Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10Dropper/Berbew.exe
windows7-x64
10Dropper/Berbew.exe
windows10-2004-x64
10Dropper/Phorphiex.exe
windows7-x64
10Dropper/Phorphiex.exe
windows10-2004-x64
10RAT/31.exe
windows7-x64
10RAT/31.exe
windows10-2004-x64
10RAT/XClient.exe
windows7-x64
10RAT/XClient.exe
windows10-2004-x64
10RAT/file.exe
windows7-x64
7RAT/file.exe
windows10-2004-x64
7Ransomware...-2.exe
windows7-x64
10Ransomware...-2.exe
windows10-2004-x64
10Ransomware...01.exe
windows7-x64
10Ransomware...01.exe
windows10-2004-x64
10Ransomware...lt.exe
windows7-x64
10Ransomware...lt.exe
windows10-2004-x64
10Stealers/Azorult.exe
windows7-x64
10Stealers/Azorult.exe
windows10-2004-x64
10Stealers/B...on.exe
windows7-x64
10Stealers/B...on.exe
windows10-2004-x64
10Stealers/Dridex.dll
windows7-x64
10Stealers/Dridex.dll
windows10-2004-x64
10Stealers/M..._2.exe
windows7-x64
10Stealers/M..._2.exe
windows10-2004-x64
10Stealers/lumma.exe
windows7-x64
10Stealers/lumma.exe
windows10-2004-x64
10Trojan/BetaBot.exe
windows7-x64
10Trojan/BetaBot.exe
windows10-2004-x64
10Trojan/Smo...er.exe
windows7-x64
10Trojan/Smo...er.exe
windows10-2004-x64
10Resubmissions
03/09/2024, 14:02
240903-rb57sazdqf 1003/09/2024, 13:51
240903-q59avszclf 1002/09/2024, 19:51
240902-yk8gtsxbpd 1002/09/2024, 02:27
240902-cxh7tazflg 1002/09/2024, 02:26
240902-cwxc2sygll 1021/06/2024, 19:37
240621-yca7cszgnd 1009/06/2024, 17:07
240609-vm7rjadd73 1013/05/2024, 17:36
240513-v6qblafe3y 1012/05/2024, 17:17
240512-vty3zafh5s 10Analysis
-
max time kernel
79s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/09/2024, 13:51
Behavioral task
behavioral1
Sample
Dropper/Berbew.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Dropper/Berbew.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Dropper/Phorphiex.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Dropper/Phorphiex.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
RAT/31.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
RAT/31.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
RAT/XClient.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
RAT/XClient.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
RAT/file.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
RAT/file.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Ransomware/Client-2.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Ransomware/Client-2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Ransomware/criticalupdate01.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Ransomware/criticalupdate01.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Ransomware/default.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
Ransomware/default.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Stealers/Azorult.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Stealers/Azorult.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
Stealers/BlackMoon.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Stealers/BlackMoon.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Stealers/Dridex.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Stealers/Dridex.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
Stealers/Masslogger/mouse_2.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
Stealers/Masslogger/mouse_2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
Stealers/lumma.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Stealers/lumma.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
Trojan/BetaBot.exe
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
Trojan/BetaBot.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
Trojan/SmokeLoader.exe
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
Trojan/SmokeLoader.exe
Resource
win10v2004-20240802-en
General
-
Target
Ransomware/default.exe
-
Size
211KB
-
MD5
f42abb7569dbc2ff5faa7e078cb71476
-
SHA1
04530a6165fc29ab536bab1be16f6b87c46288e6
-
SHA256
516475caf3fbd1f0c0283572550528f1f9e7b502dce5fb6b89d40f366a150bfd
-
SHA512
3277534a02435538e144dea3476416e1d9117fcddef3dcb4379b82f33516c3e87767c3b0d2b880e61a3d803b583c96d772a0bdeecbfc109fe66444e9b29216af
-
SSDEEP
6144:zia1vcaEaA+HPsISAzG44DQFu/U3buRKlemZ9DnGAeWBES+:zHctWvVSAx4DQFu/U3buRKlemZ9DnGAn
Malware Config
Extracted
C:\Program Files\Crashpad\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT
buran
Signatures
-
Buran
Ransomware-as-a-service based on the VegaLocker family first identified in 2019.
-
Detects Zeppelin payload 10 IoCs
resource yara_rule behavioral16/files/0x0008000000023423-17.dat family_zeppelin behavioral16/memory/2584-31-0x0000000000850000-0x0000000000990000-memory.dmp family_zeppelin behavioral16/memory/3920-36-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/4832-39-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/3920-2886-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/2956-8121-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/2956-14199-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/2956-21076-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/2956-26123-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin behavioral16/memory/3920-26148-0x0000000000150000-0x0000000000290000-memory.dmp family_zeppelin -
