4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Size

843KB
MD5

871564bb0c6973e4eb3f4aafa368fabd
SHA1

da616d5082f810c153ba2ae5cb75a1a44778c57c
SHA256

4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8
SHA512

af92e1306dd61ea7a075aa522cc50b73462f240c979091a33d15b069d6ab928af5edccb032ff650459c75bb617b3c75fee6deb361840d59c60f8c62f4eeb7c05
SSDEEP

192:H/TrG62a6B10k3g4fXk1iTV3HGc7EkpAqEjvu2q9C/YpXnAITZfPtRMwu8V:HebFNw4Pk1itKkpAjjI2Ypdmw

Score

9^/10

persistence ransomware spyware stealer

Malware Config

Signatures

Renames multiple (2144) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2GPT3rp9HC5quFQ.exe"	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\MUI\0407\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdm3com.inf_amd64_7a75739c411a71d6\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\fr-FR\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsDeveloperLicense\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\F12\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\cs-CZ\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbxhci.inf_amd64_6e228bfaadb050c6\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\SysWOW64\WindowsCodecsRaw.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\sl-SI\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmati.inf_amd64_16fbf6520a254fad\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\migration\es-ES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\oobe\it-IT\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\fr-FR\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\InstallShield\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_tapedrive.inf_amd64_a3a36e8f2c921ed7\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_12d9f43eb5d02987\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vstxraid.inf_amd64_300cb04282659e6d\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\sr-Latn-RS\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-200_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_altform-unplated.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\SmallTile.scale-200.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-400.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_altform-unplated_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\warning_2x.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-150_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-150.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_myGames.targetsize-48.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-125.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\THMBNAIL.PNG	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-il\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\illustrations.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Internet Explorer\en-US\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-64.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-125.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarMediumTile.scale-400.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-32.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlOuterCircleHover.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-64.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\da-dk\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionWideTile.scale-150.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-200_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\Scrubbing_icons.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail.scale-150.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteMedTile.scale-100.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-300.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\star_half.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons2x.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\YahooPromoTile.scale-100.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_altform-unplated_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-100.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ArchiveToastQuickAction.scale-80.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-150.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ja-JP\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d0236042f3c1afcc\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tioninput.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d77c01e539b944a\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_10.0.19041.662_none_2872266c417996fa\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\breakOnExceptions.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\headermaximize.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..endedjoin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f1bda99ed73ee9df\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dusm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c004af9b4011400c\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..ngservice.resources_31bf3856ad364e35_10.0.19041.1151_en-us_8bea4e0b86020402\n\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_it-it_32f7a4b95d060a64\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-data_31bf3856ad364e35_10.0.19041.1_none_15d149e0a8d0c116\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sensors-universal_31bf3856ad364e35_10.0.19041.746_none_3a762ac3f17a33c2\f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument\v4.0_10.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.resources\v4.0_4.0.0.0_de_b77a5c561934e089\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..aanalyzer.resources_31bf3856ad364e35_10.0.19041.1_es-es_d95b11ea83d78b1c\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceelementsource_31bf3856ad364e35_10.0.19041.746_none_306bea4b82451224\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..t-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_840561ab0de61024\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..fp-driver.resources_31bf3856ad364e35_10.0.19041.1_es-es_3cf6c0e629502d5b\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_69d5d323da93a2f5\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..mogrifier.resources_31bf3856ad364e35_10.0.19041.1_it-it_d25a3d48e3399724\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-edgechromium_31bf3856ad364e35_10.0.19041.1266_none_74657031110a9d30\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..owershell.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_9e0dbc346576c2da\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ns-provider-library_31bf3856ad364e35_10.0.19041.153_none_4a69e959ada7d773\f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Cmdletization.OData.Resources\v4.0_3.0.0.0_es_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appxsip_31bf3856ad364e35_10.0.19041.746_none_a75e727bd4d52ae2\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square44x44logo.scale-125_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-castlaunch_31bf3856ad364e35_10.0.19041.746_none_feb9545c78481ff5\f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..component.resources_31bf3856ad364e35_10.0.19041.1_de-de_446296f0222c7a1d\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_cdrom.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7b56a42fc119366a\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.84_none_920d6af904f11d27\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.19041.1_none_911aa822a342ea29\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s...appxmain.resources_31bf3856ad364e35_10.0.19041.1023_en-us_e0bacc6f27e33bbe\f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-feeds-adm_31bf3856ad364e35_7.0.19041.1023_none_ecb4b89dfffceab6\n\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_69fb2de3ac1abeb0\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..tiator_ui.resources_31bf3856ad364e35_10.0.19041.1_es-es_32306a414a052009\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\addEventTracepoint.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-400_contrast-black.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-sysprep-provider_31bf3856ad364e35_10.0.19041.789_none_111728dc239a85e2\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-media-format-sqm_31bf3856ad364e35_10.0.19041.1_none_0fec9bd93e6e92d5\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\1040\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\StoreLogo.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-energyefficiencywizard_31bf3856ad364e35_10.0.19041.1023_none_8da7e725ec18e5a6\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.19041.746_none_56f2f7338735a9a6\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..configurationengine_31bf3856ad364e35_10.0.19041.488_none_96f4e9b1e7889a13\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.MemoryMappedFiles\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.1052_none_6beee285dbf74c9f\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-24_altform-unplated_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_10.0.19041.264_none_917d9ce81cc2c3a3\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\ImmersiveControlPanel\images\UpdateRestore.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\v4.0_3.0.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-16_altform-unplated_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_c_fscontinuousbackup.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_7f233f52b2f06fed\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_hidspi_km.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_1e926769d5099d73\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.19041.1_de-de_6868c627c711be56\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-keyboardfiltercore_31bf3856ad364e35_10.0.19041.964_none_7edbbf633e00f7ee\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000044b_31bf3856ad364e35_10.0.19041.1_none_b2edb67cf59d8460\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-icacls.resources_31bf3856ad364e35_10.0.19041.1_de-de_02cc57be37f4736c\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.153_none_51feabe070ab84f6\RestartTonight_80_contrast-white.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcblaunch_31bf3856ad364e35_10.0.19041.264_none_ab3f188d804680fe\n\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.scale-180.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\r\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lua.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d34c1fbcc8f298b0\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\NetworkStatus-Error.png	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..minkernel.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4e4e9d63370c8807\HOW TO DECRYPT FILES.txt	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\shell	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\shell\open	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.nigger	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\ = "CRYPTED!"	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\DefaultIcon	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2GPT3rp9HC5quFQ.exe,0"	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.nigger\ = "THCOEVVQVLADXGU"	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\shell\open\command	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\THCOEVVQVLADXGU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2GPT3rp9HC5quFQ.exe"	4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe

C:\Users\Admin\AppData\Local\Temp\4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe
"C:\Users\Admin\AppData\Local\Temp\4509eb48fa6eb2117118bd33eaebfe190028e3d54976596878814031591dafe8.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
6f4d5357a8268606659409f55307ecb5

SHA1
baa22180d0af8786c2c85af595a624eba4b8c6c2

SHA256
61cfa031db92aa08c6fad6baa9ba3e9dccc15d621c771353df63a212414086fb

SHA512
cd96792039a5f554cada46b4cdc016068f66f4096ddac27a3a24158292a9ea61a30f5f893bf2fd9e40c8c244910c1e6dcebcd45668bb4b82e5455a38fc3f7840

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
e7b0b4e80aca0542e35dfcad99b385a2

