369b8bc78527eae0c24d57 |
| SHA1 | f91dc488bd01945fd3143f6f5c2374fdb77624fa |
| SHA256 | 5c9b888b223b27cdc9e704fd9e1a29f34ef63e0e5c05424fcd2796844a1aaa97 |
| SHA512 | 302120ac71dc0c1a571182276b44ad246435e2edf9d508e71dbaf98ee0ece9655799cac8eda8e9902286a1a60b49cb010b220a5dafc234741ff632ce39e429e6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png
| MD5 | 3432405b848e30060a236154dcc775a9 |
| SHA1 | 2d8736531752e9fbdb231d64b49270c466b280ff |
| SHA256 | 68910b9bbf5d5be0f47071f2efb11a2e39c8044613b0082dde86dbdfc6ba233b |
| SHA512 | 0f56fa076815320a0306c238eea49a01b06019dfc9f3a9d8f1b86e51c3d6d17137a0eb15ae567e3fd96f98314880fe5d91e0ca31af47bf57ccb468ff761df50b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
| MD5 | 8c0c9ef602dc3cc5faf9fd45a39169ea |
| SHA1 | a69ecce446c275902cf10f303f1c10d4479486b8 |
| SHA256 | e074b05405a2ceac67038a726f9d44412f0731c9e2d352c216c4da8772ed4c51 |
| SHA512 | 632ee7ef16262edc6e0f81964ca0ea2164396436aac3b9f62c59fdaea2c02be2361d33224ada3446b0edb0cba0de8f25a4f48701f13ae27a0bf7eeb47fd4bcc2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
| MD5 | 5acc93d8fb8aec2cae27e9cc3df48663 |
| SHA1 | 75e0bfc05de8be0a73d7ba29618b3264587fe05c |
| SHA256 | d79b8841ed7516800b528bba79add1e10254887f7cb25eeb32d67ebb146a3bdd |
| SHA512 | 151be435bcbd0cf028ea4f28985ab34ca5062ff746cabfb91f993a8b10aba2b2c0a1e8b221ded9f66888d688ce360e4d130b1dbf0f6f5b4093b15fcd9fb13019 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png
| MD5 | bd79ba98aecd217d7f194c6a1f8320a6 |
| SHA1 | 615d852835b6722090ae21ec40d403e6db6b9ff5 |
| SHA256 | bceb7f28989ee56b659c25855822fd2d8cf648d69acfe9213a16a6a6026a567d |
| SHA512 | f78ed0fdded6f31be59bf921b50154c872399c9f3f3e11ff91c727ee3cb2b8051fc387ab80e5f34f82f4681aa5b3aa851c6c225529aed5962e274cc143d5b3ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png
| MD5 | 2643e9ea0f70b0be31d0538765250197 |
| SHA1 | 4baf6f7b6a49a4785c8302efb14f4ff608387a9a |
| SHA256 | 9f3970f6aaf1201a23c9e0c6b8eff000e8839cbad0f388507347e5460a8ca477 |
| SHA512 | 22808780f0f28935045898345922ec929963dd545a756906d9bf48a526a9efdfa45c5da2dd24352ee6cb63fec66e3c07f8e07115af9965656eafa61942da2791 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png
| MD5 | 824a4f826660c6d611ff028b7acd775d |
| SHA1 | e862e1a79b7f7a13755a97792f8d0bcbc938d602 |
| SHA256 | 045c35cc20a296c2b70f7a14607c89ec6563d29eecafc21c452c385f7a0bc57f |
| SHA512 | 9fb554b4ec17d071a429fc1efd26190b5f5b47033e2dac82d2a5b6c2ccca683f4792a6ecc5b5a151298f47fabce6b3227d0d6b2fda121de0f073ac7040bf60b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
| MD5 | 962be54f627d7966ce8de6ab1bd07892 |
| SHA1 | e6a30c0d81e9a2fd5c3ec65363c315f992bf7398 |
| SHA256 | f1b40c4603c17cd28a4f39b590375fc560bfbc7ea7f48063bb489da58c23a0e4 |
| SHA512 | 69fe62e4816b7f38d5c72f80c9d9ad81da986b0c48f3975b9b95634550f1028e3a8f0fce0b111adfb75da021a541a2b5cfea90e0370c924bdd4ab55158868ea1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png
| MD5 | b6981f75c82664c7701352004190b638 |
| SHA1 | cc69ac345998ee38a5b42c15cffb6cac20f8647a |
| SHA256 | 9e4f3e454040ed7ebe03df31a4ae4f80903e8aa603ff585de8ed2394963d759e |
| SHA512 | d011fb0dfbd4693512e2905d974d01b4296b75e079e14c2d80dadb9bff93fcec061be888430744df073a73634cd3a100ac42e6b9a7130c98e24d72ea87f02e45 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png
| MD5 | e4b6506f01a52174faca973ccddcd789 |
| SHA1 | d0ab1f5255e69633e8cbabfa5d46d79cbe02ed45 |
| SHA256 | 1f455513dbb1e8c03baf534391060b5fa1b904ad04854e3b03afb29382431b36 |
| SHA512 | 880ad2674123ef4c4adac7d7404e9308c10b9b03af7a546b65cf680c0477f5aacaddf595e0545b46736acb5d7ef7c7f99a26d3d48c3b64d4fcb44aa92b8d7a67 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js
| MD5 | c65b3f69c8e41a4abb142e41cc537194 |
| SHA1 | 6122f72a357951663e37b139a54507c9d15e74a0 |
| SHA256 | 3fbd338b470bac0b379d755f46f1105b39be5392a5f10a01ac618ff67655179d |
| SHA512 | 53ac7449520c5184c03a3cd3715fca8d318d9fa13d16399411034c22443b9235f0c38a52f7e26ef3b242201f5edd4d42d10cedd6594dc1c088d2552b368b67fb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js
| MD5 | 9cfd446db6ff9d2e9e2f9cd0a19ac40d |
| SHA1 | fcd308ccb08fc07d6a67dfe06f6e9bd01ee35ab0 |
| SHA256 | db466ab7b32957345967d50deff4390fe722548b6eceb35cbeb1934f454fcff7 |
| SHA512 | 4964cc86b97f5d7197184b63dc1f68b77a3cfc0acacd4d78f42ae168cdb6b2ca9576ca6be095b6ea6964bfed50355026c3ba3b9c98b8a35987e3247564a63045 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js
| MD5 | 6c60a0ba3675daee2bec38fe34c778d1 |
| SHA1 | 57f0defcb3512609ce9f08caebf46812f7dcf73f |
| SHA256 | 1a269ed3cb9a0897336f330fbdf77517d7abb6a076e97324ad28c6fc9744ec81 |
| SHA512 | ebf966eba3932a0b0106b4e397b2a1a0a7385f3188f6cb102c4944b2dd3a8ed8f5212f2abdda952782194fd5ea7cdfbd9a4add19acfdc744ab8f64522bef4979 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js
| MD5 | 7753c9891eb92f8638f4e75a0bbaa378 |
| SHA1 | 05349cbae73c7dbd6b9c858f2b72735950940d84 |
| SHA256 | 0f080e34db6953940d83cb87ee1d43d6dd6bc1fa829036dea0c5020d52d0e4ee |
| SHA512 | 388c106be6bc6b0cadfdb80f9cec5d02bc97713783dc468c6dc9d66d4c777615b99a999febbe02893b3d77e334c369bff989e5fca1b8fe41e7529e08327b67d8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js
| MD5 | bf357eba9941d4ad580173f001d07a82 |
| SHA1 | 7eae5cf359390c133505fac0bdeb344c1226c617 |
| SHA256 | c77487ba6204ea50e1a11c1bcbefa58267c8e56b277ce2ee88ad2d091b127b30 |
| SHA512 | 3041f2e52eced2bae43e7a61ac48338055201999f58fb4f2c8d2faf782a9324d4f166974e6d7ca684078939cec679e3d2300596bbcb2408c9f1c1f55376add2b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main.css
| MD5 | e2513ccb5d5dd31f463680bd9f6534ff |
| SHA1 | 753684b461cf3df41945efa3921082933cdc6b23 |
| SHA256 | e21708e3a8d5082d748e1ffffe1864c8ada9c163aa8f902e154488c8dcd479f7 |
| SHA512 | dafc0a42261d087b35cdcae359e65cca7f40acbc0eaf7ac0c8125ba9089b61385f77f0f815258e4583200e4a5275f053e71e880e184273e549c4fcb6836fbf5c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png
| MD5 | eaa3c1d9d34dc23a623c43dead335f64 |
| SHA1 | cdf86736d1e5f9ea152b557e744f3ca85265eef7 |
| SHA256 | 184d869cd9cc3d0288a642104c7adcf4ff87ac772a385793112567a6b737fbb0 |
| SHA512 | 8e73a78c2cd878784681f504db97779c82812492c96341c9ff99a657509f12bf763f0334e373c71f7d08cb7f143514f651ef0d61c1832b54d423ce54ad0c691f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\bg_patterns_header.png
| MD5 | e6a6ece75c1df1f79f441cbfcd59b61e |
| SHA1 | f8680b16000e8c3af92c1a02e31b9076646abb10 |
| SHA256 | 3ba486db993f39fcc90b7f5926a4040b585b8aece552407fbae08daeb3d8faca |
| SHA512 | f986e41a7675895e048a926b94fa8fb40f213b23fcc8e6bcfd856f06d7191b7a62019a922bac02a74d7f81c150210896cd11771805bccb68af3692f70e0dfb52 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png
| MD5 | a31f9cd2b63f02fadf59b63452d44dad |
| SHA1 | ba8b1fa6b15ac095d3b0105228273bbf4c8982aa |
| SHA256 | b365b73499d07c30ffce340fdca380d5f9f0f6ea4a0323193c5f19d821b5989a |
| SHA512 | aea458000f30230635ef0b773fdbcaf81306695cd84bd620df95742fa8ce38028fc3c885ddf3f2b714ea3e7d3ee7a66b60f0bf1b3942a24b43f35649a916c383 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png
| MD5 | 458903795a55abb6e4e504386f15034c |
| SHA1 | 2755aed0c174b628960c6c2fcd3d0ab758637b6d |
| SHA256 | e9e58c1b34d538f3bf4a45c7b6e67350b0853784c384ed80572832e17c81f3ee |
| SHA512 | 302aec5a68e358cb0456f2337085d62337f1880abdcae19544ea8ed56f95e4a6b086c5ebb722fb8091058d81c686970208b922badb1b706b1e8a58753ef77316 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js
| MD5 | f5e5f1777aae362856796a8dccc7a5fa |
| SHA1 | e7771852bc7a1080261aebf8de5af6f0d82b868e |
| SHA256 | 556cdbccbd53b1fd3ca352a5f9562893675b633571d80ae52a588f3f18a8e60b |
| SHA512 | 69e9d325273c3634d756dcc07f617aab1b5aaf84c5b2fc41f5c0df4e25889a8722af91341692990aea905b962a5301c655c1d63ee737e63032caa44c0554b0cb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
| MD5 | dde9c071b11bd89e9ef8c58262f6fdc0 |
| SHA1 | 40fed10cc1e215e18a3ffab823df855fc5db9d01 |
| SHA256 | e86ee2d92a6fcbf2a5336b3039ff6cf4f3decd99f1785cb1e0bc9f67f7e96389 |
| SHA512 | adbec8a26be6f164c926fa42aa569cae551633c2e873cd790db5ee3d530495f96e84c1e1358a04c735b80f11d664e82517f99bb0b255b5a109fbb5b144569ef5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js
| MD5 | e24c69d20e595df48a8e5fea6d3d947c |
| SHA1 | b2cfe8f059bf19ffae3bb03cdd47797fd9b72e39 |
| SHA256 | 6b154b0bde25643f5e46a28b39459f2ca5c4a1a4bf495e04ab8a84291fc7a954 |
| SHA512 | e692900d90099f7a060f49ea69704587f5fcb0dae98ed324dfcb30dde4e02f8bb81f4b6dd4bd5bc32805f49935e6f6b26bc22bb4fb765bb58de2e6256f98e85e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
| MD5 | 4a71cb809b1d490e4b1aba5f23aa67ad |
| SHA1 | ba5c82b10f12f1372684106c1af16a6afdfe20e0 |
| SHA256 | bff0f24c356836ef44b5449335e3e7b9dbc3d8c0390a2fb570bc1406a83965b0 |
| SHA512 | f4b3ec3353e4bf08f2218360638e97156c43f3d280f46d3ce9065d3b2debbe78d42630e549da541e4bf6e3f3a5ed30eb947a574391330e30d05393c75fff660f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
| MD5 | a0e1dec46d3bdbc4a5369da63cacdfcc |
| SHA1 | a50a9353769418f48972e88af8603e41d5ba6a1e |
| SHA256 | 11182a0a540dba098645d9658af6b87e1c160862b6ead5f52b23d8281bfa1318 |
| SHA512 | 2c966abd33cfe712c9bc5712a78a81e03129df0f9238ff85174884e033ab9e348863716838bb3a51310feaeb64d99af1d82ab95573f41848809146938e8b3087 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ui-strings.js
| MD5 | b3b24f1346bf44fff467520e88bdfe69 |
| SHA1 | 9f9263d5ee520a6c72a28627cea74beb6b03c164 |
| SHA256 | 281fadf06fd86f5b1525bf8df1e3b8b0cf1413b4a50d6224e1adfa1e4d7974cd |
| SHA512 | 2852b897b20d81c6a4f491d06c30f16c86e5a9ea5980ddb9989ad51dae48193115e87eb5e7923f4cdb07706e2f7f96a124355b7f75f98527fa4ff3cab27bca7f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js
| MD5 | b4ae5f5fda241416b7fd3d8f6da9dac2 |
| SHA1 | a5d17496260f98756081e1e7b20b69763b795a00 |
| SHA256 | 5ce4429338d567703c140ddb6f1a6b77adff3a0cb695763ccde1d5e69984e572 |
| SHA512 | c4014ec0dc9b5a7f2726c8bb23f40ec481e459dea1ec267eca080d38086236ba551f8156e5ab3def8df0c2af8a02aa401eb7833d36979934a59f9921d1a98147 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png
| MD5 | e54b6235502f90124e84e6d502dc3077 |
| SHA1 | c1a03913e8247c871e9f250431cff997534c4987 |
| SHA256 | 2ad3c13d77801121c9bbcc232d1c489ecdb74da873fe6bb167849c4a5db368bb |
