Malware Analysis Report

2024-10-16 03:25

Sample ID 240928-dw3qhavalp
Target PCCooker_x64.exe
SHA256 d850d741582546a3d0ea2ad5d25e0766781f315cd37e6c58f7262df571cd0c40
Tags
phorphiex ragnarlocker xworm bootkit credential_access defense_evasion discovery evasion execution impact loader persistence ransomware rat stealer trojan worm marsstealer vidar ae25a0a25723a9556205878132ce7a41 default spyware squirrelwaffle downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d850d741582546a3d0ea2ad5d25e0766781f315cd37e6c58f7262df571cd0c40

Threat Level: Known bad

The file PCCooker_x64.exe was found to be: Known bad.

Malicious Activity Summary

phorphiex ragnarlocker xworm bootkit credential_access defense_evasion discovery evasion execution impact loader persistence ransomware rat stealer trojan worm marsstealer vidar ae25a0a25723a9556205878132ce7a41 default spyware squirrelwaffle downloader

Vidar

Detect Xworm Payload

Phorphiex payload

Modifies security service

Detect Vidar Stealer

RagnarLocker

Phorphiex, Phorpiex

Mars Stealer

Windows security bypass

Xworm

SquirrelWaffle is a simple downloader written in C++.

Detected Nirsoft tools

Renames multiple (6588) files with added filename extension

Renames multiple (7765) files with added filename extension

Renames multiple (2393) files with added filename extension

Renames multiple (2686) files with added filename extension

NirSoft WebBrowserPassView

Deletes shadow copies

Squirrelwaffle payload

Command and Scripting Interpreter: PowerShell

Stops running service(s)

Downloads MZ/PE file

Checks computer location settings

Credentials from Password Stores: Windows Credential Manager

Loads dropped DLL

Reads user/profile data of web browsers

Windows security modification

Executes dropped EXE

Drops startup file

Reads data files stored by FTP clients

Unsecured Credentials: Credentials In Files

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Enumerates connected drives

Looks up external IP address via web service

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Opens file in notepad (likely ransom note)

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-28 03:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-28 03:22

Reported

2024-09-28 03:23

Platform

win7-20240903-en

Max time kernel

30s

Max time network

31s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies security service

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4" C:\Windows\sysklnorbcv.exe N/A

Phorphiex payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Phorphiex, Phorpiex

worm trojan loader phorphiex

RagnarLocker

ransomware ragnarlocker

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A

Xworm

trojan rat xworm

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (7765) files with added filename extension

ransomware

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Stops running service(s)

evasion execution

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9bf0c776.exe C:\Windows\syswow64\explorer.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66e42cf42e212_otr_raccoon.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A
N/A N/A C:\Windows\sysblvrvcr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\pp.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\t1.exe N/A
N/A N/A C:\Users\Admin\sysblvrvcr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\10.exe N/A
N/A N/A C:\Windows\sysklnorbcv.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiSpywareOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Users\Admin\sysblvrvcr.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiSpywareOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*bf0c77 = "C:\\9bf0c776\\9bf0c776.exe" C:\Windows\syswow64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\9bf0c776 = "C:\\Users\\Admin\\AppData\\Roaming\\9bf0c776.exe" C:\Windows\syswow64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*bf0c776 = "C:\\Users\\Admin\\AppData\\Roaming\\9bf0c776.exe" C:\Windows\syswow64\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Windows\\sysblvrvcr.exe" C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Users\\Admin\\sysblvrvcr.exe" C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Windows\\sysklnorbcv.exe" C:\Users\Admin\AppData\Local\Temp\Files\t1.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Windows\CurrentVersion\Run\9bf0c77 = "C:\\9bf0c776\\9bf0c776.exe" C:\Windows\syswow64\explorer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-addr.es N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A myexternalip.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3716 set thread context of 3864 N/A C:\Users\Admin\AppData\Local\Temp\Files\66e42cf42e212_otr_raccoon.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\TAB_ON.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\CNFNOT.CFG C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\VelvetRose.css C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Java\jre7\lib\amd64\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ie\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\localizedStrings.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Apex.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174315.WMF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Solstice.eftx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD21422_.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR49F.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR6B.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSWORD.OLB C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.bmp C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\timeZones.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02218_.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\SAVE.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Austin.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\rtf_decreaseindent.gif C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02252_.WMF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR8B.GIF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\DISTLSTL.ICO C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RESENDL.ICO C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Effects\Technic.eftx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Araguaina C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Common Files\System\en-US\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0157831.WMF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\Part\2 Top.accdt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\SCHEME24.CSS C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH02503U.BMP C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTaskIcon.jpg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\settings.html C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\RGNR_A0710810.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107182.WMF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0183574.WMF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\t1.exe N/A
File opened for modification C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\t1.exe N/A
File created C:\Windows\sysblvrvcr.exe C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe N/A
File opened for modification C:\Windows\sysblvrvcr.exe C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe N/A
File created C:\Windows\sysblvrvcr.exe C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sysklnorbcv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\10.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\66e42cf42e212_otr_raccoon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\sysblvrvcr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\t1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A
N/A N/A C:\Windows\syswow64\vssadmin.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Windows\syswow64\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3028 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 3028 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 3028 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 3028 wrote to memory of 2436 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 3028 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 3028 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 3028 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 3028 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 3028 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 3028 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 3028 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 3028 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 3028 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 3028 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 3028 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 3028 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 3028 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 3028 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 3028 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 3028 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 2900 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 2900 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 2900 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 2900 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 2448 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 2448 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 2448 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 2448 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 2900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\system32\vssadmin.exe
PID 2900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\system32\vssadmin.exe
PID 2900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\system32\vssadmin.exe
PID 2900 wrote to memory of 2632 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\system32\vssadmin.exe
PID 2572 wrote to memory of 2852 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2572 wrote to memory of 2852 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2572 wrote to memory of 2852 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2572 wrote to memory of 2852 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2572 wrote to memory of 1804 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2572 wrote to memory of 1804 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2572 wrote to memory of 1804 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2572 wrote to memory of 1804 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2676 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 2676 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 2676 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 2676 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 2676 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 2676 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 2676 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 2676 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 2676 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 2676 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 2676 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 2676 wrote to memory of 944 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 2676 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 2676 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 2676 wrote to memory of 2072 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 2676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 2676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 2676 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 2676 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 2676 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 2676 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 2676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 2676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 2676 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

"C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe"

C:\Users\Admin\AppData\Local\Temp\asena.exe

"C:\Users\Admin\AppData\Local\Temp\asena.exe"

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

"C:\Users\Admin\AppData\Local\Temp\Bomb.exe"

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

"C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic.exe shadowcopy delete

C:\Windows\syswow64\explorer.exe

"C:\Windows\syswow64\explorer.exe"

C:\Windows\system32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\syswow64\svchost.exe

-k netsvcs

C:\Windows\syswow64\vssadmin.exe

vssadmin.exe Delete Shadows /All /Quiet

C:\Users\Admin\AppData\Local\Temp\25.exe

"C:\Users\Admin\AppData\Local\Temp\25.exe"

C:\Users\Admin\AppData\Local\Temp\24.exe

"C:\Users\Admin\AppData\Local\Temp\24.exe"

C:\Users\Admin\AppData\Local\Temp\23.exe

"C:\Users\Admin\AppData\Local\Temp\23.exe"

C:\Users\Admin\AppData\Local\Temp\22.exe

"C:\Users\Admin\AppData\Local\Temp\22.exe"

C:\Users\Admin\AppData\Local\Temp\21.exe

"C:\Users\Admin\AppData\Local\Temp\21.exe"

C:\Users\Admin\AppData\Local\Temp\20.exe

"C:\Users\Admin\AppData\Local\Temp\20.exe"

C:\Users\Admin\AppData\Local\Temp\19.exe

"C:\Users\Admin\AppData\Local\Temp\19.exe"

C:\Users\Admin\AppData\Local\Temp\18.exe

"C:\Users\Admin\AppData\Local\Temp\18.exe"

C:\Users\Admin\AppData\Local\Temp\17.exe

"C:\Users\Admin\AppData\Local\Temp\17.exe"

C:\Users\Admin\AppData\Local\Temp\16.exe

"C:\Users\Admin\AppData\Local\Temp\16.exe"

C:\Users\Admin\AppData\Local\Temp\15.exe

"C:\Users\Admin\AppData\Local\Temp\15.exe"

C:\Users\Admin\AppData\Local\Temp\14.exe

"C:\Users\Admin\AppData\Local\Temp\14.exe"

C:\Users\Admin\AppData\Local\Temp\13.exe

"C:\Users\Admin\AppData\Local\Temp\13.exe"

C:\Users\Admin\AppData\Local\Temp\12.exe

"C:\Users\Admin\AppData\Local\Temp\12.exe"

C:\Users\Admin\AppData\Local\Temp\11.exe

"C:\Users\Admin\AppData\Local\Temp\11.exe"

C:\Users\Admin\AppData\Local\Temp\10.exe

"C:\Users\Admin\AppData\Local\Temp\10.exe"

C:\Users\Admin\AppData\Local\Temp\9.exe

"C:\Users\Admin\AppData\Local\Temp\9.exe"

C:\Users\Admin\AppData\Local\Temp\8.exe

"C:\Users\Admin\AppData\Local\Temp\8.exe"

C:\Users\Admin\AppData\Local\Temp\7.exe

"C:\Users\Admin\AppData\Local\Temp\7.exe"

C:\Users\Admin\AppData\Local\Temp\6.exe

"C:\Users\Admin\AppData\Local\Temp\6.exe"

C:\Users\Admin\AppData\Local\Temp\5.exe

"C:\Users\Admin\AppData\Local\Temp\5.exe"

C:\Users\Admin\AppData\Local\Temp\4.exe

"C:\Users\Admin\AppData\Local\Temp\4.exe"

C:\Users\Admin\AppData\Local\Temp\3.exe

"C:\Users\Admin\AppData\Local\Temp\3.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\1.exe

"C:\Users\Admin\AppData\Local\Temp\1.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe

"C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9e7f54cf7b_pro.exe"

C:\Users\Admin\AppData\Local\Temp\Files\66e42cf42e212_otr_raccoon.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66e42cf42e212_otr_raccoon.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\notepad.exe

C:\Users\Public\Documents\RGNR_A0710810.txt

C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe

"C:\Users\Admin\AppData\Local\Temp\Files\tpeinf.exe"

C:\Windows\sysblvrvcr.exe

C:\Windows\sysblvrvcr.exe

C:\Users\Admin\AppData\Local\Temp\Files\pp.exe

"C:\Users\Admin\AppData\Local\Temp\Files\pp.exe"

C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe

"C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe"

C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe

"C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe"

C:\Users\Admin\AppData\Local\Temp\Files\t1.exe

"C:\Users\Admin\AppData\Local\Temp\Files\t1.exe"

C:\Users\Admin\sysblvrvcr.exe

C:\Users\Admin\sysblvrvcr.exe

C:\Users\Admin\AppData\Local\Temp\Files\10.exe

"C:\Users\Admin\AppData\Local\Temp\Files\10.exe"

C:\Windows\sysklnorbcv.exe

C:\Windows\sysklnorbcv.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS /wait

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 ip-addr.es udp
FR 188.165.164.184:80 ip-addr.es tcp
CH 147.45.44.104:80 147.45.44.104 tcp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 myexternalip.com udp
US 34.160.111.145:80 myexternalip.com tcp
US 209.148.85.151:8080 tcp
US 8.8.8.8:53 kenesrakishev.net udp
US 3.33.251.168:80 kenesrakishev.net tcp
US 8.8.8.8:53 webmail.aefiabeuodbauobfafoebbf.net udp
RU 185.215.113.66:80 webmail.aefiabeuodbauobfafoebbf.net tcp
US 8.8.8.8:53 demo.aefiabeuodbauobfafoebbf.net udp
RU 185.215.113.66:80 demo.aefiabeuodbauobfafoebbf.net tcp
NL 192.153.57.177:80 tcp
US 8.8.8.8:53 215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws udp
RU 185.215.113.84:80 215be44b-06b4-4bfd-8b66-92003bd7fe54.random.tsrv1.ws tcp
RU 185.215.113.117:80 185.215.113.117 tcp
US 8.8.8.8:53 funletters.net udp
US 208.122.221.162:80 funletters.net tcp
US 8.8.8.8:53 privacy.aefiabeuodbauobfafoebbf.net udp
RU 185.215.113.66:80 privacy.aefiabeuodbauobfafoebbf.net tcp
US 172.245.173.168:80 172.245.173.168 tcp
US 8.8.8.8:53 localupdate.ns02.info udp
US 192.227.134.159:1443 localupdate.ns02.info tcp
US 192.227.134.159:1443 localupdate.ns02.info tcp
NL 192.153.57.177:80 tcp
NL 192.153.57.177:80 tcp
NL 192.153.57.177:80 tcp
US 192.227.134.159:1443 localupdate.ns02.info tcp
RU 185.215.113.66:80 privacy.aefiabeuodbauobfafoebbf.net tcp

Files

memory/3028-0-0x0000000074B81000-0x0000000074B82000-memory.dmp

memory/3028-1-0x0000000074B80000-0x000000007512B000-memory.dmp

memory/3028-2-0x0000000074B80000-0x000000007512B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

MD5 2a94f3960c58c6e70826495f76d00b85
SHA1 e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512 fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

MD5 6f8e78dd0f22b61244bb69827e0dbdc3
SHA1 1884d9fd265659b6bd66d980ca8b776b40365b87
SHA256 a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5
SHA512 5611a83616380f55e7b42bb0eef35d65bd43ca5f96bf77f343fc9700e7dfaa7dcf4f6ecbb2349ac9df6ab77edd1051b9b0f7a532859422302549f5b81004632d

memory/3028-21-0x0000000000760000-0x000000000079D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\asena.exe

MD5 7529e3c83618f5e3a4cc6dbf3a8534a6
SHA1 0f944504eebfca5466b6113853b0d83e38cf885a
SHA256 ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597
SHA512 7eef97937cc1e3afd3fca0618328a5b6ecb72123a199739f6b1b972dd90e01e07492eb26352ee00421d026c63af48973c014bdd76d95ea841eb2fefd613631cc

memory/2764-23-0x0000000000400000-0x000000000043D000-memory.dmp

memory/3028-20-0x0000000000760000-0x000000000079D000-memory.dmp

\Users\Admin\AppData\Local\Temp\Bomb.exe

MD5 31f03a8fe7561da18d5a93fc3eb83b7d
SHA1 31b31af35e6eed00e98252e953e623324bd64dde
SHA256 2027197f05dac506b971b3bd2708996292e6ffad661affe9a0138f52368cc84d
SHA512 3ea7c13a0aa67c302943c6527856004f8d871fe146150096bc60855314f23eae6f507f8c941fd7e8c039980810929d4930fcf9c597857d195f8c93e3cc94c41d

\Users\Admin\AppData\Local\Temp\CryptoWall.exe

MD5 919034c8efb9678f96b47a20fa6199f2
SHA1 747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256 e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512 745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

memory/2572-45-0x0000000000080000-0x00000000000A5000-memory.dmp

memory/2436-46-0x0000000001090000-0x0000000001098000-memory.dmp

memory/2676-49-0x0000000000950000-0x00000000009C8000-memory.dmp

memory/2852-61-0x00000000000D0000-0x00000000000F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab8BED.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8C1E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\25.exe

MD5 476d959b461d1098259293cfa99406df
SHA1 ad5091a232b53057968f059d18b7cfe22ce24aab
SHA256 47f2a0b4b54b053563ba60d206f1e5bd839ab60737f535c9b5c01d64af119f90
SHA512 9c5284895072d032114429482ccc9b62b073447de35de2d391f6acad53e3d133810b940efb1ed17d8bd54d24fce0af6446be850c86766406e996019fcc3a4e6e

memory/2408-114-0x0000000000890000-0x00000000008A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\24.exe

MD5 042dfd075ab75654c3cf54fb2d422641
SHA1 d7f6ac6dc57e0ec7193beb74639fe92d8cd1ecb9
SHA256 b91fb228051f1720427709ff849048bfd01388d98335e4766cd1c4808edc5136
SHA512 fada24d6b3992f39119fe8e51b8da1f6a6ca42148a0c21e61255643e976fde52076093403ccbc4c7cd2f62ccb3cdedd9860f2ac253bb5082fb9fe8f31d88200d

C:\Users\Public\Documents\RGNR_A0710810.txt

MD5 0880547340d1b849a7d4faaf04b6f905
SHA1 37fa5848977fd39df901be01c75b8f8320b46322
SHA256 84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25
SHA512 9048a3d5ab7472c1daa1efe4a35d559fc069051a5eb4b8439c2ef25318b4de6a6c648a7db595e7ae76f215614333e3f06184eb18b2904aace0c723f8b9c35a91

C:\Users\Admin\AppData\Local\Temp\23.exe

MD5 7e87c49d0b787d073bf9d687b5ec5c6f
SHA1 6606359f4d88213f36c35b3ec9a05df2e2e82b4e
SHA256 d811283c4e4c76cb1ce3f23528e542cff4747af033318f42b9f2deb23180c4af
SHA512 926d676186ec0b58b852ee0b41f171729b908a5be9ce5a791199d6d41f01569bcdc1fddd067f41bddf5cdde72b8291c4b4f65983ba318088a4d2d5d5f5cd53af

C:\Users\Admin\AppData\Local\Temp\21.exe

MD5 a8e9ea9debdbdf5d9cf6a0a0964c727b
SHA1 aee004b0b6534e84383e847e4dd44a4ee6843751
SHA256 b388a205f12a6301a358449471381761555edf1bf208c91ab02461822190cbcf
SHA512 7037ffe416710c69a01ffd93772044cfb354fbf5b8fd7c5f24a3eabb4d9ddb91f4a9c386af4c2be74c7ffdbb0c93a32ff3752b6ab413261833b0ece7b7b1cb55

C:\Users\Admin\AppData\Local\Temp\22.exe

MD5 296bcd1669b77f8e70f9e13299de957e
SHA1 8458af00c5e9341ad8c7f2d0e914e8b924981e7e
SHA256 6f05cae614ca0e4751b2aaceea95716fd37a6bf3fae81ff1c565313b30b1aba2
SHA512 4e58a0f063407aed64c1cb59e4f46c20ff5b9391a02ceff9561456fef1252c1cdd0055417a57d6e946ec7b5821963c1e96eaf1dd750a95ca9136764443df93d7

memory/1724-141-0x0000000001060000-0x0000000001070000-memory.dmp

memory/2072-169-0x0000000000AC0000-0x0000000000AD0000-memory.dmp

memory/1632-151-0x0000000000970000-0x0000000000980000-memory.dmp

memory/944-176-0x0000000000E40000-0x0000000000E50000-memory.dmp

memory/2372-207-0x0000000000990000-0x00000000009A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\20.exe

MD5 f18f47c259d94dcf15f3f53fc1e4473a
SHA1 e4602677b694a5dd36c69b2f434bedb2a9e3206c
SHA256 34546f0ecf4cd9805c0b023142f309cbb95cfcc080ed27ff43fb6483165218c1
SHA512 181a5aa4eed47f21268e73d0f9d544e1ceb9717d3abf79b6086584ba7bdb7387052d7958c25ebe687bfdcd0b6cca9d8cf12630234676394f997b80c745edaa38

C:\Users\Admin\AppData\Local\Temp\19.exe

MD5 4c1e3672aafbfd61dc7a8129dc8b36b5
SHA1 15af5797e541c7e609ddf3aba1aaf33717e61464
SHA256 6dac4351c20e77b7a2095ece90416792b7e89578f509b15768c9775cf4fd9e81
SHA512 eab1eabca0c270c78b8f80989df8b9503bdff4b6368a74ad247c67f9c2f74fa0376761e40f86d28c99b1175db64c4c0d609bedfd0d60204d71cd411c71de7c20

memory/2700-256-0x0000000000DF0000-0x0000000000E00000-memory.dmp

memory/2724-262-0x0000000000BE0000-0x0000000000BF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\16.exe

MD5 0ab873a131ea28633cb7656fb2d5f964
SHA1 e0494f57aa8193b98e514f2bc5e9dc80b9b5eff0
SHA256 a83e219dd110898dfe516f44fb51106b0ae0aca9cc19181a950cd2688bbeeed2
SHA512 4859758f04fe662d58dc32c9d290b1fa95f66e58aef7e27bc4b6609cc9b511aa688f6922dbf9d609bf9854b619e1645b974e366c75431c3737c3feed60426994

C:\Users\Admin\AppData\Local\Temp\18.exe

MD5 d32bf2f67849ffb91b4c03f1fa06d205
SHA1 31af5fdb852089cde1a95a156bb981d359b5cd58
SHA256 1123f4aea34d40911ad174f7dda51717511d4fa2ce00d2ca7f7f8e3051c1a968
SHA512 1e08549dfcbcfbe2b9c98cd2b18e4ee35682e6323d6334dc2a075abb73083c30229ccd720d240bcda197709f0b90a0109fa60af9f14765da5f457a8c5fce670a

C:\Users\Admin\AppData\Local\Temp\17.exe

MD5 c252459c93b6240bb2b115a652426d80
SHA1 d0dffc518bbd20ce56b68513b6eae9b14435ed27
SHA256 b31ea30a8d68c68608554a7cb610f4af28f8c48730945e3e352b84eddef39402
SHA512 0dcfcddd9f77c7d1314f56db213bd40f47a03f6df1cf9b6f3fb8ac4ff6234ca321d5e7229cf9c7cb6be62e5aa5f3aa3f2f85a1a62267db36c6eab9e154165997

memory/2044-220-0x0000000000290000-0x00000000002A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\15.exe

MD5 c936e231c240fbf47e013423471d0b27
SHA1 36fabff4b2b4dfe7e092727e953795416b4cd98f
SHA256 629bf48c1295616cbbb7f9f406324e0d4fcd79310f16d487dd4c849e408a4202
SHA512 065793554be2c86c03351adc5a1027202b8c6faf8e460f61cc5e87bcd2fe776ee0c086877e75ad677835929711bea182c03e20e872389dfb7d641e17a1f89570

C:\Users\Admin\AppData\Local\Temp\9.exe

MD5 28c50ddf0d8457605d55a27d81938636
SHA1 59c4081e8408a25726c5b2e659ff9d2333dcc693
SHA256 ebda356629ac21d9a8e704edc86c815770423ae9181ebbf8ca621c8ae341cbd5
SHA512 4153a095aa626b5531c21e33e2c4c14556892035a4a524a9b96354443e2909dcb41683646e6c1f70f1981ceb5e77f17f6e312436c687912784fcb960f9b050fe

C:\Users\Admin\AppData\Local\Temp\12.exe

MD5 7ac9f8d002a8e0d840c376f6df687c65
SHA1 a364c6827fe70bb819b8c1332de40bcfa2fa376b
SHA256 66123f7c09e970be594abe74073f7708d42a54b1644722a30887b904d823e232
SHA512 0dd36611821d8e9ad53deb5ff4ee16944301c3b6bb5474f6f7683086cde46d5041974ec9b1d3fb9a6c82d9940a5b8aec75d51162999e7096154ad519876051fe

memory/1396-390-0x0000000000090000-0x00000000000A0000-memory.dmp

memory/2320-389-0x0000000000090000-0x00000000000A0000-memory.dmp

memory/848-385-0x0000000000C40000-0x0000000000C50000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\14.exe

MD5 e6c863379822593726ad5e4ade69862a
SHA1 4fe1522c827f8509b0cd7b16b4d8dfb09eee9572
SHA256 ae43886fee752fb4a20bb66793cdd40d6f8b26b2bf8f5fbd4371e553ef6d6433
SHA512 31d1ae492e78ed3746e907c72296346920f5f19783254a1d2cb8c1e3bff766de0d3db4b7b710ed72991d0f98d9f0271caefc7a90e8ec0fe406107e3415f0107e

C:\Users\Admin\AppData\Local\Temp\11.exe

MD5 6c734f672db60259149add7cc51d2ef0
SHA1 2e50c8c44b336677812b518c93faab76c572669b
SHA256 24945bb9c3dcd8a9b5290e073b70534da9c22d5cd7fda455e5816483a27d9a7d
SHA512 1b4f5b4d4549ed37e504e62fbcb788226cfb24db4bfb931bc52c12d2bb8ba24b19c46f2ced297ef7c054344ef50b997357e2156f206e4d5b91fdbf8878649330

C:\Users\Admin\AppData\Local\Temp\6.exe

MD5 27422233e558f5f11ee07103ed9b72e3
SHA1 feb7232d1b317b925e6f74748dd67574bc74cd4d
SHA256 1fa6a4dc1e7d64c574cb54ae8fd71102f8c6c41f2bd9a93739d13ff6b77d41ac
SHA512 2d3f424a24e720f83533ace28270b59a254f08d4193df485d1b7d3b9e6ae53db39ef43d5fc7de599355469ad934d8bcb30f68d1aaa376df11b9e3dec848a5589

C:\Users\Admin\AppData\Local\Temp\1.exe

MD5 8ec649431556fe44554f17d09ad20dd6
SHA1 b058fbcd4166a90dc0d0333010cca666883dbfb1
SHA256 d1faee8dabc281e66514f9ceb757ba39a6747c83a1cf137f4b284a9b324f3dc4
SHA512 78f0d0f87b4e217f12a0d66c4dfa7ad7cf4991d46fdddfaeae47474a10ce15506d79a2145a3432a149386083c067432f42f441c88922731d30cd7ebfe8748460

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 012a1710767af3ee07f61bfdcd47ca08
SHA1 7895a89ccae55a20322c04a0121a9ae612de24f4
SHA256 12d159181d496492a057629a49fb90f3d8be194a34872d8d039d53fb44ea4c3c
SHA512 e023cac97cba4426609aeaa37191b426ff1d5856638146feab837e59e3343434a2bb8890b538fdf9391e492cbefcf4afde8e29620710d6bd06b8c1ad226b5ec4

memory/2484-435-0x0000000000EF0000-0x0000000000F00000-memory.dmp

memory/2828-414-0x00000000013A0000-0x00000000013B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7.exe

MD5 c84f50869b8ee58ca3f1e3b531c4415d
SHA1 d04c660864bc2556c4a59778736b140c193a6ab2
SHA256 fa54653d9b43eb40539044faf2bdcac010fed82b223351f6dfe7b061287b07d3
SHA512 bb8c98e2dadb884912ea53e97a2ea32ac212e5271f571d7aa0da601368feabee87e1be17d1a1b7738c56167f01b1788f3636aac1f7436c5b135fa9d31b229e94

memory/1020-428-0x0000000000F30000-0x0000000000F40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4.exe

MD5 c24de797dd930dea6b66cfc9e9bb10ce
SHA1 37c8c251e2551fd52d9f24b44386cfa0db49185a
SHA256 db99f9a2d6b25dd83e0d00d657eb326f11cc8055266e4e91c3aec119eaf8af01
SHA512 0e29b6ce2bdc14bf8fb6f8324ff3e39b143ce0f3fa05d65231b4c07e241814fb335ede061b525fe25486329d335adc06f71b804dbf4bf43e17db0b7cd620a7c6

C:\Users\Admin\AppData\Local\Temp\3.exe

MD5 a83dde1e2ace236b202a306d9270c156
SHA1 a57fb5ce8d2fe6bf7bbb134c3fb7541920f6624f
SHA256 20ab2e99b18b5c2aedc92d5fd2df3857ee6a1f643df04203ac6a6ded7073d5e8
SHA512 f733fdad3459d290ef39a3b907083c51b71060367b778485d265123ab9ce00e3170d2246a4a2f0360434d26376292803ccd44b0a5d61c45f2efaa28d5d0994df

C:\Users\Admin\AppData\Local\Temp\8.exe

MD5 7cfe29b01fae3c9eadab91bcd2dc9868
SHA1 d83496267dc0f29ce33422ef1bf3040f5fc7f957
SHA256 2c3bfb9cc6c71387ba5c4c03e04af7f64bf568bdbe4331e9f094b73b06bddcff
SHA512 f6111d6f8b609c1fc3b066075641dace8c34efb011176b5c79a6470cc6941a9727df4ceb2b96d1309f841432fa745348fc2fdaf587422eebd484d278efe3aeac

memory/1352-396-0x0000000000C80000-0x0000000000C90000-memory.dmp

memory/1720-394-0x0000000000B40000-0x0000000000B50000-memory.dmp

memory/2300-393-0x0000000000B10000-0x0000000000B20000-memory.dmp

memory/2540-381-0x00000000000B0000-0x00000000000C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5.exe

MD5 84c958e242afd53e8c9dae148a969563
SHA1 e876df73f435cdfc4015905bed7699c1a1b1a38d
SHA256 079d320d3c32227ba4b9acddf60bfcdf660374cb7e55dba5ccf7beeaedd2cdef
SHA512 9e6cb07909d0d77ebb5b52164b1fa40ede30f820c9773ea3a1e62fb92513d05356dfef0e7ef49bf2ad177d3141720dc1c5edceb616cef77baec9acdd4bbc5bae

C:\Users\Admin\AppData\Local\Temp\10.exe

MD5 d6f9ccfaad9a2fb0089b43509b82786b
SHA1 3b4539ea537150e088811a22e0e186d06c5a743d
SHA256 9af50adf3be17dc18ab4efafcf6c6fb6110336be4ea362a7b56b117e3fb54c73
SHA512 8af1d5f67dad016e245bdda43cc53a5b7746372f90750cfcca0d31d634f2b706b632413c815334c0acfded4dd77862d368d4a69fe60c8c332bc54cece7a4c3cd

C:\Users\Admin\AppData\Local\Temp\13.exe

MD5 c76ee61d62a3e5698ffccb8ff0fda04c
SHA1 371b35900d1c9bfaff75bbe782280b251da92d0e
SHA256 fbf7d12dd702540cbaeeecf7bddf64158432ef4011bace2a84f5b5112aefe740
SHA512 a76fee1eb0d3585fa16d9618b8e76b8e144787448a2b8ff5fbd72a816cbd89b26d64db590a2a475805b14a9484fc00dbc3642d0014954ec7850795dcf2aa1ee7

memory/2360-476-0x0000000000A10000-0x0000000000A20000-memory.dmp

memory/2868-475-0x0000000000AA0000-0x0000000000AB0000-memory.dmp

memory/2308-472-0x0000000000050000-0x0000000000060000-memory.dmp

memory/2576-469-0x0000000000960000-0x0000000000970000-memory.dmp

memory/2312-468-0x0000000000C60000-0x0000000000C70000-memory.dmp

memory/1864-463-0x0000000000F90000-0x0000000000FA0000-memory.dmp

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl

MD5 a3a6b8d5c120b8a406e4739b52945455
SHA1 0a37b3fec73998cca26096cf8bcffca9671e0808
SHA256 a56d36f7290da59145066bbaf2d5db407b752059bba27972adf77b85f58fa192
SHA512 9ce55c041032d95d9f03534da036ef28d3d7545be0cc8ccc5bc66eca5015df1b5653421169f24391fadeca43037da83c4b227222b225fbc02b6bd5316086b6f0

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 a226bd9fb7203f0ee78c0121d7aa1287
SHA1 7235039a534f760b4331b69f605f6a6fcb6885eb
SHA256 0290e97198f9f9c8d34765b26b16ea741b7e7f3ca4dea7f81642df356949ded9
SHA512 a69e2b403db6eb935dece2e55f6c7c8fbeef7259fd77e4db1c2802c19d682d0319255f6b52f07dd542bbcf6d92bbb2faa9de7707332107c78a6bf20a579ce537

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC

MD5 e61d6232a0f4ef16ded030104ab81799
SHA1 40aeeb151e971393f1ee8c82a938b09cdb34800b
SHA256 18a4718d3d475c2ceacfafe21553e90f4ec926e36f76e34373e49bbf58f4849f
SHA512 4e98b0b6d53cb7667037b8fdc44fa1ecea1e4ac96e5ecdf17612311dff4429d27c213e53fcdd640b605e8c71b082ae14e0e6f4d88e810beb9c5db22d8b676dfd

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST

MD5 8427da6520feb07583121b86f6a5c139
SHA1 3a0be486a2ec757c39f24ce664bfaff4c47e152c
SHA256 77b46bc644d0d842fe8d21ac3dd35cdbe9fb8f5eb9cfc5128a02c9a9b62584f9
SHA512 a62dfe03355ae42bf7e4eff8160f8c73911d147d93a60a4893f15ddb7aba0d2a1691ebfe38ec8be64b7e658b225f84ef6159829f127526bfc5bf7d74b94b6512

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST

MD5 a537af57b73b732665c2995f88312af8
SHA1 22ef619eb6de36f91ed93ee522512d0b282cccfb
SHA256 3c6f44c4a5964861749af5eb241948dfb2b9574de06dd62ed0fde9ca85654200
SHA512 b082536c4672323fd376ad4ec412ef834fc92544bc95ded1a328dc7fa4a68abcb05df0d32506d09b30e143f367362890e0acf810c3531f53bfab1771f84ff767

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST

MD5 c5fa826b9ef3fc30cfdee32e09b8480c
SHA1 92819d58360dbf9a5202f5927cf5ef6723621e51
SHA256 4067759f314df51ea794ffd089deac46abeb5cc1df0ddb10a31fa0bea48809b8
SHA512 024296d147840009c2c0de1e13b916fd09f73a2bbea1e079d2068d60517635cc2c039f4f58b2c0ee3021e8b9e62cce2f8e3004a2ab98cb1b35a7255a20844d6d

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

MD5 2960ef3727ae1a26eb14ba208735ef5a
SHA1 f80098a97bd0f64fce7f469b0e88130146ff9b23
SHA256 679d04f1c0c1663af4557ea7da85f67dbb94b94ee879d69bc6a069d370046c6c
SHA512 2730bfad89f7f6a978a8d24483babc747652801cd8c9f772c104f6524f5a962ec3a783fc26c5947ef1caf3636275024dfac907f0d63684acd6c4fd05e8d50ade

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

MD5 f87ee363426e286943501f70abaeeddd
SHA1 b4cfec304fac40fcb77e14ffca4ab670f6821318
SHA256 a821d89c3155b3548d0c27b2fe5e97df004aca62d0d8f1c1fc49b2f5ef30af72
SHA512 e52ddc849145c742d25281eff028f46c2437f5f5b7488238e80827da4f982421517c9b62d3c092b74d3b4a8efba09377065c7f28a0fe4cda37b68b51704b8b37

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf

MD5 84462d32444ad50b146da39a6140412a
SHA1 7fdfc8ff1f0fe260f8f21ebb34f455471294bccd
SHA256 5b9ae6126a7bbd8e32541c07d3c0eb1f7d60f7f39362dbf0705143627b8748bb
SHA512 1053eb3b52bdf932df83b7d41e621f77d6cd5a59eb12d1fc9b514d93baeca68fa35d0213e2d6e4268adb1e860d86aa3a9b26952dc1acb1745d79d82c12a1961e

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt

MD5 349339ac6936f8d862b82b160b21c7ca
SHA1 8a37f2338564f4bcbdf99114623db71b58d83f4e
SHA256 37ae90173ef43bbe962a86d5c4fce8d4249f21c02daa93d7f49eebe82ff5ed2e
SHA512 00c1c5708384077750017e0d648c4f0ecaab44448c1542bf68c8cff0d7a6de1b1f1e744ec8422a01f5d55ad06e7203b8fe1e05082b946704639bcdc42ec3d109

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA

MD5 c4bccaa20ff80bc11b73201e6e16dd17
SHA1 1382ef4c4b040715f44efb87ddabab07f17bc291
SHA256 93f2bbf3f3cf2a131448f6f5e83c02d2ed72b652ef746d414f8537a854206ab9
SHA512 950f2f2c53a52058cd2d82bfeaf75dbcc621aab213ed77cce6b70f88cb4083c6acee98cda321e19c5a76bbe876075a41a3c3099e01f08cd4e2c51f69c6d6a1ea

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA

MD5 c5538eca63f8399804dc1f833a6d19e0
SHA1 caf0b39793d7f606e21f6dfbc4f2be6468223b13
SHA256 3d266b911fc8c7dcba891e3e71b4aad2b38cd8681cb02266addccfdc2215bb3e
SHA512 b597ed0f01fa6ad0af5c855342e3d763eee7c48fb13f833d455b6d4691f2fb9390e59a7a4f9056c0dba1f940a5af30caccc6c2ac768505564c72207bba708b6b

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.ragnar_A0710810

MD5 946abef3e83c3c38784bfd1617409ca6
SHA1 deed96424c499ea5f90f4515355c045c2081593f
SHA256 70b10b724ae39c58e1c29442889f8b6ef845f9a3e8cb4170c4d4366fa2ac5da9
SHA512 7e5e7d038aba6192de096bde8de34b89931b116e790b7736a7a4d97dc0d511886a7a2340ee9192394f7366c0d56e40df25908d4e63115a310904b7b6b677a159

memory/3028-2738-0x0000000074B80000-0x000000007512B000-memory.dmp

memory/2572-4454-0x0000000000080000-0x00000000000A5000-memory.dmp

C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties

MD5 502942af8af3cf911956aed6a12ae63c
SHA1 ce2cf42efe9276d0796c7f20258eb59c5114e7b8
SHA256 faa7c63a99c51fa34687e70a8985f03bf970b1663b27e58c71cb8b80710755e8
SHA512 cb86eb08be8090db34a65b9e8dd22ba715d4e775cdb683a2dd1112dc420b1b07e99764a277aba0cefeb805e7fa76ea33e028c847cd01f5982a22b04e8c1f5b23

C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia

MD5 8f6efa8357842c262abce274771a342f
SHA1 3152fb5da4e36b58502ac0a10eb994dae662414f
SHA256 4c31c6d90608e2f04fa42451f16e8370d698b816f4f9ccb5724a0db9a31aeac7
SHA512 4444d2703066b42d7b1a8e7387b370364ce1a1aae17917dcaa9a44f79f8d48a162070e9937cc36eedfc3b5fc4421c6512ca43866ab2546a670c0c8a8e7e7663e

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10

MD5 c6a2fc0f2132902e13fdc60b2521ef14
SHA1 0b599c9790ed369ade90cced1cd494f460c104bf
SHA256 380ec7283dd0d8f22f6dc1a53dd2054baef57f3ab5e4b07f6fff610ea6ef43e7
SHA512 b164a96eaf33972ab17158e7aacd9fd203ac73896c19ec0060c347a3a335a97e57538232137b11360a60e810bed190405cc9e031fc8fb353459d099726bfe8c0

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9

MD5 d438f96cae844bad46db2ac31c55728e
SHA1 80dc627b872192620a2cf88d85fd527aeffcf6e0
SHA256 b767e38ba96c537f082c4a1af123d3af3d70f69e52d1be4343df1375c2e7bc18
SHA512 5239d05784b183db91297dfece6b4b291b75faf96203ca5846e6fc470187a96b838e84b437ddfb7109e5aa40d81d67b53d1c3bff8733581a37d82e72c7f4ca4f

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8

MD5 5dd9acd73728f8d0bc0f0dec4512aa23
SHA1 48ce521d73bacb1f52a822e3d305d393741d6bad
SHA256 b88e0d0dcf559356decb8bb97d015ef920a9f5474fc777db078e9ca04224ee93
SHA512 260b6412464b4f54d0e272c963cb7a3629fc13522db1d88915cc76c93066229e299b47ae67a9d355510b4e02633caab252f04badfb6860ed3051a7ea52281e85

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6

MD5 031241c3b8953bb265ace4b3119c47d2
SHA1 84a2ec0689942ba9a7f2ef6837b8a2e3346ca96b
SHA256 6175e1d1ae8ec8c9d1abba15a4168bba351a2f1e7df9a520c131e7a0a4347639
SHA512 7aa2fcb9a74090418726dba7164e95a9002b0d8a12a11359b6eb9d961e72824c5075e27c3bb96bd21bd7857adb5e9e99da7248f6e486a1a91d697308febe9ba1

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4

MD5 4440647133b7b2c26469817a63df54a9
SHA1 3ef79caa12f66587f36a76c934ee0c0b7a741e90
SHA256 c2435cc818beb065aef45e1f774d2ae52a5703aeeab2962808c56d68ee545e6c
SHA512 e63b1f7c4c01268996f739ca9cba0edf15605121cf8d23ee94a962c45b1e911827fe23f1218f99d12cd3930ab0bb6b54963f9c39dd59b757fa279af446401aeb

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7

MD5 3d5e710a232589802005e91c77ed6bea
SHA1 73c2971b81e91e6030069f96bfad2cee478716e9
SHA256 da069b6f74dcc5102f31c93983bd56b618f25b0f7210571b9630a26b05fb4d69
SHA512 b6ca0b5459cd3f30f67030514bdb7d9d3e744f7bcf8db884ed3d2f20cf249e2fa4e43440e9d1c9642a9632d27037f76d7ab2d31e5e38335e9c6924473f4bcbf6

C:\Program Files\Java\jre7\lib\zi\CET

MD5 523e192a63a8d0d45f2013b6842367e7
SHA1 96df3bedb6847adedfc56f6fc813ead5b1931c08
SHA256 98d0f76baf29c4156062b213bb4a0261a9c00a2a6edb303beff7102e61d965b4
SHA512 e2d1d77a734d7d8e0e9802433748fe497b474669a06152a704ffe02f9c1f3f1e525abb1a045038569389bc88894977b5947655e62f7a489c9e83ef70a7fabc00

C:\Program Files\Java\jre7\LICENSE

MD5 7b52f6d9acdab513a02cfa9c0459b4a3
SHA1 868f061ae66b3101cba8fd273346b98cb31fdd1b
SHA256 90ba72ec9858cac64bf6067561371d568802f7ded8a71406817bca40512ef5b3
SHA512 bdd9f10c3d2f831b933052a4bcea0bf4ecbe55d9afdf652ad7f60c4b06591d75fdb8a765ef19087ccac393a0451ab0bec8391750806557e1f70e3dd5031c6392

C:\Program Files\Java\jre7\COPYRIGHT

MD5 244d058acb0c24e7a947207baa2e06c4
SHA1 e4ed00806d43ffb195695364b0d6008c06345b05
SHA256 c007a13172aeba75ead6789b4b6b0feecbed155a6ce442476e66c7d39ebe272a
SHA512 cb6f2e87a9ba55a254ec097ebec0552875bda5723006c0f1fbaf6c3ee61e33ee9556f90f3152c7d4bc18bb18e7b4a2caca5602c5f50167135b451d9188399b03

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

MD5 f55cf7e4322d7aff89a6ebf5c1d1319d
SHA1 7183d27dc7b2896139046ee7b7a51b979676198d
SHA256 98642608fb14dea7a92e6df411a718eb56fb660f7051180a3fea975e18382e18
SHA512 490458dbb37411adef09339fcd86defee29fd7228f94aa386304d3f506b4448f1aa9d68acc32394366333951e64f849324e812cc4d9b452dea67c56bab6e6c33

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8b34a99c2d2dc80b245f052faa373f91
SHA1 ea2936ed07dd38deb4aed2cae32f3d153d81bd73
SHA256 f566ad6e023977beae8e66ef3fa00be26153eea2378ff8b3915e43a157984591
SHA512 5e8aa1b0e49cd5d8ffa6973ec3d724168e01bd5c1bbd53ce8dbc8ac5ce73ba6b162b71279cc44df97525aa5aca7d1773da6b515a502a0141312f4f6f21122446

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 3e303dda9d55bae74100a16bf95c71ab
SHA1 28bff84ac560a242383a8660a5ff9082b2d5e1e7
SHA256 2aa829441d740ff93a81089db8e11dade56fd17fb9ab2aa55ae2663939c1626a
SHA512 7074282701c7b97d644265585ffffce16056d02fc2806cb0f26e4dcca4a95606f2262dcb9df814a1d30fd4dca58be8a70fb6feb0cb097ebcbb2910e963555d7f

C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 c1f1ecd4e83e07cc580e9271a4f505a3
SHA1 a760a9af6e515626f6bacb0f7364f0fccfcc4b55
SHA256 02588d47064fa12d6fab5674b6b162940273e649734cbd2cac3af65f4fa841ca
SHA512 c7ee907fd401f7843c874f7e95fe16a3011218e4fb54e6cc8f623e2b3e354d71064a7343cce555cae18fcc8cf8007e7a19f371ee2af3badf54d49a44a558a54e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF

MD5 7602dd80c8ce6554bf353d660045c206
SHA1 95b4b193152e196a7f0f9a04724f34919c8975fa
SHA256 84826aff5ed6227bd065338554b470e4ae0fd24ff38367acfa846c35e20fd266
SHA512 0ec002e286aa7aec40ea7d96d6e8862a6d3a7877fd1965be9e24632947050eaa4e2b696b857001c6fadf463b6002976e9a6933d1bdb021ad2c6924891e8f2098

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF

MD5 449a0a268501767bc71644540069d5ed
SHA1 79ace3e3fb1132f38c70128700ecf75e44074a18
SHA256 0fef26c94af1cf48b5047613ffb4ab6a51ab2bb664d80f1dc2f5ea3e5bf8c6fc
SHA512 3fd1dc0f93704d8bc4cecda13a6927d3ac81d825f38bfa7b2c2e9be44a1f2ea2c9efaaf4d012b63d63d20da8cbcd58d78f17bc8d18499da99a57decef8541475

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK

MD5 5ba25aff6722a7fc322a266c265ebf3c
SHA1 f64580208d45be70689e81a30d2758259b5f0101
SHA256 951423f86d43238e3d3d99af1f99a186bf0cedd8d2ebab3d19208a72af456084
SHA512 e83cd4cdeb7d8cc23b99da16eccc9e11e859ed92f37ca132cc8060372936667d2cf38058e6a6fd807fccfc49b883b99b5ffba432b79e2696fb8b623b8e24654e

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK

MD5 4a9c82337a3d7ac090b138d45e3c8702
SHA1 533e8a0051a2b83b7abfc565bf5061222f9701bb
SHA256 a2d664b1a961f73c2c530752e8c7b7e43554fcaf42abe977d4c7b7da967522b1
SHA512 f6489cf38b0d93aa3e35a7aec96c9551d3cd0121c6cf375f1455ad761cd66163d227f70743e881df884752a5d235b939eba7922267e4ba30cb33322a2addab45

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL

MD5 716ce90209e693b25b98db85221f7c6b
SHA1 6160cca31cb7139ec9ee384d7de8ae4c91ef0053
SHA256 5878e3e230dfc63323ab6f6bb18d34bc3cdc655a554e4d4b2c4216170a86b1ea
SHA512 d60430fcfbd64dfe3446da346450de145b9598d6072a9be34972a6455768969cadd608ca5b8e521c448c047d7750d81fb65995403d413a2d5f9e9a9a5da2087b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF

MD5 a9e6fc476d1b7ea36281b033b820023d
SHA1 2661bb95838fab356193774a87612fd4c59f2b7d
SHA256 50a249f1c576698823711bfbe5fe3dc0afaefce3be940fa9ab00055290c8484d
SHA512 e5e730a6abd80c21766a79f1237c502a90ba8ec11baff75d5ad3dbdad49ebeb8a5bf97a8869ce0691e825a326ef90c1792fb885dd187b9ca2be0a86ff2ab85fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF

MD5 8dc580abfb0285722460d05018198b2e
SHA1 7aea42bbb2a83d65cd9325552bbfbc089a8c37f3
SHA256 bb875a835b5ba98c28a183c972274b412a326cb2d6185ca74e548f9004eed85a
SHA512 4f23a0feaa52e996bd2594199848040a0cf5f69c0ed7e3988cbbc52835a29d1cd4dce669c880bce3f7274a7fa2182c6e85ca1ccb9837b90a28bbb9cbc2ff1e29

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF

MD5 00b572d24971884a045b28cf97b24ebf
SHA1 ae663004c9f9bef1bdbc30ffc7d45525676cf8d1
SHA256 ff8b2550160b54c93d7ddab4ba91f326552e8bf3b378b7813d0c01e09bb50795
SHA512 fbd890372a9243092c82fa61821732591f4d6cf0f2420797de7ba8bc4a27f19c4dba353d8854dc36a3baf11d4184c737f82337aa0fcc27abf418580a374ec275

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif

MD5 cf0f2f84db81b3ddadc6bbd60b91da7c
SHA1 7a2fc939a35480f11900c2fca2c393fcfdc8249e
SHA256 f3b7af76a4fb478281930e0f4b01ddedb223eff5312574175f88611bd078de61
SHA512 2b9e256665c942dd472571612892e8c740346707a3ec85d198ce4cc89ad229f5f801ca38eba43c517e2eb839f6c0904f41be93fcce9ad7c39f6f1a70e72808eb

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF

MD5 f2fc30d208d15cc0424222dbcb51bb99
SHA1 e3e299011ff678492c74233e0b337cbb6fa8be4b
SHA256 a20fb94874c519fdc664865867a9a3add7cc25728fbad6de77ce5f51b59732fd
SHA512 a03d2f209507fa54337c982dac37d9167e66a53626f523c218f708329157c75dbc269a78143ff2ace45b11d234c697124c25af16c09cd66e96b22f21c4e73073

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif

MD5 73ea91ac3d9e5396bf1203f3e2655982
SHA1 9dfe36642634089889630ff9fd19671538f52a9f
SHA256 d9a8b803480b97ed5da2cc8e76e7815242987f9d125dbf1a0c31428495134e91
SHA512 c7288579cb704a3b43a791dd92630db3ce99e692ff644cb8f57c27ae46f22c8332e24dfec0f73999d395c591db6d1693bfd8a605e3e3a195fdbc991fccab1dc0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif

MD5 d9a70ee6499e30fde56745b535739989
SHA1 35b3bddda873564cc5021aed1350bc8bd6059bb6
SHA256 4fd3306f52275eb157f91a142248eb8b025a8e28878e8cc4d06a91b9954e3ddb
SHA512 2dbc2f30ba63601c801b69806fd3c622e3d3ae1fd703a9abf566c9df382de97c51c1cab64b93d096e861e49b5806977b887bf57238cbf97104f56e57b5d35ff4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif

MD5 0daecbaa82729dda5a5c3ce3de319fd0
SHA1 bd528e50f76c0a916e9936324f8fbcba9142a1ea
SHA256 964909d6276580c501cc61666ce773a710c4a910667a2a5cea3aa2c2bb64842d
SHA512 3f59ad54470f1592bdbbcdf1c931769568d3ad7db2447e76c1276a0b07d55ea96809f8f5ba390bf5e0e97cc36ceba0f7b159aadd17650f301e02e45c4275f1c0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif

MD5 f472e7ca4889fa01a5217d1745dafe13
SHA1 e76efe418e46ae51209a632c234e97ed70826e02
SHA256 5e631a1a0e91add3618877884188bfb5f90743fba81ceca4fc28b072b6a5d97f
SHA512 5aaa00a4d4259552500da7a8f75ed62bf0f925e54d75cda83ccaef1cd1759cd3be0db8d4410c9147e97bdaedc6a294513baf92e20e4ff0ed81461a6031fa227c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif

MD5 52a0b0b22724f129a6e4fe3b292c7913
SHA1 8f48d3cbfa21df21b43c769d8e0b93ab0b3fa81b
SHA256 7026d5fd27af68ef86d4b81b6f4f057c1414f3f2284e1ec55051fd00f336831f
SHA512 a0513f4e5314534313c8d343388ab899fec7c2531478938031502da55d476ccd65df757eeef21facd18ad590cedc289f4dbb8bb77e620b983cc25b9d18d899fc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif

MD5 42e5a0bcdfc9e5c1ef71ee9d7383e2d6
SHA1 d814eec874b0bd5d5431b35b49c150eb926cfafb
SHA256 95cdc8bfb5a1db2a4a6b8e8badefba4d520f72b876d846f8aa6bd976f31cb425
SHA512 211f6b13e418ba042709a14e83b35f9879e57702c7b143feefe694b1e63c3f5216fb1e4dea4b6bbbe943fef74e108896d0b99a0be6f355563724bbbc69341cb6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif

MD5 33ed8eafb9bc930cb552c03e4ee51b1c
SHA1 a40ad80470f835f5d7256f8d4229d6353d862c48
SHA256 d825b8ec9554d88b7ef8934e2fa46a36fe7025f3c69ba9de062857415d91f50e
SHA512 75a6709bddfdd18eb1c1be7aba334586ae3ab40c5c053fa3c786024e89fe856b1b0e7f0f3c8ed658a2a7639989a3014e19d2b8d7cb975ff9b79e8a781cfd54e6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif

MD5 9962ee4575119c87784ec6355dc8977f
SHA1 9ad655c034587464dd67b0e4989387db940126f0
SHA256 463cd738eee57a3b5291cc3b36b488b8465a84e1af014cd1e36d62a7112d93ba
SHA512 b2b50ed617f555b89840e5acd31453cbb54cc89816f6e3f8c538612f3e4414a7b9dbba9ea5f5fc8702b780cc8ba097d45892680cba7dfc82f511ae4c75872d89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif

MD5 d0abcdc14eb9a779388f8796a519d34d
SHA1 29d88097d25af34d1a03aa16a229c9f71e51f8ca
SHA256 a2a697d922beedcb8a347932fe48a47e1413c22a44bdba906a7bfdac054771aa
SHA512 825583c6700fdad38040978bef0f6129c69b005fa14b5bb5f7d59b5c30b583a844e2bafdf0bd21492a50b86379a265a3e148b626053d569dbdb5911c0b9ef237

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif

MD5 80c72c1fa315d9c1be767c3e6e5374cc
SHA1 e5356eb603fac97a139634f35dcb7580ba1a5363
SHA256 030a1dbb623f4f4a80e7ee72a50e3abf8fd757e8fb5d30bf07bc3a4223f904cc
SHA512 34b4b4d70b606afd427bd0753977c2ff755135c69f600391d30c96ebf0c3bc9dfcdae5a6c257ee23ca701ada656b575e3e5f2e846e3495344f266d956df434e1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF

MD5 d1cd049895df7c50ae234f2919cdcb0c
SHA1 a674bc001be86efa85e30f2ea3247501e07d5017
SHA256 7a9d281065e39d5123698c0828ce16f7d803ab5208439d32c0cf27e267ba4419
SHA512 d0f305e4ebc4db071928270bc198cfc9b4bb0470724e126def5dc29489d37aedd9146b8a6b4b3499ba9b2babe5bf4a50310adce3df710f24c59c1ac636ada795

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif

MD5 f29b2422e8d88cff7e5c0bf74275e028
SHA1 9d48126f63ee4fcfd5e16ba093b61e2d1dc8c618
SHA256 051140402463dbbf122daf532e5947c76414be7119a5993fc1ca535976208ca4
SHA512 3d660b64f7e73b2055576b1a2a450758db7576f93fb6a970c31dcd69222bba6b375e0dba26a7f320547e766852940a87fed4d4a7bb0424b494474d4480d5fe5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF

MD5 d0f4097824a5768ccb37ff36a2561e68
SHA1 257b3baf375b549bf94c4811a7c6626e53f29ccc
SHA256 6c0a957ebe679d2c7f9119701ea739851664b4b5a3adc048f54f1f2554c8602b
SHA512 25e41f68e62fb2d3967fc0dd2481cec2494785808458cdbd02714205bc7c3ad630a609f14f3e63228aaa9da38a5d0c533334e712ddd073a6755a17a47665493f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF

MD5 9d32ec13eb57aa6f341a13ec4ab81f15
SHA1 929c0989188fa7affe7809e5c6ffc40397063a58
SHA256 995598f760a7c84a6217ae9e4b170bef4f244197ecb186fa2236669bc1337b69
SHA512 414bd6c9bb22c538e209d068317f848b4ab94159502cbfb5b73e5eb5e65c7e9c784ec7262438aa5b82fcf35cd09adecec624144f961d959b933bc01640800e09

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF

MD5 253de2c1b85855a0b601cbeccb0de17e
SHA1 e989eeaf148391e2bad2e262af612644f91eab10
SHA256 c2dd75d1f303ec62f0864ec43aee04fc889334883dfe1e545a53ef2aa8264315
SHA512 475e4b94db6c72c4889f7e24dc4439b414856ae480058c01f5c5840d9c70acb034d1e32013ad1fe0854b779180ca678b43cc01b7228e0d338c25866f08f4eb53

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF

MD5 932e37e632fda5d05d0c2f0775292e51
SHA1 a952fa9e8df6dc0c189adc81644a1dd6611479f9
SHA256 ae1c6bfbce43593346b8cd37225eab4140d20c733549a1794404a9b763762bb0
SHA512 9fe8326faae096d43f4298e5e45e4cfede7898aa47d4f3dbf90c2ae1720119e0dbc6d3bdfb769ce8e0c4b516163387ad5383bdf526334b78b4cb3192b567ab9d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF

MD5 f124578b0c27d3c2ffc0cf45071c1e30
SHA1 343d0d6cd08460023ab85827c65171a237862bb0
SHA256 13dc3b6c761e6184b297b96805683d72343a94ce5af33ccc7156b2c88210deab
SHA512 2b918920614b941412756483ae29adbfd67e5196a6df5a5b0d4cd9fe137ba8558463b2cacb518d08c6fefab39d0a572c38e063c43940d6ee776ca81c5f170dff

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF

MD5 9d931d247a1caa7c830d6c8c078be967
SHA1 8ba2ad4b5ebf278ef0480146a14c81dde4e54565
SHA256 b773a80efffd761806101cf9d2b0c61cc9b661d772b62fbbcf2548ebd93645cf
SHA512 9ae1cd4d2e340be7fbfbc3eee9efb1bfbb997dfd477f85d9322ea2dad923e72ab97fbb8f6c1641271ceb258144a5e07399528b43fcfd139514c5f3142cf8db38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF

MD5 314225c75929342c03211795c5027ee0
SHA1 8207f707b1334094eadfe857ad85a4e8c0762e05
SHA256 9a2f49261b02010e3a53038f8edfbf27fbf9e75ff2175f876ac8de0096096d57
SHA512 05ab61287248dd34ba73d847d516dec1aaab8fe79580a727c4780b9d04d27d720129d8dd7a7071f99cc976d3083b1af1b7083b4066e19772bca28635e3d2658e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF

MD5 05db54d5cb1ade1be3cf0890e02039d4
SHA1 a70398e70f232c343b2b857b2cf1f1243cb9c37b
SHA256 338feaf363231b9730a96db0c9b4d8e792c6ebe8dfcdb17a06d599dda696969f
SHA512 3e84fe7a2f4136fec66215ee76e295f617b6a9613bb309dd1f89c165e52129a3eba5e70560eda74cd0a55b5c9ba9cf7c26d8d73c4497b7c2afd6965a093707b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif

MD5 3b3bdcb677e9eef059e46603d44ef10b
SHA1 67693e7248f75d59824485adfc4efe9f244b5646
SHA256 dd142b607f81d901840de998bb0447a9043bfe5bb97987bae21d33ef7142f2ff
SHA512 a85feef28b9a66ec44d81face0e55e0ab3b76cbab5c08b8ca0da079b0800819ad1c1c5228a518c840b0ed547374c9af1f6a67e99e9b857a5ab49484eee5dbcac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF

MD5 a38ded3bfb66674a021b568a1bc61dbc
SHA1 74303b8926d855f03d4b3b608c91177acea34c73
SHA256 1bed4612bff22b459ceafe7785ef6a3f586b04371c6f92d4965384f2345065a2
SHA512 f62d477980b481daf372a5ae45bb2a923341a6a264baf8d3f25d0bc50dd3c60e7d9663f54c144df3a0975426c71adb677f2260c0ae1517b3230edcc26d1b21d9

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif

MD5 59f15c1f684fbeccaa5cefdd6af3837c
SHA1 418e916aba374f489bd4f8781bf442f1722c511f
SHA256 f017836ec188f4cb46a8ebccd2c7f6d88b9fc7b72a29b9aefad4490d9c479a8c
SHA512 cf5967d6428c801d1934aca18638a6be9de032cefb182640bc33142c747259310b8d3826e91b740c89db4d896e99f8121377b0ac33c175f2ad95ab311c6f1f42

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF

MD5 9995b85032c5e61980d7441730cc3496
SHA1 f40fbf62df059b498f92bb0ba04f0a384bde5b54
SHA256 f8198f947c2ca48e9449f03950c3605a0e0f071722551c9bf1f174027e11bc21
SHA512 99c6525ff47be78a4feb0e70ee4ccf884509a84bed1fce381bc2a30fa65ce05274e6ee5cde051e68b468e7a664e276561a46ae2addaa646b961d9dce9f0b8cee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF

MD5 f90b9bbba4c6efced565675cb5b79f98
SHA1 174c9abd199d0b8b473b48219921ee9ab0c2a24f
SHA256 88caf2167c9f9f701d406d0dca809b7c0d4aa9d4bbad29553982ea5e31704b18
SHA512 da5c907bc285e55302ae6ffa6dca606af79dc130152d37c0c760d58f7daa1a802e82ca2fcc5d01e7cda82001b8afc1d58a289c9a3e86c7459e1a97a139022e75

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF

MD5 3553b002484f8f1b93e8b76888618e58
SHA1 a407be938c161816c2993fedf0f452942dd021cf
SHA256 04478bda783bcb5d9412f5e6680b3d2b6239d29f63934f54c45ff439a50a3215
SHA512 88e0f946a16ff8437e75063969686d0d750da2f941f9eff2c69f1800abb952ab6445708dc821edc46607f8b434028ef8c91122f52f0fd213bb917bbe119cb7da

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF

MD5 7677d4e10bd2b7f8c7169bcd535887fe
SHA1 0b0a26683ae73f01e3a805020259fcb8f822f4f9
SHA256 199624c59d289cd3673e17c464a68c4d788f6c9990273fa859bcfd3fcdaf3851
SHA512 41bb4802d65aa06d3a1ff7ec65fa82b804c0bf4c41254a46f389709975ad30a440cfdbe5f35e27b332d4ff135646e8b60ce1a2cc2b1cdd650122b4c051507d0b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.ragnar_A0710810

MD5 3b8e3c59c282ef4606cda6d0153f539b
SHA1 d402dc592edbc17ac2fcdc92b60a29056eac2987
SHA256 87f0b366985abb36460fe32d11b49f0178c653b75729f95c3df492a9fb2ad66e
SHA512 e32fa41924c98a494a9e3e583b653ff6bc170e7321a8073c9debe7895c86575328d73069148fba85638eb84cc39729b8d40917862f21e11d5faa9e6d813db288

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif

MD5 f95e121af06765c5cb93bbaa11b6feaa
SHA1 d3143b8b6106d4f8d4acb5ca5fb745f3fe0ecff8
SHA256 73624e04659e3a17c20ed20b1b570d208a9cfeeda65b050b59ef12eab5f9a34d
SHA512 aa0a55a73f5eead10e8810099a3ebcd59b250d6918c1a0e460242f85875e36bc66d7fefb2a9898dfed6ef0e504416c76971cb89eb860077df034c09a6d245c99

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp

MD5 9ef1598e1a7cf2c2c421aa4986703297
SHA1 7d54ec90e662075b4eb6e9fa047bbfe89729c8e4
SHA256 56f147e85ac2714b5800a03e03e4c70f84037bb8685d6f990d0ca6da8eb7e4f2
SHA512 611461f5db5db20fa1007de3e46205480333e0bc496dacb761177803fd1721dbf05133f4b118ab267e860d19cf7c83c5e38ca9bc9e2a5c4ff546cadcd560deee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg

MD5 5a3fd97c457d09e0b9e4d9b0e12a3d19
SHA1 740e833f014172fa16a75a9a4dc11da91a4b5173
SHA256 77db34a93dcc020b998f6f1cba83262bafeb892b880a593bfb52ec4c35bf6b87
SHA512 c9f56e8e678c05da3d22777d61e0568c66594a0439ea854543711efe6eca245416f5ca8bb650c9b617ef4ddb5d2d5e77274db4a07c112410cdf4e76fe9f1a32d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif

MD5 4c467ecc75f9a89b8824873f41e87dbf
SHA1 aa5ffe0cf4aba2b00f96e9861732d8aec7973d88
SHA256 284c9c56485f8cd6743e02fcbd5ffccc8d2ec172bb0327ce4563c0c8bcb2be3e
SHA512 e77e517074a4ae382e5e58068ae26d8ac65eb5e8568ad09e4f8733e3181360eb0e34655a6e66ca6a7fc913fcaa6abbbcf06d794683b15e17a4061d659f5a0081

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO

MD5 238cfe9c37413f63e74a07858f895e27
SHA1 cb5117b2ac878e72c83ea6074c90774bc631c311
SHA256 53cc590bf60a44d354ec35d0225d49ada4f96c19c3c1d84c172a898046e93bf7
SHA512 91d27f9cd0bc63e907d189610d1b58a4f280a121985b0dae5c8eff825048c3be873b541a65448afc754f7b2d3c5cd3451237d5943b21d03313dc4a83e8c2deaa

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg

MD5 84ea233279e787c58daafbe433cc6169
SHA1 d8d17e18a78a36fdf2cb3570dfa8fe3f75172d98
SHA256 3976175fab269f1927e48b8d9d490e44e4ba2ec5ee38c35438e723476e2fe4d3
SHA512 ba01cd4bd50da3348e9be3e5d9feed610a327c49065ed4b6eebc3d91bf6f7b0a4a92abd6c379ff0e1bedeca7098892f2f311646c5af1ebe78e9d3150d22e1bc6

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF

MD5 c25df90afb4c015efbc3f4e181dea8ef
SHA1 e98adc7b4360d1e0f6347aa43d56ee42479efbd9
SHA256 dfc6b55b7989f2b516f66920f417f7e640ea4dda471bbddf970f9d87118b0a16
SHA512 d2b74d0e4a58aa06f2312584f89bfb1251a0e75e9d7ed54b7d07dbe206f3ba3f5b39f2ff43c7f79cbc373528465ef814dc99e489e05309f99147f865eb80eec2

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif

MD5 b44575a2e191f91c3e04b3cf778e7903
SHA1 7393bc066bad363aec0112e72d70bcc7af6367fc
SHA256 7ebf5cfb95a33eeb78a06176e1347d574dea0d52182f82eb16f83a2610d4e1fc
SHA512 bedc22c35f15e5c4ed74f7e8b9143bdd0bf93d04537f0229b8f449f8561d919ecd40ca1955f57835c521b02ee69c692a2427361b2ef441c5a2bd4c9e0ebc1f67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif

MD5 7bad47a4d9cc491dbaea6ecf84225a27
SHA1 8b2ffc202c4bb374a1c62d466ab730b41881956c
SHA256 225ec56f21ffdeae9575925e4f18d37012edf4e90449638f57aa37a5ffe51c1e
SHA512 15c0c0f855aea01df7329bc5e4c737178ea666a6b0c095eed309dbfe5ad95364584a9d0135f3384761c5f37d533b5a0bd3469d95a9f0a6b87ac9ae0e161681a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif

MD5 554bf9d93f77986a1ced2c1714dbff14
SHA1 42f118b4c1aecf40483a4a3c32678f1802c5dff1
SHA256 e6b2499361e28f4e5cc491b1172959f75cece4c67015e8d295e045926fd1cede
SHA512 f48fd2aa7cd35dcd497bae051450b29768cd84cb590de6abfae566d38e2d3818016c814846208b3926822f2db7108b4e89973c6139926475eaa676fb2bff0b31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO

MD5 d34b97fa17a95a90c208955807b57084
SHA1 b50949708a9d4557fbb86cd8b4598cfeaed0d70b
SHA256 386948834899b84ab61fae90827160becf348f6bcefa8c529371ac7e1b796dd8
SHA512 d7193a4729e3e323aeb64642b477f6e912b2b2f988a1641bd65c12b0ad196f13f2e342e2e269d7084e178ed505bfb80ad4c3de837ab61573554ca17f1cfa5b6b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg

MD5 793ce01c07e84891205ca92e0b469fc9
SHA1 6cde4683112edd0fdddc4447c2d9623000d8a2ee
SHA256 5d880d111f2fc0ac88ea1cf80dc1f70858397a348fd78fee4f9d817adecd8345
SHA512 3ae8426fe1b33f9ad46f592a36fc3c7ff35134ba519bed1877c26f47aae95c89cb4bb795875088773285d248ce1960e4e84ab0cc4aadee4e9ca2b61a7be6f0f3

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF

MD5 0b401ccad4dfe0f02c24aaece6e30d5e
SHA1 42910337a270cce7f8b1f54a7d38e188e1e18fbe
SHA256 cc5e4cee9ff08229e901a441255a756c39e98182914f97759099b1f1cbaf9f0e
SHA512 0cedc7192988143279feb19debb2cac708b13b3d65b8dc6d3e488abe6df5bc48645649d7f2a4c982efef3359dcc16769d08dcc502b0bac82f5600cd3ea56106a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF

MD5 c491e0e7d63716375c7f5e78f15b9eda
SHA1 a3af9383d6ae5ee59d366dc601ae0ffacee16ae0
SHA256 95960280977d61ed9423c00150f4ad9365b9d4282fe2d237579872f50a420be3
SHA512 80252ae22c7192add1f9430fcdbe2ffadf3f86254ecf6ed1ff3b08fe450e8627b87d40d659d2a3a0b8bce86c2b609b8259d2959432936d39f0887a0cfb72377f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF

MD5 c24c8d75c30d60226a1307bec923037e
SHA1 9c789f896769aa5b3ac334a5dffece6d68d24a03
SHA256 c855a1dba4ea3adef8b536e0aafce53430348499e09e7100ec2a5e1f2c8c1b45
SHA512 146eb983dbb89731c64046825793f8df4912fe0f0fe8f35df79e670bc71cef90970690220c37a5ff8a45e905a6708f383103db4c4b376b5d0f314b9647eb0c67