SHA1
4f6dcafa62d12001d9c8f4d6a1a906969304cb10

SHA256
0b7eba152def7fb596c678cb8368282af7ce89a7e9f45b0c3dc30844f7fd2e8e

SHA512
b18f429b085b1108943cbc765595cdbdea6e0326bf981304c216886e69c175ea79f6f280c650b1133197345f146e5cb9672abaea735d469f66128b3295693d64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
c2f064c4a264e5768276ac04f6f56e9d

SHA1
3ecb66523d6d95a997dd92f089d13a95afc90d65

SHA256
de6b53f6878e86dd24adad4361390153ba784fd1b595125077bc428dc151d550

SHA512
d9f2d321640be120cd1c739c3f3017c70b3189beb0dd595c63f460120b0dcc18460087ae2de0eb33b00880d3de13f3a6f72c1a1cbb85bd22d456d1850ec1bf1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
9fdbb80d67dbdb8033993028f2252f37

SHA1
9c6522ce423de75c12c8bb0294c63cb4a5bf4d60

SHA256
5a499d364b3fbf7daeebc14cc16851dab54ff9854ce3624d623f6f4806263a35

SHA512
c7fb7eb00a8abd6a544aa1ff7f4251f4a001f0f82e83222b4a83af989a08ffbf20ceead4918952130cf2503bb19a1b9a9cbf982cab43ced3538ee57dfa6df10d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
6764b40fdd7608ade433996b3624e302

SHA1
709e43334b12e88dbaeff973ad126ab53c0d911b

SHA256
55f354ac6e2edfb96e5dbebca8cf48f65bc76b540330928da257fb203a5594c0

SHA512
9fbf8507a5ca9dd44004f2d8e82b9798015485a1a7feaa89d0913899ed63fe6b902b8a6bc04e062a66b6e22d825e062f53d5e3821e25da75da8c716ec0358ca8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
ac6f5fc2ab22bbfdd892c5e9260e2408

SHA1
d9cb8187b20b55d345ce9284a5fa05becd09b073

SHA256
9bf40e0b907c80c91468c2d1d58f73f36a2c2d661d3ba74458d6a4a37feb9740

SHA512
bad49893784dd414557d6e4b5f81e3c3922b991902ff8d956d36f7069137984c5228f32b4d61e7fe47d8b1abaee786d54ae8af2d59d07a4dd4f71932ca627ad7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
17a662566489e8e82420498febe31b43

SHA1
5e3389edecea1554a9fe03d7ed8c83b4ec0f9de8

SHA256
0932578d2fc70ca01066f267294c90dcf25a808b4addfadd1b35c224a2850f5a

SHA512
2524847c64314eb0d8a9505bce5603ad97ec9931381c88b11fd8f3f1a7eed6b9c7503301579209519b84f5921698278e2a943895e11e7fdc97e18dd94a6101cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
5b3ec494f4d2ff63fcecd6d9e06efaa1

SHA1
32311a053de4a797a13f687908a406a385ca645e

SHA256
54be35f620ce17f61aa5b69cb74a83b920fd68a6d4bb88308b4138d371560010

SHA512
f7774bc493da0d1dcec7cefcea7c7657c9c58390001d16539d535303b2f590e41f1eed43731e3b72403858ff13c38571e918e0153d6b50f6250d1f2098ff0aab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
fb4d53c8e7bf3eeb804f242daa3a0f62

SHA1
cb531806c4b7eec9077c0cfaf68d34e58e8560f1

SHA256
4ba0f24fca78285f795cbc5c7f388eeaa35c1a37286178a54a9fa3be1b105587

SHA512
e1de054aa2e48e6ea2419bc9ec280a4989317bd11cd30bdc9758e5449090a876dbd202df665d94f792ce510d376e936e43226028b5574f800c396df57e2b32b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
9d156a19021b66a979fe8ea0e10a2144

SHA1
078dc80aa9d15a4955bd20b1289dc60b177464f5

SHA256
92fcde70c26b82e37f1711f244e7601bacc665854544bd348aa43c34c2a19154

SHA512
8499f14c373368473eb7c1a2140221d4e053ad21268ef54ee802d5b650072930a851bd08af2a6e36ee32fb63cc203df08be4be29014a7f25725747b04998d5ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
34a3187bfb454b2cb83d84612c74b44e

SHA1
e7a35abd76d0cbdaf11a771ff56fb534ee1021ee

SHA256
e6b71ef0582ba62c21255f53f8ac735cb6fb0fa4dd67d8e0ad1cea8b2a849781

SHA512
9fdcaa91aa330f4886c9ba388a5bdc0c2508d386ac47a3731910114de58d419903f341be259a2360d2c937e3aaece30b6db481cfb2bf132d257dd7eee9dbd3f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
0821458ce9613e24c7e419fa8679d5b1

SHA1
0f373303ead9f810e65d05b25393bc0bb64ba8ec

SHA256
ca9d1b5e25293fd85e8cfa58d75a14d64c6c944f05da07ed35d49a63bc36e9d4

SHA512
e922b69a237fa6fbab3f7b0fbb97ee357b377aeaff2f332652f7da48dc06a8e50a2f0a9f45923f367d390396ea011b77447d141f8ef39e0bff9cfd7924ce373e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
177967db82a193ced3394ebfbafcff07

SHA1
3199b6580901c1954569d68aaf71ca0f4abc4e1d

SHA256
1207bcc71260f1331440d53adff5b620c23f9f25b1f32e1a6d1c3d7306baf941

SHA512
9f56483780af1e1e199b696f2a686c594233e5fa411d2f373860bf828dd9e610a91e7cce504e3ba442420d2a176695be0c4e887eebf0d6e0b5835a6ba95b6afb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
7132212377d6d02c3f0e8962b93849b7

SHA1
26288babd57547ca8cfcced4c73fd2fdb7fdfaaa

SHA256
e6061962f20839e837ea2d8791e848fe600c50d8d764daadc35f9fd0971fa5f3

SHA512
bdc2be005831a34ee9b6d1ded84acb2378185fac930dcd40f97988c06e7c5ea6df7ad1466022ef3b455d9882b21ced13ae405d55c365bc2d02886713a6653a03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
8cfbbc828f620079466d54b1337133a1

SHA1
bb7edc4d7e32a8047f0f0096ff0e832dc5ae190d

SHA256
b20991d13474e8fd96b6e2b2bbad1596e78c9b0f715465e3944f90273db919f4

SHA512
fd4ba3e6f188d0092e10e1ed7e7029f70771d4d333fbc04eccc346af459eccd45f8c0ca791b85b9c768ca2eee9d64cad959600f1d3e76aba73dc51083e9a3098

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
5ed93ff64b4f4a912f2933ae526df8ae

SHA1
12dd4891f51f950f639e6e8528686199ec9f269b

SHA256
995f3b4139b26819667a48b95d44f4c0227ae7a79a5410d896b12cdd6a03d3a6

SHA512
f7ae8a49c54a9e4c7f0a4ceb77d5731774a53fc33ada87e255708ef5406085a8f0422a070d38305c44ea3fde9204423cbe0638ad347f91f6c85c936a5c578ac6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
fca2908ea90fafaf1ad15d56803665a6

SHA1
ff6ce696e3355ea8b9de5535dedea8f34ef4093d

SHA256
095e6a2f35dcca2ae95938411435975a9dba53bf2144a8e2d7dc1cfab8f8102e

SHA512
9aad1769686eaa3511eb8cfb1aefa71343fce829e60ff3a8add1a50aadb87a86fdb6190701f3642715aa84c8debf5341ae9c61da41b5c60bcae4fb83a0cc8343