Zeppelin Ransomware
Ransomware-as-a-service (RaaS) written in Delphi and first seen in 2019.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (6108) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation default.exe -
Deletes itself 1 IoCs
pid Process 704 notepad.exe -
Executes dropped EXE 3 IoCs
pid Process 3920 taskeng.exe 2956 taskeng.exe 4832 taskeng.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskeng.exe = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\taskeng.exe\" -start" default.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: taskeng.exe File opened (read-only) \??\G: taskeng.exe File opened (read-only) \??\U: taskeng.exe File opened (read-only) \??\T: taskeng.exe File opened (read-only) \??\P: taskeng.exe File opened (read-only) \??\I: taskeng.exe File opened (read-only) \??\B: taskeng.exe File opened (read-only) \??\A: taskeng.exe File opened (read-only) \??\V: taskeng.exe File opened (read-only) \??\S: taskeng.exe File opened (read-only) \??\O: taskeng.exe File opened (read-only) \??\J: taskeng.exe File opened (read-only) \??\E: taskeng.exe File opened (read-only) \??\R: taskeng.exe File opened (read-only) \??\M: taskeng.exe File opened (read-only) \??\L: taskeng.exe File opened (read-only) \??\W: taskeng.exe File opened (read-only) \??\Q: taskeng.exe File opened (read-only) \??\N: taskeng.exe File opened (read-only) \??\H: taskeng.exe File opened (read-only) \??\Z: taskeng.exe File opened (read-only) \??\Y: taskeng.exe File opened (read-only) \??\X: taskeng.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
flow ioc 28 iplogger.org -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 3 geoiptool.com -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-pl.xrm-ms.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ppd.xrm-ms taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.XLA.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linessimple.dotx taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-tw\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\bun.png.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-60.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-96_altform-lightunplated.png taskeng.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark.png taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms taskeng.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxBlockMap.xml taskeng.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\PreviewCalendar.png taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\PREVIEW.GIF.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\back-arrow-hover.svg taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ro-ro\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\7-Zip\Lang\ba.txt.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_large.png.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-24_altform-lightunplated.png taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner.gif.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nl-nl\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AriaWrapper.winmd taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK.winmd taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ja-JP\View3d\3DViewerProductDescription-universal.xml taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-150_contrast-black.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\SegXboxGB.ttf taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\ui-strings.js.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\orcl7.xsl taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\WideTile.scale-100.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-40_altform-lightunplated.png taskeng.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\japanese_over.png.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\RuntimeConfiguration.winmd taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-200_contrast-white.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\MedTile.scale-200.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_contrast-white.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-64_contrast-white.png taskeng.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_altform-unplated_contrast-black.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-100.png taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Paint_PDP.xml taskeng.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT taskeng.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fi-fi\ui-strings.js taskeng.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe.138-2ED-B49 taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-white.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-20.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlbumMediumTile.scale-100.png taskeng.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png taskeng.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WMIC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language default.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskeng.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious use of AdjustPrivilegeToken 50 IoCs
