Malware Analysis Report

2024-09-11 01:04

Sample ID 240622-xefdeszbjd
Target 2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos
SHA256 c90cfb29c3a12d7e51649f59308c1d59ad948d2ddbf001d0a12d98d7a09f7b46
Tags
neshta phobos defense_evasion evasion execution impact persistence privilege_escalation ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c90cfb29c3a12d7e51649f59308c1d59ad948d2ddbf001d0a12d98d7a09f7b46

Threat Level: Known bad

The file 2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos was found to be: Known bad.

Malicious Activity Summary

neshta phobos defense_evasion evasion execution impact persistence privilege_escalation ransomware spyware stealer

Detect Neshta payload

Phobos

Neshta family

Neshta

Modifies boot configuration data using bcdedit

Renames multiple (97) files with added filename extension

Deletes shadow copies

Modifies Windows Firewall

Deletes backup catalog

Drops startup file

Modifies system executable filetype association

Reads user/profile data of web browsers

Executes dropped EXE

Adds Run key to start application

Drops desktop.ini file(s)

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Interacts with shadow copies

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Opens file in notepad (likely ransom note)

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Windows Management Instrumentation
T1047
Command and Scripting Interpreter
T1059
Persistence
TA0003
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Netsh Helper DLL
T1546.007
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Create or Modify System Process
T1543
Windows Service
T1543.003
Event Triggered Execution
T1546
Change Default File Association
T1546.001
Netsh Helper DLL
T1546.007
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Indicator Removal
T1070
File Deletion
T1070.004
Impair Defenses
T1562
Disable or Modify System Firewall
T1562.004
Modify Registry
T1112
Direct Volume Access
T1006
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Inhibit System Recovery
T1490
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-22 18:45

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A

Neshta family

neshta

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 18:45

Reported

2024-06-22 18:47

Platform

win10-20240404-en

Max time kernel

85s

Max time network

79s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe"

Signatures

Detect Neshta payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Neshta

persistence spyware neshta

Phobos

ransomware phobos

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Renames multiple (97) files with added filename extension

ransomware

Deletes backup catalog

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Drops startup file

Description Indicator Process Target
File created \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe" C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos = "C:\\Users\\Admin\\AppData\\Local\\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe" C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-160447019-1232603106-4168707212-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-160447019-1232603106-4168707212-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fil_get.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\sendforcomments.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\comment.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_folder-focus_32.svg.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\index_poster.jpg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pl_get.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Combine_R_RHP.aapp C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\[email protected] C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\it-it\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\CollectSignatures.aapp.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_pt-BR.dll.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_anonymoususer_18.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext-2x.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-variant2-2x.gif.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ro-ro\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_hi.dll C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\css\main.css C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark2x.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\welcome-2x.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\COPYING.LGPLv2.1.txt.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-fr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb_new.png.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\de-de\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_single_filetype.svg.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\improved-office-to-pdf.png.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\logo_retina.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\PDDom.api.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\app-api.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1 C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\uk-ua\ui-strings.js C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo.png.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\ui-strings.js.id[3DD9611F-2686].[[email protected]].Devos C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\svchost.com C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4740 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe
PID 4740 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe
PID 4740 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe
PID 2732 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 5012 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 4448 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 5012 wrote to memory of 3328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 5012 wrote to memory of 3328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 4448 wrote to memory of 4636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 4448 wrote to memory of 4636 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 5012 wrote to memory of 1396 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5012 wrote to memory of 1396 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 5012 wrote to memory of 3340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 5012 wrote to memory of 3340 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 5012 wrote to memory of 4324 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 5012 wrote to memory of 4324 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 5012 wrote to memory of 1312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbadmin.exe
PID 5012 wrote to memory of 1312 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbadmin.exe
PID 4448 wrote to memory of 3948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 4448 wrote to memory of 3948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\netsh.exe
PID 2732 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 4160 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 3816 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\SysWOW64\mshta.exe
PID 2732 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 2732 wrote to memory of 428 N/A C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe C:\Windows\system32\cmd.exe
PID 428 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 428 wrote to memory of 4940 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\vssadmin.exe
PID 428 wrote to memory of 3048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 428 wrote to memory of 3048 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 428 wrote to memory of 4052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 428 wrote to memory of 4052 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 428 wrote to memory of 2128 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 428 wrote to memory of 2128 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\bcdedit.exe
PID 428 wrote to memory of 836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbadmin.exe
PID 428 wrote to memory of 836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\wbadmin.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe

"C:\Users\Admin\AppData\Local\Temp\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe"

C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe

"C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\netsh.exe

netsh advfirewall set currentprofile state off

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\system32\wbadmin.exe

wbadmin delete catalog -quiet

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\netsh.exe

netsh firewall set opmode mode=disable

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\SysWOW64\mshta.exe

"C:\Windows\SysWOW64\mshta.exe" "F:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\System32\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\bcdedit.exe

bcdedit /set {default} recoveryenabled no

C:\Windows\system32\wbadmin.exe

wbadmin delete catalog -quiet

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\03a0d23b3fbc4a93bdbe60d3baa7be4f /t 4416 /p 5116

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\1112d97e3bb54bc193fdbe0815ee2407 /t 4248 /p 4160

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\3d1ab6fe3a8b4527bcba692f0c1bddc5 /t 3464 /p 4688

C:\Windows\SysWOW64\werfault.exe

werfault.exe /h /shared Global\2caaf3a9f2cb4c18a493eb3f954e99f1 /t 4684 /p 3816

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Public\Desktop\info.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\3582-490\2024-06-22_8d4fc2fab29b53848f56f876cc33b6ed_neshta_phobos.exe

MD5 9b949b041cfe8391d65657156c2cf4d4
SHA1 1a421a968ce61d0d5ab4c968602298979193c006
SHA256 eaf933e9cadc5a4f777a463ee9f73769aad85bef8d72359895a0c773526a6b04
SHA512 2317ff650d9ac22823e68ea6085e7b0c251eb09b30e1c6341765fdccf42e697bf1d6e1eeacae8ba117fce350cbcc581c96033df08eae163db7e5abdc2d78f7f3

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE

MD5 3b73078a714bf61d1c19ebc3afc0e454
SHA1 9abeabd74613a2f533e2244c9ee6f967188e4e7e
SHA256 ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29
SHA512 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Comments.aapp

MD5 2f20270c785e2fcccdad483deef40d04
SHA1 edc71f039fed5bc2b2c99671a8d750e7ed61983e
SHA256 16cbe9207b37a65a7ba9876eefc1fa065fa1e5e50d813d7f0b946c8a2e7ef2a7
SHA512 0f8fe59c48088dded0524ea78f835a1f409de7e361d058d691cf4d1d5f88e53bdb45a50fd00572b58911dcfbd123d2ef1521d553f49fc6f4e108d72919c47e02

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe

MD5 3f08f2e23dc44990f0ef9b9869351758
SHA1 8026b7e51c8b3fceeaed6d1c2a6671b63249e183
SHA256 75cce63070db3d924f709518399ada2531d12adec577bff86f23be7ea392bb3d
SHA512 086645cb6611bb2c32b73297b35ba642d6720c18e4da66cad9e1e5902aabf631320407e19be9920b1dd264299ba57c1bd2aa6310c2f9e08c997b2698c4aae68a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

MD5 98816ff3accdee3372d6cf8e2d738897
SHA1 a17550cf2057601b79f376fd40bb2c7e3adb5c03
SHA256 3804209edda9efc1b19f21a993519601d3adac96981276a84eedca503b16f275
SHA512 f9fd4bd7ad2c2370f5de0a50b313691708dbc833fab0007aaf388aae4998d8670ea15207d101d4786c97500f6c7ae78a169587f96886c6112d8747b16e8ae982

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

MD5 42802d17b93d64b1c646c63eb481b2ef
SHA1 ade05581ab7669a50ac3925ebf3a2cb102c4283d
SHA256 ac4cf5ca4140493b9e395e4b6ab17bbec0ca835e90068f0e434ff98c64563afd
SHA512 ec1427f6855c54c8acfa6a1b9bbda278f64c7f2d153e8ef5ee58e5bd05b2f1fbdef46466ec06be93313ded86dd539bb050817b3fb53afdbdad83891b80133759

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe

MD5 1f2faf4cfe37cd2c874c9646121c214a
SHA1 acd0b74b2a39f2b58c2a45c1c4d29e0573f7d638
SHA256 666a4b362d5a895ce7e20c15a8743ef6d838bcea568619f8d4a607338617c1c2
SHA512 2ca20ca809338d248b76ee0fa30789ab173d8176f7c0d957f3ffedd8780643e7ee89653aebc7d2c1059ef725494f402b51e36d87f625bef3665488ba1c04cf13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

MD5 b43a07a463c9ad9d8419d986dc6211de
SHA1 8c8db898325d2d3bddae171773ec374d85fef90e
SHA256 e0d6fce3bb1d440b19a18a3deef77ab4b9e24dc342ed0139492328d638178e54
SHA512 6036525f03bcd817b80283dd18ce3f30fd09f2403429c056c1f62d59f44179a9e0061bc72fb3921f56393cad82c8c6597b7929d87c8abe57991e595956ff7f73

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe

MD5 86e6b39b55a9374fd20650e31ca1e59e
SHA1 92fe28e012e3066aa2ef232ba4482bf19baecb32
SHA256 29ea95f5e114678243faa4f4ef3478824c704af97ec6442ee9a3c8554d62a1fd
SHA512 b2a6bd8371c5c622319e119df47bebc584349f40e769354d132fc66ac9c3b320452a7bc79371da4ad6603ec7e6efb556e8765f5c4f011a7fdb58eeb0032421b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db

MD5 1681ffc6e046c7af98c9e6c232a3fe0a
SHA1 d3399b7262fb56cb9ed053d68db9291c410839c4
SHA256 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA512 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe

MD5 1f40eec06bdcc9e949b1259c5e61991a
SHA1 2cd91e12afb44b2ca62e9e82e95aed01fbca00c1
SHA256 cc43063ba6f50fb20a2632be4fd156d388c4ca6d527594c70477f5c4b6e13795
SHA512 cffc55896afe44dd3ee213425ac1bca9e9104ecc9e283844709764a828acafd314d251e14a78cf8062d58447a20b59ec340159264e290b779bfbac7557b4d636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe

MD5 cf9ffb7ea7001f26fcb3d5f6da2aed64
SHA1 479e5310378d1e773e4b38cedaa5266eb82cf79b
SHA256 a4a5394541eb8a08d54a354f9cb445e577e54d22ee3679391f9c0ca07672fcc2
SHA512 1af42e32c203aec582a0f561297c1338cdf92be5b46a02984515a6c4ca5cf45429c79972f8e1ab5f1a2cc0162ea5e61995f01c3179f303a5c95419e360139736

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe

MD5 5791075058b526842f4601c46abd59f5
SHA1 b2748f7542e2eebcd0353c3720d92bbffad8678f
SHA256 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394
SHA512 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe

MD5 33ff04415f2d8f2a29ff3908429a3c23
SHA1 294ea591d235a728e5023397e1aa32e7f9cce2d8
SHA256 e3fbb185f7debf1ab7dbb0bea1c19b69473806855bb8efb267606baa3b01964f
SHA512 99b14b21d06ba857b43d9b6db6a11c6feb95e6f279e8f7aa182d92a2688bb2f946c75cdd7b4849d937944b1f164e22f1ce4cf1c6352367b47b22cfc800c33d52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe

MD5 ddd0389389450f55ce1a1154fc6caca2
SHA1 7dde57eb3afe8d0f1d413c278e342604e1df2427
SHA256 aea9fd9958934efe57f14b2e375af4bea0acb728a61a8ee3664efa938cb840bc
SHA512 e6e3efec88f74a862371e3a20404ea043f12b1a86f84db25dfc3eabc185b32713b8c168b7ba285fe2d7ac8bb1900ba421a4b1e49b78b6eb36a09478afd7bba38