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF

MD5 34b30b5b57755acb5e9173cd57b6374f
SHA1 1ee6bd5d4f61820e1d194ae828aa485a52a53e7d
SHA256 09ff28157951b6bb472b6c3d1169678bc62ac8180dcd4f6ba7a1a6d265c8fd8e
SHA512 8ada95c3a7e9ade3b6b30dfdc23739682ea28a96606375b8f94adf2985828760cce6799ab911711a9766520ee6a4146bcd5ffc0b437cf52ddfad1885ed9993a0

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg

MD5 564e6a92bf308d5685423966fe187538
SHA1 dcf6c1229e4af100978c34e81f16442db6b4f2f8
SHA256 d74c452fefb197caceed240b5a89fbf87f959e211a2bf2f855f055baf504f7e9
SHA512 c7fd80b64d566d5735dde3ff1e52a432ff6b8d19d8bf77cfc23000657b5cfc099df771c11efcbbba018e9c4d3db09c43879ea97cfe10853c926316a8f1390cf1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp

MD5 9daede004f6e7a18f4c7dc42a57dc1ef
SHA1 94ac6167260d98655fa2c55558ca0f44f12c3f4e
SHA256 84095b377a6d5f56c7a93723a7849208f8c3ee25d3d08546aa83e13f44d88d1b
SHA512 575ac57c935ef0b2d3414fad66cb5297d1bb82a3533b60cfef45c1d8ba1b22f6c98fa2b08a05cd763d05fd4ea55d5ecfe335799e0a782ec2db1a1fd3b4dde311

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF

MD5 0b2507fc784d1e82bfd6231c01de7435
SHA1 709f4425dc2b896adced37ed64e900699fabb001
SHA256 d1384874108cc306c339c9a65c01f1fb5c3ee43965b2e9ce3b53aaea5fb40f6f
SHA512 ee6776917d69dd88750d9f9d7c25b4822763d9dda0faed94b7dac572cc3754ed09623c9f8c5820a5186b20b53a4dbafe4494e6f0f2ec2888b3c3a66686b8a283

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif

MD5 4f563de2fb52d24081ccbfcc9d040981
SHA1 69425977360b53cbf12ad57ffb7c0ff4304dee6f
SHA256 f701495206d243890dcc613049cfb8ef92ec2c0830b6651f5af5813e90b62cc6
SHA512 74a30e009a5868519e133acff3be3b4924141b77f0890cb19a8da8469c9cdb12208a4d16d4761fc46dcbe082fc181168d4b0b340e3b91c1950d18748c6019d65

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif

MD5 0b9ab4756d57430f8854d756664b9f71
SHA1 85e1779108fe119dd5f112a06a6122673d464f43
SHA256 708bc52693651b8dd67645c7d462408715bc503bdcc49482539fdb737500d2e8
SHA512 3bd1212564eb9bffd245dc55db58b26c1dffc84ebb0b7d2a1a715b607da844eccf419dcf9746bca1eb6514e8046cdddb31e55555afde3d57d4b7f56730f1ec83

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif

MD5 a01fce62fd5ac32dbc5809c62e641197
SHA1 8a69b77ad42530dd8d4a2aef1ef8e8d15b64bc5d
SHA256 990017aecba410503129bc72671491fb9f88d68f950550e5d16bfd753fdee453
SHA512 31fe029d312b4d4bdfc2a11226c83fde02542d65410764ef0136b1bceb4c0764fae4cce6975711c06fabe0976a3519b5c6ca8753997a3082a15cb2acc87a9cde

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif

MD5 0888ec0a2250db139fae0f34df424b43
SHA1 76520d228cb7281320ff17ef134d49061700cd77
SHA256 b94c178b9df2eb374e68a1152c7bf2bab260d5454a8970d693afb94dc5b63e7b
SHA512 40ce94a5f976bff027280e3953a2ad8d0db010b55df73fb1dc91d43069c66569c8b5675cd3f81bf0e0e2c7163bbe03b586078d65b1bb1b7b419b647ec2047155

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif

MD5 5ee09e1e0e83ba118329664de2fc8b84
SHA1 eb5dc39a87a0c8befd4b29b4f77f9057c0827d02
SHA256 b79c8290116c23830e677859d16400a9c6690f53322a16d0a3ca6a513c213eac
SHA512 dc5fa46c28baec30e81ffd4732e79a7c0cbd38f6cea68f5e9a18968d0a28d1fec0514ee4dab1c1cec536be1a3397ccb07cdfc4cbca9e1affbefd4bc78d99e30e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif

MD5 f2a608f07fbac70a24e3aeae538b4384
SHA1 a0126dac22a62e8f0585b3afa9c81caa9e3cbf5c
SHA256 7eaff211c3d6be31bcca0b3d075822e300d5d24294adc202b222b53eeee09764
SHA512 5e1782045f0aaf339be87ab24e78c4a54b26eacf97f665cf0c8ee68511a37ad25c8ae7121fd840d5eabddc76135193ba362c31d1066029ad112e6fac4d1a02f1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif

MD5 bd973645446d96fc1e077ff125258ebc
SHA1 2e65d48af30d5042ed7873b5683e31963f23d1b5
SHA256 c91336d0e54cb308d7d91934b540bee46d570361cdf80cedcb851e2bb8bd8a81
SHA512 ac8145be49b42a3ce81611a14fad906f4c357aed6e9f5d3e8692a9d1b62758d9a18afcd674c39925d05239811dc9038c034e9895cb4fd1e27e0857e88528b5cc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif

MD5 641cb2dd2f7b45ad55c10afa55af960d
SHA1 895847dbde2dc5debc96d56401eb8b2a95c3b504
SHA256 cde3250f44f5d3b54bcc5c286dfaf763714a51aeeffc0f0c35e0b69af8e8efaa
SHA512 12c353815900221fafc0d882d577166b198ec51e8a62da00bc0f91462832587d9587a1e98f62d55d27d917695d564110ad942a727ccb4ff1a38b5f9bd0adf864

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml

MD5 aa07e9e619f80fa54b60c02b9f119cd6
SHA1 26ba57c14786bd5e2f3d1567bab04e7c3c21f6c8
SHA256 9911f32cb710240858983b1884fe7642a53f1de92da1907ada9347f39da9d0c2
SHA512 27c98ca899d16418183dee4c3c345862ff47596093d67509f0173eceff9b0c298d4c79590a769aec3d49ed6dcc0fd5188adc139a0bd9614afa5208f59147bd43

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML

MD5 2e8392a73b4cc85f65592faad27a5918
SHA1 b4235fc4c2df8fac49605491f342da95269841af
SHA256 7fd40bc4b7966c24b49d4a151973b441c92e382bbbb54b2989c463a5f82bb89a
SHA512 86fb710edacaa8a6ec5453111c3a628f4ce0e9905875f552890a824eab3d7c71e83c184d8cddf78eb12c4977ad15ea697441bf68fdbd255cebaad8a6ec0fba0c

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML

MD5 7b797c6fc3306a0e14a5ecf293dc0f24
SHA1 513a434658a37b9370e0b7922df68bfc5484909a
SHA256 c8ae29c945a6eea4b6ac5ac20b197305fdfd5edf009e22bcb63f476b504a2587
SHA512 6a1a8c08a14e039fdf26ae453d4a69b5673a446d2f68b69cb7a6b6f1c69a1f1f419e017be98b5dfadfe728d7871c628bde7f03ba1bddad273193f8162773204d

memory/3108-18461-0x0000000000290000-0x0000000000970000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms

MD5 13b8acc4d24b69e795553989384668ab
SHA1 19869e2eb35a605ec13e80b21ad2eb62351d789d
SHA256 3df5be0edd70f39b3748d74a44a60a91f2e07cbb9e20f5335bbea5eb626a53f4
SHA512 b1ac04ad37545c7a87cc76f1ae2094040fc97160c96c5e405fd99a19cfc3d8a3d3c9f155b7fb448e201ee7674a205b2575b19b973c640d86a06a0d8435144f22

memory/3108-18673-0x0000000005720000-0x0000000005896000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\newtpp.exe

MD5 f437204b3e1627d8b03eefdf360281ad
SHA1 c824e787a9786d5fdd19effdec54abef217e5b39
SHA256 d4bbc125a9e94de44f4deea9d6b10adc87a1ec1aedd753b39d26bb15817fdadb
SHA512 bdb6fc7d1e7f61df6a7ff3036fd56793e1096937fb07fbe033692f20de1bc81ca0215c5eff5a21627607c1ca514296d9598490c244bba5ec60c74653e1978910

memory/3108-18799-0x0000000000B10000-0x0000000000B2C000-memory.dmp

memory/3108-18848-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18832-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18831-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18834-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18862-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18890-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18888-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18887-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18884-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18882-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18880-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18878-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18876-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18874-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18872-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18870-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18868-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18866-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18864-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18860-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18858-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18856-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18854-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18852-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18850-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18846-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18844-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18842-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18840-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18838-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3108-18836-0x0000000000B10000-0x0000000000B25000-memory.dmp

memory/3716-19513-0x0000000001160000-0x0000000001302000-memory.dmp

memory/3716-19564-0x00000000009B0000-0x00000000009D2000-memory.dmp

memory/3716-19559-0x0000000000EA0000-0x0000000000F82000-memory.dmp

C:\vcredist2010_x86.log.html

MD5 98f7f23d0c1d737c2a83977f58cb43d9
SHA1 4de5b97a4aa6677746210dd64a09831d1c6d93af
SHA256 c1f3874ef102ed242b3d7cd5df450cec866d894a676ad3c68ce85d6b604f21e8
SHA512 c29d6092713d905b755880805a2ed6933faa65b0e12040abc7e697667859862ea618dbf863398d47664a527234142aab6ec72abf0635244d591e206a697e8268

memory/3864-19790-0x0000000000400000-0x0000000000416000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\LummaC22222.exe

MD5 40e9f5e6b35423ed5af9a791fc6b8740
SHA1 75d24d3d05a855bb347f4e3a94eae4c38981aca9
SHA256 7fdd7da7975da141ab5a48b856d24fba2ff35f52ad071119f6a83548494ba816
SHA512 c2150dfb166653a2627aba466a6d98c0f426232542afc6a3c6fb5ebb04b114901233f51d57ea59dbef988d038d4103a637d9a51015104213b0be0fe09c96aea8

C:\Users\Admin\AppData\Local\Temp\Files\sunset1.exe

MD5 d4304bf0e2d870d9165b7a84f2b75870
SHA1 faba7be164ea0dbd4f51605dd4f22090df8a2fb4
SHA256 6fc5c0b09ee18143f0e7d17231f904a5b04a7bd2f5d3c2c7bfe1ef311f41a4d3
SHA512 2b81bcab92b949d800559df746958a04f45ae34c480747d20bd3d7c083ce6069076efe073db4618c107e8072a41f684ea5559f1d92052fd6e4c523137e59e8d7

C:\Users\Admin\AppData\Local\Temp\Files\t1.exe

MD5 a775d164cf76e9a9ff6afd7eb1e3ab2e
SHA1 0b390cd5a44a64296b592360b6b74ac66fb26026
SHA256 794ba0b949b2144057a1b68752d8fa324f1a211afc2231328be82d17f9308979
SHA512 80b2d105d2fac2e56b7ea9e1b56057e94ffe594c314ea96668d387ab120b24be580c58d68d37aca07273d3ce80f0d74f072102469f35cb02e2295817e1f16808

C:\Users\Admin\AppData\Local\Temp\Files\10.exe

MD5 4101b75d5e5fa4b011b571d090ed0501
SHA1 85c097a2d3c82e2e644562287c3eec7035c004f8
SHA256 0edbf3d32b22b572f8763c00d13ab0c62f7cc654a729fb8a73de31b031a5169b
SHA512 0a94a284e420a59c68847ddf5a96c07dee4726f045eefb1e37f6dfc23cd99eac68d51823427cb58f6dc9ea8740ecb1a18ffa343bbe2e4cf2b71d036d89ae87ed

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\WWZ6AIO8IZWJJUQM3X1A.temp

MD5 7af00469028e8b37194ef9fd05398ede
SHA1 25b81ad51d1c17051165d3953760329d8fd8e1f2
SHA256 e61c484c04282e369152710cf843714f10e0d8564fd93d092af75d61483ec53e
SHA512 a0ae2c03fb493fd8c737bc30a5f16d668d9897204ad71f09943fcfdd1d9fce982d3f15a3b1899b3d139b7c554f6d70197a4c1ef9c1ae9c7b3e8fa85095573b7e

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-28 03:22

Reported

2024-09-28 03:23

Platform

win10-20240404-en

Max time kernel

30s

Max time network

30s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mars Stealer

stealer marsstealer

Modifies security service

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start = "4" C:\Windows\sysklnorbcv.exe N/A

Phorphiex payload

Description Indicator Process Target
N/A N/A N/A N/A

Phorphiex, Phorpiex

worm trojan loader phorphiex

RagnarLocker

ransomware ragnarlocker

Vidar

stealer vidar

Windows security bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A

Xworm

trojan rat xworm

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (6588) files with added filename extension

ransomware

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Stops running service(s)

evasion execution

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e235bf13.exe C:\Windows\syswow64\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A
N/A N/A C:\Windows\sysklnorbcv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\penis.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9d56da3bee_main.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Windows security modification

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiSpywareOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" C:\Windows\sysklnorbcv.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" C:\Windows\sysklnorbcv.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\e235bf1 = "C:\\e235bf13\\e235bf13.exe" C:\Windows\syswow64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\e235bf13 = "C:\\Users\\Admin\\AppData\\Roaming\\e235bf13.exe" C:\Windows\syswow64\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Windows\\sysklnorbcv.exe" C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-addr.es N/A N/A
N/A ip-addr.es N/A N/A
N/A ip-api.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 6824 set thread context of 5644 N/A C:\Users\Admin\AppData\Local\Temp\Files\66b9d56da3bee_main.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\Stationery\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\animations\OneNoteFRE_ClipAndAdd_RTL_Tablet.mp4 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\vo_60x42.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Styling\css\ContentDark.css C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\es-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\169C488C-4C58-48C9-98BE-F58B4C8B9CC0\root\vfs\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\3px.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.DailyChallenges\Assets\BadgeCoinIcon.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Assets\music_offline_demo_page2.jpg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\New-Fixture.Tests.ps1 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_2x.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\ui-strings.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\manifestAssets\contrast-white\SplashScreen.scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\OneNoteNavigationLogo.scale-140.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\video_offline_demo_page3.jpg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\no\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\976_24x24x32.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\apple-touch-icon-114x114-precomposed.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\GameEnd\ads_win10_previewBuild_3840_300x250.jpg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugin.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Windows NT\Accessories\en-US\wordpad.exe.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-125.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sl-si\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\Assets\Logo.scale-200.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-unplated.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200_contrast-high.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ru-ru\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\versions\framework-dev.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\chocolateyInstall.ps1 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\premium_background_icon.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\ui-strings.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\PremiumEdition_PopUp2.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\edit_pdf_poster.jpg C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_COL.HXC C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\cm_60x42.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Styling\css\ContentLight.css C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\openssl64.dlla.manifest C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\sdxs.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-20_contrast-white.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\GamePlayAssets\FreeCell\ResPacks\RGNR_CC283BC6.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-150.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A
File opened for modification C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\penis.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\66b9d56da3bee_main.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sysklnorbcv.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\syswow64\vssadmin.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Windows\syswow64\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4176 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 4176 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 4176 wrote to memory of 4868 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 4176 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 4176 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 4176 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 4176 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 4176 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 4176 wrote to memory of 4720 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 4176 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 4176 wrote to memory of 4936 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 4176 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 4176 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 4176 wrote to memory of 3132 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 4720 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 4720 wrote to memory of 4324 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 4720 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 4720 wrote to memory of 2868 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 3132 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 3132 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 3132 wrote to memory of 2112 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\syswow64\explorer.exe
PID 2112 wrote to memory of 4528 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2112 wrote to memory of 4528 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2112 wrote to memory of 4528 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\svchost.exe
PID 2112 wrote to memory of 2512 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2112 wrote to memory of 2512 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 2112 wrote to memory of 2512 N/A C:\Windows\syswow64\explorer.exe C:\Windows\syswow64\vssadmin.exe
PID 4936 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 4936 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 4936 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 4936 wrote to memory of 3100 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 4936 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 4936 wrote to memory of 4968 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 4936 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 4936 wrote to memory of 3824 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 4936 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 4936 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 4936 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 4936 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 4936 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 4936 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 4936 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 4936 wrote to memory of 1960 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 4936 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 4936 wrote to memory of 4644 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 4936 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 4936 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 4936 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 4936 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 4936 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 4936 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 4936 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 4936 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 4936 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 4936 wrote to memory of 1792 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 4936 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 4936 wrote to memory of 4764 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 4936 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 4936 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 4936 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 4936 wrote to memory of 4204 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 4936 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 4936 wrote to memory of 1380 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 4936 wrote to memory of 4240 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\7.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

"C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe"

C:\Users\Admin\AppData\Local\Temp\asena.exe

"C:\Users\Admin\AppData\Local\Temp\asena.exe"

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

"C:\Users\Admin\AppData\Local\Temp\Bomb.exe"

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

"C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic.exe shadowcopy delete

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\syswow64\explorer.exe

"C:\Windows\syswow64\explorer.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\syswow64\svchost.exe

-k netsvcs

C:\Windows\syswow64\vssadmin.exe

vssadmin.exe Delete Shadows /All /Quiet

C:\Users\Admin\AppData\Local\Temp\25.exe

"C:\Users\Admin\AppData\Local\Temp\25.exe"

C:\Users\Admin\AppData\Local\Temp\24.exe

"C:\Users\Admin\AppData\Local\Temp\24.exe"

C:\Users\Admin\AppData\Local\Temp\23.exe

"C:\Users\Admin\AppData\Local\Temp\23.exe"

C:\Users\Admin\AppData\Local\Temp\22.exe

"C:\Users\Admin\AppData\Local\Temp\22.exe"

C:\Users\Admin\AppData\Local\Temp\21.exe

"C:\Users\Admin\AppData\Local\Temp\21.exe"

C:\Users\Admin\AppData\Local\Temp\20.exe

"C:\Users\Admin\AppData\Local\Temp\20.exe"

C:\Users\Admin\AppData\Local\Temp\19.exe

"C:\Users\Admin\AppData\Local\Temp\19.exe"

C:\Users\Admin\AppData\Local\Temp\18.exe

"C:\Users\Admin\AppData\Local\Temp\18.exe"

C:\Users\Admin\AppData\Local\Temp\17.exe

"C:\Users\Admin\AppData\Local\Temp\17.exe"

C:\Users\Admin\AppData\Local\Temp\16.exe

"C:\Users\Admin\AppData\Local\Temp\16.exe"

C:\Users\Admin\AppData\Local\Temp\15.exe

"C:\Users\Admin\AppData\Local\Temp\15.exe"

C:\Users\Admin\AppData\Local\Temp\14.exe

"C:\Users\Admin\AppData\Local\Temp\14.exe"

C:\Users\Admin\AppData\Local\Temp\13.exe

"C:\Users\Admin\AppData\Local\Temp\13.exe"

C:\Users\Admin\AppData\Local\Temp\12.exe

"C:\Users\Admin\AppData\Local\Temp\12.exe"

C:\Users\Admin\AppData\Local\Temp\11.exe

"C:\Users\Admin\AppData\Local\Temp\11.exe"

C:\Users\Admin\AppData\Local\Temp\10.exe

"C:\Users\Admin\AppData\Local\Temp\10.exe"

C:\Users\Admin\AppData\Local\Temp\9.exe

"C:\Users\Admin\AppData\Local\Temp\9.exe"

C:\Users\Admin\AppData\Local\Temp\8.exe

"C:\Users\Admin\AppData\Local\Temp\8.exe"

C:\Users\Admin\AppData\Local\Temp\7.exe

"C:\Users\Admin\AppData\Local\Temp\7.exe"

C:\Users\Admin\AppData\Local\Temp\6.exe

"C:\Users\Admin\AppData\Local\Temp\6.exe"

C:\Users\Admin\AppData\Local\Temp\5.exe

"C:\Users\Admin\AppData\Local\Temp\5.exe"

C:\Users\Admin\AppData\Local\Temp\4.exe

"C:\Users\Admin\AppData\Local\Temp\4.exe"

C:\Users\Admin\AppData\Local\Temp\3.exe

"C:\Users\Admin\AppData\Local\Temp\3.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\1.exe

"C:\Users\Admin\AppData\Local\Temp\1.exe"

C:\Users\Admin\AppData\Local\Temp\Files\1.exe

"C:\Users\Admin\AppData\Local\Temp\Files\1.exe"

C:\Windows\sysklnorbcv.exe

C:\Windows\sysklnorbcv.exe

C:\Users\Admin\AppData\Local\Temp\Files\penis.exe

"C:\Users\Admin\AppData\Local\Temp\Files\penis.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS

C:\Users\Admin\AppData\Local\Temp\Files\66b9d56da3bee_main.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66b9d56da3bee_main.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" & rd /s /q "C:\ProgramData\KJKJJJECFIEB" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.130.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 app.aefiabeuodbauobfafoebbf.net udp
RU 185.215.113.66:80 app.aefiabeuodbauobfafoebbf.net tcp
US 8.8.8.8:53 ip-addr.es udp
FR 188.165.164.184:80 ip-addr.es tcp
FR 188.165.164.184:443 ip-addr.es tcp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 184.164.165.188.in-addr.arpa udp
RU 185.215.113.117:80 185.215.113.117 tcp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
FR 91.121.12.127:4141 tcp
US 8.8.8.8:53 ip-api.com udp
US 8.8.8.8:53 117.113.215.185.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
CH 147.45.44.104:80 147.45.44.104 tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 104.44.45.147.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
RU 185.215.113.66:80 app.aefiabeuodbauobfafoebbf.net tcp
FI 95.216.143.20:12695 tcp
US 8.8.8.8:53 20.143.216.95.in-addr.arpa udp
CN 106.75.184.240:80 tcp
RU 185.215.113.66:80 app.aefiabeuodbauobfafoebbf.net tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
DE 195.201.118.191:443 tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 kenesrakishev.net udp
US 3.33.251.168:80 kenesrakishev.net tcp
US 8.8.8.8:53 168.251.33.3.in-addr.arpa udp
US 8.8.8.8:53 arpdabl.zapto.org udp
FR 94.247.28.26:2525 tcp

Files

memory/4176-0-0x0000000073A81000-0x0000000073A82000-memory.dmp

memory/4176-1-0x0000000073A80000-0x0000000074030000-memory.dmp

memory/4176-2-0x0000000073A80000-0x0000000074030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

MD5 2a94f3960c58c6e70826495f76d00b85
SHA1 e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512 fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

MD5 6f8e78dd0f22b61244bb69827e0dbdc3
SHA1 1884d9fd265659b6bd66d980ca8b776b40365b87
SHA256 a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5
SHA512 5611a83616380f55e7b42bb0eef35d65bd43ca5f96bf77f343fc9700e7dfaa7dcf4f6ecbb2349ac9df6ab77edd1051b9b0f7a532859422302549f5b81004632d

memory/4580-15-0x0000000000400000-0x000000000043D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\asena.exe

MD5 7529e3c83618f5e3a4cc6dbf3a8534a6
SHA1 0f944504eebfca5466b6113853b0d83e38cf885a
SHA256 ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597
SHA512 7eef97937cc1e3afd3fca0618328a5b6ecb72123a199739f6b1b972dd90e01e07492eb26352ee00421d026c63af48973c014bdd76d95ea841eb2fefd613631cc

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

MD5 919034c8efb9678f96b47a20fa6199f2
SHA1 747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256 e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512 745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

memory/4936-32-0x0000000000DD0000-0x0000000000E48000-memory.dmp

memory/2112-31-0x0000000002CA0000-0x0000000002CC5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

MD5 31f03a8fe7561da18d5a93fc3eb83b7d
SHA1 31b31af35e6eed00e98252e953e623324bd64dde
SHA256 2027197f05dac506b971b3bd2708996292e6ffad661affe9a0138f52368cc84d
SHA512 3ea7c13a0aa67c302943c6527856004f8d871fe146150096bc60855314f23eae6f507f8c941fd7e8c039980810929d4930fcf9c597857d195f8c93e3cc94c41d

memory/4868-33-0x00000000007D0000-0x00000000007D8000-memory.dmp

memory/4868-37-0x0000000005050000-0x00000000050EC000-memory.dmp

C:\Users\Public\Documents\RGNR_CC283BC6.txt

MD5 0880547340d1b849a7d4faaf04b6f905
SHA1 37fa5848977fd39df901be01c75b8f8320b46322
SHA256 84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25
SHA512 9048a3d5ab7472c1daa1efe4a35d559fc069051a5eb4b8439c2ef25318b4de6a6c648a7db595e7ae76f215614333e3f06184eb18b2904aace0c723f8b9c35a91

memory/4528-653-0x0000000000F20000-0x0000000000F45000-memory.dmp

memory/2112-715-0x0000000002CA0000-0x0000000002CC5000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 c5737fd008eb9ee68eec0980f52c9b24
SHA1 a3aff185e733b18954a30d43cedb9abe5cb95437
SHA256 0a4168fb4c1fdca7a328abfb57b66ef5f79a13c8d034b8b8a03b342d57c84bb2
SHA512 b65d3629573468c03f3769541643d6091d5eeb7c5eb036cdd8921acf5a5daf0c013cb363e8d0a209af7857b2d28dfbea7a314d450e3df7a965261b0789f47e5d

C:\Users\Admin\AppData\Local\Temp\25.exe

MD5 476d959b461d1098259293cfa99406df
SHA1 ad5091a232b53057968f059d18b7cfe22ce24aab
SHA256 47f2a0b4b54b053563ba60d206f1e5bd839ab60737f535c9b5c01d64af119f90
SHA512 9c5284895072d032114429482ccc9b62b073447de35de2d391f6acad53e3d133810b940efb1ed17d8bd54d24fce0af6446be850c86766406e996019fcc3a4e6e

memory/4796-1208-0x0000000000CA0000-0x0000000000CB0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\24.exe

MD5 042dfd075ab75654c3cf54fb2d422641
SHA1 d7f6ac6dc57e0ec7193beb74639fe92d8cd1ecb9
SHA256 b91fb228051f1720427709ff849048bfd01388d98335e4766cd1c4808edc5136
SHA512 fada24d6b3992f39119fe8e51b8da1f6a6ca42148a0c21e61255643e976fde52076093403ccbc4c7cd2f62ccb3cdedd9860f2ac253bb5082fb9fe8f31d88200d

memory/4968-1226-0x0000000000960000-0x0000000000970000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\17.exe

MD5 c252459c93b6240bb2b115a652426d80
SHA1 d0dffc518bbd20ce56b68513b6eae9b14435ed27
SHA256 b31ea30a8d68c68608554a7cb610f4af28f8c48730945e3e352b84eddef39402
SHA512 0dcfcddd9f77c7d1314f56db213bd40f47a03f6df1cf9b6f3fb8ac4ff6234ca321d5e7229cf9c7cb6be62e5aa5f3aa3f2f85a1a62267db36c6eab9e154165997

C:\Users\Admin\AppData\Local\Temp\14.exe

MD5 e6c863379822593726ad5e4ade69862a
SHA1 4fe1522c827f8509b0cd7b16b4d8dfb09eee9572
SHA256 ae43886fee752fb4a20bb66793cdd40d6f8b26b2bf8f5fbd4371e553ef6d6433
SHA512 31d1ae492e78ed3746e907c72296346920f5f19783254a1d2cb8c1e3bff766de0d3db4b7b710ed72991d0f98d9f0271caefc7a90e8ec0fe406107e3415f0107e

C:\Users\Admin\AppData\Local\Temp\8.exe

MD5 7cfe29b01fae3c9eadab91bcd2dc9868
SHA1 d83496267dc0f29ce33422ef1bf3040f5fc7f957
SHA256 2c3bfb9cc6c71387ba5c4c03e04af7f64bf568bdbe4331e9f094b73b06bddcff
SHA512 f6111d6f8b609c1fc3b066075641dace8c34efb011176b5c79a6470cc6941a9727df4ceb2b96d1309f841432fa745348fc2fdaf587422eebd484d278efe3aeac

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 e3a80641489617ae5a15570d8905da05
SHA1 523f9dc4b8c9294d8dc27ec264fc2f0e92e3ecad
SHA256 69a2d5786b5b062d67aa00de639f51849eb1319839abd2856866c287ad0d1580
SHA512 f92d52003bba2c58c6346dc3b601924677a5093ec61a05b5c14d961802b1d3bd2d206c1455c6f7e24ba50899b6fd2408b32a04e53bdad357185d9bb3f919d578

memory/4204-1568-0x0000000000790000-0x00000000007A0000-memory.dmp

memory/3316-1573-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

memory/3400-1586-0x00000000008F0000-0x0000000000900000-memory.dmp

memory/4168-1572-0x0000000000AB0000-0x0000000000AC0000-memory.dmp

C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties

MD5 f226cc8329f26fdcf30588089bbad4cf
SHA1 f4c0ad8e24bf0a268cf741bb177a3e11ac529105
SHA256 0322ca701b8318f54dea3fcb4d2e51959847951317006b910000b719365df193
SHA512 5b35c0402d86eb969997c5044a9d79042f4dc29d58f5ce9d9dbd8726408736e9a0e7803b83c863acbdf70e56f4c3e0de03475a7584b92be5d6c1629a351d429d

memory/1148-1634-0x0000000000C20000-0x0000000000C30000-memory.dmp

memory/2420-1641-0x0000000000080000-0x0000000000090000-memory.dmp

memory/4064-1622-0x0000000000040000-0x0000000000050000-memory.dmp

memory/4240-1571-0x0000000000CA0000-0x0000000000CB0000-memory.dmp

memory/2440-1570-0x0000000000660000-0x0000000000670000-memory.dmp

memory/1380-1569-0x0000000000750000-0x0000000000760000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6.exe

MD5 27422233e558f5f11ee07103ed9b72e3
SHA1 feb7232d1b317b925e6f74748dd67574bc74cd4d
SHA256 1fa6a4dc1e7d64c574cb54ae8fd71102f8c6c41f2bd9a93739d13ff6b77d41ac
SHA512 2d3f424a24e720f83533ace28270b59a254f08d4193df485d1b7d3b9e6ae53db39ef43d5fc7de599355469ad934d8bcb30f68d1aaa376df11b9e3dec848a5589

C:\Users\Admin\AppData\Local\Temp\1.exe

MD5 8ec649431556fe44554f17d09ad20dd6
SHA1 b058fbcd4166a90dc0d0333010cca666883dbfb1
SHA256 d1faee8dabc281e66514f9ceb757ba39a6747c83a1cf137f4b284a9b324f3dc4
SHA512 78f0d0f87b4e217f12a0d66c4dfa7ad7cf4991d46fdddfaeae47474a10ce15506d79a2145a3432a149386083c067432f42f441c88922731d30cd7ebfe8748460

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 012a1710767af3ee07f61bfdcd47ca08
SHA1 7895a89ccae55a20322c04a0121a9ae612de24f4
SHA256 12d159181d496492a057629a49fb90f3d8be194a34872d8d039d53fb44ea4c3c
SHA512 e023cac97cba4426609aeaa37191b426ff1d5856638146feab837e59e3343434a2bb8890b538fdf9391e492cbefcf4afde8e29620710d6bd06b8c1ad226b5ec4

memory/1964-1545-0x0000000000230000-0x0000000000240000-memory.dmp

memory/1792-1544-0x0000000000540000-0x0000000000550000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 f86770a4fd3e9458289821460d93e217
SHA1 db8d279d20ec9f45970eeadb96de62e82da8d967
SHA256 ba24b13fea67730a803890f233a10bcab50235849da90d5d405e37daea63b36f
SHA512 6316a41e27c6aabbab00c5916967c34e4155dcc2fd42fbc88dfe804f77887397970c4df2d60b881c21cb35cd5fbc482592473868fa444e123b3f9776e73d4114

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 713b950c43e58b1b437d6cec6746d094
SHA1 f0613b1e99297ff62fdd597984f63db1c05ce3cd
SHA256 ef46cace69447d391784af8885a098c2b908f630c20b5a7b7d5eed17d0854bf4
SHA512 b41cf1bdb3bd22857688165ca37e6513f263be43b42184bdab1820066833a578ab7267f105b3e66a8b04c06b61925b2dea7adc88c6dac46915b30a8d86bf8999

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 40a4fdddc2e980266bf874d6be4dfeb4
SHA1 7a3a348db7dfa2151b690d255e8d1eb9a04e4b7d
SHA256 e637d6504f8d63ce1c409e206c07001574e91ab4907b4eb5f60d691e714e55fd
SHA512 4d819907faa87b8cdf5438433fed9ca496f12b336c71c5f009de9027e7955afb889d300317347e15cac791e309101efce8a58b88a7f45f59d8a333f63c2749ed

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 3ecf3be4c6cd87a767f224003c76db95
SHA1 be4db93a551f09980a277ef227a278c9507e69bf
SHA256 ca3fa49ac3f04ef0959aecddf8133ab1072e1378531e5e163bd49142498282cf
SHA512 390a70a4e5360d801b3f3e93f77dba01081e8dd1b97d64f62de8ce3d88680dafa1bde16570e2d96880f8f6f983cdaaa854462a49ff4b4e395523cc6f79f43472

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 9087c71eede131145200e80e7f6ea956
SHA1 62b95bc1314c533d5320ee5a235f11f40e56490d
SHA256 714d20720a9f3c89f46372654a58c5887c2da6748a680403c32a02535d65238c
SHA512 2e2010f307cc0950d79693ad2e9c6705733d845a1ebdcf906f7402df3df889ebefe9a5ec4c80d2eb12309b0322628e7836d9edfb30d7744d33d03031068e8218

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 447982f0a95c2ace10ac67b510bfd22c
SHA1 c871ec418c3baff1f157a279c339d278eb7e8ef9
SHA256 c28c426839eb5159c516f282800bbc5386af63f73ed9a0c24f680e3d36f89462
SHA512 02bc4a6c2dbf56651d6452c6dec1b50e729989991427d1e5aeb025c34e66444a8e130e6ae579e5e435bc5963bdb4c8fd166b75d98e286e1a7fb64525eb6db0b2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 272cdd371e3c02361ba34f4b3f232055
SHA1 fdc2fcfe8eb1a0e1edd5452efd1a3e250cfae5c0
SHA256 25ec8af9cc29b522c787fbe52aef6616fc1d4166ad11fd29fa601a91c6031776
SHA512 f4c3968d17d6448ed05dfdeddc83a1c4418d5c3bcfbbfd0eeb09cbb2f82823b10ad8f4c59e1ba95f0b4e16f3b0aa923cdfa72ee60f2464d11ad67d9760d4d3a2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 cdccfd067c9783939fa8afeb2b54df63
SHA1 94624fc65a7a93f332ead8094e7e8943fcac6dc9
SHA256 a9ba2d1012195a6547379efd993df373816a8002019a95b1fa5c7b5259b08f7d
SHA512 e7d8a285ef2045ce0cec9056f65c49ef810207ec5b6cb2b0a01bc466ff343fb4589ef6b80aae8802e5e2aa48f736101b068ce5f10ec22aa9df0f6f501aedc9d3

memory/4764-1527-0x0000000000870000-0x0000000000880000-memory.dmp

memory/2516-1526-0x0000000000E50000-0x0000000000E60000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 1a612c3e167d1ff7667cfc129622e917
SHA1 8bc46cf2c63a88422e997f7b73dbb8f2efe7076f
SHA256 5d6ae99614926975f8b05822a18cafc9bd79c7357d548d64fed951690c6912bf
SHA512 d1fb0392b44ba4a7351254ce7921d6bdc39495a4c57778ca919ba211592e09c8849378d6fee1b6ba895a800bb27ea415203556d13cdb37e87373456a0ae6e362

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 bbf33cc730016b35b308a681dd767c57
SHA1 71e084a260d8c07021870f719b38dc5088446d6b
SHA256 70e45b93d31f3bdb0a03e555c0aa1a3d567f757dc5cbef28cb18adc8021aaeaf
SHA512 673cd5da7bcbbfa4d8f18cde6fd7bb4eb78c3bef27b4d95c70ad9e3dd9ce4b526ff65d37d487ad00c33ecb7067cbf48b013d766fb9735924b3833073da61330c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 f757f3f8d9e74ed6de703d3ddbd20ee8
SHA1 0cc2b5fbfff5dc2c7f7058ddec56a2ae23ed1aa7
SHA256 be44c3a8a49157f24ebfc2cef77b744bc19e1ebbbf76b5bdb5f848a461ad1d46
SHA512 8514a8366f13f7736a9ae7953d0a9a4dc6f415bdd16fd2ea8c29545ff17508948fe42b5d7d21598ec57666bff43360b88fda2c27a09241f80dd696762dec16a9

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 57ae4226950cec2a1e728893c4c1feef
SHA1 4f67ef968fc77fd89caadf01e14f97b3e46f6e97
SHA256 ab0a17525182e47af4d0fa8f7090a788aa6c07799eabe24c8383c80798848310
SHA512 e01808c577fa64ceb26b5bae74bf19389a2ba7c1242e107b6f2ed5f144b30adf3049115981549e5a878f2d7413b7e5071f9fb2f29f09d6e0831aebf5a0230145

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 218e7d0a05ef55a0326390f468962eb6
SHA1 30b4514f74191d0843a54aff848ddfb1e6a796f0
SHA256 15ad0289f0c1669f2021fc81f111845e208f444732a80daf3f11e19f88281311
SHA512 bcc3f375a29a4c07697c85aa8e7c74bc6225c3189371eb496a9d153774723ad0c1e68b7c8a7ac1a5e3df4b7e1b655730cd62f4c467a04f358ba498b9272689d9

memory/2656-1514-0x0000000000450000-0x0000000000460000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 a3f6f0daf17b3674ef3fafb01e340400
SHA1 c3b87915aaf3e8120aadf7cbf5aa72c4a0b50d51
SHA256 ce506d64b744836b5e14a18432ed6c53fe1c50d739b98d26fe992915fd97521e
SHA512 f1b50a3b67ba517ed7427bbaed812f3fc85dcc90e9eec14b81cef102a34f4b9e0a8ec7128785ba799824cf3df6d22e12df381520af75b894f17f02d0fd73703b

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 0537f32e44690fce0a1a3bc442aba571
SHA1 0d464aae8e726329d3f560db728e56016d1749bc
SHA256 43696c2ff9782ad2bbbc40db0d15392bc22e1d524f7e21c0dce14ce2f8c37de5
SHA512 370a85313f8a69b786276a2b2fae1de522ce71b0542c0b13b0f014d0210b78039702d26df955c77badfa8c65b6316dab32ba585e825f579e3e7032def19d0a32

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 8d4162a38bc48d31e586e743228d3940
SHA1 49ab30d88e4c07fbfe6ef828446042a5af63507d
SHA256 e5e7a05f34eb44bdfd5d78720b28c83d6a3e29970fcb96cb9c9f338e3655a991
SHA512 8da87c6d7755f5a7da75cea91efc59961f5bd1392c3387bb8c819905527bf0196986eb6b06378b970ab24a5a4c04fd0ab99d693ae7b89ec8d7d5ad3a69fa57b6

C:\Users\Admin\AppData\Local\Temp\Files\1.exe

MD5 a775d164cf76e9a9ff6afd7eb1e3ab2e
SHA1 0b390cd5a44a64296b592360b6b74ac66fb26026
SHA256 794ba0b949b2144057a1b68752d8fa324f1a211afc2231328be82d17f9308979
SHA512 80b2d105d2fac2e56b7ea9e1b56057e94ffe594c314ea96668d387ab120b24be580c58d68d37aca07273d3ce80f0d74f072102469f35cb02e2295817e1f16808

memory/4948-1508-0x0000000000D40000-0x0000000000D50000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 67f0f19639cb0c7e047dd7a8ae40e374
SHA1 df298459ffa48a7ac4f5b5c99e4223b95301b08e
SHA256 1dc7c95cf84ba97e750274d652fb4e11e2b413ac592fea347a18b0451b27bddf
SHA512 6efc1f74a904e37c9187453469528d15470b2a12d091ca6cbb1553587b66d36030b03e12e08cbcb79308e672b647fd04c9f7a445157927e997332470bb35ecaf

C:\Users\Admin\AppData\Local\Temp\3.exe

MD5 a83dde1e2ace236b202a306d9270c156
SHA1 a57fb5ce8d2fe6bf7bbb134c3fb7541920f6624f
SHA256 20ab2e99b18b5c2aedc92d5fd2df3857ee6a1f643df04203ac6a6ded7073d5e8
SHA512 f733fdad3459d290ef39a3b907083c51b71060367b778485d265123ab9ce00e3170d2246a4a2f0360434d26376292803ccd44b0a5d61c45f2efaa28d5d0994df

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 e765f473da85a910da520432663fe553
SHA1 dc3123c33dac68c66da85011944e7ecb900a7213
SHA256 28ec018763c6e99ae879c92c8c3e6318e1fa9ec1f1c1ee64f05da6a6ee4a0eb5
SHA512 670f03fde39b83aaadd8b823fabc4394798173ebe3a8c77d69343248209522f5ea47b67df71c55b718472674b5b3e5d3df8c05095ab9c7a495908da90049e308

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 48ab2d21e9503b38f7096ed9d404b25c
SHA1 ae42d423848759946320ff5198ea874a20746ab8
SHA256 2fa366bd0d378702ce59f7d9fd26f93a1303c882a2ce2e465ff6838f72ffbfd7
SHA512 88274355a4fa342a94b956e16c3da2863695fe8dde1a2e4e999a2b600278bc4602595efca9d8cd8c5e63f3745f939c571f808233e361a6100ccc8bf8ab9b67dc

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 2cd9fa574c29094760fe1aca15dc36cb
SHA1 6ca0fca8c9d3a5d29d7471cb73d91e55984f82a7
SHA256 dc41ad170bf533c1b50a6288ec7c3b6ef1c7768224c7d58a5feaf74e6074135c
SHA512 e906395d1f22539dce55420509a2a7e3c113d28a268c97f9fe3658a0d0a274386c725e0f8c9f13c5060e994ae03ef06cf96639ce8df17fc9e8ed5791825f2d9e

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 ea4879607a70cb2b3d082f80496de741
SHA1 67bf4b26dcebd4bfc46fe3eb3a857b47c92a0fa7
SHA256 f3b99104047460b32e9ae7a4abffe51f54b39106dd16b174b8bc00691564972e
SHA512 59f071c5ae9cca2ec43ba6e233765f2a656877db24d8d45502706f7fca60a5aea6d12bbe88bc74a4507d4659127b457662558e39e29f829edbe14dae1778f39e

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 135c8b2d435d3d11108dbfcaf6b0fc03
SHA1 392906175bb5ab42226cb58a14df8f2eab379e4a
SHA256 bb0449f811308a934c2b9109409140ce0fae0848c096d5f75412441bb1d26248
SHA512 8167f19c34a09c5133849f3af8703bd1033e897c6ced2d7ee69fa4374788d33921d29ff6c9261736f0ab7d6b33de0aed7699d86b71e136e670d52fd58bcb6379

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 c3592d5492b4a0a294cb238ac0dcef12
SHA1 ae076a1a81b917fc5411da0d87de0a2011adc361
SHA256 a1512956a1accd8b8a5bccd1ce1f0589cdf4650a7b2a799219df3284e047a1d9
SHA512 8ba592fb10baa2590f60e522744333a7401395c2b3b970ddba7f4534d22080822aeba25f61da2df9f7d8175b7ec271b914f800b24a402c24241e6e53d604cf32

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 b430ff6e3eecc3c937026e7ee20824f5
SHA1 4aa03754a6a5265905f28dc9cab0f4943a7ab669
SHA256 8aa922ade83e1eb00bacd2f741df2b62bf6e760418a54e49e129a72fbb8b4387
SHA512 19e4afa9afe7a4fdd153ccb664ecffa1b878a537e553f8f905861c68af5628b7c3edccfd4a94fb59f6a96ad0baebfd04f89ce3f28e9848aac8e9ecb98137522c

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 2b9d785ab5762353f44d1b7263f73183
SHA1 e87bc24ce3c64eb6fafac46502926b534be1f016
SHA256 52c17c34a2b6ec2082b3441c332d72315f29103172740fb71dce45cf4367af32
SHA512 1194668c11d50483702483f979b0c924a30e6b29802cb50b5acd6c866a5fb7522d2700c96f827869e07d1215df07f33c105d4658a7bf3f4f55109d7884c45e47

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 776162520a5539fb6e33bf37f77884ea
SHA1 04e8fef17be9c43b12ce621269b1c4446730a487
SHA256 0f0e21183886945a7804b09d43628478723d8e5564a1d218a926c9cf4b39dbd1
SHA512 e79c25a6ec521d51dd5115dadcf56790d0f3d28dbf4dc9e3a447ca2e5ffc1deb19383b3308415951cb2c400ec4ef93bd39c0091d21967088bc94b0944ee9bfb7

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 af60f6d800d1f2eb4576d69702488303
SHA1 5235e3123d9969332550097200e00b641f9243fd
SHA256 8fac0ae9b07015d58ad44ceca7697b8585afb42c504b0ecedfd067487a67dc0a
SHA512 09c5ef6fd8dba66567172bb77e2abc6e7aec4ee601138032fcac998ccd446f3b1d1e7d59fda34269bdd32493ab8fb0e78829e40d657d8904a0ed6fadfb184dac

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 92e6c572e47614300e4fefc0ec4b2695
SHA1 c27129730d394cab800288795dd5e7e32a94ad10
SHA256 2e23b947e4f111676db710e525fcc159a58054433159a11456ab8bb81f13a972
SHA512 a1b9cdfe81b518c6b4781a9bf7ab638180e3d90847f9f8fe10d7f2e66c4795030c43ab11c3c0952e2551f2a118e31e61c861a6b2c738a2105094e31ef0bb799f

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 d520ee102f3f6ab5a6dd3822379f184d
SHA1 1bb5226eefb7b8302d9ffcc86eb7890d1a98cb09
SHA256 78aeebfdf0abe7951f0ac2bc5a1c37f2b9de76431b17fc0ae91a9a406d4108d5
SHA512 991c9db9816e78b2c08596251e3fd2e865926ab3e21124c6aac67cb81a64d00415be0fced8c4ac7920425f24b9466bccfd82504fee6b0dee977dc5092722bf99

C:\Users\Admin\AppData\Local\Temp\4.exe

MD5 c24de797dd930dea6b66cfc9e9bb10ce
SHA1 37c8c251e2551fd52d9f24b44386cfa0db49185a
SHA256 db99f9a2d6b25dd83e0d00d657eb326f11cc8055266e4e91c3aec119eaf8af01
SHA512 0e29b6ce2bdc14bf8fb6f8324ff3e39b143ce0f3fa05d65231b4c07e241814fb335ede061b525fe25486329d335adc06f71b804dbf4bf43e17db0b7cd620a7c6

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 3e21c6f0e8370b72f397968bc7d5a549
SHA1 505fe2deb1bf19ee5c398cc7331b067014945383
SHA256 c98f49f1de2bb7da6c6d2545a899c71a312f0bb9801b3bb96cf4b4b30731fb8b
SHA512 aa959cb28401fecdd41a4f2adf17682218705b67ec05d7f56c87f2a3c17cc0e18ae0093447069ffa2fc31f22ea9a5cf7f3346760075dae83270175c29768cdf5

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 f8af916d1dcfdbe2a545180c43754599
SHA1 b1110521eaf59c4f0924645187d6aa60b1dffe35
SHA256 a1298736921fed8b02dfd284eed382aa50aeb03a936498a8ceda971e54602e7f
SHA512 352bcda5a7be147c427b2dfc363b4a99de3d7f63521d29ba81521e901805b803ea31948cdb23ab974ba588e25923db2e4826b6299b8e731b4675bdd2360de660

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 e855b51b78e6646ebf5cde7d294391ef
SHA1 6845b0b0454f0f08b2f6de8316a8a2ef7f81c09e
SHA256 adbb623ebda64384462fb0f413e64c5e2cf2a9eb8536873e3c387efab5916f6e
SHA512 73a8d6a4492c7c857d11a5689244bfa305937307da2eb2dd40a1bcf02a611d50f2045f2771b07dc006b3dcda2f88522389ef341aef526ef232cc36b9d6ae91d0

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 0b190d33f4bb27839df4f0acaeb059bf
SHA1 4ea6591d1348189963de425da1e9aed9ee2200f5
SHA256 087e7dba09d64894b81b55eed272b98f76ffb5fa30ebf2c10225a174849454e2
SHA512 e0917b1b3c624421b8a96d70cacc2b26475d445548a9534a67a26e3b2deb08e5d1da8563a0140c342a62c24dfeff5bd5d7a4faa56aff4898bd39ca586e8ba44d

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 ff060d1d972ddf1741643d63551d6c95
SHA1 3b754e05a216af94897200fedb7138c40f65485a
SHA256 44fa31542fd70500731d8d3af275be33a671c6909d46d065de1b4e6acf05ed66
SHA512 204c45853a16a97b61173f61c55b9d83b6b3dc5546451eea091c3d06a4ba10b3d87594b08076be7215b6bc544cf6302930a458c6a7a15f05ab837c9060e7ab07

C:\Users\Admin\AppData\Local\Temp\5.exe

MD5 84c958e242afd53e8c9dae148a969563
SHA1 e876df73f435cdfc4015905bed7699c1a1b1a38d
SHA256 079d320d3c32227ba4b9acddf60bfcdf660374cb7e55dba5ccf7beeaedd2cdef
SHA512 9e6cb07909d0d77ebb5b52164b1fa40ede30f820c9773ea3a1e62fb92513d05356dfef0e7ef49bf2ad177d3141720dc1c5edceb616cef77baec9acdd4bbc5bae

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 f4e91c965b38f89d128403fc966df83b
SHA1 aca1fb77a02615d58c925a41403e99c2c0715a1c
SHA256 b1b7cb57b25632782e7f0f16a8d0b36bc4a76dd0b4ff81cf536543f408b32915
SHA512 4e7ff580bf8cffdf772893f4600ca5c3998548895a33962d614aa541293b228f948280c47a1d9d854b7e39adf0a8ce0c2466a19461c3b7b6c3146fbd80fa8340

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 12e9a9d3948873bbe16cdf2338f59e91
SHA1 04e4c9df18a820b954b87c4b9bccf5149920db95
SHA256 5928b2ac409463e1400d7699544675dd5b7910fcc4cbb59432873f9bd6ee29e4
SHA512 e998e2902ab0ab6b6e06ebc4b5afcd6a418eff75d4ff9d3cd5330e8e9de5750f16aba0fe3dab349e4893c1b02ce49595b56b9035ad4e5ca3309e8387f720d3b1

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 355def7f86f3193355881a0f090c5774
SHA1 93fc0fc75e483b928586fd60f04ae15316d59fdc
SHA256 e0e5bc820590dd240a1ec88c727f8c26a05e659c08f13872a425bbbed5471397
SHA512 ee8ce495c816059cf6848a7c9752aaa15c1275a655f6c91b02717f11dc831e21ed9c80d7b67a55366389230e0bed4302cd45005114ee18206ff03ee7456ae310

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 0dbbbb892722e051653862e3b6ef24fa
SHA1 d77d21c28ec49fe4e97ed35bfcef2efc4224e828
SHA256 2a90d66213b7f392fe75699fc10a7e41ab9e6eaf5963ec574a2210b016e7cdf8
SHA512 ef79d695a5eb9ceab6b63221d76490d44c479ea72d83b7312599c1780af170715537b25061724f8f2b320a20ab37d8b34edcbdae4741037c93b798515feb89ca

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 d1d4eeea25794df45ecc68448930255a
SHA1 48f437de423b807e7aade04f11e1fba3a63ef583
SHA256 88a89b663070da77e7d6477123f4163ae2bdf555b7e3ff9812a4df0d5bb7cc7b
SHA512 22bcd6eb8ce6cf35323940fa8e500e0940bc720411c59c2e8cf6a3de5c9780a0fe818ca02d8225f8ad4d8b60b6d3795a842f843cbbc58e3438fa32ce80a23a5c

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 9c71080f791237aa723f139fbfc73b61
SHA1 23aff4986880bb38b46c7731a0f379a8be01d652
SHA256 df8f51f73268f3e7879d5c1d31d5a0c64fca56e8d95df63ca92aff5dad31c463
SHA512 586b712e31036da61243fe4315b4ec64451982a83d1389f4325192fe48ac4d84a6616ccf8bdebbffa40d0be916cf2d7ce47a454c906ad333ae0dcfba621995d7

C:\Users\Admin\AppData\Local\Temp\7.exe

MD5 c84f50869b8ee58ca3f1e3b531c4415d
SHA1 d04c660864bc2556c4a59778736b140c193a6ab2
SHA256 fa54653d9b43eb40539044faf2bdcac010fed82b223351f6dfe7b061287b07d3
SHA512 bb8c98e2dadb884912ea53e97a2ea32ac212e5271f571d7aa0da601368feabee87e1be17d1a1b7738c56167f01b1788f3636aac1f7436c5b135fa9d31b229e94

C:\Users\Admin\AppData\Local\Temp\13.exe

MD5 c76ee61d62a3e5698ffccb8ff0fda04c
SHA1 371b35900d1c9bfaff75bbe782280b251da92d0e
SHA256 fbf7d12dd702540cbaeeecf7bddf64158432ef4011bace2a84f5b5112aefe740
SHA512 a76fee1eb0d3585fa16d9618b8e76b8e144787448a2b8ff5fbd72a816cbd89b26d64db590a2a475805b14a9484fc00dbc3642d0014954ec7850795dcf2aa1ee7

memory/3772-1419-0x0000000000480000-0x0000000000490000-memory.dmp

memory/1960-1399-0x0000000000FF0000-0x0000000001000000-memory.dmp

memory/4644-1398-0x00000000009A0000-0x00000000009B0000-memory.dmp

memory/4228-1397-0x0000000000B90000-0x0000000000BA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9.exe

MD5 28c50ddf0d8457605d55a27d81938636
SHA1 59c4081e8408a25726c5b2e659ff9d2333dcc693
SHA256 ebda356629ac21d9a8e704edc86c815770423ae9181ebbf8ca621c8ae341cbd5
SHA512 4153a095aa626b5531c21e33e2c4c14556892035a4a524a9b96354443e2909dcb41683646e6c1f70f1981ceb5e77f17f6e312436c687912784fcb960f9b050fe

C:\Users\Admin\AppData\Local\Temp\10.exe

MD5 d6f9ccfaad9a2fb0089b43509b82786b
SHA1 3b4539ea537150e088811a22e0e186d06c5a743d
SHA256 9af50adf3be17dc18ab4efafcf6c6fb6110336be4ea362a7b56b117e3fb54c73
SHA512 8af1d5f67dad016e245bdda43cc53a5b7746372f90750cfcca0d31d634f2b706b632413c815334c0acfded4dd77862d368d4a69fe60c8c332bc54cece7a4c3cd

C:\Users\Admin\AppData\Local\Temp\12.exe

MD5 7ac9f8d002a8e0d840c376f6df687c65
SHA1 a364c6827fe70bb819b8c1332de40bcfa2fa376b
SHA256 66123f7c09e970be594abe74073f7708d42a54b1644722a30887b904d823e232
SHA512 0dd36611821d8e9ad53deb5ff4ee16944301c3b6bb5474f6f7683086cde46d5041974ec9b1d3fb9a6c82d9940a5b8aec75d51162999e7096154ad519876051fe

memory/3824-1360-0x0000000000820000-0x0000000000830000-memory.dmp

memory/4664-1393-0x00000000008F0000-0x0000000000900000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\11.exe

MD5 6c734f672db60259149add7cc51d2ef0
SHA1 2e50c8c44b336677812b518c93faab76c572669b
SHA256 24945bb9c3dcd8a9b5290e073b70534da9c22d5cd7fda455e5816483a27d9a7d
SHA512 1b4f5b4d4549ed37e504e62fbcb788226cfb24db4bfb931bc52c12d2bb8ba24b19c46f2ced297ef7c054344ef50b997357e2156f206e4d5b91fdbf8878649330

C:\Users\Admin\AppData\Local\Temp\15.exe

MD5 c936e231c240fbf47e013423471d0b27
SHA1 36fabff4b2b4dfe7e092727e953795416b4cd98f
SHA256 629bf48c1295616cbbb7f9f406324e0d4fcd79310f16d487dd4c849e408a4202
SHA512 065793554be2c86c03351adc5a1027202b8c6faf8e460f61cc5e87bcd2fe776ee0c086877e75ad677835929711bea182c03e20e872389dfb7d641e17a1f89570

C:\Users\Admin\AppData\Local\Temp\16.exe

MD5 0ab873a131ea28633cb7656fb2d5f964
SHA1 e0494f57aa8193b98e514f2bc5e9dc80b9b5eff0
SHA256 a83e219dd110898dfe516f44fb51106b0ae0aca9cc19181a950cd2688bbeeed2
SHA512 4859758f04fe662d58dc32c9d290b1fa95f66e58aef7e27bc4b6609cc9b511aa688f6922dbf9d609bf9854b619e1645b974e366c75431c3737c3feed60426994

C:\Users\Admin\AppData\Local\Temp\21.exe

MD5 a8e9ea9debdbdf5d9cf6a0a0964c727b
SHA1 aee004b0b6534e84383e847e4dd44a4ee6843751
SHA256 b388a205f12a6301a358449471381761555edf1bf208c91ab02461822190cbcf
SHA512 7037ffe416710c69a01ffd93772044cfb354fbf5b8fd7c5f24a3eabb4d9ddb91f4a9c386af4c2be74c7ffdbb0c93a32ff3752b6ab413261833b0ece7b7b1cb55

C:\Users\Admin\AppData\Local\Temp\18.exe

MD5 d32bf2f67849ffb91b4c03f1fa06d205
SHA1 31af5fdb852089cde1a95a156bb981d359b5cd58
SHA256 1123f4aea34d40911ad174f7dda51717511d4fa2ce00d2ca7f7f8e3051c1a968
SHA512 1e08549dfcbcfbe2b9c98cd2b18e4ee35682e6323d6334dc2a075abb73083c30229ccd720d240bcda197709f0b90a0109fa60af9f14765da5f457a8c5fce670a

C:\Users\Admin\AppData\Local\Temp\19.exe

MD5 4c1e3672aafbfd61dc7a8129dc8b36b5
SHA1 15af5797e541c7e609ddf3aba1aaf33717e61464
SHA256 6dac4351c20e77b7a2095ece90416792b7e89578f509b15768c9775cf4fd9e81
SHA512 eab1eabca0c270c78b8f80989df8b9503bdff4b6368a74ad247c67f9c2f74fa0376761e40f86d28c99b1175db64c4c0d609bedfd0d60204d71cd411c71de7c20

C:\Users\Admin\AppData\Local\Temp\20.exe

MD5 f18f47c259d94dcf15f3f53fc1e4473a
SHA1 e4602677b694a5dd36c69b2f434bedb2a9e3206c
SHA256 34546f0ecf4cd9805c0b023142f309cbb95cfcc080ed27ff43fb6483165218c1
SHA512 181a5aa4eed47f21268e73d0f9d544e1ceb9717d3abf79b6086584ba7bdb7387052d7958c25ebe687bfdcd0b6cca9d8cf12630234676394f997b80c745edaa38

memory/3100-1222-0x0000000000870000-0x0000000000880000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\22.exe

MD5 296bcd1669b77f8e70f9e13299de957e
SHA1 8458af00c5e9341ad8c7f2d0e914e8b924981e7e
SHA256 6f05cae614ca0e4751b2aaceea95716fd37a6bf3fae81ff1c565313b30b1aba2
SHA512 4e58a0f063407aed64c1cb59e4f46c20ff5b9391a02ceff9561456fef1252c1cdd0055417a57d6e946ec7b5821963c1e96eaf1dd750a95ca9136764443df93d7

C:\Users\Admin\AppData\Local\Temp\23.exe

MD5 7e87c49d0b787d073bf9d687b5ec5c6f
SHA1 6606359f4d88213f36c35b3ec9a05df2e2e82b4e
SHA256 d811283c4e4c76cb1ce3f23528e542cff4747af033318f42b9f2deb23180c4af
SHA512 926d676186ec0b58b852ee0b41f171729b908a5be9ce5a791199d6d41f01569bcdc1fddd067f41bddf5cdde72b8291c4b4f65983ba318088a4d2d5d5f5cd53af

C:\Program Files\Java\jre-1.8\LICENSE

MD5 9d781ceedf4e6a9e19ffdef959635835
SHA1 0943d0959ea556d6a52f60932b9419569bcbe980
SHA256 7f297f1435b697ecdf42e489322446816b18ff52f1b181e76a0d29b953994654
SHA512 cbd739ec0c6a8797b6f7a8bf7a7aae87f49680fc9c4d862bcdfbc56a9fe2b49df15312a39d4594c70454c7130a2a7a331f7f8b9afa268d0ff7127204c9238e6a

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 d5dddc374af962a6f983498f669d5cb1
SHA1 346ffe9808b6f571af3c8c66de9ff799191edf64
SHA256 f59bdfc46c917dbcc90865809e539e47cfc5dbee332128d0da8684b1666e2d29
SHA512 91554ba489a9b5e08cb2c943f42c4a43c1569e7ebd6ce3fe8522a9802b70373c7423aee875f293121fd9681973d3ed284578d1ba19f8888dc043ca33595f74d3

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 63866f56daec30b872400ea2be42f4b9
SHA1 418551de3fecb0b189e57588a159f0eba1ae327b
SHA256 b6bd153cfc02289be591cb4299b118318808957b2c92799e3fb167d3e0f3f261
SHA512 c25f19eae9afc372aae94889b252d75bd708e09af06af4951a48ff9fa13791d3c33c5687357239b9bbaa0cb461f8a5d0b1cdadb5846f5897608b1d39761ef729

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 20fae18f3fc9bb3871a82b0b7a1e6d97
SHA1 7e8d7d8773097d51516ca508e3eda372caafcd70
SHA256 334ebe2961ccdb4174ceec238fb836ae21c78e493ffbcefcbcae63e44f275e96
SHA512 7bd469dd95d9fc5a390dc395b4850e65246b08c31962c75c5cd571a86c882d1b683166148460cbefdaf23235f58a441fbeca37d994aa093a07cc7f418df5f496

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 14e9259d4ea649fe10deaca3f188d04c
SHA1 b36652d700abf463effcaf6d9b00e0360be807e7
SHA256 1a3396106e7b9da49c169807e52643795a16087555bbf793a6c626ae4ff051a9
SHA512 b7ec11de3ec5ac1c0cf5b8b91f73fb1049ab13df98065ff899f8c2abb554c3e9fbf77cd14059d781e90b2287f8439e1a626e567b6804819c6371bcde82333c33

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 066904497077b7a3f0e328580d4e29c3
SHA1 24085a3180c3206cf54092d31f3462a1a5c39f64
SHA256 262642c539b992e795745312c907b5dc13441de69123fbcfcaa9068487490168
SHA512 34131ce10ffcfe91ba2632e86559ccec8dc1c4a3ab3ffff3fa0962eba58282a4232dcc55623b0f1726ac951eb4f0ed1565d6cb67e72f2377bd099e59fb966ed1

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 91214ab3218d8da43246ca47bffa47e8
SHA1 bcad653151a3382f1f54e51ce7a339a34f90fc40
SHA256 259be2ff0f785d1b38f5be21acbd05ebd5cfc9cd125be47006504d2660d5abc8
SHA512 9b3da12a5859a4ad09195a7cf339135aab123a7b5854bb0fa165cff610d4cbce66aa67e3f6c95775b5ffa344bedf2f6853710fc9b687db2005bf5ef1d1aa6303

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config

MD5 8d7fc7317c1502d172b43dd8dab52ef5
SHA1 8964466066e316c9af69ccd40784aa6d5f0174c2
SHA256 9f708c9ec6c916c0f944ef8a5e73304758aee34ad6d53f625e0d053ec4060229
SHA512 8455a3152cd3117c98ed8b11618670f8efc3c4e02af5ba9ebc6bfddcccff3da1ef5bcb2db0a070cace0290d7d74468e4be6cec0d7e3a13e181e3b3ce19aa6732

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 90e21fe7648157e4f934ea774421e3d3
SHA1 dc2682a2b939e5089ee302ba5fb44b3dde6c8cff
SHA256 4e4b4f04f36e13d2b14a24acc0ac8f5192a5028e0822654f819c0be6d1cad30b
SHA512 7b81a5594ec31b3d827faef866b5d34180ad11f18d234287c938c6fe492f942a5cb503d098e2e80b0e63599fad074b3ef137fcd97f31d7d8b0781637eb8160e0

memory/4176-5803-0x0000000073A80000-0x0000000074030000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

MD5 1c235bed4982aa9ecc8424a502d83e5f
SHA1 e770f79f18716f0ac3cfce9316ff1fb8367a66e6
SHA256 901f0ddcbba3000e89dd7854426505fdc1b090072478a6cb64752411a0d9674b
SHA512 e971a00729224c16da4c7d683e8d4e04c4be0d000a0c90e20e77540741c31f125188139f7ef43282113ca096762e332b0cda2f08c805ceebf8b34651ced4fc6c

memory/6420-6017-0x00000000007D0000-0x000000000083C000-memory.dmp

memory/6420-6111-0x00000000056F0000-0x0000000005BEE000-memory.dmp

memory/6420-6118-0x00000000050A0000-0x0000000005132000-memory.dmp

memory/6420-6213-0x0000000005150000-0x000000000515A000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms

MD5 a138a12d2d080179217498d27bb10ce1
SHA1 c7e32f0e87cfe9b4f265f355c3bf40651e4f99f1
SHA256 9dbc7c4a235f0afbda50f4ef0fe89709d387de5fd38ba5ca2071b0050e122e0c
SHA512 07b577ce0b4a7152f2cd62015d263ac8f4a362a3e122e9e33f76bad9bf2f83796f5be35c0f60050a83fb04f6437feb3ca82c8fcb2e1d14644bf972ebf8e2e427

memory/3136-6455-0x0000000004840000-0x0000000004876000-memory.dmp

memory/3136-6504-0x0000000007080000-0x00000000076A8000-memory.dmp

memory/3136-6604-0x0000000006F60000-0x0000000006F82000-memory.dmp

memory/3136-6618-0x0000000007890000-0x00000000078F6000-memory.dmp

memory/3136-6615-0x0000000007000000-0x0000000007066000-memory.dmp

memory/3136-6665-0x0000000007900000-0x0000000007C50000-memory.dmp

memory/3136-6674-0x0000000007770000-0x000000000778C000-memory.dmp

memory/3136-6675-0x0000000008120000-0x000000000816B000-memory.dmp

memory/3136-6849-0x0000000007FF0000-0x0000000008066000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mo4h4ic0.ndz.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4176-7244-0x0000000073A80000-0x0000000074030000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

MD5 c23c2d839562aee722f5d49cbadaea6e
SHA1 4fd2c6b9b0c3c2b05bc721af4ab8b26433bbb97c
SHA256 b7b8149929de938b4557bb9fc7c723269b8f283facb9217b14da0d6921598dc7
SHA512 55ce669670d79419613ad396bcf20660523dad88cfc7fa368a83a0c7ffee256227681d675711263edd3341c16cff535f2ba0e405c4f0ea52e3a969da6944c366

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

MD5 d0b160a2123e29390591fdf69799ad0f
SHA1 3776ac32b84432817601e871bebd821ebe83d39b
SHA256 6f19f4363469b7dd0384a43f890ed792dd23eb12c0f3e7aa49963519e30e5688
SHA512 9853670f8045a805838da21dfa6615a6e221199d8b5b0b5ea31dbbba2794d28b85db1481f4b7770c5c8da39006a6563a98c940290aef789c42cc79c7fc41464b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

MD5 3623760359bbcae801991ba98e243fa4
SHA1 a2323250d80b54e42eb7b9e3670260fa1d71edd5
SHA256 65af3640c2dcbaca88b71c88330b719f65687c423b979d65e0acc09786272301
SHA512 76b28bc67ada5406e94255ebd87885f5cb6505093e610aeb0c91d0eaa854876e9042e14f877717f67893d7c8bdbd4b1358dac1fdad46792a2efef87ede859b4b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl

MD5 0f40b45ae60bb14e53d61f57532f7a83
SHA1 bf24d057758e77e05a6dbb7ee478b6d5ba19a3fb
SHA256 42baeb11c53cdb07a925819f389132e3c042a15e8f2456d26654317bb438644e
SHA512 ba39ffd1abff4b1d01bd100761827a843dd2979ece6d347f7efc6ed557d9a35208ab7b12d6e8f780375afed8300f81a5afbb3a6e990573865ec672c61bad6596

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

MD5 18bcf35be91c309533b7d1ea04bce98a
SHA1 142cbef3dc22c6f2ca82107c67e43131eec818fd
SHA256 7fd782c39b53bf0d438c00f778d471dd98202e787c37fad1305604864cd8be87
SHA512 1e89f2daef6eeedb38072c25d7fe5b477813c5c8b9251a66d7652c378396ef8fd2f179ec54cec2045a3e74c093894a1133a7fe80b128b7851e7871892af9db1d