| SHA512 | 5fc028335b5caa6cef16d82efd04515739cbbb5bf0368f04193bf2da77c50e7f1a3a2b7ba3e83bebca5e3a193a8113da72720ac2bad6573b16c94922625b9106 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons.png
| MD5 | 3c6f088ef964e156c57b121a74d9a860 |
| SHA1 | abb8e9354973fa91f0f56786e3528d8a07240ff8 |
| SHA256 | 07b9b7cf7b502937154178ee413d8895a16b4fe12985fcb5cabc2a3303ee0802 |
| SHA512 | 4d641740f6065e300ecd1e646daa3af8b6576fcd14be63c8af9b344d5efb47865fb2a1654f3b8cbf918386fffe7d4754521f31efd13e5f9a7e08af1f94528e56 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js
| MD5 | 03dae0ee6908807b8d2e4d4435bc3833 |
| SHA1 | 47033bf0611cda73f72ab03e7dde68b65a67fc47 |
| SHA256 | 9d1c07d13805f85ea851a1b41cd7969c52e749f36897692d097bb5f116f70b24 |
| SHA512 | 35d3fa913c1b30efce6d410b6a8dee4a70103ae0127d6bc8191079f6287505c3dafd00faba9aff6b68cfe3d707157476e6b2ce53095b6c30737ac26897f2aad9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons.png
| MD5 | f0a680506e94bb0394b670325f22a4d5 |
| SHA1 | f7bf6e2157aed5d84fdd3672d1459ad568576ae5 |
| SHA256 | 700fe8fa776290688e05dbd9af146fd15ad263ffd08a0f4d29f9fcae62ced253 |
| SHA512 | b62e21bde52a865cdd2e3f7afd6bf8f583737ec4817086c0da7e6e61db03c07ccd108df0609cf3c3ec467adc373cd79e1bf7487fee17ceea768378fe94f751f6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_ie8.gif
| MD5 | 8586e2828247d08a65162b72012bfe19 |
| SHA1 | 8edb1b18feed3ef809b1bb6961940b22261fb267 |
| SHA256 | b7a5436f1ee9b655897cccde528fd4d3b253c866fb7beb22e369dbd713b2dd40 |
| SHA512 | d731341d9d62d5bbd05f330ee10060118b2474f8aafa1b115ad39e92e843b685d504aa5640eb7b05fe8e857a7df6bf6915953724a64b91b68d6c139bbf66af06 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\new_icons_retina.png
| MD5 | a60ed323bb913bafd5d39a7a9f11b104 |
| SHA1 | ea004a656424db5f9479047e0f27e3bee895e123 |
| SHA256 | b99cac4ce94b467118a0d5c53a80de7248cf9d0f878e3883f5fb9118cae74d34 |
| SHA512 | eafb81957a1e94e0add7159e9e3ad62007ced00df1e32fb7a443b10c56ab07501dc7e6b833a7c31b89ad3c86eb5b4bd5a02cdf2cabf5c52777628c12c69a8dbb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\PlayStore_icon.svg
| MD5 | c05f0230a6d0a8ab6980a5c985c9790d |
| SHA1 | e317f863a185a02a3d5772310385ac45f7bfdf44 |
| SHA256 | ea7aa8e5f106a8c5f5e54758e222bce1530803957fc2d1dc94458c189f634c16 |
| SHA512 | 0eb6a9f66c9c26ccdb53832e484e9bcefd0a7c1a042c57ac798987c5dd9d8802b710c32dde6c601f085bb5514f625c03b022ec36047424a4f3819de5696edcf9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js
| MD5 | 82084babd7c3fccd2d33edb6d23d04c2 |
| SHA1 | 0652507273031c5619ac0b63aa7349853e1fb17e |
| SHA256 | 61914fc42e7345fac3a6733e15bb95f1b91e829ae9aff85800bcf7b57b93539a |
| SHA512 | a4846578e72ed3129034493c5d8eb90f8789adc1e6363468436684af5f6b6d1689df22224953a75681f225c673402503a46324c3aeed44fa5ffd3aa04080c81f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png.fantom
| MD5 | b41cb827f5604fa9a9a58d625f966617 |
| SHA1 | 2e167e8f8f30bfac3906cfaa96cdc4c7a34af75f |
| SHA256 | 0309548fa71b3c5e53d6364d6504d11f9d5cb3b86ac968af1096c1276d3479c5 |
| SHA512 | bea166a968da8aedc8f118c54504b3630474bb57cbdb8929d58617621681efc9094d4b561e434c80c6e9f3298a5831337abc4fdfe4cf19bbf70a36c710be3dae |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js
| MD5 | 075a0adfd453dc14549402974e81bc1a |
| SHA1 | a355baaccdd6b969e88aca6bff38e5a4ce5c9aa8 |
| SHA256 | 48a3e5aa7a20b409b10b843e9834491e44aed9468ee0b99d13b52cfccf588e2d |
| SHA512 | 87933b1a64404d6827791f4357f8230e3026e5f8a3d4eb6add70bc85ddf380871287e36d6bc1a5de67aebec08beb05d61204aab18e25248bc13b88f8bb3271e7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 722fd8ef2cfff18b28d4c5e19ab22a43 |
| SHA1 | 8e1c2c167c3365c1aeeac183b66769a526d540a2 |
| SHA256 | 25ab2240454ebf9dc8671fe951545564ce4af234c783fd951afcb86147e6b082 |
| SHA512 | 2f809be0cbcc810f57931ca40e58e34b933b6abbcdd18dfaa5d93a7e739e7bed33eb80760771452af665ffa7d7638783896fd71677dfd3587684c2ed9472ad46 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png
| MD5 | 73076a1bd1e48a814979dea9a95e0a4c |
| SHA1 | 12cbabb0a6f41de830b1d3e12a2b3172a81e47f8 |
| SHA256 | b8dd67166e6e976c37dc429a83e38f66652effe042bffdc6716a098b899e043c |
| SHA512 | 903f1991ce21b4a2de63c88243b85f3cc7bfd3cef99c0734ae53ba0d856e42360079da0fbfb54b668a3b138634b88b980702870e3da5c7b451702982503ed7e0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\example_icons2x.png
| MD5 | 22c751f2b98b8ad126ae510ce5461524 |
| SHA1 | 1ffc0c05ce61f8d25fa2f2a49f6244faeb6fdb17 |
| SHA256 | 5b85068ff802d7dd1a496b83a1f43dd318a70371221e32205d392368562659cb |
| SHA512 | bf9bda94d962a7aa920c4f95534de597820f2cd2433391ef69e2266fe25f1540d30a076bc92b18fb9c08fa773779f16467b0c303cfbbb5a4b0a69ac2cbc0d36e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg
| MD5 | a7c0baee6f8e0440860c690ed4c665ed |
| SHA1 | 9d8367ab9fb0a0075aca599212be29eb381ece6a |
| SHA256 | 234b44ec0fbe28c4424d0ee56982b05bdff578ffad4fe32c5f1518cb52a5bf48 |
| SHA512 | 1face4e40b013894d126b8e33b85b5ab9e4827285987567136d25885c6dae4eb6bc28a68f02dad4df7163213d9a03cb24e64cee905a0a360fdff9e18fcefd6cf |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg
| MD5 | d40269dbd6912534181c3dcf8987047f |
| SHA1 | b631a9ea97c7b2fd59ae1cf7a8ee8733bef63ecb |
| SHA256 | d857e686b0f8b99a88f377bb7342566b35538f0a3eb2558fe924865b44c1fdd2 |
| SHA512 | 9f750e7fa25bd04e85da147a3cf979bd3e4d746bb9932dcc414d62f105420a3eceb7a52898fd0a612b0ac6404d12d62a51833371c618a06b22cf083655c44763 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg
| MD5 | eadec16f7629847817fcee4fd64ffddf |
| SHA1 | 82a4487bdcfa504a8ec26e002b574330fcac7edb |
| SHA256 | b725efef6c071223b65c5b9b1eac40ec4d575d0cf38e5d2947825db4c24b5ccb |
| SHA512 | 55ff8da2f484fd18f0b9bff0d01fac810bac6e6aaa3ac91ffae578f4c5c34154002d112c84d8aa914c6a7799897762a27be56230e24648cd461aa45841ee9ba3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg
| MD5 | dc897fd39884ebe1c90464af77e1e954 |
| SHA1 | c2711299cebd23f114142283eec96d13cfc7c041 |
| SHA256 | 50f0fef780ab7b47ea8abf94b8ef488666f6d6cad57dfca6114dc49243451158 |
| SHA512 | 2cfa5f074e267f6f17609608b8035367d3cf33abb508c5e6b734fa1e74941391f37e9ef8c68f2456be3a5207e56fcf425b965a2e140da5df76781d92e78584e8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg
| MD5 | 0a91ed7082ddb5b051dfb203d736a7e0 |
| SHA1 | 4ee4f0e043df6128a13a4c48d34a381e2e750c0a |
| SHA256 | e0b0e426ef573e507ce4b889dba47386ded52b5054137e0a5a20f176e8f282d9 |
| SHA512 | d9ba36f8779325f699583531f00f74b5b48a19d2a9efee494e2f7c3b75bbe21b8e31f5d4c3d8345bebda7f6fd5eecd4b2ac8cf3178027a668de874674277a8d6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg
| MD5 | f8c51b189fe7f147c6c1439363d1ef4a |
| SHA1 | dffcb10a3b9421ee316053afbd7feb827ae900b4 |
| SHA256 | 4d986d4b3e3477de1afbb7563e7ef259a43d9090ab328ed48397cccd7b1eb079 |
| SHA512 | 1fba249fc95a22b64f01c5ffcb49471522abefe49042a55bffbab08eb0a3c52b80b16083423ff33623532bb420e0d03a189c59db95aae8e38ad1bccb2c4bc03e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg
| MD5 | bddc481d7efdd9c0d920cc2111e22ef1 |
| SHA1 | 769c38e8aa3f426dba008040f1c688d1592e85f2 |
| SHA256 | 597e1b213c49afd5afcdb8dd4ad489f22dfc180ccc21a000b26ffe79e36028d4 |
| SHA512 | 159172b0ba073a372199bf2128b5e54a64bd030d0eb2d92dee40dce19ec14627b77023bf4f6005c91147bba5d1f09ede7f82dcbadec5348fc52997d2c2bbebe2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg
| MD5 | 099b567f95bb66f8f2662efed2b6117c |
| SHA1 | aea3433e095315d658b131bfcbd41e5588cca97a |
| SHA256 | 30e93ef7684803061cb4c621ca343cfdd7293a7eaa9958b6dd50aecfce503d88 |
| SHA512 | 94d28312c9d88e01bbbfc3c5d9beb3691784ef621e9dac95906a4b4ef45e65b7fe739c4a584cd1843dc1a7021a6fe0226a2a379f8c7dd463edce9f48bac24f83 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg
| MD5 | 809629e5a96900f2494a2d64cbb9b688 |
| SHA1 | d36d8f4a4dc789fe7b5c0e609bc659a385c33ed4 |
| SHA256 | fb0ac977e4254a47803d79d96ad61c83374617a62134f2ceb46f2c23ce5e2d71 |
| SHA512 | 568cb2badf0e83e7cb4a6d2aca96443b782b97107f83f366c95f0993c6724eb56d3678f3d8d94a3660d7b2520089064d1390e514aace527121998df15bf9ff48 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg
| MD5 | 1eab68e5b011d7e0b5adfea348214c49 |
| SHA1 | d8337b6127b1c2e07e95ae4c0b83e777043cc0a3 |
| SHA256 | 40fe700f3af7607f97d52da44f0ee3cd60a0d9f2f3d65f72b1dcaf22fd7f7934 |
| SHA512 | 244e551a2d4f962cdee04acad117e36f990cbe1bf012f882b3e699f90ae36d5aa59a479915c513ae8f4813874b36af96d9266c8b8e8e168abe0d7b555b32ea78 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg
| MD5 | 2c0edd76373a79e9ff0ef8213bdb5251 |
| SHA1 | 50d47429b202a386d2e5321e2b8a1ba7d80c0622 |
| SHA256 | 0d3d9835d41c0730d77dd9dd132a4a57abc048d46b19b8777e0cf63113fa5658 |
| SHA512 | 1438249d5aab61eacebe10de4eb9057ed2d580395204422aa420cd7453a7e872d948ace7c598591c77e7df65ed365b5977e68653f70c99cf171f11b08b4da77d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg
| MD5 | a1ba2fa65f7330bb2c78b2e17fb49620 |
| SHA1 | c0a5ef92d76aaadef534fee8ab77e7a65f773df4 |
| SHA256 | 063966e14b8038146d12534288cd77b9dc859aecdccda4b6dc63f72d869b0268 |
| SHA512 | f767173047b7ee9c2f9aca6f1f2bf2cdd70e1a978999b2d16be8e8d8c209289ebf50194c3a1fd83d00375b18d69a1dd64edabb919d7f4faaa4b521b733d3a922 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg
| MD5 | 3c681095533703e084b92bcd5ff2f4c7 |
| SHA1 | 4dcda1c4a631c10a5b5d2402e863438455387f40 |
| SHA256 | d8315147f9da1fbe2df471aa052700d00a34b46816d366c38b4e9e73ab978ef2 |
| SHA512 | ac33daf0048a67db6735910171e8955c7cab0d66e5699d103bfe612b533c26318d636159a7b858391495b36a528a2cd42af98c3b1cbea0b6c179f4fee3f9acf0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg
| MD5 | 2e9ce9054529341de50263b3f9a92730 |
| SHA1 | 3401f7a8ed2ff5b723912b6bb562528082500b5c |
| SHA256 | 8dc65fb455c739c01b7e03fe239d34dbde4422cb8e42406a2e38feed5af2ab16 |
| SHA512 | e972be6b81bbb227dfd5fdbe7f77badc9e795499c627d7d3d6eac1089eff3c636daa201e1a0ed045d01d3053b03a5ae7f48529fa0886652eda45182c6dd13708 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg
| MD5 | 771a1a85264337c769902d228ad57e0e |
| SHA1 | acba2d7c3f85f3bd2f274e7f7ad95afc45bb226b |
| SHA256 | 455918162de22c473617c7d420a8d4bdd571a61bf75e604c91d3941c7e263fff |