description pid Process Token: SeDebugPrivilege 2584 default.exe Token: SeDebugPrivilege 2584 default.exe Token: SeDebugPrivilege 3920 taskeng.exe Token: SeIncreaseQuotaPrivilege 3908 WMIC.exe Token: SeSecurityPrivilege 3908 WMIC.exe Token: SeTakeOwnershipPrivilege 3908 WMIC.exe Token: SeLoadDriverPrivilege 3908 WMIC.exe Token: SeSystemProfilePrivilege 3908 WMIC.exe Token: SeSystemtimePrivilege 3908 WMIC.exe Token: SeProfSingleProcessPrivilege 3908 WMIC.exe Token: SeIncBasePriorityPrivilege 3908 WMIC.exe Token: SeCreatePagefilePrivilege 3908 WMIC.exe Token: SeBackupPrivilege 3908 WMIC.exe Token: SeRestorePrivilege 3908 WMIC.exe Token: SeShutdownPrivilege 3908 WMIC.exe Token: SeDebugPrivilege 3908 WMIC.exe Token: SeSystemEnvironmentPrivilege 3908 WMIC.exe Token: SeRemoteShutdownPrivilege 3908 WMIC.exe Token: SeUndockPrivilege 3908 WMIC.exe Token: SeManageVolumePrivilege 3908 WMIC.exe Token: 33 3908 WMIC.exe Token: 34 3908 WMIC.exe Token: 35 3908 WMIC.exe Token: 36 3908 WMIC.exe Token: SeIncreaseQuotaPrivilege 3908 WMIC.exe Token: SeSecurityPrivilege 3908 WMIC.exe Token: SeTakeOwnershipPrivilege 3908 WMIC.exe Token: SeLoadDriverPrivilege 3908 WMIC.exe Token: SeSystemProfilePrivilege 3908 WMIC.exe Token: SeSystemtimePrivilege 3908 WMIC.exe Token: SeProfSingleProcessPrivilege 3908 WMIC.exe Token: SeIncBasePriorityPrivilege 3908 WMIC.exe Token: SeCreatePagefilePrivilege 3908 WMIC.exe Token: SeBackupPrivilege 3908 WMIC.exe Token: SeRestorePrivilege 3908 WMIC.exe Token: SeShutdownPrivilege 3908 WMIC.exe Token: SeDebugPrivilege 3908 WMIC.exe Token: SeSystemEnvironmentPrivilege 3908 WMIC.exe Token: SeRemoteShutdownPrivilege 3908 WMIC.exe Token: SeUndockPrivilege 3908 WMIC.exe Token: SeManageVolumePrivilege 3908 WMIC.exe Token: 33 3908 WMIC.exe Token: 34 3908 WMIC.exe Token: 35 3908 WMIC.exe Token: 36 3908 WMIC.exe Token: SeBackupPrivilege 3556 vssvc.exe Token: SeRestorePrivilege 3556 vssvc.exe Token: SeAuditPrivilege 3556 vssvc.exe Token: SeDebugPrivilege 3920 taskeng.exe Token: SeDebugPrivilege 3920 taskeng.exe -
Suspicious use of WriteProcessMemory 48 IoCs
description pid Process procid_target PID 2584 wrote to memory of 3920 2584 default.exe 91 PID 2584 wrote to memory of 3920 2584 default.exe 91 PID 2584 wrote to memory of 3920 2584 default.exe 91 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 2584 wrote to memory of 704 2584 default.exe 92 PID 3920 wrote to memory of 2956 3920 taskeng.exe 98 PID 3920 wrote to memory of 2956 3920 taskeng.exe 98 PID 3920 wrote to memory of 2956 3920 taskeng.exe 98 PID 3920 wrote to memory of 4832 3920 taskeng.exe 99 PID 3920 wrote to memory of 4832 3920 taskeng.exe 99 PID 3920 wrote to memory of 4832 3920 taskeng.exe 99 PID 3920 wrote to memory of 1728 3920 taskeng.exe 100 PID 3920 wrote to memory of 1728 3920 taskeng.exe 100 PID 3920 wrote to memory of 1728 3920 taskeng.exe 100 PID 3920 wrote to memory of 3372 3920 taskeng.exe 102 PID 3920 wrote to memory of 3372 3920 taskeng.exe 102 PID 3920 wrote to memory of 3372 3920 taskeng.exe 102 PID 3920 wrote to memory of 1388 3920 taskeng.exe 104 PID 3920 wrote to memory of 1388 3920 taskeng.exe 104 PID 3920 wrote to memory of 1388 3920 taskeng.exe 104 PID 3920 wrote to memory of 4428 3920 taskeng.exe 106 PID 3920 wrote to memory of 4428 3920 taskeng.exe 106 PID 3920 wrote to memory of 4428 3920 taskeng.exe 106 PID 3920 wrote to memory of 2744 3920 taskeng.exe 108 PID 3920 wrote to memory of 2744 3920 taskeng.exe 108 PID 3920 wrote to memory of 2744 3920 taskeng.exe 108 PID 3920 wrote to memory of 1724 3920 taskeng.exe 110 PID 3920 wrote to memory of 1724 3920 taskeng.exe 110 PID 3920 wrote to memory of 1724 3920 taskeng.exe 110 PID 3920 wrote to memory of 3584 3920 taskeng.exe 112 PID 3920 wrote to memory of 3584 3920 taskeng.exe 112 PID 3920 wrote to memory of 3584 3920 taskeng.exe 112 PID 3584 wrote to memory of 3908 3584 cmd.exe 114 PID 3584 wrote to memory of 3908 3584 cmd.exe 114 PID 3584 wrote to memory of 3908 3584 cmd.exe 114 PID 3920 wrote to memory of 4300 3920 taskeng.exe 117 PID 3920 wrote to memory of 4300 3920 taskeng.exe 117 PID 3920 wrote to memory of 4300 3920 taskeng.exe 117 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 PID 3920 wrote to memory of 3568 3920 taskeng.exe 121 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ransomware\default.exe"C:\Users\Admin\AppData\Local\Temp\Ransomware\default.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe" -start2⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe" -agent 03⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2956
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\taskeng.exe" -agent 13⤵
- Executes dropped EXE
PID:4832
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
- System Location Discovery: System Language Discovery
PID:1728
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no3⤵
- System Location Discovery: System Language Discovery
PID:3372
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet3⤵
- System Location Discovery: System Language Discovery
PID:1388
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete systemstatebackup3⤵