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

MD5 cd77cbd9f4c5a79a6a240387f089f455
SHA1 50ad3be8ef38c4622b34b0098675d0f958dc4aff
SHA256 2a338325791be2dd0ccbe87007c127d4ee18af2054331c94714e0e045c329562
SHA512 b9a5310afdabdfe6fd12f8e2356c7b093fed3aaa768914fd3cdecc8d51f7b89b37eb7756118fee5ad00b2318c62fb97cc3d2d3abc6743ea049f501d588db0433

memory/3136-8122-0x0000000008EE0000-0x0000000008F13000-memory.dmp

memory/3136-8139-0x00000000703F0000-0x000000007043B000-memory.dmp

memory/3136-8148-0x0000000008EC0000-0x0000000008EDE000-memory.dmp

memory/3136-8194-0x0000000008F30000-0x0000000008FD5000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 718723810ab08a9f26303868e2ef4f1c
SHA1 d868a2dd82c495b81716b01af50dcc36ea7463ab
SHA256 5637f19e2b7cf1d8a84cf67a38385eb74eee52380dd9172ef0a494e5cff3dd1b
SHA512 73622fb58787c1fa6fd00f39f1ffccbb55a3bd21b8019399012d0f057df0b78851aae0417701d3ba2597c2f33fdaaed57b939347e1a2bd415a1dc6fa81db5079

memory/3136-8429-0x0000000009420000-0x00000000094B4000-memory.dmp

memory/6420-9027-0x00000000084B0000-0x0000000008AB6000-memory.dmp

memory/6420-9169-0x0000000008080000-0x0000000008092000-memory.dmp

memory/6420-9142-0x0000000008150000-0x000000000825A000-memory.dmp

memory/6420-9240-0x00000000080E0000-0x000000000811E000-memory.dmp

memory/3136-9876-0x00000000093C0000-0x00000000093DA000-memory.dmp

memory/3136-9901-0x0000000009380000-0x0000000009388000-memory.dmp

memory/6824-10180-0x00000000007C0000-0x00000000007F8000-memory.dmp

memory/5644-10202-0x0000000000400000-0x0000000000643000-memory.dmp

memory/5644-10223-0x0000000000400000-0x0000000000643000-memory.dmp

memory/5644-10225-0x0000000000400000-0x0000000000643000-memory.dmp

memory/6420-10412-0x00000000062F0000-0x000000000630E000-memory.dmp

memory/6420-10878-0x0000000009CA0000-0x0000000009E62000-memory.dmp

memory/6420-10992-0x000000000A3A0000-0x000000000A8CC000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png

MD5 3f07d3b0d6d485b12ee652727d21b93c
SHA1 a8726f729c8992da5c86177c0d9bc5e26e1956ab
SHA256 5a06ba03240937d869fd9d8f99706e58def6aec5bdb242224c309ad2c59a74d4
SHA512 e515216823660052b1f3fe9e51f7458f081d3c59f2cf8ceb9264278015f9050ab754683108238326123d95794a2c3aeb4477d072ccb6d080cc75ad8ed0abeaa9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\duplicate.svg

MD5 9d4400d619f30755f7384f104b64d7a5
SHA1 4af0cdac21d7449e0c7728b2ab045a65e7b5c875
SHA256 9acae61ff98272538dcc094636cd520e35272665c03d6c26346f7150bb601e14
SHA512 5f3f7bcda18189e642255fc1586a7934aa7b724e9a6bbf2594d635316d9548574625cf61e6397905a1cfbb1e6f4e513ac83045f2ab86d51bc178a092ddf1494e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg

MD5 515fe2c65d49cc408b0a9e23c98d0fed
SHA1 1669b8b7d61cce3e66f65ab40a79420313e851e3
SHA256 850a251f5e1bf03cc46cfcffbc69e32dade683e4368a9d146a34239b9f9fbe24
SHA512 dbea09b9e7cd4a60b91c9437d915b20d6b8cf782dfc3968444a734bf86c1921f05ed76c10b8f38d43ac573fa6b69d8e508ca461f8ccd6d3b230994594310d1ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 a3a716a74330c52306056796d58510c0
SHA1 be1fd5d520e2a07e90af4bf4b58094144721952f
SHA256 f42ab19be0905d6008a3983457e3a26794c7d079ec651dbda21121cdb080f82b
SHA512 a3fd6856bf2f67319a75b57c4bb5f4e43625b55b6cee168c55801f14e4316b6175d6b30e9856343003b7cd564c6ad87c663ef3b22c14dd64bb94fbc383fa3dc5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 99a2cb52d44e45bf67f8f881e5e7c7b3
SHA1 cbf020a65d039de4257842696fee423b4bf0ad35
SHA256 74714e80c8318117b18c582391b97d51edf57fd388ad4a702ea5359d2c9a8192
SHA512 2b6eefcba8b779e97575d532158465a023c2221a6b270fbcb610981235a512724b5bb72b367b28c9a11d4e47ea71aa94b5ded27fd33517b3083f9172a21d1dd2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_backarrow_default.svg

MD5 81e006b74354a1d0a0dbf25f175d42a8
SHA1 27f04012d32eecddacd129119ac63080d0668713
SHA256 7dc6fe2aaa4916ae362dca43eb5b444abe08d40e1de64bf8206272cb0784ca48
SHA512 24fa9efa9aafd754af9e9ba98f5a5d9a3cc00b17f8ba928d2ad9f577228e6641c57f5ff0464e0fc832349c3c32bb0ef7fa6e7f817b88d30da85149a4ee0ec0b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg

MD5 347afce10b4324dd8bd076e03c3fbacb
SHA1 ea9535019b755050260edba2fac31edb969f9420
SHA256 59b816d822d718b5a6cd0986825490f4c548e32643fa9ce553b0ea31eca45872
SHA512 5d56a74708c8a85344993a25aea4d5c6dddff34e3e8e1e64ff60caa507417b583b574c400100f2be4331cbccf46506c38e673b84b612b4eb5b688a5964fd5504

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg

MD5 76b577b462c0a80565426499d56da623
SHA1 bc7338e509600db492716a8480db681bc3242f80
SHA256 2f6aab493eb82d3d90a6bc9f5ed32ca8f134a271af0b8051938ba4de62f1b88a
SHA512 916a41d6c5965595a8ffa4317a128f0c25d8c9222c12fd9e9301755e2a1d9c9a2fa5e6abc4bf78f56aa52abbe5e2ba6c5e5e36ed981aa0a8e19c4dc37218fab5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg

MD5 ab2526a20c81aa5bb436fc0540467316
SHA1 68d6063854e0f1c022c85daf0b9c694104a7e5d9
SHA256 6d84c2fe249a6337e3b95a557c1bb05e50f8b7247cd0c3e3f7e0d5811522fee1
SHA512 ce3ca06ec35566d40ce52bdd2173a05c3ddec23f52565e951753a76c808fd9bbf5cf1cbbff2c62176a3bfc4ccd835688d81b76233deb21a4224e2c29fe38ee44

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_export_18.svg

MD5 ea77b4c5ae1fd61dba3eff9f29463148
SHA1 20611927274ecf6da22902b6d70e570c23c0bb06
SHA256 0ff35bac0aadd3a3a4acfad4f07ce5c57a6fcf523b1d33fe04c85f2b73cc0fef
SHA512 841efeaa61d95bb07350d5b84682c73d74fc06408e367e6bd606765ce90a20285d30460e55426bab95ddc93596bd16dd19bc468e22e3d9606a80ca72a888605d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_fillandsign_18.svg

MD5 4f74763e987e3529ad8b0c825a0d9d4f
SHA1 4c9b2563d87d17b2ad827f100f66e17ccd6bf666
SHA256 def3626cf9d73d279744aee321bc5683b02ce4e6aa6d7db96c4d0ee626220fff
SHA512 9cf21ca225e82dda18813aa74c9c3ca7949908954b51412af454cc0e89f9cb66076317b95a5a5db5d9f94055031a7f837ea99ebb7823a903b7ad1540d1a8d821

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg

MD5 60d9e029563bf20c6ef1d60863962aad
SHA1 7b19898d6744415269de4825b56de0c3dec5244a
SHA256 43014588bc86817ac0d396590673f0a1d28aa8e0847e483af718904b58ea09cd
SHA512 366a56d6d820fa6f46dbec0126717656d337b646eca5c217db42f2bfb35ac86558ef578f22468b30bc583ad629ea700500e76c4b4f85e067bcbea40343614203

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder-default.svg

MD5 1ce6db365d1a155eadd38104358fd69b
SHA1 640357ec0c370b3b46e325c429f8f183f87f9682
SHA256 a1e2610df4340f725343254db8ca38ed740dd7507503eed0b32c742c109bf7c3
SHA512 b380257da4f798a76a652120c216151a99e76dd2f2852a99bdba64ceed55b7cac3c1742a7c7c3df651eeca88719367ecbe395ec81d0b85fb78f4690a8bda448d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nextarrow_default.svg

MD5 2bcfc6ef6b13b0111e5b985556f67424
SHA1 efaded38614d2d0b4908c5cbe7cf3fddf714dd9a
SHA256 c14664087f2771db632429c31f53b6d47f8aef2438758cdb6bc820cd73e2c762
SHA512 636acdf90207080bb520d7440fdc0dbf43c0cecb65e6996086f27fc094df9cb351ddf400ba4758dd57ef41ebfde299d1491990d87d61287b9054d8f1978c36e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_organize_18.svg

MD5 60a3e10e37b32929d3b1b44383f431dc
SHA1 bd9fb883e515fb7655253e9ded0bdbd2d9941fe3
SHA256 4deb428b0e77216eafba4c977669cef361de970b2da0cfdb11bcdee7712e9650
SHA512 1b8812858265d61ca5b905938eaafbeb6907076827e7e85105ba025db7bb821749771a8b72b4d9c9384a040297d0ce970e9b02cab7eab501256c672e99740207

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_rename_18.svg

MD5 8ed9fd832d45754663ddc09f45c6ca5f
SHA1 d2ff65662a348e70230cce48b68f19c14e6d6eff
SHA256 a7a6bf42f9e3e9ac3a0c2c0cd38ee5c8f7e8be2de65e6dae92b0076b36af9432
SHA512 3a29540df1cac7ccb6a7539009af9f2d6342c32ad044268fcb285d50cedb57aae5173735a7f2f8aa3e18ce8ffb5331fbd8ed3fa32a5e9fb01537c183a102b5a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg

MD5 4f3d19fdabb8ec59b260632d7edc5c47
SHA1 00da6d023835469676506331fe984a9acebbc80a
SHA256 1654e13795250e326570e51d035a6ad1fd8289eef7ccce5cdc9e77ad8240993d
SHA512 9ef920ff498b994b12eecebce7f81b7b2515733ea22b609ff2ca763b29b99d8dc22c86a83183c6c754e66f460f75d1a12155a8178fd5af916e47a1bbd565e514

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg

MD5 fb1137f9ad27e0a2c4d0749896206a6b
SHA1 5f4155903640eaf70ed534e5920a875269060a0b
SHA256 9687dd5fa8087b49904bcec3dd9f0747b61dfa214a698ffc8850df379139d398
SHA512 4e4e86c916200236a8912207b2627bd2f68fbad87eacafb1f348f67b480b85bf95ae1307d34abe8c1e17c42e8bed14624f939cce216296979bd4dc9b69024475

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

MD5 a9941f2ec5c63e8c8602692d565b2ebc
SHA1 4bd8d9a8555792af6d42361cb8919a3d6f42becb
SHA256 e357f174e885ffb97b7ad0fd66cbaa0abb45957db84a20c57239fb45383712a1
SHA512 39f3b4fd7b9007f01a8fb4b971bdea21f0176fad4162e3fd3ab2c6b389fe61d048213c3a31515d3eaab094ce7433c3b7dd63201bcfd7c80f00524c3598210883

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 b93553b082881f4153e96231aa36f6a3
SHA1 7c543f0641a6230a459495417bd5acf83bda37a9
SHA256 370f77df1bba7a9ec4a8a41a135442aba02bfe101509b42c776255f28608274e
SHA512 a61a5cf930d382c183750bbdefa063d60d2e49c2f4c33dbe84eb4f965e861cfd3921b8bc03791daedb14c65c5747c67ceafcf50e4d7a1943d9a87d93362d318e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 d4320b1a45404f40682269354a4ae0a5
SHA1 a8bb640944a36e6553336327b8fd1559c65be155
SHA256 8a53e103c7dbe165cba9349813963db0ac978d24d62ad101d94c2063713f5ea0
SHA512 aab32d69e5e1f2dff33a91e59791781ffd72ac96c80d72aea2d52514f38a53fb364ef9af04e58d6757a15a6510f8a59a24437c9ca055429927ab00089159e300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 a5e98231877d5825d87263e9ef53bb86
SHA1 b13bbde4313936c5e0dea530a2762b87a62d636a
SHA256 7cc1001ec5443376d904cf60a3df6cd3246e50db2aa0a01d222eab9603c0e5ce
SHA512 37f2208e4c8d0a60dc0d9bd89d13863a1382894a2c64966cf0d3787793a1440e4da29309fae4f49b5d1b0932e7aa4d00f4860ca526a9cb502d00742e4e31361f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

MD5 4320afd02dc8b05db06ec279dc8c3bd5
SHA1 6959b8856ae410c19b6234868016bedf8da2ae04
SHA256 9f3dc9ece7c4938be64b52a208a9c1cd33d84d1d4322b727e548dcfe81a069a2
SHA512 d727dac29c987f63efc2247f8e43ff548f28eccdb23aca6a1dda1ad1e70b444530a460055508576403295003d5e15e904a2e08f9e129e48f4fb38cbefa45e62c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

MD5 ee3abeaef13e95dd893b7f18b83b1e6d
SHA1 758dc186acbbe507b374c950fe430d7c9424a52d
SHA256 89d0ae68fab557adcef6e55aa33bf38616b30331cd2966478fdf2721471d8af1
SHA512 596979fadc5dedd1db8e4b77b70b9d4c0ce98287b379ee77269bf1c67d443babd661b6e47b9e7e0f2ca2951c243a1f5bdb149a4e40b617345378dfd566901fbf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-selector.js

MD5 f6fb255b232ada71fae02f940244236e
SHA1 0f30b762a013374657a6542341b9c4208070c281
SHA256 eef943026616085689852aa5efd58e6a7dc596c8c80d38f7fe9487e3bf123d52
SHA512 b9a874878e7cacc346f11d2f38116c04c9cb9ca7f3af24b58928834658acfd0bcd6df1928f83e140137b8b50037fc8a178a201237a47ac3f73fc6352b20db39c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-tool-view.js

MD5 c053b33a1af8890926ec6eeebb3503a0
SHA1 fab0b75f5d9a9724d9f21cd25647aa77513f969d
SHA256 fbae080365a629fae73e161c203dde36ed02a43fb9c103f57f31c252edb3a930
SHA512 9a9114c56ac911c16d3543bc95b377f873fa148b96cbf10aa6e284f63d809161446804eb27deefbbff01ee2ba0c33ec6db4929f991b75391b5740977e5985626

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 14124f85d0bd84e413878255fd6b3c1a
SHA1 79e130fef7354d93bcc6d90da3f8b3bec1723cea
SHA256 231b0b0f0f1febd6359f8f55cbebeffb8219380d1e06217eea5bb151398653b1
SHA512 5376de4e1e7bd03c935a29bcc5d1d51e00734bd12d94a60f0b99a3e28bd751f63d88cd24c0dc026ab9e458e2adfe9c5b74129110fac181c26b23211087ea5458

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 7d5dbe3634d0bb24db8778d922816c9a
SHA1 66ada1f6bbc5d35af88d8ff15d5c1a42a017c34a
SHA256 68281b2441617ac21f31fb066ec931aa59ad445a8432a29a4db09e4eac859389
SHA512 c0635aa97cd8dc7f56b61f6eb32fcb978f84ecedb8d94ebe83141e361eb8dd7a193f68f4fd6da1b436db67391654090f8b69eb85a59e2628fa7d5fc874380f02

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png

MD5 2b3f7d4a11864771fe4e3673c8773c86
SHA1 0fccce2cbb66f8b42ec5e8e1699a240daf918fd6
SHA256 c1b9f4bfe264e3e78fa6b99742ba975f44fa081925acb676ee9ddda72809aa56
SHA512 470a21a005d3d7a520f1039035c07ee0c6d8e35ba1025dd3818010b3cf2ff70748eea3552504e811d593c19d72ae3e811066bef11b213086c447d68d0e5aa213

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons2x.png

MD5 26c9eec4408a509e0f6f503b92293988
SHA1 83844948687fab79a968221054038a302da7d158
SHA256 0f968dbf016653ff87a56a7a0c3a86cb65ed04ba8bda88f4c096954ca931ddc2
SHA512 3386ac5d80750c24c187e24a6916fffc9664f91b1d182a0c7b6433a458c5c615b9f4542ac322429c41acb742fb935806f3712668bb081f4e04eee63fd17b9a6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 a47eaa8977224132e797eba8b972f69f
SHA1 7190f030ba831652058b81a44e9e8341a1401584
SHA256 fce68a8efea7240e14fc835e1ebbc98a7e76bd3d646b57907582607255c3e66e
SHA512 5e05590ba536b0a8c51700b3de7ff495e80a5b8f81f21dae7d349a3f8f6ea082b828bff3403f958cb74d18e313f29f5fc3c89a3a2f02a68070de27aa341cf14f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 fed81e3b0951542835b9cae27ff4fbff
SHA1 0c4f56574cc9fd1fe6bee76f8b8427c533433734
SHA256 f1da9fcaacd9fd6341962d53f8f4c1636827663952ca61f3a62ffba427fc6812
SHA512 2b8fcb1fefd4b0dde847dbf03932824a168b059d12e12e5973989b10763062be826dbde92525edd8261e618051acc1470ae13ee98762225c0daff641432e7c4c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 a236a8e7a81d8b3772028ee40db021eb
SHA1 77d0a98606c9b787f3defac62388ec02339c09ea
SHA256 92f4e1e29c2b716ba3df4bc010134b9fd8ed6e651ded27553e8274b6a80d2c0f
SHA512 f3a2734f58e22117e6d77282bef4cf220ae8052867563ed38143c4aab5ee05a442d8433302d34906865d24fa98ea3277dcb2024062219456ec051aa80234e7ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 2695d94d332ed3a45aaaf02eab88be29
SHA1 1bf0ed466d41597db7ff0efc567317bb4b43942d
SHA256 3250236ef82824e72bb98ebb81a7a3173dc3e32bb3c23227e4de0d2152ebaee4
SHA512 5e704e990cb9e388f5ea93012f80b1c033358bebf24c264f1e24ec4d4ee18919611a86d884279c0771da2ea57b9236d3aa7395f747659196846d924e68b2eacd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 aa95665100883e5dd16611040e777b99
SHA1 e589cc4216d0efb967bb53eef9830acc9f95a8f2
SHA256 bbfacf6837f3b7ea032a450cf0f76994289118d1901b0909e7d29cd3605e738a
SHA512 12700d6e366f728e168b53f6dd35cd249d452ec0aec44516c796688a3ffd8bcfd0e26af87986442677e39028c11e95f94deb988bf15216800e5f1be3ce77f4b5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 82b672d7e5869c7a0461aad1307db774
SHA1 eac4ca1ad07f1989b8a62e0bc47ce4076ec26ce9
SHA256 bb20d74aff4965ccae7fe72763409a541086f8842c994d2e0a323491ac09d8ea
SHA512 146f454901e657d77527ee091493822fbe5be8a71bea8c400389bfac46a02b9fce2446b0fc52694d4306df34d683fec34234122fe104f9d21b557025c3d7f5f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 7f96207c4f784f3e31d6e8a44dd9f02c
SHA1 d8168f154fa6dc771d390b25cb183ab3521719c0
SHA256 1639b7fd56c21b212a598101ad70ac627436faed9a8aea5657450c4c7f752be2
SHA512 46b0a33fb1e7f7b6b5b99ce560e091809a21e927f0c6103749ada0f5ac2274811caba5e841c13787bc64577340def1ff0e9ccb60ab0cde3133a61b4c9c6e9baa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 5e2469415dde815f429e37e1dbc30abb
SHA1 ee55ae1509a9623585efb2f3fe5745ea07e8c092
SHA256 43f3575ac2443341115fa0c8d7ef2e496fd212516fa193a480500672909079f4
SHA512 81d5cba19d1714185150c476c43bbe491602f91539506ce2ee17684a46473d6a2d88a01ab08be1a04d4920488c7dd3960f344a6ce7771482f6d3ac897bd6024f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 fb3a85f49dafd1d5060f82a24d8ea1a8
SHA1 157c515edc170cd55ca0557e705c2658745d92ce
SHA256 88708a6cc49b2652f3f8cca592d0787c453881a3b9d112337e8127c715c927c7
SHA512 040b66e271e1b3a1fa7ba908a87c713d5067f402f2c888c5898fb5f6ae4bcbe85c731a9588a960088ea9c3b07b87a5127fc4d2dbda74b0539e34e5f0b119cfaa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 fbd418b442f72969225dc6f0435b832f
SHA1 fdfa92f4614c7c609b75e1d287c37b91fe2b6991
SHA256 6e5fbb4ec1bc28bfa7e6df2225cc5eb2137ab456cf3cb453780e50d93475a7ca
SHA512 f3e8346f4831519c58ddf0b9cb21193ea0545a2620d4a0bb50d6f620e417d824a776a3d48faffb6d4c9ab849e1cfd356f726335a0dbb625c9865444db2b6426a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_unselected_18.svg

MD5 fccb64325449f9bc2a443fbdb21b8d36
SHA1 87f5fb64866e7d18da6fb67b55eca1962e4f24db
SHA256 2c3fbfad2c02777ebc9a7a562afb57d49d7579a2e5ad61c0a1ee7030bede89dc
SHA512 1d18e29b34698bf10076ea04d52b4993280f3b1603bc3a9fd56bfaaf60c39c7d7487942b684223bcf970ebac048d43a7b717967b9eca7924d8c20d201f40924c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_selected_18.svg

MD5 5792fc8425578d23af58f3c25f441735
SHA1 ee1afac87922f09b09fb44b915baaa4df813931c
SHA256 649bf1ed4dded6a6c09f8f809f139753b39a736578f9a449fc33c335535b6fda
SHA512 3ce08820f80d6fa3d78c2762d92ff47e45ab10a94194f88fdd820fe6ff2ec4f69b124b9212a1218900180a3544d9d1d37b4bc9d8b970bde9b981b216435545b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 e0de3b2d253327493c9fbc5906547fe7
SHA1 6cb04d9ba9f43ff34ee014489ce1143e373a50e9
SHA256 0c9d6cd6cca340736ce8c131ebfc379b8d603b4559910918cfe290b626365834
SHA512 a6fa7aad589d1c4b0eeb6d6d0f0b5bd5f25cb4bb280dab42174b6bf07ab4dfdf7e0b6f5b674f728600e4b7397d9d40e053fd9d17e9556dbcf0ab2c6140243cbc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

MD5 3f29f1034a031c9b0ce4859bcd991be5
SHA1 cdbb063ff3f2150e45ca3eb84ea15a66efb551d0
SHA256 303be62fcd3448c94e82e65b2444752b780576e70351093f1587fc64d5c1799e
SHA512 db1572c5a20bc9b07665a70e7aa03efd682fc823772b0cd98d8014bbde14e02669a1640ea2a66db5b03f96bd71bcc27895b9d426198f1b04d0b349b97f9dba9c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 cd36c4b78f583cfcb3e1073fd4e03425
SHA1 8c7b78d78f39986b4ca81c14ea2443802d78fc21
SHA256 6bab81ac74173d86692aa989af78f3fdf071b79bf29d95c96db06228db892f58
SHA512 99eca9c7442c613b0116411387e4b0bd3826813104e65daad30ceec91e1305d3019de02232486f7aff3faf62cf1cafb7386346256e80ffff61640bd17f804e37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png

MD5 1852623458819413a0e73bed941e64cb
SHA1 3c3a91fe0b7fb27625274ec11772a63ef1631a3a
SHA256 46b630ce22de2fa8c38ef94b81a1faa7c0fff08801990760433876fe3018f044
SHA512 e431c4afdee7bc69caa5585ffdbcf0299b6968a1834517182a73dd00dcf04d17a947946f5e67e2670891653512e7bc174ce86b55fb76d1d506b949e68d6873d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png

MD5 96ebba80b7d22dc7386e9e0fdf0d4729
SHA1 b33349e9e87002ada66a7922dae0d222646d455e
SHA256 38f2b6802a2dc7a396531248558c31d9a1c7602ea4f711f72c8388124f622431
SHA512 bbe644822f96e943afa69a8404e3b3a034ba23b76af2f94b961bbf7e22b123f73b6ef654929d1d78e3efead649ebf1cd60985b53932444407b2d3485990fb243

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_ie8.gif

MD5 743d67322f8539a4d8f43fc89e2469c6
SHA1 17d2a985ba1a5c63161abe3dba4bd19f5287e767
SHA256 424c8e43d1a7679b71d48b6665ed083dffb095497542d3cbc91d5847d81d7aff
SHA512 1b94ff56f9ca3281004ad9be1caf0cff130208ec9ce8519b79cebfc90d1a3415c865cee4250df81c3963cb326d0234f0f4d55d74fa204b3064abc596d5ef8de3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png

MD5 06487b4336f8d176e7957d64dfaf4555
SHA1 12d1e1de44b1f38dc6db9a407821979121be0636
SHA256 401058b895d13aaf2efa744bbe22a5e757a7f5e98df76f38f6c54513ee49b391
SHA512 395ca1e1cfba27a6d6e529e9876bcc77aeb407e211d45af17136c5eed1eb8561ebadd6d1b3ede37045e21a1228737381954def6eeebcae2d12807f47838fa32c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png

MD5 9458bacd82388576fb6c303a9249d9c5
SHA1 2bbd29d1938d6536d626bcac78d16c3b1c666de2
SHA256 dd1b691c21436404cdf40833d6c9ea1d613978391a349e9dc5e3e82a351422a3
SHA512 4040913f62a19bd9666230ce92d34204f469771e3dc60bd68a92e31fc0a2545d16b842157ac064b78171e6caa9e4c890689b85d295e5cff945767363a83d897c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png

MD5 4b3ba2f7b528f0547afd291d44ae0034
SHA1 beddc9fdc7a2f6c3f8c0839040e50c31a262091e
SHA256 0590404d2c0135bebecd065a052aafcd3b6bba0ee7a85d6e5295be2872ae2003
SHA512 300b4660419f044f323d0bff35af72f8bcefe826935d7574be54af0f36aff1e079eebdfefa39caca4895408853b1c7225703cccc0c7a356c39cb314e19331c68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png

MD5 532831c72b8a8545f42812ca50eb7939
SHA1 e583824aef051b620fe9baaeac435ba337cdaf54
SHA256 3b1510c1360113c30e1d1be8b66cb7b2fdfb23ede63a9fba4d1a3239e9bd4934
SHA512 74069e689f81118db5f53a656c1e951ce786524f3ad72677b983cdb4b4746f4105947119321a8d0930f85586266fed8f41e5c07bafd1feb7412469a91fa8cedc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png

MD5 3056f60f2d9d7547a6b3b18157019c5c
SHA1 0929a8020de14d1e2be0e05b3d60c727628c1f43
SHA256 ceec56f9fab89551b58209fb4a18cd58786e0a075eb7a8c4b4e23af74bd8e130
SHA512 96f664a8e4ac72f17451e390bba77f511a73af4b2c6134558945042642117d161f3cace759f6132fef25b8713ce3fed52a678a9c26ef0b404540da3b084bec7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png

MD5 275299db1a48a88b7828ad6b05997960
SHA1 0b27ba2e1eb7c52e4f9b4d027621514dd36ba415
SHA256 3277062633c8a49a4de1a0a0c1c107d762c3a5402bfd242b5d3a70b94d91ac8a
SHA512 7310c6e67065fcf834652ddfe240889134ceec402590979fa66d449313d1f41c047d03f78ecf9cfa23b2b1fbc9b4db02ca94125e1d791d440bd223cb06931363

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

MD5 1c197f2d4d0fadc01501927c181bacde
SHA1 a21ea2f332aa6f82cfe8c6e056cdfad3da992627
SHA256 c715b27b0a6631ca24db329d3ce17d91052c1bc4edd4e7146a116ecdbad4917b
SHA512 b0e1e85c32effcffdc4f709d409d39c5c0923da8fbb92ef7d7f4e79db194292c881b0fa1a37b5d54318fa56b7b190c1f616dc24a9773857b5d859486b903b715

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

MD5 2f3abbefa9a3f2dd6e9d3eb0e379bde1
SHA1 8509c0ab6980482bb94e6bea8092ca0428f7018d
SHA256 ec96e1eb0e5db37d523d052b2873a60cbc05b6ecb6a7780aed334f713f87112c
SHA512 8465dbb7d4edd66cbcd9d3818425a6cab2ab45cc4625cd62b2708337b00d0997476549a8e924bbb9cc65958329a0e1d279fa95ea9eef6e2f4dd1c3cce4abca3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js

MD5 3d08609430de125cb04906ffd940f9c8
SHA1 5c8a8948ed6ec276b092eec8f18e0ca88222de81
SHA256 972979588e42c7d4c00dc4184694434579db57f7405c7b16b654fec4a8224352
SHA512 5f57394e30710017813b15d53611274b57b28f77bb562f30f7cb6c4bcc8b2bd1cc8bf3c46fb52511b6472061b8ae4841fa909815cdec8cc730080f0481a91482

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

MD5 08dce69df6161f75e59e7492066efa69
SHA1 2525162f20a26211dad812c4dd95d6740488c0e2
SHA256 8aa8b513cf36ad1fabad0daac09e72a2b8130be93812e3a414c591e45f332cfc
SHA512 34141ba090e8a580af43338a21a138ac32faf78a4ee77eef511825295dc5265664eb24b63746e9ea3245d04640d304219d86ada45f1e2af72808ea8dc019ae99

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js

MD5 d3f0bdcffdf17c7542b0dd9095943cbd
SHA1 1870d352745ef0e16cd3a45c90c44223159121de
SHA256 2516d25dbfb5d81422d55e56043f706da6fd159a2f3903e59a5a24f0b8586935
SHA512 90d999bc3107f82c1baa79db95e601791737852c6e44741c03d5ab086f3df50a48ed2c420518279a587043d9516836c9218b1cf5b1130013562d99b56910b296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

MD5 43a16a3d30247402142bcea1a1d08422
SHA1 45c6e906ed8c4c5c84225f82d3d2d3072f7757c0
SHA256 ff45f548966f08d42838675336533332684708aee13fea1e975ad50c979c73ca
SHA512 043795b0ca16320050c5e33e5f821f17623dfbb5f0f959b5bea5fbe5ead047c09f495c8747e9f647adfc568da63ac423ac2451fa3864a72dc2c9f8ecb4500967

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 6a6203dc6ba9a86ac6401159bfe7e26e
SHA1 a4ac0637fb5b729ce799039f47de96716ec8762d
SHA256 3d77048a6b1c24fe419af34815e8061d016486bafb295bc1124ba5170ca31b49
SHA512 4be575cb610427a3bf57ace471445c8083d3d4acfbdfb8d2cc6ce2213740a8bf38458194da719080c29a4b94a42aea82678e3402b790ece60403c35789aed597

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js

MD5 f17c14a2190c50703528af4e7cbb95dc
SHA1 29422a3794d3f107c3387a67db01814fd42d19f0
SHA256 122f8a7e9dfd73f1d408eabc38a710f9324e8113f325a3decd120c6b5eb10f40
SHA512 d3f7c068339ec9a371f0fe56e1d6139e701cee341a8db5a269603075ef2d739341ba58d5df9ae14ca6f516fe1fb23acc12208f14ff5233d1f6fbb30b08cd3c7f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

MD5 caa8719f6497a1802895044ad9d78bb5
SHA1 ff18b51a37ddc930d5a64b3f311f13afbc8d46a3
SHA256 29e527fae6efb3574b8a3cfab0c5c0aaf5b9c0b02d3e479471f1e2e7fb16e935
SHA512 c3825d1f403ae09cf7d346190cc0bd5ee31304518a24891617fa5eb7dc6fff164cab977d06eacfa6c1352c3fd8165320daae06dd66e8a858dabdad9320fef41d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

MD5 cb3ba5dee4ff24c391550fbfac7a9399
SHA1 c1d6df1dcb9c8d85e9d368bb0d2fffc1b6a2cc7c
SHA256 1fddb8e12fda0f36eb43cbd31a6ffe129ca5b4229e4f11e598f8f23fa8172320
SHA512 96eaaeb368b7fc2407c7e9e65f6a8a959162f7e5ec501c960d6fb4a1ceb511eb5829a39ea1884f4622d5f3c0e515c9fecbc96faebabba53a7be5b5980c599721

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg

MD5 082c17c9d2584cbb4a8d63a811fe461b
SHA1 f64ecc015c9a845cde9c40848aa663813785b488
SHA256 6099f37e2076e933914fcf67720660c148e5393085f60672761df08994aa5712
SHA512 76ed3c996ec75dd3cba2b5e04c1e47c6a46e05390d6f93612dea502a03d4836a45ae045eb7fc2ad3ca9d5f441d252d84115a500cc15fbf78487b40247ecde94b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 2261e12702aac9ce79381c382b123045
SHA1 fb9ef4f958bf20d9d5535678f2ceb946e7ee8fd4
SHA256 53d2b3348f9dd26a1aeff2889539a2d9218160028127e82525e7b28c5a4e7605
SHA512 bc2fb02e49336072aba9cc402697bb3b023d81268967747f54cad5a48918e0321aa96e9257ae3540ca0a32d536181975a41fee0caceb73b0a9cf4e36491e899a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

MD5 aa256ca9e5b2306144a10b5d039df8bf
SHA1 5cf3c5ecf08b4d31a79ee950798d9a3e63b612ec
SHA256 c1e071e8eebe34ce9570088609cb98f3cbc409f2dbeb97991080b7f1933c9bbb
SHA512 07330be077cd34277479d0ce32bdd359239b2c6ffc56ff85104b46d15b257a6bc4fef760aa5d95fd44cc90cdfe4944b9d32e706a8fa8857cc2d0fa6e7549dfff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 250cdb2b237415f9c990add2512843ce
SHA1 4485d139b2ea2bbd22d867416f7b1d1f9022eadd
SHA256 687e7aa5de006253cafdb8dbe3bb98cc0d8c45441d0a385f118f4674e3c8751f
SHA512 a71a6812f3c56726de68641b3bcd545f64000d1e382b4231042b090e41fe7faca1e1cc6db58ee557e64f462966bf4f053f1cc9fa3abf1f134817f43367e5edc7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css

MD5 fdcf32b3e4eba6d416fa607422e2b2dc
SHA1 aafd8dbd125cc399a83c896b2f25dde51989ae87
SHA256 ab037ff64eb92e2c2b93392f4dd87b92af01d1ed2e44a90f3cc8de97e1c69522
SHA512 72203ebf8e77d4023d9c82fae5bf33f78dadfe8e31c751ce2e15d27367985ba0bafc80b08397b255340d19262620f856e74dac42df30427e593ab00ad2a41951

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg

MD5 fd381db7f5733c76c89966b8cdfaa89d
SHA1 07fca25ad97717da458c4e8167dd0f8ef6d23fda
SHA256 846617f1fa181addff1ab4aa9bed5295768701d9fe02e349455cb277b649c1f2
SHA512 655fb0a0d248d5cd1d72e66a29091c9f1d2fd7ac85436be52ff54070f570b82a897c55a7512b5b243a9d00b71e03a2d20abed5bc93a5f85f5539b74327117d7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg

MD5 830b34df3c7fb333e76599b643ad9a65
SHA1 6c16bab01a1d8214627c840e43e1d9aa66d17d40
SHA256 64c7b89ecbb38c7c5365b730117451f6e6342ac965a7ad43c05f4b7e747f200f
SHA512 318bcab690170c43bea079d58aa0437433bcd92cc93f13ae68427628e4c1d3f4882f0b1d2f4d935fa4ae461109b673fe26c657ff0377af79b822ef15789ffaf6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg

MD5 b29e8d010674506ef3547bd592cf11a8
SHA1 67e4d092514014db3f5642b423aba1f7a96cce3b
SHA256 f4f87a031c9f60833cae929ab0bdf1336c278b5b05cea903985dc8d933624bb2
SHA512 878e49ac66c65f83f1df8e9759306fd1f7bc9a3d12e26ce8a2895a22d0153691b42c8cc77ac4bd729b52c7a25fb08a841b8df4823b716b9034a9ca397becac51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg

MD5 2f64cfb88d532d5bfb7a55f94386cae1
SHA1 71bc307c1c112a78d2d6e776f9a8c81ca64ea1e0
SHA256 99ef75c106d0a7ad7a50d9565c7234170cf77aefb0faca650000494af61528e0
SHA512 c36c3b63a9429d6d6f64ac95032caae2868ba70d7f240f3bcf048ea96be7691ebb93d7c73cefe6e52e1b6b6ef8ed4a99edd46bd8d4cc55d1d530b8734218de32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg

MD5 238d411250f3c163bfb32d29fa9d9a75
SHA1 29d1be2589b93c89c3e20f5d914044281114faa6
SHA256 0e5da9351d2c54609ebee63768c6c922b230d091b82b86128f2fb61eb2670762
SHA512 d18a0c725ca6a9313eb188723ee761c02c4720112e4fd66b1402600b4b54394a4313e80ae0a9557412518a7fd29ac7f7299ced034f02cda57dbcd15677db6fde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg

MD5 495dc903dafa17440343641276f94293
SHA1 550f8a501f816d07d6e190211c0ea773124b0b51
SHA256 ef1a8decd4d02c846816ebabdc1ac64ff4f21d4761e4cc635157dd09fbd04ac6
SHA512 692ee37c43322787cd63497bfc18c155914dfa657499ad4f094350287022250d79d21db57777e266faa7e9bb425b0a5ea53b2d905f810b6053b03dba98e4a4d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg

MD5 d212076006911725e357f5fcf326e4b8
SHA1 f22d353a79acb1e4ef7f2756eabbbda66fd130f4
SHA256 c72815c21b28e002e898ddc5ec699e819cd7d044e452e476f88cb98663e722d2
SHA512 c406f7cce0dfd413cd6115b9935001245da89b294b0dfcd61c550149efba4bd6292d9645dcfdaac93e618b8aa4d4ff886c2dbebd4a2f97f607a8739fded0123f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg

MD5 54bbb08afd0e4c020202930732c4acd2
SHA1 fc0a9293ddb119b3b9fcf23619d6ae0674f270a5
SHA256 1e0f350533afbc69cb62e9080e46a26c775fa31e5289cf3aa2a680b19c5c3b00
SHA512 3cd47a21e434c83dbac13ea10788946ba06de665ae22d8e4dc1e031711c2b6282bb0b2e8c939d65957774c794f8d31d1b33fd788a838376eec4b652939f650c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ko_135x40.svg

MD5 7585544077a9acdfaf117827a254a40c
SHA1 d911c4b97281f12f892fcf2d80272918412082a9
SHA256 b89c705eee00f95c0a15ce3e0f4a5fbeb3bb7060d860daaf25d53ad745531dd9
SHA512 d75d0e07bdad96fa48aa44f146719c4f2d9c8f63f34d84ca0fdf4c3cc6f224beeaa6b3ad9254e2ef696d07f0e35ebc2cab499cb566720bad1b884e327ed410b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg

MD5 af15f177e4c5d0be07e1e470f2b439be
SHA1 37147c6dd84c16003cf960cbf8bce116df5ec373
SHA256 55364c6ea705713babf3a64a55f5e3954185cc05645fe26b02a921f38f1eb9d0
SHA512 5f49cd0e0ffc0bf9e354d884aa75c2b59652d2cb49e1cb7d0bb6b0ea4878b8506a169ccad99b6bba3f31f8fa38327f10bb9b63d672d85969234d7ae359368e20

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg

MD5 a60d7a7533cbec79b3437287ad28e9c6
SHA1 0ab78230141db4224cc3d5c9250e8985dfaad46c
SHA256 92299fc5932af59dbe1666d9ae195755e2119a336784ce1f23dba84b4455c715
SHA512 73e6013b3303c2ab893ae26f3a293cac4b46edb33ea4abc064395cc4420667eb8c2c2aa80aa51b0604a19513708d4271499c53ad44de177dcc5bae53dff1d03f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg

MD5 024b1c39ba5521b4c5ccd92ff3eda079
SHA1 94e72df5e2f88f2d4635395dec378fc6d54a9aab
SHA256 8984746d2482b5f5b477b2b15824280f1201da11edaf1bcdbd2f02e0c3978797
SHA512 d75ced83a8bb4591ebbe76594aa3278f0f59d0e27a860b15c46387cd637f2beba3b7ac42f53bc243887a085f7362fd13464550e5adf6ed4a55c55b049d65ff5d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg

MD5 161c4fac8d9ff52e5cae1cafdf303e4e
SHA1 30bdd0832ff45ee3c914a82eb3b193a40f452e2b
SHA256 8864ce0815f711d9f209dff4e3ab038cdacedf4abdc0242896cacd12457530af
SHA512 75642498207619efd5ececb2089aa614ec5ab67fc6646eca279d56d79dfc463178f8b2f0955a526c914c0d0b4a17903a84cf846d3c3e9264a765251b5d31dcdf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg

MD5 166179e0ebf716dc9bd1f69ce4c16f39
SHA1 e2bb7a66c7581e7dccb8c76fbfc343e31eb07119
SHA256 4e62dc2f9f2229cb87b2732628d297e33b695434a8a16ad0c25900d32871714b
SHA512 0cbefe36b8a4ee0d6b5b895c8eb7fbe1fc8d34050b71007946577efd39fdff4f7426172c77989266ed2f2ca551131c8791f3878e890a83c4889a5afb21d3ca00

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg

MD5 5f8a4fced2b4512753977b8c6d6ea4aa
SHA1 5a3f5959e622a21a79cfafd4c4b469521324d56e
SHA256 de09a66f3f8d1164d110275629d35df2aa5765a3f81951fdb9640ecb08aafea7
SHA512 c616f1f067a7c12703a218d5290096f735dca0287b0fbbb77eda2c4ce71b199a48fe830b4f89343aa159c13b1dc27e790b5481c69ba1c379e30d390ccb1d27c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg

MD5 a3657bb397b73059c899dfada3df3504
SHA1 50988eb4677e4e12c1171deaf79b131f8a9f76d9
SHA256 2f6e68694cba7e77d7a38fa2eec6160b0190e4077590e14bba09d13d6124ef80
SHA512 1f19d0449df80cfdbe4a8aa0b5de8fb74116169318506702115fb286289467650bac3e844fcad25f221278dc5dd3a352a6e40d944a59269884f82c55d228b52e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg

MD5 553145c1f678d244486623ff1760bac0
SHA1 1f7cd2f40cd9b98758fc131fda3df9ee4d7d3998
SHA256 3db1d74dc627685b1341c39b10afb9a58f29c15b49421341f76efc3b830c6024
SHA512 666ffc56b859e1557a78baed38b43bdbb1dd0930f70862d4f1d468effbb45c2997650e068f02a3f04db10b09c20f526cc0c0828aae2fe02b728729f335471b04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\cs_get.svg

MD5 52bf23bd5930b866baee905fbcadacff
SHA1 af02b65bab6466aa9ac3cf52c09a7f9368e0e077
SHA256 b08fb2998801facd3e2431ee055714af1b6db8564f19fc9dee0ec31d06567ca7
SHA512 1937b321ff5767782660724360ec1ab1a311dcb1b4089ab6f998d0eb9d123adb143be65f9417f5f41568d7104ac1731da02aab3f697bf3bcd1e2db91cafcbff3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg

MD5 0d000e54557139229bb816ee80c7513b
SHA1 c229bc250c8b1c1dd5fdf0d26034b620872a63ac
SHA256 a1231709d9244a9a4691ab95796bf09ad4c1eed43a5edc18baa669856666023f
SHA512 cc8cfe20e4e6ae540bb0cad5c689ac4da6faf192a99966a95b69ef8b8784cdd2a4b0d588e62ef2d30a3b5d360d8437016ce9b1b2775abf3979b29e24f479a551

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg

MD5 e1f77ebe75d4576669da443ce4fc12cb
SHA1 c64b4e3fa08ea93c6add58ed277099a84e5a4858
SHA256 4d8f19288c47edc2e1952ea5048b7adfff52d3f6ba466df4168bf64f990260b9
SHA512 4949c7648627515e55b322c968099d6ad5b721eb6f2817ca503934a907c40833f35cff27587fa46a88cb23b7e6fc554460b6bef3ded340e828277c73c0c558d9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg

MD5 d321af4461cc07e4147bd5bb018a7824
SHA1 ad9a5df04adfe398e0534ab2a648292410a2fa81
SHA256 baffd62f29e30059ca77ffcc3ba007ec217e667022cd4d4ec0234c65a63c5b52
SHA512 9316c6d4b80bf9112b55109b795742a34a80fe942b08cc96f913c948d891daf23754081e4cbe4edd030a2821168499f98afbc2e92a9441038df1ff5c82052a67

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg

MD5 a8f620561dc3a2f7a39cd65169f36d0c
SHA1 0f8dff73138b3fe7b07ba696707582e375676285
SHA256 dfb6c1cc1c3773617de25ec8b7819c31444109305f5f6c55b7eea1c04384b6fc
SHA512 c77e1a76a25d1224257f617bf11946518a7e02260a31d909b467ac4d6f20f6f1920c076fe8052b2311a2db1a053771f22bde6eee9f919d697953d7673b06ffdb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg

MD5 78db927c35aa4074f814860a408b08b4
SHA1 7b1e76827d71eeeafbab7abc3d822fc2e61769d8
SHA256 5f403cce1ffe166f8541542af2763275a66f954e166a781dec6985dd55d037be
SHA512 af43346f08821bba3eceb5576bad060961608f86c8133e62113f6fea8f919266421111ac99f42a0c6647419a328e66dd2e59f143179afe02b6736fdc1c116cd7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg

MD5 76ac7bb3e273fef13c7fddd210b80d76
SHA1 b68931f09853ea99566a74237b185de5f12097e0
SHA256 410ab2fe93effd32fa19a80f4a66c7e8bc4217c333d3c97f51cf75ad194a3064
SHA512 1d523efc0c6456c6332b4fc7fdf40faf0b18772d692eef53f43f7c35c3f837adeeaebef9fa4d28a9d902d6a5df9b6649a832291c65c13b1d09606f35e5446058

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg

MD5 e9802c496a626e50e7b937881ff351b5
SHA1 6dd7eab6262d1568cddd01dc0fd2d18b9de1498f
SHA256 b10eede29813cb251ca5845879ed9694980c2e629dc65d847f8134643913c91c
SHA512 6fa8207ac1b6585682b5d011c6981d098e8effc4742a86f16e1fca0d715dd1faaf68074589e9e05f421f248ee45d8b558510f6b3f2e1b52a30aec5cc345be3e8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\no_get.svg

MD5 408d5a6b609442d57ec21a6788f89b8d
SHA1 69cbb4a38f1c2f9352ad47a251eb4dead4a8c119
SHA256 8464d9212c4861248690d4eefd6fe4241b0945b78f719f67e6143e5a7681b2ba
SHA512 3af48f0243a819551e4443bfdc398be3116e9b5b606839f7818e7fb470dafbd272ea94cefe81e9a9590a36158437ab99f73a743cadfa38cebe62675dccccecf0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg

MD5 7df210729e9e1660e5cbccd9c26181b2
SHA1 50dc92a5e8676851603ec199e12921a2e29b701f
SHA256 be2d0eaa5da765ff21a5150e9ca1c0ddab215c45d5f63624fec844107fd59794
SHA512 26fa0359e1a5df945003094b77a1e54fa677851ba75e2ed853a1c00c7d7e833fa8a29fe9d8b056f60b845bf7adc76502f61d3f727e018cf52d29b5c434c12e3e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg

MD5 569dadca8697da8e5a79e21827de23af
SHA1 3fbd594835adb54b8aabf4d6d322365e9f28b3d6
SHA256 871e8d41471cbea56ed4dd193f241cf806c6de39ea27bd3069af851168e039d4
SHA512 cda484443a5e6c0b716616049b48793d689e78047f12422e80efff8ddaa03733ff5cc8a192c41f0081d78e712a354279d8b7d4a0f49790d450ded19b6ee2dd83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg

MD5 e611ccc2ff2c5535eaaed3e6c06c11bf
SHA1 072e4f86b8c077001658e66a0a6f12533361d5fc
SHA256 c33cb63a80d444ced1e7ae78b6bb47400c647ba6b5250e1d895e405fb88b1add
SHA512 e269e80763b8d5198dce76e6b08a99f5a5a08c129beb954bea442d6b3db398cc605cfbefa23dfe2556dc57a916e13a11e15db54c073e95d2956f2cb5a47b982f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg

MD5 45db4bb796b20864f4a4e1c601d71236
SHA1 5a26df6f5cb82d6017b8f4b3bf651a53b0c0a6f7
SHA256 59d9fa5228e7744334b0c3a31f179f22dd9a83733658e71bc3cd20780897167f
SHA512 6bcfe938b58f9ff8a7c13852f8ea27ff89b23a2100fa78d4c3d2235eab1a569ccdd2893a7911cd22434fe3c693dbd225f107734e2c510e1eeec90540f1c0e88b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg

MD5 0160ecb3d34d80d6d635d6cf28e61974
SHA1 6cb4b36cda18741883984f487ee08b8f27e59cf5
SHA256 be309c1f93a8ff0c07f89e2ab830edbb66adb871415093f5a4c373c279e6915c
SHA512 9b6981d43b45b0c25f740429c826e15e734f0354c689e50a8ab55aa0e328185c21c44e6fa6149dde9f7f1608b3c46228cdca3f459e4e28c7634320c85c0c37ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg

MD5 63efd133530765d2243c3790ba96a166
SHA1 f740fda815a7f176d9b07bfa60263a12f36504ff
SHA256 5086f601a4bf9e8790339fd5b443a91c44f0c1555dcd41ba4d844d88e956a8d8
SHA512 04f1b74b20f8b018e6445b2b91d55345893a5297c5947b877cc0a5d0d4f15762b1edf49a801b819896cc8a444dae924dc7a0ceccd679b1d20fa5c50dbd9c2c87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg

MD5 cc8e91c29c5ac68681320bf7c18a7be0
SHA1 f8318b84b71ffaae1b0520cc424059a9bbc627d7
SHA256 f45f1edc0ef4940b5737a4a7e683660fc808bd024b10a16a9c15cc7cd27a7b72
SHA512 f80eb7746d1dc4a257c3a45ab115d509ddf8b533066a5cd1402350097d8aa4cf239057dc3af8451a3444b0ab943e03cdbc006e2ae94e4da7f9030a4f6f8939d6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

MD5 4d86bf81696a49e5c63f67adc9ce1458
SHA1 3902678500dfc32fcc73bcaac64ab0c5414b8fd8
SHA256 637d690c74a7f8701216052a5dc79e1560e79d7a04f4f4b59713955893bec1e8
SHA512 96dec6802c98757be5905c73ee20cda849dc5378bc07dbc89edd7cf336b9984757def89d042c142a9183e886100b7b8e1ca399e2766019dbd4f554ded4a395d0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js

MD5 f5a1ede47f95febca3dc6c4d1915a846
SHA1 9db2df42a216e20f12120d4fa541253d60a4389d
SHA256 fe6ee1044154783bcbb88d85b91e0c46431833c1d2b78ceebdf87f9c7bc490f2
SHA512 30806af9c57540cb5d5e839ac90c7702d797cf1839c36c5625913ac07e4bf9fd48afe221647d750fc4fb52c02fbb93cc4e41e060400001b83ab8525db9e9d0f6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css

MD5 e13e95594939e62cd03d31afbd8f20b7
SHA1 5582803cfc3ffa9e165e5c9be4ec936880ce370f
SHA256 3c2e70a5682b78a2d082dc1d623bc2f1a276073ffb56bfae00fbe621df2cbcf9
SHA512 b9e6d3fd747e27caa29023d4fe2f7d67967fec731656abb679ae2bed95aea7ce9b2613c0d0e439ca7b7b5c772cf8f6f0d59a7c848a098492808ecca33fa56a53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 581a205640b474df4af372c89c756d45
SHA1 c9cac66e387118ef1cee5e1d17639ec898841c00
SHA256 056a4114cf774ec3826cd397435fa57256f10d3c01bfb59332a30bade97cca78
SHA512 1b99d458f5705269c033537cc1adde0a3790e353c733dc5c02bb532abe33173f3e24d327bf2caeb1ca3f801cf023d347b871691351fdc944c98f85b76f907dd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 0dd1b583376f7b7c92e2988a41737bf9
SHA1 8b5edc53ea6fc16394718a36bc77098d0ea901f1
SHA256 61baf108d73cd435cd9f4d4f7c2ceefd9d88857680cff8f6a9ce3148b78bc850
SHA512 6f4ae5cadbae6b1e40989bf459a96d43970237d024695b85ed0a072b22bffc34fdaf21747802929fd377369bb443949e32a7cb92e5b17ce447a14b8d6f557614

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 385a1abcd0c392592bbfbda9ee3a326d
SHA1 da5c5cf0598abab0dc38d16687b4ee9874ec0685
SHA256 43fd5207aead5a720ed62c7119a8d1835acffc6d847efe0cbe9b35b61e64b4d0
SHA512 b3b12bd1cb482c2349653958c4fe241e76a5fbf6ec673847f72ff4f922655dfcc74e18c2baade39e83b13ad6ccb54b13fe0a55aab2a2d46391426ce9b404a43a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css

MD5 be4a8616f505670e0b28be80f478216c
SHA1 1e5f27ff2a5ffd9df2afb3da5968d4fc25148463
SHA256 3bbf9cf2e81672492be2b93baba454192c22879cfb84b035b1e10d1aecf4367f
SHA512 ae428122164a33308dbb666803ffb819da0398ca9b38765ce7775fdce84448683f4fad48dcea6ff5578c57bfd92d697c8d628bc9a89be8865d606926ca468b81

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif

MD5 d291329d5b68031ecee37ffc4282b67b
SHA1 51a7957acf0dba560bf69119d72cfabba05839f3
SHA256 73f907250aa93e1df544c1ca5c88a9425b0768bf3bf02e0d97015ba05ee30bb2
SHA512 b1fce2e0ab7b4f112124028064d281c2380a59a36f7e300c16afe4d0819ba87a20bba7ccabaa67825af23a782b234689256908fe8686447e970b73dea941dde4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png

MD5 33e217064392f1555a9af87f84f42d96
SHA1 973a1eab962598a677615f20c2c0c604c7e366eb
SHA256 6fd719d476d4218cc02bd9ac68c19a562500151f99f22a6efc96a39b0061c6b5
SHA512 c0ff1c11af37ccd11180725613b4e9d82b844bd43e0b638a9ce884315b4907ff4c45f2e8dd93bb76fa257487ec0cdf5012773e9ec2a4286e5626968b01909756

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

MD5 178113421e051272f31c3b3d062675fb
SHA1 d451a7262da2770e9dc66930d476fceba55c418c
SHA256 5ea28ede1225afe125d9c9b81fe118e7ac30f19f451ef1063d22a2a73020b003
SHA512 163891d61ce677053033cdff590b0ae9c6b0ac00b988a1d2d8e0904ff9a28d772d6a07174e37b5b69a895b1fc739408ce11874dbcb9df260cf729ebf02a75b6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

MD5 749c910abf4d2409c8556fecb3a5f3da
SHA1 be1bde7431c6b5821b4580502a595270dc8e76f1
SHA256 c428ebd84ca63437e7de47cac8eb5fba3fe58e6bd3d3c0c202d7a16db1e7d755
SHA512 e5205677e57ec8691e87056c87e841cf05f01f081ad0520a7e41c174ff584b45e2c4bee11e8f2928e84d8ac5f1515ee38e9ea4ac621caa79c08d66a7635f7503

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 f9b999a79d519e7441ea2fe19e2bbbc1
SHA1 474bcd101bd50bbd657be8e934189dae2f38ad0d
SHA256 2d713aab04cb9c207a0c7fd82aa516d017cb4c1ec9e0192e221bcd50b34eab03
SHA512 e63ef74b811ea3088a5bc60856944b8152aeafe2fed95c46e059074883a2ef1e6fd13eb039a7014e9896f3aaf3ae6bad32fdbab0d7d0426b2f12bd11380db931

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png

MD5 dd38d2356abdb2b02073f888fa0e4419
SHA1 c100c9e011cb28bbed8c0ee8b2ccb7f90e42d441
SHA256 2024c95ef6e74c06692c9f9054494adc47edf45f1e94bde7f950b0ba844d3ced
SHA512 580e0c6bf2c2a3eee28918269888120dd220694ecf521348ade9ee4c2867dbd6e7a54954625dff2f12c7cf8550904deefc9d83a7f8b497376af571981d699fa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png

MD5 6db85dec7b83dd42bad17ba1d675c3d1
SHA1 437cd128ed623d43c67205903a8f5c11c3f916fd
SHA256 2fb2a2cac4017c186c4e5aada946a2201d2549b1e0e0ecf7fc74d56c000c911c
SHA512 f7aa5bca048762e54b25adc6130bd79d8e2dda5f13b770f1a606fd94ae202b6693332e6f6250b352a1e0040f8d21e368beec55f49605148b52916399d541657b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png

MD5 4d1f8ed41e73364950bbea414a5c94db
SHA1 a7f1af8b02f16303851553435632eda9ebb6aaf1
SHA256 0e8c2a9be080cea5e05c061ebb5480287452e38d9b347ccf93cf5a10e7257af5
SHA512 942104c1983117a75a030fab7a096cd469e6b58e716e3eca5eb73b7e9328b62034ffe4d45e5b6bafdc98e573edc9227e03a58ca9fa0da036970e3a52dd26a6dd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png

MD5 9418b07c3644ce42afa322caca7427b8
SHA1 0d13c5c88008a5799930a4bf8ae6324b33f1b305
SHA256 06e3711bb67910a2348a47f63d9a5bb6b7750d9f48d2d64075caee894ac08f20
SHA512 31bf58b0c8be2538bf5dcf4682a8190b16e965356777cf0d8d7ab54c93a1d627a7bcf69667a4cea6dfdaee1bda9b6e001b8a9a1bd3f15ce55f5885f8c9c1eb66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png

MD5 bd4ead1e0ff83e5c48ad68688a0d9238
SHA1 3bd37fe18efff21f9c04a1a151ca911cd11823c9
SHA256 b2561d198184f63bccb62c3b98c7e6359119903279f794fce8216d76818462ea
SHA512 d920ba752fdb2004546cc9bfb19c9c63bd12e4d7f629082f2cb728d2b1c72853984f0a10a3ef52c7fc60e3c432e04ee0986511a6bbd9dd5e07e7a19985ea43f7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg

MD5 85ee90ab1c2b1637b5719ed51906c2e9
SHA1 426394a53e1a833180ad913c8bb26138dcac6cf3
SHA256 11d6b16bc26aed4b23e7d2c1aeee40358eb707857bc334bed6d9f733df25fba3
SHA512 e85b1cfe66e74377ecf65c8085a6d9bbacbe3b055a176c1cfbbf50c85af2da1c54fa5e45f20fa3edb4d26cc8f36bd67018090e2f43ea68a5c5a267d4b6504101

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_opencarat_18.svg

MD5 a1bc3d1468c0bf7479d9aa3a61f6ba66
SHA1 71e672d7b92fa509335be6aa525d31928fafb316
SHA256 130212a9e290ee296f42d57edac0adb6e84a0546cdae756c2b99191c21b882ba
SHA512 a6cd27fe70d275d7c4e5ce6d138185d5164762a7e338accf8f12f7ed7a4a9c9ca0d056ed1e0dab026b505e1a574f960f47db6db56beac73bfceb567e79fcf441

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_listview_18.svg

MD5 adeacfc9b968ef471487cd3b6fd259d1
SHA1 3ffc05cd03756e61bea13650735bd4a7d3fbd4fc
SHA256 5c08caf15efe66c025b146cbd92689e5b5ca984c33317ee9fd2ad51cca6427a7
SHA512 59a6ae2c9f20aa2fcf4fa8496b9705176c236483f63d1043b5c89f7072c0506fb88bba2c7512026e5dce57660eff5b73de5fda563549a10bfaabe1a002154b92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg

MD5 ac6ab12915d92269cf3c630e33e9ea30
SHA1 7a9a51928cc5ef9f1694c75522801549c80ab395
SHA256 527613e805092843234b2f94570263089ff65350d1541e4a8ee7b6b07b8c7c6c
SHA512 59fc16f65683eb59c671f9bc4b1413cb1777bb2bf56dbec10f20bd10234e097db2d67842162b06183f0d1470e7c2fe6aa103f3915a658d8aac982b8534ac2871

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png

MD5 6ae18682e2d91c04385c2c9ad2a29a55
SHA1 96af21b9821a992a8cd0eaf6716121456b1bbf7f
SHA256 d5b7e4344cb263e60e4c84749d33f93d333838193501b98cde5dae6b895cd4fa
SHA512 b9163ad354f7f942c2918df9ab89f1e4fc4cf330045c63f6e41718577248dae52b7132a5c6d8bf3831d10f89818b7045fe791b03a912465716a2edfa135e3287

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png

MD5 e7ba6225bb0eead3e0f24fdafde11b1b
SHA1 5a55de6183781b276a589f60e7e7030f4b4348f8
SHA256 0ec46475547bed7d6c068a4ba99cd8d9f1739e1dda1972c553d5c2687d169f44
SHA512 be26a1e1a17742932d7a98ff017775832ef55430c46404728d8fc881ab28f56bba5947d1a83dc8c5c24ced39e65335a3d1e3f0b5fba65b4b6b9f19fd425d98e7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png

MD5 b2712eacd7ab749158a51483349c8db6
SHA1 5a32d59fd647ff05c2ea86a2703983d513d6144c
SHA256 f61720eb9144efb8b96997ba0025d7b54dd2bb28a3b5933cbd4c9e6302ad5184
SHA512 674fa18ac11ce7501f38bec8f25f368c428b81610808bbccfe2797d068013bbad1c97ab9d70e04c1534faff350dc44d04958d722e1a4b779c5c8fb65c4ed62fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png

MD5 19b432a26685bd8049bbfe2fa3e589d6
SHA1 b4066813c376b5e3a6853fa0cea69a3f22c780ba
SHA256 4bba13e5a35cc16081c8736302e661e30ac25e51d5737b13522dd0f8b443f1e5
SHA512 b70aab5012be7475aae6d474b72a7a60043bbcc08f9cd874fdd1500f388bcada56ab806999c17d2b05e17eb13c24ae7a38f1ae44aa3e191890cb533667479df7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

MD5 50846acefd28506196a0ede49ca4dbd4
SHA1 baa351c917fbc9774a269012b9e0f80e284a4177
SHA256 d8609536de19f810fb0eefb9e8d1aef80103a9952d0415bca2bd9381744d017c
SHA512 dc8b963c6c5eb11ffc1000d3897f57a9e7747681a23f7811a41ec82803a5e0f05c0623ac6a8f036b7e6ef1d4393d9f06fe9df849e1e7c79ac2589abde293a71c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png

MD5 11742fd12b5d2d721e815811c0a28a75
SHA1 5c0ff91c4257227dcc3e186db74aae9f19d19613
SHA256 7319f706f1d14a8c79d9e900f666cd995fcfc92f74268c61cebb95f22f949ece
SHA512 9e4d684960bf07c556cba4a12fedefe7a6d6a2f31c88390b7d4cf54b41b616f7ef6f905c22be1f41328dcd7e5d5b8ec45bb07e110f03accb7c38c583e79ca91b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png

MD5 5e16421de1092760a52796f5006eb19d
SHA1 4e1939841dd9ae59b9dfe93b8a1f0886f9caadde
SHA256 99f2882ff2feb7b88c1f39dd2ec76b1be72ed3760d1d5da653d84f8918f10731
SHA512 d7582693d13b7276d495f4016648b5ea50224da187ccae68d677c3b55fac87d419d6736c19c5dea73568f4d6774cea89d9b9cb5a02f79562493adc64e9b04f75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 0c6f0c86c5cc20969803d12b4f226381
SHA1 27fe54ca2b6bcf43ca0f8ecabb91c90650a9d62d
SHA256 1df49c9a0c51ec0ba086ab75ad94b7cf3e78504037281f25c0fda86b6bbafe02
SHA512 340b17e6575584088c5ff87fa1f9df2e8b74a32be1b3dacb0c6ebc3b76e2bd1670eee70f2298c0be7eaebafed52c23a5432bc08bd9e179cbbc7953e9a40853c1

memory/5644-19172-0x0000000000400000-0x0000000000643000-memory.dmp

memory/5644-19164-0x0000000000400000-0x0000000000643000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo_2x.png

MD5 39bd53b31176412b4cdb54ae7ec6ec9f
SHA1 76283fed5f5d0738d66f720628be6148235e2aee
SHA256 69123602587ad9e1b8bf93c3eb44a294379843faea9276d25e7e53d0d0df2e25
SHA512 16948b4ea0c163855bac524bd3b8468a4fff440734d20c754e275eb546289b44e0bc878eea57c3cb6ee0e1677ed3e3151063ff2c3a8dcf6337b9ad8f788934b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png

MD5 58c9bef9dfc2421dd2a624082653f970
SHA1 70bbde4473643e96642c46851d65000ac0104d26
SHA256 f2c9fc6c0e72a6965f9c63fdbc76945a84f9ad6c3510c69be602a5356b543ce0
SHA512 85cecc2ff1089facf8e814e05a39ba2df49856500a92032cc5e3eb9fb54c08835a6a8e46dc6d00ff54c4fb2393a2cb4a24a002ae3756452640605a6b303ce790

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js

MD5 dafd3748b87323da4ad32b26ac5b6891
SHA1 9f73b5df65e0ecd22ff5d3c78eab9c4736efa1aa
SHA256 542910e1723b60f114ea546c17cbb30bf680608beffec46e4c406358afcd9e26
SHA512 deabf76a337924d956a38f1d67e696e4fb1a6c0ee1c9a28109a1aed40b9d38048252bde6cebc5567231e439f66c155edf7ff578f5bd539bf393e84dc10ba2162

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

MD5 147927535e40d5633ac6f14c1683ac92
SHA1 4800c33481dc1dc7866ed9f376027dae1ed37c53
SHA256 2608f8708b23b41b039c61fb52cd0117a73cac3b17b67b42a881b5bbf90b1d3b
SHA512 d9b58e1ee92066be29c393ea4eab11e7a796c81d5b98d919fb9741c19867ff6fbc7cd991786ef83426b29946fd3f5ff09e7fb25bf5451097d9fa25b227cdb1e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

MD5 b4344a293467f6e604e423d2e376f043
SHA1 c687c2ddaf5a243bcaf6cd21348f1f6dc89e5f14
SHA256 a3601a13f086ddbb91c85ac28b9e86c052beab850a38f330c2a693cedf55c406
SHA512 b577660fbc6d9dafd37d99449f087a43fdbfaedd3af3edc3e91f5edf99ccc37e78ec7b6dafc77fbf4ff5ca4f28610496b465e83f7bac07d1281ab5d6a1035447

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 c575f30642fd095e00305102f7990f7e
SHA1 41428945b41647be090e521467490fd363e83710
SHA256 1804905cb1d412933be49ac4ab6c4beb3e288ec79555bfb71ed99489c4d5980d
SHA512 2d7cc04b492ad5b85969e7a172af54f417240d428f56b16d42a3cdcce7a92f20bac09f069b2254e39321001439f74817a6da677c1143f305789c216317eb23d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js

MD5 f2a00eb0a228ffc1d1decbc5ebd790d4
SHA1 ae169d4fca729a84f15f4f0115dfdbd45659adbe
SHA256 62d02a49c2ed39091ce0f5a1083b9536e31b3d211183d12a2a5dd5a78b52f968
SHA512 4a1237f77ec1f0c04eb4694836fa71a17d7b8f666b9819b054553da954c256dc63246515a21f8212439dd1623403cf7b7f4b1edbcec50cb6d6a75b1e10290ae9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 7e9a4e7795a1147da6754c5b2a18a44c
SHA1 b7df0844caadc4d4d90ab3791985df08004613c6
SHA256 4cfc1cb541f60a366558ae5eb188265431767c1f10221050bfc22c9aa3a5a367
SHA512 fcfc8906b499b5041514526b2fec4898a6c136f1640c57dd27fed6fcb9d5e4d800dcbab60138cca5b43cfd4ab465bf186d53796c9a081b6332b26d1695c4eb14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 6a7c35c43afb345d49c93921fa732183
SHA1 84c46cd84e66c073035cb1c0b61894abb00c6f9c
SHA256 ac591de077145a05eee4f1afb36acff0d6e55b1d5d2ef7830cb0623d87d743a9
SHA512 e1c91dbe6cacb2d7ea5fd816221c907f395b5267095b116eeab96c726532f92f96be7649b9871b41f813b06c434986a0ad928064381d72bffaabce5c62b35824

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 8a30d8547a85476697f8ff4825424224
SHA1 a769e998549b5a60e9bc61f8a9bc7f80dd960fe0
SHA256 84a322be2824b5c15dc687b00deb2edf73f491907fc24f9a66cb472eb2243ad7
SHA512 a2e6d4a85cb026f76e24cdfb3c398e54a4c140aafaf30eaf0f97f82cd7182e9424e090e58469ddeae686b57cee4d289657882b5a4469d16ddb552cca86e4a61a

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

MD5 9c63273bb7cb6dc2a9b2401e838661f0
SHA1 cce88f4b3bedc33df300a66c8b48f81f9714dcd0
SHA256 319c31e2e04c39c742775f72c7e418e5b9d29065c03245b73f93dde3de81f574
SHA512 ad593131378151da7686062360efb400a743ae8a951955c3d41d0ab5da2e3119976363507ed787820f05f35b276ad33bb68ab5e1f5a96f6797ba5143d430e31b