| SHA512 | 52176071eb0cded5a7d8eb19dc288d12c63f5733a9b8fa3da9799a8a8817b505f412df6ce61c9df41d4a47eba9d2e577b5f8608a70e3a76464df49e6fce62062 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg
| MD5 | 3b883067438fb50f8f16448e8d206a36 |
| SHA1 | 9166e1b54688187dcc2b6805301fed796c200d63 |
| SHA256 | d943b24964237cb417f3adb7abef9698f37189ec9f14d74c947049c81486340d |
| SHA512 | dd9450dded32e71b160eb3b0367ccef77ba40708220507e38c09555ec9e57e242c9b46ac01eb93116e22db31169f9cd88e58b303587356a2ec5ed878dd07d2c6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\en_get.svg
| MD5 | 2389e28638a02b02a6b34506ee3ac837 |
| SHA1 | 1ce6f9e2f6c6a16366a1a58d8fbfe5e15d441c5a |
| SHA256 | 0663d4f22033af836e536202571d9f91d9cc9571a94258aa41cad870911de95e |
| SHA512 | 2aebe490cbcbb1216d4f3ae4e7838e6acd6f79ced5c3797d1561889c2b7526058ded0a096eb94931a12a90fe29745f7248383552e57309dcc65e40ae7d7ece60 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg
| MD5 | 92abf0584fa594b6a3f6a56fe3e5d75c |
| SHA1 | 5b87252b1b728104e22aaebaad84da14b426c786 |
| SHA256 | 2f5d608830389e2ec56fddad74738dc5618a062c08e07cc9c4da76d0df971448 |
| SHA512 | 68262e4ef0cece5e61a4083c920af4f339a99f9c2f23207262dacf3de303bd7550e5efc41c18a080d3de99584d25828f04fc347ad59df9d33cce3335e0e1f5d5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg
| MD5 | 6c46d838e8ecffdd2d2ac456a0300419 |
| SHA1 | c0b7e2fd3dd96c4f2dc4d0883077daa95ae41fc7 |
| SHA256 | 46ea6002a757c56cb7ca56f2b61d88fee06812cbf60973e6c3042a9336e95627 |
| SHA512 | b928941568595e400425ee1ae3544e6bb4ecb8e98853ba1187491593d38fe69f04cc94d0166367faa34dedbc70fc7512c6011fad62dc266c41c04ec81823251a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg
| MD5 | 89a78b511d291eb2d83e2bf5b53f2d2d |
| SHA1 | 6748a780f2c499cb984898f2066df1ff9b713b29 |
| SHA256 | 35fe42820fbd0eed4f79ed6aaa7ba42d79d5dba1341c67a21b02448694de715d |
| SHA512 | 677b905f23fbbe7dbf678cd162f2489a72f6a62bdd5affcd9e98a8e0cf8bde746113234c658971fd4a7621d791e9651fb110d45f13f2faa8e22e415182dc841e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg
| MD5 | eaaef5090818b60f10fb952a217ddfc4 |
| SHA1 | 726f82863f419f044a1287aa0fae995d9c2a4907 |
| SHA256 | 43250ed48384d4508c0d30d5c3dbe9acbad2cf2840ec5eea890aaa50d83126ae |
| SHA512 | 43b654a50846cadfe09893c961dfb8bcdbff9e1ea85b4ba9251ccbb747ff1793b87b018b5599bd5c1e1fc50fb6fd8c5b238522cb7c63e36d933b803056b88aa8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\nl_get.svg
| MD5 | aef85d02e7bea2acbe97284166962970 |
| SHA1 | 4bda4132cf4ba6c7d7fd0eb9c6edfcb5ee20d929 |
| SHA256 | d006ea1ab30b5ff7a0b4f4ba696648f58e26e9c2bb5d19a355f0d5bdc24fea9e |
| SHA512 | f07b4892e54f314bd22d53b38c70c95fa202f2ce1bece5cf8e3a330b898bba1b34f0e26d543efbce594a9acf13c87238aaf678c28d9851113332de06d635d474 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg
| MD5 | ef390080ec25433d2ede9ba1b8881446 |
| SHA1 | 1206cfe3588e66a4780502a7fb0a0d607a58842e |
| SHA256 | 5e0e0e671e017889f3c2361edb7f5e5872b91990bb029b9a86791ecde87a3bbe |
| SHA512 | 4ad2f93cf22820c9a78827e8d6daf2398e57023ecd36caf3870298bba9c493eae4fd703417fa9e4842578e4498b90a4827774d49a9a42d5ef5a8b42ecf8d592c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg
| MD5 | 1edfe576d6f93dd2a2cc4cc762475d03 |
| SHA1 | fd3931f39740c842add312b649b5a9b30350849a |
| SHA256 | b24e3f8675f658a8056ca11ce9229ab035540792ace332897dc33bea4c4965f6 |
| SHA512 | 707bb8513670a00e19600d1a4a12367ce05d8bd638946f7756cbdf2a9d3eda48a3ceaed31836aa33b3df562d1711fcdf08ed702756041d5c998d72ea6e7f6ac0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js
| MD5 | 684cc0ddd60097c651f754bb271091f2 |
| SHA1 | 2eb18c585d02097888d52f7c35dffb29b14af334 |
| SHA256 | cd53537788e997d96dc68f0ce3683964c80060f5364f13c1f09044afe05104c2 |
| SHA512 | a1108d3d639eae9ecff5f643a5c0c4740a13ed46d2b391f469853c3313a7519ebafed932e5661a5585b8a4e0b29f46015f26be2442e9ca06d61dfcc89f615f81 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg
| MD5 | ae1da3325a27dd1fe4830d867d52f1b7 |
| SHA1 | c24e04d30fafdb37280fa94dc5129a1d8cb97334 |
| SHA256 | e830deadcf3e2bc8e43b051ed1f8c32edcc636792e0dc4204a17e68f8e4d0014 |
| SHA512 | 6292b3df1889e360967200a892902ce5b63902103c23ac35992b3424c3867942e5e5d9c6127fc87ec8439300419116231267ede1e2b5d627449e52003f7546fc |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css
| MD5 | ee6ca4a36731f31107567de8d20d17ab |
| SHA1 | 3e5fe2563ec533ba3b719b059cd770cbbda9818f |
| SHA256 | c02b0b09e3ebfb2a9bdbed5aeb7998d158ec57061f93c75a84da957d785f3c69 |
| SHA512 | 40b0abd8197bd73053025bd1ecee9d4cad5d642b1e190bd042acdbf975c8f164a77ffa06b8be8cb3bc299665a9944ea23956545f5306fc67f909d0013bae46eb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css
| MD5 | e16d4152894b4dcc13038acd582380c7 |
| SHA1 | b45d78ad819f0d0b547f607fdc1a753572442978 |
| SHA256 | 4009cce09491f83078f1ce628ca67fbc2109500ed774bab78c067d552fa3e1d8 |
| SHA512 | dedd7942bcf4ceb2b5544e449bd00ba87bd382d35fb3301065797443157637cd01d4546550a90faf03a3ed15360e420c2d6053f1cf5341c478b05412229cea15 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js
| MD5 | f5cca374b8826ae37234bea000c99bff |
| SHA1 | 19c63b1c620ac206341cdf76060aa2f300bdc549 |
| SHA256 | d85337c5548f77c17a2a5954b0913d256b8c460b8a15eab94ad39559b2d9ea24 |
| SHA512 | 9b25d68477279da2d3b533347fca2e65a9346d8cae7f4d1679af6f66b13f1185e759b491a80f74c597af8473fc6dc48604e8c8f76bbb49e2cd66268349357ac5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\ui-strings.js
| MD5 | cddd7bc7187850557824000aa374df07 |
| SHA1 | 156fbf22dd65d4713d335e434733f3fe8a2824de |
| SHA256 | 935f7b68478406bec815c2cf048519d2ed9ea1732974a497a291ea59a7392575 |
| SHA512 | 89a52cc01520532f9a81e735b9ec02fe1053e61bd56456be015e5718438423a099b32a67b262c7a09236805485b31e96921191ea7595c9678738a243e532aafe |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css
| MD5 | b453df82560937eef254b243ef865b69 |
| SHA1 | 28d431077c9f366599f00255b5bb3c7e653e0818 |
| SHA256 | 3bbdd17297c483c8cb0270c62a57c861c1cb12081270732f70b97ae9698612ee |
| SHA512 | f20ba12024a8131932fdbfb5a595fb65e8e605233c930d2679f92d42e2b18091688329057dc6c079f00b80363fd16b82e9987e5b3192a6a6e51df18ba28e25f9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif
| MD5 | 58cdc0e2dd6cfdad6cad4e2a8a698a80 |
| SHA1 | c176cb41f2ec68460b7850ef08594fca7fc3bb48 |
| SHA256 | 42d57650b684b27b8f9db5e78e32be341e08eb0d281cb309e9ebe413292773a3 |
| SHA512 | 1dcf2f2f48d6f8c5157f6966aacc084beb3b27a4fb05ea342d91bb7e54accdaea483839a19e3addcf1baaa7ab67794958df7ea5a46ebb9a14bb0347e7f9e7d7a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css
| MD5 | a33902ac15aef81875a22347b664a3eb |
| SHA1 | 76a16c69b4002b9cf15f8a43a9daabbb06b90783 |
| SHA256 | f24118c089f63c0adcb97ca94d402c9e53d0b4857633e6d897e671bceca1eb4c |
| SHA512 | ba476916172a7a694a07e0cf550546a8d64a9fa4c70f004180540f491fd6999224a8e251585cc00bb4e72a65e727523858f67404ec048c23091e2ee82f5df128 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | 345a0c0c9b44247b709062ea869d2070 |
| SHA1 | 405db375e50f1686895a071da384a612be3e38b0 |
| SHA256 | 678fa3dc59a06f5db36fce120aa22d4e0891057abfa26abe331b1b79e51aa403 |
| SHA512 | d3c668af2d1c79871bbfd51dbc7f20974c4fbdf2c1f17fa4269c8b0c9feb9f0812d7c7991e4fdb3277fe2857ea21fbc6701595f1e3ec0f579de09f2566da2a89 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
| MD5 | bf8649f30752edcfe9f24bc594865a36 |
| SHA1 | 2bb6744fa99e4bd2dbafa4a6454503cc8518101c |
| SHA256 | e775614ee63b0ea69f69bd8e7215ad17e2ae97eef7f65e0d3964767ec2e1275c |
| SHA512 | 3fe02c78f9a6e8a20eff0573b3ced93b4731d104bf33f195a2e3fa2f8f4347bbc0f8741d5d2daa874d2f1c72c5f2c968dbefe6dfc333594bd3278273715bae2b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
| MD5 | 65b5d565db58ac2609b7f4b80d0a5aa7 |
| SHA1 | bc377c1ef05a996334b39cbcbb5a1a5391e7b7bd |
| SHA256 | a1b7122ba1b2b3a914faed591deac8b75bfe4053788b8c3b3cda702235f55cdb |
| SHA512 | 6658a636e2709d57dfa20e93f209dfc3c1f5a7012b2dc55173621180013c24b62a3dbcf1b673206732758559b3debc43583d626bf1981922c8384c7cd892f088 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
| MD5 | 8675b5119cd8fb8b2697cc84be9cf28f |
| SHA1 | 7263c86d323ce0d30bbd3a6edb0e343d57a94345 |
| SHA256 | df175e74c7f9e475a7f486940609ac28370c960b5dff78737808b2dcc9ea429a |
| SHA512 | f813c45b1ea5f9f42a61df28626eb850704f98c22c999b17611a411f885e1807de34147f652cc56b9e14b25eacbf767858ec0a40f16aa3906ca1eba73a30cda5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
| MD5 | 99e35672b50d99c050fa6cafbb944723 |
| SHA1 | 340218fbf261b1e341525f0797cc35525ab54692 |
| SHA256 | 2c32bdcb5cd0cd9d0ad6382f5bb8a7e9871d7347a6fadad18b6e132fee1d3e8a |
| SHA512 | 567a685f460d0062115927f09cd414f5fe7224f8dc414014e16a2516566b8e8820f973688dcad254e0cd281862d6eb101fa38520e9ec83b30766dc49374a270d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_listview_18.svg
| MD5 | e099acf8ff5723d9f711a70a83f76420 |
| SHA1 | 8f1d02a96e8d55201b8d404c2f1ca86c890dfe8e |
| SHA256 | 90b26bd3e92850e51956fee5af3b279b493f1a757496a09d99a80cb1cd8466f2 |
| SHA512 | 72fbb4e47f9fdc577739ef6962ee74e6b8236277c125145eb4e1b0ae989799f6a376a7bbbac114a2e4b5a43f211ff7c3f21cf9fdeaec203fab4a274416285c79 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_listview_18.svg
| MD5 | f4c6ef10edaca38853282aa2f24f3d85 |
| SHA1 | 5b49e1172e56f2ab21338372072cc7573b3a0896 |
| SHA256 | eacbdc58dab7d6e8d938ed692e9d1b2ab6f43fd5185346131a6c456ff6c4a01c |
| SHA512 | 7ff3d0d5e462d9e6a1815b840091ac1c1d92bb271252dcfa18944324bcda60f3585df2858b941a6472dea27597969786c8333167839e6078fc29e6f9f2926e36 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png
| MD5 | 2d817026c47466eaa0d045b8064801cc |
| SHA1 | 5115e666b682009900d34003b96aa97eaf6b1726 |
| SHA256 | 9599a18ca51e8799031a6bb8352f7eb4e3ef9ea810cacfd6decb8d1743a09358 |
| SHA512 | 93b06d6fbe3e1455da84910046709c20d32f9d8e0b860211262c4962ce813ee8c202c1a94a2f4bcfd03b3bb5d2f860df1c23a0c10573d91f2a1bde0c18a45573 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
| MD5 | c648b0b8034166dfdd8ddea83782f0fc |
| SHA1 | 4e66adb009e344811ce1af64757f867cfc342104 |
| SHA256 | 31ae0a44ccdb5002a1060879e3b0f09f99f81400255c409682eee83da2a9c16c |
| SHA512 | 0c50ae81baf2493a36103f5f1feabe0ededfa8e41b97f61da0a7f52993e628ee2499f380c76cb08dc86fa611646aa05d52b6fc92b7a8093cfc79a7b2912cf692 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
