Automated Malware Analysis Management Report for AztyGMg4jw.dll

Overview

General Information

Sample name:	AztyGMg4jw.dll renamed because original name is a hash value
Original sample name:	05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431.dll
Analysis ID:	1543071
MD5:	f74cec233a9609461e7518dd4c90207b
SHA1:	92408a8233567f8b10f30f83dfcdd98effe96dca
SHA256:	05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431
Tags:	BlackBastadlluser-JAMESWT_MHT
Infos:

Detection

BlackBasta

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found ransom note / readme

Multi AV Scanner detection for submitted file

Yara detected BlackBasta ransomware

AI detected suspicious sample

Drops a file containing file decryption instructions (likely related to ransomware)

Drops executable to a common third party application directory

Found Tor onion address

Infects executable files (exe, dll, sys, html)

Potential evasive VBS script found (sleep loop)

Writes a notice file (html or txt) to demand a ransom

Abnormal high CPU Usage

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: PowerShell Module File Created By Non-PowerShell Process

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Name	Description	Attribution	Blogpost URLs	Link
Black Basta	"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022 - and due to their ability to quickly amass new victims and the style of their negotiations, this is likely not a new operation but rather a rebrand of a previous top-tier ransomware gang that brought along their affiliates.	No Attribution	https://assets.sentinelone.com/sentinellabs22/sentinellabs-blackbasta https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight https://gbhackers.com/black-basta-ransomware/ https://mandiant.widen.net/s/pkffwrbjlz/m-trends-2023 https://noticeofpleadings.com/crackedcobaltstrike/files/ComplaintAndSummons/1%20-Microsoft%20Cobalt%20Strike%20-%20Complaint(907040021.9).pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.blackbasta

Name

Description

Attribution

Blogpost URLs

Link

Black Basta

"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022 - and due to their ability to quickly amass new victims and the style of their negotiations, this is likely not a new operation but rather a rebrand of a previous top-tier ransomware gang that brought along their affiliates.

No Attribution

https://malpedia.caad.fkie.fraunhofer.de/details/win.blackbasta

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: AztyGMg4jw.dll	ReversingLabs: Detection: 65%
Source: AztyGMg4jw.dll	Virustotal: Detection: 77%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.5% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D192EF0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,CryptAcquireContextA,___std_exception_copy,	4_2_6D192EF0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1934F0 CryptReleaseContext,	4_2_6D1934F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D193600 CryptGenRandom,CryptReleaseContext,	4_2_6D193600
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1F6F30 CryptReleaseContext,	4_2_6D1F6F30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D193420 CryptReleaseContext,	4_2_6D193420
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D193460 CryptGenRandom,	4_2_6D193460
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D193050 CryptAcquireContextA,GetLastError,CryptReleaseContext,	4_2_6D193050

Uses 32bit PE files

Source: AztyGMg4jw.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\7-Zip\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft Office 15\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Uninstall Information\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Mail\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Multimedia Platform\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Photo Viewer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Portable Devices\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\7-Zip\Lang\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Services\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\images\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\SIGNUP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft Office 15\ClientX64\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\fonts\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\uninstall\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\Offline\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\Platform\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Media Renderer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Network Sharing\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Skins\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Visualizations\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\TableTextService\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Esl\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\HelpCfg\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Stationery\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\TextConv\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Triedit\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\VGX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\ado\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\msadc\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\features\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\VisualElements\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\pref\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\DC\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\HelpCfg\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OnlineInteraction\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\ado\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\SetupMetrics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\settings\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\DC\Linguistics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup Files\{AC76BA86-1033-1033-7760-BC15014EA700}\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\default_apps\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Extensions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\MEIPreload\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\VisualElements\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\WidevineCdm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\en\instructions_read_me.txt	Jump to behavior

Source: AztyGMg4jw.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OSPPREARM.EXE.3.dr
Source:	Binary string: pingsender.pdb source: pingsender.exe.3.dr
Source:	Binary string: mavinject32.pdbGCTL source: MavInject32.exe.3.dr
Source:	Binary string: AppVISVSubsystems32.pdb source: AppvIsvSubsystems32.dll.3.dr
Source:	Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb source: OSPPREARM.EXE.3.dr
Source:	Binary string: msvcr120.amd64.pdb source: msvcr120.dll.3.dr
Source:	Binary string: AppVISVSubsystems32.pdbGCTL source: AppvIsvSubsystems32.dll.3.dr
Source:	Binary string: mavinject32.pdb source: MavInject32.exe.3.dr
Source:	Binary string: softokn3.pdb source: softokn3.dll.3.dr

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7-zip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7-zip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7zFM.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7z.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7zG.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1E571F FindFirstFileExW,		4_2_6D1E571F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D165790 FindFirstFileW,lstrcmpW,FindNextFileW,GetLastError,FindClose,__alldvrm,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__Mtx_unlock,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		4_2_6D165790

Networking

Found Tor onion address

Source: rundll32.exe	String found in binary or memory: ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: ab2bada7-004d-468c-8c25-a08517ea2fa0 ! To access .onion websites downlo
Source: rundll32.exe	String found in binary or memory: ATTENTION!Your network has been breached and all data was encrypted. Please contact us at:https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: ab2bada7-004d-468c-8c25-a08517ea2fa0! To access .onion websites downlo
Source: rundll32.exe, 00000004.00000002.2214192044.000000006D21C000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: rundll32.exe, 00000006.00000002.2241540711.000000006D21C000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: AztyGMg4jw.dll	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt105.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt148.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt56.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt57.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt133.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt191.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: instructions_read_me.txt217.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/

Source: omni.ja0.3.dr	String found in binary or memory: http://127.0.0.1:
Source: pingsender.exe.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: pingsender.exe.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: icucnv67.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Au3Check.exe.3.dr	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: Au3Check.exe.3.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: Au3Check.exe.3.dr	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: api-ms-win-crt-utility-l1-1-0.dll.3.dr	String found in binary or memory: http://crl.microsg
Source: pingsender.exe.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: icucnv67.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: pingsender.exe.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: qipcap64.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/Do
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: icucnv67.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: omni.ja0.3.dr	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: omni.ja0.3.dr	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: omni.ja0.3.dr	String found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: omni.ja0.3.dr	String found in binary or memory: http://dev.w3.org/html5/spec/rendering.html#rendering
Source: omni.ja0.3.dr	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: omni.ja0.3.dr	String found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: AppvIsvSubsystems32.dll.3.dr	String found in binary or memory: http://file://sftldr.dllsftldr_wow64.dllIsProcessHookedAppVEntSubsystems32.dllAppVIsvSubsystems32.wK
Source: omni.ja0.3.dr	String found in binary or memory: http://jsperf.com/code-review-1480
Source: omni.ja0.3.dr	String found in binary or memory: http://mozilla.or
Source: omni.ja0.3.dr	String found in binary or memory: http://mozilla.org
Source: omni.ja0.3.dr	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: icucnv67.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: pingsender.exe.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Au3Check.exe.3.dr	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: Au3Check.exe.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Au3Check.exe.3.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Au3Check.exe.3.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Au3Check.exe.3.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr, icucnv67.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: omni.ja0.3.dr	String found in binary or memory: http://www.ethiopic.org/Collation/OrderedLists.html.
Source: omni.ja0.3.dr	String found in binary or memory: http://www.mozilla.org/key
Source: omni.ja0.3.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: omni.ja0.3.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul);
Source: omni.ja0.3.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml);
Source: omni.ja0.3.dr	String found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: omni.ja0.3.dr	String found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: omni.ja0.3.dr	String found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: omni.ja0.3.dr	String found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: omni.ja0.3.dr	String found in binary or memory: https://api.accounts.firefox.com/v1
Source: omni.ja0.3.dr	String found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: rundll32.exe, rundll32.exe, 00000004.00000002.2214192044.000000006D21C000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.2241540711.000000006D21C000.00000004.00000001.01000000.00000003.sdmp, AztyGMg4jw.dll, instructions_read_me.txt105.3.dr, instructions_read_me.txt148.3.dr, instructions_read_me.txt56.3.dr, instructions_read_me.txt57.3.dr, instructions_read_me.txt133.3.dr, instructions_read_me.txt191.3.dr, instructions_read_me.txt217.3.dr	String found in binary or memory: https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/
Source: omni.ja0.3.dr	String found in binary or memory: https://blocked.cdn.mozilla.net/
Source: omni.ja0.3.dr	String found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1403293
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1592344
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: omni.ja0.3.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: omni.ja0.3.dr	String found in binary or memory: https://crbug.com/993268
Source: omni.ja0.3.dr	String found in binary or memory: https://dap-02.api.divviup.org
Source: omni.ja0.3.dr	String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.5
Source: omni.ja0.3.dr	String found in binary or memory: https://design.firefox.com/photon/components/message-bars.html#type-specific-style
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#E
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Places/Frecency_algorithm
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: formautofill@mozilla.org.xpi.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/visibility#Values
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: omni.ja0.3.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: omni.ja0.3.dr	String found in binary or memory: https://developers.google.c
Source: omni.ja0.3.dr	String found in binary or memory: https://developers.google.cB
Source: omni.ja0.3.dr	String found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: omni.ja0.3.dr	String found in binary or memory: https://drafts.csswg.org/css-lists-3/#ua-stylesheet
Source: omni.ja0.3.dr	String found in binary or memory: https://drafts.csswg.org/css-scoping/#slots-in-shadow-tree
Source: omni.ja0.3.dr	String found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: omni.ja0.3.dr	String found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/mozilla-services/autograph/blob/main/signer/contentsignaturepki/README.md
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/stylelint/stylelint/issues/6834
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/1072
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: omni.ja0.3.dr	String found in binary or memory: https://github.com/whatwg/html/issues/8610
Source: omni.ja0.3.dr	String found in binary or memory: https://gpuweb.github.io/gpuweb/
Source: omni.ja0.3.dr	String found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: omni.ja0.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#bidi-rendering
Source: omni.ja0.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#flow-content-3
Source: omni.ja0.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#hidden-elements
Source: omni.ja0.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#the-details-and-summary-elements
Source: omni.ja0.3.dr	String found in binary or memory: https://html.spec.whatwg.org/#the-hr-element-2
Source: omni.ja0.3.dr	String found in binary or memory: https://incoming.telemetry.mozilla.org
Source: omni.ja0.3.dr	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: omni.ja0.3.dr	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: omni.ja0.3.dr	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: omni.ja0.3.dr	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: omni.ja0.3.dr	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: omni.ja0.3.dr	String found in binary or memory: https://mathiasbynens.be/
Source: omni.ja0.3.dr	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: omni.ja0.3.dr	String found in binary or memory: https://mathiasbynens.be/notes/javascript-escapes#single
Source: omni.ja0.3.dr	String found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: pingsender.exe.3.dr, qipcap64.dll.3.dr	String found in binary or memory: https://mozilla.org0/
Source: omni.ja0.3.dr	String found in binary or memory: https://prod.ohtc
Source: omni.ja0.3.dr	String found in binary or memory: https://profiler.firefox.com
Source: omni.ja0.3.dr	String found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: omni.ja0.3.dr	String found in binary or memory: https://relay.firefox.com/api/v1/
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: omni.ja0.3.dr	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: omni.ja0.3.dr	String found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: omni.ja0.3.dr	String found in binary or memory: https://services.addons.mozilla.o
Source: omni.ja0.3.dr	String found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: omni.ja0.3.dr	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: omni.ja0.3.dr	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: omni.ja0.3.dr	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: omni.ja0.3.dr	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: omni.ja0.3.dr	String found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: omni.ja0.3.dr	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: omni.ja0.3.dr	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: omni.ja0.3.dr	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: omni.ja0.3.dr	String found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: omni.ja0.3.dr	String found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: omni.ja0.3.dr	String found in binary or memory: https://w3c.github.io/mathml-core/#dfn-maction
Source: omni.ja0.3.dr	String found in binary or memory: https://w3c.github.io/mathml-core/#the-mathvariant-attribute
Source: omni.ja0.3.dr	String found in binary or memory: https://webcompat.com/issues/new
Source: omni.ja0.3.dr	String found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: omni.ja0.3.dr	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: Au3Check.exe.3.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: qipcap64.dll.3.dr, softokn3.dll.3.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: Au3Check.exe.3.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: omni.ja0.3.dr	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: omni.ja0.3.dr	String found in binary or memory: https://www.mozilla.org/
Source: omni.ja0.3.dr	String found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: omni.ja0.3.dr	String found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: omni.ja0.3.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: rundll32.exe, 00000004.00000002.2214192044.000000006D21C000.00000004.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.2241540711.000000006D21C000.00000004.00000001.01000000.00000003.sdmp, AztyGMg4jw.dll, instructions_read_me.txt105.3.dr, instructions_read_me.txt148.3.dr, instructions_read_me.txt56.3.dr, instructions_read_me.txt57.3.dr, instructions_read_me.txt133.3.dr, instructions_read_me.txt191.3.dr, instructions_read_me.txt217.3.dr	String found in binary or memory: https://www.torproject.org/
Source: omni.ja0.3.dr	String found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning

Spam, unwanted Advertisements and Ransom Demands

Found ransom note / readme

Source: C:\instructions_read_me.txt

Dropped file: ATTENTION!Your network has been breached and all data was encrypted. Please contact us at:https://bastad5huzwkepdixedg2gekg7jk22ato24zyllp6lnjx7wdtyctgvyd.onion/ Login ID: ab2bada7-004d-468c-8c25-a08517ea2fa0*!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us)*!* To restore all your PCs and get your network working again, follow these instructions:- Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency.Please follow these simple rules to avoid data corruption:- Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself.Waiting you in a chat.

Jump to dropped file

Yara detected BlackBasta ransomware

Source: Yara match	File source: AztyGMg4jw.dll, type: SAMPLE
Source: Yara match	File source: 4.2.rundll32.exe.6d160000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.rundll32.exe.6d160000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 4508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 5692, type: MEMORYSTR

Drops a file containing file decryption instructions (likely related to ransomware)

Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\$WinREAgent\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\PerfLogs\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files (x86)\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\ProgramData\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Users\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\$WinREAgent\Scratch\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\7-Zip\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Adobe\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Common Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Google\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Internet Explorer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Microsoft Office 15\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Mozilla Firefox\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\MSBuild\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Reference Assemblies\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Uninstall Information\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Program Files\Windows Defender\instructions_read_me.txt	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\$WinREAgent\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\PerfLogs\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\Program Files\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\Program Files (x86)\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\ProgramData\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\Users\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\$WinREAgent\Scratch\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\Program Files\7-Zip\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File dropped: C:\Program Files (x86)\Windows Photo Viewer\en-GB\instructions_read_me.txt -> decrypt or rename the files will lead to its fatal corruption. it doesn't matter, who are trying to do this, either it will be your it guys or a recovery agency.please follow these simple rules to avoid data corruption:- do not modify, rename or delete files. any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - do not hire a recovery company. they can't decrypt without the key. they also don't care about your business. they believe that they are good negotiators, but it is not. they usually fail. so speak for yourself.waiting you in a chat.	Jump to dropped file

Abnormal high CPU Usage

Source: C:\Windows\SysWOW64\rundll32.exe

Process Stats: CPU usage > 49%

Detected potential crypto function

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D164B00	4_2_6D164B00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D16B1A9	4_2_6D16B1A9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A0D90	4_2_6D1A0D90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A2ED0	4_2_6D1A2ED0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1C4ED0	4_2_6D1C4ED0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D196960	4_2_6D196960
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1689A0	4_2_6D1689A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D182B70	4_2_6D182B70
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D172B90	4_2_6D172B90
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D17EBD0	4_2_6D17EBD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1D6A4C	4_2_6D1D6A4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1D8A80	4_2_6D1D8A80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1D4440	4_2_6D1D4440
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1DC7B2	4_2_6D1DC7B2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1AA690	4_2_6D1AA690
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A42B0	4_2_6D1A42B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D177DD0	4_2_6D177DD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A3C40	4_2_6D1A3C40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D17FCE0	4_2_6D17FCE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D17DF00	4_2_6D17DF00
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1C7E58	4_2_6D1C7E58
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D19BE40	4_2_6D19BE40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A3E64	4_2_6D1A3E64
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1EB929	4_2_6D1EB929
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1AB9A0	4_2_6D1AB9A0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1D1825	4_2_6D1D1825
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1D1B67	4_2_6D1D1B67
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D199BD0	4_2_6D199BD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D19DBE0	4_2_6D19DBE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1E95E5	4_2_6D1E95E5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D179450	4_2_6D179450
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D199470	4_2_6D199470
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1AB4B0	4_2_6D1AB4B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D165790	4_2_6D165790
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1C97DE	4_2_6D1C97DE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1757C0	4_2_6D1757C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1A3620	4_2_6D1A3620
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D197000	4_2_6D197000

Found potential string decryption / allocating functions

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D1C2A18 appears 57 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D1C38F5 appears 73 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D1C39A0 appears 64 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D16D840 appears 40 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6D1C38C2 appears 98 times

Uses 32bit PE files

Source: AztyGMg4jw.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: AppvIsvSubsystems32.dll.3.dr

Binary string: for %1% in name mapper. Error: %2%related_name_resolver::initFailed to map NT object name for %1% in name mapper.related_name_resolver::get_name_by_handle\Device\\logfiles\HostDriverStoreWow64 mapper detected process running under wow64.wow64_name_mapper::initWow64DisableWow64FsRedirection\driverstoreWow64RevertWow64FsRedirectionFailed tU

Source: classification engine

Classification label: mal92.rans.spre.evad.winDLL@10/951@0/0

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Program Files\instructions_read_me.txt

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\instructions_read_me.txt

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:120:WilError_03
Source: C:\Windows\SysWOW64\rundll32.exe	Mutant created: \Sessions\1\BaseNamedObjects\ofijweiuhuewhcsaxs.mutex

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Temp\fkdjsadasd.ico

Jump to behavior

Source: AztyGMg4jw.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\rundll32.exe

File read: C:\Program Files\Mozilla Firefox\application.ini

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\AztyGMg4jw.dll,VisibleEntry

Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: softokn3.dll.3.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %ssig_%s_%08x_%08xupd_%s_%s
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.3.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: softokn3.dll.3.dr	Binary or memory string: updateDir=libraryDescription=slotDescription=cryptoSlotDescription=dbSlotDescription=FIPSSlotDescription=tokenDescription=cryptoTokenDescription=updateTokenDescription=dbTokenDescription=FIPSTokenDescription=minPWLen=secmod=manufacturerID=updateID=DROP TABLE IF EXISTS metaData;SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;PRAGMA table_info(%s);PKCS 110000000000000000Mozilla Rules the World through NSS! AND NSS Application Token %08x NSS FIPS 140-2 Certificate DB NSS Internal Crypto Services NSS Generic Crypto Services NSS 3
Source: softokn3.dll.3.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: softokn3.dll.3.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: AztyGMg4jw.dll	ReversingLabs: Detection: 65%
Source: AztyGMg4jw.dll	Virustotal: Detection: 77%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\AztyGMg4jw.dll,VisibleEntry
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",VisibleEntry
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\AztyGMg4jw.dll,VisibleEntry	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",VisibleEntry	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File written: C:\Program Files\Mozilla Firefox\application.ini

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\7-Zip\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft Office 15\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Uninstall Information\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Mail\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Multimedia Platform\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Photo Viewer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Portable Devices\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\7-Zip\Lang\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Services\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\images\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Internet Explorer\SIGNUP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft Office 15\ClientX64\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\fonts\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\uninstall\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\Offline\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender\Platform\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\Classification\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Media Renderer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Network Sharing\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Skins\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Media Player\Visualizations\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\TableTextService\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Esl\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\HelpCfg\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Stationery\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\TextConv\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Triedit\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\VGX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\ado\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\msadc\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\features\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\browser\VisualElements\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\defaults\pref\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\Accessories\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows NT\TableTextService\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Windows Security\BrowserCore\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\DC\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup Files\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\HelpCfg\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ClickToRun\OnlineInteraction\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ar-SA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\bg-BG\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\da-DK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\de-DE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\el-GR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\es-ES\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\es-MX\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\et-EE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fi-FI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fr-CA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fr-FR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\he-IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\hr-HR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\hu-HU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\it-IT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ja-JP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ko-KR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\LanguageModel\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\lt-LT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\lv-LV\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\nb-NO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\nl-NL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pl-PL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pt-BR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\pt-PT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ro-RO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\ru-RU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sk-SK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sl-SI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\sv-SE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\th-TH\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\tr-TR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\uk-UA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\zh-CN\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\zh-TW\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\TextConv\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\Triedit\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\ado\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\msadc\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\System\Ole DB\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\SetupMetrics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Microsoft\OneDrive\ListSync\settings\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\DC\Linguistics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\Adobe\Acrobat\Setup Files\{AC76BA86-1033-1033-7760-BC15014EA700}\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\default_apps\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Extensions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Installer\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\Locales\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\MEIPreload\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\VisualElements\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Google\Chrome\Application\117.0.5938.134\WidevineCdm\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\instructions_read_me.txt	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Directory created: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\en\instructions_read_me.txt	Jump to behavior

Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: AztyGMg4jw.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: AztyGMg4jw.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: AztyGMg4jw.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OSPPREARM.EXE.3.dr
Source:	Binary string: pingsender.pdb source: pingsender.exe.3.dr
Source:	Binary string: mavinject32.pdbGCTL source: MavInject32.exe.3.dr
Source:	Binary string: AppVISVSubsystems32.pdb source: AppvIsvSubsystems32.dll.3.dr
Source:	Binary string: d:\dbs\el\omr\target\x86\ship\licensing\x-none\ospprearm.pdb source: OSPPREARM.EXE.3.dr
Source:	Binary string: msvcr120.amd64.pdb source: msvcr120.dll.3.dr
Source:	Binary string: AppVISVSubsystems32.pdbGCTL source: AppvIsvSubsystems32.dll.3.dr
Source:	Binary string: mavinject32.pdb source: MavInject32.exe.3.dr
Source:	Binary string: softokn3.pdb source: softokn3.dll.3.dr

Source: AztyGMg4jw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: AztyGMg4jw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: AztyGMg4jw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: AztyGMg4jw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: AztyGMg4jw.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1C389F push ecx; ret

4_2_6D1C38B2

Persistence and Installation Behavior

Drops executable to a common third party application directory

Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7-zip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozglue.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7z.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7-zip32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\notificationserver.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\private_browsing.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\firefox.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\freebl3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\libEGL.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozwer.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7zFM.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\updater.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\nssckbi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7z.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\lgpllibs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\osclientcerts.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\gkcodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\nss3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\libGLESv2.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\msvcp140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\qipcap64.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\crashreporter.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\7-Zip\7zG.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozavutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\plugin-container.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\softokn3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\vcruntime140.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	System file written: C:\Program Files\Mozilla Firefox\mozavcodec.dll	Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Potential evasive VBS script found (sleep loop)

Source: C:\Windows\SysWOW64\rundll32.exe	Dropped file: Do While objScriptExec.Status = 0 WScript.Sleep 100	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped file: Do While objScriptExec.Status = 0 WScript.Sleep 100	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped file: Do While objScriptExec.Status = 0 WScript.Sleep 100	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped file: Do While objScriptExec.Status = 0 WScript.Sleep 100	Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped file: Do While objScriptExec.Status = 0 WScript.Sleep 100	Jump to dropped file

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\SysWOW64\rundll32.exe

Window / User API: threadDelayed 2159

Jump to behavior

Found large amount of non-executed APIs

Source: C:\Windows\SysWOW64\rundll32.exe

API coverage: 5.7 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Windows\SysWOW64\rundll32.exe TID: 6208	Thread sleep count: 256 > 30			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe TID: 3532	Thread sleep count: 2159 > 30			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1E571F FindFirstFileExW,		4_2_6D1E571F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D165790 FindFirstFileW,lstrcmpW,FindNextFileW,GetLastError,FindClose,__alldvrm,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,__Mtx_unlock,std::_Throw_Cpp_error,std::_Throw_Cpp_error,		4_2_6D165790

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1CE243 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_6D1CE243

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1E6985 GetProcessHeap,

4_2_6D1E6985

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1CE243 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6D1CE243
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1C39F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6D1C39F5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6D1C3B18 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_6D1C3B18

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\AztyGMg4jw.dll",#1

Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1C34F1 cpuid

4_2_6D1C34F1

Contains functionality to query locales information (e.g. system language)

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	4_2_6D1E8C68
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D1DEFA2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D1E8963
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D1E8B92
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D1DEA1F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	4_2_6D1E8A8C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D1E859F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D1E85EA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	4_2_6D1E84F8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	4_2_6D1E8710
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	4_2_6D1E8685
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoEx,	4_2_6D1C2229
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	4_2_6D1E82F3

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1C3D15 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_6D1C3D15

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_6D1E4FC3 GetTimeZoneInformation,