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

MD5 f63548d6079249c2f8b7d241456e3bba
SHA1 bfcd5eff7b7d2e15086c7027ca9c95bbb13acf5d
SHA256 82add4535cafcf4a6481887f096d4e9702f333365ba7766e5480d120c7be0b7a
SHA512 3b99facfce65f9c1967c778fac9e8e694bd6c2047dc4958a7812b8481bea46c684f978cb54149e625ba10654ac79bf7a480bba6ceab7de62c56942db94c3e87b

C:\Users\Admin\AppData\Local\Packages\CortanaListenUIApp_cw5n1h2txyewy\Settings\settings.dat

MD5 6aef151149e289b7b89196642192bfec
SHA1 0e8ae9e718f6a579d886567781d58cb563c14098
SHA256 e771ee8be37a2cc6be9b72142de6e963ec3b920e2ba160df7819fef8971d6edc
SHA512 75705dcfe4b9a7387bd2cf2223cb40fece5d4531e6b2a0b479cc8acf0e8ea4c9877a1cfeae16f32f5c91a84e23af966c960c1d1f17e514aff8d60aeabc8bfb6b

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-28 03:22

Reported

2024-09-28 03:23

Platform

win10v2004-20240802-en

Max time kernel

10s

Max time network

32s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mars Stealer

stealer marsstealer

Phorphiex payload

Description Indicator Process Target
N/A N/A N/A N/A

Phorphiex, Phorpiex

worm trojan loader phorphiex

RagnarLocker

ransomware ragnarlocker

SquirrelWaffle is a simple downloader written in C++.

downloader squirrelwaffle

Xworm

trojan rat xworm

Deletes shadow copies

ransomware defense_evasion impact execution

Detected Nirsoft tools

Description Indicator Process Target
N/A N/A N/A N/A

NirSoft WebBrowserPassView

Description Indicator Process Target
N/A N/A N/A N/A

Renames multiple (2393) files with added filename extension

ransomware

Squirrelwaffle payload

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Stops running service(s)

evasion execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Bomb.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acb612a3.exe C:\Windows\SysWOW64\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\r.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1.exe N/A
N/A N/A C:\Windows\sysklnorbcv.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acb612a = "C:\\acb612a3\\acb612a3.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*cb612a = "C:\\acb612a3\\acb612a3.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acb612a3 = "C:\\Users\\Admin\\AppData\\Roaming\\acb612a3.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*cb612a3 = "C:\\Users\\Admin\\AppData\\Roaming\\acb612a3.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Settings = "C:\\Windows\\sysklnorbcv.exe" C:\Users\Admin\AppData\Local\Temp\Files\r.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-addr.es N/A N/A
N/A ip-addr.es N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\RGNR_B8CCCB20.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\CT_ROOTS.XML C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\RGNR_B8CCCB20.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\RGNR_B8CCCB20.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-100.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\RGNR_B8CCCB20.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_K_COL.HXK C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\meta-index C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\COPYRIGHT C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\RGNR_B8CCCB20.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11cryptotoken.md C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\r.exe N/A
File opened for modification C:\Windows\sysklnorbcv.exe C:\Users\Admin\AppData\Local\Temp\Files\r.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\r.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\sysklnorbcv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000080ecc9f1fa88237c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000080ecc9f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090080ecc9f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d80ecc9f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000080ecc9f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2792 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 2792 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 2792 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 2792 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 2792 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 2792 wrote to memory of 3680 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 2792 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 2792 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 2792 wrote to memory of 4532 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 2792 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 2792 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 2792 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 2792 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 2792 wrote to memory of 4364 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 4532 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 4532 wrote to memory of 3384 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 4532 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 4532 wrote to memory of 540 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 4364 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 4364 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 4364 wrote to memory of 1332 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 1332 wrote to memory of 3628 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 1332 wrote to memory of 3628 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 1332 wrote to memory of 3628 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 2860 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 2860 wrote to memory of 2308 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 2860 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 2860 wrote to memory of 4500 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 2860 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 2860 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 2860 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 2860 wrote to memory of 3992 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 2860 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 2860 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 2860 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 2860 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 2860 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 2860 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 2860 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 2860 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 2860 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 2860 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 2860 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 2860 wrote to memory of 3124 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 2860 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 2860 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 2860 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 2860 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 2860 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 2860 wrote to memory of 804 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 2860 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 2860 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 2860 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 2860 wrote to memory of 4912 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 2860 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 2860 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 2860 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 2860 wrote to memory of 112 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 2860 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 2860 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 2860 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\7.exe
PID 2860 wrote to memory of 4416 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\7.exe
PID 2860 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\6.exe
PID 2860 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\6.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

"C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe"

C:\Users\Admin\AppData\Local\Temp\asena.exe

"C:\Users\Admin\AppData\Local\Temp\asena.exe"

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

"C:\Users\Admin\AppData\Local\Temp\Bomb.exe"

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

"C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic.exe shadowcopy delete

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\syswow64\explorer.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\svchost.exe

-k netsvcs

C:\Users\Admin\AppData\Local\Temp\25.exe

"C:\Users\Admin\AppData\Local\Temp\25.exe"

C:\Users\Admin\AppData\Local\Temp\24.exe

"C:\Users\Admin\AppData\Local\Temp\24.exe"

C:\Users\Admin\AppData\Local\Temp\23.exe

"C:\Users\Admin\AppData\Local\Temp\23.exe"

C:\Users\Admin\AppData\Local\Temp\22.exe

"C:\Users\Admin\AppData\Local\Temp\22.exe"

C:\Users\Admin\AppData\Local\Temp\21.exe

"C:\Users\Admin\AppData\Local\Temp\21.exe"

C:\Users\Admin\AppData\Local\Temp\20.exe

"C:\Users\Admin\AppData\Local\Temp\20.exe"

C:\Users\Admin\AppData\Local\Temp\19.exe

"C:\Users\Admin\AppData\Local\Temp\19.exe"

C:\Users\Admin\AppData\Local\Temp\18.exe

"C:\Users\Admin\AppData\Local\Temp\18.exe"

C:\Users\Admin\AppData\Local\Temp\17.exe

"C:\Users\Admin\AppData\Local\Temp\17.exe"

C:\Users\Admin\AppData\Local\Temp\16.exe

"C:\Users\Admin\AppData\Local\Temp\16.exe"

C:\Users\Admin\AppData\Local\Temp\15.exe

"C:\Users\Admin\AppData\Local\Temp\15.exe"

C:\Users\Admin\AppData\Local\Temp\14.exe

"C:\Users\Admin\AppData\Local\Temp\14.exe"

C:\Users\Admin\AppData\Local\Temp\13.exe

"C:\Users\Admin\AppData\Local\Temp\13.exe"

C:\Users\Admin\AppData\Local\Temp\12.exe

"C:\Users\Admin\AppData\Local\Temp\12.exe"

C:\Users\Admin\AppData\Local\Temp\11.exe

"C:\Users\Admin\AppData\Local\Temp\11.exe"

C:\Users\Admin\AppData\Local\Temp\10.exe

"C:\Users\Admin\AppData\Local\Temp\10.exe"

C:\Users\Admin\AppData\Local\Temp\9.exe

"C:\Users\Admin\AppData\Local\Temp\9.exe"

C:\Users\Admin\AppData\Local\Temp\8.exe

"C:\Users\Admin\AppData\Local\Temp\8.exe"

C:\Users\Admin\AppData\Local\Temp\7.exe

"C:\Users\Admin\AppData\Local\Temp\7.exe"

C:\Users\Admin\AppData\Local\Temp\6.exe

"C:\Users\Admin\AppData\Local\Temp\6.exe"

C:\Users\Admin\AppData\Local\Temp\Files\r.exe

"C:\Users\Admin\AppData\Local\Temp\Files\r.exe"

C:\Users\Admin\AppData\Local\Temp\5.exe

"C:\Users\Admin\AppData\Local\Temp\5.exe"

C:\Users\Admin\AppData\Local\Temp\4.exe

"C:\Users\Admin\AppData\Local\Temp\4.exe"

C:\Users\Admin\AppData\Local\Temp\3.exe

"C:\Users\Admin\AppData\Local\Temp\3.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\1.exe

"C:\Users\Admin\AppData\Local\Temp\1.exe"

C:\Windows\sysklnorbcv.exe

C:\Windows\sysklnorbcv.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS

C:\Users\Admin\AppData\Local\Temp\Files\web.exe

"C:\Users\Admin\AppData\Local\Temp\Files\web.exe"

C:\Users\Admin\AppData\Local\Temp\Files\GTA_V.exe

"C:\Users\Admin\AppData\Local\Temp\Files\GTA_V.exe"

C:\Users\Admin\AppData\Local\Temp\is-UI47I.tmp\GTA_V.tmp

"C:\Users\Admin\AppData\Local\Temp\is-UI47I.tmp\GTA_V.tmp" /SL5="$80112,18814322,1093120,C:\Users\Admin\AppData\Local\Temp\Files\GTA_V.exe"

C:\Users\Admin\AppData\Local\Temp\Files\m.exe

"C:\Users\Admin\AppData\Local\Temp\Files\m.exe"

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\System32\msiexec.exe" /quiet /I "C:\Users\Admin\AppData\Local\Temp\is-HV6I8.tmp\AppleApplicationSupport.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AB93F6A06DB5E6FB970A0A5D47E96762

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.66.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 ip-addr.es udp
FR 188.165.164.184:80 ip-addr.es tcp
SG 158.140.133.56:8090 158.140.133.56 tcp
US 8.8.8.8:53 smtp.tsrv1.ws udp
RU 185.215.113.84:80 smtp.tsrv1.ws tcp
FR 188.165.164.184:443 ip-addr.es tcp
US 8.8.8.8:53 56.133.140.158.in-addr.arpa udp
US 8.8.8.8:53 84.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 184.164.165.188.in-addr.arpa udp
US 172.245.173.168:80 172.245.173.168 tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 168.173.245.172.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 softcatalog.ru udp
RU 88.212.252.98:443 softcatalog.ru tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 98.252.212.88.in-addr.arpa udp
US 209.148.85.151:8080 tcp
RU 185.215.113.66:80 185.215.113.66 tcp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
RU 185.215.113.66:80 185.215.113.66 tcp
US 8.8.8.8:53 kenesrakishev.net udp
US 15.197.225.128:80 kenesrakishev.net tcp
US 8.8.8.8:53 128.225.197.15.in-addr.arpa udp
US 8.8.8.8:53 b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws udp
RU 185.215.113.84:80 b66c2ee0-f77f-455c-bb30-9b845f1006cb.random.tsrv1.ws tcp
CN 43.249.193.54:81 tcp
US 8.8.8.8:53 api.ipify.org udp
US 172.67.74.152:443 api.ipify.org tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.187.227:80 c.pki.goog tcp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp

Files

memory/2792-0-0x0000000074C72000-0x0000000074C73000-memory.dmp

memory/2792-1-0x0000000074C70000-0x0000000075221000-memory.dmp

memory/2792-2-0x0000000074C70000-0x0000000075221000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

MD5 2a94f3960c58c6e70826495f76d00b85
SHA1 e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512 fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

MD5 6f8e78dd0f22b61244bb69827e0dbdc3
SHA1 1884d9fd265659b6bd66d980ca8b776b40365b87
SHA256 a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5
SHA512 5611a83616380f55e7b42bb0eef35d65bd43ca5f96bf77f343fc9700e7dfaa7dcf4f6ecbb2349ac9df6ab77edd1051b9b0f7a532859422302549f5b81004632d

C:\Users\Admin\AppData\Local\Temp\asena.exe

MD5 7529e3c83618f5e3a4cc6dbf3a8534a6
SHA1 0f944504eebfca5466b6113853b0d83e38cf885a
SHA256 ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597
SHA512 7eef97937cc1e3afd3fca0618328a5b6ecb72123a199739f6b1b972dd90e01e07492eb26352ee00421d026c63af48973c014bdd76d95ea841eb2fefd613631cc

memory/3680-30-0x0000000000400000-0x000000000043D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

MD5 31f03a8fe7561da18d5a93fc3eb83b7d
SHA1 31b31af35e6eed00e98252e953e623324bd64dde
SHA256 2027197f05dac506b971b3bd2708996292e6ffad661affe9a0138f52368cc84d
SHA512 3ea7c13a0aa67c302943c6527856004f8d871fe146150096bc60855314f23eae6f507f8c941fd7e8c039980810929d4930fcf9c597857d195f8c93e3cc94c41d

C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.exe

MD5 e8ae3940c30296d494e534e0379f15d6
SHA1 3bcb5e7bc9c317c3c067f36d7684a419da79506c
SHA256 d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167
SHA512 d07b8e684fc1c7a103b64b46d777091bb79103448e91f862c12f0080435feff1c9e907472b7fd4e236ff0b0a8e90dbbaaac202e2238f95578fed1ff6f5247386

memory/2860-55-0x00000000001C0000-0x0000000000238000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

MD5 919034c8efb9678f96b47a20fa6199f2
SHA1 747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256 e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512 745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

memory/2860-48-0x00007FF958F03000-0x00007FF958F05000-memory.dmp

memory/1332-57-0x0000000000B50000-0x0000000000B75000-memory.dmp

memory/392-58-0x0000000000360000-0x0000000000368000-memory.dmp

memory/392-60-0x0000000004C20000-0x0000000004CBC000-memory.dmp

C:\Users\Public\Documents\RGNR_B8CCCB20.txt

MD5 0880547340d1b849a7d4faaf04b6f905
SHA1 37fa5848977fd39df901be01c75b8f8320b46322
SHA256 84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25
SHA512 9048a3d5ab7472c1daa1efe4a35d559fc069051a5eb4b8439c2ef25318b4de6a6c648a7db595e7ae76f215614333e3f06184eb18b2904aace0c723f8b9c35a91

memory/3628-821-0x0000000000EC0000-0x0000000000EE5000-memory.dmp

memory/1332-826-0x0000000000B50000-0x0000000000B75000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 00d927f185e0779dbfc69a016937591d
SHA1 d21bf7f542c7ac41f80eff8f50406d0fb05cc100
SHA256 7fdb2c815ba7cdb14533527de02df93badd69b7918b6b2286f97e43fb561ae7b
SHA512 3ef81b2e4d02d7d8790d01ee8c831dbb377f9c7b95fe949c346baf4cc33e96ced561de29bb701f632f685efa0f5d774d80eb3fa9eb4688fa2e00d2848439b614

C:\Users\Admin\AppData\Local\Temp\25.exe

MD5 476d959b461d1098259293cfa99406df
SHA1 ad5091a232b53057968f059d18b7cfe22ce24aab
SHA256 47f2a0b4b54b053563ba60d206f1e5bd839ab60737f535c9b5c01d64af119f90
SHA512 9c5284895072d032114429482ccc9b62b073447de35de2d391f6acad53e3d133810b940efb1ed17d8bd54d24fce0af6446be850c86766406e996019fcc3a4e6e

C:\Users\Admin\AppData\Local\Temp\24.exe

MD5 042dfd075ab75654c3cf54fb2d422641
SHA1 d7f6ac6dc57e0ec7193beb74639fe92d8cd1ecb9
SHA256 b91fb228051f1720427709ff849048bfd01388d98335e4766cd1c4808edc5136
SHA512 fada24d6b3992f39119fe8e51b8da1f6a6ca42148a0c21e61255643e976fde52076093403ccbc4c7cd2f62ccb3cdedd9860f2ac253bb5082fb9fe8f31d88200d

C:\Users\Admin\AppData\Local\Temp\23.exe

MD5 7e87c49d0b787d073bf9d687b5ec5c6f
SHA1 6606359f4d88213f36c35b3ec9a05df2e2e82b4e
SHA256 d811283c4e4c76cb1ce3f23528e542cff4747af033318f42b9f2deb23180c4af
SHA512 926d676186ec0b58b852ee0b41f171729b908a5be9ce5a791199d6d41f01569bcdc1fddd067f41bddf5cdde72b8291c4b4f65983ba318088a4d2d5d5f5cd53af

C:\Users\Admin\AppData\Local\Temp\22.exe

MD5 296bcd1669b77f8e70f9e13299de957e
SHA1 8458af00c5e9341ad8c7f2d0e914e8b924981e7e
SHA256 6f05cae614ca0e4751b2aaceea95716fd37a6bf3fae81ff1c565313b30b1aba2
SHA512 4e58a0f063407aed64c1cb59e4f46c20ff5b9391a02ceff9561456fef1252c1cdd0055417a57d6e946ec7b5821963c1e96eaf1dd750a95ca9136764443df93d7

memory/2308-1473-0x0000000000030000-0x0000000000040000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\21.exe

MD5 a8e9ea9debdbdf5d9cf6a0a0964c727b
SHA1 aee004b0b6534e84383e847e4dd44a4ee6843751
SHA256 b388a205f12a6301a358449471381761555edf1bf208c91ab02461822190cbcf
SHA512 7037ffe416710c69a01ffd93772044cfb354fbf5b8fd7c5f24a3eabb4d9ddb91f4a9c386af4c2be74c7ffdbb0c93a32ff3752b6ab413261833b0ece7b7b1cb55

memory/4476-1538-0x0000000000F20000-0x0000000000F30000-memory.dmp

memory/4500-1535-0x00000000008A0000-0x00000000008B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\20.exe

MD5 f18f47c259d94dcf15f3f53fc1e4473a
SHA1 e4602677b694a5dd36c69b2f434bedb2a9e3206c
SHA256 34546f0ecf4cd9805c0b023142f309cbb95cfcc080ed27ff43fb6483165218c1
SHA512 181a5aa4eed47f21268e73d0f9d544e1ceb9717d3abf79b6086584ba7bdb7387052d7958c25ebe687bfdcd0b6cca9d8cf12630234676394f997b80c745edaa38

C:\Users\Admin\AppData\Local\Temp\19.exe

MD5 4c1e3672aafbfd61dc7a8129dc8b36b5
SHA1 15af5797e541c7e609ddf3aba1aaf33717e61464
SHA256 6dac4351c20e77b7a2095ece90416792b7e89578f509b15768c9775cf4fd9e81
SHA512 eab1eabca0c270c78b8f80989df8b9503bdff4b6368a74ad247c67f9c2f74fa0376761e40f86d28c99b1175db64c4c0d609bedfd0d60204d71cd411c71de7c20

memory/3992-1567-0x0000000000640000-0x0000000000650000-memory.dmp

memory/3176-1595-0x0000000000A30000-0x0000000000A40000-memory.dmp

memory/4264-1598-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\18.exe

MD5 d32bf2f67849ffb91b4c03f1fa06d205
SHA1 31af5fdb852089cde1a95a156bb981d359b5cd58
SHA256 1123f4aea34d40911ad174f7dda51717511d4fa2ce00d2ca7f7f8e3051c1a968
SHA512 1e08549dfcbcfbe2b9c98cd2b18e4ee35682e6323d6334dc2a075abb73083c30229ccd720d240bcda197709f0b90a0109fa60af9f14765da5f457a8c5fce670a

C:\Users\Admin\AppData\Local\Temp\17.exe

MD5 c252459c93b6240bb2b115a652426d80
SHA1 d0dffc518bbd20ce56b68513b6eae9b14435ed27
SHA256 b31ea30a8d68c68608554a7cb610f4af28f8c48730945e3e352b84eddef39402
SHA512 0dcfcddd9f77c7d1314f56db213bd40f47a03f6df1cf9b6f3fb8ac4ff6234ca321d5e7229cf9c7cb6be62e5aa5f3aa3f2f85a1a62267db36c6eab9e154165997

memory/652-1659-0x0000000000730000-0x0000000000740000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 adefed9c1a8f4aba7badab5207b3ea00
SHA1 70f5911a2864893b4ff5e85ef585723615b90b35
SHA256 6fd2bf2ccee13d19fa74169cd2ad8422fb90e6c7572a3524f0c9db159ad41ba1
SHA512 56c1746fad7c4b643d5316504d15b04003619c8b9c11deea10ed022cd8897e66f8295966babd818673d219b4da8ff01907d4ca9988aa12ac46abd91209cb351b

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 44cb9728eb30f4f050f8529161d5421f
SHA1 2f38cad9360a12a13eb95b92a935439b9ef94dab
SHA256 df6c5726fb7af94a3c9603edd9dcde362fbb05d2c651da6d6dbd6e157e6ca524
SHA512 3a4951f1da3d7b8669d432b48fcd54099256ebb38dcbf921c9577dedf6220562d7670bcea9898476b28e14102328e6584363501ac64b1d87f65e23f6064f6c06

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 565e8e48ee66f536ff4d02405023713c
SHA1 4082827f1d7d2314ea8b470fc2e1a256d035f26c
SHA256 4e854a294bbb99d46020ae6a987d7017c008edc15a035de3d36a7d3399ea59b3
SHA512 046cf1898d27b023a630e203b3f500a4b3c112839036cd5a50f27b884cf3330f4c83dd8bc47201be5fc27ec8a3ff9ecd5070730ff1d381fcb04a254396b7e7a3

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 626e0d89066d2e692992f86f1872aae2
SHA1 e4d45f19f617af0ecafd14e26ba6465e136e0d82
SHA256 ed86ea98c1f696ee92140dd51a5cee64985408819d41f77805d7da3a336ba899
SHA512 71c52efc40ed4c7b9527d08315633d99df4ebd78692827334fe1cd1a7529fc69bf9f8f1a9cab08b5261702fe8d6c691cf0f2273e51ac370f44d4d70bd563c005

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 de0779494f14b78807fbbc746a6846de
SHA1 0ad6d974cac61672a32e9ec8f8db292e322c7b26
SHA256 d8f8bea67f18f6dccf6ea0cc008b71a8415007f66efc8d72f8f51393e589b857
SHA512 6d9e10b3d661f43aa7b62a6684f38d3519a1adafe983682db5915c7612b5fdfb34a909b39014461b4d576aaf4288a2c4a88e99ecb3f4078cc362c1d016175281

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 663b6637a296a41d613f34ce8ff5b51e
SHA1 a11bdce43f21a830bbe137565b59665642222dba
SHA256 c02e2e2373ec754355036a28bd1623661c3f686ee1c0fd0f671cdf25cc197a77
SHA512 fbdb06a591651f6740745431dfe3fb2236706ce3a30752c62a53c61132b9472d971b71a6dc90f37ff8160802e44f2dbee822612b158070676e71bb0d6c764340

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 603a12ac63cf586ddee710f2b9332c39
SHA1 6a26c2292d742a55defbf896b889aeefb0ab9120
SHA256 e231083f3c5c1036fa9175873165e5bdd7e0a485f3a65c39878a8eabe9284adc
SHA512 9a6449c52ece161853c1c7b79031819b2f62c59de2416bf476cbb25ef5c69b8f932410cd176d5b3cf97b472a5607019127bbdb1303014befb6e9b18736a8ff27

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 dd276ec0bf0ddff7acc2c0c137b2c434
SHA1 46d3aae9ac2d3d7efe7f42cf84ab12a590591445
SHA256 292a00684204abe6417044643ddc83673be624c1ce3e9f2b50f25ebad0de2b19
SHA512 afba2f610e750648f65acdfc3b45c128f2d5773b177f31052cbd0f492ab1818d7d694914d6f9cafe0e089f2c4c90f7ddd5290541d1b25e6dbab390440a350452

C:\Users\Admin\AppData\Local\Temp\15.exe

MD5 c936e231c240fbf47e013423471d0b27
SHA1 36fabff4b2b4dfe7e092727e953795416b4cd98f
SHA256 629bf48c1295616cbbb7f9f406324e0d4fcd79310f16d487dd4c849e408a4202
SHA512 065793554be2c86c03351adc5a1027202b8c6faf8e460f61cc5e87bcd2fe776ee0c086877e75ad677835929711bea182c03e20e872389dfb7d641e17a1f89570

C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties

MD5 efcb6edc9249468a9bd03375d7de9c0a
SHA1 2fe628cbe63bbfb419d4124bc17fcfb40eaa0b57
SHA256 f8d9ef558ab3ba214d5632d1e3fcd6e1f4d8037d3ddba62a2a3567a18368a8d7
SHA512 513a124e2b4406bc2992d9069fd8010136599aefc7925ce2376fd16ca1e4902de3d1766713ae2b6e83c0be540484bc2f721092480b25afc73d1d36b4ffd52391

C:\Users\Admin\AppData\Local\Temp\16.exe

MD5 0ab873a131ea28633cb7656fb2d5f964
SHA1 e0494f57aa8193b98e514f2bc5e9dc80b9b5eff0
SHA256 a83e219dd110898dfe516f44fb51106b0ae0aca9cc19181a950cd2688bbeeed2
SHA512 4859758f04fe662d58dc32c9d290b1fa95f66e58aef7e27bc4b6609cc9b511aa688f6922dbf9d609bf9854b619e1645b974e366c75431c3737c3feed60426994

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 7765fd7b66545d682dd66499f09f9f79
SHA1 67999fec4f2b100572c593bbc4b81103e9e5fd61
SHA256 d759f32035d427a304d80e633f353b568d33cd8883db1b5ca32c5d88ad9a484f
SHA512 cae5a33fea3535e90970c5f0592e2aef4d503ec60df2248c0a45c227b039a9cf0f7b11522a5dfca0b007c064b46b74211b3f0b16ffdaa8df0ad3d11ca2f5f4bc

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 88410979755dc64309963d6bf71e5dc3
SHA1 07eed5b0727cc48f61dc4bc2a81600378adc9eb5
SHA256 f913d7657fbd335cf67c3bdec03dc015135b4cc016de1453ed78c3e30394a35d
SHA512 713f3ba345b15ce410089e219042c51fb155c90173ec566c85fb1e8f87b926db1f799be43ed1c6fa9dff8551df45aea130caf6b3a0c7087cf4d60536e810c6b7

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 9d7ccae85fff4ceafdc157e731a48b0a
SHA1 e9040ad49b6fbb9dd0d8442f74683b0228fedb13
SHA256 0530393acd721c4b903814de2472cc17dc18b188b09dac12d980dfee9a8c0ed0
SHA512 8d7c1c66bb3f193aef6712f2501739be8206f25fa9dde9404be2643fe8f18a84ccd00f22906af0f2eaab6a54ebf524ad703a2d29f227783d17a3962172504a64

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 c93872fb01721a598e1b0e09a315963d
SHA1 856c3365ca37617a2ba47545cd4b9fc9c85d213a
SHA256 6e4b1aa2d1e022bd8e94a9cb474bba5c71b6ea85e933fa74d9f88c0288ed1aca
SHA512 7e939ace33719a32bdf185f2e413a72e5127e7bda36e38084ff290d51cdec30e541161c640031d94708dc4777d239317dac2c291e923ce685ea2491592fb5ca2

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 52bca6566d1fe3e1399c9c3162186c38
SHA1 e74e2ce5c26bd7a54a9bc16792a7a22c44b41365
SHA256 d3c79feff71eb87f36020521696ba283ac8e6680358eab90b969152c2c404bb8
SHA512 46c77da520e2ce06d61fa443c201372abfd59637a62fdc7e5b7758a54b3dc0f1f7b6c69e0602df4ac4003cf945a3994eaa76b824cde52263549fe19dd884173e

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 d3f50970b3184b4a96f3590a07fdd04b
SHA1 183120839540dc08dc22d5d77d5c0900a1632a81
SHA256 1188384aa6292ca01a9a66584b73abdd24ef72286aff62c896234e13123714e8
SHA512 89fa0b726686bdba5c06675590e8b9be2ba2960939b5ef9ab6e18179dd4af89c2d463dbd3730c834740074b773335273825c05bb933ce6167fb791a6e022ba65

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 0e1c374858606ed71d5238fc91a1f0f2
SHA1 aaee99ca824a5d61bc02a1b67652150fcc72ab67
SHA256 44ccb5e88f99f16ba7663b0f32d63556c8629d243766e2ac731fd8eb49c14110
SHA512 ee410c143121bc027d2186e2ecd0656a46aa4b8c9d6efed8c497f238ba2a47189e647f394e38f67270551024ca7414666b8d2ebaa80367dcc50ece085e1826d7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 e43c1df9567b9b87e1d09767152b0758
SHA1 5b1652b6bf5c3cdd2018439a9e9b6592661a4815
SHA256 4109064aef313738dc7f0e4ccffc8eaa6638b80bf35bf8c85e93de2add7cfd2a
SHA512 b7db4b8ac353f833964a16b23e9135939c1e8647a1338bbda2e3645e78a7fbff7c9ade17014188b30570f528316ec12a351b85bea00765d2e526bca0c89d8e6c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 92663fd16b9feef70388f5e2a0e40dcd
SHA1 55fd6ba7e6be56aab611484214cea94eea015c04
SHA256 59ab6552b3e3630d32d034383bcb42830e2a7f4270b1b2bce451561c7dec5987
SHA512 9d735434cb64edd771c02244b0350dacf13978ec0550894583198d5ea1912dd1aba4db5e6ccfbd2c2c8e63e888c8750487c6b9e244f3a15ab9b8d619d28a0dae

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 5df05ae6be0f73149457da06a6b52ed6
SHA1 1eed84be08ad1f2165143b1ec5635872422a99be
SHA256 91e7b3b221a80853622290a3896c31ffba53887c20e3517a3fd3c008b816f538
SHA512 bebeee5472b26d031029939470d89ea14f59d0ae101acadd450146957ebffbcb2e8acc54293a0e94bb467297c2e7f2e0bbdd8ccde377b92c28e0dfe6fc58c39e

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 3ef831c2c17e298f92095d0a577dc3cf
SHA1 210bb265630fe0c79fb1d174df59abc1415e34a9
SHA256 d65f36b58db64d9449c4224f780949dc36496d2ca67769a87569d62cbdc9a2dc
SHA512 e47ab397c7bea33255c169c95cfc69cbeea3a8df017366302a7c44bc089e3c9f76116e8ae32fa444022e2b6b0f2c4d207e0b74779a5841e82ccece6535316e7c

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 bf9348da4daba224d7ee77c05b158112
SHA1 cfd3b09dce7c92a456827c076fdfcce03a17219e
SHA256 47ada0cd50565900f284f7b386db44893de9762b53c6e817f05d19ae30a61f5a
SHA512 10d9d3e940a132e9577cb4b75a602c6d38ea7e476dfb4aa58f2f064d50bd2c68a4fb9bd1eea8ee428a8cb1df39545a7a7fbec7742f3082683fe1257f53685f30

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 45ead0ef52d29ff498d8a4b0840d40ed
SHA1 1824fd1fdd6a1cd0cab2bc8567d03078d0bdeae9
SHA256 d069913afb2e80a387692500cf72d43e526ceee7dda9632e906564df1a0a538b
SHA512 b71ac70f107e9fcab230af22128c6d0441eb67e46cc92edada95f4d9a0c7362b6deec2299f38424a1360894a30e3616db3800c85169330583c94eb0322a701fc

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 f9a20f8c1e65e9e5ae7f14fa44d2d8e5
SHA1 91ab261bab4cc2b6de58978e686135ee9f7eaa3b
SHA256 4bcfb46b59456fdf8b8bf0b2cfdcc5e6170f57bb9f2bd4a6bd88e7422988d31d
SHA512 c04d2b53b0f964199a0630d2467577b7614bd2a13f9f6c5ec58911e66a579386df6cd9e1522123b6d6f4c962a3266203f16696f4e1c661e1e1d11edb7580a158

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 5c97c944a47d65bf9c28670ab3fa5d5f
SHA1 15b91cab3976a6ee7cd82d2b877d1d03471b73d1
SHA256 7feccd9907dafa2d8455e8b0f936b5a5b78c740aacd8da94ed17a19b072ed5d5
SHA512 f4c94ec3323268fd7d32fac5750f6930303b45633650612555dc06a3480a68377e603e5acfb974f0dbd684010818552f08d5e6e8f1b38db8e09d030f22eaa72f

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 7fcac0cfac098368cb32f881e78ed6b7
SHA1 1d81d7369602f419ac00951ca0ebbb2f21c53e51
SHA256 bb44c39f3024ea1207b82290405fc97978dae623a0750226b0042551acefb670
SHA512 ab5ab344c8ad6d5469baa018a0e13b5738a623cd30b7a24f49e06a05bef0aa93867300f63b0e1e83390dda67d7da316c1ebf15bb9aa73ba6d0f7f20391f88430

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 66af4a40690529d316c33c9881a2c5be
SHA1 58a5fe67089dbe0ea5e0f59ac78e51093f15478c
SHA256 1df10640625c011f9c96ab2bf70ce58cf273512774564ee65557afda0ba14ab3
SHA512 0c0829148e4ba8b4addefeb63b732cf2548e3982f3b6a534656f89a7e551a6f365043b8203582ed6c6e59a0656e29a39e3df87951f399b4597c116762ac873f2

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 c488840f26e1baef9548770fe248d22e
SHA1 b6688cf78f1c9574bdfa4a58e4c0b2883dbe8abe
SHA256 4c6f68bfbb9cef8737439cbf3f5c52c6cead9b89cfc2b1770211f94260c46138
SHA512 8cc11bb25a689a885fc462a460322b8aa284d210faa5849d34b235e20e7815e09490148337bdec0f333caef58d3ebc851f70ece0d3784f19b97ce1096457b1e9

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 c1fbc19e6b5d8b100a3d8c014497159d
SHA1 867e31fb3fdb3e40cb61358189ba08cffe634804
SHA256 e5f0c80096c77e10f7a920f2da47869e1b629b9af8b6e67e2f883a48441438c0
SHA512 338cd702b41a5ccfc6307a19d5dfca018dca041a4ae6a12d5d4fd946d4760c42096ac09b1d1d226a1f76994401cdcc86bdd6672736a26e3182617c975b256516

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 eb7fc915b1646a6ca6fcb4e83c06ac2d
SHA1 e8508bce49cc39d358d533743b9c214776338721
SHA256 b9a3b3e60cbd5def30e3e6f9192f4f3519b06294dd602a386cf585f89fcf0176
SHA512 6055666f83d32c649c81875701d79c881bec93b418515afc5b985b1e7c0512a7c2710f3cc0dfac7ea1bfa598e67cbc00944ac52aa3967b73c8a5440046ee3f7c

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 8d1412d12f664f231c3ac9780c336b41
SHA1 99ea2705a7bafb2b49fb120c1e51c76d6e46d602
SHA256 0754c55f95649d2da4db5da3e0d75588b0844b320cfb9cfb4552e973fa5b3a70
SHA512 148f07f96a340260680709dcb855ef209bc578d680db1b9fa1fb6d8a32baa3aa70b1fc4714daad5e8acbb60b1d5f9a57db95dfbbac6a6c9f6f90a6a3e68eb48b

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 10a7fd7c9fa14f471c57cc0a5b4eafac
SHA1 9943c0f05570c3dd8e5f4fa35051c94611ff2e68
SHA256 7bcfe784781dd832be65464d55cb90ef1279233be17a4a28bd4d5779645e41f3
SHA512 f4a97cd7b07d6d94cffd4d38a9846113eb1682070d0a466336e0f9a1829c3d24e32bb639948e189d06b64ffb442713b2a3bf9ee1397beec5b2019548850c8c48

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 9d6370c69a67698aa5af28e476abbdbd
SHA1 d8fe7afb0d2f5d603b7ea8e73282be8cd6376c7e
SHA256 11d6fe151af6ecfaa5e0cc50f7a9a3ca0a8250a6820589f7eed02234691245fe
SHA512 716daa3a2ed2435dd0bd4d3ceae5469e524e719286c856cdd4a4d2655879af2ae10ffaab16958f868481f93060dc2be4dbc5b27886a5e6e20a9e88be29e8f02b

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 1a7a97de58c118fdfccc3809d2f7a7ae
SHA1 034d121ff72a63de266c0b3c55a5f57310568d47
SHA256 8494dab18d465cd8165774a96a3cbbf81b497951b35732b237357bcfb3f23199
SHA512 ce3eca8c1a3bd5d6f04f09f78c722ef0caa486303d6d82c4c82461eb84704be0efb13a6252ebc7300e1a530433e9887ecb7779036aac9078356fb908a75ed6de

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 886e06a557fc972f6332ef2b14df976e
SHA1 86f69e17a321e0e6856892499ab00656a13dd499
SHA256 41a94f25496d84094f2c56fee1e8477652082e12952258260408cd0afdcecfaa
SHA512 bd99732e7ce953fc4a3b55c1862c5a82177eee11fe5260c45044d05ad8284bd57f37c18ffbf0bd867ec8e76db7137dd55b26eb0a521adfa4f687adbd3c7dff11

memory/2900-1843-0x0000000000940000-0x0000000000950000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\14.exe

MD5 e6c863379822593726ad5e4ade69862a
SHA1 4fe1522c827f8509b0cd7b16b4d8dfb09eee9572
SHA256 ae43886fee752fb4a20bb66793cdd40d6f8b26b2bf8f5fbd4371e553ef6d6433
SHA512 31d1ae492e78ed3746e907c72296346920f5f19783254a1d2cb8c1e3bff766de0d3db4b7b710ed72991d0f98d9f0271caefc7a90e8ec0fe406107e3415f0107e

memory/3124-1859-0x0000000000620000-0x0000000000630000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 015315aedfd0c8b43662ab321d435062
SHA1 d4ff75bec63145cb9480456c385f8c06c775e609
SHA256 bfe63ad5a96aec9494ef7c7ee95e142adbbba2026ad71d4b49180f147501f642
SHA512 e4df2d9015e738eb204cab7477fe8a7b17f3df8b55e587b4f2224ffcea82ffce6f22417d866c37cae583db244d5b705c5d2971e4ab22386c364ab62ed1aca2cb

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 6d524ded15c55ce3e10591a3e6a9d739
SHA1 699b8d4e3761efe2850f6d7e40022c7c943fed9a
SHA256 49e21bb5b0c9c1186b4ec052ee8976c2a09b8557ae765bda4a800b70caeb2e12
SHA512 9ecbdd50ed106f2a39d8c93d6b2b9ba668c1bec77eec4e7dbf33fe26d79883773478c1ebb5d0344f4b0fc30938e4421b10272fc8e574093653a82090c1aba51a

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 f48b56b96f08694b343b390972b98f9f
SHA1 28fcaf0aad04d9448324b95e54ef370e1e4e39b1
SHA256 03e7c92ed8ec756732b5ee1f9886ad8b3d79307db410071ae6e4ffb24ea6d60c
SHA512 e954d84ad8bfc88aed8b6a7e928269b7e8802ee8afbb6e6a0fbfcdfb7afa67087e5af05d5fbb440a4cce2d2ba8e31c7e1c773daec62e7911adc84c4a2fa26980

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 20b9ef2ebc2e789e9aa366d56dbe8dac
SHA1 0f1577182b988163cbe4fa8c433bdfa7d8ac0e91
SHA256 836906284ee10bcfe0a80e42783bfd812037765862fa19202e2f697933331669
SHA512 4b73cb8ab5b7bf51eb4e45f8613d91f5e8481e63152cd6d9f864fee9242287e0818afb0909639b9f1ca56990a007d2ab8e8dbfe03b8d4c1c94e9f6f54b713d7d

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 76a42d40c7eeac893f23204bc6c87230
SHA1 acdabfc50aec844afa7615337ae2f47dd489f1dc
SHA256 191ef98e77aa62e6429f7da3abaa8a6f822f160175761db419ebd17fbb74e78c
SHA512 6d6de0e8f5f0539c3123c03233fa3fb9e01f37f53d716e2de00e33e8d5e4272e296344bab373e5b1b14f85237757e05782ec5197584f2ac0db632e60e5f3056f

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 ffbf77ad941ff89c2f4346aaffedcc5d
SHA1 08a05fdbbda7208d87a0f49ec9070660f3b43cc1
SHA256 e9edff189648b70170d7ce3d5e64a5a57bca58a0f45e5eee66a551661edc9a3c
SHA512 55ea94ec0e2ec992e45e63cb17cd3ed4d45a46361b74acf12571460db477b15c9f4d000633f4d433fe8124c3bd7b852c59a83e81eba446e3400b25d8540e5cd7

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 3d1fcbf1bd4e636867a65c5156b3d676
SHA1 1a2c410cbe3d2311ee10a43503d0e398f5ba17f4
SHA256 42a651087f8f99f4118fb4677c4a280c4ee03bdb7a14d0553359b268fae19545
SHA512 69f5257d6ef7a4c8bea3fa1a1fdc6ab5b8ebb630b08cce7e2a075ccb35ab3e6da275fa14a60938420d277cc21c589791c6551606da45cc83f935302eafe85120

memory/2752-1675-0x0000000000140000-0x0000000000150000-memory.dmp

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 5cb9b3538d7f31d56bd81621d4eaf3f0
SHA1 87e5d60a9400ac4f2d3ebaa5535181ccf953c2d5
SHA256 c39f73fc086de4e1563b6d7dc0f504f9b61b88a5d0fda36eea9597a6e94f43b9
SHA512 3ff67038ed8c0605bf0fdeee9fec0712af44cc56d98c8e5ba9e097f0873eb8c7039aa6eafef9f5339d4d4e5c10a79ba567f3177aab845be5e5564348ac64189d

C:\Users\Admin\AppData\Local\Temp\13.exe

MD5 c76ee61d62a3e5698ffccb8ff0fda04c
SHA1 371b35900d1c9bfaff75bbe782280b251da92d0e
SHA256 fbf7d12dd702540cbaeeecf7bddf64158432ef4011bace2a84f5b5112aefe740
SHA512 a76fee1eb0d3585fa16d9618b8e76b8e144787448a2b8ff5fbd72a816cbd89b26d64db590a2a475805b14a9484fc00dbc3642d0014954ec7850795dcf2aa1ee7

memory/432-1910-0x0000000000B10000-0x0000000000B20000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\12.exe

MD5 7ac9f8d002a8e0d840c376f6df687c65
SHA1 a364c6827fe70bb819b8c1332de40bcfa2fa376b
SHA256 66123f7c09e970be594abe74073f7708d42a54b1644722a30887b904d823e232
SHA512 0dd36611821d8e9ad53deb5ff4ee16944301c3b6bb5474f6f7683086cde46d5041974ec9b1d3fb9a6c82d9940a5b8aec75d51162999e7096154ad519876051fe

C:\Users\Admin\AppData\Local\Temp\11.exe

MD5 6c734f672db60259149add7cc51d2ef0
SHA1 2e50c8c44b336677812b518c93faab76c572669b
SHA256 24945bb9c3dcd8a9b5290e073b70534da9c22d5cd7fda455e5816483a27d9a7d
SHA512 1b4f5b4d4549ed37e504e62fbcb788226cfb24db4bfb931bc52c12d2bb8ba24b19c46f2ced297ef7c054344ef50b997357e2156f206e4d5b91fdbf8878649330

memory/804-2052-0x0000000000CA0000-0x0000000000CB0000-memory.dmp

memory/2972-2041-0x00000000005A0000-0x00000000005B0000-memory.dmp

memory/2256-2034-0x0000000000D70000-0x0000000000D80000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10.exe

MD5 d6f9ccfaad9a2fb0089b43509b82786b
SHA1 3b4539ea537150e088811a22e0e186d06c5a743d
SHA256 9af50adf3be17dc18ab4efafcf6c6fb6110336be4ea362a7b56b117e3fb54c73
SHA512 8af1d5f67dad016e245bdda43cc53a5b7746372f90750cfcca0d31d634f2b706b632413c815334c0acfded4dd77862d368d4a69fe60c8c332bc54cece7a4c3cd

C:\Users\Admin\AppData\Local\Temp\9.exe

MD5 28c50ddf0d8457605d55a27d81938636
SHA1 59c4081e8408a25726c5b2e659ff9d2333dcc693
SHA256 ebda356629ac21d9a8e704edc86c815770423ae9181ebbf8ca621c8ae341cbd5
SHA512 4153a095aa626b5531c21e33e2c4c14556892035a4a524a9b96354443e2909dcb41683646e6c1f70f1981ceb5e77f17f6e312436c687912784fcb960f9b050fe

memory/4912-2083-0x00000000002C0000-0x00000000002D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7.exe

MD5 c84f50869b8ee58ca3f1e3b531c4415d
SHA1 d04c660864bc2556c4a59778736b140c193a6ab2
SHA256 fa54653d9b43eb40539044faf2bdcac010fed82b223351f6dfe7b061287b07d3
SHA512 bb8c98e2dadb884912ea53e97a2ea32ac212e5271f571d7aa0da601368feabee87e1be17d1a1b7738c56167f01b1788f3636aac1f7436c5b135fa9d31b229e94

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 2fd43e4cc37cf2c984ef03e1b3596ae0
SHA1 e420c103d23b4ae471bf2e779586e6249a8c41be
SHA256 839a5162eb0dba49eb5cc9fb396e65d23587ec94419034cbd3ecebdf5fe7e2fa
SHA512 6ca6ba15b728101a80168ba36505b60c0723fb6d3b3af12223094f0e78a029aea1e25a290d46e58f9e54b1f23705c73caa66ebaf1f83c4f8f531381a97d149a9

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 0f682591a3985dbc50e921f1cf608a3a
SHA1 f795fc04025813205469f7bbb6542d42fb72a772
SHA256 a3f35586900bd46abb1295cf63306437fd8f349830eb3e2636b3fa6fd1c449c7
SHA512 bbd0a226b0a7d3772a14b1654f84a917f8bd8eff8b0f8a95aed3984d8a5727861387ec9379d5cee670bf865d1a1a39e27106815235ddb6128b6eb88611ea9833

C:\Users\Admin\AppData\Local\Temp\8.exe

MD5 7cfe29b01fae3c9eadab91bcd2dc9868
SHA1 d83496267dc0f29ce33422ef1bf3040f5fc7f957
SHA256 2c3bfb9cc6c71387ba5c4c03e04af7f64bf568bdbe4331e9f094b73b06bddcff
SHA512 f6111d6f8b609c1fc3b066075641dace8c34efb011176b5c79a6470cc6941a9727df4ceb2b96d1309f841432fa745348fc2fdaf587422eebd484d278efe3aeac

C:\Program Files\Java\jre-1.8\LICENSE

MD5 71a49bd919baa5cb8e7fa25e440b2375
SHA1 49b303359203ec809fd84e495885c9145ea501e8
SHA256 0b9bda5e72295e891bf225d0c9437791dcc2d621bb9bd35ba27df61f0cc7c448
SHA512 61cd157f684497de34ea89bf42d51214872f615fd292a1f5eec98ac670fb775922eb9dc90d7d0a6429f6de2ac0dced4583eee95e900711d9f3786d9c0310747a

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 281b7c92c7cc88314aab2685016e2ef9
SHA1 d2c42a83bf24f75ac980f4dd6aa1de55c2c20911
SHA256 de293a606f714ed5b0e7486a7536e1c601d6f6509b384e12a6d0918597fa8c95
SHA512 0aaad2027acc1c8e64dc13c80b377dee038c908de30783840b96f531c42730bebd21e33b2d874a719cc03964e74e965c687459f2e41f9145e1b8ea202745a72d

C:\Users\Admin\AppData\Local\Temp\6.exe

MD5 27422233e558f5f11ee07103ed9b72e3
SHA1 feb7232d1b317b925e6f74748dd67574bc74cd4d
SHA256 1fa6a4dc1e7d64c574cb54ae8fd71102f8c6c41f2bd9a93739d13ff6b77d41ac
SHA512 2d3f424a24e720f83533ace28270b59a254f08d4193df485d1b7d3b9e6ae53db39ef43d5fc7de599355469ad934d8bcb30f68d1aaa376df11b9e3dec848a5589

C:\Users\Admin\AppData\Local\Temp\5.exe

MD5 84c958e242afd53e8c9dae148a969563
SHA1 e876df73f435cdfc4015905bed7699c1a1b1a38d
SHA256 079d320d3c32227ba4b9acddf60bfcdf660374cb7e55dba5ccf7beeaedd2cdef
SHA512 9e6cb07909d0d77ebb5b52164b1fa40ede30f820c9773ea3a1e62fb92513d05356dfef0e7ef49bf2ad177d3141720dc1c5edceb616cef77baec9acdd4bbc5bae

memory/112-2271-0x0000000000720000-0x0000000000730000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4.exe

MD5 c24de797dd930dea6b66cfc9e9bb10ce
SHA1 37c8c251e2551fd52d9f24b44386cfa0db49185a
SHA256 db99f9a2d6b25dd83e0d00d657eb326f11cc8055266e4e91c3aec119eaf8af01
SHA512 0e29b6ce2bdc14bf8fb6f8324ff3e39b143ce0f3fa05d65231b4c07e241814fb335ede061b525fe25486329d335adc06f71b804dbf4bf43e17db0b7cd620a7c6

memory/4416-2314-0x0000000000930000-0x0000000000940000-memory.dmp

memory/3780-2381-0x0000000000130000-0x0000000000140000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\r.exe

MD5 a775d164cf76e9a9ff6afd7eb1e3ab2e
SHA1 0b390cd5a44a64296b592360b6b74ac66fb26026
SHA256 794ba0b949b2144057a1b68752d8fa324f1a211afc2231328be82d17f9308979
SHA512 80b2d105d2fac2e56b7ea9e1b56057e94ffe594c314ea96668d387ab120b24be580c58d68d37aca07273d3ce80f0d74f072102469f35cb02e2295817e1f16808

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 012a1710767af3ee07f61bfdcd47ca08
SHA1 7895a89ccae55a20322c04a0121a9ae612de24f4
SHA256 12d159181d496492a057629a49fb90f3d8be194a34872d8d039d53fb44ea4c3c
SHA512 e023cac97cba4426609aeaa37191b426ff1d5856638146feab837e59e3343434a2bb8890b538fdf9391e492cbefcf4afde8e29620710d6bd06b8c1ad226b5ec4

C:\Users\Admin\AppData\Local\Temp\3.exe

MD5 a83dde1e2ace236b202a306d9270c156
SHA1 a57fb5ce8d2fe6bf7bbb134c3fb7541920f6624f
SHA256 20ab2e99b18b5c2aedc92d5fd2df3857ee6a1f643df04203ac6a6ded7073d5e8
SHA512 f733fdad3459d290ef39a3b907083c51b71060367b778485d265123ab9ce00e3170d2246a4a2f0360434d26376292803ccd44b0a5d61c45f2efaa28d5d0994df

memory/1284-2416-0x0000000000C20000-0x0000000000C30000-memory.dmp

memory/3944-2401-0x00000000001B0000-0x00000000001C0000-memory.dmp

memory/4256-2163-0x00000000008B0000-0x00000000008C0000-memory.dmp

memory/4616-2169-0x0000000000680000-0x0000000000690000-memory.dmp

memory/64-2422-0x0000000000950000-0x0000000000960000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1.exe

MD5 8ec649431556fe44554f17d09ad20dd6
SHA1 b058fbcd4166a90dc0d0333010cca666883dbfb1
SHA256 d1faee8dabc281e66514f9ceb757ba39a6747c83a1cf137f4b284a9b324f3dc4
SHA512 78f0d0f87b4e217f12a0d66c4dfa7ad7cf4991d46fdddfaeae47474a10ce15506d79a2145a3432a149386083c067432f42f441c88922731d30cd7ebfe8748460

memory/4840-2459-0x0000000000160000-0x0000000000170000-memory.dmp

memory/3728-2490-0x00000000009E0000-0x00000000009F0000-memory.dmp

memory/2792-3283-0x0000000074C70000-0x0000000075221000-memory.dmp

memory/2792-3235-0x0000000074C72000-0x0000000074C73000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 5926d16542662f6575812977ceffd143
SHA1 927daf34ac8a51a744a385371dd60e9c90c4019a
SHA256 6a9255bee1217d848e0aedbb0a0bb797a4f7edec95a39c71d1840749dac29cc4
SHA512 b8163e49b36a24fabfe85d41287b1e4730373721dae034bbe98fefc7dcc7acb39a48a35f2cd1bf15ad6a4466f37779739a5dcc7e4c9bd9aa61f084163935c0f9

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 58e280cdc3928eff93fab606734c098d
SHA1 1d27a34512c705f18d567f5042d30516e6ef158f
SHA256 c27939d31b654e2d4096c085dd5b3f0da8748362d5c391e5506be13338887b0b
SHA512 5510d854d48cdd2877621f66f8e4e2e0fcacd120bb3725eaf7e5e0722b916453684521e9ec5d73d4c1260b09ca34c9f521fc9552da4d79aaf3cda1de21c84aaa

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 ffcf7ada9c54060fd2c2d046571269d9
SHA1 64da46bcc5fc6b5050f77d1f9361da9132cf3d8e
SHA256 0f9d5019ce1d53ddcae92851de5400c8dd035199f5b83e4863795c1e638392e2
SHA512 5b9d830b310e7005f05a1d67f1c6be108d7187f2390351760a718e314860c926b7f593be67b518c1bd9e286dfefb53b091d71bf88a42a9e707f1622f5219d240

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config

MD5 51d4df8049270d3a7a4a5db4b3e558b5
SHA1 3f40d7ee5e6ccf5524d55b96e4284642fec2405b
SHA256 0d8645a7591053bf9043bf14e41be802c2b28d78c8145537bc2310e5511bc857
SHA512 e413e552cce51beed6ca34478241b66e659b6a4d6674f7bd8899b207cec9b7ac75aedc3e5412f3638983c1270a4dc0c08aff48ef92d24b78807f2afdf6f54ad9

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 5615a94dedff52d2751f8e24e3c3f904
SHA1 5d63bbe39366111d1012224d50340774d520d956
SHA256 c9d1e21d917a3f1e0769ea06f5eb28b1f1b7449664400bcb15888461f0631ea4
SHA512 23451363e3da0edc621300a5e02a077f867e486ae2edf9ff7894c79635e512ee9edf48d8455956b036e79097d31d8ed0467e7ff7b372df84de00c907b01ba37f

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

MD5 1f4b6c0b3753ad8141e39ed6a37630f4
SHA1 e8acdb4b4d8bab987cd73b14db3678f14a9c3776
SHA256 7f92131bb0ff7b0f04a02675851eea8afbbe62084aa147d40a913f43b07b3909
SHA512 96d4c76f0799235f8b28def0ff027db2323394f4c6d03a81fd71f44c62e98036b099e1cc3e4ea87e7de49bf126b556716c9bbcbbf57075d28a66ba39b3b6793c

memory/5452-6509-0x0000000002C40000-0x0000000002C76000-memory.dmp

memory/5452-6578-0x0000000005410000-0x0000000005A38000-memory.dmp

memory/5452-6635-0x0000000005BA0000-0x0000000005C06000-memory.dmp

memory/5452-6634-0x0000000005B30000-0x0000000005B96000-memory.dmp

memory/5452-6633-0x00000000053E0000-0x0000000005402000-memory.dmp

memory/5452-6687-0x0000000005C10000-0x0000000005F64000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms

MD5 5234c77042820a46029c590bca331274
SHA1 0998015e8375aad6acd4622375bc10eabf82569c
SHA256 b8b6dca482a8424f0e9e4e5eb09b643bfba5ffb898359256077454ede74b1fed
SHA512 4aeee3320ef62a35ab589f53f3701b38e531e3412b531d7e392242b9f39c2549b4ee64b9e78d4f2100e69143d32f398052e8c249024e5a22f9d75f4878d8cbbf

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_b1btifzk.qle.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5452-7035-0x0000000006210000-0x000000000622E000-memory.dmp

memory/5452-7050-0x0000000006230000-0x000000000627C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\web.exe

MD5 479d634b8cdc46beddfcb661074c0b5b
SHA1 7f372306cf0993805f47811c5a9eedff623a5a93
SHA256 54c39ec66c7b3abc097343d81496deda1d41299f321abe7af9797fdd9e9ca922
SHA512 363181cbc07f4261cd1f69f18fbe5de77575b34d950ffd9fb46b7c866144bf5c2791b1bcce87812ab579dd5db5e830ef86d1d5cde84fe7bc98b12decbc946d57

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

MD5 ad82be51a9339b6a5f3ce375bed5752b
SHA1 1e96d28f8cef701390d8d5ec1bef99a74214cfa9
SHA256 c9c7dc81ff06b6ae7a152d810b91b7e669711267908eccd11fbd8f9fc1b27c52
SHA512 4eae3a400578650384d6c94f7e80535807d9be0d8859614fb68f8e3c89ba642c0da6efe1a38047c05153c2650a6bf6e8013c693cc05e7bba0f3ee8a1d363132f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

MD5 1d3f00046899b4c6e203a9f4adab93a4
SHA1 084e821c20a42c7aeb26bb474114bee193b59ed3
SHA256 fbbc51ea3555dc52c5db7d4017012401adc61ff828d254daf329c6ec6116a41e
SHA512 3cf9ac872e9c97cdc528537adafe7eb122ade5b3e2f0d262822c55e66f48ad2c61278c8528ab3d1dc16112f0d1a999e43e50fd8971b9e52063dd262102dbc531

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl

MD5 0de3de173c9ab6901f4b0f4dce7de418
SHA1 05128b3d7fd504d1ece417e59b4da15deb729561
SHA256 f05bdbc0d8fa1b07a9d002d25b2c7e782a7e874bf8040540379db21e4d3fa16b
SHA512 18e9a52c770d75a6c38b05d87554b0d25e79c45c1600e4b8c429a43a0287cd836c76e0334368b415c0a53c46e627eabcd0fe8e567b7d84b05e60786e0a991d42

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

MD5 df54667ab6c422b966f2a25bd5846a55
SHA1 acc488dd35cfd025bca353cca2387efb728e1471
SHA256 b9d4f699d423542f602b06ca9de34bffdf67a1ad31d449ee4c6dde14e8a1fda7
SHA512 88f5e9ebc9700b3fdb33c23189c3762bb84c3e98e53fb7b13713ee63f0eb44547281653376294478f901cc04e72a8fdf09d570b0af429b03e5632fa60c4321a6

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

MD5 98837d8bba3effd3239fedb4c33c0d50
SHA1 ff5a191a56a7ffa66ddb0ebf13c58547fc038a74
SHA256 7cbbe7958ff9626138df6852971a06ae3087e5f537c7a1ad0bab76096220148f
SHA512 bcf2b12a71421816b9b170256d266617fb73a7d0907e8cb32a6003ef197072087b217b787c59fa89a002e07eb7fd252e9a3e1329df224fa7a8ccb45939d8e620

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

MD5 ee4d8bfe5f9f6c5238f4b3b7df340e22
SHA1 2c9ff1266f1db34eaec39fdbc30719cb340f62a6
SHA256 c260d3d48cebf873830f4e65973fdf9dd6c3bb03d1569a6666225f55636bfa46
SHA512 0f984bdcbfba249bae877806ab7fbf47b125caa8f92ffb18e0c1ce4d491a663fc9cd66ca54e4c5e9b6aea654789f960a5db41fcd5c1bec36cabeeaf967a5a379

memory/5452-8188-0x000000006CFD0000-0x000000006D01C000-memory.dmp

memory/5452-8175-0x0000000006800000-0x0000000006832000-memory.dmp

memory/5452-8202-0x00000000067E0000-0x00000000067FE000-memory.dmp

memory/5452-8213-0x0000000007210000-0x00000000072B3000-memory.dmp

memory/5452-8431-0x0000000007C00000-0x000000000827A000-memory.dmp

memory/5452-8440-0x0000000007580000-0x000000000759A000-memory.dmp

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 8c7a0aa8d48365a971f8d27bf0965d3e
SHA1 741f67d7f7ef6e08166b74513c308d5820b6f3f8
SHA256 4b5261cbf442464549b2fd3262a6cca763af040e3366a6e7b07e2a3c6fe650f5
SHA512 ebb4bf6090e33f2825c5949ab0afc11231ba4d64e4675ba1f99b297674d032d55700c7200294a34dc754a7db1f5a3aca5c7ecf4fc978fac437bfd211d116173a

memory/5452-8545-0x00000000075D0000-0x00000000075DA000-memory.dmp

memory/5452-8762-0x00000000077E0000-0x0000000007876000-memory.dmp

memory/5452-8859-0x0000000007780000-0x0000000007791000-memory.dmp

memory/5452-9431-0x00000000077A0000-0x00000000077AE000-memory.dmp

memory/5452-9496-0x00000000077B0000-0x00000000077C4000-memory.dmp

memory/5452-9565-0x00000000078A0000-0x00000000078BA000-memory.dmp

memory/5452-9595-0x0000000007880000-0x0000000007888000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png

MD5 c9af76886b2a02e96c62197b7aab9d14
SHA1 6fc90cafe18e800cb970cdf4c16b3f5f39ac89ff
SHA256 df2789cf36fa731579fedb010aab137d4d19203af420e7215ea46c51bcffd272
SHA512 53548113bafa967a4644368d2bbe32684a08c0aeb6fb7ba93654e69277c0e8943d911732a603889199fd462c015635fc03dcbf38abd2a2490c8c5901e9e35de0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\duplicate.svg

MD5 54fdfc10a426334017c3f67bc3d0084e
SHA1 47afd80879aa0c77e01498712e028954a61a58a6
SHA256 fcb3b23bc8b656d3b4e1cb9f9a4af9bbef5d740ac0a16fc61038cdbe4ba67531
SHA512 e9be7f5a1cbc1364a264996357d2622d48e826f4c16868e4f487b8761a28739c60a74dc6f031d1df3f961de769fd3ada753158a8395a2a075e9399a1febe1912

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg

MD5 7670c3acb2c887544cc02598a260539b
SHA1 0fe3d634efd4d4f07483ee979fbe8ba5dfdaaa79
SHA256 c407f5659494b5026ba63299bc2fe054c5b16577537ff22e02c3f7e11bdb173d
SHA512 9547705dc773e4859528b475ba0d58fedf54d1787a0e604f35f87719e6980ae1d79ab6f362bef587d9a957e5678a727e4995fe56f079034381a4c3c9f2901fd4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 e86ce90fa258c8a0f0724bbac8161976
SHA1 81dfbe41178f1814442414217b9ecd1f454e793a
SHA256 92bdcf14e1c6d2ee109294bcd2ad35560155c49cf59a6d107f09f1baf665be04
SHA512 2923d22f63bc410e15e7d080619bfd3da2de0e65b8e7c4798c909777517cd52b27910cf779aa4f3692afef95bd2e9bb76337dc809a34423a32cae04a2649ec9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 7e7fad5f13b6f76bf3e538290199781e
SHA1 15343bc012b5cdf37f64e23e798210274869477b
SHA256 181e5a0eb73992d28702aae1dc0598fd0878518456ec9e3980b4179d3b8b0ebd
SHA512 29d7256f1049e624a729b7be3a46ecfa0228d556a5c798ab4e1865edbc13835958212adec9e3022c9ac3c04bfed681140b7c5fa2dd068f27257734513c75de16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_backarrow_default.svg

MD5 cd61a39af66b6accba7addd7bc1dd1a8
SHA1 f6984535cc5877396ac5c1b74ee0bfcc21284a90
SHA256 a392ca37c19aded4f92bc73081a5814d961e55db3a656954b4a307d771511902
SHA512 c765a3fd1d47f058902f798b455bccb2068c859ef45e1eb188495e57b40ba7e1a4e04507bca70cb2b7d6354efacbb3cd9221745f141bc7d9f34c53116ef358e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg

MD5 32160b7203e1e848688522f95754db16
SHA1 f0e85bb409a2c3ddc34dc9d33f8dfd7d71402dd4
SHA256 12796ceca4dab9918c7b3b2c66939f187fd2e41522cfcb78000feebbae764e14
SHA512 95a34e09c1596b4876ac2f9be74684e3d09315ecf94d0e090aab24d29c8af2f3d025cc027fbd142afeb44302637be237e8ef2164086d357848884c159303bed0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg

MD5 b3d89890471525bc7fa1105865fe8fb0
SHA1 b3137ffc65066483470da559d4ad38f9f18e2526
SHA256 54d85b7eff6656bbd875b40477b929e93fb8438cc744cdbec999d5c58b75b623
SHA512 bb7501de4bfdae77bfc65022929b6381c3017d5443ac41cf1e1a8434b6b9dbea63693ddb5ef72a60b0891953a648fd977dc8d7d65f760700ddd4adf1b4af8971

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg

MD5 20d4eb6244cb07783b9cc1a16b4cdd4c
SHA1 563aaf891b4d8750bc25ce207d37460dcc5ddb3a
SHA256 359dc0971904df63bdd4616cef1a4be1148010162de81c3013441d813e043aec
SHA512 9dd70e09c05c4f75edfeec95316beb3911f94edbaf93d524751a575fed537e081f3ca4245f92b29539a27ef924cdfac27edfb95777720b3017ca6e0cdbc3cba5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_fillandsign_18.svg

MD5 d3d98ce7dde3fb426a15c3bc61147f22
SHA1 31e833ae304ccfbe790021d1be42bfdf0e536414
SHA256 b65c991dd11ddad467da552337f48f83413494c105d3cc6bf895b42f274bd00f
SHA512 5327cdd519619c79708de9d70d820e90efb7e3944c36fe3e924d8f6238e3e528828e260be3c1fd93c5990b972ddc62f7b78eaf0c744882217f963d24c46841a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_export_18.svg

MD5 bd80b59416cee4e647ac8d48438c1295
SHA1 c24cad383e4f1deb2a76fd7063e7022e2c6b258f
SHA256 caa948bc8c1c6a0b773383e13381c768493b994f66012aeb73c17779b1f7a08f
SHA512 8fce8aceed9669af9abf2929df229cf3fb249469500961b07a5c7f6b311e88253fe0279c6bd080be32d1ff3be033ffae6f7e34b0a774cda45764e4318e464df2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder-default.svg

MD5 b14117b2e4e8039240641b808b7a0220
SHA1 5ecf82fe69f400c4e3fedeb3ac592a89f004d559
SHA256 5c42c7a335510b156b992543528a33f130366484cb380bc1a11427f6d5950aa7
SHA512 39d679005069676b0d3453ab31d4e08d3a3445b2e13696c153f34f8d3516b80b76610b0c51812e6716aa950efd72511c8773d6b4b753899ab856316b2285be3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg

MD5 86052c90878a134910c542cdbc65ba2c
SHA1 756f9a027c0c0fdf811023970f2468aa4e0bc7c5
SHA256 d5461f4225895a248bacdf6727854b19c702ab89e1643a02fd15db9894e15273
SHA512 22abecf2f41bfef4022cbc40066bb27fc0cde67467e325eb3d84ded8798de1534662e35573b7fa97bdc3f37b21109c90be4b1a239357615718770c45964f0c96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nextarrow_default.svg

MD5 9a1eb336be8ee0d187d0e9d68beffa2a
SHA1 87151638e588ac9bcd5a89fedad681435dfb663e
SHA256 d4598fd7a12a4e5f67c2865944c028bdd8a8faa54ccfbfe5c34a2bff71def03b
SHA512 b9f8a19ad8421877db349aebabb37d8e5a82a0878f4c6d186a6e4cf0d723395fba63701e712eb1e0ac69178f2a9c1891f2a057f39b2353657008e90e57096e66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_organize_18.svg

MD5 460a9f33d84d79ba0e1deda3bf3e8ef0
SHA1 87d0e8c94e1b3c80636a1d8e4cb8ab0c6c038f60
SHA256 de915a191d1296b7aaa4f44b66459cd97e5e28cda5badf5c45f1b9f84e4abb72
SHA512 49be1946ab191e170733e27d17211116e4fb7bf666e5a01c9e8010df957fa59556927e6ea56d0b638c27dba5cd3e3819c73c0b93c6b5652287c5bf8076498b15

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_rename_18.svg

MD5 0b22606311d4fecf511a703998e029ec
SHA1 56d078f815603e4bcbe5e5f307bb1820e018d9fa
SHA256 d1573ec27eb11848c3db823abab4dbabaa1e5847486c302a91affae78f12d0dd
SHA512 a7d6a93b0151b50eefb5c7a3871134ba07e28c79063068905ca732777c0f27647aca0e2257b371074ed7c30c512330ce942c50c91ad6f547de74b5399e4e2f9f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg

MD5 44a2a91022ee97616f27fe7522f72899
SHA1 da84881db633c5f37d1d4842f3fbe58ab2bb570a
SHA256 1c34c64e5812efe1f526ba4355421e0b194a8e042209ba0c53de32adf6214179
SHA512 75c074beb52fe51b15f867cf5e49eaaf84f1ca38249fda62168e668816dce2468ec6bf502f153a45c114d3c736a4eaa96c36b8b46dca116c63ea52182be7d957

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg

MD5 f12afd2313d9308082a0dedd3231ff51
SHA1 85ccb059c6ac7ca9ecbf65e2e5d100a28d8fceb8
SHA256 7dd91d52c6cefc814b021d95a06cc7c23f92d5a10173d9dc5567a6f5f5d7335a
SHA512 c5775f26e7a2614bf2ef6d7fc857847a883cdc9c6a4251ac7b637c8c1fed2e9eb48157975e73ab57f1a36d6ade34a6d252c301ce6c86ddef798276a5216948ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

MD5 72bf19e73ccea759faa779fb0757bd52
SHA1 c47b45e0c646832fab4bf6549fe18f3d9d6186a3
SHA256 deb68e140f9d4751703269232a71d6168e9a8742944334de44e9be570124644d
SHA512 dfc4b62b8674b8c99ce7406575eeaed34587ec3d54d015549a32e6c3ce5ccd226a1d91e8ccb14a5b09926e83c3fc5752d822a3887787d0788c00408123fde4aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 491a7a05506f682c1d50022370328ec9
SHA1 f6b03828dd70150dd74d6f53af7bb6b1614d8a43
SHA256 01afb97bc32e1270784a958b84443fb7b4f438c3743891283641e3a27e7c084b
SHA512 4c377fba75fdf8fa1694be83195a9dc2a8f275f53629a8ec568027a0374fbdee7a3276a9f4671aebb63acd75aa9cc087187b4297ee80de835a576c47ddecd115

