Malware Analysis Report

2024-12-07 10:01

Sample ID 241115-brsnmawfkq
Target 2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil
SHA256 c669cb70d13fc719fdc4fc3f95666761558a51609eb03e60b8443b81ada25469
Tags
credential_access defense_evasion discovery evasion execution impact ransomware spyware stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

c669cb70d13fc719fdc4fc3f95666761558a51609eb03e60b8443b81ada25469

Threat Level: Likely malicious

The file 2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil was found to be: Likely malicious.

Malicious Activity Summary

credential_access defense_evasion discovery evasion execution impact ransomware spyware stealer

Renames multiple (10071) files with added filename extension

Renames multiple (12257) files with added filename extension

Clears Windows event logs

Deletes shadow copies

Modifies boot configuration data using bcdedit

Deletes System State backups

Deletes backup catalog

Drops startup file

Checks computer location settings

Reads user/profile data of web browsers

Credentials from Password Stores: Windows Credential Manager

Drops desktop.ini file(s)

Sets desktop wallpaper using registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Interacts with shadow copies

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-15 01:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 01:23

Reported

2024-11-15 01:25

Platform

win7-20241010-en

Max time kernel

147s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Renames multiple (10071) files with added filename extension

ransomware

Deletes System State backups

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Deletes backup catalog

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SEGJVAZC\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\ADWO43R6\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\4KNYJNXZ\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BBWU148F\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G0UQMQ1C\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\1U7Y9BT8\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4TDQSVWU\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\regedit.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Control Panel\Desktop\Wallpaper = "C:\\killnet.bmp" C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl.css.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Windows Journal\jnwdui.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\OPTINPS.DLL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00486_.WMF C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\WB02074_.GIF C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0149627.WMF C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR10F.GIF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\PublicFunctions.js C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL001.XML.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado25.tlb C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Internet Explorer\msdbg2.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\mspub.exe.manifest C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe.config.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR5B.GIF C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGBOXES.DPV C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\WEBPAGE.XML C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9 C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Taipei C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe Root Certificate.cer.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA02405_.WMF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\Waveform.xml.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\FAXEXT.ECF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\MENUS.JS.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\RIPPLE.ELM.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01330_.GIF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0240695.WMF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Calendar\CalendarToolIconImages.jpg C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\ELPHRG01.WAV C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\WTSP61MS.DLL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\WB01747_.GIF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\VideoLAN\VLC\uninstall.exe.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\write.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\bootstat.dat.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\DtcInstall.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\msdfmap.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\Ultimate.xml.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\WindowsUpdate.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WMSysPr9.prx C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\mib.bin C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\bootstat.dat C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\explorer.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\Starter.xml.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\system.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\msdfmap.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\splwow64.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\TSSysprep.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Ultimate.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.2.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.3.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\bfsvc.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\fveupdate.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\setupact.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\system.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\TSSysprep.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\win.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WindowsShell.Manifest C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\setuperr.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\twain_32.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\twunk_32.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\winhlp32.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.1.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\PFRO.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Starter.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\twain.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\twunk_16.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\win.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.3.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.2.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\hh.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\Wbadmin.1.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\HelpPane.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\notepad.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\PFRO.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\setupact.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\setuperr.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81DB1C71-A2F0-11EF-AA78-72B5DC1A84E6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2248 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 2552 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 2248 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 2248 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 2248 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 2248 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 2248 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2796 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 2248 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2980 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2060 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 564 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 2248 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 2024 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2024 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2024 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2024 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2024 wrote to memory of 1096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1156 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 1156 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1156 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1156 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 1156 wrote to memory of 1064 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2248 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2248 wrote to memory of 1480 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 1480 wrote to memory of 1120 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1480 wrote to memory of 1120 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1480 wrote to memory of 1120 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1480 wrote to memory of 1120 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1120 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1120 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1120 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1120 wrote to memory of 2452 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe"

C:\Windows\system32\bcdedit.exe

C:\Windows\Sysnative\bcdedit /set {default} recoveryenabled No

C:\Windows\system32\bcdedit.exe

C:\Windows\Sysnative\bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\vssadmin.exe

C:\Windows\Sysnative\vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin DELETE SYSTEMSTATEBACKUP

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin delete catalog -quiet

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl system

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl security

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl application

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C wmic SHADOWCOPY /nointeractive

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic SHADOWCOPY /nointeractive

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C wmic shadowcopy delete

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c start iexplore.exe -k "file:///C:\Users\Admin\Desktop\README.html"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -k "file:///C:\Users\Admin\Desktop\README.html"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:275457 /prefetch:2

Network

Files

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.encrypted

MD5 7f32118be8a97271fa4fe85aedc405e8
SHA1 206d06ecb60538b2621eb751fef4ee3c9da1beaa
SHA256 ba1277eb09806a3eba59f4a26051f27cc7bc539fcd95569d680c8c43b79d4ee8
SHA512 d66f60f5301deb5ea55f63f384803b2aebf2d3b71b773b46d8db5def00f19f26c5d0504675a321f37f6058ab332eee34d80c0b149b2fb17097c032f80cf38226

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.encrypted

MD5 47bea616d0c56574258a8f957a1e830b
SHA1 140089e6e6da176417f4e7d3b1ec96e1a47f1a9f
SHA256 7bf7318c83375f412a1d62cb3c647e547eb2d0b5aeb4edd150fffe70fab45626
SHA512 e713dce8da612061db752c3dd263adfce9389e4eb4f38a9b1c65aa2cb64cfb4ba2a89e1dff375620e72b6a45b9ee46a9be8b18d7e419573bdf0045e33bd8f380

C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.encrypted

MD5 12f92c7372a72a1dfaab97105c872d53
SHA1 8974bfbd21940546c4d64a3813048a14d12aae8d
SHA256 905d726e9eb5af59ac16ccc2365e0621ea9d670da9b114b36a7af930c10f9524
SHA512 8d8331f4f93f963e9afec7bd77abeb588f0c17ba7d2822f4eff7423a4b01a8dd90d25060f019471191ac0d6bc4e99fa18e7eef0198cb50e0d4cd8e054444790f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.encrypted

MD5 5d1b2e0a6041aa2d1c510ed0eb207034
SHA1 f19416b24ebb9b839792e2645a66938e527702cc
SHA256 013a409c57c4453c0a7cb77efe18b41a3eb247fbc232e2ef5d09ac532ac6a3d0
SHA512 23395003075b82ccfec49c69de2525d143f0f358a3436eaea4c7c852080b1dc26f74dd3fbf9f3c9f1530f1bededaa1212231e61b6275fa06627d675f0da9567a

C:\Users\Admin\Desktop\MountRepair.xlsx.encrypted

MD5 21fbdd82ba07846919236c3ecd95153d
SHA1 624fa3b853c339b0d17cf7210606e546ddba3fe0
SHA256 34728c5c889d7462f11baf4437f4dd5ec463fa7a9c87b0193136d5c8d9a7562c
SHA512 8e8439eb51d8119329380dd2ad604315c73cf3ccbfd99f575f00793d53cd282010b78123412559a4e3ff594a04cab2b9897de4641d304670aabb164f785c33ab

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.encrypted

MD5 f1658ceb7009a9698b8c201c92ca9f38
SHA1 0b7f9390c18f9f21cf75c2481160263a554408c4
SHA256 fbc00c27d1db618b8da1aad49dc540dff67d8eff98a7db98c21424b55ec3140c
SHA512 2009d9442780c8e1ef28c3f4a77a00977fbe7368414968da13b88ba5e695903882534f334ddbaf5799f303db4e4656aba4e54e6b03697aee78c31596146e8082

C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.encrypted

MD5 c8f24c1d528020b1d0666d5f563a8d9a
SHA1 162a09c5645bb2ebb932032f9775d7f503cd530b
SHA256 4958004acbc7cd7074a4ccd4a26a5bb109ac084b092fd22ff0abfc0952c71a89
SHA512 5bf7104c3242c0bfced429df9728552f7e672d0943483afd10f9745971b55fe69ac804223b609a547ddd974c195aa431d24a8ab56113397e71e8ecd0e01c5a40

C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.encrypted

MD5 b78c08dcae3ca9f4df486e705696a750
SHA1 6c86c462c42b558e2debfed1c7dee9d5d77d666e
SHA256 08e9c1b80be1e7d72731340720b97e3f1d03c1cbc87279a349d80bda2115d44d
SHA512 72a45acf3ba20c2b60ff140d65a4da7292a102c96c7aa505822c2956a101a42d734d342f29782290a1138d70f68b6fd7a55865cd1747075b1ca5d0b19fbf3a12

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.encrypted

MD5 1ace8cde1e346903caa8154805062d29
SHA1 033b1e525a611b1250d5f7990c53d7d70c03e225
SHA256 2b5c9789ed1e335ea77064dceddf608cefd92009fbdf3ffea12e1752bf79ef55
SHA512 cc042a8df7226bafeb38c5bc29cbd5de4f8da4dd205bf880ea4ec786268437c16ed752a0d8d625a89ef72c43e2d226817d89388afd07283cd27eb3675998e27d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.encrypted

MD5 f6004d108b74d14fec1917b71c2e78ae
SHA1 4f396193c65ca8e82a4ffc4646b641bcb50b7247
SHA256 7415e75e69fa746efb4e693913051793ce135cc430edec727eafc17c2ecf404c
SHA512 7b4577b4d7af4f378656853bb5761ddedd9c69c369fe18351d0d98cad1932342abfd407027855990b2024d13373e7e65a132cd72baf371b4b70e5f828b4f9d45

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7.encrypted

MD5 7d4e9b7bab70722ce4706abdbcf084e8
SHA1 4e0c140932948aa51cfe4386830701e3d0407972
SHA256 23ecb98c7fb0022de430438915ec89e5d5488aa0076ffc28ae0e5fede59696ed
SHA512 5c544d84c2ad071e5da2150faca0a047d1249f26dd2233cc410da3ffe662abcd37dacca7bbad042eb9225c31fc2a878f7585c67a3c04af15a9d0663af1bca2d8

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.encrypted

MD5 8c19e929465d1c83c2764c2182874fe3
SHA1 0192333e3b59ae6e506cc6d89acbf07332ec56e4
SHA256 275951b9b916ca244efbc437518684fb6147157cdf77ffb43ca3d665c2f56cae
SHA512 bdaefa8fb024d084e5b618940f94da76bb391dd39b73060286901e63452bb8770030cdae57940e410cf11c6f5647f04c647d368cefc7ed9f25e8f18fed97c47d

C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.encrypted

MD5 22f8813effa5dfb11e7f734ba3f2976e
SHA1 7a00e31b8c27b87db1e9cb846b5dec17a0f1142c
SHA256 49581c40ec9fe805b1eb6424aad155ec05cf126a2cdbde211743e2afe2377c52
SHA512 da9574b344542b2d29084279ef0b7a11ccb0e9a983def5666e50d110ede5fbad0cce9edfa32396a931f6f88f359656a362babce09dd3b6a3dffdd8b24f185edd

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.encrypted

MD5 23043516fe7537d05c89444d2b8225f6
SHA1 28de4d761fdd75176b926b22ca96058288774c84
SHA256 f020a7f6997bf915cc5c7423d646458218e593e82da336d3c5ca17aad0a0530e
SHA512 445c99c506c17ff174fb429bfc691a23811ba25e41dfac14bed46da12231caaed40c3bfbd8344ceb146627952fd53756ba222bfe4d1b38aed2daa3f2e56ca983

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.encrypted

MD5 9a1d47b50d7b73b04a29ac10d5e442c4
SHA1 b5be0f633a979443c1fa0ace9492d8ff9a63b06f
SHA256 aec2733143522c571572ae9da098bfe387a17b44f43986035b5efa43fdd285b0
SHA512 d76ba3e7a0c83cf25e56a88bc5dae8f7b0b0b3f1f33fe349d0125f44c4bbb70940fa4ad8368fbc1bbf562f4ab54ba62d7038de43ff8f5a59d49faa56cb94adb3

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.encrypted

MD5 3f68072972eb526d1f47b0f5130361a7
SHA1 ed9932f6c1a7c6eb03f7be1b8f0b4efd42c9698a
SHA256 fda0c6a37b5816da95be210b0a7402523dcd26789503372d49df89bdc184f86a
SHA512 1cc7282c792bd29106f918f802f78aef33ef0b65e1bb81d154b605176e5be660fe2fd941ddb83eb3ccfb16daf4d45214dcc93433daf114f0c926842044a17de9

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.encrypted

MD5 d16a88ea1a1421875c2ffd248abdd567
SHA1 bdf6513cbdc5829f948b7c81689c89d29c967ebf
SHA256 1eaab07c21ddb95096a614178763a683b726d7a281b09b23964264d652eb91c7
SHA512 63cf5d10baca9eb0351e2e077fe0f1601c11722208e256829509c527961d0807ff5fe62a975e0e4898754512cc1a13a0bb7aab579c979a713b76c88dc54ff953

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.encrypted

MD5 3256e0dc4011cd4a39ecf20c6f260b5e
SHA1 c6f58aeb95e311ae8c9da84be12ab0f69cabbf7a
SHA256 f5e56df39136ba5d6c26030f093a7758ee3fcd610568670855545d0ad3333423
SHA512 db46df8d693ae9a3057a016cd65a44cd902bd9a88a4c139178ca2e0565393876e550fc64bedd93971f1cea5efb66b45d7ed92b9a975a6b762660ba9d583dd461

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.encrypted

MD5 7435b62f79a6e7dc16818837ff1eea88
SHA1 c90f70f2e4c3d8caf5c89fab2401eb564dc95292
SHA256 24480eecfe805ac2ed43832cbe74e36f28b12eba8660912cdd162b22f5ed1b35
SHA512 2665b2437285c5fa9e3da3f7180c3ea304c25bfc4e59564740350649e28064be39cb90e78723edf27eb2e5ea22124d6ba789b3f2c70534689c2fad4bf6527195

C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.encrypted

MD5 7e3c78fd34da72591e00ffddfd1b3dc0
SHA1 c92e3bf998ae554a70f78e4909d3b8cd3cbb6155
SHA256 21dc9fd8ec05856fd268ed7b27cf680632e2ec7d690405dd4aa31a0b8b3f4893
SHA512 2bf256cc077a14956be66f31d288a549c7a2b96e35836bcaf3489fbc24d19c9f8db332a6e84b44d6857f679b180c3532ff9e7fa6aafda7c795fa90d540a2069b

C:\Program Files\Java\jre7\COPYRIGHT.encrypted

MD5 6bf407eff9709eb0b3cbff2589dd6791
SHA1 b6d121d60b87056fa06b453cfa01e6d6ebac4f1a
SHA256 6da1cf41feeb14a40add7ed8ed9246cf49e85ef9ad65872dbd9b8713d4de2fa8
SHA512 c4bad7e7a75931a42fdc5c9aec7c1420c5649bf2b0c9458049db120c896c1a3e54c5c5b00a62b13bffc42da4267c27ccf5a5d1edc60f2d691fd8a1b31cd8cb2b

C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.encrypted

MD5 e855e2629b37de4542e743a7be6d1507
SHA1 e8b230620abff33f64d9adf9a0734aba704ad28c
SHA256 4b9916673a6d458a3de35f62b6d74bd41d18175d39ee8879d36216277e400a41
SHA512 50fd7367309953a87ae26135f74fc44c608cf142ba8af52a63b45019f7a53e254ffd952e455d9a52d8cd10dde766dde9ea25dcd072ba24ee3c3c2119d4d691f3

C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.encrypted

MD5 e438d0b1406450e49ec4479a3e2c8a54
SHA1 6805d8d399b2d4c834d73588bbffdc93416d5bd2
SHA256 6ac1aad3b94751795624f377289051af4c63a307809aa7ed6a7a8992ff6bc9ff
SHA512 f49bd19e9d03b3df12213b38d7d990e69061190587f6d0c7f828b865b0251cb4307577e3dae88ea3f73cfd1896b1cf34c1329ed0f30bef68c8f572c355eaeae9

C:\Program Files\Java\jre7\lib\zi\CET.encrypted

MD5 15ab6a69c3102f78106f2b1aea7b2011
SHA1 5370c612b3ea23199596edc124a98302ac094fcd
SHA256 3489ba7498fe35abde634b2072a8dab29731ee0b4721fcf66ae4296d001dd787
SHA512 fb001a1fd1db6e9bb442924f6ca6838faa103ae2f75dbd1fc75f45b867e0ba5d0b24ccd23abc633173d14f469d640e56b34d6e1a9c809c690e1858bb9bcfc3bf

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.encrypted

MD5 3b683f994ecdc5e0bcc50fc9961556b0
SHA1 317001c37cfbad4f84fcc2ccffec57272b4df70b
SHA256 f1cdb6067f95bc8d68936989d0e0475631d0d22da672d749c5cb33f3c922f417
SHA512 cc53ffb358978f91eb3cbf10fbf96c9b8e806436903a6d44a55b13bb6b9061b226e25b6d4ab32577236d045c321452f491b3ede5aa6c3f41d3d39c360c8825e0

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.encrypted

MD5 e021d6a572b6e3ee2eae3bf0f46c671c
SHA1 c7e670c7f6a6e9e8087dafbeb7881a036d7dfd49
SHA256 1cba40cb45de8979d3124b9e8ebf1ae333b25b31a2391d399e5071e2a2100c7e
SHA512 63e89bf85640918f6d71c959446eaf994a1392303d08f0a166c729a3af6e0c737eba8e01d3d0d773f17cef83ad54415f340f599abdb51dce1506c739cdb9b6be

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.encrypted

MD5 651b6cb9725c3aef3e87e247ba006f59
SHA1 ee3a7b095daf39fea4fe458bf2637f4152c45400
SHA256 823a687ee4732977936cba2f67fb45e8638225676b8f00c3731acca189037c30
SHA512 421507057a6c6ebf29ef846d11c4b7dd50b0185568a0aa66c87d3d0291198348d2d18577b5bdd2d3f9e75a1121c49c9de51a683e84ff5342b3278443313042ed

C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.encrypted

MD5 a67165f669bf655a63822bbf8b217a6d
SHA1 a44e672e9b9343d7186a382648c0af74f710924e
SHA256 0a2076f550e2d49d8b4d53421e21f95014f8cc45fc18d69ec811d2d47386dc6b
SHA512 4ebe33761866c04e4b20d9fac6013afccb46743f0a03464ed318064355341aaa6e5e98a33f80d369caa08ec58157217b5fc4625cd6de6d7c5f85e1eff37f523f

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.encrypted

MD5 d62d5eaac9b74838c1946eb89f2d9e66
SHA1 22e9306f8fa8f168b2b1cf58c01d8bc3444a6c81
SHA256 408efd4710c34a214352bc451c8643eb3b34ab3edbbe053ea0a3959e2d3efbc8
SHA512 bf3a5299cd798083b654ca302a771832473383f9856d8f0ffb5ff3db2d3bcfcd3b596dc50a38d9fa906f7636230e66627a6a272418b2b07b65ed276e3f14a32d

C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.encrypted

MD5 57a814ef27517546c95ca2c803b61b2a
SHA1 a1f9e756fb507f11547e96ec0e2f3ea5bb8bbb05
SHA256 f3e8951ea681cbba90b62119eb4f8e6d334dff2b725bd0c1e1ea821d222cdc00
SHA512 764a6dec008178472a0269fbce0324658d3b0ea6af2fa2c32c77d4793e6966e6629579377a1c463b8498bb836b7e0875e55f2cd05939e715ab3df0de923a4648

C:\Program Files\Java\jre7\LICENSE.encrypted

MD5 9270a287347313986fb7a14881333742
SHA1 f459a410397cd2dca9b6535620fe40c267323c2d
SHA256 2008ee31736c4c03748523c961b949b24965ae33b2c03152e86dd5e77caf6e87
SHA512 27464385a5311885fae160eae1a7f9225660a56035b75c94dfbd50817a087a5086bb007e7cbf70de8726e3f0fdf7c62ba99c73f538edd688422f1a72a0eb22df

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.encrypted

MD5 93ba2fdea65d76f64d8ed1d8c9d48ecd
SHA1 f9bbb157187e4e1d30cd7cc5f1cef170b55a1bcf
SHA256 039ded2c5907dd86d3e57359b6b8b6b5964108c3e29e297524b0f06301f8967b
SHA512 cf8f047a178d895fde455eb30a2bd3c72535a99fc9196b0d5b7493203c88c38f9471298458f829948a06ca74fa3fd497ab06c7f401a422a00eaa3ae34e79cc84

C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.encrypted

MD5 718d5ceb0b7a6141fdfe3ea6a76c7f0f
SHA1 4a806c35412158197e57329347333d4795c995cb
SHA256 d51a1ddafbcafd7f1127002271466da49d344a8059e4877d741bda83147b7284
SHA512 8387a00ed8c754cf1e57640c047d2833255fba1c42640a466b92344388f2f92bfd551b056a63fc66e7ce40838c8abcae8600636a910fa09e734c1bd574129b8f

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_K_COL.HXK.encrypted

MD5 b48e42eca3ddbe75912c9f162acb635f
SHA1 ba14089cd1b5bb4c9e36d2e2853c69179cf61c68
SHA256 76920fa84ea2b19ac1871b80f0d0166a668969d03400a52f739c7b0ee7c2da8c
SHA512 01d916bfc78a0872caae0161badee491cdd4fd831b5bce4b136a7325db59a77af6faf164ba1e339d62088f3f50554aec0cef641a92768d28c23fa7636367a52d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GRAPH_F_COL.HXK.encrypted

MD5 007dbe8ef0c373805d7a48f374d0794e
SHA1 9598005e9e1523db6a677553059bb6fb61323540
SHA256 26d37b1845e17627a8befdd03e12ec4077e261487c5199b2090d363ba4fb00d0
SHA512 9f442282edc179f7e8f3b205e5c2471fcab7307d4e502eb4ad8e2c91ab65ab5beeee679fa5ce200a39309b948bc98efd4b1834e1f9cdfa72c12100aeb9dd0f7d

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_ON.GIF.encrypted

MD5 8769e0b71bdf88356d8068d473cadee2
SHA1 543781b91dbfb9b07c24f3fa7a152ebc81de1a71
SHA256 3b5236ac871f9f9685886bbf38ef52814115fb18f88da8f6d5635a9b9e458dd4
SHA512 8a8b1ca5c356e4f5323f79e93667321aac650d23003414b5a405e93c0eaead278ea088a6e4176dd3ce5f693dddf2a1401c821395a9317a75bd87c892bf362b40

C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Biscay\TAB_OFF.GIF.encrypted

MD5 5d7f9c8f7ad7f8fc2a28bdf63a986bb1
SHA1 921b1c2742b3acef4c089320c2eaac8ee0d8ce3c
SHA256 99a06e3aaa1ec96a5b803057dddee9d0177d99d091742d53157cf32874987dd3
SHA512 d1c242784d8f8cde27ac08cd65160b796d463dbeeb4befc688db93e589df21718ac57e1fcc9be04daae5e730e33a573f363f01c3f9e267af534fd8295e1a1bef

C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\SIST02.XSL.encrypted

MD5 2c108a1bd0a09fcc09ec981f6187ea50
SHA1 867f3ba9ddff3f97a76a484ff9fc452270fbe18a
SHA256 d5ca4e913f95f4a155825e622430c879189c977bde8494b9085ee02950581f96
SHA512 994f62d5a9d7f370f0ebff35ebeafa18f998e5b00a62acb44f77901457ddbd7ae17c0bce795e0ddfdefed63d3272602c6d14be49d0c7663a4d1ef0730065abda

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\BG_ADOBE.GIF.encrypted

MD5 5dc68f23e32a052f990fe16a01e9c766
SHA1 a45f96ee99ae5ddf1e0ea4eceddb09f838daa64b
SHA256 b075cc7063bdd2f68148d26f0b0544f5d5ff94e0d640ea2c27fa0c39d4c0b503
SHA512 3488587a570f1cb45dee7578cf58b9e6cfef25caf9774b711989a91fcaf8a2411fc1f9af4425c2fb64a06adb08480e3309940a321ec2f183cd236092a4b29b2b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Casual.gif.encrypted

MD5 7c03b98224f8bca63567f1d2b7392672
SHA1 44b42c3d97b17ff736ca469047c7eac52df0226b
SHA256 32e107fc8a7495a0796cb8129afaa0090b88835f15352ba47a278da62dfb9dc7
SHA512 176edc591ed2db9e07bfc8cb11e82dd0f84095c1ad9d517022f4ae67d32c34ae50f51d3c009e81c9e3a08b5fd86c7616863748ff6f5309d1556f9396d3f2d0f8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Earthy.gif.encrypted

MD5 e10ac22a31693d2aa611d619e3e13352
SHA1 9848e110e0eb2161a9713cff8dd93d2a8552c04e
SHA256 90e1f6f90fca3ed947596ae40fca5aea249920b2ba5c8dd5a8ae67a56de04fe7
SHA512 b27a81c6167cead43b5934889811f1af2f6b9ab4d24fa5895bc9e186fdb3e0a2a832664c5741b26c300638227b29bf6611fa6f3533da4eb9ff1400a4ddf79eb4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Country.gif.encrypted

MD5 e4aec09008b4506aea5891927d66d794
SHA1 d58444f8ca2c112c2ff1adc1d6821858e87764fe
SHA256 407b5465acb2990e23e0b6f7faea64efe0ea2790564e8dced20a2c6be9f08188
SHA512 7ebc15d04692923cfd2be03952c7a4ef957a151a6173b8e7332e413629330db7cad0769f4531de1c19fdd1e059190ed902e6b8a3942a8daec1396f1453c6c87a

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Groove.gif.encrypted

MD5 2e13905da315aa5a14782169d5f3a4c8
SHA1 82fc414d001c376f38f7a8e2c06afbb2c44b5997
SHA256 c8d4d966dd259c3aefcef200bb55cfaed695df3f86757309ff6222bebc46b8fb
SHA512 50e547c9cc60a91ef3b2ddce14bddddc1029572a89db2899a0b8d0842499a7365e5dbe22fb543e881c55730a1ba73eb505991d76af2ba81b75a90a7e3969280c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_GreenTea.gif.encrypted

MD5 a7acde37ccc4451030284f1e2223b3ff
SHA1 7174dc0d22751d2a3667e1b59138df705782638f
SHA256 29a636581fe00ac1e6d5b0de06198512fcf8c05e84b44ff4467fc2242b96498a
SHA512 1aa82afac83bee7ec69948b928d42aae7d667df9ffbe8d7f9ece382b2e78cb255d1e84f346cfff45e6086ce961100eabe5ed70065f44fbb243622bafa0d854d1

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_LightSpirit.gif.encrypted

MD5 e5536919568086bc7eb0b35192f8438b
SHA1 ce19edcfbb27b62c8b7dd37ff31156e3118f545f
SHA256 2d0acd168057a36a06c66e48b44ba26b19977a8bc64f634ded71397842bfde77
SHA512 02a6c097b87f2f26ba713e7ed444a3322cd9bf3e9fcdb8b3772b9f6cb052ab85af012f59ac192d05d13f05f629bb7c4e59b42bc241aa0a3ac02be714356c4217

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_OliveGreen.gif.encrypted

MD5 d11d5970d0379e9fdb2d0d82a8f64115
SHA1 f3bf697f30cdda85f61e18ce23f477a167b4b15c
SHA256 b95ccef33ca32b80fff5b9549ee2f9ab101036971b64832658b6d48c79fe50a9
SHA512 b058a79c1cdb9a8c8640080d7f34bf77d85833b02333cf47d36861ffedf4862a50f8d06dcf7605983ff2a8c176fcdfde00b4eda97031c9d410c98c3bf19d75ac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_Premium.gif.encrypted

MD5 a6ef1d83b605d160689e699ee43d61b5
SHA1 8623d704d01458818ae456252b84f243c4ad2d27
SHA256 7ca4844b515b3c875aaacc4e5ed557d6a661f94f65c34a01f3181bc8ca4eb5ad
SHA512 3639d276f42d2fc5ac71113857949bc069dda9612739631d71292fdad6c66ad55979192a924ae97feebfd669c1161d01ed1d2522fea8ec4196b4673423f74c31

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_SlateBlue.gif.encrypted

MD5 adfe8b25b1bb91a4b1750eb89defbd68
SHA1 795a20799109a4fe58dc284cc038eb3cbe24038b
SHA256 1beb5ad5dfc2376bfc99ddd5983a678713032c20fad0e9bd8962791ad883d4d4
SHA512 80942a1e2712167fdbd9f29738760cca1722d6f5bb74d9c71f2ccc866e72b6839a369b8e3aa84442d76c797f35f4a1890ff1805951520c5a9f099a808eef69e7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_TexturedBlue.gif.encrypted

MD5 e9b0c0bca6e89aa7898e8840a5db3473
SHA1 74e17c9e8542dfe688df75a304416149f29b4c38
SHA256 9c0c6ada0efe553de56b78dc2b249dfddbe9ace0b7fed18e2314b0a0abe245ce
SHA512 c4543bcb23032b7c0965378dae5ff43e2048a6ab27c3c53efaacd6ef9399d845793fdf55fccddf7fcf6944a1263882f9ff8594293b8eaf388b3359d353e43f0f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\bg_VelvetRose.gif.encrypted

MD5 ce37a6dd3c6d5707db75036976ae2591
SHA1 f50324ad4dac8b4104f6da3fae59052ea2592684
SHA256 564c3373c60d820b40ab61b3ef889a7972bd26e5dd0afa0bd586be82c3c1a87b
SHA512 5a64063685df89ba867a58464352130aaa1174625aded3f13e55430aef60f3435979e856346e1b47e68e96cd004553fddb30976aada387323b2e42ebf8b6131f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\BUTTON.GIF.encrypted

MD5 4b50a730debb800814194f35759d96d7
SHA1 165a276f69d4f1027290746b91886fc1911d0e4d
SHA256 47b542437f5ba81150c457f27dc64d6d19e55bad4cc620f75d0de71149dacb06
SHA512 6e271e9b4295cb34e47e9bbf978862f1d8d709300f8ce9cd688ff4d21647bb151a7630bb23b288a6a9963ec82fff178166662c10f950bef6fc3c3647ba4eceac

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_OFF.GIF.encrypted

MD5 820e94ac7be7205380c9775427bdbd3c
SHA1 8bcd46e0d1cd9819214098059a04e37b88667277
SHA256 216bf668c0e605903850a9c5de746b5381d236b13acf788779b3077a3a8ffd2a
SHA512 c20899a2ff6fb4857023c3bec93e0d4f8e2e3e1dcf3803cefbd1b97508fe32d717c7450cafccac1d9520cab9b723753c86c98f091955a2389d3aabba70249d48

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\TAB_ON.GIF.encrypted

MD5 cbd455fb1a7810eb51ff03ced1d7adce
SHA1 cad8ab640c802ccba57cc9cfc017dbef2ca48822
SHA256 fc02eaff5d636c8dfb82f5e804464e354b09cc8bae61bd7b5749c8574f13344e
SHA512 72af62aa4f1218c56fc6bbf9808a81a4b423bb66bf77480628d3461a812efbf507e29421dcd6aee8355f7f8d8065634470c1e2894fc83a4bc868dc60e425578f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp.encrypted

MD5 3199227c00e4bb90d51b2865613c59b4
SHA1 5c5166bd06a565e2fefc5f4436ddf9053864068e
SHA256 cc34c628f5ea203f4fdb750729a8a229beead85eb2d12a7bfc4617f1d6181d7d
SHA512 e783397620af10f927a57ce05a9f5f6716b999675d3f5bc8c59e602a326f53ec8eb63efd64888222d091ae052c339f0b88da09a4c52bc4d1c381e08b9b284ba7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrow.jpg.encrypted

MD5 4d83c3d9cc333a79427a6e7a47aa6eba
SHA1 e9b1076ccb63c7c20c63e4bca6422d0eb878274c
SHA256 3a6685932aa937b5d7e7a762008df8f8e5297d0f0718eab8ee0235ab4ab1bac5
SHA512 89116b308a4be73ad9fd7dd4a99e3b8134028101260dacd324c1db192629eee683aa2e348bbf752292425738bc9163ac8e0c267efb0100d6576ce38a4313d097

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\attention.gif.encrypted

MD5 b218b522d3dd1b8cc3f7b35017a54756
SHA1 94c575107f34a23a31a74a88269633750f277f55
SHA256 f04d9ab8e6c77069d2bb05cc207170b8d2ce2593e1abf462e18a03fbc771d8c8
SHA512 3eac3e1fd9fc44276eb643d22b0179726f0b89d86552c95e5eed7623df9ae1c634dc8bad9127b5e72817c96570595717a7f0b5a7371df08883f6d055587f5ed4

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\bg_FormsHomePageBlank.gif.encrypted

MD5 53f40f2a5a778951e2e7f703504bbbda
SHA1 b5c92b1bb9ec2d4e3839293c2953322acf4c0834
SHA256 7351894a355802e95bb7c4fb3fe3eebecd8ae5627a5e61a5cea211e29e8354bc
SHA512 ac41c12bdc7c6d0fab14ddff29681eb26c20a36a59f5be12ba26e9cccd08b36bcaae1a59b70129a3b225ccea79fa1e6582159a6b86e6b2b4a49d2c383cc48452

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FORM.ICO.encrypted

MD5 b18f23a22acbd1e52215a6849efea7df
SHA1 16dacad603d2340ad9ac2755d4c763fe86734104
SHA256 a147fb59cd098c242657c04ffc8d638a91e864d8ce06cd12a9640cdb57703543
SHA512 c82b8564637dc7d6c14c56983d587ae65935ca3aa5db8918b3366ebd29674589f59c05bbf61bfcf27e4142c7a06914b68f23fb2983a5d277fd8c685f8ce87430

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\background.gif.encrypted

MD5 083e41b67b1462159c422cd56b72e890
SHA1 feceb7ea8124c1ca07d106dae7b9f22cc95ea0ea
SHA256 957c77c2897c4cd953ceef44e7348fa3362fb51cf2fc92f02f94dd77b39a420c
SHA512 4f3ccfa06e0bab553568c79e2eda2ae582e731fa8312e0fc7fb427d95734a8e1ed1cb7b39050c48b04d112908be753db6edbcafc29b2f66f446c76b5856bed17

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\HEADER.GIF.encrypted

MD5 1fb4e6f4d5872bee28c814c9197e8e0a
SHA1 70530b15ed35afd2c4aa56756a1c46e6370a72f3
SHA256 d4903c266ca32e64534c3ebfa5a9b204a9521f8b987368869c74f51fb94393a1
SHA512 02e9eb2ae66188eb5ec7f4b88992dd4ac5d01801b307f7f98af19eac84d758f6b9d976f7c422d1bbe532287ec2667231108e6dc1c56fbc65a44a661b1746bf2e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\HEADER.GIF.encrypted

MD5 04020a730d3dc96a498cbb7f8d766b25
SHA1 00bb0312a817fd78ec38a5858cfaacbf2014db1a
SHA256 afa35e9bfb42d94416ab11921fe8d0358de596f75b64fd55f881cb6ae1728b02
SHA512 8ad12a05b9a1def6f38a230ee0569784ba32811d701a3a54d03b7bd464bb51ba0b7223c40a20056980ca20489c9bb8533f632fa16e75969271d7eca44de784fe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Desert\HEADER.GIF.encrypted

MD5 7af2f9c070f8c01f62db190473f7fcc4
SHA1 090c3e93476df6f9b64131a0b2cdc32491fe18c0
SHA256 1d61ab5624fdb7f805da75d917e99edfdd09511413f1576ee5684d6c0270fa6c
SHA512 93231b8bc3ed5222de335fcb934fee27da56a10448ba64ffbdac8b3e6f6f8cc25afd0c0e1bce1ef0c24271662c085af51720bacd09252b4f2828546bd7410a4e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\GrayCheck\HEADER.GIF.encrypted

MD5 ae5b1953b21ae930d0c60946fcd75ea6
SHA1 03d83cce3e0b9d853097a3ceeebd35324b297b9f
SHA256 49f052823094ec6e4cff7d928f147a6450dce718b044a654e408b85162aacf6b
SHA512 4e4385b91c73e74e5c2a8ea85c612260994c3cb78f01bda6e845d9df9cd1574eb1c7a65a24bbbeab9f62f500b84225d3c444c5853480163fedda816a56b7a6a8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_ON.GIF.encrypted

MD5 d9bc5950752eb0796984199456325ae8
SHA1 24d977c43a02ee446b54895507236b2e7bb4b040
SHA256 0eb791809e4a28d74dd352fcc77fda30dfe7215154d6e637e1b7b1719e6145ae
SHA512 3f12877995109a25004a4f4b3ed373a53d833fd8f7c9e45432f75397e1f2c0208db75d2ba714d77343418e856b7f868089324bf00be0932447c41117ccede0dd

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\TAB_OFF.GIF.encrypted

MD5 120dc1c1cc67c275f431d3cd2dec2242
SHA1 2496ec97759baa5c28feabcb16820c5acb7ae34c
SHA256 7c9872e3ba64f4f94f7dfd994ba15f2f4326828e4ca8b7160eabefe6993cd3ea
SHA512 0f8698927b9d0e035657c9d169b71f5fbe9890b5a1ab56095de9ae89dba24cabfe81657dcb19a160537a871bee5377eb7f16b753b692f79d5d17724c9d00ea69

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\HEADER.GIF.encrypted

MD5 f0db195041e60808fce5a2c1b0b12d36
SHA1 a3bbc839b6e43f0d35905d6516a8489f5c50e918
SHA256 9ce0fc75905c69aa4c7fc3f964c2ed6642026f97152b62132c7a24743773644a
SHA512 9676ce4a114050fb23a24cb7a1e70e8ae9d03ec5e685b6a47fd3aa7038b627fb8f8f07dba2615544acbc41f711f4ff11f7de8f35ffef7e8d1ffd87b4dc87224b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_OFF.GIF.encrypted

