xorist | f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30-07-2023 07:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Size

5.1MB
MD5

b41e4136edba950ee7d0a2a338d18d20
SHA1

637b5649d08e92bf809a707b0f4ec2c40d074126
SHA256

f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9
SHA512

2145c236f5b47d20ebc9ad34c6e97ebd1857bbc33b3bc3de65c1556883f3c18ff129cfe5244fa15d2733f72243edee8e4c50da60496eb930e0d80605789c8700
SSDEEP

98304:m37k/NEnIyzZiW8DI/Pzw744D0QOIk+6JuI3l0Rdb0ms:wM+nIyz0Izw7P/OeI3Oq

Score

10^/10

xorist ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 5 IoCs

resource	yara_rule
behavioral2/memory/2876-134-0x0000000000400000-0x0000000000C5A000-memory.dmp	family_xorist
behavioral2/memory/2876-138-0x0000000000400000-0x0000000000C5A000-memory.dmp	family_xorist
behavioral2/memory/2876-1718-0x0000000000400000-0x0000000000C5A000-memory.dmp	family_xorist
behavioral2/memory/2876-2151-0x0000000000400000-0x0000000000C5A000-memory.dmp	family_xorist
behavioral2/memory/2876-4309-0x0000000000400000-0x0000000000C5A000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2167) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\@VpnToastIcon.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsCodecsRaw.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\@WirelessDisplayToast.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\@EnrollmentToastIcon.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2876	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\THMBNAIL.PNG	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_2x.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100_contrast-high.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\images\Square150x150Logo.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-24_altform-unplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\edit_pdf_poster2x.jpg	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\cstm_brand_preview.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeWideTile.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\ThankYou\GenericEnglish-2.jpg	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-30_altform-unplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\ValueProp_Shadow.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Custom_Sticker_Checkerboard.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\MedTile.scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-lightunplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-300.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7db.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeSmallTile.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\agavedefaulticon32x32.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\people_fre_motionAsset_p1.mp4	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-256_altform-unplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\turnOnNotificationInTray.gif	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-lightunplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-unplated_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Light.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailLargeTile.scale-150.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-300.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_super.gif	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare71x71Logo.scale-125_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-32_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\README.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\email_initiator.gif	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-125_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-black\Settings.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-150.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Exchange.Theme-Dark_Scale-250.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\unknownprotocol.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Answer.scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\403-3.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\413-1.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\IME\IMEJP\Assets\JpnImeModeToast.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\ImmersiveControlPanel\images\TileSmall.contrast-white_scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\images\disconnectIcon.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\badgeBreak.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\DropAccept.scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\HeadsetSystemToastIcon.contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars43.contrast-black_scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square310x310Logo.contrast-white_scale-125.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.targetsize-24_altform-unplated.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-15.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SplashScreen.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-white_scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\console.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square71x71Logo.contrast-black_scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\unknownprotocol.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..e.desktop.searchapp_31bf3856ad364e35_10.0.19041.1_none_43fe9f4e368e081f\4.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\dismiss.contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\GenericCover.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Ratings\RatingStars32.scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\6.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-light-footer-template.html	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\ProvisionedCertificatesWhite.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\RestartNowPower_80.contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\LanguageService\images\previousResult.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Generic.Theme-Light_Scale-300.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_23a707c9a0b5a8e1\Task Manager.lnk	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-explorer-shortcuts_31bf3856ad364e35_10.0.19041.1_none_6da8f779b049952c\05 - Device Manager.lnk	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_f12_context_chartselection_clear.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-white_scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Wide310x150Logo.scale-150.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..er.appxmain.ratings_31bf3856ad364e35_10.0.19041.1_none_ff46bbc9afee54c5\RatingStars31.contrast-white_scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square150x150logo.scale-400_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-bookend-cortanaspeak.gif	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo44x44.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-64_altform-unplated_contrast-white.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Search\Images\logo.scale-140.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-150_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-white_scale-150.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\SquareTile44x44.targetsize-24.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\Cursor\images\currentLocationArrow.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\restore.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\4.txt	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_alertinfo.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.scale-100_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\hstscerterror.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..erymanager.appxmain_31bf3856ad364e35_10.0.19041.1266_none_20804a45b5801645\SmallLogo.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobe-button-template.html	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPStoreLogo.scale-100_contrast-black.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\403-17.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square150x150Logo.contrast-black_scale-100.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\Assets\SquareLogo44x44.scale-400.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\401-2.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\invalidcert.htm	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TileSmall.contrast-white_scale-200.png	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.BADRABBIT	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\DefaultIcon	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.BADRABBIT\ = "ZALCJXNIKQSJGXB"	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\ = "CRYPTED!"	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6xqQNF6ae4TUq5Y.exe,0"	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\shell\open\command	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\shell	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\shell\open	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZALCJXNIKQSJGXB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6xqQNF6ae4TUq5Y.exe"	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2876	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
2876	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
2876	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
2876	f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe

C:\Users\Admin\AppData\Local\Temp\f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe
"C:\Users\Admin\AppData\Local\Temp\f61daa71ae495f7233d2329cdf5264060e77e436f15bb7906c16882bc539b6c9.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
9b71a44d52dcd770f1651e2cfc2b2312

SHA1
f4962917a8918c972406d673c5946332cd089a57

SHA256
a0bfd8f898f7f107355a98d3fad03c61cd8454e2271e25b4dea52c477043925d

SHA512
b899c3cc73746e206d1af3dfca55fc4ca67fb0e3c9f98d543c51450231bce3123cc7fdf7895accdaa6d4a39aafe85522286b8f09dd0aeaa9614f60d709d3cfb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
ffa10851633bdcab210787248bd51329

SHA1
342605426058437fd52d5d0bae70d3271d9eddb4

SHA256
882643579feeb2c592ea835161e540d343f57ce33dd751166ae0a1b8b50b36e2

SHA512
936cf4964db2fc757f93712dbe83731be30e021feb9559ec6f15e5545d7a3e138ccf501d982480679321cb2bddcd33e57ce8f91df1768859566dadd2c7cb1218

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
1477c8cc22f77a9b5e76029196f5f96c

SHA1
d7f3d5373b1cfe37b4e1479f4102aec15baf5fc7

SHA256
5786bdd7543663d0f5ca92bd46aacad558559cf850cc3d5e344456734b133ba2

SHA512
68f17e4ee5f0de7d2b736004f090bec430ed67f05d256ac0d39cd4455f05b9ba1d218baa867803a24bbf3da0d6b339648239cc8aa30be80cc22310616a69853c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
864668cde76cd64baaba4ce0bd07b7af