4_2_6D1E4FC3

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\$WinREAgent\Scratch\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\$WinREAgent\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\PerfLogs\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Au3Check.dat	data	9C5316882F762C17E5B29039D2668D87	50E5DC7BBB78A231FF3219F9EF03DB9116C5D1FF	C201D9C7F3621B12CA229A108D6ADAA12C207BC0772DA2CC1CEA31C1DD9FD50F
C:\Program Files (x86)\AutoIt3\Au3Check.exe	data	84F1A5F292D4AF0B264341B9F7EA7FDF	7BFA6C746A5CAFC6FD134DA23CB8D7DD071AE80C	5E1DC8BB94321776CC689803C55123553235ADF2F01F82155A0DE8AAEC22A1AB
C:\Program Files (x86)\AutoIt3\Au3Info.exe	data	626738C651EA6C9312DF08BB228F8867	20D2E8762961CB1CC3BCEE6282EB9D9127B855C1	3515CFDEA83B8B2E5FDDD200589E0E1209BD2EE83D8F4D29A5DD2C54EC153BDE
C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe	data	0ABD4AC5C4DC38EE15755D87E2A0995F	CE059A80FD314356E8EF67AEA2F86BB987D74131	3ABC23F38ABAB66F728C02194E8486CA6FCCE039A9E7C28EDB1D90345F0803BF
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe	data	C0D3EF52C4E43B21A8A95EB4660BBEB8	91E26959ABEB89A6A6547A0EE5F5F0E316D5A5C5	09D220111C9C538B9DA49EF7C265A69B29D1C11A24A7951B2296D01EB9CE1231
C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe	data	AE48622C61DB57377CB5607AD9EF36C5	37900DE9B433ADF11D11DF94A3B05CDF73D0D4C6	3D2CBD43A8EF9E2CBA910963C2928A023DC6B1646609EED4A1D66C4D6C21C8CA
C:\Program Files (x86)\AutoIt3\Aut2Exe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe	data	6EB0A7C26C38C212535C1864F821A8E0	24E4D759F272259EBF060E5FE8D29D82599C66C6	4B2740F89AD4D297A6B728B75B21114758C5378262C11C7382FB253CF0CFE753
C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url	data	6DAEF091A86F93CE99492D4CBC48CD62	37C801B7E3BE46064D80881DD03F9A2955A1499E	CC9AF9CFA611EE262971C497C08037A553542053DC6060F460EDD46EFDBC8E25
C:\Program Files (x86)\AutoIt3\AutoIt.chm	DOS executable (COM, 0x8C-variant)	C30D39C8B758390DCEA2AE241A4CBE98	20125A9BA3CEA38460D326F23E9BDE88B715568E	8B1F0E28DCF20FA70E9BFEE771999644C10A6B31F897C1811FFF2FEB0901B8AA
C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe	data	4865F55C4AE290B7523CD4A232EE65A8	53B4326C3DE119F7906D27A38BBA13B7F17B1B0E	F46C73883819DBD098BA5FEE9DFEEB47B62D2F6A939CFC6957E4C64B0FA5134E
C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe	data	4B6B046E114C760E6F4685150772B58E	B908B0F6E7B5D9A0533C59CCD7A278B057113CC3	519551AA90F399E2B96900E689D20EEBD154427396C3BE8A12F4EA7F946F4D1C
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm	data	9D218F9AFBB8B97196A198FB8E1460D4	1D610E9116FB0DDC89313C3F7AA4F34DDD2E824F	537C08EBD959F20D9162A8F5D1E911610BB730E23F611F69A775D03002B49E65
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1	data	B29F63C2979749F35010E0AA56715AD1	7E21AF3F58BF1B20AC09B8483C1CE2945A355668	3052CED600181A4ADF6E81903D913529E6FFD667984CB13BEA4F198299E0A534
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll	data	EC465AA7B719A6D1E0504AEA77535C93	E4B25E23D36E584E672F7C07339DD6BFD2352790	2BF3628D73BCFAE4A65F905CF63B84386673E4A600E7D491567C28EED85129AC
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml	data	C5FA632ADBF587B442156744F8510A48	CE296B111411F235E7DAD6667E920FB6A643FAAF	2AA115CDD7AB1C209CB5E23F71E0C10B75ADF7A0E090162F0372BB98803FB6C2
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll	data	793C5271F60E8997281069D7BECDD6D5	A436097C969322CEF48AA361DF7BAEE6FAD39946	5A849B7EBD92C5FA0C886041869ED4DFDC072877EF3A86616EA2522DAEA450AC
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll	OpenPGP Public Key	DA26248D508ADAF3F88C7C9A7A901480	49645200C7F822A6CE21F9192F9AE5D871D534CA	2A823EFB1F53ADEB56604F8C3F95F52D8A9135A24A70C67A0009D9257C6C2713
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.h	data	105DFCA47B386BC5D5D7808B2AFE4233	3C218DC623F7E09A5758E180F6047C6998A5BC7A	2ADFA0A3FA475D89B2DCD6411F2E52B61F68CDD6F22E2E97246B2E8F49523C68
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib	data	CF6D546546E7FC0705CC5F3056D28AC3	437E7D7625E1F57BC7BA4369705CD249CF99E830	44F765CBA7D50B3D8D3CFFAE0D3CE37736093A312ED150C83D9546665AA90722
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dll	data	7E8B95567938DFC180F2D315D618576C	EB4304D52667DAB07388AD2812897319C7A0D3D8	33936C69F3D180B9D8391A0DB700EEEA350C91AA2D69C91590F37182CA693265
C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib	data	204B1F3D2FC65B362ACDF08328D67860	93FA6A15A457AEC09E97EF34E790B7C692E04F97	00CB25219B40C46CE272B16882C3FC33139F7BBB64649A5BA41FC38AC1693602
C:\Program Files (x86)\AutoIt3\AutoItX\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Examples\_ReadMe_.txt	data	313BBACE4CC70A60F186E96F67EA01DD	B621B2C88A194E7B1B02D5993D8D9C306E9F834C	0621852CA9975DA5E7D5E089031B8B82E494AA0E9A94F6CC68EA4DCB2ABAC9F2
C:\Program Files (x86)\AutoIt3\Examples\calculator.au3	data	10EE8C60341F23B25BC7F1F6B71B00DE	AD9E5DBA60140A076875898EC2E10B66EC329079	08BAD368913817E3D2E2A85D4149B189EA6E30745FC18D4BCFC7C2910CEE077E
C:\Program Files (x86)\AutoIt3\Examples\count-do.au3	Amiga Workbench	028BB014DCF6EEFA55FF03979B8B60C4	CA2D3A649347D01CC35FD07178ACA9DB9AAF53B1	F9BB3B5AE60842B17E45F342487596E9B3E261746AF7F69D0B0B014C2A8A1584
C:\Program Files (x86)\AutoIt3\Examples\count-for.au3	data	FFA1502DEFD225B06B78AB84031B5022	E8799B4997F14E6DF224DBD6CF1DB908D3CCB8A3	89D53F263D1DEDE1784FE5F17F36835349FA036B5C9498116EEF3B074E944788
C:\Program Files (x86)\AutoIt3\Examples\count-while.au3	data	659D6A8A84D4ADAACA0C8D616A7AA663	79BD838B0F8283D7525AEC66306E38FE1901789D	B8F5F5094043F9D3ADF1FA782D2A163FF02993B2C497DA2886B04D1313280ED4
C:\Program Files (x86)\AutoIt3\Examples\functions.au3	data	E43A1CDEA521AA33B37147FB4141D485	C2C1F04D9B2C3F8691A60979DB76F72C92408207	760BBA8D7FBF1828E3781906D5A380F29452F24E7E894C9E42918291C3C22FEA
C:\Program Files (x86)\AutoIt3\Examples\inputbox.au3	data	817448719159E86DA3C39446CB262DC8	8025397E4FDBA41E2B278A15247E236FEC35B44D	CE0AB7A6CD7248900C449F2CDEC130B591EB8B966AA195434DD4A3F3E49D46AA
C:\Program Files (x86)\AutoIt3\Examples\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Examples\msgbox.au3	data	79B74AF121CB150701A129309C4FACD5	9629A7B0CD3D64F6FC9EE001C26D7B99A1FB2F99	2E14F6CD80FAA9B190C329759A2A480CD9C63EAA31DDFABF403CE0C95EC05138
C:\Program Files (x86)\AutoIt3\Examples\notepad1.au3	data	484AD985A18F31AAF99457F785C479C9	851FBD446F56807A4ADC63B56CA6D63F5320F9FF	8FE6CB96E6D08D56D8D4743F74A19C4E5968E2D6BFC5A5069FBA86E43746C0A4
C:\Program Files (x86)\AutoIt3\Examples\notepad2.au3	data	9E426B3501623037A67D81002DD5325C	BBADDB6AF0874C197A438BB13DB4BAA938FD81AC	D917E670CC2750FB52112061EEEF082B37209E11DD8CD9130307F6E96EA6A218
C:\Program Files (x86)\AutoIt3\Extras\_ReadMe_.txt	data	BB45F75E52E0317F69F06384C41D40C0	60DA1DF85F6A52427A902F150E7708ED921B3686	8B8C0C1345142F1E3D89CEFB0EE2DEE4710809F081C8E9B52FC477B41AC14583
C:\Program Files (x86)\AutoIt3\Extras\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Blue.ico	data	AF7A66F9F248282FA0ECC3B37A728168	D4F024C0663A81453C2D184A9223E446A2E94C06	37B1D8425B41CF1DDEBCDC3218A268427A4D1AD8FD3616705B7F07659D07E8BA
C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Green.ico	data	2612E8CC80A59E8D4ACEF39ED4DCC11F	EA7054B37B4549978254B8A8F2426438726B5066	4287BF62F975A52CA1DB9DC188242879F1C5D9962F8721C99D4749A53F94718D
C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Red.ico	data	05E8422A4E99DA8B41AA4C9BD753188C	137242D3571A7C493A18150D75FD23B0E0429DF3	4A5A8B3C6A7F042986BFA6D7C4DE6B98A5EA5827416268D623023DE2F96C35BE
C:\Program Files (x86)\AutoIt3\Icons\MyAutoIt3_Yellow.ico	data	9F1983F459EE080E1E5FE6ED9554394B	B8E3D952D740B2946C250DAD73594C5EE9DC8A53	0A3E4858141C8FF80E2E753EBD3D3C8851ECE6AD6847510C6AE8DC8993231962
C:\Program Files (x86)\AutoIt3\Icons\au3.ico	data	FD15986BBD672B9EDF4518950B113D1D	94C1198746A6D223DC388F04D58C8820F5C9BE39	0049345EDC21F2E52BCC46C585E9A709E9E075469221E2692B4638A75EB1965F
C:\Program Files (x86)\AutoIt3\Icons\au3script_v10.ico	data	86B6FD9103F8D5F25E8F96C3D2E86C56	B2D9F4F0FD03C071AB1B9A70164B1C81EF971F5E	B6C9E5F7A0E9C1E1F1674B5FC547D89EFE70BD1BF272382C1CD6F1A244ABD22B
C:\Program Files (x86)\AutoIt3\Icons\au3script_v11.ico	data	DA0C2EAFC8A196FC27E0D92E64F45B86	0D29BB645179D056F4981976389BB708EB64B799	97E17BA19AA769E6CC421C3F182235D8EA07AF23E8429D0F508E52378F247DA1
C:\Program Files (x86)\AutoIt3\Icons\au3script_v9.ico	data	62557795F0135F80B440954A21A2CC5D	C7CAD60FEC6E286A1D23636D0A458908846E33A4	4FA09E263CE948FDBEF80881AF5FEC5606EAB52B1A333341C377FEE85D6FE510
C:\Program Files (x86)\AutoIt3\Icons\filetype-blank.ico	data	153C442012FF1C36E8E1EF74D75C597C	CD87DFCB4DC3157915D7B8D4A2B2FDBA2262985E	50BA382D1CB620B478BA254C22096AAC9D9D21B0091C771F85D962CF286C94D0
C:\Program Files (x86)\AutoIt3\Icons\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Include\APIComConstants.au3	data	E054DC5B1927F03C0A93DE5C0C9A4534	5546074B9B634671FDA5AB9CE0678E664B068670	34E88BC509C2083E695A3903AACC473AC9C4D6032E1DEDA42857A592792E0D23
C:\Program Files (x86)\AutoIt3\Include\APIConstants.au3	data	8A91BEFAC4DA12B9769A1163CA912522	DB0A610F2D0057723BD88C783170F8825004BB70	67E879F57DDB876C20B89C9ACDBCD36B5FD0AFFEC0AEE4A23D08CD6EF5194896
C:\Program Files (x86)\AutoIt3\Include\APIDiagConstants.au3	data	3B5179407720F0C3FA1CD3D6BC175F49	B347704DA634D39FB6FDCD82F5EF85EDB33677B7	D6E6BA95ACFBB4EE0DFE7F1ABD2B2C383AEAF9D6AFDDA0C8E574C5EB66A6EF32
C:\Program Files (x86)\AutoIt3\Include\APIDlgConstants.au3	data	56A00E25B2A1EEA7E18573E118BD27F6	E5A05573DC0B1BEE474DB0A6FB82A2DA2D966723	8F8FB71C81F6F1D43223A4C6D9222BEC6327B4C673862C534CD484F196EAF405
C:\Program Files (x86)\AutoIt3\Include\APIErrorsConstants.au3	data	6EB93514E168F2405E297C981920FA2C	36E4C95A26EDC81173C298B9F557695192B5D0FC	88EE481899F0301A2BD8C4C5F1B8D90EEE075288CB61D2ED0A02B2561B064399
C:\Program Files (x86)\AutoIt3\Include\APIFilesConstants.au3	data	A1398E79E92A17696FB25A8CCD9636D6	1D55F87EFB69CA7979D9F0DC2905CFC0FFCC5FFB	23718A3DDE649E1BD611631366A685C312FFFDAF7F282E72A29FDD96E34F764A
C:\Program Files (x86)\AutoIt3\Include\APIGdiConstants.au3	data	2F322D49777C3F7AF1C31C15A1D45A98	DFC241F7DB7C6F6B2E3261096DB5AE4217679EC0	699F76B2128B66E8072321C314FD4FC7102CFCFB96A560ED7FCC078C625CC983
C:\Program Files (x86)\AutoIt3\Include\APILocaleConstants.au3	data	E1DE9E33A125AA3AEA7B57F122FF5D31	309CD3B21A5863ABF58114361D7DA724FC54560B	68B2B46B4C302E17EAC7E20A9004DC7DBFEFE255E46D67983B1EC8B58A9FA268
C:\Program Files (x86)\AutoIt3\Include\APIMiscConstants.au3	data	4D99AF3273E534595353C46C3B95090B	F1A89A4A6EDBF6869B3A2967173A27F5962EBD8A	28BB9F32231203C486864A787EA6BB468A0BBAAC879720D1446D2E3981670858
C:\Program Files (x86)\AutoIt3\Include\APIProcConstants.au3	data	B4F4F905069B035EEDC838ED8EAA8752	C7C50BB02158365ECB3531B9A92DB883CFFBC3FF	8853686E754165DC1EE4560A96FD48617342C91CF041A33742F6CA1DB3C9716E
C:\Program Files (x86)\AutoIt3\Include\APIRegConstants.au3	data	C05B0B50502124CBB667B49D3DAF2D17	AE5E85DF79B3AD1C9BACC1A22847A176F7A03DB4	1C3BAD9877C7A953FD03438D097F8F9CEC787EEFCCF74CC52A73E768F8EC68ED
C:\Program Files (x86)\AutoIt3\Include\APIResConstants.au3	data	28B85F0E9A005D27003D4D96DE384BB5	EE305D1EA393B1B8E2E782E8821A8E56CA1D8400	EA5EC41DED82C5415DDF0130C5F7D30BB628429BB14862DF0CFA6C5FAF7805A4
C:\Program Files (x86)\AutoIt3\Include\APIShPathConstants.au3	data	F531DB1451E5C21EBA258FA400166712	5D66D185A16422C0B9245065726CDC7CC98EF972	B0FDCBE56156101E7B79578D89AA10605EA643040652CB05463FE7A669C4338F
C:\Program Files (x86)\AutoIt3\Include\APIShellExConstants.au3	data	24AB0A4D78E9ADF021BB273420F4ADCA	AE07E52FED176C5631D9F78E0541130A29E630C3	BD555CCE31F9EE4265DBB71DF76EC51F96DB34E31FB8E814ADE05DDB986A912A
C:\Program Files (x86)\AutoIt3\Include\APISysConstants.au3	data	9C78A0F21AAA0D200040BBAB39E16647	F41914AFF84E728F214467A22B1B625127D638C4	3695E8F02D940FD06015C36294F8BF4BB14CFBE18F28113F5CAD3FB931640F33
C:\Program Files (x86)\AutoIt3\Include\APIThemeConstants.au3	data	8EA3BB2C371BA76956672742C089CDC3	8A1161C0FC5DB24159358E725385229C96CA28A4	446F1FB2FC6C1011BBCDD4B1B9C8ECD03F47F7B7219CABEAA2D0BA7767673A07
C:\Program Files (x86)\AutoIt3\Include\AVIConstants.au3	data	4DE6F8C077E713B89519097DE53617DC	7934ACFD579A804042E46D061FB2432536C73EA1	68EA10D80D9554F0E1F84AB1C9FF4743B702527C812146F399964A9B90984A18
C:\Program Files (x86)\AutoIt3\Include\Array.au3	data	89C533E26811565786B4A342E35772FC	2D970D95850178F2F8F1587F0942345304979DA4	69E5A3D6068E27A201A64B49F627D1C545BAADA973129894D9F19A8BF56B3D32
C:\Program Files (x86)\AutoIt3\Include\ArrayDisplayInternals.au3	data	2021DF59BC8804129C8AA6ADC4E9B048	01590101B74E12CB606F734579DFE3A9CF34E167	05B9B37AA10E02B04A2B2836FC7F66438E884E18599191C58424CAF9DF496D12
C:\Program Files (x86)\AutoIt3\Include\AutoItConstants.au3	data	CCEE035E522C8EFF92A7CFD2323AAD04	04DB4ECD120424A7B29FA26C726FF02042FFC31C	EE7B7DB196EA55603F5E5A7F87887B20C51930DCC7BBC075D1B3A7B513631A9E
C:\Program Files (x86)\AutoIt3\Include\AutoItExitCodes.au3	data	A3DB83DC9C9705868201FFCBBF246D8F	1A4B4A4EE513476FEBFBFFCA4CC35ACA334F391B	EEC83421068C982C3E55C731560F593E284A6FF9C647A3A91C450159ADE251CC
C:\Program Files (x86)\AutoIt3\Include\AutoItFatalExitConstants.au3	data	7609FF903A2F216577E3B805A8D7C53B	3DEA6C9F1631709507348326ACE642B0ABE2F12A	DBC11C99ABE25B69C88589313CAC5A8D83F8E53BDE33B2F619079C849853B85C
C:\Program Files (x86)\AutoIt3\Include\BorderConstants.au3	data	0EACED7EB608C911B3AC196BC837CDFF	DB8E414C8F64D669DD54134A68DCD75A8124AB5E	BFAB6867DA8C5E800B6A07615187BAC90EDBDE33A66666476B98683C1F23A29E
C:\Program Files (x86)\AutoIt3\Include\ButtonConstants.au3	OpenPGP Public Key	8444E24E1CE90EED9C105C5E6E43E449	20EBC71F1EED8AEAFE7740DC9B7CE77502726398	064E37C87CDB749920E9218BB04CB233E457F7394051AA090AAF6AC5F7A2C8AA
C:\Program Files (x86)\AutoIt3\Include\CUIAutomation2.au3	data	89BBD3C583D9A78D65771E7F62D2894C	056AF7961CA72CF5C2127E27911A496283DB726E	389C8EB2E917E8D9E9FCD97B418598F8BEDD46F052B16CC55C79EC14A73CAE59
C:\Program Files (x86)\AutoIt3\Include\Clipboard.au3	data	27F4B6DF4500504B5DA115DD6230C628	6BE04B61D35A36DEA87C77CBE3E5B61C00FE54E2	18C9366EA62A3AC60FC61141A32FEED31E917EC6D3A30CB3E63C7E56CC0CC0A7
C:\Program Files (x86)\AutoIt3\Include\Color.au3	data	B9333F63B79D118F328279991B4D8D71	7A21D96D4254DACCFAB8D510298DEA51E830418F	C0610CF3C6C61BD438DFA647888C2D4C00B3395DE9C4FB2EEEE833A3397C578F
C:\Program Files (x86)\AutoIt3\Include\ColorConstants.au3	data	1E186A6C3A32A415755265BA059CB4B5	1B4A160408174D9C6C91075F31DB6C7B6B38950D	5539E3B8A35A427EB6C3E41927B91E364C0D6B64B816F4A6CDB5EAA2B3459485
C:\Program Files (x86)\AutoIt3\Include\ComboConstants.au3	data	A0E8A8EFDA743DE84E8C83FA169AB23D	82DB9074445AFAA613DC2F933808BE3DC4B9F80E	226C162B62BAA92428ECE645A8148EF62146034B932C18EE28CD9090D6A96F24
C:\Program Files (x86)\AutoIt3\Include\Constants.au3	data	46F741F58BEFA2947D03E8F2F59E57C9	D68894898C906D924A303A698FE0D86CEC9E8AB8	EE65822D886946B8362224D158BFDD5D577A4E75779E5C932629734B152F584F
C:\Program Files (x86)\AutoIt3\Include\Crypt.au3	data	17554A26D63CFCDCE224603C9865F592	EEE69AC266B0E1ADEC2B71CEAFAB7C6B29DBED09	5469D222A994831FCB2B7590E2A77CF4151BB0C8C4624DC1F7D2BD814F1E562B
C:\Program Files (x86)\AutoIt3\Include\Date.au3	data	F82BF888669FDA87E2FDC844913C59A4	58CC4DB206E26C1D8CAD53AF2A27ABE5AF24E888	AC304852026F12C2B4268B49045240161977D15F9159FA067DAEA2105593A702
C:\Program Files (x86)\AutoIt3\Include\DateTimeConstants.au3	data	7E909085E6898E3792875BF0897FFA00	B3D7C639F9278F20E673BAAB93E4B57C4547D7F2	9E5FF99D4E5B9512CC1194E72BC41D807DDAB318CD1AAA419402DC4AFC09E668
C:\Program Files (x86)\AutoIt3\Include\Debug.au3	data	C030F2FC171E6A8896D418547015C5FE	1C8F6409B8E079B3E31B03C4ED7D26611BC2CFC4	B1F8727492511B2A3A5E0FB9CF9BD056AC093BEE2C1B4F60E64F7C7B854F3E53
C:\Program Files (x86)\AutoIt3\Include\DirConstants.au3	data	053CD5FFCFA128F5F94F0BCD092A5114	5515571A88962EADA2A2889A74D0F7B69220B47A	DCB149E47C96CA7823DCCBC0F4691B82F2A4F389AB71041617A7FC6922DA4671
C:\Program Files (x86)\AutoIt3\Include\EditConstants.au3	data	4CDE2AC63D855D5CD9A41FB9289AD2C0	04786A09E87464291D949B04399778EEC169C416	E68D2C39371689522154696F591A8BFA313188341AF300DE846DBB4E6F5B521B
C:\Program Files (x86)\AutoIt3\Include\EventLog.au3	data	50C35419FA7F0C4EA725191E033B8FD4	02164285961770C98D5AFDB96FA67C55C1A78954	9D9017585230390D65EA1699AFD875B6750351A1E65094A94BB84437562B1B50
C:\Program Files (x86)\AutoIt3\Include\Excel.au3	data	30665D62DD5173117746870D1AC42E82	5717CA353CFB272DCE8548381CC74BAF67807575	5C5F57AA9C4AD23AA013F22C0B30FBA664D3B130E6560F0704542140DC86E518
C:\Program Files (x86)\AutoIt3\Include\ExcelConstants.au3	data	2C5AD391912DA55499F9972F49C992D9	BC073CA8E1FB48915EA1ED401F4F9A64A82AFC95	386C063443FE1751E8425C7C6739FF37F45989ECB6E3E1A0BA0D74800AA832BD
C:\Program Files (x86)\AutoIt3\Include\FTPEx.au3	OpenPGP Secret Key	C35155AA09AFB18AD97CE3FC27551E98	D38BBEEC5FE056E5DEB6D3ADDE4735A471A7ED18	D1BCA3892DCF5B45A8A72E6EAA8F24C1E038918DBB3EF326D4BAEE9657156E99
C:\Program Files (x86)\AutoIt3\Include\File.au3	data	D5FD04C842374B23A3E11FBA0A5AB1F6	FBEB830D4D350AA0637C9997F135772460FE7518	06FEF81866E02C7ED05960D92BAA1E3F17B2917803CBABD0907A9A3FDCEBCE26
C:\Program Files (x86)\AutoIt3\Include\FileConstants.au3	data	329FAA5526A621A8457AA356F4AABA63	FB3D0B51FAD6231991CA3987C32C41947B596123	8513FCCCBCCA1D52E17933953ED979A6373F937F9BCD36375F02E9B975A6DF15
C:\Program Files (x86)\AutoIt3\Include\FontConstants.au3	OpenPGP Secret Key	688B455A6FF842EBD689960B6A7F4A8F	88D9982B28F90F9F7C610D7871362D0B2EE0CBDB	A70F34C0E9212D0B3920ECCC4A63B85017F3B9BAAA9AC21EB7D0050725740BCA
C:\Program Files (x86)\AutoIt3\Include\FrameConstants.au3	data	ECF0795D4F6D515940E3511B8C8C5E72	6E4B872770AB2E26514C0E7F253C8D544E9A9A37	B21DD070D757196EAD2515703CAF372AC8B86734F2CDF792F36617B3503E6D06
C:\Program Files (x86)\AutoIt3\Include\GDIPlus.au3	data	5C0304C7D0EEB2FCA7D27A86AC85DAC4	BFD20EEA2D43B1D55015FECF65F1F3088219A0B3	0AED049463B5B339C79325FAEF122B2FD16B747AE1F8C35BEF294A523819D125
C:\Program Files (x86)\AutoIt3\Include\GDIPlusConstants.au3	data	AADC1859D734F2FB6C7727B078B20055	7D257BDDDC6771FF6EBC1BDCEBEEC9B9D8FBE00D	FA2C6EB8AD9A54D23726F1E4B8D68BBA3646F273DDC242DC82D7B6131C8E5CD2
C:\Program Files (x86)\AutoIt3\Include\GUIConstants.au3	data	CFB77F143BCED21E415809F0F7593EC7	44F86BFB25FCBA9E37C2CFD010FD11280F962861	BC6FFFC8AADAC12140EF1CC5F1FF3306669E4E3BD279249B5EB8540C4902EDF5
C:\Program Files (x86)\AutoIt3\Include\GUIConstantsEx.au3	data	5F488C92D4FBDF7A185B39FD36478199	3335C5781344B16BB9333A661B2B5A2C0D8E0483	231528F40ED09A4597741999713E77C09C88FD5E283098AA6A842269D6D2F025
C:\Program Files (x86)\AutoIt3\Include\GuiAVI.au3	data	E4FB6C2D90BFBDB871F5913796FE9983	B6B906DC93B410767DC7726C2B3DD6F97DE32A34	C74AEEEF2C2BFBB279BB6EEBBEFFE4286A120A800AE1C5CE41E8C54164EFC39C
C:\Program Files (x86)\AutoIt3\Include\GuiButton.au3	data	7F3A87094B3B681E1240D963D4D7A176	192AB600471A9484AD1C1A2A3AFFF56E1F032DE6	10C91AC4811579E9E32BAF2DEF0D8AF86A7B4ED602E2EF6DBF8DC8C8A893FB4B
C:\Program Files (x86)\AutoIt3\Include\GuiComboBox.au3	data	0EDFEDF67261A94ADF65CD6BE003430A	DAEC9B843EDFDB1AAF3CB8986FAC335EBF9BFDE0	DDB229756B6CBF01685C209E09748A0CDE7CA5D69B57F637CE14CEE75B0C8DE4
C:\Program Files (x86)\AutoIt3\Include\GuiComboBoxEx.au3	data	4C3DD377EE21906674DDE508E569A680	8EBF59DA87DE9CA3274CB0E6948BC50466645A61	056AAD9D6E2E8EE4C6548805358168DF568C493D9CDF2EA4B45F332E427B821E
C:\Program Files (x86)\AutoIt3\Include\GuiCtrlInternals.au3	OpenPGP Secret Key	E082D637901566B5D52B9810435EBA6B	C56F53B404B4B2D218C8ED5D81C4E7047A82C7D0	A98377AB4A4E808B05E11ECE3F766609BFDCEB7BEC304EAD6A003ACDBF759154
C:\Program Files (x86)\AutoIt3\Include\GuiDateTimePicker.au3	data	0782C41CECD0820755A7E1F58F97B88A	12A92D7456F8AB067E7A63BC4BD8BF001C7D9312	54B43A52D61A23AE29DF68952ACF97F10EABC90DF706A6EF60B5B4EED1826D40
C:\Program Files (x86)\AutoIt3\Include\GuiEdit.au3	data	18A523A8A30DC2DBB2575500633733D9	F9FD245EA75088D2B4E8357302FD65627741C1E4	7D9F96AD8DF4735F34EF4A2C1B8C05BF6A085BAF4DAD1FF5B5902925E0B479FB
C:\Program Files (x86)\AutoIt3\Include\GuiHeader.au3	data	3AE7CAD662874776530DD9A2ADD285B2	AD8B04F0330B282E5A3A34A3C3D8CF0FD04C7B4A	FA423501279E0DD22758BD92080167D20C3065D7D4032BCD059281E2CBC9E2C3
C:\Program Files (x86)\AutoIt3\Include\GuiIPAddress.au3	data	FB8296D15D18B26A7A4267DFE24F238A	8B712CADCDC1944D028A8B4FD6CEE5C1F1958980	1377716ABBF7A02BC7EF919B30A129921F355D79C7D2AF801A862C63C13CF628
C:\Program Files (x86)\AutoIt3\Include\GuiImageList.au3	data	0386CC3D1CE6697D2BF9D0FDD8074085	0F4F654E59A5A406BC45CB618830F7BB39800498	E72E418E3B6ABC305308FBEFBD79D78B9D3ED137177260FD263E28948712ABD6
C:\Program Files (x86)\AutoIt3\Include\GuiListBox.au3	data	B21B0B7D4754E73861789E4092C115FE	3AB0789150D3A90CE41DAED0D1308403A463D369	CB1766DCB5FB5F04ED2D02C8F46BE60B17A076121F58007935F163DBD50AB606
C:\Program Files (x86)\AutoIt3\Include\GuiListView.au3	data	172D2593F02124B3E8F1071FF14EDD8F	B92CA9CFFC2517C0FEA8112276D7ACDF35C44AC8	391EF03025DF472D4A58CD22035222BB4A0A7924EE4D103A5E96949FB268BFAE
C:\Program Files (x86)\AutoIt3\Include\GuiMenu.au3	data	195875D48AC34885B5704B614F15870F	5E9D4D0527F6DAA8D14259DE45DE69739089349A	1BE70E7528D3FD04E55E2DC9F4DC608891FD51B4DB299F837744C5325684DC2D
C:\Program Files (x86)\AutoIt3\Include\GuiMonthCal.au3	data	75C0CDF196B3C0F63CCFF2C3F1E7CD85	4B73E15137CF7DBD2F762679A0971F7D6893150E	9BF77644FFC9DB21D78966D1F2330B85E16D1DDED7FCDD9EFAAAF228354435EC
C:\Program Files (x86)\AutoIt3\Include\GuiReBar.au3	data	9CD98B9363421D751B139196420D4544	DD2FA31C325E91E4AA1A99F92EEE12226E671242	47449740DD18A9BC845143532F5DF2E613346DB65F6B93F60B9546D271BBFA9B
C:\Program Files (x86)\AutoIt3\Include\GuiRichEdit.au3	data	8401C61EE5C624171D934695C1102B6B	ECA344C9C9C1D0F456F503CCA139ADCD9C381092	4F0E4B58F23CA2A5F2216BF94603240DDBE680D9A1F8BF9CCD21B0CEA878D98E
C:\Program Files (x86)\AutoIt3\Include\GuiScrollBars.au3	data	0F3C57A2B418AE50CC0E8E5FB9F04AAE	394771B8E2061919682295DAF5C8BF62C9F86BC9	C36D5B4F13811D40A8E5CF03F910AB7640471E35C97565BEA32408D4CA07B910
C:\Program Files (x86)\AutoIt3\Include\GuiSlider.au3	data	A7DC6AFA36DDE70CA53FCD46328E64CF	53F30560867CEE06678D11E0B420B9052DD0C56F	6450703DDBACBE3807D69501A120CE9405BEB146C998BBE05A2C71C9AD78302F
C:\Program Files (x86)\AutoIt3\Include\GuiStatusBar.au3	data	C5B4A32FD22970C3275FEBB4BEA12DBA	43E47727A32E57AA6E8629673E8D3EA25E4B1650	3BCEC8B319F4EF7D06A4FDA9C58DDE1C0024880E4F7142AED1899C7737DB5550
C:\Program Files (x86)\AutoIt3\Include\GuiTab.au3	data	165C3AE38B9ECEFBBE0710BBB317CBC3	AB03DA7D394B0DAA15361924A8A25DDF5A3DB0F0	6BB485A872469A401D58313C3857F7DAA20944CAF5E84085B712811CA94E98AB