MD5 46e3b43b64cd76844a098dedb9a2ee87
SHA1 0cda5c7861f24c6a921677664840ffad39a792c6
SHA256 fe69f0976b4fde45acc5f8e43878930fac5372d9419a195456cf50883ae59bf8
SHA512 424bca747960f48e6d2c3f800d00c4d8e50f7816ca9f5d9128d7945464bd790eb5e2e32bb8c1ce1a3bdad4a79d844d5b2f45810dd6e039c00971c476bf23675f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\TAB_ON.GIF.encrypted

MD5 2078fd947b2a47d21c9da5d58c67b459
SHA1 a29e4d7a37d36cf739d82b37ed4850374f6780c2
SHA256 6fa5a2ee83d56c64babba196898a4d7c0e4659612d0ceb2e7821d539b6ec1582
SHA512 c3cb0b08f652b44fbf22801c3d0cce29e97cd4a89e3d866670001aff92376e271712cce5e1c4aee05b00ceb191928e402893c4100b4fc62b5997018c0bef770d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\background.gif.encrypted

MD5 7cebb1497bb6d0dd582129ff8c7e041b
SHA1 d0bcbc9458c6759a73244bf3c92ddcd114ed1cab
SHA256 240216db02601a9372f8a2ac82f879955f6caf967b7bcbf4ecc8e0b1bdd11503
SHA512 9d32222f8b80eafa0ffe77a0c84f069d9b136c262d770274f53855fb6a5724bec74037f1aa3d3bccd0b33127f371d8ba311b57e691d6695c60ab36b6ab2c93b8

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SpringGreen\BUTTON.GIF.encrypted

MD5 0c19fe3a4ec44b5048880043a0bd2bf7
SHA1 14bc51b233325c232a9bec521b9810fdfa378228
SHA256 92093830f83cbb6d4157d87c9ce2b2264dd3978195e740514d67ca13f2f6fefb
SHA512 ba9dec959d06974f4b6307358b374811fd9ee1071b842f837f9c7ad19f5ed0024bf185810c8ff70e95a3284b655d16b90cacea77d563a4f033241b39c512f465

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_ON.GIF.encrypted

MD5 1b8b7cc8c5943b26141d74b79f3cf42d
SHA1 f01537a54d92bede3c8775376f9b007e74768d56
SHA256 61600a6bdf014f2c8f269fc90b445896c113f6f4535b294f1857102ca9fccd0b
SHA512 6116f3ba9c0a869ca82b8f63b119aa8e35730618b591e627067e5758917e46ebf42cf3a4e5432418680de729fd853c4e1b6c6e0c3d4431361f4d4aa4998935a7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\TAB_OFF.GIF.encrypted

MD5 20826b9f9224862a8bce5a8a80b96a58
SHA1 3eef37c69e47ec1a10b10ec6f71c68ffaa498446
SHA256 054502b6e656e2dc0834a13f86b92bfc4dffb04d928838d0b1c37e4bf9f9a809
SHA512 6420790bbee140c1f474aded3cde1328043b8c2ab87de7df0a3b03be784ee943897b2195928471f45769a9850d597845950cf088f840fee64f3472b9590d264e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\HEADER.GIF.encrypted

MD5 12be3df4ab6622cebbc7448ec945ca44
SHA1 6e7f550e5b2218267a9190847104eb8dcd11a6c2
SHA256 f4f687385653e9ee11b02d3a528af7aee69e0580dfde3353b5f8629da1f510ba
SHA512 dc1c8814da108216412add6789f351dc78c8273fe3b81492d0379331a200253e92da1f16c803d19f5ad5d11aabcf28310478c51cacbd621cd01ff59fa17b726e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\STS2\background.gif.encrypted

MD5 46e2d940b7c7b553c46dbaf3974ae742
SHA1 219d82e28c3f990f01714124a4f15de02a56019c
SHA256 71520df6711c0e8944230e1ed6fd1f10e67f3cc9acf31c6e4660d50bd73fcc11
SHA512 6cb5954f6d6e18958dda136f53a83a5ac82e88b708620aa990d4ac3f2d475a202d901864c58488493b1a1d076cb22dfd50a00e712e8e42077c6f305ebeea532e

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\background.gif.encrypted

MD5 b7fdc1ebb9e3aee1d3d19138ca6beb4b
SHA1 532062487d53520de263b1946101bce443df3577
SHA256 9a8bac9cebca388ab041574399461bbafac2d19b47bb30129b145c06a911b140
SHA512 a7e74559832f443e2821a8494e5ea72236b0e957dfa228922077df75840896d7543569414d83e56a54bffee2459ce76f428524b418936fa6df7f77c4d34d3fb7

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\HEADER.GIF.encrypted

MD5 d4bce539f16c845ac6963d845530b246
SHA1 693e066adf082c0783502730a30aa8883913f614
SHA256 8757cf96ddbe01883955aef5c9a4acfed13357f36ca7a50a411eb5f690b6d2b3
SHA512 9aef933e1dd5cae29389240689c9e0bfc009fea2215f8fd8cd8f69b96aff6a93726fd56f61681cd8f7d6b2c604eccad915e1787c4d627ca84a40a55a5fb83227

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg.encrypted

MD5 b3ddd3fa017545276cb1c63da91d8d68
SHA1 61906e07ea6a76c065397d65dd3ff34c777accb9
SHA256 246ff763f36c7e8e9cd5017746cd9af456f4302649d06d801e433cf6e50c58cc
SHA512 6cf8ed0199c4277d3777470c0b982733d6ef398b839325defd1b97000043dce433891cb01678864838186ef964e8e5628e9778e6820c328ca89725f7b2e1f057

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\RTF_BOLD.GIF.encrypted

MD5 d4d09d57e46664c05717fde9c824a3ef
SHA1 6756716cc159810458d65b6d6839ff282a856067
SHA256 7bd5cf94bd32db66cc1769af1a896ceefd07d1a5433c476a5eb278f7f6a7b0a6
SHA512 96138de3d6d671057cb4b0048da8dc0e2185e4c29dda5c7f3abefe2d984990b1ff1a0834d69b59863d9bed97e189892008c3b335416eebe017966cf692918069

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_choosefont.gif.encrypted

MD5 a6569a67fd649cf88d1a6cee0da519e5
SHA1 42c5883ed7dd99671f7f49e5972c8b943a208528
SHA256 6c4671a38f22e54552277c9f40904dc049357b5db8f3510b9e64c00b62f7a6fe
SHA512 c8d7cd36b653f7bd91cf0e7feb25d2f06a6544fc0dd443c0c5bf9486a74e2c8cfee9a798eaf5d03fd70bd8d1dbd8fa6a6616840dcee9086fdf4dc8fd1a1e52dc

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_italic.gif.encrypted

MD5 6eba0875b74fccce84ced66aad8cfe48
SHA1 86ff08b879317077cc3d888e6380befd74b32cfe
SHA256 1559a7e6808d80f54f2c20ed303955007dca32d9ab013726f3f0ce26552f6d94
SHA512 f3cf919d793f86212a4447e5928c82fe6f536f26613700b69e4fc9f15900be00927453c04dbe08cdd279b3b0ef389a73375d8231fda8faa89862d48fc953fe4b

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\VIEW.ICO.encrypted

MD5 cc4a0da9a035f6b5aa9b4dc446aede39
SHA1 a173d3f81eee33e7f4a71fc7086611631e847f6a
SHA256 3c01e717ffedd9cc639cb8a432804351497b23dcb68b77d601e90f601db4ef5b
SHA512 0e4f987c4444a20f46af7e480136a346f6418ad93fece5a1c7ff2e5272621458737e50ee8deeea95f6be122e08a54663b99d30c98f26335104ce0d01597b3622

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ADD.GIF.encrypted

MD5 02b92bcce7c87e471e9ca990d5e83651
SHA1 ff0238c643cf8af0c2d7609ed4df5ed1738398da
SHA256 0e957676fd8d48ab75ee27d1f0a7c89d46db40a6fffdec78e90b0196929032a5
SHA512 3e7d0e7544336854598de29a8a33ec72806c40a5372dab994ab3ec28d90952016f9b176536b4776a92bafd2ba2c9dc9f441f19f7855d072ce52ad5637708af8d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg.encrypted

MD5 3165b10abd77accb0c77509ebfd38b61
SHA1 3c32677141aa2d1e3feee45eb4b23bd365a41335
SHA256 6ab6e96016217d303d2f90d61be3df2a9d5e8dc7477a4905e827a6333f80ceaa
SHA512 15b9754cbde646ff8a3a520af42ba56db6896d7f15758d06882969a09007a08b05856d0c52aa8c555054f60a976fba18bacda9af56500680247dc44d71226b18

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\ERROR.GIF.encrypted

MD5 dcac15de15daa57d0089eb3c6895246d
SHA1 01f37ae9f264702d4559befb52b8f1257a00e93f
SHA256 228bc3af80a535421404d56f0786158f9ecad0165bfd731e46437dc70f68cce7
SHA512 f331f46dfe27372b2a2121d91052a052e6264bd772b40f9d7050dee3ac48d012e476eafff1c6ac63d1755d43538ac71e67306f009ae8e7c8875a3a27aa5e663d

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\DELETE.GIF.encrypted

MD5 5ca44de97cf697521ea5f2f31dc2af1a
SHA1 53c4acd4b5a35f9eac452c05f763c38a0457eef0
SHA256 8790b0f1eacadb2c12763541590549bb19565f52508d1e0cc3fa7267b9b502af
SHA512 01ef05036037c29340a053d32409f86145fef8c72677f89181260a8b8932722b91ccbda7683854c80219951acdf9ff90f8555791e97ab5d8063f187dcca7893f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\CALENDAR.GIF.encrypted

MD5 9954d7d65e78e658cb6a0cf780867c06
SHA1 933a01e9429737b7d4a25d86c0f842b112004be4
SHA256 5f4f64605b79085d41ac24d8be7cf852c51cd9aef1556702c7175df399840124
SHA512 b30cbf43932fbe723b063fc595539353dd0798f90a42ce8b7abd28d1672ef2ab0d71ba30f8e04826ed26fe00220ba692b4dd07ca917a53f973ce1fb2314f3b5f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\rtf_underline.gif.encrypted

MD5 6ddad81340c36e3c7838dab1de992256
SHA1 4c8bc7df87de4634e820da0a1afc2cb10a9a8ca5
SHA256 64498fb0e85da9c280cc4e6a4d9933a32d8fd26242db801ef616dd7d2dd20724
SHA512 c12c4ff4dced53c7656ab0631be1c30d1227e91b444b13c761476ac4bd5aa09205edd5403d6bec2ebcf1b3eef2d621230ee4cd4d32be822498e3f47ddebd4664

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIconsMask.bmp.encrypted

MD5 ea33dd8cc1e38148928bb8f08cd7e74a
SHA1 47567e82e2566bd85bb1f9e1578b922692ad2cf4
SHA256 7905d35203bf217313ec3060960f2c55dbb39aba90263d1cc58743013b073289
SHA512 a59fe5d1fe0053fa45662a217a4b177760cc673004d12a4e501ee89c25569f141aa4609991df43de0612b991bc817637a4e5fb40ca7b569dd12612276726e980

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\LAUNCH.GIF.encrypted

MD5 b921394698f77d0ba5b924e8d73e47ef
SHA1 651675e31bed6e60588ce8230162e1ac560a58b0
SHA256 3eb60d4659915416525433db347a233617f5786a5d948e18f9eaba43ab58a136
SHA512 9656b0db9f3b896b0640ee97e88d3dbe4a28ee4a9ebc2731df15464a100ea39b6c6fcb70784a458f4198adba26c6861ab77c259fc80a3a64fe882f5588d0dafe

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg.encrypted

MD5 c9379ca2ccdecea302c318aab8596acb
SHA1 32353968dfd06d793f2aa5e38c4a426f573be1bc
SHA256 374fc939e7dd671c99b8edd36fba05959dd42471be1a817e8d284cce4babd8c9
SHA512 b5d1369c1b5f2a0d57055dfa7f50bb38bc21b69de57dd39aab3fcbff3cb56fca6347f4b129c97c31a18a2877905995588701bd755413c46b0cf5bdec9d838d89

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignright.gif.encrypted

MD5 e45286ec85b50454cca83624535691cd
SHA1 e0bbb8b51ad7c8bb1617140e7107b20dca082ea9
SHA256 784e4900eb3818148416c9e29cd7c2bfdb3dc935c4dff2d71ff78348959f98bc
SHA512 cab1670f3fa1c606f29040e29d7b134c71fd5e23c31a6251668ae738a75441d44363b9fa715d1e11387e49235ca293e416de79571a0d5c406f87922b05c5f2ee

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_alignleft.gif.encrypted

MD5 91988615fa1aae2b1b1d4621be14e060
SHA1 4dcdb9c690c682477150ddc2ea0958df8bb79515
SHA256 ef5638193345f7650a9c00c2fe80a996e05d151ea4d2c7723b9c44231ba6f755
SHA512 a2d532fdeb52566b205e92604f14c8aa821e6ba87453cea4349b39c0c7296a3fe3d74f6726c8619d76e30b0f0ab6b4f23ccf197124af8d409aad44b239e5e20f

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_bullets.gif.encrypted

MD5 33cbb6e5f69203e0c739fe5ef8e91a9c
SHA1 820b5bdf8e5163e783ebff419942b7f665f81a55
SHA256 8133a950a82f447177a912abd7da638812f55f9687cca82a63771ca95cfd60f5
SHA512 49d7414955ae6f5b04f49099fb99bafc340d4317f5722d2c788c5566a6a516ebe56a36309e97d052d6ca8a31091f833590dd91d7e4062c27340ef2dede3efd8c

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_center.gif.encrypted

MD5 e5ec75523c9ccaaab0ef37b1b1ba9024
SHA1 1de9d05a5e793873c5e38ebfc81261574a669603
SHA256 8ecfdab6c7bd1193d18bc963a5dd5cb914cf9f9b3ff954eefd259d121bcf662f
SHA512 721c2f9ee573e35d8b2de3221545c58343ce63deaba8a0942771ba2b103be40acd606d56e4716a07dd2002f7d975f20def5b75fe459e713c5872445a799db441

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_decreaseindent.gif.encrypted

MD5 f58893596bb60ad0eb78dc54a3b40033
SHA1 63eff0fea360dbd74707e62256d212b5ab39b603
SHA256 a750d73a30ba53667513a4337e955eb52cee9990fd5f6201795effb0d633ce95
SHA512 fabd230b6ae913639083c18957eee39e6cc926f5c25592182275d4833fffbc1fdaee9934a1595ac8cdd28a08e8407c8419c573d13f35fba9110d374053d496d5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_justify.gif.encrypted

MD5 924a23390dc0c8f83cd56690ffd639b5
SHA1 1c5a681f142493d9a719d88730072ce9cb3ad47b
SHA256 66114f3372b8fc790a8bac58d7ccd283aae5e3d10444e52670ec50c3c45ef288
SHA512 055a16ec2ee7cfb327933d75f704d1bab4a3a06c11e85ee9c3543a88f0901ac3b37ac92265aa55f7beee349598904ddc938575887eef319b81c14d3b67e3ed38

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_increaseindent.gif.encrypted

MD5 2fc1dc70d7ad2cdcfe4d3fe4fd29255a
SHA1 dab0d30f9bbf6fffc41f1779190da16061539e6f
SHA256 9638f0c7a9d97668a657041d8c4dfd204335b91b6b3f1d6781a2e0ab97410743
SHA512 4a89e131eaaa877db6ecd921ef0ddbd0cce0338d1b70e3d3acc9db4dbaac541f728d6a0f3786080599eb796709c081c5edf163eb511ce202d16209e33983d6b5

C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_pressed.gif.encrypted

MD5 5ff819131c394f7409670f94f16b00e3
SHA1 24e9d89773bb1c8285c4cce9e6ee5c938b8df2cd
SHA256 b0fcb6b00cc2269c2bdb5c8cfdb73f573c1419b8e6a66d04726fa129f43e777f
SHA512 04c5154afc9a93c3a65e8cd7b3e36f63f4637976767ecd31f63d567a4661def255446f285323e6f8bc55c72463e6e53b793d4ab47d6e44aaf65fa2c357ba298a

C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\Microsoft.Office.InfoPath.xml.encrypted

MD5 c5935f74609b66e0378162b15b828fcb
SHA1 ebc6199f3bc0321142f614eb362ec43597902946
SHA256 02a70ac865cfcd959e69bd696566bacb7f26e2d74a00059c91635b994f6e0875
SHA512 60713e7bfdee2d83ff25e9ab0374aa3402aefd148b0616109b9c517e0d6498e73ff2bbf9874fb85d1822c905800e5d0f3f99d2866d29582e764aabbca2862feb

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\TALK21.COM.XML.encrypted

MD5 003bd7d9397736e30a282c69322356e2
SHA1 401907b55600b808f02dcdcd29a6f6c5d76b02ed
SHA256 75b7122ba190fa47954ac92378f0f7dff90925a67d80d1a74408041ee41baaa4
SHA512 288cdd93ffbfae1184ea854a7bbf8c04cb78e9c035505b26a7a5969a7e407932de38ee2390b4fbef23e276ad75a746b635b83d1ee961af90049de6ffcfa1617b

C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.COM.XML.encrypted

MD5 9b53b688ef0de0c144d6ffb754ffd669
SHA1 2335e4377125b697c048743d7057b0b53c7e28d2
SHA256 f5cf4864f348c2483c52365cd11a75e0d5f82b3e7f64aa1a53b5193edc992eb8
SHA512 6003d8d6feb5de6eb0080750734e885ed0f8f82da97108057c12b0a585bb76c74c2dd222e8297d6f47d9ee5085ea78703b030a93397ce19b4812bb735d3cc988

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck.encrypted

MD5 049ced07dda359728bd97e94c76de9e6
SHA1 5732419cbc746060a5d30ad7cf0a4c0be2df7251
SHA256 416f7a4887bb2bc68e414caacbe2d5bceef4c2425c347a6d805c0f4d8ea125f7
SHA512 eaddf6e330435df1eb6f6bdc3b46660e69745c1246df89adcb6e913248062df8755e81b7daaf7fc4765e1006e24521600018ef0b047e8adf6b487602080198ff

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.encrypted

MD5 70374da00fdc4d2bdbce5c5caa399206
SHA1 875a4be4612a1276633220a8463e9977636ed295
SHA256 4212b1b64c8f83d049c347ee805713d138d749d798a406efc8ad7b706464f196
SHA512 0f0f4de59fde6d2ddc21effc5b993da7cbc287c4561bfb50c14d21e991a6c6c096446a8a80ac6b38e831ed161ab6b50eaafea59c3c48a734e2e79856fb100e6e

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.encrypted

MD5 91234935b7615e2e73a977522a09392f
SHA1 17343ef42cc1c564a1f241a53e7c05287dbf06f2
SHA256 42a4887a244c0a2cd2af2042c06cd4dfb1c1b0a82be2a0ba1b3ab48e25fbbb4e
SHA512 f2b43705d59d146c8517a245dca1ffc50fe691635bc07c3987b5a642c8f3a7881f3ab3cfb426d26e6cddf5fd1151f0be7e70d495657b1eee4cd4dec22c380ec5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT.encrypted

MD5 1a3d5e5a10b12375d19596c1d2cb37cf
SHA1 3c82075074febdb2649fb58314510f5b8a5c5064
SHA256 3f8ae0e6700b2e69f68eab9e9e26a2bf81220d16fcf50a2b0b5e6019df02b4fa
SHA512 38c8959b59cccacca0395c9a1c14a4880866522fe4c901faf6dc936bc77e8bc2ee15d567c435e83634d74b9b40cccaf1d56df457514bd8409d1d5e73c8cd303a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.encrypted

MD5 d85b283f481a52af78f8414d715b7d43
SHA1 dcad5ce9f2db636ad6eb197bf4b0a44ca7095d68
SHA256 1657ddb7e45e2da483fe2934985b1e646e5125aa7555c68f5e5444417203b295
SHA512 6668810193b5da113dd1ecba1debecf4f3b2eb9a60ff229c1879cedb15b9d1d353b34871dc3e0a004fe5bd0a65985b549fea86e03257ef42785ae13fd26bd7f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.encrypted

MD5 9e3cc85af2c214a8d41a311d86ae1b2c
SHA1 fa03daf3e2385b4017662820ee4d25b3d27c26c2
SHA256 ea32973a055277483ebe9323a1a1f1f3a8bae80cd94d339f24c34809078bc9ec
SHA512 7876628a5d6cdbe609871ee5221fe8fdf4d2052402f58561eb932475a5abde2b3101ce378e537ee94216be2468642154e82a0613968e3f7bb1c8c156cfd155e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2.encrypted

MD5 30bccaf7164bfdd25987f28017656dfd
SHA1 958e78d7d18a2f487bc17bcd0b4e14f1eb7748f0
SHA256 020d2e223757c746d902af26fdf5b7db6066f02636d9fc458fa045ab1d1abc6b
SHA512 612c3c911f4f97fbbfdaaddc188a225acd982373973f8da8d7b31112290a7662f033de1d03645e78720b44ff6b2807e25df16b0abb57db1d3b76ddb45420a1e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.encrypted

MD5 344b3ab1cb29dffc84722d8a5a270e44
SHA1 74d2af9c87f09ccc3be54bbdbfe00f4c992b0951
SHA256 11922206081661bb867ae95c79fbfdcbf0c660e3ed105029ce06efd7635ef637
SHA512 dec86d89e2b020dbaedfa06dc957b9fefb47e1bcb1100bc64c3a3f67d2c7cc4984d0b43051dc013ca8b38f87797468e0512553b8af3a0a4ec3f82d60831157ac

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms.encrypted

MD5 b39634ac3c8a04f59f20a55b6c06781e
SHA1 9c2062648224d01dfd61e6feb58424b9de16f690
SHA256 c39fc79b70806d1286d8f341de63055f4349a64e3d9b948c5db299c75aea00d5
SHA512 79173852f9e83ff9de68ca381bedc28b98aad2e38a9e639ecd06893b436f35637033583335c36738094d10e6fe27df8bd5b6d5dc6b324be8458a325da9e04703

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5O2ZS8DL\desktop.ini.encrypted

MD5 898a9a3eee060b45c87ce4b4a2a8b62e
SHA1 e78b8bfea88e93699340f4b0cbd5c328905d381b
SHA256 cd447ff1a58e611dad25c5ef3137d056b4c9be56c429cc3163602c5a7e19fa6c
SHA512 02c884c473217c99f8d7c1c6d26be5495619e13f372c4386fcff8286b474550629953b3de173753150526c7f355fe20d36b9457748c43594834d1d189cdea5e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs.encrypted

MD5 096cbbf59de4212509086de6f91bd556
SHA1 5c8bbf5c45b2bde23aff675ab9d6ce43fe96e641
SHA256 6b8fe78f48dd7d399ffab2328b18ef9718753b22410ee938bc78c0f63daaf98f
SHA512 14cf913cbc71d1667218314d06eb86126c19c44d8e9c21da67267f606992f75ffeb717ab19f92b42a7a8f11bc8b5be52eab9b27b7b6fb6fd63d8f3571f245c65

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini.encrypted

MD5 648555a0dcc29708e473177e024403c1
SHA1 7ce2bc4914b89d8150b1176599fa729598ce2c96
SHA256 3ec66d5159c878ce35d495a9c3d689b098228ec30520b53f5a2615c16c0dc5ab
SHA512 ff0c0a6185e9375b1801a4e3cbb26ccc23373175204d7b109f0b9dcdd6171f79b8c6c42077401319c622122dca6190b8bd904be4ce18e4e3b26ba230cca1c787

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck.encrypted

MD5 2fe24c447cb21c02a0e34d9276bb4e48
SHA1 8242de795ce8f08e411c89b87afbfe57db394a95
SHA256 3c9d77d849a9977f87b0b8951ab698406125a03ae1d94274522c3fefc912a2e9
SHA512 e19db14910b38a93a64530961f0f0fe3059ed628e486b2312d16e475c79423046dabe1631b1ad22c2a2a3e70b4ac10d7f77167a94d8e52b42edda31989c74302

C:\ProgramData\Microsoft\MF\Active.GRL

MD5 b3af737dcd7b6cd73ed52a6ff7158214
SHA1 d2b4424b672bc9b1f410192c1fe458ff2369a8ab
SHA256 658b0b39b74a83dbceca8541bd5047e2ebcbeef3d71eb7195e95f13baef63c53
SHA512 a34e6bd1f56f4101e431502a3f15bdfa1b3c73e41c7d397b9a15fba32d2abfeeaa9b54e2e33fdd49b2b7f6aee49946808d28e36f9f59669584059d4a519e7c2f

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001

MD5 c5654aedb4a8dc944cca008bc37667e4
SHA1 2768671ac52e8cd2450e930f1accea91ec17d925
SHA256 47f38b5fd69660a720d192f1074d023008bcc8621eaf527af0ef6bfdc0a35541
SHA512 a8a10f8233c2795288337d877183f4264e66e2643c378b6436c1dd3d5c7ad2d83c88282f1688ccbc75f55f0ef86d8186eb8073c6299b46a83636ebb6d2e6c6a0

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000.encrypted

MD5 d7707af74eafe5afc0173ee8f01c1d4a
SHA1 846033e003a87e2fa02e1d4fd3c12a3f07631a13
SHA256 2cb1b5a6fe77e2268ff7357e36e372bf3dd13e37e4884e25b68abcc54966eba7
SHA512 69f38eecda2ed3f72656b8ac0f99a97ea91c9c73f51a7c4bde1c4a3d0acaa24a6bbbf58833ccd59fdc1badd71c9dc9696ba52decc89111d61f8d5d46212ad418

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001.encrypted

MD5 dc3ffc07d8df4bd8b256efd354963ace
SHA1 0d7de8ae944c29f6e7ded76548947ba22a9443c6
SHA256 c75ddb5523dd3b332c8497f3efcacb836179c6ad6ac47fd4f526be66c45d3dc6
SHA512 799c1b17303b003eacc61b1984d0ef6ac433e2443903ea103950af21f984653607c136c66970c8b8a722cd2369592ecd535b4cf626f4ff3a98f779def0d8c0c7

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001

MD5 c3b1c07e45146df6fd5cfaefc139a966
SHA1 44e50dafb71b8842c602cb4eb3437e5bfed777d7
SHA256 b77fbcc7bc57b8a7d733d560874c9b6b210cd5470e7e1ba9080ebba8ac7e55cc
SHA512 e0be9876ac5c0dfb8ca5e2a1d1d5567b76826b703494fa163627300e95b085d764107a4548da2d53813a620b7a88504aab03d0a87ddec1ea15eedb395ebca6a9

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001

MD5 eee56c115f4098d6eba963d8ab793940
SHA1 386682a8c4102da98047c8c61edc258732c6f473
SHA256 64e1d5f8441022ce5e492461b1ca191d0bba5f5818171b76662727132aec0c58
SHA512 bb0447dcc98870795412c7ddd0cd5bf767af90c296bce640ba705577214a87ff71900696a26c5d9e1e8847701d5f27600f508669ec81dda08b67125773e32706

C:\ProgramData\Microsoft\User Account Pictures\user.bmp

MD5 e70406f5bae1dcce9f94ad150dcdd05d
SHA1 8a1abbdaa070042f88d076cc2b8b9753c3b1143a
SHA256 290feac52050622d75a229ada0bffdd10d84ed6080ce1db72281a9f8bfe8a628
SHA512 0516c1ea09c3368221718e6b184f93eb09b34be1e5c21f6fb3703f6c6d7975320ccc2c73bd20e0d0ec08e216fbc9c9754e5edf0f73db6af266d42f7dcd215544

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

MD5 6c8824bdc712767a3705341c43e4e403
SHA1 e4e040a4c61e9e05edeae12f356b73eb3aaf3f04
SHA256 b6fd5495d3f38b98476324cf3ec1b87c2b1d4ff9d5d8a7fe024968ae40e0b7fa
SHA512 17e9476ca52362388db2bf590435be30b5d1e8bc97d978d432c803539c0a995c738fd612c51f6a39a7a6e741c4c4fc22e3fe408f949ab1d70924046d1f94cf0f

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk

MD5 0cec759ea03d47fe525757eeca697075
SHA1 46ccc15e6c1ff9221eeaa66558472af401600cad
SHA256 bf55542d8b132d38087009b362dda7b1d314616867f5e2dada0a2bd7031773d8
SHA512 222495cdeb61a6663f93e6b007e73fcb13b2feb3792856b5649760628250cd93648f43da2193cc0afd5c85ca66b1aae927a30da658d0a78aa3defdf54e31ba43

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

MD5 93ca901e8526e45f6f2308983eafd321
SHA1 16cb12bedc01603043f972342c863e17f27db2cd
SHA256 bac5f910b0143feb48676dfeba0e36f0905dfb386b6083f64557feb1b27151a6
SHA512 a6fc933137291b3eb1ad4ee2ebc04b60cf0331cfb710785b60d21b0ecdc01e0564a21b769ba7b4dd7a32446ae4b089671ed917beaba8be7b77bfec3851ff664d

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

MD5 60a384b20e99cbda77d0f9c23682b0dd
SHA1 20d3799adfc17c9affe6f2f237db5d7f350d1f68
SHA256 6da0c4c4ed2da5e17e01ce642714e5f04749cfa0ab5e30ae2b9b411689004a1b
SHA512 d951c8ffa9fb74fc21989b69e010876ee873833a0c4d3b93abcefaf4e4f6a01f0ffbedc11ea5f0e8020a7bc76dbb912598841f69f3a8b57b16c1fd2ef67d584e

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.encrypted

MD5 02af05730023dcbadc68b46d0998778b
SHA1 90c409babc76a2eba3f5edc334a4c3eeaa5a9ce0
SHA256 7999733be7261e902e2f93016e2a8f643c30cdbce2c0dc23f89d0257353b9e83
SHA512 aa58636129e53ac0d25afd4474f1b78cbe23d3fd02c8404c7d5bfae47e4e9014e888a44d008b78700de30b059e5d7a38e7b3126b5427e83eef1684632149a200

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk.encrypted

MD5 26d76530af2b7eb940539677c14b0316
SHA1 80b67b391f3b3fa26d8578273ef4bab1a648bfc4
SHA256 8e0883132899aeddf0cf0a529ab6d969be8dd36ca7fdd3417d95f4572364a2c5
SHA512 7ecb4b671f09b3544fe8ef9baa0130f4d74318d92e594eb70d565ba52ad070ca06e96c621975f59ffdd8fda4ba49846e17e70efc0c9f1d99e9f1523ab2b380d5

C:\vcredist2010_x86.log.html.encrypted

MD5 45c2cc5af0fce8fcba875caea2c5e4cb
SHA1 db7f0453298a7d09f3012cba9b87dff83c020b7d
SHA256 cb837434de53fb78ff7e4bb8bc817aa548e6fac388e9f190fdc1186bd38fb180
SHA512 73604466a5bea39e9dbe5b67ba7abaf480438bc03af16fd56670f24fbdb67bfc4d5f860dcdf4e2b1a8c98fbbc685087faa788104f1e8c9d7cf09800453e60aea

C:\Program Files\desktop.ini

MD5 b777eeb92b8b9de6721bb93d5df7c5ab
SHA1 35639e6b363880693e34e7e6ce2ba75bbdf4216a
SHA256 1f4de8de80eeac64914c46f1b2b85126d8e2da5969cd50f8213be22de73bc777
SHA512 9e0cb635b1684701dce1ad9296598c01ba141674b9cea39c3658a332e074661349a4ee976ff7dc11a89c6aa1f28185cc11df10052c54433f4d65661019361a00

C:\Users\Admin\Desktop\desktop.ini

MD5 df133793f65ff54ea93826fc6d145347
SHA1 a1c68345397f33edc0d8720a23cb32a09747aa7a
SHA256 482a9b0082d5d7ec38d4418ebd0bc11dbf832fa0aa2cc771d18cac831a06b117
SHA512 71b87d41e40a5a65e057e07822b504ae53514610508c6d6f0fe16176e5b353a35b9b80f9629d016fe65aef93d0296b2cb211abcd89318c43e2cafa3be15046be

C:\Users\desktop.ini

MD5 cfe970d486ef4951cc32032cbbf290bc
SHA1 3eecaad37a7a7670a86509174f0be496293509de
SHA256 9db2b3591418f9cf3661daace691e20ceca82c5831ec02b7bbe6cb256a2b1de2
SHA512 e13b6c0b2cf5edf58af7ee1daf112a3b3427ef23f1712c476694ba0b77a87cb54b8644dcea19128c0589ef8824312dd1d66fe3e5a8e7835408d3c0ccfcd50536

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1D77FD1-86EB-11EF-AA78-72B5DC1A84E6}.dat

MD5 71eb649407cc1eb8064afbec38174089
SHA1 49f71ce28b3c140c2d3c20ca477b0f14c606ad86
SHA256 2b14142c4af42f858ca883f1e73d03be56482412828de8dc44128d764c22dace
SHA512 04b75bf1b69dc861feef5f14c1b2b2bac43657a3e41be6feb0a3db559726c82a344d081d8c8dc47ed1d3b682f0186c708579d8cd2bbc724eaf31f35e3e1453e5

C:\Users\Admin\Desktop\README.html

MD5 b3081cb5e8def7ba92b37131fc72e99d
SHA1 95805588b97efbcdc1c8be81b457168571cbcb75
SHA256 03dbde42e520eae6627fbcd30f41c8f629d0b798777dbfcd6ac9d939d51d3405
SHA512 4567438a75847a955233cbbf062d7f5741c6189b5351b97f6920da9b9faa2be14f283e64aa9d399d6cd07f18fd42761c6a2152834dfe434c833b0a657c2d6e42

C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\EQUATION\MTEXTRA.TTF

MD5 eb938e94656b0b9109641a6a4f3004d4
SHA1 5e84cef3867e3e88bd884106ed9275e68c5d93ab
SHA256 9ea58fc8e2c60c721bcc3400e58f09b9053c1f3cd8ca41cd84e726a9a3a87092
SHA512 4667f5a55a6a341833671dc5297a4a53ec8a8ecfc15de7ddab5dbd620e42da1049c5d00845e80901e7742f542c08099a4e8e6fc24870f18916177cdcbbe9071e

C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini

MD5 316acf694b27a78bed880691f4f63dc0
SHA1 1c6f641dc231a6a7267d58f556f28194ca4c2ab9
SHA256 69044d01fa80bdb92d0879e4ba6b8df701212e3d615bc0fbbc535c3d37ca1e62
SHA512 25e6800332d0408e68271cfef1a2567c5ef0a5eb29e887a4254a39e756d33ee158ec8bab323fe2511e11e8467248a9039a85ef77b210d7d32c6b4ddc3135b2c2

C:\Users\Admin\Favorites\desktop.ini

MD5 aab5b7d506aadbe342963a8fab5fc147
SHA1 3cd9820a791639534cc2d132e4cbc2fed98554c9
SHA256 f66ce44944b9a47e246d25284e151971cb2b3a40fe7b362b55ac83ff0fd400fa
SHA512 12025a8851d5f692b81a1d503fe24f5eaebd827647a450b22264568aecd269e5ebcb6b1d45013017e4e279c89947308a96821f3979aca7f1899af5a276da2006

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-15 01:23

Reported

2024-11-15 01:25

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe"

Signatures

Clears Windows event logs

evasion ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A
N/A N/A C:\Windows\system32\wevtutil.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Modifies boot configuration data using bcdedit

ransomware evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Renames multiple (12257) files with added filename extension

ransomware

Deletes System State backups

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Deletes backup catalog

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\wbadmin.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\cmd.exe N/A

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification F:\$RECYCLE.BIN\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\regedit.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\Desktop\Wallpaper = "C:\\killnet.bmp" C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\OWSSUPP.DLL.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Movie-TVStoreLogo.scale-100_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_rotate.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOPRIV.DLL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IETAG.DLL.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\RepairExpand.svgz C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\fmui.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\Microsoft.PowerShell.PackageManagement.resources.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\fillandsign.svg C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\new_icons.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYH.TTC.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\MedTile.scale-200.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pt-br\AppStore_icon.svg C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSO0127.ACL C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover_2x.png.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\MedTile.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-80.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Contain.Tests.ps1 C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-16.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\ui-strings.js.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lv.txt C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PPRESOURCES.DLL.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-125_contrast-white.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-20_altform-unplated_contrast-black.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_cy.dll.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\Confirmation.png.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\Newtonsoft.Json.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\ui-strings.js C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Windows Photo Viewer\de-DE\ImagingDevices.exe.mui C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FlagToastQuickAction.scale-80.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\faf_icons.png.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8ES.LEX C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SysmonDrv.sys.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\system.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\write.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\mib.bin C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\lsasetup.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\lsasetup.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Professional.xml C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.3.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.2.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.1.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\setuperr.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\setupact.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\sysmon.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\win.ini C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WMSysPr9.prx C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\bootstat.dat C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\explorer.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\notepad.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\PFRO.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\DtcInstall.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\Professional.xml.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\setuperr.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\SysmonDrv.sys C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.1.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.3.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\Logs\WindowsBackup\WBEngine.2.etl C:\Windows\system32\wbadmin.exe N/A
File opened for modification C:\Windows\bfsvc.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\DtcInstall.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\HelpPane.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\setupact.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\splwow64.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\system.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\win.ini.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File created C:\Windows\WindowsUpdate.log.encrypted C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\winhlp32.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\hh.exe C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\PFRO.log C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\twain_32.dll C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
File opened for modification C:\Windows\WindowsShell.Manifest C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\vds.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\vds.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\System32\vds.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\vssadmin.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wbengine.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\wevtutil.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5016 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 5016 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 5016 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 5016 wrote to memory of 3176 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\bcdedit.exe
PID 5016 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 5016 wrote to memory of 3316 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\vssadmin.exe
PID 5016 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 3708 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wbadmin.exe
PID 5016 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\system32\wevtutil.exe
PID 5016 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2492 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2492 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 2492 wrote to memory of 4256 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 5016 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 5036 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5036 wrote to memory of 2928 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 5036 wrote to memory of 2928 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 5036 wrote to memory of 2928 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\Wbem\WMIC.exe
PID 5016 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 5016 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe C:\Windows\SysWOW64\cmd.exe
PID 2372 wrote to memory of 4492 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2372 wrote to memory of 4492 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4492 wrote to memory of 308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe

"C:\Users\Admin\AppData\Local\Temp\2024-11-15_003a07edaa89b9eea34af223b4f41b49_lockbit_luca-stealer_revil.exe"

C:\Windows\system32\bcdedit.exe

C:\Windows\Sysnative\bcdedit /set {default} recoveryenabled No

C:\Windows\system32\bcdedit.exe

C:\Windows\Sysnative\bcdedit /set {default} bootstatuspolicy ignoreallfailures

C:\Windows\system32\vssadmin.exe

C:\Windows\Sysnative\vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin DELETE SYSTEMSTATEBACKUP

C:\Windows\system32\wbadmin.exe

C:\Windows\Sysnative\wbadmin delete catalog -quiet

C:\Windows\system32\wbengine.exe

"C:\Windows\system32\wbengine.exe"

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vdsldr.exe -Embedding

C:\Windows\System32\vds.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl system

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl security

C:\Windows\system32\wevtutil.exe

C:\Windows\Sysnative\wevtutil cl application

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C wmic SHADOWCOPY /nointeractive

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic SHADOWCOPY /nointeractive

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C wmic shadowcopy delete

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c start msedge --kiosk --edge-kiosk-type=fullscreen -no-first-run "file:///C:\Users\Admin\Desktop\README.html"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen -no-first-run "file:///C:\Users\Admin\Desktop\README.html"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeb2a146f8,0x7ffeb2a14708,0x7ffeb2a14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16170268180840772068,982353719073903535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 22.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp

Files

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.encrypted

MD5 7219a9d1ce55cafe756646173730adf2
SHA1 fb66d9212182d33305be2e57f9d37db95a3d8edd
SHA256 51826546d36cd16d075d68f12f6e096546fdf7f93ef2c0f25c4eb5926bcf435e
SHA512 d6df1ac05bbe6bb09a7d25ffe2b31edac5a2222c5c154b0da789fc47b920478ce6dacb8ed49a34c6cc341e7f4d4a6a031d1f5be1e8e0a68eb8a6c128363a92f0

C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.encrypted

MD5 42804d38da4255040f6be0c63b47515e
SHA1 2bec7f260acadb1152e5cb51e069e45e80bb7256
SHA256 55fe55c6af37f5cef6703668e09d431d71e60ada637b1f8c9888f558f4376a28
SHA512 d7b55c112f5f276891f4511e796188859717f6b56a9e5912d1895d4ad78407cebd8da35c3190a527dc14543790a1180da630976f6524d222b4bba26c4ddd0509

C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt.encrypted

MD5 f7d8eb135a6b8c9da19dd433e49caaab
SHA1 f32f8bf9eaaf3451e95df296453fb5994b9e4455
SHA256 f3d200884c62753538591d72e2262331ca2a70f3704750c99c4a6475512d24f8
SHA512 e436e9daec9e4060ee23fae22f20ac085f5c547a686143be3a5739e53841d775c19f3fae34a1e5bb331cf1494b239046f7687fec8a516102ecf540acb6cc5448

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.encrypted

MD5 1986e8769124fb038a2bdb9eeaf54a6c
SHA1 eeb648c3e857252b0b82a012d18eb227890d3be8
SHA256 72c482615853f24549006736100180b88c71aa4ee62fd6e8e638373ea763ca5f
SHA512 6a3c933f8f73ec352864a9661f293a9eceffbf0b6b0131057a5dbd01cbc0ec95c475c74e43120136f3cbd04ba22742cdf6576923ed30dcd4e1fb947d862f79f0

C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db-wal.encrypted

MD5 7e3c78fd34da72591e00ffddfd1b3dc0
SHA1 c92e3bf998ae554a70f78e4909d3b8cd3cbb6155
SHA256 21dc9fd8ec05856fd268ed7b27cf680632e2ec7d690405dd4aa31a0b8b3f4893
SHA512 2bf256cc077a14956be66f31d288a549c7a2b96e35836bcaf3489fbc24d19c9f8db332a6e84b44d6857f679b180c3532ff9e7fa6aafda7c795fa90d540a2069b

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\onenote.exe.db.encrypted

MD5 2b5014f08003b7ad6a8bcfb49fbcd5cd
SHA1 93b3ff8e5c3447febe31dbf01cfdc9e1a7505873
SHA256 5f69c420d698c920e12555345d86e3cec0fcfef17cb864e0520d10926ca283e4
SHA512 c657f834c83177533d4fa2d3121d22c7ca87505f9478609795e1aac0d7b94c9a6e788d18af626987a2a337040c6d03d1d5d2e3c126d5811c17ea595517160d79

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{86adf6ab-7c6a-4a39-b307-46b5e082d68b}\0.1.filtertrie.intermediate.txt.encrypted

MD5 bade501d5da5fad0acdca8ce7ae83d26
SHA1 883f0553582d79974af6e9d10bcdc598f066a96e
SHA256 a45d4925531d442216e19b345a5387ef5121b24b4baf4b4d64bf251107705019
SHA512 4245627abcb49ad36beca3a0517f03259be220148ed179b43f36f256f1bbde6a1c63931bb4eeb4499ee2c6451d00f2b23c8d4a690f370af0fca5887326315245

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{86adf6ab-7c6a-4a39-b307-46b5e082d68b}\0.2.filtertrie.intermediate.txt.encrypted

MD5 d681c64c766dac6c8dac9d07fb294fc0
SHA1 d44b3b1b5c778aeb4ba6bd334be7535a3b789e69
SHA256 7be820a34ad062a08c4887dee18a04788b4ab5332f8604886aea5057708431bc
SHA512 d6c469ad33e62cbdb03a2dfa261221e8ca23943f7f2875150d93921983c7d90aa74190a6c1ed935b37c43490050b0e9b2c11483bf45822f865f099d2b800e8ec

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.encrypted

MD5 625d1862c65276e57d255337654e095c
SHA1 e8db8044570bcf9374874588265b32bd2bd62a2c
SHA256 725cbcded20319ee3dd85bf469f9b47388786184d78e4f3ebe5dbe1cc606d135
SHA512 a9c0601849121e38a8e0fdd99e25c9c7b714573bd23abd2b7cf16e9234fb46336b2942451696f08fb9ed219a1b4ad06d226e0b4f1341bd46c50060e07f6dc545

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt.encrypted

MD5 f9ccc4896b3e1304f0dcb8e517582411
SHA1 965ef422ddb5624f5c7bfa98a7ea629ec197d71c
SHA256 7117e41cdc30b73362b9eb60f1cb813ac466d4c01ba37fb66cc2ddb2718b24b4
SHA512 bcec51aa2e5376870d9d0e35fd444ebae30175d6ac506460483ae880364532e70289a00092548373a8d5eeebf9cdb7a4371c27df723662364d1f451aa1b91b75

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt.encrypted

MD5 3b99f71447b1129bba1a4c1946dccf9f
SHA1 e59b118e5644951095e877ff2901605e8a6be340
SHA256 f1199e3db9a37e85caa0b9fbc487749e536fabfdc53cc1b46cc8953f9756d239
SHA512 85e7afacb921099d4422469a3a2f7fe8abfe819baee0c5c160e71c313d6eebcc66ec751f11f8ec82ac99c88be56313d955bf32d060082b5c7c2cbb2bee078ddd

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt.encrypted

MD5 1a90b1599dbd0bdb95439357197d434d
SHA1 6015f2fa0e525cc6fb5063a719bf31173a891dc2
SHA256 6db647c42318174ea5f8185d5b96f95032f552a66a1f31a69e112b70b02a9661
SHA512 563be060733818d806236e3e38f0c25eb2766f1ea3c495cb8d9b960b39b53e7d907f10a4c61a4d13dbc8eb5fa77e7be70f14c9a77d4364f3ddc66b43106f92c6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite.encrypted

MD5 a3021161d04760f12793d3fe31471b20
SHA1 50ac3d3554619a3520e9f2088e7eb05844cd0cd1
SHA256 37d3dc70d5a82c27eda6ee32d5d8c873fbf74a10008a0159d5b98d0573a002dc
SHA512 a5032e2bf659a05c47c4fc5b96aeec54c3ff2a18c8f9553ac1acde38a32dadea69a8a30d240eb5ee15022947867c132fd79a8f10775dead72bf8fc7618504f2a

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.encrypted

MD5 c4a590477889f8c46ece48682d59398d
SHA1 deaf1798286f07f07f3cd0c405857525fe49da1c
SHA256 6cc3fb4dc46b084533ee69b14c41ba35cb000a6621c96882a7bf85c340e4ccc6
SHA512 fb773811ded82814ced6a384c555679a72ce868b7d7ce6b813a40b9fca2ce110f53482a864f9d12a61028aba0e87af2314baf2644f00277dbb0ebbc51fda62a4

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.encrypted

MD5 24abbad0c64891127d7d229c4182634d
SHA1 566e4a571eee20d06f77d420b200e3644eda557f
SHA256 09fb57b7331f75c86736ef1caec0e2b66f80b3aec446d68af87a01ea7ce44a91
SHA512 bcb59bbb30b53793e3fd02b869175996cf2196c8a68e83c5a365a60d0f77461b72baf42c7f3bd5a2b8910d2db8ea1ce6cb2d265fe566ef816d975fd6b8f38380

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.encrypted

MD5 5fae9a58df56ada55bca4c975c3dba6d
SHA1 2bca6fd1641fcad36a5266099293d22dfd9c573e
SHA256 f6ffa5fbbb16055f8a43c5e2115f6eff95e186f82f868a842f8e14028d69d2a2
SHA512 a8e3092e84f01fea30ff78760470eb4e09495b4ab77de21c552797e712343efa3f95aeacdc225dbff9029e939f1d15c0a7b0277e13ebdfc24207b1e8bb590f94

C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.encrypted

MD5 5db52425bd35d1af7517092a9deb3eb2
SHA1 c37610f9a9657f5aeaedd784b4a45b16a8a09477
SHA256 3ba564695669650d2096544ab8f7c18a2579c2ead6e4ca1e40c3f9bf3fc9a182
SHA512 426ce213b8f5d7d64cbd005480e621818a18906f7b5ece0c23a051d0cf0c92e2d553474d6a412df15116dcfba07de313a21226a38ab5909c2ace822dace9a735

C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.encrypted

MD5 d4e4a5351b4adcb675bf1dbfda3dd45c
SHA1 8133e8118a765c5092fdb50bbfe1e80c1c0955f0
SHA256 1019c2ddebd731ce0c61dc7df1f95b1538445bd31ca1bb436ff0f4d25c303345
SHA512 4057d80265dcee80c801ea65deeb484b47e6733effb35cfa7f279cea492ef0204ce70840a0b01bec49b03eee0e264534f26d111e204dd66821f324f10e413a47

C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.encrypted

MD5 a71913e375c0130fea104938f788bb66
SHA1 810a95b7d2c37c13809c2d725e5ff754faadfca2
SHA256 f8ead5b77c823f8b8ea7761c5f44e88553f1911b9179c75a6a640a9bfb681d69
SHA512 fbf41364f2820990ef703963806e0146009258e304889a5e44fbf6a0f06eb40f8334086c88013e45345ca581f661d6cf3f469ddba3248c9b1a216b447a30fca5

C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.encrypted

MD5 9e9bea00a7e5630036acc3e81037ee22
SHA1 be0bf516866ae35911a97d6cd3d21fc7ecd854a2
SHA256 0e552b395d7b2364538dc4ee12812c47283697faa589af3a53db2316c3ce0c30
SHA512 930e1a90abca5c8e875ab9d37cb98a63e43038d8f74523317a7c2657a77d8908b37a41cf1e32fa1b40caba5265c0d2447c85997057eea8bcbbc383fa09ccd3bf

C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.encrypted

MD5 410c1d86d24942841808494322f589cd
SHA1 35c975724a9a0dfd102fa9caf32712cf37885e0f
SHA256 c5ef69fde63dd4866caf4030c6fec7a8dcf70dbfc4432c54c83c3fe021ffdc6e
SHA512 ec7c1af2699640824f7a36b7d8cb72605c94581cd64b73bb1d963a18e3665dc649bb051e9787d1dcf14e25d7fada4913b9e8953123120cfc4bbc84b0f6d1dfa8

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.encrypted

MD5 6fd5a437851b7b7ed7c91cd11d81e489
SHA1 55173c4167e5b738f075d796eba86a2ec93348ce
SHA256 f5d2b0d13da6d3ce33450736d414349401e0636d07f5b176ca962207dface9df
SHA512 35ef237070b904f60682835043ae7c22edaa7e5a5777ae191953db06a91d6b8d315b59669f880b4efbac0483c8dba2e39786d2572aaf6d23a1f6bdedb0cb59c3

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.encrypted

MD5 d363e2407a40a6dcd28a23b5261d109e
SHA1 f1146e43a5cf5b42b10ea5ed8c6f36935fb49797
SHA256 bc603f259f7a81653221256d64e5087d368186385bd9da80d648d80733ff3dab
SHA512 0df02635caf189f320026e583e9ee3afbd885e5356db2e33e093628434562d46650c2ec01943ff508ede566439740b4ff31916fd814e3f6553c77714fd728d77

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.encrypted

MD5 29509e697e8c5ec5fb284f721c9b9a58
SHA1 ac2f6b701e508c8598809e6cd54273f94c0c6464
SHA256 382700febab023a01ac4896afd1e4f78d5da0eba6565cca11467c065d778213f
SHA512 2b8edc0e4b519a486e34f48df6a1aa8fd1f351dfe7e0cd720dfca30c105e56be3791d3b4fa81f84d5a5a87457cea77b5c88566d1698b1d38030f6bbdaab38131

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.encrypted

MD5 7ada2c3b7658c9d634dd1eaa1a8cb89a
SHA1 fa047e3afa998ca855a98d88d14a98a19318e758
SHA256 d7f9386f832c4dcc13a6388fc07a576533f68a34838634d55567c7510784b562
SHA512 81c0272a7e4365492c805b703da7c57def6fc4896b3e85f82f04af467063f797d24c5a6a24cb7ffbac814de03b3b3d64ee2f6abc6ac08ac423cb1e3b904c8863

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.encrypted

MD5 f560adde245fe9fb787f6d265cd8bffe
SHA1 cab22dd1fe48cef7c2937b299df5a82476312ae5
SHA256 d64c6685567d1b020491bf55d8110e6aa290fa0f9dd90541e78b69d0ce1286ed
SHA512 146d7f57ab74797976b902780a9fd65c94e4dd7f9e3155ba72b524e1046b0f445c0c5581e00baaa799677295e89f9763c02d6a679778e51135a8684d407ad276

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-1-0.dll.encrypted

MD5 682b87ede5f6415bd0d1974a522bebe0
SHA1 bc4954bc28b01b4a26aeb3822723ceedce007d92
SHA256 819866a073b6911981a51443ce11f1c746afc6d98664fc0e3a5c3ec8c13e9324
SHA512 456325aeed1b6a3b0cdb66a573c0f0800c58e1a0bb16d89c3510684e1bfbd44af36af153c13e8a7415613ec65cbbf639700f1eda3e62ae6ed5ce36cc1629aa17

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l1-2-0.dll.encrypted

MD5 9d589613949f8423464ff52a7f188dc9
SHA1 6c2110a696120a5c24dda1b0abe977da3a8c9ec4
SHA256 cf21904cd65791836087e48258e9f306f76c619f4bb50deef318d067b19b7b47
SHA512 6a78cc245e15fc9640eff13abdc0c465bdf5a7e8935d03d6833f13b02306d736a23b97a7cd6fca5458145c702ca9076fe3af520eb4e84f92318e06d454bc4084

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-file-l2-1-0.dll.encrypted

MD5 eaa7385a8a98ec6f58599ef2551d158e
SHA1 0fa8f924468a76a8f6af7b19f3609d3ed2ae4b3c
SHA256 4d05b82f1715ee50812e604101dd85c453eb5aa1c26e989a276ee7da2e5f6b6e
SHA512 8b197eb6388c11aaa6384e99d3164463c637d55ba25de94cff23f58df5d16000455bfbc86970ab5f25a188eb8c23d3ad407f50c2f1a85bcf97a1265b8236dac4

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.encrypted

MD5 70dab47480f272e98b5361b7b5af0c7c
SHA1 06c3be20e5951ac4405f95bc5c870c81746ab457
SHA256 e51f7b17fc8debb71bac94a231073b64a8cdb445ebb88ae04a251412e8001235
SHA512 489047e2d2fccfc8ccf54417275f83b316c73642948de18b6cc0eed20373f3b8b1ef28bf150f4a6064c33fbbf19ea9e6df0a3691307c9223c663f9b603c78037

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.encrypted

MD5 1f06008616cd10d1595cebd363b9e265
SHA1 21dd25872a3990ef500922aa29598ac8c4063ad6
SHA256 66d017b205038c9570a2ade5c3d3c5e48c61a89edab64862f3075caddd3dde01
SHA512 94fd597603b9db906f9ff834cb25e1e4786b80e06d802b631e89f97fad58a09d7aef683f3b2e3ff1f240e4c40f48f3a72fb3a394d1fb1ae251d99b265199a2ea

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.encrypted

MD5 f73bd7144c9ad6e307fb8d43111d5eeb
SHA1 c31a53e0a789a2a1abca21e6b6d0583bf29db70f
SHA256 cf551cea3adf2e28ca252e02cbff877a7a78b5176fad368ba1597a1f0abf3115
SHA512 cf506231cd54aa0fdfe0dd0f4f543c20e3742b6ddf4303a0e279138fc8927627460f36324953cdadb359d71153ab977507c89d1f1f7ff6208ffe3456c51dfd7c

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.encrypted

MD5 89d6aabeeb86289402f9c30820b3b0ef
SHA1 cbe384162e7b5de470ce11a83ce5fdac8a152550
SHA256 15b31c615372ea4e2f193acde0b454f17abbbcb5acb4c9ba595462a771ee4c7c
SHA512 e2a089d4a70aa2a211a522e35f8070ca2b7d50c468ece90c6b9757609b8680454b657e5a9529653c10da5b94aabeb60df2a2e39e124a5a2f390d6dc4b227a8cf

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.encrypted

MD5 0e6851bf6b43493baa0f1f7b4069314e
SHA1 2f2b856b76c4301f6da622aa766152615e9b636c
SHA256 757553ee1b6bbd6f67dfd82c42e58a6314c82c1b2177f6ab226a81dbda57ab17
SHA512 cbaa81e6785f86a4af70d8485459e224ca26a39f6b58d5bd1f2f7f48ea26e16d2f1bb8a6e250241eb20830579b33d5b7e793821c8e96db0ec39d9c04e01516be

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.encrypted

MD5 70a414340e790d9c0ea5bfee26efb06f
SHA1 280c2cad3eb80c680f16277aea9e6695e6ab2378
SHA256 41e244cc2cd20d82301e16484a3ad66708f43fd0f7673a426583c77bd71cc78a
SHA512 33e33d36966b18cf2766f798569b1fc24390e8a3bd3d55d3a91ce463d1a9163239ca4e17c5242e340770bc8e552ed1b20f61152dbea3c20974199f6a73569379

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.encrypted

MD5 5ae209f7480bac99feb04a222fe0e557
SHA1 85faecc4340ad6391a5990559cd43b01a94bce42
SHA256 350aa37799e7ef8e3b448aaf81020e88e45e1933230add6cf70910eb4f9ca0b8
SHA512 6c016dd40cc02376f68e5a07c45cb172d6eb06caf1ee6d2d7defc90b8832914632011475761425b7400b2fe718753663d8cbf94e126e68ab7b489ee443116593

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.encrypted

MD5 b2aa78b2bfda1c3b8c0f6a9ab300ae21
SHA1 de5a3620ef4a06d40bc1658e9d3c2032813d7324
SHA256 8f5bcb99181e9163078622540868e8e9b9f9b4228a898bf24666312d63bb1a17
SHA512 0a50556188c36362a74ac26a9f6b558db781f936312dd03e283b422db006db30ccca23089e78bfb8000f7a7113d65d4c78470dc7bf2a9c854427d88af283e621

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.encrypted

MD5 dfdd942c3350d430314c9853ad6b12b7
SHA1 41323b7dac9ec666ffc66fc35211202003eabc6c
SHA256 debf85e7f6f471c32e2039061e2a8e732a76b859c110f70386f9c91751d222a6
SHA512 f4a73888b0661b491032c1823b6abcf05fdaa344e2a8c0452933cf92cfe76ee67359a237990d6e510f77e262b42eee94d0ccad7f8fd8940ddd44903784083dee

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.encrypted

MD5 00d7d588b44b507541e810ab86a76f1c
SHA1 0a62aa8cce59b5d4f8f2bf3fd88c578fe0399260
SHA256 fba2810dcc2f4cd69f880292af81b2567a2a4b3bb3a098f7a5745df5c564b670
SHA512 e8da5e1aca6896821cd2a8ebf4786c5d0bed40e98099b62bbf29f953777ab0328b80a6a07a7171845aa76eadaf608b9c4c09b0f77a7f0fca7328171aaad3508e

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.encrypted

MD5 ff3d98e9b39395afcb089040b4a14dbd
SHA1 ddc4ab5f5fb5fb0f4c12b77a6bd4bee0ca391124
SHA256 eb41dde7db2577fcdf7e3eacf4ad91f50ed9749d05f5e7d9c2ca4c6005e8001f
SHA512 5e5f34dcca88860896f18cd788f1e1790df8959fd2385cc3ecb5edbdaf6c23b67958a25c5f76372462466821e4feeac13d91fb203942476d3c279db7b0a549ff

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.encrypted

MD5 8976b322c48e296228d39cdc81ebbc94
SHA1 3c97b1478097d448ebf4d2a66b5f86630d3ff58e
SHA256 03a9ec58cfd03363ff57387445f501c240b42357fb0ccf812d10a5b7439f514f
SHA512 92bb72cb67ac5ac7dbee1bdac257278290a3270f0920c3f49052729bf13ceb80721ffaac964376e99a632c4f12415c0f85940682a86a4ba25279e841c88c4787

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.encrypted

MD5 13684ba08ffe9227dab377aec139afe1
SHA1 7abec196203f70ea61507986c9ef3a3f03f2748d
SHA256 65571fd0854c2870666c838e2279cd64eb589bc4365b6aca77e191af7330e044
SHA512 baf3d78741a96b66bbaccab35e72fb433f86efb534668d0217a9eb8f972cf9b272b5845a6c41a43cb2d6eb7cd00d07f4f556ab2fe58cdf1724cd740a3f3d783d

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.encrypted

MD5 1207a0c87edfcfd54e820edff7d513fa
SHA1 bd434605ea7353906f14eec3dc2c7db4dc1f4a63
SHA256 ef43ec2406ff2cb1f6f6a58f72d9d2bfa01d4d891dd644d15a24e4be25e0d856
SHA512 a3b79599612609836a0cdb695dd1fc6d50d3063723fcb6e834a76591cc78c0930a620375380cbbc7520f98f33d4d12ac19a0699979d4128fa8be1d772cbf1018

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.encrypted

MD5 7b8ef30f3f85e67a264b67baba8b669d
SHA1 6838cc712e4609d444435b50020392648ff1b0c2
SHA256 f42d9891d1c52ede9dd0f6ca82649d779b051cedd5d85c2db24381cd5caed2a8
SHA512 7358f9c707f9162da4f1aeaeec7027e9f1db743ea8f8c00ced2304d2747a20792c38606dbb66afdf8dbaf76f914cf7c930f8720400c9ece03f98758cc1b1b38d

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.encrypted

MD5 7fd83908dd8da1d6ddf05c245a8c754c
SHA1 1ad50cbdf96b45eaa99ed2238e111f96499c841e
SHA256 178aaeef3a34b78bcb753054a271ab941cd4544372e0a744d66531126f5d39c7
SHA512 fe625fc8dd6a3e288e4fcf8bb1b5818cf2d48d9a0051a7b0c91d50b94121cdfc2d847d7f7003dafa43fd2617ed2bc3127b7bce012907f58fa55c627f2908e330

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.encrypted

MD5 68ea0e29ed5035eb504a00ca0c89ab93
SHA1 cd043e70e94b9ff36d2dc8d58a67e00b87fdff19
SHA256 1ee315a7ae0e579753b506707e57116c3a6bbad62b06dfecb5a2572fbeddcb69
SHA512 6a0d5d95425594e56bc874d6bde0c50933749bf289f04238964dcd3da1831bf892130648be2f3a7b4c7457f96c51da30dfd0a12fd58a416dfcff6dede57de7d3

C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.encrypted

MD5 e5fe70732fadd22853c8b84dc91ef998
SHA1 f7bbea66c6d06ba1f689ef16df1c1930a0b298b8
SHA256 5fa163b5f10dfc46736dbd8b277e89cc63b466ee3f6019f92584b7b81c450587
SHA512 184b27e7b173c9da15bbebe3807e1c955bee4677e0caf371f4181da8a755829ec5ad57ad8198ae43725945b155b134b0657253e8c8ee70887e9cc39a255181f3

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.encrypted

MD5 985ae869cbb39aba33e2548b05a0e19a
SHA1 29617f7a3976c9a8bbac96ac06edc081a208bd54
SHA256 038677868e33977e7871f38c8b8a41c92c6751b7da24e393f44cbdbd54a5c21e
SHA512 2d84582b5fa6a653695b240df0da8a3e7a66a7f24829695b9525d7f01ed88807572c87bf9120c8de395dcaf9577262b9814e8f35bdb5fb00f2205a3c3e8307c4

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.encrypted

MD5 57be716e2835d54b37ec8ef8c0307f29
SHA1 2a9b231c21a819ee185f16996cacaf7b45f3feb8
SHA256 d25fc1f0ac724d59f864fcc500d86549ef40b3c1a2d843fa98e571a15ef6c127
SHA512 51cf2ffd529b851c6ac5d9fbee8818a5937fc083062303f974df2ee277375f8e0993931c9555724c3e6f96f24c6b1bd8184ccb054f9b9ba088577ed1ab749a15

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.encrypted

MD5 4fa4709978ada05b64024cf315c95c7d
SHA1 2b4419eb55fab440b846032d985f0e4e2f0d6d9c
SHA256 c601214b05ded94460392a6793f59bc5a5f8df17edaf7c1d86b15f314f30e7f0
SHA512 52f18e46a0470427daba1570b8b3fff201d7323fe311cf3fb65014f12877561a452859261ff1ad8348567a2b464de71dae12ed30e2ceb1115b0c9411f44337db

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.encrypted

MD5 19bbe71c9877b89897e062c9521ad2e9
SHA1 a4837ba08d1a9522e8ce29adcd2e6c7d3339e034
SHA256 6defdd78fdded838b543b07c2c3ed1488db30bebe001edd2e03c8d446d7ccdb0
SHA512 ed7708437ddfbdc9e90e97eada684e464bf9bac0263fdff1faa194f111f29a341a662a19445fffc90bcf2a8199c548bae349ffd73a14b1697c19c196d0dc7033

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.encrypted

MD5 294109cc9f522dffbff6626af42f85ff
SHA1 aefdbfb6258362fe017e334f0b849b67512d7568
SHA256 0169dd012f31f1c7a490d0031638bdbffba3e8c9db8979a3d26e7178b5e1211f
SHA512 84f0b0d498cafa72b927ab7a7262ac40c7d222bb399efcf1cf844c31bb59cd2d562d7423421c5ea40641382cd6676109bdd6f672dfd4153341420b609313f827

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.encrypted

MD5 386294f6ced3873a1b1a4a2b2cc5f29d
SHA1 aa14c71897892cb2b72958baa161273e16d94112
SHA256 a4473e9d11f6e8457b82906d0fbf18b3af045013a151e8f2db595fd3d09f8ecc
SHA512 78445599d789bb260b106bfa08e429dd22bc0625bbeaf86aca0550f0295ea27876ae9203f99166b58acac74e56cec1608f5d789928f6aa80abf1013f628b8231

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.encrypted

MD5 a2ec5a73476f7e02d6c77d1e0ab01d7c
SHA1 c93a22c3366c065c785b6b190f258865f47d2e2a
SHA256 ed6de31a30fbdf0ef9c5d96cfb3e55081300074e64df29dbc7ac9cb8df63446e
SHA512 d31cd7abb8c7116050cfa92e6f8013cf4df2ed108269ac142a45a626b165bb8c0ef7240037f2b6444e4bfb7e7cabc1c9133eb027c6e3a90da77814a87d690a96

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.encrypted

MD5 bce69a2928aa3ca05276cddafe33a7c3
SHA1 082374a44aac2394f83b92610ce744e2312b1aaf
SHA256 366be532715cf51ce1aab31f321118b6f05e451cb92ebfcab087e2fae6a3be89
SHA512 2f7f1fa719beb68b58988d5072d54bcd2fe29a37b8a6f2afb445120112d5b833561c0ec534a147fba7870cff86fd444b3904251cffa388e536c0e0281297af04

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.encrypted

MD5 ca36e01abcaaefcf634933f08d8910ff
SHA1 1da60f58b80d139db26ae2afc37983da66a23db9
SHA256 a829305c1638f004716e639ec60ab5943231bb1561763dbfef1e2d49090a14c1
SHA512 7e005712292c9deb354c7f7abde9ba795445fc351ed7c320bb1bf5dedd273299ace6a98a005a361ab7a98290111528b8244753bf9f5489840ae3ed58f34a653e

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.encrypted

MD5 e3f45968d0a6dcf6702cb3551905c774
SHA1 c8cd6e1efbd9b8e2835698aef38f3f187d7e9172
SHA256 28048566d481588c3b7af570146a5bf17c00db35238e0e221c3c4e79a38aedcf
SHA512 289f06ab2402de8b458ba8ad7bedfa2d0ac0f03567e89604b94cfd62c41ae4f8d3607445aa91d12388654ebc477d9264843dd1adbd43d544995310a861bd8333

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.encrypted

MD5 50e4f5a307ba26367278a36b99bc40b0
SHA1 69412bbe00fee5f7ff185ddf465626ae3f7a8246
SHA256 7ce70d6195f93f9ead38834e922e258d8f662b17f40e76b7b0a4f6d06ddbebfa
SHA512 6a314e07ac4a47576550d7190935de75ea0fb5966cd1cb73b87103f1b7c469cc379ac9cac9ec93a81a13129168497cbdd909e81e33ac5d8a64bb3776dfccb3b0

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.encrypted

MD5 4d639df28a3558e961c8cc5cc26e9b71
SHA1 f330f6b7fc27d38d3f4a039cf08bb0125c55c3fc
SHA256 5e5ab7998b0a7aac0acb55807596ff7a8501712d1af6e9d62e37119c752db3d0
SHA512 a1d25a15296e175d213424133d8d3f06a1cd1e69ac70f17eda9a2edc63ba52e37f6a8a92aa0707a89005317a93b19ab09bd396766e5dde0f8792e778800cd86f

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.encrypted

MD5 d601fe2abcbaf5b9cea2d5ed0a87cd04
SHA1 bd7fb2837035ec982ce4990f7b80bbca94a97672
SHA256 aa9de2289437ad4a01d471825a49e9efb0fa143d0307b4cd74476dd9f503a55a
SHA512 72020a392ffb7d6f87485fe1a355d1d5a6ad41a28e0b439a639d7dfb409a90e0a9f838b9d2bf0bfb8bb2c18287a6c467293f3bb550b54f7dc20a63a78bccd18c

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.encrypted

MD5 4222a96b7448869e4620b1c894e89a54
SHA1 a7cdac3f49686e4736f4a93dafb11ed4e48409d9
SHA256 56f06ab5bd0fbed7716bc66fc63354d1d498f2f3f33c2a7b37a59bccb0ef42ea
SHA512 4c8fbcd46dd29633dd537f48ad0ce46812a54546af29b8b2c00afa5f467e66fa94b4e04dffdc6780b7b9eff79c6b7c5768ed28bdfd313c86041b68e4ef0fbccd

C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.encrypted

MD5 fa690154c2760439659e63152e40c7da
SHA1 20a9db2484cb40e5d43adf8fc51fad0d2f27ba7d
SHA256 eac13445fb7a236d0db98913668a0350ac3f97c0f5b42d2719538750a6ce19c6
SHA512 bab0498877ea294b2056d0319105fff02216a8e08d4e21ecdeee31ec192e94dcddbfe7469f115c430f93089ecf0e0b835b2d691858765b3bafa0cd043512e696

C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.encrypted

MD5 653212f1ab79aeed23b3ec2529748cac
SHA1 87b275a5ce134cbceacc23744c97c2720f0ef47a
SHA256 b464e3ec8ce876a85f8cf65bbe1a2abde9f1c818728bf38037dcc932ad52a82b
SHA512 9036ecbee5c40d1a965270854787b5dce1a317d260f105216ea25817e5441476095c371181de2fc20e397d431f4e34c7be3857c13cd6af7117ca2c6a86fb9c39

C:\Program Files\Java\jre-1.8\COPYRIGHT.encrypted

MD5 58b14ff659c5e3b9a6acb01dd8e653ee
SHA1 09e65197f9d95211d7840d5b56e7982bba462886
SHA256 be5bb98fe094e62a4acc662dfaff32b832a898019903a9336699469ac6557b26
SHA512 0947c18963e9c12232e0818dcfcfbe06e531bea08933ef5d51ed36654c1d4c3928b0a692765ee45e4146b54cd1b9578a59aaa00a0fde1dfc3fae6be4387387ce

C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.encrypted

MD5 6c9d8fc76d4cabb27e1f5d447adf3f5e
SHA1 2c43935b78e7363cc216c93923949a1d70e12b57
SHA256 ef2a4da5c4ee56e7e80743fbb2366cd5f86a32c48c2830bb7b152196e632bf68
SHA512 f7278b0371cbf0423646839d6917b19e1a8493306d8c32fb1044453547dd81f8650cc1ec113d5bca630b2776f612edd4d4f5989393f29427473d417a3fbff390

C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.encrypted

MD5 d81f3127f30d339369ce34f161c3b033
SHA1 f90e0e19fbff9e6ae9ac14db87b3ce9aa1112426
SHA256 50799f97520492b709f3f0015e45f0c4e717159c4bc089e2e2e5d2da49d68d71
SHA512 d83529a92a5a50af38b4d40f8b87e96ab8b645d21c665599da03424a444287fd57f3f9858a6899f120c75073a3dd68ab1a72806456b9714215c8751d3e387a1f

C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.encrypted

MD5 8aab2ea28788b65b4de6c6d1719a7990
SHA1 b22c2e8b919dd1acab8266457b0ff6513795d797
SHA256 3172886697e1323f4667607d74af06118bcf3b03f51fd8648eecbf0b9ecda0e6
SHA512 8bdd2e8778df44d29aee036af6eb009ef7fa558a07c30105c7be07b849469298be8e8cc1ea31d20d485c9f7b73f37c9f6b119a240421d3c600c48b2ba3d1f4e2

C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.encrypted

MD5 0292e89a420222c44d776d28a1f9c370
SHA1 22cd28547a58b92eebda38c0b9af2d150ee5777b
SHA256 df6da8f213011f04ee8c4ddc182571987329e5e647c2100efdda302ca592f9ef
SHA512 d31d0d537a7ea39069b3c5f3b16d7ce7b6680492fa74a9555e147cd9110bba1739b607298009169b748e010b7d58b3540841d199e5fa306d0f0e969207a8d0e0

C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.encrypted

MD5 4bfdd5ca083ad0867c45fd7be581c9d5
SHA1 3f1c2460e40ccfce771aae585b786c1c52ac5646
SHA256 fdb19ecdcde738270754efedbe896ef07cde4c977ccb9fdd4ef94590833f86da
SHA512 d7040cb03578b6ec98fa516a76114c816e6c4646f0a7f6309ff4e7dc687bc5edd34dabd188e280760e1d8420236c3f55e72af470c071b1192ad4a0f805e7d0c2

C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.encrypted

MD5 59c8b2a8fb177d1ee2c10761b1c0e532
SHA1 5786de3924db50cdb89d0347350d8c003ab77e87
SHA256 0e5860e313e1faf08f1c266149691e825e960c9b0da5e98e2568fa91ef334cd4
SHA512 f729d2bb05882c870b008f5035d6df8a63b4c37644d97159cab84273fd28d9d7a6d2cb336d00e88d09a09889f3ced8fbe076c62110f97f4cf3b9684da7a93dd5

C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md.encrypted

MD5 8ea235dcc89d122092235156a5b1f75e
SHA1 f4177bcf7166b121a4a72ff19ad4ef6918632199
SHA256 2242abc8f712fc9bfb91653990c25cc1d050603d85277aac5f0b288cb8092a48
SHA512 eab915c0442e8f695a23a97b4508771105c8a42d6018962db5bf3f98fcdd052e06f35c4bebf9d1f45b076bfba6e00cb51c27543ba606a5f1970dff1d00862b76

C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.encrypted

MD5 6cb977014f58c15e19666b1ac2f4edbb
SHA1 5b0758c1db6ae52e617fc24d3acd4c2f3410440e
SHA256 ab9cf65bff9a0a27bb24844b4e167cddc790b8d9a8a20c7d060116016c100fe3
SHA512 dfa9153a3fa88da9944912be742817028c1f7844514c27f3ce29e6008d643acb31be4f5c097f2b00e153a60083112e477330b636a7d0cb001167b830bc749d7a

C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.encrypted

MD5 ea1437e7e038c241ab6a7528637f3246
SHA1 b40a0370303856a39128eea5550287d1a73778e7
SHA256 0a2947abd0b0ddfc2c5ed3004c210e2473062f57b6c428cab3cc45cedd09f0d6
SHA512 b3fc03adf9e6a26d0ab81124d40da4fd2225b5df66c89540f5f029c9439d3c871fcbb7699fb3b0ce9abbe98a694512cd61fd408a1c987f7dc43986c6f5858863