SHA1
10a802e2c631fc59d545ae8c451a6e252c0a2971

SHA256
c7ca7a5137fdebc81761f50f88c6aa0807e389742a331b454e14c12ffcac5184

SHA512
50e2f0234107b11f068f09e6e93aabbbb054bda594b6d3076931f3f8b42e16599ca25f7b4a05d576a4d9a37fdc206bd5bd44fc1c3b444ec6650cac882c144e39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ffee109f8d093ae3bf818a5fc97fda0a

SHA1
a4a9eea03722c7de8a2746e9581142ce767b965c

SHA256
ffcdd86493424d34cb037c5eef768f52ba8bdacf75b460d44538ff8d4a3a7952

SHA512
5bcdf3ad815779fe04bfc4dde353319906593d7da061f2ee382b81bfe2c3c4a99b27997f0b6361f9be43faeca5616323173a3b2d682d67935a9169b1da1294cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
bef00576b2e5ea373766300a51ca42d3

SHA1
e2b41b44a9664cded781834e3cad4d5abf57c9ab

SHA256
7cd8967dc11bb530fc53a95a1934d05b7976082483776d1f0abb292ab01dde06

SHA512
9f24205777577c19e077e106a98d9c19af126030e538030e96fd6575ede36aa3e8677f3bda0807bbcba7d1b2369b14a84a2469e992527fb15dc0c69aeb9d26f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
21d5dd529f47cb7f6242429c306cf1d5

SHA1
43718a89a3758e36ea66d733d460281d50316edf

SHA256
425bcbe274f22034ac24e948c41bcb267d916f4711802acb4d232bd593f72fd4

SHA512
11f3112afaf4d7eaad39d1537e2a94996283140405f066df6c7584b4e6bc48f38e5168b7d19e6a6513bc9f23ffe1900410820ca1adc817d8c4077c5d5b555884

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
22fcf3475b67c479d787c1aa7d92c5c3

SHA1
da53b491f0587cc6ad8bfc6b5d9468b04d432a3f

SHA256
b5e53a4a98044081494dad859f4d74f21378b6f00acf14622d19c1a995075345

SHA512
c8e294de75401b7e3b76e96ce672ae8352d89eaff35c0fb43d5e86c5218f99d223f9012a7b5712c415f0ecf445914cd62b572331025c65a3c7e5d5339508c634

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f7fc3a65a1f4388551bf0a1d78b34490

SHA1
ae75b1182f683848a4f7c5c230eb415f8522e0f4

SHA256
c59ea355253a6718b4449c8ff79e1bf467ca6e1db8e4a7fe7e634021ade0a206

SHA512
ac3447679961d3071f1997f71699482ec30e4a871509ccf7e1a679a9de4012e22263a8114af7a1cff3423e4eac24c8c137d59289e72423143c28acb398fd82f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
1f51a4e6a0b033c9a09c36d1345db08d

SHA1
93c33f05ad70531704c1d2bd6e59ddfb81e5eb6f

SHA256
efc6c7a5742a1927f1007e14c4260ef4546155a4f1f8e36180180b0102603cd2

SHA512
c675dd2aa711cf8b421bcb9ff6bf3203130b784970cb565b45cf124998dc9c69f7fa5bce2848c12c2fbb006ef75fe91a802bf25b90c75d00301297f8cb054a2e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
740fa91000d48260a0bfb4f124a1190b

SHA1
8b6674f6ccf8feb37620ed7ac4ec758b28017027

SHA256
edb4f181c2f17318f6601fa342ca2b4925e579f130dfc16055b6a6fb631a9611

SHA512
846c3d75410f91d0d69e73233864a1c802de77a1b4c0cb81bb3302b10f98bb57ed65d400bd91d4cdfc42d0f3efa787b0eee1099b65063350b45f4bf0592bc014

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
bc6ace332d22eb33da65badb8f427823

SHA1
3bbe3c5aca7c80a78074b4d74567dfa94a775585

SHA256
36ca660528d2c6f04097b7968bbfbd6d035dafb94970ebd8e124b69191265ef5

SHA512
e6283a5d01dbfd8960f7e885e3577c3ab205afe1d7b293a0536613c79be400279e193e1baa7fd467794ded64b3a63c343e0b877273506747e99ec033514d2be0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
1661bda43ac1bbff07be46d13bd588ce

SHA1
6bc5ac025cbc157e34af0fca51712fa1a207ea32

SHA256
556ff5410bfcab36993154a40c4ec0483d3adc886d0f04078284d38ec0d5b2d2

SHA512
869a71ce4d73781cf5d431fc6fed121a20cc4b0d2d2b640e3122fee0c2f73753905e5b265256415f3956e956a8968785cd89bda54aaebc9870ac1b498e899233

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
7ba543ea1d74b13b4e403e92e8ff2f9a

SHA1
374197b5b846619a3c4a87cd5863214d5fc8967b

SHA256
c6c44974dba54d2709874edb8fdbb5ff1b08598bb85a20488826c0b68d1a4b80

SHA512
34c8456aac0cfebcfddf455816ec08cba9e913943ffb5e10a0d5740cd894bfb78d59c43c0eba1a23043495bf7d8b5f4cdc368bff0970d881aa843a2038502f39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a962f8ed63daa71570056b2a839ba925

SHA1
faa378ddb7c905ec09a0da91bb682288dc8298ca

SHA256
6e421dbaafbb51c7fef4b14201dcce18850c7c843548610e27bba388da0eee2e

SHA512
ea39e8a1a1e9cc5f9798181e419836d666bd02a22b7e4318fb82f24fc3ec1bbb9d6f4fe7b710c2236271400afa1414355743f12b774d56a6f09242933318598e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
82367cb97205aeceb37eca8893ce3a26

SHA1
7191e25e7ced05c1faa3dc785c8a5f8dd6ba0a2d

SHA256
5067af81372f99e13bfdb3414f0a7964b3c37ac128fd69f15cc03b5dd9693325

SHA512
ee8d13d3b77fdd8c1e3c2a3d5de5ec980d8e2550085d1b712c2056fc993fcf1fdfa50d9797c699309935bde8c18fc1a965552df86c50b2120791b893e237f669

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1b25e3539ae8dd4f3fc80d53757f5978

SHA1
b2ac4158d9bdc866440c6be22d326c29a5b6dd67

SHA256
c20286abd77d795d4bb3b8e96f73e8923d3025edb9f293296294417b5a9ec443

SHA512
5cd09eb6a20f32fbed1174538881d9e380292ab3efdbfa044aa9d21d2cdb1f8434893da92f3c786432132069acd09cc7e9885bdfb0f84ef684816861d1836581

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
679c4957728a9336cdf4077d2d68f837

SHA1
c7df68a7db304264355453d77c2786e2fa2e3d01

SHA256
ee82031a3ac83dfe0d3ea5162ce9555ba019cac63357d64bef34aa8d5780b633

SHA512
363312e5d84d3ed0cef9ad478d8afaf47dc86c84a98b3e3c8ff9ef38c00c8c142550819060062c62dc609b22519631f61087cc145744a705db32ef82ea7eacf8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ec705b471ec0b57bae3a71293c370ab6