C:\Program Files (x86)\AutoIt3\Include\GuiToolTip.au3	data	4F2D6DE091C334DC02EC3BA10D9928E9	4EE0AB96DBE55BF188E80228C586D95B92BBA607	A7452C5CDC39E6DE1FCBEE7CD3189987B343772D2B1049E9B8543110CACCF48D
C:\Program Files (x86)\AutoIt3\Include\GuiToolbar.au3	data	D617B8F1A060E237B165799964CDB280	A71DB81A5D56A2420E39E9D19F06698E7456137D	B4839E63C580B19E1DEBF1102846BF84A95399DED11298FC3848D936C77E8057
C:\Program Files (x86)\AutoIt3\Include\GuiTreeView.au3	data	CEEFBBA8A8DA4919DDB14C7CD75C21A3	15CA0A4B0549291E6AAD8BCD25B436FA72A7061B	219BDDD5D8A41011E988CC9BB51DE9D0354EDC82271116BB66F1A5FC238A5BEF
C:\Program Files (x86)\AutoIt3\Include\HeaderConstants.au3	PGP Secret Sub-key -	BAEC88299DAFD21805A034C32E532B93	AACF0D06BAE45AC8117EF423F45D4BE19D70079D	4FEC2C0332D186813A3FBF346B44ED44A0BE76FEF949534AA1DD6CA7AC258447
C:\Program Files (x86)\AutoIt3\Include\IE.au3	data	0064D3C4C79D92045BDE67B22775AA6C	604AD04752D49700DF49C290B350F9EF51E0339F	51218413001ADB3A615091659EBB25701A316C2E3383FAC9ACD5EEFD83BA87D4
C:\Program Files (x86)\AutoIt3\Include\IPAddressConstants.au3	data	96996D91B07CB6E47C5576290F84AB38	4F36DA81BCFA0F556AFD5D162E046F3CBCD89A0E	ACB621F054BDB87CCD3837B1D3A2B7B85F6A5749A81106936409C07D53E6DB29
C:\Program Files (x86)\AutoIt3\Include\ImageListConstants.au3	data	027206B3375316064BE35A6B5112763B	EAEC683C2937105540B766D2793762644D20F060	F6D3F8A7726A3DCFB616EAB9B2AA69EC24136D982423EDD094454748BDC8E187
C:\Program Files (x86)\AutoIt3\Include\Inet.au3	data	7D88C2A6C37C47DB4232F40A7E2ADC01	955F0925B9B043F80E47589BF5E3C4102F0FE592	61F6C39A18F05C5DA23D1562FF1217F2CA6C421275CF3446515C6C1B20316450
C:\Program Files (x86)\AutoIt3\Include\InetConstants.au3	data	D9F8B04E072E1FD0760580EEDB77EA39	F4F8F322DB900353D3F7CAAAEE90543943FFF642	C1A5BA9904F6425D7C970F961179A90BA3F053C601574EEF576FD8508993B02E
C:\Program Files (x86)\AutoIt3\Include\ListBoxConstants.au3	data	240476B2070425CDAB6E1F8993B76E24	0FCD10B8D8C4536D341749D2360B3A3E3E904D7F	7D6985BD8FFB4DDF02191973231ADFB3304489E52C807677D20A862267D18C5F
C:\Program Files (x86)\AutoIt3\Include\ListViewConstants.au3	data	1C7150E7E195C6FA258C3A4A47C177DA	6AB9A1C65EB029212B387BF27C57EA963465123A	9DB756FF1F5B6528BBD4546A4E3F567D86E8577CE81CA9BBA879EBD3B3CF5981
C:\Program Files (x86)\AutoIt3\Include\Math.au3	data	865D214EA1F9E6D4AF8BB79D958AAF96	6633F6F7DB379860AF8F8ECAE918910B38E288FA	DC68844527EBD275BF1F99FCCAE794855E6FB3C5829AE35E40FB996D2586A200
C:\Program Files (x86)\AutoIt3\Include\MathConstants.au3	data	779DECC4745345781CD80FF92AB329DF	1C6E50C199E67D0F39F8142AAE7FE918341C7B75	449D11EA5797E22CF0E5A8BCE1EEF5382C5EFD271006598B1E8C14B446409FE4
C:\Program Files (x86)\AutoIt3\Include\Memory.au3	data	5BFF63AA63146529F39750AC95C6D469	059CBAE509B730BDC610635B14A512B3F8A79702	174873554E98BE8B175465B46CDC29D348ECCDAC0C63E00B4E50830F4CE90E0D
C:\Program Files (x86)\AutoIt3\Include\MemoryConstants.au3	data	D53D7D69A30F0F865131828AB6D04A30	8E53095FADFE5A7ADB03BDAFA42B4047FC3858A7	9A427AEB44F35D4E36D0FCF4FD0B2C9E5B4BD5509D70F3C5C82F0BCF2390F80C
C:\Program Files (x86)\AutoIt3\Include\MenuConstants.au3	data	D2EF37D9B263E56E293AE1A5E517C661	2A0759D1202326177D126F066898E62660513B5F	1234AAE79450EF17BCAA37EEC9786C76AC9D15D02FE50B3ECCCB4387850C88B6
C:\Program Files (x86)\AutoIt3\Include\Misc.au3	data	219CA3EC3081AEDC78C38C0B2CCD724F	D6E0539AE10F88093DD3D5F4C2D52936CFD0D4EF	D92B9511EC98147F6FAE2BF3B84840E3E6E7E76D63B53B3C07700507AE5A702E
C:\Program Files (x86)\AutoIt3\Include\MsgBoxConstants.au3	data	7C3CC3909B7310DCB0EDBB55D6C399D0	77B5900273815FE08CAA0620A2B5BB25F20AA9E2	7AB11D3C3471D33AEC57CEAF6F90D492DF87E60030248B2B42B2EBAB6F7012D4
C:\Program Files (x86)\AutoIt3\Include\NTSTATUSConstants.au3	data	970B26F8B27FAB9B9B909740F26AB991	BEAC4FC8FEDE75FEB0ACDC9EAB1B85719E987638	3B264C59A18D222938462E53E1D4DEB2ED0C8E452ECB2E021746FB8ADDCEE82B
C:\Program Files (x86)\AutoIt3\Include\NamedPipes.au3	data	22E1F7EEBCA126AAE9D5875E28A69816	E5A3DA6AFF316585114D942C077FE84B523A64CE	BB319D9E7179DEEAA974BEE75C984037CC082F485120EA7743F54F098C864D69
C:\Program Files (x86)\AutoIt3\Include\NetShare.au3	data	4A634BA3AB4C4C9E110643E7E5AFA12E	6B2597CDF719542A39285A7474C41E207738F763	58BDAB858C314CC29EC39538F44E4B3522FDDDB0926649E693F0F50EB5802223
C:\Program Files (x86)\AutoIt3\Include\PowerPoint.au3	data	A5BF4A27A76ED2BBFCE4A49E8C967B67	6FC7249CF272CF057C048B34573D94DC0DEBA0E0	1C081C4972699BC5288BD78C8C44B44AE91D671C2C23AE05E20CA14B03100221
C:\Program Files (x86)\AutoIt3\Include\PowerPointConstants.au3	data	BB48CE1F6964179AD98A857EACC540A2	7BEB24CEBC19D1F1E079686D368EC227EF0EF7EC	3DBA0F35A1B588D898F44FA7E44EB3521ABEA75165410F24F30C51A08287AA32
C:\Program Files (x86)\AutoIt3\Include\Process.au3	data	690B7D90B2F64D71A3EA50B608696574	231C409155BDF785913B605EDDB435602CCD1E09	09356CE05637480EE5FE1BCA87D03D8535BF24301CFF6731310283169EBD982D
C:\Program Files (x86)\AutoIt3\Include\ProcessConstants.au3	data	06C412912F467CEBFAA8D5EAC28EA93C	1D1B04449AADE95331D0916EBA4618C288AC890B	91FEE92F8B86D6689C275A24FE95ECB99AC4D9A1688A4BCE5B08FB84C31D3955
C:\Program Files (x86)\AutoIt3\Include\ProgressConstants.au3	data	44CCD630115739CAADD014065AFFC3BD	C057D0298CA5EB6B4D29F099678D90D31B2FB90F	F19D84ABF6EF6EAE2A4FACDF642EA3EBD4C6EDF07BC7B76422149DB52B503840
C:\Program Files (x86)\AutoIt3\Include\RebarConstants.au3	data	C00FA1D1D05E12F634B447165FD67EFB	65A54DD4339FA625C9A4467CEBF695BDE267EF02	F920A1E4105AC6B96DC8E5327154BB138E8EB515BFB83D473BAEF1E9BF154937
C:\Program Files (x86)\AutoIt3\Include\RichEditConstants.au3	data	A98EF4DDF960E78B0AF0BDA04A279418	C66D7B7C05D0CD822ECC4DB862269EE103C836B4	89781306BAD5ED6BF9AD5DDFFF1561E8DDE9C102D4CE02DC0D68C720A7D29106
C:\Program Files (x86)\AutoIt3\Include\SQLite.au3	data	7C7EE2FEAE306B74AB32794E19CC2AAF	CA85350BBDCF25B4BCDD9CDABA68212897F1F1AB	30CB00D354EE316ECE8E4E2895A8B8D9E77B909BF358472FCBBE23F9B60A3A79
C:\Program Files (x86)\AutoIt3\Include\SQLite.dll.au3	data	E8323AE00CBFB23AFCCDA141DF0D5D24	AE4624EC8B26CFB4F8B53875607480C2DFC74CF9	EDC22A134B35B55A8F9295DBEF0DEC8F56EADE5C98FF7D2FAF18456211690681
C:\Program Files (x86)\AutoIt3\Include\ScreenCapture.au3	data	018B8F1A4ACE86EA42F900D0600B6C3E	F085078F5A0C310A9BD5490D3F370443FD696C19	A19322C13C9620DAAE8ABCCBF4BF1179A8F92634FBB76316F00407CB7425A5C4
C:\Program Files (x86)\AutoIt3\Include\ScrollBarConstants.au3	data	2415B628BEEFC2FDDE05DB800CA08432	EEC17E9E086F3BD2E59F43E680F1F1A9887A9C14	F370E56C8699B38FF96056A6EBE00CF3CF2002AA5A69CFB14872B2C4077F27D4
C:\Program Files (x86)\AutoIt3\Include\ScrollBarsConstants.au3	data	03B3D56DD2733D8CD884D08C546558BE	4BA608DE4714CAAF860414DD480C10B6AF3E0627	FEF7993D22926F101159E02EF364DDBD413AB1FE17123729191664DFB2E4BF06
C:\Program Files (x86)\AutoIt3\Include\Security.au3	data	F3204A1CE9DA406CA701A9E41740DC81	65311D5E7C21EB04A526A55C6F863959A534CA36	88A1FA6BD275AC02EED6D827A26F8ABE522851C0CFC73EA8E8E6320E18C45E22
C:\Program Files (x86)\AutoIt3\Include\SecurityConstants.au3	data	A97984CEEC65E1A27DE9005724E9C5F6	58EBF9E0FCD7593BA3063A97F1F3ADD9DE5943DD	040472BCBE85AB2C5133743FC5ED0D95A48B6C068EBE26EC555F7BF09833E41E
C:\Program Files (x86)\AutoIt3\Include\SendMessage.au3	data	A8850D4AA2E8F27AB488FFA2E4597C65	A8DC659B17B0A6C86C8D3E77FB45181D189E5F7F	7A9D8DEB02754DE9B42FF94423E19959B285816B315AFDD9CD8E7890FFADC148
C:\Program Files (x86)\AutoIt3\Include\SliderConstants.au3	data	A306EDFF020CE71EC72B0E0FBD5A667E	A9DEA48CA630354AA37323FDB2577645E48C2FDA	22FD6F440327186137E3FF2D8A7C067C98B4C17DC5FDCC0104BA849AAFEBD4E1
C:\Program Files (x86)\AutoIt3\Include\Sound.au3	data	F1A10BDA2A9A2E4AC3957BB974F793F0	1BFB7FBB3748B6627E27C1C8342D29CE4F3B6411	F9F4688C6B0930F7A5B5B196255717B548C411D1DED81126CFC94607EB2070F3
C:\Program Files (x86)\AutoIt3\Include\StaticConstants.au3	data	CDA410CF9733E45E6CD01CDA64EE97BC	96DBE517082BD4D599250D130C6568CCFA21D13E	A33132A0633BB78D9AF75D6FB26A1399F9E0A827F7F1162A8AC7764E11848819
C:\Program Files (x86)\AutoIt3\Include\StatusBarConstants.au3	data	818620088DD316D78430BF241E15201F	0C19263D4C62DE2658C9113587FA624E500F83A4	39A55D385E00FE65BA134B2D57360C6D205A7B7F3432643CDE83661C58326B20
C:\Program Files (x86)\AutoIt3\Include\String.au3	data	081AC853FF074216B70B7369FDF8609A	117E8522700C54E2EE9E85AEBD2756E4ACC21579	76FDBE4E01CEE61492B82EDD8403C7A4959A4DFA67BEDC8AA1E85BB80099C154
C:\Program Files (x86)\AutoIt3\Include\StringConstants.au3	data	9323099B901B818D69E5F6ECCACD1211	FFA58344BDD516FB73CD292366D62AE638D020B0	A98E74CF9155EF01D167656513EC7EFD70B2A55060049A2C4A05402FEFE6C773
C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3	data	E348B653D36E05002A9B1DF7657C5C1C	39A828BB2EEE3E886DE68573B6A72434F4B75DA8	0147B72EA27B2225D7EE87737FE4E5BE7EF19C8EC628C966304C0A2782B33702
C:\Program Files (x86)\AutoIt3\Include\TabConstants.au3	data	76B187248FF0F322A65A4E31A21715B8	E7F48F82594A1018F2B4B8A82703FAA8723ADB8B	00F84BA81102E89909F097B9C091E8736B779BDFEFEB87E55D253966EAFFFADA
C:\Program Files (x86)\AutoIt3\Include\Timers.au3	data	09375CF959F5452289C8D214B5D81EDB	4E396886296C0F098CAB5E115A57B7FC49C0AAC6	E76C239588379165E5C0A8F924198529F9E82E0AC3C67EBF9C45331377DAA872
C:\Program Files (x86)\AutoIt3\Include\ToolTipConstants.au3	data	8CA778CC954B8915B6F08B6BABFC8695	DE4CA9AB3B9BDA5DD68D4409BD141416FE8FCA5B	CD581B14DA797C1BCE566D0483F01A97221FEC1D5D21B98675ADBBE81D6BEDAE
C:\Program Files (x86)\AutoIt3\Include\ToolbarConstants.au3	data	92BCA775296DAA7246B917B2CE08D7C6	BCD5C00C670835EA873C3C72920450FBDCDCB6DE	E7E3670B582FB28E37D9798605EAB88085471C7F8A1C8B623D2F10C810EF7D22
C:\Program Files (x86)\AutoIt3\Include\TrayConstants.au3	data	B571B9BCD05B9F3DD6D675FD6C616E51	C1FB6F13FE74B21D0B660D46796BD7004A1F3046	F7A97F80A21D4FBB653FBA4CC98E1BA22D2E995E04AA3CEF802F86613B85FA5D
C:\Program Files (x86)\AutoIt3\Include\TreeViewConstants.au3	data	B66F7E006222433677139445D72DB055	F569E12EEEE1B08CEA6C0A9563C453C996610864	9FBEA0505A96CEBA4F5B1886DAED681196531BBF04DF8E372352A9CDC0A9841A
C:\Program Files (x86)\AutoIt3\Include\UDFGlobalID.au3	data	97469003340A0BA81FEEDEF1D89B150F	1B23DBF4E00F8E3D938884C81D92C005BBD4F317	AD01EE53283E2B0CE3102FBE7D644764E0A4F0DA9C15A6A5F13401A29CEA2DB7
C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3	data	7224EC32C539AC0302F4EEAE040AD734	BE2A42C09E76D6C6FDBBA2ECE5730BBAF7D87B63	1D969822DDD6D2722A52F3E60A13B2933A75CE79328ABD3AADF54381E9E96F6E
C:\Program Files (x86)\AutoIt3\Include\UpDownConstants.au3	data	437642F01968C779DF5D1C88509D8831	15125ABA3154D44605AC7D9A2EC349CDB2181F40	E9F530D81A58DB4EB6B8487507199CEA992D5F542C058B9B946D075BE5996442
C:\Program Files (x86)\AutoIt3\Include\Visa.au3	data	C7A529C35B21DE87C6B38F34B47F7F1D	540FAE63F5844739E2EF021BA475E9304F99B629	B6EFB7BC2C605D84012848CEFAB4CA3449D3C7D368C79CD70D8E11E91021067D
C:\Program Files (x86)\AutoIt3\Include\WinAPI.au3	data	03D4CB785972EA57A506EA9CF1BF0862	ABB6623D20D5430705D6CBFD5384102B9363C763	984641274405DAD394A78CB0621DECD828CD66352EB74ED8C3077BDEDBA8784D
C:\Program Files (x86)\AutoIt3\Include\WinAPICom.au3	data	0B00D27F39060F72F7F33D95A069FECE	00F735AB80F67EEE26624C3CB1412B86E0FDD08D	EA2C66E735BE25C07BB095B53F6AB6F07C28EC8BDDA6D92BBD3DBACF2A3918FD
C:\Program Files (x86)\AutoIt3\Include\WinAPIConstants.au3	data	7DC6CDC7475F7E75142CF189486E9343	50AC7586BF16464B2476F092AA74FEE1032C1C5C	82DD2DBD37D84881F702540D8548F5C1BB6FA284E9D1E79A67B8E3DA574D627D
C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3	data	5BD55F08B18B5882672637A42A0819C8	CF606C2354EB683C43EEA4451580EA5881C234B7	C8D959C8799A9BD5824B80EC3F9D0B4D1AE4D8D8E73B67AA7D3711E6318C2E87
C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3	data	DA5913C0BB67093B0C750E9EB1DB1F17	F9B9415644FC725B627E4486CCD79947BBDFDA55	86784D421C8F32F5C39FC898BAAD8A0EA46C1E63E7ADCC9921D01112C35CE564
C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3	data	A2F1B71E75F36FF3E7C74A3304D50484	7F7EA871B722E4AAECDB53A38C3BBFD3CFE58019	B9EA370596AB413D6E48D986E1168A3265EFBE2B8CCC7884F590E80719221E60
C:\Program Files (x86)\AutoIt3\Include\WinAPIError.au3	data	9D317BAC6C71EE336E662453E0E088C9	9AC4462F75D1D7AB957D766C1334695BFB97C77E	29512674A0A2A9A7FDAE5963259140EE0EDF49FF489D5D4AB2C5CAF65BF4D466
C:\Program Files (x86)\AutoIt3\Include\WinAPIEx.au3	data	9AA6CE9C6810A8CC348198E7A69542FA	A97BCFB080F7AD2072E607436312FEA08DB15BE5	3DD6AA38F1F751CE9FF915CB155729AC111C67F21A5BCF26BC98B2F0EB02EFB0
C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3	data	FFE5C0BF7CA54DA4D41960F2EDE68CF8	0E105C5969DB9EBB91F01CABB0BA47D7667D7124	A8ABCD0CAD8E84F958B4AA159549725BEC74B5912A09692D937379DCCB268E5D
C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3	data	04695507D1944F2122C9E228A9685926	C39242F13EEB5F4DFBF18778ABBEE62C8F6E1401	0FC34977BE45D5E866DE5555579BC9B5C02A84BCD2B746E13F806E74559F6D21
C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3	data	84A9489F19AA0D9B5A5AD4E11F34EB97	BB909565D1A73A325500C0CD5C12F212AC193DBE	51AFB07CD327E20F5FCA05869DE42BDD6019D90080C8567722B2292DC94DBD85
C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3	data	8B962A3E6196969F7626E0EBD640D902	6CCA6D437C02C84A73A661E19071F132E1211CC3	07A69B312310BFE62EE88E46B399D4B622A87A5BA60918A5D742EA5FCADF54AA
C:\Program Files (x86)\AutoIt3\Include\WinAPIHObj.au3	data	FCB76E7A768F6EDBDF5B730108C46544	8F95EFAAB8EFDF006A9DB4A728CC615AA2B395BE	DAA2FD643A30EB6ACDA57EABFEEB6C7CBD063BD0743728CAD5F114BBA259180B
C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3	data	D87167D79A83716C9DD80B52BB7635A8	2E01DC31CCE7594ECC96C8D018445058E99CD53B	11FA6452F0D251DA3A09373B60CA4510ED8092A38DE23446C4539BD1F9377134
C:\Program Files (x86)\AutoIt3\Include\WinAPIInternals.au3	data	642B2C6E62D9EB4F7607FA29BAE02B9A	98154E2545616FD5E7B3F373D21FABDC894946C3	1C1909F34B1D048468BA0346A021BF59BACAE7715881531847C13094379B64E1
C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3	data	695794E7D6F4956AED26B026BC44BA76	8A8051EA734C9827300D7EF72D8D96D81F5BCDD4	4D33798A5FE199F5D26844A3C22D1A75307199097BCF2ED3D2BA37950587B36A
C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3	data	DF2399A0F4FFA32EB41AEC744146394A	45885E05B006AAFFDDC70AB1CD77E4BB5FF05CA6	BCF19ECADFB46DD13582EC4BABF2070A11584AE89897F4EEC0304A04E15784AA
C:\Program Files (x86)\AutoIt3\Include\WinAPIMisc.au3	data	D43E3A0131F9341DDD09F4111C2A9047	EB93A93D19AA81C63AF887DBFCC1F84B910E591E	AAE105062486C4D47B08E637E93A7B4D2A3DCE562BC05B22047EF55577E48B7B
C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3	data	C7577ABDA6EC2DD07154F5CBE1BB0962	E7F5B497D19FCB781F05A18BACDCB053641ADE6E	01F08E42C83E9F703DCD4BB0DAD0D1A6A8F601C879D64B3CBB26FD3395D5116D
C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3	data	A78F711EC8D6EBDD90B1961706DF77B0	6F7B205671A7F56622F838BC62305D2C33507FCE	2097626405C917357BB2344AF90E5096CAAD9E76127FC64BA6119973A83EAFAE
C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3	data	F46202389192151939F4796EBCF3A4C9	B7209E40B5EBF3C4478CEF1FFE10C38ED65CD8DC	CFBF416A082C738419F0E017B9955432ACD8884C4B61D4CC19352F9E910B9264
C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3	data	39934DBD049EAC6A6E6FFCEBDEFC1DC3	7BECB0B3964E218A54E17EE003811E2A506A4530	AF95FE1F03F6BF1DFEE0F2718AAABE0A7BBAA069771A5765EB45DEA7BD866EF8
C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3	data	04BAB84B0C10584CB0ADBEA79AF61391	B9C84A11A8E83ECE7A4D891A362059A409679AF8	C413F3F9AD315EA72C57A081A355672FE76F01B82C516B3420F446856113B957
C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3	data	F8519B9EACFE11D03C90326E8F80EB7A	831FCB7E2093DF7654CD10B7F0462632413924BC	62A0146427BE125DD7B3CF3E19080314B003DE5DBAC210D3AB3E0CDC1578A146
C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3	data	4121E9BD6B3DE4E2A58E7648ADAD7E53	7FC2BE4B40BAF9C88A474B4348C640CEC169F233	D0350A1B98FA5C9488EA0DF23825E258F7924BF9B05F9DE1470D7C9046BAEE62
C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3	data	B53D9F47331C69EE69FEA11A1E859ED2	CD302809E4AB1A244BAED71AD63B60DAB45C5A1C	AB0BE0CC93AD72B0CC0DB65E253498C81015D45FDFDC45AD1E71B8531DC5C20A
C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3	OpenPGP Secret Key	C54BEAECD84A1EFB62558CF78E60300C	64937DCFDB8C7D29F4B9D7DBA2D9B9EA2CA2D6B3	85053A54E11C3B9B2B9AA30C56EF775E4986FD1310CFDF83D0A75847BF4EF482
C:\Program Files (x86)\AutoIt3\Include\WinAPIlangConstants.au3	data	F72C8F251EB51F99C5BA3F55FAC5D860	5F161C93DA6845DEA97BD3B4C97C9B9E6B160D17	7BD6229B49D8C0F1B814402F8F829F94DE74F0ABFB8FDE38BA13EB78CAD2A2D4
C:\Program Files (x86)\AutoIt3\Include\WinAPIsysinfoConstants.au3	data	6A99DFEB38731EB288CA0E2A368428D5	FE9A4F7FF623BC3065DF14F33D182ED841B8DA84	06EF7C22393B2F0F8A78EAB312124F8EDC9FBBABD5240EB1FCD5DD78D8433A05
C:\Program Files (x86)\AutoIt3\Include\WinAPIvkeysConstants.au3	data	2CA8223F1784354897FE802896A5FD40	7107BD596C205AF45B369530BC1E43C7FA83360D	62F0400A843516DBA57C412191965F143B35464EC6B8E77C204744BFC1774A38
C:\Program Files (x86)\AutoIt3\Include\WinNet.au3	data	9EF3F04E9542F99A5912A68A2B159A40	9E0D5FD540F8469C95A2F6ECAE50186DB9BC46C9	2D95A325CFE6BC2B137A20C32E1D712DD5D992FE7184A1F7366589BF8FF4AC2A
C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3	data	399474BEF2AD7CEB06F571559FF1A998	2825AAAF4EDE76BB13F8137E55E7D342C3A73005	AE273EC66AECFD789DE559E7423A198D49DC87690E475FA881FAE2445291B318
C:\Program Files (x86)\AutoIt3\Include\WordConstants.au3	data	F92AC4792F42989EE7DEDA2521AD46A0	D807977A5923AE5610015AE289962E8295E67F9A	60C40721F937957BA2653839BAE2602E31762B4A5EEDFCBCAFD5890204C78DC4
C:\Program Files (x86)\AutoIt3\Include\_ReadMe_.txt	data	E4F03D07CD61152309A160B6CBCCB54A	998BC3BE5A760C1B0B762939D995D1A9795D6ABE	BFC3B612B57E088DE0234C119FB89DC8C8096D6DBA2AE7EF73D8C38D31F45C44
C:\Program Files (x86)\AutoIt3\Include\analysistimer.au3	data	36FF6DD3EBF562B08C148D40B32CA0C2	E88C22E122ACDFEBAE24E80BCD68D743199FD121	20DE93E6FAB3844E81B49FACF0F8D98BC71447C6EA77F3314B1E89035F5E421D
C:\Program Files (x86)\AutoIt3\Include\cleanup.au3	data	400C0CADCDDA806B0170782C36D45F6A	C4DE4EA846E23436555CE2ADCBA9DB2F65045560	C39E3EC0475C62A18378C550949988C4D26D4E069F9B81F03567B0420DEC17F3
C:\Program Files (x86)\AutoIt3\Include\corporate.au3	data	F549ECC0122470E3D35160BB25ACC0AC	A667E1A626E5D63509D717E1DF8D03C4ED009CB1	133584A5E7A99A8D9DE471A5B42F38BBE06212A3E833E51436743CABA5BA8463
C:\Program Files (x86)\AutoIt3\Include\helper.au3	data	792CBCE1588AFE98D9664A94CBE431F4	48107698B1A05349356877D44FE3B17087F33B79	F3004F9A3E0EE1E11F6890B382341006D0032B9DC000889DA64246B86F8790D3
C:\Program Files (x86)\AutoIt3\Include\htmlfetcher.au3	data	712511441DB37316E0320B451A5A91AA	B0A8A575FD969D2FFF673D87E37AD8C5CB5D312B	6A5041AC55FEBAF5B3CC74D8F32020BB100886C182B169FDB5826792FDB22DA8
C:\Program Files (x86)\AutoIt3\Include\htmlfetcherchrome.au3	data	F38983FD554FADA7E97B0DDC5FEE49FF	6BD2697A009585A3C25CDF3E040E756141AE713D	329308236F4E6817B961D33CA5120877AE1B3220F50BBDBE5ECAA4471743CC36
C:\Program Files (x86)\AutoIt3\Include\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Include\keylogger.au3	data	13F5D2F448D9AA165494139354A6C4BB	A9D72B6AA994EB906DD32F9A0ABDF5EA7AB3B612	88DBBD0A7DE49AD94BD82948456F4872DD5DC286FF0015AC57DB58C6048945CB
C:\Program Files (x86)\AutoIt3\Include\liveprocess.au3	data	1C6CB423412B156531B049783452BADC	EE08EAC10250DC76AD4A343F4D787F79827BE5DA	CBC825483E148B9C8A4DBFF3392618C5451DAF1429C0350A93DA7BE83A4B07A4
C:\Program Files (x86)\AutoIt3\Include\stats.au3	data	02198B5DDF6D2A5C30DEE318F63BA2BE	6606848E5DCBC9C4AD2B439B3F5E63792DB2C2CB	E6AC9DE54177CC0DE4780D6A7BCD71249D828E80CF5EB9D4C1B98A093F1682B0
C:\Program Files (x86)\AutoIt3\Include\word.au3	data	157869C96F08407606EBE4365CCBAA75	3F44BC9104EE610DF881EB2AA61804D2F0CF84D6	B7FFC5D8488B7A013AFA548A8633062BF978BC92ACF1B45F0DEEB9A4873821B8
C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe	data	BD7E29078AECC3548908CD13923A3430	D546811661A58B6DF50233F69A992A0E4DE3B29B	2462F26450D4F370079C438105842E619CC604AE9A6BE64DFA54EDD61006B88B
C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties	data	8DAB013CA3C17163FD1A91D046E0755C	F228B55D26778426CCE6113D884AF8CD51B807D3	9E9C69293CFEFE111A417F50263262E89018947E188CC3324B82312DC6361A7B
C:\Program Files (x86)\AutoIt3\SciTE\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\AutoIt3\Uninstall.exe	data	F42DD0C8004BB049DDC3250092DCCAC7	680635FBA2A8CD3144F0D9C6BD65F9A0D3E9576A	FFB45829DB859EE4991FC5855DF054BFD670619141B3410250340D3653B2CC4E
C:\Program Files (x86)\AutoIt3\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\Adobe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.OLB	data	2F0749345008F101B65231D40E4F0747	A02946BD3CFD432048BBF436ABD9BA50B880427C	C1D2A63556745F0FB7E09DE32EAE01C368DD8132CF50BBAFC2A54F1ED3110B36
C:\Program Files (x86)\Common Files\DESIGNER\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\Java\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\Microsoft Shared\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\Oracle\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\Services\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\System\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Common Files\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Google\Update\GoogleUpdate.bk	data	AD75C263ABEB8DD750FBA9231ED04E3A	A474CBA20EE85EB9DBB44470D1B130BF3BF3617A	8B762456B65549E92856ABB99F87A6C9204C7BA1CA2CDFC53DEEF103F75222D8
C:\Program Files (x86)\Google\Update\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Google\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins	data	044B82D11C02218CB5C4A84EED2D7FD1	046EB16C608B01FD5EDB37AC689CD9591D39BBDF	863109921F0208442BD1471B3A6185D599462D42362531293F016595162105F1
C:\Program Files (x86)\Internet Explorer\SIGNUP\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Internet Explorer\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Internet Explorer\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Internet Explorer\images\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Internet Explorer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Java\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Java\jre-1.8\COPYRIGHT	data	26962FF4C99610F319B53F3D44F27904	EC1F4616DE272CF90518A99D7316FEB213ED5788	BCA56FA8C912F6154E203D897FE5D963C85361C1CBB3F0015BA1AA365F211B1B
C:\Program Files (x86)\Java\jre-1.8\LICENSE	data	4EDA7937CB7C377318DB87D9ADFEAFD4	2F616AB3B9CC7D06DA8F148F258F7C6A77086301	A896D2D546C0E5E2F85ABD6401ACEFA078384054248AD398EBB80652FDCD1679
