Resubmissions
30-06-2024 01:18
240630-bn62va1erg 1029-06-2024 22:53
240629-2t7tfaydje 1029-06-2024 22:33
240629-2gkhdayald 10Analysis
-
max time kernel
426s -
max time network
428s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 22:33
Behavioral task
behavioral1
Sample
Borat.rar
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Borat.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Borat/BoratRat.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Borat/BoratRat.exe
Resource
win10v2004-20240611-en
General
-
Target
Borat/BoratRat.exe
-
Size
20.0MB
-
MD5
65b694d69d327efe28fcbce125401e96
-
SHA1
049d4d71742b99a598c074458f1f2d5b0119e912
-
SHA256
de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
-
SHA512
7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
-
SSDEEP
393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw
Malware Config
Signatures
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Renames multiple (6372) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies Windows Firewall 2 TTPs 2 IoCs
Processes:
netsh.exenetsh.exepid process 4036 netsh.exe 3532 netsh.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Client.exeBoratRat.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation Client.exe Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation BoratRat.exe -
Executes dropped EXE 2 IoCs
Processes:
Client.exeClient.exepid process 1776 Client.exe 4184 Client.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
Client.exedescription ioc process File opened (read-only) \??\D: Client.exe -
Drops file in Program Files directory 64 IoCs
Processes:
Client.exedescription ioc process File created C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-36.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_NinjaCat.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\Microsoft.Services.Store.Engagement.dll Client.exe File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll Client.exe File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\vk_swiftshader.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Base.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml Client.exe File created C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Protocol.xml Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-24_altform-unplated_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-125.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-200_contrast-white.png Client.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll Client.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-125.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.exe Client.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_as.dll Client.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\adalrt.dll Client.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vreg\excel.x-none.msi.16.x-none.vreg.dat Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7db.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-400.png Client.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf Client.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\cross.png Client.exe File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-72_altform-unplated.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40_altform-unplated_contrast-white.png Client.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll Client.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Paint_PDP.xml Client.exe File created C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.scale-200_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\SmallTile.scale-200.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-400_contrast-black.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Input.Manipulations.resources.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-200.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare44x44Logo.targetsize-24_altform-unplated.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-high.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL Client.exe File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\WebviewOffline.html Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_altform-unplated.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SearchPlaceholder-light.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MANIFEST.XML Client.exe -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
Processes:
sc.exepid process 640 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
Processes:
netsh.exenetsh.exedescription ioc process Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh netsh.exe -
Collects information from the system 1 TTPs 1 IoCs
Uses WMIC.exe to find detailed system information.
-
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 3512 timeout.exe -
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
Processes:
ipconfig.exeNETSTAT.EXEpid process 4948 ipconfig.exe 2188 NETSTAT.EXE -
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Modifies registry class 64 IoCs
Processes:
BoratRat.exeexplorer.exedescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 7800310000000000cb58c3941100557365727300640009000400efbe874f7748dd584eb42e000000c70500000000010000000000000000003a000000000014937a0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 5000310000000000dd584eb41000426f726174003c0009000400efbedd584eb4dd584eb42e00000023340200000008000000000000000000000000000000a41c620042006f00720061007400000014000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000cb584ca0100041646d696e003c0009000400efbecb58c394dd584eb42e0000006ae10100000001000000000000000000000000000000294ed500410064006d0069006e00000014000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0000000001000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Downloads" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "8" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff BoratRat.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 3944 NOTEPAD.EXE -
Runs net.exe
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
Client.exepid process 4184 Client.exe -
Suspicious behavior: EnumeratesProcesses 41 IoCs
Processes:
BoratRat.exeClient.exepowershell.exepid process 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1448 powershell.exe 1448 powershell.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
BoratRat.exepid process 3564 BoratRat.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
BoratRat.exeClient.exeWMIC.exeWMIC.exedescription pid process Token: SeDebugPrivilege 3564 BoratRat.exe Token: SeDebugPrivilege 1776 Client.exe Token: SeIncreaseQuotaPrivilege 4404 WMIC.exe Token: SeSecurityPrivilege 4404 WMIC.exe Token: SeTakeOwnershipPrivilege 4404 WMIC.exe Token: SeLoadDriverPrivilege 4404 WMIC.exe Token: SeSystemProfilePrivilege 4404 WMIC.exe Token: SeSystemtimePrivilege 4404 WMIC.exe Token: SeProfSingleProcessPrivilege 4404 WMIC.exe Token: SeIncBasePriorityPrivilege 4404 WMIC.exe Token: SeCreatePagefilePrivilege 4404 WMIC.exe Token: SeBackupPrivilege 4404 WMIC.exe Token: SeRestorePrivilege 4404 WMIC.exe Token: SeShutdownPrivilege 4404 WMIC.exe Token: SeDebugPrivilege 4404 WMIC.exe Token: SeSystemEnvironmentPrivilege 4404 WMIC.exe Token: SeRemoteShutdownPrivilege 4404 WMIC.exe Token: SeUndockPrivilege 4404 WMIC.exe Token: SeManageVolumePrivilege 4404 WMIC.exe Token: 33 4404 WMIC.exe Token: 34 4404 WMIC.exe Token: 35 4404 WMIC.exe Token: 36 4404 WMIC.exe Token: SeIncreaseQuotaPrivilege 4404 WMIC.exe Token: SeSecurityPrivilege 4404 WMIC.exe Token: SeTakeOwnershipPrivilege 4404 WMIC.exe Token: SeLoadDriverPrivilege 4404 WMIC.exe Token: SeSystemProfilePrivilege 4404 WMIC.exe Token: SeSystemtimePrivilege 4404 WMIC.exe Token: SeProfSingleProcessPrivilege 4404 WMIC.exe Token: SeIncBasePriorityPrivilege 4404 WMIC.exe Token: SeCreatePagefilePrivilege 4404 WMIC.exe Token: SeBackupPrivilege 4404 WMIC.exe Token: SeRestorePrivilege 4404 WMIC.exe Token: SeShutdownPrivilege 4404 WMIC.exe Token: SeDebugPrivilege 4404 WMIC.exe Token: SeSystemEnvironmentPrivilege 4404 WMIC.exe Token: SeRemoteShutdownPrivilege 4404 WMIC.exe Token: SeUndockPrivilege 4404 WMIC.exe Token: SeManageVolumePrivilege 4404 WMIC.exe Token: 33 4404 WMIC.exe Token: 34 4404 WMIC.exe Token: 35 4404 WMIC.exe Token: 36 4404 WMIC.exe Token: SeIncreaseQuotaPrivilege 1608 WMIC.exe Token: SeSecurityPrivilege 1608 WMIC.exe Token: SeTakeOwnershipPrivilege 1608 WMIC.exe Token: SeLoadDriverPrivilege 1608 WMIC.exe Token: SeSystemProfilePrivilege 1608 WMIC.exe Token: SeSystemtimePrivilege 1608 WMIC.exe Token: SeProfSingleProcessPrivilege 1608 WMIC.exe Token: SeIncBasePriorityPrivilege 1608 WMIC.exe Token: SeCreatePagefilePrivilege 1608 WMIC.exe Token: SeBackupPrivilege 1608 WMIC.exe Token: SeRestorePrivilege 1608 WMIC.exe Token: SeShutdownPrivilege 1608 WMIC.exe Token: SeDebugPrivilege 1608 WMIC.exe Token: SeSystemEnvironmentPrivilege 1608 WMIC.exe Token: SeRemoteShutdownPrivilege 1608 WMIC.exe Token: SeUndockPrivilege 1608 WMIC.exe Token: SeManageVolumePrivilege 1608 WMIC.exe Token: 33 1608 WMIC.exe Token: 34 1608 WMIC.exe Token: 35 1608 WMIC.exe -
Suspicious use of FindShellTrayWindow 15 IoCs
Processes:
BoratRat.exeClient.exepid process 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 1776 Client.exe 3564 BoratRat.exe 3564 BoratRat.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
BoratRat.exepid process 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