SHA1
d57e91b15864dc5abf9672914d17792859938487

SHA256
f049db986016b85613ce00c2eb5d02ffcb5f0926cf91150ec9f060025b44d7e6

SHA512
866f6b14585040eea21df0f640487f160c562fd15afbc254d6b794490f4b60f0c491c01c5810b937bd70fe2e01268a51714befffd5866ae3a0ff4f54bbe378a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
d7225486c435dda6bb244ce46edc9426

SHA1
f263edd8f556b438b2f9d85f3866ed12dbfe157a

SHA256
971372a2b5dc8bfa5238686cb1d2eb2dee46dba110d903a60ff7eb12fa83bf8a

SHA512
9d69922b39d3dddbcb18c7a686b161ae08e2eb4a59edd74e6be789b2999c4ac6c968427bcd3dcd8d4930f89bf88d864f36b8d4f1c0b35203ed6386829443db4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
9183a07fb06e8a05724a012e8daec097

SHA1
0c7467c5aed2dbfb155dfe46c524d77477df677c

SHA256
42ba384e135493af23d6096b4ea3f3464ed4f8fc87ff9784dd033109a27ccb14

SHA512
02f37ea851ea8f8525ff782723bd54e3e0d9228ca875fedd55e9eb909c29ef67bb6dd882762aa269ab672c9b3148849d266202687ed2a044007d1400ef4793d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
8e5fe4ac2538c7683aaf9fc4117e694f

SHA1
c3da7e7e91c0097760cacc8b31cbce4abaf17e13

SHA256
0ce6aa4f9c77e979fe29d596ea1b0ecfbe0d2e16cf15e3716346abb144cd25dc

SHA512
50306cd75ad196b82befe7d64dfc9d049e57f5fde11176d476c3164f264e2eb6517f86a0509ec4a2dffad9ecdb6959c131839067083606a8b8b83d29ce9316d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
7d16e68790b04edbea2510a1f2ef887e

SHA1
20f38f0396446b94a6091b84160935e82ae019ff

SHA256
bf29f30c8b44446c62fdd5e7d321a0fe965f9f0c16464b6ab1cd4293485816be

SHA512
68c1ffce2ebde7d2ff3c53614451f2ccd572ed3892eaa26ea9fd40a94939f78fb0271d96dfbe312a3d36b3cdd241aaa08e9cd231d2369f69ea653291d4b886da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
9d9f285cd780509f14043ade166904a1

SHA1
0da69f3d1b9f48b06416954b508fb225037ce5d9

SHA256
5d6936bb85b2e21413387a13e7c100fbc2c47aa8df3565ff6f6b1c5a397ad404

SHA512
0a99911fa8146b10bd317de3c739179d77a2244149f6e8481190467829f1503e8453309ecf03d23f689a44fd06dc90f26479351804a3628f873dc1598f4d9383

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
4b1976c96ff07299380194bc3ed95f4d

SHA1
55bac3f0a1a67f02b079fbb6bf5f80c417774668

SHA256
1d91dab9d9664bbcd283ff93ff3a50167978673c175dbefc7641c687b86f5f9d

SHA512
db6a633cc84ade456d79507efad4b06b7b64a10fba9854d5312e3a6704bf250fe85bb9e0f1186752cf64618d4c01f5088eaa9aab0c18bce093d74f96d7ef311e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
94a2c59523bcd398ec48cad545d412c5

SHA1
3d71f62485cbe70c4ce19caa4c577536a1e26edd

SHA256
f7e69ab85feeb854d1a61064c2dd2a2f03d3242bb69badd26bcc7149612a387f

SHA512
d6c36e660f2f36e086410e8dd62b24c8f0aca691e7b85eb333fb780400a8d8845a2e43b0ec408d83230c879e8056f1e04edbca358457bfd8c6485c4c2a74cdef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
a73096aea56e7ae77a50c32db5e599e3

SHA1
6be0ccefbd768a2f1fc87723778dda1a85448e7b

SHA256
a326411090844d95cd7464559cb538ab9a744ba85b70700ec7127137ebdaef74

SHA512
48b96e4f49f6c3f37e701b05ca429f6e5c76aaf854e0e8e3c335165ee514d354a21b067fdffecbdf4b70e24852ba23140b43d7abc79b37d1d6cefe519d121186

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
ef0f36df307a4f36afb9adb237330aa5

SHA1
7efbe00c913eab95ee558b82b52d907743441a30

SHA256
ee16a4d9044b4f709dd211eef991778175b72e992197a3cc24694bcd4628dab3

SHA512
07b5c695371b98a84263ff3908d3088441ad9a7dd5b91e5e889d6421ed5c18765f8239275e1fe1b73b3de9420f62511bac0cc389b2fa6a823ba13573a4c2e851

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
37a5c7ea77b79f6ef9e14132b15532be

SHA1
8ed610efd4c8dc381ac2b63bfcafb39fd1a41e35

SHA256
a0d37da1d121ecb636bb7a8430c0739865cd356eafe56205fec03c2cdc42e7d0

SHA512
ab536067a00fbe4bb53868076cffc9ffcf69e13309c2e6c447fff99e43972ff177415d8609a89ac02aa724247152da94ef5f1323c04b63449fae0464140199b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
145d63a82a6738993f5c7fbf74cb1c78

SHA1
2b25df5e9914309ca4889b569826919e341b29ff

SHA256
0181d00ddaab3864836a0d4aacdc219a8ac44b8291d79e9a9f43ae8733abbbb2

SHA512
329fecf6aa3bb2c16e1c47deb217427c2790bfee4eb47dfddbb4589d14e8c21cc2732e69ad4b521cc69e57eea5e799c2c8d8435082b7aace342000afd3275514

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1f0fd208400058a2db26f861e690413d

SHA1
b3132736442d6d319ca4725fee7b16d8da6ba7df

SHA256
3c9f8e965db0588507bde9c05ff559252c32a97f82e2873e5e50485a6d8690cb

SHA512
fa9a2238f1a0ea013a40f5008d9491290df560a57fdd7394dabaac38cf62b952e28f95c6543ce9fcd2c9962c724b0f33b75ff1359090a0b9dd73b4c53583260f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
0537b5438252787731389af4bac4af97

SHA1
e71dff7e5f24135e44d599559aa97ea964d5e2ba

SHA256
6f58669ca5fdf6a89658ce85969af50e16358f1bcee957cb17c338b861fe2266

SHA512
fd4d0ee226590c14a8e729031210f2499a5e77f46c11d61fe145534c61e1460509e54c28769a3d3f8e27d2343f528b91dd59498f73a01c90ca3bcf87896921a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
3e71085936ca714ef77f3e147459d000