C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.encrypted

MD5 a2663773cff46bc5e4c4888c84d2d502
SHA1 d6bd9c7b9eab1968552ab627afe7d9fbe611d60a
SHA256 c6d82421c723e1c9af888974905e10b4d1ca9434171ccfd368d10ad2ef8a18b8
SHA512 477b24bf6b4dbf245a3896a4c9580bc66e246689475780bd3980f5ca278e285e9a3ecd13f2ba29f8bd63588e22688cc2f408561e88eb9831e3b12790e7fa61ee

C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.encrypted

MD5 7689901be608210fbfd7c1da6b1a6fab
SHA1 9230262cbbc075866ccd68f1a21bb055f7bca726
SHA256 061df29fb8bdc67fbb2a42ac1193190a666505d224579023ac58295dc16508a0
SHA512 d3fafffdcd31d344c16e52ca93a3b9ce2a21b663997148e2e9596e8946903e3e1e025171024cddbfac79c9e48c195edf4a3a662b033a3a22adcd558fb3f3fdd5

C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.encrypted

MD5 25068de6c63cd5c62187487b3a2d4755
SHA1 2abb402252c25d22774e77338fe3b3a3241d234c
SHA256 d7cdac68644bef7889523d5f060eb90f10c86c2c1806b9c3b8782352423946de
SHA512 8352cb3aa6fefa01d59548317854dfbb8a9eeee739f3d98a2ece82c824e6fc0a684ffa7eb95f8f01bbaddb44753d7b3f0b698d7d3e98f2c671f7e7b750b82863

C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.encrypted

MD5 5c7c8aab6f39b552ff0a194f70490b39
SHA1 6544684c72b308e8809879fb76ad672d4a099675
SHA256 544e498f010cb5e1a07c3502fb200500b944381d2486de77f7c5a2f1d820e1d9
SHA512 ce4891454646961075dc61aba8c6f270d87bb3e524bd58d872ffa7563d6a99eaf534a2f7770513cecef79d5b0b5bc49cd52b2c9653c2396a0c6cac58e0caaead

C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.encrypted

MD5 e85d8bebac42a9eb6b9b253d5a3b842b
SHA1 580fcaf6dbbcb793bb365b36b37a86507bf42533
SHA256 88e9aeadb5c031d7c19574d965854f281b63815ec40a0ca7fbb6f2357486ce6d
SHA512 656e494d96a46a0b5e01e10ef2220d9722ed3e548d12919fe1ff54e5e3e13343a1617ae1ba2a58db00edb07a48ad1fa039de54cbcdbc8d057ba52ad378e4a686

C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.encrypted

MD5 ab9082ab1472868984b2c6b1174e3a13
SHA1 b1f90d681855932e22fdbe2c02c181ffeb634fc8
SHA256 53194234b14f6b190d749ce970e7c292d059f88f2d8d4a86322e1739fe8da1d1
SHA512 17ce9d2bc0a2173e538839fc1be7978c48f69f2de2b98484cfd0b1eb0786f67195b177179e3add3588f6adcc8eb1cd98fb278bf5b8372f2cfec750b430597625

C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.encrypted

MD5 07f8a0aa4ea2493ccc7a56af89aff0e1
SHA1 bf3fe643068a4fffbc5040428c49de9555314221
SHA256 7f6ca5c390a3a91d40706a293834b9c01cc47c04bfac4308dc76df5faf06c832
SHA512 77ee38a3f0c308b5ad5183d0362a380a1b7a13a00720f263876e062c1c1c0841491090504859f4c76d6c26f323b12b3c43e60b67fe9f71edde9a8c761be1047c

C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.encrypted

MD5 def88f6523b90d1ce8e79860cd69be52
SHA1 05d33d17a415619539a5eaccd7c74b7063e8505e
SHA256 d7653adb9021d13a79076e58b860d558de0e43dbbb73a693741822e1e9dc380f
SHA512 78cce323c79bd396a114fe47121123c998361ebacea7b4a6894310c144606c4c48a8db85f698b7b24c476fd8ac54e03b3f583011ae7c92ec1e957e92f8893ffb

C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.encrypted

MD5 e6f29e7599b192875da580a8367b2f7c
SHA1 a5219659a7045b9e31833a27f44e09f2b594fd26
SHA256 017808325d2829a3da4e9eb9ce8e261ae990b7fd3a32a676967095c15a369c96
SHA512 f3d2743930f2c7d90df5344db46281a5c4c2457a5f7328e0e60685d1fb577147e6b2339359b7dc394f5340a834e609efaaeb5186fd875f8395934cf2df5b53b4

C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.encrypted

MD5 c586eb7a5ae0d420d04d010714aa84d5
SHA1 ed7351039d19dc4736262b995551385f37085d53
SHA256 57f2d108bc93810ce61bdf35ad34d9ad1fb2118e1c23f1cd69dac7f88f1c6dde
SHA512 d332ee5432abe4659a7d8675b8e6de4b87e52e01af6a1eaeab806d066b1c5d42b68f1ab439327401bc8c6b6bba1d29eeefd883790a467cc6d52b6ec97ced7e16

C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.encrypted

MD5 9f33a6e2bee22cdc533b69fc59f0bbdb
SHA1 8d8d567b1e73e5e9a55d88bbc58cd6a76d182029
SHA256 f187711e5f43470be332e7ef5c065d8d7c27fd9cfd2d542838f1c6393749c9ba
SHA512 57b4016fbc4b6da1fdec5e48dc51cd93ed402ed25f2a04deb2332a2f3b572a7a826fe79e216947da15a1b94b3531dc31eefb3eb79537dbbc918d1368b576134f

C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.encrypted

MD5 c11e154f5de7767d6b6526b6f7b93827
SHA1 73aa585765f901e0812f77b13ac2ee39b5a886ea
SHA256 03acc9d23a63aa9f73900934eec6d2a72ccc05f01eec39547b21bb5019a2aee7
SHA512 38107a9467787c24f55a3b3a0ccceabde8a11c5ca3eb50945b1eb3067b810cc7f7e3524435293661f659b8eeb859f8c65a15bf01aa35ca41f75d62394602d255

C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.encrypted

MD5 f35f69f3301227e337b2e56ce3defbb9
SHA1 025583f546efaf5d3dbbccd568a04c9e42175e48
SHA256 a6090b7930e806f0a4a377b1269d81a73ba1823974e6a0005261094d1af95a46
SHA512 a2934e478f409dc55fcd139bd7287fe6c62b174616e8f97e5fd406c8a2244b26e3b5c040b1e53294fbfaca965c38c0daf1e77749df603977ba26532e78dd2eeb

C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.encrypted

MD5 ee04f62b40edc75d3558d8a415729494
SHA1 07f6366b25cb9b979a7b5a8108106a148da389a1
SHA256 d5e5357a6c89d344ce55b4bbe52a1ba146cfb5bffa2b0d266d5cc2440092c1ff
SHA512 43ce61332237aa113992166e37b9153806f92745dd233eb25ee9a860e2c62648a6f5bc34853c66495202856140ae52c129c89cea9aca2312dbecb6c8555c4a5b

C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.encrypted

MD5 1591af493040228ecdd44e7de9466353
SHA1 36775b718535f07ac659be96a85fb3e4218852fa
SHA256 8aa6b3f6d5571a93e1f9aae4eaddba9a739fbb9136a39077c5359cd1f17e8087
SHA512 16254ef2c62a58f90075b2413a84068feb099cecbee9e46cd9bbc9999cb8d4f9d062c370ea982ec33e896755cc1c8a0091e43b79cd6888410da82b7a89145018

C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.encrypted

MD5 221aa9e8a38287bd8be1e887613b17d9
SHA1 eb178b32413a0fc9aea168a664a87f09833c870e
SHA256 b399606e96d8c2851c4eddd1f32e53af59b5efc50db73e20d89fb164defe4ab7
SHA512 fefc2ba366d4b92be88939b0fa99621cad830823a0c832016d77e2a51a65e4a8282436d4a0c40f965da077bfb037c3ee5fb76292dfef3045370500a37eeb3bee

C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.encrypted

MD5 b8fe172d2fc7c1b289b794913e6b2841
SHA1 15c99dd52293e7b3ff933464d7e0e276efe83bc9
SHA256 fa23ca62ad0ea0d1b709965ae4da2b0f74e4accc70d96716d6155685f1e75609
SHA512 bb5400a9f76ddf07db8018f036162a262ec227d6dd2a75cc79899d3f6f65e935b82a276af13198388fa7d18ae1e3c490265190c5598daa5bed1158dc716c9c15

C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.encrypted

MD5 64d1b960d4ee6a8015c16e4e9998d683
SHA1 c1690f388ba0779337ca3b110becb869299b833d
SHA256 8469b6d83eaa17eaa1c34da939433c295b9bc841deccf688af6ebbf5d6fd9c69
SHA512 39f793bcf413d0b2971056f81b411ab826bdb3f59db81c73add5f49a6cd4f334a511495df1584cffb90c17763f56bb13c20045e64f081d886b1a46b4dc210d54

C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.encrypted

MD5 e5b4831ae4159cb90cdd87e047e0cf4d
SHA1 832ace7356845f6cc8dfaf8f089375844b7160d7
SHA256 510066be7314f71dc859ba264f62b890af2006f7a61029869e29331193df038a
SHA512 b7a2b895d49ee3e9594ad0d88f0670cd73ad92bfb4224330c1eb20117d0b124eda99a144f9424a6e61458babd4e72eba65f6c37abeb41ee5a1bc9faae2f6baf2

C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.encrypted

MD5 3ab1502afae6e34eee272e21ce49162a
SHA1 b609a70482241ec74a2fb5347cb56e45d38d0d6f
SHA256 9aa3bbf820c5cbae6002e670302b537dd30737ea524b556d5e6cc7b4f847b3a5
SHA512 e60cf5719976af017789915fc18f8bf8e305f01c6676655ce814798e54f4200f83418f5bd69dedfc3ce03af1beb77c5e3f8a0a36eaea59f9778e27dfab13a37c

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.encrypted

MD5 1a873e32c3c0617070be4857a8338beb
SHA1 9b6224fffbc44b03f37a6182285e9962bbaee078
SHA256 12977c7865fc1460107372e7829f818dc770a2e7d94ee56ed33eedccb9d83382
SHA512 a906abd82502a16e2c0277f69c988ff67806175e03ec853403b501b4808d9cbedce1468a05e6e310725ff6a5bcb2e3f57c8ee157c513f7793831a78b230ade29

C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.encrypted

MD5 0612517056d2f5cde49113ceddcd598a
SHA1 a9aded214fc73bac96ec5e198793c0e649fcac0a
SHA256 f83db6ec7141ad48064632bad3eed624f8942aa5165617ece2510a78d287d373
SHA512 8adb5f0870e88cf87203ce0de08f9192f9929c3e2ed840ac619e9d0003a222b5c619dc2b0ae476e891765e6f8f6282585f0911dcd61a2866b1a38a8fcaa65cd7

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.encrypted

MD5 899e19eeb987ee5801ba80df8aeb9806
SHA1 5f0c3044eb60fea6dcec47580614383cf2e5196b
SHA256 21345e08da32f97f12bb6886ab3a385bc73f1795d5d3dbae44585bc37e25abec
SHA512 2f6a628c91760812746fd71aa39a93edad581d66e43dc329c007be5f31e543bef8c2ce71a1d45cc34d9ffdad9e4fa59d084a2a53eefd65c8f9bcf481c1c2a162

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.encrypted

MD5 9e53a6c104fe195a3d579d801f1c5e7a
SHA1 16990aefd9a7e26ec6742ff1ce42b4c5707f4667
SHA256 675970bf16e1426a5c165c03344e7e9c62b3b4aa75a838bb832e041a8dffa40f
SHA512 c8c0cb56119196357ad99f1604a4f2fefac6eb421cc92eda09eeacde8dc5dd1cf56f25f9a35a04052d323d11fed7f06c84538e67edf2b221bd066e90dac592c5

C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md.encrypted

MD5 f02239e8124c75bebcab39b5e10c9443
SHA1 676bcdee09aa85d9768d352f4e4baa8a85efbd12
SHA256 21d59f0821a8edc13b9587eccd23f4764d9c7a8e4ab21a10ba6cc6e70aa0e7b2
SHA512 331097ba6ef2fb32a9bd732a0640077bdebc13ffd0bd2d6de32298bc6e6edd9de4187e2c6b13d08e9fc351f8f674ba916e69a97d8b4b4545b5402153a0638eda

C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md.encrypted

MD5 0e16783f16c5af7c75acce2929a51545
SHA1 3d46d3e7af5d20c767300abbe6158e28ce0df916
SHA256 78bae07a17db1baf8779512109f062d130a891cd320e444d0823aaf3be72907e
SHA512 e777fbf64d1dbf9cb25cfce855cbe1b83507fdf69b20bbeefe68059e8b59eb63d4c5e8b6c534f67e2fc498f4933a0e7ceb3e9faabd8eead79a9e2ba7d1d1be72

C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.encrypted

MD5 30e216850641a82163da10a6f07b6906
SHA1 186e345d36c0194813b04c2735247a633e84a869
SHA256 62dd88820275a983cbd91f80c8b005dbeb71fac56d74996d928e2a390e7edfce
SHA512 c6c5afd8bf6bee499843e942d4b0e7107b555af5e112f4f8913fde2f4f1342cf7c7482881ccfbe4f160b6d71fb4ee2f310107dd374b0b0dd582ba948da3fa400

C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md.encrypted

MD5 115a87f1e20736deabb8ac92b36913b3
SHA1 24b0d16748e355bd2f68f30ff521f136252bdb6d
SHA256 2fddb36f1a1f6c3d1491701450fe8a8a7c046b72549de6322a6e2b33ac02c521
SHA512 226cd752397f0fd16b3584d505773492470dfc560a3cea4e99b149b01073a1f92d43d9209016a426242f0ea3462b03e8ec94ec147e7039a77b6348b3ab1952a0

C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md.encrypted

MD5 027f07e7fa07134eb8418e400c766af9
SHA1 00cfcb25b5dcc3d32067a328f5f8a8a4efd149e4
SHA256 55ab7dea8ceffb6df0d3e275fe7da563023d2302d1efb9f11963e74ccd5b1cb2
SHA512 5e870ad05d448c6729a06fefd694da11a739bca89cfa9b8c1c3decef49b9bc9c31c5bf02e8a36fb442c70efe6bf72e4a282b4fb03cac881c1537c13cfcd32407

C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.encrypted

MD5 da01f624ce245aad7203d84895234b9b
SHA1 0583883f1742d9b8b9c92382923fbdff0fb447bb
SHA256 62172a2927cf4342cc45fe9f4383d33705f030ff9459e2ee17f7ebf97da70041
SHA512 0c6ebc0083c53b50650d27ee161af200a101cb9706fed3cc87c3d3d0c3e461fb837f9ef74e41f14cae6b33d45d05568970f23752e1fda3b43635c9cd15c7aada

C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md.encrypted

MD5 c7444820b5a4a9c864c72a385847868c
SHA1 290a29000706e34be5f8ce8b4f8edfcbb53211db
SHA256 d2272bccc63968d3f0a90f8edb959a63a18714185194aeea157ebab160e247b4
SHA512 dcd1dbfeaf0f051ac4b476269a4eec964b837c78572a6de00a9f57dc385b7bdea0137886e6edc71773e0ca8282c845b50d36fc87578dc6c7013bdcf26d053a48

C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.encrypted

MD5 09ddb071120cd088bd6ffb2e5d16e5ad
SHA1 d5c71de88026dd1031eaa0f7c0a8afa32d51abe7
SHA256 c534f2c44620bb27ca14a0467261ca2aa30e77c9469c630921dc809de90ce183
SHA512 67b2335e053604bcd043a3efa0a6df2c7ddcf06fc7201c62baf47fcbd8f82a5bdd6681c81732b4bd62007aeca84c59a3dca361ce3c3a3682b2c46d5fb17ac07b

C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.encrypted

MD5 c7e032ecaa875bdfdfe5b5b5407a76e5
SHA1 5540a567df565f2d6579160c1fbedbae763a9c4a
SHA256 8d8a79b7e22d82355d4a7effdcfc97c88a97e1a7727bd339e3d7696bf5646e33
SHA512 7c61a95aa9c93b07b99fb25a7d992a6123427f4dd463a8427b2e21af1ff5d1b0f7a4eaab44770fca9035e889a1734ae3944a13179d837bf44d437a2feab63302

C:\Program Files\Java\jre-1.8\LICENSE.encrypted

MD5 ec2e2d10eb6868b4ac8eece24ec18668
SHA1 dacf125c37083eeba77ea2f56dcd52d777ed52df
SHA256 94e7cf010a16aa3146623ed44f5445c76098003fe815c5417c934153251449ba
SHA512 25192d67425f49f52248e10b20093bc37ecff130dfb817fe4da546597ce855533423df38fceb47200da6f40d9c8a299b4add1d27ce7446223fb8a3a33ec901a5

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.encrypted

MD5 7e1d6efefde84b90f42b929bd03a2c06
SHA1 9a2fded7ad4905d2443c5cb3daf44a98680d9403
SHA256 1716fe36ecf4f569c486d57ec9054d6070b11793038befc8b955e2f579b65da1
SHA512 b73055b4e481acc1631a666fb03d83605f780ac0df99c34ac61d0be14d7b4505b103c79e36b20c46fb0c9acea3f04b438cdff94a835a2528417d3f058913cb8c

C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.encrypted

MD5 239cc66f12735eba642094a87d7a975a
SHA1 4684353eed331d2906a4ad49dd7273a6311a4730
SHA256 7f0839b30744f14111be3a6c29976075f310f7312e2311e4540d299e6fee7090
SHA512 ab6c583945fad231cf8a10d505741985433d186c27c12088ba7d1285a96e7cf8ca4c6231427293d50c81242516f393013186567fab4a8332b3c669c40cd4ffd2

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe.config.encrypted

MD5 e45db7e578c06feab2f588613087b9ad
SHA1 7439c07618453d73db6cddc99aa214f7e183a667
SHA256 0752bbe7f2bed9311dad2d6c1c85bfbe5780b250ba356a9e045377afcd09642c
SHA512 138b23b8d39a14149b9874ea92b292579af4c92f192cc70d2e25613721d5c3ee6feece60a5525f1f03838f54a852238d36909d938f75d516f54d40e430c1e010

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.encrypted

MD5 9bfb83854647485de9b724b1452cab24
SHA1 3dec81c4c8c9c831b920cc27529ade7a14e0f239
SHA256 28d927ed8d8cf831da23bd2544a71b8f5351a245e4397d35a199ad826ace7585
SHA512 938cd4ff3e9615077c99c2d8ffb9c04c72d487c3d02ce8383374f4c36bc74d107c5b2aea3b623a451e6137836cfab801a25b9ae49ff1b1b1597120e7d705579a

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l2-1-0.dll.encrypted

MD5 a802596c8863c9fa2de115012b2040b9
SHA1 535ee5e3343a324a7dc3d6a6d6a869c06b60525d
SHA256 ab373d862af740fb7c51a7a1b37070f9ca57fdf4405d1fa6fafc2a70c2f6884a
SHA512 4dd1851ec0029e9a35385d5528383642f2beb0ae90415f6d33664512d5abee7aac8ac2a90e69bf9aa066d469bd9eea82c747bfc535f72adba2a6db0498b77e97

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.encrypted

MD5 f3898a4a6b19d6dc323f4110b8580ef2
SHA1 e46708fd959a1c244b874b7d5f888cf31afc9268
SHA256 ea2ffe35ba94f3694840d0c899dc53f819dfa100d492c8abe1b6540d69cb6e04
SHA512 4bb81744a89ef53629fb21821fa07a34b094181f78d5b289d828613b096413d70b99fd1b1073ed7155e4169dd257c1becb0cc228aa1f17a12b42a9be1e991a59

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.encrypted

MD5 f47a948b6059eca5d5c8f99ac7ed61d8
SHA1 8907aa4930dfd8fb8d2d278f3f9b0e5235dab2f2
SHA256 75ba93218c090f107b4127988918c6803db3909a0f8c70d30f567621a620caee
SHA512 e6aa5df79181a310ec2fbb3b68717c7fe0053f4ae529e59e613752cc2759804f4d2e949dc40c6c1209527a47b000589a10967eeb5ee33354e5dd642dfbbf963f

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.encrypted

MD5 6fea55d1d9a2e061570c21a76740b815
SHA1 2b15faf2113814732ad04a4cd03d8c4ca4a5e2be
SHA256 a9d8d6cf0ba968c215b4e42440cf4321ced390ce10e103b0ab0ef86f1a638d95
SHA512 4fdc00aff495a614b1832df724b38cbd7e9bfcd83a780166603456127af6547d262e7c6b30a6b2c6898d48514f79ae0e014e20677a9816e3e133c91900108ed3

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.encrypted

MD5 5550ba2d5773cefc33a29260dea75742
SHA1 b96aa377d12001d18f6ed31355e81ae4cb028097
SHA256 1c4123e27dd99d901edb173f642c0c9a3d70e8b627f303507d5b40ad3880a836
SHA512 5a5704650a912ad2038a9e36eed11b64ea3c37465131a852eabcd1cce09e31936172a7c41b4e9370b98d08a0d441c1690552651cbe49f388243ddfe635041d9f

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.encrypted

MD5 bba040ae4fe974ed1441f02b8e9bb54f
SHA1 33f20b856f1a5166d5eab4f6a90cd1d0f911d4ca
SHA256 1c7f960370b799965d53afa296ed0be638a3266782a6fa6566e91dba901beaa8
SHA512 70c46427c918780585873768f4e95c69c8bcb036c13f3c317e527f1ae61cb432efd2d396ac62c88896fbd99a47a8c86ec88e2fce60457ed4dc5471fa2b575d9b

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.encrypted

MD5 35eea1ae66702ce1631b91cf26b38696
SHA1 49f32768cde5ac475a9b6ce33725e7dbfc232d64
SHA256 1656c610d244501b558a2483c77bd8e0c089d8c4965e29dc5ed0f4c6a6315f1d
SHA512 71abf921d09ee816884f43286967827f8454189c26f91aef328d77b6da3266d449ca5daba27c55305d6b6d4b6dc4d3324c42a5f80ebd5875eceb4304c24f93f5

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.encrypted

MD5 1333cf492b7b2e77b5ae40d9b5cc90c9
SHA1 1f6da13cd6641dbe79cd552bc43b8602b2a10650
SHA256 93a58a429f9a6d42dfbea3dec808719ef35cdceb0df59560903e4ebc05bff01f
SHA512 dc091ac7a63a98c29008d2dbd6ddb81ebe4d9a234be607b676e6e9bede9b35ca72747c5598adfea1f1816b240235c00105177a0e4454f4e6a2d667b86483efcc

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll.encrypted

MD5 324a792fc0c37893ae3c405eb00214bb
SHA1 7b7cd5fa3b84a0ce63c3ee7544f6bf0b35cef743
SHA256 ecff25740cce088341f9800b9796e4759c5b7aa97b360f40e45123cbfd2166e3
SHA512 606c9a5afe4577fc111fd970c761a3832c227c78c454d455c827b4dfcc6654786196b7cf272950015d107d4731452a6d2022b9a05cc6acf3560c9c1070caa169

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.encrypted

MD5 36dd6ede30ba074eb15119e47d688a4e
SHA1 a6e501ad2826a0964ee0adb7c7dcbe563b626d97
SHA256 bc8bb35b0e37cd30e98ca3647497a93ff4cd36428b0bc68a65be7d38d1fb2b80
SHA512 f53e710ccc5c24fa843e3ab59d33a30b10d1a793d052915caadd3dac230d1b6d9263084c3f5d4b470d0e0274765cfc35f4a8264ba4b4113e2349e58acd8c0edc

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.encrypted

MD5 1e3055d0586668d66f3708a16e637dfb
SHA1 1d6c94705029aa1e866d3b87ad66facbe6d9bc85
SHA256 fd09d674f93cd62ec0b6124e6735bedf6e3615eba92733418720e47443873dd0
SHA512 f315538f2e74bd8488d9c9b21e8c1da8e1f8b655086de3e30831f5085290f6528e857375abedd573a180477f470fa7921b3e31469ba73e483a5a6aeee8548dc5

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.encrypted

MD5 e16e1cdf93f6cff375188da0b9f3126f
SHA1 1f19b1d6a59c4350a79573fc3afbe71a1e4c2cfe
SHA256 3d9b5101a0529cb58685e3b1d6f88268978f178def2f9f033e9bd5568d3fe665
SHA512 f565077421ef8de22266cc993b03ec05e699fc076d8be61ffc40133592da4d81bf70f074f3ce317f8dfaa5d0ae05d44a95ffa348db77c9138c92d76d605e0981

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.encrypted

MD5 2113f624dcc58f172ac8b9447ca7d6a5
SHA1 c9bf6afd7db4890b87bfe47f6f1a657445f17873
SHA256 59559d4e32f7af7495b8ab1321b94ef71f22844efb679b5d4da6c3ae61b54404
SHA512 ca9a81a6acfc37a3103abdc04c444c5e9af97cac6ce0648cdc1bf3677337cbf3af4062613528ebda17cb712a1780c208ccf7e1cc41413957ab08df932283866f

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.encrypted

MD5 f8f6c22766c4c78120754a6487eab6dd
SHA1 a73a2700668ca3869e9240c81f057983a56368dd
SHA256 f7cc496fff3d458a6717d8845aae638277ed747f608ab0208c51f9ca7057bd07
SHA512 b21faa45506e693f89755c40c40f812ef2abd535d1a551470f28a5c3010f73a8d60f4a933cfd4d5c5e90dac6c47d422341f00f5bf35ea105f3be9a0a3b84110d

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll.encrypted

MD5 f33cdc125806cfd4a12d72a6a1b6d006
SHA1 92b692381ad496c2c6352b56baff3f4177f85812
SHA256 10769ce25ab3e8c999547c33fde7633b07ed90719465a79406e4b273a2c48b3a
SHA512 db4cfbefdb5e48c493c46f8fed02d549bde6abf115ad99db3be750a41efc3b6792e862f6c78e2239222ff2ffe81ad50d2d14723a3d2086b3d7b492dbb4e5acae

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.encrypted

MD5 2c49a06ea917b950976f85aaa276076c
SHA1 5875555539477869da90dc174d29313021f53e70
SHA256 2d4688c8e0b8dc19d106edd16f65c9fe8e7027a00bd99790ea3291c81c0abc76
SHA512 b01711ba65b59353374dafbefa30ccf360aaa8bfc7b14e0e645982d34eced98c8daaa90028f8f26bba1c1444a51935a8b21ba32deb72a1b7bf9ec190ff0d29c8

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.encrypted

MD5 76cedddb1860fb6586b581b44381c89f
SHA1 af8552293dcbf085761f3c54bf268bdcf8941105
SHA256 9d70d08231d2dd327515809eedcc56f931974cf4ff33f56962785d396ddf939a
SHA512 044aa0addf264c947166ec1e1bb749230030f3eff1ab9d79351927b1ff0317868ce1248e0d9bd89bd9b747338a72214fc7f5772da9c4020598e24dba213f591d

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll.encrypted

MD5 02740e1bc059e176adbb460ac941e8f6
SHA1 a0b8e3cd86505adf9cce73b790fc3e1ef544578c
SHA256 d181a3f1320915a6f731f8393b2887925d32512d48c442cdc6dea3b6451dd13f
SHA512 c1a9c5185d381b6c59d3f7e6f5fcd40310ea7262b6dd06321aa7680d5abb8a1b2bac0d0a0d2612cd11578914f687a1f6cbe8031fb7c54263fd6d050a1ee6e043

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.encrypted

MD5 724d66944bb810a8fb948c54f63c48b3
SHA1 b37ae023088469f5ec798fe97b623d047eadde0d
SHA256 c668c93d7daded606e1b8fce4ee5cc38d205c76694c1996137d42a039ae4f373
SHA512 aa6cb8b9cee908fb8c8d8fdcd34aabe75529a839450a2c83a3a33b7845896b40aac1cb840f38ae09065f29c32cbf087f0e04745d6aa97e7c80ec6c59a70c47b2

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.encrypted

MD5 f89d5fd2d2bd6d9d2e88062d757e284d
SHA1 bc1443a2afff28d3d26009b71cf8639410aac4dd
SHA256 5c0c4968ea802f3728ae3b0333249806341bfa32816f57ee6c288b418a3da515
SHA512 64250f6ca81ef51457b8886090de6294c0b60605258f4a5824042c965edd0614d4de2804bd55bf6868b27c5bb246e8857a503fb63cacaa3e957c730a90ecd680

C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.encrypted

MD5 4812fe6fde928a6e8c70571a462c3d36
SHA1 d32ad2e95b50d06e5b05683666777e2358b12c41
SHA256 f738ca0acc84aaae33cfd88a875ad59ecae76ab3f6fba65ee23b1aa8c317620a
SHA512 8c54a15596d2bd0d0de52a263bf4392b96a818e9e091618fe65db27eb0f575ecfacc40e61a995e547816cf9e07c56c0355a93c7d9dccfd77ae80b4312b84c9f7

C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.encrypted

MD5 831818d0629ba734e8750fc48505a81f
SHA1 0641f4cd6dc284aa26bdcad07f46b8657cf11bc9
SHA256 6de6f381d3e28e258bfbb67d533d861704887f3093ffbe07193c814e580ffe3a
SHA512 26a5be8a548cc44c29db3ffbe0d28102b9250f0faa38971b65fb1520372b468030574e6e1b391419e84747394cbc8adeecb766ce949a90443c8ab387e19666af

C:\Program Files\Microsoft Office\root\Office16\concrt140.dll.encrypted

MD5 9c21f2913c7638e3126deb113bf50a2d
SHA1 30114556500b77c63948ea4d7737b720a24973c9
SHA256 4c9ce80acb0abeb2bf5759919fa043155971a036dc91ea14796a8b95b37b9f28
SHA512 a86506dbc10e0bc8b7fd626b200f127a81c4bae70e02969a416495ac1f8ef8d966706ccc78adb72c58a093492444e5b1495982e9318bcec97beeeacf3128b9fb

C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll.encrypted

MD5 79733e9a0739a67f540eddb51632b6a3
SHA1 3e27d9f6c5add4c6d42e3484b469f922084c211b
SHA256 21ff53166df99aee35ecda850a1a4b8aaefa115f420b69d0c76991178daf60c6
SHA512 b6f52d07035fcc80d46cdf9ba0e53c4625bd1c8548e4da22fe9cd4aa5e1909543fd88756f7bcab7d7b0da4dd1d76d8945f67033eaf102b0ba1f16d3beb7b5db1

C:\Program Files\Microsoft Office\root\Office16\pkeyconfig-office.xrm-ms.encrypted

MD5 a758b87e9aa576e3f0ddf12f5f24bf3f
SHA1 6d782a85ecb58b1b7b9ffa9b8e4617e4be7dbe96
SHA256 6dcc990a493aa559397d592ab5ad25874fb46fd8c0391bae638ec7397786d27c
SHA512 7b1782e9169de43e96f31c332ff5fecf77d0947af8d589480f8e3e140278d639844cba6fcc4e2f5455dcb814e204da3a9bba6a6377e8a75ca74ae16e06a30c7d

C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8fr.dub.encrypted

MD5 7deb7345ba09f69c0b76d8c7d947689b
SHA1 8bb03ca4f5190b56277ce77563e2f01e8f1509aa
SHA256 06de6d541aa1b701f19ae6c28a99b032eba233939aa1358a83fed3ae5bf0aaea
SHA512 0cc4343a8987542a3e502568ff4cc7feda662e96eadffed61ce786d461db0da4fc706478401aad71f9fff29c0446b8366e61830a09ab570c3225a0b43a1a4892

C:\Program Files\Microsoft Office\root\Office16\vccorlib140.dll.encrypted

MD5 30b6ec82e825db3f357e803dd8e96a85
SHA1 72e96d6c01b5daf98e9d14d9ee08b35c0efba2b3
SHA256 8b7214a245a3551e4dd63fc83df17a04691d8ba3315070864d947207b39599f8
SHA512 c19ce2cbe16de59a92dd89c3d2af980ecc50710d45307a8e7f576fc2be635a5144209f33b42db461c933a15e7037bf733cdeac54702702228796fbc9ba419645

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\osmia32.msi.encrypted

MD5 cf93e043e0a420ee5858938aa9411ffc
SHA1 f673aca7d1cb7aedad64f85800426553fd66b888
SHA256 13b805bea862d506784e87d0c1477619a01a04574db0745aa4ec078bd8d8cf79
SHA512 fe7b3633a16373664a1362e167689a58e627b3793db4bcb3003964638e97726a36fc990887074839f1d9fee6160ef5fea57ceaeb113afb85f4aac94563f6ec0f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll.encrypted

MD5 697ca46560323eeb97dc35b249f50ebd
SHA1 c43522d673a672b4d1c953c2ecb319380fec6d80
SHA256 dda9fa2acf498fedd9baad516e5bc9c03692189dd41972ab65c6f9a885cc85bf
SHA512 fc7aed14f0a4b29b031d31d86cfb6fe4efa37b541358c45a5d1b6b6b3d5a004f2d7eb15c2c386acdd6e831825419d3ffe7a6521c099e088f0673da6f803354ff

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll

MD5 112b2a8cd3358c522c7c6a30084f8d06
SHA1 38eb2bbad5f2fa797eb02c2382f90a5b961201f7
SHA256 c789bc537b11372068d76c9b42ae0e76f836bdb38e101aa6e38fdb187830081b
SHA512 dd4398e9a4f9b28b9d2887a0d945030b8e3aeafa1917063a07bf25b74973bbbb738e0833acc6765481234475728405ec08e4202cbad8a338659432edb9a5c6d3

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll.encrypted

MD5 81c2465031e4a78eae9d32c50bf43d99
SHA1 a7dc09bf094421bd7df6ebaa65407b06cda4d246
SHA256 35e2dd225c2cbfaaf60b2d19a01ed9f255a927177d71f929342747aab712887b
SHA512 3a663bdf6ccca0e3ea88fe1631f0dc01634d88c4738cfc752d68848166457bf3f7743c9706b88abfa7a5754fe8b619046575c301d2c329b74a162e25c5e05a3c

C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll

MD5 e109410a633c0d8749589609d8c5bfde
SHA1 b2ccbbb07a4e7cd08af16b91ebaa1d2f6f909ec8
SHA256 6b7ea428c68d4247f7f78cc15fee057ada57338b8a7489d824549ff3aff4e15d
SHA512 1e1cc4cd13cc1dcaf6fbfb1b8a942f5cb2527da98ab791b04767b2d6194a0695695adac6e6f86a2b8ef0137bf13c33ed122345223f3760de21e2daf13acf099e

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll.encrypted

MD5 c4284f30fce294eb5a30d15f9360c78a
SHA1 909c7b87f38cf730148e520d07a917fa12f2a60e
SHA256 4d9b751d46db58b17c4cd5a4b24d10b68d2a68b70f1037799ea2046765e6c23c
SHA512 a8b7bd6c028023a3e6975586d45c9f59c89fa3fd192bfa9268824f70f6a216271ff76199327b08431a1751323363db71c2788344b17dcf54a10c611bec85add8

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll.encrypted

MD5 353e8e1bebb2ec663286664d1c17f2d1
SHA1 bde81bc8f87bee142000ec52333c4a695fb77708
SHA256 d656d11da8804576e3c37a6c3848e4b98bac1f645071b4898664e3679670e5d4
SHA512 af1e14bc83cd4def24c70e0e05f73a6baaee5b810cee9d303bbf17a2198400f49cd4191209f090abbbf987992f3c8ed2f6f05c0000cce35b2f5579e87d1d58f0

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll.encrypted

MD5 870d530f9ee812527d3f525035feb1e1
SHA1 d9988deb448c985fbce48a5ea3cfab87c83acc9a
SHA256 0ce668d77a6b0cb6d29cc3f9c9d4ce8b042b4326b788b87c9ebed46751ce0109
SHA512 6c69e6d1e9264ea9f4aba3939a2013bcd1b308a87314692e27414bcd624a62944e56389bcab37d5ebb3b4286231804031b77798312075d7a95580ee8d5a73b62

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dll.encrypted

MD5 69388e8d366b63dd678004a16c56baf5
SHA1 2ab7e6bc75bb3d9b2fc3cb29eec1b5f7d513379f
SHA256 e6a98f558e9268842d40de7ce8020742e7ee97a70db976c201392d5574068142
SHA512 799ae733251faa36c58a253036a94fb66195088bbb8703783a584d5c751c27b74b83c21c5a8fb55efd8caf6128bb138fc243fad45b309c49b053134cbaf773b3

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl.encrypted

MD5 2abb89cc29bb0cef2139733cb09f606c
SHA1 e4ed3198824ef0aa12e353ada85b0b382b6f39e5
SHA256 71689e0a7ba977858dc5935265e166705a0c7962efc7e8e15a251d1a6cff77fb
SHA512 54e507c6450d7dc494af1324891a83f361ab506e5bd0257130ebf4f2cc9cb3243a2ffa8eaefe0490ec61fcdefdb6409e381263e1a709b7232adb1ecac3cc9089

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl.encrypted

MD5 f31b8b9e6a7fcf3f07801e620057748c
SHA1 2bed4e4142d711765cef1b1aa9b7e2ff49c2fa90
SHA256 e83c0f7aad41237233ccbe29d514868b9cf283266cdf183a0a53dba00579184a
SHA512 2bf6d6744497da828d644f8247c69ecac228f24dac09facb643f29912d9b2b091f0dbaa80bd8adddaffa4895b3aa3804aba89975260c045e1d619122dab70d42