BoratRat.exeClient.exepid process 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 3564 BoratRat.exe 4184 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Client.execmd.exenet.exequery.exenet.exenet.exenet.exenet.exeBoratRat.exeexplorer.execmd.execmd.exepowershell.exedescription pid process target process PID 1776 wrote to memory of 516 1776 Client.exe cmd.exe PID 1776 wrote to memory of 516 1776 Client.exe cmd.exe PID 516 wrote to memory of 2084 516 cmd.exe systeminfo.exe PID 516 wrote to memory of 2084 516 cmd.exe systeminfo.exe PID 516 wrote to memory of 2824 516 cmd.exe HOSTNAME.EXE PID 516 wrote to memory of 2824 516 cmd.exe HOSTNAME.EXE PID 516 wrote to memory of 4404 516 cmd.exe WMIC.exe PID 516 wrote to memory of 4404 516 cmd.exe WMIC.exe PID 516 wrote to memory of 1500 516 cmd.exe net.exe PID 516 wrote to memory of 1500 516 cmd.exe net.exe PID 1500 wrote to memory of 1900 1500 net.exe net1.exe PID 1500 wrote to memory of 1900 1500 net.exe net1.exe PID 516 wrote to memory of 2420 516 cmd.exe query.exe PID 516 wrote to memory of 2420 516 cmd.exe query.exe PID 2420 wrote to memory of 2000 2420 query.exe quser.exe PID 2420 wrote to memory of 2000 2420 query.exe quser.exe PID 516 wrote to memory of 644 516 cmd.exe net.exe PID 516 wrote to memory of 644 516 cmd.exe net.exe PID 644 wrote to memory of 3244 644 net.exe net1.exe PID 644 wrote to memory of 3244 644 net.exe net1.exe PID 516 wrote to memory of 4032 516 cmd.exe net.exe PID 516 wrote to memory of 4032 516 cmd.exe net.exe PID 4032 wrote to memory of 3848 4032 net.exe net1.exe PID 4032 wrote to memory of 3848 4032 net.exe net1.exe PID 516 wrote to memory of 2416 516 cmd.exe net.exe PID 516 wrote to memory of 2416 516 cmd.exe net.exe PID 2416 wrote to memory of 404 2416 net.exe net1.exe PID 2416 wrote to memory of 404 2416 net.exe net1.exe PID 516 wrote to memory of 1908 516 cmd.exe net.exe PID 516 wrote to memory of 1908 516 cmd.exe net.exe PID 1908 wrote to memory of 2652 1908 net.exe net1.exe PID 1908 wrote to memory of 2652 1908 net.exe net1.exe PID 516 wrote to memory of 1608 516 cmd.exe WMIC.exe PID 516 wrote to memory of 1608 516 cmd.exe WMIC.exe PID 516 wrote to memory of 1292 516 cmd.exe tasklist.exe PID 516 wrote to memory of 1292 516 cmd.exe tasklist.exe PID 516 wrote to memory of 4948 516 cmd.exe ipconfig.exe PID 516 wrote to memory of 4948 516 cmd.exe ipconfig.exe PID 516 wrote to memory of 4852 516 cmd.exe ROUTE.EXE PID 516 wrote to memory of 4852 516 cmd.exe ROUTE.EXE PID 516 wrote to memory of 2952 516 cmd.exe ARP.EXE PID 516 wrote to memory of 2952 516 cmd.exe ARP.EXE PID 516 wrote to memory of 2188 516 cmd.exe NETSTAT.EXE PID 516 wrote to memory of 2188 516 cmd.exe NETSTAT.EXE PID 516 wrote to memory of 640 516 cmd.exe sc.exe PID 516 wrote to memory of 640 516 cmd.exe sc.exe PID 516 wrote to memory of 3532 516 cmd.exe netsh.exe PID 516 wrote to memory of 3532 516 cmd.exe netsh.exe PID 516 wrote to memory of 4036 516 cmd.exe netsh.exe PID 516 wrote to memory of 4036 516 cmd.exe netsh.exe PID 3564 wrote to memory of 2136 3564 BoratRat.exe explorer.exe PID 3564 wrote to memory of 2136 3564 BoratRat.exe explorer.exe PID 2936 wrote to memory of 3944 2936 explorer.exe NOTEPAD.EXE PID 2936 wrote to memory of 3944 2936 explorer.exe NOTEPAD.EXE PID 1776 wrote to memory of 5044 1776 Client.exe cmd.exe PID 1776 wrote to memory of 5044 1776 Client.exe cmd.exe PID 1776 wrote to memory of 1204 1776 Client.exe cmd.exe PID 1776 wrote to memory of 1204 1776 Client.exe cmd.exe PID 1204 wrote to memory of 3512 1204 cmd.exe timeout.exe PID 1204 wrote to memory of 3512 1204 cmd.exe timeout.exe PID 5044 wrote to memory of 1448 5044 cmd.exe powershell.exe PID 5044 wrote to memory of 1448 5044 cmd.exe powershell.exe PID 1448 wrote to memory of 4184 1448 powershell.exe Client.exe PID 1448 wrote to memory of 4184 1448 powershell.exe Client.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe"C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3564 -
C:\Windows\explorer.exe"C:\Windows\explorer.exe" C:\Users\Admin\AppData\Local\Temp\Borat\ClientsFolder\17C4B51780DE9816A7FC\Information\Information.txt2⤵PID:2136
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2308
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3704
-
C:\Users\Admin\Downloads\Client.exe"C:\Users\Admin\Downloads\Client.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1776 -
C:\Windows\SYSTEM32\cmd.exe"cmd.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:516 -
C:\Windows\system32\systeminfo.exesysteminfo3⤵
- Gathers system information
PID:2084 -
C:\Windows\system32\HOSTNAME.EXEhostname3⤵PID:2824
-
C:\Windows\System32\Wbem\WMIC.exewmic logicaldisk get caption,description,providername3⤵
- Collects information from the system
- Suspicious use of AdjustPrivilegeToken
PID:4404 -
C:\Windows\system32\net.exenet user3⤵
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user4⤵PID:1900
-
C:\Windows\system32\query.exequery user3⤵
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Windows\system32\quser.exe"C:\Windows\system32\quser.exe"4⤵PID:2000
-
C:\Windows\system32\net.exenet localgroup3⤵
- Suspicious use of WriteProcessMemory
PID:644 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup4⤵PID:3244
-
C:\Windows\system32\net.exenet localgroup administrators3⤵
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators4⤵PID:3848
-
C:\Windows\system32\net.exenet user guest3⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user guest4⤵PID:404
-
C:\Windows\system32\net.exenet user administrator3⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user administrator4⤵PID:2652
-
C:\Windows\System32\Wbem\WMIC.exewmic startup get caption,command3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1608 -
C:\Windows\system32\tasklist.exetasklist /svc3⤵
- Enumerates processes with tasklist
PID:1292 -
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
PID:4948 -
C:\Windows\system32\ROUTE.EXEroute print3⤵PID:4852
-
C:\Windows\system32\ARP.EXEarp -a3⤵PID:2952
-
C:\Windows\system32\NETSTAT.EXEnetstat -ano3⤵
- Gathers network information
PID:2188 -
C:\Windows\system32\sc.exesc query type= service state= all3⤵
- Launches sc.exe
PID:640 -
C:\Windows\system32\netsh.exenetsh firewall show state3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:3532 -
C:\Windows\system32\netsh.exenetsh firewall show config3⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:4036 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\Client.exe"' & exit2⤵
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\Client.exe"'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4184 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp2127.tmp.bat""2⤵
- Suspicious use of WriteProcessMemory
PID:1204 -
C:\Windows\system32\timeout.exetimeout 33⤵
- Delays execution with timeout.exe
PID:3512
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Borat\ClientsFolder\17C4B51780DE9816A7FC\Information\Information.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3944
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x244 0x50c1⤵PID:2224
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD5c6ca79facfd24728212b192875946669
SHA1e1c6cde196b74f59b1f98381985c55dfed14a6f9
SHA25678ebc12978a6caece4b2afb0ef5fd4ac47415f501132d3e4ab3424406c9f7eb3
SHA5126c08b856f6fecdfc5627422c373600dd5b44d93bf59b2acdca79677a9bdaa17cedce0fc823622df0899652589df950fc5556cde02f85c5fd1f962f30e3393a64
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
Filesize1KB
MD5824f3336b21102c1df38d0ffbd384d8f
SHA1a21d02ceeb6c6906c2637b51cfdda03f69b4e52c
SHA256339d6a9518af09a5c94c1fe9be84d428950a99c9c7c7e7003efd75c8024f7107
SHA5129600183344d9a87e67113caf0a59f1d348644b45f5c70254ab044a8954213d37f417e044c0fa715330c3a5d2348b4416fb972df2e6923e5af54208f766d3ac6a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png
Filesize3KB
MD5ad6ce4d5cad2fcaf0e30c6180e93ac23
SHA15a8c98e0f341a8da6496593a7de194c384184bb0
SHA256963c3f725dc0ae33112420b6cc89fe14addcee9253b3c204e78caa59fcc0a669
SHA512fb0e5be6a81da791a4dbb5c095163e05f990dce0505af63d92c449591fe0e2cbb074319af5db8872acdb981865fd3ac61e60f90923919cc2deb29db7ce7afae4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize688B
MD5f1e085f06b3dead28963cee4bd9240c2
SHA1f05fb12d49072633f8439eb25f8b6b149d80b070
SHA2569123b1e697dd1a486f31a4dd5386a9be551941daf96accd064082f6338c3ff76
SHA512bd33c89d33d33ab9772e2061907c5cee1afa7c05c821312246d82abfc183629b0af90be15b515931854cdac95f2e1b5b9ccfc90fc939d68f5b97d0e0505cdad3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD57c6a8850c2785e05a39bfd9029c6ea2c
SHA10e6a1757f8564a71d2cde7306484c0a76caa5488
SHA2563d6ac1ace08ecd9898c4e6a75c97ae2138b93d137969d9219dff29a922061b7c
SHA512ee4c172f65c14372b84c4cf60b538b1d9e5b2060a153f63b986137198f6a9147e2d40573081c0077b811f018a4931bb3739deeb5cc26e1a15be225eee393cd8f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize448B
MD532dc1210e5371a46dcb035e5305d9020
SHA11d278b9e6c896f48990353dd7107b1f4599390dd
SHA256b9bd73cfd56a196833c058381a473bafdfdfba6f2ea39c687abaaeacea2a37ba
SHA512302b3f87825be41bac6ac7f20f3390702960942f388740ae13079a66ce83d054edb1ae5f7dc2de3db544094ca29bc5090a64f628f66f45dc24348ae455e9bf38
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize624B
MD56a2d3891a4baa7e59bf32806992d8565
SHA12610cf96904a5208fd4b6f0bc52aabbaddbf3866
SHA256bf717964669b700751b013f87e57306986da5eafed9e795e9afc4b3bd358dc21
SHA512eaabf2d2434e9b03f727b2c184d308e4db62f98c1f4b4ba5d46def26baf9808d4edee400c53a1d1f2b841fda2f8ae2eb3d1da9c0a5a02e193cd2333d1106df74
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize400B
MD5f2feb85c3e033ac26c809eeac2f13d37
SHA1c29ecf21bdbc72e20fdcb06b337a922ac0dbdb68
SHA256db235fffebdb45e2b28a746f1405954299d17ae9d1175a1f2cdd0007cd871700
SHA51242a0c41d3d02e02cfa410ca9c96b6c08b249b4b067690bf473c5fe5f1eab595a848f1e2f7a2f1cd7e348a540d48ab10137fc90178397443fc782e9e9de79c187
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize560B
MD5d7bcb4bbb628a5e6bd241e5921996c25
SHA1c5a5b5d6d0db363d652eee2fe965ad558db4b87e
SHA2567fb5881e946788f4ae43699046dfb31d6dc9476777ebdd2f00c5474fd5619762
SHA5128a78812e5e15323096634be93eeb78153e9b96d80994d11bb2da8872c245b05090dfb8ceff2b196b1fb4e1a4206abf1195099c8a66b9902623d3cd708570e30f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize400B
MD5f7e77a19b0e43c0f3ba1f5f21644dae3
SHA1426e1efdfc2164b463c21616b9c2814be56d8c7c
SHA256f79dc90b72675ec32f33b64d75b2ed9e5f75e540274e91753eb87d8b3f531d41
SHA51217924138e4a147f6427f77e4f58acad75900c9bbb8557c66c84ccfd006158bd22cd5c8ba2d611ae471ccb6423bf99fe1647a964e03eda1baced60f19bd5c37dc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize560B
MD5ddf93fb7d1423161c372d5ae43a1ba6e
SHA106ac172a20a7d8af3f58a7dbe4559af3c6a46532
SHA2563a6f3d44bde9b31d44b76ea788c2d53cda630de3261f0641b3a5075ded21adbd
SHA5129c7cdf4c50225e7d1dba14ad36fd665b38e4dcadf881d06dd225c7e569481f9ea0d3e676e98da0235a0616c6677022b4b0e5e7216b99d6d184d14860f76f7b9e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize400B
MD5ffb58f802667413f7e4c39c2b2e6ab80
SHA1f53868f363638e2220e589ea9e271ce044599002
SHA2566f700db0d59fa766a21099ec63313ca88273465c86de7231e72afa97a971a47f
SHA5123433711a8745cb7f37209aeeb4d1e483bee33436878a0e3468ee2bd563de41800de917bbfe1e5ee5fbfcb829c189e52c2cf7ed00b5f61384275dfa118caa01eb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize560B