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 70f0001ff7694fe87604fbcfb8ae4132
SHA1 4df5d31deeb289ed3f22119c55c663ba126508a2
SHA256 340809072c232fae39839e5bee2c37a2f6766cab16fa233c0ecddc2b2f3cb5bf
SHA512 caf3b061427baa068d2cb699c4a576fc024d27ae71e96a0e1033f185bbb585b0a9ea8a2f9680972d60072c222a9620db3cf4d618fe81bceb3d5ddc9cb95db791

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 0dd69ada96a1660eefcca71cb020da50
SHA1 a6e6bc7c14a17b7972981d31ad73ddb26b26eb7f
SHA256 cd5b0aa04286296949ed886af9225a0b0aeaf766b29053b76e1bb73d17fdec40
SHA512 12ddb28c107d5d79d16f99a8304a8219f18d99997282780ec62453c0f1271d94a73b24d9b22ddbf7ac936c7c4548fe0b44e33ff3586e00fb757b0d948fd696a5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

MD5 768e6e2eb74d6d7a8c0420e318453e4f
SHA1 b5e9083931b300fe6e15b654840fe3650b225bff
SHA256 fa1a36688bf08c7a7fc346fcc8a425ca29256c48bf5cf74a0796965de621355e
SHA512 b7baf912f633e1bbf621e14ddd6a0e135992e90399e685bcd176a458877219560e6e72c302678bfd20cb60abf0fc94e59d18b98fac1acf66ce9f6e5a5c9926c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

MD5 d0a554b75a02df47fca50a9638c604ba
SHA1 73c49e5a1fb953150a8074a6f579a151fda16667
SHA256 db73c34a5a92fe2934ebd31cca593b7c599c604c0de7b0d5e59686036a5ec829
SHA512 648135aa5dedf5d6d4e6aa990daf07d25373f599104c454e5214aee15d8f5e8a8bd060449463f71de36c052d1b0f969b39358655b3a4da89965c2889681fa0e5

C:\Users\Admin\AppData\Local\Temp\Files\GTA_V.exe

MD5 cc293dabcbacc1197200d1b68cf748b3
SHA1 489f20536d4abc3f3ae90e54b54a7151a91c7a7e
SHA256 2ab54cfc78c171475da3382b9e93665c6d2375e8f0b7bf1a08f8cb45d1289ba7
SHA512 058daceab9d482fcc8a7df7b3af45683b771d4d05c256c369546bc79c58e142b5aa1416b94eceeab03a3fa14da3e43a463d5a833bf83a3e178ab103f637879b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-tool-view.js

MD5 73bf521c1c60c7963cba1aa1f7974cf2
SHA1 8b8b0b9d2b9a7fb2c366dfbd0ddb3941c12226b0
SHA256 98d1cd7246df41733dae0798cde21fcd07b1e44264d6e6a113d7940d04f2b75e
SHA512 e1544b12a200bc18fe502f3097706dd43aa05f6c7c59cd16e79ebe75b07bad48f9197c0ddcd4eb1d0c5cfce98c375963824cec0a3c600c4887e23490fe0b146b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-selector.js

MD5 2d8c9f9bffa9e8454a7e04e7d087f36f
SHA1 bb5c31b66a68510422e87f7015135873e6cc5446
SHA256 0a471454814446f9d3c6a9637e886b4b339b4edc529f9291542ca57835e32f5e
SHA512 5ceef8ff341cbf93d391aeea401d4ddf7a8b4abf16d88ea19a33b9e35ecd95c4c042aea969a887569e49d773483be0d4b3492e0614d2bdfe8f05a3a62c2edc00

memory/5832-13750-0x0000000000400000-0x0000000000519000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 668a73e4c0efe013e57607e16ace68e8
SHA1 8ec377213d17efde1f0d6b1f5a6f9789dc3e3353
SHA256 6d9ce08ea8e9351709a46e2ad081d656383b97dd9e4724eb359909ad45f42cd2
SHA512 0f622eb019efb4e83a1d259c202d96071a44fa7e0fc871fac7ea0fbf15059eed5c9e85d759fa3448633701f5025ef9b3e09b6bc60105b52e9eb7b22df4be7f64

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 c9c7ad4fb0f71857d5f739faadd5b7fc
SHA1 eeeb6acadc6c503fedeed9e7db10693e404f98bb
SHA256 2d3e797dde67dab9700eb8e23a8639932390cc87402418e014f5fa4e6aa52c9f
SHA512 e4c0eeb45d8df776c74f211bd76f4ce907ce0d05d79fb70d46d0c86e59421680a762ce404e5515d2a5e1c7c15c48097522196930c37ce961597a116c64d99b32

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 f23e20c68a3e9f10377fe9e92d87525d
SHA1 9f54d1dc58c56040613fdc0b37690d7a2eda5cc0
SHA256 b7966bae8458d93be5e89638c433a61eeef84a550df0965da99af41046c61315
SHA512 b5a1776eef582a6639e321d60af13c1090f337e11798b38a96d3560893e83faeb81ba07dda3e0150ce7fecff6d2fdfcbe54f4325db03ee13c23be1e667e94262

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 5b701567e8f0ed02b9ca2909f667f60b
SHA1 f249de4e0e2c5051a05285ae988400d3b873e177
SHA256 1c74e3f35cf86b9c1f78851d0f4a70c2ed4f4c6e8892a9432714114bf406242d
SHA512 c8b6416bb8bdce752cb3c11c757b5bfd4cebda9ad4226397825af260374915aaa83e65b5ace572ff852c4800dcabbe92a053d6ad03bd8b42ff7058167bb9ff27

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 c2896d30d447b068a59725cf680c4030
SHA1 3d5919d9486d701ef0be7230c20a243c9bb92d60
SHA256 57c7c5a59a3f1482ee027acf6892142fe964ddbad3ef93ed27588d340434c0eb
SHA512 66a03c4b66fd0b1f229a0ff150ab16b8c0cd1ded519ba0ccb62468691101180f3add8f5b9fad0c0bb5238f81a484d35a60cada32bb40a23bf913dafd6ebaa93a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 cd5e76a7435952b8ae80f15664ea80ff
SHA1 d3af5d8ae699afb05c3443799a2432229d26df2c
SHA256 ef10c09abca8d0f393b91ec7ad1ab6f7d79effbda7c56fa59f7a3cd9fabe633d
SHA512 9e32d99437a718cb38867e80382aa68f4797d1dc1f2e9b68e09a74bbf35f6d1ddc241149fa595f750ef6bbd71c5f5cffb49d3839dfede4a4e450e07cfd4f8ba8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 49cefa1c507fd12a6d45337f7db5349b
SHA1 336db4046aeb09ae8a64a54fab54ed79c41c2c8d
SHA256 4e33a7e3f375c47d40d643b6240ed32dc04c14cfa45429e724074f40eab2d169
SHA512 4f3fc2ecb8ff9a7833df54a34e797e18bdebb225a0cbe22f258f72194adcac02f45d8f0410f5ec3dc3552a17ad550a4186f76adda44006fe49308fa228a5a298

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 c48642db9991f5f9edec0ca02479e435
SHA1 b76462afad2922b9427034ad61e7894158b33742
SHA256 c055c9b570551fe15ccc91061d5d1841dc2a2b378e04db60a4f06c32ba07a873
SHA512 2bd40e5a35fbce54596444b8898cc7c892cf0b659c6f1af750ef8ce73644456ba4beb04aff94bcb5aa19a47d1ff7a34003b916e3c6e4bd7dd078c1fdba132bab

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 c3ebadd95490d399a2b28cb23b4bd376
SHA1 e03a332432d46323a2cf76cf981a48f78f213b0f
SHA256 5e9c6025d96af905af8070d85fe9827cc8c520d5ac437fbe394e572028975de3
SHA512 55a4dea9decb1423282740a3c7b10795e19b5870902e3f7c13bfe782afb998723cb84e20706254e5d8cb8818237023fed4e509e8981b1709ea93065e676ebb65

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 19afb9be88869f489a2e19cdbef8d8d8
SHA1 1b47ce7ccba31c4f2fbd761ec42147cdb4cbb9ad
SHA256 f23312a4dbd57f6177d7541bea115e7c0330834831c7ad4baab094c7fef4133f
SHA512 cb7293a37cd536f1dc022acff8188c96b6238860cd320f6aad7f6838c3733ead3f8a7a2a7e2643152b6edd5402cbaef171f9ff4f3039315d271fbe4d946a92cb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 a2a30fdeae5db6ba6132eaa4fd413d60
SHA1 7fdd6c8ecd691c1de26b5ef8f28f4b666e607e68
SHA256 ecd575d7095dbf70fefa059568b2b8bb49b3dc5cecebf8beaedea2ed12ebea89
SHA512 9730ad6225ab5a55b201c6da1b725e4c5b4effd89a6a01bc905bf72a82c409a3b13b79bb9b450f70b25abfbe2d3836a4a9f51dacd5fb8726fa2988210f613b92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 52cc863610581ad89cd2b9f365bfb8f2
SHA1 b241bd2cfa78cf952b7be26f8ad79ba4d2f3e8f6
SHA256 68f4f3212e35a3e87146704c057dc06965605a61d47e8e634bfbb6350e05d6dc
SHA512 558e979ad800fabc0f8a7afa45e4e606081167885e22e77b8edec8045abb854f20def0d49f60bfd764cee76b8bdb26f0be5ca6ad134bfac2557c9439ba3d3e44

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons2x.png

MD5 efe9dea2877a28f8637bb6e10631ec30
SHA1 c04c60bef64f785bb3fdbe7ef9844bb2e7c47baf
SHA256 b907682e0f34ca21c0b90930b5759f40897c93e1eb91d6cacec604b4f60db589
SHA512 9940610d11b8b656f72867a059732e46c5008181304f5b7816b35e147f0dc866adef948b65865790966b2b2a056642f4426b050709ae35317a66888bfb4f4143

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png

MD5 86f6703bda7292bc156de1ed6d25800a
SHA1 524dc87d8173c0fb3e4cd3fb207c49d262da92be
SHA256 0f77d8e31675d9437f35cfa0c9d94e94768fba040e4db122ef63dca32964b586
SHA512 88b09aab6e101b55a72ccc1b0bd7c3da7eef089e52397161c766e7d49a951f86594f4601bb7bb3a6528b803c1c76e8f38f970900bdd3f4bbdc418a9f4778133f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_unselected_18.svg

MD5 092ab01945ec888372aadabbb4a1058a
SHA1 e6440aac316ad1ace86619d3a459f5993290689b
SHA256 888b6071d248e7d8da3007d892505f189a039ec7b4db95449c4d0d834612a2b6
SHA512 1a05586bd6bb9379c3d13cfbbaa117fc03d9caad0c608a46f20be5b8eadeb8950505b245177530288aebb1993ab04eff58d788d9dcee0404cb58456c94cc8a53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_selected_18.svg

MD5 de387e5e8f66d36f601a1592d6d22eb6
SHA1 4f589d64f60a10978e50872275199713d00d9d04
SHA256 08d664af3c6e6aae655055e23c4d816da7777b05999d5fa16560a49b31a6abdb
SHA512 9d37adaa0f7d2dc07d458c318bbf8b8d634d2c05042bd4e39425b2712262ff957f9cf06d7f1db8b303cbf2e16d5fbee74d9133cb57a1975daa3cb0a7ceed13d4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 daebca56f9f0652ea3d7037132c07285
SHA1 418f9c4f20ba8abe34d6545a82b66ec48a51df62
SHA256 99d3ad85a0e37c31a89cd0c10273360e274e2d3bd68581cde9a521a219ed2119
SHA512 8b7dc3ac6ce75e24dbc9a1a53ae6dc51f78dd9afdd66f27aea1d94f122c61fcf25983abdf49a5ad7d62c2286f98cd31f24d1a01aa8fd8b0c712bde0150595edc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

MD5 eb663de138647c9bf053c401bc592924
SHA1 eb6284658e4ed925defd29e64b49177ef0b89927
SHA256 457c5b9cc3847623aa79d969ebea391421326e5108e1aba59404d8a593c5e5ea
SHA512 974deaae8b9ea94840781b72cab4378fbce20abe677fc67bb9d5fea6a94017014669e8d8b24cdc6a0bbc826a58f5bf67f71ce2665e2b39dc911f08b54fb5a786

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 4cc598cfe507a0900bb0457d72f6317e
SHA1 190a85b5b8a6a6dec67c110d0f6b36dc9e4daf39
SHA256 cf56aa5a4675be9d2c55d76f8b4a608a44839032a40d4f69d6c375d1c140c866
SHA512 3b20a5aa9c6075982324e3a1560855dd0ca61f092264e42ba2ba8fefe11833225f59b0f98f7ecfdf0ab96ff96f56d866e2ca2d24551a6aece50b159220b7a075

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png

MD5 42fb518f78c1b5d527579196f2e2b5b3
SHA1 ee3f36fa0f0a9e8441c427e3f175615ad2bb5bae
SHA256 5aeda61b4f8d0d4f3dd1533357cc5b05b69d9258cabe7a564ade8463f8f390f8
SHA512 dbad77a0ca4c6fa60088ae389f588f3a041b70a17247f793521bd8a7a88ed04c305e1e234005f5ac0661bd3079670dad8a0287d85ccc4e90b80e273c25dad54a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png

MD5 0353d2c8635049ece59db0f3548fad06
SHA1 b1e1dc6e3d14f4ba772a92380676f574b0923097
SHA256 2aabb44e14e180a434eb9560d862757b9686b5f23dd837fb60661b00392d0b58
SHA512 869160db3673dd534dc6c44c03746a95e6d586713e33d7d8b9dec71a93eb798384445128b6187469848a7ee33616ecf4ea40dbaba6c158065441af3f06ce8bd5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png

MD5 7a9e349e92e0306a03e78f1fd6bc8b36
SHA1 e6311010fb3f1cf96287bf41b4a2c6c5bf1bdd31
SHA256 cb96b7cf2da4767c57224fe69805eed49e45c2e426902ad6f5dd4a29416281bc
SHA512 ca5107566197634c3cd88f875849cbfb8fe283885654a504fc5fb9f2d11fbe5037e6fa391f625f2978e62e2846cb0bf9d99f368bcc68820d69a8db27356df78d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_ie8.gif

MD5 f04734c536a2bc4a6ec928a56c347811
SHA1 892fe55f56c0d3d17aaab2de5d4a3b444024029a
SHA256 d946b39651e5a8e8dbce3f20805025a0793df99fbe1796a9ed66e5a26442cd1b
SHA512 edb806571038e02c4f83ee88aeca71d57420a58519e34eddc64a097525ccfc91720e9655b611c5de8485e2b9d40f950988dc47c4d9096423b9a511b32289386e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png

MD5 ad8abc647a069fe5cfa2ae19356f2e32
SHA1 e0bd55fd6de50f5c24fd5929339c4fb471b08593
SHA256 5559bb9a281cfc99abb81926f1077c6b151caa3be9f97a81a7a0c72364cda774
SHA512 b1b604248980fbe55dfaba1526ee0946e36bb46e9c3226bcb4a7b4aa24bc3dc77aa680ee8f1825c6dfdd666fd274ca0f0543c2738ceb1c0203bcc85d4bcdbede

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png

MD5 267780012447d26926ccb887e49ade1e
SHA1 a432608125b0b86b65bd719b08f2a9295edf8fcd
SHA256 24655cc823ac4fb8d6610f6bc12bb68972a74e5546516f77cc82a35dc27812be
SHA512 c8109a885477b438054f9a6d3f4391d6a0fd39534882007178a7bcf71e13327980b2fe11acb4a2a49b0aa62724d6be1c38921b39f5619d517849cb54bf8298a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png

MD5 40d58349a28deb40c51e167d980df472
SHA1 c9be6f9852a23801fe4f918234f750799f55220a
SHA256 5c4dea5c2727bcd383c62b0ba77c3156abde78e9cbb639ba93af067bb0156c84
SHA512 9f78f10c9369e1273474d6d37db8dac6cdec28c49348234c4da7507f80e64b6c2edfe94c38ab0422afebb9088bca88b966eaa09fcdeb723c379f5d0e52a9e862

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png

MD5 b7850c2376ad9aa3e638c6e4ffe84659
SHA1 fc2ad3cca79f0741b80986b2631ac1d3f8f9ea35
SHA256 1d255105cc1463c920f23b9e371658be8a36ca63f028a3a9ef3dffe0332fe73a
SHA512 5a7af2c88d92ecf8ce3a715ee22b9d3cfaaa2a02a9dd2d4b838e63ff432b1a155e24260c9efc46d38772278e16d7d7e949d53601750c60749ffe024fd84528a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png

MD5 6b983fada9374c5ab2e78f5fd0060154
SHA1 d45054c036b18e5d2740a570e71fe02023f4052b
SHA256 25b140728b432727f8b24d6e24b1a8bfbddbb5afadb794cd9dddc26abaa502bb
SHA512 8d50fec00128969d6ec9deef5839841a92f303638c1c82ca944ef63bad463acea09d0587bfd42d9b45d959683f1438615149d6f5bf4252be19418677cb98d5da

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

MD5 779a3020cfb5c006daf7a94a5a1b2f7f
SHA1 4868483ef30b9495018d87cabd41d0b79c62a84b
SHA256 8ba0f1ea6be7947cec6d8895772a7ca5f0d765d1982566f3060d8fa156ea5ced
SHA512 fff9e631ecd35220173655b430f97631c4f293ee7d357896760b49976b9d9229b4cf10aae439854b0761fbcb7a42b98c6126a942a219298d5f901123fc45cc56

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

MD5 3f1681e5f0e104a4ceda6ad49de0b39e
SHA1 9d84ab5e55a6955d5f95db3dcbe778b56c322461
SHA256 16c4bf620687a80242f3e6c3b516b1b7b6a33be45c51a62fe512a66166e52929
SHA512 72226e542ebb037a88739ec238f0cdc15e36fd3b02cb2765d3ba13c5472a2c81f4aa6ef8479c425fc4032116dc3562d9c6f72eeb5b6e7f9c7e0f5b982e88b46a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js

MD5 54dbecca263d02e0d7c8823146510a82
SHA1 3a1ba4b3f41c4c210028331336d130d4e4652958
SHA256 dc947b859dd5389600fa413e97e8dcbd409fad3bbfcf26181196af3356115aae
SHA512 90b32eb6c6100b49e3ef3ef7025fc9c5a4d1cc159e87bfc38323ad764f3e083587b67bc78e33d1cce4998a043d1d5ab898bf87c6508d73717d3435b2e4647132

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

MD5 0e63c8d559aa152b70daab04f69c24d6
SHA1 24d7bcfcd5901d8bd7d5583eb994b9c6bce89e35
SHA256 807341733133c0cdc8fa830213c3297e76ec321b2bf8be0de925b9892ef929bb
SHA512 d9f94d4bee89d9b5d05982d4fb8fbb6d7f62b7651563c56a71e5fb30c8731e1486d6a2689ab4b4d1b83c16312362e70f305eb491994c629c744945f17eecbbad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js

MD5 216b5963b5f2348c66438dd1a30998e6
SHA1 b6f5f9a1c808e59791429845f5a1d489d4bda0a0
SHA256 536c6adc903906e347baed68ebe176e2501f3705b7b4226bc6ce877a6c5c4c34
SHA512 156c02910002ee9f2165d9ea386fd1b3716f4f8f51766afea16ec5e0aeab96789915e9cf4a68f45195b5de486e01aa0dce370d63104690b3248a87c2d3b7411e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

MD5 17961a5387f4c110bc9902a4abba6c5d
SHA1 f2e25dd0ab1d199d3a60bccadee69bc6ddd5d71a
SHA256 347e1204916a260f093621a424b754153929a27bc620e26404cfb3a38da910cf
SHA512 75f945f1670ac5b7697c11b38b3f3bc1d9974453b0c42fd2e57cc405bc467c283ce0c7319ffbbd78514f920177b4e397ded268a5c16f9171a41d109db0732f19

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 77bd537f888ab8998019c92f982bdc93
SHA1 afad88d7d908451b709958e804d64fc3856854a7
SHA256 f4a390540afababb43f1e3f3e499a1875bb35ec77706dec79e20418f9047e9ea
SHA512 57e5d5008ff177cc1bd31e579b1e0f66d6812152a67aeb35c6c5a433291f91ad643f903aa9227c1bc8d8c24819d6928557e396d6f7efb7aad6944612a75f7488

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js

MD5 ccd5587bd416208695c97134e59a5c34
SHA1 564d38ea70636740ee07f3bb8adf2288b3c7b17d
SHA256 0594b5c984506963562c69c0dfc01a5ea3779ba97aa0924897066359f6e89dc0
SHA512 fe820e18749f8d4fd4380fa3211c21dce14d18dc47b9b8feed4738f6e1d1b25f7fec4a8c663a6b3dabbe2f53271270ba25e04013511e0993d2a1c497cd6bb220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

MD5 63e81fb858ce16a01a97baab36d2cc41
SHA1 c252be7fdee22bbd418d9e35d0cff2fbd7d4f915
SHA256 80e67593091146fc2f3b794f431ceff659016969c78f48f31793f378fd88c949
SHA512 3e3e98079fb4398de7b9c2a548bcd550849d7385107938b01b813aefd1ab5079f1d733fae2909715e749e24ecd2e79b7174577ec6167a38b38f5191b7921712f

C:\Windows\Installer\MSIF5AC.tmp

MD5 4b42ca3120658e6704ec6bec36975c01
SHA1 a786e6965fe3a18d73876778b2358b252d5bf408
SHA256 759b09ea588850e1f5e379f4316d953e75c27f2bffb6f5d1d455ecdf14c53990
SHA512 fd006db9513a14d1a0cbda444ceb8061e59758766060ba14c1648361ae4e71cc0d070cb1996ce94396d4eaa9e811669cc703a34d1843be3d78f9ee6b8a94a3a1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

MD5 dd075611c0776ad719f26e373c668578
SHA1 aa822bfa55f04459f978ba522a5e92b2a43fb9c5
SHA256 c4a5e10efd413baab966e3f99660cda247168168c4fb3c6f7a1ed01ec3f66a16
SHA512 c999824005352c51cc1033131831006668bf22a9f8059f782b2dfb0fe42a44550bc2757e0d45e0e72226e7c0cf19681553cd03dbc89c18cbc288df055929cb58

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg

MD5 77b82aaeb8245b5e5a18e423a6bb7e9d
SHA1 a6f2b64b7c75b90f3ec4d718e463045470e91294
SHA256 8386529bf211cd52a95e36b5df6cf5f297e0d0de503437ba8d8773a3c2524fda
SHA512 4417239cc1ba044267853dc03d8148bc82943c9d1e07c7af2cf54ddebc31c834b2ac757651319c570052348a5d8fc5967218ddba99da9f95b3ed01789feb9e7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 7c704c4815148bcf6d704f625d95d291
SHA1 88a14c077f779955d2efa8abaee691cf74a7f392
SHA256 1c31f81341a9b0ac4bd2671b863dcb2aa3d833c942594940303215ab7290164e
SHA512 5be4d8b4016ddf3937a4bc62a4b5eb87c391610fd83c8b66d62966b53cbdf84b2d73bb3a662bca6306a7853927b689347870d7ef8d51af190c1b3c8fad490e9b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

MD5 3e1a8b7ec5fbb305ad431c131e15f1ad
SHA1 a519abf3cdfa4de68a5592a460096ed2ff009049
SHA256 ba555210c8fa66bf3eee1e012349fe0ffd0e4636d39baaf7709d8fbf5a5e8950
SHA512 94ee2177891e7ee026322310d829cc3ba66cc612f97aae9f1c17e8db17f1bb41e1c22297d3385ccbb7afc3015eed82057a0f832bb444282a773046e23fa670c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 56165405979a9384e1d6ac1bab04ada4
SHA1 af4498619a634156a31b14d5ddefdf821888f412
SHA256 2b449bceb07b515f8ff9164d0a10609579e69dbecd97c887884ae90abd07786f
SHA512 c65166c8f488a6135ea005f868e6c2cf5e43e77ce3e00b52722a1afa63da0ea5dc52409b4aede4a57de59adfacd2df58747d9967603b36972991f2e0c4b48ae6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css

MD5 454e6413012253fe399b3d13ba396a85
SHA1 01286916dbee32b0661da3365c6bb8ad17548e87
SHA256 8dd31815e33ff69ad67a5ad2d1820c5f1bc45e09b137df34607d71c6aef6aa14
SHA512 ec9344c8f256753a7d741a4f7cda00cba1f4cf673221395f7f3a19c9661842ccc5d2c7c4dcb17bf45bf3df5494b02a8cf4e632c499029da6f191d347f25ed125

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg

MD5 1301d189427fe76742e3f61c708b556e
SHA1 eef0b3235fa2a439f1bd57c6fca3d2d65819f286
SHA256 7cff7bbff7e9035f6354526d03ff845e51df651865ef31a8b075298b412b43f5
SHA512 fc1ea0bc40ba6f2d50fe47ff27b6f5a66c88254b167b4cf21e4e9dd5df085c70144ae8cdbf4d65fea3835024089078feff41bade3653ce9ac71b03c72f9a7314

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg

MD5 633a39314201bfc9474bd9fe2db1223e
SHA1 db89fd8d90dde401acff7d115f7039d89c49bce6
SHA256 dd882a29fe4668a9840dc733329dd43145473ff4334bf935725f1206d1620208
SHA512 008be2c4ccd8336acfb5f9a3f777f77173e2e3a1b57aeb99b3b0e38ed9b3b0b64096a4a78a5a8d88227bf16ebe470385429edaf3c9a352d026542df62cfb680f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg

MD5 4bdfc7ea19cead1e7a74f07eacc0c2cd
SHA1 101d437b97f25ad4bf5e01b0f7ea1dda5f9fc2c4
SHA256 1a5c4599b36ae87e3e9fa7489a413d4d7aef158620546e340bc0945391cdaf0b
SHA512 23b25d77e81b2ae0a344938785c2d2b1104e82ec53a1c0ad5040cbad92f5045b8424acaba38867653e6f261f068d2e96ea4bf96a41f4f75fd855a1b3bc34fc6a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg

MD5 28cc03016f59ba5187fb08f5c4ff7883
SHA1 1ecedef2f6ba54443d8307aa33a661dfbe0ef116
SHA256 b94722da7b1e0b36761bb8c32ded7249facee18f96ca975a6844c660d272a1d0
SHA512 454909e39ea4da19ddd2faab41adec7c29c695585283c4732e629118da7d52ccd42d46d9b9d542f774a623382fe9cde5676745a9fcbc86da57df3a79153fbea5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg

MD5 0a2e252160b9d9fa589287765fbb9326
SHA1 1d8133511426f4faddf76376e16192848c065a20
SHA256 6dba7fc0e684573ae5f7d3c9cb9b96ea46df891fb55ad6602ec297ef20d5b6ea
SHA512 7044b6c01609784c2b4962c7dc80a4cf4a6ed9fd4e2e52647f3c73a43abde7775da8643311ba6cee687ff95aaef04606a31b7196f5840a6ab8f59ba030914bc5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg

MD5 211c2dfa0e567e83345218497df9f20e
SHA1 5add7293e965afa5dc57ba5279ff719f0ef550b0
SHA256 e40a89759cb779d3728724305c53e2f783ef5843dc1237a09ccc0cc6dbb6115f
SHA512 bf761e14acdea3d19f185d29e49f5336960e2032e11c6b45f02d86a262fa27030cb21ba93e5037506326fa4e2fb2d60cb7d5e3d07337b3e38e1e8c06632be859

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ko_135x40.svg

MD5 b5886d45f52767bcdf61ccb1df94dd50
SHA1 54a78fd895384ef4d3bde61e016c8abcd5255c3a
SHA256 272161b53729eac28cc2f2bcd77bbcc04004ebd646629cdc5ed8f65bc4974a22
SHA512 8914d1f938aafe7219178d4f6f21bc565aad570aac989694f84c2d48b1d70bca6ecd6ecce0f565ed529f33c23ef2c6e3271fc8e8e74422cf26678dce9e47a8b4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg

MD5 6027fa4c788d3e280adbc22a784ac4c2
SHA1 fdacb1d843aa6ba5d59e00b620d0027c073f4efc
SHA256 96987729e166822b63bc489e904b71e984d96bf9de9b8ba1a69e3c39fc440a81
SHA512 a52f4293b2165c4e8f06ffc500c4b14293719131d52065060a4bd98586f1592827f0ea1d0caa1a79ff84265443741cea755aeac95f0d8341e5526124f6bda73c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg

MD5 ec34f5a4ba7a19e9b995d87fc802299a
SHA1 4f60a97185787967943651700eaaec86cbdd89a3
SHA256 ee11e739de15ecdbbb9cb4a337c36398a54fa274eed3c7daf0444dd5ed95c532
SHA512 af34d8c1209ef413fa5ecf2470c3ef022c1bbd39db7e7fa068d06392f203088995c35c776d3c4399021aea94edf55eb486bb28440d953859f21cfcd1ba397713

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg

MD5 bc64a35792b14a5f13fd6999fdc14303
SHA1 d5216e924110432db8892702056b9796c6158fd6
SHA256 5d9b0a250d76ec14b39d4d7544682a9e16d1643d2f1e344d9b07c1631b89461a
SHA512 0514ec341a4b3f386db41d8b06eb3c7d445b84287e932f4e24803309041c3ab9173213d42d3e21a544e84afb6f0c6ff16ac376c5137d1bd32ad6fe628f612a13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg

MD5 5f2e9cbc4f582d11579f907398ecb5d4
SHA1 878e2a5316727111ff6669f1d595bd8fc9621fa5
SHA256 32db857cb67069be36307f3bdd7e56b8a47162d47243ed5245a9c825110b785e
SHA512 9da42e5e93523badc0001eb5c67432cdcd7321b6c62f20ec54f71d693a7e9a3496d281eb19bb40d408b26bb1fd087c28be6dba6ec9a78b8a260c1b71909a2a24

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg

MD5 a0cb1ad07027ee9920fccc00aa51b415
SHA1 7b88d1a371a1088deaaf77e00cb518cb48d340b7
SHA256 ab74aa7d3d60ba0df32ddff3e4ac3b84d92144e85d43042c8e414f6a0d1738b2
SHA512 ad1018912454e80e254547fb80688d6f5a3ca9ac8bd9233663fdbe8f0503257b682edf4caf8c212a1b9bf28ff4208f86a407e9af351a3a8615dae8befa65aa51

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg

MD5 b8582f6733634f8930e8f087fbf831be
SHA1 dd3b93e897b7bca9fe8c42b69859e1809599078d
SHA256 2e8b800743b6cd5ddc35a6780f45696741351428c57f5b865a1b093939189645
SHA512 70c3bf134d322d071775dca3e30dfb45bdf9c6e8b7f3580c5295c7d9125fdbde59515843375fe325f038ffc4938dc01f351e4bc206f7b3742df45abf8f01c1f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg

MD5 e7fa826931e29ca2fc83f839dc684998
SHA1 a0770401425c73ddb8b80c99b923f428eff574fc
SHA256 32dd9506167411dd474d2deaad8cda5b23379c9165cb35747d0a0b20a9bda3af
SHA512 5733a5b539167d67df4b804c85dff4458e5365d349b20da001d2262bd7834a64407ab2dcb35290778a6e150598fcf976c264810d4db9ae1bf52ff470f505b338

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg

MD5 f01ebf40e15073d5ad8e49ee9fa8b77c
SHA1 74cccaab78527839c7e45f32a7c71f1916997124
SHA256 9a75dc340d7cfa5ef88a0e43e30b3ee28febc73651b10259e8ab72517492f450
SHA512 50d531d059f3036a0e135b6dc465531a9e7737ef40d421db8f22852fcf81742e35c8333876291cb30e58944b37936ddc4199f9fa6fc86b702660749590f3862d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg

MD5 93b5347e7815acb2341de9399441c3fa
SHA1 f0452ba27d811a074a1b476f2ce716ba8d724737
SHA256 130f0f6bd2b511ff9f0ffeea7a6f48a8c5c328ef3cd6233efeb35635fa2bb63c
SHA512 9c819007d6e821b12b57d66085d7e09e4ca4c7c30769d3ac4aadd3d83c358d1c5957d39167bb478c7947b8a230b0b315b982e83db24de418efba282acc1845b9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg

MD5 9c12ce0e2ff00446814969e3aaf3b6ff
SHA1 c56c65be8c6b7abe671387ecdefa77f067097f32
SHA256 9b4d3b4b54d05c9cd3e081019351ed115a5463304b21b2cb2564cbf3031eab1d
SHA512 1a987d2e15c279c0aa9d0bf85ae67d72e28334af17ba973a3a8be067df09474b38ff37917547e0a981ff33e5971f15d4ff3b23307eeb576736d1b22c2d5dc54a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\cs_get.svg

MD5 0ce3baef2ac99da435eb2b6bf702f1d6
SHA1 617be4f5503fc4c5de3dd59b2046e386771f35ab
SHA256 4cd350df77cba204441913e292d1f9633b0f0141f305112d0d6578c69011aabc
SHA512 5861fbc898d328381646906c77c0a81faf308b235d87a1fe36de74df7e92b1bf9c45236a4987c141b743b4b23e3429dec3287209a27c2bf6b020949fe0b61415

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg

MD5 389785d7ede5a81ac8fa74c0d8f144e9
SHA1 fed8840e0ce8e41e7f7a286112e4c5b54a94b111
SHA256 5f4d5fb979bbdaf36bda6e562218d94dc071c0b5cbea3ff77062a37e884f1bd5
SHA512 f463c3e64c22f4ec315116dbe0d4963715c84b5f854d2f071fdd1ae97f666b3f922dc83188bf39b70fd41d8c221428f47efe3983f45e9227a70b6a2a591261c8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg

MD5 b33f0d76fe206903a89c9a95a26881bd
SHA1 522b44b949b97a3adb9c3c923c4a80802c68e9fb
SHA256 c7c8d3e8f2f599a10a497f1527d1c754258204e7b10ecf6ef093820227edfa58
SHA512 ba6004b809d4821f5c2acf337a6fd4694ae40a15c27c731e9aeb293faee85852caa4e6447ce33a2391059a25c70de635c9c80e03061324a4271476611c56e580

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg

MD5 a4d5d5265b97c4991965853682157942
SHA1 cd77ed42190f9a052ff8469e412237076626a47d
SHA256 67debbdb586e1f955049ecb319c1cc82493e642782ba8906f53804e5d1708a32
SHA512 cda44861ca5ff7c373ea5a2771dfb297abb9fb5a54cc7860463f994b3718041933e2a87e78628a04f2786f15ff90eb33ff739a5a5bafed1db9b6376e613a7715

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg

MD5 be7916b3410c06b63f7387a5389d9f57
SHA1 e0b4c9393a2c6e8a95b879b18cf9292636afb035
SHA256 7eee617e28948cb08989e286a82c9147b1df081ce06883bf6da438882ea4a101
SHA512 3f9fee1aa79f43a31ac60d1bf936db19832e7c2e94fa86d508bc979adee59ae33ee5571c60d045cd6bc2654f5c01aff62b3850f83f1efd5eabd0a6cd06964ace

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg

MD5 4b99ce929a5776d534114250238e7de6
SHA1 cbb56def4b030cced86b068626062c5e633d0fbc
SHA256 dd87b7a08de9850ab5c726b8e4f3667c575b73a1701fddd98cda537426e76dfe
SHA512 3521eb733608f36e967dcce16b6cd8e4c58380eafe12647f53bee297abd8868dd320ce55b872eb45d100e51f7a64971b328a3ec5bb5dd1540255dc5868aa8cff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg

MD5 fb5de99ed418fb5222b2099e5696d46c
SHA1 3370c9853f704d47fa6dc2c978e8af1efcacb45d
SHA256 25c6aef4dcff1c85771468b53608d80be90e138e559adae7831366af87cc2219
SHA512 607d549a1aa36ba0306ef3a8308080cb027ef0890bc8a7acc84f398f25e104c57542503ea2fd761647b192de7f2e809cf3b70f1d83c79edd66c6e3409033e170

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg

MD5 c7957005c060f9d45b3416a3d761b1cd
SHA1 43eab54d845bf6c3b8c485c34c181680b24accc3
SHA256 4934e0806a8ec27734ac988f69558de8041e3a4ac0567efe0a47a53aff9fe15f
SHA512 bde7ee8c379ba0ca0ee038a820f6911ab7b571b9723674ce4c071a0faf972fd4bd325ffffb4c28fd0975593a1e542bfa51d508129b9f53c80818d212b37c4351

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\no_get.svg

MD5 f39f86fa1410c04352ccaa2b61e926fd
SHA1 d4f4b27a9d07f4edb75dc0a4fdaf53bf14fc28f8
SHA256 c30f71b291f3027abcb86daaf41a81609d9602ce6d01d0a0b3cf439e060da997
SHA512 01a7bb505cc4a387c895e66de75244a52ea424b45f3e398079bdbbe2d637833eb989cdfaa994f40a27c82f2596a362ff79e47431ef222e80167ff45250534df3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg

MD5 6c615da3c29a5b7c4521163bfaeb029f
SHA1 af184b6e5fe9d7994c34f4c56696992cdf8d28e0
SHA256 f236935e3247ba1fcac51fb55b40627ac3283ba98989bffa098331ad5c39ae0f
SHA512 594d7ea28e7daeb393da762a3932a4111234ae2a5087c401a781a0402c1d5109b4d3c36767b0c46b6a5f5d5527bbdbf2b21c3720b0d1943274f03bf14f432e3f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg

MD5 477642ebe9eb210bc7adaf4626785756
SHA1 d1cdfc31360ac17661fe9d07aa571a2e757925b2
SHA256 79f27fdedc544f9f999eb35104b86eae14bf45b4e84bcafe48f02485e08fa19f
SHA512 49f92d89926eda959a06da1be977f3fc38f3ac588d5e8d856ad9def8fa082f23e6ff06e08a5d91ec846cf772ae557cda93df8d9068d165619f7573fd0587bf6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg

MD5 1b413ac7ad5c15ef17c4982700c5810d
SHA1 da2756a23973319b3da08a165bfbf2be13377337
SHA256 de0f0b035581577d4c0b96f3c2edb6958c36b91848e2a35abd34340e7b9716f2
SHA512 941bf822ae305a5ccb2fa0970e61156da86646538a62409af5500cd9e1d9cfa40e50fdc3f9d87eb5afa52937026443ab25de705141fe629182c204bfbe2ccb13

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg

MD5 c0a531825d37f75f827543b14d124b68
SHA1 b288ea24138a3888a6be4231683acd48be627378
SHA256 c7b4af10b0b466a6c60a7093add01365610374f1bdb53b1f861be9ca591b6bd6
SHA512 a90df449dd6da8d88588bf4b60391c58078588b40b307e79ec37ebc58ba554325b8d330a468c230a5dcdcc77187a72ea82cb1d4df148214f1561dee76c5686b6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg

MD5 63137ea9ab2be791fd84eafb17a17e1c
SHA1 670c2f86eb7d89602323793edbb1a78d0011c470
SHA256 a9a29c2c864d1159b974574b162e003bec84dd43feb204447f3c57d0eaba83ab
SHA512 de9236bd5831365c19bfb0bc4c4a6921dacbd79f43ce514de1f08cdcf006403843e5235eff3b4967006abae9327928fc4d43c9f012df955910c0cf184c2c0f10

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.ragnar_B8CCCB20

MD5 3508b166bb2edd981011f576a8bae73c
SHA1 f8d13e35551f4ebf5e7e21d9abe699c5c1d65e56
SHA256 cb718a916435c704599755ca021d46169bd7750dcc03cf1b21d65803446a20c9
SHA512 f7bbb45edf97894add7722938c2bfb77db8d80c98ae61d829866335cd9e7cd7bd6f89df00cb5df86fe682405c66940238e02a74254a205b39540c3a942bd0da6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg

MD5 6426b58d328259be97b71ebf0b4a40f4
SHA1 06a7816788edb64b02f5e57eb3dc84d2a125fe3e
SHA256 1a0e6835d4984133f39edac17419ea1ed17bfdd8e1b72233c423d6dd173d283a
SHA512 ba26d6d310ac13537853297fa970b595114208fcc188cce28cda516003d70ad2e53e0ec70cdaf9449ed9a376c8b9547900c34eff3a7bf172cf04f1e29623afcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

MD5 7cc8081b488b495fef50839b40c8ec8a
SHA1 aa5e51e1f147dced77e4ccccc6d53cea19c03716
SHA256 faa1e230709019c4c5ab14603cbd720d2ee3a380daa6b8584ca1d21851dbea5a
SHA512 3facd0fd8c7e577f226a499e4de5c0e079e86fc32e7d77fe444b894b52bd57114053316230771c5a6d2fe56c6d7c5aca176564fce201a233c7d9e612d49b777d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js

MD5 22fd5f2e9b4859f03400ea388b49ce69
SHA1 5ea97d0846021dd64cd72a31f35202db9afa332e
SHA256 d9dc21a3141c4a3198aa26b6526a1dc5e392e7b4ba0bd62e19457d710d6d06c4
SHA512 5c620bc3f7f5709c7529fb78163c67f404c4a247cb52f920e4ad9054a9071b14b3d2d8b960b5ad868c980d9170ae198309b35c1a773e488af6bab668468a158b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css

MD5 667b786ff3f4020b5de3381ab1f460ce
SHA1 6b6b5ca3db91ec2b2db0c4188ecd50b8d63b51cc
SHA256 ce622af45280e5c1b6e95947047552132dbc394ae16898d60bec06ec7f8015f9
SHA512 6c6fa3f8244fdeda36960bb5b24f08c18731377df43e63a9a24bbdc88a0f53ffa5c920e341fc8afbc8f701e934fa84ee71a1fca78ee5fe62ae8544378005f5b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 70ebf386774be1f916b3b40539732964
SHA1 d6da0970b07b6dfb03fc1b97032390854a2b150b
SHA256 ea69db85dcc8d5b1637cf72b60df718f34f1f49def822d75d243d61b28f79792
SHA512 8351b305d0f030332df795404424a06eac698e631e06751591749cc0e5176f69939f41f95b3402914d5eb7f31e42ab26297083e165ec5595dd0acc8c7a3fe536

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 3906298a33aaed61fb0d68987abae96f
SHA1 e6138a5ed43a33b652639db3c38acf31878197e1
SHA256 27de6c829add4ed2e644eb973f028a1cdd0e73beb70012e721b6fc7ab9b9fe0a
SHA512 977c3298ceddf1f0e0fda15a987961cbd5fe4131419b6be78575fb2c66e4a22fcc463e38923648defd3f1e3fed58181bc873dce5d9efda8ec2738536c80a1e2d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css

MD5 fe05c033099268e6483015884bca8fce
SHA1 c5d13c50033603f16537fed5ebc42e9f5bdef0c8
SHA256 9bc6aa3ad343a2a81806c998577dbd35701a7d04c29a9db9ff254c7696717d1c
SHA512 5ae6aab00f34d28e520143952ea64debcada01631356c11938bb08bdbd78519ec8a21410123ba71d4636251fa6f8129ddaaba19cb12b3a1ef99388131ab9ee1e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif

MD5 5820221dbc5fd3369f473f236d1bf943
SHA1 9f6165ecb93beb961878d57ad7bb73a10e3cceb4
SHA256 5b8e47c5d13a7d4068a6de9d1a4c4a09f7d38d26553aeb40bc5fbf782b8ff6ef
SHA512 5b7cf5f8ae5bba1cbb258738d49162166c67cbd61d08e4b17635a0164ae4d15f7e54a5d650e0198fd4b9e8e24ce9b24d322ab9fd3e00890de192e0a36c8fd7ce

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 4f6874c286d68d27b877dc06bb3ee12d
SHA1 870db22d62086864b90f03895d10d7f656ca1313
SHA256 9d710b70a6b0824bd7dcec35dfac1a9d7e20ced30804bae730455853ac5f609a
SHA512 79239297bc9073abd35fe6721d6d7f44f55fe0994b445b9eb84ac09063963f9c11750316628b5f6e43e112ab256a198c5736b737f6aa7e2f3e7f035aeada906a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png

MD5 37c6608fcf3dc26893a947df91059201
SHA1 bec4ac0b9103b264797466ba54f4fc7141442e1a
SHA256 d224fd6ae83dd2d10ad5b0756bef9ca27d7585868af4ee8e593dd36794b0d696
SHA512 c7942ceb7d902b39f14befc7f61464d7e74d57a98c1f895eaf5214f57863f4cfd4f44f1b0e5358b613c5ea1cddfa1771b3c5a519f549abd5ccb1aa1df7123731

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

MD5 3db6d2253cbc1974073166d5e9dc6bec
SHA1 918a6b8e03a05067e0a68fc34d04618ce21c92f1
SHA256 e7bd3fe044b977543178dd2e012bb73b80c704d597c50272bec89e930f96df62
SHA512 d41bb2ca3e97422a0a800ed3e6483d309e4d796980d98c30a26718356c2cad48ee0f2307720c4c22aa01459d24c2009f178466c719a1f69352fdb079ef1f99ae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

MD5 dddec4331cc76a1afd8ecc9595760962
SHA1 bfd0243c19c9507a4fde7dafd9c2222a081685fc
SHA256 7ef4326aea682a842bc168e877580a5168c5352ef77a848bdb5506780d43e0f0
SHA512 1a5491e81d9d44b8670bc166f025f2aa2bf9e6535f13cd791ed4461ae6bdbd8454cc63c5e1429354e6995253ef3a1f04682ecd804b4caef5af49adcb3b4f1595

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 42585259eeba235f43c4f13f2244ae12
SHA1 de81a8cc5c73ddcbae6ed6a7e131a4c779c911a1
SHA256 aaf1d02b0b6786be4f31aab24513a783c8737bbdc3b688616384088f3609468e
SHA512 81c59adf2408924d6e1ecac0aa558d5cfee6c4576d9d7bed203968a2f42b252c694e36a7e257d673f3106de854421da913ce52ec045fd5d9ea0c9ce9c3dc25c4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png

MD5 594c8870553c71c772f2be4bb58d5c16
SHA1 1caf390c5083c2aa39b6f982ed05305e70603ed4
SHA256 c1e0d41d6e33628def684710e077ee76f2be96be467ed1c9ab9e86b8fda618b8
SHA512 81edef96d9fdcc4db0f384120fdc163543016c12a5ac7258d8cf43576794762a28f10d3032a560a81bc0b66e2d1f18d331bbd3787d93522aa27e02eca3c48769

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png

MD5 3105d62c951ea05d45e1c6b89c3449f6
SHA1 4ba2dfe53a16cbd371f62487d54c64fd8368a88f
SHA256 9da986145914d0d16a6a7169992edf6f157b9c9d32f68d1066e5ccaa16be298f
SHA512 661435031292b4aa44782b65b356c229f9cf0e779a8537e7dfa267de7e3793f970045c1e7e95f63fa8327b9032a8722dc00d1519fc521a75036bbbc2a5e85984

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png

MD5 b1ecc2b3f3de727b141cc5d2e285e90d
SHA1 aabf2cddfb9b79954bdfded47fcf744478a6f486
SHA256 607c4297cb90c827b056196edcd922c7cedd43743c6ac140ead0fa802c102f4e
SHA512 12d91cac0043b81b848fdbd03d7317986777cf64f2ef40912fca5e3ab88775d5c564177b339cf691761536adbf5dd462432372f209e1d66c85cde17e95a00200

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png

MD5 2ad8ca26eeb448a098c77836a88ce260
SHA1 409fd088ded3df66efc1eed05242ff7bca9e3202
SHA256 f74e664636b858e14777b5558fffdcf8f9a8f1605aa508487390d85ac982a8eb
SHA512 fa53e77a28cd938319500bb905d3da37b280db4b96b89ac51b314ca933aa03388db3b66f52163d2c83b4a64804007e043caf05ade6c87f33debbd3f31d31179f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png

MD5 cf906d493d9497ff702d4a643fb8eeda
SHA1 caca18e8b525c5e47ccdb8d8b21a8b50bcf39a7b
SHA256 dc1ee85008a5fca54a7dc2ebd5d2208bd584beadfdf6583d7b72d3a85393bf9f
SHA512 f635ecff485c81056e2980b0315e3629b997cc5e100b9fa7f14ab95f37b6f8ff51d01590bc5e3e09996fa5c95b3ad94d33de27926f0f3a7482b2354327b83087

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png

MD5 5cf5a818917fde0ca3dd4a229ffc55a0
SHA1 49115cd42c40146179d7b35d25c27597124d7241
SHA256 2542b1e2eca7551f5832dd22b32050582b04013e03a6486bf4af8676e55e179b
SHA512 904c58eaebe83ec7403034db2e0a4f598f796a04a2a59f3e7b35cf7f34c705e931b941acfa76ce087d3321a405287a4e15582e8d307e88bf420c549760c4b467

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png

MD5 6d709327c2bcdf6e9b3b4db03d6e4bd8
SHA1 bddaaa9db4940485e36b8d9d44a3c88bbd0561f2
SHA256 86167d91b78fb5ad74c065c4cee57923081a3dfbc3a105f0aedeeb7790898ae4
SHA512 52f0662001feee918359b20d395829d0c3de528ac21399fbf9feeb841243f69269aca582aae65b10f45e998643f311b7b05a8535cd69c1ecf6c6ef764f18b9f9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png

MD5 edc7c2adf8dc5ed388117063c97f5581
SHA1 d1d4a26be6426fd835af51aab60fd18b8cc65369
SHA256 0cd970f5e6ce5a723a1432d29a06c021b9ab2394dcb47c74be3e21d28bdc75a0
SHA512 05f18b3571e594a26936813b4ac7fc6f97083a6bb9526e403fff517e529dde096afb801821f2222f7d57eaba8e7d805948957eac02bf3e4c01355336598d5107

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png

MD5 9acad82f428911ae9f94528a7696e81c
SHA1 d1ce805148d872588e51025dd5cc7e8ec78aeb26
SHA256 cdef3a664ce81893e19100ed874888c6a8f50ef8f81b261bc07b3732d1e10b92
SHA512 6f759c45a6ac0b9b625802077780b0f97c813c541d4f6632c4adaf68606ba01543a21cde110c67b1a2d1bc05f7f107c01c4ff8a45302a4851e08ab298dd26bcc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg

MD5 8bd7e5279cdfdf294cc668fe7bd6c757
SHA1 50e279a035e4f674a5532e57a49fa4d888396327
SHA256 926d5274ae307674365ec62f5bbfeeb671d34ff9f0dfd818534ced61bdc06429
SHA512 7b1f442b59eb4456030bcfbeceaae3c1bd4c4b94d203a4bfe76e868e38193e14b26d3832b1d7a76a411ff269974cac696ac2f4e0a06c172ec107dc6e0ebb7fdd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_listview_18.svg.ragnar_B8CCCB20

MD5 e0d7b33c0cba658f6bc3e0b0431646d4
SHA1 109cc94e1d0b986c53db3ecd897712673aef2276
SHA256 8f78bbc3e69f5df0c9e2d71e6ba99949e8905590cbf2fb1554c9283e57dabaaf
SHA512 24bcf6def23e7888db07df83b9569d06e4bfe83ee50d0671042504ece966a66a0edd83a33a1500388428bac3130171cbfed459dee91a7c72d43777f4b50056d3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_opencarat_18.svg

MD5 5b4d4dc2be4b9d8029d7369a5f392931
SHA1 8c21247f38a083f63f5b58a6066d626a001b922c
SHA256 4803348b89c6f55ac06273820e82c5bb6449578e58c79e66a19b5d4796c66a67
SHA512 0259aa9cf7b3eec9a5353613728ea5563556664374c293516dd0901c689c8ec0e9870c99154a4dd2c86b05a2705b3e62242c222202dd51f51cb47af29050d13a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg

MD5 36240361f2c867d751f08ace4041ccb8
SHA1 2dc592a8113846fb4c9538e69365172240d3fb8f
SHA256 b7483b6978a84c2dba34ccbf6b686222598be760f9dae8ae2d9c5ae0cdcb8186
SHA512 583315b27428396b21d34992421b658bc0a92c0a9ce704c57e9bccc4d86f1d65745bc7518000a3a0b3c97a4009b5483cbfb45eac51d49bd7a6a31491665a20ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

MD5 7a893259aca65df596e3cb021cd3b309
SHA1 04fc2cfce1438abdfe2c81081ac79c29a87c1943
SHA256 79515a6103ad86ba9bcb6558e0a281adb7cce65bdea840fd99ba1e1cbf0c315f
SHA512 e397e9a8614689e5189b19dd61dc1ea502c506de58e8df695fcbffe85eaae477ddc45cf1fc972d822dfc3f8869b6f2956c6d9df1042dc7c442a8523412f4fa14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png

MD5 d00078f719e01df52a31459300b88403
SHA1 ff9972435a8ab90efe16e57898191baef954f80a
SHA256 6c7cc4ba46a2c35c7f5895ba0a9f36fde72603d54edbbd985411d6571e2c1e26
SHA512 954a308567d18d38406089746217c992194f68d5e5550ec8e3ebc30f81fdc999001055d425ceb70b1d7b5093b3a7d7822618e6f3d2cc6ed666484fbdccaf4b8c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png

MD5 f95d3b5f11f0daf6fd18e27b76f1c184
SHA1 db5b269f18e2b478af423baa1fd23c8b472ba3e5
SHA256 524b22fd96cd72772eaac827c787db582466d12a0bc9ab05f7e160afaa3c7bea
SHA512 9cec4b8c9c92834f20a73696029f63c43a99ae5a91635d5cb5aafbe26c6da4f01a1067e6c81f25b1f6149ef458afc2c2634bb8e073ebeabf945f89abd4382de4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

MD5 92881c8c86bcdd8edf574fd6838b0696
SHA1 28acb1c159b1b9189f4caec5c3da5945883a723c
SHA256 ac441c687a055497d5d2046bcd6f3296f08c1dc83762faa04da24fef3227daac
SHA512 350bc89e12b884db7b1db8fba574689f8bc610ef1b446ca8db611f0832c294e2cbbd0e3bb4a6782844bba18f719008189191a84602afc0057036240f9f1e9d75

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png

MD5 5ddd0e08f3f7d6b87ade813a26f596db
SHA1 505f9684058ef9a4369329da0ed6b4cdebd0e595
SHA256 9f96730c4c1a39ec02869782d5c8c534fd25e50087f40b62aa4db9a4ad3d1055
SHA512 0f6c1b146df8bd32ad3c26aad832cb1970a26a18f307fe73d031d2662a5d73605a891eb16df28169738b60745cc6dfe66791d10445ccbbde81cfb310d2294fba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo_2x.png

MD5 f27eea57e37f091dd24b1d33f290d0f3
SHA1 c11fc9457abc06ec5808efaea5c9eed88190581f
SHA256 fd355f6db8280e986ba98e36c3859c670ca81939339e4fa51c452130699df6f2
SHA512 ccf82787f17f34d0b20aa879d1ab803232e1fe70f99e874e5bd3ad3af6ce9e1fc0da18259a203ddf5aee0f99d7e8d7a90f818ee936f799b96fc79bfef550d1d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js

MD5 cffc21286eccdd4652b035d5b1f59763
SHA1 bb360cb4e54c3047d862b38fbd1038ff986b9c7a
SHA256 24adec170f3565acf6496e5d337d1ecbd9b8f558573fabc2c345b92655a788a8
SHA512 dd9eec14339f9b7560e933af50b7f55c00ee853aff9798c3523d5a2c98d81c170f4c579abf9501339c3ddf01f27084403c3e35f7ee6cab293a17094acef8adb1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

MD5 3f71c10efda165928f0a1c9a45031897
SHA1 8eb7399609666f9c14e64764f5713ba58bf43893
SHA256 9d62e02b39c6eba1be7b9a0f5dec10920113e2a39772fee69ab75f030e35729f
SHA512 b7a88e505c1f328e4d1872c1ddd1768867084f6f4e5292fd4ef5a27d77c2d3487e09a67239f93aca375a0ecb0c84df3adab2ba6cd6c18ecaa0a591621cfcb251

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

MD5 9f8fd658fcb5b9d0913fabafda66869b
SHA1 971d9e5afa24422761baf1767fd225a0d9ddf5a6
SHA256 84686fed9bac49d026da720e03a5a1150ab11321534435e2e8bbb4397ccf024e
SHA512 a90ad5ba41526f3ce5d18dc2b9a23b11616d137741593969cbbb55026788e14e7a26213fbd912043484ff5d47f96d840fbd0a562e73ce633dbc7387dad7ab1aa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 1bf8a0d0110eee6ac6f133fe703a5344
SHA1 2bcaf3c262a4ca51a5bf6647416faf292abc9750
SHA256 71a532853bc0060a3eb4bd0b7f7ead7be218f1ab7aeba7f37d60faa2e7fff287
SHA512 4733810f6fc05fa72536e06275e7e894ac890b294ac22fdcabae375ad308a7cc351a5936371364b6f84e058cf362c48e9775a1e795c1fa54005712b95db75c90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js

MD5 f88182a3adb41340a296459d6aed6580
SHA1 ebaecf980af264e927b5fbe60a4fc007598d7ea0
SHA256 90cc8ba1246e4c625fe594f11d69ec638738f684415e236faa33279a9224de38
SHA512 9cfad6293339e5f91c54e34295cf711c1b417aa1d41d68ee2386465cbc9dde626f10a730e3bfc233b29542fee87777878d5f0b4f97c1ca47524b60542b5f090b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 3a0a72938afa556021666eb69c7b7f76
SHA1 b32ca9891b282967b6c5586b8807e7d44664fb18
SHA256 5906fb48f6a71752a902d7d44ab0a6343ba5c9ba6b3555f8020519e0cd8a6062
SHA512 f69a9080b4a2026602916fa42f20c95a99fb2991de04b980784db4b6ab67a4996772c00b5d42ef00cefeea65a4dc6482dbf73ef661cce9f622d6896b252f9838

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 ed599c237873e254bc1d3ac7977e783c
SHA1 d3c84ba2ac5d79fb691ea0b897a3609b4401634e
SHA256 e3884166412b3496ca40d53459b0109ab60c1c20421b5c5fe1657d5b0d631f31
SHA512 78579618a9c7f6aa067fe76ae0d16425227397c92d8ad52a5ae66485a0bbc0bb52d640daed452a28346321a25f7116c7d94dd2c334a9d21f6458b86d0b77df40

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-28 03:22

Reported

2024-09-28 03:23

Platform

win11-20240802-en

Max time kernel

9s

Max time network

32s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Phorphiex payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Phorphiex, Phorpiex

worm trojan loader phorphiex

RagnarLocker

ransomware ragnarlocker

SquirrelWaffle is a simple downloader written in C++.

downloader squirrelwaffle

Xworm

trojan rat xworm

Deletes shadow copies

ransomware defense_evasion impact execution

Renames multiple (2686) files with added filename extension

ransomware

Squirrelwaffle payload

Description Indicator Process Target
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Stops running service(s)

evasion execution

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ae7ce6.exe C:\Windows\SysWOW64\explorer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*ae7ce6 = "C:\\Users\\Admin\\AppData\\Roaming\\1ae7ce6.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\1ae7ce = "C:\\1ae7ce6\\1ae7ce6.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*ae7ce = "C:\\1ae7ce6\\1ae7ce6.exe" C:\Windows\SysWOW64\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000\Software\Microsoft\Windows\CurrentVersion\Run\1ae7ce6 = "C:\\Users\\Admin\\AppData\\Roaming\\1ae7ce6.exe" C:\Windows\SysWOW64\explorer.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-addr.es N/A N/A
N/A ip-api.com N/A N/A
N/A ip-addr.es N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\sk\msipc.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHICB.TTF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD_COL.HXC C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ko\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BKANT.TTF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\management\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntimeR_PrepidBypass-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntryR_PrepidBypass-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\EssentialReport.dotx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART15.BDR C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7FR.dub C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\release C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART13.BDR C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000008\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\RGNR_B55E7D07.txt C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OneNote\prnms006.inf C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\TimeCard.xltx C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.MSOUC.16.1033.hxn C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Files\1.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006fd7ccd00b9e209d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006fd7ccd00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006fd7ccd0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6fd7ccd0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006fd7ccd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\asena.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\notepad.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\25.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\24.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\22.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\21.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\23.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\20.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\19.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\18.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\17.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\12.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\14.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\16.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\15.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\13.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\11.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1004 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 1004 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 1004 wrote to memory of 2928 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
PID 1004 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 1004 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 1004 wrote to memory of 1016 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe
PID 1004 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 1004 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 1004 wrote to memory of 3184 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\asena.exe
PID 1004 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 1004 wrote to memory of 1536 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\Bomb.exe
PID 1004 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 1004 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 1004 wrote to memory of 3632 N/A C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe
PID 3184 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 3184 wrote to memory of 340 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\System32\Wbem\wmic.exe
PID 3184 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 3184 wrote to memory of 4676 N/A C:\Users\Admin\AppData\Local\Temp\asena.exe C:\Windows\SYSTEM32\vssadmin.exe
PID 3632 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 3632 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 3632 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe C:\Windows\SysWOW64\explorer.exe
PID 3624 wrote to memory of 1156 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 3624 wrote to memory of 1156 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 3624 wrote to memory of 1156 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\svchost.exe
PID 2928 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe
PID 2928 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe
PID 2928 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe
PID 1536 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 1536 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\25.exe
PID 1536 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 1536 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\24.exe
PID 1536 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 1536 wrote to memory of 404 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\23.exe
PID 1536 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 1536 wrote to memory of 3900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\22.exe
PID 1536 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 1536 wrote to memory of 836 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\21.exe
PID 1536 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 1536 wrote to memory of 1176 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\20.exe
PID 1536 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 1536 wrote to memory of 3528 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\19.exe
PID 1536 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 1536 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\18.exe
PID 1536 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 1536 wrote to memory of 2736 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\17.exe
PID 1536 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 1536 wrote to memory of 1484 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\16.exe
PID 1536 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 1536 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\15.exe
PID 1536 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 1536 wrote to memory of 1888 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\14.exe
PID 1536 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 1536 wrote to memory of 1412 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\13.exe
PID 1536 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 1536 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\12.exe
PID 1536 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 1536 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\11.exe
PID 1536 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 1536 wrote to memory of 2900 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\10.exe
PID 1536 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 1536 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\9.exe
PID 1536 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 1536 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\8.exe
PID 1536 wrote to memory of 72 N/A C:\Users\Admin\AppData\Local\Temp\Bomb.exe C:\Users\Admin\AppData\Local\Temp\7.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe

"C:\Users\Admin\AppData\Local\Temp\PCCooker_x64.exe"

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

"C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe"

C:\Users\Admin\AppData\Local\Temp\asena.exe

"C:\Users\Admin\AppData\Local\Temp\asena.exe"

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

"C:\Users\Admin\AppData\Local\Temp\Bomb.exe"

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

"C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe"

C:\Windows\System32\Wbem\wmic.exe

wmic.exe shadowcopy delete

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SysWOW64\explorer.exe

"C:\Windows\syswow64\explorer.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\svchost.exe

-k netsvcs

C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe

"C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe"

C:\Users\Admin\AppData\Local\Temp\25.exe

"C:\Users\Admin\AppData\Local\Temp\25.exe"

C:\Users\Admin\AppData\Local\Temp\24.exe

"C:\Users\Admin\AppData\Local\Temp\24.exe"

C:\Users\Admin\AppData\Local\Temp\23.exe

"C:\Users\Admin\AppData\Local\Temp\23.exe"

C:\Users\Admin\AppData\Local\Temp\22.exe

"C:\Users\Admin\AppData\Local\Temp\22.exe"

C:\Users\Admin\AppData\Local\Temp\21.exe

"C:\Users\Admin\AppData\Local\Temp\21.exe"

C:\Users\Admin\AppData\Local\Temp\20.exe

"C:\Users\Admin\AppData\Local\Temp\20.exe"

C:\Users\Admin\AppData\Local\Temp\19.exe

"C:\Users\Admin\AppData\Local\Temp\19.exe"

C:\Users\Admin\AppData\Local\Temp\18.exe

"C:\Users\Admin\AppData\Local\Temp\18.exe"

C:\Users\Admin\AppData\Local\Temp\17.exe

"C:\Users\Admin\AppData\Local\Temp\17.exe"

C:\Users\Admin\AppData\Local\Temp\16.exe

"C:\Users\Admin\AppData\Local\Temp\16.exe"

C:\Users\Admin\AppData\Local\Temp\15.exe

"C:\Users\Admin\AppData\Local\Temp\15.exe"

C:\Users\Admin\AppData\Local\Temp\14.exe

"C:\Users\Admin\AppData\Local\Temp\14.exe"

C:\Users\Admin\AppData\Local\Temp\13.exe

"C:\Users\Admin\AppData\Local\Temp\13.exe"

C:\Users\Admin\AppData\Local\Temp\12.exe

"C:\Users\Admin\AppData\Local\Temp\12.exe"

C:\Users\Admin\AppData\Local\Temp\11.exe

"C:\Users\Admin\AppData\Local\Temp\11.exe"

C:\Users\Admin\AppData\Local\Temp\10.exe

"C:\Users\Admin\AppData\Local\Temp\10.exe"

C:\Users\Admin\AppData\Local\Temp\9.exe

"C:\Users\Admin\AppData\Local\Temp\9.exe"

C:\Users\Admin\AppData\Local\Temp\8.exe

"C:\Users\Admin\AppData\Local\Temp\8.exe"

C:\Users\Admin\AppData\Local\Temp\7.exe

"C:\Users\Admin\AppData\Local\Temp\7.exe"

C:\Users\Admin\AppData\Local\Temp\6.exe

"C:\Users\Admin\AppData\Local\Temp\6.exe"

C:\Users\Admin\AppData\Local\Temp\5.exe

"C:\Users\Admin\AppData\Local\Temp\5.exe"

C:\Users\Admin\AppData\Local\Temp\4.exe

"C:\Users\Admin\AppData\Local\Temp\4.exe"

C:\Users\Admin\AppData\Local\Temp\3.exe

"C:\Users\Admin\AppData\Local\Temp\3.exe"

C:\Users\Admin\AppData\Local\Temp\2.exe

"C:\Users\Admin\AppData\Local\Temp\2.exe"

C:\Users\Admin\AppData\Local\Temp\1.exe

"C:\Users\Admin\AppData\Local\Temp\1.exe"

C:\Users\Admin\AppData\Local\Temp\Files\1.exe

"C:\Users\Admin\AppData\Local\Temp\Files\1.exe"

C:\Users\Admin\AppData\Local\Temp\Files\a.exe

"C:\Users\Admin\AppData\Local\Temp\Files\a.exe"

C:\Windows\sysklnorbcv.exe

C:\Windows\sysklnorbcv.exe

C:\Users\Admin\AppData\Local\Temp\Files\peinf.exe

"C:\Users\Admin\AppData\Local\Temp\Files\peinf.exe"

C:\Windows\sysmablsvr.exe

C:\Windows\sysmablsvr.exe

C:\Users\Admin\AppData\Local\Temp\Files\pi.exe

"C:\Users\Admin\AppData\Local\Temp\Files\pi.exe"

C:\Users\Admin\AppData\Local\Temp\Files\twztl.exe

"C:\Users\Admin\AppData\Local\Temp\Files\twztl.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS

C:\Users\Admin\AppData\Local\Temp\Files\66dd9b656c6a0_cry.exe

"C:\Users\Admin\AppData\Local\Temp\Files\66dd9b656c6a0_cry.exe"

C:\Windows\sysblvrvcr.exe

C:\Windows\sysblvrvcr.exe

C:\Windows\sylsplvc.exe

C:\Windows\sylsplvc.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop DoSvc & sc stop BITS /wait

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath $env:windir; Add-MpPreference -ExclusionPath $env:TEMP; Add-MpPreference -ExclusionPath $env:USERPROFILE"

C:\Windows\SysWOW64\sc.exe

sc stop UsoSvc

C:\Windows\SysWOW64\sc.exe

sc stop WaaSMedicSvc

C:\Windows\SysWOW64\sc.exe

sc stop wuauserv

C:\Windows\SysWOW64\sc.exe

sc stop DoSvc

C:\Windows\SysWOW64\sc.exe

sc stop BITS /wait

C:\Windows\SysWOW64\notepad.exe

C:\Users\Public\Documents\RGNR_B55E7D07.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
RU 185.215.113.84:80 community.tsrv1.ws tcp
US 8.8.8.8:53 038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws udp
RU 185.215.113.84:80 038d159d-b3bc-44dd-a0c4-bec68c0c4123.random.tsrv1.ws tcp
FR 188.165.164.184:80 ip-addr.es tcp
FR 188.165.164.184:443 ip-addr.es tcp
CN 121.52.212.161:135 tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
FR 94.247.31.19:8080 tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
RU 185.215.113.66:80 d38c6492-db8a-468e-9680-b62c6443b8b0.random.aefiabeuodbauobfafoebbf.net tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 66.113.215.185.in-addr.arpa udp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
RU 185.215.113.84:80 yzcplsibdtq.tsrv1.ws tcp
CH 147.45.44.104:80 147.45.44.104 tcp
CN 122.51.107.233:80 tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
NL 89.105.223.249:29986 tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
US 15.197.225.128:80 kenesrakishev.net tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
RU 185.215.113.66:80 8616618e-906e-4ed1-95a8-264945799517.random.aefiabeuodbauobfafoebbf.net tcp
CN 121.52.212.161:445 tcp
CN 121.52.212.161:139 tcp
CN 121.52.212.161:443 udp
US 209.148.85.151:8080 tcp

Files

memory/1004-0-0x00000000752F1000-0x00000000752F2000-memory.dmp

memory/1004-1-0x00000000752F0000-0x00000000758A1000-memory.dmp

memory/1004-2-0x00000000752F0000-0x00000000758A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe

MD5 2a94f3960c58c6e70826495f76d00b85
SHA1 e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256 2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512 fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f

C:\Users\Admin\AppData\Local\Temp\a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5.exe

MD5 6f8e78dd0f22b61244bb69827e0dbdc3
SHA1 1884d9fd265659b6bd66d980ca8b776b40365b87
SHA256 a76e49df84ba2a7b33e8ea959995b5e6faecb90d551ef169d8272ce9042c35a5
SHA512 5611a83616380f55e7b42bb0eef35d65bd43ca5f96bf77f343fc9700e7dfaa7dcf4f6ecbb2349ac9df6ab77edd1051b9b0f7a532859422302549f5b81004632d

memory/1016-25-0x0000000000400000-0x000000000043D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\asena.exe

MD5 7529e3c83618f5e3a4cc6dbf3a8534a6
SHA1 0f944504eebfca5466b6113853b0d83e38cf885a
SHA256 ec35c76ad2c8192f09c02eca1f263b406163470ca8438d054db7adcf5bfc0597
SHA512 7eef97937cc1e3afd3fca0618328a5b6ecb72123a199739f6b1b972dd90e01e07492eb26352ee00421d026c63af48973c014bdd76d95ea841eb2fefd613631cc

C:\Users\Admin\AppData\Local\Temp\Bomb.exe

MD5 31f03a8fe7561da18d5a93fc3eb83b7d
SHA1 31b31af35e6eed00e98252e953e623324bd64dde
SHA256 2027197f05dac506b971b3bd2708996292e6ffad661affe9a0138f52368cc84d
SHA512 3ea7c13a0aa67c302943c6527856004f8d871fe146150096bc60855314f23eae6f507f8c941fd7e8c039980810929d4930fcf9c597857d195f8c93e3cc94c41d

memory/1536-51-0x00007FFF7B8B3000-0x00007FFF7B8B5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CryptoWall.exe

MD5 919034c8efb9678f96b47a20fa6199f2
SHA1 747070c74d0400cffeb28fbea17b64297f14cfbd
SHA256 e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734
SHA512 745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

memory/1536-56-0x0000000000050000-0x00000000000C8000-memory.dmp

memory/3624-57-0x0000000000E60000-0x0000000000E85000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167.exe

MD5 e8ae3940c30296d494e534e0379f15d6
SHA1 3bcb5e7bc9c317c3c067f36d7684a419da79506c
SHA256 d6caf64597bd5e0803f7d0034e73195e83dae370450a2e890b82f77856830167
SHA512 d07b8e684fc1c7a103b64b46d777091bb79103448e91f862c12f0080435feff1c9e907472b7fd4e236ff0b0a8e90dbbaaac202e2238f95578fed1ff6f5247386

memory/2928-58-0x0000000000860000-0x0000000000868000-memory.dmp

memory/2928-59-0x00000000051A0000-0x000000000523C000-memory.dmp

C:\Users\Public\Documents\RGNR_B55E7D07.txt

MD5 0880547340d1b849a7d4faaf04b6f905
SHA1 37fa5848977fd39df901be01c75b8f8320b46322
SHA256 84449f1e874b763619271a57bfb43bd06e9c728c6c6f51317c56e9e94e619b25
SHA512 9048a3d5ab7472c1daa1efe4a35d559fc069051a5eb4b8439c2ef25318b4de6a6c648a7db595e7ae76f215614333e3f06184eb18b2904aace0c723f8b9c35a91

memory/1156-998-0x00000000006D0000-0x00000000006F5000-memory.dmp

memory/3624-1058-0x0000000000E60000-0x0000000000E85000-memory.dmp

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

MD5 0326494f30efc061bca5b2a976f37703
SHA1 f204de4ce2379df650b8cc33d4a67955b8089d21
SHA256 72ff13b391ef241e6c82380c81a3e2f1dcd4d6e84a67cefaee143279dedc51ef
SHA512 42f750428020705193f4a33cd5a6cb3e4b39b8f0ba4f9e287027d9aeccae8ac8193065b44e0204cba349e64b0c8ce01f9ff5ec7fc47b5a46f4e36cf3155638b3

C:\Users\Admin\AppData\Local\Temp\Files\aaa.exe

MD5 1318fbc69b729539376cb6c9ac3cee4c
SHA1 753090b4ffaa151317517e8925712dd02908fe9e
SHA256 e972fb08a4dcde8d09372f78fe67ba283618288432cdb7d33015fc80613cb408
SHA512 7a72a77890aa74ea272473018a683f1b6961e5e765eb90e5be0bb397f04e58b09ab47cfb6095c2fea91f4e0d39bd65e21fee54a0eade36378878b7880bcb9d22

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

MD5 1404b6d40cfd0a20d29cafef08ceac91
SHA1 93b363b00c6e98b694fc469b3cc4086b39a80b44
SHA256 30a095185e02e58e4a01222e525eb89ce2247525640ffa16440c8bad2f56262f
SHA512 9885cf09da8d480a736e0fd87ccdfe35ebf1d3723374ac92dc3f2a85dc70f58ad63f0e7b8ebbf98ef10744e3ab9003b9e98a3db554eb3ebfff709ee3d2f41d2a

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

MD5 8f81bbb3fe546fcbd6c7f9544cd326d1
SHA1 460ec962723a07ac5ce68720ca11b27563121880
SHA256 9aafacf3236b46e6996e19a11ede9f32c134e69f5241301742362a1d4a744837
SHA512 40b215abc8191eb59ae70ab975603421c97488c86fd555f053da2166c078769beeee15f21adc43a14ef81c0c83b79ecb135c41add4c6e9cb3ca2d59c8a3c11a8

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

MD5 ca245b57eee8a7713d54e64c906d8029
SHA1 c24c8e242432b864ef62415a7386014310ff8094
SHA256 79d111711f6bb0689ecce95936fd14a06ef8871d986bb6219c45ebe119ea4307
SHA512 28b08b7a7f888d653e0798203bb0944d14640a860be70463e4cbd27c247abc9c00a018afb06fcf3d17512f345a1c154688be1e34f601e4100d31d34f34454c94

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

MD5 8a127217e8f611f04247988457d4858b
SHA1 b708f6d9d7739b030060ad5188cf0c78159de543
SHA256 868d64bb7938d48f87cb9e31ea2391c51fab66df1d40a2c2ea99a5f3b568997d
SHA512 33232a806e0dec3e70d2e01e55602349be03b2f699ae705a078c60f320b261dc939ac698be869ce0a6a0d2af9812b0fdfdb3736cea537977df19622ea93f5c40

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

MD5 459799a1b21a2d20670118c3031985a6
SHA1 937bcaa2ad8899ecab229346e6a106ca5c516c8b
SHA256 2f3e7a0cac16cbc90110ad2b014f448a319a0818e7a0fdd62521681f8f49774d
SHA512 b36e46b39a0e42965153ee126e93504b4b9f922b7ecce96ab930161ba1969caca369fc3fefb8ac74ffae52ff47c808170c9fe1ab063b9728f356da01688c949f

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

MD5 21e9ed24bda67da60763cd916c6ad72f
SHA1 792236926a6d886cac1569a6c095de4ec70a9461
SHA256 e9a310e3a6f44a1519b48b861e533fcb6b3a3c8d74a386fd7020f9a854a10b2b
SHA512 3829197d7339fdc216600ed4dcd6b942251c81cdcc5bc6f1541519f0cc0079f9864c57bfff4c20bbb518e9fea7f9a20a31bf2acec318d4259c150d375dbd3deb

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

MD5 760707f9f32649ba3de20a19ca4d35bf
SHA1 fea98dc3880cf627825c8b2e9d97d023e6a7ba40
SHA256 c1af7eb74d4faabb6e6c5ba7e3813b83d351b4d3397407527cf73a84fcafde80
SHA512 4c681f99a11096c31e275f561a129932843556d38e47ebd31284874db54c682d3a83d6e162c7e1ff5efb31bc47141461706aa4596d8e000ca4868a3c3ecf32f8

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

MD5 a9323d07dba29a493fd7b23061109df8
SHA1 1c91c31119894ebdeceff8a096caf0be2e10f701
SHA256 0dec4ad5fafc4be774677867941d6181a46f685504cc84e3371496a758a0471a
SHA512 8fa40e1d2c5ee4d82dd0cdceda83c43cd9112cc39f53c2f0e87c235f3ad88c00829c15f484aa8c017a2b7ee6c5396990eac7f0ced603809484a8f9d4dc41a2ad

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

MD5 8bad1f8dab5d07b10a9d8c3cf064a514
SHA1 985c3b08e1cf0e0927a0bef7721b6b109da7f2d2
SHA256 8dfcb32fbaf4f3ad340183ff32dd70f7ec12a43ee592b7bcf702d80ae89d58a2
SHA512 c624a91524f6836a3c0af9c9c17c9f62871d73d922ff000a4cf16f919e2616e2e3f100ba77addeec899c646d5b99dfbd0318cf641e5e487f24a7a815025786fb

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

MD5 f81b948f96d2a65ca8e17f4b3e9dda84
SHA1 db20acd53216e34b6c8b291bdb7089d3021dc4ef
SHA256 f74d99dd14520fcd263b1122e6220eb49c04fd7412858891eaff967e183bc91e
SHA512 0840e52a9c53f55facb5806199f1ca9feba2300bfc8bce73c7c7abd5f09b041e0e99c1963119eccce97c14b17f82b8f401737d2e59654397346dd2694d0b937e

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

MD5 6d7e8f5e9bd05296458e8aa85a8bf838
SHA1 87d43a06c7d41059a4fda895eefdcd80639fb09d
SHA256 84423565c8ab06fc46dfe95e3e73767b431948ddc4e13b31dcff532103936af3
SHA512 f1a76c3921c3c9828c78051dc0db3d32a353eb7947b20b76ac74f533d011cabc714206f9ad88acf92c8213d01164ae4d336a5249e8aa51122bcc6d6d321c7458

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

MD5 443517d5d0866067e4ecd4ffd600447a
SHA1 c560ea9756fb39e6b1ebb2e88f5096a33daefb97
SHA256 585327c45c7604882498436a64ece07fd37b584b2372f35b62d9bd8fd98b8bd8
SHA512 3f1b4f7615a8c8f93620ebe6372c86ab7643ded7600919ffd3a6c053168f926d7dff0ce30934be75c8ac56fe6b94a4bc584b3e0cdcb6b377b213d95fc7e0a0c3

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

MD5 8a8f8fa0e0c9d65916a2cd1b76786241
SHA1 320992f616a3392d41f3de651a8026c5b7f53e2c
SHA256 3c08fd5c7a30ad21c1ce1241a71b5d02d2a9ff1291a713047d6b410f3485a217
SHA512 d7892d9c097fdb2f5c87c4897253eee5125580dfd1d4cdeccbb04ccec2616c8e68cd52b17c7c5a99928cd329104ff12d6728c66b3828d21ed9d972833bd4cd93

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

MD5 132f54615acd030c801656980c5a46ca
SHA1 364bd074d6fd5fdf63802c9dc50f89c7e347e196
SHA256 e0029167648d26475c43139d18791d03211ed4242fee2c1233ddd93fa55a8ef3
SHA512 f807faf841259a239c90cdbdd7c32aca130642a51db618edeec011fdc11b99446954f4d3497fcb58c8e064ec0d645d31a59a1fb119687c570f661bc60052c919

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

MD5 5fc1a34efef19b3e6f717ef24d0e83d4
SHA1 77ff69e2bfb6aaf29353a78a77eb808b5be488e1
SHA256 cc23fee2d47f304b9aa6fb4a96cc0e80c6c8977a1d6b056190a7afd78266e318
SHA512 d462bfc129e23d65b2f05219f3bcd334380b8fe57d941c490f174545095a2bfeedc65f77b3db2e834dc572c30d730f0c985a3a113def071aaeb2b75da420624f

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

MD5 8425321a18b5fbb00368e00a043e146b
SHA1 b1013be23c6f3cff837cb0d1dbd5feafc89c3e67
SHA256 b631fb0cf75d84d0e7cac3f1e5a3b66d12114bee4119824291b1bdf02364baab
SHA512 e6b5abb844c3619f69cf586ef34e3eefe7cfdcab06e2c7061f4fc3ce8952ccdadd67b8d627e7d4ee2853b892e1948e9c9b62b581fb0fa1e72d2537d75c252b44

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

MD5 7f94e7c90c7f8d4ef5868e1a049a5d5e
SHA1 7b27c67bbfaa195bb6257e4faddc8a8d79eec330
SHA256 0b11593e2628ceed81c0203fb7d1495cfd132a66c8892236f718a932123a1b27
SHA512 99876c479360fb4b3b334049573347322a2bd9fa0d946ff465097a05d6e748c5549104c3ada099b61f869047ce1e936d1dec872463c7e622911531d401129d2f

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

MD5 22c6d4a99ecb9fc50affb6f3aaa36e89
SHA1 9386fefd022b5c05dbb24e5d56570c91c62846e9
SHA256 92c57b64b0a56abe20acbea3ec38c1757a6dbf160b11e6d3a054c47d68cff54c
SHA512 a99602d4f4ba0dc73cb9dbee5ec94edeebbda6620009062f03ff0129c4b12d959b94d29a9ffd712c9e660a7958c1188fcaf173062ef2623aee840ef7719d5a78

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

MD5 3a4d5e1110f687fa45be8f38b136dabe
SHA1 99d68bf8c2265e543b8d423b0d5eeacf6f609948
SHA256 917cca4e66cb1d54217885e596edab6b04f4ef5240a2f616a9ec462c2a431eb3
SHA512 22cf094a6760655e8d4e1350cdd2cbf6c99c2386c943755cb219721b011b797ab9b571971719edfacf2b48cff9d149241d31e656adbd4ab75e8267be638e409d

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

MD5 1f0201092caea783acd98bc0e551e3ab
SHA1 cc0029e420675619f5a5144373c201eba5d1aae0
SHA256 2393a7665236daf104811c3fdb70ff5d18021d990edb7c9723107ea9a0f4dfdd
SHA512 b090095cca9da2e040cca977cf6798caecbc60bef99d7507afb9325f709016032d32cf90a864889db00e44f927da5d643533529cf83d5a5222f8407a156d95dc

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

MD5 0ecd574ea21b113fe1a9a7adad495e05
SHA1 ca91b57e3eb975f21caa66ed19cac2ee52b3c2a9
SHA256 e4d04a1616f6d8236d33332c6ae980d87aea273257557031984a570cd78aaf99
SHA512 c7deb049e944cbf8e8e4cc1bd91234f8c66f87ed9e70f02798d49ace4f566dc61d5a916cecc0749d5e94e6127a93105330186972dfd3aa5650780c07adb49cb2

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

MD5 2431416cccbf28a07342dfd6b38891f7
SHA1 29898763691c57233964a224574e8913721efe68
SHA256 a783c5d0e7fa208ba91ebe1261a1e492c7f7a3171ea036a9b31007ddf11b3503
SHA512 b7f134d4b75b6c525b69b535c634aa29d138c6750ac5f2f9913b9c0f97e1eb4f0115ddac3e761191df9d88999c03e94156c3983aa5b2ef96b922d01b6365806e

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

MD5 b854ad8aec3e782d982107ebee95e28c
SHA1 eb4fb7201c8042f53b7bc517fa6e616f0e2a91c1
SHA256 6a5c7b7582b0d0b79e7914d783b3405a23692d9fae6844219728e6c48cd49d42
SHA512 4b47268034fad83153e74d7799d7062d6eccf59474c2e4fdb1d0cff2150fa3c7e501f169dc13d4913ee781fc1490eb7080b00b39281984b84e8bc8fdbccff290

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

MD5 77317b50f3c30c587b9135073c0faf2a
SHA1 dcaf6685d6db65328cc11d54ba5c2ea3d28e03c2
SHA256 f9c961e15d1d1f78d920eecaa6250337fe25320c7de4156c7a21853b44b999b9
SHA512 ce96606303b95b1d01602f6774c5fbc763453756f822510b443c9f21b1bf8fe94e32e0f505b8467642fa910ad107990ad2f8f5c256a9aff374b650dc6794a6fa

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

MD5 a990101430095dda585a33872b6a861b
SHA1 07a4e15f8114cc37af6458abc1aa4bbe555442d5
SHA256 5188fad7de09c9ae5bcf31341d69b728a183f952f9b47327e06d035f34aa5149
SHA512 f97dd70f9a3a9f5df822ed140eb79cdac26413fbb4b44610664579af544668d9736b9cdab33ed7c440ee4d1847986af0f006298406bd30ed5e7e4a964f5ddb0b

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

MD5 22d5123bfd550d96f60d286fb3a5e542
SHA1 a1f115e51e500f8fe927b91bace5a8ee524417ae
SHA256 ad7a7f6e505990d623a064bf171679a88aa648048530a60e5b36a63af235eaac
SHA512 d3da3610a9e4ac0c8cc727598e58efe0b82c19391cc24b830f7880ff2644cb6d01f7345b721afef9a53fdd25aa2353b7c7888d00d58e62b70f10d626d991bdc8

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

MD5 ab7200eb2300bc39ce7dae14170d75eb
SHA1 018a3dc5c9be769f222f7d91e827df6b3c22cfa9
SHA256 e70a2bb2088d6374a8d9f0a2c2f0001db979468b13aff165c85309e5fc46fab5
SHA512 84cb6ecc3d30b7bcbbd87eca181724ecf331d54302247781554ed1b1cfa14b142ed472345157c3397b01ba5fc964e609054c24f9f1900462483cf3e8841eb679

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

MD5 73ff16a28345541dfbc75f0a8d8c98bd
SHA1 0e4109278e49e4ffe09f9b0e97ec5d4a07804eb0
SHA256 73ed0985283acbeac80a624b1da56389d06858dea2a841c2580d3b7e203b4d81
SHA512 74600a82bb1f629cd1640e16dcd9c327cd6d330c2c99afddf8dfbff4b15a51e27512428aa5632e0ca4f735c0b1848f0586a1a34d2f73c35316837fd6fc29539a

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

MD5 44c126e685692607395a99c3398fb10c
SHA1 eb20903cae84ca68598baa641575bf7446e54ad1
SHA256 777f571810cdd0167a10cdefdff1ee4a56c3822f23176de3ec9166c5a76d5b5f
SHA512 84592455b7a1fb23e3443fcc69ebe0a11e290907b107e6e92e1e3d3ae18ca032f10a67b77eadf8963877ee7f138b62df2b0d8d2e66572ebb6d89aa1688e2e591

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

MD5 319a73fdf0bccb9b97d12accda80e18b
SHA1 fa4f1427f04cb2fd70b449f7b28d454802a34aad
SHA256 8bab09de8d499078358c17ccb6e58ddc009611e08f5fd45ea017427ab8cfc640
SHA512 f90f952287ff8fc9e7b72955c5d8d5e83b04e1a5b801d4e7b9d86f94d521391cc47e7e29d35650e6a43a6c3da980c8398fd76d2fa098188625a609f8409fc77e

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

MD5 99d1de94bcebed7418fbf81b26fb3b17
SHA1 0993f85fa461205746ef2c16bc54ac0e36a55b26
SHA256 0920c29e52fb4129b82131279f93e1c6d8cdf2f7a950cb6f94f80b819abe4ddb
SHA512 7591f6e872f831b977eab4841237adde4cd9d0253c4c56ef01570120bcd5ef3ffb2613d2602656b047f4b3bc89027f0003bc7dafb99dda326d205d0e6349aaea

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

MD5 daee55ceba7a3e42f4bb560b268d0e3e
SHA1 572b0916cca49b0af890d19acddcb7a23c085220
SHA256 06c7355dafad101d342d955dde3348c81cfcfd9b886840dd62cd69b49d28362b
SHA512 f7c378e6dffda604773d8648ef5034ff42f2a3fb0608331eceaf575be7705d35f63d2441fc897c58fc15fba87b42156de6cf12411904677155f877cb358d7d40

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

MD5 9000c52908109a26fa23d8ad6bf9a072
SHA1 b5cc3fe1d7a2365135c30efbaededd29e72e6cf0
SHA256 a262aaa59d83b5407c04b9e401b86d9db7e64a42e27d65c52cd886d1e10a6ce5
SHA512 b58b19e6c929bce5295e39a43db44d795c93d14ef06065e34be5847b362ed6f10242d3a4b30d7ea69f66ea60d5819779f15d7006c211bb02b4573cc9875465d4

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

MD5 7422d68e2e93be0177ccb6ab638bad31
SHA1 414ae56511ae52f65fc42fa3288292f2a407c54e
SHA256 3f613441e9d70e00ca9f68fd3cac3c175449aa2f2f4809d57338a59791a746f3
SHA512 b09916dbfe22d184adb2a6021c19221fe699be48f3f36eb3b3ac9e77382fce135736705f531e7283feeb2b6e639b7fe79d1fdaa25ebdc95772fb2af204a1c598

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

MD5 f9ba795982ff27d4cb804968e18b7bd0
SHA1 62d94e33f24c5501a92fd32acb24443efa665189
SHA256 480f943af4e27a902c466dddc4fa154f0249139433a0ed5eeffcc1ee53c23578
SHA512 305fb167c66e46d36a6be1973becdde7fe06b2b6989fb00a4ae2f09e004f158e4ced5de3426b296a4eadcd3913b3ecc5b509b1079828dabaa49f3613bd73fa54

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

MD5 3645fab30e8ca58eaa905e7948411a10
SHA1 eafe836edbfb9037f517f6b80f80a5ee903194c9
SHA256 6dec6afd8043f8b4fdf3cc8eb002cf1d63de5d207c4d518f272c0248492b5483
SHA512 3f0db9cf506bc873d89feb4b45d25bb2476e8747361cc8d837e0ef40bf647fedeab5d9749ffcbf587609fa48a7426d81cdc1a16693ff8b59efdf242314414457

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

MD5 dc134f20544d67f0d995cdf148cff47b
SHA1 abd47aef3961362b45926df82a74dc692e0d70f3
SHA256 4041f7b5f25f9d5d187267966522ab77d93777de6a9be3d52c309f1571c0f56d
SHA512 cd1141c54edb629dfe4087fdb413060249eb35faf02bfecd882bb3f5390018402710c1cbb1d2a93bf4149f2ada4e5987fb92e8cde6137977791f40288c12cf85

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

MD5 8d5e86a6f86107be7aa46b978689ec23
SHA1 088e28c9136110ccb3106b1f5099a8a7027f199d
SHA256 287325f1f780bd2385b4e6ee27e96771987d4558d088fca56a7a0cc463dc3338
SHA512 26a069c65569b4736421b7acc62cdf69af5b4d9fb56c2044712e98290ecd3d85bdc5fc62371ee2b9091020e43a99acaaa0ec34f1189d2d89659469b33c699e6e

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

MD5 ca5e9937adbb441099248ad7fa5389c6
SHA1 54641f428441767626c895979131adabc438380c
SHA256 122fd9c8d2e247e50d84ff0a1c6172a722e865a99b55517bcf95699d9a95c1a9
SHA512 64cee7d8a92e717412a825f2d83e6787628af5b14d14ace87ee95595ad035a1e7f2022c5e9e8d17fc666068dd403d1bae012dfab75d3bbb39ebbb82d70c1f855

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

MD5 85e7f31e13631fa4337e497821500b35
SHA1 ee5a2e5cf523b9b2ffbfc81902abcfe36ca5ea7a
SHA256 b954b150a75ee149d98a66bc9cce7398b452835f1a1b4fe1e54b6367531ec9a2
SHA512 bf10fb172ad0eaba67d94921a166c4f713c45ad947624733b28fa4710e17c9550508e89492c61fedad2d2e2edab34db1b66cc28b19aba607aa2e8cd6e38f1ab1

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

MD5 c8beed01afa0e95ccfddbb94b2ffe829
SHA1 5a7a323b1a909110c8d3ef8808a361a60ae1dbc3
SHA256 d5168e24a167fbd99540e033d711de66a06ae6811d1b92ef4f936ae732bef840
SHA512 1a4219064519c017a6b6044a52cbd13e011a4c6f837515eb053b24199f2020cf227b83ee7aa9dc5ba69845c2206fefebde0744cd1d65ea9572c8d1712db79ded

C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties

MD5 4b9dfbaefb397370212a70d991dea9a8
SHA1 7ebf5d3525b240f4fa7003c09d92f2430f3329ef
SHA256 1fe44e4a2b04eeac86d9941db905d70ffd083888c84b2fef76f80902cb43a096
SHA512 029392c494787e4a0d9798d5e4188089d4b61c23b38a64619c80bf3088e6eebecc2dcedf25d19b8622a97a3d92f995bcf9b83ea37e78dc67105baab49b3ec29c

C:\Users\Admin\AppData\Local\Temp\25.exe

MD5 476d959b461d1098259293cfa99406df
SHA1 ad5091a232b53057968f059d18b7cfe22ce24aab
SHA256 47f2a0b4b54b053563ba60d206f1e5bd839ab60737f535c9b5c01d64af119f90
SHA512 9c5284895072d032114429482ccc9b62b073447de35de2d391f6acad53e3d133810b940efb1ed17d8bd54d24fce0af6446be850c86766406e996019fcc3a4e6e

C:\Users\Admin\AppData\Local\Temp\24.exe

MD5 042dfd075ab75654c3cf54fb2d422641
SHA1 d7f6ac6dc57e0ec7193beb74639fe92d8cd1ecb9
SHA256 b91fb228051f1720427709ff849048bfd01388d98335e4766cd1c4808edc5136
SHA512 fada24d6b3992f39119fe8e51b8da1f6a6ca42148a0c21e61255643e976fde52076093403ccbc4c7cd2f62ccb3cdedd9860f2ac253bb5082fb9fe8f31d88200d

C:\Users\Admin\AppData\Local\Temp\23.exe

MD5 7e87c49d0b787d073bf9d687b5ec5c6f
SHA1 6606359f4d88213f36c35b3ec9a05df2e2e82b4e
SHA256 d811283c4e4c76cb1ce3f23528e542cff4747af033318f42b9f2deb23180c4af
SHA512 926d676186ec0b58b852ee0b41f171729b908a5be9ce5a791199d6d41f01569bcdc1fddd067f41bddf5cdde72b8291c4b4f65983ba318088a4d2d5d5f5cd53af

C:\Users\Admin\AppData\Local\Temp\20.exe

MD5 f18f47c259d94dcf15f3f53fc1e4473a
SHA1 e4602677b694a5dd36c69b2f434bedb2a9e3206c
SHA256 34546f0ecf4cd9805c0b023142f309cbb95cfcc080ed27ff43fb6483165218c1
SHA512 181a5aa4eed47f21268e73d0f9d544e1ceb9717d3abf79b6086584ba7bdb7387052d7958c25ebe687bfdcd0b6cca9d8cf12630234676394f997b80c745edaa38

memory/1176-1878-0x0000000000840000-0x0000000000850000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\18.exe

MD5 d32bf2f67849ffb91b4c03f1fa06d205
SHA1 31af5fdb852089cde1a95a156bb981d359b5cd58
SHA256 1123f4aea34d40911ad174f7dda51717511d4fa2ce00d2ca7f7f8e3051c1a968
SHA512 1e08549dfcbcfbe2b9c98cd2b18e4ee35682e6323d6334dc2a075abb73083c30229ccd720d240bcda197709f0b90a0109fa60af9f14765da5f457a8c5fce670a

C:\Users\Admin\AppData\Local\Temp\19.exe

MD5 4c1e3672aafbfd61dc7a8129dc8b36b5
SHA1 15af5797e541c7e609ddf3aba1aaf33717e61464
SHA256 6dac4351c20e77b7a2095ece90416792b7e89578f509b15768c9775cf4fd9e81
SHA512 eab1eabca0c270c78b8f80989df8b9503bdff4b6368a74ad247c67f9c2f74fa0376761e40f86d28c99b1175db64c4c0d609bedfd0d60204d71cd411c71de7c20

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

MD5 8d9f520d15a7d091d7b480d0e99c82fc
SHA1 209d7a7a3f54a1717477a18680a9af39f1178763
SHA256 a1b32ff146ac8756831f1e6d30f3d281dcd2c4046024572259c55fae384c61fe
SHA512 e45c0987bfb0ff7eb171c7b43747c34eff88ecead216ca1a43f3b27ac740d80360cf5228d853ad8fc91104239a5c9d3afca4314df93cc8771e79db56d347b31d

C:\Program Files\Java\jre-1.8\LICENSE

MD5 bdf790d4c2ab203a59cf0055f4cab4d8
SHA1 ae1e465bd7925f2fa57c0b3ec3f31ed1706ec0ed
SHA256 a4747d1dc9806e22f84792c53155c6a483c49d9f4db83d9e2e67972ea43a5430
SHA512 935d885180c77ca5019fd5a34158c8f1a7c7268a922b34a79cef9b7fedb4346910b167718ea47bfd382ff0dbfc0bb948f820b64445727f803ac81f66d5ec6eca

C:\Program Files\Java\jre-1.8\COPYRIGHT

MD5 3258b29d4fcabc979fc0051c4053982c
SHA1 387154b457da2cc106b58262a9490100e410e283
SHA256 89df55ceb1f37e3630d2ef6db7980c9c9d623a0f8b7dea61fb7785060823252b
SHA512 9115280e17261ae026049f2472ff7d9fe3edb40b88fce048cbce4d7328cf7d4bbf8c982569a55bfedbec904207fee64c55c787c371aed72e5d24b29cd3e8d400

memory/404-1875-0x00000000002A0000-0x00000000002B0000-memory.dmp

memory/836-1874-0x00000000000C0000-0x00000000000D0000-memory.dmp

memory/3900-1873-0x00000000007F0000-0x0000000000800000-memory.dmp

memory/4596-1872-0x0000000000990000-0x00000000009A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\21.exe

MD5 a8e9ea9debdbdf5d9cf6a0a0964c727b
SHA1 aee004b0b6534e84383e847e4dd44a4ee6843751
SHA256 b388a205f12a6301a358449471381761555edf1bf208c91ab02461822190cbcf
SHA512 7037ffe416710c69a01ffd93772044cfb354fbf5b8fd7c5f24a3eabb4d9ddb91f4a9c386af4c2be74c7ffdbb0c93a32ff3752b6ab413261833b0ece7b7b1cb55

C:\Users\Admin\AppData\Local\Temp\22.exe

MD5 296bcd1669b77f8e70f9e13299de957e
SHA1 8458af00c5e9341ad8c7f2d0e914e8b924981e7e
SHA256 6f05cae614ca0e4751b2aaceea95716fd37a6bf3fae81ff1c565313b30b1aba2
SHA512 4e58a0f063407aed64c1cb59e4f46c20ff5b9391a02ceff9561456fef1252c1cdd0055417a57d6e946ec7b5821963c1e96eaf1dd750a95ca9136764443df93d7

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

MD5 7f3aface186addc0318b41fbae28bdcc
SHA1 fa5061d299772c25b402795c1cb95d09b21f38f1
SHA256 247ffc9eef5014d058fa5cebeeb8553c8111bae6dbc80ed9ba7bd4451bb97873
SHA512 3ba6886cb2a998f1d24244068d9e8ab5d4efeb93f2ddc9b66ba211a4546cf91bad3aa4d3ddb074ceab5a9e00e461e4824c8f9feb9368f2da361da54292dcebe3

memory/3528-1956-0x00000000001A0000-0x00000000001B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\17.exe

MD5 c252459c93b6240bb2b115a652426d80
SHA1 d0dffc518bbd20ce56b68513b6eae9b14435ed27
SHA256 b31ea30a8d68c68608554a7cb610f4af28f8c48730945e3e352b84eddef39402
SHA512 0dcfcddd9f77c7d1314f56db213bd40f47a03f6df1cf9b6f3fb8ac4ff6234ca321d5e7229cf9c7cb6be62e5aa5f3aa3f2f85a1a62267db36c6eab9e154165997

memory/444-1725-0x0000000000330000-0x0000000000340000-memory.dmp

memory/1104-1988-0x0000000000F80000-0x0000000000F90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\16.exe

MD5 0ab873a131ea28633cb7656fb2d5f964
SHA1 e0494f57aa8193b98e514f2bc5e9dc80b9b5eff0
SHA256 a83e219dd110898dfe516f44fb51106b0ae0aca9cc19181a950cd2688bbeeed2
SHA512 4859758f04fe662d58dc32c9d290b1fa95f66e58aef7e27bc4b6609cc9b511aa688f6922dbf9d609bf9854b619e1645b974e366c75431c3737c3feed60426994

C:\Users\Admin\AppData\Local\Temp\15.exe

MD5 c936e231c240fbf47e013423471d0b27
SHA1 36fabff4b2b4dfe7e092727e953795416b4cd98f
SHA256 629bf48c1295616cbbb7f9f406324e0d4fcd79310f16d487dd4c849e408a4202
SHA512 065793554be2c86c03351adc5a1027202b8c6faf8e460f61cc5e87bcd2fe776ee0c086877e75ad677835929711bea182c03e20e872389dfb7d641e17a1f89570

C:\Users\Admin\AppData\Local\Temp\14.exe

MD5 e6c863379822593726ad5e4ade69862a
SHA1 4fe1522c827f8509b0cd7b16b4d8dfb09eee9572
SHA256 ae43886fee752fb4a20bb66793cdd40d6f8b26b2bf8f5fbd4371e553ef6d6433
SHA512 31d1ae492e78ed3746e907c72296346920f5f19783254a1d2cb8c1e3bff766de0d3db4b7b710ed72991d0f98d9f0271caefc7a90e8ec0fe406107e3415f0107e

memory/2736-2121-0x0000000000CB0000-0x0000000000CC0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\13.exe

MD5 c76ee61d62a3e5698ffccb8ff0fda04c
SHA1 371b35900d1c9bfaff75bbe782280b251da92d0e
SHA256 fbf7d12dd702540cbaeeecf7bddf64158432ef4011bace2a84f5b5112aefe740
SHA512 a76fee1eb0d3585fa16d9618b8e76b8e144787448a2b8ff5fbd72a816cbd89b26d64db590a2a475805b14a9484fc00dbc3642d0014954ec7850795dcf2aa1ee7

C:\Users\Admin\AppData\Local\Temp\12.exe

MD5 7ac9f8d002a8e0d840c376f6df687c65
SHA1 a364c6827fe70bb819b8c1332de40bcfa2fa376b
SHA256 66123f7c09e970be594abe74073f7708d42a54b1644722a30887b904d823e232
SHA512 0dd36611821d8e9ad53deb5ff4ee16944301c3b6bb5474f6f7683086cde46d5041974ec9b1d3fb9a6c82d9940a5b8aec75d51162999e7096154ad519876051fe

memory/2120-2211-0x0000000000EC0000-0x0000000000ED0000-memory.dmp

memory/1888-2216-0x0000000000C00000-0x0000000000C10000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\11.exe

MD5 6c734f672db60259149add7cc51d2ef0
SHA1 2e50c8c44b336677812b518c93faab76c572669b
SHA256 24945bb9c3dcd8a9b5290e073b70534da9c22d5cd7fda455e5816483a27d9a7d
SHA512 1b4f5b4d4549ed37e504e62fbcb788226cfb24db4bfb931bc52c12d2bb8ba24b19c46f2ced297ef7c054344ef50b997357e2156f206e4d5b91fdbf8878649330

memory/1412-2232-0x00000000006D0000-0x00000000006E0000-memory.dmp

memory/3216-2231-0x0000000000680000-0x0000000000690000-memory.dmp

memory/1484-2230-0x0000000000AE0000-0x0000000000AF0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\10.exe

MD5 d6f9ccfaad9a2fb0089b43509b82786b
SHA1 3b4539ea537150e088811a22e0e186d06c5a743d
SHA256 9af50adf3be17dc18ab4efafcf6c6fb6110336be4ea362a7b56b117e3fb54c73
SHA512 8af1d5f67dad016e245bdda43cc53a5b7746372f90750cfcca0d31d634f2b706b632413c815334c0acfded4dd77862d368d4a69fe60c8c332bc54cece7a4c3cd

memory/3580-2262-0x00000000005C0000-0x00000000005D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9.exe

MD5 28c50ddf0d8457605d55a27d81938636
SHA1 59c4081e8408a25726c5b2e659ff9d2333dcc693
SHA256 ebda356629ac21d9a8e704edc86c815770423ae9181ebbf8ca621c8ae341cbd5
SHA512 4153a095aa626b5531c21e33e2c4c14556892035a4a524a9b96354443e2909dcb41683646e6c1f70f1981ceb5e77f17f6e312436c687912784fcb960f9b050fe

C:\Users\Admin\AppData\Local\Temp\7.exe

MD5 c84f50869b8ee58ca3f1e3b531c4415d
SHA1 d04c660864bc2556c4a59778736b140c193a6ab2
SHA256 fa54653d9b43eb40539044faf2bdcac010fed82b223351f6dfe7b061287b07d3
SHA512 bb8c98e2dadb884912ea53e97a2ea32ac212e5271f571d7aa0da601368feabee87e1be17d1a1b7738c56167f01b1788f3636aac1f7436c5b135fa9d31b229e94

C:\Users\Admin\AppData\Local\Temp\8.exe

MD5 7cfe29b01fae3c9eadab91bcd2dc9868
SHA1 d83496267dc0f29ce33422ef1bf3040f5fc7f957
SHA256 2c3bfb9cc6c71387ba5c4c03e04af7f64bf568bdbe4331e9f094b73b06bddcff
SHA512 f6111d6f8b609c1fc3b066075641dace8c34efb011176b5c79a6470cc6941a9727df4ceb2b96d1309f841432fa745348fc2fdaf587422eebd484d278efe3aeac

memory/436-2382-0x00000000000D0000-0x00000000000E0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5.exe

MD5 84c958e242afd53e8c9dae148a969563
SHA1 e876df73f435cdfc4015905bed7699c1a1b1a38d
SHA256 079d320d3c32227ba4b9acddf60bfcdf660374cb7e55dba5ccf7beeaedd2cdef
SHA512 9e6cb07909d0d77ebb5b52164b1fa40ede30f820c9773ea3a1e62fb92513d05356dfef0e7ef49bf2ad177d3141720dc1c5edceb616cef77baec9acdd4bbc5bae

C:\Users\Admin\AppData\Local\Temp\6.exe

MD5 27422233e558f5f11ee07103ed9b72e3
SHA1 feb7232d1b317b925e6f74748dd67574bc74cd4d
SHA256 1fa6a4dc1e7d64c574cb54ae8fd71102f8c6c41f2bd9a93739d13ff6b77d41ac
SHA512 2d3f424a24e720f83533ace28270b59a254f08d4193df485d1b7d3b9e6ae53db39ef43d5fc7de599355469ad934d8bcb30f68d1aaa376df11b9e3dec848a5589

C:\Users\Admin\AppData\Local\Temp\4.exe

MD5 c24de797dd930dea6b66cfc9e9bb10ce
SHA1 37c8c251e2551fd52d9f24b44386cfa0db49185a
SHA256 db99f9a2d6b25dd83e0d00d657eb326f11cc8055266e4e91c3aec119eaf8af01
SHA512 0e29b6ce2bdc14bf8fb6f8324ff3e39b143ce0f3fa05d65231b4c07e241814fb335ede061b525fe25486329d335adc06f71b804dbf4bf43e17db0b7cd620a7c6

memory/3640-2519-0x00000000006B0000-0x00000000006C0000-memory.dmp

memory/568-2471-0x0000000000360000-0x0000000000370000-memory.dmp

memory/72-2466-0x0000000000820000-0x0000000000830000-memory.dmp

memory/1980-2637-0x0000000000830000-0x0000000000840000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\3.exe

MD5 a83dde1e2ace236b202a306d9270c156
SHA1 a57fb5ce8d2fe6bf7bbb134c3fb7541920f6624f
SHA256 20ab2e99b18b5c2aedc92d5fd2df3857ee6a1f643df04203ac6a6ded7073d5e8
SHA512 f733fdad3459d290ef39a3b907083c51b71060367b778485d265123ab9ce00e3170d2246a4a2f0360434d26376292803ccd44b0a5d61c45f2efaa28d5d0994df

memory/2900-2416-0x0000000000630000-0x0000000000640000-memory.dmp

memory/4648-2672-0x00000000005B0000-0x00000000005C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2.exe

MD5 012a1710767af3ee07f61bfdcd47ca08
SHA1 7895a89ccae55a20322c04a0121a9ae612de24f4
SHA256 12d159181d496492a057629a49fb90f3d8be194a34872d8d039d53fb44ea4c3c
SHA512 e023cac97cba4426609aeaa37191b426ff1d5856638146feab837e59e3343434a2bb8890b538fdf9391e492cbefcf4afde8e29620710d6bd06b8c1ad226b5ec4

memory/3788-2756-0x0000000000230000-0x0000000000240000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\1.exe

MD5 8ec649431556fe44554f17d09ad20dd6
SHA1 b058fbcd4166a90dc0d0333010cca666883dbfb1
SHA256 d1faee8dabc281e66514f9ceb757ba39a6747c83a1cf137f4b284a9b324f3dc4
SHA512 78f0d0f87b4e217f12a0d66c4dfa7ad7cf4991d46fdddfaeae47474a10ce15506d79a2145a3432a149386083c067432f42f441c88922731d30cd7ebfe8748460

memory/4676-2796-0x0000000000220000-0x0000000000230000-memory.dmp

memory/652-2841-0x00000000002A0000-0x00000000002B0000-memory.dmp

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

MD5 b0857fa1e2af049ca00c831d91bebbd7
SHA1 b885880e4e85c61c7c92af12ef1bb00dd1cffd4b
SHA256 1d35018037c7e242b6fe7517d6338fbb4f4888803e57005ef73ddcf0949e704a
SHA512 af2e8f1da2b38ebb554db93b8680ff55b1372bcc1b8ff8cfaa19351d30293a29454c27043131f7793f6b2686be0eb32d4c144dc1482e0f37cb55d83a68ca9707

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK

MD5 7be334895d46f215ef01e3e705812f00
SHA1 e060d5817c2388c227c3577d7b9369cba8070bca
SHA256 d0ca60478669c2e01206d4186d22cec98cfc6000690e0201f916b205ff6934a1
SHA512 2ca97c81e5f3232444f824ef73e53f998f6569bb7d4b68eae3ec11493ce5f077f9f6e174365ff5c91043e55c5b053b6c526585f8d2d003ef696787ee81b65b81

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK

MD5 f9a67f25cd783d924c252387063dac90
SHA1 62c374fb8b9fe218c51ad4bdfb1cf2cd7e8f35fa
SHA256 75a8a3273648834de41f825a6c5971982770af4cdbc54d32858ed6b02cf2a9ed
SHA512 4a9e01e380564391bcd395951dcdb91d0b82955b598f1b7ac4ffebef0c8635497f76c48670a1c875e70407cf15e043216043fd2884086a6f3cd8cd2a652556c7

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config

MD5 32c63d5a04ac2ffc8ad90651fda7399a
SHA1 95e67255a6ef7159b4a9def2cd31da4862107193
SHA256 e2233c5501a6a3811f1cf1f4875fc9fc3948b3277ce25156649a8588639fa841
SHA512 4c3f9dd5666df7ef335204a36d0b0f18b7c539b0770dd8efc72aed9718d558ec148692e00fe3bcc227033fd97340c55e3c187be769e3440e81db98365e16050c

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL

MD5 9a685fb46e05518a9e2bd07a98fe4aa9
SHA1 874305da5200d47a1d31857484d844710ba35a26
SHA256 10ea82901686c79456058b0b9dba759d926299c5b8931cab5a3e83cd3dc98344
SHA512 80a9755d36974139d693201335aecb433e014bd4c9b63f8974aa6c10f1f8c2beabebaa619398b4e566e36e7bf69bf79e2aec53897a88ea46efa296d44130c88e

memory/1004-5317-0x00000000752F0000-0x00000000758A1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\1.exe

MD5 a775d164cf76e9a9ff6afd7eb1e3ab2e
SHA1 0b390cd5a44a64296b592360b6b74ac66fb26026
SHA256 794ba0b949b2144057a1b68752d8fa324f1a211afc2231328be82d17f9308979
SHA512 80b2d105d2fac2e56b7ea9e1b56057e94ffe594c314ea96668d387ab120b24be580c58d68d37aca07273d3ce80f0d74f072102469f35cb02e2295817e1f16808

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub

MD5 69eb56f4fc79191755f76bb56aeed54b
SHA1 b11102e03ff5869309a9b944cf095afead5176c5
SHA256 fb37a7fce769293e97fae19a3875abeb611407dc7fff57008bccafbf21b3727d
SHA512 e7651fe0d509d40899dced58a515722fb433ca02668e06f2e3f459ab97de4c40346d79f8faadcbe834bbed0f5ad0df843ffb12b7890c0f69353cd2724a76fa1d

C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms

MD5 b8fb4ebdfbcf5cf3416ae848e35f5147
SHA1 cb05105d26d6476034cd02edfcfa7b64120e0633
SHA256 b44f131174e6c439650ba2ac6f53d188429b5a5574017cd64284ad6788609f1e
SHA512 cef9fcd440a8ed9c78752f3ecd0fddd519ee322cf49b46d31c8bdabd2aee51b1bd64e5ae28f68100ed1a3f55bf8c41ccd27822a1fb9c5176050c09828a855371

C:\Users\Admin\AppData\Local\Temp\Files\a.exe

MD5 ababca6d12d96e8dd2f1d7114b406fae
SHA1 dcd9798e83ec688aacb3de8911492a232cb41a32
SHA256 a992920e64a64763f3dd8c2a431a0f5e56e5b3782a1496de92bc80ee71cca5ba
SHA512 b7fc70c176bdc74cf68b14e694f3e53142e64d39bd6d3e0f2e3a74ce3178ea606f92f760d21db69d72ae6677545a47c7bf390fb65cd5247a48e239f6ae8f7b8f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

MD5 c76055c7a97ada8c96d0e46b0922416b
SHA1 8e7b091c7f2852aa5334890a29f634ce8bc1bc74
SHA256 a51b85416df72c4c2a30cdc28947a344eaeacf434aede2f3b5c1408cf74e829f
SHA512 4d94b6fe4d376090399405b4f0ff25794e0b5f752d6b1a5c556141898e842f23ff1999f4f858a277e09dc5c2423fdba76c0582e5b284ef6d37b1ac34fef1ab42

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl

MD5 5fe7a544e62490470828a99061904df7
SHA1 8a740fdfb6f9214b32dc7b4e065a5625b72e0abb
SHA256 b2b6bef91ec3b4d535bd9aa4493dac8e8e5491a39b809da8aa9b5ee1bb04b53a
SHA512 d836e8bb56bb01aef8dd02484bc9ebe543b22f38e382f8973ac6c8edb081087429090120b91620a7bf7fd07cbb908d3d8b37b4226675b90b1f6135aaa9182967

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

MD5 403e3b417a04ed9a22a322d6a87b0aaa
SHA1 3d4019d2de0f5f72c0992cb8eefc91dae5cb8b05
SHA256 6f36604fe515eaa1b12428826eeb781067c8bec6e21e79fae92a49c722fc0763
SHA512 2fce42eda26469c79f824f05119c32945212522d3d16b013dc91b563573229fc20700810c00a9804b93238f7a66a7128073273f2b4fa90f65ef0f2d9a86946a3

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

MD5 60364cf372332ea02c250ff3faa7e05b
SHA1 ca49f701e3b127332b3648cedd9c9651b9494b01
SHA256 4c9cd733d7ecd81ce6bb43304c19601acb069442221629de03bb45e4d5cf7fab
SHA512 fd47a35c0e60635df1b1980496e2e79f5e73eb2ea5f17410a91608ef06c3ed6a9e2b2d46096704f706998aa39d71e34acbbb8ef6a34af0934696a59188ccf741

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

MD5 e7ec5343bb76868beb7dde5f2c068bb0
SHA1 6e5e72b04132e999bda700ec7d7fb133360261b5
SHA256 8c34a615793df2c1424b753634268aa7324cd4f6010bf31c5814a2135782925a
SHA512 5c8158ca9276ea989f51fb6117bb89f9728e20223a1e17341e6eeb3503690c5f9e07496ed018197de2fbd2c3304a6c2fd12dc263bc0ba419eb66621ac55b7543

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

MD5 bada05005d1229e6278c2e62499b785f
SHA1 4a2a8e0614f595ab6fa6396a8274548393e58e97
SHA256 ba331597572bfb7f85e7f1f32bdd21ed8b328a0b3d09421333b6885fa3ccbdf2
SHA512 942c87e116f5b8b19d2e239aedcac4536f6b4ddc0caddd66191458ba80213739727d22111f6d21884720322b14aa84e97589a66d181a19688aa12d3b1f108743

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo

MD5 5cac47cb4729fa5b471cffae28d87b8d
SHA1 bd9b2fa176573008a5acf674453d1d31e0f1717e
SHA256 65f88a758d8868fdb065c2f35a77f50c73e5286a6336492cc72345f4e8d84c8c
SHA512 17be303530cdbd4c9bd4c5b0886dc0b5a3222ab9b97fc4591da8029513387dce6318a7d34d3a0c09b85d02c6759dc7535cee81298ab0fed0bde1fdfad2f24417

C:\Users\Admin\AppData\Local\Temp\Files\peinf.exe

MD5 23b1eaa94b3e9421106d6e3eb79064df
SHA1 1472b3fd4648049820b48409eca265feed547365
SHA256 b3ae3b2422adecb9e7bc7e43a1ecbc616b62ff10a3c51b4eeb7ac6fab5eeee02
SHA512 38aff701f485bd9678f6a9a440eb867ff8b9af9c68c27c4e3b0d7444d1a09240ecd946c7e38ec608d83447be74fcaf06db572159275a04ddd2aea0c31cf7ce11

C:\Users\Admin\AppData\Local\Temp\Files\pi.exe

MD5 1e8a2ed2e3f35620fb6b8c2a782a57f3
SHA1 e924ce6d147ecc8b30b7c7cad02e5c9ae09a743a
SHA256 3f16f4550826076b2c8cd7b392ee649aeb06740328658a2d30c3d2002c6b7879
SHA512 ce4dc7fdd7f81a7a127d650f9175292b287b4803d815d74b64a4e5125cff66224d75e7ecade1d9c0e42f870bdb49a78e9613b1a49675ab5bc098611b99b49ade

C:\Users\Admin\AppData\Local\Temp\Files\twztl.exe

MD5 f437204b3e1627d8b03eefdf360281ad
SHA1 c824e787a9786d5fdd19effdec54abef217e5b39
SHA256 d4bbc125a9e94de44f4deea9d6b10adc87a1ec1aedd753b39d26bb15817fdadb
SHA512 bdb6fc7d1e7f61df6a7ff3036fd56793e1096937fb07fbe033692f20de1bc81ca0215c5eff5a21627607c1ca514296d9598490c244bba5ec60c74653e1978910

memory/6688-9991-0x0000000004BF0000-0x0000000004C26000-memory.dmp

memory/6688-10043-0x0000000005390000-0x00000000059BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Files\66dd9b656c6a0_cry.exe

MD5 3879291a4c9563f65101294045b3b427
SHA1 2a3b2c42f20dbc6fb1367c334321c495f88623d0
SHA256 fb3994d810b72176481c2f24b5fed150432b788afd8d00efcaef21c209a09603
SHA512 a3ebf43c9d7350d9315875a198d78dcc3b73c4b5cc589ee0393e98e0509f0c92bad721809697fa2900895d20ae04c466cb19f185da14d9a97f4b18ad4c7f74d1

memory/6688-10111-0x00000000052D0000-0x0000000005336000-memory.dmp

memory/6688-10110-0x0000000005260000-0x00000000052C6000-memory.dmp

memory/6688-10109-0x00000000051C0000-0x00000000051E2000-memory.dmp

memory/6688-10165-0x0000000005B40000-0x0000000005E97000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hykc4kw0.1fl.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6688-10296-0x0000000006090000-0x00000000060AE000-memory.dmp

memory/6688-10446-0x0000000006110000-0x000000000615C000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons_retina_thumb.png

MD5 7f68be7d0e990e73ba83e00b8e08c9e5
SHA1 b015b46f90f070d64acb2984cc27e74810a4cf70
SHA256 1176df4d9f96d9223c242746cf728ab7b66ea16b31c4e5748769be83237a0622
SHA512 0b8d506049f4c86abdf8d7447cc6e20eebf2727cdee5de2738e520daac3f10631bec5fc2afd5651a037cbf1ab59a62887d6fc2ad92def6a66c38dfc36c49037d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_fillandsign_18.svg

MD5 2e94fc079b78230ed76a1d5e70b0d835
SHA1 572a5a91dca55bb41fc6ec48b8bebd566048e8e7
SHA256 585a234fcf6731fc25204021e3fca8de67c8464f2bc84661e291c85d29eaa24b
SHA512 856560cc7db4f3ad1b74f8ed414dba15a559eb7b7560d985d5d050b4f9fdb4653d79c511ca3cc612a0baac842d12be57d76839540db463c5121e4a8233250b37

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_export_18.svg

MD5 8f88bc0f3e33cf63d6d727252a9beadd
SHA1 6ddac478eb684403c28f0e81abaf441660ddd246
SHA256 b6f635afd73418587582e33f9e14f815181a5d84b75f7ae6249a06f3ea553cae
SHA512 208097ffc5116f1033ca6e9cfcea5cc7ee53e88cd4cb117f2d7b73917e7a5130fab08eb9f37a5595e7fca615cca456542c9fa3604298f2f19baa523959c9c7e3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg

MD5 b5ed35bf79aaf56c7d2ac9bc8ea56278
SHA1 97f34b44165911ac18d7ff244b93828c2735dae5
SHA256 f0057644d244b70555b0188a30ef065f31cdca9780f7c78681841ae3d79d75e6
SHA512 eb1917c826c8231d41d11ac21aca1b6a93487908d894f5ab651892ed4668d88bfb9893fdeafda8a0074e866d5308df685c96643cf44d493b93680d678b44080d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_comment_18.svg

MD5 2a126dd7a0903f1e53a0b9e806ca7489
SHA1 920ebf14c29864c1bb049339a214eec0d8b9a28b
SHA256 413b99934f52a6d55005b5b799dea28fe0d6e1998f33af2027536d17a1e1b6da
SHA512 a07a36b6a33a9f1f23ce055aba25197a76119c00205cd4da74e1e0635b073350f2f7e17ca95cd902910fa6349aa66f1e9390ad267132bb552e8b32fb5f56aaac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_closereview_18.svg

MD5 89501f1cb1d2ac99465b8e64803933b3
SHA1 aeca3ae7bcc8be4f899c4ccfff18b4fff2a2a878
SHA256 7221ac5df43708d4197f3a36ff33cbe2839d8243f69ad071e3eb4d90bd02870c
SHA512 90128304879eb217dda392b881e471b36121d41d2563efb601b2d3fdf91579c4e608380bbc969d3a067788e23b7c7fea102bc62d916bc2f8ccb0f799ad8f72b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_backarrow_default.svg

MD5 d6a470102c57f8a51507a5709bac55b3
SHA1 77864345a5acc393c2874c26ec16d19d52c17248
SHA256 266ab672a5342b6696aa682fde56d7cee6f9060bf05438276db544afc17c6492
SHA512 a8e397aec02ccba1d83e4c48d7a937b5dfb5f009f2e224838b55bd0faccd0901be7ab35e7e49f9fda594f9db61ae7dad054c161268d0988e3546690acf4f77ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

MD5 5850376f0cf197aff2aab83bfba87f13
SHA1 9fc0b33c970b886ac3f9572f47f8c1ebcf93f478
SHA256 dcad29005958894597b5073ad5700ce97faf6d51753f5ef8230d0563d2df0876
SHA512 203708fe5d4e94a94525398d645da8dbd7cbdc228cdc2ec66d59c46e9eb0d8496726ec3314014dcc266436f413dca7c84bb8025ae98234f63b7e65a0875ea5de

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

MD5 2c5bd2a22a06158a5c4d952f4f02bc77
SHA1 df63f9cf1ef7dd931670f7f108ac95a55d92a798
SHA256 5f293bd1deb80773d04ebbdb88dfd20fc9cc6a617845a19f6cd5278264a79597
SHA512 7d4ef00a3ff244958067cdb3ddd663fdd03e61f838712f5f5ff9e0df9fedb0c011e3ebf2991576e1a04b82e899e9caab1a15b8c9a612866124c65aac1198edc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\remove.svg

MD5 cb04c799bfb7e6389860ef326b6bfca0
SHA1 a3f590f810ad078bbda04995d87f78b791850ccb
SHA256 feffd25bdbc69e79a583749b2fbb205e7b1aa9cdb623e1fdaaef7096046acbec
SHA512 9fdeed7fa62565613bdec1e98a7b81f4e035244c0e59bdb73e869c12aa9df239fa63ee040f088ef6cc669b7bc54cee06ac0581855cd19980b5198be336f37870

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\duplicate.svg

MD5 baf3e06f10d2786746f18c896ba7127d
SHA1 3c3ca73afd17e26363bb52f7cc33df3699a1b84f
SHA256 937b72e1b4a2988a5a8608def76ff613e53b2e28bae7fbefd54fa0a9cf77035c
SHA512 6bc3e217a48ef2ae7f1569ae2ef4bb6a5741ae748ac5b742365203a69838c51aa261d8a0c86773a7b5d23f9642c4aafbd64e3bfdf3c31d339cd3d7cbc7f08791

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nextarrow_default.svg

MD5 03278898a2dd8af60658ae8d6ec6bccd
SHA1 eff82781ab18ec31e1bde28a3f76a3743274be7c
SHA256 92f6c85b5c4d422666c397ec77653565fff42de06acd9d9468e5b8a1fa8f29a3
SHA512 fd92914604c9dd1c134191be3db515eccd7d53a63cfc50923cf1763522c438971e4535364c5fe3aa574a9de778dfb6d63b254a2ecdc60cfbb82cc2185dad0253

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_newfolder-default.svg

MD5 6d6fc0517f3f623b9322dfabffcdc6f9
SHA1 379931164eac826c97a7203e4ceb4813118b36e8
SHA256 7de40b847b96557623e285e8c59593319493a49e2e5950006a86754748b05501
SHA512 034821981bd671c9f0ce8017b23f054a20863755d856622ac8289ef1f8c50a10d5edc548b6940b92abc006d9c33eb7f2d42a3e4b8af97843c1b3ec5ab57abdd3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_move_18.svg

MD5 813c2e6ea2c5ad3ed88a934670bbaf9d
SHA1 bc1dc6392b4ed7c92565afe2cb8966897f0ffd24
SHA256 c7dbb44158c16615119f8520e1de60af9ebfa345a9c0245ef08b5dfcbf44288e
SHA512 b3ac53534f9bfc79218ea852f798c483bb95610904551969b12c363acfb6a897492d64df6fc77bb4d4df4aa96b7b09514372a2c2e31de81b9c679e5bbfeff484

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_organize_18.svg

MD5 b83d4271215e92c5d58f8fca93d84e08
SHA1 86d460afbe0150441456129cbc3336062d0f4b5e
SHA256 7542a4d77b4a48f62c277815611ea02145b25575b47a91a190d1d642980ad8cc
SHA512 8fe20304554c32ae26dea078f47578986f58a20f52f90d60ca0554716703f2e410d18727d4a3380e439fb3bd2e2133aa19104aaea394de843331e6615c9da270

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_share_18.svg

MD5 9fde7d7ebf6e078a53661154ec5dc09b
SHA1 d2aadbdc8d564dd3d5eab6ba7c3bef5d6bdfc1b2
SHA256 7115b8a2dade407144c0872a3809dd067357a8250a359bd01a872f982308872d
SHA512 3f18802cefffdf09b4e456490092c2ce80114de7f377b3ced78e6f4e8097918fe4a4215d3fcd2c0afc02679bd193ed9087cfafda63d4c79a98d61c739815078c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforsignature_18.svg

MD5 935c7350b99208f045552da833ef609b
SHA1 18698eac02f1307a723ed341cc1a1d76c9abf717
SHA256 7e2af266e66985c246cba4f7a33f469f84388f02bee937ee79c5e0f4acf5cadf
SHA512 349a418742a08ad80b655e2316005bd7d390091408e3a7f6b326f32cc4def90b04018647c76373a63a3662839bb0a834c0626ce3af518ef3b5a8e475b748c973

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_rename_18.svg

MD5 c2f0ea065a8544bb703d56c798a0e77e
SHA1 6e923acd69d701188e59acdbe6d1e233807a7589
SHA256 69e70d01def6ef249fbc368f8ef0779fd913fc8e9569b7b22200b5c3fff9769f
SHA512 9816920af39d6625c40aa1846286aa2f7484b975efcd850c43fa02123c754bb63fea59435fd048df3e0f24e1b79be19bed506b0a9b64b856a70f9aa16934aad9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

MD5 54fca568469f77ea28df14c9449a8dab
SHA1 7b9426a80299c1a5ef530c15e6b70a751e004e9f
SHA256 60c149976fa7aaf39f2b8f8e24665c72fd508788e4212328de4518d6321a4171
SHA512 1ff0c89c763a74793a95c0be99cb527eb3ee538a2bb10007af45a6d53155949710e65c5bc2bd380d4cc13dfc83cded276383cca5bf9c22175c68f7aff7c4290a

memory/6688-12377-0x000000006FD70000-0x000000006FDBC000-memory.dmp

memory/6688-12420-0x0000000007060000-0x000000000707E000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

MD5 5ca98b49e3c3282135374898278e9a1d
SHA1 4227106a181830ac2b780e78156e14c4398cf718
SHA256 49da72bd6c342ca29d778038c0fe7a580dff50eba73e7a52a286d4a11357102c
SHA512 85f238e0ecafeea6fb611a8bf3ac70f7bec6aa4355276c4186417909e730ef3bf964c3fdd2cbbc174b8b55199a7256de4336525f69728f4feb65c5fbbfda8b1a

memory/6688-12546-0x0000000007290000-0x0000000007334000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

MD5 5e3178693a1e74dd053dbc8984b9104a
SHA1 738357c1679eb106a9284c1eeb9bc143d56bff1f
SHA256 609e7706b66f420c331a457db696b0339f8ced5795b153a616e63e8b0116a74c
SHA512 8eda8e281dc40b55b55d378ab65ed5afc40bf3a8d9fe8543072e64f31f0a5d6f620ac9388d96ecb75bd3888d8d7d849afa8c262d4d3f5426f55bac7eab552d51

memory/6688-12347-0x0000000007000000-0x0000000007034000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

MD5 ca99e0a8114e7073d186ca1470d50632
SHA1 6b95495addf49ebfb27a0975522c950b8351871f
SHA256 d83c502e8f7e80eceac364c0180a0a580319b3223c1c7c770eb5e3d38fc19176
SHA512 eb4064cfca34b3bb91e6db3c61a007cb48a847044c2d82a8e8fadcf1c0a7f93c4941b2eb6c524cc7b4159c4a7d08ee831e3fe8eaacecfaaf1ee9a438636ff218

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

MD5 25ea3e7da820c50f17b0270a9b99f52b
SHA1 27e7b622998d67d936eb4d12500887531a4094d4
SHA256 200e33b797b753bb150c80d560cb9095c5b7ebffcbd643f511cc8eb9a518c00c
SHA512 6596aa39d2bfc67c566a6ec0f282ea274030b4114b216de75c38bb8d37ddf01e175c9cea391b332247fd48768bd8b0242960699e0a60d8693f8ffc51643e99f0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

MD5 526b25f78c2f2c72ee46f3b7ab212e73
SHA1 b74cdd895e9752af4434bd2bfce208fa73974bfd
SHA256 cee1e0ac70bb5198cf141420424313281bc8176bc5822ec0130ce907e71d1074
SHA512 ee3a67325c8f99391c3174bebe967a16513f44e3cd027501d0cc0473aa6033d867c12cb550f7caccdb0744bfffc67a5e0a4a9f6b2b82c4c91df7453d943c8a57

memory/6688-13042-0x00000000073F0000-0x000000000740A000-memory.dmp

memory/6688-13041-0x0000000007A70000-0x00000000080EA000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-selector.js

MD5 24166dbfd986153e8cebf867f8c8f806
SHA1 fffa1a310dc7531cae258b0f90aac595a6275c1c
SHA256 9143490c2bfd873a37802cacc1aea55aeaff939519f8e6c2457292acacf00d85
SHA512 7bad8875ec4a896c25d3ea836a3dce4549c3f4e65272f75115465fa6624c26c27432a9f11a1453f515f6c1a90a112ba15a00eb7b8ceedd3c11984621018f5b1f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\convertpdf-tool-view.js

MD5 787fb9415880a9fc25e19600706242eb
SHA1 b4fd35e2c65ed876c31e00da8bee8b32fdc46663
SHA256 456c9b4e5ef9be7266154d779f75404634a82d960e66832df5e3dbbb39018725
SHA512 0def8ab11eae13250e83cf6a0c1afdf1e88883992622c61edc00d220b3a5460d3e60bc187c8206386711ed9903c51888af6be9b3ee9c02bf0437951bb89f0930

memory/6688-13245-0x0000000007450000-0x000000000745A000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

MD5 91968612b40ef17c1eeb023e7a61017f
SHA1 0341388789b30bc872ee35e4dbe0f4a87970f712
SHA256 116270c6e76f5df75215ed385e12674bf8269aec3434e078f106b504081377fe
SHA512 096fc4309de6a8015fe8d27b0b8fe3a58e860ee0ed43b6d582f677bfb717440ecdbfdf5d686765e740310c802e91d0402b2619b7bedb53052e0b4d2293774a6c

memory/6688-13539-0x0000000007660000-0x00000000076F6000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

MD5 a44104ec00b3f9c1dbe6eb2ea5d7224c
SHA1 30eee3ee74277036ebfe810e5b5da51886e39d89
SHA256 ecb3232cd3cb5d34408727f6cce920a88c724ce0a70607e48859dfb6abd64660
SHA512 1f91f31ac8459de5984430625106f79aedd3c8bd5bd19687e574b392eafb4c31b1b7bae6d51bde1f44a9df2a8dba31d43e07d48e23588384dfd2f43620d7c5c0

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

MD5 690e26d4f92412a051cc6d4c1005a755
SHA1 2678d6702b31a6e2c6d89267dd685875975b8afc
SHA256 f8a78f36354e12fffde05b94d87d035d055a87a471885f185799b9545184bd3b
SHA512 99f040a32b852714d848ed181a21211f8013ab62393591bb207796238c622a9115a780f42e2e7945528b862cde956881a00bc47e3672f8932bef7634accfa9a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 79140d887a667bf970c3b2072f2ed81d
SHA1 f0358bafb392f72c4b44eb0d91f8dc1292941e93
SHA256 1454a8c4c62a0a73f878516531ad11a84bacd089a095a4438547e84cf4bc9532
SHA512 fa575609d48e1e05ed1b83b6f709afe0191469b437fc2893f41c1627a882a107c84db05123f3b221c85b7e100c812ec2a2d06e9364c0a6be89e2b56fc11954d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

MD5 0919a0d677ce21da8d753ec632fa700a
SHA1 4f247a5f9284894b35588d3f4dcf5d3b26f091aa
SHA256 e0db4167d4252ff46d963f91c8510548acfeb15fa251dddc7478c2b8228d756d
SHA512 9a2a7c4ea8bab8ba798b798f85f726d20ba2ff74e512e6f85628c046240773948f8c5262c8378bbb55fd07583622e2b541b99f654093fc4255a6282728b21423

memory/6688-13788-0x00000000075F0000-0x0000000007601000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

MD5 84698fd34b637d1e95ab84769c0a12f7
SHA1 43b0bd296845cff8e208698d0bf0b966a402c3b6
SHA256 4cda0b544824265b542a109ce3193a3ceeb993624fa9682dd305ac288345ba32
SHA512 8e5f633a5ac9180f17fa368e18ccde326065ec8131e48e347974daedb13cefd0f9b46d553a8f2c5ec248a714567c34a007366c25b49ab951637b0226fbcbb412

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

MD5 792adee9f22e79a718a8b0a699337dda
SHA1 522a4365027c01e626ea2b1cae46d5b38d1e3ad3
SHA256 f46e4c8372751239875a200869d32796c80a1cf4bd7c2aa8e29d5e354ba76274
SHA512 12b5f2877aa8e7d347a6f78b962c266a9efbfa2df5f9b6d3562d37e607a7149f8aa06e9b725e09bfb7d269f1445b8a7952d5a389bc5d486a080f2d3304333324

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

MD5 a1c763f353a450d40cb38c5916025de5
SHA1 508649d062460c2bcf297b5ed464d888afa32b43
SHA256 19268b12755a9a8d586cb3d4b4f78afed0f704b64edbfeb517d3d0d7cf9d9448
SHA512 944d65a80f72ea1c657b3015c3a1ffa54b3e8ccb66335538bc2e48493960794e99cbef1dcf156a5005c2667b7530c79f77a34e340263677481fd8aefc0d31d5e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

MD5 fbc032e7f0399399fc98a6f6252dc65f
SHA1 762e30b4b565bc4bacf3466db8600bf7c9b9a666
SHA256 d4293d3f356fb96a48c45f95f98e2ac9393dc3c3b80f798f2b974586a592d51e
SHA512 3860ef863f80ea0a3c8a6801948d241d5569ca48b10958c0a45958fd2190a99da481124ef67cd2aeb7390161421d1f2418e66d172b1fffc496ccd1c363510aff