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
cae88a31eb7046088e61ddcc8bfaab1c

SHA1
6191c99fe4f83e2b6657fc2be0d2c0a117167cc6

SHA256
b9b599ad0ede2bd713a9a5e906676dfb489224532cf41eec47ff7b4f92613a51

SHA512
5901217ab16997e9a543feaba541060c2e4dd3ac61b58def565acbb81f6da6401c1135373cbfafc2ffd67db6850e53033dfeb24cbcc69dae931c153f018828b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
170ca0704c8700e547733e91d95d248e

SHA1
0bf4911fd75e622dfb45283fbdf95f6e301d42b7

SHA256
6bef64629f3d27612f40ea5e4a8f9c11484d68240eac9ca66e3ba115f26c6147

SHA512
b4778c63e108e9ff6ccc14d05774dcd81b5cf51a42145ad81401b910e6cbd696b80691da96c8b677cf76a38179a74aa08ea7a6fec95a2e9fc419f172a53a573f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8531d72e1000974f222fffb83b139105

SHA1
8ac974c02058e094a08daa1c235a0290da4c96ad

SHA256
774b912cfe91cbbf1f4013fea03a0a1390b8d2ff551fdbc3a17c2d926dde8b68

SHA512
43bcbe5507c1577dff8aa3fb8b41f85f921fa62aac33084ab068d6722eaa0542434290607feb90f72dc870c729e6e08f64ef413d789e77ed3d7f16d415eb27cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
b9e1d0e9e30e1739fa3f101881b65b6f

SHA1
1dc92980ff6d63de944fc8eec3be166eca42a4cf

SHA256
005890919a49535f67409474693a2f2a3f3681acc21103b7db408a752652b80e

SHA512
638025dc180997de6a6b1be24d4bbfe79b54ca7a21ce46065be3e52c85a3663433e496a63d0ca07937f086b70373258353ab3151438265b90018e6fb042bbda5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
97a6d1bd825a0c91a1cb34dd14ae084e

SHA1
a1f7780a6151f4c937dbb7cdcc58e8c146da3005

SHA256
8c75c822a6c909a6ae79e4b3dfa1a23b90d05db3db49917d5006e9daba7c4972

SHA512
22a714b0912c73264000417da21886a219a8f179e056d3067038dc45c8e80bb0fd41d2caee996174068c54fd92214c1447ff3151eb1a5c541d7151a0dd013579

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
568bcb5ff5e61a9b3097012bf4f885a9

SHA1
ca003c233c251d0b3ea28a3a19525f070c7c324c

SHA256
dd103ef92bde9ad15e38b6e66c9411f070ef2efbc8a69cce679c5e4d5c9e2901

SHA512
e0f11539716d83394d9c0559f2d8cddecc36928ad147e6e4ba1cf0f10f4a104398d5a8bbef9066614ec10fb0181dd4da814bd8e8c3b8a386413a8f2c5bb649d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
a9d983879688ab3335276b1014ca5b3c

SHA1
494e31d987f97a582e3653247552e694b6b78281

SHA256
d9fcc964c74256c141a1f567f2329616b36982bcf6f7a395121ece662d6d92f8

SHA512
46995436fab6f02a2f5ba9c177a7671564a5a2c336b9719fbc8583922edf5e8f0ad452b3bd71c24aeeea73c754f538e18fdb30a25dbdf69513edac7c861451cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c40162b49de468261739bc38929664c0

SHA1
940ae5b7ff954090ab7c81185a17e622c649f31f

SHA256
2ddd4d4bed063789582fff32de4e8edbb49e46b8ac823e15258f9a838e186569

SHA512
fb8dbb6cdffaf0ef7d0875cf1a9b3828282f8e9a6602bf8878ff4158c3f6890b64009091c2074ae88afa719b92ef209d53cf261b159b841e0e0001ac7895ecb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
22b3401d96ee8a8c07f907810554e8f2

SHA1
45bb60f1471a7417607fdb90a32c26be72e7324c

SHA256
224950b92b32d6937e6919b20bf5bc7481858d427d979e4174f8fba74f760a5e

SHA512
854f296482ed971bca1b15b44351192bf030e7c14778f1f7e298df06afc0e2087152efe8fbb14df7d8a934f0af9b17a8a4fc52e055f587540d9f9bfbbabd436e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
768b400053203033378bc9cbaee4f5da

SHA1
256434bcceb5856cfc70ed985df34cc980979acd

SHA256
492d0eaa60c7d19d5e7a73ee74d8f35d826eb5064b8b00a543beb062196ce62d

SHA512
3651dcd564c38d5cb76f6dd071a2600a4533ab6da90e287ff81144a57d6edd3d585ebabd305d9beb2805a21359388beabe011ef6979985e4395b13abe30e4fad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
ce5b5781e0d8de6b80aa799f3eddb2cc

SHA1
668ea3cc916b81be371bce1caef48f009fe45579

SHA256
f050282e3962953f759f6b7d184ba676ed227531d40c3bb99232f87b2c29e2b0

SHA512
57696103a15a6a25b56a0b5ee809e97c3b8c66b0fd1d6f7da92360b38e257ffb83df4340d41ef1b2e62ab533452256b4f22ec7f8a53abda0f5d535fde17d130f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
dc393bdda02037e36e4a70128747d4e4

SHA1
b56917eb4b3df06dfd3d1e1f2b2668834cda700d

SHA256
ced66c977a83b144979e98b6e2b1871e0a84e99f70a0812bc0b257755a966b33

SHA512
96425310f232b6bfb82ab24069d63c36f142cd67577e385e9534c7a98501a9b8be00dfcee51e02128233764173bc350e90ad9948680b0ad02b51b74c1db97532

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
3000462df1732bbba60df0497c99d692

SHA1
17dc7211488f92d1fb38ce5cfac4611003499b47

SHA256
5b04974a40043920ba5db0c066f99bdf9d43b0b728ed5301a401671185404266

SHA512
74b4da12608e693d48c5981473dc4b8a67a34d3398b87fcd1e037a2676acb34058dcd90a4f4846672ad4149113649c9fc84e215ac109861b20f972c524c9102e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
812b7967fb18e5c819e74b9643cf474a

SHA1
582f1e9a48bbd77d300ecc48ed68660587fd3ebc

SHA256
626a4f2a2d8a495b1ff7c2d126a874e08bf6aaf03b460b5ea5448a4c2d3e5de0

SHA512
40b4999aa67d856e9969dda98dbe27e1dbd1e7a9c62be64d3a45ce8ceafddc70d1d4d9983c658408ccb0c7f80339f54d6ce13ef289631475dcdfcfb7baa77f4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4fe0e0f5d86fb8bb9e6e88d867b7df02

SHA1
293173dfa9f314f32d38b36c0913a9e3336bac26

SHA256
e2d2053c84910788eab088c8c435b738432dd435b47ac7c7b210c5541fa49a38

SHA512
249a10786ec82c455bad8dd60771e1c379b175bc5b97a646c848eb09ea0b135c9b5bff7fef82dd8a29de214304de6084a1ac70af3d2837af580b3da1d02a8e32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
fc5e0d06b79bc9e4b7b2601ad66afc3b