| MD5 | ed770525934eb3574ef3ee03898ea685 |
| SHA1 | 40bb4a3157f132e9f9ce7ff00687a32d64373fe2 |
| SHA256 | 236dd52d3610e09f8ef793baa073356a0795f6b8277d536dee55255e09aa5aae |
| SHA512 | cceab563fda0374110040846c20e7a19652cc5ba5f5d39b02257c9952b25d1c0e1eca0a6fc80e691de4a12f9470bb5af706be3f9924bf96bcb74060356932bbb |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 1ba03da9650dec109bae8dd7188cf9db |
| SHA1 | 81831207e7a3c9707f16d7f978531277edd30289 |
| SHA256 | 92c2f674718b0b2ad477e05da696c8fabfaa94771dba7a13ef05307d1b6ccebe |
| SHA512 | 41bd4c3c775accdf69c50adaf685ebb664f11b96a277c8e43df2d3dc0f2554a77bc82b7d7fbce32330e25704953554796cf82dda85104db1935c2b69538ed0aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png
| MD5 | 8d416c13969882766f7978c9f829c8e0 |
| SHA1 | 71533719ad10762e2927002c483b1ff6b04ddb42 |
| SHA256 | 9bc9023890a040ed44707a5f10e0f2d7534f5e1baaa3437921517c52568df3ed |
| SHA512 | cd4c11ffbcebcd3027fb2a1f7341c18bfdb3a22e700eaa121761cefc3c8de6888f4ffcc41685d863dc6d94ec0e33a150b3b5ac1f06bc7794e9530393cfc63ee8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png
| MD5 | 26ea7c83509bf937f5dfdcd3593ac2c8 |
| SHA1 | 70c419854704135a1b3c4490b891029a8d86f687 |
| SHA256 | 40d0bf763d68b34cec27f08ed65b3c43b8d923d19fb16dcfbdf58d7572d31ffb |
| SHA512 | eab062785a2e48b9a01ca7f0f4dafb912fe516fa5c14468dc475094cacee9c8744c480176ef0337a07ddae9613dd0173e9568d2671d38f4707c572f5312b5ca3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png
| MD5 | 4d892fbdb6d84e0fc6d761fbd3c7771f |
| SHA1 | 6106bdb0ba19b824914f21eaaf33f9cb8ff0750d |
| SHA256 | e4b33029326b064a13ff699705f2e1fe022d242e8276b0460c7a7cd753fb51a0 |
| SHA512 | 8f1f56384bd7d3c02ddee9ba49475bf59785fe99c3a7e351b76ec822747241722969669af4863efa558ff5cbdeb95a6eebed29604a0532554f2f7ecccda20fd7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png
| MD5 | 5c11412eada3f1a6b7bea68632ad648d |
| SHA1 | 6e16002432c10688b5b7d3f255a441148f015abf |
| SHA256 | 48384d4533dd4dda30cd3b40e9982b86aff52bdb95f9f076b52c7cadea26f78f |
| SHA512 | 58262839153c286f664b28a490261a7982a9d4940affdf154f6b9373ca169eb66a54148641ed6874a4c8399565ad6e6ceb876051f37a1b0761fbf13ee361b7f4 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_opencarat_18.svg
| MD5 | a5cc9bdc109f412c4423916078ba3d04 |
| SHA1 | dad5d3f6656cd33a5ce04e85205037027f54834e |
| SHA256 | edda4a72c6f3bf15a1582ab3cfb95256335d26c0164cea90592821772ba8767e |
| SHA512 | fd25dc555c57e0baa7637dc17bef92f824ab47ed430f9898765bebefd08ce28a7694514e80cf9d15419a7dc67f8941ed5704b23f9fb5342660f54fcc83efe99f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg
| MD5 | 1af44225018d2cb6327590efd4629bdb |
| SHA1 | 2485a8bfca42fd8002ad61f6560fd6a6b881d8f2 |
| SHA256 | 7505d72650366b8fde6bcc0654878eaf5e256861bb9a124be9b89204bc4a6c8d |
| SHA512 | f8f6ca2a0128e439561b7cf9ebdb788ac00af03a1b2146dc4a2a94012ee9e72f823e64556838e9296e9c7200e4c96a95882281f8e8ba280850811d182348f5e8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg
| MD5 | 513b0b7f13a932aa44367c4e5ef49044 |
| SHA1 | b593b944c2f1ad593ef695d5855dbcb37b3d3176 |
| SHA256 | 29db58f82dc2e6b0036b9df821d15042e0ab0e0040fd9df404384af3d390754c |
| SHA512 | 0294e5fab728cebfb3fde09b2c3e0f4a767978748885ae54824c5392f62fb44aad466b22cc9a5eaee74350e3f194a926ed94361cf778aad4036707909b2b7a80 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg
| MD5 | 6b905b799ebab6e32e146fe4fc898aa7 |
| SHA1 | 2b462b4eae41aeb899eddccee38f11c9ffa0a6b9 |
| SHA256 | ff4476ab666b73164bb99c56e1bb31eb05376d3b6cd4ebeea0b855f54f5feb34 |
| SHA512 | ad94c9a675d4fadb78a556ea3966799d62bc932cbd7a27343a24ba297262275db4dfa0ed86ea3212cecd51eea2fce16de5024a9ac352ef8d30082e013fd146b6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg
| MD5 | b046042549c8eb04fd99f0a9b25fcd5e |
| SHA1 | 9b6c0f8e6b6a08582b5067297a5dd0804e334820 |
| SHA256 | 6cce490124c06597c7cdadee6caec7395e3d933dc10214f497df68d7695ea554 |
| SHA512 | 725911942db6d080dc43a27d9acbb616e9d82810bab948b450a673ecf3dc88e70602f260d54bb74914e0d21c1dae340fb7a4055ba2667132d6f80f9db3dba9b5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js
| MD5 | 65d478bc6f3b488c83df6ec01a376dc7 |
| SHA1 | 57bee6f579aa130f84d9551369e85a7f5ec4273e |
| SHA256 | 3cff2bf22933637d54a2f02d7e808347764c2478682a3b53a80f611208ea2652 |
| SHA512 | f584981c7fb77c651cae6069037b911776f2002775e635178ff2195752ab919f726f091b89a13f0fc45f57ba1ca4478a8eedce7dcb625fd5d10ccc036fa30140 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_listview_18.svg
| MD5 | a37d0bebbdb48d47ec8506301cf5af68 |
| SHA1 | 056e0152c125a921893df9d9660fc92f1f33c05f |
| SHA256 | 0c5248af6cca2c3ee716da6f351420e3cc016d947d249078ce6141fc9da11eaa |
| SHA512 | a9cd58f5184e77244e7a4bf5ac36963d6a19d8ab44a3c9ac199ad202f0d35b24ae14c65a4270d0f0e66ebd137f2523f28896e111eb7e445b1b17651f6335993f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png
| MD5 | d15f9788b1626b1cbf0b4360b288ab26 |
| SHA1 | 5e3f650cfa1ce3e3157c7ad584a975a96e1cfdc0 |
| SHA256 | d1c1e2e93dd5709181365ceb1f8791359b604b3c193ddc1b32fa02e9ce49130b |
| SHA512 | aa8fcd8c88c0630163ee4c01495c9d89d51cf97395719de332b4a4fa748dbc71eea398e7f92c486383442513fb63e91e1a279b925e9fdd4921af259b6d93033d |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ui-strings.js
| MD5 | b3afb07d5ef0236d956ab58cd123ad22 |
| SHA1 | 5c7a75f99e4662640babf673d311d21e7b6347bc |
| SHA256 | 07de8da3bfa85e065fa8b6ece8546406879c27990f25f779b82f083b8a875a51 |
| SHA512 | d6da9ddd2283abe080eeae604fad64e12b4f177b8d76e290c7cf3123c6884d87226274793881ff34bda3491ea6550e1f751b4bd4a5a0ee8850d213ca6ec5a207 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css
| MD5 | 617123ce655efc135457dc1f949522b4 |
| SHA1 | 3f6edb9c13458129b0be2b313500985033e6b3dc |
| SHA256 | 3fd1c950a44c0f4841fc7fbab79c94fba2ee373350275a91b9cf0fb7e3aa6bcf |
| SHA512 | 72ba434206bea2d5c784aafc8df4817aefabf00fdaec791be14dd334aa664c199d2cd7295a0e689a4875f706287597698486f9ee92636a95a2bcabe98d46e374 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\ui-strings.js
| MD5 | 5cc2a6e72705332c5958f24c16408ec2 |
| SHA1 | 088f957cd3c1a63e82fa5bf634776d4ee68d8f2c |
| SHA256 | cdc171e68c2f9a0659815d3b77ef00d93ed99df7191ab9851a0b523c64e57617 |
| SHA512 | 6088bb60d3dd0dafc1860523b44348634a05fee4103e8b12f936a713f27a3074c186834a07f2fd3d3329477b57002c9c88c2c5b20f3213ad5588d545ccbab67e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
| MD5 | b1fd96326939a54ff360b30a70111e15 |
| SHA1 | 574c1d9a5cbb03277dcb05dc9b138912b7499e84 |
| SHA256 | 3e0a7e83994485df33fc803fcb2e164e7b6ce525b925e4e0cb9100483f566d99 |
| SHA512 | 97dcf8e91d8392ff8b2846e2f80d0c2fe5924ef60c003348c09aa5a7c31649380c306f059c55f0f7341e8cf3c704531fa8021afa6b4b39f08986e1741a21ee7b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
| MD5 | 016219b05a2e4c605bca6a94b1e9facc |
| SHA1 | 91dfeb8e595ba3dd47d6cc81ac0aa287f18a0c45 |
| SHA256 | 59fb1ad503d7759305c8ad58efa6630f23d1963a3290bb48bcf87fc808fe207b |
| SHA512 | fffeaab32bb39034983588680534802c641732b067543db0483774cdc059333c5f77eadc3261a7c4bccf9a2d0541d748f535ed7a42576824d109352a5b8da992 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
| MD5 | 3de2cc2f8531f98e80ff900d5ed36539 |
| SHA1 | 2e864bca63531e5e051adc270f7f463ecbd44a78 |
| SHA256 | 4b0a644b4d69ef877593eae118a0d49b242c3f9158d3a2703b8395f905bab86b |
| SHA512 | 8c45c1d556b40af9e860e4f47de48f2c63b94fb4325e1e9348fac194cd01b91ca06b12220d81a4c3555401d990fc977a4c46c3cb437f4ad6cf88b0c286771dec |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview2x.png
| MD5 | 8cbb3bd1f635d40011b9297d7147e207 |
| SHA1 | 2792cb61294d05c913961b657fca01ad86377800 |
| SHA256 | 2b64c03b86c559e97da187e53394606575597a4ccfb93e1bc87354c9e790cd80 |
| SHA512 | 664bd59fef2aff487fc44fd5b6f05a5616d5123cb2ade4c6a1f8b883f484c459761060c77eb0744e751399c89f2cb59b6894cfe2aaa6910122d93c89c4c7d094 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png
| MD5 | 978257aef2e45ac3df5f55cb1260780f |
| SHA1 | 44ba8fbf2bb0f835e52e55e8b5203105e20b3c8a |
| SHA256 | 41a9cfe34e57928b9d64c759fd507706da2c956e7f9bb2c8bf55d3701314e168 |
| SHA512 | e89a4164fdf57bd03014642dad0e6af1b62b63be34571afde20c0384ab7b40f2ccbcd47e1f95f2cce94f1e070ba091c043c472fe203fbb2c877b91079be0a122 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png
| MD5 | a9d34642ebec95a51403f3348d9e897f |
| SHA1 | 478f0b5d86b282f44d6af377e65d99d52a656e9e |
| SHA256 | eec569b2f6cc2e93e152ed7de775a1c8b9eab62b2b0019829132238d75ddcc6f |
| SHA512 | b0024f55da0d2fcb80d0c6eb2b8a1e8f5aa186a0410556fa1de5b5d68927ac972e03f03de1ba9cff3a956c1185b2a6d2e4af69704b41fac0c75a7d21e50989b9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
| MD5 | d220a40b494edd8b4c50b73173412589 |
| SHA1 | 6133873f2e87c2291dc3e79e8341f581663d6def |
| SHA256 | 71cfd1d359205ec7f0a90e74de4315daf8700fa9d427096717a06b4e5621beaf |
| SHA512 | ea796792358938063aa88e54d565c2f042a3dcef6c4f5d675d62b38428b94dc51115075442c1956874556bd144db21dcf7f1044eea51a8295f14412f7ccee95e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js
| MD5 | 0509463594542b24225cdc3d397f9756 |
| SHA1 | 65c40eed58a99269c7800abc2b9c4877820e6573 |
| SHA256 | e42e6967861f2c61fa9133192551e8e57f46d88531fdae149d3160b5d499d057 |
| SHA512 | b2e1d15a4d759504369ec22d42f24860656801b49c5fe76fff4accd26a5db14de025dbd9535aba4378d4c9fc854cf6bd012e8d273cdaac65a8806b8925676e2c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
| MD5 | 17a52f27c3921b51ac0eea49556dba99 |
| SHA1 | 54f7f10945637cfbf003e5ca85dac1b6fa1bbc6a |
| SHA256 | d64030913578d9720d552c5ce9f9edaa8e70a5049fcef5024ce4da561a80664a |
| SHA512 | 49c6cf8f4cd5056f4cc5e3f33d14c2e25b7ad37a296cd4122f7db9b33cf7953b8d2a04722c5ff3e5233788935e8faabe75cc29f5336b06931aae46a7fd4027d3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js
| MD5 | aef83d9f6d271f14dbbbd19ffa5a4487 |
| SHA1 | 0414885a66d7aeaa80b3f2cfd645b6b52e2fa1c8 |
| SHA256 | aa4a9720c891d82d1547004dac4e8eb737a0537b5646378c3737cae2ab25bbc0 |
| SHA512 | 39a7b3199e3c61ec427cba6bf6d33408837d6a51f0140703ddbd28916da32c1e2834a7db8c39a92b21e7fa3552591e104a3f339860f03bf5fb21469a1d0696ea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js
| MD5 | 8c7e6c4f7588e1612e78ace43bd38e63 |
| SHA1 | bb2d517215d54653881784a53e0e59b83635abf8 |
