Analysis Overview
SHA256
2a47c744beb133ee41748754b3820606974c14d9dacb382d40d167676b547f7c
Threat Level: Known bad
The file 396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.7z was found to be: Known bad.
Malicious Activity Summary
Phobos
Credentials from Password Stores: Credentials from Web Browsers
Deletes shadow copies
Modifies boot configuration data using bcdedit
Renames multiple (434) files with added filename extension
Deletes backup catalog
Modifies Windows Firewall
Drops startup file
Credentials from Password Stores: Windows Credential Manager
Reads user/profile data of web browsers
Adds Run key to start application
Drops desktop.ini file(s)
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Unsigned PE
Browser Information Discovery
Uses Volume Shadow Copy service COM API
Opens file in notepad (likely ransom note)
Suspicious use of AdjustPrivilegeToken
Uses Task Scheduler COM API
Interacts with shadow copies
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-24 16:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-24 16:11
Reported
2024-07-24 16:14
Platform
win10-20240404-en
Max time kernel
176s
Max time network
149s
Command Line
Signatures
Phobos
Credentials from Password Stores: Credentials from Web Browsers
Deletes shadow copies
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Renames multiple (434) files with added filename extension
Deletes backup catalog
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\wbadmin.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File created | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6 = "C:\\Users\\Admin\\AppData\\Local\\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe" | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Windows\CurrentVersion\Run\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6 = "C:\\Users\\Admin\\AppData\\Local\\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe" | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
Drops desktop.ini file(s)
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsAppList.scale-100.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-256.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-125.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditMoment.contrast-high_scale-125.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-150.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\Pyramid\Goal_3.jpg | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-up.png.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-unplated.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\release | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-60_altform-fullcolor.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\MedTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\WindowsPowerShell\Modules\PSReadline\1.2\de\Microsoft.PowerShell.PSReadline.Resources.dll.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\SystemX86\mfcm140u.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.DailyChallenges\Assets\PrizeHistory\awards_perfect_ribbon.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-ja_jp.gif | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxAccountsStoreLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\ui-strings.js | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Buttons\Undo\Undo-press.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\organize.svg.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\ui-strings.js.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_invite_18.svg | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Resources\TopicPage\core.js | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-tw\ui-strings.js.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\SharpDXEngine\Rendering\Shaders\Builtin\HLSL\Textured.fx | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses-hover.svg.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_vi.dll | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNoteNames.gpd | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\ar_16x11.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_retina.png.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar.id[3F3E1D17-3511].[[email protected]].backmydata | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| File opened for modification | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.DailyChallenges\Assets\Popups\DiamondBadgeEarned.png | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\mshta.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\System32\vds.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\System32\vds.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\system32\vssadmin.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\wbengine.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe
"C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe"
C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe
"C:\Users\Admin\AppData\Local\Temp\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\netsh.exe
netsh advfirewall set currentprofile state off
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\netsh.exe
netsh firewall set opmode mode=disable
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\users\public\desktop\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "F:\info.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\749dd1da2a144705953d4e257372924b /t 2596 /p 1540
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\b1bddee8392348c5b7676a8287f68052 /t 4196 /p 260
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\ea3f97d848f642078d645482485340c7 /t 2940 /p 2956
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\info.txt
C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\88efe9db04944e6fba3c62ff922686d1 /t 656 /p 4128
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\info.hta
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
Files
C:\Program Files\7-Zip\7z.dll.id[3F3E1D17-3511].[[email protected]].backmydata
| MD5 | df8b133bb20debc2ec0c663b6d18d9c6 |
| SHA1 | c76b8faec0809b0c104f5d12f82f14dd219edad4 |
| SHA256 | 0f35373adf9eab14072e024687c53f90543d70a7bfdebe9468425b290ceabe50 |
| SHA512 | 3280b5be1d1839771ea2803a1462de2425ace3eb369692a620dbb28d2bc8f3418af51455e8fcac1b5f5258362fd3bad8e3f96e2b661f4699c6a6a7245d3016e7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
| MD5 | 1681ffc6e046c7af98c9e6c232a3fe0a |
| SHA1 | d3399b7262fb56cb9ed053d68db9291c410839c4 |
| SHA256 | 9d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0 |
| SHA512 | 11bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5 |
C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md
| MD5 | ddc4cb14453391bcb5f4d645b2916a6c |
| SHA1 | c4738d174c90c285e17bf51a9218256f45f96ea7 |
| SHA256 | 0c19ba9eeecab3cbbdf38da08c3fa0266f10ce8166e056715931efc543335eeb |
| SHA512 | 34a32b92ffb2945608439653b5ecacba49fd3312ba5487ba14796c75b07655f0d8f735453dac117d46d204d3f810126f8a189f82c015fa8bb6ea37d9b8e0e30f |
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif
| MD5 | d13b5ffdeb538f15ee1d30f2788601d5 |
| SHA1 | 8dc4da8e4efca07472b08b618bc059dcbfd03efa |
| SHA256 | f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876 |
| SHA512 | 58e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46 |
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt
| MD5 | c5b7a97bda04c48435a145f2d1f9bb42 |
| SHA1 | bd94219a79987af3e4d4ce45b07edc2230aaf655 |
| SHA256 | 07ec9bf950252d0254d4d778698c2e4173f36dbc3f57f51f34d1b85a07c2eab0 |
| SHA512 | 7eb1a26cf8ef725ba6d1934ca4802f70cc22539017334c1d7a6873afeea6236bcd643b52630f7fa9d8a9e692f718ba42cc704ed5f8df17757028be63c3efad80 |
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml
| MD5 | 809457c05fe696f5d34ac5ac8768cdd4 |
| SHA1 | a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9 |
| SHA256 | 1b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be |
| SHA512 | cf38e01d3e174ff4b8070fb88ead7e787143ce7cf60b91365fafd01cacc1420337654083a14dfb2caa900141a578717f5d24fa3cadd17c1a992d09280fd8dc44 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6.exe
| MD5 | ca52ef8f80a99a01e97dc8cf7d3f5487 |
| SHA1 | d4bf7b56d1f022e14a870d724e8da274288bc5db |
| SHA256 | 396a2f2dd09c936e93d250e8467ac7a9c0a923ea7f9a395e63c375b877a399a6 |
| SHA512 | 06d2fa34d9972af950d166a67b39b987004deab1244206c96cbd3cdeb862758d482854ae4fa6b6472bbedb0601b64442c03ec863b3df8a64e9cf38a1c3a826bd |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK
| MD5 | 301657e2669b4c76979a15f801cc2adf |
| SHA1 | f7430efc590e79b847ab97b6e429cd07ef886726 |
| SHA256 | 802bbf1167e97e336bc7e1d1574466db744c7021efe0f0ff01ff7e352c44f56b |
| SHA512 | e94480d20b6665599c4ed1bc3fc6949c9be332fd91a14cef14b3e263ab1000666e706b51869bc93b4f479bb6389351674e707e79562020510c1b6dfe4b90cc51 |
C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_K_COL.HXK
| MD5 | b9205d5c0a413e022f6c36d4bdfa0750 |
| SHA1 | f16acd929b52b77b7dad02dbceff25992f4ba95e |
| SHA256 | 951b1c95584b91fd8776e1d26b25d745ad5d508f6337686b9f7131d7c2f7096a |
| SHA512 | 0e67910bcf0f9ccde5464c63b9c850a12a759227d16b040d98986d54253f9f34322318e56b8feb86c5fb2270ed87f31252f7f68493ee759743909bd75e4bb544 |
C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html
| MD5 | 3be680b6a8edfdeed37bf5068a37dccd |
| SHA1 | 75bc261fc558634731e683e431e4a31c5b463107 |