SHA1
f3339338756b2e53b8736491bfecd12e434eaef1

SHA256
f006b28d6772dfffe121416b8af52c49920552139b49d4c0dd92c32eaffcb81e

SHA512
458fb3671cd2ab94832ccb6a0e6dd9c04e246d69339b2b5f876340739b953bf1127d2a990f5998ab7311af86f1703093eb624ae6e0828a93079abfb9d779a2c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
8e4ee9ac58c6faf53013c3d2087e8700

SHA1
56c5dd6c26f9a26dd8c36a73977868630d43e73d

SHA256
6a87cd165c6b7e6058f808038a192b4c38930419910c292c441d3cbe2ad68e32

SHA512
de30abc006959ce10db8689ff2f1f1c73f858dee5eca8dbe5cb5977fea924ca3aacb6ac61153caab68446662a99ef976214321a3da99f0d027376f1104da17f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
4d71bafcf475121790056f7ca07e690f

SHA1
bbe2936ac8958aa5553de3dc21fb1c8fae05e900

SHA256
9923c1c4aabc2a00e81540117168997d55bad301f6a34e3a989f4dbce5f7936b

SHA512
ca9783c95c670b009a1c5222c17f7c55315b94b2de0ad5df02200830f7c32e9eaef779f9986c212b573dabc7dcd84264ebd4846995a834d1702d3fab51ecef6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
a381dc94fa7f7bab276c4ac72f40561c

SHA1
1b28bd11958a6de54f2bafff06244d9211ae6c86

SHA256
938654e19f7390ad896ad46538f833a5bdbf795e6a9a205e20d35a516b4d7cf0

SHA512
02e100791f8d465d3b38fa1f4174b9670d94ef484c2209fbc22b79e83cef1eb7f8086b3a3f3a942086195c137a3c1bf873b87785d2c7926a90db74df60592a76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
b2ecd13fe6439c83316e362350c6c561

SHA1
7ff5d5853bce506a24b074335be00dd25e3c5b9f

SHA256
b832c3d236df9555155ae2231e24f282cb481a8a33997e5049d0e735ae9746fa

SHA512
1f890066afc4e36e07fa9c6f85080a25363b77ec7e61d0955efcf2af7da0f80b60698faef82c6ff201c80ab537f063c8fe8ee41e5c6eb296005cc5ba44702dda

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt.nigger

Filesize
32KB

MD5
3214efcdaf7953435b2850bfbfec7b99

SHA1
625bc863adc86583032f39eb604c4aa64064a828

SHA256
fd9eb31742befed5eb923ebe02e05f72ddfd8f41bc6b778ada5d97d979dd8d29

SHA512
74c868775a3ee91f6f96457750b1cce86f7733b7c17cb786e9b83ee3b8ffaf74cd2936de78a51c2c38bb1c5c5a8c425ddcffd3bf848c46df8a66a4f8bec2ea50

Download Submit
C:\Program Files\7-Zip\HOW TO DECRYPT FILES.txt

Filesize
294B

MD5
727fc6170d1eb2d3b31483f668f6286f

SHA1
d5d51704cac493ed2dcbf899724b0c89482ec585

SHA256
58c4945f0e5ffd0e95f1c3ab6c60dd65af4ca65796d508543eb13b9d51cbd262

SHA512
61bd195ce084677ce931e703b156bf3b678b312fcbb6f764914bf79d041fdf832ad3634729686d75c18ecf12f06f5cdebd16273564620a1345da48614a007f96

Download Submit
C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
19944b844714284aa9bc9555102f65fb

SHA1
188633b4e9cef2dc96b9df3a92f92aca995e3f58

SHA256
8a873fc72e6b13ce43346b0d47d365e896e1d8b67e20b23d7e53f2a3eaca5ee6

SHA512
4ed240130fb71c408cfc5d4cd69dea71ed175ed38c17dfc3fb439b0b153912f0a8ee6d84ea9af7f03aa6be5ddaae0f3f19352a9fae3516e1c38e36bec5274dcb

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
3c7cd79792d93a1fa4053ce5fd65d959

SHA1
f15040591480e947862a8125d750e2ae9913653e

SHA256
26f99ecfea1fa0473225dca6ad8831f9f2739e86999810d9003e540319103b07

SHA512
68539e0ce0f158d2804337f80376880733188bfaafab66b6d6d9d47c3105147a0aec3a635e74dee9ecdf89b684c83445172534a65bc0fab57a1348e713d26e4f

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html

Filesize
8KB

MD5
3ee427239e45ee0c95349817b84af713

SHA1
de1cfac3956992d284229a472537ee39cf89a89f

SHA256
a9daf091f5bc3887f8ac0bb6dfc3e7ae74c1412c64239d74065a6888d40dcb13

SHA512
e70903fa0637440b8bf147d58bc982a86487e0ee09a399809025104de8c9fa38a6968af28dde55f696f6b0eb4cc1cdd8b3bc465c96706662afde4b8c1249acb7

Download Submit
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
ebd651fbbe24bcce1e166e0a4363a206

SHA1
bd07b4e728c60d709ed9ca9df86b3b138b1c0adc

SHA256
6a18b230a6eccfac410bcbcf253b332761e7002ad9a282778fc8e9a07ddf1526

SHA512
45a423ca074e6465e4d9a1402f1bd48f2409b2c5607055d64835e33ae83a28d3a94696a669e4d34738875471233fb607dafeb5de63f6b10b418686f143ba0b02

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
107KB

MD5
ee008377197292a663a7387b49d8ca02

SHA1
3ed85283d3b4f39302bd912d7bbcc8771a22ec79

SHA256
9f7a2d513fe31cd4e3b9a977520582673a0dad15faf3bc5cea065c1438046325

SHA512
c8ec183814b2681fcb2f793b1c3fe80d82bdd734d20966b323db180d276fbbc71a43768ca0f5710bc0cf234f6dcaa87aff40e4285d45978265a85b4eae3d2ed9

Download Submit
C:\Program Files\Java\jre1.8.0_66\THIRDPARTYLICENSEREADME.txt

Filesize
172KB

MD5
5e89b5153113dbfdfab3e8290ee3ebeb

SHA1
4001afc4b743d94618e9576f9457bb28eef47572

SHA256
3aa554cd267df6bdcdb832df8b68e531e5a9843309af0a31345b55e02fd134df

SHA512
bac92e4109888ebc394e814b3f7f3bd91d5dd922c3c7c76a3439a05f37811f78b8da87f145b6d69847eb9e37408e14996405cdffd4f5d1e102c12f41f24df40d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
f72d54247fd550daf666b2111daba88a

SHA1
850d492d4e1c181ac98bef412ce7bd377bd53a06

SHA256
98e91959a98166b85fb098f299d63dbb2c212b629dc26f85d9add0d332510ba9

SHA512
01e4cee4244f88bfa64f6b3616d59973d62b1b0c2205f1df8376cc7abe6cdaf34a92050a33c563f66e258e766d8d85843b1dac740a1a4ab8ff866a96b2895054

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{3aca6afa-8f57-4032-b48f-d6f40ccd7606}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
a82f4e786cbee745be5802351acaa584

SHA1
dd5bed7e350d71f04883af94f280a8fd65595a32

SHA256
cb3e23c1ba8ddf1d166e3eaf16cf7a7c27c6820e934c2b70d01f06153491feb3

SHA512
871d0fbc95533bceac650c9dfd015936ee634155a443982aeb8a85b402870149aa6fcc7f40c94565a2b6973603466fcab0ff601bb0d265e46eb49b14d6bfbd16