SHA1
f09b601b4ea6d922a3e71b602b9de5f0df07e919

SHA256
443c78dac2baa06446a986960727885649940ae8a71b1144a1aedbdb232df641

SHA512
dc0037ea824432dca74eff0dc529d82441129ed35e40018cf0b2913fc608840a4a1aa4e63e00b17e6a4c99e4c456f7adea0799e113d53d4107fd8ce442ecf591

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
daaf178508b946ab4c2aae9bf5e5f563

SHA1
9bdc765a1ca0344876bf4f68dcb0f83f275b44f1

SHA256
50f7cd00d80c2ae7b2f6a2b8e14f658f68ba91e713ff966c16ef953505232d5c

SHA512
e65b2e99b3dd626ac4fe63c6dc645e42f0f683ca217519abbd4e8c728d87d3d576f16b25bf2954daf61ece9c56686f643bd85981cc1940a5734b6aadb288145b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
a789d5f04b2c600dcae3fa977148030b

SHA1
f11cd175e44b89dfa457da8abe2e80587f93fe87

SHA256
a7bcfdaef29df43f498a244228d85ba17de87bb2773291cbec0b01ce80e8cda0

SHA512
330fe028960b40152e5bcfbea9a71729646a0fcd00ebf7864c94eb58fb749064eb6a9eb39148fa819cae673659ae78d44f2c9b9d0efc46a0f0291096a6c3aaef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
6c37e7d87d6a6aa99e2fce3a76e3cf0f

SHA1
2c9e5e9091afd4a440eb58cd4112614048a43fb6

SHA256
a41db6e2e57c8f7ca87c7ac8c8b3164b2f50adcfa99d2f6170f480478a2aad21

SHA512
82f87583099a5670b911300b12efcc10ed0466a21a7194d92512ee0d99cd495ca328d1769180c6b506186fd1da53fa23a6e2a048813c448375d2a92de428d988

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
10488ea0432d2a83f2baaa193735f097

SHA1
9f1ceffebcff379936c4f13ad43d8d5bf7a045a5

SHA256
a7ac16fd632b8d638bcb8ef4176603a377257faa6730b7076f5572c43412ac30

SHA512
ca3b6fb572633ef09fbdef5c0ba9ae4cd3f6b3641bb7949a7635ad756f0c70ccd99864b64e32bd50085e9aed7d60ec77d7b0b755e09cd22e7eddb8a3a53c7d6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
5300d9bc14303096562dbb575a3a4b68

SHA1
5c8b3f651ea960d2343413e8d0cd07d950845d44

SHA256
0da34218792cff5af76814337271f35ddd7813ba3ccc39a7fa1561b881444009

SHA512
325d136c64dcaef0dd193f7705b652e448cc0c26a2a9d600cd8759ca78fce9c7d05e66d99a25768c4c66c855da699de1a68e4de24ef9a763808df97dc35c52cf

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
bffe2f729941e3dca01d77a27779ee56

SHA1
e0c3921003dbcc0e9beea9d7fabcf3c9c43de440

SHA256
0390d1a87c8a321006ed9cf11338662aca5d21a50f746b77846011f4c04c8b6e

SHA512
6b1e59f2fab48b9c4bf5829dfd32bbd69b16dbe69bc0ce037aca1582d9dc537a7e53a9cca445fe693ef7a6d34f08377ab1e3632c1b9b47b606ca0629b68c240b

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
909f75af44671a6368b8c478223112f0

SHA1
feff39c33e9f8b941df1f213178c57e51e567021

SHA256
6a1f124f34b68baf24865ffb02b5cacb07ba5acf2df0e15edd42dd5de06a04eb

SHA512
5fefc54d7330ebcdd65e05202e98a6a715e975501bcc908dc5b89ef531d607043eb36aa6d630db2b7f140d8984d7aeebbb724129d659ce2e07cd5392c8df0942

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
52648124a5c1df3df250058f5e013fe6

SHA1
692a99bdbf0bb9573568b4e5677182a2a3265b26

SHA256
bd9ab76d8414e8782d57463ad7485e8943824e4ff568919eeec8be0b4183fcff

SHA512
7423432fc4b0c9f6dd3cb19c2fde09bda234d57f5460beed7f3a21b1cece66202ca27209a5b3911b1b03cb9fff2c7d28d26a63acf770c8695f94269e9350c8b9

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
a8238dbd35e817a421d6e6db52b21163

SHA1
65351fc01902237a182deed6b98e0f55860aac42

SHA256
b5fdcf0cca4891fa6f1aee3466fd170becf2fd736f8ea6b5263396af8e814d0d

SHA512
23dfd7c9f3f9c81bc7df9ba04e1b3198548fdf1a15539bd499264caa6f3e4b93d4555c45aa05ad00bbac05a13b10dfad723270c09c2b5777b252a5143ca3308a

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
00cf1c37ee0778e14ee511268ccb35b5

SHA1
5d1da9863c7c3030cd8d19adac4b6efe8b0e5cc7

SHA256
3ffdee2460fe9f94d52b29926885c380420eb088e3aadf71e3abb223395cf6cf

SHA512
160207028ad96cb8ea7b96a9ff7c7d97a58782843063864e949010afa3ced0b3b3311262fa4f15166569a40c1ee50db1eb61d5749950a655ff8760c398ef45c5

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
107KB

MD5
0a45ebcb5ac45fb28ea608df92519363

SHA1
b3cb3771bbd912f7cb04dcbc92559230defea4c1

SHA256
78d253bd0791c8800c27376186bf1bdc5a89ed796fe1b60768a5a9f0a598d2fe

SHA512
e2c2997894878136b2c2db7a00b18229949f5d77cb4d51022dc2bb69b7eaa13917a86bc29241ec3a31b326897a2f5fc94ddd8a72ec194259642e821e4932b752

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
383aa35724e05c00efccab0a4150a7ac

SHA1
5ae2c0bc1f0e18f32cd13607c3d5164deb150db3

SHA256
72c738de471417186e8f0e2a45fec644a3c4f8bfa8f3b4c099d18f6d698dad07

SHA512
553be257a5902174c8a2d3d6f07b4d1ded4212e5b8bdb06df9194c373694cb0a4858debcc707955e3c2195d708721c5e796aec9fd944fb75bb8303dd8ee3788c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{c1225686-b899-45ce-844a-9c152bc688f0}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
e6d5ea0973d5cc3af2c604e61e3f2a28

SHA1
8c7a71a7ae1a1fb4e85f4185a91da85d357525d6

SHA256
edf81ff17e3fd4396ff0519f57aab867ac55bdd672097e60b20bd43c0140f331

SHA512
3da7a3e3ee1f3768bcfbc33184dcf05dc70d7f434e10babe3e0c3f3c5de14b9ead57f2414a4e47799cb73e1898d661a181cf5ea1df97300dba4ce954fcaa63df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133328606757321321.txt