- System Location Discovery: System Language Discovery
PID:4428
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete systemstatebackup -keepversions:03⤵
- System Location Discovery: System Language Discovery
PID:2744
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wbadmin delete backup3⤵
- System Location Discovery: System Language Discovery
PID:1724
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3584 -
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3908
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet3⤵
- System Location Discovery: System Language Discovery
PID:4300
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe3⤵
- System Location Discovery: System Language Discovery
PID:3568
-
-
-
C:\Windows\SysWOW64\notepad.exenotepad.exe2⤵
- Deletes itself
- System Location Discovery: System Language Discovery
PID:704
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png
Filesize52KB
MD5de634fe73d0103befaa5233c262ed161
SHA14b2296c0b207d5ff9d06573d745c23b59b5734be
SHA2562daa3be10b56d38affb42112ae50796042467cde6b095a957247317da1b88d00
SHA512e0276d43a9e6c1d94a4829b63777a9c531a5104f6d7df9b6d1d6fa0cecedc89a337b9048c037f7858f518c57183220e093b4da5c77bf7266eb6f0c3575b04129
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_wob.png
Filesize52KB
MD5ee8d7b63431951f0821dd7361a5e093e
SHA1e6bd1fab7cff4a01147d2a5e68c050e9cc6c9baf
SHA256d3a9fb202acb904a60ffa849fa37594f7a8f4e156b5505b2d6dbcf4ba3fa1831
SHA5125f41bcb344dbc774f2ab1cf532f55cdbb661e6f6b38b102d4faee30c2396be9d5bc30804c1e0d16ef55963cbdcb42320108225b9241688d37f3870f2d5837b21
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png
Filesize52KB
MD5f3b840ebd18a7b3839beacb93e624945
SHA182ae6fd5b44b01f0a6a330a12687661a19db6b04
SHA256b6851f3ce5127076c0401accc2b4722ee8ff53b4157c4f57973dcd6a96c7439c
SHA512aba476b8c41e89856843b6613034e8c30077ed690929b48fcf0f2138932e9cd1c4756efb334daea6f58b2f3d5e51abfa5814884562fe2f2c07c3e85f6c2b9276
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ui-strings.js
Filesize34KB
MD544c077fd4917942fe68fa5de9478ac4f
SHA147eb3947b65566d7d2a3fdd6fa02c0b18a1d5f99
SHA25628fe100509a04057bf858006e3ced072cea5ccd8a3cb5161864d2afe46910a43
SHA5126c657e6483eddef0d56609728ca7ed05c997f6e7c9996eb573622f7e387350f3d9d8845777bd1c079a56e612c77a024f687d6e174dc543e66e86f5c9eeee7d13
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-ma\ui-strings.js
Filesize10KB
MD5e61406ff7bcb23fd13b80a6c4249e1da
SHA1835adca5cec422b0a153645b0302452395c4c64a
SHA2567311088d8fe79ea6af31bf6988c080906f17255d7feb5d19ba72bf68a7a19b1d
SHA512e40cd788837a615b0b90cc533debb8a458c3d3dfa590972ea8eeeb731fab51790a49e9b609eaf64982e57a8a9940a8cc08cd43e68c0fd2efe2c30bfd3f546c75
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\ui-strings.js
Filesize5KB
MD5f3c3f555de212975f74cad2243bcdcda
SHA1202e76e21fe05b80600d95fa337480efb064a937
SHA256b99bd69ea9a2f7c23abc50d5880ca1f2ebc496d1a46be61644c1d609bd657f03
SHA512c304a9f3c5e1d5144f7f230a6176512ee546099bda415ab6c3062877a2cfe60e36527f5352b34a2348ece46835f358e34f8e4c1453c2b94c47c3d3728efb64c2
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-ma\ui-strings.js
Filesize6KB
MD57c7c45a3daabdef606fa9bbc8872ef94
SHA1e0667c5731030755b7b493b34c5a055cffdd0fe2
SHA2560af45ffffb05ce12c2cec214dbcb8d0c337082ee3faba4aa7b2c9a2d10f1357d
SHA512c34cff2c3d82a0ed7bf31f4af6c45c82b9b6fc5d39d20adbfd2a3af721d6ed45f96d78797599b6cdad78355e9cbf7576327720fd5b18665aab0a533693cbea6d
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations_retina.png
Filesize20KB
MD5c87e2e02bf3fbf4e457177654644dfa0
SHA119549f216d7c6c6c764c50246506fc38379f87e0
SHA2567d0aeedd91771fa2dab33376dc56ad4a3352fc989461653f823434686601c6b3
SHA512278de489e8a514490f986246e59e8bcd400f48d6cea20012e76ef5e7a7dcd0e119f6ad538141f3d4537ed6e0be480efec2b1961509b678979b460d1e9c1b2a16
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\exportpdf-tool-view.js
Filesize395KB
MD5d0cb626c8c9a9786cb831eb782442e77
SHA1d1ed7447157c21b93404c7d33f8293c1b04ea417
SHA256910bf49d08643b9dbc5e13401820ae54228c7d7893231a7c695cb95a2f8d7d5d
SHA51266521fd9a3a4b4f20eec8584435b0817fb12cb9a5a0a8bd2242adc4cf5d3c47db1c9ed6abb871c7c16291d989496b38aa07382a9dc24dd3a2514e791988fb54f
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js
Filesize176KB
MD54bb6454a4be00dc8d9ad1a467abf787e
SHA1e7cc3a470ea5c9ed48ee7671c30c291d2166464a
SHA256062fdaf9762c95cff5a4edc7ff7ee6fc9f519348f402eb182f119f33ef0ddc5b
SHA512ca7e71a0df1bcc3ba8562f1156ebb9c53929c905873e760d7267a13e69dd42c2a3deb2f2e2b1636bc1fbee8ce82a954552d285bfbd4e6bd0de9450255d80d6ad
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js
Filesize12KB
MD50b1bf0adbbb3d6b7a74a9ca3b53bb040
SHA1e2da80b4b50292709fa8ae877947659a955c864d
SHA256a8bb96fa565d3408308d712a163ccb4e6ae4c5fea46ddeeb96d21348c0c94d3c
SHA51291f56c3d49796ff1090a0d328164e37b9329b25cbff0a2dd075e4fe88d3df41fdccf9b8f3c5ef6398327b7373d1844214fef134433565ccd92d7110d053f9854
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png
Filesize9KB
MD5aec43a0a9de1441ce48434fc2eb12058
SHA1731d70b6d1077da4856642ad1849ea52d4d0cf51
SHA256fd37966c65fda1b0d4180b129a293e6119e11642da90ab37c1b93a15c81bcb9c