MD5591a516b29ce3200a7c22a7af635813b
SHA13a656fcfab7c7feab29570a6f13d9acb7a1cdd38
SHA256cea17e0f12ed73e197329f8a580e0b31008ffc91bbc600edbef696b6670865cc
SHA512274c8a21d30b30d0257ee56b86c245b024b5653c42d8c95e8b242371142ed36555d5a791559c33b09ac1ffbf8716a22f21bd6b80b54e82a4196a3f3b90226080
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD57bf4a6e814d7981d3add00e13c6331e3
SHA1d58eb1d0b8bac3b9b13256c3ba80147a3f59c464
SHA2568f0c59e33aa88af9c7cfc4f7ca31015e745ab41a7aeac8d8ed64fe0b73e86b62
SHA5128c58d128a285e1c0c727e04f1af6ab4df070a3fda0cef5ee1dcdb5b09153016838a1c3ec49e9b32eb878755d79575519b9cd4e95ee07c1c5994c686235c4532f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD5c7d4428a8a8a5471b76e8dc8055bc39b
SHA1488286189207fefd532277ee981181aa5374f144
SHA2566fa4e246d7f046a806e23e3ccdb262d6b75c2c273e695e69fb15720b4e1ac8b0
SHA5122efa8498da3a276ac4f317c7526ffb0221c1a98f2a7ff378163d4136da7f8b22f707359c2e99f2e22de781850f0673474cf6b155216f130f66d818c5bbf42d7c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD5585e854a89229a3abf7483ed6b78d061
SHA1f1e0974c4e1d50f19805c99f688183bf07cd6255
SHA256dca6e780d4e3385b8662628894aa9344f8463eff4be84ed2c9e0b693b574cb9a
SHA5127f0602232db282858791945687d3b8f3561aa32e76dbb5fda7d065c44926045bb0c93b3cdb43361b145f393697b7873041187992799fa53dd0f020eae0e53056
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5edfe9776b2a2a1b2f633aa1e170d5098
SHA134bcd277ad4dd8f1451c7fecb900c119ce56317e
SHA256cfb9aa148308ac171eb3b218bfcb11b9d554df1bafb345360b2c8c928083d2cd
SHA5126ec7169bf878362e8e305d84513b09f587f82fe02c5604002e965ed1268ad0d1a61f7da6668fa05b7b042eca40455c0f6c4044cb05a05f438f63f3e283418bd9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD51525b70e358ecaff0f760a654e08f9e7
SHA183fb5d9fb3f92c03520949511174b65b248294a4
SHA256f1117c1c743c7b1e0601e772afb3703c6e5342b65334a74b09c7de173b4e748b
SHA51270012d7333ce084ad39555ae7bb648334fd944f80777ddb58e55bc6856b023400b63262d72b866b16ffe4853686f09bd8fb004c8cb141b8fc5734bfceaba4c46
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize192B
MD567f6d95dafb23265dfb318306025a5eb
SHA1347a623c1f74bf88053b00fb9cea35ce627c998e
SHA25606e8ceeb05d03b2618c16710601d5a5a83c08a2e18078a8653f33db1215a5dff
SHA512e14edb2a0db0e2946e9341672cf4ee6e3d249ca5696a90f67df61b73aebc9baba4020d4caded2e87ff9a632b4012cd8b0cea272f87588f5b35ea27b781015c1b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize704B
MD52ea13e878646b282206f9b26c97691f5
SHA10f6393ca54f83dd9aa32d11b5b84190e9cadc3e9
SHA2563d3de9507cf6028fbf753726be680a6bb4217c0d5f12f477e7125eef01aed646
SHA512ea58d66b7cd844e0007d75ab84989075282338b19f95c36150f33e6c9150661474451264994dd7e35c6f5c5b0b11852c8b08a46390ac8a793765b07ae0476e3d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD5298fc1fa8a4cc84884188a9dbf829340
SHA1c0bdbf975cb10886de9b942275c517a49ee3b6a8
SHA25601ddbae0fc76ccaec86f7e8c4c206d469aa3b62a8a133f0e768d6571f0d1ee2b
SHA51232f233bc3fe3a05ce72ee91709a3c9941594270469fb7982c64bc00e9c8803b3af3651d7738ba51bdcf2659da705ee7b38f6b30b6845af9239c50533487c6e1f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD51db317754d41560ad31ac1dc03ff8e2a
SHA1ea0d3b67a82e27f56e5f57f0f118ef61439d8f88
SHA256ed79174becb484766c0c8a04a333170fa0b7595a12b11237636995733d82767e
SHA512a39e27e73b1e55ad08a156b75d0a2b3ce1e997b03714bd8c49b65120a98d9341b2b6efd168f138051bc2ed076c3fda1d5c34ebc0cdd4dbb82b69c6614871519a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
Filesize19KB
MD50dcfbe50ff9c0e4057b38bfd17d7caa1
SHA18fd38665f6f3e906e024afa9252e5d223d62ea45
SHA256ec8e47697d13516abc65721245a9abee9117f5961c6f0688e64d45eac79e71fa
SHA512407c12d8c673d2f8ad413c7f0e166cab511c47ffc2bf04cd15205a9e68ce92d17e72edf5a15e2eacaa1e8993155c25e67818032e684ca974dbd8b9ba6ec874fb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5e6177a56ae520055b7af4145c4f5bf31
SHA13b3386b1a30579bbbcf46405f63ab96e0df5a784
SHA256a43ce657b05525b550b6ed02205d1015b8cb9dafdc8048af47054a7e569d8db0
SHA5120de99aa9bf606708ed38941b8f75f150640db96d315007b15c824ff382d64faf2cda8db3074d2dc9b96fa17d1ce09ae21cd9dc1634bb033c80171b589779b7e7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD5ca03fc5aaafd6153cc7ab4e38d5a168b
SHA167b3c319272800e275fd7c464f8c3e259b29a5c1
SHA2567489d451ca07e275d81ba8ed82333b7e5420e72eef70afd6233d3c0731e5dc74
SHA5122d3c5f0ee7581eb9f2e3c6e243dab2ef3422351691afef56655843d6046ff96eb584d00ff17bc5ec6154019d2c3b05e540a06fe785eefe9d82f283c231d8d4af
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD549ead18465aa927665cb3c83b3f957a7
SHA18724068bfc1e28d371d93cb32d29076637992974
SHA256d717c192f4eed5a18e08c0143457061a8ed3a028b91d60bd48cc61fc6f89d983
SHA512bcf56e8f33b1841d4a8ca088bfb11faded85e6703c0bc56bc7efadff8df6a50a9be4ce40d971d130e4573c885e36d3a7af33446fa09c950ece5631f35a19755e
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5b14164819b5bbd4a5204b3b2d18a431f
SHA1c6bc62679b0ac0c20c7c1183b9148c8797d7671c
SHA256340b0f0124ae77339899be8b42ad75da3dd0ed75aa09613f31e1bfca892df3c8
SHA51286cf9e604af9b014ae10343e559c321b3d43c4363cbe17fd1ce8928a2ced76135a0b9475ec4a93352101cc8a973905338e8d96e9d5684871e8a0b447e6dda2b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize304B
MD5181255e7d8aa47376f3a498af92e376b
SHA1844f2d0570e3c6a886d469eb011949a70b10fc16
SHA2568384b9e523642935ac1ba5d7bd4e91785ec92a65f74404c069e3cf1b7b7a5e5d
SHA512f0c3689b7afbc06430df8cd888f40db2387c86028ca7550a41366e9532a460b395b19590e522d9bfea45d44a13f65e28511c52eaa38f846373d457de7d370bc0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize400B
MD55eea184c97afa7978cb4c5501d9a4f74
SHA1f9b6a91e9c200f047f3933b9adf3550ca03204c3
SHA256057d1b26c10606e04c102b2389505b91bd559fafccb254895b9aeaf4c0243fa8
SHA512ce2eeee404e46ef52fdd8ce4984f1703743469024062e3b40f846b769c66b34675289831987c5fcce4d28a577b67194590e0a07acd5a4bdb1d5ead666b95b4ff
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5f02bc4073309c62ca0da19037b65dee9
SHA153ad8ac90a20003b83235ca0400fa8922a90aa80
SHA256168349e251dea290c9b52bbc4bade6ef5c5a97a6a1c1c2cbdce4c53ea445e3d8
SHA51227d7674476a4335c637d64e8e464bc1f931ab70a918fadab752880e6f356eabac879896ae19a141d52fae8d821d5c8a9840c964575fbe947588f7208ec02385a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1008B
MD5fd83ddfa3d919bad63dd0949a772ffbb
SHA14317be8b91e3a6ff4713b1c06de2ea6570bd4250
SHA256dab9c28f71771789d2acc1957b8f52deb85cf5a57f2a3c171756cac9a73ee1e0
SHA512e8b4e0f65f607b052b8f94b614e51087ffab6a9c75a35d11f005cc3103adcfefaa06e8f54b763d8734dca124b225b6f1fa42c24b95dcee46a04ee75a6c68bc0d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD529535f8877ad7f2686a56a20d1ef9873
SHA17a74dd12e2284fac02d35282ec06005ccf3cb583
SHA25697deb3364aad2a1be788c5d937a7bb43886dd3adbec70145be9fb0c32d03b010
SHA51214d6991688e13dae0f0a9bc164bdac6d66126e72e801ec084e579f686472699f177c34bcb6f946939840a83c55380688578573076a77c0473527901556669afb
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5da9e190ebc7601132ee8819a47e5162f
SHA1a197e3a6aa39cd1aeba1c9e097d43f255a4be505
SHA256c06d7d7fadd918900936e8b78b3692345fa7676f61cef5f54ef55389a33f0379
SHA51281bade49d77654914b2a4a18787e5e35a469359c0683355b00b8cf642c06d7c784867db000c5752f1617ce1df25052817f6f0b18da16e834a3c070cc42fa838a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD51c529657f29516813014eccb9f7f902c
SHA1ced906e6f7621dae2418d6410e2a28ec6eec15f1
SHA2565abb943b70efa7bc222b72505f5c672fdd65b18d44284e9984776ed356878736
SHA51215fbd97b7460c51550d461f906cf68253d421c488147d44075c47029ab6a354041b199ac60dde144bb91cd6a5e6de4bc570a0f11f19efb1d3a6280eb713dc7ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize560B
MD5749cee3a50db29acffaa9f1d01ef7725
SHA19d46497c0e4619076da1edfe774944a95b869fa9
SHA256a6099a90f05d6a90dd69c41f05ec5e929c73e3f2cfa757b647d22876671bd9e7
SHA512d6658b469d860c0eca2aa21cee00e7c7a0fe9f6c361c6f58f95d6a5149a53a481249e14c7a763052d0d55f1f2514f17360021ec1b02ae355fc86b9e8abbb8a11
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD532222522b0ab2c47b7ad98eca839addc
SHA169d8af0a2c770cca07d5eaebd5cda2669371b1d6
SHA256f64381b0e5dbae3183ee7a6cb48f4eff32cec5721b237f7690703427a0d30942
SHA512cbb471491af4e4beb145c9810d5fba073b951422ed101570111ace17a1da56522799a90c7447196be714784a8ba788ad41d6258f145cfc6645568fc81633d2ab
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize832B
MD52a4e30b4f977c0fa8a94c119cdedcb61
SHA15aff7ae159739e85a34aae27b562d56b1533c480
SHA25663dc0a1866418302a09b3fb22c2f9170d1580bc4a9d0bcaa561ec3a603690038
SHA5129fa0c909f978b10b8051458be1a21496bdd838633ef463afa81bea22c2bf26c37bafccfe8178480c1ad5ee3ba65803dc594d3717fdd8c3cc520d986c9bfc047a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD5f60d5cfc169f756e2c734a8372b3b6d6
SHA1c4cd749359f3eba38c0af04a78b33efc85137956
SHA25679af92fd0a63e1e57fa2e61d423d28568aab274d3a8b5b1d7fd4c1a64bf99e9c
SHA512c0e7ea12a7d6a505f680535317fb6826aa010ee0d1b4d140ae8ad9f7690c7088711bcab6f761573b27e9daef2efee664ca48e8f633e4eede8336b61f49a17ef0
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD57326a07afc0607769991efcd6ba5a99e
SHA1781bc9dc4cebed4266ab0a311b7ba61910355831
SHA2560b52ce564d162c7b281bf0a1c96e4a6d2266a9ed9984280e4120e812cb35313e
SHA512a93d1182a5bff84416ebdb966372d80802aebe034f68571b09e32934817b48e46197fc27655440d6de4c3c6b8a4a4605016bb3ed52311978a731888eb3e33ded
-
Filesize
558KB
MD57833306d59d79114a04878cb2b0c70a8
SHA1b4e8fa183ceeb579693758492d409eed8df9279a
SHA25652a97181bbf15761dd6cff29b70d4ea67797c59f8246fcfbf077b6d08e118800
SHA512956d3a917e90cc4d96257ca47e959604dc977652e64d5147576922cd9e9b5ef8d270adae6f46418b3e79770f367963846c043098e5d2c488b8e9dfbef3489793
-
Filesize
95KB
MD59a302bcc9541f05b38183170f15e1c95
SHA1c666cad12cee1ad0a06f4be5a58958e50b20def6
SHA256d4f8ff29c56c16acede30f015c5f7a9a5f609c4fdbddc376752426df570dc33b
SHA512fa624343d9becb1cf5d28b8067db7aa9beadc269c425c4ee9724060c7c423040e7ad9daebdde7a04ec37b48a6fa50db53bfa7e4bed847a052a4f40e16d0f542c
-
Filesize
36KB
MD54b059cb8672d4703d0b272cad2a20eea
SHA1beb5b566fb407e206ecd091fa74d64223e58c759
SHA2566fc7a0bc4ba8b40a50d1e77e1681ebe001e1718d26cd26c9810f6a7f7deb80bc
SHA512da7b497d1d3414dd730ab3968f3f5b16cb62553a651a681166c3b38ea9390b26e9e28d96363002bc3abdb7c66ddd3bfc453e7e84d569916ce169845a2eae59cd
-
Filesize
160B
MD544bd2c1e93bec695ce850ecff61cbd1c
SHA154a3785ab0f8bd3d24e4e2fad843f6878bb4b930
SHA256a19cdfb698d8597b7f205c51055f3e36785d82aa2c6fb49d08bb6cb826e14861
SHA512e4997df27bb2485e0940afdc154759947793ceb1c3a09bcb98c0c0a75b2bfb82dc0d36786eea6d18449e800bbc16dca7ae9463043b9e4735a7d467c2c4810df5