| SHA256 | 1777e4f7955cb5900c97d92081efc4b11704ee3b265717a7d7152972b49a36c4 |
| SHA512 | a3c8a91689105a14c49b020826944d32540353c56fb9e9a011639ff5107d25e1d3466f0fc487ef953c6bbf0c006abc5204e3a8f0093e1c633013a547f8ecab21 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png
| MD5 | eedd2d13e3671d589714446755b78b38 |
| SHA1 | 2fdd23507187a259f5a7edb01611a37b6b09f4da |
| SHA256 | 467082e15a8ddefd51088e12a6189f9923dadfdf363ac1b0448ec43dc483cb3d |
| SHA512 | ef47a62ce6ffb0c5b34b2c6d72f5874dbad4109b98aaa21f56b8b2d83471f5ebf983f6dfd889399abe4fead6296cf2ca3f409a4aa4badad8cc3c48f688323837 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg
| MD5 | b651e9101be833e87337050028831efd |
| SHA1 | ee594ba38a6324369ffc7b4dc89407d3436e34d9 |
| SHA256 | 4717e5fb82c0ee85a7c97d022f410990a62efa2492070e42385cfeab67afd619 |
| SHA512 | 3552858c2a688c95a76c0bb8a6a76b119b744b2e8ae7e7f30135ccd8a145318762faa52c1783a639fb179056317caeaed20c15f211db1d45bc957bc3ce591aef |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg
| MD5 | 1bf37c0336c12ccaa1c62386acacc858 |
| SHA1 | f1e187c79588e4e9fce931997443d7e5cafd1db6 |
| SHA256 | a9044f3c6877f4fa6789bd90f11813a22696bda53e0be17bf52229b70fa87673 |
| SHA512 | f75100874b1dd43c49f54a9aa4621e8bd1efa84359ce44ece2444b639c7bcbddf6564f6c4be089f5d656550c7293b9f5ec4a4b20880939fbeb5ebc21e30866b1 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-default_32.svg
| MD5 | 81cfb9735fea15ca8791a3c34a78d992 |
| SHA1 | 9b4962166a47f5edc62e5fe3c4f8772446db9296 |
| SHA256 | 3d89171c24a889bce28f04adb60f08a141584b7c345b158536a72a8070c252b8 |
| SHA512 | f6ac853f4012ddcb29e5079ec00bf058343af1a6d6cedbc9613056db0575c77e964b0864c9693a6e02a525d5e13ccc54e0e7fd938ea39c3d2c6005db959b346a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-hover_32.svg
| MD5 | 55215e8f92d35f26cca06fa9d5d221e9 |
| SHA1 | 994838c8df5921e3828749a7703ebfa8383e43b6 |
| SHA256 | e94ac27227c8a25c3f8ede219fd80ace01e7176a12111125b31ae1dcddd487ae |
| SHA512 | 7972d3fb8c305a1b41f3ec4a618c9904c1e655fc757f1dc83f9d9041433f3c30e6708ed3d4fb3166cc41d9773df3f159aa44333f76fdde28f317676046bc9c67 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg
| MD5 | 2807924fc18c958c38a7004a5dbd4091 |
| SHA1 | 85534040543c3306284e6a475999c46249a35e4b |
| SHA256 | 0345bffb28f80f4d0ded1a2af09a337b18ab3a80c68205bc8321a6ad4d409500 |
| SHA512 | 264d29c6b920b3005ebda1fdb0e0ee6e17059c69d63969c61ea4b5c5464022166ccc04b2c1f69b91052c3e3dd551a087e8e5379d2a62c452184a12b278a8ac3a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg
| MD5 | cd5d2472a2bf9ac7eb4e15146b30bd2f |
| SHA1 | bca600423f99b87df44fde9d96ff874017037afe |
| SHA256 | 038589c0f8f0b9fbed7fe7835de0237de4a28ea404078955a78c0b8145fa323c |
| SHA512 | dde83047b85cf0afd4ac77c9f4e850ebba48a1e1d581ed78c30733f58a9d5e2e22d34a2b2e57e4527f3c314f84922c3aecd6366052d46e0d6157990ed888a27e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_reminders_18.svg
| MD5 | 3f16cc51cf788a50e6cc1ae60897bbf7 |
| SHA1 | e5a8c8f5227ca6da79589192892e81b6a3f43686 |
| SHA256 | 30f1d12f90b61f22130b22667f722aeca0aadd59ba3e19d866d72a99a3f0ce3d |
| SHA512 | 17686bb9e01aa108b9b62b33bb70bb8aa35e4d88199281aaacbc8d8da7d54f1f353bf31a109dc22a4e404780ece4cb3d23f0ec81f80e9553ef060011e568134c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg
| MD5 | 0498cfb8aae1383c049e8ccdd85f3abf |
| SHA1 | c5fbfcc70b441e91a5ecd23295c745aaf076aa4d |
| SHA256 | ad125b854735c81b5782a65b5b006c7c991e28688b6dd8e5998f432976b9223c |
| SHA512 | 113f19bf726f79473ae2b4406a76676ec0bc4709a26f374aaa3bbd9d0b5790ee4fdd8ebe1a3ab68995973923ae33df7c1c6798e93bf060643c14acfabd4e9302 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_up_hover_18.svg
| MD5 | 30c9bd1aee3794fd46bc99fc2a359212 |
| SHA1 | 9817640da0b98babc461d277a39b323dc9a76cd3 |
| SHA256 | 4b10fc416763ad7b65a6d6fb3c0016505ec5aaa7a117021a26e4dd6d11fe7d1d |
| SHA512 | bae367b7555f5f7f677abbad1dd548225c2580ffe21bcae5022f8eecf8c97cfe8f7813fd86c31a7f9052c174610ae9d2ae21ac22b381701975492e2386f67f94 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-right-pressed.gif
| MD5 | e3c4dd21a9171fd39d208efa09bf7883 |
| SHA1 | 9438e360f578e12c0e0e8ed28e2c125c1cefee16 |
| SHA256 | d4817aa5497628e7c77e6b606107042bbba3130888c5f47a375e6179be789fbb |
| SHA512 | 2146aa8ab60c48acff43ae8c33c5da4c2586f20a39f8f1308aefb6f833b758ad7158bd5e9a386e45feba446f33855d393857b557fe8ba6fe52364e7a7af3be9b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\ui-strings.js
| MD5 | 0d3a12fd3f68decc694da04b57e61d8c |
| SHA1 | f73d4d591f6ef0b2b04fc90d2e840329f7590743 |
| SHA256 | ee0352f75df1009fa6f5eaf323a1ed55c127cc679ac6b9de70b1b3f8dc9ece76 |
| SHA512 | 2c58a879d4022b441056c85c301ce26401da5f7bc9619debd35fa3bd98b5f1cab8f21e2ae5a177865c64e741dae18f39f99fac1cf00c468ba0e281037d5e883c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ui-strings.js
| MD5 | 68b6f0644d50595a97c9fd60b8d8e697 |
| SHA1 | a4d0edf9264ce1922dc419c7f3b3cedb2814bea7 |
| SHA256 | bf9b3f1f9a3a163d41b1b20a2c410355e6ee72ae97725a7bad97ad23993b0b5f |
| SHA512 | d1a26cc27c302f06419abf97507c0a4d06729aeadab615acaaac0c3fcec6d7715e10642121a4d773ad3d5f613030728e49fb3d07303fad05f7a342352ebad003 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png
| MD5 | 65c9f3fb24b80d8c470d518f901b9c60 |
| SHA1 | b9521c39944357d4b55b91f9f3739575d1f3bef1 |
| SHA256 | 8de76ee7eb6b32c307d4a46a43ac55bc15b917e2a24d36c3d001878a97fd39d6 |
| SHA512 | 6572d65abd587055a69980558b2568266ff76555faadf3ddc93fa65bdd7a009a2fbca10f37f44c27ae889d3de99a3673c2b9ba6e6456242e951703fa32d9c636 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\ui-strings.js
| MD5 | a778c47dd8521d6a12093b3e97ed8474 |
| SHA1 | 2099d940cc672373884e1c622bbb606e9e9438b9 |
| SHA256 | d5343776747d802d64faedd9954d2a4bf555a6cd85396c55c39a8fce4c5353a6 |
| SHA512 | 7c9c9b406c1b79b3298e975abb3f64927b6beb9e8784b75927e19ba649936c19f04d958d07499a5d5c52049cf2d3600e32f6f437c98b2946a977ca82c71e7224 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\ui-strings.js
| MD5 | dd24e91615f1963a5c64bc9878a0a8d5 |
| SHA1 | 407ece3322d57d16a448b5522d4f29229f80b8b1 |
| SHA256 | 4cf9816ed1062189ff0c8d427fba5e912cc68fc9af76cf7f08fd255977de3b33 |
| SHA512 | a88d5e6fcfd998b0abe79b5b314f3f83f424be9447dca01e1a64a3e7313eb247baa894c10c5758c6788cad27582c09207d00d2e7bc41515e7f1751e05aa812ba |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png
| MD5 | 3f7323acc829bc8b3799148d439b3d47 |
| SHA1 | 3d3c540c4080462a8013d6db9383ad69606779e8 |
| SHA256 | d9de646d51650572b66a6cf8a52ad1efd46b7a47830fa7972da0bc05baa2fad0 |
| SHA512 | 09e2a175dd874ac369331fbfd863be20c9ecc005bfd6c7eeadac071804653265e4f7195d70058f2f73951a6a6e202fc96930f2ce71c2d815b228edf01729b559 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\ui-strings.js
| MD5 | fb4aa89fb89bf94d0590a3174d1193ff |
| SHA1 | c3812f2105099071c24141a994a9d5087199dbf7 |
| SHA256 | 655a3ef0465a9f30fddf25f4dde0c19a05c6f9069b83961800c1944165955273 |
| SHA512 | a494c0d9faf3defa9ff320421d0c00e4e39845f7e998c6a06c50b5e7edbb1ed7a948dda23ace06a3433843615553d2357f1cb04acb4ad1155ec43f1d07511524 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png
| MD5 | 7ab2ac51d33778dac850c5dd8b4ba45d |
| SHA1 | b3f47f20c438aa488fe835e0145c014853ee48aa |
| SHA256 | ca17d6cc1f7ab317c34a7cb767ad017163e71726ac648518679c6b1c59fa86dc |
| SHA512 | c14ac0ad209625e0acb2ca9e0afc5f6c98901b01f92b675d073b72929455f47ccf29cbfdaa248c602b02fc2bce484c56753b1a54e66f6ce9df2ea57bed88962b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ui-strings.js
| MD5 | 07bcf4e882ae521ec6ddfd0bb2a608db |
| SHA1 | 88e2ab25dec6ba9fedced9bbd21da03639da9409 |
| SHA256 | bc9df2774317cdca8e5a702f249a6994fa3b63852e7749124e82ef1f37b89aa6 |
| SHA512 | ceafee63fb03e94b418bd87c6af91a53c9bef53b86eddb51a7aee77d8ad5e6654045da12c3c28f3ab4486d2f6f135f7f834790991037708b0301085f62e22fa7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js
| MD5 | 0ec670fd70f5e89c3d2727df9f2a5398 |
| SHA1 | d19c88c8e11361d4f29719518b8543e0ecf5ff09 |
| SHA256 | 8267479623714339b61159b2f8235b15a38ccc1199eff859e5dc13359f8711c3 |
| SHA512 | a429234afdc29df1276238d3e329299a6fb5b1ef6044429c1acd8abb95c0b76a14836b47805c5d464cfc95978f5e3b10eceae6c26a2964e2c352fafe1d7dd6f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png
| MD5 | 2a78f84427d1d591409740722e60d793 |
| SHA1 | 304f17d9c56e79b95f6c337dab88709d4f9b61f0 |
| SHA256 | 4eae979bb805992739f77e351706e745076ed932d3ef54dd47ba119c4c2fb5c6 |
| SHA512 | d687c646bba8b801511a17b756f61a1209ea94938940fbe46d9e4893f14606f9e1e5ff468ba4a77474603f5cdbe0cb9df3d24767e5c9ac81a0b373dcf4a4f3ac |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png
| MD5 | c7fc95def1d53bd3e747248ecbd3cd5e |
| SHA1 | 1b251f02465f9c7dce91aac5aa0679a3c34318e8 |
| SHA256 | 4049b739e6322c7d7caa241ac41c8e0b1f2893957204a910c9708c7731a7a8b5 |
| SHA512 | f4b90435a3b250c1d3dc8df9bb4d331dfe9b1c0212eeb1768073afb81b3915fe61a7c4af151c8090565f778dbdf1f4fad7b5f545c9a21b7782cd7671be2ac96e |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js
| MD5 | 1ea3b76135bb4a589027d6243075a936 |
| SHA1 | 2951fdafcb862ef53fcf213572368bd5e08094ad |
| SHA256 | c960c819e997c1c9d080235a5e24e65059b63cf66b95ff3da9a44773ebf81c1b |
| SHA512 | 3c10075e71d2e44535e19c8660bee7071a110d07dbef67ccc4cc94c45f93afd72f8ce6b24be31e6193549823b7db204e20950e5c1a075ae159c39682db295d27 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]
| MD5 | 6cbbe3240a203b0ff387d9bbdadd49ef |