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe

MD5 99b3746216eee4e4fbac72f6ac7f44a9
SHA1 dc6b71ff33e212fbd445b1e9b86e638c7521f2f3
SHA256 515af2ceff47f4bf09a46f15947658e4fea6c8ea078f7cf597fa6d7525142c80
SHA512 ac10c544934bb6f0e8a018fb0dca37b02afdbf2844797c4786481672bbd52467e2e001c8638a2eafd9eb9486c968ad85d97a976ecf6fec88357503d004c5e876

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe

MD5 653aeebc98df7ee6e7867b25e835e3c1
SHA1 bca711524516bfe85d7aee7a83516a41dbaf165a
SHA256 aee0bc18d855eada25b25016845447b51b9a885755ff85c7db9954419ab9f848
SHA512 a9cd010e20ebbe3120515ffbb161a8326aace09b9a07c729e1a7723be99423102d47e6c9e94db7f3161ee13583e7c205cd8108e0e4c2c9a42a362746dd454fb4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

MD5 95610f9dcded01432d179f76a715400f
SHA1 435b7845b5dc5c1d3348640277a231be146ff646
SHA256 4f97cdcbaf61c668233cb0ffe7a4868e287bfa2ba969760ef70c20a703354dd3
SHA512 de4b305b541a1511780e6bc3a759fc1c64addb96290decc9fba6d4ea42a320aa422c8ed55a7b7fc91d308491f711243b42cdecad47c39c47cbd418106a8ee0f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_shared_multi_filetype.svg

MD5 eedd2d13e3671d589714446755b78b38
SHA1 2fdd23507187a259f5a7edb01611a37b6b09f4da
SHA256 467082e15a8ddefd51088e12a6189f9923dadfdf363ac1b0448ec43dc483cb3d
SHA512 ef47a62ce6ffb0c5b34b2c6d72f5874dbad4109b98aaa21f56b8b2d83471f5ebf983f6dfd889399abe4fead6296cf2ca3f409a4aa4badad8cc3c48f688323837

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg

MD5 55215e8f92d35f26cca06fa9d5d221e9
SHA1 994838c8df5921e3828749a7703ebfa8383e43b6
SHA256 e94ac27227c8a25c3f8ede219fd80ace01e7176a12111125b31ae1dcddd487ae
SHA512 7972d3fb8c305a1b41f3ec4a618c9904c1e655fc757f1dc83f9d9041433f3c30e6708ed3d4fb3166cc41d9773df3f159aa44333f76fdde28f317676046bc9c67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg

MD5 2807924fc18c958c38a7004a5dbd4091
SHA1 85534040543c3306284e6a475999c46249a35e4b
SHA256 0345bffb28f80f4d0ded1a2af09a337b18ab3a80c68205bc8321a6ad4d409500
SHA512 264d29c6b920b3005ebda1fdb0e0ee6e17059c69d63969c61ea4b5c5464022166ccc04b2c1f69b91052c3e3dd551a087e8e5379d2a62c452184a12b278a8ac3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg

MD5 cd5d2472a2bf9ac7eb4e15146b30bd2f
SHA1 bca600423f99b87df44fde9d96ff874017037afe
SHA256 038589c0f8f0b9fbed7fe7835de0237de4a28ea404078955a78c0b8145fa323c
SHA512 dde83047b85cf0afd4ac77c9f4e850ebba48a1e1d581ed78c30733f58a9d5e2e22d34a2b2e57e4527f3c314f84922c3aecd6366052d46e0d6157990ed888a27e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg

MD5 0498cfb8aae1383c049e8ccdd85f3abf
SHA1 c5fbfcc70b441e91a5ecd23295c745aaf076aa4d
SHA256 ad125b854735c81b5782a65b5b006c7c991e28688b6dd8e5998f432976b9223c
SHA512 113f19bf726f79473ae2b4406a76676ec0bc4709a26f374aaa3bbd9d0b5790ee4fdd8ebe1a3ab68995973923ae33df7c1c6798e93bf060643c14acfabd4e9302

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_hover_18.svg

MD5 30c9bd1aee3794fd46bc99fc2a359212
SHA1 9817640da0b98babc461d277a39b323dc9a76cd3
SHA256 4b10fc416763ad7b65a6d6fb3c0016505ec5aaa7a117021a26e4dd6d11fe7d1d
SHA512 bae367b7555f5f7f677abbad1dd548225c2580ffe21bcae5022f8eecf8c97cfe8f7813fd86c31a7f9052c174610ae9d2ae21ac22b381701975492e2386f67f94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js

MD5 68b6f0644d50595a97c9fd60b8d8e697
SHA1 a4d0edf9264ce1922dc419c7f3b3cedb2814bea7
SHA256 bf9b3f1f9a3a163d41b1b20a2c410355e6ee72ae97725a7bad97ad23993b0b5f
SHA512 d1a26cc27c302f06419abf97507c0a4d06729aeadab615acaaac0c3fcec6d7715e10642121a4d773ad3d5f613030728e49fb3d07303fad05f7a342352ebad003

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon.png

MD5 65c9f3fb24b80d8c470d518f901b9c60
SHA1 b9521c39944357d4b55b91f9f3739575d1f3bef1
SHA256 8de76ee7eb6b32c307d4a46a43ac55bc15b917e2a24d36c3d001878a97fd39d6
SHA512 6572d65abd587055a69980558b2568266ff76555faadf3ddc93fa65bdd7a009a2fbca10f37f44c27ae889d3de99a3673c2b9ba6e6456242e951703fa32d9c636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\ui-strings.js

MD5 dd24e91615f1963a5c64bc9878a0a8d5
SHA1 407ece3322d57d16a448b5522d4f29229f80b8b1
SHA256 4cf9816ed1062189ff0c8d427fba5e912cc68fc9af76cf7f08fd255977de3b33
SHA512 a88d5e6fcfd998b0abe79b5b314f3f83f424be9447dca01e1a64a3e7313eb247baa894c10c5758c6788cad27582c09207d00d2e7bc41515e7f1751e05aa812ba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\ui-strings.js

MD5 b651e9101be833e87337050028831efd
SHA1 ee594ba38a6324369ffc7b4dc89407d3436e34d9
SHA256 4717e5fb82c0ee85a7c97d022f410990a62efa2492070e42385cfeab67afd619
SHA512 3552858c2a688c95a76c0bb8a6a76b119b744b2e8ae7e7f30135ccd8a145318762faa52c1783a639fb179056317caeaed20c15f211db1d45bc957bc3ce591aef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png

MD5 3f7323acc829bc8b3799148d439b3d47
SHA1 3d3c540c4080462a8013d6db9383ad69606779e8
SHA256 d9de646d51650572b66a6cf8a52ad1efd46b7a47830fa7972da0bc05baa2fad0
SHA512 09e2a175dd874ac369331fbfd863be20c9ecc005bfd6c7eeadac071804653265e4f7195d70058f2f73951a6a6e202fc96930f2ce71c2d815b228edf01729b559

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js

MD5 fb4aa89fb89bf94d0590a3174d1193ff
SHA1 c3812f2105099071c24141a994a9d5087199dbf7
SHA256 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273
SHA512 a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png

MD5 7ab2ac51d33778dac850c5dd8b4ba45d
SHA1 b3f47f20c438aa488fe835e0145c014853ee48aa
SHA256 ca17d6cc1f7ab317c34a7cb767ad017163e71726ac648518679c6b1c59fa86dc
SHA512 c14ac0ad209625e0acb2ca9e0afc5f6c98901b01f92b675d073b72929455f47ccf29cbfdaa248c602b02fc2bce484c56753b1a54e66f6ce9df2ea57bed88962b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ui-strings.js

MD5 07bcf4e882ae521ec6ddfd0bb2a608db
SHA1 88e2ab25dec6ba9fedced9bbd21da03639da9409
SHA256 bc9df2774317cdca8e5a702f249a6994fa3b63852e7749124e82ef1f37b89aa6
SHA512 ceafee63fb03e94b418bd87c6af91a53c9bef53b86eddb51a7aee77d8ad5e6654045da12c3c28f3ab4486d2f6f135f7f834790991037708b0301085f62e22fa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js

MD5 0ec670fd70f5e89c3d2727df9f2a5398
SHA1 d19c88c8e11361d4f29719518b8543e0ecf5ff09
SHA256 8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3
SHA512 a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png

MD5 2a78f84427d1d591409740722e60d793
SHA1 304f17d9c56e79b95f6c337dab88709d4f9b61f0
SHA256 4eae979bb805992739f77e351706e745076ed932d3ef54dd47ba119c4c2fb5c6
SHA512 d687c646bba8b801511a17b756f61a1209ea94938940fbe46d9e4893f14606f9e1e5ff468ba4a77474603f5cdbe0cb9df3d24767e5c9ac81a0b373dcf4a4f3ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png

MD5 c7fc95def1d53bd3e747248ecbd3cd5e
SHA1 1b251f02465f9c7dce91aac5aa0679a3c34318e8
SHA256 4049b739e6322c7d7caa241ac41c8e0b1f2893957204a910c9708c7731a7a8b5
SHA512 f4b90435a3b250c1d3dc8df9bb4d331dfe9b1c0212eeb1768073afb81b3915fe61a7c4af151c8090565f778dbdf1f4fad7b5f545c9a21b7782cd7671be2ac96e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js

MD5 1ea3b76135bb4a589027d6243075a936
SHA1 2951fdafcb862ef53fcf213572368bd5e08094ad
SHA256 c960c819e997c1c9d080235a5e24e65059b63cf66b95ff3da9a44773ebf81c1b
SHA512 3c10075e71d2e44535e19c8660bee7071a110d07dbef67ccc4cc94c45f93afd72f8ce6b24be31e6193549823b7db204e20950e5c1a075ae159c39682db295d27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png

MD5 b513ae819f7d8d10fa4f6cbfdf055b22
SHA1 b4228971cceadd4a698f3c206d8f4bc24a37f991
SHA256 25778f162c4243167f8eaa876f1b0619e67afc158de7805600471a563ec5e8b7
SHA512 c11266406d79494f7d74f8f8a5f955e2bad14b8924877e882fb3e7cc7442998cf6e7a9be3aa7f1a945af8bb2add9dfcdec0ef54239f6ee80748d77444dafe6fe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js

MD5 b17a6a8826832fc2e1098d0286242861
SHA1 8ce2bb5944d61be2b628fc80ebabc769768e0b48
SHA256 82a1cc52037ccd1ee4a73cc41b86ef4c9b45db28025d56105566bbc9f06bc41f
SHA512 688757cebb6aaf1a9948ce1dd30318ac2b7afb7a47938e6eecf1bbbc1be058ba78744c208d71a9747ae514242b09322489ad314119cf612a7e4a717907521962

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css

MD5 651bcf535ed50ffa7724c8751bec1a66
SHA1 5758c4862740517ba28026c298d1b3a61f43716d
SHA256 359f38eef400e2fa3924a3258652e74ee19cd46cb92e47bce91f1194fce25e9e
SHA512 492b73f1622e8a1a064141a2edbac9fb29e5f604b629b063fc7251289d237e50721e1295b4f3450322fe72f01b57561a79f0ad4b3a20290cf3214ccf0204d372

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js

MD5 d3e4c2fefeea6e6c467df305f7a8f3af
SHA1 a4468bf4d5abcb4d720b0fefb396dce5864e4717
SHA256 e9288289beec2fe3b6ac24c1311451c8d079786a09515b95cbf2eda7f87f0b22
SHA512 b81a9d38a4a6cd54c2081289192ce7aee3e34d71f834c9b94eac8cd79a5cb90a0dbd3ee0da89be68e4fb69a82903c658addc272a9d70d8f8f8f8cff5c2c18f10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js