-
Filesize
48B
MD5599fbed6fb2aadd2af8bf030a7f78415
SHA13d33c82a92ee64a33de0e685739a801880b5fd3d
SHA256672c112a25917a9f56afab81ef4159d7d088bf0332fce28f2b9f977c813c9805
SHA5123f319ba7d3151f53f25d0836e5b23078126f755e3cf4b5ab821c57d621a45ecd531e0ce9ea66c7a00ae509aad4c30536c933f3fb77d3733f8fbcc818433e9d4e
-
Filesize
192B
MD5c0c743a6252ef7b7ac0a55c5522c8dfd
SHA1babbf5675c8baeeb9cac7a427a45f3197c7ca94e
SHA256dbb955956c88433511e68d9b46ccab539b2793578ab1d45b76c6dc3f4cf8b007
SHA51263ba81ca8546ed17e16b67aab25117692723c889b16d63a23bbc816090bb2a646ada09b9a4a7b7b00ef4bce03ad627633b885d678d082faa0fd1658292d836c7
-
Filesize
192B
MD5dea382480b428772628f79e145558d25
SHA15cf0ac0cbd4dbb6eafa9d47f71215a429764bdce
SHA2562d4211317e92a5ae6526c291e744093aa04b3e22d7bc6e16bcc51d1d4aa973f1
SHA512e8375f1e998e7011e896442f545dda970eba4669473a8d8ac9263f1dff0f663ae87262db804ae2189072f6aadca2bf516e00077794cbdf6d72dd9aa6f1676be2
-
Filesize
11KB
MD570ad4be2f9de5c16e870e75308bbfb44
SHA1a49bd5204a630bd4bcfaa1830045660328b92ffa
SHA256371bcda630342c7b2f751c741a5909a1232bfb83d613b3a4a7d11fc76a1a3c69
SHA51288f43e980b9f282430450c61d550a20e0bf4ea44a33bb0e5c7a775ab9e12a5fa25531f3d7a70e341ff80454a6307d818bd9ebea5ce47fa006d8a44e0eb61e5e1
-
Filesize
11KB
MD5a905b843c9605c2cd6408c9dd3c34cce
SHA110967eda30049df5fc211fe0826f5c6eb4f8b054
SHA25610ce566fa7d169e3c08a0cfec80ab4df623aa15f672d80a9c200cf38f8aeee9f
SHA5121dab90dfe71aaae46ebc8623165fe1605e1eddc675981946fbbdc84c5bc1c3babe9529d731cfce59b6f23ddb722483c62274982f99cba23a4087df3a8fea0f72
-
Filesize
11KB
MD5e4967b5d6dfc087008947e77e4eeaccc
SHA16234819c7f8e8d071231d50d6d1730563af3b226
SHA256574e31c96fa0e3450f09c58802029fa569a8a94e6001b4801ddff584d3b71abc
SHA512e6f97dfad55be736ca6134e7f94ce43869506762bc2df07d2c129e56dc57776270ca0491f3c245e024e0c4ba2ddac17ba755ba12ddd5b9e5c741757cb656395d
-
Filesize
11KB
MD53afdc8399837786e18b7070ff091873c
SHA181cd6691f5d3841b8191d17a2ae6aa2ef19e790e
SHA256c45fd394ad479571bc1a1c160ebd1ecb4df93505d1fe898b5f4006afc368c30b
SHA512b7018430609d5d62ed64d3c2560a07add8c87e7ba238c610d9f03ee8c286fc051a0a79d3fd5be282779346805a443039a5b1543cdcc6237eb2719a1efc2d5155
-
Filesize
11KB
MD58a80e49732e522a1c2d59be8522fa019
SHA1e3c0a3867e8c68f5e3239a83dfda736b508e1137
SHA2564163220bbd24b455980e98ab9350b34d20a18b2a6b9ec376afd530e933b7e303
SHA5127a93e2a2770d119f6eebfd68ca45255e232984f9e5fc270f3f18c335dba59b7dc7d2283d665c02fff20461f18ca2ab64b8b0fb74385f99e400a4e49b87c2abaa
-
Filesize
14KB
MD523a7126294f1370f831a0733867c354c
SHA1d5ec821959c3d7f680d70f73395106561ccc2d49
SHA2562bd2bb68b57c4a386fc5884776e47154dec4396332e2dc86cb6d594b31170248
SHA5121d910c54d105473832d38c0b7d8af4cba0eb8f1f44977d445b520983e80913c5b8c49198bf11ef1fd4d726a0aaad281624482d9b0b5b005b3359da0e4ea3377d
-
Filesize
11KB
MD5e139491b6c403f06c0f344deee82d719
SHA1fe7833585bdf28890df21ac356d05e7ced656214
SHA256ee1955c31664fc96389908286c20d5de58cc6937a384c2f7e967a88e9e4fb8db
SHA512bc84e6bdcdc37126803fdb66eb0dba64e150a69bfe5534e07bb715b65fb5f1897fac7e6bc463afb4954f1d465abd9305ed481fde0d0d85a39d4b6e7a8f8c8ce1
-
Filesize
11KB
MD5589d6e64c2b11da02c5f8a2f29f3aaf8
SHA143ef335019994c42c212334964fcb5c157767b95
SHA256c60a3a79d1a13e75ce9430e0af5eda4398c0b5c8058341549e266a977474fdea
SHA512389f2e2258deac0e75ccdedd60bbe00a579311b974f02d120fac78917416f2a27cc1f96d12d9f9b230d66eae2b188eceee8e1753ae7789766c093cda12af7803
-
Filesize
11KB
MD5c3a4ad4be31b8864ebf81bcec5c5389f
SHA1e50a16a3b30bb85e418bd2df5c97289adb7786f3
SHA256e9e0ba0ced181cb1ba8451ca8eb1bcbba3ec01538df4e4071769b04ca7dd20e9
SHA51250cbc80f65bcbaf1c970f8d16863b84eab42c68504eba3efda95f4b4ac5976fac3751acec7bb2217f3c75c177f65ec409fd5fc3ec4e5cc356a5c81518b6eec1f
-
Filesize
11KB
MD5f97da8e06fe7fcacfec6a6ef043d6b10
SHA1fae3c62c468dfcce103c9034dbcdfe19b2f5d87e
SHA256d131ab0c0e5a9366b252d63475ac02c19d4cc6fd9dd61eb290bb7cc4e4c6a9c1
SHA5123991a16b4748de14d35937f9aba03e091bd58d9480845909be31d03a21837bac2c7060841d5425a01bd9f6038412f2187e845ec18a635de3e21618f73d4c3c98
-
Filesize
11KB
MD551fb2197e704d9eee14ff5447a85562a
SHA10eb60c7d00c0593eb099a947fd3846f79b150e0e
SHA256f76b7d149aca02561b0114cc09d7a260bd6b0edc84435a5244ac21186759ea86
SHA5124a18b335dbda32fc9ac485c6393904d66b2d131f01e5c9be9091569c9255198e5f488950780a227d7d06f87fdad2abe60e6a2c63b3b6efb6c9763a34e682fa1a
-
Filesize
12KB
MD5a127236f7c9a993610822d99d47b5b76
SHA13ec722f7a7f63fe6fdcbfa049d0b58b8312ba17a
SHA256b61d408c6e1a816d637aeb48598e98267370bd391cf84ad347da9957d02efb35
SHA51244b9c899bc864502e8e8816e5cdc78b28e0c73191ec291e98eddb8fad6971944340138389351da948dde51f9cdc1a47190ae86c27008874b535c39774c97def4
-
Filesize
14KB
MD53c86245daa56f6863ce06cc66a76d03e
SHA15c6d7062975df9f6e3e4cccba75bec5c438c1d44
SHA256a02ec5fff00a47ea2756b84cad30b5d7affd326fc2dfc60e740f03bee9b0e124
SHA5127421ec2ef487f76c9ca947c66119a23f345794142fe30667ac9f0760e05426da194c46b68750c551be7c54a07cb8a70639f01bbff7692ff244cb2fe8207d4236
-
Filesize
11KB
MD5170d8945fe3e4d88d593b82c5be6b400
SHA1dc57a12933169573bd3fbe1618baba9addbdcd86
SHA2569ab3494abc87e817a2adaf1edf775cebc13eefc92d37c5d831e31dfcc3024952
SHA512bd2c58321b2e430c86220c2823d077ef51453be02be83097c2fe03352e5cce7865929cd658cbf9da0be2476a1077df1621369e95750dd7235122d962920007f4
-
Filesize
11KB
MD5fa26ac757db91e5f9c6407a610cb4881
SHA1d1d0a10604811481be34ec8add02fd5da02ed527
SHA2566d1ee1cc547889ba38980dc984780c400a06d6f42cc5cc84c3093f9922391e05
SHA5128c320b9ca6e4f2f7624c1602b939ef472817db42ef29729d65505104cbc665e0d3f464c5cb484c25c1887fe2c678541caa24d5f3bf3ba7d203784d01918eda14
-
Filesize
12KB
MD5689f885fbf5b8bf6322d824dfef54b97
SHA1b31e38d942bb82b15b9c32fe250906012e0f2d8a
SHA256ff1e67b52964fb807c04c416de994fe155cec51ff1ac9abc39d92a30fab036c2
SHA5128e21b268d89f92b431a8f835c8d75064f423001dbcfcbe4c5cbf8f588000d6083051fdd6b8bdbe37edf8ee36468b4ef1358f2950fe0beebff45b22d53af4204f
-
Filesize
13KB
MD50a4add18e3077a0c2ba5ee06b2b82f29
SHA157bbe96d1f8f710cd2346f2529f33db86b1074c8
SHA256ee7a0a7309d364ca006ad635cad7497da75fa1f2ccb993a22a9508ac098c335a
SHA512bd607f49f0330d386d183e59fc3b72ee7b51e3dca58e234b63cc3db09092e90bb9442f0f7b9ad953fca5f16bedab58f935277beb96e30d864234e43759c1c25a
-
Filesize
11KB
MD53c75eecc7d9e07f7fcfb4ef74a8b95be
SHA185b95638128b15f3609a906e3a6c7cb8002b7172
SHA256eb6902b721ef5b11e83bcce896d1f511794b65a546a7192e7f041d6d296f3588
SHA512238a8fa71b76e90a6e52e4f290f4d84316ccdd7179c89befe8ec49149f214f34b5415886b5fc2efee649ee9970bba33742d9171d45711c66aa2c286c60c7bf37
-
Filesize
11KB
MD5754159e1b819b419949915c35265e93b
SHA17973a3341338212a80ea6d5c975b31a0d44b3877
SHA2564d1cdaa1c27d8db52c9e11cab21fcaf97fcfb010eced5071c8b6ef1d90ce0ac1
SHA512b8ef8f047085ef7cef9c9316527c3c5b1eeaee508798421934074c47c2ecb5a7904798a0d46351f448b0ebb4bc5cdf7a73583de83040866b93d8dcc06f10878b
-
Filesize
11KB
MD55a5843078aa9b5be357559e23570c99d
SHA1e74aec4dcfcc2e269895940786c536288e145d39
SHA256ae9b737fbaae274a9a5d770a7cdd9299bbc1925a0536c6192e1568a642b2ddaf
SHA512693c37e2732288c81c336a188986423d87adb76657fa05294ac4a53835ef17865e6b0b89459ffd33fd0fa65e10b5cd2f0802168a1b23a20b23cba57924239fb8
-
Filesize
11KB
MD5cc260bb21dc948f859f5f9e315ad2630
SHA19433e1db5c7314ee659a21f7786d11da0d5fa4ea
SHA2568892f427223c44792c777d4b5425b2673bbaeeec590e6d553ea3752de161415f
SHA51240a3dce0835ab1f2b84b9b6dd1a3395437e063e37f911e3bfae41edd713f8f718d0208ebd29798847cd126a089c86d30b65e5d64f3f3a9c669ea49d7e6a11701
-
Filesize
13KB
MD530a5a461c16704ea2274b80005bcd078
SHA19d6e4ba91e216a4b793340b13b2e74c348400242
SHA25623d7e72ea276609cf1ce93e08f68bc30ee11a6ec987aaf10733a6e9248d53a54
SHA512c395e60b812d29d4a22413dfd0a9c809e3fb4251df559dc119825aaee6e8843ef59426a5b51e305d699b16b1006fdbb7b8644688eedf9eebdaab09ec17e45d4e
-
Filesize
11KB
MD5d1e42fa31aa0583d54867d1648ef4802
SHA1b9723dc84a3fc1ab48308538c09c917251540e9e
SHA256f4deb560f11cd3b4a802dd7525149ae93dec8e294e1d6a70b6c86f12dc6d9297
SHA5127865e393f9ed7c18fd23800432f52fc1928a52e0f0b7e2c2dee3ce8fecc970728b6be732c742d5c373be283b1409a573841b1a19457432bbc9f63ecb09dedc22
-
Filesize
12KB
MD5d311b68db72b49744f83cdea4bc52230
SHA1361d52686b6e83ec716f9d31dde5222fb921a1e3
SHA256f96d289ba6e4a60b356061391141694ec1ec47980d3cb61ed2b75df2242b64b0
SHA5122adc3b1b2db56d957f7478c7320cd2df68b6f403db1d11379843ed3cb6ca1f2386b0c1210b7cd46454205b9045572a6704b99fff63abb23157968aa0d9267451
-
Filesize
11KB
MD5136bda9c3b06a954d8b83beb7592b055
SHA17486408ff60c1d926611f3eef057d4a997626176
SHA2564d75c09375cf69a6db7924cb5a404fb53e74ca2c36e3e3f70ab12e0a69ac5a5d
SHA512fea7f188d4487a37d2d885e40ee4af24a0d2f4693aec9f9e440d651651c09a4873e8b73528345c4f9c5b64ff003ae367355153c49ca4e37fd8b3bcdc516359bf
-
Filesize
11KB
MD5f2c874bb352786ee860c4db9c81a881a
SHA1cdad8e325e3ecd571d33a1416e8d4dcbc258ee33
SHA256aef14e773aafbb8abc5b3edc5939c690d78d883489aaf4a867bde0cf88214862
SHA512c932db857e96f496b16c29ae31c4cf8bcebde5736a008c59d77ad9bb12edcc08e1e5a4c71d739841685916a71c0952e5a93c2a32ba4069c11d6d57ffb1eb0526
-
Filesize
12KB
MD58953a00357fd39a6fd5991fb60e2bf44
SHA160e866dde899138942edd74e5278db0c67f2baa4
SHA256d98923c4c4b14baafec1727da2b1324307c0c85947498f01e33bcafcf03c366e
SHA512b7b2a9bd5dc00494ecd40a4584c0700ebbab0ac9d6ec773580b4c6ca9a3f51f9a4ea49a7d3ce06c6de77eec842c20593bdd898d273dd176a4194796a8993bb5e
-
Filesize
15KB
MD54a632b4d7dd783a40c7bcef66f08e68b
SHA1f094f47045e066e50c800b98f7dd0ba20e1a2b55
SHA2567fb56f22b407711d5b9a6dd2a2d1bcacb003c8d5850fc5bf02eb655fb9ce70e5
SHA5125ff119f9a04f0ef287ab86859dfaf77f54aab87a3de7b7daf95582afeacaae85a57937d45ef728b17d64cf50cac9f6ad13bed0372de4b16833e2b10822e9414d
-
Filesize
11KB
MD5a7a41080cd8cf116752bc06f002863c5
SHA1f917d2a34d68e7252903237f3b0bba0ae124ef46
SHA256d1a54c7d0e0909e94db78f07562853eb3acccf787c84acff1e03a24db045dfc2
SHA5127feb05be4e0b33d996c035f193370bd475ff87f310cb1337a68984fbb230d55ad3ab64172cb6f5dabe22bda8493f53b26c9b2db62ccd339f395394c4291c5c85
-
Filesize
13KB
MD5a07141e7355d6af365d02218846afdf2
SHA15d473a206b401605deb08c80657d2711066d0fb9
SHA256cdc0adf32d00d06239ba98d6cdd462c19314c2df4cda1ee8cd24c9c1d40fe44a
SHA512da825db9c8ee37d36179dbed64633b78fdbb1ec989b9f25cbfa8fe41b935260ac74bbcb34996725a42fd14796560038d9f936ddc98c97cd57cb0003935742c0a
-
Filesize
12KB
MD5830454f2711e1bf8bad601b91895b132
SHA1426b8a330fb92f04e9293735d14335bb2791eacc
SHA25637132e3f9634f8df715c382525deb3883c167fc39ec3575ae2c04105a1411d48
SHA51214888452b08d1b0c4621b9d443578620525f4cda8fd57d935a7c8411005ce66995257addc41e056664bf6f4863c4d95fe146ef7b38be8e445a86f9967bd96544
-