| SHA1 | 2c65f6ea9acd8d164ece87edf2f142942d8cdb42 |
| SHA256 | 7b3bae54e7a2931a1957c1ca23189cdf913f567e92af15089f033b99e33351f1 |
| SHA512 | cdd8e32fdf610a0c00f7e8093c98d421f6c60bb75be67fe0a22ca1b5144351526a2b56ffd955f350039e4dca823e45a3f1f4595c3f9f209b3de28cab972cd140 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\line_2x.png
| MD5 | b513ae819f7d8d10fa4f6cbfdf055b22 |
| SHA1 | b4228971cceadd4a698f3c206d8f4bc24a37f991 |
| SHA256 | 25778f162c4243167f8eaa876f1b0619e67afc158de7805600471a563ec5e8b7 |
| SHA512 | c11266406d79494f7d74f8f8a5f955e2bad14b8924877e882fb3e7cc7442998cf6e7a9be3aa7f1a945af8bb2add9dfcdec0ef54239f6ee80748d77444dafe6fe |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js
| MD5 | b17a6a8826832fc2e1098d0286242861 |
| SHA1 | 8ce2bb5944d61be2b628fc80ebabc769768e0b48 |
| SHA256 | 82a1cc52037ccd1ee4a73cc41b86ef4c9b45db28025d56105566bbc9f06bc41f |
| SHA512 | 688757cebb6aaf1a9948ce1dd30318ac2b7afb7a47938e6eecf1bbbc1be058ba78744c208d71a9747ae514242b09322489ad314119cf612a7e4a717907521962 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\main-selector.css
| MD5 | 651bcf535ed50ffa7724c8751bec1a66 |
| SHA1 | 5758c4862740517ba28026c298d1b3a61f43716d |
| SHA256 | 359f38eef400e2fa3924a3258652e74ee19cd46cb92e47bce91f1194fce25e9e |
| SHA512 | 492b73f1622e8a1a064141a2edbac9fb29e5f604b629b063fc7251289d237e50721e1295b4f3450322fe72f01b57561a79f0ad4b3a20290cf3214ccf0204d372 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png
| MD5 | bec4473fc43b77e28e60f89da4e29c00 |
| SHA1 | d5dbc7c6642a8a23da14f952a0f64fe874e8191b |
| SHA256 | 5e06bfa9ebccfa3d8759270620b6860f0b92be9d69ef7d7802b78ee5b5f07f96 |
| SHA512 | ff2c101c1172e64481be5e98b2216d5eba93b81210a1a67adecfe05bcf37c3d965c06b368ddc1ffb7e4187cda0373720f6a27476f036a41517762d5cb3729aea |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js
| MD5 | d3e4c2fefeea6e6c467df305f7a8f3af |
| SHA1 | a4468bf4d5abcb4d720b0fefb396dce5864e4717 |
| SHA256 | e9288289beec2fe3b6ac24c1311451c8d079786a09515b95cbf2eda7f87f0b22 |
| SHA512 | b81a9d38a4a6cd54c2081289192ce7aee3e34d71f834c9b94eac8cd79a5cb90a0dbd3ee0da89be68e4fb69a82903c658addc272a9d70d8f8f8f8cff5c2c18f10 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pt-br\ui-strings.js
| MD5 | a3f07671642038caece41ff2a52d8673 |
| SHA1 | 53442624b01b79a3729a23d4f12efc8dae4b1002 |
| SHA256 | 088d391d696ec15140e7b4dbe6fe17e95296af9d09c7eeff17a0a9c241925b89 |
| SHA512 | 5d1ab4b072eec924d13d760da6aa958cc81fa58cfec3de8ff239d131d37b31cdd547eac0fa5ab34c060f0f28a2295e071a1a9573815541c5b92cf0c63f11bdb7 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\tr-tr\ui-strings.js
| MD5 | 74ca2c01b07af0dda4bb39ac330fc49c |
| SHA1 | 7cc7781cca7798ce0940fe9be999e85f8b5064e1 |
| SHA256 | ab9ac8d62fd064748c921e6bd4c123f5cc8910a384d1804bec33ffe27da27c4c |
| SHA512 | cd71201d364c7cfc9d317f091a9dc318d77bdc7340ec4abceee2fa23e3f58cfb1a8f45b5216f5ebb40b3738fef28eeb37717b2508aa1369316da6b7c82c510fa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js
| MD5 | df3b4d35decc08d05ef8ee0644ab7274 |
| SHA1 | 6b0381b9ee40dc8470a63218e5cc5feb579f7334 |
| SHA256 | e27e5eb93a24a2d866e30bf027e4f0c3da9fae8968cf5eb69446e7f668356164 |
| SHA512 | 257c770416a94f5b79ed837fa0f5e7926cede3ce06c1a9b819c1ca77c645f37bd366564cb028b0ba6afc5444aa5ac774c3af36cd7c108164d1000254cf85c94a |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png
| MD5 | 39e7048d412b94bb2dad145a2daa5875 |
| SHA1 | 08778bbd84d9411f2e531867dffe45fee5d60d24 |
| SHA256 | 4985216f1f370fff03c45d4a711c18b3f49165f8278e6cfc231bb38b920095a7 |
| SHA512 | 65803d69def3517f0021a291748b55cb5bb2e8437732e6cb9b99b1f778f766fbff2c484b664d16ccbedcd51c14f89e99cd5f977cf97d680eca78a9d4f8b87fb0 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\ui-strings.js
| MD5 | 92f1f77de0ce17e9486d53787f69618e |
| SHA1 | 41198fdd6a18321c15c3d4647962e687fc036af6 |
| SHA256 | 4ecb5e390829b5b11dd02db2f22ac1349e32a24e5bd3a8489f6fb5fb0f07eeb6 |
| SHA512 | b389c8364936fbb96a407fb1a848254fd8b7bcbde05637ac1acfb48ba0b30e887dd44b2447e1e3eb75a902241d67571584a819927cc8d0a91d325f5df79f12ce |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ui-strings.js
| MD5 | 72542b122d453927f3d6c59552165606 |
| SHA1 | 6e2b7f049b60f10edcdec06f357114448c0896f8 |
| SHA256 | 3b17f8b83bec3e72acd0d014f58e7de206106a7644bf3293f93c7456ced47419 |
| SHA512 | 25eade5c88cc35325978ba2e103050608fed4330a1677280eb2e0445946a3367d26796ca1233aa6d7ec4c87f04faf7706d82c72b3f3485d80c18e088813f7a1f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\tr-tr\ui-strings.js
| MD5 | 7d8302df4582de342a31d0335e979ae7 |
| SHA1 | 7a3e918e23dc8002dfbe1695f8e8fd52db995d1f |
| SHA256 | 899ad5e0b3501d7e00d2f3bd3c7729b4223839e8629c61328db0f818ba0870c9 |
| SHA512 | cbc23b3285f6d8d72221d0fc05ff59336402005e7d3f50d66249ef6076648ec2e22d33ed64f5436767c123f59d37dae45270a259153ed98b885f9c43ec9bc2aa |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js
| MD5 | 421cd12b43e660f10da31bee36e85f4b |
| SHA1 | b568bb931d5bf4b5805d20fc339b06f9b3763c9d |
| SHA256 | ce7c16adff608d624a412164fdc692305fb461f4b14f9167e6efa78dbbad12ba |
| SHA512 | f56bf5a7a713cbf018203c24a7f9dd426a2cf018cb3ddf9e27f3a7765be3571339421fa5a2cc68f677eb4929a2a2835238a723db4de07bb0634e3f151878ac86 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\ui-strings.js
| MD5 | 0900039f6502c5c4418f5b712f0dc94e |
| SHA1 | cb39e28be0988298003a966ac208c54f83a6ae27 |
| SHA256 | 7037318dbcb8809fd3d03ab0293d58666df18363f0144ef65b738ca3fbe028f0 |
| SHA512 | be9fc36c81963737569c65e4f295f347585bcec88b4fa6ef9da1478f4e0f947b64b8ccaaffb816a74216f713060ae0a56f58c3bea1d12b16bb8488a7663db391 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\ui-strings.js
| MD5 | 35d5c7b80ed270a94872c0e56a6c59c6 |
| SHA1 | bbc4ed04ea6c922213d7cc19c62c3c4cd23b7113 |
| SHA256 | 5c03e31975b96b3d151d9e034b884cab9c6fb29576d2b5653c375fc5661b6dd1 |
| SHA512 | 57ec341f6ff49f24516e117d5c0b119ba4c62dc0537cfcaa15bbba248729c06d29ca224462bb331c44ff1b3abd724df86d0b2ec473ae9f5d54e31ae2002e8bdd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ar-ae\ui-strings.js
| MD5 | 29dbb24810bdd7f802c1165f8bc3a714 |
| SHA1 | 9ed5ed2ea58cb6d9196e8d88fccdd8f0d522ea47 |
| SHA256 | c9fdf06266cf9e6d61f7989471abe569239a93cc2c0f65a7c596a81af8d6a67f |
| SHA512 | 3802320bcf7b20a6656460456d5b03ac4f85e4572d7530518dcf99f28162964adc211c5adcfb7ace603b6734271581cea26c9e85821b88b1915e13780a19ec24 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\ui-strings.js
| MD5 | 7a232b079f30771ada44ab6a1843ec14 |
| SHA1 | 72349db2853443af021d538be9417fe32369d2ab |
| SHA256 | e33edcde1654c47b3f834797623932ff5dd99a4331b255b60452d69d61ccfb4c |
| SHA512 | 431073f497196ad03ba92a8087aa6c50717ae137b05aba341cd8f7ec1705b46f2878b30455c10d7339f89ef16022ca5d054b0f96e5956ef0590121ad8e1a6638 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\ui-strings.js
| MD5 | b54b9c5d611b062aea9d8ec0d192335d |
| SHA1 | a6a96602b80181ef494a0da49dacae1c44f7c739 |
| SHA256 | d70a13e9b9e9f4026679200872160d667979bd0ae57e6527d44090e49bbc2c83 |
| SHA512 | e56e4a0dba26c3bd824bcd397d495249466a3732bbe1466f9ed1c23ec3a25d79e44e360fb5ee5a229fb24d6961ac32a2a57d0a29fe669e767bd33b956f57ebf5 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\ui-strings.js
| MD5 | 3b8883ab58438b245c89bc76ee848752 |
| SHA1 | 7b01b457344fcf92362d14247f2c389ed0c89b6c |
| SHA256 | b3b87c3ad568de5a1f07702392e3bfc76f41a47b2fa1d710198406c3c5172697 |
| SHA512 | 200a52dd5e9334f2c768fb2d152a82cfd551c0991eada79ee92ae41e8beb82a1eac2d90fdac2d9741afe0b7edcbe046cb92a6cf339d25709b53d51f5feb55b1c |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js
| MD5 | edbd91ead174c60fdacb765349ea4fcf |
| SHA1 | e55660206658be80e2033a93abd8854653246eea |
| SHA256 | dfd68e26d32c27e8c7d096cd558b12da3228019525baaa2d4b32030339fb0b6a |
| SHA512 | 9c664370c6c102a0e6992f2fe711e7fe7f6ac732a8562bcc1839a0d99d828e4ab0b3dc70f33f3cba444d04161d0df13b70e72b9079c5aabc7a85543168d58854 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js
| MD5 | ffaab524b0c94fd06a44c1b5b683e0dc |
| SHA1 | 17dcce5e4d3b9f718c902863652cb67e060e2f3e |
| SHA256 | d0a34414103960973357a239952bb0fab5f988ccda1b67ff8e6864afcd806272 |
| SHA512 | a7ecbd3e9656cb0fc1304b4b86980e97680c73b673c4284bbca08c4a3f3ade0699a7de61f0905aee9d521da4beaed61d3ec943090ecc44833118f1f5a29318ab |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\ui-strings.js
| MD5 | 5af99e838bada8e34b660d7fcecae2bf |
| SHA1 | ead4e402f4696ede69adb3e4cd694e7d52925844 |
| SHA256 | e3f604ce27fb93d417b9e8a4a5f10f6fd17b59a76aad9754ea0cc5c56b31687a |
| SHA512 | e69f6f12a51382491b4bec6f19260df249dc6dd9a33fc590a90a055baa5f6dcc80894e2c65ecc7dd0d10040c90740dcfcd2f98dbd1f2fbd94c34941897f6ecd9 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png
| MD5 | 3d55e1e012d3824e53e84d404a6e2f2e |
| SHA1 | 9983296698d4e2736faf1c529e8d27f8071d7939 |
| SHA256 | 6559f403524ea6ef9bf2e1d0bb66d1af8152920fb002ec2c4ced993083124a88 |
| SHA512 | ec75d4dea30bf7567b2f6e30ffed408815c57680a38659f6055d770c85393d8a5678d38a066ceb7fd0ff9c5ef49cf9fd73d7e8eae5a9a83360a41ca74343f576 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png
| MD5 | 45ad813c887294a1c5c88358f6e6fd12 |
| SHA1 | 45266d0bda31888b67b10c601d303caca8786d30 |
| SHA256 | 91ed5badd0d99f45c65c0ccdec04fc59fffb1f6d055a4d2722dccde82a6bb73b |
| SHA512 | b06ab5889fdf50735ff0c3cfcac3e526b9f32d694ac631e7c2a06eceff357f17e92540df5f84426f8e8f75726c1e7df3592f1620728b70a4b5290c9e49e377f8 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg
| MD5 | 9b4c8a5e36d3be7e2c4b1d75ded8c8a1 |
| SHA1 | 1f884298931bc1126e693e30955855f19447d508 |
| SHA256 | ad47fd9e87159d651a53b3dfba3ef200684a9ed88c2528b62e18f3881fe203b0 |
| SHA512 | e1acc0b10c92c2895fc916fc8feead869e04315e5e6e279f8e61b344545103b4c9ff808c9ca2121d1b013879071364f677da128caeba89bf918ec2791e5ed094 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\adc_logo.png
| MD5 | 5c4cbc56377969e41dcf39d60690feeb |
| SHA1 | a20120d0d043af4d3b6a72db517ab8a623b3febc |
| SHA256 | c0601bc1bac97e69da3ef3e2898aafe64aec5ae4f3ccbdb7649471f76da4ca0e |
| SHA512 | 4accc91aeb47949f1137ac69a0740a25c957853f59ff8d18077e64b1a3262488b71fc4bd45714075a0652328e1a49a602c7950b86edabbbd7e5abbd9000b705f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png
| MD5 | a7a19c86ac01e03111c30032ba417b55 |
| SHA1 | fd7f42ef37d82cf1704b65762a8bc6b4a868234d |
| SHA256 | 494032a3293df271c7cc5d26a5753acffc5f6df811d024e9b573f2fa380f3591 |
| SHA512 | 728d4755dd7d21c5ca285906d5f043728fd089de42d2fd04beb514563224104f7672e5f5144e4ed68770b933dd1069d76b26d140eb692d83d907176330f3f6dd |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png
| MD5 | f2f1d5a683617b2bdb6cb0b1eae67135 |
| SHA1 | 3e0dda160b0f8b963dde8036b45aabab5d86504f |
| SHA256 | 96497e49c11ebeb0f73bc01b033b7f45cd9f8eee478176e11b1c7342efa63569 |
| SHA512 | cc9688ee19a6391296abbae9fb1422a6d72d87b7abe8552e860eeb092f8cf7e6864a7f06dae6a60784b77353c38103abd3632492f8b33b7b3d900531cdb673b2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png
| MD5 | 5991993dd41d6d2b062d58bb70971e0c |
| SHA1 | 1a75ce12ef1c4cb6a85225d0bf4f68d4a3edfce5 |
| SHA256 | bd66e8f62d34f70917102405af895c0b07b79c13fd2d1ea65ebfba3bd4853aeb |
| SHA512 | 75511589b1937aca668348061728734718d02065ae76446b61e3292834709e3b66f2a453717fd593a8fa1db92ad7b97af03f7d2e7f5538716582ae7d8c11e09b |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png
| MD5 | 4eefd60f439096ed98b6d8a585da12ef |
| SHA1 | 75cb70498807b0c823cac760e00652842c1a63c3 |
| SHA256 | e743d6195ff2f42282e101f9471874e8df79dc05a69ca20abf22015d48d28c6c |
| SHA512 | 78241e2336f4ee826719d5adc70543db0f0767a1660f723ddfce72c170322a13c0f3c547eaea6b6cfc47cdf6d8e5edcaff4bd003cbf3eb9d3435bec5158fb8d2 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png
| MD5 | 6018a4862e3cc6b434d517a47858a2bf |
| SHA1 | 23769e9ae485bb2c35630db9a6ecc8a40c2207cf |
| SHA256 | fde09d85ac7ec84dc0b5f2bf1c1f935b80a3e45dd9257af499d412302602f310 |
| SHA512 | 4fae17ef027649315cbc73ea47a2fbdd8c8c05b9d818af5b41439e9e5fd81d62ce13f6ad125a2817d0bb4b24a831358803c53003628520cb9c2a8376ac8e1aa3 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\ui-strings.js
| MD5 | cf69901e6d4609009dff8be5b3045c96 |
| SHA1 | 712afbf4bdf24b6fa059f0fcd837449d75432800 |
| SHA256 | 16d0edc8b7ad7705b23a14058f366ff1c0dfa16a0ad14f741924c308754cf8d1 |
| SHA512 | 84b63e071f56e8e406fe361473dfd6eb17daec1809eed425b1b977f0135d6a78a3375c9bd1a65daf1ac7977f712b63ed735eac8ebc91e55c1a3f366e288a9ed6 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_checkbox_unselected_18.svg
| MD5 | 8c8fd1cfdc60f513bf20132a1d5aeea2 |
| SHA1 | 40167e542ddfd848fd138e2914dbb7f116a8f99f |
| SHA256 | f438a4e713df6a982afbe2eec993cd582edc37a876fee88e1ddabb478f2b5ee0 |
| SHA512 | e5a985404619bebfb615d4b5378942b56089b40170e4072c61eb9ddf722639941e820f039437b59cd3859944b3e06ed72ee49e879522e81fd9d49b56c8e40d35 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close2x.png
| MD5 | 5e0d423694dc87169e1124f26d755117 |
| SHA1 | 340b47ffc7ffe45c30ce927f1c839d01600f6161 |
| SHA256 | 68df674391ddb32170020e5b55b8df9ac1bb5274419dbf8748ce53efb18584cf |
| SHA512 | 17ace592b7b00dd530d923711160c39417b6c6412c3528cecb002fc065a16dc439555f61e4f6de7ac86291cd9cac5f5ea8411bec8ffe043faba887026fd2ec77 |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js
| MD5 | 8ab4b211dc3d2947d2466033f6d524f7 |
| SHA1 | 7c457aa6cb3b704da3c977bbcf3953c3c1a7a7bb |
| SHA256 | 5bc633d52bc4345c9cc4ea7cf49422a85a9fe401faf3239ef72b53aa0dd667ee |
| SHA512 | 0b7e9cda1a82a15fc9492a35808bd1ea43966cf5e55d84b9831f79d64f36a66583a14f0ba95eb12098bf9df6a95eef0bec6606aba1cf56bdee0e046aa60f8d5f |
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\close.svg
| MD5 | 2518c2304a390e60d20b53b101fc0056 |
| SHA1 | aae24d58011859ff6986508882dd7eecaaa7f604 |
| SHA256 | 03e98670a1d9049b8e1f02c4fdd449d098465f7578ee0eebfaf3f138a78301ae |
| SHA512 | b7457acf824d68e7728088668cd8d44e06566dc71d156db7e9480b957305f2268778907a8e93e4e2d1937b3c3cbfeeb327399cd7f33a60274d91efab2ec3f534 |
C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml
| MD5 | f006e7d4dccfb3da2975fa59fc8f8079 |
| SHA1 | be32b0764c841c09e3d4931476dde18cf9776b52 |
| SHA256 | fb5a84b8d151d7705990e0b26b0a2f326c587126f56a9b33068a534836bdd682 |
| SHA512 | c38584c2ee3c0c7fbf1fa177e86751f8240f6295a7f211e890361991b2c485f293c3a736981effc824643bbca802ae1f0caf45adb3bb5a9b2321d433fb08bfd2 |
C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml
| MD5 | 798b4a7c5a9f20d24f36ba8daf7b8f70 |
| SHA1 | 0f007b82783ddea5da7374c96925b77a7fe9f57f |
| SHA256 | e5cbc8e3a6e843009fc9a9de7a83df9d05532e08d48da06c66f907f58d0c745e |
| SHA512 | e3faa4376d03dad6cd714dee6349733abe29d0c2118456f80bcc4c758015b12a06b4ec6532a6e98d512f5c6dec7a7ade5c1d2a418db0f739ed17f18c0cd6b54b |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\107__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml
| MD5 | 90947e3479154523f3bdf3ea242538c8 |
| SHA1 | fadad623162f56983edef5df34c65a9a3aadca77 |
| SHA256 | 4b48f21a4b7a02bfbec19ef880a967a02334a3cdcef8ae83de2ef327ba8bc5dd |
| SHA512 | 1927cade54451d3de672ff66f3b86c11b13a05eca671e6fe2c4e0b6704b694c2f3b55e388df74c15fa627093bf5b180544de0c48d54917196931bc830b2f0132 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\140__Connections_Cellular_Orange (France)_i2$(__MVID)@WAP.provxml
| MD5 | 310614b10980392ebdb5a5a8b90b527c |
| SHA1 | 8c8fb36e7c2a1574cde7fdea30e8e5f14fad7691 |
| SHA256 | 445c811c35e2fbd4aa59389ec805492c7b2db50d65f5d161417ce8302b103fbe |
| SHA512 | 416650adf9a61cbbb6eff7af635264e5bdde903477465cce05b63773927b8afb35e75fb68497882bce7778f524b9c7f3f2befcfe3840e99bff90ccd305bac66e |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\174__Connections_Cellular_3 (Hong Kong SAR)_i0$(__MVID)@WAP.provxml
| MD5 | b8218972668b9e8f06798be702f74d30 |
| SHA1 | 674221f64534b568a2c0970d540ca39957d7ad43 |
| SHA256 | 511321996af989947ee1a15ae57772ccf742c2619afa4819f3facab83cd08d70 |
| SHA512 | edcc89723146ba494e9d37c37cfa1d476dc1575361157aab23552bc59c7680182efe78c402576c236235f43a9c1c6ae5765b9150149002289328cf9e577da66f |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\17__Connections_Cellular_Optus (Australia)_i8$(__MVID)@WAP.provxml
| MD5 | c4ce40b68fb3386aff7120cf8a34955c |
| SHA1 | 677fa777877265f8897ce029a59ab1040f7b25e0 |
| SHA256 | 5ff7c2a57c1de314cb27a2a9cc7db60591439e3a262f53b10e3056f3461b9b3b |
| SHA512 | c1cd06d42ed3f9a556bff6eba4b0e151dc050fd2315bde81c139a5c4510c332686ef520f64175d3989ec7e02e9174eacdc0e0ff081aeb932baad84aa2ec049c5 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\184__Connections_Cellular_Telenor Hungary (Hungary)_i0$(__MVID)@WAP.provxml
| MD5 | a5b789490e210929d6f33c8547e6c457 |
| SHA1 | f5748b41493a17564bf3565dc712dcfef72739c1 |
| SHA256 | 4cebbf3fef3f240729fad5b11bb24397db5689875a81dfd3507a4238f79664ed |
| SHA512 | 3c15410a1fc8e49a61c547ab7f4e7553b9844e44dac8110ec07a1bf13afc2296ef70ff91994b9c0d3d62e4f3b3cb03910c3f6ad5a626a5c9bb1e6474dcb070e1 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\210__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml
| MD5 | 9cb5fb90f42219febcadbc6eb57257f6 |
| SHA1 | c948b86625804155f9ac9478a07cae11d8021563 |
| SHA256 | 1093af6901915021573eb2e3bcb49af7f1eb79df351806d325b80f1baedaa185 |
| SHA512 | 9c9031770c5c67f40b93dc7dac91822f3b5eabe1deb83eceb2a878afc810a810ce0521f966e68fa49aa1973cec342cd3ef6096ebaaa191b885a542e4a178ca5a |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\212__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml
| MD5 | b84ae69de4df8dcf4e21ed3dee2264d6 |
| SHA1 | f7c77b237b71adfb4e11fd36ab0c2c90c09f9045 |
| SHA256 | 7479649f4176c2a256e12d26259cba094d654d57dc58cf51fbe25c14e67c7fd9 |
| SHA512 | 776c798064b11985fa76b112f0899a22d32e9a33929f177523905c93454047f7763fa54cc7bec486095cacb65b85fc3d4bfa8b64e00f4d731934f9ba54d31f73 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\21__Connections_Cellular_Telstra (Australia)_i1$(__MVID)@WAP.provxml
| MD5 | 8a6c6015821a7b3e6cea958b2a6c18fb |
| SHA1 | 0b5c28d4c54d84b26e8c55d9d8d5597f75b04568 |
| SHA256 | ad9484f24235fdac13bba66e24d5ecc16b72c6de9bd27a3922f60833fe07679d |
| SHA512 | f776f99b5d0e1c89e3f21aadd4a95c1d1f69396aaea98439261c313cce1eed81205046e6b628910aeabc8964194e3b19767cb368692bae6579790ec91141c109 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\221__Connections_Cellular_DoCoMo (Japan)_i0$(__MVID)@WAP.provxml
| MD5 | b30256abadd6af8badbcc07d790003fe |
| SHA1 | 3648553e655f8c752b6ae8f287a8bc88f1dd85ea |
| SHA256 | 90965c341840ec297f47e6b77a04dec7b3aad5fe2ee05b5237bc8db14d1daa67 |
| SHA512 | 49eeb1587bd07267ce70398b0793a03906c8fe1270518f2643182b6aac05fb6246467a33c1acc35ee488e482a1dcf29525bcfbe221511abc483b9638535f6e61 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\22__Connections_Cellular_Telstra (Australia)_i2$(__MVID)@WAP.provxml
| MD5 | cc9fde7e84b9a905cacd8eadca610fd6 |