MD5 a3f07671642038caece41ff2a52d8673
SHA1 53442624b01b79a3729a23d4f12efc8dae4b1002
SHA256 088d391d696ec15140e7b4dbe6fe17e95296af9d09c7eeff17a0a9c241925b89
SHA512 5d1ab4b072eec924d13d760da6aa958cc81fa58cfec3de8ff239d131d37b31cdd547eac0fa5ab34c060f0f28a2295e071a1a9573815541c5b92cf0c63f11bdb7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js

MD5 df3b4d35decc08d05ef8ee0644ab7274
SHA1 6b0381b9ee40dc8470a63218e5cc5feb579f7334
SHA256 e27e5eb93a24a2d866e30bf027e4f0c3da9fae8968cf5eb69446e7f668356164
SHA512 257c770416a94f5b79ed837fa0f5e7926cede3ce06c1a9b819c1ca77c645f37bd366564cb028b0ba6afc5444aa5ac774c3af36cd7c108164d1000254cf85c94a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js

MD5 74ca2c01b07af0dda4bb39ac330fc49c
SHA1 7cc7781cca7798ce0940fe9be999e85f8b5064e1
SHA256 ab9ac8d62fd064748c921e6bd4c123f5cc8910a384d1804bec33ffe27da27c4c
SHA512 cd71201d364c7cfc9d317f091a9dc318d77bdc7340ec4abceee2fa23e3f58cfb1a8f45b5216f5ebb40b3738fef28eeb37717b2508aa1369316da6b7c82c510fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png

MD5 bec4473fc43b77e28e60f89da4e29c00
SHA1 d5dbc7c6642a8a23da14f952a0f64fe874e8191b
SHA256 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96
SHA512 ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png

MD5 39e7048d412b94bb2dad145a2daa5875
SHA1 08778bbd84d9411f2e531867dffe45fee5d60d24
SHA256 4985216f1f370fff03c45d4a711c18b3f49165f8278e6cfc231bb38b920095a7
SHA512 65803d69def3517f0021a291748b55cb5bb2e8437732e6cb9b99b1f778f766fbff2c484b664d16ccbedcd51c14f89e99cd5f977cf97d680eca78a9d4f8b87fb0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js

MD5 92f1f77de0ce17e9486d53787f69618e
SHA1 41198fdd6a18321c15c3d4647962e687fc036af6
SHA256 4ecb5e390829b5b11dd02db2f22ac1349e32a24e5bd3a8489f6fb5fb0f07eeb6
SHA512 b389c8364936fbb96a407fb1a848254fd8b7bcbde05637ac1acfb48ba0b30e887dd44b2447e1e3eb75a902241d67571584a819927cc8d0a91d325f5df79f12ce

memory/4740-5153-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js

MD5 72542b122d453927f3d6c59552165606
SHA1 6e2b7f049b60f10edcdec06f357114448c0896f8
SHA256 3b17f8b83bec3e72acd0d014f58e7de206106a7644bf3293f93c7456ced47419
SHA512 25eade5c88cc35325978ba2e103050608fed4330a1677280eb2e0445946a3367d26796ca1233aa6d7ec4c87f04faf7706d82c72b3f3485d80c18e088813f7a1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js

MD5 7d8302df4582de342a31d0335e979ae7
SHA1 7a3e918e23dc8002dfbe1695f8e8fd52db995d1f
SHA256 899ad5e0b3501d7e00d2f3bd3c7729b4223839e8629c61328db0f818ba0870c9
SHA512 cbc23b3285f6d8d72221d0fc05ff59336402005e7d3f50d66249ef6076648ec2e22d33ed64f5436767c123f59d37dae45270a259153ed98b885f9c43ec9bc2aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 421cd12b43e660f10da31bee36e85f4b
SHA1 b568bb931d5bf4b5805d20fc339b06f9b3763c9d
SHA256 ce7c16adff608d624a412164fdc692305fb461f4b14f9167e6efa78dbbad12ba
SHA512 f56bf5a7a713cbf018203c24a7f9dd426a2cf018cb3ddf9e27f3a7765be3571339421fa5a2cc68f677eb4929a2a2835238a723db4de07bb0634e3f151878ac86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js

MD5 35d5c7b80ed270a94872c0e56a6c59c6
SHA1 bbc4ed04ea6c922213d7cc19c62c3c4cd23b7113
SHA256 5c03e31975b96b3d151d9e034b884cab9c6fb29576d2b5653c375fc5661b6dd1
SHA512 57ec341f6ff49f24516e117d5c0b119ba4c62dc0537cfcaa15bbba248729c06d29ca224462bb331c44ff1b3abd724df86d0b2ec473ae9f5d54e31ae2002e8bdd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js

MD5 29dbb24810bdd7f802c1165f8bc3a714
SHA1 9ed5ed2ea58cb6d9196e8d88fccdd8f0d522ea47
SHA256 c9fdf06266cf9e6d61f7989471abe569239a93cc2c0f65a7c596a81af8d6a67f
SHA512 3802320bcf7b20a6656460456d5b03ac4f85e4572d7530518dcf99f28162964adc211c5adcfb7ace603b6734271581cea26c9e85821b88b1915e13780a19ec24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\ui-strings.js

MD5 b54b9c5d611b062aea9d8ec0d192335d
SHA1 a6a96602b80181ef494a0da49dacae1c44f7c739
SHA256 d70a13e9b9e9f4026679200872160d667979bd0ae57e6527d44090e49bbc2c83
SHA512 e56e4a0dba26c3bd824bcd397d495249466a3732bbe1466f9ed1c23ec3a25d79e44e360fb5ee5a229fb24d6961ac32a2a57d0a29fe669e767bd33b956f57ebf5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js

MD5 7a232b079f30771ada44ab6a1843ec14
SHA1 72349db2853443af021d538be9417fe32369d2ab
SHA256 e33edcde1654c47b3f834797623932ff5dd99a4331b255b60452d69d61ccfb4c
SHA512 431073f497196ad03ba92a8087aa6c50717ae137b05aba341cd8f7ec1705b46f2878b30455c10d7339f89ef16022ca5d054b0f96e5956ef0590121ad8e1a6638

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ru-ru\ui-strings.js

MD5 3b8883ab58438b245c89bc76ee848752
SHA1 7b01b457344fcf92362d14247f2c389ed0c89b6c
SHA256 b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697
SHA512 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ui-strings.js

MD5 5af99e838bada8e34b660d7fcecae2bf
SHA1 ead4e402f4696ede69adb3e4cd694e7d52925844
SHA256 e3f604ce27fb93d417b9e8a4a5f10f6fd17b59a76aad9754ea0cc5c56b31687a
SHA512 e69f6f12a51382491b4bec6f19260df249dc6dd9a33fc590a90a055baa5f6dcc80894e2c65ecc7dd0d10040c90740dcfcd2f98dbd1f2fbd94c34941897f6ecd9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 ffaab524b0c94fd06a44c1b5b683e0dc
SHA1 17dcce5e4d3b9f718c902863652cb67e060e2f3e
SHA256 d0a34414103960973357a239952bb0fab5f988ccda1b67ff8e6864afcd806272
SHA512 a7ecbd3e9656cb0fc1304b4b86980e97680c73b673c4284bbca08c4a3f3ade0699a7de61f0905aee9d521da4beaed61d3ec943090ecc44833118f1f5a29318ab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js

MD5 edbd91ead174c60fdacb765349ea4fcf
SHA1 e55660206658be80e2033a93abd8854653246eea
SHA256 dfd68e26d32c27e8c7d096cd558b12da3228019525baaa2d4b32030339fb0b6a
SHA512 9c664370c6c102a0e6992f2fe711e7fe7f6ac732a8562bcc1839a0d99d828e4ab0b3dc70f33f3cba444d04161d0df13b70e72b9079c5aabc7a85543168d58854

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg

MD5 9b4c8a5e36d3be7e2c4b1d75ded8c8a1
SHA1 1f884298931bc1126e693e30955855f19447d508
SHA256 ad47fd9e87159d651a53b3dfba3ef200684a9ed88c2528b62e18f3881fe203b0
SHA512 e1acc0b10c92c2895fc916fc8feead869e04315e5e6e279f8e61b344545103b4c9ff808c9ca2121d1b013879071364f677da128caeba89bf918ec2791e5ed094

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png

MD5 3d55e1e012d3824e53e84d404a6e2f2e
SHA1 9983296698d4e2736faf1c529e8d27f8071d7939
SHA256 6559f403524ea6ef9bf2e1d0bb66d1af8152920fb002ec2c4ced993083124a88
SHA512 ec75d4dea30bf7567b2f6e30ffed408815c57680a38659f6055d770c85393d8a5678d38a066ceb7fd0ff9c5ef49cf9fd73d7e8eae5a9a83360a41ca74343f576

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png

MD5 45ad813c887294a1c5c88358f6e6fd12
SHA1 45266d0bda31888b67b10c601d303caca8786d30
SHA256 91ed5badd0d99f45c65c0ccdec04fc59fffb1f6d055a4d2722dccde82a6bb73b
SHA512 b06ab5889fdf50735ff0c3cfcac3e526b9f32d694ac631e7c2a06eceff357f17e92540df5f84426f8e8f75726c1e7df3592f1620728b70a4b5290c9e49e377f8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adc_logo.png

MD5 5c4cbc56377969e41dcf39d60690feeb
SHA1 a20120d0d043af4d3b6a72db517ab8a623b3febc
SHA256 c0601bc1bac97e69da3ef3e2898aafe64aec5ae4f3ccbdb7649471f76da4ca0e
SHA512 4accc91aeb47949f1137ac69a0740a25c957853f59ff8d18077e64b1a3262488b71fc4bd45714075a0652328e1a49a602c7950b86edabbbd7e5abbd9000b705f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png

MD5 4eefd60f439096ed98b6d8a585da12ef
SHA1 75cb70498807b0c823cac760e00652842c1a63c3
SHA256 e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c
SHA512 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png

MD5 f2f1d5a683617b2bdb6cb0b1eae67135
SHA1 3e0dda160b0f8b963dde8036b45aabab5d86504f
SHA256 96497e49c11ebeb0f73bc01b033b7f45cd9f8eee478176e11b1c7342efa63569
SHA512 cc9688ee19a6391296abbae9fb1422a6d72d87b7abe8552e860eeb092f8cf7e6864a7f06dae6a60784b77353c38103abd3632492f8b33b7b3d900531cdb673b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png

MD5 a7a19c86ac01e03111c30032ba417b55
SHA1 fd7f42ef37d82cf1704b65762a8bc6b4a868234d
SHA256 494032a3293df271c7cc5d26a5753acffc5f6df811d024e9b573f2fa380f3591
SHA512 728d4755dd7d21c5ca285906d5f043728fd089de42d2fd04beb514563224104f7672e5f5144e4ed68770b933dd1069d76b26d140eb692d83d907176330f3f6dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png

MD5 6018a4862e3cc6b434d517a47858a2bf
SHA1 23769e9ae485bb2c35630db9a6ecc8a40c2207cf
SHA256 fde09d85ac7ec84dc0b5f2bf1c1f935b80a3e45dd9257af499d412302602f310
SHA512 4fae17ef027649315cbc73ea47a2fbdd8c8c05b9d818af5b41439e9e5fd81d62ce13f6ad125a2817d0bb4b24a831358803c53003628520cb9c2a8376ac8e1aa3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png

MD5 5991993dd41d6d2b062d58bb70971e0c
SHA1 1a75ce12ef1c4cb6a85225d0bf4f68d4a3edfce5
SHA256 bd66e8f62d34f70917102405af895c0b07b79c13fd2d1ea65ebfba3bd4853aeb
SHA512 75511589b1937aca668348061728734718d02065ae76446b61e3292834709e3b66f2a453717fd593a8fa1db92ad7b97af03f7d2e7f5538716582ae7d8c11e09b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