| SHA256 | 9fabe7c50f3fa335e7cf0065d6fcdec84c801cc86a69ae2dac4d713d08aec10d |
| SHA512 | 1b7a194c336ae51241ddb51a3611b2d657fdcca34923c18ef2747f621a07674b4a03702fd2bce6c119ed384054a74b86c35c2b192ae0808922ae544358582ca2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js
| MD5 | 800bc8d919d6b227ffc39d10ed7555fd |
| SHA1 | 9b517ccfb361af45c75104822b9a1fdf3b986f2a |
| SHA256 | be77e3313b353a44c28153a2039235e93ec6cf9668419e492f44e9c7c156e54e |
| SHA512 | c6b3c8de9ae80c534937262d8400fa0cdecb818ba929c3f328375bc357442dca4a340b98bf00c0e76a6b85782796f738bf9be095887af230ddbf4c89c392b6ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js
| MD5 | cb06948d8b969d3da40fbb3890d7745e |
| SHA1 | 6b604877e268e090c656a648463c1f5ced640288 |
| SHA256 | b44b7b4d46a2bc7afadac20504776b21ae88619337068c90350693af8d09a733 |
| SHA512 | 3bad677828fa54e26f38c609ecd168351f9dd48737bc0cff5cd9033f9a6d7c5ee0a2a761ca569b5fafac8052a30e0724b14341013e3359981e712940663f8515 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js
| MD5 | 79123ff5147084b8f64bc3d0209c9775 |
| SHA1 | 28dec79c390a439405ba20aa6cc9b03f5295200a |
| SHA256 | f5b7c405a1f925c6a0f910629eaabf133c6b427fa752ce565189e1e669737771 |
| SHA512 | 3ba5f64c35de16a43b7b05154c7e75204f1918154bc6be4f7ddfc71b17d3d6c5120b1f21149caa9b20b91586e44225a76cc3e59accf46fe9a2c3adaba579d982 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
| MD5 | b7e5eb94d2dd47391882af7a145d1123 |
| SHA1 | 404800db54a2874a5013c70dcbebf030842dea53 |
| SHA256 | 03b3adf84b3ba5d52f41f5a52b7ca2b56032132c697a01d55888a87a3eae3b68 |
| SHA512 | 371b43900b0032acf56e763fcf723614aa79d6b24cf7783cc9e27d198a34c43e37df8ec661196c1b14f4fd50e28f7f624533094aedc0a9f4fb753c55a6d3e613 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log.fantom
| MD5 | 7df18a854ac38f0935973de8ee885081 |
| SHA1 | c6731f41c5d7530ec2274f1cee0f00b02dbe2c4c |
| SHA256 | a1cf9ed607e9dc96d6df7791b782ba6679bcce3377ab3f6e4be8e1bb71214453 |
| SHA512 | ff8d2606d9b507926485ccc236d02d679279dee3ff61cb9bcc1a4f0761a5f825fab1f4e4e604d41d3da9fe5cb8425ba3fd46372d172eeff976b16165c44c4267 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\edbtmp.log
| MD5 | bf86dd85c6c529d9cdd562f01b08a1c4 |
| SHA1 | d06dce8520da8d37a52fcad9d669b414f27f6d9b |
| SHA256 | d21c9077bd64ab357c7eb790dc886a4862c8f9ffe65e03ca798d1cf6e3caaf92 |
| SHA512 | bff48b801dd7de78c19a86cdf0c5a6c11fc390e97f06b0777aa67af17e5e4b9f2054625e915dc52eef4b7f08fbb287ceb2ecd6a6b913d5a738fc7b9eb7b3b8b5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Indexed DB\edbtmp.log
| MD5 | 86aa74087e39f1bbd6fa759fec7aaaaa |
| SHA1 | f2960d08cf91cd9e7ebc42737291f2f1389982dc |
| SHA256 | 847cc1307d7aef0294142d7cf1b32107355d45eadaea834f9f1b433af7caecdf |
| SHA512 | 8a0b12c1ac05e40bc79223ef1660083b9f6eaa49af2a0da91b91a6d0e05e14d3ebc3c55f5ce8f0a2dd77f087d71b153f62cd0bdfb22bdd690b041fe0d6ffa743 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 714b7b88039999ab427f0dc412b1e2ec |
| SHA1 | 2e958bc5ac54df6c7e29de6ea2463efec802e353 |
| SHA256 | 400383d0971dc41bf4540534670aba0f059ddd2247a8fcbb7c41d88fa87256d2 |
| SHA512 | fa8c44964de2e13f04eddaa0a6bda3c7c1964eed130fccfb434fa6c08c6daade525e109c93b2a0d20e9ce280f4fddc6bc43a152d4b7dd23bfb43b5f1e8e6a752 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\5J3FJHMV\caycqmbw77xIY72s_1-8HBbgUjQ.br[1].js
| MD5 | 0504f7a42c59f9a4179c240c749dda9c |
| SHA1 | 367c5b8318455064f744c53958fd10a22a618366 |
| SHA256 | 4ccb715db00f099888b752d15324bf827bfa0d947f7cd08a5518dd4e526bd760 |
| SHA512 | 5aaf7631c7978e49d8c550d65a2b80aaa20314623e31fff30269d9fde3ab04eba27ae86f81e3935576fbd0b8b296ab6cf194728c2b05758a519977ff728ea25c |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\D6ROIXV7\Cj4mQnDN_eMyYEqsEbjRrJ2Ttec.br[1].js
| MD5 | 7af5454f276f6b0c96e32cf313650d81 |
| SHA1 | 7101ff5a43340122ab5188e14964751beba59c08 |
| SHA256 | 2607e11d53b296ed695b63e6a5ab5dd7feec950c81533f59562ed8d0454089be |
| SHA512 | 627ad33d546fe596606c25c9bde9fdbdb6ed3544339a96f7090f5f66b49a3296ce896116a0c3edb18a152413bf4747ab424d09f6d663c34b0abce398b2bed7be |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\INetCache\D6ROIXV7\yBf3WFw_tKw_5XsgGIvAJltrszs.gz[1].js
| MD5 | bd1a63184207847314123ff9208373cc |
| SHA1 | ccc6f0d8050d2fc63ecefa6ce1c0822f383ef13c |
| SHA256 | 1865acf61deace6fa1c57995e78c86436ed1978176b9c3a9b7d065ea1296ebac |
| SHA512 | 8c057c53604815e161917a833b758e7ee7cddaeb0cc6be44728e14dde3cf4f9f048afe8675dec606ae6bb947aab56c79fbae70d842e9636e61244fb9c2a16224 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69152668-9d7a-4c10-b8cf-cd8147bce7c3}\0.2.filtertrie.intermediate.txt
| MD5 | 4644881b604ee4a8cce4af87046a2bd6 |
| SHA1 | 8870390eaa28044c79c34d3afbec84b553c73cfd |
| SHA256 | fead5da3572e253bf068217e9f5e6274a0e5cf6b3f27fe58ecca6ed6ac229a93 |
| SHA512 | 53c1891df28047e3bc8a659693dc8c95fab62beef63518923f8acd9a9c13dea20214b0e7375911f8f839e6cb0a593299ebd85a5a8840e592e92211d9f8302633 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{69152668-9d7a-4c10-b8cf-cd8147bce7c3}\0.1.filtertrie.intermediate.txt.fantom
| MD5 | 0bafacbb150bdf7b8a7bc81160255a06 |
| SHA1 | 13e0c42549b4fbcf72ac6a75c66ac26cc5085296 |
| SHA256 | ddb4152a3924cbcd9b978a6581ea2c72b3d6035b77733add5d0ad05ef25b25ce |
| SHA512 | 0b471a278eddd8413f04fa2d3b40dd308eede8c3f4f50d6345bae47ab5791046d3f37c91ab9ac272d7244a1b594298943fc2a45dfe957bf90635297da932620a |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\000003.log
| MD5 | d05bcb620cdbe21019f24bfb80b9682d |
| SHA1 | 117f70bc52eef7e87bd2c2d83ea70573c00ff085 |
| SHA256 | 0477ce912075eb65125917ff5fc97f177297e05c475c02c4fb14f2723d522284 |
| SHA512 | 0eff862d73d1ea54a745bcb01e96cc39909b3f38269cc43b2c5c915a6384f44f0bc2f834a0dff61df86c0390578ba815ba152386aefbdf477441ba3417f3b307 |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
| MD5 | 0c43619685a04fa256ead80ed1ea210e |
| SHA1 | 8c23bfd07d5b8e943eb9cc42e99765f095a8215e |
| SHA256 | c31490879858051ae642af1312dd107ecfb0ad5bb88c10dc434b0fc64705908a |
| SHA512 | 9f6fe21448693a50ac8505496d6326c45191adf467a056fb1cfccb14cdc6e65f6706adde43a7c723ed7b959960966a11d97297bd207e6b1b914d4ccf714d8d1f |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
| MD5 | 5afd781bda69766067138ea0d58c1188 |
| SHA1 | 04d40d522dacb7a7f33d0e58df4611c41579746b |
| SHA256 | 80867ad3224b9c492f47f3b59db9589e571b84a735cb8ece893bc3c16f63d867 |
| SHA512 | 249749255ffd7358c8d6fd228a1bb8ad9a267f3464f736c228ea8b1393e7a1b08dfa69439daa2ac17a18375b88dc113cbc2d6c7a97305cc3597daa534394550e |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
| MD5 | 036050386801e0583f98b697fceda3de |
| SHA1 | 1981adbb2d5c8c2f3593b4e9f16db3d278b7763a |
| SHA256 | ab0a9f095663302296994ba364aa21d6720a133cdaf3e72e4dacf5920fdb3cc9 |
| SHA512 | a542cd224125a8669e8fe6cdf2fdef9879afb3503771a435a3d1507317e55aa3d2673f287bbb4ddc8e4bc6b410fbe413873e110d13f9b2dcb1847ae78157e18f |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg
| MD5 | 7bd882baeb3617e78bfe630e8d509034 |
| SHA1 | ac91f3c5a8b7d5d200b82ab40d2fe7911b3c69bd |
| SHA256 | 5918e1b07fbfb1ea38905e071134085499b76efc1745b33e1fec75de6707dc42 |
| SHA512 | d6d979635a16f010c794378760b900c80c95ee5e5d9d99d3ec5028cd4648742a22c9bb54b3d253609b4a708b3bb35481741a24d3002caa326e197f53f20f58af |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif
| MD5 | cd08643d9f95f207d23baf2b24908000 |
| SHA1 | ebea0ee794726e0bbcb9f03cf3898b9e6c9acd30 |
| SHA256 | 4484d991b34f9bcd49d3e2e13c25a01677bdff1d7ac0c2af409bede3180f99ec |
| SHA512 | db16eca896c9e72027db13a4b7d33aeea0ef865f2871e3beecbb4513dfc4da7905d8b169144902def6d67b134f01ebc71fe4cdb82d762ab21462443bee708c7c |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
| MD5 | ed15b15dc47f5cae17d1674458a3602d |
| SHA1 | b457036effd17821584a7c74158b98f8b7754c8c |
| SHA256 | 8379b08d15b0fd3d3feb2cabb46a8652bd7cf4a7cea9434de21c6713bcf4915a |
| SHA512 | 8168699bade999b65e870de2519c122350b9a04c363337df8e8ccc934b6995934496f189eed1f1616fe275ad5b0ac752c991ae04efa110c7c409662d061f9577 |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
| MD5 | 7b75d06363ff633f0a157519ad9f645b |
| SHA1 | 5ac76026c1cc4e4805828620556e2a639eea63ce |
| SHA256 | 380756e0208536b6844f01978b8dce5a77cc3e2c15d6154e17c5f4d2151cabb2 |
| SHA512 | 681eee37061aabd3ca05f67e4b53672489431704fa183cb280f0f072bf904297c6b1a22eba5cc056148d60a0bbb3af86fca0ffced3613a38de42a0d7590f0081 |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardCreateRoles.ascx
| MD5 | 027e778ff188d0b16a8fb84c9ed6dca7 |
| SHA1 | 021eaaf00b2861628dce38b9aa2ca45ac4a6a913 |
| SHA256 | 1bb0eb573a2a1c6a4a31af6526401a93351cb95c82856606fa67b02e382b9829 |
| SHA512 | e98af17fd6b7ef331f972f9da258881d99ac07ebd7673ad6c128f388b4c0e2115b8a5bed1fcd53f3332950b886d0b844025a4b456dd2ad20a6de164cd547661c |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql
| MD5 | d9900bba1eb76ccbeb242d636cc8ccdc |
| SHA1 | e7313b6a8d69df837cf85661b142429ab06f98d5 |
| SHA256 | cab1994e0f5d989c794bfdfa6c8e9998cd5deb1b786a728b42436bf244a8bed2 |
| SHA512 | c8248e7fdaea1b00e9e1e3f3b64e837e1a4b6bc8069b766ec63ecf013a9bcfb3a2b6be54a42256c4790a21f6459e857c06d1359472ad04141298fd1383fa7535 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql
| MD5 | 7a01cf415317dce4662ec84003b2c11d |
| SHA1 | ea663aced45f6a0a388a4875aaa517a924a36098 |
| SHA256 | 30800d666a8dde241cdc1e08aff59a3408ef4358e035b7ca6a7b43243dfeb539 |
| SHA512 | f66e966649a4263264f5445b14983b4dbc31170bbeea97556aa9e81e6da7476c43490e6412be76745dc7570ac6e6e01a2ac50de9413bef623457ff4ede4dea10 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql
| MD5 | 4beae7cfe2e72c79b35cdd73451d2c19 |
| SHA1 | 12017e7fbcfe052dc78ed3aa9c84b752a7d2e3df |
| SHA256 | 3ef962ada9463ad3857223388c63d7f1267c58a0ca6def1f798737587d00b7d4 |
| SHA512 | accefebfef20c3484eb18815e1edc21d736c38f2c169d5827a01a6f58ade9ae8d202f98867d0905eae3d5f90b54768038e138e7f6ac83f5ddd6140d6dbc712b7 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql
| MD5 | d5cfef8c726faa1b75eca61ed03830b0 |
| SHA1 | 1acb44ab921ff1c761516c0ef51a073e6bf64a85 |
| SHA256 | a3729732933d8e5172c661fed3a45505239d54c1ca1442ab294ec3ac53a50f50 |
| SHA512 | 4cd3f262129932fe206a03dd1975ab1684325261ac0a8d71531b25b345cc412a7e82ad9a44384c7099405d86d87e27ba91a978c9f3a572783cd9418a5da61544 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql
| MD5 | a6d2429bb1c3d7476b0085aa020aa1d1 |
| SHA1 | 301c71b1a57a7bd3e39eab83bae971efd8dc3639 |
| SHA256 | 4bf2debde369cc3fc9569dccf23321cbc16717efac75e687ae85a63f96fa1d06 |
| SHA512 | 8e037754fcaf5c86c97585a2f34a632d24184b8b09df4c7b20041fb8ba565906727f31ac4b19e4b2c72fb24ac471152f2eb7029837bda810a6f0cf865275a6aa |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql
| MD5 | 281f0dbff2f26cf972e2dc56fca06354 |
| SHA1 | dae0c8ac8569aaf6161248f2c9a6179525d29dcd |
| SHA256 | 2c94d34d55d77beac0cad05a8176bb4ee85bcfdb6eb32cb9a3b1ebc662b1197d |
| SHA512 | c29816231e688344e4ed36f80686d1394cd170e2cd97d336144ff4a19b5a2318c7c0cdc739659416965a4d90c394e118cc274d0e7ba20d7c5bdfa506b54dbe67 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql
| MD5 | 28aab6871dbb5f824793236de76e0610 |
| SHA1 | 2198cd79dfd49b873bfc1cac5dc7008a64ceaa12 |
| SHA256 | a4466e790ce39fca3e6eeeb891587214475d841e39845faca324d7fde0dd4719 |
| SHA512 | 2a20529cb45a4a3d0bee7a749c9c4f712ea50bc85b9b8a19829796429cd03d0fff638bbc12de0a423da92d9d061dca8c8c17a5162f257a3ec593d66771e30093 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\home0.aspx
| MD5 | 8c1a42fa7f846741028fdeb0d172b4eb |
| SHA1 | 857647dbcbab982668d8b21747458423ab59df76 |
| SHA256 | 31df639f95e34e35e11f6fa30faab98a4167783ddc7d7fc57312572fd1c5d7d7 |
| SHA512 | 03bb24645ffc7e7fdfceb8317887effd063ebc37c2b9fcf257e8269a96749674d3dc20d4166b88ee3e5835cc80c5dc06d47167c73fcf544d26258d2a45001353 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp.aspx
| MD5 | 7c87d03bddf8838cd745e8befd8dfedd |
| SHA1 | ef6c0fa515a7143219077ff1651cafc1b34885ad |
| SHA256 | a07ce18983eb570ceac67c1229b86b52cea495500274b01291c1c982332f7479 |
| SHA512 | 519a8f54b64761a1ba084b940106168d6ab7713145d9f16acad19e9208497fccf8449d2460e8c9290869adf6f61709580565d2216fa9e6bd08e567fe9255bdf7 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\navigationBar.ascx
| MD5 | 5f576a154b142bca3f81c213b7a8c2f1 |
| SHA1 | 31c9ced91be8ebbc753b4ada4c45b66612a39b21 |
| SHA256 | 3e700555899ccdcc03ff54538a735d24d838bb7a3ffdf1d5d03c2ccad148e319 |
| SHA512 | 26edcde59687ecf3b8186dfecde52baf76b6c5e58641dbeee19cc5690fa8b4d082a2d53280f073db5b492e945a9c719e6c60d16fa74b33d5e2490d3a16e59871 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx
| MD5 | aafd3d230c0c73087acbb81fbe3c603e |
| SHA1 | d689416806030680211fefa287f31e3f0c0646b5 |
| SHA256 | 3d739ac8f6d9fef8f90493809b20d871a26d9eeaaf064e9579eaba5240745c51 |
| SHA512 | 7cbdd393208ff663baf8d948c409d2443e261eeeaa36ee34ae496ea22202fb3068a3b1493c1a57f1f3f1361d038ee7ea982e2a76de0fb795a07230906c628510 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx
| MD5 | ef6635a3b77d588ed39319cac951fab9 |
| SHA1 | de13f94bed4e5816d061ff346c68a2b833fcd48f |
| SHA256 | 3206b148705198bf4c179513b0cb9476b3697aa1eb832273e1729cea0f91a873 |
| SHA512 | 42e2cfff6a8d3b3ad077fe3c762970e01ea09b41236292d8bff53b43ce0cb81ea1444353a58c0f7120b55dc9857b93043d79f47c13ed13110fcf85dfc83ca709 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx
| MD5 | 3a9b904848358555b56284186548bf50 |
| SHA1 | 0c3f529ffd79e6e55a0f9b72c0ee49fbd2ef88f4 |
| SHA256 | 75c35ce3a64ce1dfb5c9e1a5d2540ecd0289a949c4412d21147af79b2e53a57a |
| SHA512 | 4accbf590cffd780002f4107c0736d72b2f96fda56140b0c377fab65a78cf21a793bf691e8a963590098f09316ec7d9d47e6f49b3f70d18226479fadffab02c3 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Security.aspx
| MD5 | 7c9b7e9e6dcd742ac68b93fcb8cfb7f9 |
| SHA1 | 8159057ce35670ef30140f5bd767e3e1fc4ce6c2 |
| SHA256 | 3ea46215056ca1717011bcd43d2c9157ad6661ab1ae4b16e4d9718ab3c7c92c0 |
| SHA512 | ecfe6e346e4e4ee72f65f7902a3ae7f431c50bff44a72061f987e007ef52d79c78e205666b58214f60a10f5201e2bb7ea2eac23a56e97deafa20ae5af4bc1aa7 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\WebAdminHelp_Provider.aspx
| MD5 | 2cbe366c6739cf90b6847f0e25cea3a6 |
| SHA1 | 8b4451f68bb366304671d833a54ee7ddc8bee6cc |
| SHA256 | 66f4a89bce03e5adac898b8e2a17613defaf9d53e91229281d7fe58096146d32 |
| SHA512 | 5d3074cd111b3be97120ec103c10818626da8710ce2e6f213cf2ea6e6d117b6896a6b82d0035b78f5ccc77b121004f9ad263ed98f479cdbf412d757af827f408 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\CreateAppSetting.aspx
| MD5 | 3a00dbcf7cbfa600a0d2249bc6b0e8a8 |
| SHA1 | 4f29b90b7e5ce34e46150f3a3851da0b158e66dc |
| SHA256 | 7ae2a77dda15f34b31f8ef89a328603ae3890e42b21d5e06f0d3accb298eeb35 |
| SHA512 | 58921b0703afd93f0089b8cae561444b0cf5ef2b056d9a00337e596078d97d2384f4b751af5caa3221736f892cc7b1101882a87125d2096519265372f89371d2 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\EditAppSetting.aspx
| MD5 | 41f695bcdffdac3f5d492f454a370d1b |
| SHA1 | 60d17343d85101ec8b5dcc39bc9b79ec69e5b2dd |
| SHA256 | f4301737853acbecb7ff9a84fcb7651429c183a095c84be176c5cb8175649be9 |
| SHA512 | c6dd9b0e18877b692ee8bb644056baf588547def04e41fa27806844bf7dc2b87eca45859d06c096f60b59852a4563797c7452d2ae52c65e83e3fba6308c4c66d |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml
| MD5 | 6f2a77fbeb7cfc8c06d1640b1b18ffb3 |
| SHA1 | ad4c444e09710b3edb9ef28502a0d86521842987 |
| SHA256 | ba252a1150d9ddcb90cdd9ff33b0e7d08a17ef0c6bda7642a5655f2c6a413ddf |
| SHA512 | 52147c201b24a4941fecd4181a2e52c3a2078b3831bd8135a87783c8827954adc022d899b31f9724f5043f6b0250ee071ddcd72f0b3bd8f496645dedd5660889 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif
| MD5 | c73f6cfd0eca814572af8b8a158be3e6 |
| SHA1 | c447725fcc984a3f96f7e373006da8300c8ca774 |
| SHA256 | c21cad2a9619eb41281c353b28648ddfac53cb3a35b794d6008a3826ea3050d2 |
| SHA512 | 0217b9ef9834a6c6e7e91bc25c60299191027c3f8a0871d8246eb8fdd5b17f7e1bdf815ec5e42c0589af44c73456f30237de7cd0f63f52627f4757d405cb7bb1 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
| MD5 | 8dd876278c08d94a16e977b86fd65c7a |
| SHA1 | 0a8a3f08f71270baf676cfa581beb167b2a837bc |
| SHA256 | 2ed275b39b2e8dfc74794fac4b12bdd183b3fde02f8c432fabd5a816f891147c |
| SHA512 | 6c37f831ee2c356af96f9a9bab6e31759ef6e63ea28c9af2a2518e98603fcae289b9acfa5cee1c78761d9473dbdabb0658b004fb86e300cb0b397926c0d40522 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif
| MD5 | f9db2801aa3b17dd700fbd7680751ad5 |
| SHA1 | 0aec1b654fcf526bd113a01934a15f0948482a0c |
| SHA256 | ff236e7e7cc5b72d2b486d26c378c7fcc21675b965303e8cb826c198c530da82 |
| SHA512 | b5a0f29495189d8bbf0181aa64243c0306ff2a1b8c9ee88020039981448e29a8fe82d391db2e5240bf6d08e60b22424273a539df3729a9feb16456b29f270a73 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif
| MD5 | ed8fd5436828c922d377d3a36131bcd0 |
| SHA1 | 29db6967d0e92b46114ba242cef4da21463b9013 |
| SHA256 | 5f3b3583825421dfbbf2c0671ac7c1c47e78902f11940a5daf35bd4c35301f64 |
| SHA512 | a7e2242fdd39c0dcf182a9546a4965cd6a8ee5abe5ba32d681f3e1d38df6c2bca442eb51d8c2a781984080f7250ee67ef19ec79437588fa8aa72dffe9b23d124 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\security_watermark.jpg
| MD5 | a5598d9d5b0c32a38dda0a713f73b127 |
| SHA1 | b8d50530e0a1a119bde6f2b9e3f78bedbe7ca6c1 |
| SHA256 | fdecc8b46f2043c3e2a983dbe609b17a88b2ea20c20c5af9b8198ece775aa696 |
| SHA512 | e72da4a10ba735ff06042aefda4db6e050cd016b60c58f170b05c0e2de47f4255939257926cb9250d31576e663f4e66311bb1fa77029bc728576487503703ea8 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif
| MD5 | 40ee21b33c1db8c7fc52625eb19d4999 |
| SHA1 | 0c38eee1cba0154979cbbd0cd0abd2c7ae13d91c |
| SHA256 | 835ea1cf29d6bb0c9e358712193fe8fcf9be671dcc850ceea996b59d32c8dace |
| SHA512 | 4de132fcd6688215b1a63fbac362aabecd64c9c69b5205c3734141468cb70694af068049fa64578a7021cb71a886c1d7e82fbc28eb9b28b1584b8ca4ba8396f2 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif
| MD5 | b5a718dfdf11c6859b5eeb80076724a6 |
| SHA1 | bc7eb72cc88cf6e481c6459127c6d20218437721 |
| SHA256 | 3a15c20e86b5b12640b2cad6c6f4617ef95b476989b67901b932412b884b7790 |
| SHA512 | b5e4b5765ed81f5f97ce2f8f2ee68c5e413610855633e626cf352262783ec109cdf92c9addfaf9fcc788f1bf863a5da8f5fb8a32ae4613eff5dce49071e61e8b |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\setUpAuthentication.aspx
| MD5 | edec8c43bc0f6269ce8cc8899909f284 |
| SHA1 | ff7ef2210f2b7aa18996189323f9d6932635b35a |
| SHA256 | 1bd1ab74c2d0784d34f97e423a79b9dec3388f8ad6a350fe257040ea7be373db |
| SHA512 | e82011428dfa6a13753652a4fbb930507c9a219005e28e29463b860c107b34e90741f5f5b4b424ad7a74a2dc5a1cb4fb98182dd92f33d79a23a5150cc991ecfa |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\security0.aspx
| MD5 | 2f1f3239e35f17a3f923ad1e8fc5a371 |
| SHA1 | e2b1138a8333fd065f3ab70bca222fffd4cbc157 |
| SHA256 | de0f5554f425dbd82b033bf2e1bd7ae39db1cb2f6bc7943d62a4db6df23a096d |
| SHA512 | 93b0fa68ccd088407df66b2adaaa4e483558b0e4403adad321e3412869cb4484c989935f6a9fd9dfeb7d3b49689bf689d425b0caa2dae086f66088e9c0ed258e |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx
| MD5 | bc35eafb9deb68a09c741fcb6ba7f78f |
| SHA1 | de1680b707cdf389b130f261e810d5c2872e0917 |
| SHA256 | 23adfcf0619e5d0323cafe2b6027e593b98b3a5c13f51b821069b778a43275fd |
| SHA512 | f4e176271b6bf779734c2e50827023b85cdbf31e318a07a78a888f25cba4b7d16317350d39c1eb4316dd728ccfd993fe7fd9967edcc5ee133e0de19a62c58a47 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\editUser.aspx
| MD5 | 407a88714fb21fb86237e8e87e9e1b02 |
| SHA1 | 17a7c20aac6447b848428543f87b90a0bdd73333 |
| SHA256 | 9edbedc6c80778e1522ffe09e5d20f0b9071e3c6a8f0619229c86bf3d1650294 |
| SHA512 | 1cceef83e5e6906c1531c5de5b0d3f05952cb612be96452059a5c0f2ccc1204152ac15a6f96d97455cd7535074174c5706f857cf858633e206cec758301ddb55 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\manageUsers.aspx.fantom
| MD5 | 7db0dcb378a008b4dd3fe15e17b26043 |
| SHA1 | 21ab77b226977f0ca7a3cf61382c3cf5968c48bd |
| SHA256 | 0b4abd9436c7dd7582a7dd4d2805fcf209440472f618f7d2352d27bbdec5a57f |
| SHA512 | bed9ff965aca5c674719be272b558c536e39c28d1a1177ddc5d99a76c4725f4ee0fe037843fe440aaf66fe516ad57b7218637b0961e7475746d41e202417d089 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\wizard.aspx
| MD5 | 5f02f5bf272d8ef7749add5f7f4fa039 |
| SHA1 | 3403c1663588c20461240b3694e2df0d6118ae05 |
| SHA256 | 7f279837751869f9572e75f3adf0d779563f2180f518c2870630504d35f44d76 |