| SHA1 | dc05e28b682154c668ab89c38807a8ee395069d9 |
| SHA256 | a3653744379deeabe4198ccb180e4659a1990eb9f997ab7967d5ba5eb6552129 |
| SHA512 | 9563c271e51c6420080548ca2ca64a51a28c2bc2c6a37d06fa9539808e77e62d7a1848c918aea808c0ed20863e321147ecb41d310ca41c9ddc385aa99377ae06 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\230__Connections_Cellular_KTF HSDPA Internet (Korea)_i0$(__MVID)@WAP.provxml
| MD5 | df1692c9be09836b70cc7c40622d46db |
| SHA1 | a7240257e995f056ed1a821669d52eac171e5c03 |
| SHA256 | b85bcfe95d9f1cbf4bf252e8ba7bed1c74f181f0c41bfd9c3e625bf70027c0fa |
| SHA512 | 8d30f9e2178f6c00c49e6be933a7259c7c0902705cbd455b7c2f2d8f735fd77bbe2ac1d6cb1b7cd5db908f31f4fb22d727971e779ef2ff63540abd4c9de80061 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\239__Connections_Cellular_Vodacom Lesotho (Lesotho)_i0$(__MVID)@WAP.provxml
| MD5 | 790b47ce33356b9493e981bf105da7ce |
| SHA1 | f3e76e5e4ab005cec31b3667e08a9acc1e0292a0 |
| SHA256 | 0782dfda506cb45fd2541d473b203e3902e9affb4eae0c4dbf4e9b10b792e71f |
| SHA512 | cf2eab2e53d0b39527cf91942ceca7f6852f337b8b003410829b249b3da60350c6b397faec3ffa6e63cdfc36841beeddfe0d2f707303e47ed40d49127283c003 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\242__Connections_Cellular_BitÄ— Lietuva (Lithuania)_i0$(__MVID)@WAP.provxml
| MD5 | ec532088fb20a5ee48d6c8ad1186f05f |
| SHA1 | c6802a9edd6aead5b65e75619bf0f10bcb99aae1 |
| SHA256 | cfd53bdada0e2b0411845b9a96b1cd3840fc146e5dacd0dd63ee944ea0be80bb |
| SHA512 | a8a0004f9ff4d2ed8dfc0869877a3cadda1ce3a63f7311de00fc5301ff53ae50b7a7ddd271aef63f4a3f3a376e5149f78bcd1c8b536793ee433953dd79102432 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\247__Connections_Cellular_Orange (Luxembourg)_i0$(__MVID)@WAP.provxml
| MD5 | 23d7bbb69fe74c98ae030ff56c1a3b95 |
| SHA1 | a0c95fb1e65348938fb79407bd2e21cabf28739d |
| SHA256 | 9d07d0612ffec02a518f9613569f2b8756d54bfd1e576140d278df39eff347a9 |
| SHA512 | d8558b0ac430e12a47eae58290777e5358064d1ece51a8170b68274ecef9cc580acce9e39eea914ccd337e277f9e4a5c6bb592cd7d1163fcc614a3a84ada6b6a |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\258__Connections_Cellular_Maxis (Malaysia)_i0$(__MVID)@WAP.provxml
| MD5 | 05572f82de4f01b1e6f280b0b62a8334 |
| SHA1 | 6f2cdcbc259ce0b5eb381ebf7738f62281f81680 |
| SHA256 | 182a1c0c5b24b5c7864676c8b9776fad26041adf276fb3cda84b1770e6282a72 |
| SHA512 | 036d7fd403476dec5c0f6e866b6c8c224120d9d94e419b64791beabccf37b7b906232f53872d4fb5e6e6eecfa9a523decd8ab2cab67c2cc45f7e5147e7be7443 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\261__Connections_Cellular_Timecel (Malaysia)_i0$(__MVID)@WAP.provxml
| MD5 | 214a5891e06c2c9ebbb41fad5dc1d56a |
| SHA1 | a37c204143a8c9cc04a80e9691cc40ae168d277c |
| SHA256 | eaaf24595832984b62df6b0affecd5ae0330d83e1f030c0ab67a761800ee4ab6 |
| SHA512 | ac33690dfd319cb2e512b1b2403f4bd875edf1489c88f8fc5b311d6ed856125cc356c43c78b9b4cd847f3ac21162fd54683bccc902441902b770423b56633b40 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\264__Connections_Cellular_Go Mobile (Malta)_i1$(__MVID)@WAP.provxml
| MD5 | 5bccd8ff10735da26d5761d10b294a6a |
| SHA1 | adeeb1f862cc5e00a8c346f1d6a35faa492fc317 |
| SHA256 | 7ffb21772afdf16b75c7e774fcef924f07dc104279aa2cc4f3b55ffda3d3a7bb |
| SHA512 | d1a8b63ac73780383b31e084f7af82951319f06f399cc4e098629402186104e6347583286d62c8bd70d828d8d9a3dfe7dcaa9de32ef7437eaf705739e7574ee7 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\288__Connections_Cellular_KPN-Hi (Netherlands)_i6$(__MVID)@WAP.provxml
| MD5 | c9e547be3e3a1f035bf4b987dc1ea897 |
| SHA1 | df8805d4654b8c0aa4a709df70ee2b62a9fc1ae7 |
| SHA256 | fe2f74a1e0b16a66452888eb4d734bc455cf1304481bb495d59afa8cf9cae93b |
| SHA512 | 34de156f7c6bb36046218e7794c33ad77a6f648daca3d83bfbe46c3a180b12598042f5987c2a1be797c0c2bc6fcff893ab2016ddffdabcbf027a805d4ec6520e |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\285__Connections_Cellular_KPN-Hi (Netherlands)_i3$(__MVID)@WAP.provxml
| MD5 | 832d4a5215870ff40d202bf272fe8c8c |
| SHA1 | 03b70a912fbc6e0770723a34461f28cccb95ec66 |
| SHA256 | f4f3c00a8386c586b850de86d730be4a6dab72c78e163cfda9bc84d27dfddf0a |
| SHA512 | 44323e05803402aa0f7439d4c0d2ab8f2b04de29b84b0fd49d8477d9056a8705d57b2fabd9db9b15fb999220180646bf24cb62a3825a5c4b4d37f15e823a0f3d |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\312__Connections_Cellular_Telenor (Norway)_i0$(__MVID)@WAP.provxml
| MD5 | 9ce3b1ec053bb5a3b04ce82abafa835f |
| SHA1 | aa0d2dfaf3c48ba81d3a2d0e75bddf402b6e913c |
| SHA256 | a7f6f61d90c3b63300c11367d27c72e678f342dd15dff902198d13f105a3cd7c |
| SHA512 | fff0ff7c687e3d54168165c0cb301b420a2ac66115c5a5fd4521fd39107c48f8d9183d9006a65b39d048f9268413a5935325f03bd8903caafb06c72a01b6d8cb |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\336__Connections_Cellular_TMN (Portugal)_i0$(__MVID)@WAP.provxml
| MD5 | 56f8973f2639280b45ca0ac1ffc486f7 |
| SHA1 | 68f40431fb546a6872c98f1ed0c724b8d431530c |
| SHA256 | 283de789c3f9ae6115e627ecb921b7b39bdaa1b82289eca5e60da0b76d07a502 |
| SHA512 | 00d31f362c60bf17f5fd29e4465e3de8dfa1e5759a52956504c486d509de2bd33a578f9959491be681c307f0d69b62dd1a006bfff25c04c6a5283265221f3a9e |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\33__Connections_Cellular_Azerfon (Azerbaijan)_i0$(__MVID)@WAP.provxml
| MD5 | a7df3766ea38999716bcf1033b36fad3 |
| SHA1 | 0358f58e82e74f352a60b3bf3bbdc83709fbad03 |
| SHA256 | 4adbd25ead88997e2bc08be72437a9e22b1e5c9e11dd7c08a6840aa6e0024d30 |
| SHA512 | 69f0b79df39c2c371b86fe287fa4108beb9cec248b2ed91ec5d1a3a21529d3ade794be0b937a95a18a7f8e94b03156590983dfe2984b0b8a88e0933199fd9a60 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\342__Connections_Cellular_Claro (Puerto Rico)_i1$(__MVID)@WAP.provxml
| MD5 | 68d60749de7d5fe71f2a479f8bcedb7e |
| SHA1 | f36b7163e5fb85a4475661504e1737adcc6d8556 |
| SHA256 | e83a13db39a0c9cf347fa3f6d4a204b7f1df841dd9711c51d7c475d0ab87d551 |
| SHA512 | 1baaa55dadf2ea6844a9f87601f34e3c5870df08062d17cc9e8945c26dd802e8dee409beb002205bfac3a20f6aa791c48b24bd9345ee7ec9ca97d3a2d5c3fcec |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\341__Connections_Cellular_Claro (Puerto Rico)_i0$(__MVID)@WAP.provxml
| MD5 | 1a6514b5e65eeab78790c78c5cdd5953 |
| SHA1 | b3b6c689f4c34ce080f11909a8dbaebe3bb50ee9 |
| SHA256 | 107de77231d7e9e73318f3a56e06dd4ab22cc84aebcf90c70a9e5bc1bee14278 |
| SHA512 | aadcf3e4743745734ac147a3be12e967a369d15020a0a27244a4f3558672ba682acd4a12d360335b0a01a7055866557ef2d8bf9662be51a0abf1b4495172e92f |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\351__Connections_Cellular_SFR (Réunion) (France)_i3$(__MVID)@WAP.provxml
| MD5 | 3d35b336ebb3fbfe61ea1e1041d510b7 |
| SHA1 | 89f48aa90a320eaa54a915e99c0ea62f18a00081 |
| SHA256 | eed8dd47d83f07f5f5c744159df723672a6d5413a474a48da390102132829527 |
| SHA512 | b5bb1a5b461002dcfdcf4349cc2578b433035002cfaf664f2948b838e9ce48151e2411f0edabe195350eb8f27441bacfe85a66b07294045b60f4238e210bb373 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\350__Connections_Cellular_SFR (Réunion) (France)_i2$(__MVID)@WAP.provxml
| MD5 | d00e81a86830948bf7d7ed15874c46b5 |
| SHA1 | 3b7afc68523945247ebcda3f165934ab61208de0 |
| SHA256 | ff84331fe60b287e19364350a50608486b8232f7cf390c9410d0fd8d55a0a4fa |
| SHA512 | 315fee20dc56c15e06fb6747be5968e32992d4ff9843a44b59cf519409cdb4037c8e6389db7ae1a1559750e4e2b837fed8e8a4f0649458de3a33c782cd8b6b06 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\36__Connections_Cellular_Grameen Phone (Bangladesh)_i0$(__MVID)@WAP.provxml
| MD5 | e998be3d3bb15661763e4ff1e1c9a3e7 |
| SHA1 | b60a2f72939336bfa0e69f47147135877d2e014f |
| SHA256 | ede1f5301a42845ebacee0eddf1719dce68bcfd93d9f21ebe901f9e1640553c8 |
| SHA512 | 6331ce75901719dabc736c7af884d7758989a4a782c1dfaf434c59c576ef5af214288949f1be033c667fba6f611e78c7dfbbb9ebbe7c97ad638ad49455c4665c |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\369__Connections_Cellular_PrimTel (Russian Federation)_i0$(__MVID)@WAP.provxml
| MD5 | d379e9b8ffd9301de96c455029dd5c38 |
| SHA1 | 0c408bedfdc3efed7a29f1600f38e261175ef4e1 |
| SHA256 | 37e58b86de0358dccb1639f19b89157fbff05b9828a9ccd1c28c79db69b89772 |
| SHA512 | 4aa46a8f83cc782b17f189c729f1064f98e717f93789e46a6dc05db2b96e3beca81ba89132d52b53a72702b24a93861fcd2812e4498c8c7000707a19901643b8 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\377__Connections_Cellular_Mobilna telefonija Srbije RS (Serbia (Republic of))_i0$(__MVID)@WAP.provxml
| MD5 | e6036aeee060ee03a43c0703252cb36f |
| SHA1 | bb1459c01bb153e3a2960dc56759423ce01e256f |
| SHA256 | 8d61db14747e1bfe393ddf9f98e7120b001e2dbc28b5d25b7db6a0603d22f176 |
| SHA512 | 5e29486ff87ccbc0fe1fcea45d506c3771e6283876a1905071a83b5eabb349e54e363d91df8fed81da2e2581dc99e1c17bec7b2ec9d234b30fdc73cf3f47db8f |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\389__Connections_Cellular_Starhub (Singapore)_i2$(__MVID)@WAP.provxml
| MD5 | f44a1000506e2f6a96e3e803ead50529 |
| SHA1 | 657a1103795bbe63b3686ba44c99e25b4af65536 |
| SHA256 | c24a434f5121d69f6aae8aef0c0faa9161df78dbd3e8546f9b4fecc2d0cf0197 |
| SHA512 | 776c7887a88119e749c4c13477e3156c7615c141d99561ea69b7e1c1cc23b1eed8491f7adff74a7092dce1902f493583a61fdfd0851cf1c42a40cc47b3eeb7c8 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\385__Connections_Cellular_Singtel (Singapore)_i2$(__MVID)@WAP.provxml
| MD5 | ce5d3eab1fcbd68c99e6292cab237c86 |
| SHA1 | de1adbc7e465212f2830799c10810548987ee697 |