C:\Program Files (x86)\Java\jre-1.8\README.txt	data	4540CC6D0C559AA47758D0FA5FC5D3B1	C3DE5BFC5A70D826FA37A7CA67097CE41E02CA5B	DAC2B179C3AAC490521D362B089D619775F924F7F875CB7BE34B2F6B17F2D868
C:\Program Files (x86)\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	data	5C74F73101389C906FE3A626EE973226	2F6EED9F875CE437B2D50ED72187C02861D5DE09	EC56E1289B6E13FCB8328FF24465653D73700F2329FC1E46D73B4E5EF2962376
C:\Program Files (x86)\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt	data	F81FA9CB2D786CB4185ABB8F26A7AA3C	AD70E29549607DD39E2AB1906BC5B006B57C61B0	C88E07DDFABABA01BC7D11F1A67305AB06F524C9CCE5EF15F64026702B2CFF81
C:\Program Files (x86)\Java\jre-1.8\Welcome.html	data	E3ABEDD130512C32E264FC573FE350C3	27F68817A19855717ACD3A903AB1D684B214F7BA	E7F20685D329F37F704E73E685B63DC5A68BC8C266914EAB0AC430897736E23E
C:\Program Files (x86)\Java\jre-1.8\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Java\jre-1.8\release	data	6DF2386CADA64601D4D6F8E34D03ED66	59ED10B31971BFD656D49BDBD630C844C34D3581	BE184591D76413D4350E6D9EC96FEFEBA066C45F718AAD55481C1667676CA1DD
C:\Program Files (x86)\MSBuild\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\MSBuild\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\MSECache\OfficeKMS\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\MSECache\OfficeKMS\kms_host.vbs	data	0516C79CD2192902BDABF8E8E3F291E7	1B540B4338F439DF871406534FAF07501D62C6AF	1973BD4CC050083036C814D6B0001F24ADB2FA4FD62E3B38B900C2E45DFAAC52
C:\Program Files (x86)\MSECache\OfficeKMS\kms_host.xml	data	7B4E0608B6DDD68DA5B1A12F85880DE3	9B4FCF304C39F1D9AC3E075BCFB5CB4C3A21AE5C	B30BE432AD5F68E8100CAD4804833CF48803A9FACB9B0A50BE34F7D73481B560
C:\Program Files (x86)\MSECache\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\AppXManifest.xml	data	E97EDDD4042AF6A30A5A1F6463F019A9	C194936456C381B5473E6AED4201F38FC6DC4573	A8A454ABEA964D22BBD7AEB8AFD9BDABC61110790F272A7F17E7721F29A7E91B
C:\Program Files (x86)\Microsoft Office\FileSystemMetadata.xml	data	58CB248D84767C95ECA70DBB26CC3054	095F94D46E28A0ACAF3AC3CE879FE661C05882F2	DCA273602754FBB75F3C0473D483C5A1DE19425D4BC52BB608530E494867194A
C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTM	data	550751BE036DA189244820892B3BCA1B	AF45746714330B04CC2F7F0060286F5C598ABC0D	C71BC8ED953C9FE46A2D577AC2B291B6AB58361EB213C8D0B1908C331BB475B6
C:\Program Files (x86)\Microsoft Office\Office16\OSPP.VBS	data	A2822F67E189A05C37A40DF1391DD55D	8918C0AEE439A8D8C9A7D4F86992AC6DC2555264	B720E8732F598CD689B06F2E37BFAE9836501AE9B99ACF46FF368427139A71F6
C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE	data	BBABBEB6B4B298B9C000C58D47B43048	02545561C225BE8E6160F0DD549C2650CD13AEBF	D75E21672E1868E37BF4D41692DF1B4BF23C03EBD0D5B10AAD19AB3C9B2C5887
C:\Program Files (x86)\Microsoft Office\Office16\SLERROR.XML	data	A888F1C9B5946769A039FAA28773DB92	0103FC6DF43F8ED844A1A174AD45FA38AB826239	C8CB2ACD58376E9B58091A3217C6CD02F3EB1D84CDADD48B55DD4D8246D057C0
C:\Program Files (x86)\Microsoft Office\Office16\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\Office16\vNextDiag.ps1	data	B1BD29B4C11FE652C474422118FE380C	3302517830A72C1C897D32AE0B68D767E20978DE	9918A133967C0B4CB89408F3504CCFE270B3C05287BD078E97061D13AE370BC7
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-0000-0000000FF1CE.xml	data	18B775399E7F26AC34E35C8E73941952	8A433B45F6F74719DC543C8BED0BB65907C70295	A24E9534D3809368AF9793DFB334DE657336D947F9E7C09D014983E4274EFEB4
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-0000-0000000FF1CE.xml	data	C9E728C87E7B7856AD9CDD1BA9F9CF5E	00B2655CDEC32FFE67C8647C5BFD44975E296E6F	3165797AB52A85CE264BEEEB301A7DDACDBD37E87B167E8F007594E50176661F
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-0000-0000000FF1CE.xml	DOS executable (COM)	58213AB2BBCB65F88D9D7E54DC9E6BF7	5BD7FDB9BEC0128A84872604FE0AFC4BCDE55B56	69B88B7F0075EE5BA2C526E563DE725465793B3F61A1F44EE3E307589D3CE95C
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-0000-0000000FF1CE.xml	DOS executable (COM)	3F9B2B53236679610B6D69065F376721	FE0108F92B3BDCC2DAD72CD894A9BD277ECE3547	56760CC4635898EFEF4CCA5152BE36252C0D1E8A5029DDEB5755C523600F2EF4
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-0000-0000000FF1CE.xml	data	5009482B6B76372F4B8B2C85C7432E7B	08814674BBFDF4879B62127D15B33D5B66E99191	C9285832DD3DDB16BA355DF12153DAE8596546424EF14C0A34BDC467D8ED664E
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-0000-0000000FF1CE.xml	data	DF8307F2850ADD2B3941230C18A4356A	D03BFFB1316FAC5B5923859381607682E91253D7	D1D670A4D2DA48BDBDF6475D6D504C81C5AAC8C4BA165E4ECFBF086B47428176
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-0000-0000000FF1CE.xml	data	6BDF3906B35FDD54E2B5B46D6F8AA159	1285C8E7E9C570AC8B0C5A02E71B3E71A093DDF5	577F639A027D2E1971D1E31ACA773831EB98A60F25EC74D2D10BC202EDEE556B
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-0000-0000000FF1CE.xml	data	858B93D2AB13CC388F8FE022AD8C2DF3	DE99914F9BA7006EC62589F80C14F107E50075B2	3FABE3BFCFBC31135AD32A069999C86F1D0073211A4F9D3B8456465957EA704A
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-0000-0000000FF1CE.xml	data	ABE480815CDE40FAA586F6B99EFFDC09	F1D22A2D987222637889A02A685031650FC2BAA1	C2C395C12B8CFD3ACA85DAF1A19374CDEFE10DC2A2402A3241DE305F8E9C5A55
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-0000-0000000FF1CE.xml	data	E02BB1C382A3F31D37949BA9716AC981	60274926AA6F6DBE5F55710ECD1DE83623D58138	A48C8146BD4823EEF82E06D06CB056CFB81BDEC34EB46971B9F1958EB8FCF9FD
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-0000-0000000FF1CE.xml	OpenPGP Public Key	ACCB1171BDCF74B66A490EB239C62B84	4090835249F2AFC6B959A46FBC284E93DEAB422D	0E96A831ED44E0C019687F6B02F0C8BFB4F8FE9D90C5B44FCC1344C81BE3D82E
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-0000-0000000FF1CE.xml	data	5E2581467BE932171349ECC7C15BC3B6	2A86545A7CB2AB65FE43C79B5014A3021DF7B335	A452CE868A0BA48CBA16B2A95C4E8B7C53C86ADC38D5217F85FA9C30392984F9
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-0000-0000000FF1CE.xml	data	2FA03FFB35FC5D9BFF0E30B268A26808	202E96AB6CB176F55AC944201A3429E643ECFEC2	CAC427C26D31E83C0684C45816412F18D269D5EE16AA045F3AD154307B799AE8
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-0000-0000000FF1CE.xml	data	B64C38D6818664E4C2D739912074C7DE	BD589123AC283B3B4D9F7761FBE64ADD6AD4AD04	BF91B970AB8ADD37958C2135BF94AD9DC18B6F85BD8435DEB5E247214AB6B5F9
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-0000-0000000FF1CE.xml	data	5D8EE9FE809EF774CAA8467EE26052B9	F92587513D54E9A8BC23296F1A2479E82767A7A3	57CEA5088D54D77DCABEFD274169851563357788700735AC88BD6A10ED4EE900
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-002A-0000-1000-0000000FF1CE.xml	data	7C932E3CB9225D2E69D697912971505A	F432A5C0767989DF43C2F531DC9CF08B5D6E1566	1DC256154C7E177E357E4254C2AB98E5B17A87CFCB1A089D60EAE18637D94D02
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-002A-0409-1000-0000000FF1CE.xml	data	0954BD3FEC7EA2A48D016CDCC9862DE4	CE5134D175BF59430D8EF14267068DF7357E381C	150C2F57B95C5A3450A32252C3303019D53258A93B34E2A9F88AF8286233C6F3
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-0000-0000000FF1CE.xml	data	6093E05E2EE0750E2271D362C8BF01E5	500BCE71DFAAF136C72172E29677381F82554C8E	80EF7469C1F1A0A8BEA118764F09444C945B2B29E29B63AD0668DA2974B568C6
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-0000-0000000FF1CE.xml	data	9B868B5E5E3B947BFB3AEE71AA1616EB	C90BE4DDB6688B310312E238849192F70F8A682C	136510CBD7B5C23247C60D130971DE00A012E53CCBFA21CCA3A8C1EA424C61BE
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-0000-0000000FF1CE.xml	DOS executable (COM)	074826146E089ACBC069305D5582ACD7	2BE1EBE8ACEE7298D82971A7CED1B50112556F5D	C7C4DECEDAC6BA68D6D6C0E3D4C6DB7243EDB8CCFFE9A2AF9739801E56F5F85E
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-0000-0000000FF1CE.xml	data	08E8B276AC0005AA80AEB50C61BA3464	4422001C6C8CF12012BE47E1ED827A44005AE205	4B14D98C3E70714A0F0B39294FBE0EE91FEDF93D877D28159A9DEEF8DE3836B6
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-0000-0000000FF1CE.xml	data	9D3777C0C73B85EE32FFAFAD5A5CAEB1	3B427184883D045EB6D461A161A5A6729154955F	5E784B500A7405A359A94B4FC7BBEAC1C69A962034C620BF62BDBC36B5D7267D
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-0000-0000000FF1CE.xml	data	F023265D74C4A86934AB7EFACBEB7967	BE92988ED683BB77E2FB84E2A87BD363ED581537	024B2165EE9BAD598F7DB0CF6AA199CBA4FF52FB8E527D91EAD9528C050D849B
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-0000-0000000FF1CE.xml	data	17FA1A86F68D016A7821960698B5F9A9	DB0104775E05D2ECDA9A6AEF64D4E77A53D63418	D4D149D8CBFB49EF513A49B2627D38C7ED25D79C7A387173B9B3475E6495868B
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-0000-0000000FF1CE.xml	data	1F84C586BC3B1AC60AB99CB1537B524E	D29AFA88147D1F4BDCF87519C03D44739E54EE7A	4AA4073AF92FCE8E2D4F8C100DEC4BA61A447C9E4EA7706A56E41E86174BA3D2
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-0000-0000000FF1CE.xml	data	BB86E0E2E95F14661AA7C9F0ADC1F1E2	070EBA0BF810663A7E42449395C441BE1B594C0E	669D5F50F658761ECF7399DA7728A6E1D8EC1A1BABAFCC00609E008B908A1165
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-0000-0000000FF1CE.xml	data	FEBC208B71EAF598AF7DB0F2892900CA	AC0EA3D199DB013A5CC5937D9A3A0A5E7D6DFB6E	535972DB9347A02D1B59CCA323C5A371F6605D661B37F02FE71CD8EEB2B5399D
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-0000-0000000FF1CE.xml	data	6691BCFC56A0110A9608D3A2223F031E	BC595906F8A4C0F2B2846B3CA826D4963EB06996	B3816F496D17BFAFEDC494256170B87BC76E4A2D76E9B12FBB82CA4A5442A775
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-0000-0000000FF1CE.xml	data	537A7E54360BFF9B4F668A22B23237F5	AB7692328329BB471D41BD49D182F21A4F3A141C	0FF4D97BA057F14D7BC9F7CA438C28F197E12AF588306BB6C8ED6AA22A2D3ABF
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-0000-0000000FF1CE.xml	data	28A9B41D8088A86B421FEA6C831C3631	DE07E386295019ABF97EC5389E301F7F73368CAA	8CE4BDF524DEE308A5C74AF6DC1FCAD2B6AE39D5735AB1BEC4606ECDB51AD4D6
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifest.common.16.xml	data	960FEBF5EB1DD73C0CCE1F7A4682C2C1	53F594141E5EBE640CA9D845B9B449D63A01940B	19C3294AF01EFB11AA29B88114D01A7C8FC01FA8C7BF58E263E138BF5E128C1B
C:\Program Files (x86)\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml	data	5CCD79C4945D6C50D233606638314377	64FF59C1F8F3F0879F63FFA80BFF1C07A1EDD1B2	FDE5915B65A656E1314133F868097D2D0385289C9E84E9876D1A820A16E45F58
C:\Program Files (x86)\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml	data	A7C75A4A45F88EA695E7FD94336D3DA5	E06F61F98D91104BB8765E038D1374BB6B1277EB	BBFEADD03405228B9DEE5B6BF1783E1741CCC7C5CCE85A024BD7275CF8DD4ABC
C:\Program Files (x86)\Microsoft Office\PackageManifests\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\ThinAppXManifest.xml	data	BCB4351BFF9E1978A989E7635E0A5477	DC7D1DF08ABADB11D7596969B9621D55FA92E4CF	D1C744B666B2B446CF158AB80CB1B34DAD1C5D143818865878ADAF07D4C555B2
C:\Program Files (x86)\Microsoft Office\Updates\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\root\c2rx.sccd	data	9F325F66CFAC9CE776F443DCA26F69DA	D10330C168451B463A0CD45A161ADCA37813370F	A01654CB0872AC8D210744DCA75E70FD40A610AAF977F6C033DF877F81EECC84
C:\Program Files (x86)\Microsoft Office\root\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\Csi.dll	data	1087F4EB7EDABBFD623003DB74D8F1C3	F010362A903D64F5C2CD37D68D1FA91D05430BE3	5B40FC6D92AFB7A1BD0EE921975446308BD3B3E448D2173D4493D1CF3E67753E
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\Mso20win32client.dll	data	47A2C5B3E2B812967B9624F3F4A85E1D	97D8D33AF1B2FAE40638DA318BFF6F30379AE043	24016D20A256770797564F09D6089891CCC99C5203E6EC3EC362BC5EF47C1CF6
C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.dll	data	3B8775E79AF437A41F35ED9D16039278	96234E8FD8E23F941E4F1CF1C590CF70C50982CC	B10BCD7ACAFC98F6D20AD6538569886677C06448293653BA8E45FC4CA88985F4
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll	data	D93919979D37C8B8233940D271C2667F	1553B7CB0E161A5A2CEAB30101D00CCB5BE6F6ED	C446163D708E5EE499D6606E20CEA510A9B2F712D0F1577F4A8CFACCEF4662A6
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.stdformat.dll	data	6390B6EDBA0253A99B25CCF8BFD92408	07F286921DA3522508DA9991BE4977C18D879C48	CC739559291B1CCCC603E7E0B71BF164C52D05D6575CF7EE128AC7BEBB080138
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\adodb.dll	OpenPGP Secret Key	BD7569E792637AE08C8BE9A1979AAB32	F8AFAB1725FC5A57F097F1117E7472D58C1B4E29	7F8036DE04CE1D5BED6722E831E899DF891C5367399AD315E2290338C7E239BB
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll	OpenPGP Secret Key	74D99EFA81195BD2916DF04A358CC5DF	A5E389F656BC1FC089976C03C39B5B34367DEFC5	24990D9788209DBC63D398B1EAE05D60F2A6463B993E88D4F2B081F5746CBCBB
C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\stdole.dll	data	8C5982D63090954F8D721E8199C78829	EA2BFE195282D54B710EB0F3033C5478D7EED29D	599AA80DBDBF12334D6C9CF4CB2C5E1CC9EE0EAC645FEF4979416F456F0E0AE7
C:\Program Files (x86)\Microsoft.NET\RedistList\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft.NET\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft\EdgeCore\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft\EdgeWebView\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft\Edge\Edge.dat	data	E3507F27222CB71C7C226D95B2883DA0	E430CDAE20CC687678D99DFD819ECB7125BBB709	D4B00BB6147258B2B13B63339C7D37E34424DF89FA37D5C7A7600C653D5A2E51
C:\Program Files (x86)\Microsoft\Edge\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft\Temp\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	data	A916F56A9A86D65B7E7BC20E7279CB23	DA451839C72A5D7F785861FC26F38808F813C48C	855785206572B2A2EB4689B62CFFD05186B493234912C7A141C3B254F9B218D9
C:\Program Files (x86)\Mozilla Maintenance Service\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Mozilla Maintenance Service\logs\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	data	7D3F3E412E85198B0B290176B2FFCB21	3F30AF56D3CDBF2227D4EAFC47CFA48CB32B2A93	4265281E354F2250EE5D061F83A78C7BB960D9F86118C90D0997FB16227A54C2
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	OpenPGP Secret Key	076A6FE74DC5B24332E2A52A1A1F8131	17F62F2F30BE7C9113ECBDC6EE04B54BE4D5F581	51A40A879A68E4804FCDBDEBEAB4AE2875DDA66A7E4D9ED7B3E5891290BE793D
C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	data	33E7BFE45F2AEC29409ED369109B5642	BB573C6E4BD35121124052E84FECA3F5580472D6	12C032FFBEA1E654738589F95A8F8347320976F0021E98522204E253FE6BBD71
C:\Program Files (x86)\QnPkEpoXWIeSCixQdcAXTHyBTwixNTfoEpzzkDkDyeVPmOZqRiPlKzGjdIBtwVSDFvxOrWrRxkD\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Reference Assemblies\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Reference Assemblies\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Defender\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Defender\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Mail\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\Media Renderer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\Network Sharing\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\Skins\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\Visualizations\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Media Player\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Multimedia Platform\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows NT\Accessories\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows NT\TableTextService\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows NT\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Photo Viewer\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Photo Viewer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\Windows Portable Devices\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\WindowsPowerShell\Modules\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\WindowsPowerShell\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\jDownloader\config\database.script	data	5CB44A65B2588D61B969D34482914238	34B37CD73134E49BF6164D8027882870233A4A31	D3CA5B8554EE19026BD7D3C3CCB18DD6EBC538FE8E1DCAD515A4D825BE7513A7
C:\Program Files (x86)\jDownloader\config\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files (x86)\jDownloader\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\7-Zip\7-zip.chm	data	683F3D75D895EC91356AF5ECE0DAF8E6	92F57326C0E347C5C116213F8048D86BAAA6FC58	371903735049D69559E40BDF185B1F1AB479EA3960A2DEA115D027ED914D4F3B
C:\Program Files\7-Zip\7-zip.dll	data	CF3A43D18EEFC0F6C94BF26632E4182B	7BF27FEB1E2C3259F0A7A0CBB71DD2ACB347062B	E2F72A984C9AA4DAA049A0857BB9D8C73339966836A0F631B3E2D9D99B8F57F2
C:\Program Files\7-Zip\7-zip32.dll	data	06A68CF4BF102FA0B5797506AE7E3E33	4058CEF5F6476803B674C616525B6404E1FCAE33	3168D0268341F5CD291C7EFFA043BFF1109F1883D4BA6E642A56B907581CF480
C:\Program Files\7-Zip\7z.dll	data	B5998BDBFF32E344150905727A8720C1	34D085E7F4CA15C5A09D905C251F1E8D2951D108	0608B34211FA15EBA73A4A00FE8A520D2735A2ADDCBAFF75738C0889CBD10D59
C:\Program Files\7-Zip\7z.exe	data	CFEC2E2C9F9C52D53BFA7D45B07C0290	78EFBB5CB8E08691A45DB05D3012CAE18D207216	5A5CAE86DAC6A8DA097AC5575B94891EC38044E7B8CE757AB7C0D32A740BE00C
C:\Program Files\7-Zip\7z.sfx	data	D71F635104917706CEBF034563C8C9BE	D511FF41B0CADE01488EB58BE3FADD9B0F65C17B	1303C203F6F9E2E16A9742339CD0AE5B7CAFF0DADB4EBA46306366EC3621D3A2
C:\Program Files\7-Zip\7zCon.sfx	data	E0A32A2E0BDEC6C8B274658E7142EBDB	34FE627110B46C168BBF8E79C123A05E295DB3D2	26B4C7EBB144FB61D46CD276A472B2A32221947280E6D81FE4C0E0172EC04DCB
C:\Program Files\7-Zip\7zFM.exe	data	F540802BCFFCC26C05E43509D326D187	8AA280FC4BCE6370CC453040B545736D33CB9D82	F3269031DF62F31C7F5999A969F459952B9D42352A6D0D6EB08359CA2DE06B78
C:\Program Files\7-Zip\7zG.exe	OpenPGP Secret Key	CDEB1633D8FFB2AC35C2EC8265336BD0	E0BF2473CEFC5CB0E25B807D94C45BB449A4D6FA	F82D284DA0C63B0B62C9660852FA7FDB3027CB043771B64B6E9B2C176575503F
C:\Program Files\7-Zip\History.txt	data	AAE5D5402E740C0C96537773399E7D8C	D30C92EEC489BAE41693398E1EA1646F685DD4C2	BDA73EFB654FC99531A868E2C27CE69B261E586AE6ECD8024E7BB351E6A20ADC
C:\Program Files\7-Zip\Lang\af.txt	data	1DBABF768E4918B87C648C17A8A08D0F	EE2C254FD672C1DD86F57139A0750B008CE58A81	3F4CC0C9CB99FCD589346474444911DE71C0E60D65D383943EA66700E5475E2C
C:\Program Files\7-Zip\Lang\an.txt	COM executable for DOS	11159D533FC7058C064DBF8671A0D792	C43BAE4DFD28AED2FA0FC32223ABEC69A6F417B2	9E8C01D71A3715726943FB082387F9C27B6EF92C2D73EE2B69D3E4C0974F0688
C:\Program Files\7-Zip\Lang\ar.txt	data	AB45DCD8310647D472FC5BC54D4B4869	7F1E1E99C92215F0F585631B20EAD955FF2A26BD	F8EE83C83F6C06298AF8C8ED72AD5768BB465A4B046F39B786ED8308059EA689
C:\Program Files\7-Zip\Lang\ast.txt	data	A96E12D256BD41D9B52D300AF124E1E8	43E007CE5D087AB65B94931A97BAB293612123C0	1C90B63EF91012AE20249E4B9024A7F08F8AAF431356DAE0AA8AB8DD9CF1CD2B
C:\Program Files\7-Zip\Lang\az.txt	data	597DED8C9C68070C78D3F6875EBBB999	1DC8A8758CE5A01B28C86961C61B52C4FAEE81E0	E840E8B6E8D6ED21AE9B86BB7984D3458CABAD73BE93A6DF31AFF7244A3DF13C
C:\Program Files\7-Zip\Lang\ba.txt	data	3AC2AC56C2FE09BFDD390E88EA17F6F6	9B87FDF92B282B161583817D42D9540E553BA691	4521A95709D93F53EDB2C3E25C50635EE52428E4C8E40E46A763E12BEF4F9416
C:\Program Files\7-Zip\Lang\be.txt	data	29658F812214E0C3535542C83F05C317	E0D70655690EECA133146480BD48DA24D37C7972	7B8091C14E3919376FFD9CFF7C9C3480023CB347CF9DF730A701400325C4263A
C:\Program Files\7-Zip\Lang\bg.txt	data	5F35BBE6334BB34DEFC292C4D9D6BC17	FC46FCC54E9A1CD4F6B52BB68B0791376EF2880F	EABCEDD508F5DF06081921118825EEBA5505ECD46525B66F0A7114D82951ED9A
C:\Program Files\7-Zip\Lang\bn.txt	data	AEF8FD4FC05DCBB958959F4D61FE2BD2	57E148A4CADFE1C1E5AC58FDCF48FD0B8E393FB0	8889E46C3C82E10DE0252F921A47B19C4A111D06A65EE41F4404D40FDFF05CA3
C:\Program Files\7-Zip\Lang\br.txt	data	2E36194BD4CA6451DCA86DD443A67D73	EC79AC1D1EF1CF05A00E35AAEE798A25CE9151B3	F80AC20894F32B532623E0E08C1082765F870D743AF97E213676DEA0D08C74D9
C:\Program Files\7-Zip\Lang\ca.txt	data	00498DE3188DD90953E52EE0EFD082C7	A4035828122D56BA3AC650822201B19C60DF09F0	2F42787E04CF7911383EB9290E801EAF773E1B42E96C0C3C1AF11D6738AF585C
C:\Program Files\7-Zip\Lang\co.txt	data	D70C6BF2F103C9240F7CC5CCAB741F49	C7BEB5E7B523F5B15D57901CDFCFAD9B6A195748	8DE81B4ED7F0A4C5016B9CAB0F99FA7DC229E35429BFE4385BED86BE899282F2
C:\Program Files\7-Zip\Lang\cs.txt	RDI Acoustic Doppler Current Profiler (ADCP)	D9F5E31FFE4889BF12CF34DBB07EA90E	7CE5E91704D78954EF37A0E34DD31049DC452DB3	1608C0CE4DB82B206451FAA64C56F2C43ADD110964D51C7171456BC06BE136C4
C:\Program Files\7-Zip\Lang\cy.txt	data	26C972C53EA4D9303F3D48863AF559A9	7CEA1E898B7FC5159A36F6450B4B5D719CA9E087	DADB5E802E2FC2F91316D2AFAA579EE4AA616300D158A843D1CAC31329D42753
C:\Program Files\7-Zip\Lang\da.txt	data	67E6203727E05129855691898CA13E36	F4D3F491497D0BD62764545CD53DA6E397105AA3	C231BB59D930083CE71DACDD30B55380A9712083952E5D857B036C70C6D8F6B7
C:\Program Files\7-Zip\Lang\de.txt	data	A407D20D40429DCB9AEAA34098506FAC	74C3904621CD416E2B4ADFEA77135C298780449C	31E615C6EEE64FA6922291F22263ABB16DB048AA7139BED5EC93023AADA38744
C:\Program Files\7-Zip\Lang\el.txt	data	0A6D5315F226C5ECBF9485A1E8B54BE7	FEE43B875C1F472150A70BB8F6DF0C1E9BD300A6	3116B0D66499F6976FD9DE623D69F379AB5099A4374318B5373C22FC8A2868BE
C:\Program Files\7-Zip\Lang\en.ttt	DOS executable (COM, 0x8C-variant)	71105CA456B7F18479EAD2D539959C1A	6F2DAC066056F75ADC038D16E3C71676451B22C7	3485079B4BFD2E323AEC619450161239237F1E99E0C0A2C4D02806E806A45E51
C:\Program Files\7-Zip\Lang\eo.txt	data	E94F3DE62E1730E8A5C8B652823BEDA6	F374B8DC0CE8AEEA6E29BCB01CCBF3C6D4E3F25F	9067584B5F1BA8A0EB9F1D5A057BB8B7A23EF0F22F4E3A3467BAD2B9A1DC610C
C:\Program Files\7-Zip\Lang\es.txt	data	79312FDA106593ACB75B705E3735CD7E	A8CFA48FDA1877205ED74CA82EF32FE1D49D1467	61A543CD97368DC8BB5EB87F7A183727F1FCF1E1D6901187C465230266932377
C:\Program Files\7-Zip\Lang\et.txt	OpenPGP Secret Key	C7AFC9BD12E8E11776C2F652AB9DE00D	EE185D4CE9B689F7F0AA40DC7C43170D0CB632D2	33BC556364FE6FDD971943D80FA6C6F58ED4EE7DF84EA38D28322612376BEF26
C:\Program Files\7-Zip\Lang\eu.txt	data	BA64F0FB164721100FC206894C7C16AF	351E9CCC7001FC48C006EC34B6695C2BAF8746BE	E095BD07AAF2E9B58CED1C201FE18B3ED00DA8FFDEB81CAF424C5AF5D49EBD7C
C:\Program Files\7-Zip\Lang\ext.txt	data	C4B548505680598F536F4103AA6C35EC	462F5E7BB1F481DD21E5AFA09D4B7089C5C10AE1	BF83D45AF3435511CF7F1F0C96996DD174F2E05FD3F76593AC56518872CDD3A8
C:\Program Files\7-Zip\Lang\fa.txt	data	A501313DDACDBF92307641423D2C4C71	77060CEFB11DA6384363D7B4E3B3477103A4412A	DA487279841FFAB0C3B131D63669520AB757C9AD3DAEE24D6ACA11FC8A9618A9