| SHA512 | 44db85e3e3415da7b17a503623d3bba0eaeee5e09424554677bda121b436580a351179fc7ea4cd5bcca107a3e213b45c5313ffde3a2c94c5722d0ed5b9db18d0 |
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx
| MD5 | 945283852d36d1a604526b9374c28839 |
| SHA1 | 19fa526e7a7877e2a965da1c99175d20abe39afe |
| SHA256 | 71480ca2e5333e453a322374f2b3d62a2a7d794b48ea08ca16839dda97098816 |
| SHA512 | 42eb11de417bb1279d0297e6615e249ea744ea79f947e4df4e0d8ea7ede52c810a08b86e506e229f40ff0d879ace29e35eec9e593b18c1ce96abbe0321d60f16 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallPersistSqlState.sql
| MD5 | ec50de4b7fa24807bd83360a9cba3104 |
| SHA1 | 775508bef1b048dffcfdc90c0757f6214b348542 |
| SHA256 | a00b062b07312e8bae60d46216b5f4b6212374771506ad610177b5df036ffb0d |
| SHA512 | 606a15ee716ca08b395b34c8fd80223f9d3af8a5e5c13cc3f46e64ba0d9b61655ff02b0d80df2f8ab3f7ef6f88fcd93af72149fa80fbb12e717716ff0845fb75 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallPersonalization.sql
| MD5 | b0bb96f7375af8446c9c27c332fcd5b6 |
| SHA1 | 8a4d2b0a381ba98864e322e6a29cbc02ae05d6e0 |
| SHA256 | fd934df14636d00de7a6468c7d1c4fc29a87145004fcf5a0e6438bfeeae883b8 |
| SHA512 | a4062cff1152bfa338551f610b2ece279ed5a3071f722a4ce00398997e17d822e3a0b9e7937670c2a842994bc343b767e99ebb68533d0e7e05f2e4f29b92eee8 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallMembership.sql
| MD5 | 05ffaf256d436a24e4dfeece46e4cc46 |
| SHA1 | 8077f361b2e6b436c717847ec3416b981e563210 |
| SHA256 | 7b81542ac79ac16763c22f6cf15ae3973f0f971dd77e85470c5fc11975e7a0bf |
| SHA512 | 329a492c6d6fc3e68b50c7a2add985c76bf78c59327aa4acad7643005ba703817db0152c5fe2ed644cdc3adade6b33e2eafbb9b7e05ed8caaa9470ac75f105d8 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallSqlStateTemplate.sql
| MD5 | 2bbe16631d1f53c31511af6a1cb10abf |
| SHA1 | 1e59086ea0dd9d20427db34ee65426f0a81ca9cb |
| SHA256 | b70686a16799af2235ae6257dbf96586636ac2d0a849ec666b27d3a6fb5ff5ca |
| SHA512 | eaa7adfbb2c70ec95ac50a820d856bd901e7f646b35ab1587263231e3eff0919753281e1b23b447e5d79b49342d7c28f59dbf92c0b406bb1f4ee7f47acfca43b |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallSqlState.sql
| MD5 | e10319d45587c42d0c4ae2bb529353e9 |
| SHA1 | 10bc3b4b6b47e84f85c9bcafa10039a019b6845b |
| SHA256 | 29f7d9bed0e682f620e604bd5bda0e20f2773434b7befcbbb0bd628f2ec2686a |
| SHA512 | cea31b70a96f2b750812f7f1344d7a73bcf2014983873b0efe7ff173c34e5949eac768ca9726f9e8d11d26b85be900bcd53309ca0a9851cf74dfec40e488ff00 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallRoles.sql
| MD5 | 06274cbc1eac20a070910f1b8d6f11ed |
| SHA1 | 0c2a7b9200c660ea6ddc963ce14f4a44a20e17f8 |
| SHA256 | b0015c346888f0c94968485c3d436c9de2e30591539928df4b84a316622fcb6f |
| SHA512 | 381b113c378630889e2b643365ec27023d1adcdac8248752ff5b1575791eab34c1f7855665948689e463dabe63e59ed04865c7ee0983d4b71739a2f75c98198f |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallPersonalization.sql
| MD5 | c2d44f65c33a05286828207c6079f775 |
| SHA1 | 14e3440679675cb6dace80653b203146593becb2 |
| SHA256 | 0e8e41186d37f84d870ffb9ddf9a585027d015643187af775f4714bfebef1c5b |
| SHA512 | 09a207febfc9a85959ece38e94653161414ae98a097b4e3f507f19207e76c63afce2fa7a93b6ba8080a51d12439894fff99851eff429d36ccd757105bef9e1e6 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallPersistSqlState.sql
| MD5 | f244e9cc47290bdfd59e2f1c203f2d93 |
| SHA1 | 06c94fc8ba4b7e302cf0103bec91ef301e10c405 |
| SHA256 | 5c3af82fd1508cda690bbf24dd0840ccd5e1d6d36c888e77a641c1f99acfd2f5 |
| SHA512 | abf4d5e3bdb1494a5a7de4dfdaf209424d9ff7bc78018b143cd40657a007ca47c628e17c93dc676705289dcdd2fed7dd7f1ae276a04ac2e09bc3d228f0477263 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallMembership.sql.fantom
| MD5 | 86b0d5f40d38578715d70559ef0332a8 |
| SHA1 | 947cc82b10ee651432fa874a1138dc09c719dd04 |
| SHA256 | 1053538180714dcd992e5f7ef9302738b9954f39bb047c49d8f8233d4780e5cf |
| SHA512 | 89f152319c46b2b7aefd09f0086eb0499dcc960f4f324b0a6478da74663ab9a07ead48330cb3e7bd5b2e14edc3a6edd5bf5d7e7272257fe661e7d68f0af74151 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\default.aspx
| MD5 | 3acdffb42b53df34c296db4f2b8e7c35 |
| SHA1 | b994e217c2432a53d9ee0df4a718e82047dde116 |
| SHA256 | 779c77d1158ac93b190a7e7a35a1ba8f54e87895045302bc88eefaf0249a8189 |
| SHA512 | be26e532ca9336de59055453999ffae8a0485c1cb27e9f4c676b5d86665faa4b0fa1133ec91b573fd99e0b1a05db0bd9bb2284aeded0a6f7a65e356462c57ef8 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallSqlStateTemplate.sql
| MD5 | 951ddce7e2842124351f477bab16118f |
| SHA1 | c646a9274204ee22425fda932a1524f27af820fa |
| SHA256 | fefab0d09484287513820bfd1fb21c3dfa460d6e9569d7121e820b002ef0c28c |
| SHA512 | cccb6f1a1d19a348b9495fa7b201c428fd66f7a8c4e9ccd0753433132b3a2459d0caf4724af1655055428591abe321574b178f43492cf0710bbc840c1c31203a |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\UninstallSqlState.sql
| MD5 | cceed9e0fb04283b5c5f614c456b3501 |
| SHA1 | 84cae4d8c5ba6f50d0f2b9efccd09873e7f01403 |
| SHA256 | 57cd37509c49938f4d4c9c82055d0c13c0f866a8446c7585bb90a48ffc50c338 |
| SHA512 | aa399bc7aafd4378200e99ddc2c418aba1b6df55d4c984c4abf008163750994f9fd3056c30351907c26b6555e9cd4c7bd55beab12e48cfa8010f528978aae716 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home2.aspx
| MD5 | 93196a69cd944490bc44897fd25abbf9 |
| SHA1 | 12ab230b64a32b793178b95e5451731a32bd8efc |
| SHA256 | c768c85f93d8de3435222133e698810199559614bffda3851cc312d9e9e42399 |
| SHA512 | 0f4e7e4ed4c77351e3bcf6924d35e44d41be6f9ca0da9ff6d2607902ab5f9d363bc33e8947fe769f2fab813f0271b94a79df70e3842a3f8ac6953cca609bc825 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\home1.aspx
| MD5 | e44998a4a843410784b91408b4511a28 |
| SHA1 | ca239bda7a7b0785246e763d7d9273df1bca9b40 |
| SHA256 | 287705300356dd8b95cb489470d3cfaf6c574fc3ff897434e46d1d0947648ae2 |
| SHA512 | 3981b754df5bd1e080a915d7d81dea2749207c23da4ee5ed7f47d5f6306b200b7bd066d5c3ce13619508875754f05e2d77a99044c91cb4aa4d656ff45b29d41e |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp_Internals.aspx
| MD5 | 00c0bbe6609005b6a8961240046e0eec |
| SHA1 | d25f6f80292674383f7581fb46d60007049bce29 |
| SHA256 | 238fee9cdd5f7c2e4cf042af5345805bf266f468c680fffede1fd555331b9f55 |
| SHA512 | 7ca67776ac95c3dfc967eb34ae0267059ea307918617266aded48de359564a43edc9968e933fe6601a952735b2265286cddcc6dd1c7471e980aa283a06e183c2 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\WebAdminHelp.aspx
| MD5 | e7898f682bf0f424e171d6a53c4a87a7 |
| SHA1 | f16e3a40a9e1ab070e422eedab1f5763237bd51f |
| SHA256 | 3ac4e1a061ccedd3a90fc4eb52f0754723ad7294959b16b21ba12bc6bb71a1c3 |
| SHA512 | 384a36978d3dbb9f62dad354dd5cffb7001d869c1984faa02edc9863134087f93ac049d7bf23a1612c2133df3afb35c6da684d20fb1f29419e9475bf3a6bb88b |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\error.aspx
| MD5 | 7d9cef0210b03a74c9f456b40ebb5e97 |
| SHA1 | b0285367c837e215e77588ee9c7a70f21f858be6 |
| SHA256 | 07070f63acc7500c7f74994fd1b14aa5f59f9c2a9ba69fe27978d7df0c36703f |
| SHA512 | 7cc8f314d557befd914f194835bf0166e965eee284b7bcdef0a9f8a76a9c68be7b52240dbe7a18c0a51bdd4a7405217a488096104177d0574e0e9bf179c805a3 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\navigationBar.ascx
| MD5 | 57380950bca672e424c55d19f061e22f |
| SHA1 | e07286abf455ccdb24564af2a3809465d26225a1 |
| SHA256 | 448daab3bc48490638d76d3c9302d08fc4216108f5dd3d7bfa88c47962f2ba74 |
| SHA512 | 4183e1152f4a0624a7a95c2e4a93dfab0e3ae516b2994d0d1bcc5d1f63df1613003de75c2d9434f0c73c79fe3ad34817a5c2e7e682121486d96254c78979c59a |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
| MD5 | 0013c31d97f47f1a7549c1db9407848f |
| SHA1 | a96af132896004142ab43c21a8b0cce1584f52e8 |
| SHA256 | 37226753afe7d5d3d9e411c0b9f39ca3b372326d4c1de1773df2e65291d4155c |
| SHA512 | b40da6c2fa0f7b5f852f40a70a69fbfba20cb729d5e5e45c12d9cc4619600fc17ff81e69f630b5f1e819d842356701279dde76acf65d8c7e0cd46ffcddc302cb |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif
| MD5 | bd24f90a8dbb4a774115f97276c51676 |
| SHA1 | 1bd8bdea2a013d3dc92cbb288003474285ebff06 |
| SHA256 | cbb3de16d28205ab475edf0bc0f4efaefa9584ecdd672476cd7b80e472c747d1 |
| SHA512 | f650c28e5309bc534fcb19b51f035e0dab8af3237e4c1bff3e73b9f96efb6513faa54c2ad7bcad04b92021c836e10b3605985a30f38dc73e5261ef9a5e2a2a22 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\branding_Full2.gif
| MD5 | 2a3574b95ab0e0624ad49749e8983f51 |
| SHA1 | b8da15d0118e7ca4e5683bb98fc9c662ca6e5511 |
| SHA256 | 4162e432f2866b963f742ed8dac2ebe3d03fafbc513c788a3456dc23bd234176 |
| SHA512 | 72759510077e5bff696fcc21b12066bdf92fc692fc735bad73ee6725195b707415a0e312fff7687d188e574b3198ce21c848c8a722d0482402f9cb616cbbb01c |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif
| MD5 | 07bef49251a17558f021923455f203f6 |
| SHA1 | 40c7047880a74f064632d006781b2b4865b1f03c |
| SHA256 | 2150d4d33e9704b123356539aa051a470583d592b0eff857792ff0dabee347ba |
| SHA512 | 79579d86055be40ce6c6261cc57f37f0e4a4b633a99cc7bef9e349c74e10907f4a7a94cdd9c3031bee146739412f5842dbe693665731619044823fbcb478a76d |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
| MD5 | a3ef154b7ef067431719216abb0bc808 |
| SHA1 | 355a1a0437d33b67dc1ee9d918b090054527c04f |
| SHA256 | 92497a1301f4453ec01fb13536fc4690c23a006a72f71bfac5e290c482a4d5c1 |
| SHA512 | 75b9ab72acd67eca74062f9b263d04e8a4a30117ac687d1395f025ce5a0744f306884050f8fa7a466a8a713b721a98cbdba1b2dfb567bb9854d092078416d70e |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif
| MD5 | 92b132a12a9f4d727c3c4b55f634d257 |
| SHA1 | af87e6718f15d373ee4252e6b17ddcf142af9834 |
| SHA256 | f3397c17d98dd1a422880a793430d76f6a506257e8b2be9dd0cc57afcfc90110 |
| SHA512 | 685d224a3c7ce15efdcc1e1262f7fd9a67b043c53dea5b9ed4884515e9a2249ab50bd085dd76c7a494e08e534ceeb051d60c115fa5a9bff07399e6ba7643bffa |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
| MD5 | 3c1d71c70fb25a6aace6501d57dadacf |
| SHA1 | 416a143de2b78acb748513ac7c16d135bc978bcb |
| SHA256 | 195f8553cfa33c36ca5523624268bdbc847db7c69c914edb4f00815e4344f281 |
| SHA512 | 9ae264e05d2caaf3a2c5e51989bd8f36104696769a4f5f9f831ffdcf4a74960ec1449c13efbf64e3e61a1ad222b0dfd48b78dd13e98614b707165ea3bff31a5b |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif
| MD5 | 4dcad01c97f65b64ec1fdfb3b652d4f8 |