| SHA256 | 1a39d9b1f9c0d5c642e180ecc14bcb06bdfd4720edd747f5727f6f7b6d1b8509 |
| SHA512 | 80fb614cc71dc9f73286d5395d76ce980bc6e1ff15833afa741cf375910cc0775a6d51f4fa742907a6c629e354a12436a00c9e3c2de88646a07c69f61a83120e |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\384__Connections_Cellular_Singtel (Singapore)_i1$(__MVID)@WAP.provxml
| MD5 | f679f386067f41d85d54dd9d53f46e62 |
| SHA1 | da66b795db1fa70040ddadad5c56ba7dfdb49964 |
| SHA256 | fd4945aa4371c27363915abe442524bb9d0d6461880904d71c1bc05c9cda94f0 |
| SHA512 | c6e6f9c5d8a74657980d4ffaa0c0a106be4ef5616b2479548d2795b6a91fc1dbcc75be4f19f7ab08058ffb30ed2edc82662f98764d557a519bf21859fa2fe164 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\399__Connections_Cellular_Vodacom SA (South Africa)_i0$(__MVID)@WAP.provxml
| MD5 | 17536ccbe836e9925123bcb6f1dae7a0 |
| SHA1 | c1fcec3ac6fa95f89287c19d4594dd10f31225c5 |
| SHA256 | 62bc267fb2e522d79590ec334d73d406b0e2df5ea32aea381c36bfa759ae713c |
| SHA512 | 061aef77080e0d72165c2f83c65f672f973ca0ffa31a0f2ddd20cb440c6d24c03335162cdbf614a33456a3db9089fd414ef7b49e5d4788fc3c68523c5e41ed28 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\414__Connections_Cellular_Mobitel (Sri Lanka)_i0$(__MVID)@WAP.provxml
| MD5 | ea7d7bd6eece99eb35daa1e5f1decd60 |
| SHA1 | 1f6763983967679efdaba16cea3ea3ee97cd68bf |
| SHA256 | 9e132485d5107211de325a45e7917cbe3e4b5b9cde3e4ee91d7d2102317759ee |
| SHA512 | aa79444dee5810832cae9935b883c71557be3d3b048ae1005c5104a43559345bbea963771375065c88210ab12e14b25b83930d9f75f9666028aa1fd0df7c2225 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\418__Connections_Cellular_3 (Sweden)_i1$(__MVID)@WAP.provxml
| MD5 | 18b77975210f1e67cdeedc23056261f5 |
| SHA1 | 52beb536ccf0829980d237e30b8cf6e66f4bd5fe |
| SHA256 | ff9d6abccf001aaf2429cad1844edd853e3ff0c576638a3081b52767e199a645 |
| SHA512 | a463e7a24c5447f942837a91c81407e2b5a654ec19b030f03d6269835906fdef8f81dbdb1bd81f28af76c1b0e90cddf8b565c0e1368ffe21922a808298cef866 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\426__Connections_Cellular_Sunrise (Switzerland)_i0$(__MVID)@WAP.provxml
| MD5 | 97d6d52a254a9cbd2bad939ce1926af8 |
| SHA1 | 15a64b0f07658da802cb0bdd43c9c6f2df2f0af9 |
| SHA256 | bbfa41253ad301a1cd9c7f6321bff365068178f26cd84e8afb127fb4001bc4be |
| SHA512 | 98e76665962acd459228cb9635d95bb37c6e538eca7ae50107c665c93be334b907178f87749b3a4f33db34152b9d9035163fe2429306eb3ac45ee539e242c3da |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\455__Connections_Cellular_VF KKTC Telsim (Cyprus)_i0$(__MVID)@WAP.provxml
| MD5 | c4f30de85d94d65331ebdaa066be7be4 |
| SHA1 | 64a73d1035438c0407d9bda1a9f10a1eccfb5d65 |
| SHA256 | 463c406427b6fc98c2bb71993fcbe47f9965389ad8b6e8a7eda224695e8e2be0 |
| SHA512 | fe15f8868d16b03bfeab1ab5a7b347823907121254f3c89744ea9ba1eb0e504cbe7614129127381ea78b4aaa3f007142f535045eca0767fd1446b18a6e37ca57 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\477__Connections_Cellular_Vodafone UK (United Kingdom)_i0$(__MVID)@WAP.provxml
| MD5 | 1db1bd9f0f3d2c261347ca9b278351e8 |
| SHA1 | 6ef97ca278e1efcbfac97ad58bf8d41cd1ee93a4 |
| SHA256 | c38ddce4c7d430b93408979c091f901ac3e5cbb112fdef114e87b683b09ef8ff |
| SHA512 | 09584069cf9a1133201f5c681360b76791778523223e3fd957fdc832b9f4dbed499984094ee64808977d5b3846f7180f41059db7865adb8187a8d16140c85e18 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\490__Connections_Cellular_Plateau Wireless (United States)_i0$(__MVID)@WAP.provxml
| MD5 | f0aac468ca67aacc4af622247350e466 |
| SHA1 | e59788395d918654bf8359fa992e9f0b23b25933 |
| SHA256 | 213e3a2ae54f25b06fa2c6712c23310e8cea297ecc0d77c984cf1372e8c115f3 |
| SHA512 | aac26ac350e25eb754a8f96247201b827785f20f4f88b99dfcbd487e90f7e98fece696a996b7fdd73e5427c9e9408dc6184d7cf0d2ccc117c13c57b6d3ac7ae5 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\48__Cellular_PerSimSettings_$(__ICCID)_AppID.provxml
| MD5 | 8c10cf7fb63a271a356a191b948f5ec2 |
| SHA1 | 00eeb01656a2d7c6ef07265a54df940c610918e3 |
| SHA256 | 22fec3bc784546d70e79696b405d950aff355b6f429f266ceacffe0cc2e5ba02 |
| SHA512 | 8105bb959ba3b50898dcdbe38eab38f2d8e80856df163cc0e2053ead82276e7d58794febdd43863e78c200091e0c6e4b85a41c56925b0cfa4827667d56ac8ce5 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\497__Connections_Cellular_T-Mobile USA_ Simple Mobile (United States)_i0$(__MVID)@WAP.provxml
| MD5 | 295952536db5fbb6a2a731247021f555 |
| SHA1 | b2d6d01db3d0bcdeb5e0298791a4e7207686f014 |
| SHA256 | e6ff459ebc86a128b3e37b46d41efd52eedbe5c955acf3d20dfbf99a33fb2557 |
| SHA512 | b3a2d70506a524fd8bf1f40a5394b6818282c848dfa8d768de648db931388a347021cf9a917f1156cf98bf071fbea35669a11ca3980ee0365ebe0cc42c43cf41 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\500__Connections_Cellular_T-Mobile USA_ Tracfone (United States)_i0$(__MVID)@WAP.provxml
| MD5 | 618d5a49e6251bee9bfbe75c474c1da4 |
| SHA1 | 1b59508611eb56f8116308d9eac0f4b075c551ab |
| SHA256 | 704b9d42580fd1b95c6f1a35a50e1990afb453f784b054fee8db288d7d56e24c |
| SHA512 | ea0b70a8ac5b54bced1b89c7d1643988a46d8fa53e3dd0f1fcd5434ae8e7ac8ad5ab48123e6147ebcb823e7d681b37c34c0349f6fbdf1da1bd4935d57fb216e2 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\502__Connections_Cellular_T-Mobile USA_ Wyless (United States)_i0$(__MVID)@WAP.provxml
| MD5 | 281814d2404251097e8f324145559472 |
| SHA1 | 00ac40f798400a5fe20b1b0a7107ff673a615b5c |
| SHA256 | 37e6a9763e777697fcfe41bc5d1236fc197d6c7d8a1ab64d711a9847233397cc |
| SHA512 | a97ca2096324360c054a34f0430fa8015ecca96b6365d2eda73e7ba5faa100616dcbe61f29d88e2d4ed97457d88172f7dcfa26dce7adde74fb4e5b3029c96a7c |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\506__Connections_Cellular_Verizon (United States) Ims_i2$(__MVID)@WAP.provxml
| MD5 | f4f65e7495517a39bd68b3937ae5fcf3 |
| SHA1 | 45bf79ebb236a29f78d4ada66777982055764877 |
| SHA256 | 53c26240f787fbc905d0ada0d2876b0fc0f95a4767f641a61abab4f6dfad182b |
| SHA512 | b9bba81c5a03fe4f5b9f9a481291bd7f80127b6673d63b088425dd9fb16c5cf16b3e40bab385af97e5e62e7b731b6e65e39f601863e1b2c78f416a3bb64e7482 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\512__Connections_Cellular_Claro (Uruguay)_i0$(__MVID)@WAP.provxml
| MD5 | c339b3f518bfc65c3a4568de89fbcdb6 |
| SHA1 | 7d030fb45cce7fd8a24ce3b2f45d97183d5e4434 |
| SHA256 | b03298ef97737bbe9b33b942cb52fc5826565adc4498f1a197830a77c58e829d |
| SHA512 | d431ed495d6cc95189e08a905f8bc64a0957e14e192cf13424ceafcd1358cf64079eddb52c257617278737feb96951c4d9090be95cb43ede3733153809512c08 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\513__Connections_Cellular_Telefonica (Uruguay)_i0$(__MVID)@WAP.provxml
| MD5 | 74c5747a96ed8e17f4835ec431fc391e |
| SHA1 | baa70378f8c072730b9d16869f32a65b7e5d8237 |
| SHA256 | fbd9604ea3ee112728696a6a8372e2f032786852b511029d77fb73e06614294b |
| SHA512 | d561bf9775e174a9c5c212dcdb7fa31fcd10f31cb956c4a3641c9c90bf2d16ab625d575a21bbe5faf262c81bbf8754799073d3f6ffb900c5cba6d7f63f4261fa |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\523__Connections_Cellular_Sabafon (Yemen)_i0$(__MVID)@WAP.provxml
| MD5 | d37af2d76d58a29f7cadadabd2ad6f3c |
| SHA1 | f683f06b963401ae19bc5284022ec6449d2f3f5e |
| SHA256 | 381f9f243e527541bf377599b978020b325370543c0dc89fdbf23ee764680773 |
| SHA512 | ff55684f713e7f642b8a0f49be4b91f00ba40216017535268c8284dce8899f34fae102366d8855ae33540fad3ce78e0705662766bf897a0b9e9a7b5712577801 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\541__Connections_Cellular_Orange (Equatorial Guinea)_i1$(__MVID)@WAP.provxml
| MD5 | ccd9d8aa4c9fbad1069e4dd2c4982652 |
| SHA1 | 58cc653eba0694d39e7615ee7e049c8441fe6600 |
| SHA256 | 35e1150f8a8236fd8c2be2c6da618b5f5366caabb763b7453201f5c430441aae |
| SHA512 | 7530335f5f01da26479349321531093d3da8a1cefd4e916496dd254273076df9ef5eb91ecde1221e37a2525e76a8578a6859ec79a15ddb0a69e2e39578afb8f0 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\54__Connections_Cellular_Oi (Brazil)_i0$(__MVID)@WAP.provxml
| MD5 | 18ed71dfb57d0b80d5bf2d298ecb554e |
| SHA1 | 466b0161a9ce5bd54585e660fa06f14b3bdbd1f4 |
| SHA256 | 2dd23156fbb26642d6f2194611e536f77213eb212f6a23654f9d5319a82ac556 |
| SHA512 | 492e0f2a864d531fc507f9a32a1908a47e911236fba48458e80807f06db07db1a759faebf44f60913c972134bd3ad91cf0acb47dd680e3aa52461399ee2e5cfd |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\592__Connections_Cellular_o2 (Germany)_i0$(__MVID)@WAP.provxml
| MD5 | b07d3123f68a0e9f972ab60b77563b33 |
| SHA1 | ffae7a0ee7688c0de6ce5b3511e919a306ca4c60 |
| SHA256 | db4bffd310f1893d5b97008313dfa47dce4929bcbc9eb13d2e13053f485010c2 |
| SHA512 | 46e484c49ac6d72bb32d445250f0a1afd6fda9feab8e20de4b8adfffebd3a1ca11031f51d456485492191bc29b74b61006a0a74ce5ddf5a818bdf2479f1e6f44 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\615__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml
| MD5 | 27f4380737c6edbfc219e4bc35bc95a9 |
| SHA1 | 6771b41afd3dee2135392400536094efff75eb43 |
| SHA256 | e0ee29ce7978a33861e6e63545deda9e734ea784ee8e4ba6fd6aa56b775f6ca9 |
| SHA512 | 6ad6ab1d47859076a78955dbfcf50124eecb9bebbea1fce25017aefb92f1114770588c28a514d5cbe89ccbc059e8ed866752741af4a5f3cff23acc44521747df |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\620__Connections_Cellular_Truphone (Germany)_i0$(__MVID)@WAP.provxml
| MD5 | f159f67739ff0623442a955c060d49bc |
| SHA1 | 51f941230a2018a45c57cbeee04828c48ad84b01 |
| SHA256 | bdaa16d795466beaf62c4042146d0dae4fe70cb71a82520a774a14d50eb4faa4 |