SHA51203a3dfdd9f4d87e22793d89e2e76e7861260669a035a297a7c40b1a682f3294d50cd110852f6d3571616b8b43c0f9b7b326e313bc09f847cf4a496f200d08e80
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_ie8.gif
Filesize9KB
MD5c899eba1e898f133502ca4cb239a1991
SHA1bf73740a637f54846f82ed1a852559367c405507
SHA25677a6ec3045f1546734bb7a1a48f4e75e3903b8d96f8646bf29bc04c693930b52
SHA512e6dcedf93c63f84efaa96eb8129a8da3d5b8f1a12f26dcd4f5f3d58b25c52c49c047377b7aac93acb9311833c03325e74134b1ccbdd123139bc2774f3a0d9d08
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png
Filesize16KB
MD5fbfb692c331702d027baacf974a3123c
SHA1de264020e5c1727416552d2c56c90c968ec77fa8
SHA256e3c5c396a6c1a8b63c2d6bad0bb3931ad933595be954d13e23c4d7aa6a1b02ab
SHA512399c43458d20a002ed66ec87089c860a0f14d23b82634eaccb70fbc1c5ae3719d0054e242ab9bb22974226d1a99cf7f55236113e3648ef29de648a2c6d16e702
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\ui-strings.js
Filesize6KB
MD53f266c7171736b213de0f257e893ae29
SHA11633f7f7c4bafc9f601f56961bbcf39030bb94fd
SHA2563573909786e5a2e3de9e8caf2428ddcf3f01cc943645edefc8ab50e543065368
SHA512422863a406ce15ebb6132d2cc8790242118739f8152b87989c045c7f1f744eff76b5dd625cf3f83c38b07c38e8fd83100c8c45765cdb0b6c88e8d5c3044ab2c3
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\ui-strings.js
Filesize7KB
MD50913d993fbaa30b01dfd910ade1b2f7f
SHA1cbc0b7148e7516fd2ed01baef834648ba49d6385
SHA2568fe26c34e5fa334877a8b38dfa829ea26fc18733b816c900eaa29c450379ba26
SHA5122dacb09a8378d014e0126e59e08abde76da35cb5c41a40587594c0e24cc4df3c86f136aa331d9838443a41178bf1a448d3961936c0b94ee774a2c928a832d805
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\selector.js
Filesize48KB
MD537640692d644abd5e51b2c2f1c1188aa
SHA170ea41ec3e9b922ab03226c8b9cbaac12cc6f9da
SHA2560d3b3c4a26b831be2e93ba868e8e024f9fe8d2ace14802b0e14e41d1a0161a07
SHA512f7c3e4ed909899a35e570cdf1f410951d0f918ba6ac3df404f2be5d4ad565be587d9465f77479ff11ce659d8eebda6cfb71463466262eda51f78462c96fe7680
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileAcrobatCard_Light.pdf
Filesize381KB
MD55c862ee327a2c92e9bcc2b08d7380718
SHA1f5ba8eeeb695d74ac3917425d7061550f611ef17
SHA256a7e2f43d7a92069b158fe54866d8e58b736a5fb00c13f6733a9d73172475fe5b
SHA512acd57ba8b8a1ba05b09ac54a1206d1f4383430cf7d48049d15c4173ce8aaf775cb9628dec01885d8321468066cdf855a87593baa61f82388e97f66d5270cb2ed
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf
Filesize56KB
MD5a36b6f95f9cad08402d5a8760378e521
SHA1f257c5838975e0e5b40f4615fad1e9b38590098c
SHA256a487d7fae0a3a9106a2cc6a532762f2301a1f3a30418bf3fc4d23081906630ae
SHA5121f85ed5e8a85f8614f729f622ef425da643cc47407f354f760bf1351736d58ec43f098d3f3c83216c1a3449a09f26441faf4835e994d2b92b7024e5acbdded93
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\ui-strings.js
Filesize14KB
MD510f7daedd0c6578db28b143dbaf53ab2
SHA1a9b7a61ff5238874ecb8cd6c7489a19e7ae63c9b
SHA256dc8dc0a07ac0fa3a3b57de1f348da2ec5735f63fe326c6ee179b1c6f005167a0
SHA512d930700e08d2a675d188b50ffbe063a76c843d80851ca9c2fee3c518fdb8d0684fa2f6100a06e89ef3892dfa8a2bebd18d3e4a599baa3085d5c9f31f06baf256
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js
Filesize15KB
MD519caa092af57edc7dadd72f949a9caa1
SHA1b8825e4c4766bd70dc3555bf569fe1d1c6a5e77e
SHA2561527aa36f966ecdc2c9948befb1015a260f6610c20563e02ff35c0a57bea708a
SHA512a625170a68b8fa3b107abdcb5862880f5f7b1342de12dcb4c7ad0b8c5dd7abd757aff39f77c9be72e0ca572039db28bb3d3f82d6f3b30a97fb0bb301bf002736
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\core_icons.png
Filesize10KB
MD5de4337d0a3747947ad224aef0a6cbe46
SHA12f0ca2428e193806a94921a0f9d500fd050da35d
SHA256605acd200ec88699425a087998f6e1d555fa05234ce9e777fe0a7555f2e449fe
SHA5126a828fc58a0b8d968d6630974e01b61160c159d05a2e8e539a13f6239b020583e61f6e23107d2477f9abc7f67f1e43ba3a4ce7bad326ca7a8fe63fa145420d67
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\ui-strings.js
Filesize9KB
MD5e524b2c26418e872b2ac6c9b2433bf62
SHA13e391cdbab641592b2ffd0857f02051a02751152
SHA2563530fcc44e86c2b5056016ddd5b78401da809ed8057043cbefc57828a2a0cbec
SHA51278543c8f92f94e671cb96c28549178c159efb85aa26203dff3dd162940209402b6369d95771b854b9e72964265b914dbe4308b464511269d7d3bec7320363a34
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\ui-strings.js
Filesize11KB
MD5e94adfc72abac6b628d4cd340987216b
SHA1ea873e091530d48c9accb7928951da170e9fc714
SHA256b2338749e7b115f97e9a4efa289f6282d50f6dde190b72ad5afe76873b0ce9cd
SHA512d21bf8a95c690bb4e4a57854668451c94bd6212e8c6d2f106cdd8cc2dcdacaffc7affcb8df8048bcba20b2a0d1d7200b4c6712798986548b3a7f09ea54a9bae7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-ma\ui-strings.js
Filesize17KB
MD5344a5fffe11f19b4037847bfd6c5c837
SHA1ea02d1017c9e9d67b4f1e72c29969810a1a76bf3
SHA2561b848229f309f4487598e40ec939ece536a9b268698325dff5a23a6be83a1d11
SHA512cc33fe8a23768ec8e48c7a7e137371065a5ba71682966e3e6bb8cd06dd9a117416ae3b6048c7102d1c6ff37d2ab62053b0a0f0c4eb66a9caaca120d939c51f2a
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-ma\ui-strings.js
Filesize18KB
MD586e518cd64fb6c0fc6bd3eee0ecbc264
SHA1d2f0224e0ab66948506fb9577e3505de316cfc29
SHA25605a64c1995328f88f70a6cb8d0208270bce5d9f7bbbf3d802b173440360577ff