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392318811293695.txt

Filesize
77KB

MD5
ee24a41ec6b677b5cf77d817a1acd917

SHA1
0230400d0d4efb8e3735932997fe6986e5c93ca5

SHA256
162f3f4216d434fd57a51e02ba67275056a86a07a127f0777ae8d167acd0587f

SHA512
c0fa224d6952e39912afaad7def72616e8a08994af66137cb9d19e123247d63c84405b15e1f71e2c4025f7a4ed5fe2bb780e98c4b1cfc51ae4c5e90022f303d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392319195503965.txt

Filesize
47KB

MD5
5ae72b934f341a1e5278a17639893684

SHA1
6436ad79dea135232f48e696c16a8be33bac82db

SHA256
7d19a1180bef20f418d537110181a40a0afaa9231a2d187d61b63825ffc4d150

SHA512
31fb93642629762a90e362a02b6c5b4947aea30f92599637671303a4d10317cffb8705de46dc6280d2e2f1d8995725358754dbc05d207615c5a88973d3f954be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392327331664629.txt

Filesize
64KB

MD5
12925c16a80edcafad8d35c462b76a9e

SHA1
b59c482e83a371d673e8127aa2c33a80cef7f5aa

SHA256
9c828b29455af0c4dc2f92103d3cf0f19b87403075c59db43f686b729cb23193

SHA512
0d70227331e9217ebf57ff2771f4d51ed5cbab20f082167c42b128f05bc281af864cfadb1c0a048e049aa367066942ff1e465f92b48f4a509972ad3aab175667

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133392331385808931.txt

Filesize
75KB

MD5
d7b376b457704c375a756f8e372f0ead

SHA1
b5237306965602bd182e390e0bf03b825ea2e51c

SHA256
d6e5e224e9cf71447d350e81d04d3ebf832bf604f163753bfd85ed7bcca767df

SHA512
e776d16ba75162837b739e73ca5c7da4b6c663cd4459a32ffeb1d2d5aa593a8f2ba70ce36e849f1bde44e6fc0fa373ad0f3f6bc6e04e197e77fb3c5b78f8c06e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
b884eb56129fdee8470a745253f0d84d

SHA1
663cb112ec3cfa7ff563214280ecd6cbcb6075c3

SHA256
058d0fd112f6d39441fcda2102c32fab4a40f2a7de54513728f66a386d7eda61

SHA512
0e0f45cc35fa3686d92cb1d701dd15643a3f6dda7601ee8e616abb07a145def470956e34058f7c3a1990ef084edc733aa9100a739a4ca6f07ff7b1ff3ff55fdb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f356e9fc80b5440abcd5f5aad3ee4596

SHA1
32aa20210567c80707a89b25438f1ba261f58be7

SHA256
28d25fd93e32e302e9cee33bd67962ac5458f226a11b840bde086036f6b398b7

SHA512
0fa10b25a8f9d36f416d0ccc08bc15707ea7126641e55bd9cf3aa88aaa17bb5f65136c0bb9bb031dbd4307f76819f803f344a97fb9b3d3122d339b243b943d9f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
e11f4c174fdd7e7352df6dda164b9f07

SHA1
99a58f1873b6e0c090c03051d2387d1fc0296c21

SHA256
a19d3d1f688c3155ff2d7cd4eee9f7351dd96f954d76a2dd05dcb821339b4d3d

SHA512
d08aa5a05cb2d14ecdbabaad0f848fb1257a8ee084b8517326f71761a21434c07ec2c68271738642ebdb4e1d467ac27fdd00076a10ee9c7fa48fed0e6277b7bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d6872a8fe77a981ae25b0178b92b1567

SHA1
b2ccf2e191e86d002314fed46dc8899f113c5277

SHA256
01d1db13573131c3e930df601160959004d01586ed763a7cf6c3369338e5bba5

SHA512
4dd0f72aa48b2cbd0f02479aaa38751dcd019ce72d33012c63f880dc5434272d19a1c76577c30567335ec0f8a2980a3af2e47a29492ad6f95f722532edf8a6c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bf03389c9b765468a460b31fba9c1c20

SHA1
fafc06df36c8eca6ce24346e1cfbdef81c6b14c0

SHA256
df28e4451c1143782b38be9fa4b9c2700bbd2275b1c1a3ba4815aad24c801e96

SHA512
7b975162ba3bd65fa88175cdcfef86908b7733c3541a5408f9c2d35be678208b9511723ed38b38cbbe1dc674b07f03a0e61bf48ab1987ecfea86f226f1655d43

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
821be06f99f1b6928b842598429478ce

SHA1
c6cdd3ff8bdecbc7d71fa680ae0c3b11c2d3e18b

SHA256
b5fdf5a4340a33d1bfcf0c8bd1f0fc49281d7d0aba16d8ce9bfff2848cd340ea

SHA512
6c309baa55ce0398425ba0a7e850e7c1ca5524bb8c84021f83d52462a6ce57627bd5d54a3fc2ef15be92ef1b101839c547c563a41072f1de0876b725207b7a85

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
bb66fd0645d3fde8ee857124ad98f628

SHA1
e77691307add7fac93c91fddcec7c0e760c465c9

SHA256
c3c38c4882c2bfad3ffb4aad64400e0fb21accc096f0fbc26208b6dad85854e2

SHA512
c16795545136cdc9768f7444c4f8c6c448a2ec8be75fe6153af5533848ed25802350c8170e25d8202f19fa44832382f08162972b8f5eb44a50ca42af46b7de4b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
2b20aaadf55493df270a02166a58743c

SHA1
985ba04e90e653407b7443ea98f468c5e9029808

SHA256
20351a5445dae645652241a2ef58b6de353d789a2c9393eead13f182774aae2e

SHA512
f932b5cf51fbb62af17fb6efa6def4f61756857715d2db0aff78c0b625c888397069fc4f9c13eceebe319be09efd62eef4367f00ffe953110dc879612418c935

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
a720ea636791bc9b21ad04c26e4d6dc0

SHA1
2a4276b5fef535944c3666d893d7c528ad800bd9

SHA256
692b35d03ea809306bf2a3e4aba18f7b8671ed0fd193e13c716c1f5aa077d9d0

SHA512
e382ab4a7a23b71f35fd18d43fa1bab884a8575a5449b3ce68240fd9e63e19572bc7bc7b0e3f833fe93010f12879edcca2cd41454d26d938cc22485db6e027a0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
bd722bed5fd58b669dc1d7cd4a2bc4ac

SHA1
1ecb98bbe336eeb9bc659bd4f835aa234881fbed

SHA256
21aec1de2ded9a7b77b299d954f548f82efe2c5d75a38d837381d06ce369fa33

SHA512
f2cf496204762b843e4db6e0e10e42577c1288970f3a850f57aba9dcc603c46491e68a2a1fcc46cceaa948c5193178c37b082d367f9bb5fe89ff6aaa75a2a729

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c49f8eba0f3a7e041da08a01c6b1d9eb

SHA1
b5866892a34c8d8b8c20220a9a2df64613f26cab

SHA256
caf4ca0994d95ee67c81981900e963d563811837433cf967a436d103a24f65bc

SHA512
d7bebce80065cdb60cf2bf504f968cf43b601ed09407aed5947bfaecc2e7de44713db16927765c76cec646ac091a6973010d835adbbbb486e93c7804e37dbb05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c46ffffc7ec7fca5bba0c11a3d72179d