MD5 cf69901e6d4609009dff8be5b3045c96
SHA1 712afbf4bdf24b6fa059f0fcd837449d75432800
SHA256 16d0edc8b7ad7705b23a14058f366ff1c0dfa16a0ad14f741924c308754cf8d1
SHA512 84b63e071f56e8e406fe361473dfd6eb17daec1809eed425b1b977f0135d6a78a3375c9bd1a65daf1ac7977f712b63ed735eac8ebc91e55c1a3f366e288a9ed6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg

MD5 8c8fd1cfdc60f513bf20132a1d5aeea2
SHA1 40167e542ddfd848fd138e2914dbb7f116a8f99f
SHA256 f438a4e713df6a982afbe2eec993cd582edc37a876fee88e1ddabb478f2b5ee0
SHA512 e5a985404619bebfb615d4b5378942b56089b40170e4072c61eb9ddf722639941e820f039437b59cd3859944b3e06ed72ee49e879522e81fd9d49b56c8e40d35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 8ab4b211dc3d2947d2466033f6d524f7
SHA1 7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb
SHA256 5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee
SHA512 0b7e9cda1a82a15fc9492a35808bd1ea43966cf5e55d84b9831f79d64f36a66583a14f0ba95eb12098bf9df6a95eef0bec6606aba1cf56bdee0e046aa60f8d5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg

MD5 2518c2304a390e60d20b53b101fc0056
SHA1 aae24d58011859ff6986508882dd7eecaaa7f604
SHA256 03e98670a1d9049b8e1f02c4fdd449d098465f7578ee0eebfaf3f138a78301ae
SHA512 b7457acf824d68e7728088668cd8d44e06566dc71d156db7e9480b957305f2268778907a8e93e4e2d1937b3c3cbfeeb327399cd7f33a60274d91efab2ec3f534

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe

MD5 6b0a4731a12f99ceab2a3a60aa2062d7
SHA1 22105cea1a8f82d2825ce76553abffe85687e804
SHA256 da0864d98fa6599601257e4d098d40dd2a3611382f66baabf5b4bbde70c5167a
SHA512 b8425eb8d548226e06e6272eb77ab6ea54549f6897881122ea437521a13acd219ee63ad0af0bdc1a107adbdfbbf92b4fbd524b5b2813a5176366eb6f7ecaac1e

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5 d898745feadc433e88f150481184f0b9
SHA1 114b2cca045890b72dfb7dc7abbe7878be5626b4
SHA256 9a265e8bae92ef6eee0c931d32bd13c843d3c49926a0e7fc8d7735972f28e381
SHA512 7faf47d247c58bbf5167ed8bc1dfaab0d01b585a911b69621efd1719fc81bb202cd512855389aeb965927aa0e15e25ba7ddc9aa05422c17f3dbffc80a15dda74

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

MD5 9c59ddbd6efb94149ccba07c086de145
SHA1 e2c98419b84e37c1c4a394b8ec6451072a1b8dc4
SHA256 dec84d95197eb2c166e8a47b085b02ec2d21dd7b2f0d657d832b4f38dd257e5c
SHA512 2355f97c7435734a675f1a25068f0a77fab08e29868c82b107813626ee8f705dedf63500bc6ee5e898451de147d9a0d999217385a42050f9a7ef071974b1809e

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

MD5 e090f77e8725df85bf672af22a338921
SHA1 dba09811be9b32f52f3fcfac79d67bc1a8d8266f
SHA256 dc8896e6eb7b6041475d26df03f446e116d546b9f0ec4481d5f0fb5c0b6d9004
SHA512 859d4b7df43799f4cca5becfac0de355d6fc35abe1a33f23b374082b1145642b1f07b608773387cd6722096bffc6cc6c95d585f346aca0b705b609bb90bf391d

C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe

MD5 82073e3d3eefc7fb8fa243a4c831b5e9
SHA1 b224632b7d1aa39c6157954da8b89a5c1fe75661
SHA256 674b7f9b455c1e5880dd8176192aca1ff4c51f575d6241a1ba57d699b8b07a59
SHA512 ca8434dff0ead0067c93453cf19ababdd3d4bfcc1b4d894faf40cc1365792c4b30bfb7c5ab0caea17ef7a30b119e7161da04b8b22613edf689a287bea75ec8dd

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5 f4f76d01976f4fb78b84a56faf07ef9e
SHA1 87a6144a9184e132e78868a2f881fbd72f3917c8
SHA256 77a0f0dec89a66341aa4d75bf8ed345fc33eb9204ca9edf4cc8896551b076811
SHA512 2dab4580412c78ef5145e8e9bc2bc8f0f1c9df6678e81538bc37d7184bbc6c1d6fc1afa62cc24025323995f70ebd5b687458cbb6694d7cc09d9ac3793a3e08eb

C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe

MD5 648a2de249b93c97992bfa1b091378b7
SHA1 8ebffecaabc9bd80da4ae8e543dfe2f195eec3e3
SHA256 79cbe36f204b682248295dfc99ba1838b9b473d61c81b0b12811dea9c15e04f2
SHA512 cf4686f2a1efcfcbc87ea64a5a3621de725fea877855fd641bb34f0c898c17d07c6d8396b2e5e2075eaaf36c43060f0d71ec9711047dae56d317ba8e01a07ff3

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76140\java.exe

MD5 24aefd930cd0067bc1bec3a181d14570
SHA1 218c007ee9e37224488dfb849c80f791902d78aa
SHA256 1fc7d0e532af4bd685206932715ccc46019e8333b57adf2e7417fdfa2d756ee9
SHA512 8c9ffc265527391be4972c9d7620f00da4523f4834f9f4fe0ea79537c3f166c5f18d6cd9d5cd5444df2a420fbc1541fc78e29ae10d080413460c08c987dc80eb

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_76140\javaws.exe

MD5 728747e82b337373a05772a52cfb2d9c
SHA1 3dbad154ba7298bcc16ec9c226f52718b778d8b5
SHA256 be1d040714fd32b9a3574d41fdfe407d1f87fdbbc568003ca06258d13d5c7b46
SHA512 0f62926da147a65218a464d096b18c9514370f40b69fd658ad6e56cb5bc8c0f58513c1a55045cd7b805989f66b4572d30c883f42b250848c4054e8a4fd3152cb

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe

MD5 11b451c2e975762872525c82aa5b9833
SHA1 b48e982ab1536e7ad6d720c697c1d4fd25d1f3f4
SHA256 8ed25372d619195d707074903687f64d7ae6a40e29666bb73ab9fea682ebd2af
SHA512 5ccbd2c45ceaa71b8d18d4243d5ba154bfe35439498649a1d8e349b06023fc120561d4db7d0604e71e8c492de1baa4e2b4c4b28140ee9d1d8d1a7ca2d087c445

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe

MD5 6393e803f97c7fca713d899cb9886d18
SHA1 9172e7ae4f35a478cd416ece868cf308d303c3ab
SHA256 e7fe1ff96b2dcb1512bc530e2ac86ded63c495618d18aaf3c3db52e6ea3e2b0b
SHA512 de53203ad785d523124aeea4f5ede064dfa635d13b99db991728976bef4af2fa9afdc17f27a31c2b854a38cd2f37edd2343a2bc14581141217d09495dcac9970

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe

MD5 fbbb926d723c4a40504f62f00efa1673
SHA1 91aa445e22cf1d0dbdb900c2215621c97ee37eb4
SHA256 70f26d8e6464836f8b73dd6ddc787fa3dd6c11f63a8f6c41df9c4b533f97e0dd
SHA512 6d68aa265ff679f67808055e48f7d8dcd6b8132e26aa297c4b5307c496a7eb8114ebfaac0370f9d7a60dfec147c5a955ffacc3fc36151bd08afe20ee32491bdc

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe

MD5 1b9cc7e46765f3a07113568a76fa2f1f
SHA1 6c7b7494d4cd17c8f2fa99313a0ddadd45bdd471
SHA256 ae5b8d19cc48f20ba8c466e0122ed37279e9ba335d751e9f7bf6e3f5aab608b8
SHA512 fcb61565b91f3d58a207a7893be8ce808bf6d6f582ee353e74de2d284ce81248904b7f7eabc179666764704c386219786599fae61651c071f063a6bd9b5c9746

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe

MD5 85bd227cce35af823b04887a113a0f3c
SHA1 be356b131c3061d5840e249c4d99dc6aca9d61e4
SHA256 951faed1264f3f2ecfb91334347895c55e06a5752aa562dfea600faa4ca0a3f8
SHA512 c127445719721b9ae8abf940139bc03b9a360c2047ca67b4c0559b3fba4398a0c86b82524eab2721e0545781d6d2820a7d53ff5ae5ecbfc15d1cfb3158dc9b80

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

MD5 5bfc589d17d6fd6077affdcff278ccb4
SHA1 6ab62ee661fbb8510a5c9dbf1650babace18528b
SHA256 58d5c00fb6c0b65b5b313b96a2fcd5cbf352ae6aa3c1d9d86fda4f73716f7d39
SHA512 85ad6035333de189b8014da3a611854e415e90ebac57d8038103eb429325f2e57d239a774c9bc2d7aa17981b49ac57d36db8a4df575015a9d2057602fd3aa525

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

MD5 ef4fed0b6b34f2309a2316c1c03b92c6
SHA1 3f9694dfd55a8bb1465970965597148b9062ddee
SHA256 713a612011354fa640259a16698df1419da5678a58d95d2456ba4d4213518752
SHA512 f2a39755b75cb802400b46eff23b21d4e4f11379c37b00c5bc829b715d14c973ad161b68926ebc6fa08c8b8bf89c4550d28afe4abf10b7299733b5934bb1882b

C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

MD5 ae91d609f41c01512a760d2a48c537e3
SHA1 3b43d719bdf38e8ba493897937d99d7b0582128c
SHA256 ec9fade9478b126a77105e32fadf47b8d1cc6943e97393fb7900f1f142ff2d74
SHA512 9247884f97caa9cc84bf46f18a97d56d85f26f14ecdf695ca57225ec9d925c84b8c48ac087f96cbd0664c36a6d54378b6d6e601f09b14326b34633f9634fa1d9

C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini

MD5 1bf37c0336c12ccaa1c62386acacc858
SHA1 f1e187c79588e4e9fce931997443d7e5cafd1db6
SHA256 a9044f3c6877f4fa6789bd90f11813a22696bda53e0be17bf52229b70fa87673
SHA512 f75100874b1dd43c49f54a9aa4621e8bd1efa84359ce44ece2444b639c7bcbddf6564f6c4be089f5d656550c7293b9f5ec4a4b20880939fbeb5ebc21e30866b1

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe

MD5 74b21006a8cf4e783c8a8193290d97e8
SHA1 16523f9ec69dcb25ffaf20b404310513a61eb0a2
SHA256 ac075d5a359d8cff0aacef8220b69c540180c38606a614e101d9ebac18c66a4f
SHA512 355bd26c1f01d18493a8c1460250b2c90dc5317e8b01b2b4e7413292329fd995c50cc4dfff44552113377d039aeb9f6dd4d8ea27c303ed973ec6c420c4b84a33

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

MD5 389e1a4d39e5670696c315a2210ab2aa
SHA1 98feaaab58638665e836b4689520470c705eac1a
SHA256 e2e08a509d16712498c8a0629cddb689fdb5c149f7f2de12a6c8f980d5e89a61
SHA512 2c8f4774468eb01eb1183542dfe63bdd1e0dc07edecc8f517d900aa7273959a8fb7818042215d68b002ff07d87aa8e0899ff4e9bf2ced84af0a874a19ae61514