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl.encrypted

MD5 e9d686d5df95d49fa5e4563c873d660c
SHA1 4eda61e38d92013af074c91497ccccdd16b2ff1f
SHA256 381a8e0164a8573568730a61c4708acddd39a4baf2e035a3e895586f0b62d03c
SHA512 9980e18763e743297e6065afa469cac0990e11ba3939d0a04c0d3a05e7dd7a62c31a388cdcd9de4e54157002d809b92b8999358044da52f271b61ae93328bb7f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl.encrypted

MD5 51210c66a7901934ea0bf5ecd0f5f0d0
SHA1 7701287a8be9fe318637f914fe4f99933c1cc195
SHA256 751dbda85f3d6c1874e256be8dd54970425166b146fc02b56ad772b6ba16c727
SHA512 ebeaf4ec85a99d11824e699bfbcb8234ddda10470c5d477ed14d7644b47c29c6116c49e2274998ee2ff9741ec6b50b120410b89d0986f4abd949fe07d3b086fd

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl.encrypted

MD5 b3083a5bbbe432d1f6e6e6c5b8375a61
SHA1 de81cb63851f98940330bfb0debf9e566d3f9256
SHA256 3ebe9bae2cbd67fde7fd4aa7b9d7e3509d11d1261ecb569e7dbda5a30d2f003d
SHA512 aaec40ff45bfab21bff9af2365d2b056a045724d5eed53eeadbb43bf8c0f975e11bb7f87ae2d43662bcf0a864b3fa845caf00ef77e29066cd2aa56b9d3fcafc1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl.encrypted

MD5 83227cb0009f1821a23b81e08b97ff72
SHA1 4e5f401d84678ef12dd8951500472684715717b4
SHA256 d315e3d5d31e6b985e6b835ad3e03d904be1383452d6bbff3eaaf579f9301651
SHA512 8ae1bdcc9a175a7a2586b614325f295944df43534b6a433a6555e1292f87f64fd364b94cefd2d0109819256eae5152e4dd82d13e3fa69d1bd4b420b09b00c31f

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll.encrypted

MD5 a4346a7ff6fe899b05f228d2a9ed91aa
SHA1 3860addc312cc146ba23f60606290f033aafe540
SHA256 c9e012b9600fe5fcf5dd6589a1ee7bdce982d1ab590ca4b3424d5d7ad1b1c293
SHA512 ab1d3e2731d6dc48ae792b5e419b51513059c4b26761fb37c89b49f41e2f85f8cfd8df0f697299048fa230e8e7d3efcf99d3c78d6fec50b659950e71c33f2d07

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll.encrypted

MD5 1ef5a1b1810662317e1a6cc46a416507
SHA1 8a516de6fed7b1077f2ef558c1d74fd6f954c78b
SHA256 559e3080f09e6bfa71ad72691b8ee02f68a68346392ddecf9df759aa640519c7
SHA512 3bef2e01b68a120f684081cae6c89af720907892f94d0faf0b90780f4345178548a9ed93432a3a7baac884e6dcd93adffbb1684d12a81c6ddd75dc1aea4d08db

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll.encrypted

MD5 26233c81bb2b019735523ddb81a6b8f1
SHA1 7b8cb4dfb7bd2e49ab0e154097bdc495c5ff3416
SHA256 44567c0d80d91400bbe29734e9c5d61ece34a91349b5b1f3c8e72eb3a5ec8f30
SHA512 0e5767b9aca39141417dd9d8b13b45197c27500a20787c09c08bd404c9fbc8493caf0da3192cd69b2b31358f50c9ad343cbe8c85709e925f98d445e102448ce9

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll.encrypted

MD5 8651bdc18cf1a02a840626ac57759f46
SHA1 6a78498a1a584f3e13ab373a15b980d4bf336979
SHA256 046c1ff6ee389bb2e0e1c99b8f08df5e8d323f936740a84e9bddad1cb9989a97
SHA512 1235b4adc1b4ba95e3448a28b50b74e7f258a08c66da8fd05cf9db037414dba0f139f4decfd4b76fa30d65b96325f93f5410cb2219d1f3a118716196f2adf79c

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll.encrypted

MD5 cd989a68200ec3079b0b77edbd8f8e24
SHA1 63dff8f533e4beebdea150d925563f25912ea261
SHA256 de2c83eaba1b42796d819d94b3d6b25f6fa5fd14097e827cb007f82e1d7d81fc
SHA512 bb9c02d899546b913104c75265e734cc6b78b059e2a69507820534f652367185a0de48a77e67d32bb4279dcd8927189053ceb7affbf2805c3297ce2e7d91fad5

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll.encrypted

MD5 7b0778453141abf4ecc1e3a80c14d031
SHA1 fb4c6e047c3f1eac7acc3d6ea27aeb08db2da452
SHA256 9da99276a633abc499298f9a0c869f77d7a8ce00814d475f8506e0387de1c1da
SHA512 03f8d04a0967214d42f681149b0c5f419e5d6805cf4bb3219ac150305bbf4701c65c29e76df73e10b024d7367eeebce04e6617b43930202bfb2063d11194ee1c

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll.encrypted

MD5 8417b7c63cbb4a66c4da2fc72120461e
SHA1 74b95beb386782adb9f3493a1ccf7a21dd2e89da
SHA256 9e0c89d12cdb656fdcd1c6f8b525a56f803fafe3aad931acdff7d581c6ba8811
SHA512 f3e12920d47702091b6e55709e3d5e3f6f023b142853312923573858e8c5b72029731cc2be4122dc519e1e824ea84923f49d3caa96ce979fd8df7d2b08565807

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll.encrypted

MD5 130bb356587fa3ee7fae5eacf3565b05
SHA1 0abe7b7ff78a8236cca0dddc8317dba141ef189b
SHA256 3b1ad43c2a62b3e6e2b56495d9011c7927bcaeefbdc1f51e4ed07a210b1c95a8
SHA512 3a4ad506ac09264a919c21e8d0d862bf7cb12f9ee231e9bfbf89c3dbf0c7143125374c0c7380c681bf39810c75b7e2004337d94b0beb12de971156abd7e39078

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll.encrypted

MD5 886ad086343b64c1ef82df41bb455328
SHA1 8cdd62436f0391efe7566542e873dacb7dd4335b
SHA256 8370701823e578bf70579b390cd6efc42ad139215e23ae6a53ce3a73aa3e6d8d
SHA512 a9325dd24cf1387159fed01f817313b698aa27bec706c9c1a0f847b8d067f5f9bd0f8a8ac6bdf02b72df8f90d6beb81db58a89e96ddb884556bb8e49edd23acf

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll.encrypted

MD5 c48c48e1a8d0b330768b9bd9c0a41e22
SHA1 9d0c6923caeb5ab17b4ef0a92cc7d33d3097c777
SHA256 87ec2690355af31c15479d4758b8c06f576e54d08379e3d5c11f1df3eeedbb7e
SHA512 d959f5be0e0b1880f416907514563a644771e65d59f0d4d7cfed817d4f3c5e37e59b645549e1b24eaf5cefedfa35213fc6060dad1bb747c57dd16a9d5feddbfa

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.encrypted

MD5 021752cde69b3a32ad7fac341c927053
SHA1 7d9ac419f506d38e8be1077e19b64bbb6de06596
SHA256 b27a538bf40ac9e2a43124a7097608b5526f471bf8230255cf5693690ec2a3bb
SHA512 8b5fd9287e69f68928e3c0582063cfeffd1edb6313b4372e8c554e6a3554f7e312a8e1278083302155c429e3ac142bfe6d427fc6d690922b11336cb9c681821e

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll.encrypted

MD5 d80ab388017cca4b9abdf8f704ef33e8
SHA1 0fce565b2cc82f9de8877b7e8b7ad650955e0352
SHA256 178d4a38dfdf937664786941cf10a4de442f1993b72fa614f5b395083386e923
SHA512 30c2d6cf4f8fb84b92fe084b55ed1e1a0a036b664501d2beac061bdbae31a74cf90aa2a1264131494a1176faafebad764b05ba3935288d174c100208fb7228ce

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll.encrypted

MD5 e31ff857e8c4a18b891aa06cdd1bcdf1
SHA1 e4d2714158d6122d86cd83a8fe3787eaa6912508
SHA256 3fb0004fb669848c4aed1192498ef6276e52d0cb3836480a95f2485c77b8d1e1
SHA512 0229382c75c2e4ecb1230503b0b73f4111a37bdda5ae51145bfde2f0f821ad9ff994e713007fc67bb09d0ba50af8d9b1378940a38159a6753872c3e1ed69b9bb

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll.encrypted

MD5 ab2f936dccb3564783490c44d6a44a17
SHA1 c17d1be6ff4c1a8e04fc4e0983c81aa957052ea1
SHA256 2141beb2d5a5fc5b65c5f16bff4cab879d6f7f6bde5cd88eea326c321c916725
SHA512 11973e74f506fb89bb68939a5d421615cbe18fa93f711950ae3eb91ef3e2dc1cb6a482531cc3ab7652c9072ddb013fe92652a96501a5eacfcdf2a39a0cb0d49c

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll.encrypted

MD5 15fb592372ebdd690c329187d5ce5fdd
SHA1 d79377c5e95e97099011251cc82094004e56ffff
SHA256 ec4ee74107e54c32d2b9f8b3134c33e36a08756fc96e8ca45ab94a73f0a1d29c
SHA512 274700e4157603597a5eddabf5bf3d2e2c17dcf3f6ecfebfc23f95b72577fc392dfe1a0660ff053acbedd74ee678163e0ef755d6daedf1bce5198c503d40e165

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll.encrypted

MD5 6b0a28e3428c97b9aa59aed06bb5d49b
SHA1 d5d09b0369085580007066d9f245c98c4404f477
SHA256 33b01aa33000e9df74293e90ed76fcf032e564fd3f2c1981578b0862064de3fd
SHA512 6e085da568772cdfad75796c45bd9aa34cf62fa2ebf1202df15fdc9cc26238b1e7a351b603cf08dfd8c20197d6bafabe7d0243ab22fd6f16167b2534042d1fc1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll.encrypted

MD5 a70a0cee579e1299496e396caf5b1a0d
SHA1 c03175ecbbdcd743d909e0b64b1fc0d3b1172b89
SHA256 7b35c45eed784e5455bc635e5d48109633ac8db85aff784042fef65a42ff6bd5
SHA512 0b1981819243502623f152f60877a23638b9bb59beb8e5f9eee685dcc17f62fbff26bc7b65467433e4c8bca9e52fd8da10ba462169cd04a271136a55a20a3117

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll.encrypted

MD5 7391b0e1a1923b1b9d554bcda64eeef7
SHA1 b72003f1bfa0c720416dd2274d54588e49b0b5e2
SHA256 fce50c5da44782e2e49e0ef6700f505547f9a16f8893d548e6ee4c4bb97deabf
SHA512 ee3ab971db866ad8d3a36458396ee34324492186a0bf9de8823cc0a3e85de9ca1bfb31020406a5a6bf336779545c539b81048b265ce303ea0b2586d6c9c122f1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll.encrypted

MD5 34c9cbe36fcee6bc0a81cf9779e1ab74
SHA1 b1fc77a014bdc82e2008e327c2afee8f4bcfee34
SHA256 c47a8d4c03b2f2d7605f2286164eb74aa15a764c6fe4eacf1a8a6bc60df0b885
SHA512 fe79bdc94523d1517dc9817e1ebb22e4037f26a28a7f740c8acb38ffe3eee34a620ba79f9a20cf1174fa7b9158beba79e0857ef4d12986724d551e3732434699

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll.encrypted

MD5 1888c1ee772bc46af36f7c43cadc4a28
SHA1 695e2b70e844023f86674b2c4d5736e485cd90df
SHA256 3407428877665b00ccd226504cbcdef9f2db8d224c3a3a431c4cd307c25aa507
SHA512 c52404ce6bb92db3108f9afeb73707105913154459f23ccfb2177c0fb3b75622ce85145d528879162136724ede397b1fc697ae75af040d074559d3319a1c8750

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll.encrypted

MD5 ca82c9c82f72b9cedc3342a19a941d5d
SHA1 81a3a8583acf13150eb56a0ec18357d4a9915f88
SHA256 2cadeaf4e643d913f00f85ccdab07a43372791300af4d18244ef46a3eadaa738
SHA512 5ea4ebccec457ddb698b882815d19b5d16ccd04c21b3efd220795ec8e4546a6be0b4d8e35e4969781036d91c744542055c4ea028b19a7d98e17c28f17fda3dd1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll.encrypted

MD5 7b103bc8b57ba3c52d4627ef13939534
SHA1 929a629902a642b81bd52182bfd9cc8a571ee024
SHA256 09507ec6ccfd6c1c058c5d22d72eb95ad7bf091547fd7e7e91737d49fec2ad8a
SHA512 9e079ad1b12eb240fbaac2bf7f0b3437ad4aad711e52e11a65de324510a74bce98bcc85488e10ac58a77d6979c1f294dc3c0ccb6354b5d432de11f5a81da04f1

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll.encrypted

MD5 12621a6b88ea5e5b7f2624721555411d
SHA1 cf3f2cad41dc9e72c8ab782d839d8ed993ee5945
SHA256 9108b0568452299c66e33b69832b836c289dc2eb007d1e96eefd8ec31c41d38d
SHA512 a2b4b814babbe9e6f262f8b797435d0b06072ccd04279b28a6bb5828fa6697a16fc1306bf8b9e2fd580eb18768399c4d6fd781444eaee95e50838f38e381d86b

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\MSVCR110.DLL.encrypted

MD5 95dee7b6f6981ad027713c2c7f7893fb
SHA1 5a5ea385e83c26dbd5526049707f43436b103faa
SHA256 2e1ee1c8cdb8e356e4ac1616784a142082befc632b2093530c87f4fb1f9957f6
SHA512 c44916311bda8038a81b0d51b2c1bf81526548de48f014dcdd5c0a29a1d509a40c5a1d5e0872899fe03de28a4b993ebd2191ddb0cae9b89f0473c1b063b30333

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll.encrypted

MD5 bdc6009f1a30e90991ca528a0258f297
SHA1 e0bb3cff9e7fd6bc7aa68de5f91b4644150815d7
SHA256 2099c06606c853fbb196ddc1f225111deef014e7863ebf028114943461b3fd33
SHA512 8fbd39a7860e881d659bb241923f4f16f0d8c39cda2ce9aa727fdea156a93cdaadcabc75eea06f0d232c6282c55c210967a9316c3543db0174ecbe9733638a49

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll.encrypted

MD5 f7d4f9b6894a928f02fa1e327f39a1af
SHA1 6840e235ffae7906be969564f3ec3e3add02008d
SHA256 19b915bf4e6b06bacc05778ee444af176cfd1c3eaae2c95a1ee74a45c359da73
SHA512 0bf18fc60fc282692e1be37ada5c2a5e0e6cd2a4a001d7430f2ac82887e71697bf7470b75d2820a4484eb7a0f9569c0086ed3ff00df24f9d90bdb74b4973ed55

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll.encrypted

MD5 e77466bc22c0a539f7f64b58ff3f28a9
SHA1 83248257d68d8e3ea237b7077b3ba49d6221e5f9
SHA256 021c29e520282b6288a287018dd21e9fbcd6ca9c29904c1174593057812e5649
SHA512 4f9bfdec60cbe04251ae4ebc0515b50f91a529ff172c0de4e0de2daadfb8668bc71283412be7c46ce73c84559b848d3694f7923a23bfc59302212f53e28cad57

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll.encrypted

MD5 e1b1d0bd6fe5a77b11b870a4bfad5dbe
SHA1 478a991d00233539f5274083147409fdde524291
SHA256 2ffcabed9b2184bd2550c65c7abea2e045a73a392f583f485c233e8d15d19752
SHA512 719aae09c3a55f98432f82fd6fd2ab68bdb2f7e413750a61d36496dbeff3020132a9e003ad791231a23fa510d1f6b21fb02c12ac2b2032d2e44da443fa5e87da

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll.encrypted

MD5 866fa0ddd5dd22c97277f61e5af25b7a
SHA1 7e7c08b6045edfa04ea0a0cbcb826533281d81b7
SHA256 f9c74d1c96d948b88aa41a7ec58619fbfe8201c1d60fc7470dbc341a90cc47a2
SHA512 588f32d334e47711d3925a1f08b32b65f93eb08074529593b0656977eaa1d4f2572e3878f2305cac38c910fd80ae9df2654fa64ef4f3d5e0fbdb0fa11cfdd38e

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll.encrypted

MD5 7bddaf77422aead228d2b60f24e789f5
SHA1 8ddd0d4f6fdd709f27298f7e894b5163eb88f6d8
SHA256 0328ef4444dd7a94b805476e51598201fa0af133ebefb97002646361f4b5cb8b
SHA512 15e72cd835ca25fe8ae48242a88ff8989ef0a96b8eab32e76541eeb3aa3d62c8ef0bee9cf83ea362d64f711e028123d295c6001318b63825b469a1af4d43768b

C:\Program Files\Microsoft Office\root\vfs\System\msvcp140.dll.encrypted

MD5 1c8130fcf67cc434c26e60a047eabd2c
SHA1 229ce485ee8df6c167b030d92d4b54d156d8d728
SHA256 e70b459fc95789d537bc0ef276fd118435ccbb00c04373a5e6816d86e919c99a
SHA512 4fdfb3c7f716337dbdd2b58ca89881a0d420cfbb9471c44584845fc71dbde53ab649f98dc658746bf09993c6cd9a186861867594ea21210b853d076c8f256cbe

C:\Program Files\Microsoft Office\root\vfs\System\vcruntime140.dll.encrypted

MD5 1b23f4cd4a25da32b188403b181253c5
SHA1 b382e4b76fefcb8bce1928e9e4dfe2b1841f262d
SHA256 280460dc91e0ef95a646cc9a7951582c2348ba2634107e40fc4d857d28e108a2
SHA512 b32ae244b76dcb30b245e5ca9e095d61a9cdb4f9c6ff9ac4900ca10fcde73ba57e8130b434dc7f7cc34dd1869268758209cbd7feed6d3bc970a9f95f8f8e99bb

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe.encrypted

MD5 4bed5aad7ae1f5bb6f7be5388c594d7f
SHA1 edf36d8d0962e44fe316b2f704b7009545f56d41
SHA256 240fd5891bf2affc1d2111491f6abdb1871c6f15c027cf6329fd0544028b7727
SHA512 8f31b63f619e5f90783c4892c64ec2bc91c1e8852efb7294ac65872cee3d03fb458dc5fb995cfc13bd11bd6ddc7a4ea1f9f7ba61b5b94c9b73a07af69932c013

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe.encrypted

MD5 0c003364cca5b8eda6388bd56f623e5d
SHA1 bf713ee96b19500d828566cecf2cddbd7b6d9b2f
SHA256 419226908e9f74ec417d3a14baf88b0edf4481e74f838eca3f5d2daf5d9b0ea0
SHA512 0ceeed321abddac2e1e49217755bf8c81a674ac6085846ebbb1df515b1cb278805812d816409fd568ec1f075d05b4a8be609c69692609ba82d80d70a91018dd1

C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.encrypted

MD5 7bb50f51835407f75f35f378a2848b73
SHA1 11286cdf82096ac3d865c7d3309946e2a5d74bde
SHA256 07cf5470ba4cd9692733debd560dd690ac4d7bda2002bb79c718633a41025861
SHA512 353ace6936f21709e5df8e5151473c97393078af8d8d877d120de1e31ead95efdc64a0dac499310e9e37b49640121c9f33454afacaafaf5c89ca82a3c9ff381e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png.encrypted

MD5 3452833ce9debff4502f86211cdb7540
SHA1 22b05b94c6eb0bf393bd3bd9bc6493a4fa048ab9
SHA256 3fa780bb013fa9217571d5bee4b197f2c38e12000b9283967910b78bebf66a47
SHA512 1d47b417c054c46bc5217af7b012cb090c81ce417e749d28d9703bba87239eb74ed2b9e16d5f308c5e384940ba8c96538120c1d1c31766ce00c055c32d2bea3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png.encrypted

MD5 3898dee79e1de4d93effd4adc308d72b
SHA1 cde13b18aa1f2ef8648b64458981f2aba349020f
SHA256 2c6d71ea8f97ad7e196e3ecc8e7dda933b6fa288e83c281cfd33a4a0b90bb031
SHA512 40f4f547717318c23c87fdbc4fdc2a5f68ad6895b63a13fabc33a42b1c83655d7c0cbbcbeb903f7ff036383abbb68fa41ae1f5d99c7cf4d73a852cfa41d98a7c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png.encrypted

MD5 83146f0bb541b2e8000e82d46ccfb988
SHA1 531b2bda5660138d4c453f3a9a6d5f3b2cb2f003
SHA256 ca630826afd3cd5f9c5f1e865671709575c1ea1bf3f534d5baa1d6e715c991c2
SHA512 88baf700619b6f32aeaa4080fbf14f208df46ff6b64b992adededd3bb02614b644cd803b0da187e48a5f6a9bd13e97f1f45552fdc6541d073fcd3a4a07e33b6d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg.encrypted

MD5 2feb168186dfc3833761dd67acd00190
SHA1 e7e15c0e04f112963509d116dc94ad0231187553
SHA256 512db6c70339505faa4fd3e6cbed4a6d88d0314cdd33f259c0600e1f8ecd4478
SHA512 7fe438e9dd0273b61e0b2f3684f17928c5a4e546104b3cd0d56fd679d4fdfece3c11553a40c820e01ab389cc094445c6a66e8f799665e1db71c5328750b6d22b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\duplicate.svg.encrypted

MD5 75ea6f2cf51d8bba811a58ca9340a737
SHA1 ab5050f0fe19c0e74ceeed39257957fc1d65c42f
SHA256 c0ee707e7bcda6aad91cf3466af615e390c76e18265dbdb2c6194831bf428135
SHA512 fd65c0b3024617a8a9b7397591508935ebbbd0dbc74f326f58256564dd66a9c2c6925f241d6c0c4132b9bca41440a953ed05a5cad7b0e9669e12ff97145f89d7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg.encrypted

MD5 b62d408df1af6593c52dcaf8f81fac6a
SHA1 cde6d3811596de731108f183d686a3f2bc84ce58
SHA256 2013c39563771111ec5554130876cc5c091d2d6030b907d7d5dd008f780617d3
SHA512 bee9ac9ce1051965ba1a66980cbf50a3af24aa7051181c9546e9443a6d4c974c96d7f1a859dd3bfd122c27c6fc94b4561cb79ff998a02db0af8df7f1ff6d82ed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg.encrypted

MD5 e1554f74833c306596cb5dc2a88d4b3a
SHA1 ebff46063d3712d1069f593478a57bdbe82b266e
SHA256 bd4560b2188e25282854f50cb578fa66a97fa94f15a36243f43e857eef392440
SHA512 d8f1919e7cfbd01c9a5331507a1bfb2e8a42a1a530151c4aa35dd0e7ccdaa59cf63ca31dc7bbea46a5d27a2e6b073b14b0ef005bf46ea6193a4d51da6543ec2b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_comment_18.svg.encrypted

MD5 824dfc32401410b06500474ced4fa072
SHA1 8cb19e63469c9998c53cbbfc1452b02188b398bf
SHA256 b51a2f64f5e41c70135c660aee0121c7ce4a0e3dadec88cdee4ce34a3b59e827
SHA512 93f4d0a31b0a65980d3ea317eafc6edeb140aab8c2b5d80d1a15d5ded5a5bafc41e3fe32e02e168cdeb0a028531a16bd84ad7ba31aad8f56df807d6805990757

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_editpdf_18.svg.encrypted

MD5 e35f9d75961c208abea4855026973096
SHA1 760cd519fb6991d2b0680cf1edc5ec766cc1dfc8
SHA256 3a135b1cebe2b8b6b455bdfe8287d305cda5c937b995d58fa69607cfac9d4e7a
SHA512 6d09f26e9d81fac9560b063e1706e61149580ec23fd42864dbc28613add6a1066442b209de35aca1c8d584a3c92506748a5ecd423518f24009f6c60c162c5e91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_export_18.svg.encrypted

MD5 4f4080a3a4441a5fea40c93d109dae70
SHA1 8e665cbd40a647e75db2cc2f7e2d19f5d40ae83f
SHA256 e57deb709fccdb17233b2144e2148b682ff46e347d2040c5c57b8fe345f16db9
SHA512 b1a512de8c8b6e609aa40bbcffe366b21a095a09e1ea25f4d9fa0badbc9183b8f508a88bfb140721bc6edde21fd84f3be14bb74899cee0dc198a06f0f9187aed

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_fillandsign_18.svg.encrypted

MD5 3e580227f55e0e28233bdc8ab8935519
SHA1 04da3d69b7263c23598774cc602ff183d846358b
SHA256 3ea82bfd003a80d2c3bd1ea4dc14d82175d43ce4d7062fb859edd4f6f602ce99
SHA512 adaceb44c96afd5eac6840310a929ad2588242c8c768cb68e6dede4f68f31b10eeafda57a7a029644600b28b0bfc07602a68ee35328cdb7ea6bcb2fd02476895

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-default_32.svg.encrypted

MD5 f7625ba2f83eeab845e5ce5360d94410
SHA1 45022d85cd8c067f126c9491c0d1d63ac9befc8a
SHA256 74b88456fe2fadb45c089c77f3284c752821a493b8652343c464a53b180280ed
SHA512 f7e49d822365400963a6351883d277cca46b41f1708a22a46a623652f62a11e1759da5ebcf83a0394fed1cde7da3be899b2476017b33a17cbfc6e25ecda11cd8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_move_18.svg.encrypted

MD5 dc52414dcbf90793503dcdb133eb9236
SHA1 4a245a8f69e5e94caa7c063f5023b183fc4bff06
SHA256 dfcf1a1ae08235c695cc03e99d82b52a70c27531b6d3c9577a170de4f2c4bf05
SHA512 d0eb35033ebc9f567c15a86e4f0efebaa7a1c9e04e6ac5f9c4f25103943b149ddbcba19d73049d2baba12029b0bab53807e76323a63da09570ad9dd685a81677

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_nextarrow_default.svg.encrypted

MD5 71dae88c01e8b0d2dd00263dbd64d475
SHA1 d073a7aa0636b5bc082fd7192eb8e1967a32a464
SHA256 6b3dba37020b5c148bcd8003d2d04594705733621f27761e668bac564204a029
SHA512 3f3b2242a9b6425a7c9f8694d6e6843847fa2d6f2713a1bd5ca677132b706c09bf473ee284c2a972c8309e6ffb928372ce60d337729fedefb906bb4895948fae

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg.encrypted

MD5 42a4a49eb48f08a3c33059bb2b7b9ef9
SHA1 20c0436172b72d2f73b44180ffe0fb3863cf1593
SHA256 fe9618cd8fa74d0923aed710aeff5ee402eae0bb233d370b9523ff9c2fb0c903
SHA512 06163426705bc7516c60aab06d5cd09fce9174f7a8efc7a6878b4c5e3ef9746be84dc355e46af5a38a5073807750bcdcdb4a9de489225afc7699dca7c5898b3c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_rename_18.svg.encrypted

MD5 828fc82507513fa6994a22db39380873
SHA1 27a5b9e03f5dee1d58001998d2d4eb21aaf6af91
SHA256 a39b3a5dea8a267a59235f188a95875a13b0ceaca14649eda0bd5222d1200a8d
SHA512 d15674d6c6cfb1094b06272fa29038101f74b6d7d43bece0ab9c96a53a682dd819136dd5f54e0fdc0d8635bdb9d36ec112062ad8e82e84c3037a52b2f1803843

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sendforsignature_18.svg.encrypted

MD5 071118abbcc582647d4e6fba8b86d61d
SHA1 03ca712a368868a618d33b3ac0ab100f67e32d74
SHA256 938bf9632416ebf07de06661dc151d509a4219123ad67770d14e660d3d91eadf
SHA512 f9f241019446e1789c83c20e1a2295116799b1919cf1925cb380e53d6d8ecc07f4ea849d16bb69a17b1a77566861e5bcc3c415a7fc0fcbee7ec98bed970eff14

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_share_18.svg.encrypted

MD5 7e38578b323d5f4850217ba0282c7f02
SHA1 30d58a38ba0b8db4489798903620e7b000d3f820
SHA256 1ea0304e433f202558024220048c6f5420bbea012e07cb6bc61698303b2ec18f
SHA512 82f1af9d914f682487f94cc5ce6081426cfb2e353ac422e3bfb2998476491e1bad686b15ccef2165dc30e0b02e5fb31d74b1739628b09d1d1302f46267a80b8b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js.encrypted

MD5 50e005679fe063a7df9ca488a3eceb2d
SHA1 06b1c3cf64e78c285191c7aae3bfe31d72d83e78
SHA256 2ebbf1575db2834aa351dda8e6f2ba52f0637b3b0853c736f96d5849f1c35537
SHA512 c384bfe264e3a3cbcc6a708ce766e16388acd2214524221cf028ec4cefa3b868424b5a703564a72b9576eaed4d670fdfab44f65e0598e8ac99f7f90c4e84a231

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js.encrypted

MD5 3235db2d7b3830abd616b306a959c280
SHA1 3b13c4abca07e8ea6706c73b22a843e74d1a3bb0
SHA256 fe3789757e02e4b19b107b80364f73f78779f6326f1e729a9fe0a435a742e033
SHA512 f79936b9ed3c3ae9694a029f5c60941ac7a62884dd35b7b38c60ee30f59ca9620c4f6e5b829948785042d89beaa551fc15dc2ce41b9356c67edcc13b066fdd83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js.encrypted

MD5 61074efbfca7867e06a2a1c829529b75
SHA1 daf9ea3a61a4ecae53e5d3cf1f60084bf338b579
SHA256 e7a1100118d4ffffd0393c0ec7776cf20d081a2ad10f72f07f379487aa943c56
SHA512 38a5bfd7ee5abad00e57ef9444fc8066f7aa76000cbb11be67ecb4a30fd886b0e9c88a109352875d05286f0d65b3eb0a95908d526f5e4559995428dd2503bf53

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js.encrypted

MD5 2de3e3e2880e61111add1e27e18948d7
SHA1 54b10b20b0ccd3293f311c2da7788fff58afd0b0
SHA256 caaa7809a0270d9227859f0abf5a9ae1b11cbf376eeeeac194d0a201720b7d14
SHA512 13e9ccf7b5e15924eacb85f0ecfdfca88089e4b749906b7d718eb3bc9681d6ae972ebb50aeeae8a23bf9289da43c4c4995f151d897dc216fa934c1ace72655c9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js.encrypted

MD5 6974e49a5abc99d9a7e1c9f49c6eccec
SHA1 74a6fab2a72a2581deef40abe983f2a9f6817690
SHA256 9d0113943493d74a3e879906ff5724a60ce0097679e18185366b2d659bf3e8eb
SHA512 02b31a1d3403fcd90b01dc9fbf5e32cdfeb6b7b9795a711b987f7310d17187de49b939a8579a470669f0b46e7f6fea95d4bd7f50f46c445e32899203b53aac36

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js.encrypted

MD5 73824f11207c5d7a067c0ddcd2fb2290
SHA1 bc0aadbdf54f433e83fd830870e31298a9667c84
SHA256 87451f851026ffe3856afe55aabc231b65674d021668f089c4017065ed88b013
SHA512 c8ceb3c2866f410f7a21394a987e8cd3c7875daab2c0c421bd72f96b826855c38b78967a9d12cd731e91ed79bf3945702a39bee6e7bd96431eca74996d881153

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-selector.js.encrypted

MD5 4b7cd10241f4eb6b6c6290692b2ff6e2
SHA1 59c1b46f17e58cd6411385babe4bfb8009df585e
SHA256 e7f8dd29cdafb7f80a4da752c74ac97b36079ff4eddf60fb167abe8dbf9e8ea0
SHA512 189734063f103bb66b1b2c4ce060e050bfaa555a56a1bdc5b16ea3a32acae0976ef23506bd59ed630e03f148e0a4abaf8872d5a41fbcc0506e3c018c000ed12d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js.encrypted

MD5 466bfdf930110098d0d5d7b99a90dcb1
SHA1 cd3dee8ee61eb2f721367405bb41fdd1ce79b4bc
SHA256 8a3b3247112cd6e24ed02da97583315dfb82c39a766ad992be449d6315f7d275
SHA512 1810dc007697fef79808bb68afeefec6709c97d24b4989561ca75f4204fc2e6beefea7e049011aef45c87be74c6970ef4a19f1f72f14a18aefcffc215315b0a9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js.encrypted

MD5 13c6c074318e3524328c349d7c51dda7
SHA1 60fbc24f89f470dae25defb9cc9165d96836c067
SHA256 8e197a0e5d25f882a613b4a1e19817bc32ae7808a3cf05463b12f5fecc7258c1
SHA512 39cf8727507391ea96aa74a376534df970e743e20a4a8cf1d3abc5fbcd2e5fb8c2c3d5d12190e7f76978b26acc5a557129c5e92c81c233fe3572f2a89891942a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js.encrypted

MD5 35b634c2111326c5ec6c6cbc9c57006f
SHA1 5f3e1228c5e6f1420379c1c414374e4c8102ddd1
SHA256 4565cf76ab517f335343a4a15fb1e6353238590ee343b45eae9f085045351023
SHA512 580ee7bb9ddbbab525410ec4271e869968948ef0b3a0f6e46eeaddc7cc0efc01bc1f4c03c5a133e81a0a42300c73a924b4cca0d9037f07b993fd3f5396efa6c3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png.encrypted

MD5 c8f565d4d69536ab55c0d97c604570c6
SHA1 0d5774134c749a6f9c44fa8d08a24e3bea5732b1
SHA256 903759ce5e96546b7b2c57a132f0bd26d69e5b166da1f1634b315b3736f4e7e2
SHA512 e7b20e19e81239861a32234ae77b7f4c3f478ebcdc1d954ac344d4d2639c7583c4de483baeef9ec3dafe0924c4e6c46ca8f45b2daa92e0a6211cfdfffbfc0aa7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png.encrypted

MD5 f31e346b3ebe9ef327a1c868d87b463d
SHA1 c9a8c162c097418d2d782c214ccc06fe141dd3fe
SHA256 3af2068cc7ebbd5762253f22f5de73b036ee826854810d660b67677347c29cd6
SHA512 d3d865d1237e56ef6a9595520a003ef3b7a37db2564b6e1db9a023c5c03e74042d9976d17c23a16b9e37f3de3391b75b0341285b418583c1e44b9100abc2f8ec

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png.encrypted

MD5 a2ae6dedb7698c01db8d8bd9d6c96c3a
SHA1 be40b29cc89bcf0eceef9519927c15f3b03b50cf
SHA256 d499246e3a08cb0cd085423a879968ba1e863c64f7f85ed8824dbd7f4c100073
SHA512 845d6d5f7674ceed097f3533cd68881dd5ba922f2fe97b6a50c07e840d70228938c7a0ab19d810a43f9b9d69edc6b170ce1943cd3872b3aa79cb771cec6c619a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png.encrypted

MD5 0bda79bc23e66e853168b386d0895d89
SHA1 38599de75f09f23e96500f5a72c950b1a4de23b1
SHA256 10b14d43c442946b83cf07b871339644d53e8018840662b69d2c907d70f90008
SHA512 5750c02977f7a222f58f100d692d6ca7e1698a36cbbd0e5f299e59dbf5eaf062d1afa804a7158a0fd9a8c1487d61797b691ba6ce239d972b192307f097c89d05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png.encrypted

MD5 9ccaa2695d2252165eb4097e49fd9a5c
SHA1 44ab6402e66d4a3a97795c6188eb05f786e492a2
SHA256 bc3bda545184d1c21f4764e31666e691487f32f8a1d08d2bab149b3ca239e7c9
SHA512 69710edf846a83405b87210932fbe8af9bc98d894d90c326753747ecbe9143fd90b87792fe99148356af83b5d305fb1488e9edc91d655f451a79ac04f7a2b74b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png.encrypted

MD5 f62da43b15033ef7455c72936a7d7949
SHA1 b6602bac7a2ebeb4774f6aca356e543e3bd40d83
SHA256 905a99d9937aec38658bfdcad64c68b3a3ad2c922e479312ef6fff090a0071ae
SHA512 e30294255d4193df119a5c9b49da13d558578db2b53c2de2131ea0088e204bc1a59d1bde270ba6f0602b8b2d8c0717f4bfd039f859808c89158f8c831b8f00d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.encrypted

MD5 e7809ee6dd232ff0b4f7d93cec3ce64c
SHA1 999506d31b3d9e0f242bb0d5f06d24f56c23a9a2
SHA256 da47335115b74090a813ba6da234dbdbda4b3287544174b4c6438b10feb3132f
SHA512 f6be2af50437f7837732f14bcfa5d55c6489fae77e467191d338c7b343139017562cb277221a9882a7d9c81073b38076ce559d15d9f83d24e1de3ce9df684806

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.encrypted

MD5 9038a901f582a085b3c00d9291fd02f2
SHA1 f418faf102f063f09af0d5189332b20bd4c4533e
SHA256 f1a93568220e141c7fa00a96535ccc1df06645aafad9af3deaeda0ecf861d781
SHA512 81e8b26e5dad5587811628f12f4587fec70470783aeee884623fcd3f798de005b97a960d3ac7c80ad3313153a455ff1c2607dd71ef99fbb9c6b4dad9a2925615

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.encrypted

MD5 6a56ea1c86bd56411355db9c015236f0
SHA1 8e008e3b01201e3d7d5f4f5d7b83365aa4e01ed5
SHA256 b2268fb6eaba1ec4a66fa3efde02862d975a5d69c0b7c771bfa78eae86b60e59
SHA512 3ebd26cec50b6e3c826b46a8f2a23b8ca6a1179d63624d8db5557b1e2bc8da4498753f2e810ce0682aaa47a188598006eb6abf8e586e1434be5f295fcfec332f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png.encrypted