SHA1
089faf752e9e276d8fa81eb819371aea3dd18d4b

SHA256
729128978bf2725e30cf98f84393b71be93ed89de046198432d15ecfe4578e8f

SHA512
49acd8fa6b7b0a34eabeb0defc2a28d1f3ab18c4d6ed54bcac3e8e36bf16744b08548253c230badd394d724d8bda4cab6dd9f117cafc08a89853c83d3ca73d5d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
7dfc90e12f4f0bb5d9536242c1e759c3

SHA1
bff1a516a34b09b12999c5ebcbcf4bbf8132ebae

SHA256
48ae1277645b4e4a72e9059c2d9307e9316a3b3a16efd4c526b8161c732155ac

SHA512
1dd82586c7146af6c36e2a27109db35a2a0b506b604fc61ad149b90f6625feff811653cc6b665554afaae796aceb78a1a6dbdb11267da6f9765cfa6c14c90668

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
9b1fa28a6df93391e634333d4a1fa0a8

SHA1
f26140bee25319fcf8a8c49401eee1f4c5145b53

SHA256
511e78a917764d7b05b0eab234029f439f8cde8dcd2a899735db63e9e46c498c

SHA512
06f9f73879760baa9f626b79610923bc20de1c00c229b6c294764938221539ee3c99e528182ac9bdf38ad9c10bfd896d0295b556fac68bbbdbf39f881dec88ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
6974c072081561849ed37730e360539e

SHA1
32f7769a2d8071cde11e5b403e2e8541f7bfd10c

SHA256
54e7b4dfe4c13c73a1b59272379a36f47e5380a2cdac958fa1e3dc5676653e0c

SHA512
f5dbc65d8db78623d812c842dbe06da5aa1869ad1cea8f18c8c7bf8d38e08237dfa2305d0d0810866206eb17afee1a4d765422891c261742c7359a0f49d711dd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
1379312c339b058e6649d99be88e9a64

SHA1
a2479081a3e75fd1f807380d7acd272f5dc35a64

SHA256
c01d4a51ff379d12ed700d28b9854b842633d129e2886a3a8e169637a10597b1

SHA512
c931a82ac25c6f6f1b0f14f8ae0de6f6463c6bde4f44381204ee74e93bdb922c3a4deedf286a96d01f23522f736e88cbdff71a6a738666dbf3b392edd74f0c4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
9a3fcce0bff8791ac78517fc9082d38e

SHA1
6b0209e4cb80422f98a4cee8c59d37cd4840b067

SHA256
1e6233c424bc84a45b339900bef066e85c7a5b2ad423882dd3367815d1b26a5c

SHA512
d653166074bfaffc52caddf7beb52159a920cf4a28858eafaecbf4b928ce1bc53af2d27a7935fad459e0b1ca4cf534ceba4cfe82c9efd1ee4f00302b135da796

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
877489578e61ee508f81d0230a623325

SHA1
207304bbc57fa53665256230143fb8ea48b12c94

SHA256
90d3bcadd558c6c6997be7a4a658aaa3934b4c910430a3c50a1e1723817fbe3d

SHA512
febc2bac0beb10bfbdd1776953c8174759e10ae47b2aab6608a3cae9485c089601282363ccadcef996a537b1cefa5922273b88c194a2ba4ca0c904722f44b0ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
64cf373bbb8f20b5ee863a38e1724eb3

SHA1
c7ff47bdbc656ccdacf6b2cce37ffdc1cd3c6fee

SHA256
dad20df9ec8a3942ed0050dde9823a31a8bf5db1485dc471a9a6e0c7dfc70c22

SHA512
c83ca9bfb38f5b7347412db34c66d94976b98bd8cdd34b6549d3084502d82e8dbc3b22efb9f96d903852bbbe00d23f5abf91b91039051afce31e154f0e40aca5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
f74090d7ac149d0e1a98a9f94a173963

SHA1
c4955ccb81142555869f13b4f7272e04fd0dcbf0

SHA256
087fab00c7fc17a6af7b2567b0b7c99c99edbf5d4f4c8b09feb462207586601f

SHA512
da1465b495ffa00146dc758dcf57b588cb9b6b0399d7b540bd09d5e549f861f4f8aa74277029bb08ebec6307487baa530056b46b53f14c595cbc9c007149ed80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
99e4a9defd19c611122874554c9afae8

SHA1
f614d099bd03f80c65adb8d7b31257eef3b5eab8

SHA256
e675bb99552da61a11ec572a84da1cdae37bc55070fd2ce0be662affa5d68a37

SHA512
0158310c635dbc75af7b8de508ebbcb0bcfc37eddb2e9aaf76553249fc2802b3f4667204c85262822f55c2f57fafa613fcee5899ddd997bab16a9f6a1b7abf57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
a5fbb9804cd2c396a1b5f1367f46e36d

SHA1
42ceb60d4a7ea117bfbe384e76c752840a70e9d2

SHA256
224171ec3fd4e58428e57603bbdeba16490da0b6a013c727c86310bc558e9990

SHA512
74eb8404bd52ee19a22251d3dad09be5c0e0714c6748d98fb8efc705395aa5ecaaf9a6423ec2b70101047b4adf13ec1087bae3421518b4f3a5805cb401e93462

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
29d592fb7b37c073faa77a0f4b885a13

SHA1
0dc33b779fdd8ec142f767205e1de45963dfc727

SHA256
aab9f0a5cf53c3b5b77676a3a277e691df300944877b225d6e7f6bb624e43d8a

SHA512
7a818be078df65d8b5e01dabc4d2188105ccf05f6e7e6a01f902337c3efc889b0aa83a11fbc586a7a381a02e081d292b04611220484700759be6e6deab549731

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
b8c84edba39c9851961883ac72d40bb1

SHA1
8a567ebb9371bd2696de4a46d83d7dc65bef54bc

SHA256
b3cc7d189b4ab604a2ec8e01d44b194625224ca7007b4f29da484b1510f6e568

SHA512
8d0ca00e014a2c2d14c8605e54ba94325e973f489f837c3b4588ef6363b9e7e649546c3082b380ea2fc50bd0b73d6b6a1503e58d16083cac1a58965cd19fbc87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b8b4a250896bacb20359b8f9969fb019

SHA1
aa111a13544b3f9771095ee7dcdbe389355664f1

SHA256
9e2a4abef16c38bb5ea71f138a728ab26998c0ddd7ab38d6a3f36c71420d2819

SHA512
e5061b56dcc79a13aadf21189112ea10f66317a71927c10728a85a61d08a413e6e17cc5636e2e04da8f6d4d7ccf89433ae47c6b4748a08e774d4d59ec7465c8b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
4828173334aa47006d1bac59d891e034

SHA1
f70d6dd4c210eae534b0a737bf9d992deda0010f

SHA256
aeb7c1e72f064dc5aa0126aa431648f24bf1157ddb6bc08f38513f794744966e

SHA512
6eadc2ce008795d64fec86f6e3ac91e77eff5714babc773aae89637b6ac94d71a3a6a6690cad57438a6e46ab51fec60ab2fa4467afeb5cac10e1131ecb1e5fa7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
831b3ec1e48351ad849a434b26ca576b

SHA1
bb12b2565528f0b24a8cc60f491391d99c22d673

SHA256
24375c8456160eba300b1101ead818919d7219069e611d4d087e25fbf7bc8cf8

SHA512
a17a162845d9ee1b9c1734220ac8eb85862c313d2e1e29d0152c060e2f99a322b894929864d607889d7932f33511e5ffa0e4bd1d41e93ff0ab70d2f4a07989c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
32f9b6591922fb5bd0da392e55ceb633