C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml

MD5 798b4a7c5a9f20d24f36ba8daf7b8f70
SHA1 0f007b82783ddea5da7374c96925b77a7fe9f57f
SHA256 e5cbc8e3a6e843009fc9a9de7a83df9d05532e08d48da06c66f907f58d0c745e
SHA512 e3faa4376d03dad6cd714dee6349733abe29d0c2118456f80bcc4c758015b12a06b4ec6532a6e98d512f5c6dec7a7ade5c1d2a418db0f739ed17f18c0cd6b54b

C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml

MD5 f006e7d4dccfb3da2975fa59fc8f8079
SHA1 be32b0764c841c09e3d4931476dde18cf9776b52
SHA256 fb5a84b8d151d7705990e0b26b0a2f326c587126f56a9b33068a534836bdd682
SHA512 c38584c2ee3c0c7fbf1fa177e86751f8240f6295a7f211e890361991b2c485f293c3a736981effc824643bbca802ae1f0caf45adb3bb5a9b2321d433fb08bfd2

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\123__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml

MD5 90947e3479154523f3bdf3ea242538c8
SHA1 fadad623162f56983edef5df34c65a9a3aadca77
SHA256 4b48f21a4b7a02bfbec19ef880a967a02334a3cdcef8ae83de2ef327ba8bc5dd
SHA512 1927cade54451d3de672ff66f3b86c11b13a05eca671e6fe2c4e0b6704b694c2f3b55e388df74c15fa627093bf5b180544de0c48d54917196931bc830b2f0132

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\140__Connections_Cellular_Orange (France)_i2$(__MVID)@WAP.provxml

MD5 310614b10980392ebdb5a5a8b90b527c
SHA1 8c8fb36e7c2a1574cde7fdea30e8e5f14fad7691
SHA256 445c811c35e2fbd4aa59389ec805492c7b2db50d65f5d161417ce8302b103fbe
SHA512 416650adf9a61cbbb6eff7af635264e5bdde903477465cce05b63773927b8afb35e75fb68497882bce7778f524b9c7f3f2befcfe3840e99bff90ccd305bac66e

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\174__Connections_Cellular_3 (Hong Kong SAR)_i0$(__MVID)@WAP.provxml

MD5 b8218972668b9e8f06798be702f74d30
SHA1 674221f64534b568a2c0970d540ca39957d7ad43
SHA256 511321996af989947ee1a15ae57772ccf742c2619afa4819f3facab83cd08d70
SHA512 edcc89723146ba494e9d37c37cfa1d476dc1575361157aab23552bc59c7680182efe78c402576c236235f43a9c1c6ae5765b9150149002289328cf9e577da66f

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\17__Connections_Cellular_Optus (Australia)_i8$(__MVID)@WAP.provxml

MD5 c4ce40b68fb3386aff7120cf8a34955c
SHA1 677fa777877265f8897ce029a59ab1040f7b25e0
SHA256 5ff7c2a57c1de314cb27a2a9cc7db60591439e3a262f53b10e3056f3461b9b3b
SHA512 c1cd06d42ed3f9a556bff6eba4b0e151dc050fd2315bde81c139a5c4510c332686ef520f64175d3989ec7e02e9174eacdc0e0ff081aeb932baad84aa2ec049c5

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\184__Connections_Cellular_Telenor Hungary (Hungary)_i0$(__MVID)@WAP.provxml

MD5 a5b789490e210929d6f33c8547e6c457
SHA1 f5748b41493a17564bf3565dc712dcfef72739c1
SHA256 4cebbf3fef3f240729fad5b11bb24397db5689875a81dfd3507a4238f79664ed
SHA512 3c15410a1fc8e49a61c547ab7f4e7553b9844e44dac8110ec07a1bf13afc2296ef70ff91994b9c0d3d62e4f3b3cb03910c3f6ad5a626a5c9bb1e6474dcb070e1

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\212__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml

MD5 b84ae69de4df8dcf4e21ed3dee2264d6
SHA1 f7c77b237b71adfb4e11fd36ab0c2c90c09f9045
SHA256 7479649f4176c2a256e12d26259cba094d654d57dc58cf51fbe25c14e67c7fd9
SHA512 776c798064b11985fa76b112f0899a22d32e9a33929f177523905c93454047f7763fa54cc7bec486095cacb65b85fc3d4bfa8b64e00f4d731934f9ba54d31f73

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\22__Connections_Cellular_Telstra (Australia)_i2$(__MVID)@WAP.provxml

MD5 cc9fde7e84b9a905cacd8eadca610fd6
SHA1 dc05e28b682154c668ab89c38807a8ee395069d9
SHA256 a3653744379deeabe4198ccb180e4659a1990eb9f997ab7967d5ba5eb6552129
SHA512 9563c271e51c6420080548ca2ca64a51a28c2bc2c6a37d06fa9539808e77e62d7a1848c918aea808c0ed20863e321147ecb41d310ca41c9ddc385aa99377ae06

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\233__Connections_Cellular_Bite Latvija (Latvia)_i0$(__MVID)@WAP.provxml

MD5 b30256abadd6af8badbcc07d790003fe
SHA1 3648553e655f8c752b6ae8f287a8bc88f1dd85ea
SHA256 90965c341840ec297f47e6b77a04dec7b3aad5fe2ee05b5237bc8db14d1daa67
SHA512 49eeb1587bd07267ce70398b0793a03906c8fe1270518f2643182b6aac05fb6246467a33c1acc35ee488e482a1dcf29525bcfbe221511abc483b9638535f6e61

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\247__Connections_Cellular_Orange (Luxembourg)_i0$(__MVID)@WAP.provxml

MD5 23d7bbb69fe74c98ae030ff56c1a3b95
SHA1 a0c95fb1e65348938fb79407bd2e21cabf28739d
SHA256 9d07d0612ffec02a518f9613569f2b8756d54bfd1e576140d278df39eff347a9
SHA512 d8558b0ac430e12a47eae58290777e5358064d1ece51a8170b68274ecef9cc580acce9e39eea914ccd337e277f9e4a5c6bb592cd7d1163fcc614a3a84ada6b6a

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\250__Connections_Cellular_Hutchison - 3 (Macao SAR)_i0$(__MVID)@WAP.provxml

MD5 790b47ce33356b9493e981bf105da7ce
SHA1 f3e76e5e4ab005cec31b3667e08a9acc1e0292a0
SHA256 0782dfda506cb45fd2541d473b203e3902e9affb4eae0c4dbf4e9b10b792e71f
SHA512 cf2eab2e53d0b39527cf91942ceca7f6852f337b8b003410829b249b3da60350c6b397faec3ffa6e63cdfc36841beeddfe0d2f707303e47ed40d49127283c003

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\261__Connections_Cellular_Timecel (Malaysia)_i0$(__MVID)@WAP.provxml

MD5 214a5891e06c2c9ebbb41fad5dc1d56a
SHA1 a37c204143a8c9cc04a80e9691cc40ae168d277c
SHA256 eaaf24595832984b62df6b0affecd5ae0330d83e1f030c0ab67a761800ee4ab6
SHA512 ac33690dfd319cb2e512b1b2403f4bd875edf1489c88f8fc5b311d6ed856125cc356c43c78b9b4cd847f3ac21162fd54683bccc902441902b770423b56633b40

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\285__Connections_Cellular_KPN-Hi (Netherlands)_i3$(__MVID)@WAP.provxml

MD5 832d4a5215870ff40d202bf272fe8c8c
SHA1 03b70a912fbc6e0770723a34461f28cccb95ec66
SHA256 f4f3c00a8386c586b850de86d730be4a6dab72c78e163cfda9bc84d27dfddf0a
SHA512 44323e05803402aa0f7439d4c0d2ab8f2b04de29b84b0fd49d8477d9056a8705d57b2fabd9db9b15fb999220180646bf24cb62a3825a5c4b4d37f15e823a0f3d

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\300__Connections_Cellular_2degrees (New Zealand)_i0$(__MVID)@WAP.provxml

MD5 c9e547be3e3a1f035bf4b987dc1ea897
SHA1 df8805d4654b8c0aa4a709df70ee2b62a9fc1ae7
SHA256 fe2f74a1e0b16a66452888eb4d734bc455cf1304481bb495d59afa8cf9cae93b
SHA512 34de156f7c6bb36046218e7794c33ad77a6f648daca3d83bfbe46c3a180b12598042f5987c2a1be797c0c2bc6fcff893ab2016ddffdabcbf027a805d4ec6520e

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\329__Connections_Cellular_Smart (Philippines)_i0$(__MVID)@WAP.provxml

MD5 9ce3b1ec053bb5a3b04ce82abafa835f
SHA1 aa0d2dfaf3c48ba81d3a2d0e75bddf402b6e913c
SHA256 a7f6f61d90c3b63300c11367d27c72e678f342dd15dff902198d13f105a3cd7c
SHA512 fff0ff7c687e3d54168165c0cb301b420a2ac66115c5a5fd4521fd39107c48f8d9183d9006a65b39d048f9268413a5935325f03bd8903caafb06c72a01b6d8cb

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\32__Connections_Cellular_Azercell (Azerbaijan)_i0$(__MVID)@WAP.provxml

MD5 ec532088fb20a5ee48d6c8ad1186f05f
SHA1 c6802a9edd6aead5b65e75619bf0f10bcb99aae1
SHA256 cfd53bdada0e2b0411845b9a96b1cd3840fc146e5dacd0dd63ee944ea0be80bb
SHA512 a8a0004f9ff4d2ed8dfc0869877a3cadda1ce3a63f7311de00fc5301ff53ae50b7a7ddd271aef63f4a3f3a376e5149f78bcd1c8b536793ee433953dd79102432

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\336__Connections_Cellular_TMN (Portugal)_i0$(__MVID)@WAP.provxml

MD5 56f8973f2639280b45ca0ac1ffc486f7
SHA1 68f40431fb546a6872c98f1ed0c724b8d431530c
SHA256 283de789c3f9ae6115e627ecb921b7b39bdaa1b82289eca5e60da0b76d07a502
SHA512 00d31f362c60bf17f5fd29e4465e3de8dfa1e5759a52956504c486d509de2bd33a578f9959491be681c307f0d69b62dd1a006bfff25c04c6a5283265221f3a9e

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\342__Connections_Cellular_Claro (Puerto Rico)_i1$(__MVID)@WAP.provxml

MD5 68d60749de7d5fe71f2a479f8bcedb7e
SHA1 f36b7163e5fb85a4475661504e1737adcc6d8556
SHA256 e83a13db39a0c9cf347fa3f6d4a204b7f1df841dd9711c51d7c475d0ab87d551
SHA512 1baaa55dadf2ea6844a9f87601f34e3c5870df08062d17cc9e8945c26dd802e8dee409beb002205bfac3a20f6aa791c48b24bd9345ee7ec9ca97d3a2d5c3fcec

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\341__Connections_Cellular_Claro (Puerto Rico)_i0$(__MVID)@WAP.provxml

MD5 1a6514b5e65eeab78790c78c5cdd5953
SHA1 b3b6c689f4c34ce080f11909a8dbaebe3bb50ee9
SHA256 107de77231d7e9e73318f3a56e06dd4ab22cc84aebcf90c70a9e5bc1bee14278
SHA512 aadcf3e4743745734ac147a3be12e967a369d15020a0a27244a4f3558672ba682acd4a12d360335b0a01a7055866557ef2d8bf9662be51a0abf1b4495172e92f

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\349__Connections_Cellular_SFR (Réunion) (France)_i1$(__MVID)@WAP.provxml

MD5 a7df3766ea38999716bcf1033b36fad3
SHA1 0358f58e82e74f352a60b3bf3bbdc83709fbad03
SHA256 4adbd25ead88997e2bc08be72437a9e22b1e5c9e11dd7c08a6840aa6e0024d30
SHA512 69f0b79df39c2c371b86fe287fa4108beb9cec248b2ed91ec5d1a3a21529d3ade794be0b937a95a18a7f8e94b03156590983dfe2984b0b8a88e0933199fd9a60