C:\Program Files\7-Zip\Lang\fi.txt	data	48E8E17C510D28EE55BED9107815C836	F55680EE2995913330287DCC4FFADF0EC67E96CD	3691FB775D70E3BBA8E61C45888FEAFC2DFAD5005835F8C6765CB301D2485F59
C:\Program Files\7-Zip\Lang\fr.txt	data	BFDC1B1FA92B51D7336AFD9ACA5D80B0	89ACB2AC01BC0430149BC3DF5A73D490D5B92CFA	2DB631DB88065A003E1120403BBE5F4752AAACC8AA30EBD5112BA71DDF6EEE69
C:\Program Files\7-Zip\Lang\fur.txt	data	E1768AD08255F3730CDF50E0841EE8B5	A3575B832E4A668A20C0566AA03C4FD08DF29512	0C62F738B831AACC779EEE39073F3D4F460BA138DB4E213384F699436912F75A
C:\Program Files\7-Zip\Lang\fy.txt	data	EEC5C96BAEFE1A9275DD186348C84B0E	218621669968839C88D45FE3C761DCC0CD3D0092	8E5FB4FC5D50D582CEB57F5F0653C1E5D85B378046F119E6158B330F07A15FA4
C:\Program Files\7-Zip\Lang\ga.txt	data	947B02D089BE5384EC323031D55C7835	55D6F98D72DF55DF705690C71D1FCB580716D46B	08D1370F8476A244E466592F61254E824C87E5443A5B4C7BA3B41AB88DA29381
C:\Program Files\7-Zip\Lang\gl.txt	data	18EE17E376D49771E7E8BF8B3A067939	B5B788BEFB7D9A0075E5F5080E108B7DE8DD5D53	A40505A77109108741B2522B3DBCB76D57FDD54A878DE55DE650EDA59DBFED4D
C:\Program Files\7-Zip\Lang\gu.txt	data	A434EDA78711418FE6D71B00970DC8AA	1BA3FEE46DF2D481198CA686FDCD3E798CF5BF0A	7D6B7B39D3951BE8F3012BE66F087E062E1DAA81449E752F9A19C7D731D8DCE4
C:\Program Files\7-Zip\Lang\he.txt	data	06298402D7529A50A02FD9FF5A931AF9	09FC0B0EAD0204F06D5AF056287A03B9E1CD7696	07DAEF1D59418B62C14597209961FBDD8CA94022C49431CDE96AF099F0FB018F
C:\Program Files\7-Zip\Lang\hi.txt	data	422331B937F60AC613F7C924548070FA	5ED8916D3E23F171996DE9BA300FF65E07542A81	7A426DF514B50D7D97BAD0042D2BF2A5CCF9D7F9EB41B0B12F517CC2B11AAEA4
C:\Program Files\7-Zip\Lang\hr.txt	data	B734DD724E01FBD85A5F8AD4FA0EE553	B9808F40B04211B98ADBC82097B7AFE0E1999907	AD9D11368F56140187C2DC10BD2DC023CB05F47C86B1A0DEC69F98931498C08C
C:\Program Files\7-Zip\Lang\hu.txt	data	C2366CF7E5A9CD893AD85C958D033387	4C8AF208B8F06A63F2BEC656F4B5A6BE4BC72856	60E7039AAE2389ACAFA1EF835EB968CE976F580B9C8F3C83A2BA01E84EEE6A06
C:\Program Files\7-Zip\Lang\hy.txt	data	4DC7D9F462F53278A8FCC33611EA17AF	A941094C013F3D1CFDFBC017AF9CA83C6B82CC46	6429FF7D8DDD220A460D728FBD520E157A121B08BDE7F7F92087992BAF61EC87
C:\Program Files\7-Zip\Lang\id.txt	data	FA71009F0D88DABF8B10463A3B24EDD2	F9F8EC4DFDB8291023761F8BD30B4080E590BE3E	B3B33FD89D71D57430A497C24D3309A3BC8E2D91408E6403733BB0D4D238787C
C:\Program Files\7-Zip\Lang\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\7-Zip\Lang\io.txt	data	DE33BE92E2CF5C848803637C7EC22C1A	B3A70B7A0C66DEE2920D920E3723143A3CECE1C2	E61C29BE09A7C3D6DFB83CFBBBD0008EBB13199545BA971750D4E7DB15DFD9A0
C:\Program Files\7-Zip\Lang\is.txt	data	941506490CABF17C063E5D5DB0B4E584	5024291FAB4975D0A923E36D6FD2898474A876A0	874EBC8919CAF6F858EEA31FF5340F883CC755634941ED66F8DFB04C07C00E18
C:\Program Files\7-Zip\Lang\it.txt	data	412A0A5AB3B5255D838C81F55514BFFD	FA7ACED0CD3778352AEC5FC7954E98BA6883B9E7	6CA112E1AEDC558E66307DB1E594DF7EF8646CA696CA0F912A308787046800C2
C:\Program Files\7-Zip\Lang\ja.txt	data	57E4BA81293B20F7EA6D5EBFC054B1FA	B046EB8332F539619CEDECD3AD6FC43A659F1F78	8B5F9C944B8986D2B201A1FEC04460B80699A10CFE3A64ABB3C5FA6A512BD23C
C:\Program Files\7-Zip\Lang\ka.txt	data	43F43AB10677F75A3638D1F919F43FE6	A070AA897A920711B3AEB0E76DDFB44150DF8F5F	2A672F45C11DBDDD942604DA41CFA67EC1EC486454C00D542A013291913DDE77
C:\Program Files\7-Zip\Lang\kaa.txt	data	A8AEE3367F463A4ACD8A98F7B88B6859	EBA1012AA311E2B9071393C8EF34479E6780EC49	487CEC2DE35DFD44EB1A3C4D65B7B5FFCD6C4EBDF7B57690A6270D2D9076E60C
C:\Program Files\7-Zip\Lang\kab.txt	data	C0247666F9E046654378D337FEE407A1	8EEF1313168D23308CDB9B74A6D7DE7CB814B403	12390C11A1E63F5B9B28B9FDB3B93084D95DDE6031332D3EEEAE3D2D78D50CC0
C:\Program Files\7-Zip\Lang\kk.txt	data	170B71F9C01EA7CD779FBAE963925FC9	9F6C728CF9FC1504DCF9908F3233A5AFC3FC9801	9431D6CB7FFB935E778AB010532BDE2DD1387A7A436747C187B11D4D346DF410
C:\Program Files\7-Zip\Lang\ko.txt	data	E2F8445A503FCC2DE77FAFAA680C7AE8	C1E67C6E9C79DF8BA412C34A2B943316FAFC0DA2	61D855133204ADAA6F94335E75372D1E995AB954032A884DE73E104990B41863
C:\Program Files\7-Zip\Lang\ku-ckb.txt	data	D94B136ED417ABFEF9627191D4618C34	3D18A4DB90365FAFE0302E103DA802A78335100B	E3F122EDE2671011D965D4E75C1A364042BD674AD2FE7446F3CC6A250647F930
C:\Program Files\7-Zip\Lang\ku.txt	data	366EBC2C852CCDFF538B9451020F8F6E	802F4F7C0F6EC335A5BD40E196031E726BD42935	C1D3928F82A961475B4A74433533EA2B6A86E92541312BD9D6872E82B7FF2C41
C:\Program Files\7-Zip\Lang\ky.txt	OpenPGP Secret Key	2AA116DC1256A6CE9FEF5923F54D5D03	67426CFD641800E8594F2B7C520ECDA7116ACE29	A8AAE264601D132B8C075DF36945C3D3E7AA8D9B2C37933CBA6F6F93F37760E5
C:\Program Files\7-Zip\Lang\lij.txt	data	B2A45F7E8C52B0657B959EA748723616	61D925A6E26F2DC0CBEFB156DD9D6DD927E6100A	C283FA6598E1D4A634B76B24EC4F2D0F7B7E3188913E6818E096CAC920573C00
C:\Program Files\7-Zip\Lang\lt.txt	data	756909B587CF021BC590DC5E05E2655A	1599E58A1F61411200CD611D3314A33C9794D194	64D15FE17A72FC0E6873E25C780E39091F441BB4BEE7ED04C791910B03F06D0F
C:\Program Files\7-Zip\Lang\lv.txt	data	DA651B5423C0C03E460EBC171A959CD9	E8D07A6B563192F11888D91A6ACC8DEB61F66ED3	0216BC757477577F8DD2C03457809E7B607B0CF933BBF0A56A1C62A01C6DB49F
C:\Program Files\7-Zip\Lang\mk.txt	data	B43B76FE712B01076B91C0FDACF2A697	82CC514DA0C5D04F42AC3C5427020E2D69A69C8C	85C55B5138632E442DA9A3BA226C661703B5A24D144B5E84B3D61492A9296B3F
C:\Program Files\7-Zip\Lang\mn.txt	data	4F4A71936358E1DEC958693DC97720BD	B66C4C91E7EC2C2E354B545635A643E15175EF39	B158FCA48D7837373DF9894FAF2E403AB5580A97D589EC67106BF37D0EDEE151
C:\Program Files\7-Zip\Lang\mng.txt	data	FA4069EE6E1F7D7CFABB289E4B468224	5BE08316459573CDC413B851101994479C9D180A	1FE3F15F57EC5B169C65BCA7471FA56E5778ECDEBE4A85EAB2C1FCC39DA5B111
C:\Program Files\7-Zip\Lang\mng2.txt	OpenPGP Secret Key	B6B4C0E4B80F87236773EA95CCEDFFCF	52FBD23F2BF0DE426A2E2B4E3D449192B9B4BDA5	705927978D44A647A58FBBA692DDE6015FB390AA21EB35C0045198721AD6AD73
C:\Program Files\7-Zip\Lang\mr.txt	data	1910BD97AFE17C03679DBEEF8F56A36E	A558A222911ECF24826C77F0B3736784741A2C34	80E583B110BABF7A3B16557461A10AFD27612E2B120634385142EDF56B98B6EA
C:\Program Files\7-Zip\Lang\ms.txt	data	20670956AAB8C4F7939AEC0EE2318D91	DA721AE0A9D7B714B81CC0F5381220DD0D0DD7D4	4707FEF770D7EBCCC0E61974DF5619BC66C40E7EB6280E973E6537F3425A7D11
C:\Program Files\7-Zip\Lang\nb.txt	data	FB9EF8E88A043DF543886BE6DA44597F	18AA2BEA75AE9C437953FF7E32528D7044EC7FC5	EBCD5675A095BB171ABC871C5DEA241D2492A67AA9656A35520DBF13FD875088
C:\Program Files\7-Zip\Lang\ne.txt	data	0172893E489A30DDFD5204FB94226ACD	A8C4840772E7142E8AA1ADAED742DCA25B8A1C47	E33DC46B838BF11869B689DBE5BF3977D3A05C6B1377E82808C57B5C89A38251
C:\Program Files\7-Zip\Lang\nl.txt	data	4F2F7AF5C351A25BEFDE6E5253406C66	E78678766CE4CFE4EC10D826AE975BF83DA6B076	7D5B9EADF3C619EA4B3E1AEF14E23E7E6F3410D33EA5D44475FFC27E93C32920
C:\Program Files\7-Zip\Lang\nn.txt	data	DD344B3C18B54F29608F4F981AFD34EF	1F1AA8D6ADDDC93E9DEB07D4E8810FFF5374D1D8	BE0E45EAB27FD02E383C24DBC277397FC49ECDB0BE6B6D408E719F1469689C5A
C:\Program Files\7-Zip\Lang\pa-in.txt	data	24EFA1A61403BC997E6CF34C297E45ED	49B2D070E1E6CB2EB9D18CC9B21A16AD116FAE04	9C78CE013FD66AA9915D03EEC1A2D7350FFC8AB5359A23C8F569014643A69022
C:\Program Files\7-Zip\Lang\pl.txt	data	4720DDB9D81B39BD66B71647D6421097	7D5D2884777C4ED52F638239EBADD89FC9D073F1	7038F8A2D774E9B28FC3B05C25FC0C6D629C4FD1B1B143E2E3995B6555D72CAE
C:\Program Files\7-Zip\Lang\ps.txt	data	1B5ADC2E34472D7668C87DB1CAF725BA	983BB8D75551C45437B4E0C581AE053DF497C806	B2BEABFE3A9A6AEB8CF21919ECF5C6B3557C1DC789C708370DD316EC4931300F
C:\Program Files\7-Zip\Lang\pt-br.txt	data	FA77ACD3619A2E9E588D795E4F30FCA3	E70BC118B76669D732DDA0848A080271C66B65ED	81772B36060F87A3DFF5D5DD753DC33CF14E78A7FD53B76C4DC49ED9B3D4FE07
C:\Program Files\7-Zip\Lang\pt.txt	COM executable for DOS	B4201E9C3F9B3DED43B073B5B6035661	666B6199A2AB71DB2FD93E26C64D8C7256CF0B22	1F949AE2E8C861BD52F25186396DB88238362BCA8CE84AF25E74F980B996FE19
C:\Program Files\7-Zip\Lang\ro.txt	data	6E4D8E71B8DD50BB25681505350F062A	26CA0315E6194757DF2E00EDD48C597ED9AD4A61	4F6B9E59BA13CF5DC9EDB1DFE802282D4222E73466137E2E464319DE37D52ACB
C:\Program Files\7-Zip\Lang\ru.txt	data	AE816631B7FDE7AD0B8D5683A445D166	E010D54A6AE5571953E3346E2081A122BCEC5C2F	5419E722C888380675AD08D3EE052E991FEE10CA2ADE42D105A44005FA6E7BCF
C:\Program Files\7-Zip\Lang\sa.txt	data	EE9DB02DBDEF0AB6DF8DE06E2101AF9B	D2DBAFB4C9CBE012F82519AE68740E69D346419F	91B85CAA01ABB32FF91C711EE2D947D078CA5FAAEA639AAA1014189359BA326D
C:\Program Files\7-Zip\Lang\si.txt	OpenPGP Public Key	08C8E8E8263A20A7236322A1A59E7D0A	40552F08DDDBF6E899D62F4903A64F1FD3EEBAF6	130CEBFD69E659909B5E075D6164710C12E9F9610A70F804F6B543E99C22B5F6
C:\Program Files\7-Zip\Lang\sk.txt	data	2DC6C6A3E6A6340ACDDE4E14992DC7EC	7E95AF29AACF16E3027215DE6664285C936C6D59	9526FFB0ABF44C19713341B13B05DF78FFF0704627F9E27D1F9BE2E44EEAF48A
C:\Program Files\7-Zip\Lang\sl.txt	data	DE6EB5CFDC2FA1F976D53DEF9659A67E	A83E25F373EAD00996EEF8D81A780B373687847E	171D2D962A789E3C65A308C3FE76256D483A441FA314CD1385BC4190A7CE4438
C:\Program Files\7-Zip\Lang\sq.txt	data	11BCB4B28499506D993B4C7DEDEAE787	972B8DC01AF018445907E9FD502AC4A79A9655C4	9979851597A86382FC80CA275969594FD88B008F1FFF2A052A6175CDC7D997F5
C:\Program Files\7-Zip\Lang\sr-spc.txt	data	D77AEDC653D5AC125DDE4C22E6C4D4E4	15999A6A374FE520B88F36FD4B33DF70E3698892	5B5257FEC70D880EF4B93B91E9640ABF38A44453CD3162383363506CB22617E7
C:\Program Files\7-Zip\Lang\sr-spl.txt	data	F3EF35953AA7FF8AD716692E4E1E3942	77ACF63B1864771AE8D857F746B816D1A0FE5A6B	4446ABCEA4BFA5F7D6A1AF3B13CAFE123E4826AE09DE5006E539D024A0160EC3
C:\Program Files\7-Zip\Lang\sv.txt	data	CB18C7AA5AFC6802CA2A04CF32D3924F	45EF847EDF58B43B3A450F2A093F617BD5368117	182C15289DFA12293538506B7D6BD791D89B7BBE6B88457B8A4BFBDD3953D666
C:\Program Files\7-Zip\Lang\sw.txt	data	4C948A13B2BC15AD315D36B6D141BDE8	22AB4C2C94FCA927712EB3D5A34DE058104A7726	603BAE3D0523649E146AF74E01A345724CDD70E20EBE54F4CC4CAFE2E6E22462
C:\Program Files\7-Zip\Lang\ta.txt	data	7F1EAC325E97668C7A80F04A68B0BBE2	5DEF558CCAAAED0D07AF3737879C04F41C8BB4B0	7B0D462CF9678B4C951B4CE2ACE368AA25E032414C0E92E73395ED7C1FA604D5
C:\Program Files\7-Zip\Lang\tg.txt	data	0B3FDD880B235EFC034F86691252784B	F14285790B5689A102888D2D3709FF80965147A9	E5458C6F699D4FC6C87F5D2AC92F9F21ACB5606C8FF9C15A69347A898EFEAF28
C:\Program Files\7-Zip\Lang\th.txt	data	E3C31ADAAA0AB1E126F766C236969C4F	4A14C12B06682BC615D676F11DA2405CC5AEA60E	53E7731BD9D0D412386328F39C75E4DDD15348CEDF33971E40BE02DCE7596099
C:\Program Files\7-Zip\Lang\tk.txt	data	083A9029BE73821DA5ABCB59D5F84401	E7C803B61E8EB2878D34BB36F45E248B2E4A6AC3	B435E04D69B44825C41E517D9337E895B269ADB39D15B22E5B84A72DE3642609
C:\Program Files\7-Zip\Lang\tr.txt	data	8C42B8B308A7049B161DC64F84F58453	4C1D83B93CEB7B579F8A26D31B66B98F81B21E66	0D86A65CFE83B302701A48F25946DC855F675B47BB836E225C4BCC04081E0E7D
C:\Program Files\7-Zip\Lang\tt.txt	data	C8A0E1B928B816735AA559200AFD7061	1D5C9F825E2C948C05F34B8540F6D6975E1F4B79	6E25BBF547E5143D262E9B961E61CC824D8C0C94C7A3E96FE7D3D26BBD4C6890
C:\Program Files\7-Zip\Lang\ug.txt	data	AB84C916018974C02868C4C0CB324143	8E64CBF9658D9FBA82EFA5E86D161946E9E1A757	07927645C8C6091050EE5289C574C67CAE72E0BB818B0C36154D94EA443FC79A
C:\Program Files\7-Zip\Lang\uk.txt	OpenPGP Secret Key	5A50D83995B7C97152C0AB3C5641059C	AF057ED77E2A86ED97EF21AD09FCBEF2431AC690	2A7050DBCB0D743B235D109CB8F6EB1CD032AFF7E76D77A65265E339803259B0
C:\Program Files\7-Zip\Lang\uz-cyrl.txt	data	968FE8C9C20657022704B3814F355732	E1EC6BF2C99727935C77CF01A0C58EBB2FC438CA	C85124EE254A12AE3B3744A6DB561126A829663E23E2E3D2A8D412F88294B647
C:\Program Files\7-Zip\Lang\uz.txt	data	C1F3338E1D8B20E06BAD0E230A60349D	11515FAD5AE3E9A85D98DC2B185112AD45A64530	BC986C22EAAB57B893A28E48451085DB3A03DC3EA12E924F97375D420A6C914D
C:\Program Files\7-Zip\Lang\va.txt	data	6D61E8E84ED3828ACF8A0D25BFFC8E70	4A55B1F21B0944308A5EB5EA9040E7920FCEBD54	C676C4A70B9CD0D995A9075593D0A51C18DD24FB255A95D35E03554460C8C334
C:\Program Files\7-Zip\Lang\vi.txt	data	44BB85CB613D4B4AE20C1271F5457FEB	5E39A5A7B5376CB96F4BE16086C8C6F659E247C7	D219EE85FC8CD30BBDBE62DED082B00270BFB5780EC61E38FF2460F82AD925B1
C:\Program Files\7-Zip\Lang\yo.txt	data	5B1DD2869DBD7553E79C95D420BC514A	7EFBBE3FD8A3D6E48412A5313E767181002183B0	01FCFA5E178BF27470055F53AB313145A2E7DDD19951CFB7C64B6CBEB4E9BCCC
C:\Program Files\7-Zip\Lang\zh-cn.txt	data	87DB522B0D5B475E8442DE021E8BB1FA	1D0EFE7092D4F86E2932405CD6B40CEC9FC3188C	E58EF1E3B27B499F331B56A0C2168BFE574DBA4D5F55A99EC27D794973ABA9B2
C:\Program Files\7-Zip\Lang\zh-tw.txt	data	634A4C246A720451B668B4F85D1D5CC0	F843C7282C50BC9DCAC03B6595E5443F94D49759	767C396FCF274196C4FC721DF1FF31CB7A9F99E6A486CD31CB4D78E3F3D3A7E0
C:\Program Files\7-Zip\License.txt	data	C7EDAA731CF6C54E76BF228E9CA1E64B	E2747875E1E1938FE4B5EB7A891026F583EF4BFB	AC4FCB7D5A0B2173024EF548C5D92A8A482A5ADD4475086091C1592B6E02F646
C:\Program Files\7-Zip\Uninstall.exe	data	00D8018BA524D5C74467FE2F9F462954	6BF3FA34F3710E8A8350F1F5A768F51A40467045	3F6C1F5BC396E3197C18ECAB6BB0D43C3D3F91F517B312855C19E6CD2A7521A2
C:\Program Files\7-Zip\descript.ion	data	4CEF9EEBD5F24A0DA0142FC92B8E216F	27434E0E86791D4F552EDB6E4663080B333A413F	F86125BA33FD19B7AA0668E808564461F312171C24732F9C9B9E39D209CCAD66
C:\Program Files\7-Zip\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\7-Zip\readme.txt	data	664FDA0937DF951009CC992A4F29D9E9	9C0532B647149A38AD25559A84C2EBC976DB8435	6AE0BB8721F305AF08A5BB95196C6549A7D855B66EC5F1AF46AB97E7F476E6FF
C:\Program Files\Adobe\Acrobat DC\Acrobat\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf	OpenPGP Secret Key	DFF10F99140CAE8E748E48719A19C423	EAB5B7C2E738BAC01F182C1AFB95775970D10B46	97366AB0A21EEC8AF303AA58B69535C2072DE32DAC20797DB284D547D65DD0D6
C:\Program Files\Adobe\Acrobat DC\Acrobat\A3DUtils.dll	data	EBB5D70F2B45C2D597421CC7E084DC32	DD8AE2712A78D314552C9B7753E8D87A496B9DEE	74FA2580E84B6819B7C8D8B1175F6CE696838D853B7706478A351B1EAABBA170
C:\Program Files\Adobe\Acrobat DC\Acrobat\ACE.dll	data	8DF6E9D78BEEA06693AC636FA69794E9	D67553C83502E69D7F36F5F50FD62D39110A3B5E	DD1BFF15188E4807BD207613316B953BB181485D0F72525F0118F9CC3638B5AA
C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe	data	E7DC5DE6CBFE975FEB574E52C81CF2EE	42896EABB12696A6305890843D18D4589383F73D	2CF518A1E306F91B47E86C2E6D6D6E2A235E45E9F9E9AB4F73E769E270D9A472
C:\Program Files\Adobe\Acrobat DC\Acrobat\ADelRCP.exe	data	13F776EFB5C9064F1996015C92EB3B87	B9FFFA087C04FB53300CB245E5116FEFD167E0EC	425E89F09DFB0017631AC49BB231B2A81281A0A57480B21DA4D9217D100DBD0B
C:\Program Files\Adobe\Acrobat DC\Acrobat\AGM.dll	data	52DC720994E9599603D6E35F819DD050	DFEEF07C4D07E6ADA6631B81403FA1E32BCBF162	6E3276F6E75434868395C18C9D3EAF73D4598ADD80EF009EA4933044418FD80B
C:\Program Files\Adobe\Acrobat DC\Acrobat\AGMGPUOptIn.ini	data	6B952A2968CFAC20C83F7526F85E15A5	0DF443C57CDF854CCADEF101F15C3677849737EE	3D097E98A9FF26D537476E334D351992B5472BC914127FADC81903A99860C1FA
C:\Program Files\Adobe\Acrobat DC\Acrobat\AIDE.dll	data	8637C5123FB40D06E4F6816625A11E96	EED8FE5BE8874C2C3404C86B48075055F9BA999B	E286D6DBAE8B9CB02AA63686271C27086B3D853E63D4792BA76F82BAB82B09BC
C:\Program Files\Adobe\Acrobat DC\Acrobat\ANCUtility.dll	OpenPGP Public Key	9D931CE243F0933224FADABC8FE034F6	D7F203DBBB8A8A0A5432A57B6D5058D64B3C5D33	2188D14630E0B7084BBD5D769DAED2A65BB17D373C249E0EB580343BFD806A2C
C:\Program Files\Adobe\Acrobat DC\Acrobat\AXE8SharedExpat.dll	data	5D87AF78F9193D50A3669337C89C1F51	FDE2BFCBBF0ABC3000004BE84D85E0CF43F02B93	8216FFE4D3BBC5EF5BD7EC99A1CDBD1C742EB253E940B43CC7923FB5A5BEC406
C:\Program Files\Adobe\Acrobat DC\Acrobat\AXSLE.dll	data	91601B865169940F4A55D6522C362985	C5515FC99E8724A7811C4987383D381C84F5E761	82B4352D69A7057C7AF599A8A32634EE41B69B0962120519B84A736DCCF5B736
C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe	data	5E3B403754EAFC993C9B7132A70547EF	C7A573630010066403B9D16034E016D3F890F335	84CC4860F7C4D21FB919036F2FE25D96AD4E5B25FF1B1AB099B7C45D5DCDA603
C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroDunamis.dll	data	77AABD4023BB54308B3A6ABFBDCB64A7	6CD24825932931DEBCEA1D5DF64331D5A9ACCEA7	19BE8645339B4B41E863098C32FDB7AD116A7ECBF30AED44E47350714502FED0
C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroTextExtractor.exe	data	FEE9E2363AB1A4D66B25AC53635F5FEE	C934D4385F8D1844440A3803239B9070029137A0	23741AAC09FE99EA1994B7E45D6FBC0329DA7C545B7877D69A68A7A2CDF7C7EC
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.dll	data	E755486400E6B0BA9D5807411FA18B75	9C72EF1A0FB6414867F001FAEBB8471704787387	897245E7A4AD6E6BB9F8AAC4393CC11A715F938BEFA438FF49C09B443BB3C714
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	data	A55494E9278F91BE20E2C0A98528C868	82706818D8ED571693B315C78A7E9D456343B254	A7B274A004393B54BB9587A22D9864CFC31FA8D0D5D6D0EB05D9A8CDC1AA2152
C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe	data	D7E7367E04EF9E62412EFA1A9425827F	32C1E6062748FDA0237419ED8C9E78B7E5508CB3	823936A14331CA5CA9CD73655DDE71260350DD579A2A1EC66B9C3A87A1F5EE63
C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatRes.dll	data	29DAC00F829E9776D6DE74175AA24F88	ADFD5089D414EF514A26614999BCA38F64FA7F07	65DFE63990B3EA20673FB5F0D0CD255770224D016D83D154E61DAA1433881BF0
C:\Program Files\Adobe\Acrobat DC\Acrobat\Adobe.Acrobat.Dependencies.manifest	data	FD3CC8AED8B087D29F9C65585E661C41	AF603EF7326B28D9076B52F1FF8964DF6C6C8BC6	D72740273064751D502E858153E3771BA559312E1F368BE13883DFFA64C793F9
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	data	23B8D338E535EE6681AB61B77D580F2F	E4C6B4945853886DD8BA166E9E423E48F5DB735B	24E1155585A47B54535D2289CE90C0B2453F94D78310433C9DEEC98B185EC25F
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeLinguistic.dll	data	968D5B62E18092025E2C2E10C337A040	5009683B70B3BA18A2EE43A32A5CDB47172E820F	B4FF90E454525BA714AD4B41B46304C0E567B636AE7A8E864A8EF077E8417258
C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeXMP.dll	data	3E1AF716BA556AA4990F38DD2A1CDB03	FA3AC51F25D7AA8DD24F7532D5FEB969ACFB0DF6	F04B31800A02F359E7283B3092867938BDF46F5362837A43006FD3201C7750CA
C:\Program Files\Adobe\Acrobat DC\Acrobat\BIB.dll	data	0532381DBB4A7BE3E5D16CC4DC92FBA1	7E010FB47F882A9C19AF64BDAFE3A0D985D52621	881131ED3D6FD3054638D8AED6B73C26AFDD929E4FDF0063A61C8260E8066DB9
C:\Program Files\Adobe\Acrobat DC\Acrobat\BIBUtils.dll	data	9D573142FEC5AEA186F842DA463D54C0	63F9B8673BBF4D4B4CAFC63EF1B59D7DFFDECD20	40DA2F94267644D3DE4BC5BE8A4CFC76E6038D4993487BFF5DDB20BE9A2736EC
C:\Program Files\Adobe\Acrobat DC\Acrobat\CRClient.dll	data	1293AD474FB00925792C6C562252802F	999DEE9A574A0CB64A22CEB9AA6A2B1704E22FFD	250F8AFAAFA9D5195C4BE75AD97937197FB9251BBDC8D521E941BA06FC1E287A
C:\Program Files\Adobe\Acrobat DC\Acrobat\CRLogTransport.exe	data	E9A4B8D909FC66A64F954F4DC5BA4042	CE547336D46A5FA61172EBFBA00F8F1FCA8D74E4	7FBE2C8425757E7FC1138776ACFEB8FC6139D22D82C247F6DA820F0C254822F9
C:\Program Files\Adobe\Acrobat DC\Acrobat\CRWindowsClientService.exe	data	EDC4718715E6A8D5B22582A4F3C5986D	296105BF091FD74AC608200F987F801A2647B663	89E3FB83FEF94F80799F70EAC35049928CF237E536BC1AEBA35902601303A656
C:\Program Files\Adobe\Acrobat DC\Acrobat\Click on 'Change' to select default PDF handler.pdf	data	60447DA8CD215F56181F89FD1D20DB5D	EAC27E062C5AA7938435395533D96704475094B2	F7FB13C436CD2D772499BDF09C526BC03FAB8528D0F2A97EDD06FB9DC29B8D1F
C:\Program Files\Adobe\Acrobat DC\Acrobat\CoolType.dll	data	534785DC628D0D7687E9EC6046A489FA	5064A5ADBF89FE2DF7B53C1871D01866D614565C	B91A5D0BBB146EF57A96A80920DA7B3468D9095924802D6554FBC1B4BB82CE10
C:\Program Files\Adobe\Acrobat DC\Acrobat\DirectInk.dll	data	7D3A40B2186E0A7F18A1D8FD9E9B9D0D	61F9BA2501451A4A7AE3E2A122F43130C8F14371	A903731D30F83C8E3AC47FAFB5179BC9590CAF568CEDCAC8755E85FFEA77C78A
C:\Program Files\Adobe\Acrobat DC\Acrobat\Eula.exe	data	19D9BA25EC6EC3B82737BC695F015CD8	856506EABE17FE4A68885C4F86BFF7EDBA77F839	18359F23736527FCE215179C1B5FC784F236D46A8F30984EADA171931E1C5C8E
C:\Program Files\Adobe\Acrobat DC\Acrobat\ExtendScript.dll	data	3FD4EA32A2B40E1043248F200FFD32C5	6B8E0A857E8FC9DD67D08506EFA9F791EA92E5E0	1D0A421F24BCBA30314E6C6563189110ABB1FEEAB20720DD29A31A3DB887EB56
C:\Program Files\Adobe\Acrobat DC\Acrobat\JP2KLib.dll	data	AE9763FA0F96DD9A8F2B55EFD2E1637D	39A3C950C7A0285CA8D1044553A5F62DB3D2C7FA	0F9BC81931AC6D33CE221274E0B8C7226479C186F653573AF682007B6CB10A0F
C:\Program Files\Adobe\Acrobat DC\Acrobat\LogTransport2.exe	data	A22EA43286CC90B385F6C1D60E76C5F6	19C5A317C04FD4078FC3E5565AB814797515DD4C	0AD023F5009ADEC27814F44F3C17E564DF0DBF3BB50C211E51B40BE60809EC18
C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFPrevHndlr.dll	OpenPGP Secret Key	6D3E096AA9D8267170E868F94AA2F66C	653DE2063F81075E8957B448EF33B48E31D95F1D	C11C956E9E71C75045E5483B782515F502A245EA57A73423758E42ED5CAB2EDA
C:\Program Files\Adobe\Acrobat DC\Acrobat\PDFSigQFormalRep.pdf	data	E9169AAD01C55A164554D6434B2CBA86	F4F38BCA7A29CDBAE29FE6A1DE69B0D758679E8E	CFBFDC832D7F8D107BDE823430DEEAB8C6A730D48DF171CA1E88F8A55D1AF548
C:\Program Files\Adobe\Acrobat DC\Acrobat\RTC.der	data	68F11C5E663997F2F94312AD9308E97B	5BDE74CF0F70EA8A44404000D552A9061D58B35B	32879C86CD98C6B593EB1A036C46A1647724AAC97488BCFDD5182EDB74CF06AD
C:\Program Files\Adobe\Acrobat DC\Acrobat\ReaderUC.dll	data	EC38DB300A1DF551727F63691EFC7B7F	57EBD6A315FA27BECACA4070A70297A07EA7DC97	EFE96C4C0476BA5D085452C82C53A3A31EC471A13A503D25D6D8DD353500BBF0
C:\Program Files\Adobe\Acrobat DC\Acrobat\ScCore.dll	data	92CE375643446A3C98AEC8A334A1D6AD	CD814259D570088ACA6D40A7BB5A747A457F30F8	C5C8E48D1873CCDF083F6E0892069C6895D095162A3401FA5E11DB41DC5B1923
C:\Program Files\Adobe\Acrobat DC\Acrobat\ShowAppPickerForPDF.exe	data	78DC9699C0F3ACB77AFB5FBAB5F4338E	4A0319DDAC38D927F07A3053FAB0C98B339BA225	4057083B8580A2EB16DC989AA1E81AC4C254D9D5CF07A8F18170CCA082738883
C:\Program Files\Adobe\Acrobat DC\Acrobat\ViewerPS.dll	data	CA52BF7A8682ABDBCA2A4D83972375ED	F9B9854C25CA912D09E217C4FC2E532E194D123A	38A2B1C855CD2046FD66857E062F75AC38970C7BC3FA3C377D2104F3C0DD1D19
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat.tlb	data	C15F7A3C244CDE0368476D384171DD61	48D934DC549576687DED4A205B91554233F509D8	1F283A543DCFCBC17E84249004B37C6023F731F360F5F5FF2EE0B8A3488834BF
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_reader_appicon_16.png	data	A2C34F5D7A6DD004567DA84079BC139B	056E920106C534A914CD25BC8EAF726977C7E75C	8E0F8949A4E36FB76E20A0C1BF5D6F58B8377BFDB676C8CD66B86AE9180AAB6D