MD5 8e54786e9da8e275b745047e83900e38
SHA1 ecc77d2564993c071857652e9e2f1223f95ce4a9
SHA256 cb67c00275783372e32ad2c802beaaea14ded03c0f5e92595b66ace5e57157ec
SHA512 f29a65aeed720f80b4daf3300c62ddeecfc0dd5a92d5fc7ee107c356fe642582a71926506832fb989b65f9ac176817112da6ce7af8230c2947d38787c0204067

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js.encrypted

MD5 99fb285efdcddd12eb0ea3cd0c427cfb
SHA1 0b9199906d0a89958692ec70e48afc738033dab7
SHA256 c87765f24358d94ef8ecf2a2bc8187077841de7d2ee4bb8e4ffac6d1a30ade50
SHA512 39ea755e31d341abc75560d288c767b289dd7b995dffafa9fb7281e58a7b87110cab2e7c2289f0e6e09e772eef8a930acfa37d1cd561a3405c3935a180f651bc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js.encrypted

MD5 a078e097d549a5f576b5a37fcacb9d40
SHA1 e7b1283c91862a0de1083cca1def4b22c45e6842
SHA256 0df3d1aa00d926579b157c70d1087fe432828ca139b8e980cd385193ba72b203
SHA512 fa7cc420bf78a3736280b5a32f5a62018587c9cf2e96341fa007e3a1ffea685e95c124f23c0059a1afea87f56667f1ecee4f1f5ae5d6fa465007f90affb379e6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\s_checkbox_unselected_18.svg.encrypted

MD5 33eafd1d058257c86d275fca4ef5c766
SHA1 824c0f5e2120c6e8119b0eaa04ee16913a498636
SHA256 41209329c7b0b693e1fd9d5e68f96ba92023517d7eca56a5c3909e5bf7407936
SHA512 0555ca307aae6164ea5f7cbe374b3821a94a87846f0d3d8e169b055115af92217391e9efd02a6aaeff99a4234c125c8aac42df2e7495c897885b70fa91d7417c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\s_checkbox_selected_18.svg.encrypted

MD5 afe9b420c66a4b5e9cabdf827bca0169
SHA1 f724361225cbee03cd9389eca4cca428454ef3d5
SHA256 9f25c841c3cca9da48613e66dcc19f808dae2d28f32181b53f78b2682692024b
SHA512 72978263848baa12e16cf06802f6391289c57ead9f62448782cd6e8ae9dd477da42ba9e62e97ffe8c617e62ef2c253839e2b1862cca3d3cafce0dfdbc193bb03

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js.encrypted

MD5 19606775f8d4dcda1e57880cbe42d8e7
SHA1 aa613387e232d30cc62b48089a8b3e20e655b72e
SHA256 3ee8a9f63fbe9ee908859c41a6f1cd6c182901610abf39cd67ce895555bd8dbb
SHA512 f91cfb077f93da54e09f085789d3a95fc5e1280042f55063561b5ecef96bbfd355b6b2de0a90569377591d0410993c6135d4f83197c0e38ed12e5f70048a5fa9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js.encrypted

MD5 364d72717dfc17c141e1513fc21f1b5d
SHA1 ce06965fb7b0d627fb2209e4675a02019493faf0
SHA256 b3b4f407055a2b217623b8598e5cdf8e8b98729a75f2293017a98c70b51bc951
SHA512 3ce9af08d9555f4596ec095b41f56e089975f3bf7161923d58449befbeda95bd3201ead8f7f640cff9f41970458a1552a73b3afdcebb098fa0137eded2f6b386

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js.encrypted

MD5 1733ac5b371685b64fb749de64fdd998
SHA1 39c2684ad7d0b4a6f0d62a7c7f11b40247b9e0bd
SHA256 b36698c345d7ceac3ac75a9acba3cb16833a87e10289cb2b146f96d1bb2e09ea
SHA512 877648f2577e7663a87c3a967985dc0f5b9d140d599e5d0bf36f4fdcfd5e815326635970c1c193c2441a7115be635d7753b6e124813f7a8b13523d931ad5731f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png.encrypted

MD5 708e3d1b0d569d67a3ef3639d394dd58
SHA1 f87bab03564711d22e516d45421112e983d918d3
SHA256 7b0f1cff0d9f9bc390bfadd8ecb3b93327f00582786d2f919ac0254045038e1a
SHA512 ef37c32af787ec0a95b6785b9e30e9e07ee3660d67354025e1a17c34a6739d3d24b58257a6bb0bf64126565699c42acdb27c8755a687b278eeab987ad7a72209

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif.encrypted

MD5 a9ed8c0858d795503fb67e6541212453
SHA1 0c2cfa5b2c8278c4cefac9b0514f514a01f1df8b
SHA256 526049cc0fbbbfa07ae140eddad50540cce20ea970b8beb94e0d60f2508f7e00
SHA512 2d279432c9acf2457884d76b200ab71833180b7ad0515e555d7ffde8b0a6538785ad897a2854377aa720756b6aa8564d4b2960580e5607980708e2dee0d5a40e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png.encrypted

MD5 253cc369596e230aa5523b36d9a88232
SHA1 dde58172067495f8a2e72556e723d17ea5b82b9d
SHA256 d5f4893c16749339446a5f17daa9e5d48fbdac16cb8c12457355fd1b8ec6f6e9
SHA512 caf9487c6e98cc3314937bea610207d0509005208f102ea5d76eec6f2737ea25f35d278c88d6f8d7b8235779523bad401b6a3c9182407ade26fbb42364d5399c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png.encrypted

MD5 2034c24f34555eace98455085bed82a4
SHA1 27f71a12dc965782ed4229a33a9bde556175afc1
SHA256 063ac57054ac4ee17cba2fc4e2fb28092ff55054c2e863abb9fe833d8c232795
SHA512 8ab573eaa141bd015bc4a2720bfb27269745dcf68722cec2f8f6f07923831fd5626f46a585e3e4cc2d27a18fc90023c207873ed5cd840abc7d33c9896ce77b52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png.encrypted

MD5 c173f0ecca5ed58bd706e28870145111
SHA1 52e2c3ee4bb9999e5be8517bc82abddaed8e69ae
SHA256 2706924065cc521876c377906c1a01b47a45d025c5345b417a67ceed2b637b51
SHA512 acc06b823128408f6a4e80eb4e4e117cb4b441fa9a4af42ad44f017d7c4c7d755fd17eb924a87beb7d0cc2f5a52fa63ffeee8caf9e50f92df391996e2a93e479

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png.encrypted

MD5 f5421e55071a32eac2a780b16d55c56f
SHA1 1dfd6cd8e5ec0501836e5e5ea3557083fd9e0b89
SHA256 15d0b79982455a181d9ae0661fb64d02ade1d1152f59698491844b13ed4edabf
SHA512 1d00cbed8812beb5ca15e6843b34d872fc6307bc2efb0354023fa9ce958d4e1d1c90f49a3d2e9a6a1f67ce0e8517235929a68602c3b016761091f003c6b04c04

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png.encrypted

MD5 c3cf683fb47621e785fd4c59b755871a
SHA1 0eef65b94fd944eea01af404707a956fbfd7e4ae
SHA256 e067da7133875305895df6a0c6055fd5773fc44aa9d68995f882665a53392593
SHA512 e6d5945e2109668b19a70836e1ea3e4ae974c02310753534ded0831614d1fdad36071011f5cef837365c95f42d79d07c72b3ac5be32466e5eda3cc69391afbd9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png.encrypted

MD5 b30b2e3262d8ebab1d5fd43774312226
SHA1 9b21265fbcf406c536b41a850f04dc0b7c16f258
SHA256 2c80706d21091fa22f3b9c5ee1c1e73a005762654fbb7823325f450496d8321c
SHA512 b7778bfdd46a0d2bc488cd65d22f27ee24dc81da2023bc475ae8604642db63835a7d5b161eeceff7b8f8172e925650ac87aa5f027dd36f20bc5911c793bf2722

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png.encrypted

MD5 244cb4645e21c6809d52ed9200b6e8cd
SHA1 69f49b1e047efa311d17ee58028840315ad688ec
SHA256 fa11380a26a1736d561cc6c0e16c9932c374f8f2f1402ef52184faa74084dc3e
SHA512 a54526d873f171b7484cb0be154a209ca876964bd06ff54f1508fc955db890381c9ad30375d30948252f7df92f4782df57c1ace56b43c6204c19e7e0a6a06262

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js.encrypted

MD5 111bc02e3c1d155e436fae757f2a7339
SHA1 4fcad4719de9ead7f75d4c57a5acac90dcf2a58a
SHA256 1a2930a49e0ba61834f540f479b1c1ca35a2050d48a9ae52e31665be1bdde72b
SHA512 e0c165bf54dbe19f1e04046aaa67839a07230bfc91d798820988dd7531ba5dd2504a9750bc678eeab1488a37add568e6f5f45264b4e271080351461ecfa06fb6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js.encrypted

MD5 e0a8c3560eaff0961994675674e24b75
SHA1 19df8496edb74cbc38dd5f7d5c8da39ba31a5604
SHA256 0b18ae6cf62d0ffa28cae4c6c527d586b082a46f24db3c2cdb6390de5f12eb72
SHA512 b5959aeabae8f92e2ecbe2cf9a674fb401a4d3bd0511d825e9316e4e3f9148ffa01a48b58fda88264dd0e6bbd68b8ed86c58827594b81afb3e78bad4816f258b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js.encrypted

MD5 12c799fc9170174762a71555ea997df8
SHA1 01b1f22f3a0b165da4491cd20037a445a8698c12
SHA256 8a097cd413e3eaac05d74ee27b91afbab9d4c655b66bbdfbddaf901f624cafef
SHA512 5ba2935050ebae8de6abd62437c60d7ce6ca2bd72e0d44cffaa1052f9908cc64128cf4b462ab1c9aabe2df58f7ddfdb7aa8f7a25e40a51009a33fc43f736cfd4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js.encrypted

MD5 b89304296347391efbe508b05223bcba
SHA1 57c7b20768a610c737a87c5cf05779b43c54364c
SHA256 1d1cbe8aabfdc7d70fd217a9a32ed1ff4ca4eb38a6a865ec0f0094076e0c208f
SHA512 362882e516ba7c93b97563c5cb5017b83fe5b042c4302f962d788edf24a9c519c7488f58a657326eda8ab0deeee41b1f080ea897269dfb7cdd320d63b65959d1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js.encrypted

MD5 1a30a3c7eeff03243fcf9e619060898c
SHA1 9c4cbf56a8f53b340678db89ff9103cf20b60aee
SHA256 471ee1afa5453b71ef37bd230b60e63a19b54b6dce4eff1bfeea6d6b18d2f36b
SHA512 029b3e2a9d04227289b105e870973ff18531ae018b923232d3a944fb21dcd12f259efe6fa6c6ceb4d5d6285e6fddd0122eefef91b4079cf94261c180d3fd91bf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\main-selector.css.encrypted

MD5 b444a7b5e45d0719cd248324f085fa28
SHA1 c7bd614b0e80c41c228d28b46f399926db075df5
SHA256 b0949408698a55215f600e703932062a04eb33a017346fb4a207007c50abd9dc
SHA512 05026b87dd220cd3b039368f4cead3070590217778df7335fff84e624a241cee89194cc7ba1ee246854fe8da3abc956e419cec900f8458da2de6babc798d0156

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js.encrypted

MD5 1d269c52e2a1f5670f0b42457f71bfa2
SHA1 81cdee3b13d213cbc86a1718fe92b57a4d4d5eab
SHA256 796e203319d698de34b4686ca2ce3c85047f65fef721087f5c08f13690bed42a
SHA512 d50e6b17abe7f731f09fb9bb53f17662a9836068bf996118bb90aa809d559f9a841ea10403c3d77f7fcc4081144c20a5eac5146744e3a3a2210fa7ee330f9f4f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js.encrypted

MD5 f7a34997b908f16044e7923c505a225c
SHA1 bd092af1dcacef116d3420932402043acc3a8fcf
SHA256 5f79e4ad36c44925d109ae62422370a50ce7fa669e181801f0953d635f6d0b7f
SHA512 340c0b607f3de003141ff4d3441f10eb8d55b24134d6aa0c87fa91ab35072a0c993449062c6b9a51dc6cfdaad3f92e3e7d21023072d7ec65ff7ec12121b0ae1d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js.encrypted

MD5 26151d645a1449361a1fbcc3210380c7
SHA1 4da6a188ac2a580c908e6c6f36646caafcf20b9b
SHA256 7efaf80fe2ab7250e1a7820f6bd19b7a78e73e7db17e65f45eec4b271151e7de
SHA512 688e0b9fe61dca56a56f4d825059008c74e43ca7a5972e6fdff84e3d9fdd689c55c6dc006a0052fc10b98eb16c76dd25f1835c6d79706b6725593e6ee25ea03b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js.encrypted

MD5 c1a88eb3f82ef9125d905603180ed417
SHA1 0cb1a70ac3ae546ae95d7dfe8dd036d6995cfdfa
SHA256 2b444163ff1af3e94f5c3ee08f2b124ac2d719718301f934156ee755071b38b0
SHA512 9ccfbfa36c74f2e6306c28ee57b4b60d180670e3f5421346249fdb95322a27ebe952df5c8a4320c1cb87d1a2b13071f42ad1aa87f67d0fc17c080ebdbe755537

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\PlayStore_icon.svg.encrypted

MD5 fa68d48c2c476c868a930d8f303e37f6
SHA1 b5100a19318391b75cfbf557704bc396027c255c
SHA256 cfdd6b648e14ae714b3665f302df900a7e0ff9b3d741d38cb17b00fa48f133e7
SHA512 1469e52202abcf596e4ec50199af2735cee2c1fc50325a22756ad99e34daffdd016010319cb2cb04b8d0ea41a5857e935b4374fef82617cfbc1cb7d8c3028581

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js.encrypted

MD5 f5e4ffcb6ff287752f57c05723b014ba
SHA1 95d4826656b0bf01774298bffee55d436afacc88
SHA256 18c7bc3e15bbe235eb8b2fd9c14e9f5e6979de3041f8aa42bed225d027547469
SHA512 868fb6ca6431f9d8cae0272f79b05c84d074ec350a3129224aa4009e40465b7c2ee1e1875b0862290e9115884f5078c1bb388ce4818959c6fc615fb45b402598

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js.encrypted

MD5 55274b84ddd866224b4f916e0caed912
SHA1 e3644976a639784d53dd7c67c5514211444f8cf3
SHA256 0c3e5daed50520969de6983b5efcd9c4ca1a2c17cdccfd23e629755df9d531f1
SHA512 a8558d802cbc5fcdabc38d821d03677cccd110a3715cba183f01857c6b55f4184f8ec511f51ec01910783a99c611b87da9ed445f0fd08f64a4cbff136d72bc6f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js.encrypted

MD5 3c8713277b4ad8e51214498b1fe4907a
SHA1 38fa9686a8c42afd68e51fa1d203c9af4d629357
SHA256 b7076513e09d9a02a7fd33b21ab3104823830cb2a0828fbd016a6714a78f72a3
SHA512 b598035fec1f94e41f52122b1c4d42c67c773f2ea5764ad1db9b7f169d8a34e98fb3019caed72dc6e3b2168eb8f24640fbb0aab09f1bd12d405c1f9b0bd7a0c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\main-selector.css.encrypted

MD5 467803fcf9d5e879dce1e5252480c5b6
SHA1 3ad14737c20059d46140bb1b1da790235b724a06
SHA256 a74e8bd3627958cdbafad0e0bc33b305ddcf4cf90ad2d55a0f0b587ebf7347ce
SHA512 9ee1f38066c0ac828f59fc931c1f085f1e0bc3d4091388b673aa7fbf4022bca7f3b1bd24bbdf6501eccb2854bdafbfa09cb1e620c7e1595a5f1bf064e305430e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_cs_135x40.svg.encrypted

MD5 088892ebdd46b78ef38b7800d8184295
SHA1 1872c0336e5048743cdf99a98257b5d1775f9e28
SHA256 366bc925c777b5708f487a6e2b68ea7c9e84e45fa10504017fb898f8094c1fc5
SHA512 a25a745794e2b2aa4df6441eb6d1abbef0d1eb4bd07d9444f99e6463e0c61ebae62a94345d846e422a0ae5a04a879d24249951cd8a9ee53867d7b746f82b29b8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_da_135x40.svg.encrypted

MD5 56278f3770c3701d23e5b3a8276597d5
SHA1 aa4fd2385a9ce52ebb3d03dcfc8cefa3e5ca8b86
SHA256 78bbc2e5aa26deee6681678d25f95d9c791a7551dc38943c6abdc87c63d762a9
SHA512 fb9c18bbfe260dd6f27fde7f9e9255ea64e8bd95f6144b3354df6d936371ea29dfad3c1ffa2e059154b71d517d036182f92aacfe334c3ff0c74d276e876bd460

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_de_135x40.svg.encrypted

MD5 b4aadb98f981777006fb530001bdc264
SHA1 1eeaaf324920a2e5aedb0e4ff00720858df93f68
SHA256 edde5b2abcc9705434f19be9f42bd8d2d6dcfeb991a3ef94159a5643b2689dc3
SHA512 c0fedef2e72c73a222c5d5bbcee7adc27b426325fd6bd5cf4a8d417afaaf13d45fbc48ffecb4278487178176fe5a4eca31c8ac477c7f16eb1bbe0624c76e9953

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_es_135x40.svg.encrypted

MD5 a996b2bdd271ea485ff96e42d99f11f9
SHA1 2b4d53cfb87fe591366c2f2329eceae1bdc82d6f
SHA256 3711bced28fb1cb6fc8f57a9f2925cf2405011368ddf7aaa4044a9ac9e142130
SHA512 2cc380f1ef4ff897a34040199f7f5716ac879afa38517939b9f4b6e86ce751efbd5950525297ee9f6e5ebf9dbb45df4060d0e7d089fe43008641022b82b70ec3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fi_135x40.svg.encrypted

MD5 50349ef7fb74a1d1458d24d47e6d5307
SHA1 6f1af63d38d961681b9f4b1d501e7b271e53ae14
SHA256 309c1c07a17163233db130f1159c1271433c16a7dd1b99a0651ddf77945d7b31
SHA512 31645a94e974d3685deb1f5b81ddfb2581a035e75d4c894a417992e8fe7fee230f6a52026a6dc0fdaa36b91ce7c7384c7395076e0da02b1dc9b6c04719054eb9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_fr_135x40.svg.encrypted

MD5 0c8bfdb8e7c05db2651d34741b2948c6
SHA1 26180bdb98caea2e8786e4387224381d43f47ecc
SHA256 dde45b49ec8db1038269c82fd0370a7b8b5efa2c39138b4fbbab0dadc1dfd021
SHA512 feb807665d66817dc91510793d571838c914128b4135335b7116eb9003cb2f05af489e2f6861c01e400c729ea487eadf09154fecbeae74befa47d48c02a071f5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_it_135x40.svg.encrypted

MD5 14fd176111de4d3481ed094018e4ede5
SHA1 52e465697a97067fbfbcbc46d310827a38677876
SHA256 4b4bc8ae8a43d591258b45834de36e57a52d11054f1340f279e7c797478d79b7
SHA512 2722be1c0dc282ac5057df98c9d1ecc3f6edaef7e27ac289d35475cf4008d44d08464b50d9acc408dcec7ef77b8f957c0616d54463f36aed8f7017f82e20ba3a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ja_135x40.svg.encrypted

MD5 e3dd5c47ff6888fe01b3257483c3da1f
SHA1 b0ee94fd0c9b70801d20375b8fe633c2d61d24fa
SHA256 45d44f44ea15e94670e6df67d7cec09f01ec596fe6db859e10ec8b481ce01149
SHA512 c569c16d38a18a2e3ad702282049c10a35a1f24b3d1081f7f6c28dbf5f472a06fb46cd1b2b5660bbdc85a2f731882aa980f02aa1f75565c2d7c1108f1b50e3c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ko_135x40.svg.encrypted

MD5 6cc5da87961ed142475fe446d3494720
SHA1 27844d0f4ecc9225dda3225936fd8b4efb842972
SHA256 316d6bcc4a834a2d8a2c988753bf134fbdb096a1ac1bc2225039041b66000c2e
SHA512 3014f4d23be53d1fc238d0d51327bddb3e181e53a784a465ef40dd49c1d66f4403fff15a22aff1f1a772b3cb94397fcebd623b28bf2c6fad3ef7a37159a683c5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg.encrypted

MD5 766d7f30b4649a001cb40dd71341c203
SHA1 2d2262c72ae9c343922ddeb691bd45aa401639f6
SHA256 0759b7acf394d7d8ef8bef75b790bdcebe4ea02cae3b2586434641c35edfe657
SHA512 e715889cc106d125fca9dc653de27a090f137d5ba5010f74d02bb526694d3a737fd7f8593a649de54d6b1f340f89743b541528127e089c96a9965bb69b691eba

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg.encrypted

MD5 88c3ecfff7911a62fb3403282113573f
SHA1 d743b1ee8d31781f14792d4abc080b0fbfb98059
SHA256 63fe0949194e4093aa8c023b6fde28253b94b5bfb351c493c9bce7c2a9e5c9cb
SHA512 522dd9bff365b465bafa09b4d7fa84f93e24b833dfc09c3931e61274a7d85d9433f70b8b597917865b8459474798b54b6024e8e542ce0d8fd820edd4b08ed52f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pt_135x40.svg.encrypted

MD5 78b98cdb22a0cee39bf1042e4688ff44
SHA1 666fa740b0290f231ce36d220b20e3f6919863ec
SHA256 27115b0ac5b4c45a6c74b00b2ab99095d6d546a418c79d37376b2d19003f0f4c
SHA512 225eb4f716315c3b8af5cb39fe1c36e6a7b72f10af2051a79f528d1caa9781e7d3065c4f38d825477678bb33b9ff3f35261f3173d396952de7c591924d99c210

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg.encrypted

MD5 f182f3df1295fb40d42e6f30ee0104ad
SHA1 25c6ca762e111e131cd23b44e7dfbfa3b9eb6d6c
SHA256 bd1f5376039e625cfb7795936fc0429f855a5b1835e900773e5204f8cff5724b
SHA512 a48b0c284f2b27aae7a56c62f620327974bc1f4887aaae6dddd766c0ef0164b4b78443fa751728457dade70e672762c615f88244eefbdb3162d933b21a37c3d5

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_sv_135x40.svg.encrypted

MD5 1773c595565357c69901405af55e1ccf
SHA1 a9422d42a4800d9494754e34d8dd0f616809fc5f
SHA256 9c9a8d14f97f7a97bd4193efa39069daa19447eeca1c731d861090f82dfc8d98
SHA512 2bc8e7d20473219a95f1a8105a1071655e0b7e8c6b01019a3bc4a0ced56119a49559c4f4cfa84e75d69bbcb1451af53d4e6a52bae52fce483b1c102c6ebe07fd

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_tr_135x40.svg.encrypted

MD5 ed6daddafbb53983a84c6ef9e150af2e
SHA1 83c343b4d4e5263d84bb0b0483a08bf9b18273e4
SHA256 874674ef8a63dc82ffad4c4fddde57167be3d0f8fc123857b728a290bd372820
SHA512 ccc13da13ea18c2378592068e068c28bfab4a45f23df68eb7eb346e08a8624b6bdeb54e013475a04b52f2764f55c4ca9b750be76a337d59d5972bb6e2b1d824a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_cn_135x40.svg.encrypted

MD5 ba2b7db63432fc16e5d8b9384ce17309
SHA1 d4817b90f9169ed830ca8531a06e9109d9023606
SHA256 6956885bf5f753e14bda9efd748cba8aed5ff7c5690f58ef49c4b1b3696f335a
SHA512 903307101dbb5bf976739a38c3f3c4900eb7fdd57dbd584e4fb9b2dec6dd9d544fe1cd4b4b60b95727e3ae5c715db5b9bd2a395a808f413e3cfeda1998a938f4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_zh_tw_135x40.svg.encrypted

MD5 aa8ccd1b2a3a15f97a0f26bb48040d15
SHA1 8b91f56864051d7773813f750557793a27fbfb05
SHA256 80dd075b6e7facab18d381a986d87fd96ea32fa9288c1e1888cb95be1374a5f9
SHA512 5529884c05cd68b58dd6df0ca7625388e20fe1b42f61c2cd40834b5516d17ed96c4809b7dabee59e5e918db34d2cdb3a49ac216e0fe6e1df68f9100f4d7d3b52

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\cs_get.svg.encrypted

MD5 f6299c76c3707ac84294728c5304a1fd
SHA1 e4d0b35221488f3d6f628449aeeafaef57815133
SHA256 62e9e52e83a7a5785d0859cc7ae02b4b2ec364e3eb37f9b07315928979790449
SHA512 dabe58ccdabf8f59923ab20c24ce78a35922a6f2b84b1f04a48f1fe5700f447c33cf382c9f801518d43744007efb7077deda6a53956752d4dfc4fd64470f9b22

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg.encrypted

MD5 32481fb8bbbbe5d84c88b86aed9feb49
SHA1 397acfed2fe746879e63840ee6a26959e0354e7d
SHA256 d12171ae81df0d16c0d1e9c579eb0e6a211e8f33c5e23bb4b77fced6aa9c8efb
SHA512 34d1fce79c85dcf5d0394210411f7e0d8b25986d412541f537518c43520fd1062acf7b2dcd2f1e6459e1bbbe510ab5bdab2ffe039681a017973d8c204833590e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\de_get.svg.encrypted

MD5 eb1ca409ecf3198af585a5689a8fc443
SHA1 da5fe9503decc2e80190913aa1ce3e458efa89c6
SHA256 ed19a53922ae8c8a25f1340626b9a34f789fcb5cea5a07fafd8798ab3b50be02
SHA512 e6e4469df3ab7091b726ca885e4523417bb4bb29b89b6fa831cd9f7850d89f75cbad6b3f1c3a5ce1fb9f16866b1ae0dde3b0415952a6e40afbb332792cc4e11c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\es-419_get.svg.encrypted

MD5 c1ba2e5e8142c36e8093043c02fa7c21
SHA1 46e32997b6e590477ed63f355afed78fcf2de665
SHA256 249ef9fb6a449c123964f373e3f56795ac6b7aa84bcac4a400972f77d2ecd69b
SHA512 50f67f63a6384a2fa2f70e252688bed9c70a91a930b0d61b6a408f6595ac030ead4667b26d41cacfcfa06046560d0fa661215a106645a6a1b07f0d024a177ddc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fi_get.svg.encrypted

MD5 0490a30746e0450318c2a4919b555340
SHA1 674617109f54b387c1a53d0b1e1405cd3df9dd88
SHA256 d9e41bf6a7e7e4d94536df57e8e3ba231c4670827e9d8b45b1c56d94d9b566c9
SHA512 ee28e825b86689d496738d8a9521647c4176f2a1d4ae9964d39456d03dc60af3348bf50eb781ca16a73c5c32e46373109e201bd785d09f1afed1d0c937223855

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\fr_get.svg.encrypted

MD5 1df5bc73980f34a592ad5489433f411b
SHA1 d2828102d2ed2ab13d1abfa030e7d0fbe06f651f
SHA256 11370efc3bd42b7f09513c0482f2a6120c8091f33ff5d57c11863e7515617371
SHA512 b4655480716b8ed01625b64f39b22065fdd3835477cf5fd3c6b8d1d0876f3376bf427e49ffc4f643b5b126d93ec8a5324af0f4a095995792c8e79f75e2d48a87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\it_get.svg.encrypted

MD5 7c6ae2febf63fd2f998c2f7c27d805db
SHA1 aaa9b8ce887083e67c825a1858ed5110bf050f13
SHA256 a0b11b5772b636d38552aaf222e8fa11ef01bfaba8e697f2a5163f9fb597dc89
SHA512 75e79a7639aac642c989042ca3e2eb443ca42224f4c3642ab98711c2fe2eb2e8dcaf13902c11d526a38bd88f61bd9c1605c7901b3f831291150ae75ee1fe4372

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ko_get.svg.encrypted

MD5 5b1fa4e1b21c2c11041835cdde917466
SHA1 0a93be432fcc6709f51b36ea9aac589a4cde3c2e
SHA256 25ff5a42e82aad9113d2344d1b8faecec0befec3942842a7b093e8f3370e34b6
SHA512 e9de5118d8df9eaabf4a6f5bdc0a6bff84c3474bdcef7ddacf7df70065eadf6e0a8baa38c6610bbef4c8f64353a50e34c6d47a9a69616f956a18ebdf73ef5e8d

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\no_get.svg.encrypted

MD5 95bcb9cd822e122832852fc430f85e49
SHA1 2e66091b17837a1757957d9e078f8e4980c8f700
SHA256 bbff18598e95d0c662449a6fd9708228cfa273d605da36c54a62536d341e6c2d
SHA512 424f0fab9b9c53f884971fc6eaeb7cb23dd15d828e0433d705b5c6bae248a16befdfdef0f38b570cff2f132d853cd27de7f3bd82ee08b8ca4d6fae6a5b2711a3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pl_get.svg.encrypted

MD5 f94733c710c80b57dbe09bb792941089
SHA1 9e7211620c5e9371366a7f0d53b1095a17863065
SHA256 6b2844e02f8ae65841b139a3177954a7bf67445bdb8fc625b55f1cb0cb72d976
SHA512 6c244ea86a99296fa3c7c7b637ac08aed856947230618fd24f74d05ada0e160b36f83053ce154b63adefb14a353f94568b92a1bf6bb46c1d1ae676fe3b223fc9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\pt-br_get.svg.encrypted

MD5 a27ea14e9958bf7153f719788f182c9c
SHA1 7ac486aa2f299affb15d4ac10b7081e74f06b9b3
SHA256 a8324a8a27595779c0b6b032a37b2fe49a367f37176ee6979443f71aa1d75024
SHA512 5a5d9657d851d0e326eba9d09e066ef38022ae5b7aaf6fe836628c414beda28203b643f31e5d97682471bf72328a7d11551930de19f2ec1dc332b7d432842dda

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ru_get.svg.encrypted

MD5 32c9ba19c0c57bf52a8fa1dd51728247
SHA1 3db5a1f65292f912609dad944669971d62658904
SHA256 7e51895eb3bf912addbf6683df46c7ddb55afbd3b45e8bdfdc3283a689097a7d
SHA512 fd6aa62f511df51290cfbf798a81b1dd962c0dc94cba7c1670d83803b0306abcbaebd461b90827af057ea09e65399d5897cceee630bd38bd1d9e36799c8fba21

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-cn_get.svg.encrypted

MD5 b5b6270a693321ad1d3267c021ee2a6f
SHA1 cbe32834a92fcda3f7b3cc7d5b3dc14055d45be2
SHA256 2e248aad96b8363bd8ccf936c1f4b129dc2cf5ac62ba22f08ff8461d8674e7d1
SHA512 c95f8158f5c924fa9447bc2c7c43b3b18a4696bbd41b2a454f4aebc3d56389d1044341cf7020c7bc9f8a9118dd32efe001c7e4b5b9b370482844e0c26e67de1b

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\tr_get.svg.encrypted

MD5 13ecaf10b80403891ff40883a16d43cc
SHA1 33e61ea29df197229a7661bdf1f051c319f4c25d
SHA256 795c261cb362b65837b7d289aa633952e9dac234444b55b86306ecc8ad842ecb
SHA512 ddd93c45f36dbe695b386049a12c34424a7aff1ff37b353289e66d27cc6cc5eddb378b3a2656d270b3af524332e23e99624a1428d50208a8048493f410a65312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sv_get.svg.encrypted

MD5 4e467f8a524246483f02a4c4362e0d7a
SHA1 49aa87a612d8eb7c3181e17fdb6a1c506712d4bd
SHA256 183340ef34f649650bf7295a927426b2196661fcc8c33f7a6cf1c10a30f34c18
SHA512 e6172d87c409996a5e7f2777139e9b9de51f5b32d598f952eef4b87db48919e878937cc67328ef83cb11f93cc49c82cc1c993c4030bb4916496b7e5e4a318a31

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\zh-tw_get.svg.encrypted

MD5 8c6c56b514817f5e452fd1ca34ebbf71
SHA1 e76bf1703804a19f42f6b5c91751bf5b0c1926ed
SHA256 2fe933e2d3b5d9cd0accfbe70150bf2e45822a7a8b06dafea30565d59d136512
SHA512 b65d0f2211d612394cee6d102dfa74c462a76cf3dbd48d46bea0ce066912a5c30302b93cfd43c480d86c4d0fac1f980391e3784ab9112c9ed137818dffd9db05

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js.encrypted

MD5 3a35ecda26e2aacb2d6bf79c8111f079
SHA1 ff5e573487c58a10304cb9a381e81db7a901ff1d
SHA256 be040dc821af1bbb7ef6d735b19de35aef62103f0a05de2e5c05b4ec01a976d4
SHA512 2e75f823c3b150ea7ac40ec9d50b73708d993113dd834ea3bfe01691c4e1794cfb1a96c44e7e851e85095f58cd3e6eb9122c6b11c81cde476ef47f74a14f9f16

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js.encrypted

MD5 88c4d7851ef128fa61903a3dcc8df4f7
SHA1 663c806294039c48bf92dc5b63762a0cc93c6607
SHA256 5e63046ffc00cd119c4f821e1cd953772d23c644cce44e8e20fa0aa4a32d6b1f
SHA512 4c1675b1fbe4c2f7f091910b5fcb0661df66fe5c659d829a50a9c87b3527d78548f99fb4965c0cfc0c03ab388861a4ca8a68212528b0611d65cbde456e23e691

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\main.css.encrypted

MD5 166fdbabf9ded27c99027ee5178955d1
SHA1 402b1417074902d127914857d136014ca216544e
SHA256 8c62adf3658e80d454b98f66e5cd948200d13d77a1a1f9ece8699dddc891e9b6
SHA512 85f30df39dac4a4d9c77bcbed600fa367bcb492980d1a19358e194fa7cbe1cfbbe2577bf1881a5bc59bb9fce2ba948a0756f08d7620d8bb99f703022369f101e

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js.encrypted

MD5 6fa082035df3846a7da005cb5bc392d7
SHA1 f25dc94b566aec3cb888fdc326280c4c01fc24ab
SHA256 f2fa92ed23a201d2eed539c67299980f0b28c4108ebbbef5570165165b08eb16
SHA512 ffdc21be1abdba37169332a9e279445b659f0a2e0f790a5a80430ef3e06ae1203bc3ddbe7f8a8fd17446bb8088f81eb5a1036fb9c38264980766e248b63794c6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js.encrypted

MD5 a673c8718e95c1847c30734a9f2b898d
SHA1 9d0b4494f819fd86946c9b090f6daf9edfc81ad9
SHA256 6fb3e2e94f0e1b9b23c0245297cdff975295f4ec3dc9c65fd02b705126568da7
SHA512 3bd0cef5804bf3449564b9a17d6f73cf29d9d47d6a31ff65a3889b2488ccf230609d7c2e577b22cf956124453507586cdc7a4ffea8c11658e43dfe96f49a90d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js.encrypted

MD5 245b44aa018f9bf95b12da763dc5717d
SHA1 def0e3e7a079bf06381c3e0e4a42a825d9b103b7
SHA256 be30ecd85298620ff057ea7ccb7930a9d16c289260faceaa84aad70fe205e1bc
SHA512 77e05fbb5c025c54e12191081aa076496b8cb25c69b70bd1640c9805d5e42ef0be0a11ab3af2fad9d5bb1b56b4688251e23df602e45dba4c99b34416faa75f39

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\main-selector.css.encrypted

MD5 835bf3d16f4454a4411e7c41549b2530
SHA1 a740e3c22da9828fdf11854b5fcbc402be587661
SHA256 c7561901e5b6296061df5b0cb859a20624a16af7112631df09c775238f83da22
SHA512 8a500ed004f34e2ab6e600a9ee8741c18990639b846f67a0897973b0153b5764265a06b71a447faf711d041b8e7316408490328fb52648b9f23fd43c3d242c33

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif.encrypted

MD5 e919f23056733efa7111dfc2330f966d
SHA1 20a35e80c8282ab64feb9c3b54d7ae6a2047f41e
SHA256 a622dc5822118e1e2413dc3402431905ff649f404b9c87ebef31d3cdc0ad65c1
SHA512 83abc5956222ee60678f753dd42e81aefb4b3488bebe000465655383056127ccad5c4a43ea331c8b4bd391b36967c60efa0345d3c3342c378eedfc47bc5402b3

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png.encrypted

MD5 0997d9a65980c61f7013503d2133e6c2
SHA1 613c794197670071009289d9ddc0be110c58dd42
SHA256 4407da3c1ed4b028a65235dfad32a5cf2452b849c697583e3e66e6e399664301
SHA512 904f93cf3351174ca4e693ac666d4edc034c7dfeab48c0632060529bfc4b55c4eb723548f8bafc2e3290c9abd360e3d39f0309d0725557ba84c11448cef2e64c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js.encrypted

MD5 47c0a736100dec25442e4efce2151849
SHA1 df81ccb69f2a1f46ebbf72fbfae293e60dc0f6aa
SHA256 ac419eb73691b6e25a223849753243eb90cdae3f41b2dffe3b46fbd1ed7f6d49
SHA512 1a6b2d74c9deaa5a9fc6fb4b8eaeb1aaee5ecc33396ce418601ef79e42ab00ff04be98ed90ee618c76ecfd251dd89f2341689964452c06e815170ffb4dc7d42f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js.encrypted

MD5 1c0b99aa378331ddc85c6b3c16849e73
SHA1 1f603df5000aa73b9aece41e11ac9cbb659e6593
SHA256 e4156456109e7db3e73cf1d44250472cb264704d9542e01ce0dc101cc9c50caa
SHA512 1b7608ce3b072f2e246e62d799c887b96b1e959e4209a565b31e725587bb6a061b95ce8a509ddce951fbcd1a2e9d5f996c1c7940f340ff0e8816d2f644269210