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\351__Connections_Cellular_SFR (Réunion) (France)_i3$(__MVID)@WAP.provxml

MD5 3d35b336ebb3fbfe61ea1e1041d510b7
SHA1 89f48aa90a320eaa54a915e99c0ea62f18a00081
SHA256 eed8dd47d83f07f5f5c744159df723672a6d5413a474a48da390102132829527
SHA512 b5bb1a5b461002dcfdcf4349cc2578b433035002cfaf664f2948b838e9ce48151e2411f0edabe195350eb8f27441bacfe85a66b07294045b60f4238e210bb373

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\350__Connections_Cellular_SFR (Réunion) (France)_i2$(__MVID)@WAP.provxml

MD5 d00e81a86830948bf7d7ed15874c46b5
SHA1 3b7afc68523945247ebcda3f165934ab61208de0
SHA256 ff84331fe60b287e19364350a50608486b8232f7cf390c9410d0fd8d55a0a4fa
SHA512 315fee20dc56c15e06fb6747be5968e32992d4ff9843a44b59cf519409cdb4037c8e6389db7ae1a1559750e4e2b837fed8e8a4f0649458de3a33c782cd8b6b06

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\36__Connections_Cellular_Grameen Phone (Bangladesh)_i0$(__MVID)@WAP.provxml

MD5 e998be3d3bb15661763e4ff1e1c9a3e7
SHA1 b60a2f72939336bfa0e69f47147135877d2e014f
SHA256 ede1f5301a42845ebacee0eddf1719dce68bcfd93d9f21ebe901f9e1640553c8
SHA512 6331ce75901719dabc736c7af884d7758989a4a782c1dfaf434c59c576ef5af214288949f1be033c667fba6f611e78c7dfbbb9ebbe7c97ad638ad49455c4665c

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\369__Connections_Cellular_PrimTel (Russian Federation)_i0$(__MVID)@WAP.provxml

MD5 d379e9b8ffd9301de96c455029dd5c38
SHA1 0c408bedfdc3efed7a29f1600f38e261175ef4e1
SHA256 37e58b86de0358dccb1639f19b89157fbff05b9828a9ccd1c28c79db69b89772
SHA512 4aa46a8f83cc782b17f189c729f1064f98e717f93789e46a6dc05db2b96e3beca81ba89132d52b53a72702b24a93861fcd2812e4498c8c7000707a19901643b8

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\384__Connections_Cellular_Singtel (Singapore)_i1$(__MVID)@WAP.provxml

MD5 f679f386067f41d85d54dd9d53f46e62
SHA1 da66b795db1fa70040ddadad5c56ba7dfdb49964
SHA256 fd4945aa4371c27363915abe442524bb9d0d6461880904d71c1bc05c9cda94f0
SHA512 c6e6f9c5d8a74657980d4ffaa0c0a106be4ef5616b2479548d2795b6a91fc1dbcc75be4f19f7ab08058ffb30ed2edc82662f98764d557a519bf21859fa2fe164

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\385__Connections_Cellular_Singtel (Singapore)_i2$(__MVID)@WAP.provxml

MD5 ce5d3eab1fcbd68c99e6292cab237c86
SHA1 de1adbc7e465212f2830799c10810548987ee697
SHA256 1a39d9b1f9c0d5c642e180ecc14bcb06bdfd4720edd747f5727f6f7b6d1b8509
SHA512 80fb614cc71dc9f73286d5395d76ce980bc6e1ff15833afa741cf375910cc0775a6d51f4fa742907a6c629e354a12436a00c9e3c2de88646a07c69f61a83120e

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\389__Connections_Cellular_Starhub (Singapore)_i2$(__MVID)@WAP.provxml

MD5 f44a1000506e2f6a96e3e803ead50529
SHA1 657a1103795bbe63b3686ba44c99e25b4af65536
SHA256 c24a434f5121d69f6aae8aef0c0faa9161df78dbd3e8546f9b4fecc2d0cf0197
SHA512 776c7887a88119e749c4c13477e3156c7615c141d99561ea69b7e1c1cc23b1eed8491f7adff74a7092dce1902f493583a61fdfd0851cf1c42a40cc47b3eeb7c8

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\399__Connections_Cellular_Vodacom SA (South Africa)_i0$(__MVID)@WAP.provxml

MD5 17536ccbe836e9925123bcb6f1dae7a0
SHA1 c1fcec3ac6fa95f89287c19d4594dd10f31225c5
SHA256 62bc267fb2e522d79590ec334d73d406b0e2df5ea32aea381c36bfa759ae713c
SHA512 061aef77080e0d72165c2f83c65f672f973ca0ffa31a0f2ddd20cb440c6d24c03335162cdbf614a33456a3db9089fd414ef7b49e5d4788fc3c68523c5e41ed28

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\418__Connections_Cellular_3 (Sweden)_i1$(__MVID)@WAP.provxml

MD5 18b77975210f1e67cdeedc23056261f5
SHA1 52beb536ccf0829980d237e30b8cf6e66f4bd5fe
SHA256 ff9d6abccf001aaf2429cad1844edd853e3ff0c576638a3081b52767e199a645
SHA512 a463e7a24c5447f942837a91c81407e2b5a654ec19b030f03d6269835906fdef8f81dbdb1bd81f28af76c1b0e90cddf8b565c0e1368ffe21922a808298cef866

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\445__Connections_Cellular_DTAC (Thailand)_i0$(__MVID)@WAP.provxml

MD5 97d6d52a254a9cbd2bad939ce1926af8
SHA1 15a64b0f07658da802cb0bdd43c9c6f2df2f0af9
SHA256 bbfa41253ad301a1cd9c7f6321bff365068178f26cd84e8afb127fb4001bc4be
SHA512 98e76665962acd459228cb9635d95bb37c6e538eca7ae50107c665c93be334b907178f87749b3a4f33db34152b9d9035163fe2429306eb3ac45ee539e242c3da

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\455__Connections_Cellular_VF KKTC Telsim (Cyprus)_i0$(__MVID)@WAP.provxml

MD5 c4f30de85d94d65331ebdaa066be7be4
SHA1 64a73d1035438c0407d9bda1a9f10a1eccfb5d65
SHA256 463c406427b6fc98c2bb71993fcbe47f9965389ad8b6e8a7eda224695e8e2be0
SHA512 fe15f8868d16b03bfeab1ab5a7b347823907121254f3c89744ea9ba1eb0e504cbe7614129127381ea78b4aaa3f007142f535045eca0767fd1446b18a6e37ca57

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\477__Connections_Cellular_Vodafone UK (United Kingdom)_i0$(__MVID)@WAP.provxml

MD5 1db1bd9f0f3d2c261347ca9b278351e8
SHA1 6ef97ca278e1efcbfac97ad58bf8d41cd1ee93a4
SHA256 c38ddce4c7d430b93408979c091f901ac3e5cbb112fdef114e87b683b09ef8ff
SHA512 09584069cf9a1133201f5c681360b76791778523223e3fd957fdc832b9f4dbed499984094ee64808977d5b3846f7180f41059db7865adb8187a8d16140c85e18

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\48__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml

MD5 8c10cf7fb63a271a356a191b948f5ec2
SHA1 00eeb01656a2d7c6ef07265a54df940c610918e3
SHA256 22fec3bc784546d70e79696b405d950aff355b6f429f266ceacffe0cc2e5ba02
SHA512 8105bb959ba3b50898dcdbe38eab38f2d8e80856df163cc0e2053ead82276e7d58794febdd43863e78c200091e0c6e4b85a41c56925b0cfa4827667d56ac8ce5

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\497__Connections_Cellular_T-Mobile USA_ Simple Mobile (United States)_i0$(__MVID)@WAP.provxml

MD5 295952536db5fbb6a2a731247021f555
SHA1 b2d6d01db3d0bcdeb5e0298791a4e7207686f014
SHA256 e6ff459ebc86a128b3e37b46d41efd52eedbe5c955acf3d20dfbf99a33fb2557
SHA512 b3a2d70506a524fd8bf1f40a5394b6818282c848dfa8d768de648db931388a347021cf9a917f1156cf98bf071fbea35669a11ca3980ee0365ebe0cc42c43cf41

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\516__Connections_Cellular_Telefonica (Venezuela)_i0$(__MVID)@WAP.provxml

MD5 f0aac468ca67aacc4af622247350e466
SHA1 e59788395d918654bf8359fa992e9f0b23b25933
SHA256 213e3a2ae54f25b06fa2c6712c23310e8cea297ecc0d77c984cf1372e8c115f3
SHA512 aac26ac350e25eb754a8f96247201b827785f20f4f88b99dfcbd487e90f7e98fece696a996b7fdd73e5427c9e9408dc6184d7cf0d2ccc117c13c57b6d3ac7ae5

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\513__Connections_Cellular_Telefonica (Uruguay)_i0$(__MVID)@WAP.provxml

MD5 74c5747a96ed8e17f4835ec431fc391e
SHA1 baa70378f8c072730b9d16869f32a65b7e5d8237
SHA256 fbd9604ea3ee112728696a6a8372e2f032786852b511029d77fb73e06614294b
SHA512 d561bf9775e174a9c5c212dcdb7fa31fcd10f31cb956c4a3641c9c90bf2d16ab625d575a21bbe5faf262c81bbf8754799073d3f6ffb900c5cba6d7f63f4261fa

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\512__Connections_Cellular_Claro (Uruguay)_i0$(__MVID)@WAP.provxml

MD5 c339b3f518bfc65c3a4568de89fbcdb6
SHA1 7d030fb45cce7fd8a24ce3b2f45d97183d5e4434
SHA256 b03298ef97737bbe9b33b942cb52fc5826565adc4498f1a197830a77c58e829d
SHA512 d431ed495d6cc95189e08a905f8bc64a0957e14e192cf13424ceafcd1358cf64079eddb52c257617278737feb96951c4d9090be95cb43ede3733153809512c08

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\506__Connections_Cellular_Verizon (United States) Ims_i2$(__MVID)@WAP.provxml

MD5 f4f65e7495517a39bd68b3937ae5fcf3
SHA1 45bf79ebb236a29f78d4ada66777982055764877
SHA256 53c26240f787fbc905d0ada0d2876b0fc0f95a4767f641a61abab4f6dfad182b
SHA512 b9bba81c5a03fe4f5b9f9a481291bd7f80127b6673d63b088425dd9fb16c5cf16b3e40bab385af97e5e62e7b731b6e65e39f601863e1b2c78f416a3bb64e7482

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\500__Connections_Cellular_T-Mobile USA_ Tracfone (United States)_i0$(__MVID)@WAP.provxml

MD5 618d5a49e6251bee9bfbe75c474c1da4
SHA1 1b59508611eb56f8116308d9eac0f4b075c551ab
SHA256 704b9d42580fd1b95c6f1a35a50e1990afb453f784b054fee8db288d7d56e24c
SHA512 ea0b70a8ac5b54bced1b89c7d1643988a46d8fa53e3dd0f1fcd5434ae8e7ac8ad5ab48123e6147ebcb823e7d681b37c34c0349f6fbdf1da1bd4935d57fb216e2

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\541__Connections_Cellular_Orange (Equatorial Guinea)_i1$(__MVID)@WAP.provxml

MD5 ccd9d8aa4c9fbad1069e4dd2c4982652
SHA1 58cc653eba0694d39e7615ee7e049c8441fe6600
SHA256 35e1150f8a8236fd8c2be2c6da618b5f5366caabb763b7453201f5c430441aae
SHA512 7530335f5f01da26479349321531093d3da8a1cefd4e916496dd254273076df9ef5eb91ecde1221e37a2525e76a8578a6859ec79a15ddb0a69e2e39578afb8f0

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\548__Connections_Cellular_Orange (Kenya)_i0$(__MVID)@WAP.provxml