| SHA1 | e0f3878469cf561b053c3a65b4544466961e3e83 |
| SHA256 | b5f105cf9dfc85c2b260cb85b9e197a8f6ad10bc4aba4b6722f40ffabd233acd |
| SHA512 | 64a70324014d2c12e296cd2c022697b57d399959e0c831ee0e7aefd19d748847c3dfbc276cef744777e1542a07a202df23017b977ae7f563a1085b543aca1c32 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif
| MD5 | bbc064d188aae4824ab653c7fffda36f |
| SHA1 | 5345965a3fc2c02df22fa86ad8b831080536b9f0 |
| SHA256 | b93104061bf5db7e63ff0f676357d31b642b6b45fe6edd7a3c9500dde44c2593 |
| SHA512 | cf0b6fcdae55c2a37f30a932e1808d8c96b9284ef3e5108c5984ee762f668b30a5c3b6701aa78f79b8ca9fde65956ac9cda79a8a465e87514f2c3bbde5417428 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
| MD5 | c8a1759fa003a7c38cb6dfc6db8baf58 |
| SHA1 | b2dad0357d342d6413a459179565e3bb4f17fc92 |
| SHA256 | ff81b8f33af841a67f4fe7661c89c4044c81db9f05a9db7f25b450a22bfe527b |
| SHA512 | a87a1ccc4a9080e5f35c9db465621651c023b864e38f5e0fe62c38324b505e4fd7fe514a1fcb3bfdaf578dcc3533656da07736f4076b7d01365cf3c41d3ddd02 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif
| MD5 | b2ff39c094753f8eac8db355cf658f8b |
| SHA1 | 4e9a650f9851a608e95e65d4a9b18439ffd0a0db |
| SHA256 | 09b00fbd0832d61f271b6774f4a28ccc8a96a70111c53bc94dddf4863fd3eb71 |
| SHA512 | 33fa7ea3e2a36a58ca1a9c7a9835e2da3622c4a9e4d3d89f4b25d7eec70e2dab71d2e5ee66552fbb4f759857160027c44b3fea98ca6a7f18286e6649ead0edb3 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\yellowCORNER.gif
| MD5 | 42759abfe993e7513ffaf3ad2c8a85ac |
| SHA1 | a93937ce97d6d10749b13a5da09c233dd849a157 |
| SHA256 | dfea25adf106ca3464f457a30e1ec511883334b17b5309baf51cd0b94e0e711a |
| SHA512 | ca170e4c78cdcddf98df92463ec6f744c4e8797f724e94e62e60b0b28c106f07d888aa555d54b7117912ab97c5650664a15938896166dcaaab7becc39798dee2 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
| MD5 | c35ccf4c198c1ad4afb99897a4b92426 |
| SHA1 | 22c3ba56a06c646f1d58532a2b7af4ae5843d0ab |
| SHA256 | e5d8988c1a528df6090c03648c9a414f710f95749c861dfde37916293108be30 |
| SHA512 | 012923626e5bb493b85bf284a985f505ca89d2cf51787d6149126cae4985d92a9b6e35ce1109b19b56f100575b3c5a29c83a4775c998c5014d3e6b22e2af3ca7 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
| MD5 | 5288788e4f08b120afb47080e14d4198 |
| SHA1 | 58364856f204bdd04aeb99ee847475281ebc53c2 |
| SHA256 | a08f53979f8f7b1579ebc7b989d39c217fe2a55d5b7c798f59d6536421255dbd |
| SHA512 | ea3c16ceb973439232bc17afdd26d95972aa4c26ab686cb7258b25a4ced5b2fd0db636616cc602a6bb03c5d711d64dd6df68782603bc8d6551c7a8fbf021d6a1 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ProviderList.ascx
| MD5 | b20a80a21b22ab96f1c3f1e71942053b |
| SHA1 | 8633f8628896f6e9574c479b39c6c20667771d84 |
| SHA256 | 248311b739a147483398673bc14a143e9952bc726f058fb5db27b97231fd0c0f |
| SHA512 | e09f4392e5d8230845c9a2f3d40117d69a8f2f7c6557feec82318a662234a2258998bc59e593d898aa4a0787d655e9f61ad4b049acc560646d4a68c0fb76e90a |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\createPermission.aspx
| MD5 | 85d4d711534731401f1df3b8935ec071 |
| SHA1 | d31d471284109cce604710581ae4a72f5fde4367 |
| SHA256 | 486bfc53f9b5c8dafae66e6ab59516562e9fa58ffff55c25ab726e48f26e97be |
| SHA512 | 295c316dc0b0815bfa6152a3e8c7981fb058e49e42a7e5b96860d6733a8214b9f392ffddc37b98c09742033c31a59983438ff07be2bf5f7ec0cb1f39addc41b8 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\security.aspx
| MD5 | 85935f302439bd2485c4fed0e89c6c3f |
| SHA1 | 442f60107f2fb8c2ede4a35fc60054cf2752ec92 |
| SHA256 | f1ee761536d90060fdaf7076434ff53c01316bba7f49295523d94d7e1556a517 |
| SHA512 | 508ce3bcede948faa2b650c955d77e691dac8af077677cbc74791a2a681086a67319067fec02526e6f2412d31fe59b0e5b3926f3234120c2a8b42db767e8a8eb |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\chooseProviderManagement.aspx
| MD5 | d2bc8d47ca2dd745999a0ea47bfae717 |
| SHA1 | 08dc10d1652f95ff6f2ad2f549f373f1a9acc16e |
| SHA256 | b7db66292bb8a815068b267b8900fa29093c4b98105dd940d9d6efbd2c6514e8 |
| SHA512 | 99457ab88deb78aeffc81ae5a8a5f07d7244406e35e4f720dde4c6b0ef3ac8edb0599963edaf84b728d9d1068ddae700c67565d8f17d4ab1677e048e2cc5f9d0 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageProviders.aspx
| MD5 | d419c7737a910c96503673d59196c0e2 |
| SHA1 | 37c6c996966cbe0659ab7093f5575e9c67f28850 |
| SHA256 | eec6cab630b88f1613c010bf470b5a71d1dde9bbf5b835561e250c91049420f4 |
| SHA512 | bbb12e54dcc33214dca65741fa47b2b816e00988c8aeef6fcc414144c18b8206d91c039e63501d3bf832ac694d368340dc47b802f4b77b24c73786c011b121f9 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Providers\ManageConsolidatedProviders.aspx
| MD5 | e05ea6bd9b378a1f7e733e0935c8157e |
| SHA1 | d755d4cd80eb914ead33a6e8430a85e65ad1e90d |
| SHA256 | 73cfcca5f52d9590b9ca61fbd7e9617cff613dc58b2cb375fd81fdeda703571a |
| SHA512 | d7f3d49eae245791e296cc30e0ee775a13206d2704d30e6a3d079e51e687312df7478f426123a776a6e08ea908a3b043d76b87760b9964db4a0bee833407f3f1 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif
| MD5 | 84b92580ca1d31605c38317328e3d559 |
| SHA1 | e394b40ed85667bd6c8ffad739c562be54eb1807 |
| SHA256 | 12bc7eaa485a7043cd48d31a412c9299ff31324d427f5b4e07240f53ea859363 |
| SHA512 | c585c60bde82e106aea4e98c07f023276d1f9380369c6f76ef2ffc1f92425eb97bff99271369352d2190c1f853708fc481e3b843c7fba22a921190cbd5648319 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Permissions\managePermissions.aspx
| MD5 | 6c7f105d7dff85705e833b42c33ecc42 |
| SHA1 | 34a2cd679fc7b831ed799e20174b053f89cf5577 |
| SHA256 | 7d7ebf1559bdadf41af1847d3d45aa0041d5655a19214bcabc19ab9646eba914 |
| SHA512 | 7727da7523a6e74d8a77a58b9586f95b2ec027afa8dfc433706cba33419b3b1804d9f4a79ed3f152c32bb62a738a15a922b619483ede9781afcfd62616fe609a |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardInit.ascx
| MD5 | 088d07a21af4e22a652fa52c2a10c7f4 |
| SHA1 | a286408ba3069e8bf57e93c591c9f7901596a85f |
| SHA256 | c40e2c923b3a4ad7988dd77fbc5270ee68cebe4ed6602e8e603347b19afa9112 |
| SHA512 | 959647062786333da57aa20f691df64e180a37a9aa312bb735a80727a6eebf1fb7a2244ab0fa35dfce67cb7462bea456613dd4cd64f873c60bbc4907515c4dd5 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\DefaultWsdlHelpGenerator.aspx
| MD5 | adf2b6a1a0fe10e17c79a3caa85e88a6 |
| SHA1 | 562b7e004285d292ba9dd6acbef4ef2657367e3e |
| SHA256 | 51e834b92f64ff2664c0d12e4880b94b380259eada365d9a06300feef214fe06 |
| SHA512 | e255c4dfed188a2af9dc2b8146fbe76c6c1f2205a1175b38068da2810da02b2fd6d3d1f0b95cec82eea945afa893e849dabbf58eb536eda110f60cb371d11c25 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx
| MD5 | 1273ab97108c9c1fcf2bd8c608229557 |
| SHA1 | 72fb410f90c5414b734848c8c427b60413f4958e |
| SHA256 | 3a49e24ec5599c8aa4ee92b117700dd59d0b4eb305cbd8ef74dab5dafe430ebb |
| SHA512 | fbd24d689a7d9341c828611bb6b01a094d763fd0a22fcc9877f15a94c478e9fb22687fc47f75d805b7b9f8f464330b063b97b61d7c4db56fef1a0714c3d092ea |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardProviderInfo.ascx
| MD5 | e8bb100a7c53dd702875c5e4b742692d |
| SHA1 | 2cf9f77b2f98fd4e5eb4f6455f860647408c3656 |
| SHA256 | bc5929f44892c345e3dbe87f41cf337e18701f62279b57ea7ae6e14e13679961 |
| SHA512 | 44d8386e11afd3ce2ae7c6a5eb9126653fcc7d77ddf71af33ee45dc0fc9a41acb62437a62735e5efe37973147c52b333b76d72dd204f273762d4d46fffac3fc1 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardPermission.ascx
| MD5 | af883e207150c316746fb21d92c9e0d8 |
| SHA1 | 10764a57d338b203708d4e08eef6d124a8e0217e |
| SHA256 | b6aa0745aa8c96dd7a1a15632ba367f870d63e9f7fa708d94bd6308b857c45cc |
| SHA512 | 4d9f33d95be196ae5809c97a06b55a5298ecb30ad9fb966f9e0b30b526ee1d5c3f3daa19bb8bb0e4603acee5901d3f222d345bb6d597b5f2ee4677e4c03a5d24 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Security\Wizard\wizardAuthentication.ascx
| MD5 | 6f7081cb31b56454cead97087db31085 |
| SHA1 | d8232efd1910dfdcece74b901e4a4161c112658e |
| SHA256 | 517a00e50f13d7002035b1a9190454509b2a04d8ab567feec96eefc2ed9e0030 |
| SHA512 | 62647e5e7c26078c978efd2b76cae2b5efd1a5fd792af07f6ae8dc37820f1ccf102f375d3479ddd4627751d30e58b487130028907023dfe6fa1cbab5f6e20a7e |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql.fantom
| MD5 | 99146fa7e2fdb521a6c932de0753c379 |
| SHA1 | 4661d8d06264f78ef10b9303796517f1f0f6e236 |
| SHA256 | f12222b2991e40200e7c38e2fe47f879b640fc2cceeb43dabd01f70647c03ccc |
| SHA512 | 3c4efd846da17585a8625a8554acf110df3c504dbed4bc5c3071e00d3ba3bf5fbe1f6adeca6973781e40ed019c11f83ee84e4ce04ebc4cd9200516ab1aa9e81c |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreSchema.sql
| MD5 | 09ce77ecec1027483b7886cafdc6ce03 |
| SHA1 | 6217e9c3749efc5979465a901a31bd82eb104e1c |
| SHA256 | afa23859421e39397bbfbfae10890b7a383989049e5e44df53be87f23c6d3638 |
| SHA512 | bac0588d68fb919b521d6fe26b34100a9d47c3e373caf11e524245679bde694b9ecaf420d5797714777173f134d09db608c7d5ba4f0e3ac04625680aaa3f5363 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql
| MD5 | 7dc33cc304a0dc3363b1a49ae83c49bc |
| SHA1 | fbb30fc4431d8394063b05981191655ae4c34a00 |
| SHA256 | 5edca13607544529305c18c046c09dfe20c985a6deb04f03a6047e088775909f |
| SHA512 | 51c3c572e6a3111e524c0376e1e2978f7ee5ba10dd0664f0f53262d5eed69b9cd609c8e55ec4108deea6958352740d01008db644b3d46c29cce6d22313999982 |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql
| MD5 | c60646e69d635eab409e71cc02d4db52 |
| SHA1 | b5b6eeabde3704c09c59a786a7aac009286488e5 |
| SHA256 | 163278cdedaf398acc06178f87f44640a1092795535d61686a6446371adf9110 |
| SHA512 | f15e5500463cc0414f40a17762580a7185b454ba6ec8c3f54d7ba752edc3d2d2827cf1e5dee05e283fb59895dcf24150eb0e8884eafb2a4882635d50cda565d5 |
C:\Users\Admin\Desktop\update.bat
| MD5 | 23ecde57fd3da86b27ef2e1d50dfda9e |
| SHA1 | dd048c5e1454a41cebc0cc435d2f6a94a019a63d |
| SHA256 | 76e41e5fedf19694443796dbba6b66998c022f5c8c9c0756ab064d2aa4cb2d67 |
| SHA512 | d0d508de7e9280f2e41b5bf0770fcd972cb944a4cadc21f8ce4fe91c3a96b5ea536242e17e7ddd4cd3844e1e3411467be1d1e556c6704613e90a8585fc661221 |
C:\Users\Admin\Desktop\update0.bat
| MD5 | 397dc7373e23f1980ecf849a29708041 |
| SHA1 | 6c91608ebe57a3d9375f646ff287e46a9f18c861 |
| SHA256 | 3ffedf213b18d61561cdbdf3de6946284c7b0541a69a89ebda74add1aff7fd5a |
| SHA512 | 9c8cf8355cde0402b71fb4e713d14ed12a1031c3120b4a1af6e10ce02dd5828b8d27345ef28f40c34da329e47b36f4f0da74c7cd4cf3d3964d004a16e72096fb |