| SHA512 | e93f5a777918be1c9bcbc1909cddf5e62d51464e2bcf2fe7c347393b0faabaf4fb730cf574d1fe7fb4ed924f316d56587f99adf1bd43db2b9d2c9e3c01c81276 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\63__Connections_Cellular_Airtel-Vodafone (Channel Islands)_i0$(__MVID)@WAP.provxml
| MD5 | d17390d8f3b9d439d6d64d8281a48d03 |
| SHA1 | 2e9ab664cccc6f5fdd5507df19c4f6b72286b787 |
| SHA256 | eb548e0f3a79fbeb4cf9497863f31bb11a22d29dd17960c013df59fc01bbbd9c |
| SHA512 | eb334013e533f5c837611751da6374d2466515c3120dfc755fffc209be2733387c4725e26264150b3d6e8f7d2eadba3c6a2dbf93cd953dfa6d520cd9c6cebfc6 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\651__Connections_Cellular_3RoI (Ireland)_i0$(__MVID)@WAP.provxml
| MD5 | 537fd216abb1e2cad053594cc91eb955 |
| SHA1 | d0bdd5324c0b31fb4a3cb48c0d8171e68d9c3cec |
| SHA256 | 70c2a2bfadbeb56185d1aceb04db11541388c25cb71b104b6fb3b6e1f89ef1ec |
| SHA512 | c95eeed9aaadd6e964117881523f69528d67d4c5951a803d516debcf3366c9e2feb28765768e9ce12dec9aeffb3d577d5f8659f71124df83c196df354eb126d9 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\654__Connections_Cellular_X-Mobility - 3RoI (Ireland)_i1$(__MVID)@WAP.provxml
| MD5 | e5b0327c41376ef19fc5edc9152529d0 |
| SHA1 | 57b27826d6538bfe6baf9161eae727e6e614ee79 |
| SHA256 | 26df0a7f3645a1ea2058196ac97b67e582bbd5229da670d1e4817398fc3bb6ff |
| SHA512 | 91aec142ff58700f7906796afdf1a10984b5b3414f8dd415611614cfa96b0f63edea5959a84710f270a3910019647060d9e629f1b444466d7a934a850389806f |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\676__Connections_Cellular_Lenovo (United Kingdom)_i0$(__MVID)@WAP.provxml
| MD5 | 792a64401688470b9b5ec4a1123eb802 |
| SHA1 | 49eeabdff56444dc52bb1296caf0e4edffb32fac |
| SHA256 | e9a88cd3868deeb7370e877a7abd90c5f0d69c7a2bd65c6bbae30e74133b70d1 |
| SHA512 | a1bf2ddb2133149429b59f9691edee82ff30217912d66b5e206078a22ef1a1de6d0cc35e23097af4c43346660d2dd06c7b7066bfc7e429372fc89a37ea27a1cb |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\698__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml
| MD5 | ba6b70827fa83c75783b6103bf2ca12d |
| SHA1 | 84c5365d68700cd9ecfa69e8391b10cfaf37262e |
| SHA256 | 31887f638809478672800789d032efb4d421c276e1d632d7488283cc039395e5 |
| SHA512 | 6bc32ab88ea07333257cb0859e0adea54e450c39d0a3a98153bdd5f90e5fa5cdd232f7c8311d5fe0c9665acea8409ac37eea5ea975fd393a3079a0e1f6519121 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\720__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml
| MD5 | cafc2a2dde2f05e2a60677690d2ca245 |
| SHA1 | 8bd9c447b79435b8497212ef76f5b43dffb030a8 |
| SHA256 | db91bef58cfa8c3ad4587f4d737202a2ea4374deb35305e8e56a4e0b57232a7e |
| SHA512 | 7f293929a1147163d71c612084c7fb99740a1fdae3a3f9d7782f795c10c1b7b2e49617e9d6746938167a2dd49bc5c53788bd8751c61ad145d2d42700ae1f1575 |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\721__DataMarketplace_PerSimSettings_$(__ICCID)_DataMarketplaceRoamingUIEnabled.provxml
| MD5 | b4d351a08ff1ef954b7d7b4357e76cf2 |
| SHA1 | 0060841fe855408ee1b75aca5d440261e975d7d7 |
| SHA256 | b960fb5cb94682dfc4a873035d65f8befdcb9bed0e7db0feb905f0dcf437b38c |
| SHA512 | 999ecb9c36516b27739215c144d69df24136f6d8a3a2c9df228a879bf8b804c7f0c75be7ab2624eb48d7b4c58b1eaa1e134483939537acf618599b47cbaf9a5d |
C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\74__Connections_Cellular_TIGO (Colombia)_i0$(__MVID)@WAP.provxml
| MD5 | 3e0a582d1ad7720a269e3480f0740d40 |
| SHA1 | c8ee49aa68adbd2580762ae2256bf5a51da8da82 |
| SHA256 | f4e5da9aa987fbfc9485237a81368552e4578555f8afb1242a168b3ce3a50e54 |
| SHA512 | a2ea0612460efae7949fa698ab168dc106d0e357e8c8611ef987a684219042e3671b6ec501700b2e64a14cf03c2a91d6c0e4ebaf9d802ee859c591aa99ccdc02 |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml
| MD5 | 234c58fcbf2775edbfda910d2e0cb945 |
| SHA1 | 16314a6f5604aab01e76d5e7f7794b40c23a4785 |
| SHA256 | 68193f3f98611b2aa42be4d2995b0b9a2465277c7520231324a08460639a41a5 |
| SHA512 | fddd87a902c108de1d986dc6e4fa7347e3908076d1ec3f64b19602d3a2318ad5ee0a1d46599ba860dec61843c2954d3cc9e91aac9718a82d1043e32b3dfb6bdd |
C:\ProgramData\Microsoft\Windows\ClipSVC\Archive\Apps\4dd42712-3493-fd34-6fec-48266089435a.xml
| MD5 | 703493f4417c30ed1e1856d3628945a4 |
| SHA1 | c8da0fdf2d0580a739f0d11a4322131581b67f77 |
| SHA256 | 7c23b4ec3b42f260dfffadaf7d59a0efcc8f6547149b45907b1fc5242a4e6c2e |
| SHA512 | 2876029ed71708e31bce2871dc62820c6684a16be26802560341a07dac9394095d7b672ccdfb65bcae8177539c4f20cf4e8b8b8e892fd117f21cebd3632275a4 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk
| MD5 | 0403a22306e2dcc6da0acfbdc0762e55 |
| SHA1 | 03154c7e570c75df81ad8ddb6ea8a9defd38d27e |
| SHA256 | 033eeac8e125a5efb66f100fb9ae33c9fd1780f452b92f69a8d6b49ba5e1737d |
| SHA512 | 2f1497b4e07230afb315ad83fd6e7ee61ce3cbb6d046f6ad28fc5e5e718dbc597499be23abf0f390f5c36c532611388a8ad5ef0149084b5f41f4cda0c5bd072f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
| MD5 | 8b550761ab80413c9c09f7fb472dbfaf |
| SHA1 | 67122822562203c17dd3f762194e470f90ddfa97 |
| SHA256 | f5ea79165516de2e7e1efb53d016983f5d18c3184413f044a4002f4b751c918b |
| SHA512 | 9546013cf4d45a2c4c609524b7ed4adecc7dc2fecded7c3b7085415a1bcd1c25db5d88bb591ac05fa5a6313763a8e8d5d8fc6ee6610b454cf7696b647e7781fe |
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\04\109005
| MD5 | 256abfbb6883823718eaf33f62510d6a |
| SHA1 | 9a8c7efca7e5aefbcbb86a9ad6cffa0df3704bfc |
| SHA256 | b707241545a346265aab1ffb32ff64b55bf8f8dc1b56a46ef33ce3d15db11d33 |
| SHA512 | 7542d09f09c7e9a69a60f95b05a464423b15f997dcbbe6efddd814424e40606b2c331d896d48670d32cdad5a6a9f62d8d0b265523b8eb4bdca6e2dc8ca698018 |
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm
| MD5 | 8776c367699ad807af292f1f5d085d4c |
| SHA1 | 9209e352bf9d3999f94881a75d6f7d39bc6d7f77 |
| SHA256 | 18b602cdbb7656129a359046fc68faf1b990da88c6c3b3e6b20c1df399cc0645 |
| SHA512 | 83a17d98d175a122fe98cf89c476826769d8fae0d74dc93c8fe48d12089e26bfd501a586db3783a03e1bfe07864ebec2a6b5a48415554c61cd565131ed40a9e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENT
| MD5 | 4ae71336e44bf9bf79d2752e234818a5 |
| SHA1 | e129f27c5103bc5cc44bcdf0a15e160d445066ff |
| SHA256 | 374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb |
| SHA512 | 0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
| MD5 | 2dcea950234175e3edf672936843ab5f |
| SHA1 | 4ca6dfb9ed642bbfc0002cd47abaa2dc895ce0d4 |
| SHA256 | 74ca16b1138459ef2afb19324097332626ee7c897687c5adc5488f93bf0c11ff |
| SHA512 | 483866f3ee1d730f1052b0ce34832e0e42145296df490a68901b95e616f2dfdc39fb13e2ed80bd259c43475830f6a74257a5fc8d163e7f1dd17d39556501dfa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\pt_PT\messages.json
| MD5 | 2b0e63420f5cae3932461d8c74a9e788 |
| SHA1 | d19b5095d30f9f01f09864c26386dc5b911ecd55 |
| SHA256 | 42345ab2147d5dd09780b2e286347110011a769f122210e7b9e9c2249036f15f |
| SHA512 | 11a25eb4cba596d1b203bb88e2b69231c8f8ee59786ea335a66ca77dcfbc36ebb8a9b4e957b992c3ed38f58d1ef8c7c606d8a16dc84f8220cf517999b4f7577a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.62.0_0\_locales\zh_TW\messages.json
| MD5 | 6432afb58141f16a4a0c1893b2bcd695 |
| SHA1 | 52e8969d97be9c9d5d496b60127b341be3640014 |
| SHA256 | f33aa96833f869a0d686fa6f2eac4464a105ab578b574bc6f74d6388a17e0165 |
| SHA512 | f08ccf984f5aa654fe19e514867d497f8814a3c91a3df61ffc29bfea5de79f882f549703451c2ab3151ac0d8879cb61776e4c974f4c9216481931ab1b83042b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro\messages.json
| MD5 | 6ac0a150c33a548595395c755a7ebba4 |
| SHA1 | a4adaaf6cac597e56de957f3c1137a4f8a2bf225 |
| SHA256 | 79adab38bd93e2f14609db60ad34a2165e5ae868556f862c4569ae3d8a81a35e |
| SHA512 | cffc1d3114d35f387b47a2157b6f8a819ff65f75625afa782e3f41f6956a51f734d0ef7e94390c4f030f6d0f7d8c57a3e761f2e46bf37fde870f2b157c3a4ab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | f5cfd73023c1eedb6b9569736073f1dd |
| SHA1 | 669b1c85ecbafe23c999100f55a23e06bf59ead7 |
| SHA256 | 9e1736c43d19118e6ce4302118af337109491ecc52757dfb949bad6a7940b0c2 |
| SHA512 | 5d8c1aa556fc17d6dc28d618f521aee37fc0e1826fdbcf8d106e456fc3bcd3c76e712d23fef3378bd2be17b80eb5bfd884ccd89b67490b63c7bd118eaac471d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13356708307578931
| MD5 | af98b62b3f9d6e70c082f05969c0d2b3 |
| SHA1 | 2a78fe6ace36668a1505ce949dd5415cf172590b |
| SHA256 | 77544451f210250b90637e7ecfebfc0ce00398ef964a2d46f1b92adf4d6f97a2 |
| SHA512 | 6a8d54bbaa9d6f04de832a60fed8f471eaf38bce9f95942d2fa84dba035739b65cc4fbe58904a7d2220af89d735b96be1bb6aa43aedecb83afba6c4d3be20850 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | fc91658bb81ea407fd37a59d65f0d86e |
| SHA1 | 6cb269ab1a592dfd2039dc8c50c00b86af94d3e6 |
| SHA256 | 4bafbcbc4cbbda94d0a315a09176de0ce6872cf1d85113539a7b04ff2360efa1 |
| SHA512 | c5b8832097ab5e74a0c31cc243c98c6a2b9734da4eb6e25cfc28070529ff4b6d77de1e97388f188f00148cd8db32f3ea62dc86aa841d47e25da8d8dd2267061e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | f536fbf78e26387affb82ee89943b870 |
| SHA1 | 3ac8e44a9491c16bcd86dab6781acc4f7e1f76a7 |
| SHA256 | 34dbd6bf55d0d075d666181d9278b8387482a8b5804e44e1ddaafe6876dadc15 |
| SHA512 | d9ad640884f40495b4255bd221f0902ff64f84e3136053d03abee7ca417d32a1d72f24a75cb67bc50629e102bdb2f81c0bb087e0eb5cb82fa3d67c4fa5d92450 |
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\LogoImages\OneDriveMedTile.scale-125.png
| MD5 | e66d4ab75e9862302da5825bbf066c5e |