Filesize
11KB
MD51afd1004452dc38a90f5c0308d2fd199
SHA14b98f14ec9daf4cde50e46d6a81d637148988484
SHA256da45696ddb6af468b16d1f881cbdaac1dee310aef10b48cd2ea35ae8b8298f76
SHA512a550b18dff63bf31c20e193d1215357b69753b2b950accb84a9edaef4cb334e5b3abe002a1b3f20129747087ddca988e11de6ab765e0c9d1cb0e44cc9ff7a5b7
-
Filesize
20KB
MD5fdeeab475b9160961bd434e2fb144c6d
SHA11273b0b7bb01bcf6950477307e43e573fe7acf7d
SHA25674604f00e7e04f834a6292c3bb4db70c71a9d87591307ad076c9cb45e19aa5ee
SHA5123b3a1d8aed59618511e16d08110ad7478eee1f8789a6d6d5fbd16b3a24e1ad5df3f75e213700a2aeb58dfb52d4c984623ffd9f41b60b623a04d084389a1c97cf
-
Filesize
19KB
MD5e8d665a0005d26ca83cf16c2bba30bf7
SHA171107984d7d16c25e496270886594dfdea052122
SHA2568fecacf11f8289e5df27a51d043863e281eebcf83b5951660d296933a326930d
SHA512fef21c276fc1eb15a60f9f89c87e4aeae78330c02147545232fda128b1127d48e1830b4c0ba342d4aa5f33af68e7c0c680c9176af22995c981fe48387281ead6
-
Filesize
62KB
MD5151019f6821b9453b5963f6a00d2e105
SHA154d79202b864a3fb5a04b2b6329a60921ecfb0b7
SHA256c02ea83d6fcb43f5845d869919f05f560e0e005e433ed6fc53ba2932ad2bb98a
SHA512f3a2a90bd9be24a1f7e1df05b49757ee1fd98023926671ccb0066797785ddcfcfca5d2ff457b8effe652371c9bbd066b5634456e458c7ad989451e819cabb3c3
-
Filesize
12KB
MD5306b3b87f20fbaf912ed80189361532d
SHA1fdcc5b37d7c126348a3c3ed263dda6afe47d98ae
SHA256571f5becefa6120c68f45c05c46649891a7c5d9f6ed2f15a2b6226f2ebe412c6
SHA512e9004ba8c813252612a3487c7b4e5d704fb201d46032debbc554356e2d7c83f7aed128934cfa7b2e0b2273c8177307da268c3816f5c2003398b8bb359599360c
-
Filesize
15KB
MD5d50ffe6ae36373bca7b8b3e4e8c14b68
SHA16bd411c9b7019c248e167119019af19e048f24dc
SHA256c61803488db9f75517a93b29f1f9cba4e13cd11cee7a654846df23e99efa3428
SHA51209fc311f29c065ab493f50c01c3bba75c7bf1ad08ce207b7f37068de4a8e71f0c0020349aa81360f65154642819669c75b1954677ccd4227c91b60c46f1a32e6
-
Filesize
17KB
MD50dd721f40c07216af8fd21230972e6eb
SHA178b652acd340864f086863236d009c4223b47047
SHA256ccaa061e7c2e36c2f89eb369b0f97f4706b6e0942badcb7891ac7aa7b898c20b
SHA512d348b889caa05a117097a2947c1b6efd1ca5f6d924dd38744ce0b7f2d1dd2613729d4b2e5a53d018c4bfefb08f23dce1bd0190c2de794940347bce648cc9cba2
-
Filesize
17KB
MD5ee56eabb429d004b40df10d31d74d05f
SHA1e6629d6aaa3a8aa6a1cfecff4748ac8f2b709279
SHA25646f0128b7ce358d4cf322aa2a87d263b814bea0103ac1d427f3d3eedab9cb080
SHA51248213e8a04710b72c5ec7444055d0a484ff96fb9537f8cf189f7f5a5da45c9be038d643a05f5dde2241f1cbd8ddfaee141fa2259ee515821d49249c2873b007f
-
Filesize
13KB
MD54044685397c83a88777b1f8721d275db
SHA1ca74b42e252ec54f3699d9e73a0285711e6eeb4e
SHA2569a1a4f36416b0907fe326f5a7e8a388159b0aa5ed0e990835ea7d409d830711c
SHA512e128401efb32aaf08f3487da847437adaffb4859a3053a450b912389e976dbe21ab2df3a8096a7c372f24adf29e36d6f89015480ab35dbcca5a6775417c0124c
-
Filesize
11KB
MD53399d55c842b80dbe4704be4bbde6216
SHA1f3a2c971dd8cd1880863fa1571054988418a0ba7
SHA256d0d6745861c9a2405ca3c06af58ad521704086d65150aaad29c4e7063eab7882
SHA512cf4ec5559946120c4118553909de58b6ec939fb282eb809178e48d688f29ed69bb8a853fc9424609db1cb3e0e5848b639565bbafa9a4f30b753bce47ed4459e0
-
Filesize
1011KB
MD53948aa8539e5b626294940f8fb28fe20
SHA1eb5db8824f6683e6c0b0abe3370047475f8bef74
SHA256cedfe6417ec1aa2cd1f9b69a3de536f93da76e90b0908e636afe29a21589c895
SHA51275632b772e7e5fa7cafdb10e07933e059db4147c535604d7af8cecf980955c4e5a2bd60a039a55bed6c8cdae90dd71b2ea44e5c813d46ed0ff7ce3bafcb6c91b
-
Filesize
1KB
MD5c08ffc332cce550c8c8cce9acd9b8e56
SHA1210dca643b76435997407b351d8c33f301f7ce80
SHA2561da5c2956936887da04cb7dc08fb9acde9ce3636f150b137c46fde1da7c779e7
SHA5121ebd61acfd4e815296490cf24ebda123d4622a0e9f525ce3fa5b522acc7b2c8cbd1ad1fecc5908979f2d4a505197317e0a2aa4f7caeaabb8eba8726107181887
-
Filesize
31KB
MD5fe671403b987ab5accef3fbfe2047f07
SHA1bc99e407b65164395246a2bed471ec0da992cd62
SHA25648244fa13e0c259ecf78bd6a3c18d505c00c37ab2c2dc2b8d57e861ea79a044d
SHA51268c47be7fd9bbfd2313e54eb43e9684b4fb7745f251a48c80a62f8a8505b40f97a47ad8111a3314f357f08bffd6359958383a626dd908fdf56d11d599b9ebccb
-
Filesize
34KB
MD50e9515858e011ced2cb980c742ce765e
SHA15f5f919778a7a31f0349702449e2b8d4d34ee187
SHA256cd799019f3470bdab4007744f6e63b6f6dde92a4570580db3415a7a44c4f139b
SHA512ab737df303fd93e0d6e3b9fc3866042770eb33ddc8083e134459814fd34df6f7b50dfc6e38f8e7be5e2e50787c2ff241a81a90507f596b109affdd1d3fec3409
-
Filesize
2KB
MD52fbdace2cab12d9a33603b90f443143a
SHA12520694a31f3fb07bbebb6e8d4dac463cc082256
SHA25664c342b95acea5371109fc7bd7d5cef8f5f4a3831322ed6b15d703d213ce6b89
SHA512d5f21315c3f686b5e3ec21151e92a6365da0d1bd48d0571f557af5d8bf3e6621748867ccdbf72100f0daeee8b6538e5ccc9d24cc7294bfd3449af1b47271c87c
-
Filesize
3KB
MD5876074938c1749e3a21cb449bf2a74b2
SHA1e3025b4b55ae337d61c666dcb68db42f459dd4b7
SHA25699c58aad8cb70ccf71f2383f9c5ab036904cbcc7b45c8c6c57e7f30e47df7e54
SHA512e04c9427777230bc9316516a85f3be693c614ad0508d27da54b81075821edeace179895dc9af3201f1d5508a6ee2dad26ab8c3907d1fb1be55ffe891a5301613
-
Filesize
2KB
MD58a3320fdaffa2a45a129c6693d62605f
SHA1b8e3783e1afc12568c7f6ea2614d5512515f6dfc
SHA25638278c4c6914fef3cbf852c1b69b8fee9529c29975061ee81a709e55e33c7ed9
SHA5128036d34890c534358fe72425f9514a6cb41bed2e4e5da6c1766ae34d3960fd96144c15f0d45380f7940b55edff780bd26bd4994deb89ba20e92135fc1513a410
-
Filesize
5KB
MD591a4d6c6636af984146b5c7d3bb8e656
SHA14cc1b1d6718d026e593308cd6b428fe5d8f9a785
SHA256fe341db5ac529759068a6db8ac08baf53307e8e5070c412eec2377f67fd7ab06
SHA5121ba737b7dee0fc7d24420a389213380b373507a074a563daea587d477256906cf243abf8648aa0012404dd4d5d474a67b1545e60fe70814a4b924ba113147d46
-
Filesize
1KB
MD5d4092f0a1fbe2b8b5cf2e857f013fe1b
SHA1244af27b1ff642425673ceac6e89a1a56ae813db
SHA25677a1ded56bd6310c2ecb0aab3c9d1c0517b84910ea15b687862b6ce889da4204
SHA51235b855383a1276a4a56cfe964b07ccb38e2114bdd3a207721bed32eb76a1a63921417a3fc3346c8b1c3a04796b191161e36f281fb4c35cd53fbd19560eba377a
-
Filesize
10KB
MD549a82669da63cb19a11790ad1e2107f5
SHA1aadda7f348cf2c3a312cc23c7270a57f5b671a74
SHA2568027b0ad6fe314afc9a6c650fb8fa89d07da225bf584b144fba42ac1e95009a1
SHA5128c25d4172650d82251458d34d4f3f6a7510703bb5d04c3e64c9a763ec065fa7e12f1741638a485f88f23e19ac7fdb6c941155f906c3250bec396c135a2d47b4f
-
Filesize
3KB
MD5f3d81b3693cc2475cddc048d16b8187d
SHA1db31409a0532847f56290bc636d01405b5d8700a
SHA256d7c889f0c416ecc6296e2cf571a60dadd8f8ee0ddad5937464f58eb952187400
SHA5120df8d89e04649524e37e1d841971858fc17ca382185300908cc3f8092b5ff9414eab1e55727b7ef59354b5ee537ff0bcd6cd028542a944dc85c6bb81ea5ed204
-
Filesize
176B
MD52ff0ed382e2d6125d54ce13103dcb2fc
SHA1215a2dee24be38b6d5265955ca9e6e814af7330c
SHA2561be433fbe5627947e3272e84af629075180e526d8e1f15caa34133def8e8fc0d
SHA512a334358698b21c2bb6a79ae71c95ea7fbe4667f12845597b9a2215d5195144d8c1e0fc42b79476c7976fc9c9e600f41caa7c42f787726dd11d2216f4bf15d55d
-
Filesize
1KB
MD5c0f3bb4ce95ec6ae5d7e25e245387583
SHA16acbbc8a3a97adb49a74fc4809796a1c3951daaa
SHA25615a29f73ec4c8868a4beddd6b593cca47fb964a29fe74784445dc33a5d0d7f5d
SHA5122c59cdae962a2da910bd15214982fe092a27d7feaa12097c76d7f80517447fe23305ed2527c041ac1f20e8a1fe7bf18ad60e79cd502612d4348d06b593fe88d8
-
Filesize
3KB
MD5427a97a4ee0dc00b83e42a7978ebb53a
SHA1880f1d6e05dcdc51fa907a4c4dc3984f68616388
SHA256b37e4208074bcb2c53cc2f295f0126490c9cebc43cdb7b7f41645b1eb8ecffe9
SHA5129f29d4dfb55012c62e54194aeb3a600b50678eb830d5349fc5f9740ce22b2188fd4d8592d5400a48f3b3d514d1c53c3879228ad147b4d5b9f0c7fbf2d6416e1d
-
Filesize
1KB
MD5975b2ab7b36719912216db22988b39fb
SHA1c6e618419aac40d1aee1deb861ee74323ab044e8
SHA256676a4e557fdddc89a2baed19ff1471a7bcef3cfaa887dd7d993eba1e039e3a77
SHA512ed5f7136ae783b653f58d279520e3f7e26fe44fd483b8c2d4ce5f3de1c10985ee23e9ff6102188395d6163bdd64c30119abee3d48b1a4171b2cd4458b2a6b7b6
-
Filesize
28KB
MD5017d03de551f852f5e8e510fa588c720
SHA13acda5cf2449e510d5832070da41850051baf00d
SHA2566ba7bcbe80ae6f1477b3717bc77d005fcf3962a270e38f23bbcf9a6f5c2d3b7f
SHA51237d1dc0256c4db4f9cbbe107abdf9b059a3c86a880fbcee90e70c535a3a9201a44f98f6fb4be229a4d380b600668e8afbd01bae63a80c02f97499351d68aea46
-
Filesize
2KB
MD5709b0e2cdf01a9ae72bdaca833def9c4
SHA18f447b420b63182ed3a9572b3d3de4002789d3b9
SHA2560b508883736b2fe130911761e9ea23e7e3e99ed64e693d63cf0b46b9178448cd
SHA512a838d60773f6ae07b2a593518e5298f878872ec7118041c8d125e4aa427d12d766f42ce799e78c0ac9f327010d4ed5e640c2c5afa7557d75a80d1b5fa78c8dff
-
Filesize
1KB
MD5323a0cb3f99919ce1f23ff8b229c94f0
SHA1a835fdd31fc08d0f313be900596c22b0c2386ed0
SHA256c9fcd30498af06322ac96d693d7277f0f120e0350864e2f0a152363452fc5f2a
SHA5127e3afa17fe4535fc368e53d6185ce52eaa99ed4e827722a33f5872288e0a7b044cda84e5902a5f51ea7eca9d1aa2f24d4ad61e33ad20c145b839cb6c891e46c8
-
Filesize
2KB
MD53d5857ff5f13b2422338c7926f01b932
SHA151122a5b63d0537f161d23d71e41aebb54f0b900
SHA256232e1360677f461d625fc7aedeabeced07b17ed522d211613e3bc42fd0ed94bf
SHA5127e56e061a0a67968bd1df80524e31878a95e59a081d3025a53eba8ec00c28a575caa21eafe6bf5295a381435a522cae914dace12416046803441f4bb2906cc3f
-
Filesize
1KB
MD5e77c4cc535aa13f3f426b0b2b0d932d5
SHA1ddf7caccc636aadeadaba075a7f0bdfd8fef0366
SHA256e9bee75d4a2d83bb52c1a41d46450663164432e9bf733c544167871a41a67fc6
SHA512d1a5f5d05b32d0b784e5375d78ff14a4d1da632482b08ab90543db1d0db8098ae969320d80724df45082d8328ad4134eb5097fb105011a51d2bab6560470af34
-
Filesize
1KB
MD58aacfbe365be2324385740810ce4fd3b
SHA13b67ecc3512a0df063e118246a9f2b75456f8e46
SHA256fdca25c710c2350d191f21418fee48ce347175140ea33085dfd61bda538845b9
SHA51243976d64467686ae561d6d756dc6f550ed2d4115f9df8502eaecf4f15e62692c80e04c824b33ab6fc3af1ea5eb24d475e2e9ad1235e15a2714eca3c1e3710a98
-
Filesize
1KB
MD551a7446c4e69eea99d7b437922b4a0ea
SHA12f497a9eef85c76d91a2dbe8c50762da3696cf63
SHA25656d38360a8618302c6bb691da3ca4435677e75ccf0b8c8f31bf501c474a1abbd
SHA512fa4675cfa71ee79a5902c9041fa8a81060e672fe36e5ff5ebe824038d1d33cf4736bd34d946efbe6208a7d48c1a3666c963425e6db509ab560dfb4e3c24c9e8c
-
Filesize
3KB
MD54547cd2f76b4a09d875700d84a64b02d
SHA138d7ae4d83aadefd6fbd50c801c6069cc538419c
SHA256806408f8aaccef5d7b8496f6d8bb910f2eeab26f426cb80b210aedaaceafb968
SHA5123c6354f63b6a637d139bd045f3e4ab118f35c35e3a372bcc1836a701f41cb13f9f76764ece1f567e3cc9f2fccb9e144e8b3cbdecc0585fbba909f97dcb5cbefe
-
Filesize
2KB
MD522fa5dd124859322be234c6ba1a8005d
SHA1a73f6efb3f1f08824fa31f8545e969c0e4ca44ab
SHA2564be60986dc56062efa2a8b4b5f62452311f889b4a3ab237bc2661326a878c658
SHA5128f2c4119944e5354b47967bb3678ed8f65a82b415a886d5c90705023bc64b8f3c0656aa92de35f4e718e112ce6889e6b0c428aa7e48a9753f75300da2b677e4e
-
Filesize
5KB
MD5d3fcf524b5350398d9f3388f048d0841