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js.encrypted

MD5 9c57be0161b320d3cd55456b9b407be7
SHA1 012f52dba3eaafafe2101ba97eabf16e2c7914d2
SHA256 6c4ea77eef53441eb0a7c92aff7d818a3adffd39c6a92410e1944d354db847c8
SHA512 d0b8d735d2cffa3f3ed900cfc850c27bbc196e2e14c6d99bdec09dc43cc5da096bd288dd1e8192f83f396dea20626a2ccab3721eef16594c878bffa907208559

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png.encrypted

MD5 a19ac96e4b435bcf51427520161a2716
SHA1 78e441076740f786f2772781f08eee7f1cc0ad09
SHA256 d0e83bf3daabd02eff681028507d5b1e9456a423d75371256dc9c2ebe7ef592d
SHA512 05123a0d1bcc4c474f3bfb1586d28d62b799b72934aa790c0b9d534eaa63e1f081db9c47245214d76d3ae6418627faef60bb08247001419efe82594c1c10a2e1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png.encrypted

MD5 529aa943d4bb44a96778a8cd117595f8
SHA1 ef6c2a4c69b6bb06e71b67cf1d678b8d2a4ebe45
SHA256 a3d5552878636f96c3c9c2eb08a5fcaf3df97caad9a753db38d3c2846fa5a8ec
SHA512 f5fdc095d6059fbf33e226a60fa7abefd3529d3d9bf7adb4cd3a00accd63b8545e90683bbd38e0670699580353bbf046e44682a624447b8c938757389486c317

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png.encrypted

MD5 2f3e35b6b2ac361a8c840d978dff74f4
SHA1 eab0ff266125b10d7ee5c63484c153132f633665
SHA256 a5ac156be66aed9c0ad05e937344748539acd42ff0c354f6568317defd72f050
SHA512 5e8aea7f1b4e030b8087890c521e3cefc75630baf887afc801ba27616c13a07df270f18eb9b45c5997b4869016603dfd26f94aa113a385c054e05234d2589ee4

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png.encrypted

MD5 aaf3b1e7400ccf756a77effbc083c795
SHA1 b19f67f341ea6b2d61bbb549706f01efd28fb5f8
SHA256 cdfa1508256a3090fae910b88e51621f75b87c23dd510f4bb395e573cfa9a811
SHA512 50f6b4f8d0422214cdd85069a0ded450d7b7569190f85dae322032c534494727706d71cd25fdae17ab8ad7dd522407987f4a911755cc77a65fcfe15b7dc67ede

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png.encrypted

MD5 a3cf394bc1f87570bdb36c5e2866b0dd
SHA1 f5e1720a4d665d853f7f7079ab5a95c9f70e1b93
SHA256 060d35f80c5e5263a68a809c04b798163658aacfe6f9bc549b3bd47c41426df7
SHA512 d16b256abd9a95a4682928462811b083c98f806700c277e3766c50d0123297f7d4ff0d9688d1950eff412299239a25e45a040cdd32f6e493c19b708ec005f188

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png.encrypted

MD5 3bf9e6e116d240770f3873d2dabfdc9e
SHA1 123a861d280bd0a35485e61715bf1a9721fac5e6
SHA256 0b13c98c4a08f502bd79ebbe99db352f013937204f5873f27524f19c47a985d6
SHA512 9ec0a76d103ea9502f9737b80e1450d8b178709c1dba78ffdd77c8a23a7956477afa95a1259a48c9dc2b534b79b04cbf391b95fdf50c8276db599625aa474a0a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png.encrypted

MD5 7362eda1245dfd2720a4ef3aae6f64fc
SHA1 550fc5700e432b2558b191b5014437b3abf3521f
SHA256 6abb72e4bee354c308402b673e66ddd0e48e3461c8302cf513552c17306bf00f
SHA512 d1c75e14c5888f3190ff5191e206506612ccf00c21c92b72f6eeee6e32bf20377d1ff84b34a8330fb61784b6a099609beece84f8afd6c0514f27d7fa23ea3413

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png.encrypted

MD5 874cf93acda30e5192bb76cad477e9a0
SHA1 c0603819f1591752b3a1c5ca80b7169585497c75
SHA256 a09b350bcb681424bdb1aefda4af2a0bacfad8d4b8d713067c56573cb88e6a6b
SHA512 6ab2d524b45890ef0f9d398c2cfda298154c20f71683922dc261e27e4d5fd0b43f223ae6e539aed5695af424cf668d308d3ad1778a35c7741291a7e27a520cc6

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png.encrypted

MD5 badada2d78c3aef72a5be4aca386a110
SHA1 4105262757e346124b29559690e260277487d8b5
SHA256 0b9b7f782503b034ca146e2324bff0c98785d11abd8bfd1f5dc16d5524c89670
SHA512 5239a3e16ef47e356e90d15e645807554da083079ee27af4e521cc8c0871a9258e2becd2caac6e467be56b16543dba79b87efc2c400725d4bf02073a9074c8cf

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_filter_18.svg.encrypted

MD5 4427e4facf366ff4ba89f81afc6878de
SHA1 d1972c912561c826d6f3c0fb73f8e369afa1f490
SHA256 74fa6d13c1c3d0fb8ab3e85522fc7aae5920d938b823a31887d57dc3bf835e53
SHA512 64ec8dcc8f854a17c48743f10de4c15e6c8b61073e294466f1673cd0139e903ce7a8db887b6fbd2eb53dfca7abb0591b370b4e5cac9d4736ed4b5e5e073d2553

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_listview_18.svg.encrypted

MD5 f6df784f9f463d2fd98ed1fd13943477
SHA1 89dc6e9cce33a654cd09861a9a149cb13800543a
SHA256 63a6ee75083208f431c95ea119bd41baef5cea43331f6c9ef48599b2fa172e70
SHA512 d80731eabe53474b36f7ff148926db071aa8f1fd2542ddd22f02f0a5a00e9865c2939ae61796c55c4ac5812f461197952af02af5056cb640aec4565cf422a471

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_thumbnailview_18.svg.encrypted

MD5 e4dd677cd223dfc475d32ecca527f3de
SHA1 dc6a409410e16dca37f6afac49b0fe7b0f6021a8
SHA256 b3a7d33ddb9cc1bd7763690a7172c54253fa953fd18a5e84070166e1fa98662f
SHA512 951d79bbb8f4db9a882126482bb95c9401bbd1e40c3fdf5066d5505b3dc816e314390ea80d5d3278f8ed03b3ae13a12c56f6e9c0b24974d1585f48428c27420a

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\s_opencarat_18.svg.encrypted

MD5 88fc2672958049f8ca725ad348c57445
SHA1 f74ccf6514792354b29aae869e20c54539301454
SHA256 fb0e8e6b8ec7d5a8a26f67bc9fc5d40521b5bbbcdc805091cb138ae904a91f89
SHA512 f8cae519effb0d4def5bce9771265bce6b4c955f764dd9efbd189a41c18452c0437f4275ac2f26e7f09210603fe716bd83f067a994f0e11d01099e5af96b9f25

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js.encrypted

MD5 8f63914c5fdbdee1561a9a5e27992932
SHA1 2b49bd98dd80f01d95357a4baa926493950b4727
SHA256 cc8d977daea799db5c636c6b24438373a4b25cf7cf43bb4d3c4614a058f19d8b
SHA512 b38f481edd88ff4019e9be0d687237c386676e2b326a6876c5256bf7615ca072c7b941e309a49f7830455519d8b0707ff9b3163835e160b67e34068d36dfc150

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png.encrypted

MD5 0fa4ed45f744824d509f9f7f8419d8ea
SHA1 d1b23f2c62599f5d68530354fabc023ed92f287b
SHA256 21f4908d2f90570e0bc7e0d2e67f63d7fa8e787d612d8da0a4cbf9066f619a65
SHA512 68d0a57194e94bcc7cd60a9b8f660cc479564ceae10f27153000c7e75917318954bcd6a1927a20379920238fc38744d9a307bd91b43378c073e5b12c6be427a7

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif.encrypted

MD5 ed6bb467a40c258204453e12d56a16db
SHA1 5fbfddfa3b4ca9ff79b19c4e03e8f2331bc1868b
SHA256 25583879e24539438fc461ba450f4416d29ea6332e48151ba74458eb328d92df
SHA512 50d3dea9bce08e08a35bcfd25dcc4b25ee6af71f6eee98a6432220d19539a9447d025adcfd15f10ee21b5a12ae7bc5fa92350216103a978b8d387f5787c622dc

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png.encrypted

MD5 8338058a1963b4a9cec9cfb8ed4e4b5b
SHA1 d7fa2fbd87c13ed04d19298449cc15e7e6fa1cbd
SHA256 5c1a65ac926d0fbb55174cc7b5dadcc7db06d48cc2fdb0f0d05148f7fed4345c
SHA512 f65957106da1d3967ff447cf0019fe344e201b053241271c43654d8e6123fdbf2fa75130355021905c51bc9fff1f6833b59419c2149742f5307b86e3292fb559

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png.encrypted

MD5 55da50d709938717fbdfe30fb4d438d7
SHA1 0da3b99f4017b76c985ac4317c977fb696537724
SHA256 d5bef084982539462502fd1d056a93ce8fe2c2a766d8f1db781ed93b5dcfb625
SHA512 1e0aaeee8ca9e9d84d7e881de2c1caec17a6439d837184ffbc7ce7a9317b8c515fd7bf2604931b6e886e3ca5ea4cf7a70fbac3ff4b2c6b3ca97188825433e1d2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png.encrypted

MD5 36aa2350763abcac5fd842dd6fabc674
SHA1 94eeddc863fda3e8ebb5f3e8b707a98e9f2cf3f1
SHA256 11c312fedc8dbb5e30f19735d4c9e6387299182c3b10cf5167548bf05dce4f2c
SHA512 cbac20e62bffe482f165aa934fa90930517d43f4e11c7343ca37574e268eb1adc03b8cdeb2c38347f507673c54b1900e1e8ea9f4ed7faa2ff4ead606b62e86a2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js.encrypted

MD5 470025ee181c7600661a239d1f90a2f1
SHA1 8e316dc8b7a332075c9123c423a88bbce7d0667d
SHA256 aafad5e33e8211c0898edd668bd9106425ea73113f63a6ae051ae271a338107b
SHA512 0dd350f3aeaf84ff751e968d03973cea8bb0da26d15174d0dc588f680f69fa8f46dc5e9f506a84503a832de24470431b5d6211bfb4f2be852e444ecb56f9e53c

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js.encrypted

MD5 7db3ef526add04b9d7a9b36f5dd47a02
SHA1 8570ebcb0f2c1ec079c40c58e172c131eca00863
SHA256 e0afb6a2d09fd0b0cf8487569759942f88fb43d7b9b95cb978eb8bf9328abd89
SHA512 709e8393900d8a04754fae573ff44b8be41f8b24b8e5be35c6f70c781c5d281def775f01183fcdbdba921a688fa6efd98120ab6cc9c03aaad672fb79eb6cf453

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js.encrypted

MD5 d02242799d47380b75d2ab09ef0ea369
SHA1 ff25230fd6dc724658911cde891dc4a125ba6fb4
SHA256 e863011e4bf2184e60936209c1a04fe8701a7a276f7115a1209c1a981968d5eb
SHA512 2e4c4eac6f53431d2d6b2a99d22296458bd281d5fe4c2d683378bcb486e10eed5645ce9f5c93cef64658ae8c174aeffea6bfebdf08bce24be71836a9351800ca

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js.encrypted

MD5 232428891a7c5dc7cb87f87dd4fea16e
SHA1 c4ef85c7c5d46d5cef3681be477d4667a4fef3a2
SHA256 1a0669ccd8dfe9f55aa6cb480d3d4a3c405497840f149c0cf8b7798eda55ce3e
SHA512 4e5e54155d30dd3535fc277803be42ac779539a56f1e25152a99c90d6cce358872f3d73cd7ab648e915f62d43bf7528788170744152dfaa26eb968983313004f

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js.encrypted

MD5 8ac27331fc1923181ac405a61e6a0bb9
SHA1 65251e3aa62e33c5e5b85c7dd2a6c9b0f331aecc
SHA256 95707c2983a4e6927840ab89795e6657d68a319b8eff1e02efb00b49fd4dd340
SHA512 fc9a71f5aaeec49b2d39ca9989513f6103588df26821fe3922343ace06bb1fa9cc80ac57035948b5c2859ce8a3a7dd7b4041907ff659c66cfa4f13504322ee18

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js.encrypted

MD5 8c14dca253947a1660bc6fde410ff324
SHA1 304c51292c1983661061ea6ed23d61d1fab2294b
SHA256 0607b0c2b4b385f73e759341e425f8ebdd4e285632b981b7f5754d5037dba111
SHA512 a32400faa33723ddd599cd295b1397375f453ade30b1924ff20f71833ed2379a443a375affec44e5a757091e2661c6c1e1ce4496b923bb1565bf908d101e9ee2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js.encrypted

MD5 ff585edd7c037c762bf733175be2a0d9
SHA1 e6a2a31ba23821e95e93f19ecfd4704f4b821479
SHA256 2858faea9b4c6d56dd9a77c590e555b5b414831238c1702e16351bf22ec3db29
SHA512 63feac3f24467dce43d35e3756cc903023d6fa046eedb1cda2e53d89d6e49d377f0305d5c53199cf09c4d846936cfcddb8a64e53828b6aa3d116901608d5f02f

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\javaw.exe

MD5 a515347de4b608ac02367193edd53b52
SHA1 ff871f57d67ba94dc356889c40797684c1620112
SHA256 313157c6d90c847abf9539e9e6609cbf70b828b350b206b55824487a5522f6ee
SHA512 2ace0da1612c785cd1452c197f9127e55750210a34c92d6314d7922769686d246a3dd1efccda08e5cc87dd212a17d45e3ee23f9a4946862b5171e94ddb9809c3

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\javaws.exe

MD5 d1cddd9f7b9aa48e8638b2eec497cd14
SHA1 40b0cb6045f83e09e1e139f19857e888374c27a7
SHA256 0916d5402dcb3195025da7fd72bb9cae324e30ca1d1a5b6d82420538c2ca95e1
SHA512 2f9f5a235cf20066f977a74c5b3ece88293ffdd3f36a22f29650e360c1186edfaeff8fd847e2172e331322befbdd5751f5d40d57094c6a5931a7c92d36323258

C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_79171\java.exe

MD5 7e5762185af2fa5aeb563e4a244b0651
SHA1 93f9ebce26b30eeee881144a2658c9b89b99b10f
SHA256 a11db7b392d62da9125803858f6101c221ea9e126699a03dbdcf9b48e81a84cc
SHA512 7924dce5b478561a0ed79bc1aa3a0ad8c226884ef78995f11ad44d35e49269af3d79dd3b68d698c153c2e7ccf746187e7149d4673d43e3876309d1c39d345291

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.encrypted

MD5 0305c9a85cc52949d850ac2bd4e5be1d
SHA1 850362d333b16fd252a7335da724ab6afc8533b3
SHA256 b055dddf61dda0f97ed6e2c89c9eb72d8778470531a41d12999645ddafa5fc9e
SHA512 a7eb720d0703622918558ab32c6358e54f22e202096e3af4d42bb4e2461238abfc5b566d05f799f6a1307d44595275bf04a43c498363d5db9d86a783a5d2a8a5

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\MSFT_PackageManagement.schema.mfl.encrypted

MD5 345ed43f3b7deaa71372de129ae8b3c3
SHA1 27095d2745bb77927fc4ef72c63c6cc41f9f6bcd
SHA256 4184a07ed47873e0fa54be40b942b3b6dcdcf95c304396e8e3e181baa218dff7
SHA512 10ea500ce0a00db2957716bfe9e62a2e34d53063bf7bf09bfb3f9fd07f18dffe9596ccecc0fd55b8b34da4bb0aba49fe3604014b5dcc6c186e75c46a5d1ff834

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\MSFT_PackageManagement.schema.mfl.encrypted

MD5 b1dcb4b22b2edabc9a05fbe053ba6d94
SHA1 1bd345ae8fb30b2326eb15df85ab3f4da3a598b6
SHA256 b9b0f38e6410fd3ba82a958fe1e2eb2e7ac75b654baf5e83c6ae2c6be4b5dfe3
SHA512 ed5d62fd75e7bb3d586c922d5a67fb777909b359b5e78042744dd3a78646cde27581e436df16b6fcd196f1cdf51696c3bbc266abc6ab14744dc1012ab7a67888

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\MSFT_PackageManagement.schema.mfl.encrypted

MD5 7f0057ad3329151e767b99b42f205da0
SHA1 6ad95561b83da0d44e2cf5decb642a6fe9b7e90c
SHA256 dc49d87de4259055ccc9713badada0190c9e846305b0b0c0f361abb2c0f7f814
SHA512 8beaaf33f4af9b7510a4125e839f3fa2b7fb75a3e8e617a9ed9cf9812c4730e73a802a3d397ea000f63345ff89270ae6f16a3c01088822ae8d3b9328977c4806

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\MSFT_PackageManagement.schema.mfl.encrypted

MD5 581ae693ee578c96f83f3e1a6f39d23b
SHA1 452b2a6b169f5dc25357daa76e67c765390e66a6
SHA256 3650ab62524804668f2e9d49f27ffd1f753d165678da590f09b78d1e6726a603
SHA512 b38ce722d2a9f5e54a45e0278f7abd6c8b83ea8d45aeb5ea16824c86a61573c9b2379018a795cf76356d7ef4737eb41a1e8a42ac9890e351f4e5e7e8e0c57c74

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\MSFT_PackageManagement.schema.mfl.encrypted

MD5 58418cd81e2c6f2ee67c22c85061c10e
SHA1 20ccea8b78437c854952a66ef53096fb81834c78
SHA256 5d748de0f35167031407852e24c053a8a5a7af1444ce11ce40ccabfe3394404e
SHA512 0a3d1551af18cbd73de0b7b261ca2f3bf294a7766657dff18fd36d55a598d47d6ddb1fa9cdb571c26bea82355ec4d9db48e0f3ff98f50113691538e392ddd3c0

C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\MSFT_PackageManagement.schema.mfl.encrypted

MD5 7ff8e2c8a4c08ede8c3b1fe80033232b
SHA1 01ec97442ad54aa0cc03a6c16926e5b920f7c0d4
SHA256 0bcce2ec435cf503208bea6ca350761b2ec040101cbdf9fce53f1aa41053321e
SHA512 176874f1250851e5c74e3ba892b011d2664728650163adcaca723d9c7ca9a94b6116061f2316583c6de05b6d22ba4a81f7571fcac9c25a7613987b88fbaa26e4

C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs.encrypted

MD5 eaec83cd572f5b82e54e1b570c35cb2d
SHA1 ac9acce9333d8aa6736343bb31ba314b32016aaf
SHA256 6c337a6a1d8c737d5a9bf07664e6a1dc2c9f2b72970be8ede4e4bf27212183c9
SHA512 a85c591dad38d345495c33d893202acca8d419d9770a3e9db40e98a32ca495252ce2f8c63822e40675d92907533a46b115c948b56485db27922e6625970a883c

C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi.encrypted

MD5 15423ca2e29f00c66d5b5c4f695864bc
SHA1 ec65e4c42176c9bd1a646313ba0f10e5e90d1c19
SHA256 933b7c7b7919bd9a765d0307954b78ba8bd4f1ec884b8e68735f1049fe51c1f5
SHA512 7087f89ef4223139ee85648b73bbc4bbbd4fed0dfa53155881e8f679ee9fd2cae9971ce788a110bcce49b9f32e74d065a192e870246fbee060e34bd6226630bf

C:\ProgramData\Package Cache\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\dotnet-runtime-7.0.16-win-x64.msi.encrypted

MD5 6f8ac57a694acccf845e5f25bffe9062
SHA1 cd24e1ccd02764e778baacf3f249d4a66e03efa2
SHA256 92acdc93a0ffca7a07dee3a51d8f0e4193425e3d4cf5cf5b9c11e92ae8a8d69f
SHA512 23108a4af2f3d31f95828bfe8796a06eee80f229b61cc832b300adf2a93745c1ad9997e09e075fb835a30f45e3798f131f6084d9b77ab7ae2852c34e3ab82a29

C:\ProgramData\Package Cache\{E634F316-BEB6-4FB3-A612-F7102F576165}v48.108.8836\windowsdesktop-runtime-6.0.27-win-x64.msi.encrypted

MD5 88d52555e16f5b4ee87cdb3b2ffa8041
SHA1 69bbd033a70afe30eeb66ed1ec3a158dacb24ee4
SHA256 896f0198d4f15e05c4e22d86f60c5c0891193a5ef1bf1ffd3bad9528e588ef33
SHA512 f026198679fe6d40ad99ad0482eab61e38ec08b66696406d64e9cf529ec14435359b0704686019ccba528231cef3acd1ce067243bec128ef18b91c94d810d1e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT.encrypted

MD5 a61847ce8a16ffb812926115e7058596
SHA1 66fce8e67988d8fd392e46469b2e82ea847597b2
SHA256 c2b325767d2c9d0fc594b0e37d5bec83683712a765d16b35248933a24d529f84
SHA512 2310bfb1ece995471abeea462fd1e9ba14f59e24816ca9886fd43463d12fbf50a52dfc139b94fb07f06a44fb0bf13b1a774a684d141bdc9cf62c66662faf21cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001.encrypted

MD5 af41e049203888b81bd769e788cff0dd
SHA1 1f820485ea74cd57f049d5254e4684d8e3654c57
SHA256 dc1d4e92d70f684019de70c7b2085824ee0b391b74be943fd197f0a2758f5dc9
SHA512 11e1dd274f624cc8cd0f067519a292a32dc4c66235d5bfd7d4cbc415d986087d1a42dd16c4066fa04c6c21a83f6ea326b0053496cabf73801906a19d2224f01b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index.encrypted

MD5 d49a217d3061a6c0099fa23d3ddaac96
SHA1 4391438b219513bb39d6dd89f0fc039a41a52c85
SHA256 14477b6a88286d36d9d9c6587ded24ab108a0efaa2838668ba54b3a0cda02485
SHA512 90eaf20b4ca3a1535aa01d1af6155ad22ccf931d4b6ef2a00e712dfe6681284097c693549894f7cb746e5b19631fc365112d6bd7b7df51fc2d7a850e181e4b49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0.encrypted

MD5 1d34e3868768596acb30f716d6d5f5c9
SHA1 78c19a4d7e515b9b4adac5d396f17e2526554ed6
SHA256 f6b338e013aba7363af068e65579a232ef8bb5205b418198af40b9a8cf1bc623
SHA512 efed6c64981bb30e5c7212c3a93fde4dd5fd48f10530856305e0a91783f7d497fe4d7c99ed445471ab133c613ff219175dce0fc2eb796e0fde6a3fee3a266071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1.encrypted

MD5 572dc4e919961efabff3644435e17c50
SHA1 34778cec6c9dac2b9d78aceea6e1e473dc775856
SHA256 6457c0c7f2f185f1d852e4a19d0c20d2ff04ba46eccbfd6c6562e8e687bb4d3e
SHA512 90153d5738ab49b3087f3a89fb07a53b3d261bca83a750e082536e3030e019a0e09e3b023861bf0f8968f10c0e204d18d52fd9bb123f57cad56a00b5dd429143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2.encrypted

MD5 762fa20196819d920bafd00dc4993534
SHA1 7d29aaadfb95113163dcaa053e4ffaf60c8e868b
SHA256 148cd647959107bac6e8d4a64b1abc2abaa2ee80113cd4371a8620e64bc362f9
SHA512 295f351a4459dd8a5662ce2182acc96c27f9e34d560965637a29f4d3cf29732b484495caa6c3b0e16d9d66f61b366f86e6e6e327c80c2622732328e33fe1b4ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3.encrypted

MD5 09a0618f7e6387c8757c88ea886eeca9
SHA1 23c8baa890b6f4786bff32eeaffe1a313d066081
SHA256 9335ee9a4df36caba7e9e5ed3bbacc9f13b93b0574bfd9872df6ed14fde9e851
SHA512 f56c2fcbc2a5da77896681b418da3ffb62062658f70f2f86106fdf6f08da9999bb2ad6e4a46f9882da08e5b3850a6bab6406b43791d0830bd42a1c62b58ee113

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\winword.exe_Rules.xml.encrypted

MD5 803aeed747d36c9683011e03eb0afcf8
SHA1 ae28132acb08b9e02dc0a5a2cbdaed224c7f93d7
SHA256 e22075f02206ce1b42998fd250b691ee33783460ac25df483482added68ce36d
SHA512 c23557ea955c9b1473b2ad8f56df66acd83ddd423d7400e657b189efa80684969d4e66b899d16a187f162d8e9372649d09e342740c2440ef854e010cf9facc39

C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini.encrypted

MD5 d8e289cec411dac43361e78222a63955
SHA1 236483f95fb958b694cd7735f500ad8990c51255
SHA256 fc1a23b87541520843db687ca82db7eec21def8fbffe2c1a90c0e35037c4adfd
SHA512 d92a3ec5f176eabe29d832513141cb52eff8bcd2ec7c5665e57324852ad7f15ce196685d2313f3241b0ee1fb00849de86682805cf6a7860e16d16a8f8640e48e

C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.encrypted

MD5 c61b30ba2c2613f167fca5e27d257522
SHA1 73b5cfccdb795beb72769a2a2f6f7665bd7d8797
SHA256 df23999df4de2be4316ce7f2b08c88046491aff993847b61932b86dc4d15a5ba
SHA512 426622324f2f859b193b6b90ee538084231f6641dd1c60f5efe0ddb035f16eaebe53740f0157f34fd5400a51b693bfc0a1c0da3cc2e09b0c538cfae69a3ab7f2

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\https___java_com_help.encrypted

MD5 2d7d564c1724d524fba7e28f8fc3304a
SHA1 0b899eddd2737b8ca1f2032024bd500615038192
SHA256 50b4a7a4ecdc82172df6903d7ccd5de576a2ead784c386e18880bb64c23a0951
SHA512 2beedf85c68db646a0f9053dd1cf94cb53cb98b59b21ede884fc2fe4b77366f1c861af28e7bf5b6cf834a35d6bf6d8aa54bb606d1e8ccfd4592ce19941d2242d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_charmap_exe.encrypted

MD5 b19b3e04f588527183ddde6626f7f548
SHA1 62a3fea7fd0b3a3c07f3cff9490f506a96b34be7
SHA256 c7fba018bda45b7b4adf440ec6c93f29a9c7c95f97cf056c7c53320e3b28b3ee
SHA512 8db372687fb89bf1c63366eb4c107c1dd52176d03b1a0e1f03a87f94ec379c7cb0d845922f3a18b30cbe1f4108c5541f5c4552e2c65ef00719d0b41a92bd26c0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_vlc_exe.encrypted

MD5 afe344431e4704d059bf00c30df723d0
SHA1 d3609e8879b5eb23f71607917019b63f7bcf2374
SHA256 50a56045bf2aff5a45f4cdebc54b0d838131751f97505f254325d49ff3379b4c
SHA512 1bf06a9653eba8b36f809bbd81629106836e5aee0a70bc83f704d0d04f27a6745c85524773b53c5b29b4a1cbb15ff32f11a8d79cd7fbd2733c0664452f83c55d

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{6D809377-6AF0-444B-8957-A3773F02200E}_VideoLAN_VLC_VideoLAN Website_url.encrypted

MD5 ce98dfa03eeaf25df7338afbce39bad9
SHA1 5dc1d8af5590bdcea10a5e935af90d962750cd99
SHA256 3bf0dfac3a037338a1a765d42b9f6cd47f9c7803760b586604e7444659d6624d
SHA512 0863345ff2dd5fd5d09c00dcc11b50a75a214356e00d08e1ec5624f145db653019b2f282071baf8a32d16a5134036703bd94a1ec9e8319aa56969fee18c9d386

C:\Users\Admin\AppData\Local\Temp\wct3C87.tmp.encrypted

MD5 1347fc43dd8d5fa0786aefdcd281285a
SHA1 86f5666bdcc0b1a0adee841593cf72fccbab75c0
SHA256 bf331c804b9e31a0524dba70a2d38c149906244236aef91807d345fb5d355851
SHA512 a5d740a4bd60a96109be2efe16d77715398a173d4f879f8d725c8a870711d3d9834baf44764297c08af57298e78a9981348dd557e9dfa087576017c78f2198e5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\favicons.sqlite-shm.encrypted

MD5 6d2ea1e0e3eeea2d7e8e4bfae838418e
SHA1 4e0bb2d1f055a4290c512da86a343f59e4794283
SHA256 62ce7bb33acd3f8ef6e2a9ceae116f6d2a89fd291af81ad3443a3123a795b640
SHA512 2d8eb696eca0834db3b1a2ec57d1948677cbac9de8a51fb15b3af535d01760060e0e389d390ffb5dd8815c64e118364ade1b1242c954a75bdfa79a6608de97b3

C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml

MD5 a01d6d49f36abebf08a7f4ee84da4b95
SHA1 68b4c16b39ed1818a54527086d20b008ae4e6b5d
SHA256 26f09e8e4988b745ab3433839524763163813e5cf6770f7ff90779c5292f740b
SHA512 5c3e2b5c5e6f77c540315d1dc5c164f3b1246c1086dbdd63e30c1c22d747d8cf58035b5f66991b7d5adcb721716efe1994df4e5951580a2329840cf727481c6a

C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml

MD5 96e0bbb2a656b1eedb7dfd89cf935528
SHA1 8d7d1d63860ffe9fc116412e547f27b294fbe16e
SHA256 70c699afb286a3a6c708d5b82a4d34234e74e16f13feef72a1e331339ab38428
SHA512 315b4d893bdf080541a318eb2b68e86068182d75cb1134efb084d9a706fdb8724d5024b8489fbbbb14db5755777ceb717f0c1e1f7bc7c35a0aefad885a6550c1

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\AirSpace.Etw.man

MD5 46809c53f54d204da449d0b773fff8ed
SHA1 30752820494da5ebac3592ea83fda7e8932d7144
SHA256 daf8e191cf0f6deefc147cfc103c9829d8bd619c7f70cfea73fd86e31d84216b
SHA512 7164e6b2a10f687f81a9b35c059281e839e91fd553993a7cea81b40831a43a2f5c4f3db7d2ecf34f966c7fde510f3be1fc8a6c7ce0113bed5c852d7ba2331502

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml

MD5 71b58cce64cd9ab73c7bfc873004db53
SHA1 63b41ea9863e075f3fd9c55400310576a9be1f5f
SHA256 52ae2c552ba8ca04b1a76e430c179b21b16a77dddb780cacbd3788709b0d43fb
SHA512 a01b38f35d50b9762b9e42945967c3612fdb2d333e941ed662be4045fe3f6d572712977ccc66dd4894997d5736b4c6c5b0e2d095cd1a2a591d0e57203c79fa83

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml

MD5 1354b4d1cac76ae5c8773c8787d5a997
SHA1 800566d0f2a194aca17d38189a753ef7b3dea145
SHA256 7a15040fb2304b5c10bea890f41a0bc240a792fb4a4ea03bec816f55627eb978
SHA512 567feeb282663e4fad5d30c7c75475ee7dfbf6f1dd4566e642bdf5dba43580f14d16e371b02fa9fa1ad373c878e24e87a6e1351935d3d1e71db42d7008c85cb1

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml

MD5 c0f938c278c160dc3157bfca447f41ef
SHA1 6fda57b0ef3488b97e8ccb084348d2a227ae9801
SHA256 62a93576634e16f407adbb1dbb693a5c1f0aebff700859e16418e6add9fc9e9d
SHA512 ec6017a7bafd45c8684e4ec215bffc4d37abb41d89f85198c94c027e28f27e31049f0cd05e78165a1057941312322b88be490170c2d4000ed717800bbbf8c108

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml

MD5 bc6855a97c65590e26dd7a19c970bf78
SHA1 fdc538d7d9704f00f4692bd38fdf5bf08f6d21a8
SHA256 8875aba6ca44d37b5c48f4bd411c2e4626aa5989a0c33207de54a0f079a94315
SHA512 421c7a619857a54faf1da2a9c52723cb584c3082ac9aee193dda7416329a361fb2d148da4394177bb39e7088582f65812260049fe6c46582212a559a69f4d5ba

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml

MD5 81660cf5afb603390997f963301d5258
SHA1 052a237f56fa7cc627ba58bee79c9aedb0475780
SHA256 a5456500f4ceae7c87c784590362deb6aed366e76b968519a09be3f57b34031c
SHA512 4ba1da4bacdf4e6e06dbf1dede6d7f57ea51e2fdd548889a78716d8a8cd684ca5d40a6af7a315abab9ecf0eef430876396d35eef7ffd77067c6a4d8267423dcd

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml

MD5 998a9e9dae8b8bf965149f68c5f6bccd
SHA1 d59cb1c9d189f14ae5ffe6422f4f60d4b265ad2d
SHA256 c470079742f46235fd20c56fe6b516c763e63f85c3e8d016b82d1cd3d4d33301
SHA512 6633764b37b8dd51f3a15afc63a73ceb92cc458033060b9fe3c238f126ced968d4d46e512e94728f185d147c0c14bf0586c8f2354df03915f263475bc27b9a6c

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml

MD5 d305802d0d31a98fbb7f22dc533639b9
SHA1 0aeef182e47831d6ed66b196ec129fae29f1e472
SHA256 fd0dd6f72dbe487d3739ffe1f55f3f183e02da6fbce02556ce06a5bc85e14263
SHA512 c05029e09472679013559a28e95b5fd392180471a78a46e224827a1dcc9d00280aad5719aa7128be8d388358e6bf25939897fc2ad33f63f93f213b3595022802

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml

MD5 afa46cb2549f5bae3c8057cd74e3ec6a
SHA1 60de41ceef2a0638cb69e41157e36036435a96f6
SHA256 b8255e5982e53509af50b32ef991439dea5d504f34e04a36e433d208c107b145
SHA512 b5658d9d014af5d225a9cfd6b956537bdf56d2a6eb6b9443a8e7405f19d289faf57800abd3851cfb73e5897055a1d8a3030a085cfc413c54f42208da113b2427

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml

MD5 31de20bd9d2752f08026f9fafec32013
SHA1 c20a78efb3e071469f65c73e283a941fe3c39f48
SHA256 aa973cf28b184abade965eba2fd87fc74e848492250b248b1580d4756ef87a5c
SHA512 d69cc5033e396af6d2eb8d62c8161fdacdb749396d382e8e36586be648e6a665bf1d020d47ae697ca9301f4cafc708015f6507da1df8d1d7bb7a181bf4bc344e

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml

MD5 b9c75bddff8e81acb02ee0d66827c200
SHA1 5e79a7d359e4f4cf4b522851affca240284326ef
SHA256 0f3612106fd99adc7b2697f5642c5f63246ea5fe9199effc8b6819ddea1a7a95
SHA512 cb29177e13e6672cb05a492d2d9822ece441e2f00ac493bc03d6bc391b8d586ebc543be620a8adc19cbd3fb587c6757abe64cf0f528c3fd5804422ce638d1903

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml

MD5 b64ffdb7c9484f790671eaebc9af3b53
SHA1 3219983ae635856291cd6b5e7085ab997d3b0e3d
SHA256 0ef2360cf810455d169dc1bddc679ad517de4154f36ade3e9e7872c0d7e53439
SHA512 e53da776cfd27ad9c5649812529fa5a391b3a9bbd63be4653fcce9c71c93165aaf68c6fa37505c3b9e23f4ba19d4a6a43e041106185a77470f8acd4052ec1f49

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml

MD5 24a748415e7df73c9335f8fec818e4a8
SHA1 113f5b9cf3658f3875d4475cb217ebe2f2025411
SHA256 d7308a2520f10359bbcf4850e0fd96066fad0e0aefbb7cfca152559b4b94f9aa
SHA512 742a4a6f63e82512e3f81b00cc32243007d72d1d28750e607d5c1d14f59c4c7958fcdec41c06c4bfdc4b44ad643ee68e5de7877324a4f5102a880cb9ac33d065

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml

MD5 eff43d7dabb4ab68fc847782b9b7b0ba
SHA1 e076dcf7fee5fae6a3b955c85a59fe5b6528ed9e
SHA256 8c1622e77df8f6339b40ec14ef1f208205a70a3acaee7766624169c8fde292db
SHA512 39f7bc2e3375eee4b8bf7d65e50670871b98911d33c6e3147d52ada811cdab1181acb1e94fc48e19dfc3e9a55b8dac3ae7d1ae1e69ab0686333d9b874fbd47bc

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml

MD5 c4ba4e724231b70d5cf4c432c6aaa683
SHA1 593c688653df1f2731f3442f91a140c9bd51c0a2
SHA256 e941b34d87079fcced2e7ae683e1fcc0373f21ba001a27dbba4883f7d36597e9
SHA512 d5d398cac758e6e50a97277176b23a460446cdc1a66f297251af37c363a39894634c02c14356e6f9838da0dadc114fd43959d30ba5ce029ee0714d8d76aec7a7

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml

MD5 f8a937c941e6e1508cbce0a8081a9344
SHA1 9e16e80ae8f3ae1b4936a77c9fc38d989c3bf6f5
SHA256 cf159f1fa7238dd3e90cefd3161746b4af6cbfe87526414f3b5179bf639f9ed4
SHA512 fb476692f314ed1057439e83835a145a1f773c955fd398d3fd6851ef42dd54b2e1ed65ec4f9298b48473960b557a9140cca73c0bd106202110cfdbe0dabefca2

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml

MD5 b48d5059abb8651bbe902c6404088a98
SHA1 dfd851dd781d93e8faf1b2663e6aadf1801d94b7
SHA256 4034202267ef687ce46bc7eec64e8031a2c080fc41cf8de6dd387d688b7d4ecd
SHA512 54b9d5603541c87e7c429adc592cd3a8326a2751e4df973e2d59e4fb601e6ca961a5a5243940e0521dc4a07a28e19ab0e348c1c0a099a4eed1acc66a4834d58b