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

MD5 f09eaf023a42584cbc7510cfdbd5d79a
SHA1 ce90027c668f8ee5ce29d2eb13ff3bc107dc9b10
SHA256 0aaa1f2c6c528fdc5558a0c3061e3c62d218bde818a4bbefc376f1a605f448f2
SHA512 3a0b6dc990660b30b1aaad8908b3effcd1c04b690d7a7c1b78532af39f451c3b3ce9678964b940c533cf7e5a347a0e647f7c7eb258c8d21b42c342a81f661a3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

MD5 6a41748d857d4a3b7bd685ced78a2490
SHA1 fee390ce8581ddaa26c2aabf18ac5540a3d09427
SHA256 3d9570ae2bcf6b00f2a0692c3a10d8d6e998eca868de4183a24f4f84b986ef18
SHA512 92643029aeddba3a7d6e4007d2bb8d818dd92a50c8d9bbc1c230f9be30785097d0223685f44de1312a2cb1aa7c6724a90c030ca5ef6c071c78bb02d551f98b35

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons2x.png

MD5 b4032e8175d97c690a4bd4810a3efb07
SHA1 cd1f697f8752a7caceec3deeb723ffef62e8337e
SHA256 57927cf2bc91a0639e390bd5e066f8387f12aeab4e9524e3acff0987beb725ae
SHA512 789982a8d507d81918f263b407ec9fb8d5b49e1b0fa2fca205dc488e0f1631985d04069a457085d30dcb39a6acecd61e1d6c48abfce47dcac60f765f3b36ad7d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png

MD5 962b76fe1dbe16ed009ee3da42836847
SHA1 1bf7feecec2ed10cf9d54aa49ee909e9deb73e3a
SHA256 0fea7094293573f1fc6ab1ad11a0c15dbc021e3cf92aa5a9fc6bbce76ceaf3bc
SHA512 cb0e15273baeeadf6f1c617f49102672aa5079e0836ad313f54bfb075d1335028d6f7bf5614e94cd399d03131951a42a0424d7f15125a414e952248241e91416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

MD5 86098be0c0a7a92a5a1205b2b83e4844
SHA1 886c7ae74b333ab8dd9ab713787fde7688891171
SHA256 598e70ae1c4325cb8b116570e456b10945b332998bc20d73adac4917f8978aa8
SHA512 f07d5fa18b23f979fc388ed85a0c6713a85f3876eea532811a4677f706712bf6da9ca276396b773b6cd5aae904c217944a5620f820b0fe320468b1bc18335863

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_unselected_18.svg

MD5 b8bb0bc37b114c6c23ac5469acf90d8d
SHA1 5a6cb5c387ecba0ad035a0c1209672b93f2d2fc1
SHA256 3e1598a94e6a07799d55e51567117b7094effcaf6e974a7f94b26fa0d292707b
SHA512 40cd0bf6e83fb3d7055cbfb15cfd89f8e97bc1f711cb0473e94fc5b24b2fd796cb18ac11e3857d2869c601fb54d363d2bbb0465105212ae628712b658c781d09

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_selected_18.svg

MD5 69febc8998bb889b8d85a72e74f9f9f1
SHA1 605e8e35ddec5e35ab92c6b255f61e621b4199da
SHA256 944b79e0936468fa43bb473a3f506c7ebb7aa199ba2865e1a631a23dee3b7f12
SHA512 cb91cf760f83134521f1ce61a610380ed9f26a582e9762882b15df04331c0e98c8ba922e443cf90b0e1cd0f0f372dd202b4265c50af4791d8f4b7e2764995d3d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

MD5 0f2b15191c3ef953a1163212bef3e18c
SHA1 cd1bc02e8cad36893c3e1595b8acf58f83b7ccd1
SHA256 b857d3cbaad46c6d7162aee0bea63502a6f93f87cfc3ba7e1a3cc0a0de2a09be
SHA512 46e4b0d9b69543696b74d9ff975ac9777a9432c0f232c39c25ae71e856fd0b6597179bfe1d29063dbe5353bde24cc497d30ceef7e65d8ef6d71dbfda80228674

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

MD5 4b11cf5f8bd88c161876158d186be887
SHA1 5bbaad852293ee49770c032640d33ff78b3e0b1d
SHA256 b99d799cfb1e8cfc6f48bb898b8b9db8b0fb5d8e1949e7d3e7ccca6b6d0038b4
SHA512 650aaac6d401837ec308af71f9a007c8882c7a0d98dda401f0d4ea78e8d9285d5ad44b3d6e602179443dd932f25a2c046b432721b8fd26a6b67fefc4a6ea7668

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

MD5 410069b0f0cd3b7926bccf3c1e16a1bf
SHA1 15e79b1d6c7ff043ddad6f5272e03e6f5ae2a19d
SHA256 39c24c666b6797c23689c9f30c698d350a0d3fd5c930d99823657414fe2f55e3
SHA512 bfac61cc72e498ca4b21d33d517c2681de1c581f81974577c98ce8e2487b93da48c1b57b7932aed524652eb0b2189fb1b5a9960cb8b57040ffff14a023f8b497

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png

MD5 3e330f633eff69ea0cc12b6525cfbd96
SHA1 62853a6a67b022ccb31bbcc6a304636764dc71ae
SHA256 582fa31a47171da91563d06169f0369237e94b3d640a48d177bbb997a65eff43
SHA512 0cab99ed14b74fdca9eb4fa385f8a3219b690216232101b09ee213e282848fceb0ce6709b417f0e84e12c76d3be847488d70d03e123081e4e9465dff9fc3ebde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png

MD5 d06578d7a4917b36da9ce7d68bec80b7
SHA1 1c8c423027403015b6a71c6346e1a050968c533d
SHA256 546ba3c0a907009fd49c9c21cbe78cef82ac25795a8dfd860380ca2f11d6604e
SHA512 8c93650dc9d3ae0cb425fa2255ccf201f912c8854d33257017e3517863f4fe2551d450206ebbda8d70e9d095df022822086d05a73d1688c7598077b4959bd4fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_retina.png

MD5 7bad6424f5577af1796c555fc78acbb8
SHA1 743d08182ec7bdbaae3c077779787c6a5bd4aef8
SHA256 0a6fd7b5028332b8376decf91e8d818cf1c0fe2676ebd8bf312edc3b6c5716ed
SHA512 8c1b023e97953b3b94fd200403a63fcb5bef286f357678cbb3c4ed564015dac703409ee728da41f21a1367e6714beb90fc78c4f223a26d3292755a7722f94cec

memory/6688-15358-0x0000000007620000-0x000000000762E000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png

MD5 4a3f209d249d1f35c3b90bccfb015a2e
SHA1 f4db5bc0c1f659b2e9ac8e06885da20fa5fffcd6
SHA256 5fd3270d1701d9e62050e636138d914b52db32d61cf77acba714e468bfe64279
SHA512 542f428b06fa01e4be130a39d480416cc88547a4e48f0505bbf2bb68c8a8a47aa32f81e4598f4fc8e2688e75d141e7089b432331cec684a57954565de9a2fdf4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png

MD5 35d0443231423fd4a32c9d5b8da6295d
SHA1 60a43df93457023684036bff02a61c4f284415d6
SHA256 9d7c14e6bd0ce810a5e85c52e558e169f21005eb613fdfb6be78f47fc09fdf15
SHA512 341d6ad9bb365d1bd4e4e54c8b6fad925b21365058a25f4de15c3abbd13be334876e1344fbbba32b108a8585e4abdc4408b9b8df8d025da706a7d177e65eaa56

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js

MD5 cf0f32fa1847b149181dc2e6376f589f
SHA1 7cbd6406d3abd31c3449306c843fcc4998f366ac
SHA256 97fecd1c01fbe3e44ffb784a0f8afe7a4a80223822117bb8e777f540179f6d1d
SHA512 d50870ab7a6753e6d6ca6cd97db199bd99a1685b8ec617b01b68f3b59ffaa3ef7e00b6d0e6c7e61c0e3ca05dd2ddcd926f0d361d0aad389cf2bf0f0ffb67e9ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

MD5 c02351c12659994f0f048f863841a8df
SHA1 c0fc963b3ad8c9473ba76df2f2eaf40f3accbbda
SHA256 1befdc40d8233aecb118b6b492b9bd7049a97479aa1ae6b44e6b9ec45489b5d3
SHA512 34bd03ed297afdd57e2e1e98beb9cb0164eb105a4dec5f1ecb8d4524919a15a0ffb9c6ea93490e3cacf94c7f21dbea7a2a6a1d02f201cf1d6ac67e0f37b0dd17

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css

MD5 0a27beed8e5faddf3154f4e73513a6e8
SHA1 09b9c4683140eb0df47e3433d6f03c2396925cf4
SHA256 0b4e5f0d90dc8968dfaad28415234add148b13e4d5cb3c6a7612f956af868685
SHA512 208655b9d0e2b0539d9b3d621205bee9e83b0f232174f947c1aef4b32fd2510fe31b403f5128064e0d766b24d47f16d5960172f8ded5d3f185d6997f5727f1b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js

MD5 6ad64783d91b0dc55700b33c29ad3074
SHA1 ae02702154f18da968e0665d6e964418a03ad405
SHA256 4f748fa630b4d1ef4d0038f7ca4726f6e035c8da70583132c6b20ca104ae584d
SHA512 695381ebcbc174b844cb3e27dc90dcb92463f7b32aa268e3cbed22b6d379bebd8218868f28ae2b2c93f4f53d086db1fff0fbdfe1d2124922bb9754c537a1938f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

MD5 1a13844e267003f7c0c79162ce92b3b2
SHA1 9453a2b1766512fed25ac537d7b9d0bde58848b9
SHA256 d92d82cd5faee7b6747d7243821b22d2fcf50343348aae45faf910bf5e5e8f58
SHA512 041b17967721f643fbcc508ce5d72df231fbdb01de12aa9e59efed024236b250dd07c7f2d5aa9ef26dbedc2f3d02a744551dd8aec7da8792a703de74b6212c71

memory/6688-15738-0x0000000007630000-0x0000000007645000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

MD5 a17c1d25c2992fa9303e2a9eef969ce6
SHA1 5c719656ad05ca840aa3806ece5068fd5cea46a5
SHA256 23f3c48cc16c310cdc68ed8e8d826949b8a601744c13466a889c3abac2ea016f
SHA512 94fa74e6b80d561bdad03703d4e15244617c2f071cd1b0e913756d26e31bc04e35d830205abe9b6091ec3327c21ea11849bd5d0f84a62a11d35c07714b0068b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js

MD5 967ef8e9b6d15fbea930a910438183f3
SHA1 feb5236869b621b8cf35d4d481b541c5388e734c
SHA256 985ecb065281bda4d950810605fdb745747b0fcdc38631b3ff874c3a31dd0d1e
SHA512 80024c60eb488f94fb43d063723a7c03e24f519cef21b427231c465a38415531329c84fba12c79fcd4d700a0783a4f42efa014603af82115259268391f50bae7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

MD5 61cb70d239fda079166e0ffc2f97fe5d
SHA1 c7519103c5e862dfbcd4a1813b67a27233524933
SHA256 19832cbd1e7fe04bdd12c6f67e24f5461c8f6c9de5b1c1fbc6d1c87e4d4ebd5f
SHA512 7e11a66774e5ed1d294e4b067eb103d54f355db0d29e9ae3d4a447785c90b8a91d8052616e70656b8ebdfd5e5e8f447769a1ddac181feb4d41ce5192eaadb992

memory/6688-16079-0x0000000007720000-0x000000000773A000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png

MD5 60e68dd0d504e10f1893a761e0a77574
SHA1 ad8b4d60dc281ce9448c2f312af3010a2aab7c28
SHA256 10763c353b379ef6a1271feb753757084ad5d51cc9bb1113075cdd8ed467e670
SHA512 3a1b6dab8b2cec607ed6a53190b34a569f642f2816437f30373f756b6b3b3c4d4e831caca5f7f01b117973c72b1d436a5bf2ad1727ad0a69c78eaecaa20f3b9d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png

MD5 80f8166b95fa1b97f02c237ce9db35bc
SHA1 ae2739b07d2bb8b422f41ac1aeb85bb8b001b782
SHA256 48ae7fe5e0820a83a42bd6f5cbb7e1ba7ce4a1a87d87b880980ab971be8fd6fe
SHA512 df4b9d9ad4f84818329e95e02df666dd462e7ccf76db1c07c8f801506420be08b48580a23d988a3f93497f7be2d16587c5e5e315ccfb514f43ca714f6252866a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons_ie8.gif

MD5 4beb637785ad5399cb0523349b072bbd
SHA1 e8b8955d2e3a623530ec68b4cb40ecab735983cb
SHA256 11a419e081628cbd692393f3894a8f4ad3eb07e9e8ec5521e89db30cd807a3ce
SHA512 1b2bcfc7a61e388e393f1e3c2b6656e78bf5a22b80460f301e11c066dff0e0bffb0a47f6732ab0648bce9aa4d8fd1b710925fd0f37f12d74ad27c69b3dac0a77

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\icons.png

MD5 f37342c1ae53b9716db9f5cb308c9760
SHA1 7630222231f0e896caa57e5e0f954fa35b8b3106
SHA256 f7a892b7329afe7c782308c4e9c02462be1c1cac13f701677f2bc42acc9f5958
SHA512 1f8ca6d8799179269ba28d1208dd53ac8a4c87d11f8fe77c9e917c32b5c40a3cfe308de1efec27cff33479f659e528c9ba90bc81bb2dcc7a1466076ac77a44ad

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

MD5 d294de7b9f07ab49dc591e635b08bb25
SHA1 bcb9a341c8e5d69a3e05f2ac490b9af32f9243a9
SHA256 1102f9fcad04b8f7fadf822778029db730252560120562ed19aa81342ade1008
SHA512 a315ae0cb8c50809d5835ae596085379c170a4792d845a2cfc3df5f49d56d23a85e32a82dadeb6b8828edf27147ece6c1085f271cee02e0856f6abf6b97d7fbb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

MD5 2e9ad3f34dc0b33627052abf1a28ae91
SHA1 6f843717ef7db37485e521647834370a441f2b51
SHA256 080cbbc5e032b294565a9544fb22302235dfb2b7e7b159b9505b3993c443f693
SHA512 8dfd9e6cfcbc382f3e7dd5182619873671d62c70b95b902deab6d637374f9dbd4734cb6af3135c461fbe66e2b34775ad93f7d344007aa50f41452d70e4be02b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\en_get.svg

MD5 c5af50c85050f35bc4144f3b329cc97d
SHA1 53a00f4dd941aabc23ffafdaee86de281e0cd1a6
SHA256 90c90689b6e3bb592248bc159c3ec5da1f4e9bf1221546d4e8a796447f7eb07b
SHA512 bc60b258b7fe8c6347ec40452535a93f868d4c9315b2c10f78fbad32fce188863fceac247c49cfde5f4d7c85eefe2d7df6549290dc47f3aa89e7ed6ece2d98ed

memory/6688-17024-0x0000000007710000-0x0000000007718000-memory.dmp

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

MD5 9263426b1c34f54d216fca8b87159574
SHA1 c70f412a69350a575b1785a94de46be53437fe7b
SHA256 8d93047fa087476b88f4166ad362443978578d5c318c381927de015cc1a1ff75
SHA512 05c317643fe8bbaae725faf39ed881a1192fb6dd0edfbe6106f56987c31e1b4275b461e5f1eed4a4e03167615f6e4b211f023f4ce8d3f7f5ade7858570689601

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

MD5 355bfe2c64a496d5786bf61ba59253cc
SHA1 8a558bd93ee4f4d1865486bb28be34c2ee1db478
SHA256 449874a933d3bc63caddc307f1ef455bf8d4141288add0a1152f58c6abb3a2d3
SHA512 218e097c68a318e630f7f87a60a9f699250f998cd07e825208fb42151934bbb592a42967e6339135f734121b510cf34d322c53dcb9d2b78941bccff80f643eb4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg

MD5 32e8f9d0bac9d3e2be23dfbd3f85a0ac
SHA1 e55b57fa7722523762e528a7f3a2f21a7f512538
SHA256 aeb4579e4a63924cfb7e53b745587735c18c37516ed20e4e00e59661ef864661
SHA512 20f6acf79e6304bcef6a28e02eddf66c300efe136db411451ffa4c2df97d0d9c869e2d3ca63e8cb675755f98d8af9f0172ead0cea76ca7ce14317dfb3a5e01a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg

MD5 9f5167d50abfc29dd6b2e71f9f7df300
SHA1 511d7f0ff773bd9a35e8da13086b24bf78332d2b
SHA256 876dcf2c37f2cf76f07bbf74047559846de592dd72c1b27f64b4309d1d1b4d16
SHA512 e5ccad84123750ee33c261c91954eca045bd132b3232067e547c4ec9e847bb4e508b004fc32b03db645d10a480443896113d6f4505fe8ec11c1b95eead194c91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg

MD5 efe646aeccf4121490906ebf98f1eb47
SHA1 b1008050d73fe519d646ff825aa7a7d37b5e0aae
SHA256 9e8219a9e2fc22d321eedb046dd4c2d56b03fe5ca6b24ee791807a2140a0ce7b
SHA512 014ab36ec7387121d874f363965c856c96e57e807aeebc9d3fd792224df3e4eed6b0ca0079b1ef85dadd1b879cd2081c29bc99471dcafe257a03c14fb9f55492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg

MD5 68eb6b611bc9ee9429bbe6cddf599e76
SHA1 8f1450c9558ceb119cf5797d98297d1a8f83cdee
SHA256 6528ffdf2e1d4140fd8603a095b67d122b0155d0a814914dbf177978c2c6bb27
SHA512 6fca62ee6918a260cdb3a522f95ab6d0541f7b31e018608cf4a92ace175df4d7374b3133b4d4ca8f20df82ac548d09ef75c0f20480e8307842f33cbd682a7897

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg

MD5 23dc98208283d41c9b2daa05cd9a6def
SHA1 aa491ac98d42e7de395a7a122b1b58743507f508
SHA256 e45a47c09a0c91bfb1bdb354429ad3fcb324c676731413f7406b2faec66b02b9
SHA512 9cac848033ee5b835211a5bd2d0afd4f411381860077ef5b7fa8ae07adac80b0e8c48d600caa968974ad8213fbfaf86b50efd9d308db408e13a83e49d8e91fde

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css

MD5 db47b5634e723c3d1ccd1c026d8ccb1e
SHA1 8700be6685ce8f40e7834c95bb6d16ff431fa73b
SHA256 03b589f2cd608cdcb72f82a95e5417386fabb64d70d654f14a80f53fc78b8cc4
SHA512 ad94afa46abd2c8e3f3799c9e8e769e3d1650aa21a7bf69ab4813ca4aaa1168cec963b6cf840ac39b3febc782640288a007a7477dfcb2b065e1674dfd181231d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg

MD5 63e599530759a6960146bfeb99516041
SHA1 a23c5e98d3a858bb93863609342282d0c7fc0e2d
SHA256 870ae1457e21e9b58997a3c96eaf8b1bd34e30eccb3d0a30d84eb8a3d0df0b21
SHA512 54012cd72f347cd0781192e214b784faa5f367b8193faf396de2db5cfe22745dadcb82b8313fadd591893c839a31193bbc9a9a155bb34fa26092784c9ff644a6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg

MD5 516426ffee53d5b6923910cefaa3aa01
SHA1 aa11a0f8cb5be4652f3407394f286043519b831f
SHA256 5f936270d012c6f987a85c3945735d2263b004d852ea51067849f721549c2ad5
SHA512 5e404dbf09bc8d7ff17c49a1319a366a8c76a825a039b990ee81bf804fde7056874dfd2f6170669ab47b8e6c2245618dfcf7f74281a5b67bf9c5e5fba8c0229a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg

MD5 33e46c48e62f45159fd23497315135c3
SHA1 a209f64ac067c07affedcd6bcb63d5861ec0b532
SHA256 274962c760ad9ffcfd9bc5ffdd86f1f09943e0856f41f06b363a968bf45bf13f
SHA512 96159b55de95db9030e2bfa022b024307607a82346684de0a699d3364bf7e77e303e6c63d1d93232f6ceb7ce1a910563914f989a264028c3206fc096de47b620

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg

MD5 15c225939600f452fcdc80d31e3077c8
SHA1 505ee9106492900ddf21edb1e1fec9e892447e88
SHA256 e453fa18485acd26aedd8c79d6f92eb3716d08e02db7a966015d5a54aa17e3cf
SHA512 75b481348b9042ff0ba54d6206b0dec01bd42d87edd0abff182c96628d58964a8c5ba027c31a7db22e77b25ffaa61763bd530cba67b88c841a78a8f2e4e5b88a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg

MD5 e4fa77e4f2c1bfcd2f093334d22cd035
SHA1 d42d1e9be098561239484ca3d2c326e4a0034b01
SHA256 a3b8e17ecbaba4573095ed8aa1a38c59149f046414fe6c2bcd0f2977d392fa95
SHA512 3be16438f879dab3e8c1935c0b3bf420aa8a246bf08139d469fc0b469eb482d6fff16117d846cfbd9272a5014502184104d468a570d13a36ac96681b7a5a5c6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg

MD5 40608fa961718628bbb71931c4f7d6c6
SHA1 cb98cc8809751e36ba5844087ad11c3a4bd98bdb
SHA256 a2f5ce485e42628eaaa60f57d22a82c47b0e4d309637598d0875290becef24bd
SHA512 67fad1edd60c637c90946d3207447fb53f6e5da2826b4ab3eacd7fcb4b7ebe02a4170c70ca191c36bac10140650f39c86451e7e4b39192655530e59d210e9961

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg

MD5 8ec06d62c6f3d5101a9bc849e2b89b59
SHA1 1f7e44ed383939796505406b1d2b3148094a0ca6
SHA256 fb9c0e4c274c4337321b1aaa25a899fddef3663778d8647b29b84ad2e70b3c5d
SHA512 99044f567ed5131a965c3b08661364d50a73f2277346fdcac8b6c9cbc6399b2d101fe309df1b022ff57e312bde288e2699a7e906351f51e1e46b00259f99c826

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg

MD5 e55d1a031f77d4fd4564aa351589b571
SHA1 73e99912192b8578ed7133a1e6095cd9396a786f
SHA256 866cb277c6a5cc33d3fef07d2966c4f98e6d1a51ff8938cd7871ef975c337f66
SHA512 9b3ec504e6a36f3f40c718e516c2f20dd7b4c71e5f92770e253ce2ed3fb347d63c274a30629cebee9ff274ba1311aff5cc5b839208a820a87c54d58a1d978519

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ko_135x40.svg

MD5 cd757b4b80ae1b43df3b5e3957d53f76
SHA1 725f74ed1372ab472c482ec3dd526de2d3b6bc64
SHA256 58bb852f5ca91c16ab94f61565070d075c5238620f68e191a6e4e37a97f923e3
SHA512 33dbd41d4857a6ecf40de39140dcea016f9a39a37085e9ddc4a1ee460c198bc0e9aa4bda4f1f7ac86b3c30dd7c91f33343964a0b45b5c06f676e3f8f2c7e1365

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg

MD5 2a7a4ac3bb51b7d1dc32ba18dabe2842
SHA1 7b31f44adff8f8b849892af92e824e52959b5c90
SHA256 cfa4e354dd67ae7ab5bf81bd7885dd58213230ca8f7ede9dc081e21ed741613c
SHA512 bdfc76355bdc868876713243f9601596d4f6f4dce50d745b74003aa9ac1910f7310d20535b892b7e21992b68c48f828544c035e2dc4b26da5c71e23557a8d687

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg

MD5 aff916adf2f7ed953fea74ed87d495ba
SHA1 d0896007b6f3bb72cbeb88eac758ddaf77bc6f7b
SHA256 09db1489c02762b4729959ceffab137c1fafecf336906f84ed63bb679146d4dc
SHA512 a4f1bf5bfe9858240e05e882d22e0290230500051c77774e065d1006c81c23c27a0c70ff58a01087254c46a7289c4b45d1ba6ce0b21dd10660fe17e1df5d79e4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg

MD5 3c4240dac391d7f769ef38a34977084a
SHA1 2a2848c730bde42fe019f557394945a514b8b4d3
SHA256 710468409976f8a0fc4f662c3283a4b9663d02a2608f959a5614536e17c5523c
SHA512 28c3d2d7d4de619639573568e021c9656e3cac1ea01a30f78d09f1f22c65a6e2aae3130a06dac75510c8cbdc93701bbf2f13442d20c526818e868cd3360793ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css

MD5 ab721ca79c18c6721a6e231e1989b89b
SHA1 7ae19656e41c8e3b139c6f463116c777f378076d
SHA256 a34c8f034e83fd57b4641733e6e830c98e893f8b5d2d4a053879db4fa61ae620
SHA512 b3e4accd7507fcb36d42ee34c0ef98c4e1ad8c42efdb580938592bb207e44148a718a4cba5038736a2502bd9402063775fdc987d4bbc8d381dab87014e1598e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

MD5 2ef2d0b797b3e030afbf152038905fc7
SHA1 a533ac4905512a33c2b9c471de3641d9342d70d8
SHA256 889052d15da5486e45e1a835f90f32817e9d41bde6f3b498e2c0ad5099514f70
SHA512 52277184fd55f466379f42bf2b46c3e71e6001a661f8c2bfc7d19dc378d57b613e9e779f1716f5538367568d87667d1810aa82b1fd8d6ca20762007afb145655

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png

MD5 483bd7a7ea7b58ac9115125c0ff30851
SHA1 573ff259117491373ad5e92d01db0635731e49fc
SHA256 59adab04bdafcc630f519e3c6f65aa60d60824e857af4cce267e2a0011c9abc5
SHA512 004fc706565cface021a2ae261a7a88a4ba1f879e596cfb5ac7663584df9be620719d76484d492dfbb42b8984d695f153f514cc351ba013fcafec5b6c7f4ffcf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\progress.gif

MD5 6257499f2a79b868073f1ddeca89afa6
SHA1 ee6d89164f2a4eeabd38601de846486cf37e7285
SHA256 b855c5e2ef392882b0fa45be5c3341201fe2d6f22f674f7a6fe15508c9f64d5d
SHA512 cf13ec3dc2fd024d962d5d71c20fa464db4eeb64d591ad2b30af13e8243863a28e51d3763bc555854a960dfcd3629dff1985cd81ef70d23a9fcf084ad5d50c01

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css

MD5 31644c9b074acba197ecee130810928d
SHA1 9ab26fbe873778e044a504d2ceb7733f2aeedbb4
SHA256 cdc31ffade5ad93bc2123b3d0afca4622bcdaac96a1d16b877aab804222d9d49
SHA512 fa37fba54ba7d7fba4590e48a1d3ecf9b7c15d5249c18d2fbaf8a3977b46af10bfbd9c70f99753505c90cf12a2a217aba1776540efdcda50b47d561ad3aa0544

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

MD5 2d3c8944cfc0d1578a1600121ccfd95b
SHA1 525afb7ebf1e414854b1b20b5af5c924c422eb59
SHA256 275a3a95112d8063d439e55449d594d2832014bc757ca50be1b7c12303215476
SHA512 bb404f9ee8083b020718447267d3979241b921bfb9800b56de3c774b2cc6b970645dfa57dad18103de2188107349f3a1909ebd34ed486c26572674f13786e244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

MD5 dc2681ae3caf51acf502133a05ea4620
SHA1 3313536aa3f641282e1ceb1aed5271befa078c59
SHA256 b46c44e878015b7bda466d769e64b3a384b9288b86f563d8b24f2fa854dfc4c9
SHA512 9ded34164fea135d60f2e8e65da2d7ccbc12f328b5cb82f49a107b0f456bd42afe69d5b18093d4ca2578a5cea95bb0b262062afb2128a01844f593a0cc1a6180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js

MD5 6718cb9f03bd58ffe02458a6b8aee869
SHA1 1b51a21ea37a7bd9c51cf5bc16789c1bbd51eb21
SHA256 483edeb7735fa6d78b9fef870d2ac46edac3691b146b5a7f4a8a2a89decec116
SHA512 fa752c435a3c001fc1ea6851c298eba47a4c9e1a1e3f0fda1d46f90a9b88d395df4af071d2f343897ecab4f73f0885b6306459535ac1809e2b6237906e1a30ef

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

MD5 2ae581a8cc49feae7dfbe66d1e00b8b8
SHA1 7dda6bc59c335a3a555785177fd313aef8c9cd2a
SHA256 54479fddf9b326be18bac18eeffb12e9180c6364c5aabbacbd3512165caafa56
SHA512 aab2f1a4c199161419e6550ecadc2d7dc1000aa6703b8f0cebb68a4f4e41991d63d9d63166b8f2fd8758da4889b475630bf64978530be8e9cd7d7b7cb53b0b8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

MD5 cade29438f4583a4744c8e755334a7b0
SHA1 c411c4c8d09539d031676b3123a88f3eb8997bac
SHA256 30073a5672220c45831dc1e3aca0857453c3adca1467082a5e139ac6f83d5659
SHA512 f0cdb3ac8afb9e071723c6259450e6d9782bacf673e4dcff21f02b81083a0aebb25552b5343b4d645fccad71de75310e19090695e948a39abf3a7f559d167e7b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

MD5 6a8f4f9fd799b44d07174c266cc3aa7a
SHA1 2b1cef11dd2d78ce18c3411e0e186dab44e2c688
SHA256 08af7b655806b8330ed31bec1b1786d0bdd37bbb68f219b33156808cf53814ad
SHA512 649801b6b1d034b00a47086b83b9c2ac3226a60228e83ff03ea298a42d3ab00ef6c19539d0872ef38738b1e92fd4638e30bcea994433cfa92b048a35063099ee

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_thumbnailview_18.svg

MD5 98c79a041b539d1a5611e2cc9a0b3aa6
SHA1 b85a40290ec159ca153f0b74ade91b8ced9336b7
SHA256 57bb75d3d46c8a2e13da01a075e2063e97a1cb6c243722984a43c518e84c8d5c
SHA512 6785c764e53bb1ecb160ffb3b60055259e27d25d0d3a088b21a0206958a58f02685dc8c9df014ae9022237e22dd13eee5d34f6d12c222d8d1a7d1e74aacfcdbe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_opencarat_18.svg

MD5 498ab5ae49e4ac51ac3fbc899ba60c6c
SHA1 d9e8482e3008f5c38b58245af7b3c765b0aa2112
SHA256 31ee799f2e9f39c22aceda8538768f3b901777a46694db1b014451cfe7908302
SHA512 4d39b2479787a87df3f3e635c0420a5b42c3cb2608c038c15496c17b87aa6b63aefb5490e13dd025c655ec45191d3af600f304178c596cadb0157c5d3139c6fc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_listview_18.svg

MD5 0c822e79504842833f6292ea04440e4b
SHA1 cf1cc8c4b7ba937d5f90eb69d3520f6aed385e32
SHA256 c3753e72df18cdb07f0fa901a43161a2129a4d1084246ed4145017c510f21809
SHA512 b4e593118999285ad587c062279e38e16b1fb0d63cb303f5c96da6e3f4ebef5e84bb24c83ec7669db7fd5e159471774a16d1c80ed24fae31692776da9bed1870

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\s_filter_18.svg

MD5 73ed7bb901aacf7e231f31c5579f0ee9
SHA1 b8ea590f6aa89c9830045beed37f4f227ebe06b9
SHA256 09b8be4df98b37701a8eb705e7e9c12d3324cf73e0a4ea6be29c0589f87d2a51
SHA512 b4e3b5b19104fae6a0f0d1d4e0c77ac7168c1a864c9ca9dd8fad55858cef0af427d6d8dd22c6fefec31a80ed580adc0223b0088ddeb7f8be4080d1bc299f4096

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons2x.png

MD5 ac76da0e8fea6611bec4b7f867f46d55
SHA1 22fb549039e0e19016c3f3a12649bbf9a5d39952
SHA256 44637db6012a8dc6854452a315c3c791e98b9c3648fa27d5fd32579603a17d99
SHA512 52a77080077cb5a34ea01b7129ee4ecd994df3024a674a93fa9cd4aebaf0b0decf715e33bbe599bfb6d6533f240600ebabd16a1c27b8b9958b581c9eab6ace68

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png

MD5 db0b8412b22942ca8d02965efe8fcf16
SHA1 6e7daf8f91766529698db56ce4a3866442c10666
SHA256 4d80dfddca5fa58fdb7bc92adc0f984f78c01a5ddc05e0e21db0b6b58820b071
SHA512 8c65ccb286a463635ad0306240bf1f473b835617878ca70699d2d6a90839b31a3a019d6d11c360947e9553bbd12bee420182f6ba04c5611d5b1ca008bed96f7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\nub.png

MD5 842c2e5c496fe822efc4fc1e30880cf9
SHA1 2cdf7c4035dcb65dd64e896ea385eebe314a0d08
SHA256 fb59e8e2ebae5351552b27eb6df90a5c8cdf8bb970a452bebc60db3709759fdc
SHA512 e2b9dcfb0ed7e4c0ce09d1cb702ac2d3ecc6a5a2d249568cadce4142ffe9a705ad4f47633a6fea74606eebddd45db5999fe4c8ea822bb57f774eb751adb23347

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png

MD5 aaa5fa028c92cf170e6e9f51dfddc2aa
SHA1 8ab89d94beafaaeff20b7cb46358be6cbf0b6e6b
SHA256 5657eca3b61995cb88c0a8283e3d40b6f8e74c11c7eaf289852766ae8da1b9e3
SHA512 3152277507141952f95ceb2cd8ce8e60f5877dc6e968b49bd645f659227e5cc9e29a9704645d16e521b0e57e385922268350668d2ea966598cfb9551f2e99b04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small2x.png

MD5 94dc3d555801225f85df3f9557b8a003
SHA1 cafaeb32c4aefd6ec450e8909eb26bf644140a06
SHA256 83d1479160f5563247e13418ee9f656ebc4b6393f0a920a39f2c21a8ce1750b3
SHA512 07e3373c1b4358a5955703529acc77daac0ef121e8d53bf7eb5ab1f1927b652ab512476961689d0be4de446f3ac678734b823329f61250188fd15e0eae23031e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\dd_arrow_small.png

MD5 dd6bc2d64b33d8f1f77d83a8f462a09a
SHA1 61e0da49ed9d05b9d7c28cf648f4d60dc8565482
SHA256 85dd69005db384ee6a52f4c26cda1882e4f0a54572fd48133054ccb3baaef9c5
SHA512 40daf07893401ad63aa11b747e7ea9432812c1c5215b4cb247bac33076226c2d25fd482e700afb6d5398dc447685fdb3391a942272f649308550662adfbede8f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview2x.png

MD5 e1179281b33d72b5fa87b0c3d1c55cfc
SHA1 8547dc7ed8c41ba4535a43036f3a2d6de1365c76
SHA256 e64859b2f8579680c0f7b38c4988876d3d0f6c2379c06848012ab487a6f7b747
SHA512 f9dbc2cca9020b8f4558be7d61497ffd65469a282d0f0a2522a3fd2f33b18ede86ab64d1e1b48f9aeb4d0337b8dc6fc0c78974d22380ebff11e9aad17e5c89ea

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\cstm_brand_preview.png

MD5 3e0ed4d763de569ea1184f03effed359
SHA1 912b748748a3af32e7caf709d26d04f1331c5e3a
SHA256 1bdd1497bdc6dd24282d5340a824cec12915aa7f673e2abb5476e85f5496aa0a
SHA512 93d732141dc21bb256e4a281d2f6297832393c1de013eb3161b82054ae27bfdafad8aaa9088ecee4c55486d3f7491e461ae9f0ea609e6cd0be0cd88b36286ab5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png

MD5 9589ead23cdda6cc8ab13e1343073745
SHA1 72756dad1760c305cc7ed2b8eaf98fa5f93752b5
SHA256 28473edbf868d1779731ba10fba83c10edbd5e49181354d12c669ad1d7fec257
SHA512 e46f8b8134c57d8761c2c1c8c27269ad4c81258c0a1a745e92c87c855e77c15cd72370b41cf7f7b18cd3fdd05a237104eb52ec20b70a1ead965b0fa1c3b47c6b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

MD5 7cf6c13e41b4f85722f5993d45956dee
SHA1 9987f3e55de5990f5fef90eaca9cf119f503212c
SHA256 f25c2271d3d082ac3fc0ad55b82cb4f26219584b41614a53b7d7356c26e5fd80
SHA512 6e45367cf405f79048049f081a515a913f9ae306073cd42e67225b2f1ac61150fdaa4c2716c84e66fcf9c400c84a33e54acbb54ba7d19e91af4f5b28a8de285a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg

MD5 f3c0593372cab80a9aa730ac39ebff52
SHA1 04253424393501ecf115beab0397bb6e2e48f251
SHA256 77a3bcc3dde73507e808cb7ea30f6dc4f81edc1856a691a40b83d02ffe667369
SHA512 1b80780389adc4af3df65c87509744aa5c52a1ab4ddd167a612b53a0f34477fd2f1cbb49e1cdc02d0038d76885d9685a2e7dc86181da69e0320e5534257cd565

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg

MD5 49bec2866e588ed86b4456ca34271344
SHA1 f0dbf4af3021cf574a1d9ca5862b340675c25241
SHA256 e56b7eeec41266138f3ba5569c9a248145536eea0eeddb89647c44e51e884267
SHA512 f2d7c9412b21cfc860bba991b1fdc1a33043b55c030baa71cd449df57fa6461dd0abb4fee6ff6589a3d07c1c771a6835bea29b264308d7e2db303c3c4dee4560

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg

MD5 6ca0439aa9760e08a13ef43e1634e887
SHA1 a2d48ee04b2200e45949c0ec40f69794a8026e56
SHA256 ee53bde7b512c3b708d97a4bc7c6e68c61e105c3e79b1c287a9756e5e2c9f647
SHA512 72b80110e8970f64b500b962e0c9c1aa630a59cd447779f148c4ee11fd87a511db729ea926431a52697b1a4df277c57084bbf63ff29df2e60f09aa962882500c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg

MD5 1ae0912b589ec140c28d090429449e75
SHA1 6d7718da2fee442e6a73c4b5c5dea5f4fc81bd16
SHA256 0c2e7d740c89980da09c4984fb4b07fa3573b811436ff076de3f5ec8290bd972
SHA512 d4ddb1a1a5cf4cce6cdf9a09e07b29e421f8d35c0ffe6f0d093cdeb1ea914850eaa1975336319ed22c4a84cbce0488d8d81712101c170afa3f8bb9c60bf8ba46

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg

MD5 b0c298c37d4c5b630e1905194dc5b414
SHA1 6ae327fc8977087aa2d2f08b0a75a25f13aaef29
SHA256 aa70c7e81474c6007812f5761b82d6e11fd107efe85e45099e51e24280a0d7b3
SHA512 52fa4e2a5d73933acf264781f523fc1649d21e3549f9f90f9937fb41155b7f023f6a6135009360f4512d738666d132795176a6e7b9a86f0e8ee4d5e79bdf1ecc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\no_get.svg

MD5 1986863098a7563137e9d1dc899e4e74
SHA1 c2e9e8a2900a8ced57a22a8334ee05123a51c25d
SHA256 258e01a184bd66748f03f8bd9c5237a7b0afdc2cb37149a99455b850ca4364c1
SHA512 3cba6e19e9f524cc90830eb2588d7f2f590614e2ed1a961a726bd25f256fb625c815bf1157b648c4152e3568bce02a9a75086d3fdd1663cd3892d5b8963b21fa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg

MD5 ae5aac2bf37a263d4cb874f30b0bcca5
SHA1 db640ba399aed4825108eef35a5a00b638d1bfbc
SHA256 ea7ff95a6b89d46890247e8aed83efbbb28e67c8653fff26169315da7521ecc1
SHA512 5ed2918bfda31648cbdefe7682e3eb4dcd03fd692f1ec1b28e4a35882d9e30e7a08896369566fffec5a53274367adfc267dd8477962f3039a971b1e90c2e8f5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg

MD5 fca9e49b462efedee8cbd8f5c6fc68f3
SHA1 54c70cfb4627f3d53bd54c17300e3a248ea83faf
SHA256 6f26dcb881bf5e81018b89d35067bf7a2f15aa4f0bfe60dde07dce1934e12dd6
SHA512 f86d02f53f8810537c7fbd245ffe46303527d904936b71de664983bb76cc471f3b49b2caf82071996a4de2466b6f4dd1390041078f273da3cf0fc1ddeb7a0793

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg

MD5 d24f54c0ac9f39e38bedaa9565c64c46
SHA1 ab4a8ef5e6650b80a6d078b5acce72291dd68069
SHA256 55f6fb09a0ace7aa262c35ddd0b794e71c410923ee7277c21a52a4628faf2406
SHA512 1e207aaa61ae31bd48a487c6f607ed3c262adf1aff12909a26631bbd44cb1a6d722b8c9710ca178fa07e22c25b723fa02e250fac916a5802980b0f0c9700d91e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg

MD5 43ddc4d2c6c3d93aa0431160e4f215e8
SHA1 51389f13eadd3a40b3e23a006c0df9d1f7b0f4e5
SHA256 2c28fe5338b8655c2695a63c453393e4fa3074ef18f42c24f74a22d54e2b8e60
SHA512 04e8ea4ef0ca889f5318a2575c90029e33a90c8b33085bf76372e5f2b294fb314240ea5c52e5a719c9c8450637370b702eb22aa5dc30c40fb29dfeabae945a5f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg

MD5 5fc11a143776311ab1109ff675caead4
SHA1 5ca76dcf436b4af9aece60307059e928a5cf687e
SHA256 c7bd4ed8a3f67c939571454bc8192929858a59d4b823a2f32c1f074a49acb2dc
SHA512 51dbd258dd13ecb0cd86b3e5d55fa55119b8d433281d41d4c28346f09ff46ba323ef62deb75e88047e9ae1b178ec53935f2ecaeaab572d13c0c924e97fb3b756

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg

MD5 d02decdac28923362e840ac2d1fd4105
SHA1 f52f9ef7d1ab8c4a201e02df0d5117baed5c379e
SHA256 257d3725104e2fe69ce5e3e47483fb151ea0f3b75fe4076e44dfe3a6f0b9f08b
SHA512 194e88817ecc33b59879db1796cabac4624e525aa7e69165dea835ff16896916c2905d0e14c3e93b1933a0d491505932be3f78bdc70fc9d70d4c980d9039b829

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg

MD5 8e9b0972ee1ca8cb1d134bc9cd39a43f
SHA1 fce4428b6cafc21056fe7da4b14013c143deafd3
SHA256 e0bc59fc23e24ad12f934e9f92eed3b9c2fefce2dd999e0effff9add57973c64
SHA512 3a42e1ae2c34cc14d1f8d683a87d4cd6910f0b7b1104897bfa7be152a8a776fc31dcc69c698521352c3d515b32853b8e7efbaac2b0ebf48f34eb1752d4fa8107

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\cs_get.svg

MD5 5ddfdc34555e534d6561c0cbc37a0759
SHA1 3aea114183321c3fa925f6885caf7e9c07bdf3be
SHA256 7887667e7580ed49fb6128d58e2255164ec213786f95ff125b803b45b923bad2
SHA512 4916841eb870c5cbbedde08201670013b118aa2cc5dc127ab87978637412f2afb1a2ac4f276f9c00951d10ad0182a3f78a5beef484ec1d2eb088c3436c6c5801

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg

MD5 e1b7f875e513d52e03d27933da133535
SHA1 ed606a46def0ea9007d8b9e034566bb367ca52c5
SHA256 11d4c212d2d8dc7660f2f86932af1ff23039c00745e768e6ecaf3501d795dd76
SHA512 c77ad1f2c7844551672bd3f6bbc12d6531054035fcd96ceb0a294bd430248bfbbf5cf9b422b89a2379f38ee83e9de3fb6d3710c8c5e99c3b0d80eeab8ba33390

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg.ragnar_B55E7D07

MD5 fba776acd3782db5040f90365be42efa
SHA1 31a47ce067060ced29ca863d74c414ce3318fb1e
SHA256 542022e5558f9a193283a7f5e79cd824628c4fb3f4c06f351ef7397c6e081762
SHA512 3b4c6ecef310a5814c937d2154692876cd7dd82ceb974564e4fe979b21135897323329ec1d0bc1ea90e2836ec0eda467aacc84ac242df7a4dde0a3a03716e722

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

MD5 d84c3673c6be32647ea9793143f25dd1
SHA1 b0190e33fa654840bb92dd4cb3d47976d8d8a338
SHA256 2411757c55b3b9f7015c580033167faecfd633ce66710a453f1bf37cc383e8a5
SHA512 f83b77498a9466e8991607bf4eb9e4faef9b35eca45c0f83877767d2f9706a0a6ce90e7c9425035c689a453c12452564027db56bd9e765ee8663fed58c9a87b7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

MD5 34591c1efa86a5784f2c0e1acfdd9cf5
SHA1 0e6483715b07b2c9b812ce3c8d1c62482f6b5ded
SHA256 2f97b7271f38e8d51cee7bce624808e5da76b57bcc8d6018e565db13f544435e
SHA512 23d7016d79a09a717fcf5b049d390eac0e112e720dba5e0712a5425b718da86eaa229bd914c4f3960e4a010764fc6c59edc538d2ccf7bb59bc92b019ee6e070b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png

MD5 7f66a763c5249de32acff71716b61a33
SHA1 37f12553f89dd48346556e70d5502688ca84904f
SHA256 befb847918768f1e2d88e554e4c03905d50165cbaef54c9869ba830162dad330
SHA512 79a10feea3a054567914131428fd959e1e7e556c012f10dd65df592a05f02687a6c8fb866f5a74e4cfacc377fb6d45a3b1e3d727d7d2d6825460835ca805171c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png

MD5 2896968321fb8b9fffea73bc6ffe932f
SHA1 bad84668e8b7b9edd739c60f419a93fdd533de84
SHA256 79a92827fb3b787a992e264c0b4720e2965d1a3b400e6fec975b953e3c6e1709
SHA512 3b25d62f5c0ec1b4d7d4ffa35e377a26219dfd6b9c15234ce0a4bd56194bcdccdbe906b8f49297bb1a54701bed736ed8f98623ffcc7d43847b659a8a9d459593

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif.ragnar_B55E7D07

MD5 8b27ec916f0c8bcf4c18614f73e48372
SHA1 bdf1b3db4bf8c8637db3a65ad6df8b69b96fd194
SHA256 4d61677b7523a6e6d86423195f68764c5d5efc5487bea2b9cd92e29e86785a04
SHA512 77e05cf3770a6bab8ffa973b7b6e92a30718fdfe40a096fe7443a82a3343aff2c668c5d0956ebc7fc669f603a895502d80faa7191d88549336767a00b20c5e66

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo_2x.png

MD5 28732e1b086c23d90616ce5f193b3edc
SHA1 460c3aee086494c6a2b3b1d5c2c8c4e797269e07
SHA256 20789478893355c5eb9dc40935f8c0c6a0c2c931440461892bfc0f3937b0a601
SHA512 6cfe9d3fe875ef53c456f8a6dd8a2cd60e3b2b1952cf9c8e8f3984d77a3d0609752756fe756d14837ccb5a4ce533a970ea449fa08ee6ca4ee21bd349130dcd23

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\sat_logo.png

MD5 6160c879c55316633a9a2aec9e35a212
SHA1 e4e6e2878abb4d46956891d1e50118f3822258ac
SHA256 76d33967db809941e6bffaa12c0275e31b64ff78a0c6847ac2c09c6163027db6
SHA512 cf09ee8390b722b1d17ef0db118b02d56889312b7541d0a71270bdd1610ece09dd5153f3155353413129f68fe9deb6c2fdaf14f7a7aa1fb1cb565a9a6d8097ac

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js

MD5 0448296724f9a7d53f0e90c424801766
SHA1 9d3af3f22aec7e4abedc80bf47e1e1ed70a18097
SHA256 fef350bd973f8c1fcf600b93e9f0a68289470acabf59b37a6f29afd41857ec5e
SHA512 ce89ae12878891fdd418b014f69001c0a118a6d9f086b2a86c8df3eddc0a1e71d3c45e7cfe6fe403e51fef0804dc066b00ab15ae38e4712b6d24e2708f5a691e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

MD5 d433db3e589664b102dff2ecd8d0d275
SHA1 27fc539582e0a7f0fde3de05ee628bf5993a536c
SHA256 ee23a826044e8a5a2db78dc2194ba9b2afddb835fa00bfd783035dae9bd5b13d
SHA512 502c042fa31a706e50dc3db14da7ec454a18bafa50d724942cf29d08a3258d946502340d3ece93bf58eab057dc388b530d97edbb3795d6c50a06f3ac118e4367

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

MD5 77e4817ad03385a7d51137d110be5620
SHA1 a8fece0c3234f024907f6bc8c800a84f287293eb
SHA256 d775ee1194b6b08931029aa82fac76ca484eb718de36d31f3230b9addda65f04
SHA512 6c63044cb955bb650c40d8ccf5f57829dcb6dc04e5f471946fb1c747313edbff1f5158878e397583e211c44316355c5bf0990668e463b81abe994aba1cd4d5b2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

MD5 22a127d22b55dddf46ba9aeccddb6f56
SHA1 305d79b60bbb1b85f84f54170b31fe8ee4c7b2e3
SHA256 dfef0dcb02d2b7cd4690abb4e1a8c67e7a6b36562adc7bea77a8e649715cf03a
SHA512 3bb3c5edcfa57a2d3530ac44c3c0cb1999218cfba98fda98ac420ffcf9da8c913e3cb8f330116c7e4fdd8bdd4141b5faadee493e657db65aac69855448f66ffb

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

MD5 73de90675597d43125cd49dec69df9b5
SHA1 1e0be9f4bdf88d0a83e7af6a2511aacabfe246f6
SHA256 eb76a85185c758f132b0275e25f73cca92ce1f5a1ffbe57cbb3bf8c152c3adf9
SHA512 bc0a6d14495c8d7d4e4ddb12364776ffc58051db4403663cea07b34c76dc021d119b0c51b30e37d2e33951d53e6d1d9ad3140e3d2a23dfad5a53f95586ff7d6c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js

MD5 ed4cc90a775dd206fc24accb84eaadea
SHA1 2cbb4ea82c9ddc2f08d60d33e7fe75bffc7e110e
SHA256 c4b037329163584530ce25b954f6638c15ea6e2d6670d75ae6e7a7b76930e04d
SHA512 2c0c1f2d00fb978505179e82022d6fa20f9844eba097933cd5a33bdfd12598eb7dbe555d6782c2fb785ac2bb77ec88911f1757bd1fd67ea186ec9001890d03ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

MD5 47b6a8f5d7a1f27e65181b16639ebd46
SHA1 487ec8e60fd707faf63d50aac3f99f954619c29f
SHA256 5df3ae0f6129bda18921ef337e340bdac6bfc79797dd49f95a1e27a8d429fcfa
SHA512 3e11156b291cb72de5a2ddb104d870a4bdf218f7912f29fa3dfeaed54f7c7fa828ec2cf703e4eac32cf4c35e00fae73090a71ca590bb4d2e2e200b11cf30ce4d

C:\Users\Admin\AppData\Local\Temp\2362430819.exe

MD5 1fcb78fb6cf9720e9d9494c42142d885
SHA1 fef9c2e728ab9d56ce9ed28934b3182b6f1d5379
SHA256 84652bb8c63ca4fd7eb7a2d6ef44029801f3057aa2961867245a3a765928dd02
SHA512 cdf58e463af1784aea86995b3e5d6b07701c5c4095e30ec80cc901ffd448c6f4f714c521bf8796ffa8c47538bf8bf5351e157596efaa7ab88155d63dc33f7dc3

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

MD5 969a34230c41321486fe28d58612a7e9
SHA1 19633b4b858743fb8a55cbb478e879069e13d900
SHA256 a650fb27d0cb5265dacc40b1b29d927de193a387001e7e4a1dcc64d14202f5c1
SHA512 c2fe08adc33a80184a5ddd33d536630e3682b05a781c5b9bdacac0d876d3c12c7923b6ac79b21bd5e000a180dec889dcb372ab39742829f8016e66616e2af7a3

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\ResiliencyLinks\identity_proxy\identity_helper.Sparse.Internal.msix.DATA

MD5 a2e7fd6b5a6d5d5079cfc80e3d0e910f
SHA1 71c8a1fcd64a545dc29c1b91347f6829d12b9473
SHA256 c5e47497274289eb2105a2c368555f0ddbf28e82ed4e4de4cb37c4be6df63c27
SHA512 5e14b158de0334a29ca1d44cb9019bb0eb2d987d7d6ad8cdd82f01da60e359ac41b8ec701d34476a6e4845f4592238d7b7b941aa12602e0c68b3e356458a25b2

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Trust Protection Lists\Mu\Other

MD5 2896ebe823acc156e10974fd8b293875
SHA1 3e0a31370fb6bea307679aa810ec3677867385c3
SHA256 bde9a2b75c70238adcaf41f3f6d68854d33df55df6892b9415506e13c87d2c01
SHA512 2c22260c4c354fd11f4d28ca036cdc85e28f74446d23d0f91d1425ab50672cf65ecab6e090819f37ea523e72caf95e26138dd5b19979fa4b174dbd936b94eec2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ca.pak

MD5 435c9e02f759270ac3aa3e989c47a7da
SHA1 5a7cc4b29f9deb7abd9ba73f3486beacca42d23f
SHA256 c26f2f18f01ded0a53adacda21decdad51b4c14c754dad500e0094bf03a3915d
SHA512 3f4be2d98c59cf7aaa984445c1e8d178edaee88fc64ed2135a9289d6dfe5cdcded5d48717ce75c4a0919f34987353614a600f020ab43074319374c1ed154e478

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\bg.pak

MD5 2899ceae040356fdd7e9f6ac51e6e422
SHA1 ef9deac81785a1993dda36338666dc92c254c2ef
SHA256 599735243d20a28173d29e5c58dcd9da1b67565a5f944a9ba5dc27bf400c7b35
SHA512 6c32b38214b1e7d38bf31cfebbde1582552507dd484e322331b37dbab541dffd1b77aaa592c1e08dd8259f4c6e0d95b6d653a1bcbd55ac05990c0f46fd3ce9e4

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\az.pak

MD5 4950803a171b48150539de7e827995d4
SHA1 6eee2457812cbe0c97027442067972e726033703
SHA256 8eef3afda18a2c26c783f37ca3f4d498ba022fe33580dbe9a0f6994debb666af
SHA512 61c1d30c9ab843ad77289202d22193f3b4b761ef308b2ac14b2f21d4e060fd23acbfbe4d90299aee73a444c81644978432d825faffb90544114ad4efd5b28fda

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ar.pak

MD5 fae83f615f9e8cd48a59f226d744304f
SHA1 9616d7ce7e5d3634a83fc90bee8c3fa52abd74eb
SHA256 1360c79007c36ad85038b2bda1d5e08f5e7d1596429d44e9808a87cc6c00e3af
SHA512 3fe4f782e76c22974c193f528961aec11cf9068b3d6b270d709f689527fc94554a3e1917f07f445484f8b133a2207571c89d0d53d4fce2ccbedcd770b79cacc8

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\zh-TW.pak

MD5 c817f84594ac207be4a66347b9d78f01
SHA1 78c1699f3876fb0bcd3ebea8d3a5e0ef863cc1a2
SHA256 9d7f3e41834ead0db840f1728e6241fa69a48ed56000e6dd2a445682ab64357c
SHA512 54c6f721bb58e44c4d5c1ce4b3a21e3193dd8e2e37d4afff1243890432e1c64efc2cad477cf1aebdb48da3b41eb1f680b14033ae6e0683367d1cffb15490cc26

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\ru.pak

MD5 de87cb61c8fcb98d3266bc23a5586a8b
SHA1 0f6783c88e3c2da668159255ce580baae0ac4307
SHA256 fefc3501511898df603908c605ff269f7ac7079774a14967c641026d5e5e05a7
SHA512 d64cf21922ff3969907f61be273ae64d64e24ebb80a317494cb4bf179e77d4272b42ad780074bf5609ed98e9f97f8ded38ecd6955cc29c31b00a7b79ef6beec2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\pt-BR.pak

MD5 0e2cf02b0570a41191df19e6bd836f2c
SHA1 f6c68ef8966542411a55a9e4f1b9e8784e1ab2ad
SHA256 d11baec8684466b3dd2aef7de39a0cbb085c7c47934c48fe6650e3943a043f62
SHA512 9d1cce40507a12bf9606c8f3e499f8bcf163610b21747ae268b846de81da9c8f64841188bd0b78e393eb528691f14f16660e29f4112cdacb83a6e50d916f5590

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\ko.pak

MD5 3d47b96c67dcc68f92317c419f4228e3
SHA1 d434f078500d1371239da58cbde0d46e2d40d3de
SHA256 9802e72f9d5f87d78b1648d1528cc6d2437ebec48501816efd61f6e75a6c4fd6
SHA512 b41052cdad8a56a6a61f4b8d02e9aaa310458b87fceaa05342c7bacd404c33ad79d49296e314a5ea52ee38c0ad518452c1d02f6fe11e15f60035df39ea4e4911

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\ja.pak

MD5 9a6f6d5245d6851cf03f74f3a2eb8f8a
SHA1 88acbcef91007cafe3348732f4f37232cd6bc62f
SHA256 d2a843b89d3f9fa726c38a0fc99af52b2bcf4d14818370e47ad132ed81dd88e6
SHA512 a1a1c33a09e0ce898f6b9ea9ba5c52f1b2e7ec722dc6992710a1b337e728b96f19c78f62eaa2fb353a60db11a2e6226da48cfc406bfc082a9eb0bf01034dcced

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\it.pak

MD5 49e2254b5aaf73a6c99fc1f853bf6d0e
SHA1 f3e6a1c8f47152e6dec993d71241fde3c2682084
SHA256 786fa6c3feade693d4d7308cb47a7a16e1e374517693a7dfba55e50b8ab2f7b0
SHA512 d12f2311b3b8d4cd696add5c1c6fc02c75c35868abe1641a9b8a2ef64e7d5c2987014f94778fc5221b1034124ed82625bddd845f253fed8c84bf31940ad791e1

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\fr.pak

MD5 4d2e004dda7c1f020507032f67acc9ab
SHA1 c22ea9895e3e8116360f428b17824fb66591379f
SHA256 762a33ccb0c22800cb515feae02a15e63192641fb6ca3c6761ac1fb0723d296b
SHA512 6341a070be24b42ece64dc33988639e7a3e61706ad2ae5b19caed22d5ba65a439bf694608a17258d17eb971bf9bf43edad421e06ef44c911db5e39e2d7d5278f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\es.pak

MD5 309456af3f7d5c71adfaf661e535f48d
SHA1 2626ee67e8c01873b464141e4f301235084b8085
SHA256 873c18c55c61547813b14e434be9804d695ca7aed4d4ba2986eb1e53ebabf0f0
SHA512 99900a20678d0a5f695bff0a072ae5d8a217274b1459ebb108c692fc6ae8f94625a863767bcd00be0ef71a2c5e6efd269a2bd342e77ae26ce61022ce1c101ba7

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\de.pak

MD5 10f16987494c34f8cad426d6553f52bd
SHA1 6c64ff4d9ce0b972a15eb6a34c3548621b768224
SHA256 41e4835890e7084e0ac030d39e92b48d25806f9b4c2c9de7098642d94436b520
SHA512 829b73911b1791b5dca55ad48a2699ac0a9369395ada22a8c178d7196bd3d80cf013a1ce8eba8bdb7b2d2f816bbab65d0384a966cd3802ab4a6962e456c6cdeb

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\resources.pri

MD5 e68448e237851b28afc18467aea4e7a3
SHA1 fc9741d0813d4c7282f8c449ffaac6976befb069
SHA256 e82515f8c3975048292ea0dfdbbbf8d554cd05ce8816a7a3479d25d6fe4aac8c
SHA512 971ea9b8270c4a8bba05788ff4bb26f83615fef6b0ffd4aacd39fdea9a5c96c8241454ffac86bee9fb264af1a213d5ef4bd81a74168c3d05429631b38fb21470

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\da.pak

MD5 43b2899a6f0b31009ad87e4a59189644
SHA1 0cbac2a533d8b8c399a7204cc7441512f16f6989
SHA256 9c64ab85f711c3bfe79500dca759f9b4fd5fb0e3c01a472be2d97c6e02d8857f
SHA512 38b95fc99b8567fbde67f62b0ded1db9d9bef6d4e5b72648a34ee93f3cdbb711eaeb16fe3769cd2447685cc7fcbed11f7bb191fbf12ebb21006608a66afff9ae

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\cy.pak

MD5 f837ccae90f7bf952c21eecc74ece886
SHA1 a0d3d687652af939041dc83e875010d9bf77ef7f
SHA256 00d7c6cdca582856214dc1ff6a4d39c3104cd6e4cba1d684d51ef8c2f5c8c10f
SHA512 219fa876080db381380d51adb1efa19f1783d0ec9b05fcec62771f31b971724e1bd7ec8647894bc569f73a5ff11fa23cfed73e2000229c8ced1bec5c0bba8a22

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\cs.pak

MD5 29f2f6914ba70e5697165b57640feb66
SHA1 4437b23b322cce79773860bf9bd602107d0fee7a
SHA256 212a5cbd465448092d2e599611a45810eb6a271cbbf6f31d58c08997b79b7785
SHA512 274b74fef417a865253165caada90369bd1e92820155d41e0c05e3e1c576aec8177ec5770201f46f70f0ca02d197b0a44aa8406376a1393c8794074b7fd9414d

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ca-Es-VALENCIA.pak

MD5 bdc06b68c21e5d70abb74cff781db252
SHA1 ec66b8c5d1a388cd75908d4cc736349b3985a6f4
SHA256 4940994c639118563aaf2eaa0a923206055b679f88c81791bfd6ea66ff27439b
SHA512 1a2fd180ee6fdb4f802137a19a97514f95697b573af6fb50bc323b32dcd14aafaf086f751a7302108711e94fe8f42b05953c8d0943e6300c5e0c3ad317571ae1

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\bs.pak

MD5 9592b62e726c4bec0d0d7b42e36d452a
SHA1 72c37af8766f2c27d153f5f4a9a818e38fb9d01d
SHA256 01ccaa743978d53d2e9eea20e0c67d35e688591be16ff3f6653565e3bfc82d43
SHA512 a70b8a74e5eb45d85480b67d21fd96d014ae06c6bf145d6783382b13dd8c5d33f9553a33891514bebddefdd9b69b84bdf13c4a55794ffba22ce4d1e0f52aefa9

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\bn-IN.pak

MD5 003f253def9289dce248b832e0f45e04
SHA1 f01c813e5d45685f6a5d8a9365f81414ebb3d359
SHA256 6cfe1debd4e15c815adf1fec30dc6c53f967e628b393c6f947af3dc6f18b1ae6
SHA512 5b58ee4290c7176ea3b59a23dd8844afdf448ee4722bb42324b76921f14ab10f74d320762cf3129e86986e16e3e61b1f49a294634f0b7da654adad32bc2962cb

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\as.pak

MD5 517f47b3e5cd2707cd9de371fd08c506
SHA1 ffce4615da109f5dfe8b9a4e0dcc94285c2be5e1
SHA256 2ad677ee81b01762d83dd7a973771afc57d08f09b8625d16ae7f0b6bdc44d436
SHA512 55962f7bd82484e480e4d96bb20b7a556b814a3cad62a531b2b9f149272bd730c4b99b3c238f62e61a70e4a092068a9002d8b1dc4105795564a511f7929a5236

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\am.pak

MD5 d2a58508594e1b1b83acaa57f916843c
SHA1 c23be422b00de73d08ad50fd09e446e0ad1ddb8c
SHA256 545de7e32cca50134553195e1ee7aceb7a5c3897ef420d186446e5c56fd7c94f
SHA512 c8ca3e59d0252661d6bdc08159fd3f755c5c986047c2da96ca3bb57260e06609fcc1cce450e25030d5ccdc0ad9bc7623011f201f61743bc7d4d9c5d68031ae3c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\af.pak

MD5 aacdfe5ae94d8a1f6aa749b866b417b0
SHA1 53a2d616b67243e8d2f3713dcd3a4a168487ecec
SHA256 5f28b1a29981f3f64faa1c26ecc04ef89f69fbccb3aa8eaada9f1138d81e158f
SHA512 af5d437616fcaff70c1674808a18b06a28cc302d1b7e7fd6868fd6ffe18514e547d5f3bc4bf1b2c02f6847cededec75aa3172647cedd6ab78a9da94b80987b1f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\devtools\zh-CN.pak

MD5 0bfbb0c3c95b9a551a7779189fd1dbf9
SHA1 e9ac3ea17192bdd9ac5feacb9da6d3eedf5984b3
SHA256 06488822af5d0e41a2a4db48fe32b2771469305f1b3492a991236e0521077493
SHA512 bc97ea52b1543b4d5c635e57126612ca61ff9b6efb8c47b0891f4beb135d7e1e49054537a6fa47041074ddebcf3cb50af9ef23085e1ac9ee676c336a19aece5d

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Dev.msix

MD5 3172a16c75856d848fcc3476e44e1f92
SHA1 14051fe874bafeda8278cb755a169e0616d1729e
SHA256 fab33b36feee7a6ec8d44e8de7af1f7f58c3bc052459669768a9a25d7ed4a25f
SHA512 464820bcba32e9836bad364b5ead30b31f5980ff219da24d0088bac9f8fdd83394d20d082a8a7d6913bae5d44afe48a6e883c40bee5294854b72f2638f6b1fd2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Canary.msix

MD5 70daf51c68e7d2e82c0bc52734cb2b2d
SHA1 9c490680ffb0736f3679d9c3e8d911a528f10015
SHA256 2ce4098008c23fc32ab58029a28d9327bc2499b767c8ba57448ad55623a257fb
SHA512 65ede9c7ef186d330bf5aeea230e2bb5b2625e4a712ceadb8880154c840476b3b58c76c84134383c088dd6b55fbc90fc5291011cdaae402a19fa0ae0e2c59311

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Beta.msix

MD5 01f294b9ab8acdb9c27ece6e7ae6f8ea
SHA1 b815043f937d0a9a174867a3f074b0bcf7d01504
SHA256 45f9a427f5b6b9957ecf248bee1fd2bfe074d1f1a35aba766a5189676b0ac9cf
SHA512 97c67aaf084f9e293dc44caed7630a4556fc9452a54c2046ba0ddf7dfa1f8ce3765ce9d9bf9a367f3e7f246c6f902099dcce676f57210872bac8cb7509db8c00

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Extensions\external_extensions.json

MD5 5ccd3a9210e1a1a0bcb95efa8ecc49ff
SHA1 c387676cd336d69f32ad338bd559dc4e119df134
SHA256 0cd6656367ea1bcf54d3362c71e3b81cc740b25f9a8e8f71a2cd5fd4ea683466
SHA512 929068bdb86ac64892b023e4675ddf0bf9d71ce587b298b17aacb3cf8d4c6f208e7f2611b6b0377b139aa5c08edea2b44684d31394215e15e604476b3b194e1f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Notifications\SoftLandingAssetLight.gif

MD5 97abd35bb9aec228e583c14ba0543b3d
SHA1 8e974bdc9726b0d900372142a4fdf30023e336cd
SHA256 09e1daaf09ad0a54a6f41ac37ad7f566f14e07aa127a2d7e2abb8aaed4019282
SHA512 4426c29069ddce53497b29b9bb787329e8e933ebb02cc19d93bd0f79d12b1e26e851a0343326118f202a5f84c382412709d72db67e5c73f74efbc673b51f8fbe

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Notifications\SoftLandingAssetDark.gif

MD5 aa8e80a19f39acca0850c0bb651d3540
SHA1 cb0df645777acaeef42b5ec72659f7a8776a53f1
SHA256 1b37688c9c319f13d30239b83dfc0e95dee7689e4b70c10d126926e75acafe0f
SHA512 3d936b8cb00072fb95dc04f98e1bc7879efe17e2e079512595908dc734056229e079eb414919fa45c22acd6bb5c2b44e72480d71f4e669323865c465fe51ecb2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\vi.pak

MD5 2a163f14b93f73f1b4411c7c2f5c5d39
SHA1 070ab8ea793f480c5bba1e4c725ce97ed7f0dd45
SHA256 d4b8559d70e41eb45e825d30fadebd658128c6d62fba05101b9d1167cee6b79b
SHA512 f6f9de707c3c67fcb79db47a55a7ba537e56d53beaab03413aedcc690035a3044834436383c4fccdab3d1a58da37f9eb40957c5c685edf19ea49feb9e04c1b32

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ta.pak

MD5 eddf458808fa3cb961bc005e7e7983a1
SHA1 4756310305d89daed97e284c95e561d548105473
SHA256 8b0f88576dbcac72b8db9ebcd40d9621d655ecbb79bd4095d9efae54c27499e7
SHA512 5e48d98a7ec29357f310a9ce774968f89e1eff71d165712ada0ba787635cb26dc1e5ec316b403f23060765a613e1d76619c5010ce998ff7758f50cac5d0087da

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\es-419.pak

MD5 1d4f5f72adcba04c4401792394ad415d
SHA1 5941392af1676052da051c5b6b240f4a3dde9517
SHA256 baa65dfb5103f8637a345205bc817e80c309ff14d6c49e704da18dd96614949f
SHA512 aedf6dc1ec6119ff130bd2ca18e3de1d0b99c234201bbaa9a182904267a7cf67a42849d95ba839724c2c3beb696f75be315303cfcaa40e2fc84bec906cda416f

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\notification_helper.exe.manifest

MD5 68c6260ecb5ebadec68f430dd98bdc20
SHA1 fe97e0de76377f9003aba872615289d1f44e7f47
SHA256 7fe79070a5a889be7eca0e7f5e48162ed343b8ae8b69b2d1a65c27bd35a6549e
SHA512 01e374e7bf925b13a2f9ad4a3c79b00746ca1f010a871384880a230b036f6365147acfd36e17f7f3317e40309743224f73049e03813c9a6f447fefb3c5f303d0