MD5 281814d2404251097e8f324145559472
SHA1 00ac40f798400a5fe20b1b0a7107ff673a615b5c
SHA256 37e6a9763e777697fcfe41bc5d1236fc197d6c7d8a1ab64d711a9847233397cc
SHA512 a97ca2096324360c054a34f0430fa8015ecca96b6365d2eda73e7ba5faa100616dcbe61f29d88e2d4ed97457d88172f7dcfa26dce7adde74fb4e5b3029c96a7c

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\54__Connections_Cellular_Oi (Brazil)_i0$(__MVID)@WAP.provxml

MD5 18ed71dfb57d0b80d5bf2d298ecb554e
SHA1 466b0161a9ce5bd54585e660fa06f14b3bdbd1f4
SHA256 2dd23156fbb26642d6f2194611e536f77213eb212f6a23654f9d5319a82ac556
SHA512 492e0f2a864d531fc507f9a32a1908a47e911236fba48458e80807f06db07db1a759faebf44f60913c972134bd3ad91cf0acb47dd680e3aa52461399ee2e5cfd

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\589__Connections_Cellular_o2 (Germany)_i0$(__MVID)@WAP.provxml

MD5 05572f82de4f01b1e6f280b0b62a8334
SHA1 6f2cdcbc259ce0b5eb381ebf7738f62281f81680
SHA256 182a1c0c5b24b5c7864676c8b9776fad26041adf276fb3cda84b1770e6282a72
SHA512 036d7fd403476dec5c0f6e866b6c8c224120d9d94e419b64791beabccf37b7b906232f53872d4fb5e6e6eecfa9a523decd8ab2cab67c2cc45f7e5147e7be7443

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\592__Connections_Cellular_o2 (Germany)_i0$(__MVID)@WAP.provxml

MD5 b07d3123f68a0e9f972ab60b77563b33
SHA1 ffae7a0ee7688c0de6ce5b3511e919a306ca4c60
SHA256 db4bffd310f1893d5b97008313dfa47dce4929bcbc9eb13d2e13053f485010c2
SHA512 46e484c49ac6d72bb32d445250f0a1afd6fda9feab8e20de4b8adfffebd3a1ca11031f51d456485492191bc29b74b61006a0a74ce5ddf5a818bdf2479f1e6f44

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\617__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

MD5 27f4380737c6edbfc219e4bc35bc95a9
SHA1 6771b41afd3dee2135392400536094efff75eb43
SHA256 e0ee29ce7978a33861e6e63545deda9e734ea784ee8e4ba6fd6aa56b775f6ca9
SHA512 6ad6ab1d47859076a78955dbfcf50124eecb9bebbea1fce25017aefb92f1114770588c28a514d5cbe89ccbc059e8ed866752741af4a5f3cff23acc44521747df

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\620__Connections_Cellular_Truphone (Germany)_i0$(__MVID)@WAP.provxml

MD5 f159f67739ff0623442a955c060d49bc
SHA1 51f941230a2018a45c57cbeee04828c48ad84b01
SHA256 bdaa16d795466beaf62c4042146d0dae4fe70cb71a82520a774a14d50eb4faa4
SHA512 e93f5a777918be1c9bcbc1909cddf5e62d51464e2bcf2fe7c347393b0faabaf4fb730cf574d1fe7fb4ed924f316d56587f99adf1bd43db2b9d2c9e3c01c81276

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\651__Connections_Cellular_3RoI (Ireland)_i0$(__MVID)@WAP.provxml

MD5 537fd216abb1e2cad053594cc91eb955
SHA1 d0bdd5324c0b31fb4a3cb48c0d8171e68d9c3cec
SHA256 70c2a2bfadbeb56185d1aceb04db11541388c25cb71b104b6fb3b6e1f89ef1ec
SHA512 c95eeed9aaadd6e964117881523f69528d67d4c5951a803d516debcf3366c9e2feb28765768e9ce12dec9aeffb3d577d5f8659f71124df83c196df354eb126d9

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\654__Connections_Cellular_X-Mobility - 3RoI (Ireland)_i1$(__MVID)@WAP.provxml

MD5 e5b0327c41376ef19fc5edc9152529d0
SHA1 57b27826d6538bfe6baf9161eae727e6e614ee79
SHA256 26df0a7f3645a1ea2058196ac97b67e582bbd5229da670d1e4817398fc3bb6ff
SHA512 91aec142ff58700f7906796afdf1a10984b5b3414f8dd415611614cfa96b0f63edea5959a84710f270a3910019647060d9e629f1b444466d7a934a850389806f

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\676__Connections_Cellular_Lenovo (United Kingdom)_i0$(__MVID)@WAP.provxml

MD5 792a64401688470b9b5ec4a1123eb802
SHA1 49eeabdff56444dc52bb1296caf0e4edffb32fac
SHA256 e9a88cd3868deeb7370e877a7abd90c5f0d69c7a2bd65c6bbae30e74133b70d1
SHA512 a1bf2ddb2133149429b59f9691edee82ff30217912d66b5e206078a22ef1a1de6d0cc35e23097af4c43346660d2dd06c7b7066bfc7e429372fc89a37ea27a1cb

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\698__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

MD5 ba6b70827fa83c75783b6103bf2ca12d
SHA1 84c5365d68700cd9ecfa69e8391b10cfaf37262e
SHA256 31887f638809478672800789d032efb4d421c276e1d632d7488283cc039395e5
SHA512 6bc32ab88ea07333257cb0859e0adea54e450c39d0a3a98153bdd5f90e5fa5cdd232f7c8311d5fe0c9665acea8409ac37eea5ea975fd393a3079a0e1f6519121

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\720__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

MD5 cafc2a2dde2f05e2a60677690d2ca245
SHA1 8bd9c447b79435b8497212ef76f5b43dffb030a8
SHA256 db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e
SHA512 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\74__Connections_Cellular_TIGO (Colombia)_i0$(__MVID)@WAP.provxml

MD5 3e0a582d1ad7720a269e3480f0740d40
SHA1 c8ee49aa68adbd2580762ae2256bf5a51da8da82
SHA256 f4e5da9aa987fbfc9485237a81368552e4578555f8afb1242a168b3ce3a50e54
SHA512 a2ea0612460efae7949fa698ab168dc106d0e357e8c8611ef987a684219042e3671b6ec501700b2e64a14cf03c2a91d6c0e4ebaf9d802ee859c591aa99ccdc02

C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\92__Connections_Cellular_3 (Denmark)_i3$(__MVID)@WAP.provxml

MD5 d37af2d76d58a29f7cadadabd2ad6f3c
SHA1 f683f06b963401ae19bc5284022ec6449d2f3f5e
SHA256 381f9f243e527541bf377599b978020b325370543c0dc89fdbf23ee764680773
SHA512 ff55684f713e7f642b8a0f49be4b91f00ba40216017535268c8284dce8899f34fae102366d8855ae33540fad3ce78e0705662766bf897a0b9e9a7b5712577801

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk

MD5 0403a22306e2dcc6da0acfbdc0762e55
SHA1 03154c7e570c75df81ad8ddb6ea8a9defd38d27e
SHA256 033eeac8e125a5efb66f100fb9ae33c9fd1780f452b92f69a8d6b49ba5e1737d
SHA512 2f1497b4e07230afb315ad83fd6e7ee61ce3cbb6d046f6ad28fc5e5e718dbc597499be23abf0f390f5c36c532611388a8ad5ef0149084b5f41f4cda0c5bd072f

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk

MD5 8b550761ab80413c9c09f7fb472dbfaf
SHA1 67122822562203c17dd3f762194e470f90ddfa97
SHA256 f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b
SHA512 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe

C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\109005

MD5 256abfbb6883823718eaf33f62510d6a
SHA1 9a8c7efca7e5aefbcbb86a9ad6cffa0df3704bfc
SHA256 b707241545a346265aab1ffb32ff64b55bf8f8dc1b56a46ef33ce3d15db11d33
SHA512 7542d09f09c7e9a69a60f95b05a464423b15f997dcbbe6efddd814424e40606b2c331d896d48670d32cdad5a6a9f62d8d0b265523b8eb4bdca6e2dc8ca698018

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

MD5 a781800433def8446b0b631e3b7db830
SHA1 1ce441e9a4a9da03c5eed0a979b68f7c6961cac6
SHA256 e49020dbff46224343726fa09eed56fd05a11beeb0ccccc53c40a8a5d3d57959
SHA512 168ca24668d05613aa129a81a9b38b902bbf76aed988facf67df25c15392d002832ab19fb19a3e6e0804490886dfd57f0c5c7acc233d75b056aba737ac4e6026

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

MD5 ba49197d84e5d25c79991e47feb9b94a
SHA1 5803101592d127b2d011bdc42148648c70a8b629
SHA256 aac45a850c05974a5f716019c498f28276fd6a37b2b8dfa7dd03567ee65cd531
SHA512 6a635634bc65474db7dbde74cf32fb9126fd1e00d09499266370f606e23275c692d7e40c8a8c3707418f5a2745c09b61b104e9f6fb7b6658a70c8b8a52ea91ab

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

MD5 975242fd7111e8dcf34e8bf9e09a69e0
SHA1 e6ae61074c1d3da1fefbd00d28b545c154847c6d
SHA256 c06799236914f05b85cee021aadad78ed67a3e20ea0e8e129cee88f23add4982
SHA512 2cad0f2e68bae3fb3a693a5619b72caaf5519f0a2e559f91acd58d7f0a1c7d88fda5d5734e550dd39e0327e4822c6d36bb6883f8b20c4a57c1b58c606963c7a5

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

MD5 f24f4503e4aeb32e479b3f908b050cdb
SHA1 9c70778a4c5b544d6754182469ed89560c6c77f6
SHA256 cb9692ed8b4b7615f50b39afc8b86885ff4d0f2b9452a3a8cd8546e2d163c63e
SHA512 2592b75eb1ce7953326cf9f727583b77fa13268f3fcc90b11c2d231760aac66f6f10af1138d30ed73ed5a0b01e9481ac26591d045edbbe6ca1794115527deb62

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

MD5 9a0054e11d689e9fd33697cbb056fa60
SHA1 23e7614dcf81da449ea9cafb36a786f5712f3b8f
SHA256 91f7677bb6a7c9f126a46b35667ad766c9d45ad209c909913816a21ebb87c349
SHA512 e322c80eced313d32889983ea9551faedfb035279086b45213fc19e4da6d8afe9471588a57831ed29e394d794c445f6698c58057c032e69af7d70036e3d3cf25

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

MD5 89e53a99d1aee6ed2b90b2067b0fcee0
SHA1 eb7bc4896e8ca812499471359764694e24803a32
SHA256 5b980569fa329538d4357687ec3a6475dd6c48caaad55083125744ba545e25f3
SHA512 6acef5040ae83da992ad83a550cb9acebd76b18b924173c18178b1cf6264c846382d3837d0438b86d667efdd42abefc07e5ad196b6be5f556d0dd010475254ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001

MD5 f5cfd73023c1eedb6b9569736073f1dd
SHA1 669b1c85ecbafe23c999100f55a23e06bf59ead7
SHA256 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2
SHA512 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 4ae71336e44bf9bf79d2752e234818a5
SHA1 e129f27c5103bc5cc44bcdf0a15e160d445066ff
SHA256 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb
SHA512 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old

MD5 9ee38aeba19f4d46fcd9eda4661325d2
SHA1 d458ade2d50d219b089b0985ef765a80843602ad
SHA256 d99258f5d81067df4e95825381104fe6c90d04d01bdd2915954dd06f75d07c10
SHA512 f352805d5ebb6b3351dee65dd1f66ae5493ea36dc342c31d8e714fd11095739f755a50d865b9bcfc40c60616c9bcee4cbbcabb6c18566fdb73e778cd41112738