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml

MD5 69f6db9148cfb12c270a781b052b84b1
SHA1 b705203a714efe546e6fa90d3d9e01de25995501
SHA256 5174e1e0a0d69ad8b454dc43d54cd7d5d4e7233630ceea8ac0862a0721f214e7
SHA512 632f8e4480f5e94386a2c8ccfe66559eba3ae9de5a6007c629517a85afc9268ab41b02f566c59474486da839cd375a7538a39600244e365875ba2377659094b4

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerView.PowerView.x-none.msi.16.x-none.xml

MD5 5a8f4948d9920889db524f369bf057e6
SHA1 0d89a8dd53d797e65a2293ecac870a2a1dc8b946
SHA256 e30c669fda9fe2d6bbe042b4312472ac03ccf778a6e522f35e774d6363e14a5d
SHA512 2a2a51f621ee60db6ac9c27a191e03bdd7b749c7cc65bc8bf7a9d1902328ae9c825ad28929d720891e80a6f5171a22f62c419f75cdaf4ce7a63214d58cd04d99

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml

MD5 d1ab4076b2d6226027c14680dc52d631
SHA1 ca295f27e61910f0c10ba35ea2d7a176df24d10d
SHA256 9b2aa7b9a2b206846761fc2c395f075efb8506398c2f966721ddac1c9481a5ea
SHA512 6816f711b21e9f4f6c13524bec6828a478395b542bb1abbb4ce7c13114a977eb0ad02576ecdbf249d3830dbf1ac19934528ec43711fb72f13a155e8de2abec25

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml

MD5 a0bc67992419b032938433632dccafc8
SHA1 a224ef2ebdb4e32db6b2138d6257dccf1d884ef9
SHA256 f66267deaed2b6463b7c0c48fec6c2f7f4d25ecfa543ed61c5936f16e010e14e
SHA512 5290d139dd9ecaffb32ea24f004d79957b52a019d3ba542c29953fba9ffc5ec1972afc368da2e51742138c20594234f30416558453dbc039bd771692e7d48ade

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml

MD5 d245d1f011579121c225911461de48f2
SHA1 780659070dcbd288efffe09af461cca050b432e8
SHA256 52cf918f49128a05bd966a65244ca2524cbe8640985dc151d842844f9ba94daf
SHA512 f49d4b5d7a3eeb507f047d55f050e7adaa07faae7deb4884e8db3755553160ed5d6668914cc1990966410ad328922cbf6815211d3596ae97507bdb0ced98c695

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml

MD5 f93330e8f89e00f0cf508da0c2e04b31
SHA1 c0c4aeacd5b47067c147f4a9ee937cb4fa3ac350
SHA256 3b2162e0963af79c10080ff99048ea86115b1291e67b758221e08ead8e917820
SHA512 f531851ee403ed925e82acacfc52b9b34bf8a4aaabd9d9cdb6ae4ebe4b2af6dbbdd62f13d3c65c57b2d08eed78854845685f64e7be41291a2d2420061eb6f44a

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml

MD5 6a2b8785afe93a88cff5a43fed0e732f
SHA1 bf8d5377195af0f4e64a6f20e1efb33e3e600ead
SHA256 eb8458d40df3de57151f00dd25705bc54b30d85dcd0d7be4301c9c19f63e30bc
SHA512 531ef3da01e616a81fd95747bf7b0c01eb3e22c4ff77bb979942794c06b9be69939189a96ce49f9a30820a089ccf4a0332fc37e5059947150378e282d45d6c4b

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml

MD5 ab307ddb5ff9289baa8a3d3d1337d548
SHA1 bdf2cd9b0e6e7313e3669090d63066d68f8ce036
SHA256 ed51a418d62e52c7c9c208aa057810b8a3eb535963a88906280d554c39ebadc4
SHA512 9a9f682741be144193bb68a7c3fd48aa8d0254237d8623d92938ab87b533dbb07801f8540789e1c3e9d199802cd97c697a3d53b1e647e3f83cc2d6cf11630ba0

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

MD5 a83be71b9a68b156e890e385b8fef722
SHA1 263f43b9785138580d8871896ba2015182b4268e
SHA256 39ad6e2401a2550baa0512bd0c39f4bac3e7debf161124e799b68ff0b98a9a79
SHA512 acdd06a9e2784a490faefd022ce4d1dc4b6dd096de0eceb06ab84f2d4a7a5c67241308bc49db0466a01159db61cf2ffe2ea1dc462d503f8d929c42dabd8fa512

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml

MD5 4ddea34fb16f797330f40aacf4f0cc68
SHA1 7b4997503ce1431040a39537ab8c397dc161b157
SHA256 b67b75dd787f5e9891f7cedd93c7c5337298906255ed8440b6b532e62a769ea9
SHA512 1c764846cb2c40bf53ea5a38d5951e85335d3b0321fc2f7800d8a9f9459f485aeaba5e74529d9b9b7d864859f7417d360fdea88e7b33e0c8828d006eb9b97529

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\msoutilstat.etw.man

MD5 8d89b87d6273e9e24c9bff526d338c70
SHA1 071801d26d39589d9b08a0116a5cc6ecb5cb3361
SHA256 10dc1c7d35d3d8319a7cd500753d2263951ca99e1719c8e5b317d1e361e46658
SHA512 91c2ec0f362c67629bb7d8dbd27fad06c542a2e079c0cfe06eb3f07bd49db80104bc1d57a191c754a8bee95f8b2e899b8c4c44e5062de26adec07b31589b5121

C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\wordEtw.man

MD5 5c864fae702aef5aa236ff8626068377
SHA1 b143cca35916b0c3d6bfdc7002e0f8ee452847a9
SHA256 ac4c4215bfde7247716ae06be0e9c68aafa41aa7e11c8b9967427f392bde0e81
SHA512 1e3b43aa0cbea3179b3fe8f84583979477452c69b66d67c891c5dea8e5dc6fd22475b38df5519a57c949bc6ecd69cc30d1cfae510ccc60eeca001217321f06d4

C:\ProgramData\Microsoft\MF\Active.GRL

MD5 0ab3b0e91754f90ab8f108f03083c1bf
SHA1 b7423f8364c66d2736f0809b1c00006dcd95e119
SHA256 6791e5649f76e4329c218f1ec7918049a9fda1c2d2cb3561f39469bde277aa33
SHA512 16e42ecc72dcb76fae6ea3a93f84e84a9792c7c5c1ab636dfbd72f10c4d1df3ad995bf50c4a7b33a4d9f0da32980e20a121f7852a195e7899d7320a911d754ee

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log.encrypted

MD5 0eb78c77d98c670d47aa0a7c3a9e14df
SHA1 1ace2613e1efe2bfdae6fb0ff9f8e9693026cba9
SHA256 c8b65b14eba904f9986c9c019277c19c59cd3a5d9d1c98d4b52212c330bf962e
SHA512 072879eaac4d284fb04486e2ae286dab57e42de2318266c66ded4b9782646a692cbaaafd08797cccf9895b869f37531e491e11983e4d724e4764528b3c6790ed

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001

MD5 56cbc24c5cfdcfebecdaf88424647eb2
SHA1 3acc587bbe6c244ec06f6e06a85099bf03363802
SHA256 d23e309d863987da7847c14c6e9783dbae368780430697fa9d8869aeb7af19f1
SHA512 af09695ccd28fe9a8162e1fdd70e689006f395d52f47458dd94a64b69f53f730b9ba5377f037ea967416cb28d3ae08f968e5d12703e1d81753a2807eb35bcdae

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001

MD5 8a04f9df0360b8c61c0652153943d279
SHA1 913a0356bdf3e17e04e0e1355487641b9c2257e3
SHA256 06e06d36cefdbd1e83d5476df0e99e54bf78d2366c867db66c9f69090c3272b2
SHA512 c7e702be560d2a8ac97d3cbbacd338d2218317f901661a5f3455d0b1ee5f71add65d64abafc04d73aae52462fdf6b6266d4aed776cc3bffc547494a46d110b89

C:\ProgramData\Microsoft\User Account Pictures\guest.png

MD5 ebeffba244b586098689cacfd02185a9
SHA1 3e7dfcd891daceb0cb211617a6fedcb558d9b8bc
SHA256 2e59f05ce138e5ea68f5eff18bb4b321ca18709f6a562c44ecbc96dfb8d965d4
SHA512 c20e9aa0aa070aaf2120eb7455c985dcd543b2a6c179e8884dd96484bf3b9f2a39c80824a2c7bd5b4f693a13f698b0b6ebaeac45073c88aa51fc04e923c169fb

C:\ProgramData\Microsoft\User Account Pictures\guest.bmp

MD5 2ad68fd439af72cfd2a2a1c346301048
SHA1 da7aa368293df9a3a606351043ce1f46d927b1d9
SHA256 f8cb41d357655504c6bfd29c7d90132c4b999f4a23084bcbb8d3dff82a3953af
SHA512 fc920fc73c4e073d169b4f9dd6d3a0c26e5706898b2d3854b8d16d851b8ed8ce9590007e59f121cdf0ab563c0c3a96cd7ca731ac917198d620911550d4be8060

C:\ProgramData\Microsoft\User Account Pictures\Admin.dat.encrypted

MD5 3e65d342219452f9b5131cf9d52fe793
SHA1 1d66223559e6aca7fe1a27144a6797dd490f0a65
SHA256 1933b72ebd0c547fcc84f1d66081883131e1b80fc0ff948c0511ac69475dcc80
SHA512 bd95f5b239e140e496b79443394db6761781699932d863a6353299c39b78a5222c9d383adf964b9e4a17847f1ab39abd5fefeb36703c13322b2fa8db5db96217

C:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vsch

MD5 66ab43d58900eb60dea8269b00c5c7ff
SHA1 95f493685107c36e875467ab2a621fc039955a15
SHA256 1c4320e02a8f1f17622cc70383c1a9c5aeee20157faf972f890e59656892f9d5
SHA512 45e12ce411a2aa975f8b5a42674e915976a34e32dd3ae43522bbfcb8ef441af844de875d8a10ab7c05764340d162d24f96aaad6cec0eef89524b9c8c0935c1d4

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

MD5 f9b74aee2c08ed5e172c0787bb5308bc
SHA1 7e2a78bbb60fc133113642e121ade30cfc2895a1
SHA256 639202d838c93f72d70abf376558b560d8e13d6ff692914ab606d2d25f9a34df
SHA512 2b9ed21468a9b713aea6aca45bc4a623371b770f9b1e21daf27cd6ffd26ed10c00a86e6308dd767814866edced0f88f2e3ee7b633ea2b6f5c250e0d60f74fc4a

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini

MD5 900f9c1de5e9ade8e0d6160c0d731b97
SHA1 9d849fb698c30946fba79086c1a304e454c7f1c6
SHA256 30f3f05ac3471698ec3701a7e6a58bdbb452cb0c002889c5d083bcc897dd443e
SHA512 2a05a270dbf82bf307a149cf68ac90679e41af60b3145afcf6ff84799a4e4fd2df54286570983b3002e74ba647c6c0d0c40f0fbf61aa3668cb07ec51c582887b

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

MD5 90e08b794f74242af3dc54f1484751da
SHA1 e3d8194115cdde43f40f9762d5e86a124e05ec04
SHA256 d56425650035530d3f9512033c319b569b9de048e497dcb3d46c76c6cb3085ea
SHA512 3c67b37fce0d88e5bb9569bb5397d912175d1ecc8375e4bd732d1311994f35d9506a4b5a0616b90b76edb572f8efa78e8eb4f39c083d01955d0563afd8fa5046

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

MD5 cf2c3142ac3e151c3894d2ad915e16c4
SHA1 8f7aca0ad6e11ee4e398657f1ebe0a047a6b92fd
SHA256 702be02215dcf72e55c32d20e624ce7c69118cf64b15649975cf3c54f71186b6
SHA512 447046ca647006f68679d356547520963be37fb0f64313f1263d8cc59fc94c46d0f8b116967afbcb20bf72db7967b7f5b9797a8f3d1211ad02af47f797c8c9e3

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini

MD5 1b26c77f46e705300fa75b92e1b42f5d
SHA1 6788620b5e0bea9f75807cb34dfb802ec2ad1d66
SHA256 8daf06bdf09525510cbf864e5e571dce3b31bf31edf6123650d842dd78c59920
SHA512 30dd98f823f91157c9726e1ee43029e9085c2ca0e99c6f4a46905d9f688b274855832ac45c0c16f6f608e3c2367dd247f52061a083671ad0823235e48a983cb7

C:\ProgramData\Package Cache\{3A96B93E-763F-41E7-85C7-1F3CCC37EF27}v48.108.8828\dotnet-host-6.0.27-win-x64.msi.encrypted

MD5 5a7190a8ee47223d1ef95e3e403273e1
SHA1 ef2554ee5c8e0e540498c1b61d80c6fe9f9f6d2b
SHA256 055c605eef5419b1a228003e62dcaae04e26431d28359fd0dfed4dd702b837f2
SHA512 8c8615bd7bff79de65b0ec46841077e5767b0aa6127f4fb1bf74f6c05267e6c8add325044dc6499ad5bd315d8980c7f29ead1bbbce9b4b5b71d5ba2e3b11c0c4

C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi.encrypted

MD5 bd8c1dedd84a26f309f253ce3223c689
SHA1 a42cb0d00bb28ced5fbf20ff71cf03c5676477ff
SHA256 ba8dca83fc6682c4343ac6baea35f295f58ba0a08b9028b538d40d356c19d733
SHA512 83e7455baa7a0a35a2b4a8ed7b60474e506ad30422ff383ed76048de7cc0e5c69d7ef022b3287b879aa2a54bce7c827045594ef4fdaed313423436252a74f0b2

C:\ProgramData\Package Cache\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\dotnet-runtime-7.0.16-win-x64.msi.encrypted

MD5 f518ef2d9b7b01dd793680580a915307
SHA1 454d03626e788bff2de436678fcb844a2ac111ee
SHA256 a885ad028d5dfcb3c569ee74f18d07ba34330a6d06c71cadcff220db3aa9302d
SHA512 cca15f0aa3deb35aa6e3494b5ecdfcf08474600ffebca8c7d523eb0d0435aa6ff024071ec370c860d264852c9af74f04f0c5bff59fcb77ebae7c97ba7302d6c2

C:\ProgramData\Package Cache\{E634F316-BEB6-4FB3-A612-F7102F576165}v48.108.8836\windowsdesktop-runtime-6.0.27-win-x64.msi.encrypted

MD5 bc225972a637cc635605961b391fb5c6
SHA1 d15dffd3e1c721e6008866063a2a187c0badd75e
SHA256 deeec67bd2adb58e4457974b432825692493d7a4d92801a261992fac82654e98
SHA512 557d102a32aa1921347c2b5c5657be5608ff228aeda8dec7833e6cace66a89df13c1e081ab0102839ffc36768e2836173f368d535f3b6287ed735600718fb9b7

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk.encrypted

MD5 a0d10f931dfa7b83b6fcccf362cb8551
SHA1 4913c65bae6eb928c05cd8b4cc481dfc3e27cbb4
SHA256 6f524b82be322fd712bec6234b8b59cd909767af750f2eef8e31e16c6585f14f
SHA512 01c8d5ebfc096df54dd18af579d23c6c029bb262b24decc2a7cd59ead83d93b2a2b9f4edcfbba69b267d97b937888593ef7f17039ba1ae4c5889dc5f68fd28ee

C:\vcredist2010_x86.log.html.encrypted

MD5 1104414b4a627f51ef3397d059947903
SHA1 e35d92300b601674dea3a9e332e6389e5ea3abac
SHA256 69e1314fafaf6ab3d189d85ce3963aa7bb7a3e3656b6b9d3e9409caddec581bb
SHA512 01d6b1652900c59aadfb72cf7e675aed2189710eba9e8cd366f5f9dd8ecdc8fd6d7a58ee619311f679ee74ed78554339410a962f285ae2654cf629bb22e08573

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

MD5 ea448d2124478f3099c9f52e7fec394e
SHA1 5fe14cbd74a4b83c0774d6e7579abba6f0e04e6b
SHA256 3226bd9b3cfa4edc0a2b30ab5b8c7a218fc90b398684e6d0d75f9a0300364dbb
SHA512 e7ffecef7086319c0f11b2e5405b3178b4c68602e838de53fad69404dbaa4b33a53bb40873d63c94f040d606ab4fef99f65b021b5ebd99288624be028b0140be

C:\Program Files (x86)\desktop.ini

MD5 7bda273574d838531fe05bacf7300cc1
SHA1 1d792a13b0de6f13881e7533d000a38f80f6936f
SHA256 c35fdfcb9f32dc7aeb15cff991dca853c7651f8f2ee005f1bf192c968db9a2d3
SHA512 99366648f32cc087156524cb153a3aa8d3c54abe56937726a4f687ce9e51042eec19d3086cd9107cf904ad4e57a255824ea4a576c4ca77726f13d73e9852f25e

C:\Users\Admin\OneDrive\desktop.ini

MD5 2f2ee1fde2e9555e59949f15f5e7ff02
SHA1 cb9f8f6cb032124eaf6c4937a95edfca7192edba
SHA256 ee52d9a7487ebe3e5414e8b2543077cc67f2c755957cff042c83a6fcafae2ca2
SHA512 009a563d5def97e066d0414a533fbde6f7ec5bd3908e3a7a38bdafde2ec2ab67b88b8c494b7ff62c2236aa273e4f36c8630c3977eb0da408d4f55721298bd93a

C:\Users\Admin\Downloads\desktop.ini

MD5 25bc05ee773458d651ffa94c3997cd42
SHA1 ee46fabca3c13d5dea2b02ebd7696bf0e7f552cf
SHA256 5d820fcbcff215fc6ca5c5c3d6bd024b7a9924af8cd3b6f42199777544ebd1b5
SHA512 f15b7a0c190c16ef81c7f8375cd58c6aaab93d076aa1aca04942f79e15700378a4c5028d41bf5caa32c962dcdcf61513e65df36cd011ab647001a78182eec7c8

C:\Users\Admin\Videos\desktop.ini

MD5 b9d41f1fc4c4778284e3ddb132fe8666
SHA1 e18569167115c6b1a449ab9defaa218b071bcbd7
SHA256 2df6e83c946ed46992ae6f1f39159eb6b9a08e1ee98dcd94d7012aac2f6b2a33
SHA512 8c7e416a33224e4c6a77571884992cfcc82e7f3f8fdb4504f515e795b4306a2224938588559caf53e9137dbfd1ad20f333ba1cddf3b52430636664a90cd34dee

C:\Users\Admin\Pictures\desktop.ini

MD5 6e552cb22d78729cc10434c5800ac244
SHA1 f962c9cca5ad126a0cdbc1a39cdb5248bcf8aaa9
SHA256 afb39e4e19e3f0dcccc64e7c686ef6a6fcefa920213395f3f7e78494a3cd5427
SHA512 8b2a9a00dca25f8071a076332c871da42724fab3e8d490bc7ec8d8bd29894f05c8121cbbdeaefdea5f5057d9f847158986ef2753d7ce1fe46fdca5c5ba04b60d

C:\Users\Admin\Music\desktop.ini

MD5 6019618734a57eef1953f84fdbf021e0
SHA1 3745be1fb505749acbb944e5bc7104a4e750b33e
SHA256 fa5edac1ac7f34ce2b50cd3480f3421293480864d189b8d78112cee5f8ec4aad
SHA512 3771ae7edd63d747214df01deb4a5024b7914f5ccaf692db41db551b26301dac72a68f1959ed187278a53be25f5b85234fac75ffffd9a8aa1510a18adfa40213

C:\Users\Admin\Documents\desktop.ini

MD5 fafc0c3f610d5af6908e9eef09682c2f
SHA1 58b369a37c23d24601827c77a311363c4dd52514
SHA256 316dbad0b96b7d8621854ae06dd1e6c5bf646268bc483ae5ab31337adef21d9e
SHA512 6eb74e8c5f0fe51d08ebdfb70218b8e9ae52fb72b5430493ecd2c654cb70788c53457c6c3f601276d65a7c4207504e79504cff053bfd5864c589cb9949179d6d

C:\Users\Admin\Desktop\desktop.ini

MD5 d507bc9b2451cd2ab344399902fb4baa
SHA1 2c291c5358ed67e9e62d94e5c824cbb406d5d8fb
SHA256 c65dd0083d58031924c737cc81c329aa55dac216f4f24e2ec4885667c04d8d61
SHA512 5f6dbe989957134317cbebcef4821b2c4c82adea261714824d8e4ff135986ce382a143b573b6f5fa7dabd9ad9f3920b3a595b0271174dcddeae6e77b7c6e2751

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

MD5 9e4e94633b73f4a7680240a0ffd6cd2c
SHA1 e68e02453ce22736169a56fdb59043d33668368f
SHA256 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304
SHA512 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

MD5 a14dccc6ec2b204c7ad23bf9e76c1143
SHA1 9db7c8d830f03fa5a584f0e9196024d16b4414a4
SHA256 29c73464af5be20a5bf1df7b97bd2ef7382b00c137b0e16149d7324c4c9e7110
SHA512 22a9afaffd1c4fdbd0616fa76edeac65be9c9bd33c1aab4f5de20b6f612bdfd92454727d1735b2a522f27b9087ba4099593f42f1a7d82fa3d9f938c33baa2a12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

MD5 e8b3f516575b13658acfaff6c95ed821
SHA1 d3ac041d81fd154ff5d16b37c544db6cc159be05
SHA256 a9a2097ade42b01afd9334c3bc273e6f0b3afd04e0771bb42293f77a75fa76fa
SHA512 d001be8eed1ab3105a4e3b18d41e5a691510f060157e7ddb4ee15c1041ef1bb0ffc8933433420017348dd71589fa0706f2f9f0fbc62308288a47288faeb756c7

\??\pipe\LOCAL\crashpad_4492_YPZUIJYWDHGOPNBY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

MD5 4fd962571e92f024de0c632539eca74c
SHA1 4c950d39172364a5bd2d9ac2e56fed57973add05
SHA256 67f6027a63d6b3b999eac8517aac56d0ca7e553af5a04b6f52da6ac7f6a90810
SHA512 3fa7077ac5889291881569a7cd53a6e7f0c8a6f02e36f6148dbedc3c64a263c74edf153cd1924752b1c5bbda4f439e3d2519199f814f0e2a449dd7618f47404d

C:\Users\Admin\Desktop\README.html

MD5 b3081cb5e8def7ba92b37131fc72e99d
SHA1 95805588b97efbcdc1c8be81b457168571cbcb75
SHA256 03dbde42e520eae6627fbcd30f41c8f629d0b798777dbfcd6ac9d939d51d3405
SHA512 4567438a75847a955233cbbf062d7f5741c6189b5351b97f6920da9b9faa2be14f283e64aa9d399d6cd07f18fd42761c6a2152834dfe434c833b0a657c2d6e42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\53dcc941-a6ab-4137-92d5-eaeb6130e39b.tmp

MD5 3e02d526eed504d20454e29a09498961
SHA1 68bc50cf9d8840095e43af67398f7cbd203478d5
SHA256 647f5fbfe33b2bebf633a405da1dc6ca60d5ec50d8435da38c16bf8b4b351e53
SHA512 e5428d4836c964f00fdbf588b4869d312734eb5633237495655b32d0fff916e2e7827382fe17cd402e7122e80976349ac57e3460e088b980cb4a5e37d179a2cf

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

MD5 b8540ecb7d055becb77ba2a559af69f4
SHA1 944fca007b413393b3b10dedcf19767ab419e2ab
SHA256 30b89139ec0724c2811f0b9057477fe49c3545210b09b8e6636f00ff50e0d548
SHA512 ccf7785518bdc2aca2d8deb391247c5e0230052ab45eff7f033d59045c1c1041c4de81d15d8b20804c41da461db9bdc76e014275ec2b399ce553330782e7d888

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

MD5 7565054421d3eb7e97b15c75d0d4ec3b
SHA1 469ebdb7df84b85a3f691b8adfc459042eb6fbd7
SHA256 d88d5280ca05e29c5f4c113aea8ebc9cb625aaf260f201bd039bd67e4894d805
SHA512 845cdb6f85b304fed5a65995b6fdf779315f04baa2fcefb193bd7d503e9fdaa431f544c894ce607601494161b7845bd8efa5c3afe6446134db4697295ee01ca3

C:\Users\desktop.ini

MD5 fb75701367120b1d8969ccf2f8e61435
SHA1 f1a1e5427a3504a2450a8cdba0761426a2567b7c
SHA256 214691e296929d8d4c9d8516ac731f6b12d338d2423f876c9f27aea89a617f98
SHA512 345a73b65dd930b3f80795654ad2e5c966600f794800321a3516dec92b62aa4441819500bd77d92295eb0bc86eb932de110510ca5026b031d777a606b65b73a9

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 6ef315c7d0d439e73121980e9f9bbaf3
SHA1 725cf2153910fe51d6c32db318a37b06492129ab
SHA256 b2fda9e9f9a6f7ff35a14a9227e25bcdd668caad55fffbcac4f67c1f0641beac
SHA512 fae4fb0e9e3114d87d7f0b878f4bd12a7086279ed57ed3d7d1484b333fba9db3c7f373013f676300ee792458b3c9f684f7a76ed3b6fd2292b9ff8a1692da8683

C:\Users\Admin\Favorites\desktop.ini

MD5 779841505bf83d01d08cabc462954d01
SHA1 5c2c819c5f52a0aa1f72aec9725e509ad78ec7e8
SHA256 5ffd25de18ee2d64961d3c4f07ca43119e3e86cce3ba5ea32850bd68b836ee88
SHA512 7c119ded471c20bbade2f4dbf5604c62ff552fd1d5341ce5c468e41d06b3506bdd648219324fc596a62350ae5d568999a25716836e08464c8748e0f12699d989

C:\Users\Admin\Saved Games\desktop.ini

MD5 9f7297aeab37bac313e0045920277841
SHA1 0ab06e42bc75e8c8d0a79f02e0edd7bc5726a971
SHA256 8cff4d61280b3355ae81c26244242d8271f4e10e6b8b9023cb39a400bce7bb85
SHA512 e643223b808fbba3a7555c007684aa20ec23be8f71da3129465b012f603e6dffe56c0e73558ade89e589d161d1d4e9be88f0b87ed29e3d797428e11a50d65799

C:\Users\Admin\Links\desktop.ini

MD5 1d9b0121c1afe85bee0535ae7a266014
SHA1 6c4ee71c9f2c1924f838e6c396c538f48d1f4b5e
SHA256 f226b128bb7168c2e8225e880f7a1398a511f2e18562bebf8e07fa836a13b44c
SHA512 bda8efce41529cbaab5e92d2b0e16b6ffe5ecbc264621e30d7d94ad88697073e915bf339ff8e5e929d897bcbb8121b91648c98cfc5bbf7564749c6196428aeea

C:\Users\Admin\Contacts\desktop.ini

MD5 f91e88e45eb0cb63d33ce5641b045ad4
SHA1 0e95878bf516587ed1c5cac0bc76bc54ba7bc85b
SHA256 e229194cb6b85e0619d82e7cc6d7613403c7f1eebca131707d25706114590344
SHA512 79f424d24fada16ae2dd29313955fb53b3e2b2ab89848b36cdf18e32bc7cfe337368822f2419f9afc519a85db6444b14581fb90c2b6e00e46b60bf98d9d44960

C:\Users\Admin\Searches\desktop.ini

MD5 dbf7885b789078d889b19585edf0d51e
SHA1 af86202849c9c2a7e23c755b500dd79a62c081af
SHA256 29234c9eb9f6de36c0d0d0a0ed7365cd753ce0752cc1c70d696b1b6b5d2f1f0a
SHA512 335dff8582538d446b719a2025cfffa4d7f697af62a82eb73734fc5a607eeb184b5aba325e681b6ef29eca1a650a51a7dcbb9be1d54be72f9d840dc1a32c8eba

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 06ae00701759f779c5391e84e92075b4
SHA1 62a0a4740389b078cc9245fb68ef1fbda7437fca
SHA256 6da12df771a4a72be1ff53db30a814574f4ce9ee1cbb4abbecdabca4faf3f7b4
SHA512 82d574d1698a3c524fd463c53cb436152019b39d0f6e50da5e7580d1cc55a89aaa272b763324c6d0ac256bf0dd2b40c080ff97c279f40f8135d0cfd9d2d55242

C:\Program Files\desktop.ini

MD5 21427b8a3f736af97ae31f35480e0cfe
SHA1 b2be938ee6a325a17ec6ec6b140b7906eb8f6c41
SHA256 5b7d323ddcb52189d588b8004b48b2169fcc70e8819cfa57b12f6438af4f7bd1
SHA512 8811f738c347ecf2141685193c513d6d64b90d5561c00cf5d7912e08e2912828856aca696bea5b77142d97ac166ef9242ec6ff3d434ca6bad680ed8ff12f2c22

C:\Users\Public\Desktop\desktop.ini

MD5 2afde136451c70c3685f1a5bf7267584
SHA1 dff71e55ab864c4e7134cc208bfeaa0497a76b6c
SHA256 ea9a344c0323c7231e6473171e00388bda87a2e4c148d7a00f13582075b8a6f7
SHA512 9c15826687c62dc793eccc2258eec1d755c08f545447bd2233136c8e8cd7f5221f282f4d1b6a3fac47e1627907d3ee09353ea1990114a2e8dd6377c609df448e

C:\Users\Public\desktop.ini

MD5 a835f82d766531c37671d76aefa6e637
SHA1 f726e4739814c4c82de60407b63e28d8a81a89a1
SHA256 292b4279c5148ed88f3475fea3301471ca1dbbbd758a692858a03d83c790e1ec
SHA512 1f88fcfdc904428c8b6bced36c0f64e5415b8d18de76393efb13f9de0f37bc0e0e900f474640199b8169072c7913c8289360b4ec7e836a8f926a93e0cf6c44d2

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 21def68f48302c474b7f38b8a90527dd
SHA1 2d68173a9e9a201f8dd675159ca3fa574818c7c4
SHA256 57dd7bca1a63a96201d1e8f6f3d2032be29ded768049e3546761206f95ca5c1a
SHA512 51dc658b4bc16b253c215b4c06f2d7d4e0e5b496fb69ff4f90a545bcf8410c5198ce611cb1980c61d5d3677edbd90c4099850bfaab81e0b89db4fc46418f43c3

C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini

MD5 30fb6d3ae9927c6c6dbef3d6db15c5d1
SHA1 811759f2f49b4794dc5afcc87c7bb1305a21a407
SHA256 6a605fcfe011db7bd8b5187e6746cde0e8c5013de8733547bce7eb7e85550ffa
SHA512 54168973c4ad09f36fcc2c7662df884b181a107392dc8a87ed0bf07128de84f18e7ea8d2ff4c1a4347e9058f37b5b1c4a2bb63f6d453a71ba18d43a66e4b2d8c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

MD5 9ba05f923827b97844eadf962d3afe9e
SHA1 cd3a6744123d047bcf89f1b2897a5213cba1ae8d
SHA256 a7534f8bfb2853a9d7370bca3f7fd9c51fbecd1de4d7436dc6275213b874f07c
SHA512 3ea40ccea24e3ed94663dfefb1f9f8b64914f02b41bda9981ace9a5095ae099a1e59afc6ffef6b8883ca10cafcb09abc4292118b5703f5e95615d5609264b67f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

MD5 e4482dd3dcd5472c6aaa90d4cfba1e95
SHA1 ef3469d05d933f1e68aab0381052e5821af8271c
SHA256 c3ee438fe0d8da3dda24af02760f8fb3991a0cf0468c851cea78d3bc24af0539
SHA512 aa97145c1a2d0ec44cbf4de9f673d9da85712c99267299c4faa7d9f8577364c31aeee7b0c253c19f44a1923f40a38a575f6a47cf7b806a5beb932346c1cd2a0b

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

MD5 800ab878281339d62b0c337f3465e945
SHA1 8095cb0cb2477a589b33897ad1daff6c405d0c98
SHA256 0affd2b2eb1fd0a74943d79b7926cb72e60e8984698925a516f3ef415434cce7
SHA512 2f82f03da400f906ef0666b790d5c30220f52753038cff51b7f5e0cd3d4cfe012d425ad2e97af3b3f4be1c9c565bddd45b65407363853cef94aa85f6d8db035d

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

MD5 4b49af09778d0d8064c2cd16f04bea8b
SHA1 c915b15ac02caca47ce2f710df0d540ad3fd0de1
SHA256 4ea0e068de49e225953a879df9e9d80cc35eacc4954f1c9d4c4932bbe55f1428
SHA512 b78c57106d3e00025bcc0a29f329836231882ae1732446f088edb1d2cc91c16b1da73beed4fd03185ad6277ba416aa91611ff6fa049563d34ce324e2538ef2c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d86f8a6c34f8dfa39c235f145b8f35dc
SHA1 a7128338e703025b4255416aca95b278c6856bf1
SHA256 ee875254c32855c02df49489e7a66299251d6af81c8c0b1676608d624e9582db
SHA512 645ef03492fca0db84dff53a4cc07ee7b1a85fba71517f828624efb5473e3cb05f0679dfdda5fbaa55e0cdc5c35d6421464e66287d549841d333e883b2d65280

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

MD5 266292316cc002699e7d43cdcfffacbc
SHA1 ac5234c8098c0c532c291cc4d275e1f59e91b966
SHA256 01602897b7fe68d19ca3f2e9c0462b676050c3edbffb86bfc3dcb584145a37bd
SHA512 dd00085f0ab1de7543377ca04a88f70713deac392de12391e61a2054c366cf9a396c32419858a8f75fadca0b8dc3bcbccebe05b39793abd083cb8e64f246d54e

C:\Program Files\7-Zip\7-zip.dll

MD5 e99d9cb0f2cb862ccfded28de40d9373
SHA1 8856bd6970664a99ff01ece983bf9106a9c5872e
SHA256 c097eff76ecd70845e2a5b6d208c5b2faaea4b28cb2e6da0c703fa808c9ffe3c
SHA512 3c532bdc32dc9157b4b204c3e3a391aee13d1e595c292ff34b8762f4685e638f30d2bc3362d452844c69172d37c0e416ad55e7eba4554ac78c003967b07deca4

C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

MD5 d11b4f7a7421440098609f07966a588b
SHA1 44bfc238c68fd602508c2ebc6d4486b408f63ea5
SHA256 7deafdcc909b77094ec1b6e5d143078e3dc5c23de9feac00208fd7c44319238a
SHA512 283dc62fbee696a4f09be7b60aea08d9c03b2e32234948f303297c4c4f82e9248271fb4226768ca0246e04d91216ed70d22736e2778b18d9a02c3a750b33746d

C:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL

MD5 d7c03d7c66729f02e207df95dc60a9ea
SHA1 7946a46b61bf9ae9a4fdd53edeb1b8b77dce6ae8
SHA256 97770d05bf967794b535bf930444f52102708413e00ed0bb028e9722dc543773
SHA512 e4761e97fe1ad6dcde7f9af7c7493f6fd41cd55330ddade132a8d7ed04d1504b2d9072560dcb7e81c88496a6833ab4885afa3918045a33878b5930e04d1a1889

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll

MD5 ed440563f90320cdb9ecd51021dba8f7
SHA1 bbee7eff1026846bece0d35862e1d38cfe8796f5
SHA256 3670488d28273f2835bbb5e1bc56db274f17623f3848743273d6643d066e1db0
SHA512 0b7faa36a9dba40e023ed20f07a7d58c322600f4ca55e8d8f71cddb95085b31b448ea21e2bc386c265201e57454983b8bf832b96a981f5cd0cf3d141ace54be1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

MD5 fcd29352f61332d40c5a28944fcccaf9
SHA1 02faa4c8af7fc1364616af80fde570de8d4d625a
SHA256 c273f9af82947638201f98106ac912b37ca245788bcfb4167aa214967e7e71ab
SHA512 7479b4e01b44132d3692d306f4d4df85577926e7c7c2266c33ad2e97b9c8f34f97761277c8c4fd8e820af57b7289fa86ed3ebe3a3f17e07ad80b5c296737bb60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

MD5 e28875067cfece44c875ddfaa4951a48
SHA1 49c39dd78f533d7c0ece1db3ada7290cca17b79b
SHA256 9f3dd4f0fe3bdf419d11f991419a51b0820e0b4fadbde3640113cc6fd486910d
SHA512 ad242f39d3329b4dec994349d2abefc9ba6e89de7e3091d8997d6886c2047efb97c6d5cdf99feab9862a49ff8e45a12dda6bc5e5cf3c635748651b1fd51a52d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe59a697.TMP

MD5 e22e8288958c1ea6f58de970e5c173c7
SHA1 805be6c6d472ec14da4e201085c2876de3734a2f
SHA256 cfd7b7488829c065044945813a7c4116eb77bd562eba3166b2c1c2673c861d7d
SHA512 c3477f5f9f7a2cd7cbab9dade985bddc4b05156de2e5f52847265b21a45d678f7b094fcf5384a63792cff2492656678a01eff4c76901c109acc3ca2c23e9a711

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

MD5 4279239d3a9f26bd15650235de8b738e
SHA1 711e914d651eafef604f736601e29cce0045d86a
SHA256 19af6c9e8b4f8d3ebeae5c38dc50b9681ca5a1fed1a8fd769dadc56daaa96ab2
SHA512 43141123f065bde85ce72ac8b6413bd4ea3b26048a69dcbfbf28ac925761a81e645c8e8e0f30f18cc4d6975b26ed54ae6332847241b62f1ad13ce0cea8ef7ef3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe59c682.TMP

MD5 56e91ad996cd7aaf58d8c683718ebb98
SHA1 fc8990a7bb2af6bf437230783688327a1e51db38
SHA256 92ee672822e168d57d360d1e4f8da43de614fefcce39102a27a450a167fcf2fe
SHA512 c95373d812f99a07c2dfe1a1dc34122308e69fb91c20d2c771d05ddf000b63359f555935ef5ee420109c54883818f6451760e316bc4fa047cc5fef0cd320fcfa