SHA512ee718be97734c32df6eb29657136c86edacc0a1095bf54dc8d6ce45ab81a18bc906b19d6192044a531717a5de5ddbcd16d26fd414c85b2678e4af3d41d807685
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-il\ui-strings.js
Filesize19KB
MD57240a8b27f28c8f47a32bf6014ed233b
SHA1bfd558cf4a43431a8b7fe2bc6dce6d24945a4efb
SHA25677b593bfa97bb2ebff9beb83e69dff9a4236cdef582b84f48be3c3020f05a24b
SHA51231e4a4a169117e668c324d322bc5354bbb99e963c6a2c7fb1eeed949a90a4a721467b96746c5febacdc20a927c8d76549898f86fd096bb11520353c5d67aa5b7
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js
Filesize23KB
MD54d69487ef4fea1a894c9bf956bd783db
SHA17e10398413c2c01d5957dc04fedda5e48cd7c5f8
SHA2566a3633cd1a91e68681c41ebc3ea9eb23ca07d89f12aa750ce6bfc4d3864098fd
SHA5127320461babf75c0f79a8d6e6345b01682b1e19c4f82fd93d4ca79c4060228c97683308b8834b0714ebfd5b9605cc437eb77d766371514f9b28e8befa035593d0
-
Filesize
985B
MD568dd06d1cbf2b6fd35385696235cc4e3
SHA1d50d5f091939bdeb5216f9971467462c70260f3e
SHA256576728a9e8433a200232594e5affde90d3b406c98a4e9afe75a25282febd90ab
SHA512b5994a761b07924f1b08f6451506da2807fc105aa3c4cd53217017371d65fde597dff4405c0569100cc3e56ebfb7e41150eb7f67dc7fe84f63f6fb0d1c0b0bf3
-
Filesize
4.1MB
MD5434bd41827e5a6a8f629a04fb4876ba8
SHA16abf6e2435f92bfb819dc758216a8f4eb15477ad
SHA25692062d12beb9418d8e3080f0d3fa1e9c71b3ae85592559330c61413c1b8af912
SHA512368d9d5edb189f44242a071dbfed0da31f68805b9ba940c2b2952c290f4cf9830b8ae96aeb51e259bbe48c4cfe89d6a152e3f2c104582a87070ba695020cba81
-
Filesize
265KB
MD5a3ae271af4032a2d1750fa5e828d0789
SHA174bf09f15070678cd48cbed503bed6ab184d2545
SHA25616a9f639bb2184c747cae063b34105f5d2155c7ff6bb1bf1436b1e70c6ec8a54
SHA5128489425314b93cbebfb98928bf4cdf4033acbb5175cbaa6376b9e9b777d832acfddcab74299c37890a6483696a5c74de275ca3e65aaede6ded7e0fc1d1185d54
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmdp64.msi
Filesize2.4MB
MD59e100898716bc0aae53f988fbe1aba0a
SHA1c7b1d43b39481ffa256490766d1f0e03e5f5f04f
SHA256b668f7aa6e920775a5c0b5282b9fe666ca819df9dde5823c986e81bf7f6beef0
SHA5121961cf7c124c702b016cdbb81aaf32baafa34a9777f17f95eed574fb2edda529d9b60e63d7961a2e80ee795453eb266917e690056ecd6465849a2f9aec1336d2
-
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe
Filesize62KB
MD580b41f6679c97d7ad2dc3bf0b9e457d6
SHA1ecb45e798775456e85a79c75ac0f09d2f7b1ed08
SHA2565d97e0b1aa7720fb319e0a269e21e034a7450940c3722df199e842fe168bffa7
SHA512d46a6272e39f7e2ea73713dc2b9248317c1ab8724da209bf62a3af6d1c810800058d4fdb803464f8598d0915d0a6a1851d4f98bff20c59064fc3dd8dfcf94ac8
-
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe
Filesize1015KB
MD515f2d6721a395d66277c1e1ef81a35bf
SHA18df253f2d2e23eaa63c91304ab4f5ca5dbf86fff
SHA2562c4acabb4b488240e6c6ab5058f8ef70db5b769b0aedb8909e36897d2e39d8bb
SHA512a8de783986870eb5ebbaac956b6e07374944012f12c1239e7dd0f1592a4641bf36f43a6fa86c6838d591f3026a54e5a2a06d1e3684cbbf0bcc2c7c834835c5b5
-
Filesize
606KB
MD5054235cf5dae12fb00370a3dedb3b540
SHA193c57b9aa023f7917cdb60b2812a095490fde9eb
SHA2565a8210226129ef086328a412a4078ce311a235ba12b581ccd17c397ad51b4342
SHA5121da7a5f6232f512a46afcfa047e2d4ff8b96d47c93edb2a0256742dfa58c5e5031a29d0fba2066989ad3eda3bc38add0939720c860db35a0cd32f629b1ea99b8
-
Filesize
610KB
MD57b7c7f026b8f2f8136043a89c2e230bb
SHA169e12a27d34f5342d5c1a6b5e6f7330d9f34416a
SHA256cae93be07738c4c00e3e47db34ac004e1d7f5fef28bf5f9f4c590bb9930d8f52
SHA51286ba6bad4ba1d88e337e6b7b26956842d825eaf9fe427a9ac37bb87b18285879244842711467fe7f458e6a593a8a66c653f68463c34c50a01c538d02ee5952e9
-
Filesize
674KB
MD520e2ddad58fcd440ce1f0b4e86c543b4
SHA17b88733f9c84ae9af7f63994f896ab2cc947dcaf
SHA256a53b8c4b5753783b6fa3cb75e99391667c984b7a85c5515398244bf598d1dd6d
SHA5127c6fc07eca34716d06a3a4b9dce1dd35f02d421c4a930c3bb9a4d475dc0c81c1fe8d8c9e67130e4da8f4880b3d52e5d7ce7d35130942f5760f2a322f4baae1c8
-
Filesize
1.1MB
MD532e95ff03815c65c41eabd1ac4394677
SHA120b5d5baa956fa117bfaee7cd4f3a175502a19ee
SHA256da7acc6c9c28bbac3ed1c3a8d5586f39c301de95a4df4234285153ff5056e6d2
SHA512cd8e68bacc1495536695498bd93c46d3996892b72aad2fd703e39cdcd0817aa1eca3295983a03fea1695ca4619f781a1c6f6c366b50a90b7d66de8345958f0f8
-
Filesize
606KB
MD5fe9be9704485815b450a8bfd4d5e3670
SHA16ef461dfe95e6f0e9c221d7c66382cbb65a44c9e
SHA256e8435ad58a6813d8dbaefb476f591712d8fd63922c0b22b302c65844045831cd
SHA51206b10c6097eee3b9d85d75677cb2551370b8d1ab8b37b1752e94032e6e1529d306b9cbfd8006a1e395117a56e5181946b6cddf0dc0bc9f3c60337dad5e8f6927
-
Filesize
773KB
MD5e1a70c91694dea8dfdb08f8ea1a9c282
SHA1350600b534d21a41d75b8084090741001eb3285d
SHA256e9c25a9aa7309181b44ac67be3700b641bc5370208bab0ac2b2542ed25a62e7d
SHA512893e997dca44431218a77a16453cf423a9c084626b7f1c078035cca3ab2a1686b8f8e2e3236143668cb25d9f38a82d8ecd18315763df0ca6566cedcccb94b3bc
-
Filesize
780KB
MD5c174d27313d3f7de65ef6a7e8c2dd5b5
SHA1367843975f34a772d220db2f7107957e47a11983
SHA256f32931f2c449298272cd104e10c48c45978cd5fa0e7c68b1ba248309535d8206
SHA512eed05ad8e9b0338b4c846ee303cf3da7094eadc3d1d8032e162f02a21554e1f597bacf3e2810b6aa8934f3b14a770d575f1994053275856e203c8a544f1bed27
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
Filesize2KB
MD5e496751cd2219f672baccfe069c05607
SHA1d43326345986e0c3a25bcfef2febf570a1794915
SHA256272f89d727d01fec581fffb1a38e02ce025eb523663aa3e102f77ae9aa9e0f1b