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrobat_sl.exe	data	DC6E9B074DEC6265EBF8BB6F99C9A5AF	8A9A2AFBBB20EDEAD6B545A5EB7159062B7D49F5	C4F1392E0E53859680E01450402EC66168123520FAD35BF62DE86AEF96AD92FE
C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll	data	41379DF3E314560EE75012877F0AB83C	EA42438A5FD77D0DEE75813B846F13B4E70D423A	2C2DCEEF8C98CD0F1566B4418C5A793EFAD0033BBE4944B2946DB7D514A0195C
C:\Program Files\Adobe\Acrobat DC\Acrobat\ahclient.dll	data	0DBACD9A32EF50E89819EACE1F8CA9A5	88633D8E00FE34F18009DD72981BC4044C508EE9	58FF742E74456C17CA223F2FD3BD6FC3EAE19B4D5B7A8DE6683D36D3EA5CA22E
C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_asym.dll	data	35BCB4CE7D2011CD34D9435592BBB01B	B7AAF280BFDD0402AAAF19B665163663C770D2D0	9A8DB1591700DF51E2737F0127669AE4C6D979F2B74D4C476C5CDE2C0709BB44
C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base.dll	data	493FDA95A0395CBE0F32E0B2D3062255	814703CD2AB6F951EFBF4554C525A5D9D30CB8DD	8F8F825BC3AE3C865B1D0287E02FE2F4F5C8DF5AEAE2EC23C53DFF5E6C7E14F7
C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_base_non_fips.dll	data	75D309FDABAC72CF1CA41988AABC53AF	6DA9C71F511E14FF30B9BFAABF87C28BEB0AA8B8	0AD565425194209177E3F4E2DE2EFCEA26197DF5309654833D6734C871812BC0
C:\Program Files\Adobe\Acrobat DC\Acrobat\ccme_ecc.dll	data	7FD04E836183D323E29626E6C57E9584	0BE5DBD0CA17502D9EC983437DCD09AAAD12D544	2FBD84F0C6FA1D573BC96EC1B9EEB0A0EAC6B5E1D04C11AC55ADF0060BFAC637
C:\Program Files\Adobe\Acrobat DC\Acrobat\cr_win_client_config.cfg	data	A467A19DF6BF6EB66FB3BB96075F77E5	77CCB284E73657D8B4320BE603198ED4515446DC	D6CA077387C758A59F0F6F64E17E1078494435756D465AE0FB3202C329C850DD
C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.dll	data	BE02E4893855C559200590618B43921B	38082EEE01E5108F2E924FFD829B8C8922453318	82B3B86756B1D845F3D16122FA66466F73BA097F671E24D50F1AF92BABFF7DE1
C:\Program Files\Adobe\Acrobat DC\Acrobat\cryptocme.sig	data	439887E8AF4BD84C3602A24A3DA4E7E9	F022F7E71FD81B6C183AE508D0457402ACF44412	5B7C9E95DE06888E8007AC427BEF1BD3255428E40761A861F8955E7B0EC367AE
C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv58.dll	data	064882A8F02352D92599E099BDFA5324	D4C06A1532CA8726D65079744D903E8128F93D92	A451B4F0667C0EA82B0C825B450D95F14B8E52CBBEB9A9E330609E7491A46A03
C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv67.dll	data	F81B47A3F5D4E05A61F467919FB2B793	F931BA21E42715E6B2ED904FD7B73A6BDC0C2BE7	05169BBF0C763E17EBD421DEA998F006FD50FA637DBC7DD73603BFC99DBBB23B
C:\Program Files\Adobe\Acrobat DC\Acrobat\icucnv69.dll	data	48E3D16E742EAC3E7EF680BF4DF2A32B	8096DA75E942CEAF9C2A6F2CD9D4FC4560F9BF38	4798545DDA19BE35893DEEF8B60359B8467601081DC55F1304288BB3BE1D8B56
C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt58.dll	data	4399C8A19724C966DE77B42397B7AA46	A2E93015E29A0E1E26C0F4E2508CE6F5E366ABD2	E890D9E7770F8153C857A67DBE7BC2483E43E287C12BA35BAF0326D3ED90B46A
C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt67.dll	data	E3D9FCA66BECE31D2B6685046344A114	F48522F28FF83935A181B0E038D3A25029DBFBAC	A6FF638B193AB87CE99FD5AB4FEB61CE5D22B9DE49D683DD17F829D93FD2B321
C:\Program Files\Adobe\Acrobat DC\Acrobat\icudt69.dll	data	51D7FECA13B412ACB9F56BE4F1CCBC3F	8CDDA1B8E754B480D8EB1BFC2D54186354E40032	020B5A70280A9C8D9ABA40910EEAB28434E39671AE8D9F36BDB5DBC42A66AD7F
C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc58.dll	data	CCE8DE4F73EA66353BB23C5A08C20CA7	05403DA8C0451562A8D9118F8BBB2E9C88CBC6E3	AF34C21C4503A6AC75CF123F701822742BBEE88D5BA7368737C7FC06A029B1BD
C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc67.dll	data	E5B52A01F89C7EB4D46C68EEC4F9120B	231B3A05F3D2508DD87FD7F413E3DE5C96968AA5	3825F797E82EF7DA6F0262AE88C021EE5FB2F9EA317835411576DFDDC3C91F65
C:\Program Files\Adobe\Acrobat DC\Acrobat\icuuc69.dll	data	722224B213EA142D2E9ABC7FDD77DCCF	3CB1B6C4C6DD7EE62B7F98A6DADFC6A25DADFDE0	3BA066369C0B13B7139DDAE5F53838CE80476B4DAD5D9E9AE4FCDFE57143C8BF
C:\Program Files\Adobe\Acrobat DC\Acrobat\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Adobe\Acrobat DC\Acrobat\logsession.dll	data	E5E538DC889A8F00EAC1277E6AEF650E	0246EA0C998EDDA3873AA5584E9CF720654CA5D9	F54E7B9173EF42237FAA3EE1060C821115DB86A535F49F58024B9568C9D5F185
C:\Program Files\Adobe\Acrobat DC\Acrobat\pe.dll	data	8D711D3118824DE6EF2D0D76260919BB	BB11872451720BC229F26432A65758E2DA697724	AA378782B09320A19E19ABEF71065B837BBC982B7CEC75C6484985D8A7B2783C
C:\Program Files\Adobe\Acrobat DC\Acrobat\pmd.cer	data	75932C8409402A26A33BB0DCF33BD20D	F0B6839F1B12FA4AB8B24246BC5DF68979066463	B8DFDCF5B321966C5F836910D135A30E1C3C34273A02AE49D353FF13897C27A1
C:\Program Files\Adobe\Acrobat DC\Acrobat\rt3d.dll	data	0E2DEEC6A088B5A761CC3F4D32C3CAF7	B11CF23618D5D178C9F36B76C59D1E58A99C4F56	BE5908E7BCC2EDC0BF64322420F4590508FEECD87140687BE1F3FC20FC933B4F
C:\Program Files\Adobe\Acrobat DC\Acrobat\sqlite.dll	data	4A69576EE2281032FDB7002301CD6AFF	CCEF5B0E8ACE9D831CBAF13A1B182B3A040AA810	D60C3F60ADABF5050E036EFA351EB375FBD83222B889F061724BE226D542844D
C:\Program Files\Adobe\Acrobat DC\Esl\Aiod.dll	data	2D543FEDFE2466D984344063E556308C	294F40FF41040D75EFE43D2CA35918C7B9A77DB9	70E146523967C2617065FDED28D3C99C4DDD25AE6665E9A887E1A369659ADC90
C:\Program Files\Adobe\Acrobat DC\Esl\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Adobe\Acrobat DC\Resource\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Adobe\Acrobat DC\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Adobe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\Adobe\Acrobat\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\Adobe\HelpCfg\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\Adobe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\Services\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\Ole DB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\ado\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\System\msadc\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man	data	04709F713DBACD448FB170019D189E35	AC711B318873FE25FDE14345FBB5D153501441F6	C3F2A34963F4928A9733DE0F1765764C0E0DDD2CD10002E14B52A01417987441
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man	data	CE00969700375E70EFD68BF2241977E1	4D18A36BE1E7E2F04BC6FEA5D9B9C1D432A20D70	6D497A2404ECEA0DED770570E9211C0D8C65D52573B6B33949E50868A7F1F7CC
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystems64_msix.dll	data	B22F39B63DE847D877D7FAACB702B0DE	C86C080E0B66C4153392D42E28BEBAC0B705C65E	EB860902947064BA84C268D9E67BF611AE8CA5511180EE32C58C2DD48CAE6814
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	OpenPGP Secret Key	28D5C7A12E28E06E7E68D2BCCEDA0CE3	B0DE5758374121FEBED2B5609D16967DB79D29AD	DAF06B8CD47C8F956F3E2C6EFC1801A90A37D5B3FA7F2792C0F5960334148E3D
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	data	598DEA4DDAC60DA353017AB242FF5AB6	1AF284A9517849149EFC8E4AE49B23BAD465B332	A2F24F7C7479A70BC8B5118431D5E5FB852E5C8C1098029CD55BB7DC514C673D
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	data	DAAB90CE1853608D6CB398FBA85CDE40	EB74DB30C5ABECA2633ED57E03041C5AFB17A30B	BBFEDD73C932B366E5766B9C1714956D7C9D1D9D90A9959FBB64178526ACA6AC
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32_msix.dll	PGP Secret Sub-key -	8B11FF818F185B671342446F1E969EC3	A67C7ADB2DB9682D8396372DDC39CEA85F36B701	5123CBC93390A85CE1BE4F78C189DAEDDC9C0593BE67E97A2720C935314E0D11
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	data	8E10D3F6574DA67235717008E79C934A	67E0E831C2788268B047BA4702A2E448113F003A	9C4D69B2C285B445FF770B38FE44761A3C9A65226539290329406BD7F522620E
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64_arm64x.dll	data	855B5A201F88642C3AD324959CFC4F55	795F4006F2E41C07818FC4DF3EDB86FBA459941A	52E2FF6B054C5CDEEB90159926F324CC47814015114093043FFAFCB361FCF7D8
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll	data	ED1F7201E462C1B060E3FDC245449BA0	D2027B6EF8070CF8841CA468D5F89B476E40FDC3	EEE885DF3364F71FCD38D51769A2AF0E98F105E8047CD5A387AD3E781E7F50CE
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	data	85FB71D17841F9E0DB0A5F106EBFC8B6	67E1DCF4276559D05E06648C6F6394C5D15C478E	D1A67E5389223E25CF71E6440D6B03A30D0D966BFC7993785481714FF9423963
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	data	956E83596A1C3A299E5435597F983EAB	957D083114BB773F65C4A481771997C60F7106A0	059EB7E0DAD017D288871BD0D955D2922DD4731F84B44C7BCDA831F76723119F
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll	data	1708244903CA15B84EBA5C096EC5DBF5	A34734E98B38698DAFFFFF56042ACB28D277C79B	042FCE0277EB2701C852C4190711D29151522F49FD41D44AF4E25B7B2746246E
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	data	AA97A9809CA2D3ED168722B8B4276411	41B7C1C9982612AC43D56CFCEFE32CA5A4F02E1D	1BD217F2081FE5F34E0A6439A87EBCE6B2F19E4BFA0FDCD782625BB29B5EE9F3
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll	data	1F56E5D7FF25BF18C8BC22642C5631A5	E5D95C8724E714A24561D2723B3E4D8DEF115588	8EFFD2DC1A692551FDB09158B240D463902EDC10D6072111623168128404FAC7
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll	data	FE8EE615910467A5100B0075C0744DCB	4EA568FC4E019D22A5B34CB09DB3474233307553	43B3CC6FB56636F3ACEF7E4E1D55F5120FDF67D89380D1E992382C9D68AED0B6
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	data	FEBF140907297548B922D62473628661	86B2E04BB5D6AE40F1A0BED317B2CCAE16C5B56C	057FE6F11CE4D0E711E9AC91D9FA2131D7CD9924FC9DEA2055FC07827FC31EF2
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	data	7DD28DCB8BD7AC4909600F83FBE742BE	EA87757658990D43587A6C07FBE3B7E5A52DDE92	403D5297F4EA735185FEAA6B317B6115A6D72C1701D20FF3D0B1BE2D6C837BD8
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-gb.dll	data	68D2DA2104B41291894AFF8770EAF34F	89ED0072D1B656918B946AC061F2F73B087E08EA	014A1079FB0A09253F04F348701AE823B933E1335C6BEA787D6358DD6C635616
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	data	6A47B28C20AA1B2147244AD6BCA5339C	790836EEEADEB8D5003B7B5D413539E80187DED5	32BBB9C3995FE042A9B0C32649B27238A49759B9F0050DFAFDC93D1ED4020107
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	data	0C46AAFA897DE08B607DA54A64547429	698148E053C31DA14F62464DBEEB89FD23716341	BAFC8058FB7ACF9CC5C9CA831C73661AF46957ED1827DB4A15B29C9709077494
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-mx.dll	COM executable for DOS	009A19342C918637D7C8BCE3894685DA	E62A5A316F1FE659A99D394F5503AE8BE46AC2EF	A121B0CB4EE8D0B2E0783A2C63E2202EF0502FCF823737C89D0C370193C66CD8
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	data	BCF0DDAB5F8623C94CAEC125C6902BE7	E4DBB23C80DD06A89965CBBF9C5A0818C9C84D41	431065E18C94F133A0A824DE62A3FDE090E963B42675C69AFA73BD2B04C343B3
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll	data	9ED95F05CEB1D493670BC7D71E370D78	0152FC01C93ECB60184181B3F9AE6276AE58824F	115E7F87E590D44929205B1DBC27A97176FA481A07EB4D7D78706DE338F60D2D
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-ca.dll	data	5B912F69D64908847B6407454BFE3F33	4853C97745B493532AB43A68389BB1489B2687EC	A7D0789CC80F21C4B0CACE460B43BFA1DC5B6F904380519381176A5DB3307092
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	data	114A36CBC83D8C766C8165E35F584A15	61182E31158F442073F7224CE3999B3D7FBAEE05	C9DF9E9695BFB2EDD19AA87F106B43D723B41D051F17F49A1A65E420FA9882A1
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	data	D8D6EA45071FCBCD0677ED55D86B602D	117BA172D5A8F259845BEEDD535D87E4FE10B9D0	DCF3E46B59E8659A8BB205432F2486823AE288D62B627163255CEDC7375E7E58
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	data	9DDCC3CB12B7328A2776EB0D00ADAEC3	DCBDF146439A14C5839D2125117B0FB7EED4AD0B	A1997D5BE3CB0FB7DDFB92C70C2FF5663F4AC8A9FBB261319A729341B9E6F91E
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	data	33F7AC15143D84B9CBF4E170DF65EE5E	6877B26238A9E13CB49A6E0745A8714B5B4F3BE0	79661DFE44B13C232D7BAA4B6F466D2EB5207B1A3D2DBDD17FECC78049CCB237
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	data	80BBAA2C9EC2119ADA2173625461139E	5E2490863C68FDFF6652FB19A821B7B66CF96795	633520FDF6D462B0CB1636F5FB90B2868CC52C1D26DFC3828596200DBD63EA43
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	data	61524375D2F1906C7E9C22B2A089CA6E	027B1A53E53813FF813CC5EFE171CC6A9DAD545B	8CDB7B72E4AF2773D5224BE1CB6E0BAF141F3F1337723083EDCF44070481DC42
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	data	E150D67985C28C0503229B5CD0F95F4E	C58A89A03C25E5CA1050499BECB21D970B843C7D	2D353F7470860D5EA02CC27D44702E29E8A9F049F9055CDC8610EA0155909B44
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	data	E0F610E2928CA757A3D499321C31E5FF	370AB5FBAD16952E7AE60262A12C42C0EE0D03D7	945E62F98246CAA6144CB120A445A1EE8F706AA7D1F30B8B2ED7ADB60B379546
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	data	C5C6D77E91F3B0D982D26F56BEE9D871	6563246EDB8444828AA53F8525EFCC751C086689	1D2FA20228988FDAE89345EC954293A850467674C77810F177FD28B6824AD4BB
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll	data	10935913DE9F2E8285046295B1171098	10B33C2DA93EA96A1F002A113041E1107939B1D9	A23BFC92B0F1A5992E366F52E61F3AF8DC5DCE63863414D47D9F1EB2982AF07F
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	data	212B6B7B648E29EBF4071494E8C52ECC	C4F913A1B925A9C02C888859C315A16A662073C7	9AE841DC419AF6D84AB30154D1E62D45C76B9247134ACDB77D392FC9364EFCA7
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll	data	07898320DF00ADEFBBF6F44333AA4CE5	C3E539F383EAE87A0F2BDDDA591203DD298A324B	62D9102B45EB86EE4856D0677FEFD120C4EE6851C42C52158EC68F462831BDE5
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	data	16B77E7C2170708825B0B3F94C50283B	17B0D76F3F59FF6C91FD9F2F9033E2A8444202C0	04AB21B94FA2192255D7178638028FD8CAA7AE04F981AD6BC1F2522F762DF6F4
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	data	62727264848B06FCA1564E6879B8A1BB	150E0E6891A97BAD05D68B0462B3B38604896672	0AEE6ADC5905EC686986276B5B37F33C1F53679BB3BC1892EB11F59114FA16C3
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	data	F859D2C17A18E7F7FD3AAA40A7368763	C52609B2CAEB8FD549CE02817BF39C14DCCF997A	B4D5E5F6213F7FB6718080E555B5E0467CB51ED7C373F5DA97CF6A5A13CC0197
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	data	D6082DA3D714A50B7B3E3D98CD0AD6CE	067F9BB9EB1650234EB0C4DD98454AE56BE0C5B2	1397859DAE2255C2D5FEAC2122048E7A4A462A7004D55B9FE252F298918BAEE4
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	data	8D70B3FDBEA2BC157213C6642A0F5B6D	69F13BC5F2539A5142FE6047C8D8B8CB813F77BA	729D85DC0968271FB80677D9CC64068A96BFFF61F06CB78655F9B92B6276A9BF
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll	data	06D46733A94C506B0E30C481135D8F06	763DBB1EA049B7914A4414AACC1E7B1104E528EC	4E680B04F1E8EE991521BC2A01BA29BBDB5962870F30FB989366A1765598E00C
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll	data	001A40EACFCAB4D720F2367A525546DF	B1EDA79A5FC9EDF85A3392790DC4621C881B475F	7A25996E6B8E9B9D0AAEA90B0CD62AE76F7B98BFAF56F5C07D6FC2A91B3B2FFC
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	data	66741FDED697E9D8E2EED52E1BA00417	DAD38E03C64A017EF9F8235B78B88E63DD2B4F85	876D5FDB19EB74A98937D873805AFA49759EF0802CC9BF0B70A23D641472275D
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	data	77C2D1DBA541451CA68B5C412D666CC8	DD4CB771ECA47160E51F31C73C89F4BA11A5F84A	10851A230967DADF71309203E0DF5CD511D12332EE474446F5F5420BC44CC347
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	data	1A9498B18539F12D7F7DACFD6A3C1D75	9F210883C8B279467DE1129659F5E58DF799102A	096DFF75DE31AA2025AF84D56D1DA12AF3218794B716076B41385C4260237757
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	data	2ECE51563A372A02B19137DA0D015D47	53B1616F3F1D8B042239C8F35ED7C02FE9E19BA8	A05717E8515BFDB2BA1BED94D177DD3AA1CA85DAA2DF3E783FBBB9C2E1733258
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	data	3F7AF49AD9897A0BAA7A2D258DA7D6B1	1E0D682B989F7B88E5833BC692CF3E1D11AD3AF2	58B1BCD8F12318599A664224095E3183EA47710FB2B7B486A443651649B66E42
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	data	8C9A71573B80F4DF1B1A13086F39DF07	F6845476E767BDD6E81BA96B650FDDA6B9865019	1BD431DF21DFBB4945AE0EFC12C7D0168D6ED6C3B82EE72BDCCEA986ED92CAEF
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll	data	76BF1640BFABC0649AF2AD2FCA4DA30C	04C8C3288100CFBCA7000CE1CF53DD2A10BF2800	12F5F459FDD85AACD13EAF8B3AA74B2FE30E8A32C5C938D9802FB70FF4D63480
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	data	0D4427731637A93338F080E444E3F3A2	F5DB05665607031CA10B19AF80EDF9779EE31AB0	F41C90B5E4274750C2E918C96AC15985B055643E352F0BD8EC90D7489A9A69E4
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll	data	4FDA31F93DFB0439FE199E015074123F	7D6F02C6777504B91222376FBE876143E2932E9D	7DA9E8CF7AED861FF4E99E79BA02D9C86C036894541CA8232618BDAF3C4B651D
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll	data	8CAC189770D5E9F94DB28279DA6CD791	EF9BD81E67B6AB87BEF8856C6D8F7741E2D91331	DE0D6DC8EFA4F72083790513F8D2BAC1AC504814DF6DFA23B30DE0976EC8257A
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	data	FDFCA72A94774E41A2ED44F0F29328BD	9F38F444478E386190C797D61A09CE8AD88831D3	F7F4C13ABE0435DAC4280B134B65FD77DAE8D5EE879B59D31B6EE40CBC38F7AF
C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	data	50BC231D1342A3458D004F4E156A4DF4	412207E7DADA97F5F5701D9995C9E8D625CD0034	2C253315EA4B245FE4A5F0DBF3614A28F6A5C055749474DB90FF4F6768A68E15
C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	data	F6EB557D29B229D7EAC48A6C67AD14AB	309AAA150DB27E961DC504E52D37A561A6EE5DC1	4DA229FF584A6096B8891E1A7FEAD44878AF47C4EE8C0C36E58413E03FDCE663
C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	data	E5B261608CF6D128235194283939A9DC	69D75361B87292136F163C0BE7ECEE42F9B72E3E	4EF81DC9942D136363FC461C6F3194167A2B65B48833FDA3D2123EE54385FF55
C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml	data	AABA32A11D5CBE963ED8ADC71E37D20B	24D92452C579990C1F1578BE5B7A2EEDB2320898	5C175F7E52CDE1A76A160B77DE148E3A4F7F779210F9B662EB273C8EDF4DBF8C
C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	data	B21C581743249F26447CDD2630287A1A	2D79A6A57CD38E486BFD1887FB4CE5BDF2A8D356	9FBF6DF507641BD3C6E31A7C0D439D4517A6F0E211580551F1EA9F6935D1EDBE
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	data	37CBEDADB0A26983C3D45CAD233A4CF1	01F5507699A88D105AA72A5BEEBCA63ED841C24F	08A6BD2BA23890090CE00CAFCACA5315E04A9A5730B63343218DB840B0AB2691
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	data	C8DE05B5224EC50AB1084F6EE30AFA08	089FA313AFCB038EF35136871673E2921FD8B022	DBE02ABBDDC83BB2818460113496F12BC4A788A9E5578241BE0AE14E82192887
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll	data	EAFC02D65416E39FB427F4FEE35ACD5D	E0E8E2E35B57529AD9B88D8AA117D930D8C6C9EE	82A715B4F328C1FC30F04F40919B9E1B276E0EB37846235B2E6F67E516B032D8
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeOEMPlugin.dll	data	DE147FA3DBEA4652D0A666715A7AC39C	21DAB9294FE2CCFFCAB28EBE7ECECEB5DC6E1945	4BCADCF45929D26D979ED11006ABEC932304FF2387FD2B75F096F93E0B968AA0
C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	data	75D4EAAAF189AC8EC1E95318D0111FD9	C911801AC5BB7719A2D86E5BC6B0599C1DDFA479	422370949F34EA9C5A07D5F1609A3A486B3C40BDC12A28F204E815B8E94127CF
C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	data	6F7A4A130773C8DF8F3EA46584693F3A	CAA7C61A1257A4930C376E008B61ADB1FE00D5D2	0AE172F7F989B4B44294D0C5310019A2DBF120A252BCEA08B88BE9EACF0CFE6E
C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	data	747985F67EEC7D922DE59E88FD77ECF8	351E673E66DBF79A15DD6FFDC8CD16FAD07C0919	D99C56C52C30C8BC64DBF4D38A02D46CE02A0367ED025412E4236774F4CB3819
C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	data	5C444146B95D9325724DC3FBB52847C0	0785F8537F5852FED84BEEAA20E56871FB6A5FEC	30C45C4697ACE0B6696F656EB581FE6936B8A4342DA9B26EFA227B24046688DF
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	data	A6E6DD544FFA6AD506E3F175D2394A7D	8C43B415F85545C3A8D994815E1CDCFCF35E7673	1467E90826AADF1E72F84BB3846A7689C817D55109F292144B3718E47A90E4D7
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	data	253F28673212A9A3005C6CF3EE34ECB3	5B1B30D4099AE97894D30D32363564A05736B87E	CC073E60579ED6C1A1E1752199C14E5B86BAA185FF5DA9EDEE9063B8FBC46E85
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	data	598DFDF0A5D6174F0D379F59A922B6C4	62B6D5CB8C620EB54E6D9ABA271D16FDE82C130A	D4B679218DA40E0D2AC7C728F82E2BDCCF3CD1FD2F828FE0A4846830474AF228
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll	data	64976C1FFDAC89F7A4F166127781F2EA	D32C580DC18D0E61A7CE35791B6A5AD45F8A665F	230A53E17359DC97597375EAF8FE3E3152AA484C7F2162FCABDE22AB8D574FFD
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	data	024BFE1E988D91295CA3DD39F1C19058	C33C78D390C04558CCE5B1F5365F231368C100B8	3EA8850CA9897321EEB1B4D12018F9AF024C7D58898A8490F64181CBF563D457
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	data	CEA7C17E2CA84A661060B83CF846E10A	2E84E510E78DA06BCFCDCAC71CF3A757CD1DAAC9	6000E1558B9E8B26B5AA62A542F905ADE50A5E6A315ED4C4328A0ECF7A3539AE
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	DOS executable (COM)	55D33DF794AE788E78FD8A07F75B6E47	3DD38A56E48177D3898C4706291CDC8947241228	D2A9133E3967FE0134260E9D0BEE64A511CE47D6627818CA9B224AB8F5DE2B62
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	data	476FE0595AC069E159DF840F0AE25320	6C1BCB0B4ECA87CB315F4749781B5B158F6FB2EF	F3B843600762EA0E019F4E480BAB5ED01828C02FC2F905FEBBFB7AF052ADA4A3
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	data	69C45BB98526F60B433AE1DEDB10E9C2	2554E4F4548FCD896EFC6F3A193DFDBCCCABC560	434C5F85E5EE0E48BC78DA674493169C9253DA9BF9A7166F6DE0F815A9E12FFE
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll	data	B3AD9378495EF9233A33ED7ED2FE8567	FB361059B2F9030913B5BE0B1C21B123C89FC263	C06254A0A46B312B85BBBF6B5FB82D58D69020FCEE6950D1FD65754BEC5ED5D6
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	data	741BCA7668C7C496B7FEBFDFE499AA76	7E29AE7F0F8A68626DE302368ACB1F0404B890D7	AA51BEABDB2BFA9825F47C1E8135E68D44798B7DC6020F50B977169DA9E6B28D
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll	data	41922A84B5096B30CC5E461884DF97FE	91D8FFE3E316A9E1435F6EBD891EBB2E3EC1C9BF	AD77210D68ECE1F12452F91679E75C4F7D2822B92F866F96B557BA62A47EFC80
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	data	4E11784342D14E5CD9B4C2C82623C710	B7CBCEC0316D742063F1C29BA13774736AEBF6DA	74C4A0D0CAEFA1B42F3955CB45D01BF6C8276C966D245FF216EE8A8F0B64C6CD
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll	data	01748077E2630B842E2B264C4D75E8C3	DBE6D226C673786406C11407CD7C153687FC84F0	C9F7C10F4994773ECAC788482E8ACDF399A9D284CE467DCF1F64FADAA1B4BBD8