| SHA1 | fd5c26be1c56ae0af5e626741ca5896858e43073 |
| SHA256 | 4925b9b6329f24346bce043f2cdabb940199fd87188f3ae77c9559bf7cfa9f43 |
| SHA512 | ed179e34d1d6f2ddc85fa6cd8b866f192c1c4ff2e2b715d9ddd95bff6e8f45318dad7d4da607960268e1cdfd78d48f04b4ea1a9b01ae70fc1c7da856a178d8c8 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\00000016.bin
| MD5 | 1595ed4372d33dbecabbfd411c6c8f46 |
| SHA1 | 8b8ba962b765110f762f873edbc3193adef48b33 |
| SHA256 | 8f6abb9e202dd8027ac9abbd475a24e62659a0b2683613f219c21d1238816ed7 |
| SHA512 | e0017291c0d0685ede7a6492c2683a90b37482d21037840ab3e2cef4ed381bbffa8c31ef3c8d06db0a800eff69ba4505012886f88a911997657b3f26284142f1 |
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\0000008H.bin
| MD5 | 83a9475b33cad765c41dd3deb5be2254 |
| SHA1 | 57000314d786c690b6affe01bfd4c3e50d124b62 |
| SHA256 | 2c7a2cc69b6956abafd94377e8df4393aeeecc57b5093af67ad0f65705124890 |
| SHA512 | 2b21d5e408af6772fb77a68d618887a50208539f376a4750c8a90ac42e8c334ab8c98ab1e30860ed475e83623f2f7a07929a038a9c0f31567d53d9c03d449fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini
| MD5 | 897208d5df122e307ab837d982b2c085 |
| SHA1 | cf4ca14a7adcbc197cd84c1997efdd076911d608 |
| SHA256 | eaae98aa73fe0b561c8b02607a524fb4853bbe81c6de8c3d8a9b7449366809d4 |
| SHA512 | b0aa03063c42515de12fbf6d89924a3ae7d8bdd64d7c9bae94c75d571c939655253f3e87368fcd96f5784b2aee8fedac8f66200b8672ab47cc8b37c57a9ad334 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
| MD5 | 397a26be7324f1c9f27f29cf4df24c55 |
| SHA1 | 78f7464a4d66b709303ef01bcbceb9dc4b4d6529 |
| SHA256 | c4004fba08fe248740309d70a5dfe295508dcdf5ddbea6748b7b4fbfcf6e2dea |
| SHA512 | 9545165e5a6d3a211a527b8a6cb57c09d714c2e014c369db239c127e16d4df2aa6e0ce80b4bfaeecd99e5b96fce51e3b5a86fed6e1c10de5572ad81a98371586 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri
| MD5 | 06d2f77ac9e6a520aa8497936831d793 |
| SHA1 | 08e94668b4cb8c6fcad7645c4e30ea1665388146 |
| SHA256 | 54c933adf17809cd86095d388f3d660fa9e961bd3243502fec99fa2b03d497a3 |
| SHA512 | b774079e51ab967560f72cc618dc3e0dca5e28ece5f0daa51b803a823061caf3698d82fb5809fbf3a5f2d1c0c75c1de3b446158538423f8314c9aaea96bff987 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk
| MD5 | 61d2c715839bcfa06ce4d23dd84e7457 |
| SHA1 | cdb61e6100ac4882ba4863875f63e38b8b804ddc |
| SHA256 | 1f9ec15f6ff239e14a3a243a98f19ae7db16d425a63b2da0908cc0ffcb1258e7 |
| SHA512 | cb6577068e0b746a0ff0148238fd5be9e02e4ff6218fc21d78194a06ebd3f54aa12a1a9b80a4cc9a9f66f72f49eb875eb367b344f674807af11373770f75d952 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\safebrowsing\content-track-digest256.sbstore
| MD5 | 32b5e7886d1928c44fadc040471cc550 |
| SHA1 | 8654b4c6c64309b1ef7d78ad939c0880bf4bc997 |
| SHA256 | fb020d1cd10cbd766a817dcd2f4429e1a39955bba6755d3594a9fd84a08a9f11 |
| SHA512 | 1a171d635be9eb9699acdb16485040b9f2e9086dde341428db245bb309494eda3a2cb173e6908a22847cd015ed179e3caff87e4b2927b3074ce5f4cf56e24e72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\safebrowsing\content-email-track-digest256.sbstore
| MD5 | d7d2fed9b7c55fe72a6cda66725cb7e8 |
| SHA1 | 2cb154a1c4a0553658801a088edf87b5816cbbd2 |
| SHA256 | a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5 |
| SHA512 | 0ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | a50b718c3518b630251fb54b92bde360 |
| SHA1 | a9582222b6f4df2b4e3e4ee5fe91d25ff086b943 |
| SHA256 | 9d2ce1c032646d2a3381b68bc9201e3dcd53b764e83a0d356d67cc4926ece015 |
| SHA512 | 95e0676e3177262d29c4105edd4ce1fa1c2a2da5cd3289ab0f873fba782a0185e4bbede5d64fae1f6c4cea5ca3ae0697d7113e6ee63f229431bfaf3f8990c517 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
| MD5 | 80be6efdf5a776659777bf07d4aff891 |
| SHA1 | 1f98e7ba8de8c6b39f4b202739ca71fa2629fd6d |
| SHA256 | 9ebc694d4895efc802ea27714a71986f293edf4b63e9918c27d65871b06f43a9 |
| SHA512 | 03a5434f25209a74a0abc6045c66a45e098d487227cab71004363c8c823840b49596857e8f757f42b8953f9bc2066209b1e8f52104d1837705828cb2676119cc |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | f7aa819535e83034f3bb522cc8c6da75 |
| SHA1 | ee55ab6faa73b61b68bc3d5628d95f0d3c528e2a |
| SHA256 | 90558d1e3a0ecb9febbb4d7abe8e9281bef8ad0e2a42fee83d3d837eb74b7f3a |
| SHA512 | 38f12c5292b494c9ee2f3436c1d939ab46bac1514b54f36b0bf27f2ca03affc1c62582daff38bea77fde5608c501c18f52ce116673b17394f022e0e92b23e4c8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 3dee8cafb2684396b42a08cc5dd2d132 |
| SHA1 | bb065abfada882e3d9b419b3c57e0eb740bdb6ab |
| SHA256 | 9552cf2fc804becaa59379ee29e4be6800d0aac515738799dbd442919841d23d |
| SHA512 | 5da7572aba77335fbb766b99be920d9c5e616c9cf724cd0248d0361b43bfe281bf74d08766fa9f47316e51ddf6abb29484b41f09752f326eaba64710760e1f26 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{84954576-f064-4bda-a540-126d93992d4e}\0.2.filtertrie.intermediate.txt
| MD5 | ca9c491ac66b2c62500882e93f3719a8 |
| SHA1 | a10909c2cdcaf5adb7e6b092a4faba558b62bd96 |
| SHA256 | 8855508aade16ec573d21e6a485dfd0a7624085c1a14b5ecdd6485de0c6839a4 |
| SHA512 | 65faa9d920e0e9cff43fc3f30ab02ba2e8cf6f4643b58f7c1e64583fbec8a268e677b0ec4d54406e748becb53fda210f5d4f39cf2a5014b1ca496b0805182649 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
| MD5 | 4f00b32a70c5d829f8199614fe56af64 |
| SHA1 | ff2afa238f88ce8cdb4430fe578c58823cd6d752 |
| SHA256 | e3833793f7412667cdbe15693f5dc4994934d1a6695392f8bebb74f985658256 |
| SHA512 | 6ca12db615454c1b842040e5047ab24906d372b15b547653553d39ebd18cf4f90a360c5032e415d00ba313cb27def27aa8eb7e94ae3d86fefcd856b693f0c6aa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
| MD5 | 29003687900cad69c06a7907f2738e79 |
| SHA1 | 1270acf3b52426101025ff311e6dd17c05a9db2c |
| SHA256 | cae9ef701fa7d83ab66e5c8d7d284d497bd13f76bef2b2594c5568c31fea7e8d |
| SHA512 | 34c9c04473bd8a4da755a88a04a9ccab0bae8fdc51332dcba4aad045ae8305491fbdfab41821f6b838729d1e09fcf99513db3817c84c5be96a41bb23c8d0b0da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\.metadata-v2
| MD5 | c183857770364b05c2011bdebb914ed3 |
| SHA1 | 040e5ac904de86328cca053a15596e118fc5da24 |
| SHA256 | 094c4931fdb2f2af417c9e0322a9716006e8211fe9017f671ac6e3251300acca |
| SHA512 | 8ac7790c0687f86d2d0ca82cfc9921c8cd6e6f5392594317d5ee6f3661500de58ebd5ef6300a412c23ed1cd2748c5eadeeb9719f32758590bd4168a0259bbd70 |
C:\Users\Admin\Videos\desktop.ini
| MD5 | 5d2a33958ebe530732fd9c258850c5aa |
| SHA1 | 8a1d854c73b0a9adb04dc4db317a0b9dd1708b76 |
| SHA256 | 696bda342649ec9268da57b6a279df6f24b0e857d5e6d0605fd25af95adc3cee |
| SHA512 | 561c0480b0cc5f75acd24f9ea36f4e6ddee35261a0fd75ec2c495e940b6e7d41fa024110b58aa9bc2f6c69736cceb6cfbbb6198d9c50ad8965d6d30067bb52eb |
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk
| MD5 | 7a4228aa2003a72a296e741bfa8246f7 |
| SHA1 | e94ca8cb43d671cdc3ed759980bfbaf73cf4c6f8 |
| SHA256 | 462fa5c6568794276673c9159500918afddf8f170e580fd1f3d483c48934b050 |
| SHA512 | ed66dc35762f661f760eaf0feb82e22c823f11e552c9f938748a8b158ecf0828f40d48afc4d5cc07122f41a13e7b322950b9f156808b125bc7a1ae19e066d304 |
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk
| MD5 | 35705a33e80294bdc078f5582784f4fa |
| SHA1 | 3b8d2bc3650098d604e3363fdc41e9bfc2f4609e |
| SHA256 | d0e438519a8e2075e13430b66debeb7204e5e8ab41fb24eaab20db0bdb66d835 |
| SHA512 | e560c350940f15a8d5c5187ed833190cdef9e4862e8f06dde9b0204ad1a0decb9adaadd27c4b7015ea5e7fabe7d7a63538ba72def9997e56300cc8ddc4249061 |
C:\Users\Public\Documents\desktop.ini
| MD5 | b252d37ad6eb57bc4c866bc135cce6d9 |
| SHA1 | 1083dd42d0613fdf3ec930899d9e7129d448f7b5 |
| SHA256 | 6c3aa53f65399f08045d870f42d5ca08276b6938eee0e6a8cd61a473f8b78178 |
| SHA512 | 32b803cffc5b844e20e57a2372e797ba913578f5f8104b9c4083245647e4f65009695d0ec2397973132c570600ec39ff6a2275c9952533bdaba183ee620c712d |
C:\info.hta
| MD5 | be4337c25860a38721e09cdb46c4e317 |
| SHA1 | e959c1aea2f9fe537adf4617378e954d76edbcab |
| SHA256 | 8e22d0a178082c7f073398c6fd18cdc5edbef5ed9e792994272f760b0cef9a8b |
| SHA512 | 18c85bba3ee98e04f5936b3d0b5358313fd084f2d048f0e741d16c9e417f72bb8b1ed69611ca84fa2f41c8aedfa887f4eb8bc59442f7aeaae8ad7e130ef91d08 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
| MD5 | 30ec43ce86e297c1ee42df6209f5b18f |
| SHA1 | fe0a5ea6566502081cb23b2f0e91a3ab166aeed6 |
| SHA256 | 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4 |
| SHA512 | 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae |
C:\Users\Admin\Desktop\info.txt
| MD5 | a6fb2727596ebf4574d4822ce3d9f766 |
| SHA1 | 266b373b6f270315936d5a2f4fc9198e6220cbab |
| SHA256 | e2bbd7c6303b7b35c45edfcf32d580fa2858e56c583d4a24dfee687c9a830565 |
| SHA512 | 048225733cc23d3adc46fb7d5aa6d865257f30e2736e19822085a50acad86e933d50ee2d36fd5a4d587df3627214554fb8adc8c11f4c5e087df6e4d5b4f0bf26 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
| MD5 | 595bca1a3de975dae3bccb794ae94829 |
| SHA1 | 009c9829b875359c272f7094deece58bfdba67f6 |
| SHA256 | 301d339adc4adbae0c3eb13651526215d82e3ebbb66b45c05c4c5424c6ccb2bb |
| SHA512 | d63942d853d7c14ad68560bc0d282e80d25c8fbb911e9b972370327611f8e7b53dd82ae9d56d2c2a7aac2016a2777b9a978cbaacdea371b68e7fe283f0d0ed1d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 94e0258195de312b996b856fe2f8f504 |
| SHA1 | a3c6c8fdf88ea8b1fb3dd9d56df9ac4b77e01a55 |
| SHA256 | be22534f4deed175e3f6294f87dc46ba1404be51204a402f56e1da2a321e8007 |
| SHA512 | 8d2fb8a2e74e4512d1200eb1be1730f7ca038ed673a009a6027b2b03defa8460b1f469e90ec1e2a4ac3007fa08b13eba6e1a0212a73a692bacd729baa2c428cb |