SHA512e84c7c29f3aa5b2184bd6590f3660ec3c67b5814e226f4f7c4ae9bfb11080ab0eb2fe43697710bd64beef869e368fa1ddd85495f7f92b0ff6a61a9c59264b5b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\204C1AA6F6114E6A513754A2AB5760FA_268232F9B7ADFD0751C3D83F667CFB78
Filesize472B
MD5d554992d4494a99ee1cb814b6a475ac0
SHA128f5679ab12b98f1e1cb1db81cc45d2e81bd7eae
SHA2562305f09094b346b7d121fdf848cd807e31fd3d788e1dd12bab77963dd792c0cf
SHA51200da55828c7237ce5086b21b0bbeaa73c45ce13b974fc5881e4390d78118721abe690879b21c7b638bbfba7c001d06ddec2db51bd287dd8d8c129f69ee7b2e76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize1KB
MD5d8e9a72a6c3f0f85aa9c1191fd7f475b
SHA16ca59986f7442dd4cc86f8d9ccbbe60bf0bb5521
SHA2567be0516557405ce6902e0029557412f8c439745532018adc581770b4177edaa3
SHA512186de583be2ab6928a31ca38fd6419437a26a3c7c75c854818ccf48ec6d79fa76902cb1ed0168772d4aaf817a26263b8f0a2d9dc338d86d5fa2433920fc16bd3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3F26ED5DE6B4E859CCCA6035ECB8D9CB
Filesize484B
MD5575a99e617990ff26ca9097a64fedc86
SHA1fe3fe0337541a4d13cb7a76684f867e8ee2b9947
SHA2563236fe55a34e94ac82714caa377e25b44cc314c24ed1d4bb6b1e8535c5cb7119
SHA512bd5efcd720bb0bd85ec59bfe41710dedb99a8136d4f5cbab054e110c82ae8f1741900e4959e681428ac438c93145acb8641196cd8f55ec32c78f8d4450e66e29
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\204C1AA6F6114E6A513754A2AB5760FA_268232F9B7ADFD0751C3D83F667CFB78
Filesize488B
MD53c07d14eef89113856fed4f78990f438
SHA18aa76a935db030e27c2a36ce18a38cb068811f9f
SHA256cda3e3e4e44656f83be60dfb2ce59effe22598fd2bb144e12a01dbc64c0237d1
SHA512528db33b7b20cdfc048dff79188023c5ad5950a62ad58e543339697657b1007024747f411cdd8c7092151167baa95f3963013b6e454cada66d40597e54176bc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize482B
MD5c05c11a19b5c15bc7cb81980fe232e80
SHA115eb4367c6ab0b8b25704b5a8c93464c7f1e5bd5
SHA2563ebc0130f4c40552bc207dc4f48fa679f28f667cf5526aff2e8282646de72cb9
SHA51255f64f5f1491839639d5dc7640c1e9bb26f37f59ad8ed8f33944532afd2f0f29f1da699510a753840de82ac39290e9e7dd16ba473ee88e57d1439cbe12752ed2
-
Filesize
18KB
MD53c9fb9fbbdd372a9ab7f4e11cde5e657
SHA106f7b35568d81ca65e30ac213ff1031220ac090f
SHA256f363ad44f70cd532e08a53e7ea0323f68d2b58b448349034ccc3dc3b0a96296f
SHA512dd585b080863512a9a933e39d7542b13b3501f43ddfbd153e266964c37846e4d7ebd798512f705457c2be74a80a1d0aaf98c11ba5e6c2ca3f07f29eee1f68fcb
-
Filesize
190B
MD56ebbeb8c70d5f8ffc3fb501950468594
SHA1c06e60a316e48f5c35d39bcf7ed7e6254957ac9e
SHA256a563426e24d132cd87b70d9cb5cd3d57c2e1428873a3f3eb94649cf42e37b6a1
SHA51275cfab1c9f5a05c892cf3b564aed06d351c6dc40048faea03ae163154ff7635252817d66b72a6ef51c4f895eebf7728f302df51148acce2a0c285502bf13652c
-
Filesize
211KB
MD5f42abb7569dbc2ff5faa7e078cb71476
SHA104530a6165fc29ab536bab1be16f6b87c46288e6
SHA256516475caf3fbd1f0c0283572550528f1f9e7b502dce5fb6b89d40f366a150bfd
SHA5123277534a02435538e144dea3476416e1d9117fcddef3dcb4379b82f33516c3e87767c3b0d2b880e61a3d803b583c96d772a0bdeecbfc109fe66444e9b29216af
-
Filesize
14KB
MD5a1db47ffa568b6e625a0a7e7fdd22074
SHA1e0eb77e6600d88777c61609cc75b7a0e1698bb4d
SHA2560d4811dfe51cf90083d79e52ac1a18856fc51d0402ce109d7635f54ede9357d1
SHA5129b403c9575c2dbdbe64d06de2d71cf393f5fada31c52d2e19f442d87e801ca921d274b835a7b8735aad134612eb35b2e038e6f1f6acb2a47b41844ffccb79b88
-
Filesize
278KB
MD5f325e26ccfb887a2a0cefd627079c459
SHA15174cd8966e47fe200a1ac9cb1457acb427b8977
SHA256388dd19db866a72dd33c12b80de4b7b857cc66ec6af5869ffaf5302ae2301040
SHA512b37751447472138702113e40d873c913275edbb2282a0e0f3db6c2ca9c0295c1be19b487704e00aa8764492c8dfe817f945924a1b6fb86097804ee2e9f3efe1b
-
Filesize
385KB
MD59f35f8e825a1f659500039f4691fbba8
SHA1a7fb7621020aefdeead8a9b9f5a17d8714e6b892
SHA256ca89f94a34766fa0f5ac2ed7dd58f2b8b65d402983c9c6667d4f3e9c9a33e5c6
SHA5122825c0e2f3d8aa911fabebd430251581bd0981fe96eece96b08534bf2e9b27b127fcabfc2b1fdf5577657f166154683de6001a7e4e3b2f88d964c2b977be34c1
-
Filesize
401KB
MD534efe4159306e6104a5da4f4f6319bb2
SHA15e0a91b27f43cdb95a3143662dd39039ef9eff76
SHA256acdfb56d9915b32ae1ee1ce8ee50a0e062cab90c4bd16c2a4d01388268e25264
SHA512d10307d7745c80c62f2dfb037d1144a568abbb6d0604f3e4e393b4f7bab9f30336319e7fb5e11ca3696b8607a944ccdb1ca591954c524f2a24ca905ae1bbf5ea
-
Filesize
185KB
MD596b33bc75d955710f6752c2b4e04287e
SHA1d671412e1666d1e695260403838cb7ccfda99ad5
SHA2569bd2877a0f9cf297e3db0dc7d51271f018eb1034db90aeb143faf6f278ab1c30
SHA512dfb00e50506d5693de07478c0b74e4d79bfd69eb80a4d8e95019098a6ddc650cdf45d75a8a8102e793f80d30e588c461c92fa014c5ee6c4f549164a588a51078
-
Filesize
155KB
MD59f9248f840102ffddf6bf3bb7a5f4e7f
SHA12586421f388acc68911653cc4b098e59ea241a09
SHA2567fd07ffd0d554a13c5016b4f408ac8e3d74180abe9497eb73ca8030babdc7332
SHA512ddd15f3ba2f9ba45fd3273109feab4f9f4286eea541d7622f87b710ebdbf0daf9a3a7a6ae222a168f92c7032a760fb372b78343e3af8a8c9e6af6fff37502b4a
-
Filesize
293KB
MD5c28b8aea609cf03c1c43477da697a90b
SHA18ddf926381cc9a6477532d38625bde2830d253d1
SHA2569112ef2f3900ba6c5cf2f37e28b1929ebf6eedf463f7329f8ea451e2efb617d6
SHA5126b9e8643d4a11151535907b461b3f64f5906af3adfb62b1561a207b82af46536521a096072150ea7e569b979f193ab81b52e6fb81465bb5babe5c7022949e50a
-
Filesize
21KB