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	data	D252C6A026AFB63439E51E40CEA7154F	255D8CB928BA545840D6656ADF0ACA85EC630468	CE812C34B228A124805DB5474A576AFF8DE593D7C9FB3AECF1BCCDC57BCE4D5C
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	data	CB88F98DB939334D15AB6F6A40E025EF	9758FB2F5F07827D65E05EBC68225A0C44B93D72	D8BFF5DF9C420C86FAF20837337E8B4A50B2EC903634A9169996B916C29E767A
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	data	9FD54846BDD9B43ABDE46C34FD497DE2	812EA027F63C988F11FBBE85B479BC4AED5968C3	99B4DC7DDD033A61CD85E4CD174BFF66EB1B7B41471004732A540C1F9B29C6E1
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	data	9D7F19C82456D5D6DE27B26F09CCA2BB	267E52648E0147C32713D4EB0DD8813F544D5144	BF5C9C0E492EAE94BE817690591A32075AC9C8543ECDDEE098DB46A31DBD3350
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	data	9712407DE843BA4F553BFF545B9905F1	97B7CE8B6A8F55E5AC7E18B6EBF6F23EF5AF35B1	9D4E91281D438129962C7911264514F0369A8153DE4E124F8367FC4C74B8BD19
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll	data	25401270630ACC5310D51E6072E5AAF1	C96E827F5D4C3889E322AB906796B0A3DCFA3B0C	32FF9F69C79BA2790B6E1E214134AF9498DD7062EC187E7BE0E1B28693283EAA
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	data	242C78DFD1016B62A5C46D3AA9D9B5F3	7FA36F42E71598F7064565A4059640215CEB164F	920CA4BF289F4DF420F766626BFBF447543FC2F9F996D4F7B0AF3DD709DD778B
C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	data	51FC142679C4FCA79B1E497BB7546CA0	53215F9BE7CE34A3302E9824DF4281771CE3CC17	A7DD797B2F7D2EAB8FD685D1094B84AC3469EB73F2E8937DE45EAF17F76592E3
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	data	66BB2B7F42B6EA0097E7CFEE0CC53050	83C3EDDBA606A4BA25135449E9A05A74C857FD0E	FC471E2DE67060A8ABD10E3B54DB25A17DDF2D6CA16F7A928F96F739BEF756CE
C:\Program Files\Common Files\microsoft shared\ClickToRun\c2r32werhandler.dll	data	5CB9A789CF093E8C5ABF27F3E5162E36	3957D89375F8FA986709A9FA952375752C858053	E51DC8C1A1EF3B07E72244F14016A9E4DD1C78429E9DBD88A321890CDC7E6EC8
C:\Program Files\Common Files\microsoft shared\ClickToRun\c2r64werhandler.dll	OpenPGP Public Key	F5D2BCBB0FD62AF7AF487A923E7078FA	CC00A5A750FD606005ED978252435B3EAF3DA647	C5457025F53DBBEEF16C77851D97F9E90D6EE48B8780E3CADBA9F014F6E642E2
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat	data	7F8DFD2759BB8DA6D85D345C7CC803AF	D9EF511B36669F25527590BE3016FDF1F961D992	3E2C6062D6FD0F873482B4FA3630F3E68AAB6F3E1F4310DD15F77AAFE4AC3DD4
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	data	EC1418C8E49662419058FB57B0BFC0C5	882A84FD8040A19C11166E7C8D32D65AEB5BABD8	25291675247238356025CE99DA91845A4E1E9A3CAFE75F61987FAC9B27E00A50
C:\Program Files\Common Files\microsoft shared\ClickToRun\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\ClickToRun\inventory.dll	data	4BC011C1CE0FD3C53F29D1E0555F405B	4E341FBD9FB3709A70775EB907276642F8907012	45F17C886C78C22C90F2895196B57B3064994423A704B4486FE82026B191D232
C:\Program Files\Common Files\microsoft shared\ClickToRun\manageability.dll	data	24360850BA3E8DFF935E5DB2197CB88B	F9867632F6DBB9FF8F2B92706F5941724DC713D2	8B0EF07E31BAFCBF8BD682D5A7A415F2F62BDC042463B7757845D50FDDD6659B
C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	data	8364315E16D146CC706361F7B5A0F624	820D7FBC2EF3626D515F36C0495F1F93192D6DA3	D1FD83F3521FCCC629252DFBC9EBA666D5106AE94F8FFD1015F11E8176E1C811
C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	data	DB62782F8CF6B7FEDF97B08EDABFEE4C	22FE584931C356310BA5FFA7B38B8DFB1F0A615E	BE08B8604C1B8ECDAA9D19874D2B3215BE3E4991AB73E69380CAB1B7E1CD7A24
C:\Program Files\Common Files\microsoft shared\ClickToRun\officeinventory.dll	data	29DCAEA65F320D303B3AFB3B6CCACF2A	494E2AD109E87D18A636F1B270227D9372F66E0B	CE7E190F3DC1DBDA87F42D3646AD51EC3043823529555DC5F2F2AC8675E9FD9D
C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgr.exe	data	6C98EBCA3DD5815EF58DC70228792910	D813EB79F6792EB7CAB88B9A19FED0DF5A985078	6E0881A1B90C393103BEA03126982C257154CFF5DC22B80D6A09B7155B70414F
C:\Program Files\Common Files\microsoft shared\ClickToRun\officesvcmgrschedule.xml	data	C920BB1BF28883CEDDF4D5DDADCEE962	EF1C32CAF8AA1194C0F5E15E89681EAACACF85EC	B792E49035FB757E2E6663AE4081D4EB0A14C1C4068499A75EC7F20DD00F5F06
C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	data	ABC7D4B8430F933421ECC5F507812DA6	D7CC44EB4A487EEA7D90BE240E55F92117633A7C	FF013801F18FD78D056166259710117CC1390456A8FF05DF296FF0ACB3E9BA05
C:\Program Files\Common Files\microsoft shared\ClickToRun\policy.dll	data	C6AB82525AC97C4B9ACFB1BDA7FE1733	F7DF609CF874199CCA5A07B2C0A4A8B687C538AF	E939761693CA781A81C06DAC1BA08EF03343CFF09141A585A1EC30AB1553F409
C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll	data	E2DCB2AB59CA6E0C1A43D5776EF8B4B8	3CF69C3CC23547B33CB160C48CB5574A285E13C9	0F3C81DDAA67A4BFB143A587C5BA4447B0D26182FCC495C68BCEFDF3535476C2
C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	COM executable for DOS	8EBEB0505FADC9DE1B68BC44540D7C43	7711E17ACA7B91A60215BEB3FC415E008EC72915	BD4D2005B62D92AC122FF2C235634D6E9E95A5799204A16F4890A8C0BA419F0A
C:\Program Files\Common Files\microsoft shared\MSInfo\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\Stationery\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\TextConv\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\Triedit\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\VGX\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\ink\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Common Files\microsoft shared\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml	data	FF3E3F29CDBFD66358FA8ED9EE9C4CD5	395B3BC87B10171680CB3A87E4763F436B61CBD1	CA1AAF3C413D8EEA901CE5076A45F1AFDFF7BF972D0769BB4AEFB001F24A3DE5
C:\Program Files\Google\Chrome\Application\chrome.exe	data	94673C0E328B096E07CDFB294BB7B570	37194654D25BEB23F3AE9ADF8A5E092E62252FF3	67E497023E8075D85F4D62B0B28B8FCC9B063A37B89F996AB053639654827938
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	data	B39C841EA5027C169DD4A248740096D7	A16922DD53833264B4D67E74D3C9A6E4E90C73A0	2C812BCD8445DFB31711D2E315BA3BB5EB918A6AFF58DA7E7F141B1E8E4B5AE8
C:\Program Files\Google\Chrome\Application\initial_preferences	data	D503A42DED2F243E0F9141C316DACDEB	92EE284932707C4F7578F29F576BBCB260519D99	BD13B7ECD6EB3A3DFBA17E39588B9BA48764CB7544BE7ECC468BC6D4DEB38BF0
C:\Program Files\Google\Chrome\Application\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Google\Chrome\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Google\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Internet Explorer\SIGNUP\install.ins	data	2507CC28C9667D214C3BCFEF9AE861D4	028FF799604A6990B1D5D9AED87D3E901BD37539	0D8F7932F682E1E02FED4938ED695240342152D7E356119E93AC73BDE3275267
C:\Program Files\Internet Explorer\SIGNUP\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Internet Explorer\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Internet Explorer\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Internet Explorer\images\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Internet Explorer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\MSBuild\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\MSBuild\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe	data	58210A6665C9D0F284D5E4DE829DBB58	F1B5091C94CB012CE6E0F664D92A2615191B6A15	12CA50772E866BA682843C1A79AC7D252737BC5AD119704BC935A036927FD432
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe	data	A14D8166DB48CDF607D4A7EA2C9D02A5	19F1F75E40CC9D329A070D7405A9E5D9725488C3	B0DDE618A49E1D75D96E1BA8F72014427F9A32E95E9F6F782D33BC8A75F1D4EE
C:\Program Files\Microsoft Office 15\ClientX64\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Microsoft Office 15\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Microsoft\OneDrive\ListSync\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Microsoft\OneDrive\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	data	C6123DCE1774F7D38C192AD284F7B82B	7C5E37435C0B84B2743AE85C1C9FC91AB6FF184D	2C288B569CBBD23BD22D545AE4D8F0D4C1EF56B71816273318F650D97D7C6F8A
C:\Program Files\Mozilla Firefox\application.ini	data	4C9A67873385C836B015359E5C7FB8C4	98BDF784177A5D6B5221B115BB2973205E8581D0	7D75E0D5EBF9312E4A702CB1E0A276DAD4984926F591FA647D218F806AB2B22B
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png	data	111BC4827EDEC887F6891252F48C0C4E	4E0707CBF23A32B3C44DC3B7D47409ADDDA0819A	AEACE2C3B9214DF3989B415CD740483F39F2B21F602E38E3EC672C5110D60F65
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png	data	AF6080430CD63184772E7C7799EEBCD0	50EC2416A68719070D42656F895B4940F3F1B29D	BDE2078A2E8E0E92846DD30CB3351B7F8A5D462EFF05E63CC1B30C8F04610586
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png	data	BCBBAEC9C7F654E808B2F18F5894B982	5049C193F8E1FEB803CDAA505CA1EACF163AB59A	312EBB792C39456D148BE091C92094FC2298AC50F75C6AA7CF1BC0D096950CE1
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png	data	FB2460177BA72A4956EB43D972E64731	DA3EB1E9A0F70AC1BC9AC5044DFE1D9D72B8CA71	698B5D1B530CD9D9EE1A1FF4413C918EFE28FDA8AADD37416DF30EE15A42FF31
C:\Program Files\Mozilla Firefox\browser\VisualElements\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini	data	A85A630340B5F0DC5B20DB5F16EF4607	64FF92BBEE71B614597E666D2D4EE91DE4C673F6	7DD3067940D9F259357567A7228D7D351B11E726377A13CAA9B7B727026F1B46
C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi	data	2C62B28038129D8A5EE2155BEC550DC0	AAB404821AEEF69E15D920B8EFE9FE0A379A6C70	AE091C4FD0F4DF0EC6C1E7F9BAEEC99549F7E3544D1165108091AEA4AE9B540D
C:\Program Files\Mozilla Firefox\browser\features\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi	data	EDCAE3F487E92ED7D2587596286F97DC	9296E45758382686BED91E1694E9D410A8A8241C	D6CE2258B73A6A579632E34EEC280F6BD5A926D659626223C7E99DDDFD7D1760
C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi	data	8FFFFE99BF539F45C9E8871E2EE886BB	E4B8E1B3EE26EEE62457A01BC7C4440E220F5891	1075F673D942C66C34FA341C291F6ED7088944CB74C6DD1869C51AFF183B8CA5
C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi	data	9231830111D46FAB1727300C25E02088	0321C5BF05C2233138C4B4C90F5F8720509C81D6	79B492DE9A25264304C217B353EA813086AF7901C705FCE537429E78D9D74233
C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi	data	C5D2B78069E673123CC140DA328D4F8C	912E3294F5EA347E36072A05C538A83131FAFCC7	A13C18CCBF5672E796BC0849EF28D90E664D3B3F4C03246B402D7D862BC30B3C
C:\Program Files\Mozilla Firefox\browser\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\browser\omni.ja	data	6D32C0291D47C566797E08A66528A242	8878E6878FB49E6F1918E8BB0A21927CF24705FD	2987EE16F461E723E9DA6F365628CB2BE195615B79F049C9284D2F169705F7BD
C:\Program Files\Mozilla Firefox\crashreporter.exe	data	42722C7175A155014C6E467881838F1C	A7DE822F6BEDDC4372BE8A89E030E8D47B5E1339	309A9FC31E83DB242D66597F38D56495E96570F8689220D19B096436E3C47554
C:\Program Files\Mozilla Firefox\crashreporter.ini	DOS executable (COM, 0x8C-variant)	9C21900AF980251F98696A3A5BB18A71	7E7475CCA97155182071E98BD04146D3D105811B	2939746864F941397C872C8E9DDA2475F39EBC9680D82FFC5EF2D061427071F3
C:\Program Files\Mozilla Firefox\default-browser-agent.exe	data	D891842929BA0E7CD424C8DF7E17ADE1	881E61AA40556AB0C9447B0978A2DE3DD33A1E82	C246F2CB1EE82F0960DBFC4D531AF47649261DB77E6F76C72C3EF41536EC1144
C:\Program Files\Mozilla Firefox\defaultagent.ini	data	EF037A360613E8382C54EC29E200E2BC	A74443010F731B6471B1C2D23A823A7301144E24	7CEB12CBC9D50A8B6682B429D81F2E1A0C086FFCEEF35DCE7349AA69FEB405A6
C:\Program Files\Mozilla Firefox\defaultagent_localized.ini	data	FED339919B0F091B95078A2777776B12	DBC23BC8C10368074F72DA7D91EB1055F3D5B334	F7E77D3C7C26E278850F23E6012C66F70B59352848F6D8E536BBA0D18374E866
C:\Program Files\Mozilla Firefox\defaults\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js	data	F7B870454C5FD17F115B5B04BF3D585A	BB9D893B4281FBD50D3D6F08BB4F80636F7F5B49	E11A7C683FC3739FA8B0283DEDB40FEA60AE08E94254AD7DF1FF072CE16A4E5D
C:\Program Files\Mozilla Firefox\defaults\pref\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\dependentlibs.list	data	E7E5352CB4C5D2BE18D87FC0801AD79E	45E683C5A4F9B4F2AB489762ED46DF6ED323317E	FD369FBAA8D1481C7A59681F3E83B69FBAE2A4C4823392F44CD9444020AB4295
C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	data	44D6EB256A8345B0B6F8746AA00DCB2D	891FFA72EFF39DFE4A40993117A9D260A3469115	CA804E09A04E5BCD2AAB91DE3403CE50B1740A437E3A8A0D13FDCD7D9D039A8A
C:\Program Files\Mozilla Firefox\firefox.exe	OpenPGP Public Key	57E0B3379DBCABE744C8CD8BF905812A	B6B22CF13B1446969C986E81FAE97A94A71A38D5	901703A9F97754F55D42999E3B3DDEB752D59BB00D1BEAA0AFB244ECC17B8204
C:\Program Files\Mozilla Firefox\firefox.exe.sig	data	55567E87B2B0D591AAEAA5AA912C51FB	8A255A9C6340C551CE7FA2372E871E6B1557443F	F71C89B4C2E489E5CCBC877F82531C0A3548616BFEC966A83BD1922E70ECD78A
C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf	data	DEE408DB6A08176DF90A21020A64A687	A119F32733E9504CE2FC2098F779CBC7DBD316F2	D8D3B701088CF0D7012606395E0ED0FEECA4FFB4418E41FDF1C8A0ABFEA71825
C:\Program Files\Mozilla Firefox\fonts\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\freebl3.dll	data	B7CFBB89F0E3C28CD16136063A7D5E0D	EBEBAFDC653B30BC40E2606E48C7D8FB48E560DD	BFBE4EC75460DF0D7070DF0B281174AEB01980C3B26FE680EE6270A14A65A4DC
C:\Program Files\Mozilla Firefox\gkcodecs.dll	data	A27EC7F100BCE4F38A00B4429057862B	1DFED70004A24CED6687D2C7658598F70E7CC8F8	E66BE01CED2C82AD6C3CB8468DB3CCAE8C8ED2055394F5BD5F99C85293EE367B
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll	data	1886B2B2AC892C5338FBA01C5B676152	03F9BF5D9BAFF39C0122468BE2C8A4E15D8595E7	0558BC3E4E8ED34F31085B9FC3B48FD32FB201444BEA6E5DFD04687D9B0B926A
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig	data	A85F54871DEB9A5B42B31FA73DE98AB3	6493BE13490ECFCC1DE210DF2576C69E46C9FD3F	CCF808C092A1995778744E1C94FF11FE141E91999ABA9BDA1BA63A761F409B10
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json	OpenPGP Secret Key	0EB228B71B6334AB8DA6814BDE17A65B	46B47CFE30F835BC459DB72ABA2E815B8BCDEED7	E33DD7E2658A6944936982F1438ECD79AA4C921994AE24A54699FB0DA7F279A9
C:\Program Files\Mozilla Firefox\gmp-clearkey\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\install.log	data	EE285DE3A4D54322CFB54751E0F2F481	FC76C2986532CEE5B86BA0EB3AFA42E541F39280	199D505FA0E522FB037FD53C1BF98D28856C4EDCA6DA38E9C448AD5E3922B805
C:\Program Files\Mozilla Firefox\installation_telemetry.json	data	2EB308A4CAF50CFEA55D8DB0A7CC4F12	D26A9D407F64E932E479451DF4079F64BFA087C2	B39A374B681F8D6A383CE205437223951460379185505CBD6CAD107C57DC9FC0
C:\Program Files\Mozilla Firefox\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	OpenPGP Public Key	8B7188FAF140C1F37252F44051813729	5858C5AE5220EE5F9A15C31E26A6CF42602426B9	384BC8AC66B320D81AA19074DA06EEDD99FB6B00C67822F6B429B6EDD0685E5F
C:\Program Files\Mozilla Firefox\lgpllibs.dll	data	B87974CEAE9313366B5CBD2B5D662DD7	836330783AA821D739512B292F5E7F0B576096EC	2422735264ED1013124ED0E4C2DC0396BCE8FE1E25B3DC0AC27E73228CF3A06D
C:\Program Files\Mozilla Firefox\libEGL.dll	data	EBE961F2BCF5F2FF610D51C8E6BC45B6	3C7C65A8319F3553EA046EBB0A5C4351DA927D8C	F9F03844A0A0B4FADD5F1BF26C7B04595F6C9E7234A7C5F4B68B2993982ECBBA
C:\Program Files\Mozilla Firefox\libGLESv2.dll	data	794FCE3C62D02F7AA62E64303B66AA3D	B2CA3319DF6FF5B2154D46A4E8E51E270EEA9A14	6459481B0EC82F0F69D27934F4FCFB6C91FFD86072F85EF7CAD7D76C693FC6A4
C:\Program Files\Mozilla Firefox\locale.ini	data	A20466FAAEFFCD341BD30C0B2B7578F3	4644F9946305B6667FB97702937B447099294188	78B84C07D77EDD0472EE6F41C850D2B27934BD389BC6F91F59E973094B0E7F3A
C:\Program Files\Mozilla Firefox\maintenanceservice.exe	data	8CD11CB4FB9579856114FEBB488C0223	9F4CC08DAA13D9CA9733354862144738FFC10F90	ECB6DC2D1DA881B4EEE3605CB80D0877E2C47A8346E594C7FB44559612A233F1
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	data	2E02CB60B4D5F6EA2DAF944AA8BE4F9C	F13CEDD09670EA357FF1D049932E3BBB9778B9F2	65531CA2E261EDE0EEE6DBC85F1BF554DC56CDC9CCE47E528E47687394FEA9B3
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	data	EBD8E3287594E8C2D9C5C0DA106522DB	CF85838983E84E3D5C328FAB79FEBC89820A1C5D	66F483215DFAEF70DC2ECDF0FB59949BEC086550D5BC0AE2E0CD5A302BE33269
C:\Program Files\Mozilla Firefox\mozavcodec.dll	COM executable for DOS	57BD438333582022F64C507319605092	2A5CAC8A18047F9277F08CF3FE8461C62E3229AC	46AFCDEB395A4202872F6A50A8E7CD3FA5E91D701A677C02F539CB950558BCB3
C:\Program Files\Mozilla Firefox\mozavutil.dll	data	F60E9EFF862CD73A32288FEF58171195	48B0A7091B9C59C1F2E9F66A927FD462D4509A48	374C023644390F3B067245383C4E4A3F4E0375B914324B18A2781CCF727E5492
C:\Program Files\Mozilla Firefox\mozglue.dll	data	C8F661F098CAF81F1B10CAF13D78A909	FEF9E861B593404AC26AE61E89FA3B6ACE4F5FF6	12DFBA69A85ED129015C5AD0E386F1D1ADCE81A763312185F5856FF35949B245
C:\Program Files\Mozilla Firefox\mozwer.dll	data	8525E0CA1198174CDAB7D6A9775BB925	2400C30D651A792DB4E920EF25198FCF13D1BFCA	86704824FC715B154491822AE8BAFA45EA39F914CA8B11EF35AE2C4E8819C326
C:\Program Files\Mozilla Firefox\msvcp140.dll	data	5844DAE3B78BD6BE70CC05B358E99B55	B58C0A9E8D91DBAAD4E58C2487F4339EF8E4B37D	5783D96EF2CD780DF76DCD61CE2C37FBBC43A1D87C735187BC373BF664ECE709
C:\Program Files\Mozilla Firefox\notificationserver.dll	data	A43E458360CEFCE3D919BF7AACE327FB	6921150FFA0D923263A8D2FEE3331B6EAB65AC5F	F116421B1876AC4C4CC8BA9A5EEFBEA43E7095090B97F0E468C9823B9442F095
C:\Program Files\Mozilla Firefox\nss3.dll	MPEG-4 LOAS	AE04FE0B382F5C831FD07F00148D93B4	B2907508B27885BD686254CF5F2F14A308FE077F	B84DBF238C00C8E77D437A2CE83023BCD9E40426078443BF4B95523E59BDCC8F
C:\Program Files\Mozilla Firefox\nssckbi.dll	data	219F77F2BC62E8E1605799A34C5F1486	9C12B6425AD393B6C61A3A24F3BAA91E7761264B	03B22F25252A4C94D0E7809CFFA4027B8B37C4FD877D5F29CA1B9B476A209FF3
C:\Program Files\Mozilla Firefox\omni.ja	data	722BA4104E34AB87F6199AACF4734C36	C544AE66A5423A64444E581A3E92315F6E841FB5	AF19636BF4AA831D5AD69AA200EBE14F15CD6FC290B4AAA07029CAF6FB2A3AB3
C:\Program Files\Mozilla Firefox\osclientcerts.dll	data	1A99499159CBC74481503D230B3B35A7	7BD92B1A26437EFB64E3EA64D96BFCD674D10810	E9F5045AAE1AB63CC4523E0953415AE0C5EC888B70284D552150FEC4F3570C7A
C:\Program Files\Mozilla Firefox\pingsender.exe	data	4F405A039AC2F165F431710867A7519C	CD69059149B078C2801DA2B5F80E43E535F15FF8	ACDDC9C50AED31612913E6FCCB33A1EDC8B5F235DBF1C4A203B4F41BF9C06850
C:\Program Files\Mozilla Firefox\platform.ini	data	D9599B4BAA181B6095C7A0F801236789	4541F5333BAF742EB1C3536B92B18AC5571B9E29	8C0A408A24C514017DCF4531BD10482C8F5A365DA69397938EDD7EEBB5F2A84C
C:\Program Files\Mozilla Firefox\plugin-container.exe	data	BDF39F30C5F6B7480D65188BA17D93D4	F60BB7F28FDE42559276EA0982707685BCA6550D	F62E6A43346617384EECEA4C47B3DF0D2DBBAAEDE552224FDF7994116DDD9778
C:\Program Files\Mozilla Firefox\plugin-container.exe.sig	data	B02F1E896FFE4B0A2C1AC5A45933C1A3	5CA9FC06B5D1DEB8E195857E0E3B566360FFC54F	85E30E009E58D64466AAF35788E4AF6AC81DB80C9BB9CBEB245F1C9CCF424AC2
C:\Program Files\Mozilla Firefox\postSigningData	data	BE6F5926633ED606304A1FF88FFC46E4	0F4763F9FDDD4FB019462D8318521263F0A4CAC0	B0C2B02E904532FB3886906FEDDD42601AC909237F65036308B88201C4F232D2
C:\Program Files\Mozilla Firefox\precomplete	data	A853FE61FBF559257563447BCB52F9DE	52B64BFDBC496222DB37C32C46BB66DAF4A07265	A39A6D290E3D54FA3E13E4D4BF7774DA0213918AE54F52D4AB947BA7E20A6F7B
C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml	data	2292277BA3DD29B0585DA7F7DAC6499F	21B6EF6F18274A3FFACB2BEF02296B2FAA001E04	7025A8724F6567DE962DE20D789AE2761DB924A772B6265850EF294C22B829E4
C:\Program Files\Mozilla Firefox\private_browsing.exe	data	141D1399D4D8E052014A187B217DE3C3	069E370DF4B9099402CDD89484D738A8BCA8FC04	E991CD916D19EDC890E4FF2E6A8188964FFD30786622F0CA5C3B92B9DDC20FD2
C:\Program Files\Mozilla Firefox\qipcap64.dll	data	34A77A92958AC9B1ADBEE6472F761065	05B54C7DCA71644152E488DD9CFD31AD4A99523E	0EDA96E24800E07F70E2A9742DF0B35B622F6B0A205DC7530603221E79185793
C:\Program Files\Mozilla Firefox\removed-files	data	23BC5B205E542045C29D55EFC79554EB	52C5748353C341305982765815F723F574E04893	2502BC31377517DABA7D9F45DB840F5DF66702496AFF414690A5AF0BEF2DFAA4
C:\Program Files\Mozilla Firefox\softokn3.dll	data	A5595103EC73AF76CE8957EC60C33368	217A88C1E8F86BEB8F1CC9850A382C8834A4115B	78E772A5DC7E935329B594D154E348934622C729B05EA84B6975FBE0E2DFF242
C:\Program Files\Mozilla Firefox\uninstall\helper.exe	data	376C6B9E61950961212CBEF35A8D0045	3FE10705A20F91538C2182141BB41B362A96B645	0943ED190BDA561B43EA95E58BC3615E025F3443716CB13986A6EDE23F319814
C:\Program Files\Mozilla Firefox\uninstall\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	data	E74B338D4232C7EBC1C1838872960728	7B7DFE969137398A68BAF683F5CEB41A5BB21662	0C53C0BFCF28E7ECCF2941FC68F3BDF568B2119F410FAF0F37851D5D4E732B34
C:\Program Files\Mozilla Firefox\uninstall\uninstall.log	data	DE017C6950C73DCD785F00A08649CA92	D7CF1ACE4B5BC4533B0FF57D293E0A9065E69E29	593FA60DF0178B3245144FA0D82F2079555DB7CF9BA65C0C9DC51D761D320B8D
C:\Program Files\Mozilla Firefox\update-settings.ini	data	B77F1BBC22F0BDFFB438B1CE98BFF6E6	1A4F956D3E67CCC22F1E3BA9E7CDAA4E34CE2A16	5A4B89231E720EE17965CEA87B3D6F8E74CC71C49F936058656FEC6A2B4BCEB1
C:\Program Files\Mozilla Firefox\updater.exe	data	2215433C868D1904E7E63516359185FB	676C056A89228BA523A830DFE2722516CD822B91	FEBE3911027D68D9DEA23CC0215351134B3F933E845E4F8DCE96C8BD4076F6D2
C:\Program Files\Mozilla Firefox\updater.ini	data	53C9714A0CA4365F28CDBE0669A01159	B7F025114C2E688C85A1895D63417367163201AC	D7C9CC5E1145D7D90090592D6107F5687F398AEF194AEDA9CDB73B1E09C15EE6
C:\Program Files\Mozilla Firefox\vcruntime140.dll	data	24D5A9C394F0B953776CBBD2421C105E	F0A553C5862A719DD9DC6ECC9ADC76FDB99BFF49	C7F156B3A91EF7DAA8D7CC51E291DD01B30FCD49B4C51E26DFD1D6DF40C0DFBE
C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	data	B04892AB3D2D9703CE8CF1AEBB7E0315	2600257BF39D7E29E754C12CF0725EF366863933	7E6AC277429E3F13E72D71304AB82FBB7C6608FFCCC9D2AD1A913BDA72ABD7EA
C:\Program Files\Mozilla Firefox\xul.dll	data	ED41398FF57759188823D8C0C5AD609C	C7F54A6B4BDC905093D58E08AA8AD4B12C072907	33FDE8D2851CF2DF4DAB5623ED1D158A762AA5B45AFC3C2A5B37B3C985F3EFA6
C:\Program Files\Mozilla Firefox\xul.dll.sig	data	986F194C4ACB79531A0DC38C7B5D1AAD	C36F745933F53389A9CD28A11DF1F4EEE6DE7338	BA1B9CC21E95AA229EBA96757D2C9EDC9D657E7DFBEAD3C11075B638702BD748
C:\Program Files\Mozilla Firefox\zoneIdProvenanceData	data	5F75CB260DF98C13F276ECCB0E6126E2	D6EC33002D98986D9F7F427E7FA2096D27693938	549517DF4A5C056BD0D7F7C70CC49ECA00C86FDB202CB16B54444506640990E1