Filesize
77KB

MD5
89521c7a980bfce99cd7af5228965c4a

SHA1
41c335d2d10d0fc3caf69d5a7a7424a882cf231c

SHA256
e4f5c7fbde95217f0944f837323e4f8a284d0abb6f37a72820cfd6ba75eaaf4b

SHA512
311ab505312e8a8b7dd4653418d3fe9021b745f14b5b5b1986af0b9bba3f1e9e76320e511f56c2085a0c9d5a598b544b2149b8108461d21ba351624a23e38b57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133328607171851315.txt

Filesize
47KB

MD5
45b92861ed77f6ac0fffc3b98cca3b45

SHA1
4b99945af92afde729158788b1d8c136b78b83de

SHA256
802b0718efcef2ca440c2a3f89207deb0993ce94f3293a82c30d44214f6d6911

SHA512
0aa2680dbc3bbdda9a9bf6b7a1986521d03464da4cd5f540a17953db35c76c113e5f0135a98a0127e4d4fdcae573540e58dbd5dc61f712ff86ca04939cb042d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133328614952414026.txt

Filesize
64KB

MD5
df276c4eea3489379c0bf279d27cb21f

SHA1
a38395a2aafdea2ac16a18ad28993bdb4c8fbd93

SHA256
78aa11616358200131a19b1cd48fbaf583e7a01163b45c832a0d90889362f35e

SHA512
33785ef3a2bc7ed66a7c8e9ef382f60366144d7fd4f54e711112d4597594187288760c6aa83d9d29a74e382a9450e96baf630acb80461cf0c87f589ebce1c6f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133328618871805432.txt

Filesize
75KB

MD5
038cf00f58499e83786e0cfe3f235766

SHA1
83bb854caeb65c307424630529bfca56634b5abf

SHA256
6028805fadfce1708cc2c981c97a297f5495a390e4fe69b08de4eead300725c5

SHA512
7a769a3a7ef98089e46ba8ea40c83cd8fc7af4b5d51aa996636d8fa797bb0f78e1d201bcbe1088d4da4294c39c69ec693a1214fbc46ae9afacbc4dd0f1c8d4d7

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
09f371cdb0d34b74d7c1b4977163f0af

SHA1
072529d7766187da2dea35bb5d1fcdf3d9770614

SHA256
6a2e6a22726427947718948f80c055dfd2cfd0cedda5905b299e1c492f2668da

SHA512
d29f44c167d65d3184fae0966aaffb89c82334d2a3a6e72f261eb2c335aaacfcb4090dae6c8d4e49fdc1ecd7cb53e3e35bab35adc2ea608e7a5e44268a81ccdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
8b40b30e5a0598ae0a7a1e05da638f8a

SHA1
3faa38b15472e0ecab52d641f83ec9f17c53f0f5

SHA256
f19e6872de8a63821d294d57dc2a6440d9e6374d65f89603b9beb5a228a578a8

SHA512
b39546c8e19b612fc336be2197f5c461149493caead1bc7a4865cec51571cfa81315b7c9f33f72f6136b15cbf50681dde0d57c82470eba85cea743fc524371a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
8dd37ee19b13bfb268e480d97f984f4b

SHA1
73af16c464b4ec59b179662a2ee98b0643e2e615

SHA256
29b9d8d036f1e867d2fcc859286828b4d756fa8266c4b1fa5b5015ea1ce10268

SHA512
f0e69d1c3e89019f6e00f1206c5990b949acb4688828f02462ece1b3dae2c7a8f149495fec4fe0685ee7bb7d63899e319ca3d9bd47fd932d4abd2bed20947e3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
64037334c949111cb50053dba7709d26

SHA1
5658be9d00de2a031b6e2591bbe72b931bcc5dfc

SHA256
db7615a163bd223625abb6e933a167face98a317f972dc705e1b9d9bdc6f5f7e

SHA512
d691309c4fddb3f02407e6f1bb2bba8195700158ceff9a6a7323be45235078d15984d0b8039fe38af35da72df814117406c333f643fbbbce2f776de85e602fca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d4d4b4c75e92b79f0b53e8a6ee49d7bc

SHA1
12b4dea17d2ec2b9f975b1e999be3cc81e5b5fc1

SHA256
afedc522e0f0394ad18f96d595a37fe5c03a7e50f588575c96da9212285001b9

SHA512
328a814b216f87ce10f09618b6f71f064a8bfa5e0d36b0224248ccfb7fcb3386e64b7c593f94b43dced23748d1e4077173b929dae2e56395798a5a436fe7fd3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
3486572f277c8ef2270e7f1e6c59fdb4

SHA1
b61de0f75d4892e770424736883466bf19c2f34b

SHA256
3a9c7390165b91cbf0bd982ffbb7063b38252e29eb64bb57a0c60cf80411ffe4

SHA512
b48e564de5ba26a7db97b008626911f581b945b1a9894851dee005d888448523ed3cd1f5623487cba35d14c94a74622e8bd12028638a2f059d26d65f4cac4a51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cfe1e150ff62833a5c948288c294d230

SHA1
b8252032e2a8df5b779b4466faadfc9f25eb8a65

SHA256
8f0cb6f218bbd27ad190e49105ae0e47e08038462d6fbf92740c29b830c49574

SHA512
8666d1bf2a24818d3fedfae79834f0b5bbd750bd1ad27ee2a242b7d25e53f847f0237c240e8e08d7c1e78119e42fbba40df23185b62b0bfc67a588047784d872

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
d389abcbe3c95cb4902d27b388326980

SHA1
2220333c0684792f4ec54659206ccd5952b6f025

SHA256
342fa9bdfc0d95fddbd7cc1ba29a626f5bc2a6fc0540ee61553bed75c4e3ef0d

SHA512
9e7c51bb1e8a1fb7039739065bd0bd45c3f797e09e78a9892503b4d6d246db91c4c5506bcb2a1cdf9c80f62194b0184a178766cfaddf9716164e8636f205fa66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
13506a5207bb142a78a4568cd4eac700

SHA1
5d16b879c9b97295f1a5945fe9c18af1c91d8a2e

SHA256
0fb742b8c12f3e2831c1c4651bc4f861b9f7a5eb0a54a11ff56963898da12af0

SHA512
d202d43ef39d008c91a3ce7d2b55d298eff1cb7612b9fae77cab290eb617659c2d0e3cd618d92abb959f042bb37f733b51dbb25c504e20c7057f31dcae5cab07

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f2b06fcc30d18a9560e3d23741d682e8

SHA1
f7af0965fce32822e9acd8f53087edc8ae4dbca3

SHA256
822c3b54d1eafff36f9c435aad5f55afe7b172b018b5db81e5da0d98530f0644

SHA512
fc2ea5942dcfb8cfd2353db5a22e41b60764b21c8b66d1a0709200f245a2c05bc3b5cc4a67d4a6e417674fe371dea1a5747efc87cae690b3377b7ac74618330f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e66533417a6e6d50d2a487ac891482de