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe

MD5 142b8e45f6f777e52a4ec178df3737dc
SHA1 55bdfb02f314acee458caebc9f7fbba83e1804c6
SHA256 beeeaf5fa45c6e6d145a21546a92306dc12518f2e0ba3f47761ad91d618cc40b
SHA512 786e25f189e4806a183fa3a67808916d3272002328cb727bb7601ffdefcef1b873ded58ad1b970738b851fde19550fd9b5b8ed895e889d2bbf76d3c39d6b0d23

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileSyncConfig.exe

MD5 c7c531a7bfce1a8ab2a32cf746240f8f
SHA1 0693c7028db5e2168823a9fe361450e75fd6608f
SHA256 6417492bc96516430f4fdc726e3ecf99f2a97935d4fcb366c8398bba4e517671
SHA512 ec16787864da367884af129a089c86d48321a6f331a4808e0f5069ddd19a42b8dda1b91f66ba764f70a5307bcd962ec7a0824e19c7d394448de5b0d880b72aef

memory/4740-13525-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

MD5 d672fd407010fcdbd019192ab89e9fd3
SHA1 e4d148de71c2ebc38c9ec9a1e52f045ac0f7fb22
SHA256 28d5f12b49e5775613c793f490799fe029661c5888aa38cf59f502966d4da3dc
SHA512 611b3d23a9ee062cb95366ad25c4f374abf0aeab633eaba89b8d321401819d5d0c5e26f2fcb935a0bf1d6367cdc7c01bfdb2754710599a12acce1c487bfd8eb0

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe

MD5 77c828e675b7774e2f70cbaffb0fec78
SHA1 6e65248477bb533d6ef1e4f33e6ecf8667ac2201
SHA256 0719d63e11679f6c9a89a37a56f8b6dd2bbaf2b2d1973bf0139dcc38684e3124
SHA512 13f0446acc96fa90f8910d0d1b0990140e2e5c978869b19376d80de4b92f37d838f9f1ba266d6bcfcc874b5b20448ef3ae4ed5ea754cd13b573bcd863afebce8

C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin

MD5 1595ed4372d33dbecabbfd411c6c8f46
SHA1 8b8ba962b765110f762f873edbc3193adef48b33
SHA256 8f6abb9e202dd8027ac9abbd475a24e62659a0b2683613f219c21d1238816ed7
SHA512 e0017291c0d0685ede7a6492c2683a90b37482d21037840ab3e2cef4ed381bbffa8c31ef3c8d06db0a800eff69ba4505012886f88a911997657b3f26284142f1

C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008H.bin

MD5 83a9475b33cad765c41dd3deb5be2254
SHA1 57000314d786c690b6affe01bfd4c3e50d124b62
SHA256 2c7a2cc69b6956abafd94377e8df4393aeeecc57b5093af67ad0f65705124890
SHA512 2b21d5e408af6772fb77a68d618887a50208539f376a4750c8a90ac42e8c334ab8c98ab1e30860ed475e83623f2f7a07929a038a9c0f31567d53d9c03d449fa9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini

MD5 897208d5df122e307ab837d982b2c085
SHA1 cf4ca14a7adcbc197cd84c1997efdd076911d608
SHA256 eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4
SHA512 b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334

C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

MD5 61d2c715839bcfa06ce4d23dd84e7457
SHA1 cdb61e6100ac4882ba4863875f63e38b8b804ddc
SHA256 1f9ec15f6ff239e14a3a243a98f19ae7db16d425a63b2da0908cc0ffcb1258e7
SHA512 cb6577068e0b746a0ff0148238fd5be9e02e4ff6218fc21d78194a06ebd3f54aa12a1a9b80a4cc9a9f66f72f49eb875eb367b344f674807af11373770f75d952

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\safebrowsing\content-track-digest256.sbstore

MD5 32b5e7886d1928c44fadc040471cc550
SHA1 8654b4c6c64309b1ef7d78ad939c0880bf4bc997
SHA256 fb020d1cd10cbd766a817dcd2f4429e1a39955bba6755d3594a9fd84a08a9f11
SHA512 1a171d635be9eb9699acdb16485040b9f2e9086dde341428db245bb309494eda3a2cb173e6908a22847cd015ed179e3caff87e4b2927b3074ce5f4cf56e24e72

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 a50b718c3518b630251fb54b92bde360
SHA1 a9582222b6f4df2b4e3e4ee5fe91d25ff086b943
SHA256 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015
SHA512 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\VJWE0XG5.cookie

MD5 29003687900cad69c06a7907f2738e79
SHA1 1270acf3b52426101025ff311e6dd17c05a9db2c
SHA256 cae9ef701fa7d83ab66e5c8d7d284d497bd13f76bef2b2594c5568c31fea7e8d
SHA512 34c9c04473bd8a4da755a88a04a9ccab0bae8fdc51332dcba4aad045ae8305491fbdfab41821f6b838729d1e09fcf99513db3817c84c5be96a41bb23c8d0b0da

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 f7aa819535e83034f3bb522cc8c6da75
SHA1 ee55ab6faa73b61b68bc3d5628d95f0d3c528e2a
SHA256 90558d1e3a0ecb9febbb4d7abe8e9281bef8ad0e2a42fee83d3d837eb74b7f3a
SHA512 38f12c5292b494c9ee2f3436c1d939ab46bac1514b54f36b0bf27f2ca03affc1c62582daff38bea77fde5608c501c18f52ce116673b17394f022e0e92b23e4c8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

MD5 80be6efdf5a776659777bf07d4aff891
SHA1 1f98e7ba8de8c6b39f4b202739ca71fa2629fd6d
SHA256 9ebc694d4895efc802ea27714a71986f293edf4b63e9918c27d65871b06f43a9
SHA512 03a5434f25209a74a0abc6045c66a45e098d487227cab71004363c8c823840b49596857e8f757f42b8953f9bc2066209b1e8f52104d1837705828cb2676119cc

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 3dee8cafb2684396b42a08cc5dd2d132
SHA1 bb065abfada882e3d9b419b3c57e0eb740bdb6ab
SHA256 9552cf2fc804becaa59379ee29e4be6800d0aac515738799dbd442919841d23d
SHA512 5da7572aba77335fbb766b99be920d9c5e616c9cf724cd0248d0361b43bfe281bf74d08766fa9f47316e51ddf6abb29484b41f09752f326eaba64710760e1f26

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{c152ae75-f75e-40b8-98d6-484119d344a4}\0.1.filtertrie.intermediate.txt

MD5 ca9c491ac66b2c62500882e93f3719a8
SHA1 a10909c2cdcaf5adb7e6b092a4faba558b62bd96
SHA256 8855508aade16ec573d21e6a485dfd0a7624085c1a14b5ecdd6485de0c6839a4
SHA512 65faa9d920e0e9cff43fc3f30ab02ba2e8cf6f4643b58f7c1e64583fbec8a268e677b0ec4d54406e748becb53fda210f5d4f39cf2a5014b1ca496b0805182649

C:\Users\Admin\AppData\Local\Temp\scoped_dir3092_3014094\CRX_INSTALL\_locales\en_GB\messages.json

MD5 e66d4ab75e9862302da5825bbf066c5e
SHA1 fd5c26be1c56ae0af5e626741ca5896858e43073
SHA256 4925b9b6329f24346bce043f2cdabb940199fd87188f3ae77c9559bf7cfa9f43
SHA512 ed179e34d1d6f2ddc85fa6cd8b866f192c1c4ff2e2b715d9ddd95bff6e8f45318dad7d4da607960268e1cdfd78d48f04b4ea1a9b01ae70fc1c7da856a178d8c8

C:\Users\Admin\AppData\Local\Temp\scoped_dir3092_3014094\CRX_INSTALL\_locales\pt_PT\messages.json

MD5 2b0e63420f5cae3932461d8c74a9e788
SHA1 d19b5095d30f9f01f09864c26386dc5b911ecd55
SHA256 42345ab2147d5dd09780b2e286347110011a769f122210e7b9e9c2249036f15f
SHA512 11a25eb4cba596d1b203bb88e2b69231c8f8ee59786ea335a66ca77dcfbc36ebb8a9b4e957b992c3ed38f58d1ef8c7c606d8a16dc84f8220cf517999b4f7577a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Opened.docx.lnk

MD5 6ac0a150c33a548595395c755a7ebba4
SHA1 a4adaaf6cac597e56de957f3c1137a4f8a2bf225
SHA256 79adab38bd93e2f14609db60ad34a2165e5ae868556f862c4569ae3d8a81a35e
SHA512 cffc1d3114d35f387b47a2157b6f8a819ff65f75625afa782e3f41f6956a51f734d0ef7e94390c4f030f6d0f7d8c57a3e761f2e46bf37fde870f2b157c3a4ab6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\Files.docx.lnk

MD5 8776c367699ad807af292f1f5d085d4c
SHA1 9209e352bf9d3999f94881a75d6f7d39bc6d7f77
SHA256 18b602cdbb7656129a359046fc68faf1b990da88c6c3b3e6b20c1df399cc0645
SHA512 83a17d98d175a122fe98cf89c476826769d8fae0d74dc93c8fe48d12089e26bfd501a586db3783a03e1bfe07864ebec2a6b5a48415554c61cd565131ed40a9e1

C:\Users\Admin\Videos\desktop.ini

MD5 5d2a33958ebe530732fd9c258850c5aa
SHA1 8a1d854c73b0a9adb04dc4db317a0b9dd1708b76
SHA256 696bda342649ec9268da57b6a279df6f24b0e857d5e6d0605fd25af95adc3cee
SHA512 561c0480b0cc5f75acd24f9ea36f4e6ddee35261a0fd75ec2c495e940b6e7d41fa024110b58aa9bc2f6c69736cceb6cfbbb6198d9c50ad8965d6d30067bb52eb

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

MD5 35705a33e80294bdc078f5582784f4fa
SHA1 3b8d2bc3650098d604e3363fdc41e9bfc2f4609e
SHA256 d0e438519a8e2075e13430b66debeb7204e5e8ab41fb24eaab20db0bdb66d835
SHA512 e560c350940f15a8d5c5187ed833190cdef9e4862e8f06dde9b0204ad1a0decb9adaadd27c4b7015ea5e7fabe7d7a63538ba72def9997e56300cc8ddc4249061

C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

MD5 7a4228aa2003a72a296e741bfa8246f7
SHA1 e94ca8cb43d671cdc3ed759980bfbaf73cf4c6f8
SHA256 462fa5c6568794276673c9159500918afddf8f170e580fd1f3d483c48934b050
SHA512 ed66dc35762f661f760eaf0feb82e22c823f11e552c9f938748a8b158ecf0828f40d48afc4d5cc07122f41a13e7b322950b9f156808b125bc7a1ae19e066d304

C:\info.hta

MD5 35a1c7c89866984981f0548b4ad139e0
SHA1 eac158938a569fe6119ad736124b9cfb938f153c
SHA256 c881d8a8878537a4cec3d0ea4d6c33a0d783a3ef5a944821692fbe41e8bc7796
SHA512 ba93288ad5735450b2b6ecdf13067e53357b3d22b1bf1da85da7187cf25c7365e3bf7df5df878631e3c5141d85b01817990246d38cd3cd97f054ed345baa05b5

memory/4740-17457-0x0000000000400000-0x000000000041B000-memory.dmp

C:\Users\Public\Desktop\info.txt

MD5 d2fdaee77b5c46080e18c0556593cf1e
SHA1 eb85ae8e485176fb4fcbab830f0a0cc6d6a76686
SHA256 98c79aa9ea6e655d844d5e9769e590390b892b19b93da7b1e76451cd4cb47297
SHA512 d52194890aa23d239deebd7664775d39c54a95c18985ae6165251544b266c8c2c8f99e29337cddb90ddb2b25664f7ba719a02694cb2015ab561fc0e25b3ea159