C:\Program Files\Reference Assemblies\Microsoft\Framework\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Reference Assemblies\Microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Reference Assemblies\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Uninstall Information\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender Advanced Threat Protection\Classification\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender Advanced Threat Protection\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender\Offline\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender\Platform\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Defender\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Mail\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\Media Renderer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\Network Sharing\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\Skins\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\Visualizations\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Media Player\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Multimedia Platform\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\Accessories\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\Accessories\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\Accessories\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\TableTextService\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\TableTextService\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows NT\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Photo Viewer\en-GB\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Photo Viewer\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Portable Devices\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Security\BrowserCore\en-US\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Security\BrowserCore\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\Windows Security\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\WindowsPowerShell\Modules\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\WindowsPowerShell\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Program Files\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\.curlrc	data	558EA847E654616F5FC11DDCCA8A8F64	B243AD8DFC493E6D1EB0ECAA8DB866AA6BA000C1	F7DEF3E2815AEAF0B458BEF121924668477EEEC690660BAD9DB63EE24E17A5DA
C:\ProgramData\Adobe\ARM\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Adobe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Microsoft OneDrive\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Microsoft OneDrive\setup\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Microsoft OneDrive\setup\refcount.ini	data	05C9FD8B28093BDEEB4A6BEF8DF27555	4FFDFC1D0EB87BF6FAF3AEA25AAD6BFBA0E67ADB	A841DCB5F1139E44E05CB337CE9DEAE1500460C23442F14BC25C7041CF223947
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\UpdateLock-308046B0AF4A39CB	data	0F92611EF0521AC5D9E4CB533381B7E9	6ABBF496B19CECCDAE9FA79DEAFE139A666D87CF	D298154AF85EF635D8E6341264EDEF58840D146CC6684C06FE39DCA543B55424
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_6c4d48a3-a9bb-4a17-a28d-f11a368ae958.json	data	FF79F5F0F43F61821E9DFE328AE5D810	894EB70574763205E05D8FAB9C7E6D197AAFD000	1254B94729292CB28B224572CCB4E80C87623780D1C4A087B55FB93AC4542FB6
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Package Cache\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe	data	59FE101B323ED37E682B9863847951CF	888DE77160C24AA5AA2896ECF972FFB6F38E47E5	9CE1E36264D02902B7D7F2DCD9D8041B769C93C751418E1D3A155FBF8A3C4CAC
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\state.rsm	data	FE59D4C3B02ED486696A1172E78644FB	96DDAE9A29B40C4E7F1213A0A7750677A4AD7B56	5CB03E8EED7563A427689819F5E91FDD275CBA02B1041CA4B338EC1FD77D5346
C:\ProgramData\Package Cache\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}v14.36.32532\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\Packages\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\SoftwareDistribution\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\USOShared\Logs\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\USOShared\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\WindowsHolographicDevices\SpatialStore\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\WindowsHolographicDevices\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\_curlrc	data	2CAAB8B8246A00FEEEFE2C91F1EEBD48	7CF14C33156E72B9FD5CC3DD39B821DF827232E4	74EC9AD3F63DAE387A608CB8CDA2618C5B99DE83C6547B7E61A328233D1CF3F0
C:\ProgramData\dbg\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\regid.1991-06.com.microsoft\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag	data	685E6946D07389234092A943742EEC44	7787C9D40D5C3034929166A534676D0E2E74C96A	156C51E636529AA295A7BD8560CD11EB0FF79DC7535D495705774A01111EEE8E
C:\ProgramData\ssh\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\AppData\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Desktop\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Documents\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Downloads\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Favorites\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Links\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Music\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\NTUSER.DAT	data	66DD41B0A180B47A26D0854C3C7DE357	31F06B2017AB10679F2C05D535553F4BEF972597	5140E04B4B379D03CBB875EDFF54D2A2CC2EB97BC4F2A0C71045BCADD5537377
C:\Users\Default\OneDrive\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Pictures\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Saved Games\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\Videos\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Default\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\AccountPictures\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Desktop\Adobe Acrobat.lnk	data	AB72E6DBE5E9C51487EB63BA27AC8628	A1F014B5462EFB5CB24842271E7367D4B8744879	BA9EC7F23BC94A3614EBB59CC41BB683F5892D96F94A52401B25D3DAB760BAC2
C:\Users\Public\Desktop\Firefox.lnk	data	D422E13B807AAD2BB779338BD94FA1B8	0D433BC82DE4971FD3EAE97AD9ECDADEA1FC45BF	36BC627240412F0F36500BE9548A18831E073B0D384DA332AEBCDA9DAFFD0A01
C:\Users\Public\Desktop\Google Chrome.lnk	data	515C174193DA30F8911837E37737C4F4	DF7C4FC907A775B63F649784364F76B5B0CE14C8	870C2152DD7BA6CDC4AB7B6EA830B625820DE0A429932DB9CD91758F9B82A066
C:\Users\Public\Desktop\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Documents\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Downloads\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Libraries\RecordedTV.library-ms	data	B48DA90B13B3D9A03FA53F5472C0E6A2	7E900A6868A3179A39AC0757AC7B8716EA4CB365	01798D6305A0BEF8F59CA0FD517CDE4FFD473D9530E263772461395057D0354F
C:\Users\Public\Libraries\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Music\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Pictures\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\Videos\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\Public\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\.curlrc	data	3BF053144582B0BCC36A3FAF84F423E9	BFDC84AFA54B2C80FDD8AC0431154F81142F5DEA	F60E77F6CF4BF0F2A92D98C88917D989088B3079B8A0F6CC289FFB3F3226288C
C:\Users\user\.ms-ad\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\3D Objects\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\AppData\Local\Temp\fkdjsadasd.ico	MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel	A1FAD2EA0C8FCBD0875248172BB457E8	648F40B1CC77AB6B34013F696F1C07D7ADF303CF	2E6C63AB7769F3F7EA2F3622A865D857ECB14D7F2DDBD4AB64E15B6C3DC5E14A
C:\Users\user\AppData\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Contacts\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Desktop\BJZFPPWAPT.jpg	data	E231633F66F4672DBCFBA132C32156D2	2C20DBDF45401758473EF6BA209304608CDAF342	FE3ABD905ACC680977D02DF7D7FA1000CC412355872FF8CD89C5A52C12DCBEFE
C:\Users\user\Desktop\BNAGMGSPLO.docx	data	F9A3A509B91414FE01A7C20A87367CDE	A14DA3949C330F47FC10DDFF2C0731A344AD2FFE	A1E249CB8FB0A625700A045F7DD8EB6B87C571B88B149F4CFCA86EE5AF32CD3B
C:\Users\user\Desktop\BNAGMGSPLO.xlsx	data	0365DD9CC66AD388CB5AD1E457376DF2	1A88FB0D3EC1CE8FC6AA3A5692AFE1A8FFF11479	94A0A4074BB0D06C29E289179CCD6E6365382AD6273EA1B278C351CE450152B8
C:\Users\user\Desktop\DUUDTUBZFW.png	data	CC88F8589C95A72AA0F65A73B5543E17	6D506F88DCF15A1B03DC2CEC4F5FF791B2518BDA	D7B16FEE8E2C81049BA2B4B980A1999FDCFA00D8D8630258D0595646B50A73FF
C:\Users\user\Desktop\EEGWXUHVUG.jpg	data	441F063764B52A1633000199F2E3951C	C0955A0B8CB63FF873C8412A4AADA3725DA16E21	75E342752697C9B2A1E37917A309C5885FE671591437886252F9362F84AA0BDD
C:\Users\user\Desktop\EEGWXUHVUG.xlsx	OpenPGP Secret Key	20071F09A10778BD1C11E08E4B0A3A0D	39E465C26CDE66010E6139C6266B0866BE9EF271	C745691A1C2DA67690A0961FC7B3167A9D1EC9F385CB394CBA0298ABE194DB0D
C:\Users\user\Desktop\EFOYFBOLXA.mp3	data	378BD3FC40799563DAC41AA5538AFF10	56F6B2DA34B870B7956DEEAEBF19F64E60F4013E	EE9BA8717D28E0CF2892CD277C151607B345BA785A21E289DE89EBF4F74A0256
C:\Users\user\Desktop\EFOYFBOLXA.pdf	data	B20A786C907A7C786BB5AE25F4CDA3B9	BA67BF78C5FBC18BC0936053EE3959D815DCED10	F45C4FA1EB363F43A1B9F78A8762AE973282291798849ACB6E0B9D254004E052
C:\Users\user\Desktop\EFOYFBOLXA.xlsx	data	B6FA98D13F6E6DE5F42D37AC4003E8DD	46984D0E169676CEF73AA5AA4879B5FB81763CCB	9D4A45BF66FF2E334E542BE58A0D3F0F566AF7A8F18154B4925E91583E4C95C7
C:\Users\user\Desktop\Excel.lnk	data	E4ECA0F4C2CACE8FC6CE75525525C425	2E8A2065C78CD96EF6EE5958B7BABAE974220172	0060B2676EDFFE5C9A610573E689A31A17C56EEBECC73663C6CAFA42C733DE5B
C:\Users\user\Desktop\GIGIYTFFYT.png	data	CB6E04388159960A76A98AE86C3EA833	C54F95FFCB6129755E90BBEC9E94DF5378ED2225	ABA3CEBF462A1063E54DD00D2B20ABCEE7F9630469ED53792BF674BCFB7B24F0
C:\Users\user\Desktop\JDDHMPCDUJ.mp3	data	EFC4DDF7384990962D519D599F6DB14E	ABD700A7F29AACD6851896CA7BA107EAD29A5570	5A9D60C959B0B8B8C535BBA0EB147BBCEF8EBEEECF8D77200BCC72EDD7AABA71
C:\Users\user\Desktop\NVWZAPQSQL.png	data	D977C2DCFFA7670C58D85811965DC08C	A31CFE38C21E0E9202699E0CCA5EF7ED4F1A723A	BAD18C14331B68163121A2C36D7D49F5A746FE869280810E987244C1C1BD21FE
C:\Users\user\Desktop\PALRGUCVEH.pdf	data	B0E4D95553745947E830D03F52E97A4C	5AE003E8CE9AF8981157611A9D982653B478E2FF	B035B96ACBF1F34382AAD735F536B6F014B6C94A56BD4895B637B0792C2BE3FA
C:\Users\user\Desktop\PIVFAGEAAV.docx	data	955EB60E02F75C83CF4C4E095A68940D	1B5A3C5C139AD4FF74FA98CC42DCA5BFBFD93A40	19468BA71DFFACAE4EB955A44DFD3A239B5DB107D29AB74B96F909DD75246433
C:\Users\user\Desktop\SQSJKEBWDT.docx	data	126AB42FD4ACE50E3AD90EB0F31961C2	392245B3EFC0DA25BB887989A33863ED9E9E6781	CF13F69676F5A018294DA0376D71CAAFB3B3327B3EB263D3157FC9B0FB5279BC
C:\Users\user\Desktop\SQSJKEBWDT.pdf	data	3B7EBC4BDFD90F52AB28ACBA6D3945C1	E4B49854C5042CF9549AA6C0677057FB4190455D	1D7FF8F7AAC0FD186B81CE24A0CAB2C81E38E64B7D0FE45E70BC96AEC2E6BB17
C:\Users\user\Desktop\ZGGKNSUKOP.jpg	data	EA7B9F80C8F05C13ABC0B48A42191568	5726048E11FC4FC4F2CC1A3CF90F0C452C04E220	107C3524302E820CCEC1707CFED3E8AF86DFDE6163FA5BC3E1702EE90C764696
C:\Users\user\Desktop\ZGGKNSUKOP.mp3	data	9CC47FC7A8A815FE453B4C7EF8409959	453A594FB113FEA1265102F5BF529E6FB9209C8D	E58AFFDDA1A74E4BB98309DDDA25909CA4333C4DFDFD4DE806390BE22A9792C3
C:\Users\user\Desktop\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Documents\BJZFPPWAPT.jpg	data	B0DF6663F006F937A361FB00C373AD45	6448A6AD899103C184242323617892F3E9E8A541	D8FF76A957B091B8C601E941AB209E1009B0B704E66804CC6DC8CC9C04D74129
C:\Users\user\Documents\BNAGMGSPLO.docx	data	534EFFFA8A0AA3C5AF24D579F9A34714	20892CA37C2646A3F69E51A64BC367242B995A8E	F4C0E175D7408CBBF6A9C8AA13860136B25191E43307105824EC2A28B260B688
C:\Users\user\Documents\BNAGMGSPLO.xlsx	data	0AD5246C6CDAB70B941C256118F41939	19DB9ADFBB1CAF31758F5E8A57E6C2F9EF6E1272	B0A31C6CAE07A833144400EBE122DB1820033BAA978ABB765B0FC0A4674314BE
C:\Users\user\Documents\DUUDTUBZFW.png	data	CBCC55513950EB644601520469248DD8	5BB3F2DDB839CE57401B427D2E5B8F2A3701AF7D	7127581A107878C19346C315573B4B6A59A9E32A098F50E9C8123C5E25D08185
C:\Users\user\Documents\EEGWXUHVUG.jpg	data	94E19176B66BE9706624E7A4F7B9E349	4A1EBFA8473F83C6989D96683B55EA4C9A87C175	199535152E0095523CB8DAFA05724FBE25E0395DFE31793144FD50A85E366E8F
C:\Users\user\Documents\EEGWXUHVUG.xlsx	data	FCBB3B0D8DE8782AFC8A0C7C67215CDB	16833A7FBBE07F1BADCD945305E4DC3358734B7D	40FB1A4F3F3D8F330EAD5503A594003725B4CC38CD4C24A0DCEA0D880594D76F
C:\Users\user\Documents\EFOYFBOLXA.mp3	data	50AE1A7EF3304A15152466919974D0AC	A7A6F0EE41139738E287B2A34CD68C3677924CAE	EABFE68900E9BB3FE642137836ED0BFADA5BAE88C023F547D97C4E6B2E00C108
C:\Users\user\Documents\EFOYFBOLXA.pdf	data	D6F52CA4E2739E4159524356122912F9	0CBCD2E218AD6578F6274A9C3666A0C1D9859D14	B94F44E53F74496CE39776D09708028BCB6C8F4358CE3A6AF8F4E2417553E7AF
C:\Users\user\Documents\EFOYFBOLXA.xlsx	data	DA2EFA4530AC25E49A9628D4388FBCE3	108F2D7201B3C6F1B8389BDAA44BC23383A68F82	8656F1A3FD84CDB664901BE1CB2D084732442D0CA5EAB1700F8938FC81247DB7
C:\Users\user\Documents\GIGIYTFFYT.png	data	ED28EA4C938CDB427A095BD4344443BD	0718DF6FBD72B49A48033BB5E817EB443365C4BA	C2CD1779FA9C433C5C38F7E4FF534B9B78F4FC5D2036AA3D6A03E988398C2BAA
C:\Users\user\Documents\JDDHMPCDUJ.mp3	data	D28E8B833F36F2A95FECEC7B64A350FC	583358BD55EEF11F4EECA33D176F7912A457BB21	DA565414871B803B7500A1CFE02F37397D09D3870E5599A8C829B8FE91E12FA0
C:\Users\user\Documents\NVWZAPQSQL.png	data	D782E1EDBD8A6CC7CA1DB5BBB4272C79	8283690763D080A3F35FEA03ED5E8BFA3098BD50	B06C3F94845C4C0FF349EBBFCFE618EA74BE9DA7243B52914D3350D6D027B2DE
C:\Users\user\Documents\PALRGUCVEH.pdf	data	5B9889DED4BCB9EC88041FC6A8FC9673	BC9B9A0C48AEDF9818E9B03822C61F7BE84A0D07	46FBA2BA68C6B46A657FF6D8D6B558683DB65705ED191AB2606529EF027486DE
C:\Users\user\Documents\PIVFAGEAAV.docx	data	BB4C980B7BBD289BBBCEFF12A3F8CA04	D8A8FFF15554DDFB23B45BED52C19817F318AB69	E51E9FF014789C8722ADCC9BE5E2949A079A0632D6459B9B23871DD7FD545A71
C:\Users\user\Documents\SQSJKEBWDT.docx	data	40F2449344C5F48FFE13EBBCB005C043	837FEE73912548FE938A14C3998A017B98B9AD7A	FC210738F9FCC70955435E92ACEF4B549D7F753B5F2DFB2D09680A79AE3BF16C
C:\Users\user\Documents\SQSJKEBWDT.pdf	data	9796F51E8B5003BB2601C3768377C991	7111715BA052336725CEEC87759F43FBC024A5C0	934ED9109FD768FC21E02E83E42AE4A752E1497E155BECA6EC0D2F1094974A47
C:\Users\user\Documents\ZGGKNSUKOP.jpg	data	FAA0187504CFD9D9C703E97A83C432A8	5F07284FEFE8C929E7CC4BFB71CACEE51442E83B	BD7707867D4A73192A91ADEDD1F8497BDEAD441703FE3F6C59D0B33DEC75B177
C:\Users\user\Documents\ZGGKNSUKOP.mp3	data	CC4E535512A598077E77B8CA72348E15	23F3DE7FD435E85EC8522F6EB4240D3E8623AF11	EE1ECE850D6260718C83281D15DEF39D6642C9C2825DE4361A5359A3F8FCAAF9
C:\Users\user\Documents\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Downloads\BJZFPPWAPT.jpg	data	60839BE8B803E5C3DE2AD83A172EB676	BD7F8027411FB37C8550DD0457F2CBE3F5AA9896	B14569C495C344057F3909D0E304F6F42FED25033A40DFD67707E468F6239BE6
C:\Users\user\Downloads\BNAGMGSPLO.docx	data	88653FD50279B23BB8C700660103B8B3	B7D9A74BD2E4036B3F0B1131620F6047FF72F9B0	10D0D72DD2F313F1FED82CA20DFA1A4B25CF2EAEEAD15D4483301F660F8CBAFC
C:\Users\user\Downloads\BNAGMGSPLO.xlsx	data	C6414BE73EEFAA84739C17F80778A8FB	A3C4EC48BA2D73E5DA4F0A039927722C363C13EB	A9A626C98E7A9312AFE67865093774886F1CE934B6355477A9CC6BF2FFA79E3B
C:\Users\user\Downloads\DUUDTUBZFW.png	data	D466D592DE072A9E7432B8204317BF8B	82D516B39A75E3C2A99FB9FD8E117670370D49A0	58209B4B52D3AD5B12F07BD436FC6CC726801CD10ECAAF0CCD09D86C0E0EA739
C:\Users\user\Downloads\EEGWXUHVUG.jpg	data	308A397FED705530BB3DE20711A32728	7831865560C3DA65271142709CF7B11785745FFE	0071F0DFFB6F540432CEB16E9CAC2AFCFFCCD2F6D6E08599BAB598EFE7E27205
C:\Users\user\Downloads\EEGWXUHVUG.xlsx	data	87CA66A4F6E82C595322400EE813F717	CCEB9060E042A5247820025020C902F8C283F118	296E622475208A44E45A5F1E5CB38DAA6B21E4561C812B66701018AE96B94347
C:\Users\user\Downloads\EFOYFBOLXA.mp3	data	A49B50E6F909BAD9618EB2A7FB84F0B6	141BA623002B439F29E57747F6CE5651129EA01F	4E9EF0D8740F4F5457C26A840A6351C6C60F3857D4E4E40EDC56037483BEF5CB
C:\Users\user\Downloads\EFOYFBOLXA.pdf	data	8573DFF2443BBE2CD1AA6B90693E9FD7	8216169EAC6820F350364C1CD79528F00973F21E	37644243D11CC9A1BBB1526EE86AADBCDD8D21833A37BD658DF1605397C04468
C:\Users\user\Downloads\EFOYFBOLXA.xlsx	data	FF47D6358DD8104B9CEAC431C5B049AA	3C9163B89E5C36894548ADEE6685D6AB09FC2B42	CAFC5A0D8E9FC6CB264F0087C2B7C4EC45624AAAA50A8C01D12B7DA5C00629A1
C:\Users\user\Downloads\GIGIYTFFYT.png	data	8204A19DC7ECCA9CC16CD6E08572EA24	20337C98BB5AA5B94487DE2232E50C481BD2F98C	0841C124068203A11145C4CB7D00CD92CBE1F6D21EBA490401C1CA0EFBA1C5EB
C:\Users\user\Downloads\JDDHMPCDUJ.mp3	data	78A2B36F925BEA9BA390CE7FF0754979	5CA0574A086C5F37E0A25908F047DD608C6DB2BC	D470A331C6D76E6D2C4ED09892E05197AAE90AFB423A98D1F6C0BA724A3C241F
C:\Users\user\Downloads\NVWZAPQSQL.png	data	2575432C94DE8E270A06A6214C3DEAE7	41DE2D5B7FE0F3C7E718065425BE461CB2943BA3	D8FBAC7950E21E88A6DA15E0B2BB68910363E05C2633434CA072AE5EA0BD65A3
C:\Users\user\Downloads\PALRGUCVEH.pdf	data	FE1C622711A6B9FDBCF953626ED41532	221EE69862E733D4A9AF0E53DBD6385FDA66C830	113917506C353F7D539E1C5D077B3068150DAC918BD4849C1D214CC28C10C082
C:\Users\user\Downloads\PIVFAGEAAV.docx	data	77345711598B8A4F515E743BEDE6FD39	3129E785C2A3406D49F647F5B99CC0265B5BADCF	D3C96AC3CD5989731F79683F7E9814D7878A1BF3409CD42423489E89A10804E2
C:\Users\user\Downloads\SQSJKEBWDT.docx	data	9C1B7973A4B77C4CF46FFC25C9C7C4B3	514DD85D713F3761A5F8F66A6DAC7F55E229D3F6	1EEF1313DFA07353687F44977A638C01EAEAE97419DABCAD0C278F0D796AE46B
C:\Users\user\Downloads\SQSJKEBWDT.pdf	data	86C236A20E5F9F95C1E6424CB5ED4097	757A01A86B2540244627BF599A8DC0EC7FA79B1B	F6E5BD2E3202AB3C8D2361C9911DDA520052057E57A7E4B024F5B8ED871B5B21
C:\Users\user\Downloads\ZGGKNSUKOP.jpg	data	E46FFFD2584F077DF5DE98495C069B57	750B90EA93A5F766EA6BE6291A691FA596806B27	181D792FBD097B7442ADF3021D56BBF575ECF51AA41924DD171A3EA9BA0F45D5
C:\Users\user\Downloads\ZGGKNSUKOP.mp3	data	F33A459774DC00C3D5B031EC44005FA5	D17278539621660B5D9C9376A729757B23C476B2	26ECE0D5F783846EABC9157E7CD8505D182E854F0E2F2A2EA20590072E5BE5E4
C:\Users\user\Downloads\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Favorites\Amazon.url	data	CE2717E60650730E21B1F80F2C068737	3C7238AFCAABC975B60872ACBFD3C246295FA82B	253D2E5188B699BEEDE0A88C4E6B8AB14A07BCDCAABF66658A7CA33667A2A34F
C:\Users\user\Favorites\Bing.url	data	5E5B13C7C4730C39F6ED2F26B8765A9F	169FE4EED91F78F156E8FE801F6F7501E2DD923E	06756C4DB9AC1AE02F693494BEEE6E3BFFC45FAF89669827B8521BD84D3CCDB0
C:\Users\user\Favorites\Facebook.url	data	4E554EE5038DE91C1C1D59B72C39DD05	BD93EBA93AAC313F8D3EE2E5EE60341A48FDD745	377DEFBF9532529AD528A740DDD7C71525E2B553AD1ECD62A0B52B80FE1DE795
C:\Users\user\Favorites\Google.url	data	DF8C73518B04FB372F30E2439DA828BA	04E23FE1B927B4FEC0EDB31EE2D33BA03AC756AF	2BA2798F614179717A2BA22C97A454A6CF80712A8DBBC6A75A16CF3959BE8096
C:\Users\user\Favorites\Live.url	data	675CF1E073E15744567F58454E2E81D4	4D4256BAEB88223BD4DE60DC50968280165BE9C0	80B0440FFAEDC786261665EF2D5D19949D187463689BFE31AB04DF9118F864E7
C:\Users\user\Favorites\NYTimes.url	data	13C9546786828C7230AF69371D7CBFA2	DACC9590BF3018413CA19825628E9A3544FE7F4B	9020AB2D6705BD7201C3485C3CF3F9E1E1272F7A2BD46E83DDF7F7FD964CF82F
C:\Users\user\Favorites\Reddit.url	data	8E1645748DC60A6560A06541440BCA01	2C66FD1A46B1AEAB30BF8416F01232B2B324E5F9	404A8C1229064C78F0B82973B73040517266F1E0760E712FBEFDC3968439ECBE
C:\Users\user\Favorites\Twitter.url	data	A088F9C24272D9607F1B93D455742209	372BBEA11DA9CFF9EE013557D51359BC7B6829FF	279C41F745E3B882B600F1EDC295505601FD3CA26E997D670CC36C83816F5D48
C:\Users\user\Favorites\Wikipedia.url	data	9EE3F38FC2C5CFA5DB4DC831F21FF438	DEFC3B3D2E527CEF8C749DA99D5E6948332AB268	4EEBF622B594447A76BFE2ACA6C722576DECA06D20F6FFFF96C1936320A2532E
C:\Users\user\Favorites\Youtube.url	data	1571E5C6AC56E659A01B612B83EAF2BC	F87CD3175CD6C7A9881FFA5509DB4B2F703754AC	1046BF8F874E56C52F4C11C71A36C4855998CC1CE3D59CE90C1A75CF7D412091
C:\Users\user\Favorites\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Links\Desktop.lnk	data	EA1047DF6510072733C35BE48925C200	C4ECB510645E25BEEA8DDE5C4F6E7320A6ED0A08	16F8579E94CC54D806861FF1FDA08D811BDB12BA6263A259A343DAB47BCF90DE
C:\Users\user\Links\Downloads.lnk	zlib compressed data	4D51EF08A1B1FE3DF208194EBE9C2CA5	528076490AE54327820E2382AECDEF00C780E64E	35B58E3B00E325AA56AF8FC1C2EEB112642049FB42F148B6E3681E895B6945A5
C:\Users\user\Links\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Music\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\OneDrive\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Pictures\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Recent\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Saved Games\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Searches\Everywhere.search-ms	data	A09C5964F678D75B0229D25D799CE408	0A8A00517DFF2606869105BCCE82A9C438AAC739	8BF255C5C87AE5CC67089BD4EE7B10548FB65E342AEFF5731A1DB1E4C07FBE9B
C:\Users\user\Searches\Indexed Locations.search-ms	data	E922A2D6842B2CA0FACD16788B0EC470	5D0E814AD87310E857A3CAE0F6B185965F4BC78C	C64D3E89ABB4D1FF16B42581BC935767D8BFED49A3F678CB17CE09889B52062F
C:\Users\user\Searches\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms	data	B10AE5A2A34F81B1F7595D114FA22EEF	2CEAD9EACCA5AD9E054845FDBA151AB8CA1EF150	3395F42123476492FA8862FA6F9C20CE258A9A6765547FDBB202CF814FB7573C
C:\Users\user\Videos\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\user\_curlrc	data	70614DA7AB81BE2425E7CF297FCF1F3D	5EFA4404C171769FE3A26CAF0598AE15106400CF	FE5D08B75761A7E92D5265DB413667EBA69D926EFF479CD79C632703697E2DBB
C:\Users\user\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\Users\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E
C:\instructions_read_me.txt	ASCII text, with CRLF line terminators	A1858E97C794B6DD91C84C4117972A63	E0166104EA97FC4DD52349113AC1EB2047B237E5	BB3B4E779A5F43494E237B1979F0EDDC9BEB0A2A7C1E0B451A32C77795F1A58E

ID:	1543071
Product:	CloudBasic
Start time:	07:47:12
Start date:	27.10.2024
Sample:	AztyGMg4jw.dll
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f74cec233a9609461e7518dd4c90207b
SHA1:	92408a8233567f8b10f30f83dfcdd98effe96dca
SHA256:	05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431
Filetype:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60%

Windows Analysis Report
AztyGMg4jw.dll

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report AztyGMg4jw.dll

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
AztyGMg4jw.dll

Malware Threat Intel
Provided by