MD52c75ca8e9f54aa24ada6116240bd5104
SHA1c74b709c1bedaa00e17ad92ad6b0afdc857817e5
SHA256bd1cfe3957a9d8b93b7e97d1939688dd279da4c0226ac5325ef3ccb5899c5bb3
SHA5129cb4286e392005fa599c655d58ba2c7002a9aa4f712fbf7c709677e400ba64ae9ec995efa0660f322987d5249806dcdaa64507b6d43cbae5115d6f867202e6fb
-
Filesize
354KB
MD534c30ac336fea1115cb2980e4a4fe597
SHA1e3c740a19ad485a5a7dd687c08be2122f3883043
SHA25650dd1ede3196a96fc526a4e5c99851fd37d1aae9ca5b0efaf4212812927dade7
SHA512209b87999c8d7de4bc7bb8f996813c56ddad8b575ce33a84594f83f31f0713e52087a0cbe2d0591364adc576af0ff1de9d67c1eb41a3da825aba811cf1bf81b2
-
Filesize
339KB
MD597c88daada0aafdeceae7669554aba58
SHA199d899f02490c2b7a4608a1be5887012e6e05dbb
SHA256f6098f5a5e64ca7b9193f2a74edae4b47e85116625e46e4a73c6e99c78e5a53b
SHA5129e402593ed2d09aa782e5a9f71672446b2483f60045691158d649f6a5d49807d55c761ffa33ba22fbfea16c695e38a8f42816269c9fdfdecbfc3a7ed1f53fd29
-
Filesize
600KB
MD50a6cc5c438658b3152f22b5aa77ea3eb
SHA1695123749e326a0abe55d6f7b91359410290a280
SHA25640fc90f1fbc64da42e11a9c213e2ccdd40807ae5745aaaa377db4fa1f4c6c3f3
SHA5126c9dfa1365e6c02d9e768ffe2cf495da000dd948e3f5098361c2f19f5fd2e2f61eb3add0fa561d35ead935fcabc2f11d4d265a438a7dced99a06b1d444943c0b
-
Filesize
170KB
MD5dab40780fcdec057832a0567fe866bf9
SHA1ab419067aa9227a97b1109ab6848fc5a430ea083
SHA256df4b2430801e7c440bdaa3f741cdc1413cec034ca3fe6af6534debc6c15f3a17
SHA512c28766068ee5b381458e87f4e361b23d9d7a984daf141b598c9ba7b87d5354004637395336d4ecab8452bb757e4212ad7ee13202bd62ffed4e8ed8ba62e0d58a
-
Filesize
201KB
MD5e4542116baa9ccf11709ce76a9b206e5
SHA162cfd836fd46a1385d2f417926e730dfb1616c33
SHA25600cbfee978b602232631e7acad702a07a1debcc350f8afc94740b5c52c84b7e2
SHA5122ca9cdb206467e7b2ae6578eca205c99458bd5262c049face67c1e81db6dc7923f5eeff514e9a8553be3c6bd62aa1cbecc4e101c5819cfadc7b8779e282f16af
-
Filesize
431KB
MD5776625833a977040283fa5bbe41939c7
SHA1a10437f9b76647211e60de8bacf27d497667c255
SHA256ff3d0e64ef4c8c2542860b4580b4d4d4c0815de33fd1822be87a97e437974e36
SHA512bf3f7b3621ab51dcf996211e132817e88c00758ea87bb1c9c287bf87b2bfe81df04b70c890163ff84b27696f645050c0066676d177a68fa6d08bdf6007b0d976
-
Filesize
216KB
MD5cb246bf6b18c963dac6b18681b7d3771
SHA1f141cf42194adda41050dddf1e84ac086e538930
SHA2560f5c17706f565685e7a8dd7b44a086ef79c18a987017f239a68648b96bc93718
SHA51282e037053bb431ead97d32ab8d5306d0b68485d22b3eb38dfd1f017a0e07ccdf196d400c7b650a3212229738fb431b08bd9de5a2fcba6d444edd8ca59b7b742d
-
Filesize
13KB
MD55e8594e16bcde2fc534ded0ecf19f9af
SHA1b6d383147bdbc3eaebb5bda8a74c2964384c163a
SHA2569e687a664d4e368149df280fa278fde7f64749e01a096f2c617ba0ddbf607664
SHA5129b60aa1193fd3dddd5ca30346d746217a14d9b2ce550adb991aecb51cfb2a585a00bd22aabde7705007263f748ac0a31734da2507d15553a95d726bd3f6d2f0d
-
Filesize
232KB
MD5c065bc203152227c192f8b92d4285132
SHA116b9e9bfdc0e15ce5f0525e714c1106c679498e2
SHA2563bac65a87ca5eacbf041fa1d0446d1fa500731aa812f377655b0b4b5dd46ec84
SHA512ca45a6b1c2fe55d9e4812d3a29c4afbfeb251f960d1625f86a76d7751547358666d409dcb593f76a5c6c3cba89fc65154856f2bf92b825f6ca1e3cbe873a93cc
-
Filesize
247KB
MD522ad4408dff116f1bc73e265f7608286
SHA1c1edda68861b07186147f5e311f92f0c70a0e6ef
SHA2563123152050c20cd88d4624cdec0ab4615368b75e6f13669ee18524f371ca08ee
SHA512f4cdd4c48d82d64c593f5e75f5d297ab06160da585fd35a874f1a6bc8deb53915faa235e9288d04b577f5ddc97229bf87d32319cf9232a45cd9940e37badb455
-
Filesize
416KB
MD5dbef7a2eedc6a84e6102941550eb3308
SHA1d17b4144630c959b48883daa6cf92fd8cb151e06
SHA2560d65453e6175172ce151976d4284e90afa39c14a2a7ef2733d52b784caa82f43
SHA512167fe63d50856100c10862dee3d1ea27b5ecd7f02d304134ec52d93d682ad8e60466fd82d686e88d255a88a6fe13af78d296412186b82cb2c396dac46864b4e0
-
Filesize
262KB
MD581707415ffe0975045c1663b867bd130
SHA1a89aa1f8be67aa8281757c7dc155ca0f42597dbd
SHA256410775aeef1809d3614eb0196d736295f2318b5fc921f2068a41532238f5bbed
SHA51270174bb722db9d887e6fc3f32f441fe66d1f7f607fddfd551e88b54bb679be593a19610e328cd34800edd53e8f535fabda829fb484fa6c18a79cb7accf63b951
-
Filesize
324KB
MD5b8553f6b273a37a0fffce0686ddbf7b8
SHA119b4ceaffd3a7b6f948e384867f8271bf0b5f0b6
SHA2567b0499c951a9e47333a8d0d147854788ecdc50e3eab834be79b7d843f1d24496
SHA512b4bc2279f77b8134fcd15c89d947784958b08e9c02c8f4e1f5ce7259532109534380ed4768dfa08461e64ecd2eae264a35bcdd795480b6ab6b8a17d3a596abe3
-
Filesize
308KB
MD5a73547988aecbbf486411433b4b2a566
SHA141892ebeb8d69332fd08a8558c122c44638eb830
SHA2568202b86bc2a6dc623fbd7441b203daa562b253d02dc8b657eb58246eb80cde00
SHA5126ad2305e1eceb6bfaba4c07ca90c2710a26c8f5a901be1d4e11878f04dc1cdae9f8f2a341a0f192cb6cd8d703fbc7be1328223e1073ac4ba388cd511c3f957d2
-
Filesize
370KB
MD5a4866dea726ec76a8b6ac6ec79541908
SHA19a7a614e574e7fcdd99318a9ab6f42626070585f
SHA256297d0d0d5a547431024b1a323a65812691f1dec1dd4f868c74fa1189e2bfa3ef
SHA5125db1b0bef7eaa0e4848edf79361cd80ea1e073e61413f780d659e4a6cb470ceb79a0f592fd28080068dd6bfde6cd6c71dcaccef2848866b5c977b3ecf6dcc210
-
Filesize
82KB
MD510ea4dd21e235111961a20f54a844b14
SHA18c0827a0539856cc1251e8e7d09a7916134fbe61
SHA25619380ef6d8697644c35849b7c81def231e5f90da641aac96791792e877aa1807
SHA5125e7a68edca90bca6b6dd481526f71c4695dc24446c129d3828a7ebb43370877e570a5dd899097a4340669b8a026c1f0667f88ff0231e7f36c7566e34c9944a96