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\de.pak

MD5 fcaf5673079602c3c16e768a19f4f7b8
SHA1 0a124fc5e3116cd6697ca07ea7f21750a04d9a91
SHA256 95678bc6450a880e232a9ab9d198cf43f11c7ecbcf3704413a20aba1b657ba65
SHA512 cbfae8118cbef8b9c8d2bf5e843ec51021a66ca061d0a8e6faca36644037f5fd3161b444fc621cc6de4dffd7df740bbf4f09fe95c8ac170868cb3aa5ef2f63af

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\hi.pak

MD5 2452efb28b4d5664cfda722d0a1b2295
SHA1 fd38bb3c9c0f94b0614aadff4d143dfe5af0c6b3
SHA256 caae3127e97781ce6bd6b5ddc6f334b53588aa4577e7b4062d199226cd222c24
SHA512 62567bfd2f8de5249cdab652dc078921230b2811755b0fb9fda9795744a94604970c94cc86b1c1c33fb6564da3fd322e7ecd5d5f5b2c09f8de78549432068d30

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\nexturl.ort

MD5 9e8ad4105a8660284d3118f62fec7c03
SHA1 eb9768acdb6fb6e36755c716e93f4e8712a05573
SHA256 1147a84757a61a9a6bd6c4ce85bb534ab5b6d9d852bbd3fe0905f0a4d05bf845
SHA512 3975bbf251956654c574eab007dfb97c113620fdc0d73e0401484e7d3b5887ff222289cd82226a7e7bb3091bf6348cbf440aaa8e5ccc1103f3c79b9701d0adb8

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling_features_email.txt

MD5 85082356c5239ff103e6029012931c70
SHA1 b8bfab4a97bd81c85842422ce9ebd1df99cf80a0
SHA256 ff85779255642cfc248f70cfea8ccdda299899f56712e2e6b412277c27300753
SHA512 68c04861fdcfb61cb320391952ed897a574ccef98a897f6862905c993fd15926dcaa2184060b78737107de987d44eb2d10a10e2e888064163fcac3ef34a5c0ce

memory/7036-21760-0x000000006FD70000-0x000000006FDBC000-memory.dmp

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling_features.txt

MD5 cebdb60dc2e6bf0bf6e949634cd7dc21
SHA1 1d14b11c3a65321bb5a425fde88accee261a07f3
SHA256 ae35e7a531220047d34337b5b744bb2bfa2275adf73a5bfff8f1c36482d14fb6
SHA512 945ac160ab9fbde6a1204ed7e2aa25e33af39a070ac7dfe0c48f66d7a9146931746f2122a0b125e93ed7a647eea61203203c744ddcdb722b0000f791148b664f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling_email.ort

MD5 4ea63c00c800f648354b0046f21e1b13
SHA1 062a46de7cf377bd2851bafb8683f9c47c0c050a
SHA256 d38ab82c6b747afb2e19bc18ee9c9c2995fe5336d7108e9da91dc9d83115a632
SHA512 f51ff39cb8412b9b40b7e12726c18b1608e4eec799fb37dca90941692bcbd6379a4a849e4c32071b04fb9c16ec49100a362e9f9b41747941aa2472f601387939

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling.ort

MD5 4122898b9fa64e037569ec1367581965
SHA1 bb4f0a02ab12346d65a5cd31d972fbe938b35ecc
SHA256 9e2c05c5cfab81e018ec9994b3cf5a2c37bc1f0290fcdc3a6b81960f590f08ae
SHA512 9c4773a66ed5569a4934797e54bd288b23ca51d6bcd0fe8d9893e12b673c4f5567065396fc2a9729e9ef0bddab86010dd836b43e180c8f0809431b355abd07cd

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MEIPreload\preloaded_data.pb

MD5 508d0dca227862b399ff59e349c86966
SHA1 e58e98c9307868e251ba56be53902e60f3735f1d
SHA256 d19597c46b500d00cdb34cf5ff943f3e048d966c19944e0d1ea1919ed2984900
SHA512 b6822501426cfc4429df0013a842cafb9a9bb91592032bd48f51ef01f00f303faf165dba3a62b6e56a7e623016196c22ee1a64159a188064f2a6eccb8b71f74b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MEIPreload\manifest.json

MD5 106124780d305ee116a7f0627bb81787
SHA1 99c7ec660c8b62fb014daf5fd8d8756b0786cd8b
SHA256 3f299420980e2123dcd77dace7cc71c3e80fb4793995d2f0f5cf6590e11b9530
SHA512 37f98eda00561ccc0859697bac2ffda28d62badcc2c930e566badc0f58ec9367c131ce6e539da5c5564840888f31b905c1cec4312e7906922a572437d292dd56

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\zh-TW.pak

MD5 af88b6c1648e3e056db35bcee8f7d38f
SHA1 7fa8f861fba68884126267ed45d914ca77b64a70
SHA256 a041c3f26869d05671e38b48824fd56992c54b56b3a5cc27c02dbf7651783e32
SHA512 805c1c221678ec4d1b31c0008e99a3c75127313776f3eff1ed3e1a9ffa46c7c01f9c7b1473c882b86af40e3516137907e637a98caffacb7ae355cddb4a5c7200

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\zh-CN.pak

MD5 72269def602696f1ab58a7da45b455fa
SHA1 fb27c8b4cc9d38878d9d2f41cc23bb00be5fa57a
SHA256 2af33baabb5b122e403f3a0a83bf11454ebf0dd89df4664973baffba16c2f854
SHA512 6772dee750b37ddf1484540cea7c9f6ada1929e5cd66458e1950230ce099d9878128665e1271e2ebb977c0af42cb4192d51dc880013ba7f643e18bebc48cb6cc

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ur.pak

MD5 83fb75c818c9fdc6a60ae70810f726c8
SHA1 b5e73bc03f143a063eef028c871e9312da50507d
SHA256 6f3f5e6bc0fb644b824e1be1af46e6ba70318f00da1986c76be214efd9f4728e
SHA512 6cf706c6cdc9ff2b85993fa60b48a5df1427ebe390580a245a03f11bc94796c0ff64d822a840d350f1d118e6976823eb2b0af203ad5a2e087a70d2fcb93b2959

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\uk.pak

MD5 a37f93873bdee1a43be0c56560d9595b
SHA1 b76c531ed03935b9b0c127e92f86630d26b21edf
SHA256 fcc57957887830eb6b3ee89af3ab2732b9c32ee91ab243d6fa46447afd73dfc0
SHA512 606143666730c7f841df155890c27903b086059a317f3d5d5d1aa5c34479699835085fb19d075df976c1ede0e4b94ed4d0427cb16a1d21f4fcde0357c54ab8e4

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ug.pak

MD5 c29a6e23760dc69f3965d4be52922fba
SHA1 c43c1ce19a8b0bc0b7840cd6a8e52f0c97b418f9
SHA256 fe8db7febd288196d3e9b40e2f473ca0d0de6d12eb8203d825a7df5f810f4bc0
SHA512 8550937ebfe9b2bd77908218e0fa3dd5f055aa48165c52083d94dd7746fa1ee9f49e8730d368538b5cf713d24c8a0cb442392bb2410d357e9522499896559195

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\tt.pak

MD5 195762d757468c19eba124d85b139d93
SHA1 fbf553382f45de7095cc545cbfc5ea460686dfaf
SHA256 dfd033ffcb255391f200c2e9219ccba601a1b600652ed95c5b1c4822d83b20d1
SHA512 052daa8fac47e1fb4ea19ec91619ab26d260a849ffd2efe163a42c718d80cff612f94fdc67312aaf0506ed011e794bef9a342d3539038b1a5326480e203c3dea

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\tr.pak

MD5 f9ad19e0f569f6c31377cb296d686ac1
SHA1 ccb82585bee9b2f245136ba3778e7fe572dd74d9
SHA256 4cf958e6997d54abc8da13fa2f86a337ec0a3fd8e14052f0f2abf2aaf358fd1e
SHA512 7953635790a6ac081586e6ae2809e837b84d22dfb62619c26929fe2bec424f16d252d6b674797d4563089be13b7d2989734263ae1efd3d0b22c80e4f2c81ed19

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\th.pak

MD5 767864751318d0cb8c79eabde83236f9
SHA1 0680c63789eafcd81ddf06e2574f6bf3513774f4
SHA256 bebe74299c5143f50b1ffeca025bf10796816bd7505962910aeb8c25ab25f0eb
SHA512 232b1ee521bd9a688dab2e1a81363e77167575f79a08d26d58ab3e6d341f00af424498bc4a0a60ebe2baaf89b5dbee3d23c97451d5e5e82e5f8e0236749d01f2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\te.pak

MD5 3bf169e32ed96998061718732e35392e
SHA1 c4d4a0373430e2902e17e35d0572d9402755209f
SHA256 7e608951c5647f60938fe0f0f59d0526fe1a67def1effc73f0281fd57ed42f4a
SHA512 65b02d1fc1a20bb79e17a02f87c7b6acb5e244e86582106df47bafcbab56411d3b2d7c092dfad56d7da4d303449b034e431b21199cd57abb2e3eec774a807927

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sv.pak

MD5 ec28433ce539412540eebe4cd6674e94
SHA1 179e74686c707743b024f13e1d8a31bbcc9f2389
SHA256 ed90c5a3bcba1f301849314e8a8eb94d0a5b81279babb38625bcf25cc0bab169
SHA512 160f16238b3a213702029334aebf836c77134bc305dc08f17aa54d88a174de9ca8152c5d07f6ca1e7173a5a129aa083e4d7120746f72d81d79a84598241f4976

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sr.pak

MD5 9c2f029dc03ca02b109513aa10d81f87
SHA1 3fc2030848cf490653f18a5a00e84c6aa3c93777
SHA256 8a9eb0bc08afd22c5f53d68f5520a119b88559d77b86a1f00310273ce7fb39bb
SHA512 26fd12fc961cb1da294dc4af5892d9124b35765eb67547b5e7943d6f8c05a6ff6a55df31dc5f45f520444aecf0d239dc9f46e7208086ebc29c02cbc1ba220e35

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\v8_context_snapshot.bin.DATA.ragnar_B55E7D07

MD5 2afe7c15fb1040f5d13420595bb2aee0
SHA1 ed24d46cf31af40e20923b47028355122e57934f
SHA256 9b82e13896f15500c465856c2178780593a1a59832c8acd7a4928b387a1d2368
SHA512 d7781ae6e79edfb134392522a1f94857e147914840d432b7d3f6d366084801eb592274ec33df06ec6f5c8014b69c051ba530daacc8188568b7f8b17408785783

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\resources.pak.DATA

MD5 b10502283167e9ff61d2d23fb8ea2ad1
SHA1 7de735b14be896c211f548a34f44515364e5a958
SHA256 edf8de8c2e76103906de17231da65d578bd4307efb300fa8ac69f160fa136551
SHA512 e7ec8f7418aefafd1acf979894835f69d12241c5cbbe10fa5034f4a8b9e72d41ee5a15551c4b1bc070d69e617fe350289727dc2273d48b81706c56ad30f4d5f0

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Installer\msedge_7z.data

MD5 1c7102194dc426cf05ce1e4f0978c582
SHA1 cb6e0872b7be924751d4a14bc2683dd4083ac6ce
SHA256 c3c193b2484169a020bafe1c430c73869a34ad374f55ce48020d3119b53843b4
SHA512 ef1faceb898918bfac2bb1faea8c0b84815993825c1fc366f6b995f8951049a84e223ede522bae0eb657f57c617164d1e6cf4732544e917da8e7789d95785752

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\internal.identity_helper.exe.manifest

MD5 2aff8bbf75640c9b22837b6c21550d2d
SHA1 b4b7eaf7f8fab94915d9d7cc3d347268bf431282
SHA256 d3aa25ece602a356592afe2ac862f80548983e6e09b6c809eece515c310a1316
SHA512 a90791ad66d4224f7e1f5e94c32be12cdd71d02423eb5b2a08610bb7b0b2a9979265590610a3ff74d55ec4740a0442e30cabd2e3befa550cea3159ecb5d8a6a2

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\dev.identity_helper.exe.manifest

MD5 ef5d6eb4f9749898609bbf3d4b269da6
SHA1 c1c2a41b6bed10043ea94efcf995090453c83f87
SHA256 f9e4478d2b79d2087370e4c088043374f90e63945850d0ac401f1b3bc333d975
SHA512 4b7ee42344527a11b3f4340c03d57bbd25808dbbc56a2f0cf9965cb58be82a7fe768c34e6c3dd210bfb19505c0b2513edd290021cb5be0f1aae6e4cee9b98683

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\canary.identity_helper.exe.manifest

MD5 f94989fe98cc7dbf4153c4fcdcd034d6
SHA1 26ad0a036e9f30c6231f412af662e578f1dc8854
SHA256 9b2073fc012bc71160f82a21529c6686e1bc82253d7c97a1593e8db7d3af0e4c
SHA512 b2b54101625f567f0333f786d2e5690305ebd8552deda1846e6813b8438e59b85da79c47081c637bad7255389b734c22ff1fe05fdf3d408a5bd35662c45c8de1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\beta.identity_helper.exe.manifest

MD5 049ac46015b40acc50bd98ee4e625b19
SHA1 cd4ef37178aee8b6186b4bf0bd8a5997d1da1b1e
SHA256 efafa325204c42f6ef8a2690c73409346d04625d9aae35497b0620e71ed91eb0
SHA512 b0af791f869d5c0c4374b7498f146ac0002b512538a2d7d176c35f67d3db23e231d89092a49299aa7a0d9b8f4aabb1c74224a90859854b7a914622d76fe1d416

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\msedge_100_percent.pak.DATA

MD5 2204b88fbb1849a285acc4175e7d942f
SHA1 72bbd5373ea7d108af087c6b6935791daa43b030
SHA256 d2b139b18af7e94ca9e9c49045697a79bd99b7a0851e1ee9bbd1b83ca1ca15b3
SHA512 d81fafa40311589f850f20d7a9b716e252e11037a6e6cfe99ca7fb97488ac41f38750b2a64d452dac11ab58fe3b8f2ea273a36b0e45335427b68e42d1c491d97

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\msedgewebview2.exe.sig.DATA

MD5 1a2a375be74164622a3f7a2dcfa1f3ce
SHA1 a01855095f8b78ce5f02aab5d0bdb08497071b95
SHA256 02bffe6af19cd327bb21c153bcb3c7142be5481aeab59b29c4733c9a487b669b
SHA512 23bd7804beb156cfaa8d1162527c9f9b127198f7f25195c13baac594dde62574986b693bd9a18d329ce0d2896635aae4471ec107e427e03699aede0125139f96

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\icudtl.dat.DATA

MD5 ddbc3e2c2d0914843b78c63f5c671d47
SHA1 1bf63a513e870437a5b98ead7b1b2f762592ad9b
SHA256 ec73c4afde75d5b5428009acbda4fc53979492158ceb35f4e50643f14283807b
SHA512 f59a0bae7bb2745ad6404ccd459809cb0562d07a0efba9a68528eaff7b3b6a7a25e4738a985a4d942d8bde5d76e65ef9e14c10cbc6b4a943c2265b43d5fdb3a7

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\EdgeWebView.dat.DATA

MD5 d2789918f54b441e104442529604e9a8
SHA1 0987a1704d609ccb688c9006430efe8bd2abbd22
SHA256 32eee7aeef22231eafa7c8741163e0253367761ce555919921adcab08b349f7d
SHA512 3998a0b898881e1f02484068dc178a541d9b121e04960f61c060f6ad6eed823f4fe0d8864fce27455292ea9484b4866b3c8edc252fdbeb033480cee2b36cde1a

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\WidevineCdm\manifest.json.DATA

MD5 d9ec7979c49b1ddc1baa18b8add4af37
SHA1 086e9aefe35e6d85b0780aca729df65a7b08cb09
SHA256 95752c3f453f40f338b5e270df15bca9a3c7a1a61f54eb8acd60c452c6d672d7
SHA512 596ecb8dc5259d04a709cece6cc958a4774001ec195c0b106cbe934e88cfc0944fe17bdab2a2b517f4e94030acea6ff76866352664b29d1b7eb0386e4657575d

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.DATA

MD5 da44aa998e1de2217a65cd7b03e0a0b5
SHA1 dba20713db25999d7235c05aa106db291a26f877
SHA256 0fa2c4add1a19dd4493517c09af8f281f433b998bf355ba8ac04a13b00f8489d
SHA512 dced8f01913776d4408bd8de20b88125dd69a31ecac70fd2dcd002859f55becc923441c48676be1c0a8072b89cb6cf3034ed39dda07b11073f8d295667cade32

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\SmallLogoDev.png.DATA

MD5 60a11442cf8ccbc53a4ead969fe4a3ec
SHA1 f0b19f2cf19cf672dc17e937ad3f11da90db3901
SHA256 5cb15497556f49f43b6f7a3231cd0658d2bc12d81f5cdafa0590c4a4f7e93496
SHA512 99378b4c3106c661e91cfcb3142201c4aee83b97dbeee18259d875a9240eee3b288bb10f602cad2f0f262dd292f08d4c8dcf97f97d01657ec156c850357e835f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\SmallLogoCanary.png.DATA

MD5 d3128d5f5be3bfeb7ff0b8c44f512125
SHA1 5225fb29dd76f0b95da346a5d3b0e5d145ac7061
SHA256 f5e6645b713ce74ba50c7f08748f781846e80bce45bb1fe930a5ecadc2389ab5
SHA512 e9d23f87ee240a42f2843d6ec4a293365783eb0a8dd1bc2a03197262ae82df4d31b370f4098aa584052a3db9ab82ab3e79c9799486a63bd55c93f2f3610dac45

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\SmallLogoBeta.png.DATA

MD5 29f2255afb4e05030f544a4fb5a7fd23
SHA1 c50ae46110cdd7f2c15450197de5c0f72ace5d06
SHA256 b2761284cf81acbe71f29997607255c1ff18b1796c0611770a97ea23c7316774
SHA512 14aea5491ffab90c3482929e028e72de5efee4029d8f9ee949f7c68dae9cadbfc9ac34b8d1cc3add7218ddc60d00d94596c1604731c20992f419bc6e622c63ae

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\SmallLogo.png.DATA

MD5 2c4357c590b159c0434bf6bbc5271101
SHA1 e36ec78f98de1856de47a0a772a321e0e286353c
SHA256 9bf83375ffb7542266baf6a90e64a3b41422242c71854eac9256ae384c47e380
SHA512 f51cea88b1a197ef642627727313937dea8bda10f840e246ca17d08c5d5647a52e826c8e2fed12822570148db8dd579e12ee75370b4ba15eb27d6347cd8799b3

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\LogoDev.png.DATA

MD5 ad9b1c59f7ac23eba78d0119b360be99
SHA1 1c84aa00c13afdd92709f91561cbd91739dce01c
SHA256 eac8bbab6010ee201f17d4d165265ddd931d43062ea1c2c2292e6c82bd9134ce
SHA512 12aabf53adf8b8951e1f3fbcdaaf5919221cdb6b5d44416de0d266642dd02fd2b40c0e6e56daeaa0775bd977164d8d1abe47d64ba9617efff6b313489455613a

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\LogoBeta.png.DATA

MD5 d052c7204cc7fd9208ec1efa35961a75
SHA1 793abe6738bbe9a5bff89b85981a5a4b54bd9dda
SHA256 e1008048f732bace55013f3f2507e0e0789c265a586724977929cd054a169011
SHA512 bd1f57391f10a20390763d58afd27541ad9617ac885c47c83a9cafbd9df243315d7acd62b118653d9851c8fbd2ef780e09392311eab129648c1743c962ea58e4

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\manifest.json.DATA

MD5 0833ab9a616ce5faa345ba3688e726bb
SHA1 d0121e0773e918e4978f32ec21e4dce5ac0c4777
SHA256 5ed2eb3615255abdf190ea1cdf56d6cf9f39211072db8fd3bb2b5e55e324685d
SHA512 6bb13db69e40b47e17eda0a59fde7453ea89f69fffa7212c0b21526e68252e5448ffec5b391c624bbb65debc0800cbe2378a61358f008bc0c1fa08217879164b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Staging.DATA

MD5 545f500ec348f4ba99617d2c00e74b03
SHA1 588783b8017b094557167884c7600eaf107df4e2
SHA256 39e44ced632093b79f8c0f69959c80813a9c44fd9f24aa39264c545ff334060b
SHA512 7ba23e54c85bc78135697b1889d17f90c52401e5ddda5b5f2575a74d93649bfb7a094040506e71cb15ce3b17fbfab131c10fd5e5308db049d18977e7ef8fdb36

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Social.DATA

MD5 2913e0d93d1d0b46e2e5f61edf562d5f
SHA1 45933cf8668d919d5eb62e3f74262d97e245b55f
SHA256 1bf88a6a3fa5b0056003467a343fd4549150a0cfa00d583badb5634d45394fc2
SHA512 d0d583e925cecd6e8f81efc1d7354f9ce1f08c7bff9e94340b675e5d6e0175c133964375860040ee79edd23ce0eaf1133b7cb31d3a22fb5b1cec94cb8a7e175e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\LICENSE.DATA

MD5 59e29ac7551d40df91246d0fc898d5ad
SHA1 5724a9ad4a47b5ee8c5ddeb1bc6bd3718031c38e
SHA256 3b4e687d0e1830522487fcd2b36b3f00943a19b751e1be31bdb5902141b817b6
SHA512 fdbe6619b89d18fc63eb93621f29f17e06030777e095bf43e547834aadd4fe9e71a7869dc0cc31e1f68d37c00e0028331d31e91532e4e96b3970a151ab564b4e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Fingerprinting.DATA

MD5 cdb26a7d0ae09ca6705e72d3b123060f
SHA1 83c967dc11b2d84f363030554f2c8ba29cf16bda
SHA256 e53bc99f5b7211becf0a34ca19e117fa68c498e9d97adfbb5ed1d41beab5ac9e
SHA512 1b37a24e88845e22051f8470e341c5461d85cd93ef9118aa9e22c23310bf2d428209d25b1badfd896339e7ceb2d68816b9c84575d45d140ab53b00453da4178d

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Cryptomining.DATA

MD5 22147587c35a417bb7591ef9e37a8a96
SHA1 9f2c0313fb326f3027889450397dcfdbed3c9f97
SHA256 d007af0bf4cba18b80703224c5d9db2ba4286bff937d1f464f7a10bb24c367bb
SHA512 c095f548ad37c025cbac619dfe9a9d23ed9c348c88682d856dacbd4d98f11ac3b215d6ebd85a110d73426393748f5e506815c002136abb678ddf0e3187cf36f2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Content.DATA

MD5 fdb002c5177148047eab5c518d2f2f4e
SHA1 a0c1841d52682d080063d2ab3f01e118dd38e902
SHA256 e8f04b8b18bef09f4ed3abc06e53a52aa188e87c9b11038d1e4417fa7e8ee3b7
SHA512 c5eb7fbc06f83d7dc3f25d7e9b1027e6ecc68a9478b92ce1346e1e4945e09ec72747f8939ff1843ab32afc76cf3dfa7f86d37bcd04d5796da0060d845832bf5a

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Analytics.DATA

MD5 6db45626faa7b8be5ecac041175d8dce
SHA1 17c25c83b0acd0df290340038cfcfe1b7342a956
SHA256 de6e6e47614f201393a989cb12788e4bee46ab88280c652429ef44f4a34be329
SHA512 d91d8fd06d79dadc3a06e030c738d3d05f4aa26eacbb7eff14fa08831c20d95bccd52f4dac9222fc176e09b3a66718a3e424fe6951bcf5031f242db37552cf12

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Advertising.DATA

MD5 18e361f8dca9273f7c3ecb9cafa21682
SHA1 05f874b937a14c836fa6ba6ba1b77737501cf1cb
SHA256 facbf9f5be99410e31243f1dd80f3b8e8d876201d1c1ef8bd6e7d9b8c90fee63
SHA512 0308a036ae7937ad2b25d17a68174ccfd3d7086db502b27fd5c633dd137acf1101a68132df216944bd0c814c2e767a5f9cf92a3eefa93ef3d44d8e1ee1a2eb75

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\TransparentAdvertisers.DATA

MD5 5458c1968cd5eab121b704908bfce599
SHA1 ff9937c38902dd1b2267e26a2509863db02a6ba3
SHA256 245e3e1d3e8485480490a66025a742a150663beeeb703b807cb2a4a03a43140d
SHA512 c5df8fb459b386e59e2c74b16c52be1c2466dc4ff78fa0f509ae44755042abce9ac986544d7a1a50babb6c4b10559ddf62023cc3cba9db070b1c72d3d2fade38

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Social.DATA

MD5 d6d2f002dbae63d63148f8e6e39632b9
SHA1 399034e6cb58c342e65f196fbf686c2cbf14257b
SHA256 56eb9f4004cb0c5e4fbb7f974ce7828fa789182832a1edfdb8058028301cb3ef
SHA512 7e10c113b63a890caf8d42759b75f75899f636607d078ef3debed6fe964ef1bcfb85954a95e59ff0fae92cbe040c52f97d06f9c8cde9b94ab0e7926cff17163c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\LICENSE.DATA

MD5 927b349b21ee64c5298896aeeb388426
SHA1 10bb5b007bf81dbf012eaab1cd4e1ab678c665f0
SHA256 7774513d83c5c9f0c4d2e3f9bd8735561288e173877460971e4354bde5d15a61
SHA512 535fe2a523ca51d8852736950ce0bf6d642eb08f59c5528b22c5e882ceff44c06871abfe51d67c21406c9365f646fa364e20fd8b5029d7ef558df698d10efe79

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Fingerprinting.DATA

MD5 184b25e906c7806c4daf087d06a3d53d
SHA1 79a231e49904338b167f7092295e3c1e894af77f
SHA256 9ec61fd369b970d68c3be46b50ebd5e7def2145a0e602767fee5652c113af010
SHA512 7c6b78042f12f494e2c26a150476f10663cc9aa6bf49e8b7b5a822f45f9ea9dc16cfd96c7fe7b7918d4f69c0c2d25c284da06f71cbd52dee5967556851e89468

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Content.DATA

MD5 69bee1c0977b46eb43db050b85f72a34
SHA1 348363765ae996c28afe9180bebda78f09607efa
SHA256 b1c74a362afdefae929f43c19c6e3cbc0a41037dd7970f56483957e9e3f2620e
SHA512 74a7aee4b542a159280d96ed7db09810cf9d1e23cca2d126c538b3212839f6a6758364eaf67a9522ac0847590f8b52489bb0d83ee02052976caa9269a305d62d

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\CompatExceptions.DATA

MD5 0058b35f77d5de6e8941cb1eec45fec0
SHA1 53dae464327e56126d94cb1ab70d1433d4d0f266
SHA256 01c8968ba04c0bba9699ec29e9134b9ce2650ba9788420a6dfc74225fe157813
SHA512 f0b2d7badb5b1524d10fe04030f3d0dd4c4a754b16bdf8d664f8c3b95a3f1b07d01abe2595380ad9e3105076c4cee16d65bc47a6b6ab28ed42bcc166843f89d0

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Analytics.DATA

MD5 c3e6bccdaec9472da2d3f53afaa4a3b8
SHA1 ad0bbdb85b66171aea59e39a4c1907eb6f8e58ee
SHA256 87c0403bab75f2dacfab576f8e8a2a0b9a4f1201459c25a1f6f10af408c82fdc
SHA512 2bdcb7a204fb6de0c0dfba75ac57ff46e7ccc94a489ae7d89d1619d1bd4de31e244a823c3e1f8baa2529982bdddc3b803e490927feb2a79b0e92f925b2d02322

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Advertising.DATA

MD5 691db07ddfc0923d62d775ce98e2a711
SHA1 16ceacc2cec048070b63560ae3f67bc1015b7bb2
SHA256 8fae800abbcfad7780739248e5a4a038aa21ab11ed98e1d45907d1ad9537750c
SHA512 0a98d67467b813c6e6c47c9fefc79858ec78bdf31353138f26b6854baa35495a02633e5a370687b16d07986281020ddb90213be42c29b66e12bdfce2fd1e346e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\nacl_irt_x86_64.nexe.DATA

MD5 7ca24a52c0f93ec612e4ce7d8244d920
SHA1 b8f1c6b260243b9f1f944f5265178b104e01ebe5
SHA256 de34cba7c17354613bf73a8e93110587a255fe464f6baebd7819f323e29dfd29
SHA512 78f0c9fcd53643a6d1406c36c398ce7b268d89a441ca2d6080325d4229a6cebb9e646694353e4c856430dcfc9b7485c1162aeda65c59ad2ca29d7bc64d17ee1b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\msedge_200_percent.pak.DATA

MD5 5d7dc8ffa7e95c846633031bc07b5c8d
SHA1 cf3b7301bba61b0ed8177f61b225ac89d610886c
SHA256 82efa55ba6dc098d6b405cd7a4a479b9b4d41c2a34e8ce54f10d89dcdad6dcf0
SHA512 a3fa7102193a354de212398f754ff693cd9f7b28a0389b54e89dd4e41dc3c4d0427eb74928dc5cd4e92a53a4787263dc6d8afa7d3f010df0c19133b6947b7757

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\msedge.exe.sig.DATA

MD5 70b49454249390c08d06e8a9b6a72260
SHA1 708818be91fbb5d998637e34d96600ed1c11bed4
SHA256 5e369de02ccadb4f6777af5a5bbc283976f3f10cb6935bb9a785f346afb12b9b
SHA512 da2c981641284033d979cc0b39fcb41ec5d084a5c85326b3e92b6a9c6c7551d7d83ff3f020d7db4d751750128ba007a295e7d35a4a4a762330c3f32df7f338dd

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\msedge.dll.sig.DATA

MD5 07bce910663d8a1118ab80de980a5d5f
SHA1 c1fe525a1e1ffe8d865c4c411be7831f2c8051fa
SHA256 0303301fa8dfb60f4007a15b0a199148b91b39b96e37183d84447ea4de303b9a
SHA512 5cd61a61b897fa35ab51a3cfee5288ac7a34f2791a8ab4f44b6ac2236e9730243ae493349c1095c1e69c866669fe0aeb12eb06e79dd8a99e87e26ba949312476

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Edge.dat.DATA

MD5 c4ca453e0d61c12a3fe40cf7933876fe
SHA1 2a26f5cc4fa9890ce449e1298eaccc7dd4de2423
SHA256 1bad3ec367bd26bc3b719f99086695cb8196c1e59155973c99afa772345add8c
SHA512 4d18b967fe3f37ee3377ca9eb0a9837b58ebecaf71b6e77c743bb8580c11967109aa0d70e68eb351493eeba74a7014654a9f72bdc89a8330f5faf59b66cd9493

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\LogoCanary.png.DATA

MD5 1d64082c1a448386be309c78e48b526a
SHA1 a0eca79ba81b9cce096b00cc800cc21acc69c246
SHA256 381dc219a307b768856445317f5209ae1b07ae005ce616344b768c58b509cee5
SHA512 8f5d736bbe9b791da5c74a639311efda04b180b214f49a7dd46f652df3dc63371515e8b9ed0770613c558b51e51803f428ecdf28395c4c47ac2c137ec256b051

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\VisualElements\Logo.png.DATA

MD5 1dada13d2aa6b548c4b611a757285fb9
SHA1 6e6e33d7bcd47ab2ef03f8ec82272b9af836082b
SHA256 79d56b91242cecf00bb1669889c9ae5465a792de041115fac84bfcddbeb1e3f7
SHA512 545035d0153ebba4f0442e1adde5c1754835d3cea3a176e7e985f4ba5e66aee29d078ac6f03803a24a06e8ea4529249b239cb5bb3281dc76b9ccc907ddc13ecd

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Entities.DATA

MD5 d4c16f602f634a64e88763ec26f193e7
SHA1 1cd2d72d802ba8bda9a34adbfe2752be5efa81a4
SHA256 df53170ce642b20a9af488dc258238ba8e3018e2bb56f7e3cc4f4e9747238c72
SHA512 9607496b4db501b0b2754e2577aff59c31132506b45adf8d444a01402e0afc58fce81d4610d1fbeddedfd035605c03a37c335d13bb32050750459550b1d68845

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Entities.DATA

MD5 f201049fd9383e57ec6ced8a50750fce
SHA1 a5f6050874360d6ffdef08263f153eba4252f193
SHA256 7f75cb953bf777146b14fd59d5a234c83b49331616e04ddf3e06b4ae48b9d626
SHA512 3fdaf45e86d3075091a838476f6e7c2690c10c06d9572e86d007657c7ed803e01cf60165005f73419b3a2474a1515be391629739136bc111ec2cc6e94a44dd35

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Cryptomining.DATA

MD5 9c8a3b3180f28aa66634524b57583d58
SHA1 be578f2c983c3bca2b12287d3beb49fdcae9e65e
SHA256 3de1e6737bbec45e0183ec47197b2d1fd91e90d606c9638c4d27f3f6a1f037e5
SHA512 a0b5508c5180d563c8040e288fe920e75ac935b5baa9ac92c54dbc95381deafcc40e80839def55a2928724df09b7bc9ebc6c4d741ddaf7243b41bfc20aa005f2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sr-Latn-RS.pak

MD5 3fbfebbf1edb9a8debf59b9084de635f
SHA1 258150035ba7e050de356a1973684cf7189f28f6
SHA256 89d1e5dd5df8a99b82d4daead3c079fa15407a28a9493301291f1b6b42d5408d
SHA512 ca1b4c5b7311944be06c26ea32abcad0524fb3e211df68a37bbdb934170e91542160cda01f1b9bdee00e3f5e62dc1d2cec2acb2bcac3269c6265e68171deefab

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sr-Cyrl-BA.pak

MD5 c6988048706424fa5e5df35bdde498e4
SHA1 af09b1c945f4031c30d55c4c4847b3f116751920
SHA256 4b7c40e1227fc105b1eab039d875a3c37186f0f361a61a3713c93b5ad6b1a405
SHA512 9169be44fde77f5798c91e24cb3d13e41e9a8fad5d936baf270cc66175555fb7789b718f7338d5d747dc354833264e10ca832ab0d6df7dc4387dbdef6356dbf0

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sq.pak

MD5 eabddeb1893de8581f0a031d0cde6cc8
SHA1 81c1c54a7a27cbf56075f3375688284db915f668
SHA256 256f3fa1f8af85944973ae1267d9ef5271e3c52f3e14b092270fe536b323a66b
SHA512 093fcd9f8b5946f90f361692213f898163159fa4d1bcaedd3efd6fea7648d3958e09263b826378abfb3d47d75fdba25e060bacf8f2915e04d317cc797a254ea4

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sl.pak

MD5 6defbb2958f63d6866047d0b9bcd315d
SHA1 85a9de85b13ba6eca368f929406c46de0616461e
SHA256 68021b7b916c6b293890a62507550128160c6f61562b946dad3d9dc43da4470e
SHA512 1304cbb1bdffcecdf5c7faada89539ec3acf9139cf3b2c6a02e6d47ab5d777141d8328c8a3c3be34e11130bb9814d529d037b0e25b3f06d27a1aadb3f8c2b5d1

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\sk.pak

MD5 45377d6f7434ca07cf14c8c843689850
SHA1 9794d0db41d8ca36625d314d4d397413e7e34040
SHA256 d025d9c7c59057a2cbc2f08c65bdee285eb835e74a6ebdcb170667dfb9943e07
SHA512 55a653b3fab4a98ee90601c3c54cd08f472e182950e6acbb8a14916cea5d368c270127a92b836809a5aa68dae678e32fd1a244c299b5aa930f8f8215e18ad197

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ru.pak

MD5 bdfd5e6985e8544dd8b4c0d58c478572
SHA1 58a4c1873993254e50c9d0c99f0a75fd04602d42
SHA256 dcf8b239aa41339118675dc701babf729a40d7a578f40006d4c3f57803c479ea
SHA512 c3690efb5d5b09d0e74a5e90b729110d0bbebc51a12ce66da3318a213f7775e9b860dc807e1b94ec45da2612420a4342a4ab0325fe450f8d8dea4e62295f1928

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ro.pak

MD5 6ad9f887c99929dfd423b56ae9886613
SHA1 5d08d697e1c0b5029b7bded8b2d1b6694fc37b95
SHA256 2ee2fe4d1feb0fa84890d01542b12de11797737f3be459162f727405c24d9bce
SHA512 cbd0913267be15a78715b13eb1c814d51d1cf7dc4a618ca9eacd10484eac0e4696987baf6c7519db701c59bf3b235bbae3d1a98f250159a2f95c8399efa110ff

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\qu.pak

MD5 33d22ca8ce85b3276c035b0406e7cbfb
SHA1 a3cdeb296f3f299a8677b78468c50bd7004e095d
SHA256 8d84c03601afb6af01e7406f98d13669705ab294d066b8f4da8eb048b0773810
SHA512 8a452f9eafd87ef3f32dd83c29b66e157989f9734aaef449e9998ff5168e7940acf5f21b3b2daaeba5ef984a17895166bd6135e0f869e418c93f5843d3b6958b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\pt-PT.pak

MD5 9724dc1506e0926b212f584907b18a7a
SHA1 9b0ec8a780c2b01ba7da7d60b92c345859a7ae55
SHA256 15958c86ba07f350f1371761f349090a4d726947c5e9011fe932dd2f02c579fd
SHA512 763649cc144244b3a54c4473fd2eb5c990d59858a6d5f4082cf2647753aa2a93db2cad0febfeeb24800259da37c27bb9b586a311f8c5ae9147668f3f16d97443

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\pt-BR.pak

MD5 8efbf70a2f497424c21ad3cca2cc9225
SHA1 c3ddbc9a4d5081b807631c71ec1d296218a218b6
SHA256 41556fc6ce30d7dd9ce41004902b285ed740c5984b57498179edddd48c4e7366
SHA512 4118c31723cec3d5c11d6f6235077fb712b7a29fbdd3bba43ec02a3aa9c75d6d5937175ace8fe35377f45ba2815232e6852f84d5c452ce15ed8df18dfba25678

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\pl.pak

MD5 2b2359401d9827ce88696ea462434bee
SHA1 2a81caca09e9c6a155ec0e48678bb0a8048be870
SHA256 336fa6be4abeae89e8f961334e83cae4e5d522e71db7b373a83073ec0425efd2
SHA512 08d048bd3d5e9e169ebade43d5ae8dcf2b5f9161468e517ae912ba38312501aa76b7c903ce8a7eb9d7e0243f90ff87534afde5957269105b235adba1e16e0d2f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\pa.pak

MD5 86fa34ebcbf498b224803a19088da089
SHA1 1e4d3b8fc52ff558114f65f1117a98ea5bb4a6aa
SHA256 9b44699aee25fe88ce32d587e03bd705e20b83554c1045748ce1346c8dfdb7c4
SHA512 9819687ba1dce10c669353d6316432895036140efcfff539c9cf7005ab6483fb0ceb45bc5b03b201981c96c44665bee5206855687a29343dddc5cf1761c1db1a

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\or.pak

MD5 d071565ad831397e94474f88853c3e6b
SHA1 0be7e20da2fd092dd92561b149c77aca71f6883a
SHA256 d6fcdda88ccb524f12da5eb0aa168e3cb69392bf118c66a6184edb487c4ab414
SHA512 84f5d2b2f4b753533b6108466f2381e7c6eae2784251091a8630cc8499ac4e9cfc71c5cb7a91274a4cf653d4f81ac1de54c0adb7ea0d58627e3661e094411960

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\nn.pak

MD5 ae5bd230e545179c3892feab9153b3f6
SHA1 40b289bde6299099bf3188d3f5a38b4b723f0625
SHA256 34aa68cb07a72a6ed41bc01ae957d6ac54df99c69fe208a66ab05a397ecd8ca7
SHA512 0491c1c1a335cbfa63d61bea0c50ec187681e809d8852d6fa503a8d1cabae210ea40bafe5ff5735acf7bf693a462a931d30f94964c48a3f2cbbf04872423168e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\nl.pak

MD5 31562696dc1bc07afd954ee4fbe6b4a1
SHA1 bce7f213a96b7fd8efcb7b0ccd4e2c8199c0da5d
SHA256 643b85a1562ff1b4fb8142bcc52f9acf6c0aa2ffa83ad5d8b0cd089e670c7930
SHA512 68cadb970281d9c9a8995074a2a1efcb14d618259cecde63eb5cb3895bf01926db4f2aaf3114d297a4247842155804b58e93dbd69c5396d9e6f51a8ac684f73f

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ne.pak

MD5 a7c7b9b1877ace26d015f8b5ff9af1cb
SHA1 7e8ba0105694220fbff79839bcbae757412512fa
SHA256 54383768afeef822532704f7da521b14b3d63c3e1b46d5d366225a568663b615
SHA512 79b3d03b38b437e4d42a95e66017d1831c41fedc75ade1a244dd098b5a39b2b6a03a11155b87b9365810d07632e568e13aa0d4cc4c11c2d61f63804bbe8a1e3b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\nb.pak

MD5 11ec4211a8395d15e4b48ddfea5c487b
SHA1 6a1cd423190970de4888f597504cb3fdd9d413a3
SHA256 298d6a1cc9cacdb40ebb00489ef15a884803620897f22f640974cfe38b553d30
SHA512 b2a85a8b1fddf179936df1341d2d477432c38a5886dba45ff25de9ec2aade0ea28ef2b15e7f267cd75ebc863f03e72ae98858dbfc6803e95065987d27449f82c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\mt.pak

MD5 8e3aec21214f3af979a75856902a3677
SHA1 fabb987dfa7659f730bb3554888374e85b181e5d
SHA256 41241fa3d4e133f961ef3511ae037468684a1d9dc728ba48a18c796be33c708c
SHA512 c245c36def9467f7e7d224432adeb17aad919e5c9a73587a377549c18ae8ad4fabc6848266d7c99df92059c19661f3ec4f631301421c544defd80c52a5d5ca06

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ms.pak

MD5 6139387ab7cba6aa7ea578a6490bfd44
SHA1 49eda066a6e84bcf94d480349d8d1624b5e07483
SHA256 59ec2a3694119823b718de428f869c1f52a032c51dc25d84b738a10939edfba0
SHA512 c9618a76ae31ab8b77aef78b2960df1845384266ba18d63d2c7f2fb1e8b668fac5272ccd9f0bf0aff9cbc0daf6450dad42c913c8b588fa88816836aba6c97828

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\mr.pak

MD5 4efa473bb93bebabe4666433f8213cba
SHA1 1be08c6e89240862135075f65371ae0a9e2c7dd0
SHA256 e433184afaf3b7f0af54e437c9635321c955ee537484dd2d47255d846e8bcc65
SHA512 eabfab98dcd668f8f53e7ab48752e2a0c148df83069d5fa5297492a11eb31f40b2450169b9646777c7288e802b6b172be570a4cfa500f15c31abf977cb60980a

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ml.pak

MD5 4b8f43b878d45d34fef8fd14924b7b94
SHA1 b1f0c97027e053102e3d597f0a13b869e48ca5a4
SHA256 146eacfe6dd826f432e2bbf89f749c8741a282686fe1d71fb424d05028712a80
SHA512 375824c65b9c6f4652ed49fc2f6b19e69811a0a9d2d973f4b6bfde31eb99472c6d819259eefb3f4e136311ca9515a403356e87cd49743780847cd7825f755980

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\mk.pak

MD5 a53740250dd9f6205b82a7e7bddeea9c
SHA1 557aca1bed20017e2d7c10892429a8c8237e10d7
SHA256 00c07c943a6b254d8656f5caf2cd192c3d2dba671aa06231efdf448afe12e9b5
SHA512 b3a6b4633084043fa37eb5a453550cd759e1609ff7fed98f27f96cfe6ecd27fb0a42f440f1395638a1b02fc0a6db027ee23078dca509a6892346b81094ada164

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\mi.pak

MD5 a9dd96c401eed70da8a6bda8a14bcb98
SHA1 a2654c95c35afa333efdc5d5f6bb4a7ee0563d77
SHA256 ce7304f004412c47baab8a96f16a94eb458442f73269421564187cd3e864a297
SHA512 246f3c547f2b3bc16f7fc4a05c37016852be35a5b023146b2e22bc08ba4ac4922d70b33242015862e13a3302b17f2af4b1e22399f821c196c9f5f04644dfc8a4

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\lv.pak

MD5 15f8b37c9b42db02b2c0f506e22aff79
SHA1 d64c47f86a91fc4b3f484783af962fa60302d131
SHA256 7dd672f19049a1e282a65616a9f411634ead5c4a09e72fa84927ef82dcdc623a
SHA512 c52d2b84ebf3a3baa38ff0809f95a00bb0ccb6e89d8210539539bb9f7440295c68f5f6b72cb8c9fc3d8f759366ec882ea2d079322ea62258cb842d0c2860592c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\lt.pak

MD5 3b7913d03783212ace928f59e7835680
SHA1 6f438bac6e1bc00f0222893e64a6aba6023054fb
SHA256 7f499048bcb6888ab87d1546a489fddfc0f94c529f17e5d9b4f65ba3e731932c
SHA512 8efaeca3de861f74f38d3b836006ea2258f169b4f826ea72330d746a42f3623e5d9029d080f45eab522f68623acf22f30a2cb6c4ae939a26c95622f6f694b11c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\lo.pak

MD5 0fbcaf65b2fa8ab98c95df4a182dcc2f
SHA1 b8bfe7b53ce99c91bd1e206d6783675b8a59d514
SHA256 42b5f2c2396533bcd08bce25b38cc2f99a6c378b589994a1f3fbd6a25798579e
SHA512 59802e3d1a7fe013209c59fb4a3b87527992668eb47921eaaa4d12d541288bea674fd603dda2445d099dc565faea59e278d3f99de83212c40c9046882401984b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\lb.pak

MD5 c2c3493c8d319f34a68b44862cf991f7
SHA1 2fba6673096278de5ce3600104ef6284c07bbcf6
SHA256 b4be092c363d5c46cc261a1f9f245c4438cb4c27d01b74eea20b1abfa8253417
SHA512 7572cfa78cf3c70c5d623aa9bca98fca73d626cbd1bedf38d3396a6e874fb8736b1e3ac2c1d697a0e7314c98704ab7acf3ab9140e28a9d9b45376e28b4b06857

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\kok.pak

MD5 e7e93c12ea2c491c8b91daeb5a119775
SHA1 9dfec8bf3334fcfdd6a952a7e9f9869094f8874e
SHA256 251771ed6f71073a61a8241e25ac94556c55898f8aa96e7bbaad709ed0d125cd
SHA512 9d61c24d7fb082373a5e974fcd799a4df49d55b02f4f5568613b04a54a8596a63e6dad83ed458cc3eda5a49657f3882332045dc56b05ee0b0f96aa53301e8033

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ko.pak

MD5 b2e14063361cf52de977b6586acc9ff9
SHA1 0cfcf6a258a8146a29e9851aa3647a7cabd6cba9
SHA256 1937980d3a894190757695577a6be4545e27732de43f9d364b49b11eb55599bc
SHA512 cb88158fcffd86bbe5f97c496ab95529d02a60c4bd396630f08a379dd736871ca6cdf263ae7c60f070e77e52052295500b223ce62f24188a97a74b2bd1325d67

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\kn.pak

MD5 383629232d2782e6c49ed7993b15bc81
SHA1 b43717598e43eb9f795ea3dcae08f13139f38492
SHA256 a9fa4c3efc1e976d0b966f7a63695051830b6a7cc712a5216078b79a88817518
SHA512 0f5c21c8a408166864659cf120ee3a8f9865a7654a03acd62de05371de2e82389d2588b7d64661dd4dfa58214e22ad25bef98da814380789d398e62475e85cd9

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\km.pak

MD5 513f62a9ad43c91aed9857cc2353a6db
SHA1 b1c158c5527c6a09b513a13e9387c2483ff6ffde
SHA256 d94bd91a7aa33589628e86bd44f1bbdf66b06154c25d571605067b8fbd9c347c
SHA512 1241a371866189036c51abbd14d2bd5b621fefeb8bbce35caaebb609d05f44cd3762919aea44d497ad015267d7ea39fa5be7008cf2bf6b48f5d01873f28a9310

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\kk.pak

MD5 cdafbd653888c4e3aa4fdd09ef99d008
SHA1 bf017d47c9d89450aff1666f891e17f4bace6bbe
SHA256 c9a7525802d95ee7922f13ad474f72d466ec59419e0821012222fc2f5ba315b5
SHA512 ddfcc18cf5794ad29a05020523d4aa8a932f7e615c2e0f22263da1e365071310c600d33de58851f6fa552c700437482002744f9cfd326937ecc43c586f554edf

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ka.pak

MD5 66cec9daa755e30ff11392ecdc04d3e1
SHA1 4813acbb7e43277144bb56a86d3fd22a0c24d72e
SHA256 97a7acbad9e011d554244c1e9e9e59ebd99114cb544da06f618e0e3a5f1fb203
SHA512 3d8da0a8ae10e749584e0ac20eb7a9ead60934a216382e913afc23bbaef58410b21a35228312a35316f80623d392ad884b17b4ad6ca76a0226544c03559527ac

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ja.pak

MD5 14dd9f83b78540d40aedcbdea33ccb1f
SHA1 b9702370596fbcd95ea01e51334ef3a1cd4fa2f7
SHA256 e433efe1b9bab897331407f2bfa53eed9f7ddab3ca90eb9b738b0c8d0af7a5cb
SHA512 b2558a05c4928cc83302a54043a2ae40e696607216a864beb47725b835778485741b5e470dab8e7872792e3f9c175b9075cffe1a9bdbc444815967a5bf915e63

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\it.pak

MD5 d0355c014827158c514ac14e59ede5e7
SHA1 374d1d0ff8b17d4184690cbc6108ffe25fda00a4
SHA256 81c81ef791d1d53a5bab325b787482e184ff9afbbeefeb0fd81183ad917d5655
SHA512 152bf98ff2f5ce7e5f385e81eb0b257950ed9cd4c3ad94e7242ad57d599b2d1f7f7cd31cf19a3320707c114993325b34ba64f426b3c9f9fdef4d1703d78afe5b

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\is.pak

MD5 e48eb09e889b09b30e7c4c6a0fc4c314
SHA1 ae743c33e5a4793215a03f89856025e1426b3d3b
SHA256 d5d0f9b4e254e08e1e0278f4f2d50a4e530723435ed00a03b33f37ffedc5ecac
SHA512 a6c41df81cebaee1be7f2375400d0f655afbf153ef8081fd58c9d7eb9762b7290178b7171e64371793e736f9dbe55c3eceb8f852909814fa36ef8af4fc02271e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\id.pak

MD5 af64eb41597a2ea25fc6cf74c23c92a5
SHA1 ff2ab68b6dc6e57e2ab6469b794219f131616a30
SHA256 d218b3322c114a2cb919e76abb8c39ef128d31914a38f66ebc56b064399e3d58
SHA512 bd78163a5c73a8facb654d47d23a7663bddf67b004f80a2fe3393d821f7c7766ee3605553169773de6c63a5ea7555e0d5f766c690b814dc836107abda13f8886

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\hu.pak

MD5 685aafd8f94fcfc82996416fdeba3b0e
SHA1 80327fdad3570d9647d723a6eaa756e375320e4d
SHA256 ed7b330a116a45fd8299f583f6350e8f423473f6173c911be7be77caee6b0f25
SHA512 cdb73c510719c0f4370e0c9cb4ace5ad08b46c31a75948bd5fe9d6aaea73dfb3a197d192644135f1af565591ddddd2d9ae3e2d9c2883e68f9b3d52538447e598

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\hr.pak

MD5 68d6408585ebdd8fbff20ae9522a60b4
SHA1 6a5b14a30ff8d950221023147976e425c68a6845
SHA256 1d7cb24afbcb0b0c414066ff580f8da090371b635fdbd76084afebbf29b5d48d
SHA512 4be41659172b4d3edba6d140e2337b951c297566e0d9aee4d08aeccc17893e6455ade073ab9fb8891bfcc117f0e858725c76a8e096d82af6dbc62717ac1dc4f2

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\he.pak

MD5 f7e73d8225bc6c910f61de044b6ce9a7
SHA1 2d4af52b94b07349920b970d08cd76ec329d7364
SHA256 1c2e11376a3de709f7d3c2c667df7445b7fd3323e1a1c80156b15034997cd9f5
SHA512 bb50c2042c2cbf446e7d13894dc115d82ee3b619b6f8c12dfccf9b8fbafb7aeb5aee483d652fb3716153aed6926eb3b80866b0aa1268cf83c241e50740037c18

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\gu.pak

MD5 75adbe18185a40c8e7a71dab481b5538
SHA1 196ce7b16b98dab925b912a479e417ebd8429d23
SHA256 46d45840dc1f8a83df3e7d90f64fb9a88134796ed8a657dc4473c0dc66574c1d
SHA512 1cb8276ba5427f247492ac1cff94ca7f0ad814b8734fdebbff11442ebf738f843157fbab05bfbe1eef84bd24f1cf4247c7ae4cb35040f4437003c05ca17e2954

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\gl.pak

MD5 96590901a2cbf798e05f31b0dd9da270
SHA1 021056b6408b7c8720aecc4a804b0dfaa0e4c0f1
SHA256 b2f7a608165aca26817b53fa32565029ab82445de7f732e0f33f6ec6d7a81140
SHA512 ad523ac332efd8a31015d548746ede7df0540ab63ce032cf557e251f541599488af49e37a968bc603d36fde1c20fd5804e52a4138f7fa93e5c4f7c25a55cf806

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\gd.pak

MD5 70b57e1e8027313be78750b972defb5d
SHA1 5cd21b92f4a4ccd2b8125acf427654af96504df3
SHA256 8cbb75e553f24255e3fe9e509da1ec00237c81731a075f2db2d9f6a2645260f1
SHA512 60e99915b5f3796c83adef91ca399bc1ff576b64626c061ef78fd49883c90e809eade251c43d0af35c1996685e5b5e34c982e01256970c00aa44dc38b47102fe

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\ga.pak

MD5 f07757c34150a699c345a7043fbfbcae
SHA1 55aad0f219cc5aa84ff03590ea151d628d83d62e
SHA256 8b1ebfeca59186e83f140a7b8a2ab475d11bfe84cbbdd17467b01cbf96811432
SHA512 4898fd00cfca00a2ca627bbcb00c3ff62b2aa8edc7490fb9051701efa9762dda3c8673a0e4fca32d1d4a60529a3f3dc9740053fb1d15bdf6e1a8e3082f603ffb

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fr.pak

MD5 8082355a3bc342c1d17a0ca7e198938b
SHA1 6eb9612ab76abc041197d7e09fc150c8fa9ed43b
SHA256 0094043d6cbeeb88d72f0b24b2adeb3ad6498bfd0d95ada8196fa77fe5f1c88b
SHA512 4e00f6aaf4bf9f18c993db72e47bc7853434fe3eee35f26bf6f01aff6d6d7577bfa0a7db1477b26f550fa218257b1b7ba9ec0355a720b8c4d516288c1701be96

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fr-CA.pak

MD5 dd93e184304d570144bbc4596320eb0d
SHA1 99598de91c1c18281df9eed90dafc1ed8b4ec7da
SHA256 86807d871ad0ea9117aa5845cd87d8ef8bf1820f56246a1974cb550185f4fbb4
SHA512 4ad415035af07d02ccc289b361a2e8ca4815fa3c84cfa9545df645e4a5b42f0ac070701ec3c9e0cf662a6374641429834fd5961ade2fde4f53656253c857cd60

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fil.pak

MD5 28fd7ec3e42f2de686153faa118ed08f
SHA1 1537c375592d3bf20d07d3407a6cc879929472ab
SHA256 c4889c8188fc55198298e5b31d24344c0a44888ddfb0a85d9962e302e0d297a9
SHA512 4309adede0109182c8b57912d49b7fa53c6792202064192f3b6ef979d854bfab105780972eb5312d95351b1a15f77f2a65367f86715ec17c5de28341ce6b2190

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fi.pak

MD5 6958e94d28952148a66b933b6ec12583
SHA1 72f37fd5b46bfc4ffc17f1c826f59d18e62df4e1
SHA256 0e0b1539b9f348adc0c712b820ca283c55aaa858faf125e81d4a135807cf1ff3
SHA512 5efc0028e02a1955de486ecd9292e4e95914a2bac951af13b778fb8c102ed212c54b8abb5dbf1f06ee3a9d9bbe8ba18602f019295b0b8f2b43045dc7ca8f4eab

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\fa.pak

MD5 720370bc0da9b1e19f40514bed5cf334
SHA1 d541d736c90ffd734d20bd15221ac20cf65eec35
SHA256 f7d564799e66c2794b15fc6a5fabf20252e3e528b8a321ab77f6d8013f7a1fb4
SHA512 3e411008ad1a6617a7579d0d56a1c0532c53fbebbb094eb79941a4f0d596abd8e51b854dc700ed33a3225180a6a208120f5a6b2ae77fb14e357027a25a28fa7c

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\eu.pak

MD5 6786585675aefed4b47d6d0e66e38e1f
SHA1 80999bc260465ca1fd439d369b4e79a9012c0c93
SHA256 257d5063a6a85c8c7b3601346319aee390c7c0f1ba6173602e0f9d65fb5c6bf1
SHA512 eefe3056d0526310e5d100d5b4a62b12c1b95a39c6e2d05d79b49fec486c369ab89688e6401ad7eb756a5966899d908d3c601b13e6553c1e9c49e8670b52fd34

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\et.pak

MD5 df33c178f4a5aca8ec24a6679003ae42
SHA1 7b3012db67a36819783bd406091dfc0850281354
SHA256 4cc6d150e62024f7147076729e490a0f5adf2d4e2cde5fe93173571048477d5b
SHA512 5270a3f9f7ef0369961a223a76ad3d040bc5c13b24fca40e39f068ce41e7e2544d2c1dabf55b79e50e53234e9c0c099f6e3e1f530252f3299c19fa30c2526fd6

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\es.pak

MD5 542cb6b1216533cb40b4154c89b4d978
SHA1 d399c6623529d315c19c25b7ad2215fa71abeaf5
SHA256 b57235d3d49f033fe9b72db2bfef0753a360affde38377350db08dc5aa1c3421
SHA512 768e9a40990c2db12d770f6db39e20e36192d76514abace142b5bd49c82c2877639c0a156f1ae108e3f797701d272ebd41db1f879c4d5e0b58243446dd8aef28

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\en-US.pak

MD5 16ce60c575559884d2ceac50442c7a89
SHA1 875530cd0f2af6cae11f7c55714c8471aa6404c8
SHA256 6cd9d878b339bc93a9733a18f3326f2f1efb31f76332de380700dc4002fc60cb
SHA512 cdd9f6ff2765dc5e47506e00c55cf9e750a715aac58f52dccfda470f5fd742bab1774ceaaff5d60fae56f47908236290a35cddd6bf0b3a8d0fb110d393634855

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\en-GB.pak

MD5 43de4fed57902b57d8c8670bf515468c
SHA1 d670e17582f1337afca5d884ae2a688a8a08f5ca
SHA256 9f8232cebeecd8a03169405aeae146c6215968d44935c44ffe2448faaa49b651
SHA512 c841883f88199f213afad827aa8ee104b5ec721add3862be47ef3c87af752a783d5908e185595525f005e4b19b4a5f7a891fe5e4cd6ca8ff95dcb6a26907395e

C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\el.pak

MD5 e28bb7540e1e0954e3abc034f206380c
SHA1 44b3dfe4d057eeab48f5de20a380f1fe54122bc2
SHA256 52c8561bb1ee68622feae6bf44111cdb3a4357c6b8a81b591c7e4bfbdcde7bb6
SHA512 66c58be855693fff505940b637393940024ebdf34d66bee57da5aec87193966784290944f5bb459aa223a5421d132218b4392d700a0b49e6aee91727f1cd12a1

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\show_third_party_software_licenses.bat

MD5 62d8d68447cb925540cc016987571c13
SHA1 6d87627eb4953a326cef1cbf3e5017c6676d7439
SHA256 eccf40f314d62a57ec06e8c9430351654defd141cc429432124b7ab23b52056e
SHA512 8cc7d58ccfbe77585ced627c3e6c8ff7976bcf510c04096fb768bf8153c022cd824f5adce2367e12912f49867a6c7904ea9a5b4e0a4b74ead37519b77d32b89d

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedge.EtwManifest.man

MD5 461ec6a5f81d4a8e5c0c9cb4c0e69302
SHA1 555e762f4e1bdd88b9e317b9b78c9bf8e2a2cb66
SHA256 8e7cfa72798300b16e38fe08cea4d8d8280746f8c3ca61ec9e0241732bb50d78
SHA512 02aca4d57de8201b0231f10bbcacf971d717cf3e9b2465c598b19c910970cc17e13f8f19df8e292f79526d6787aad243ce53d3bb6778edf431a89a63b5d7a95b

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\MSFT_PackageManagement.schema.mfl

MD5 93bede9e38afcd54b62c55f0ea36ea68
SHA1 e00a831038ccefa21c2cccc302babaa5409654a2
SHA256 8fe8662c0263c3d0d781be40fb5ca3200792ea62cba2a214ee89d9671631fff9
SHA512 447d2daeb6961249d7e0c36493515ba69d9da53c6c7b5d6c06020aa25abfb4f557730bbb176235974254fe751633a0edfd5a72a45a4f5cd837a6a19c1e2e327c

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\90.0.818.66.manifest

MD5 1b97f8094cb4b251124f8c497521f14a
SHA1 d1a871f2b66b56842adb6018d1b51a10b4a71a3a
SHA256 b990b4d3248e5c9b04bb8c19140014f291e7ff9c66656dab73e8910513e5fd67
SHA512 eb7b50a3f8ffeaea279f9e005e9f4dcff721622d96e677b91b2f678b2e58c7bf178ed6ca1d1baf6086a07fc9b3e60dc12a46839d13743634fe532b931b34b3ec

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

MD5 4b6054dd0c9bc3d795711f9705757f94
SHA1 c0ea345e9ff7a61b0cf57b7b40cf5eec95c985d8
SHA256 446d60f9b2361e4bd42951b2c88269ada43c6833275a10ad97f47106e5ad2f7b
SHA512 298c1c9c08151561a0d1372e51d028c344feea805104a39c4bd6258853d004f4e24a3a05bda8dea9a1df15b7d33351276d472a337a5e148f2c2d97d0c4abc3d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 e3ade8cf4d635ba8e2c1b13d3f4aa935
SHA1 4aa4db8537cef9bc8acbd2a8c0ddb027b3838c5a
SHA256 e7a84f6e08f1eb8e52a8fe94b5520eb699d2ba0e74f095507a4d0d136b749f9f
SHA512 f17ac52f9275287a45935b59d7b2c7c2de2b7dc361aee10ff5dd135ad7c95d66436ca34363dfd356f51544b20dc8c4c0a06e8e1e4c42ee3f6438d8cee608f4bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_0

MD5 9b08261aaf34c1fe14fa7cde77d596e7
SHA1 1ec8d583a21f629d5256df6e7bb0769919e23c9c
SHA256 7a449d0cb2d5f57991b7a4cc3bbac06b9fc2aa084d337ce7210a75030ce94cd9
SHA512 9eaeb7b46f63333449217d6d068f96573024242ac82df00ce0337c3385c5fd9c6e79ca3903e7ab92c217b89d321207649f573f181fc9dc3c9ce40bc82b74fa8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 b45d67809b5ee16090a281db2702e527
SHA1 9b93bab4f1c95476b1b145827260ae2a747f80ed
SHA256 f63efff2a404da62a99768c6f5b7c02b6f88eab6c43de8739d8b5556ca46445a
SHA512 c3ebf77f198d8fee9819f9030630fd849d4af9ded30f73541c4a50bb7055e7f743d8b314735d6c28a1060ce8765ca37f3088230cb16052db7068e6e25a90ddc5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 a8dec5b00e1d9aa4ad7c6b503b187ddc
SHA1 c7634063f9c10ac6f748cfdfb1b0f6ab379ec923
SHA256 0f82982bcfe6e05875965ae6fc8d1529787365c1bc9001e11c8e2839b94df778
SHA512 cd5a3e7c36b3f9b7df5d8025e8eb867e46246b8ec05b656964eb8cd44fe01357dc17a6c86403eec1f0a749a4fc5b61fe10caf68a1af9cae1d3fc2bc1c2540ad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 0b02744962add80287327f6ac2cfbc16
SHA1 d8925c07d00c78cc7874c68d0656af568e11b5ac
SHA256 7e602405563a29d6ed05205df6b0a2480e1da6a5c1d9af1feb2d7fd9e7c5f351
SHA512 1de8af089c6e8d8d49f3efb30e9e8e0343937bd0621d8e562337351f4f47d40f94108292c7a5675a500d3a2ad0ed391cd046bdbb28691b96515c2c03f12aab58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 82a90bef94e136d523cd257a4206b925
SHA1 60c5117aea96379b76dadcdd1f8acdc75a8eba11
SHA256 cf87fc285c65323dd47f055d72a69f9e7df43c493bc31f87f1d77457a74bdade
SHA512 3cb8d9c2cb62c4a48525e193131e62ddc8172221b212eb1565f4a6ef9be0942962ca18d9fbc1e11a6fb17ecfa04b3085f4622f0f67d1e88448208616be98d6ee

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml

MD5 079fc6e977da531ba93149ec9479979c
SHA1 7eb3d1c76ff651f7af528eef0261034a82f23ad0
SHA256 ccd05557b4acc421577fe23862a640a4c948f2c61177d8395f65beec75c1beda
SHA512 f585e239189c118df662c4ebc320e0c152fa563d6f1decab02753fa3129ddb2e753ef074ebbf234631025ec90cb707b9617b32d474b96eddd0c1ede606192d91

C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

MD5 a11b4ac7d523fffef155f52f257bfa2a
SHA1 8a3d52f4d8fb1246ee820cfd9a63e5632a347f75
SHA256 3275d4e5727ad0cddd78df405f05b2f4cbc8b16e2d3dea60e34129d86719e4f1
SHA512 5a252834b47039c71bd21dd6fbb2af6ce8f78b48d749ad9aa06248b05806bb8db9fcbb85b989277615c89595a665f299cd5b4e297eff21ab524f988ba1bc23f1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

MD5 5fcda7461d1e151c3128549c8ff1b311
SHA1 202700473cad5673d6a042bb9645a64e13cd5d98
SHA256 e8fef7d3d4af85f372bfd796452413dbe6d9edc1da00769faddb0f3f6c3f1d35
SHA512 7ca7edcc3c02fa45645977a19de3908c362bc6f3100efc7d899538b22628076ad813083b8e8378f416da78232baa53f18c611e3e9d08efb28bb412a8d400adc1

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\CacheStorage\Files4\PDUQ26YN_1\UBFBIZQV_3\QQEXBX0V8S_30

MD5 34604319e29dcc08990f71f375167b98
SHA1 930b71b9de0041aa42b42b7ede9ba9d22858f413
SHA256 48af4c370837ea8fe1304af40d06bdbaff67cb4ca50a3719fc206222d7a7558f
SHA512 68be4bf9e3c07d26783288070527aac011983881431789634cd99ee501c737c1fc55ccc0116344dcd19d3dce2c2798507cea3689a49fb8a13f3effc7b5d6e07b

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{43c4bec6-e9a7-4bff-b16a-ab4c98095ff2}\0.1.filtertrie.intermediate.txt

MD5 71cad062a1867a9acbc20d7a20cd4670
SHA1 3a19ada819760f7cf558f1494ae9dcd297fcc954
SHA256 78a5310b0c1f31e16f6d20e0276a82db5a2518df1fb31f1d7ba51868246da27c
SHA512 d4940e03b197165e5524170fbf6b4b3b11ded6536fe9c75fe033648ce21ab139d0dd372e519737c14cb7c1a7b6cc95308a3ebf865a48dca672c58b6ee7032995

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{43c4bec6-e9a7-4bff-b16a-ab4c98095ff2}\0.2.filtertrie.intermediate.txt

MD5 3e9cabb5b302ae6037eefd80cb09558c
SHA1 fae6b3d38574e8d7edb83d739c0a73e20b5fcaf0
SHA256 76919706df2ef0326fb426f9384e83ac083d60499ae967cca8ce01485d1f52ed
SHA512 ce73c9355da93eec62962d4b91356b5ab3ed7cb5d4b617a5774f4433dabe520b23d9aeefc23b987796f09ec626545591644df7c23f29cc96b8a1c3af5ba3601f

C:\Users\Admin\AppData\Local\Temp\wct82FB.tmp

MD5 10511ffee5ddf00945deb1f41e34fdaf
SHA1 c7ce6caddbcc41dfbae4865dd5665447e822a446
SHA256 da0d4a01493034b9fbcefcaef9a7997d2cff5031027b2ae115189e252931c36d
SHA512 cdd9e541a9cc61e88be308426278bc3514aa4ad3c41f765d704a957fe662ae9dd81c590b1e68100e3999e8b75ecb609a4cf4f260d3315787f59a4e0ad89cadfa

C:\vcredist2010_x86.log.html

MD5 cd3756cf4a6bb9a5fa33b7c71cb89bb5
SHA1 09826c6c8c2846e9ca236464820416f59a82e9fb
SHA256 8dbcef829d2c0b95891a2cbb2eff403028ae4b86eab44849ba7ea94e5d9086ac
SHA512 2802617303402bfa316ad28eb0a83239b0cd5ca780f408772ee6d11a1a205966c51829247568297f9bef3dd64748551ddb8c94bcee81161444f0d55b768281db