SHA12fdea4e23080fbef3fd1cd56d7412ae986cb09f8
SHA256b578e2a47de2add6b455b884835b1f10568d5737c3be23d960955818efa46307
SHA512545dea236d24f8563ac40c563813f5c425e8a6c68271251276a7de52e4fc14defd3cd814d530e123d6fb319f01dbadeb2d04f776159869e8ee6e33da8c6c9dcb
-
Filesize
3KB
MD56c1c736ff7c7d27b8842002a897eb407
SHA1679bd1aca9071a0a5c897ae0de853baff7311616
SHA256f28816e393ccacde61038fb971b5291c27ea55867d2b17e60ad98b9559a94d39
SHA512b016d2e9508cf0640a2b1604d0d743cdb61e5287b545d1dc7c051e48ab5e967314abf1fed2f45c7f91e9afbeca08f50da20977ee06795e7133c535e3ddcbbb77
-
Filesize
2KB
MD5f5292b9c402118981f232203022a2cd6
SHA18186cbe42807664958bfaaeda6fdd5750f4b57da
SHA2566566f7cf830a2fda0bed2b2cddbbe217a75bd5dd00f16e4009775051da48d326
SHA51280633156b1b052fa5d539d12dc4b0aebacf58ee7303b76e6c0ff024a58615f3b628e981b04cb932a6b3e191db73137cc9a32778c67a355edec9098e68ff343a7
-
Filesize
2KB
MD5f3cfea1b52e8bf7c0491180e096ce194
SHA1e64abee30024f3d52b60dd94c26a785ae7534ea9
SHA25643961d482c63afde49b4591646b9b27bc11503f99b73c4160cc98569948295a3
SHA512deff04148e1e38f88126ad4d29689417a3e68be676510eec31385a5c778851e72a961933c28fa8e76de479826139e025664a47960522dfbc6ca48318615a092a
-
Filesize
1KB
MD54dbb8bde7f51fe0721e428803d6988e6
SHA103358fe242d2ce6521d257ea679235aed37ebfa4
SHA2561723eba38b64c77d45ef679bb3bb8600a541502a519221d0f26bb747aeac1177
SHA512a8024b465618958207130fedc30eb41ac11088048e006b6fa39fdbf9fdd62f3b7bdc163c6e8b88a185d943b0dfe6dae1ce7a85c86ffbdc778e11a8af88cfe88a
-
Filesize
1KB
MD55abd1b10a79a27a51dceed32e97851be
SHA1a604811dcb4456e20e895d3899bd7c3f650c7da4
SHA256ee94d2a5f2769fa756150b4444591efbe87d7c440458899a604b8879de300ba0
SHA512d489cf14e7e981e39261177a075f7666fd4df8faa1d9ab0911666bd4293ebbfbe2707e449b465286fb9cf87f712be53c8d541d267ed650637f3ccb33f2c45c59
-
Filesize
11KB
MD53a7d8b830d5af8ae10309a0ea126f388
SHA14a61f4ec63db6ece46b7b21c0193436e469ebd4a
SHA256acd3af03e8dd79b72cbd16ddc8e1d4fc18d5ee2f7d559f332777be9638d4a9f2
SHA512f2e2ca89baa150bc9afe3dfa51a3b72150f93d4344d9024f01a3cc369aedac3ca78e7f1b6ded23efe21e35b830d371663a08e878f9612e05f4a1eb6b11bd1982
-
Filesize
1KB
MD512e3a6ccf0203c3d223e87d62e881971
SHA17d0d3bcde172f6e00bc28745a1eb70cdf87bda7e
SHA2569295365479c92422b1dfa70b7b9a37ed601a63bf62032f86eb2a50efe27019a1
SHA512d868a51467027582289dcc54dcb3887cc62373215b60611011bc0ce8647b42ddde753802fe37d0c1f24d4722aee178b64a4830c7e99fff688bc108ca5f4b2768
-
Filesize
2KB
MD5f4315ed7a1dc6054f370a9ea37292e97
SHA142582856208e1865e254f267efdcdae3683ab23b
SHA256542f4cdfba71726b232896f8cf8cb0f6650579cda057fab3888e60668cc275f1
SHA512944c34846c6144a98c6fd3c134ace31ea2705b71cf150024de5be407313236b77fb0c55103556d4b3c88220bb0cbeeffeb0240ddc4c07f94673d7e40ddb97fb4
-
Filesize
11KB
MD594f884e05b37e73c0e26812d02ed5ab1
SHA1fe5c931cfefcb8f54cf6486d560ee365f0c52ba9
SHA2563e6315d5082df033abe574bb0601f28c699931b8785d49a355ef8133612c98d3
SHA512a2d2f34fc5ad98c9e46b8bd9fc91dadb939b5d1ab2825ccc5e61b3e41cf62a71b55a6a881322de603b57f36810a683d679a2ec4b4df985b76f2f6c6ce0442b9c
-
Filesize
11KB
MD5187ffa395012c38309259e6557768d38
SHA110f2f1368549aea8c1d11110194efe7299c7bd9f
SHA2566d3187c89c54e76f47f2477e86013d50dc0275e1aae7a6bb5f7d7be1d2bea2c1
SHA51294bf808a658876ff9701fb185977fc255f7e96ceca1fca4a7e829a63c1f52b09bb04aed3927438f57b08b9c598adc655088d9c62427e5bd83821017526acfd3c
-
Filesize
11KB
MD5a533b74baa60960c8b526e46ee471dd5
SHA1ef4475bf5e73ebb7b7c136c785c880068924b104
SHA256ad9994a75d61b388c9c29861ceb19adb89a88703f6ff6b3eb48ebb976e974105
SHA512594d13e95382027f9eae0b496c72b410a7de68940ce957bac3c5174d3ff9d26612421122f1bd776307290fd43e5003b5a0f46bb473739f1d7fa6d752743fc52d
-
Filesize
1024B
MD5fd081a36377c6c27da7406bcd22378c6
SHA1ba31892b8c8d0800147aceba02988e15aa34157e
SHA2562d2921adb407e9d43f544bfb9047415ced297dcb6fcca4755b6e35ef402363ad
SHA512173493eacb5df72f21deba05764e255369f0faf7c86015b0458baa0f945e318200d9bb12d280ee46e1ec4e0de0533945383cf18a8f12056038d3407eb4ff3aa7
-
Filesize
4.1MB
MD5f89e69474b2bdf7cf2c0ef6398f7c4da
SHA1c7084b290fc11ffd81b7e8044fdc37fb30724860
SHA2565df1ec5227ccb0aa6cff5e815978d440087ecc51def44d0c0226e8e42569ffb9
SHA512b7f491c6c478e5db070cc88ad11389e7b197f09a5fff94ed5807bf3863104785a55150a875d4b0d4e6a6eaa083a7c23b2f1968331885e1047d74caa6b9a959d4
-
Filesize
48B
MD58984953278b5863bcd14a78c2d9b93e6
SHA166d10500e915b93e67a8f1277374834482ef39b4
SHA2569fbcba20074eb34c7ef52b6b66c8046405d781fcf817e8d54a7fe43f807ce60f
SHA51203458275e938ddbfbf4a63e4e555f22c842a57a4760c8a242d9c02d91c726a76cf36c8d2e83e51cfdd4de375b9833be648fe3efd9a48412f3e8d84c1992c0ff1
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll
Filesize16B
MD521b739f3c3bf859d049eb26c9a65769d
SHA12fe833815d19ac3cd106ad9e7801142a867fb9bb
SHA2568ccddc406aa9cac7a7289034e449e30f7dc0a70b0f5cf6585bdf15a38fc735c4
SHA5123e7d1e045f9ad95aa17af68ca832efee40d60752e08b5084ddcbe3ed067bf69407899f7c2e455a4bcb46a2c5b55a056c90ef57474c0d65bef240e073ebdcb73b
-
C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll
Filesize274KB
MD53afe42cba9a8775a641314b8b96520fd
SHA1dff93b19a3d0c9653bac43f2cfd9ca14556345df
SHA25663a0973a54ce2fda21a3e01a687e6dfed5146dfc718d9fd964eeed86a5206e63
SHA5124f114a9bde6dee762d6e75676665601d442f10b2fcbb417b9b960c5dc537a6e984eddac0566baa02ae735179758c831bf93082640c003ef5d557dd476c43e35e
-
Filesize
18KB
MD5a1da8066d3ca7964ac1f85c0b0ae953a
SHA1b079281a98e354a55f0fce14fbbed29ebf9e279b
SHA256c621c78a2b612796661b5ec67988a7079ab1c9737447619123cf5333975e0183
SHA51216dd992cfaf4533fd23437049abe4bd96681631f3ca20d6564770954f02f47c99d39108c1e2f929ebe7942d492f19f6c02a0a81b81e111ce7633da24eefe2b16
-
Filesize
18KB
MD5859794824b21ae7cf863ab548bbb4283
SHA181cd9ba5a1e344889f4a52071e68ee6b9a81d3da
SHA25623bfb308d8b1a66fd15d8268cb48f0ebad36542d66c65bac0948120f4ce97d21
SHA5123bb393279da56e0302c5c36eee2947b379430f48def3164ac83bc2c0434d21c0ca16c6b08cfd1c71245d5d5300e374c668f89cb03a5ad18496e856ad891ea0ba
-
Filesize
20KB
MD570d11a54c539c055edde20ae26746801
SHA10aff951e6b3b5fdd99a3b0f0238ebe7c698855e3
SHA25636775f58c55c023f30244889408dc46a25d3ef7182eb72eac6c4847f295e9d7b
SHA512ce506a7cb5b8b98c31ad7e30b81fe015a7d5965e939921a6b4d3a04b8fbfefbc908eddfcab74fea28bf81c2ca03112f1128aeecb19d7ccd76d282b7c1eb8ff53
-
Filesize
18KB
MD5e28889d2b0b74f6edb93d9ee4ae4b995
SHA1c807c56c729b3f8b14af32464881158d90e38d5a
SHA256a834e21ed20e61ae6b8b3fdd1e177179ef93edb3c99b0e6d728379851b066ba7
SHA51207eae0f79a5f0d7a025dec5687964b7e3d551dcc10078f85ece27125ceae1d337bffa90551ec7a1759c3b34e5ea28b44f48b8655fb309a53258fa512f981a437
-
Filesize
18KB
MD5737a8a94c4f20f01376522fd88dd3b78
SHA1205a74de2a59483ffe82fcadd68d0828b66b5208
SHA2560a70ae85116343c56fbe6b12049ff4f91103b2615ba0a3a5c35bac50f64d4f62
SHA51295ffd86d61e3869a0e11fc55b141eb5d994551aa763e02b2949f78014172241e4566178964a45ede3c0740ed5eeb5f9798764fcd977119f266935b41e6e1e1c4
-
Filesize
18KB
MD54502c87ce9d60ca60aead6ce897c7d4c
SHA1f81c0aba42afb49c32499de4fdcd60c6ebd33530
SHA256324b3e3d79d96520f356d03cdcfa3cf3ab9f52ac79985affc625a52d32983b49
SHA512ef71cb186cf46b7d2c926d8820d6484dff06103eb5152058c8571c847db3b90d6d8af8dfd6fdba3bb587729b1db1dea97e3248ab3c015f8ccef1e1aed104965d
-
Filesize
11KB
MD5be81878826ac26e7cc04b5de6b355f5f
SHA14db174b7c360d338cd8f41ed7bd4cfcace8985ca
SHA256a78074a11f5ac520541c0f683dcf643eaf6f7e97aace4cb4bbb07136fde1fd68
SHA51223f273640e3f4eb5521bbc787515700ecbb06ecba20d0080d81a1e936ae86158d6078813e2a0c52ef8e3d6ba9e08801af5bedc81c0ffb90e1dccac8aeeecb773
-
Filesize
19KB
MD5f6eea71a121f9d4514c5e6d2db0434cc
SHA1b6ff70a9470c04261ec1a421f169909e9dfff539
SHA256173bd44b04c71dd9c306d61cf2863ea466ee56262c3da0e9422c865636c80abe
SHA512512b3f460ae5176d367aa70571f136426fac12c0d1ceeee577a24925ad42337f884ce70f770694c5e936f7d171299ad232426fade6841ad23ea53fcb3c3bfd13
-
Filesize
22KB
MD54a5e4df7a1e23e317e09163a2cb93b7f
SHA1a7e3b22d5b9fcaf82dad07b25ab435ac28e85315
SHA2566f6c69af5c8c863ffc27c735f53b2a64f736266a95219a2a6f8b84e29f22749f
SHA51234d50c11faa622da73ea3c7f5e618beca1acc62e4b38b439075cd48b01624f0215b75fa8e3a7fc8658526d74e0ece92c399c4bf9bf6821c499dba9ed2f4da041
-
Filesize
18KB
MD5f305bc3ee71759d083e2b971258a8fe9
SHA1c2b505cf4c15a63f9934cb15bcdf1169bd77d7d2
SHA256360f3d7e874c8da98beedf18c5d964535b5dfdbd04135ac753c2f7f71c494347
SHA512c62b1da2e98e7c4747adbdc8c6e6c9d0a52f57e19a4373b76d588b146dbc8690ecebb6648e269a8dc994f3c7823c147c257f8323bca5bb6a28afb60ae9e8516e
-
Filesize
20KB
MD57362cc14cd710420c8b8103e8c2277ff
SHA1da39b8deaa43778f4b0d8a47125e281555a38306
SHA256ed69ff0235dd1f09761243dd808d599871e33e09f3397bcdd36bd347409dc71a
SHA51258b702751506d03fc50ed25fe38d0735a85b2c880318b35d18da85ab59560a5ef090976c2464c2a867a0c4d9a27d34bec19a763989058af97750a6f7ce2bb887
-
Filesize
19KB
MD585b7779a4e563079f1a019d227a8ebdf
SHA1f05194feeffc9f2d12767569e544c119d2af5569
SHA256bab3f54eb8ccd2f1e927ad0ef97ad7a910cc77923708dc703159e56bf863b8a6
SHA512ad90dce3d1e0c6c107f6b879bea250a0d59bf665809fc2866588ff900678acbc86437254579c8116c221de423c48e760091ef5bd53a417c4929abf5fa5c01cfe
-
Filesize
18KB
MD518f331c0722bc0f3955e4df4ac0b9f49
SHA10c994cec820e65ffa1694477c76e41a46dcc9013
SHA256ad51f3d5449e8470c0203cd60b5d760b7f948d613205d58f836d374fe9639bc3
SHA512ff4aefd8b70a6d9c99ec7f9ce342640ab08c38084248596ece278250ec80cd3b0aa54ddaccf2217ad99b61635c8df750dbd320773da69701c1fb82d64d29587a
-
Filesize
27KB
MD56f6233d842eca98751d7f4e376a8a5f0
SHA13f8f7f1f3886127f91838c9eba76c6defdeadf30
SHA256ab7ac7e2113ef3c2656edcd8d456b9c478f01b020e0628d964f7dab25cd7331c
SHA512c8974f4edceecac26b53b0cf1d35160f0d11c0163631e001d19f1befc3f08cff39aa01f223cb919931c43736a55ea87d9c10f1db55d487314ccc97569145d872
-
Filesize
26KB
MD52487d4444b9594bb3e02e6c231e8596e
SHA1e600e2320d2138089e500351aa68cd4708eae1b3
SHA2564255626a44d4615e12d5830a89e908ee727df0cb44cc8bf67a116a462d87559a
SHA512f91248c11cf325cea70e49a997e81eb487198225274ae1faaf75d794dc5d20a2c74fb232c5e631a4f82b6c95fdc78702bc2eda75c372467aab6229fbab1c609a
-
Filesize
69KB
MD56554589a899cbbbe1c7aca08b44b16a0
SHA129b7e88a5192762686f123e7748a4c171d6f0c0f
SHA256df3d58a644d285f7d1c66be1899573d1397504ca2e60d10679ee1deaa2f0c135
SHA512504f5c6ceed9e5e2d5cad70ab64545b05b51e1fcb1555615ba92fca0fc8cbc889f999a93c1942af857b89e08785f08f89d63d9b0ce7f1e8f0c0b9a891548c5a8
-
Filesize
19KB
MD5c5b3a02eac2106fd21661175789e8f65
SHA155580261e40d40a24c7b79bf016a8e76312e8988
SHA256560e01e72c974d4759b1786947395e7aca3d26ec2219b2a7d09e5e1b94416723
SHA512dfee8d7f1f8b5927f790f4ed76b8ab4a91fb62d83910aa677030030ccd14ae85f25a1c09969e6317cbaac073547a7e795d0f0f3436fbd1793b720d5add2c0bf1