SHA1
922fa5f757625cea5f7d21906a068b97b6195cec

SHA256
9eed206d1d3d60d539223b04c879a65dc2dee86801bcfb0cfe5dc4be928def6e

SHA512
03678f380493b4ae8df3160c6f813c2eb664ad8c6ac6c3b49ab9c3a07e48669f18cc3a9582c53614a49fe95fdfdfbedbbd81f4a719fdd58d345782d0ae96c133

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
2377a93287d5baafff646d2882edbf98

SHA1
5cb087723081e04ddc93480ead04c12243ead87b

SHA256
b511df08eaeec38112c533327252c4c01a8c32d617d645ce6292fcb199121b3e

SHA512
fea83f631ae355e51c915c58be1b863db2c1c82671ef786c127802b688a24b75f38f625965eefd6d9b9f13c19cd3c7e8d5527e50f2eeff5ab7bf173b2e57b9f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
e903f9b9fb267bfe3058035b6721f60b

SHA1
3907d1bff1f1b55cb59cbc7e096b272f78b87b1f

SHA256
b591cdcc5383457dd1a933b95ec341512f8d0591689a4e56f6bcf998110c7220

SHA512
a3ea39450d0453f7491c2df9c4ce5c5b9dca6f6dbe19e831209a59fe97b49126f128141caabe3e0d02844893f5e080321f15232ab2f822532c5e820f22d45fcd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
e6fcacea36f9edc0142c5a56839adff1

SHA1
fea247a559719a2c662422bbd53f29258fab093a

SHA256
deffe98c3f4568b25fe40f9f902a86f7ee2a56445bbcda25e0e2e83f67c60a55

SHA512
55b7d82ec2f38f6612e00bcb87c6420dba1764478f49ac4f502f1a8c87191b93b5a48181c74f67303a99a8322b42212568f7e9d2c25e42a0e912ab22aa089893

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
a9f7a57ba2d85c89c47c6ca97f86103d

SHA1
aca215c28475bb8a5bd1b1629817f6377b4ef8ed

SHA256
5db22bda230c5412fc8c43a946d9f7521ddd20030885748ce0f39f5539de4259

SHA512
d17c0e5cc40a1db9ab684ff1f9c776aa6e72d4e3158ddcd77373991b202964fb716c3f0484424e14503df9d4e754a52a550121fdf2c29aa762a84fd8df4144d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
d565558060d76c56d2092d8f4277dceb

SHA1
2069e68c5b9a4e68c59758bba90600c693f503d2

SHA256
b8cb7ead45eac209fc7a8b17383fddfc93792359296f7b94a0a473f746c2304c

SHA512
515f75d24980c6878b1cfe54cff33ce65482b9f5ac2ee708b50ac4bb8dede178652d64d1f36ee9795972df50cb7e135d696fe9c517b07a42a641268e0f8e81cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
79a81aa7b50aa167d50417308e8930d2

SHA1
37984db161012a62f19e76916a1781024fbe2f42

SHA256
68bd49884a16190bd5c81dab5cc989fe75c73486c59904f5403640948a47c990

SHA512
0fdbb143d1a491860c1205ca024a2779f072215ca3870f89fd474e9ee92c67bbd1826d5d2e75c012758e1d4fc049e28bc6eb91b0a6b44059b25aebfbe1c6716f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
6eb209d985fa287a81079303296eda14

SHA1
a7add991e548f5ab25b0d6310ac60375cc24aa15

SHA256
a54d03101d0a245779c62f8634b2d05a276d6988c9ad295f1c525b476b17b9d8

SHA512
b910599eb059a784d9610a69ccbf4acfff0410e76e5abdae5ad0a8964b20562fdecfa521d4d0dc1ce16d2c347478fa3c6180416be275d295cb2ce57a094cf47d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
768bd4a1f30a900ddaa7f726a981943f

SHA1
fd178919c66f20f6eed2317bb590d0a924ae081d

SHA256
4d6ed6be0427917d184a1718bebb89bc2f7ed2fb3f632a02b2fad9b93cbe27fc

SHA512
227ca570cdfb4239987151b20a4f65cc76045a9c1d5f763bc2787806463d24eb730250c1cb4ddfb1b86352a0dae11890f9eab51abd6faf9735b180b36b9b7d15

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
c25fe48184b61fdbfc4d67cc635b5901

SHA1
12c8842048383397860be01667cbdb33b01386a7

SHA256
b7dc19d053dec40d1598296d7b0e2f40ec9650f0664384e1a0877eec125b9992

SHA512
f38ea01c63190e7f84265b94fd786e9a542580b84c0f9472d2749b9bcefd047abdc507f56ea5fdcd732b05619c029cc9585f36575cae31ebcbd3db47de337ae3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
09e184d4a4091674e85eb7d56b751d72

SHA1
92b03cae14d961d96f42713d1da0752c3d056d84

SHA256
ef3fb9501cee0c5bbe75b2fd2d55ac9d4fef2866dafb0d90a716fc48d84f2258

SHA512
4f12dba4fe794881a5eede4dd3df39e2595166471317bb01487133d5b0e7979e59d2c7417ac3ad4215673743aecc139f3f1df4a69d81979c1c58a06cc384d5e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
22f77e4789c877a974266f206f33e7b4

SHA1
727390dc63eccb659024d7c3adc91260683f63ef

SHA256
14e5d3445169ac808e3fe17b9e1a3f26da653550b7a43dfe53ad7c1c3ad1e659

SHA512
6bccefa76cbbbc9aaefbb1cfa3085875ea5c3bd710c8f29748833e9983fef9435d369a987498357c55fc82c61421a9a5ce424bd002c9443e3c286b274f556189

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b56bdc01f499d25aea7a839832dc1652

SHA1
f60d05b1a71640fce31cdd7c895a74704c9930ed

SHA256
e1841042b2b11226556b4900f638a63c65dfd6becbcad4c36f69a51131e9698e

SHA512
a3a0e1c7cb343380c6953a82abe54ff7f2e4921f25bc6d6cd9eebdb51d91b52e2c25eff50d73582d5fce6b91b1e113f390dccf7772f147b3f036db003c1a3777

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
c95760231d21867910fce7c634a7a4f9

SHA1
d0da232b92413f56952d8bb86100f5659b8043dc

SHA256
14d1770725ce84a2b0234d977db72d36d7f477d28eb296a16addc0f5c9c3acad

SHA512
8d6070d24f191d2c9ecdd17b2cfe514c25bbf5590d0c27173e06aa27b5887699835d2d6121c6ce16cc5948261f4f3bb67a5f4145dd5f7f5415c1889304ce42c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
dcfc78a2c8d088136e0d06c250c2d023

SHA1
8a7ee7068c5e4257b2c4498f7171dab8c0014418

SHA256
2ae4302862519d24fbaef6607718c9e65f54c13c125d8a92736a1f955ccd2641

SHA512
fd422aebd2a8ca480faf08fee04c9ea001fe7f3ee2c24ee12ce99bf2527abfacab0cbd25287a92e5fafe2d272b4d0969a0c1ee62c6ebb190004864a344bb6ca0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
1b2c70cca701607f799fb575a522e979

SHA1
d84cc4745145123425b1099feff65e3b7d726e8b

SHA256
eeb7572717bcbeaddbf3e18aaa65dcbfc8b7f0b23c56adb648f8af2349d2de92

SHA512
e1a46a3d7af050be283182095e4f9827b3761724c28e7d484f8e30cf1f30e081b795b35390f7e71455c1c8158e741f6cfc87f41c60537af45a584232668a9ade