SHA1
937f7a1103cc554d08ed954724ffd8b6cdf05865

SHA256
5f2f56241de8b02267a1f7a73c8ed15e4695daebe2841681c45b920a7c5e2851

SHA512
4f9351bc7822024d9644de22e74dae03b796c6dadc66ae7717d65ac0be78c6ca327c7501236b111e2481ce7b6764635d8bb06ee00d922a8a3d7f738195b920cb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
0756140bd47685225a399bd42055f220

SHA1
b3cb5f9978968225562b301c56d976457790cc46

SHA256
c66ea1da450fd764ff60ef9348c6f2029e8f5f1ac7e5246c59d6980ce0edfb3c

SHA512
e76cdb48dd688e5671984bd432a7525f51482878dce74bafd2e389ce71fe04c584cf9cb0b12132d6dc1bcf369f9c0250463261a703e7975b9fb28bf68b34cad7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
22f8e27a9728f4ff495cff610d4699d8

SHA1
0c00302f1e63b302dbdd8b353573efad5e92534e

SHA256
8de57f9f2098c498373c2c4779a9169ef68b48592dcdf97fac860aabc7b81911

SHA512
b38f13f2d580e790970486381ea7d16cedb25db5cac25607e4174d3cd81fc7f37e0ba40791c0a231dd92c1276b3ba2c85094a04b6599fae5775c2467e090f99b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
5833481a32d4a1622124764f3aab90da

SHA1
46b24c02371572b026608f1a2b76bd9ea734d6ba

SHA256
d031c27cc6d2316fb86851a622675708bc44b30c5b9df62ab8d3562bbb973ed2

SHA512
17fd784bd71ce0d5c978d788db3426f2d83f5d11b2ba40ab7f9768618ad42b6a5e0e7880ad0be4dbca7dad796e9957b3db99d386ebd8ad869d206282585337e1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
12834aab3c93c3ef0b8334b34ce72aad

SHA1
fada25af012f54ce14e48d17266173f9d2ca42c8

SHA256
a1004eed6f47a8ce8bf6601245bc729498294d84bb9d9210398553f9c91a7dff

SHA512
ba32f7d9ea8ef130930c0b2cc47a8f10dc781751aa01e8b8c6eed93857d3581dd858cd9cd30580e77944ab62a8c8c45d1e856c615a316daf4a568f07ee9e04d2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
c48be78086052d64578e4e8af831904b

SHA1
6ff7b026431dd9389e8a69325253b936377efb08

SHA256
b6d72df4517e75c735375813b2667f03c08cddfef646d9816abf7256f21087ea

SHA512
3dc475f3a45c3d0ef39a7b97474f499b43a2072b496adc8bd1b1ec0721a51d4ce50d950203b49b076232b3767ad2dd2aafa96c2785c8b7c36c4b5f0c776e25be

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
75ab68457fabefa37318e41cf0c5d4c4

SHA1
33f78f711da477edf5afe4801b62e819caf91df2

SHA256
c42ab3c7d8d7e777d737889beb02053028e94a0860857e8662334cac27e216e2

SHA512
d07905a79f49d541ce09240147e955cd86b755ed280d7ad062127db96d4c74ef20c327875b0635165747f4d7655bc0045079ffe251624880e679b13f44e20117

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
6e0ed70105f1e31499d6a11e3de01de1

SHA1
0470bc4b3372bd18c84392565be9f8ed2f78fde6

SHA256
af74b219ca2fe083d0a2920b9693f7646f12908482e58e4c387e87225867d907

SHA512
35457f5e7fad8eae3d322a9a5d87ffd9d28b2d1a91c19d2118e4bccc179123127b562fd591558e194b47f90922fb0de752948a284e9eeb3d5af3914469f7f830

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
0e7a29660e7eb390e06be723de535f33

SHA1
ac726b1a0007eaffd36c77911a4d302c0862f58c

SHA256
88ce916dcf621369cec369ec46784dcfc77eda4538a0a12d9bbc62e177276454

SHA512
03400647a1a8afed6d1a931d8732126d193d6f6530878ef7202cef9a1a9ac1f6813d7464da569e89dac89fc4d55cb5c155d9ae221b7c2ccab76a3d1c6197f378

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk.BADRABBIT

Filesize
1015B

MD5
67f057301a98e33902c9c56677ccc8f9

SHA1
a02eee384c32c74e25787d1e89836c618662ef0b

SHA256
cf22e0aeb852be67ce5e95ec39066154027690c0d21a3335b0bc1e95b838d567

SHA512
8fb6e1e445f78809ab54db4b6548b7d66b405ea17da3be715ffcf7d72cf76c9c98dbb5a8b79bd469320946f0339a136d7f4c8b80fdd226aedbcf4772a8e3e4bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
06042db34c17107ada9f16619682111c

SHA1
57e6474b6fefa4edfa1b5d7f512a9b4b4079d519

SHA256
43648fb74e0e100f787f53b131c7f8a65ebdcbc1db42c81a1d996616ccf3630a

SHA512
a80da13298738b59b0397cdb11e540aff80fa5baeb54824b70f81b24bea8895724637433a633df8f90a39d6cb1a878c8de1eda199cdb4e0b4d2fd0c2ea54edc3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
a80720355e5f294de2229dd0c54aea11

SHA1
293bd8d1f9e49db5cdc79f05e855c94973ce94c9

SHA256
c3cdd6d5e70eba26f6a6d2ff5a231df7b593a7ce2d7fd59bdde937f6117b1168

SHA512
24e365d5f9983933860e27c95a403bc8ffdebbb8c4130ba83ab340c3c4d4f2790769f9c8a1aa9f2f372a64022d1c4540a0a8858f6d41c78112f168795186ed1f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
6a7898fef4e7caf699e7065f5e8973ba

SHA1
c8fdb462b73399794beaa84602d67bea2484634b

SHA256
813aa89ee5132ed94ccadcd862193b4aea49d620a9312d077f2b165690888b6a

SHA512
ed41332372683061e3b8dfeb920f6d1ecff5340f5bd26626a6b027bb08c8a3fa019b41591573fdd9736ae44d2193417353ded2ce62b0b72eba26e08c01cf1b0c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
a69a1d6c3e75b1fe41886fe8c07ee33d

SHA1
9e5e57c110e355c95d1d36572c354a30c041d848

SHA256
56d9bebdf8bec372c5edaa338ac4a1effb9af4e68d69109a9cb462791f874b59

SHA512
5f1331745bf8976fb408d4f503b43c10f072e3a29c7099593133527554655b4a858774ba698a7e81e5170d9a37552ecdd07f34b7f92f7dff1c5799ece9491ab6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
7c62522524777b4b14a42a2e7668fa90

SHA1
1ed0b9590d667c2b747c4a0b3408b4c13ca4ca26

SHA256
a734c8422961b5b481d641f650e81f84336b7e8ba5a6a65312337367de25d889

SHA512
0bb96f66d3f10215a59316da28dcfa5ed1981aaa3bb4de172190bd6e55d851512470bd42d71be89ccf9c40da257c59822618f81186f31b65bd609e57c98765ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
f2dd85998cd927cc1258a760fe7dcc04

SHA1
85a580d77ab016b8b9ee2e4426e6a2850d5ef94b

SHA256
f8e539de665b5a750f72b17c51a2fe2bdaf320a207bf164bb6f5a5e50b6ae986

SHA512
e6f9feef288fe365ab5e9c5c2805568f3b0c801d25337a72e4436c5cb60f668fd9fb5c7f8f9be703e0fb5cf37b6aedd305b36b5baecebddfb1a346346c0b83ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
eb2092047388b66cc89a66d8cc97c12a

SHA1
2f1db0ee27828b34f2fb31ca6032ad07cf08ee22

SHA256
3c7e5cbcfab5eea0b9f7383664fb394f16316c9a16e6cb0fb4ddc84df1a60cfb

SHA512
5118b5c91b7f6940f18cb5d5627f3767c500bd8f01a851a70726bb342ed7aa6ccbe2bedf403629c618d64a7a59e19d2dc87e7506a25f7ee3d31824f9ed74506e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
2b2bc959f43ede81f87905f02be2f11a

SHA1
1410003858b98be0782e82ea96cee891b1975c05

SHA256
495e4452fb9b8a1885921195f91d22560ab05fab174dcbf16e2d065892ca3ccc

SHA512
7f21906f0d79dd34aebab956a0eeaac4733c0d6f68b0f4ed1ccb214fdfff0631d8898919b22c44a5689a14f03af329a6ed6d994b8c7bb7ebaa5508e606803b42

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
399a87709adc0ae426acd96269fd3e45

SHA1
d7bc04d2fd5ad51d67037d2db0f821e89e357655

SHA256
c4621f322fc0702c2af53ca3c7ca23643cf9644a5bd681e1a6ad7a2efb24f1a4

SHA512
6d542a07094cec5e1756701a3348d5e2c6f4f38e074409b91f9e57951caa449464b290986609b5347f43984b254fb6c562ae142bc2d50a200d9a2f6a1d0acc7c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
ac51d95379c047dcd9b0214302a5b298

SHA1
37f71623430986b5336f04738fd2ed1c873d50c9

SHA256
de6a4931b3f435955d852419942a0ccdc2117966a308d34463fc3b7a7b940c83

SHA512
fb80abe75667c95d280b026ed1a1222123c13f7c191f23a290822c927c4774cfd4a2381c65b7bed8c6abf891a815f34cb21fb569540abca6b8ffbba56475eaf7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
0e46329878cd3630241d41a4cb456edf

SHA1
9b01b0dc3401b55794078d63a1ee25d639df562b

SHA256
8b3d8004cd539488809399c1235bcd3a3684f4abf96f17f95722e28852f92cd0

SHA512
1475fd69705481c0106b25404923def7123b9c8a8b60164d87d15d7968624f390e3e3b09400a1de6dbea60cb6b0e052de102da4da38da51fcaab1f1856279439

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
fbb06398a11a811f5dffb12a0e3fff12

SHA1
017504712243dd095e903227afd1a3a22509c203

SHA256
2d9834fd1e14384565386ecfef6b46fba9e1dbcb7a8ed4a82959fe5c178361eb

SHA512
35f90c6369517b4d69fca294c19a5f0ea2d993bba8c5409fbfd5d7b63074bec27612378043233740bf6f4de60e1338540a792217a0e0280003c638dad51a4e29

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
4374e9c197461511a9470c1290706212

SHA1
f5ae421d203f325533b8d245579c2e5b64192c3c

SHA256
a5a12786ab69c8607951b0140b95bbade771cde43199999fc476b40093cf8329

SHA512
04f1a9ac8a76ccd0326e687ca2ffc16f3251088022bc0ff7e2c0b68e20d5e22195ba72295a28310da6060277d0a7b03b069eceba7f7788cfa7d0e22e77a2affd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
710a58f492044b6758359bf2a2907808

SHA1
a8a5512941a36f3d653c99fcd7ce3f58e16c4277

SHA256
1d310cfc50559066078c5f733f302b3ebcbb0c7efc004912537bb0f3d357ceea

SHA512
0af96fc7f239081e87abbed8a49864833135ee542a0ef48093d88fb399b1f9e56555772681a451f1c11b7fa44f5c760e376b75eda10a549bc52a3f7c50d4ab8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
6af1aa48cc05df6da45e51b27047d8fe

SHA1
c10cde35e3fd603f32125203b32fc46c8ce8059b

SHA256
817a75227ca6477a9406a18db0634220de20e1a4f595984c4991fd53c9070e35

SHA512
70e14a47abbee69db3a60cb5ac44394f008c1d8110a79e511c767e3216f2f52e81bf57d1c2f2136a5fcaa0c958caae5ce52921f7df1330e761b86b0b0897cb3c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
e83b40299d14a8e08a779b51d955bf5d

SHA1
e2abc29cb671875551b6bca259ca10952abe7f4b

SHA256
a3bb6210f1fefe5464f3a392520d08c3436b91166d84a3762cdbce89ed1f394e

SHA512
f5cb4b83a175f717a7ba6532eb306c2d314da0463bcf48e8adc4257508abd17f894b4c05efb62b52c71c7e445a24f1435a99b9b17225888a2a5e72ab8cd27afc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
cf313978443071cc7546cf4d780b0c3b

SHA1
3e386092b1469bb5271d5079af3ae7588e9105cf

SHA256
76251826f54794eef1d06f50e2d30d8959b9010239bb79c24fd34ded2e7c8e2e

SHA512
e6d7427f39eec3e7087b7a6965c54b145bea56daac2e14e082fc7a4b68769ab0a4062cafde47c2e2b7202fbf357ac32eeac0db68a9d8db288831255e85d7201e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
7e39f6532e911a649ed53a6a27893829

SHA1
ce0bc9181d66ed85c17c2be9219f920679fd4862

SHA256
08654437685419132f8a20846c917a11e0cb15a65bfe9d4a7074c7fdbe5ffa61

SHA512
082b8a227fb54a4c2d9ebac2a41285029d8b89413f33cb9dd2c1c7b919742bd316fff768f5ae32ea4c279ab7b83f4657717261de225d7d987e923c0f7b9d672a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
2ea50f7fc0c1f8534352405d0fbfcbcb

SHA1
f1adce4193f90cc5bc40b0e3a1932de8b6d62eb7

SHA256
a4fc5eabd651da4687938a18769f0337dec0661c3728401952039ef07f750e4a

SHA512
5a87a5f87b1b575488e4420b238d14f783929a48096105571073381f6db385cf0b02465cf08561d3c98df3cb1f620d9a8b5bd30cd6f8483adf150e84e4861970

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
fd0ebc5d0e7af2ebbf087102e25659b7

SHA1
47dc958bb504774ab6dba825a412c662df4c2e8d

SHA256
7728d2356d98435c0ba5231e6f67134e3d8bb1d73b9db2398d963615d10e2250

SHA512
c0ba99e768ea1ef64be781e6038534d3b1b6031ae35cfd9e7292f11a8de1f0691b56d330224d9bd183843656e2c7f6d6a7dbc26cf1e04e811839057066a19bc5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
28823aa3427878df54eb492dacd8884b

SHA1
3bf1ff82ce9838c75f1b9a7f1aa44c0a06a12ea9

SHA256
9ec4ac464730e0cd7e7db3057c4e91d3cc5702b51e2744519873c14040ffd9e9

SHA512
71dcb1d340383d745f3535b5e103b5451c706d511a6c0f2e78245c0e1f387560c1dcadd1cdb49e4fd64309f3f3dcd54516eca80750d44cd57821125e3299eac2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
0a280e43134e27df0205203b71a9a19a

SHA1
3a516b6237354de1f3200b1611ba6f5d3bc04e6d

SHA256
011d778079deba8120f8a24710356723106aefc93be58f553f37e51c738e46e7

SHA512
aa3675d007f6cb0dd3c039881b6245621b989fe40831eb03b150fced19b8d3480a55691052512aed83316eff5143cfa8e628da3c5286a1acfa2d71d1c0a55ad4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
374252b82fb9f4c75c6f559b6e558cc7

SHA1
b8457566b42e0d78d50da79d983ee514a1493a3f

SHA256
fd0a055b53a3a981d7e6b6bbb41a7bf73b28929953a29830a798a554b89acf6e

SHA512
92a332215333820b6960bdc2c087fb0c3b6eee767438bbc9179921e225389a850ef323d22ada3370026f3b4561543a1ded3b872ea3baf1c27823ee7a6980918f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
72a3c2ec72854eeb992a43fe7cc84c37

SHA1
de3b3325f6cf06a34068773ed3254d5aee15ba0c

SHA256
582200db002105c3c54ac2c4b0ecdc8d4a7f29213ae1b95a112fb09643f50dd7

SHA512
798515f0a75dd205079483c3770b1e2e2580ff824418fd622bc343699c2ce26a2733cb6c13a48a1d9da1ab725d0f0505de41f807608afc0adfee83eaaaa6e14c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

Filesize
1KB

MD5
4dccb5cc2f960a472c9477c3e5875be5

SHA1
818c88ad093ccdb658e929b3f2d487d8bae0c70d

SHA256
931e978a925fa0a3942bbdc1a0a5b8ebfb94dc4af60ad739d13b1327a51f3576

SHA512
39bad1512508923fbbf3d8ede39e7791a656a2b9576adb5c3f19276776466c599f6a4a9d2d1dac677c0bbf7ecfc9e7d9d2c713ac06c7c6b655410685adf725f7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

Filesize
1KB

MD5
6a11a57d815db5e706204d056b9085d4

SHA1
30ac711ca8e0f7954c218d4499084c5e864b20cc

SHA256
607d8464a271b8693306b5b5c84227def92e13a70296e7cc494f69e7e1670372

SHA512
c53443a320527406b57d76e4dddfae271cffcafca29d0133c45593849f1026ff5e98da7c36267684c0716f4ec7a764b81bf35a605b5bac19a44777615a1f07b6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
0d58ae2497e216c87814035656da3024

SHA1
8b5a5e1abca77a34e8379935d5d270f2de61ff5c

SHA256
d36269e8cda4a316e0ae5e2edba8443cbcbe1f36ab6662bc3861d533746fe243

SHA512
ff98b7d31da4a9a7c2c7747fea14aac6602d76fa066e008fd45c2ee7616a53da6b2510570f1d86eefee4a0d10c83bb72560bb046a436ab44bddfd2ddae1c8c7e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
2beab1d8092298aa0495465bebe9435f

SHA1
5a8146245139f461acd0bde4b08c46bccf2aa4da

SHA256
a88b5e3360c2180b921f476f28a93cfff610b32788699ba971d08b10a7c3f185

SHA512
f28d5018cea49c4d596b3514d4a7e5567caa1ac279c01a9c2855a4b97715884d74d43dce30891ba43bd63ade93ff8bacb307ba488df07aa9f6774ed417d94244

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
b68ff7c5ea567170cfcd598bf44bb6c3

SHA1
9fb2dc0775c429ae0655ee0ed0e2b1599397df2b

SHA256
6f4efc0da5c28b334c6b820cd6319639ac0905c90d4c26b71fab7e6119f7aded

SHA512
f921117fae219df1322aefb381606b94629d3242c13004098d4495cc2e94ac70e5b4e1338f9a2b6a11f8658883b96a25809395a3c29079cb29eb3d668bb6afb3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
23c3861fe81b5f1deb28bea7c17a7e59

SHA1
0488aa5478d6ce4d4225725fe61dfc3b8273de03

SHA256
008b2f59d7d36bf8f2addbe2bc289a089dc827faa2fb1970cda71ac2984e5c53

SHA512
f58ed2d8f15f05f71ca9997fe0a780a5b337167f61fb35e72b0478ce3cad6331eb1ca43127656bc55f7c215fd04ae6240ca0fe110152246e9103652abacce652

Download Submit
C:\vcredist2010_x86.log.html

Filesize
80KB

MD5
3fe1175c303146ba6ee59c7fb0550004

SHA1
0caa2eb656549739be2700bfc25fbe7455c73121

SHA256
6773f27cc38a74fbb67358dfeaf43f8e780159aeb3b1517f3649254f713fadfc

SHA512
d21f77f05fd90853d37449952537f796a14f15b3379e9189e82d5f8904cdb7d071fa4d3b21894b8ca5acf62230935107a167dbb728bfdb3c05da220aea661d90

Download Submit
memory/2876-137-0x0000000000E60000-0x0000000000E61000-memory.dmp

Filesize
4KB

Download
memory/2876-2151-0x0000000000400000-0x0000000000C5A000-memory.dmp

Filesize
8.4MB

Download
memory/2876-135-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/2876-133-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/2876-136-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/2876-138-0x0000000000400000-0x0000000000C5A000-memory.dmp

Filesize
8.4MB

Download
memory/2876-134-0x0000000000400000-0x0000000000C5A000-memory.dmp

Filesize
8.4MB

Download
memory/2876-140-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/2876-141-0x0000000000E90000-0x0000000000E91000-memory.dmp

Filesize
4KB

Download
memory/2876-139-0x0000000000E70000-0x0000000000E71000-memory.dmp

Filesize
4KB

Download
memory/2876-142-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/2876-1718-0x0000000000400000-0x0000000000C5A000-memory.dmp

Filesize
8.4MB

Download
memory/2876-4309-0x0000000000400000-0x0000000000C5A000-memory.dmp

Filesize
8.4MB

Download