-
Filesize
22KB
MD591d355d04731ffc1a1ad50f7c2cb2f3f
SHA1b974934c818b3ba9adb5272e81160f36640cd3dd
SHA2562aa47a0b931e84a7a51f9b660796658918e38b5892ba8f882403755a0560b082
SHA512c62ab66ff9fdd22cd39686868ea3767fef60a712c5c914fafcb0b328a27c9e35b46f41fb91268ac9bd4ef9633613bd2a36de7f2d0af15e3307c4802daf80a6be
-
Filesize
24KB
MD57cda06a7b7d6da5c32146e189a5d24f9
SHA135b15c1edb3a8c10139098c9445f3f3fcfd0e747
SHA256b07b9a307ffe44abccd56cf57ae53583a6389fbd24c92baf8b7b405fd71d549f
SHA5120880cf023019fc469dd9820e7aa44d2265e22e8cc244db8c321764ad2f47713382ecf25c11c2fb8c69500daf19ef7c986d61adfb79b1b92cf9d9e526cef368ab
-
Filesize
24KB
MD5d4452c41ea2580fbce3e114c36873692
SHA1fc74457b48c6b9c421f94f000f162439ae6ae3f7
SHA256f2720b4b31e9ab0c9c33fd42131bad09752f1db25cc3e391a262bb6cb57fba88
SHA512965e3bc4933c194f2f984810656640b72ac8a6ede32eab78d3b4442d91a8b38cee1f0f30a932c5c217606d34e054cb0518c9bdf81f87febc9cf2a13075761bc2
-
Filesize
20KB
MD5130c69abdca86bffbc34d7a6789ed202
SHA16151db1279a9a3c1b0f9b3991108a146159914ab
SHA256f8c477b1ead9b5d9d24f4c1ea017c11f98913cecf21f52b2174cd88cfb17e77e
SHA51282e3016dec491c41c446ea70b70c669ef7f757e191697f7a5be219be090aaac831466a23231e87e92c3cff01b3475186aa3bf63c7c8fd66a123add5c29d61731
-
Filesize
18KB
MD590d8e778dde8f2cbcd229ed98fdfb111
SHA11d4215db31ba89cd2b5f42de2af8886d516d32ea
SHA2569407906f2a08a2f1fa78df8bad1d2a0abcc5a2c442645da8751b0155aacb0ae6
SHA512cdaaacf8c0b8d3963e5372f0c0cc6f8dfd4624b7a7d23c6a884db455a5fa92046a399de2d330a2647af6d44353580aa33505ecc8ec8ae16d9e76dceb2a7aed95
-
Filesize
324KB
MD5ccf71e0549adf49923a41b39efc9ad7f
SHA1e448afd8bad94a82c1fcb3c0bff8ad8ced8e02a4
SHA256b1e579651ddd134b830e88e523fe14405893308f4a0360c3d4204ef8c5cc1d6c
SHA512bf14292a76dc17239a97c02c4d5a94ddefdc06601486485aa6c743881e9678802eb6b5bb605046aca7ce41181ea7e79ac664c9c6cd8fbb440bce545793ef5c1e
-
Filesize
358KB
MD550493668dec11ae59c6687cc44383e9a
SHA1dcd54d1d1a3188380de05edbd236cdd07336564b
SHA256917a8b46c74a684be9383322efd64bbce405dc9608a3a08779a3dee2fa3ccad2
SHA512a56d1df0db439ae8b26a219f13a1b9fe19ca45b84e7f60fb782d7eb5f4d443d4af08bd8cfe63e16ef832188a2266c6bf2760d12aacdd6e96287dc39ec5860eea
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll
Filesize5.6MB
MD5a9a4324037dadb655932ea50f98213bd
SHA1c9623ccfe3b0764fda3b0da89fe743ff8af8a124
SHA2560f5bb7f89409adddfcf7527e97d0997957a1bfbfda1293246a457b2e5f61fd5f
SHA512d1d2615a82d8593859ba21c5c611c84d439d1929c90a2be251c3da42f30cea1128c2765f70feab910005cad467e56b073bff5c48dd84f5bc9472c10cadf79cff
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll
Filesize644KB
MD5a931cc533cf0b53f7cc9d3511ca6e8d1
SHA162ca2a7bbadde71155c30ed8e385004c96d60c6d
SHA256499a86e3d249a1343110338382bc35ffc651f46b6b83c2a9e69336e109456408
SHA51291f6e5669463dba086dbb6ff5d19b6841d2c2949e896e8ecac60c0971986a1553e65a3d41d11d2072667fc4b11fafab812ca51cd847646651bc46a172d9375c7
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll
Filesize613KB
MD593d16e398e84d14f7951b75c0fe0e816
SHA1d81a82d3daaf37192e87c276f117b731e073b9ae
SHA256fd1438433ea1b425a658694f102dfee2a52683c48c57b888d4baacd07184ebae
SHA512391112a513caad1d8c720df3e3e52630168b02dad3c882e458e5d1a8b781703e1c7899a68f268081cdc9a531d108d4b40c25a98705d53a8d6395631136acc49a
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll
Filesize940KB
MD5d036e93f7a1cd1c92a458bc1eabc90af
SHA1689ae19b20304813e2e418f5683827f7b1f1b3b2
SHA256273927432bb3bb1f64e641ae70c886d1d503ef2010f88eb4e9e9244f6d97d55e
SHA512eb5fc935b8391e3f1e4424b0fcf4beeb7027806817018d472ad8f9c526a21cc8a415eb95e0fabe4c22176acc5e26e3688c5c2e4bf5f31c15d1bde1eb53486bf8
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dll
Filesize960KB
MD5508545524a044a5950cdc9b8ac6651d1
SHA1760e955e8ca2f833653a5edc41cbf39b74241d2c
SHA256e2c8006fea1b03a1a2c8bfeacc068d513871db2d539727854e89de2b757d099e
SHA512d26306225c4bb46d54b5a38c2799eddd1d4039a3a7757eba5baea72413965f3c094371ad8818eaf8a38bb631738d3477124bcebe6e782127c4fde7d9f50b44e4
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll
Filesize18KB
MD51867a13a62cced3b83584dd630c7f984
SHA1f4a9852920246e0f34bd9d712d81e6a5f0d670ef
SHA2560250ac0c1121a074e85d805dcd1b24c2f7bb50fe307b002764fd2c94883bc0f0
SHA512fb76a6ab8e376c3fe852abc875d7aa83b36fcdc0a47c7b7b82286f054bc0fd184e18223235b5df3526bb1abb44ae69a6c91c1c138feaa3c8cadfc1db7ba639a0
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll
Filesize18KB
MD564bbfd9eef696471d4818a33d00f0e08
SHA10626d4e75e4f0872cad0cb92ecc3927796171ec7
SHA2564cfee72948872d05d640735cbaf6a72ac9bf42ea54d66373b5147d1f1c54f302
SHA51210af72e4a2a05f5d921b50aef471b84d41aa11489552f46801e28f450db05ad2dad3e1f0445d7e7ce15bc5dcb248de074c1573d837c4dd7a34f482d602f145b1
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll
Filesize20KB
MD5fb81d895cb6f5975a129a4f3bc465cf6
SHA1f99daac9335c1565a378a87241866ec9c60295da
SHA256dd7c712e9b82ae57b4f58ab8162bd4d4ec78108885c55c9aba712db7f7891f90
SHA512c786e23ae8d66e17efb4c4e49885aeb05fb8f7f47f9e784bc87063b73a89e4b4b671614d37358e1b9dfad5059cb211d0e6e80cf3ba5c44172e5a88410e90457e
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll
Filesize18KB
MD5fb8fe9c6cecad360070a69bbfa82352e
SHA1228906ea077a2eff61988a1b39f6108bfcacbfd9
SHA256068cd05a7197c8b6a370eb06b5e573db4dcea249952567410b33a759343a0955
SHA512a9c1283553bfb282a5f2891a4778eebbe95eaf8ec030628d5399c7a49f17f1601194977835e4e158f1b3931f990a931480cbce485d6512f9ba00ffe14e9a2e9d
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll
Filesize18KB
MD5f3ece0f44dc8379e511f76aa7ed2757c
SHA1bc53552964158d4a54f821982596551b4e6ab2ff
SHA256da1fbd7549feee79ef345ba3b86e3215dd7eb3f5a3576a7d098b339271bf44be
SHA5124bf712dc8dc5c7d3cd07a4d65183694d4be4eb216fc247741a3137faa598b0bbc0deee8b286165bdfd97b2eac4e3a237b01a851e1bfad90013dea1e1e25389ef
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll
Filesize18KB
MD5cf820200e46781186edeba0215504396
SHA129080a9b2dfcafce6e0d269753247b850e5b47b1
SHA2560439644ce3461f315c78ee1eb4475b6d95f9ad77d6485d4e47f623c47de2e5d2
SHA5121f6574a95ae83abd8c7c100bf48b9443d5448edec5b6a2b3daaa37885e97992ecc8c13107ab182c9f93a0f43430a37850d6d36422a8de9e8df7e88e01ba0650d
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll
Filesize11KB
MD58798efe521d609e185b05f9a4e8c873b
SHA1d874121ae1dd0ea147813eac7636b47008646ce4
SHA256551ca1e89304d562cf9d9fd342883f7da421ae104760edc9079b078cf089d80f
SHA5122a7b9e1b33de3dc935ef23719a2384c8f923f4efa7b4369f1069cdcad9cd8fd26b32773aacfd3620c16e6ea667a0bb29dabe5aa097e8a5fbe5a692e521b590ac
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll
Filesize19KB
MD5fe72ee9fd881dc0bd846cf82e0efad9b
SHA1f7f76f3d3c3d29c2412dc91c111c763f7e8c9b12
SHA256509c76703cc36ba88504ef3f91e8dd6f6c5c7b56b5c2723f07f79da79fa20682
SHA512a85f0a422dc659acd2ab3575c94a18d79db1082dad854c6c0fe5dcc13a13f97103b1f5e1e08e64f408551434753136cf6ceb39c8ad0871bb955c7cb871597b98
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll
Filesize22KB
MD5a352c47c980fecd06e61e29ba23bc643
SHA157d3334e9c0c02dfb5dbc20a95295897d24e9c5e
SHA25633e7527fb465bef8eb6e92cbe53989784938ac5420529eacff3cc397e1980df5
SHA512a0f6ce1fea809004b2a4af1fe05892c07785088db56bbda0aa94685532dcc09117757d1e245f6491f3540d740b4f1a8c8acafb98b7c2f3a8ce80aa297e78a9c6
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll
Filesize18KB
MD5462f4e844ab57d824b42146611bf2a6f
SHA1032e586ae30500b1b802880f7540f5e0377128da
SHA256a68815185630bc9b3597addfcdfa30d227c2fabdb9e21aeb1aebcf7f0f085897
SHA512a13b6d8a35b3f0c2c633805cf52a159bea50472ec6dddb64f6a3e012c323ef3f574f4a73260722677dbe58f845ff993aa29641f57d93a5bb59642b53216398a6
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize20KB
MD5a3005583fe1172daeb308be1826c6e65
SHA194ac473b15f3ce618aeec8ff3b92d499b64b8ee0
SHA2564734e8deec1d71dd29093d2d1f5a2a3d6072ff3b15e3518d05d916e0f406cb10
SHA512e8e8fcc260b41235c005a0ec6f691c609f09e7747dc93b6a156fc84d4e3a6de1d0e985e7d07de058683dc0939aa352b674ae10f421eec773ad62992293d6302f
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll
Filesize19KB
MD5b5dca8547c540410006696be59ce3bb9
SHA14365aea2ff9b3e797722f85c469a5b11e0232f58
SHA256ad869b42b0348adb8ad89d97f608774e2f9b112335ab8a2c6c355c9ecc6c72e5
SHA5123a68ea56d1db63a01a80956d7872fc612f22548440f62bbf82fdf3cc7752d3f66740eef059f24f159b034469c8711089117234f22cce8f0517b76e06759687d4
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll
Filesize18KB
MD5c61cf076fb745cc0b0337c9cc5875772
SHA17e445625616d3e8779970a9ebcb97347883e19ba
SHA2565ef176a8a41822a580a978789f56ad0800cc356e4144827fb5a8d355267f8f44
SHA512918d317a13f25a02dada0d753ce52c673e2b8a6ae0b9b9d706e10325ae73971ff8441b6a3ccea4deb9ddd90b08fd84a355dabd59b7d8299befdc7418744af943
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll
Filesize28KB
MD5dc99ccb027e7f2ba6d98558cb4612289
SHA1f5331a00301033f2f6d14b31317dd2e447d9fd40
SHA25675f8301573ccc19e94aead3d05dbc4c2d99ef0d13bcd6d9339134101e80b9c4d
SHA512cd9eebc81e3044108a6c14331e5936b6dfc395b74a58ab40fb283c946cfc6545f34ae99b9d253a0a58d27a9c3e4a30053f153086df7c9599100ebd3c4f7ed71a
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize26KB
MD548e768bab6405cd35abc321113a52f84
SHA16985fb64489f502b36b5a886b470539b6d676415
SHA256b28a663b4fbe25ca04e3498712f89b56f9c25499f68c2f5d5aa3b8ac5de5573f
SHA5121bccebbf8a0bb3e0853c195b8238def5b39472c7f3130db282ba01720ba5bae32166fb44a98551682dcce411f9a1281375ef3230a1b81240d8627ed3e2838388
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll
Filesize71KB
MD59fe5748a093d8cf96fb3b159a9ff4fad
SHA19b65cdd95327cbaeb5e124123c39692376b44f9b
SHA2563b3bbbf239c3066629cdd279c945ea356898f581605baf5f13d45ba50f3d638a
SHA512a2333ce8f9a9bea2d643c6868b6bab8bb12c2998f929a166cc30107437eb710ba238a227b5b4d763b5307d484e38a242343a0fde140d7c0b67209acb14f89d9f
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll
Filesize19KB
MD5c8be4f272e2bc408e0febedd7d188d8d
SHA1056f0ad2961f669faf06730a0f85ad081c6206bf
SHA2561638ac1717ad229a3647804598955c2120e5e3f7f8b3e0b01acd43f64a30024b
SHA5122283acf585ac5b4ae601f48e74a5d03ed95bf050c83e51b5815c88e045fd6d6d36c5ec190fa739a11a9ab48b77c57fd48e71f1f5169553ae3086a4a9a37d8e7c
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll
Filesize22KB
MD5e5ad3681335319da7132c363efd4875b
SHA12df38eb2da76ef1399fb255767f845a958dc3920
SHA256d474d7069f32c22b81fc527480b0271a51e833815d8aaad003b450fc0b95d1f7
SHA512825eb0bcf82bfd1281bbe3a12a37fa546d6835c782c3419123f4b10a0ae1397b7ec3a724c58e5ae2694bda7c0f7bba2da999948bb8c35941bba3333843b9b226
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll
Filesize24KB
MD5d69343d2898efe2e97d14771ff01c8bf
SHA1efcd6c27ec1db4590f279c2ed4512b864366a57e
SHA256a0d78650bdcd24e0c610c05c4ff9054e76a36acba1034a094d9dec80008e2325
SHA51261e31495f11e353b794a7f844871f5072cc762b2620d5da7af2c4c35a1d39ac353940542a2c68ebd03d8a62f692872a4077e91b70ac37ed7679a3b71c6be6055
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll
Filesize24KB
MD599a4405dab0676133b3667683d802454
SHA1e4242b90935fb510a396bfc4fa90e6d524378291
SHA2562d80644ab77ae0743e9ad46d7bffdf54bd7ca1f1879c17e9f13744be5c7c8451
SHA512fd215db2b71062aac6fc491581d43e50954281136de4248512cce847b7b7a9f3658eaa90a0b336c30af973245df7dd0ad548c86a47aaff7c5107b76f3022332b
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll
Filesize20KB
MD56aed3d55e6cb7a78320956803572fd63
SHA1d89ab3ebebf61212deff411ee7075c9524cf8ab9
SHA256448023768a9d76d198e0e05cbb9d50ba91b16c4bd2b04cb00407789e5e473447
SHA5123703eedcbbcb413e8c9b8d90ff6840ca7595b3e4397f02f338492a2d2224dcd06251e8d20bd35965ca082efffd3d0eb48da8885f516ff1600292f537572217c9
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll
Filesize18KB
MD5ed91c060b2df23bfa7006f702fe2ff5c
SHA1847f3a4fa52ea3a2faaaab953b702aac1251fac4
SHA256dcfbb10c41400645c0a42928d522d888bd05bb000cf8887a98ce43c2d70579a7
SHA51249167370ab8b08859786284d996ba15ef82e6bc80ec93fc053da87f8b1cede5ff60d6288d01e2162b14fc07d291eb065b333259ecec5769b7946629dbe0ec831
-
Filesize
244KB
MD5beb89acfcc802b766640425f1acc947b
SHA12c442dab0c40e08b9989157c7d567771fa0b40fb
SHA256301e780eaa165a7b5ac0fcdc37857cbcb1f0205b44f24a76177efbcd2eda256b
SHA512c906ebe2d3100bbad72832faa569df53bfe7956389d781156fe9a063b8aa60b7e90a8dcb79115fc57a18db1956e3c2f390ad76d641a2f23700f54f25ecc6c3c1
-
Filesize
4.8MB
MD57c160be0bdc787ae3b74ec0978ca0d66
SHA1ac34d593d8b454823f448322e605735de156999b
SHA25655ff77fceb336924a66e5d72503e50697a815a6e6601a5cefaa3eeb1a1772bab
SHA512bd5ee745ce298267100c8ae239ec135c0e40b667c5f21a83ad53eb7b96b2464edde2316286a0af837656c983c00c906491d0c7bc0e79837c86763e6ed42209d8
-
Filesize
444KB
MD52be4a9eae90f72894f4f5a9099a8430e
SHA1e70594e5f25b57f4b58ce1d29a55aa362e030503
SHA2562681cfc7e9256cac9e7cfe6fa0ae40f665e73e2351626ea1d4ebcb2c2b763a83
SHA512ef75fcedb63f796b0cc6bbe8a614596c3ee824eb60f39685decbab5a19af8f54c2c8200675d8fb1a6133c1980d5f4ea19835e327811cbbfd9abe40fc7179f058
-
Filesize
439KB
MD5897d622877119e249ab152c7ac3d4c9e
SHA143b86dcb0bc129c439ad17f0854db91b63aff642
SHA25621c78f6d211495697faa0328c2fac7e7af3fc932d16af0f473d2799361441b1b
SHA5124dff5d45c972b2ce6ec8b7cda5ff5d3f5708305fafa75e6369bff95a9917a17fc3d4dc0c064f075ae867e048d4dcb3d81f847afdfd4ccda25858805aa7d13fd5
-
Filesize
946KB
MD5ee513c35807c93469868caefd3a7e2d5
SHA160d1bf3dbf85f7c0838f3dd6f7d730579344a710
SHA256b547efeab55ec074b67b1201d8237cca6b2bd91e25a05c8c517f01ccbd5f3c0e
SHA5121cf5386b2908bcbe205371325961035d1f29bc1b3bfd748105e4299f8dc2d96fb57ee3dc37763abedb343ea1d8b3e647fc7ed87244f647ccff12ece522662953
-
Filesize
879KB
MD5a1d399af6926c00b6d73d7c0604189d8
SHA11d61df418b997a14d94a858aad23d14d6cdd092f
SHA256cd0ce8cc907269ad753925f05aa9949c1e87db4cce869a14dc2c730a9bd71b44
SHA5122f2a61bd987a408592e0572d48d5fcf920118e40666bc29f1861251e5302ab4213b19226a3006d2ff42bed6487321cbb7d488652238dfe37f60e793a4fcc7c70
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll
Filesize263KB
MD557b9ec2e8a4baf3a3d058b00fef627ab
SHA11779d5d52ed313f6ef24908de14d8f0c8fe1e6f7
SHA256657e1e04a96aa86b9cb96a1b290f499828876e15ebc28bee3f4c952932a0318b
SHA5122b14406a1a1e6f1ecdc336723fcff198bea547a7d23db15083f046030ce3130756ef29cc10634c6f0a8dd2c294941d5aeaf70034fe59612633e5efabebd08d9e
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll
Filesize79KB
MD5a9558c416903975d22ecf57f4f7d55ad
SHA1962ac635694fc1e4cc0832298371becbc878a29a
SHA2562f39a06bd2c84776a2c7974077201c50ae460686587912f875c280b38d24126d
SHA512643156f2180dc810b6a9067c2c206a0b2578adad625fe9790cc589ec2a4ecaac8d5bfd37120cbfa0bd5a95c89d85a161bf617224b02d2082c479f681e941ec32
-
Filesize
83KB
MD5aecc5d5bd1fcb7d12086da744906aa31
SHA12504a84974e08b83d1e57d3844f583169fc47f29
SHA256d26a71353cbb611320d0b0c40424ee500377434201ee86a6c93e825342548d84
SHA5128d11d8ba86b4d202afde90b30ba103d1290b9f20044e2b9f29881413ed0da68c3952f987950cbed5980ee7ca8534b1bf3d21d024c1dbc010ece0e3c2ed84c208
-
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe
Filesize1014KB
MD57264295f0c7a05c2a673633f3f6b85ec
SHA1310d001ea5f6a7782ca09816ac99fad1919d5513
SHA256cfa31bac9acb4a8681dd55e6adb155a447486a697bbdcf350d7c7a3ab6e8e716
SHA5124f3201e8f3b08c5d673985666344916dbdffa6ec90fe7f9917e2ff5e367e0267c4df7b9851a0578097fda51ba60383a7326535b288e876acfa1398fc3ab9d9d0
-
Filesize
584KB
MD54ac6f01392c86f089efe883a2c63ed23
SHA1ce1264a6a0c0acea558b7e3a666adb51115fa88f
SHA256e3694f0e43f4fcf107a0c2eefe23d3022735954352c7ea3e4ba7b45d3626d25a
SHA512809101ad3608e2c70b29f3804f66628cb0596c6ad5d85241f59d0a0eb095d2b119a161579708e0fd48cfd9997a7c6f59caa80d581e19683780f52e1a355eb9b5
-
Filesize
1.8MB
MD5fe9ec77541e712ac38256a3194fdc48b
SHA1687264c78a1020001ba271e0fa0dbd890671430e
SHA256e04eb6ef0f264df104ecfaeef8eafdb45a932e3a08e62ee3be34bdd7b3f992d7
SHA5120269ce8729a73ed8896f9efe262fc1effab0e1bf0395dce736b39f3e34a59bbf071ba099123bb748a3b76f1a3b2805d46596abc89f50a4f324215b3ac3956235
-
Filesize
4.7MB
MD5a7f555e7a41940de7f7deaefe16f9832
SHA1609a396e9dcbf9496b364dddcca175790a5bd3a8
SHA256469cd6eb02f127a9cf6e2cadd7a2de881908955deba7c80b01c07e3b78ee3cb0
SHA512f17708d6fe754bbf7a56114735a11601c1dbd4f950b84d75f1d93209e3e5cf7e84e756a2e41a4700a3cfacecdbefc28eabcdc81d2c1944243503fb7ae245f497
-
Filesize
116KB
MD5797b345012b3ac75e248678b4effd9d1
SHA1e86816446d4e9f8c7997794adc72ac3d907248c0
SHA2563f4a81e2087d82f5dcf39f99c282c8803805e9d682cb77a8d7437e4c82c2943c
SHA51280c819d726708d743861c0e142ad0e9556e1fa2edb3b488f5d2e69b3477b54c8247ce52d7c84ab0b92c57f35bdfcb7729bb44f73ba639623c2df722ea08d81df
-
Filesize
32B
MD56626b8e7ceb007a7f541f5d77c3e9b15
SHA13e76ff7e0033121be705230f5135ce4f4bcceae6
SHA25649f649e524971fb9bbdcc790e0943a8df1dc6f65b4cf71b4add79ac5a5664a50
SHA512def919c5518bff2a946e00b8a7b49783ab7033a33a66617bee499fc57d7445bfb6f11b707176b69d6fc94bb6e6dd5d4baa6d1634b67939779a9ceace156f3b89
-
Filesize
48B
MD578107747b672eb679b3f094a3ed2c36b
SHA1e7bc92e2a393c27bebd84d7fe760ca4d2349131b
SHA25685712e93f7203af0afafc132138001d4fd1b2e203a4e994b65d9ffb9cb9c517e
SHA512ee8d1ac53795aaa55220de6c64ec1025026770fbbc76c9c2b4a45aed1bc89b709cc019ce364c351587021bfa4baa4ceecc4b825c0a94c00f98a4f4548da7b452
-
Filesize
32B
MD5c5c6f4ecaf8d935d5b7fd06b6ef199d1
SHA11de5819b05d652b51dac88ec967fe2afb961647a
SHA25695c1ba393f5c5da0074a14d2c9b9ce9417b059c59de119bcc985a1ae23b4368b
SHA512a7d6834823a29030dd30dc7b46dbec038aba157dac93041257b7b27f7196cfbffc96ac883e3c53181026989a1ff7e224745c076c8040e423af38f0c6ab126c45
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0
Filesize8KB
MD508e10dcd1ca347dd62280405c262fd39
SHA137d40dfeb6126f3f5cfb5fabaa04771814221bef
SHA256b32cec07105166fb66d0bb53677357eadeb36754fa60b4cabfe6b0daf9d4cf3a
SHA512269c3468f2e371f8631bb5672fd157b629708d8ecbb75687e197c7ede4b7423bbd93447a43d499cf44a51c7404ae959d2beff2729eaeedb6ca6c08dc2719ee6d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1
Filesize264KB
MD557b26e51d4bf41090e253e44276f5708
SHA1b2c9dbb03a93352d0112830f0e0ed8d8a7c7c10a
SHA25642f7ab64b049a3c02d1c0295e937f9ccf47950d52d7c6f3b5dfdcf10112d19a9
SHA512b5196a5b45dc912c1f8329bd87c86ecea2db754c2279e5bb3ac3c8fe46a74213444b514f6cbf437acfa3438d2904672ec201e4d9f16a2ba89c09ff636344536d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2
Filesize8KB
MD598358d88b337f8da252c7116089d8244
SHA1d9e39c2bb7129c02b29919201f15c26984a7a800
SHA2563f3b0d67265df194b9b23e4accb9afa15c3bc669e1651316ccf74ebf5c9e162c
SHA5121731e84d805f69fce8c12ca3842bd662d213f8b8503011b647ee3a65ef256278a5c0ac2a20bad3b8157bb325ae51836079052414e472533844fc60f8817b78a3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3
Filesize8KB
MD51e892e092df24d99abf7d4bf35ebee51
SHA10463e6facb8c2680dc8caa61c1f5b9840ec269e0
SHA2560fcad5074280b8a5abc131a012d32c51a6dab76dd1475ffb7f1f739b18977754
SHA512e11d830542fd7a5bcf8c5a108637b3249582106b222a239e5f6feef5b9b19755559f5cb19f4cb73dae4db381254abd5be826598e42c52152512e49cfcec3d758
-
Filesize
1KB
MD5dc1d23f677058bf5f579edf976e84d0a
SHA123aa81489ff9f52139c3af24c6f916ae24a26073
SHA25631f88c33bd8a82f50a536177a81b3a5822c8e552ee2d09fbee78b5342c76e041
SHA5121ae31adbfc4652719f43dac7a465a09432ffb9715c91814c5096842a110602b941875e5148538a7610cb708176f1c91ee27482493a48958a72877ef93f37e2a5
-
Filesize
332KB
MD5944698636dd1bd8ce383b5f095de1f23
SHA1bac2ee2be83be8473794b96cb7d48c93e1c1e6a9
SHA256f06b023de460add364c1ad8aaf0dbd3f80acfbbded999ce344585924e346aba9
SHA5125e4a01b98aca3d880ccf6d4f266d8e5b9d1c29ec0cd6df1e5037d9b823e8de9d3272703ba72441f19890b149f9440bc455d1fa5716ad808b0d945c11938838b3
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config
Filesize309B
MD50c6e4f57ebaba0cc4acfc8bb65c589f8
SHA18c021c2371b87f2570d226b419c64c3102b8d434
SHA256a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c
SHA512c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config
Filesize580B
MD5acb6df8bd0fe9236ea87ea6e3c28173f
SHA18b1d88bd749b58905c6db258e7224a67d1179938
SHA256ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b
SHA512a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832
-
C:\Users\Admin\AppData\Local\Temp\Borat\ClientsFolder\17C4B51780DE9816A7FC\Information\Information.txt
Filesize112KB
MD5738cabf3085484975c61d0953dfec7ca
SHA1a3471eb58a4bb51fa656f7e24d83fa3373b0b49a
SHA256432cb68c2d5d18724c30954076134fb431007ad8abc6034bc5601de9d1ea5abe
SHA51242e9b2a87ecef437745427320d88bc972108c6b0d673bf528e87b0ee9f23f122d66492ce52f0cfbb92f16cd8a5ed01734716c7aacd366a551ec9c319d3a804dd
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
149B
MD59a92615306b0e028fb1a513b6d3613fe
SHA1fb54c0a3c54a92b6a778c47622d35ccea947d546
SHA256be1067231d43d6e9002d4c9c1c92e9fd677457053d23272fc7e4d6c6128ad332
SHA512750f092047d59aefee146a12da095320c495111ab3769e74d92b3f60046eea936accdb6aae800e565616395cf30eea4358882ca28d4009c8b9fd16e680bbfd17
-
Filesize
56KB
MD57d2a32931b72c193d701af0f7767973c
SHA144ab8e9374038d47aa19f13764e02d5fbc52f913
SHA256b5365cf212489a451016d8825cf044b98b35ecc19a005e8fb811959fa7f6ce31
SHA5127532fd0f3a2f651f2e0ccb609e2950f0a93e3c2d4f82b6f20faea03278086ee930184affad4a87de15cc13842939b3c2a71e3f34ff31e00592372b7fc7ddb610
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e