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
3d6ad094ab16bbf822b6d5780dedfdb9

SHA1
614b3f02b11a48fa82e622dcca54eeb47e18d51b

SHA256
59484494e77400b4918b0552ec69fff667bb452d017ae9233d8de1dc5a1cb67e

SHA512
0bba72153dd5b1918422d2ff4dc62e9495c801043af3b9a996a278d36d3948ce81de52b6b2f6f2af3df58bd27a18749b3c1d0ddb713f4a3a5cfd255932daead2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
f42f4481c51dd44f9169e501585095fc

SHA1
ca1b4cfc15e36c1950add3c89f4a67bc16a555c8

SHA256
149edf52dfcbba91d0d05465d033c7c3ccaccf9732ec5364230f3c2947aac063

SHA512
53ca6373ca5b2f1a069ca9f49f918cb88483ed0e3a7c925a78ca83a7cd400b56a2ea44c19b1ad1ee1df7cdfb51f4ae4b8878ca5f774ec653a2b12f9f46e46295

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
9e0b2c1d839bf05dac3dede4285fcbfb

SHA1
6d0a606e55eed2db2c7f56cc23534a77f02ddcd4

SHA256
d9b72d5051fcfb23e68881c061708de41ef46d83f7f712a7ddbd025b2f5b7118

SHA512
ef6510684429ab7d680ab165cf54783462a1f1d1ba3a414008e762b63f90bd5edc50fa8767a3adb642103ec7c0ce569a289c5659530ac72546d6a76b5df3a773

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
7d2bb9c0672573ca92bc84c6785342dd

SHA1
4e1050834e2d9eb112b4a99ff7d33fb2052038d9

SHA256
e7110e9dd99d2a8732ed0dc91e05f9afb8a9377e656f8e4e0848192214326983

SHA512
4728d2a47703d647428ba0f0c03855bf218a3099cc0bae929fe4cdfcd6cc1d4ad91959a818a32f89f9b847a65ab5e4f1349a922c496580d5c536c0f3ab33c41b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
60d0161b9df1f3aed8a582297454538e

SHA1
8cef75be85b36759339d569a02b539a0bde93906

SHA256
172d15af003787df65984836e339f18aafcd75bd1c08ac5e1d68ce25ecb85858

SHA512
06e5c84dfe8b8a2b1be1fa5ed89572a3400690ae745c98e8f8b3f759f197e28da78477e5461b39440b13469ca6d4c757bf826150f2a21d6039e786ba6a9a2ac8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
318dd967566e43c52b3d8c278dd28b7e

SHA1
eac5358f3f4f57a461c5682e8218af8dc7d21044

SHA256
7a62283874d3a941adb50afdb7295cdc05d4e855317f3394c051f24e5fdd8b26

SHA512
a7b2d2e91fb975855ede936798a618e6bac5e37f8b44bbec87883aa4e12e91837646f392dab23046db50f8ebe759d64113abc720a9667ca85aa949e614d88c68

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
a0f5fea348ff7e893d36a7fe5e5d8d28

SHA1
d314a6d5e906a8245433259a3423274f2ef9e913

SHA256
53f822262a262435f5527fa5384e35eb62636434f781a0e38ac6f00528e48df3

SHA512
5d0a0b5bb9157f691cc8fed79399f0657007ac4b1c2ea970fba2606a03cfa1bc807b66ff8e656aa11a02c55ff67d021f4b290db18254f312eac2a5a159253195

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
6651c26da600a4b44c48ee81082514c0

SHA1
0304e671df3712536d90bec7d87c39018868271f

SHA256
1baf78013e930094e6703b8e0b75f3968395408aee7e87b5f00c3468b17de9a9

SHA512
eee57a9538db6f7c1bc85b3efb527d3414f43ae068b7091e5344ab88fac213190fc8ab2da64240e24bab14e02a8dc89ca61b5052c85744f825fecbcc66a27638

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
968a4d95dbf1d6272ffafd7e0311e91d

SHA1
94d562e33bf8d711ffe1064c02abb9fafc53389b

SHA256
6066737a8648518c1fd2e50d0a3beffc0f6ce5a2a13233ea56f0243375538cc1

SHA512
ea917e383792e436794f77b85409df570981956ab71f7329a66749d4d10b07ec8ebf62c43d6b36ae15f58c65d54795513c44c784e6044d94cee3627ef67467a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
82a6a51c3e7d486d00cc63cd202eb9d2

SHA1
da38bb99384163ed9578d94082cec5125bff2bd2

SHA256
36365cb5fa6ef2517d294587dae725e6ed49223a2622b35af0602faea0dd9479

SHA512
8818a9964429ce5ca812f9f35aaa5eca9e245d8ddef2a62be97b410ef699543f76ae999f929ba9dfab4fa728b1aac3037f05a954e83e0e12cdeb04aa35f13c5b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
df11447f142bfe97f9ff102f52cfab2d

SHA1
c85d2d3083080a845f9bc1be0df82b11285628ac

SHA256
64d5ac84fb81090f60cf001c143ddeb85022f116fa0f2b3b911ccb9d04d81396

SHA512
6b5e1366c1629e7b85b262a750c8e4cac2c8ed8e46acc644a1ecd3f632e1e2d49ea2ea45f809ee868758f2de88f149f984dd36128c6016e1ecc9ff05d64921cf

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
92b6409c5b6e3eece92840836d8466b2

SHA1
423a6e7b8f4bb5a8918c90d2eba1219e1bb682cd

SHA256
e9e8e110e180f0af595ce35fff46dffd9b98b17886a5eb3b4d29bd88aecfacf8

SHA512
3e2c054b829b1d56f3d2a0092a875ffbdcef6d6c464850ed5f88c403f9b3ff3edc5c67ee36b6d94801f1685d3a22074a7447a7635f07edd0c2375db9099a18e6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
44112e603172fe246db11bbc04dabcde

SHA1
d887aed2f12cc76d0c85fddaaf3579d286cc8170

SHA256
baf76d629198b346dafa0f089a638dde6e6f564c86747944ab9cf8efa7391e81

SHA512
c9c891d11c4b1bd3729f5c7c19d9e4b17c5bfc1131b32b9db8865b1743adf931127fe55e7a6e193874aee394acf0b08ab6c66963907dbc82e2499e12ce3a4af6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
14418b603f7202ba0a6fbf362aed545c

SHA1
d471c23fc6a50c0f732db75c5372e08d7fe9346c

SHA256
1b174baa6e9ae43868d1cc03137c04dee0254ebefcba01cf20e4f1e5acaf12a3

SHA512
88d8c8a4f866de4b589f5864a339c15437e230911d153135b4dc0e94774924c050ace1423ba3a9abd1e71bc2ca2a5926f3dbe445f231326a597abcfbec79dfe1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
4cc66966a4f63adbef9b03773028e3a5

SHA1
359932ba79b8e78b5516b9f6df809fa058c7f627

SHA256
bf6c577e37f056f0fd160b84dbb5bdfd123f8358b8c5fe71a44ff461fa2d9f97

SHA512
2da22aa9db0c14bdabc320055ce6f2a0b18a39dbb244921b904070a8b2ba3d71d4fe09790626e71f699b50680c4f490985d74d48a7b7b879d287bf238362fcfe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads