xorist | c1ff7936d3eb96ab174c4411bfb95ae7ba287e0a9abb8cd26002610b62318de4

Analysis

max time kernel
178s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8901e13e8e01a6f9223c78a903d8fb46.exe
Size

1.4MB
MD5

8901e13e8e01a6f9223c78a903d8fb46
SHA1

a015f096d431e42e0df67b21c4eabe4ebf2f476a
SHA256

c1ff7936d3eb96ab174c4411bfb95ae7ba287e0a9abb8cd26002610b62318de4
SHA512

f7ae948f33fb2270c5ea5bd150c039592edb8d1511dce1077739f17b4f91c6b43c9075a71f15248f7f94f0c159be3e5dcd189c93b7bcbc99847a8185f374ff08
SSDEEP

24576:q9WQitvyUilzOUxaOWk01G4fbu/F41jen6KXYzkEEknJS7DFN4L3GmPA705sCvsF:q9WDAUozOUxaOyGau6I6WPDvlAAoefk1

Score

10^/10

xorist evasion persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 2 IoCs

resource	yara_rule
behavioral2/memory/3296-0-0x0000000000400000-0x0000000000560000-memory.dmp	family_xorist
behavioral2/memory/3296-2974-0x0000000000400000-0x0000000000560000-memory.dmp	family_xorist

Modifies firewall policy service 2 TTPs 4 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\8901e13e8e01a6f9223c78a903d8fb46.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8901e13e8e01a6f9223c78a903d8fb46.exe:*:enabled:@shell32.dll,-1"	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	8901e13e8e01a6f9223c78a903d8fb46.exe

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2150) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\system32\DRIVERS\ETC\HOSTS	8901e13e8e01a6f9223c78a903d8fb46.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe"	8901e13e8e01a6f9223c78a903d8fb46.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mlx4_bus.inf_amd64_4c426f3bebc68844\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\hu-HU\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmar1.inf_amd64_b2ebe9229789b181\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ja\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdp2.inf_amd64_6550f790ed88c7ba\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\Keywords\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_9aa94bcf077169a1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\hr-HR\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\MUI\0407\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\es-MX\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\printqueue.inf_amd64_12d9f43eb5d02987\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\pl-PL\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\Speech\Common\fr-FR\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_20c8782372e47bd2\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\en-US\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare71x71Logo.scale-200_contrast-black.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-400.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Dark.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\autofill_labeling_features_email.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.contrast-black_scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Silhouette.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-48_altform-unplated.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\fr-FR\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-144x144-precomposed.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-125.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-150.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-16.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_32x32x32.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-150.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-36_altform-unplated_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-fr_fr.gif	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f14\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-white_scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-400.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-125.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-60.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_altform-unplated_contrast-black.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\sendingLight.gif	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-fullcolor.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp2.scale-100.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\Mozilla Firefox\fonts\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\Common Files\System\de-DE\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\PREVIEW.GIF	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-200_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jsaddins\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\LockScreenBadgeLogo.scale-100.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp6.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-30_altform-lightunplated.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\THMBNAIL.PNG	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\172.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-150.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-white_scale-125.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\logo.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-64.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\SmallTile.scale-200.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\LargeTile.scale-200_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\CustomMarshalers.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\SplashScreen.scale-140.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceaccess_31bf3856ad364e35_10.0.19041.1_none_c3647879797cd04d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\v4.0_10.0.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.1_none_44197b0fdd55f562\Logo.Theme-Dark_Scale-100.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_uk-ua_4f4fad6deb8a668a\r\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cmi_31bf3856ad364e35_10.0.19041.746_none_87c79514b95a235e\r\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ore-files.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_21ccc9c1123592a6\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\SDRSample.mkv	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..-internal.resources_31bf3856ad364e35_10.0.19041.1_it-it_3f349b617d1879c1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Resources\3.0.0.0_de_b77a5c561934e089\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_chargearbitration.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_e00c844e6abc7756\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_10.0.19041.1_it-it_f3c0f1a1c4ee15c0\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..t-library.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7313c0000bd2ce8\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\r\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..input-cpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_750285e8341bfd59\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00050409_31bf3856ad364e35_10.0.19041.1_none_d056bf6bbe22f65a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\NetworkStatus-Error.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.Tools.Outlook.Implementation\v4.0_10.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-etw-ese.resources_31bf3856ad364e35_10.0.19041.1_en-us_aa43e6777eda8f90\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.19041.1_it-it_d01e9992f7f8278b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-t..ngservice.resources_31bf3856ad364e35_10.0.19041.1_de-de_eb2248f3970a2908\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_dc1-controller.inf.resources_31bf3856ad364e35_10.0.19041.610_en-us_50581d2c454a61af\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-autoplay_31bf3856ad364e35_10.0.19041.423_none_84ae5fc84c7ea184\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-125_contrast-black.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data.resources\v4.0_10.0.0.0_es_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..aanalyzer.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7c1287e976a9a17e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_10.0.19041.746_none_b32819b66e95bdf3\f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b5a0fc040a75c4e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_10.0.19041.1_it-it_3c704288b76f6f4b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ient-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_59dedd2b6ac5922c\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..owershell.resources_31bf3856ad364e35_10.0.19041.1_en-us_f06150b466baac0c\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..yenhancementservice_31bf3856ad364e35_10.0.19041.153_none_6ab16d308a760063\f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\INF\LSM\0407\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\frontend\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSplashScreen.scale-150_contrast-white.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-pvhd-parser.resources_31bf3856ad364e35_10.0.19041.1_es-es_0c96fc2b519878e9\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\xhrBreakpoint.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..haringapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_c435469b95d3394d\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxsetup_31bf3856ad364e35_10.0.19041.1_none_7abe2d33f207c2d5\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.Resources\2.0.0.0_es_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.resources\v4.0_10.0.0.0_ja_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_c_fscopyprotection.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c1ff315577a910c9\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-geolocation-framework_31bf3856ad364e35_10.0.19041.1023_none_85e08ba7014ac573\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_et-ee_1da8a4a7896d2877\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design.resources\v4.0_4.0.0.0_it_b77a5c561934e089\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_dual_iscsi.inf_31bf3856ad364e35_10.0.19041.1151_none_2548defe90359599\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..winmmbase.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b5ae0bc92635cee1\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-batmeter.resources_31bf3856ad364e35_10.0.19041.1_en-us_281d09af1121293c\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_de-de_d553b4e6921d9b68\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-w3svc.resources_31bf3856ad364e35_10.0.19041.1_es-es_25f50fe8c669ef2b\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..xinput1_4.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e9c51066fc168b3e\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\SplashScreen.contrast-black_scale-100.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmneuhs.inf_31bf3856ad364e35_10.0.19041.1_none_e2d7a839e0c0bd06\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-h..rvisor-host-service_31bf3856ad364e35_10.0.19041.1_none_2246f2e6f0441379\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_it-it_98c4dd0f78261877\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.1_none_484e61e96e69ac70\Square150x150Logo.png	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inputprocessors_31bf3856ad364e35_10.0.19041.746_none_783ec1d1dc7110ea\f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.19041.1_none_8ddc3834fb6f659f\HOW TO DECRYPT FILES.txt	8901e13e8e01a6f9223c78a903d8fb46.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015!	8901e13e8e01a6f9223c78a903d8fb46.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\ = "CRYPTED!"	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\DefaultIcon	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell	8901e13e8e01a6f9223c78a903d8fb46.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CryptoTorLocker2015!\ = "PRPASCBHJSZLMOM"	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM	8901e13e8e01a6f9223c78a903d8fb46.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe,0"	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open\command	8901e13e8e01a6f9223c78a903d8fb46.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open	8901e13e8e01a6f9223c78a903d8fb46.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PRPASCBHJSZLMOM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\w8i9eHkHOwWwQlX.exe"	8901e13e8e01a6f9223c78a903d8fb46.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe
3296	8901e13e8e01a6f9223c78a903d8fb46.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3296	8901e13e8e01a6f9223c78a903d8fb46.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 616	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	5
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 672	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	3
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 788	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	9
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 800	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	8
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 796	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	14
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 908	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	13
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 956	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	12
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 64	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	11
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 380	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	10
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 516	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	15
PID 3296 wrote to memory of 740	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	21
PID 3296 wrote to memory of 740	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	21
PID 3296 wrote to memory of 740	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	21
PID 3296 wrote to memory of 740	3296	8901e13e8e01a6f9223c78a903d8fb46.exe	21

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:672

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:616
- C:\Windows\system32\fontdrvhost.exe
  "fontdrvhost.exe"
  2⤵
  PID:800
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:788
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:4048
- C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
  2⤵
  PID:3944
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:3844
- C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\wbem\unsecapp.exe -Embedding
  2⤵
  PID:2000
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:1832
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
  2⤵
  PID:4776
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX53ypgrj20bgndg05hj3tc7z654myszwp.mca
  2⤵
  PID:1892
- C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
  2⤵
  PID:2300
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:4112
- C:\Windows\system32\SppExtComObj.exe
  C:\Windows\system32\SppExtComObj.exe -Embedding
  2⤵
  PID:4732
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:5116
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3516
- C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
  2⤵
  PID:2804
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:1812
- C:\Windows\system32\wbem\wmiprvse.exe
  C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
  2⤵
  PID:5000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
1⤵
PID:64

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:908

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1196
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:2824
- C:\Windows\system32\MusNotification.exe
  C:\Windows\system32\MusNotification.exe
  2⤵
  PID:1852

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:1136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1072

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1048

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1256

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2868

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3672

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3492
- C:\Users\Admin\AppData\Local\Temp\8901e13e8e01a6f9223c78a903d8fb46.exe
  "C:\Users\Admin\AppData\Local\Temp\8901e13e8e01a6f9223c78a903d8fb46.exe"
  2⤵
  - Modifies firewall policy service
  - Drops file in Drivers directory
  - Drops startup file
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2876

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2776

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2524

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2492

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2340

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2288

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:2132

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2080

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:2008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1972

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1824

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1724

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1496

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:3212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:2464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:4888

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:1192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:4324

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:1448

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:4428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1464

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4bbdc8049ae41f12863bcdc47ef0573f

SHA1
8db97d41bf7e6798f297468fbb6c2f7c07db3673

SHA256
9dd2e2e605f947aae16529d739f6e7567fcf429be8f61ffbb65985d64342ff69

SHA512
3e6d9782463369993d8a3b460394713e5d31eaa3ea27089e2dd0fa91b8b793eb5c3d5854815b4e2cdd998b833f5698ae16ea2af24f8c156963fb0ed685146d7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
7cec8091290d1013b8187ac546530989

SHA1
99fa807e7dcb7e259cef4c53c132529795d4fc11

SHA256
db47046beb1074f35103034a52448d34b33618e666d9f687fe4d309deb609774

SHA512
a602aa38358affdd61309e401b2c8eb1ebb8e1980b62e1b17869042f3eb5639f70974f870487ed15b0fd4de0883e32132e11e5623808a07f756eb2dd4324c268

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
11ef608080cb68e89506cc6bf5d65e6b

SHA1
f24a687da5f410a869edcc2037565c8531005f73

SHA256
94b8b7fdb9ef344e7cce79b6a77874e74f4bbe87055ae40e7c0afa471a821f10

SHA512
7b85fe5fe77ef8d2d71015ae4f2606dc7dbdd035df50108e5e73287657c84e42eff9d05a5cceae49cff811f708e0759dfae6644e12c85081508b05fce6365795

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
2970c098f19ac77fdf72c3f31f9459e9

SHA1
01093ba208ae2d121e447ba6059704975465f5f1

SHA256
09179b5bb2adcf18d8db4d43d37d99cb1b4af42ae921d2a9cb4281aae8139b01

SHA512
a1d317f2d331a4da09aaa206f1e8c3f6723cea55971c0e38d70561c20672fa5fe93b0734ebd678ecb5c0d4a7ddcc2fa3c12135c9118dbf9eb0d11acaef33272a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
bfb9ce91ae7b2a1ae5b6ba1ee1616cb6

SHA1
e2084051d64381cc86da20254dc6969facb4502c

SHA256
0b43b8c90c363fe4ceeeac09fafcd4c387fd5f7226a9f92cdd47f2d480ff0236

SHA512
bcc7ebd416b5a9541cb390bc720aec2d339b69cff2db4e7be317ec05d97104377cc2e68c96ce1b13fb4d001fb792aa66423f6b03512e9cd902fba778a2af6018

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
be68b59660888446a7607ef1b9c10c52

SHA1
0c66aaa0632177f2fe54413d7f84fcb10a66f584

SHA256
8cb40a6d4dc145317b1b80135d94c145ef0d34baa6c2715019b692ab9254bfca

SHA512
03dcbfc43abfbf431bfed6e4010e86498e5684797f6b77158729f724a04bd5075ff24000e1477787a44de203775094a0618667145b077f82ec6356c7e29b8828

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
e318ff09a29eabf63a5cd6b7e5364445

SHA1
a76af1acec5f83c6985311a1cfdf8a13b84247d3

SHA256
12b3220f2dd7318eb3833ad715d170499ee55fd8c071d5465336fae0da6c1dcd

SHA512
e21028fa0745c92e10f13a01e7030d3dd249f9382266d2e43fe8d1688f62723b697fb7ee804eace457876cdc6d4e87c5764974f28fb1db4c8eec611af7b6a0c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
fc6c9f724ef8c2a824dc158633926e2d

SHA1
a37de052f580e3f3de0ba300cc17bdbf5ac21bb0

SHA256
ffc99f57c521673210f9f03d7f6376d2e6d1f422aceb56777e8cefd5d0eb8a06

SHA512
394ce9ef5b1892e7c6e09bc0740fff8798e6d0db4452cc8dc819634b26958f40ad2a7720f55df7e7b0d1bcd286afd35cce7811be90406838b3166fff716fbaff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
7070eeadbb4d46e7dbd55f8e65aa3e98

SHA1
8f13761412b482db099a244e93481399ebfded2f

SHA256
a88dbcda46c748eff3d48727d9f3da5d0f9d6c769dd55b38d81fce32187dfa1a

SHA512
27c15d5a374721ed5955616ff15c7a011c57f6de924937ddefe940d61d9bcf757f6e3864b69308a25067f85bef4cf1a5e40c4906e8a6c8f4b5278fb6ee34599a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png.CryptoTorLocker2015!

Filesize
388B

MD5
98461067ec85c5fe31de6ce6a187850d

SHA1
98a88b4ffb53a80bed47f54875a4be0d3e6e58a6

SHA256
4c7fad0ed51c57e60a23224ee80e00850441e7bd38b4cf3983a51301a5bb2cba

SHA512
24e9ac8c2ec31de356fc3f9312c61e6a05b4a3dcba25631ae4327c83bf0793ffd060c6b2d1b211b46672c289326791dcbfc89c639b285dfe243595b9950f58b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e5531967749ab74d7748ffffc92c09ad

SHA1
db0b26086caa8ab06fc5f1674cfe40efad6df9cb

SHA256
3c07e2906746a7751cbacc1a6073694108708f8f89c2b1468a04b4d57a8aa69f

SHA512
c08af67e8d3308ee87e2c3dd9f84ef575d4beed89baa2c8454b8df2c12d13ac6e198e6b03d3fb613a5230d6c8078ab12be139f6afad23767a53a3fdb74250307

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
fca574a62316831d827891cd3568d11c

SHA1
9272dcf4fba92d90adc5b24b27ced6db6decc78e

SHA256
f88ef0816311c289314e198d762ce0d2d6ff1b924974b657754c67552687e421

SHA512
7d73a376982debf768db2a14c8f73205f2dd792dd6492acd725cb39b34f9077ee5e46408123ab607ac76f17f0d89c2279b7a94d500265cd002bee916ed356f66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
babda479bd7b6539a5888f53754f944c

SHA1
9b34b150ae4e5ae4fb022d7c47aad6d14c3242e3

SHA256
c37eec6e5982585ebceb63a75896b67a824ed678591a6a4742617cfee5844299

SHA512
d4e8c7e81409d2a1e21da84f3812a036e37109dffd38198f602b763ca2fc54a89b9a236ae953e7bb28b0a26fac11c269fa62e55df93eb869e5275118566807c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
eaeda90be077365b05bd44b54768b7d0

SHA1
eb60fdbbb4c412c3e62917cdc186bd388c48c133

SHA256
0892b57edf6f34ae3f3eac440a91c28f541dbe0b807bcc9ae3c708d7ed908360

SHA512
0ccf37597d464924b4bf2ec895107c722fcceb33837a7a30efc67eab1172c25d4dd7372b50b65658b363755c9309154ed9294ce805b292f79a75156aefa38f6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
98ef37a0f722bf5fe26c8b7e24d88638

SHA1
904979c0fd73a00daabe80fb9dcacad3e6e3ae92

SHA256
35018abef7bc1bdd18a64e7ddf17f60869103437d702a6e6b1a5d3aa81d08e73

SHA512
ab685baed740e54931fb4c96bbb86011f3d72d1d7fb0a066d57684b9d003003e42791a819a736a5738c941cb429b51ea36c696ab04cf0d8544821a90cd58d924

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
3006e6554adf64bf4dd9d3a492987901

SHA1
76ee9b776eda7c50c80b52c3cdecb238d16ae8c5

SHA256
b81917e209c99189c434f90d4eae0df1c2e849838471a33497479fa20fe10403

SHA512
50b0213ae495f8bc9867311e2c1c6aad9d354815e5f01f0b69333c1b5c0e4f2dc231ddbc7e93535df8585f7d417f5161c5073a399ad21378dc95ea24f01411f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
ab5ed142248b2f78ce3d19e76c28d337

SHA1
175555118f8543fb6837d0f832d71f22d1bfbef8

SHA256
3f0a4e39a32f18ac6e87094caae8e94c4b77fc531e2b7d848dee956a1cc9118c

SHA512
7a4db4c3b9f096aa22b4a56bf044cc46ad5e765ee48ca05fa6f2e9078057ada1351637e28880bc546c4fafd5ab90ebdcb7abd035e0adbea756af15d1ce2d1b2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
247e06287abc3142f03d0cd690a1f534

SHA1
ff23160777efd6792c5a8ee73353b314d3eac96e

SHA256
e8ef0c98ebbf01c25d001b8f842092709db4729fe32ed732aef1e52e14fb3a8f

SHA512
3b26e47e694fc9fc714c5c92024af1dbc850aa93d982dc0d2f793e0aa797a9a67f71031d04c3e1a911d5136533245d5a3c98383f9ff1e33b9e93e80ce43936c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ae11fa64abf28cb025784b81ca5c5701

SHA1
394885cb072982b0240c7fb7902e4ada817063f8

SHA256
d068c994bdd2c836918298a95cb6a38972a07b5ee75d8984396e1b4bb4e97a55

SHA512
c35def8efe6c7603975b9b1fae0d3326c8ce1de74983d6fc38c6595cd4b522fdf2efa02a8c98be3e8d4074a7edcad7d444d4542e2ad70e0fe703baaecf8d5194

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
bebe296252d55a44c369fcd0069cc511

SHA1
58f4306513cd438a4e9dcb2a8e3fd8a680fb76b5

SHA256
dada5fafc14a6b8fe8d1c69fb0f0af81576e106a355ce5bd695b20a191034b89

SHA512
32cfae07fc11c376c39ea47dc1c98bea1de3c3d1c8226fc18bf56f837e35224f88b366c03048985b657abeea4205cbe555fd45c0d08954c69371dafe9aa4b785

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
62eac4acd71250af17e4e00279294cb0

SHA1
05644e1b575fc65584b010a72326a90c1796497c

SHA256
222d50402ce86f370afef75a5c64b50cbd6b13c57d66ed74cde1d27c5b22b980

SHA512
11b57a3f6477d35f4ba968827e5b2a0b4499a6e36fe9382e6417e09a6e05149deec0a18f92afae5e0ee31eaefb82e9ca75b6b422d4ed0e3bf579a74ce5108e6b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
37a7f3028195e6839477c6c695ba4b98

SHA1
6074cc32b0191f1ab08350151d0a12dd29f86686

SHA256
0a82dcfe4323b7a03b22875a2214453aded37778c675b0cf95cd4a9d0d5afab7

SHA512
c4ad50fdc28c5b6e50fd4dd2d53efea1731401898dc421c593e15e6caf7965ad1dfa81b8524c442a246bbdd1368eeaf1ee5cf005f3a70e483423d63991fbff6a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
ffd807c798f47812ce777e90a71f4c5a

SHA1
ff93fceeadc007d956c0fcde493cdaefd5753076

SHA256
ddc6cb6fd194bc31cf073077c7c6f0bc015370f2146623488abc684a7beb9b65

SHA512
2e58d0e1f398a1e68e149a3caa1f986c6102878e2d4a0ee792ea1a9fff1b054a908fb27400aedade3aa0db5e2371bf94457f3af4d5edb489958a354493723a72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
6541c80bfd4a95b49a5cbe69de72343c

SHA1
d6e6217e7819402ec163b81a95c1bacf5519f659

SHA256
f33b6902005782b8d2a0e9d04281426fc1cf9875d9a665a19cb675783fabcfd2

SHA512
760be1710f0b9f0fe0636720b5f31e277d21077a8a8e7a609cc51cc24b71cde73f3dba1206f65c2b59103989b049dc32e08443e359ffb9c4f338a2e964e3bd82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
330dc3b556f90d2de2efadfd2bc44dd4

SHA1
992b75863b5ce172bf6fa2e9bd06c2ba76fc191a

SHA256
6f02c8c2a03d71888fbbb636273cdfaaf811604fc538f40283f589e5f693e9ec

SHA512
1c43b74efd49435349d4dd1b43c07e6610d60b774a0ce373210df885bdb22fede516fd6054e980b44049ca9a235227728c98e90faf14d914b9b0f4d4224c980c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
6481726064893afe37c755d9653c3b82

SHA1
d9147376e611b13b2c203d875694a25295617171

SHA256
924313a07ed19c5d4bd5a27c2000ab55fc33bc9dff1c055e3b1d176a6855b072

SHA512
7b6a24b71d1764b8b01bbd96a4212bd38db8eb7e9b4255021a6fbdaff2e4a2cc9bdf9a5b273eea074c42da9a60220f9cd9fc244e2399bc4bdaf4988b972feed6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
da537d63d70bed3265f8b2564f3afb08

SHA1
6cf0b2347fa42fa481731e3a1d37cfd6f3417b54

SHA256
44037856a45d76505408895b3b1c7bfa8e4e7c7aad0e8acb2a725a0afc4b71fb

SHA512
d90ef94a1f9659b607da0daa892cac3775e8020e19dd147ed516af9c1b760d4fa02269851797575ee6d6b4d65d71f3edf11eeaf694a8bef06554ac8d4666863d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4353de7414ed8eb0b5cd4d063006e2e5

SHA1
765b897072497248af61c110c08250cb3ed26b7a

SHA256
f2b473fe99e2a4fb01f7d07ade157a4d25b4c8a40aab13214ac52ae82a4cd4ce

SHA512
9f80a1e47fb9c20273f718e6e7cf5d37924817ad71a4f3e09492ae665bfc16bd0d72bdced31def3ce5f54db8842d59aa9254bdce2553687b881258a9c7927897

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b3140071f3f3cc1cd142cc3518ad2879

SHA1
baa6c671613763998ee07bdf4373c3a98e76d5f9

SHA256
99808ddbd7a47bc2882a9e4c7a42d1dfb38a2db2f7b5be48427d4f805f72ac6e

SHA512
beb77b052acf3a08f89db52678fe985688409f6a00fc684cfa7c47121e2cca76c874f64bcae869037079fbc09046faaea9c53cea9edd41d5bc30d8cd940f2dd6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a04ee26191467a456f7368f341e06b38

SHA1
422efe6d8050d6b34e8476a3ba551c6bc582e01e

SHA256
01f45bd0a0386c10e7552680d693fcc257b7eb81cdc9f29af5872c2475d14510

SHA512
2a6015ba7b8ee2300c1e349f229280b53b14905d4f6dc7945dbf33da6845c49164f86b49f37619a48345ec74669305359c4fad1b84b0af52e7d2526205b4ecb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
d8979a79b40bd1e30e7026e35f5b797f

SHA1
ee4ed3d3dfe528181c03747defbca66db3d8e45d

SHA256
a871ff26a7c3fe13ff20eb8a24d5f591588496dc7a65f968af042618e4088350

SHA512
1501b50c90618af8282d6c99e5bd4e145c4e44e74d05878ad2f1615deab4767aec05b66313403058db4a4bf79bce6856c1864620296bd5f40f4bb2d2046a6305

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
682d8cf57ace4dbbe89d0b37793ca832

SHA1
ba141b62ecea9874d05c9eb18296e0989103400f

SHA256
c7b7f94884404056c3c074e3f802291e9d59a9b057fef50654d5f6607e78e955

SHA512
6720d29f512bf959d15fc26069c2efe21ba910a78fb7e9ba6992927cdbe161ccd9e19fccdfc3c85bc1dde4e5e57f36390c35acdf002fd5ec836562289bfb388d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
fa9a2be4400de84ef4d91524a6865022

SHA1
8c512f2bd7aad01cd9d56844981e3174ed55a0c7

SHA256
fbb0f0d374abffa7ca675361972cf7ed911c68610d15781dbc1783cd6956585e

SHA512
e9d1eb695d789427298e4a7bec293784f4f9f327ed0dd3e4965ba7d5edec7a1400239d39b4f4f6077b0d5a09647fe4b105b9b4b75d6bd5a593d45aa77ffbd1b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
a858fb09ca8c44b059109fa838613ad5

SHA1
4149766e9c1578d0bb60080a65deaffd50affd77

SHA256
dd27d0ef906bb32e54807ec617a19908826cb92006f318d509af429a82ad6707

SHA512
6f67089b02b434c305e20ac94c9800920faf3285ca14a027afaabb994a65ac791a0f2ebc0a6ab1f593f890230e52eeff60c4f19ce3538cd6f96b7cc7b4ac6ecc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
40918c386b80b4ebf363104b5714b3d2

SHA1
d5aad127ec5ef5ad26bcd796d1a3a9b972ded4ad

SHA256
ccb8dc9872e3527994a16ded3332009dafe0886cae44cb398cea2ae4a52dc586

SHA512
78258cf9be8346cf1fee8650d351820d4a8c798cc84aedb58c6d14b7390ead8283d90b46d74ce562d50f49eddce1b90ffc3bb81ac54d758e81b0b21921548184

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
6f626615c3e9b01eee0c990a995150f0

SHA1
95d0b194a9bb661b6e1a86d3ce1f92be4881de3c

SHA256
bfdc009e5217b4478e11683939f7707d18526a6d616d3ef455a87033cff54417

SHA512
667b9adc1658844a31bf55b89028a8211106810b42a462beba6340d0a11be898c3451e987afbea5bee2b2cefdb17153355d1b1e93235e22f5154b9af2f2cdbe1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
34fc2ba4fb2b0d2c008a1c22ac07cb6e

SHA1
cb343d61c48b866bb216a29e5edddfbc13dac79c

SHA256
6ff2c89eef786e207937c25771b076a4f8eb4e33289230c1015a8638ece9220f

SHA512
f4f9d6a079026185ff02d643e6c0b81a90478555857b804246034fd548922b8453bd6aa013b84d1127270cd5a8e611011c3037ce3806d48affb5f679108a2d99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
d8fe043ebf0f9b3eec69b5821c9feb64

SHA1
b0028625fa2878752d90fa5b26970d24624c290f

SHA256
1ca6eb9e1767f81842a375fd41c9e41bdf0f4740d98ca8adc44d397dff931244

SHA512
b9571678018c17d9720888b9d4613f8920b8cc4bcd0e697e55ee895d9ea0441d02508b9ef48062aeab762d1e6b91993d93fd7ac41b0a1993b6b8f706bd881e11

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
9cac262d5a2e8b7d9f3452175566223f

SHA1
d2f0dd4dd6f1ddbb72f54e69fa5da6289571dea4

SHA256
2bd5aa7791e16005f1bb87d68be7201bfb4864f6c3e941d864c3a82fe4b50074

SHA512
3de6d15cda8f6a7e5c35ecd75e402c1c2fa58bc6c670fa8f4d3cc31e25c4b9e63b016897ecb35a06513a23781c6f5ebf2a8bdd4a84837ebfb03c00ab81c58245

Download Submit
C:\Program Files\7-Zip\HOW TO DECRYPT FILES.txt

Filesize
939B

MD5
6468d057d7cb30ecd6283ea01e6ab5fd

SHA1
df5379d633e558544ebfcb88b6ad3f53e6df09b0

SHA256
a2ce2b6c9fc04d26e595e45849916efe01ceba18159013171ce44142830aeffe

SHA512
be080542f286df5cd9ff126dcba0057ef0ecf2d8b7767911035f419fc5e8dab4f1a055c04d07e4337af8fdebfae6a254337ab20ab0309eaa1696a1e14f87c10a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
06837df93346f96cf67c02d0e5f56a21

SHA1
12effd49c886693c9d5a8f36f529896166428932

SHA256
90be465df45b4eb86ea75aa898ab375201ebde5fb2fadd8f4643f5060c7b1715

SHA512
2cf0baf215fc192ebe39c009a7ca4bd2d259af9eb4f7f42d209d8880fc7c005cbcc27163baaf2ab0d6783584ffd63e9ce8f49b3a0e422a6331a57ac50757b611

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
8d0a798dd552b2bba0958d687ac350bf

SHA1
be291aca50af087e655fbae321de743451f9b4bb

SHA256
687475869f7f3e7a3a5e0e572d3695642503f08ac1529fbaed1c76f7452a6607

SHA512
77fcd63b15c23c0dfa413831f25c25089f2456629a349614e35ceb0f11357e128a029f84a5f84e9cc3016ecacb3545a4db332eb3a37e9a1de31c7dfe5c0cecb4

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
0438ed6ef20b50bb8badd4ba898b3255

SHA1
4fc71770e193df4b1bcec6089d9f526716e5def3

SHA256
27fc0053c0f391c96088da53916284982b1734129dc049b57d60a22b76d058f8

SHA512
3f97d020d07f0c79a177908f9ae959a5d805577e6df2facfc47a41bc81a0338d0f0c4de7f215b401f7e2cd0a5af1153920a09d23956444d9fd3f68febbe752fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
5c8e183ade61590443bb281241267be9

SHA1
366a3fa22e1e7166eb253e9fd6c3549890f43b77

SHA256
d95bc461a7c8f8f16dfd7578e508df9b957d24656eea1dd12a77177bd4061545

SHA512
a859011dc1906ce209a7e5cf6351b5daa22bd3d68ece9e5c4b5e4f9a2c08df94df15d108f6ab5ea9ff766f949f3cff48f4f9b2658b047fa2145067c6b8eba7ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
f372dd457ba4217ce11a996bd12411c0

SHA1
0fdce75f76b013e246b7fe236d3a26a286704e7e

SHA256
c1bb3c5046bd6ba0db9aa830090d1fddc666b5627b7ed64aa0386e91d32952a3

SHA512
54b3d97e0572517855f28b84db9416ba38d3b25590d79eaeefc005a16c4f52658276bcc16f2db15d0bcf3494289dc5babd4ef4e4b4f3dcb360ee2098e6c16dc5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
c8333486d2fb21715476c00f81827b2f

SHA1
6347d0a256f7911d30004fbd970b8cbef856561c

SHA256
86c821c9b5478fec92a555fdf8bbb4507f237e418363ee8207ee30ded598fdd0

SHA512
37967edd52e6a0b08f6203e3d81a0e46db253828fa372bada6d94ef572d020ae61a62aab5da682da486479244078a2a4186ff345a69ca7f5a732564f788f644f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
21KB

MD5
a1485c1dc917fafa49109af86820e332

SHA1
3eaae906d76ab52f7e95f1b6dd6b186db88b7565

SHA256
355ee87b578f955c90bd658f631ea36603a4f9f5638b1513ed4f742985ee2ad9

SHA512
dd4b56d0272ef270d004f6d66129d8cf8b9d50fd11030358ade05c6695102855c566fec645b9c0ea1dcc1d827c1e8c198687e89fd3a1461dd30b51db1b637ef4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c40030aefae36fae0ef9ce9b8546952a

SHA1
24e5d284ace9ed2473e670a17e91f8cbfcadd8d6

SHA256
61c52fd9b3858a01463a7b521a1614841b2838e21d3e4b4e164fcb8c0eea1d40

SHA512
dd63455dcd10df8f61ced2452af9a7c70424be4b7e84cfc889e59eca03ba81abc7bbfa896ee62ab931205460662d7c45a1f90b6f852891a3512b254c7edb50dc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
74caae448e7cae32fbe2d669d843f96e

SHA1
7a61f8f7d08bd4eab8ec570c77f714bf357181d0

SHA256
9632c7feaa50af2b96d34473de05a953cc335a95715c02d69322370833863397

SHA512
7030987a16868e5653e46475089623594c0539112e6c8aea14314d5a6c2b76653b98f6fae9d3f7e61bffc299a7ce009b7fbf9213c112978c97f5f4c9b5341c8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
4da768f6c0adcadbbfbd66da47836605

SHA1
ea375f12a27e49e2511cc8460447ed4d87f63839

SHA256
3c70c4e49ac648648cdc09960904288f07b1038b75b6ee0f7ef768409e7be995

SHA512
69e78f792f5d4ac592830fea0d16a195c08bd9058fc9b320234719217f1d539023c6a4f5f1bd4fbb3a8b095765d00955f08eb3058c0b02c3a0ab765f777376ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
9d9934da6f950d86df801aa6b1cfd844

SHA1
4be6489572c3e8cc1287e972d20c40b0f0856bff

SHA256
a8ba63fad62e5eec08171193b2d2a91186befb603c9318ab6b3ced2ee78a8e6a

SHA512
46a067439512679697b94fd16d898f4a9fde0ea3db866cb8a3dae1bb71427cb306a7c948d81c40d866805eca3a4f38f0b6440599a38f771db9266decee80ef58

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
af5690df2949bd2e586857e7f8faeff6

SHA1
f90b225b91e33de9f297407ac233e6b8afef050a

SHA256
d39baa6fd441fa0bff2df293fd9f3f3447d01e87c3c8135c6ef9567266954f49

SHA512
4dc172bb8acfe064cd7d47c6127139396f2ba87520151eb6a9ce4ee4f3df860c8d7ede250873a7e7ba28de0a0cdc458c478f1c9e56908c17f7580916dbb80fe3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f137e0f74e0032463949bd1138921673

SHA1
e289f67f131f1a916a30bdc9766de2c5558c37aa

SHA256
afbcd8e6e2f8fbfe689427480d342f0bed058956247200d75ec2a325f0b36aaf

SHA512
18943e1082446277f1310e28ca0783db58699ccb578fe1718270ba93bd8b828ad434ff16f04dded204225c50d124350aec806c62adcecf33bfc1f2a58a1e23ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
407980e548692c47c32adebb3e7c787a

SHA1
0c9c724a8aacd4bac2500e946bb7bd0db6406b02

SHA256
407c6cf5952ae38b6970b326aed0cecad7e5991d17207847bb602f16e0a1dfa4

SHA512
4d10d282ecaff1f0fe0dba7612ffe41b4baf5482898dea1b177bf5686a6df0aa07a9f084d75aced8fb0d6a6ca6d559f582a9fcb9d3222336a3929511259843fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
32b5392692b496345ed41ab0e1bc1654

SHA1
24487a54ade04dea389677325b96d54a3e3be4dc

SHA256
bcf66533472f8ccbb60082cf30d9d9067a21714a8d30d0ec3efdfa4c4eb8dd8f

SHA512
6f569fd1b9f50669f9cb8993c3da4a3720d682cfed41c370a6d066f183839763e877914f51b1e5659325a4f450472ce430e0d9c68d2191f9bd53131acd89629e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
0f79dbe13d72cf8b0db801339a65e428

SHA1
09d33ec3aaed4675360ff5c09d859f5e08cca566

SHA256
2bce7d89fcaa15f1b5de23ffed58fb3b89f27cfcc2d8f0a6dc74341f614ec5e9

SHA512
dd1e8dc1677c22c18daddcc318fee949f64ef4ae3fe611304d4357f91179a402e600279304421ce6581b1006e093ded0ac4cabb6d82caff8814bb3b1867b9369

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
908c3510acfe099e630c65c988369afb

SHA1
6792036dfa1ae91fcfb637472562905de4d976e8

SHA256
a39512b66fe39312a1afbaf4b19811cbeb77396c2d8ce55051bdde23a80c806c

SHA512
8e724bbde6e0dc11d708552e34d92de4b2a27b0727c2297e8723a78b8a1d3896c37996866aac409bff80ddf4178c7392ebcdfd9d95cacff10f06b55a5f50b226

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
4391dbc899c7f15dd1e2749141a9773f

SHA1
ce5d1fc7fdc0f6b6d271cf3ce234d2b61b0004a8

SHA256
45ebafaacc5a866f31d9e54f6fc81c718b85887181a9740ed37ce29934557408

SHA512
b252454f0a5c0a97d5a675985c0abbd547d74eb2c92c879044de8b8d80cd9e22513f640a65eab67a5b340f4a1c1dd29138ad81f08a642ffba787e879ae01e45b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8fdd1fdb222f12d3d40f153b3a91af77

SHA1
f1f0a7e38bde6fb13d874d094aeea77171c622fd

SHA256
dd9e7ffce3120ab5ab02bc6eda635550421440c51a6424c610707ebc9115bdf8

SHA512
e5f6119c2969d5e22d59df3b4089ac396f4df1362496b1167ac1b3c15b9d25395a5eedc5ac0508dade7e6c0e60992d86770e18b3c579cc869ba5107a90ca9988

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2a7d4b21519cde30cffeae43dd3a4b55

SHA1
df30449df53a2d7d2eb612ba50e75a9d7595a4f8

SHA256
ff6ae05db68dec187ab99126cc0782c462e3578fea704be20ccc03e17ad03473

SHA512
1a538214e7567aa65fe6a1a7a1b13e37dca44d49f3bffa9c60e82ae2af1dfff20a3ce7da944a39ba76b768f19ab98bdda5d4b44b397e59dcffdbb800f024c9ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
5917d0f61fe37b31e381e8921a957530

SHA1
7509cba22da1431d4af870c285273c77b8b8746e

SHA256
1bd965c6e35de14642840d4d6fbbaab69326760b33ccdc3f12f4464300904552

SHA512
7c894a650d0aef82ebed6b1543efdbf34be59085cff3ed17f6a01a9def5ef1865eac02677b1a6ee9e7db9fb6a12735801846d4700fd61d43cbe9de6736f2a8fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
10b142a52c0977d14f2e971c57223a69

SHA1
336d1828aa5e3c56e66e8b16af5ecaded3ed7c6c

SHA256
b07a64305871e0081967fd44fa852aaadc0ae54ced9c68c14dfcdae514e0127d

SHA512
08631bad77dfb738a953593ec9a390c92787d1ae2a37086a31fced4538bd3207a2cc323233b69daa53ec1b917a85c03ff5d1954eddff7ba6c695d56901bf8840

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
474471509124f0167e982f110e67bad8

SHA1
8320125f92e715291db63145c4955b8a25a03d70

SHA256
954a04679d04931d622d5e54329571754c071e421dca9c9800211dc7578c6c44

SHA512
42da30f08502dfd7693fb66041eef9cc107882928b8cf12c74f43c0fdd15d21f4311881397ad6b8975f8d0c0020c99f1b136317e20f24337f8efb1e5d0a59075

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
492687f0f995604e8dc75b2fe62ed339

SHA1
e983d05440f35799c5e6d99c34881ad8e2f27086

SHA256
ca560060f6608337244b3415adf9169382dc825bf0e09fe61d4e533798d56428

SHA512
70e32d740a15c94080dcc3736afcb184f01b4d2defe5f67f29e3d8923d49ab2e49987e6ebb50efe63b9e513427b64528d56c6db5ad5a716efcd670743e6bc158

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
91cdd461943a0881e5a6b65231592fed

SHA1
143dbc47f6ecdeeb141ac9fff8aa9a37084be2a6

SHA256
b9af4d0a0694c5ac5db387bf190a28212ecec7dbc9eea41304905bebe031dd2d

SHA512
b945b14b6b5946e43fd09623f34a5bedb6636bc95b9439277bf534f5fb65c00fc10f4283221435d218f95e6164966015cfd4e8604f957abd085815640858e128

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
3c5cbc27fb38cbd690dc48da408741ac

SHA1
01e5393eef7e27a7201604052ecf18344a01892c

SHA256
b4cd06ac3b0d23226e258f9ec1279fa6200d97de7ca23a82033ee702cbf9d427

SHA512
a890f8e801088813e71437e0214995330fce2dc8780d7d025ff0a7f3c73ad737e69d0c8c527c20f382df87cb5b5248032736ccee61cd997268a7637cae9fa7e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
3a00d99e10a5813e399a37b384f4f273

SHA1
9caf2a06de84b452dda3331c1f0a76a5de71df54

SHA256
01d8b7fe9ecf4f3162dd400b7faf38469d474ce5c1468efa8e149b9bdc09668f

SHA512
d3a87238585c75e3ee85661f6b7829d4f7a3af36d08bd71bd42c5aeb64153eb5e42615b4f4ab695b527a8f8f507b205058762949e1cbd87e85fab7f9d57df218

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
b5504d40a90d4c058dca5b5dc4d7c87b

SHA1
eee8338d3722d257865111b3281fb5b172830bc2

SHA256
fdc5cb9a22b8c4fce1d98c37f43131b392a9c67263161e917e503c59698c4527

SHA512
6e692f8d9b2a5b0e94850a2f49bc20c5b94e80d3d0ff5c4e357d2efc28efc03bcc5005177bd76d8168ab5f0503493bd979c2e6cd8dc798075b04056ac3b73622

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
a640094c060ce2b0a321456a856ee8ca

SHA1
6f212c89f4c68a3b07a8c92e40d9f58b61f79301

SHA256
dfee4f010bf21d87f9888b63a7c946a090468c524e0ef2e8fef7877628f82807

SHA512
cd8b85012c12d4578b05b0a6ff1c072d53aa95400ac297f189183fc6de87abcb0986a56ca001e5c09594bc5c7cfc08578f9107b750c02d181b32d4a526fc8ba3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e1b8ef50435fab3705f143271645bbdf

SHA1
b7a9b7bc2b5215f0a9bcb1afbab3eaf68fe20e42

SHA256
e058857aff305f5d5695325a07f4fa9e42036f5905283b6782803adb844e7296

SHA512
6c14fcbdea12038ec99f737099fa68f0d0eb0fdb2780898f166d44ba7c09004d1b73becec40b9f95d1fcca856d370174a46bc13f68ede8fdb3de2fbb1b3fc7b6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
5ff56adacb55691030658ee442886429

SHA1
718144572ab6bd506cd0fe510e8d3d025535b7cd

SHA256
2ff138520df48942f11cabb9e9aec8b5fa5323efe5bbbd84d7dd9e526217cc12

SHA512
e0ddd83b347c8fd51cc9873dda371ab9976b9a883745f83d04b313b4528a0c141aca5184f3bc93dd6e3c676e6a2dc213829ed0ea4f2557f63252fa340ec0129e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4755c02d73baf004c5ce8239d81ad499

SHA1
3eff618ddbed1d6207e5e1b8f70d77f924636bfd

SHA256
dbb4b82c9d089ab2ba8182cba0100e4c227cbf794fb3404a36c0ba01560c8957

SHA512
f8386b3df9d0f4759746986012a8915e13b6b3fe0abb5ee2fd95a5f65397b683af526c338b2cf8ce4807d70b8acc65ac7e50f8facc8439512a3df2e5d0bbcb97

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
2841e361460e012cb9041898326da58d

SHA1
1966038f5b4be9f3abab4534b70679ec2e470d5a

SHA256
ecc7e6f3885c652a7d361054fb1780ec7b47bb8e9431a8e95a7ec2b44fc511e9

SHA512
b2fac731d4e0a8af4933782b32cee89a969a3f375e820d8839a53a00d0fa030d8c201790a099bbd84142eeea7b4ddda6f86a605b6878f2b87ff83d4c0bbb687e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
0f8ba8598abc805e71a4cd245f7eb1bc

SHA1
20aa0487e7f60a6bf322329707342ce400afee07

SHA256
892bc9a1ada0df2b9937310af3663c7a42de025584636f1b6c461b3fbff5980b

SHA512
ade4bf4995675d3f974f93ff885a3f6d0e35a2a4a930d605a4488df46a6fbdd8362b1996b16fc8ca966573ded85edd9701944a545799920f8b89335eb8a37772

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
3cb8aa0a04f579c281cdec4ed64703ee

SHA1
7831287c8808e8e41ab2e23cfc96f0bbb5c9171d

SHA256
006d77f5c9f6554a3377e3cef0491173e2440b4b2192f8c8fe7828a33355a892

SHA512
d6225e1bddacfc50fca8beb2a1d4823cdddbc208ddb4fd2547456372b67201d2bfbcbd5813865c9792626214f2208f9a6a472f0ebbcef0ac1dd43e4dc1514a22

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b7b5239839381e63ab8ee7f29cfbc1e8

SHA1
de62265b5cd012a79dabe520d71dc4d13d15fb7c

SHA256
8fcea8e0289cea8a0b4d6a0c9fccd4d37ffa4239335cea3da2e7426649ff6cc2

SHA512
637cb8083a4e21729ccca9937c53470bbf8f5f91fe89d0b2d8096bd15922ba44b1fba691937de556edb0f88a37cb1f2f1ace34fcaf47c2334a659d72b86cd46f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
de0ff52d6d3db2428f9350d2c3ebbe75

SHA1
851457894e94d420ee59af1d0ffe8d9bf1eb85e9

SHA256
b76518a0ec85acc750f707e2bcc3aeffbe4325709d62e2cebf3b85553ba0b71e

SHA512
a9c6dc6e1006f166e0f1bc98c0fb416e0677d49bfb892c0f27e61e56e09b46aaec331dcf86e7decc3d85d3921edea2c36a3f7d5fe0a8c26f514ba3813c590698

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
c5aa548258a78f624ab041b66b3bafd3

SHA1
2cfb92a115a6df5643dcd07a0ccd222947e8f9ff

SHA256
b85ad1b2b7775ba7391e6cd081f85a785f7bc45d65f0cc64f25ebb5ba1c64a88

SHA512
6942af3a9c881e600fce4da26a559dd244ba84f656910c72ba9d4c028b4ddf8eefa4e8666fe5ed18026e3a057d08dcfed88576b07ff8eb84577606639578a187

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
d123fdaaf370fa86e725cc59f25c1682

SHA1
a3985fe40309c4d0d752164618013af1dadf1f83

SHA256
b1567d218ff285c7e967c290ea093c1659e325e3fd1e72e229dea87d7ac2ed26

SHA512
74a32ce516824d376b80ff470e0f97deb86c6a0e4abe7bac3ae475f67ddebef7b2bc40cdfce0319d2517f74016b5ade89eeec153ebb7f74140b3210751416222

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
70522687f1168e4bf27cb489e49b2dbf

SHA1
174ba78eb36beb5fef5a012ad4b2ca30f5e6346c

SHA256
790693f927db9925cc5255b618ef608d2ed4a8168f667e1ebfd7b50090c6d5d2

SHA512
145a47b5ce2ea949defa9fcf39a5ed132b5dc66aa692bcb5e70a41ebfa720fc3a1bac8d8ca12a319aea59b071449156d60f0291e47a8348a046b8868b9f15131

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
bee524919679a3190b07a4cea28db084

SHA1
1865763f70e070face34a50748224b1f01d21543

SHA256
e4729e32b7b2c6660a1843b08d38e11e7b653e3e7e9cb9a4e6702957b93f3448

SHA512
8fc6ebadc8b367fad7a0d8c6ea27235cf8eeaf89c93d22d4c5a3efbeac6af4f854363bd4fe2a79259d211fa4afe08b03c288deaf2e3b216771dcd684bbb9e68e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
039757a4b352c19fae0027532344dfdb

SHA1
07687d11aa4395105b4265476cfca714b2d38c44

SHA256
94ee4f533794348197f139571802d74c71b59bf6baa806bbcd99d8ecea29c9b4

SHA512
eeab15b5db5bb55497da3dd66f470d8737d93d1f707ad3b6355bed544d4b08ef83684229621c4dd3e6b1a073d94d5830a10bea7991810c425bd16291156ea3b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
0d9c2073542bb1f6d01d684349cf1044

SHA1
6fa7ad98c6fc780b777df05db22449e87749438f

SHA256
48210945db5d33477d68515048b27c4366c46c61d787ad48cc1f9059a8500c27

SHA512
5a34912c234a225a76d80c090a38b5d6d854d51f12c94e46c9efde133a1bebab754402de7e15e6e963200af01277360acdd4eb1a2c3d9ea9f966655a9be910c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6eb96cd2b5d655e3535137200aa6b35a

SHA1
6bc2d05925fca28292612c3d17a2fa72b187a1c7

SHA256
0c58a466176ac1957e5aa2d04fb3b21146b7b53105b91db6861cefaf9baa74e0

SHA512
a26b73e471fdd0bfc17158f20a2c2c01e15d95ead2372e2d766f3f740b9b99824cbc2cc38c10477d33dfc796489ae9b35fd6b99f4d8f3ce40b57f8ee301f532d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
8893eeae07b8afe10ca1e06930be98a3

SHA1
3e0d2d5bf781076057c99f9603a2d54202f1657d

SHA256
993146de3e1dbc64b902bc757c92d7d89e9c0d59d91d4d19759fd0fced668d1a

SHA512
351239cd10d54b24e0fa459ea372f4f7ec1b446cd768a1bb10b113f30e38be9c06711b494f127b5381e585fe9dcf3a09e62a4aff74a4bd61363566c9899a41d7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{f79ef9b1-1967-4551-9b42-3bf051738e14}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
c72869743984a373ba638538cf8f78ac

SHA1
ce35ca32a8553f70a3e0b99d5ed1bd8a327cdf9c

SHA256
822a83ec86239473e0eaf7ae720cd37105dab572939630e98d3d9b96055fccb1

SHA512
5141d3620e379f3627a6615ae9dc21a9017f5bf3ebb7d599836f84be5723f46f11ca295d2348f541518fe3ff32ef2211d3f6ab2f536e5d81ad45ecf802dd0250

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471143794894200.txt

Filesize
77KB

MD5
f0885f2a2e7634694a1f3143d63fd2e0

SHA1
70a9abbf6a32c8c6a42e52b799c0252efbd161cc

SHA256
8a785f04eb570bb04d786033d6228ed7b4f8d403bad6e39cf7dcf6e6bedaa80e

SHA512
78a114365590617f2856fa5a4238335c0065cd40f2fa119d012a05bcfb7e80d1630373728ceb1be129c093e963e1f866ba2ef0ae9507f3404d76f310e3436726

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471144216446357.txt

Filesize
47KB

MD5
7af6dd17f79bde8e6915a59978b4fb8a

SHA1
753c532ad349052dc70d7549a905942633d39ce9

SHA256
e429c3ffe4b6dfbce8fac91833ad4e81fa8ef080d330898dacbbe63076329b15

SHA512
a2a370e3cd8831819775d532d895c7b852161e8ce089bd894b6ac592371062ab6aba728e3b6693f31331094cc72ab7612e04f15527fc46b1188629916b65ac5c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471151696037323.txt

Filesize
63KB

MD5
974191054ba90782bb1c336aa634900c

SHA1
3e508c3f52921231d4f7d580ed6575d9aa42a0fd

SHA256
cf7f8871f3f103a95e9c607fd71024b5b0879121b134b03073982eacdde1bbbb

SHA512
2eab91a237d0c586791c02765d1d6b807fbe495bb33a6c1ab114271ce189e5a5c5e9311863b0c9aeef2c18f5bcb4935c5c6dc40d8dfa7eecdb0ef1a2c5190119

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471155475836821.txt

Filesize
74KB

MD5
c3be782f3a1705bada0a8ee1096c31fc

SHA1
5c7cb205dcc920fb423fde0760dc957e9afde3e6

SHA256
b74bd1d6d515268d91817b8f27c9588744c8f1a5efab497577b53564fe762855

SHA512
30bfaa55884d8b712a98fb60e12b6bff5c2c3cf0e5968a6c4fcf646bcb86f2d0f3db26ff8f4523d542b85b0e6d339e489dec4dbdc1497db86d43a133a9a270b8

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
0ff5eb536c4815f519e96e09cfa933ff

SHA1
5fe2fdd3fe183778b3872b7e176cb27f12a3c3d2

SHA256
a1c5939ba1411966f2bb875ee684c169d41f082c71f36a075efc1f84b636d9c4

SHA512
0a9e7ade6f211e798744c11f95e688c715ca8d28028c372eaf226480245be1e66d6bead687b5fc6b5dfe47ee67838ce726f67bf38ed207ca4ea04ddaecc922f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1860e720ad4f55331d7185c1fcea579e

SHA1
c766092f230b2a378bcd3ab4aedb7a1776ed8467

SHA256
a1dc4745ed60a0cc8e495d16d7005f21629bade44653cf5a6a934483fac1e9f9

SHA512
635ef56ee98305109693a8e46011b6484bbc81283708874b97814c85564ac3cb9a701eab9dd756a54b0ed3bc48794c7723b9ef2840560c2acd46b1b9e8ba226e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
0c9fc5016559a418b1193671d94dcc73

SHA1
6961962aa97cd1de858a84aa5c5283e65f197f8d

SHA256
e45af1dbf1a19c97cc59126c7af75ee2eb902f6a826eeb2b70708f1d9fdcbcf8

SHA512
63c84e618e252825ee5f6da974255b3e590c1c0631e74ec26c5cbcf859139c4a8954b245021fe08656974181bf4bf3a48ef1986cc049310f61030a572d56380a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
29c7210bd99f766cda8f375d1a16f9e5

SHA1
e7e9530b66ce631025a65423c250f2bbe3a86b29

SHA256
446dcd5add9869593190a1001e5790e8048f63ed76e28477caa1e11b206dd1aa

SHA512
cbe7a6796c4da760508e45a248ddb8e1bfe1f3e759bbf2a9b746828ca3cc2f57e242c2e5cdd96d4d7f44fd830d1af4bdbb6a11b37b24f4a69e9e53d2a8510c2f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
ec9433d394423af45f78c39f8cffb0e9

SHA1
7a7e79dede9c5c46c2dcf5878054f704272b8d0f

SHA256
c324d0f461cb7626337ef30f2b8634a70fa537cd123367c2e7e0fc9707d23fcb

SHA512
9612c4142e00cf09d9137b6eea419498e91563daef0decf9f5319c48d29471b0ea5b66281b64afe122344996305fb91b1c470429ceac854a66c096589409bcc9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
5910926f4e261b75d4ba178c15feea63

SHA1
61d3457501baa06269845b55206d3fe0995855c8

SHA256
962cd3769601dad0d30f17efbd3da51f0b261b46df6819f9947cfce6a16ddd30

SHA512
26cab0578b7e55e9675ae4e21b1f52ae492396e7d879e93180da57c2b0d2e0b2e36884dce6372681ce96550112af8560db76dbd3a7bd6a3aacdcff19836aeaef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e8ced8283051f0e9004c1812d6741d40

SHA1
4b2506ede93a47ffe96dad06d1263e1bc9322028

SHA256
ecf649e5ee1c8f3212090941eb0b1ed7ac76b246d31777f861873f880c2367f0

SHA512
5d4431870d1c878164ab38c0a85d1190d03eb3ebf9b1e85cdd7501e7a477cbb8878d3fe275df6740591c3f01077047461d9b4e9f3b013829c528e452059fa640

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
688f57468dc1d6c0e1dbe5f8dcde5f2f

SHA1
576d7d044dd95da5c09f341004f791d5bf903346

SHA256
fd54935c228763e3361d78994d3b41b97093813d6db600b3b555661a00d07cff

SHA512
c21ca4f75f4c0bd8cbb50d51fa4ba1406aed7def20dfae12f76c6bb832e5e3e60db0f89c6c910ba251088dd4c79b11389c48bf818743ad193af4a8b15574d414

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
197a93447d7d80d7aeb738acd9e4c099

SHA1
a0c74e4a4db335a5230ff4f58e98fbce74497555

SHA256
9bdc777e5f160bdcf8ac00ebc9f7c63c8df280fa79117da28065c0abcd247c19

SHA512
d0d3c86f7b903159f2056107ea7d663ef804e62ff9158f4f8147067c6a0f92ce7b0fb81f7744dcc496d841cdcbe1d025f0960c57711413eba83ad98134d9460b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
ae125a3f947a11f69cc225425d095f50

SHA1
e32bf922f60a7f4bd65c108269ea371f57943925

SHA256
668c93c281a6611418c7ec92ea5b21e24bf100771399ccc513661f3f114aefcf

SHA512
782bbb8dcc4422108d184dea69619449ff3d82898fcd901deee665dd68720e93fac62c3481be0093898074e6fc7cbd123411a8355b5c7671bcb88245cfe4608f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
ab8a70700c7534c5f9af6e5f7e2c23f9

SHA1
d0eb007b5d05134c664dffac14c086a4e6b6714f

SHA256
ad4ab21e70bdd13231185c353a955618666c1a7c9e30b221cb4ac84f29371471

SHA512
7594e41b679bc1a1891725b26e4de2e20e52b8ee7d7d7a6315c0aaf618daf2a64500ff3563409290686fc2a4cbdc5c18cab48ace9668c14c53de057a80e98917

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
fb33ab93bb78106e653fb65334f0b0cd

SHA1
8359afddd03557fe0aa1704771cc5870a9f67d15

SHA256
1bd9e586889696c25d28d6a877663cbb34fd9412d9cb351556cb69bfc07766a0

SHA512
80da27899bde451923f66eb1ba99e0b15942bb6e544d8915d8a4aa346fcf23f258c62d0d4273ae7c996cfc450a879f818cf54e6fef84d5a30a5f78efeb73dc62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d0aee146540c60e81f1552e31b028898

SHA1
cd1e8d9e21610aa2aef9584a9e64901f8b0d9b3b

SHA256
c70aaf3e31365a34d6d6b15015dd1ad377f7012cd7db0c5bb041286c7f9fa747

SHA512
a388d8907e56602b518de1fd44e8d397f91e92620fea0d1a05ccecf3815894aa0495833bad9a0cd1de2a0db935eb6880eb214757885962109dee96bf29833d8a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
1afa2a66dbe507bc31d3c453440f3faa

SHA1
4f30bf7b9dbb514c1ea424a05327d618001a5b6b

SHA256
48b4c8aa92decefc8b8141cabfc31ee63818c0efed792a4ff3e00cdf5199161b

SHA512
e7df46d9e6fd806017d5ba97dd4cd7562f92e478299f311c41ec8c06be8a2e7e7ec88b70eee82b8cb476606738a1bb0fd44bd82aac9148e24893820945844daa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
0043b6c341916282f5e1d4e49b478e9e

SHA1
9b1ceaaab5b4a8ffd2cef0a84e6dafbdaf4a4e42

SHA256
020402772f0a9f495f4d3f12569f19f67db4178286c84426f9138fc75f9cd6f2

SHA512
57611f68cc27f7aa7a202566496dd119a89e6e3e94a83d3154f209ecde122b62368e7504ff1c04da589aec2c2b0ec3783e689e5107371bc7fd92eec98384d467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c84707819947eb41bf6b4b417334075d

SHA1
f8edf1a061f64dc931391df2ef10bada6f4cf835

SHA256
8e803a851c782b6ae92366e726f0d41dcb12cf87cad7395c4e33d3043eaf1a1b

SHA512
19fc44142ca427b26278375f1083f4c68b49db1004d7b7aade34c270e58c92a4c86b5121584c54690367b6a25765a46ac46e5e20b4b6b578fa94adf7a6e10504

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
61d22b09b14e2b0875df290398336dd7

SHA1
61df1ce2502d7891edb10389528cddf80dcab6e0

SHA256
90c09c540a971540d7c6841ecad83c1d261ffc6ed060f699fbbf4f6dd1cfd59b

SHA512
53ce76387b3e88019199486b93390a1e0259f0de75d923a1bf2f1411927623556f014184acb316386ebcb34bdc33e8f2a2d8f378826e6d2991e2bfb213408d62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7c7b5f3593ebd5d669611d44118a6e31

SHA1
8185c6a29419736054aceb9f2e761d4d733896dc

SHA256
45ef4a5652a2e349cf18ee81b92ca1a817b6ea27225470da5815bd4796360b15

SHA512
19e4d609fc7cb17ce7e0840d733562df7268a53133602a41b451fb571fdfd2bf976c727c28be953fe13e1ffe04d3edc119feb5d35fadb3773b04167d48fc9f51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
7bbcc9e370638d22394f6d5af4486d39

SHA1
f0ee969e729e765b8001687da04703ca7b60a8ac

SHA256
39c70ad8de8bdccdccf160b4761329796c8706ca027321c3b0a81d5dd03b075b

SHA512
c81f53810c16cadbe8339ae2750dd3b2c2f463388a9a3aef8d16ce91b2a87821fc23f63625ff85f7e668e784b5ef82bcff53ff49664e89b2421decaaa95511d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
49102c1f3833175a241d83338646326f

SHA1
cc88d48f5a37cbc913d08c13da2ae2a26c009976

SHA256
bdb964d432eda80f424d0e9febbf188024503c8ba107de8fef1e52fc1bd4a7f9

SHA512
c0d5d05747321e5ff9b7e29d0e3ba0f4eb3f9eeb53f690562f31eb8941f5d9046e8d4a0e501fca05f6a1879e1f861791931d483bd78b4886c24afeed58a5541a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
9c46db1b49c7049a34ab3e7ad8e56a2a

SHA1
e95a2ad382cc781733de92c32da83cff0b6cd82a

SHA256
7c3293547320e3fa293d6b57c76174d4d04da277b31c05caf887c163dc61c890

SHA512
3779bc01288b1e90e78ab84b24a1fa6b7bba703a9adddcfa7c59ad080ac49a80f8862b72b44e22a7e0c6d17213e618f830b4c5d0c0003c3179f70930c6f4b21e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
e646010552ad2ffaa95f9ebc107f6969

SHA1
337dfa04dfd4c80ccdb1ce1c6c0c8c12e0885034

SHA256
24530a88a2612ed21750a1c0449d3257d4d006f96c9b83454b7ac92e509a6403

SHA512
cc1c2794501d9b5dd0f7c2742fd29613d7ef7a21a5db92e32fef7bc0529c5980e941440fc480c3bb92c7e82686b497d10e1deb4aaf8e6ff17226db64e9ddf941

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
d3da1aa6ad0360382f77f2230c23425f

SHA1
e42e68f624c661fecfd3ef91d9e5d6d27a216563

SHA256
d45430cb1c408d5ad4e095e3b4210bd26716a97902f803086401908685973edc

SHA512
c9b509c40b4981c92ca71f68d14279674d210c3cc99d42c1f4787a11f1f51573d43f605cda9b687e24c17629f9be49b19ad41a8837e477213e2925c1ed883ebf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
55dbcf7109b0551263273ee1a8ecbf66

SHA1
b3bff2f3415d4f1b5c2f610254b777cc9697a393

SHA256
aa2f4128fee770f74e9325e6e72abce59dcfbb5980d38302f78f7a8e44730211

SHA512
b20037cda73253418f527434d42260655d6940c8bff8fb15ec204ac16c35f8d6f190ea2d2e4e863228e6a5a3567a045c9f07ef810c582d61284dbfc79ecd03f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
432ebce2ad3517d6559273dcb484cc31

SHA1
8981951aa73b1cc9305f35b09249f16b8a079196

SHA256
a5d7cde843605d6c00dd704f2fa83b0d1295da8b18ff666954a4076e2d2f4c83

SHA512
871a04387a475e581082253181949381020310819827c1065b45627ce9ecb2514b5a915a410330f62d508e71c19cd8dea830631ddc940fa860babb1acda72d0e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
88b8a0ae0536a61974f7dc620f195357

SHA1
abddaa82434ee348aa27db91ef6cb68db3125d91

SHA256
36c0b0bea0a5fed39d267fd45da2e893d26105b26517ff2ba0d144dcf7ed3d9e

SHA512
16aed64af5160e67af8faa4d69d92d53c2f5f9651eabfa1fd0ffeace87ec60902e97361ac348c72a75b4536b89dff20a3a64e5925764fbe2beac58594b4b5e72

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
88a662680c6f3b060a7e533977da2496

SHA1
c400d61478dd2e8108eaabbabcf183ae917060e9

SHA256
556581a50779200d96628e404d1551278232f2eff69343111b22089dd3b47fff

SHA512
1bf5d2a36c00670b5104422657b0272612c416c88ab617129ca926b9d9b878d34f6f388204df5ac6725c8957c2bfd117869cc153f3e45b3d4611ed421447ad96

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
bd542f02309d968a131ecaf8dabf4248

SHA1
de6fed00901f41482e06ffd99a50be6a2aaf601e

SHA256
af17ff4d876b3c4e552cebd655de2ef2efdbdafed87ba50a3b21dd435a2c6dc5

SHA512
29048553476745384de92248e3b76b4b47dae03c213c08313118b41620e9fc58a063b2cf74869300031898c1d09252908a9364770baa0e1b591155f2dfa4a908

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
fd26d27364c388f7dc184be92151a166

SHA1
318759750c9b417becc7f745c3510627f63ffd5c

SHA256
161dc7b1ffeea541cf7c64763dde828c7897a84d0fa5bb909c25e3ce07f6576e

SHA512
cde50443a9ee9225a9d392e56f3ca36f11809cd20a290fcc9638e5135b1cf06cdc7d60f8db3407efbe818a45fd6bf6a010e7e6bc0961b3514a4eee3e5070b6a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
11127becf9e03e6139b4c61e7a6988c4

SHA1
96125b570233a39c70ede901c13c9e19d1d76e00

SHA256
735fab538a59f998bcacf4e2d1c5ebdfd9f35d3c1228337fad44f1c9d3a532b1

SHA512
1fdd8c8d04a7bd709c598db48a371d6328eb6358edf47f334986f317970f89c6b87520863776a1c15783d8931fca7d89750aaa893e9c294f5a279c46c95244b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
dc0639ae3c7ba18e3c74168abd947859

SHA1
8ad8d8c81178ec7d2b0fa81ccb26d406a902eb7e

SHA256
4af963694f3b52e54bc85fdfe16afa1390758a49d81cebbac16c905804204b75

SHA512
b5ba393db0db4906493f02a26ba868a86a0bcbd81cb3a7b20f22d0e221782745d9e0a2d49ec4c2b6f1e9035aaf53c6de3bf3024795b62963abb068cfb53ac13f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
dfdc85253f49c283cc75a4b128d017ba

SHA1
359b7da4e4e413e99d3b3773caea56edf7f2073e

SHA256
cc18fbac0b58c1505d360442abba2cd53e884656124106f2f5a020848b290e68

SHA512
495c91c04daedd63716b812c4403ec23f5f56f6ce0c7b8789c75e81be0d52bf8a5d6ef531f664ad83a6b4c4a3b6d9eee6e121c9058afe6572e305795aa2002bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
52118b1d50a0f8a47194c8e191003359

SHA1
4a55194b437f573e5ea865c42ec0743f31d0b2fe

SHA256
3753635d468f56a7f0adf62387498ab5aa03b62c11046d19594bf0e1625ea3bf

SHA512
e9f3f70fcf492ec7a36418c7d5c67315f0a16f11435dad28cf604e3cc76d505c18d0352d94365ed50676d9eb6fb8edeed4bf2bc0ea7e1ef900c94fa63c8b2e7c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
38272bc4b3b0fa56e414a184770f5b17

SHA1
f378ee08d8ef29208f35d0c34ec0b08aac276974

SHA256
6db457a40dbe262465057c8389013d015d0122dc062a2e72cecb7662b288a147

SHA512
98f7cb86625e1a96641af580c67a97e72f035913c5825863a64a9481904650e5b9e2f66ff74ffe7b0a185da1b41dc23827ca37d69ded09f838e635bc16ede915

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlStateTemplate.sql

Filesize
11KB

MD5
11737d5150b81522646f47c76eb10c84

SHA1
2708148d82dc07a0363b40cf8883419512cc80c4

SHA256
1307553006fc66e44b9c4e508c3f40d6917ce110e33b1d34ab2a93fa6ff6544c

SHA512
d17ee381a2ae454dceaba84bb997f5cee795f9eeefd5f7ae6fb139fe28e84150207e5e33a320c2a2cc02afd3fd67f8e96ddb77d13131a46b174b2c9dc59aced9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
4678c5820a2a886b37a54c6c784b0590

SHA1
c574ca8ca213c6419ffa19a1f3692706f7bafb89

SHA256
80e110a34d6eafd0f248b2814808f6e3572895a88ac24357400fc940c8986a30

SHA512
45d2fd1a355e520bdba01bada794fe5a0ba19f9827eb249548b68318f8daf829eca302482a383c0e054042c61435af5f5f82a6673808865f8d8d8e11916e927b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
f4f057b604bfc6d1343302a4a4ddccfc

SHA1
b6d9381af5b7db4f3ef44f55a4dfd9ec5b5c2427

SHA256
6959c49cb5771cc8bfad49f26190b21ae6bf86b2d1c2bf81e238ab55a48f7ac6

SHA512
7d3244ae757390e2a5c2203e93bdc9669b97f4b57809dfe224e99b8b6dcd29e42a150731479a3a05cb1c2a55dd4590462319a9a9af1927b580935dd7783fe3c8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
928658def675b7fffae606603ffbe9bf

SHA1
12b94cdf2af8345e095e0aa37d63dda87d2d6860

SHA256
8f29e7204e665f2d8fdee1e1172229c0603f99b8b74d15c159a0af45d3c19948

SHA512
c242ddf88c30fa5a57bfa431e973bbb2b276fd647a06687edf13a37997be45879a22772bb8b611378de1c5aa7d6e6fb9b5f69aed67fadbfaca4f254ca0ae8906

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
171fa7faf74b283427aaed33f81ad96c

SHA1
6c4947ff30122834af18f4e37ccb292f98fcbef0

SHA256
5eebdd2c0677d4ad8e1016fd5fb8755110d4a496ca2f076fe143a42237b65776

SHA512
55daab525b60660efbd5d8618fc5540770c59259bc5af5c73b8da46672fbbbb25f814f1c0472398016f65c008f0c3da85d805b297ffde1423e3708155c18b653

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
c582741e0f6f505437bbc7982a0f701f

SHA1
e4f8a2db91ff77bd7b76b1bf3bddaa87ed0f650d

SHA256
f8c483d0f29a5c3060cd26c197cc633abbc22c3c52c8f98d803570e92e8150ea

SHA512
66536ecff57248cad71c1a6813656ca1a65800ab133f33ee92283d91777f50168f8fd90fbba0c99aa696ac1b5166fded2448094710afa8eb4fee8a3bdfbffb75

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
4124b6a8cf8da0712e490167ae10d72c

SHA1
4eae836c779aca8d078956505ca8a95b049e8d9b

SHA256
c1f7fd5463bffc264f504f0d38eb82515954b6d8267389bc7337f2b449bc8457

SHA512
4c04b8a802c1774a2d838dbfddcfd8cf02ebb1a7c3982d3afde1f58610fce9502de4ebb7fc673c7e5440a18f248bb4f65e9e12829416e8e062145f1d7d16305f

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
ada07201ac1c8365f196eba4a4dae9c7

SHA1
349ad3652210ba436c2c1f4eeb463117e3dc070f

SHA256
6d3b6e8b3c89eebad0d01ad51e62fe24ae9ff7a4c234efae6b8d0057dddfdd8f

SHA512
d99d17594d4624c665b96d403d2c5e57c662d7f91b1a74d2cc6f2e7f685d7cdb75786b549dad67ae37beb12e557cc0ff609b8d5939a4970621cd9578b3c9e6fc

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
d0a40056de392086ddeb11198a2cd45a

SHA1
34f48a6f8228699de66701d93917808d9657a41b

SHA256
b0bc617fee418d963710f34df57703f0dcb1fda45584c6e5743c31dce185c4cc

SHA512
14cc4e38afd80b2884739e6baa10c4fffdb1410b85489c6fbd57c151850d8ae3f37fa44971132798267c0916e2470b3230be96a5aa50b6f016908078fe50eb48

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
1d03a1f18ef9a8a9a774e50e52f036ba

SHA1
75cb64635107b64c57e33f99c92086cec70fb787

SHA256
6c652ffb36e75f0560415f1025df6c3b965e1f989d9732e4ae679663f167831b

SHA512
fd6d7e9a0d74979132b04273734dfc5fa379dc10ed00afb3a9838b3c52d25b254936199f0fbe9bdffb381f818e658e67be9013bc2500b81c606729ddeb6d34aa

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
f2838a0de099fc5a69ee87423981db36

SHA1
80fa32edf46e2abf90877fe49a541d55a7dd9856

SHA256
a15345b0727c230ef2605019d9cec357a2cb289e60afe6ce0df752ad6d92c42d

SHA512
72df16006dd8b6f69a037a69b615e7e49a6988211f200db2313ce40483e7a3072d5f4d7a95b990e18d47755f5ecaf05dbdd2e2989472f56e1918f20b1959deac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
6a0fec28987f9c8cfc1bcf7dd7fecd08

SHA1
34e00e280dd0d98dcf6c06f9e54985c5e63eb6c4

SHA256
8940adc38fa3d8953063264c308bfa76de08ea134e07a26e6a7e6e29f2e78153

SHA512
15813c6b719e048c0b484d94a18e0070aec3b3db72b1ce828414d8cba1819bb44dad7f98cbd38abf2ccb9000fcd625cb4446da0cfe24906eb1e93ef9895cb2e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
7bfb4c0607967ad956a24fcd6561778e

SHA1
dfcc56e369545c32e0c8fd2cd0e49f99890da174

SHA256
2a23c409c122830bf375a92485dde853d96c22bd779588e1f71126f26de0c184

SHA512
666e8218ba81563918e3bbf9609b9a82bb61731d47f9adb3573edef5bea8cb5742c1de96c9b94196e39b9dd51cc878c8dc75f3b5ef72a71e0df82c641a8821bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
082e25cf10bcc44decca1e3f0ca48ef0

SHA1
d0a950cf0c2f1cc9b2560ae2435864c3bb20fc86

SHA256
4936cf7e4102581f36a3edd70552db0f7faf077704b52b63d5c1a7572df3980f

SHA512
3001a6a57a7ec23239104ea952544692f78cc331ebbe37f65239a20963a05834e058237044e7a09b5da2695bc668f2f029a52fbfcbf37276ae7b0ed069f5771a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
558b7bc6f6db01546f63c448131e9aff

SHA1
d5fcb6d67691bc0d4c7bdd0febc2632fe21d0822

SHA256
124fc603468d81a0d046f872a03b9f6dac128d0875e8dfb1c1f2a198d984f7c7

SHA512
1b226e00896dcac40a8c8131f099c94fe82d7cde1412958f18420d02cfd8352eb99d1258623c55a1a70dc95f5d124383ee7da84185c423f6f72f3cb5f42dfe4a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
7333605eb0b30177b5b1d9ab377ae9e9

SHA1
d381ba26b872f923034c957e08491cbc0059ddbb

SHA256
730387662e56c6a173c2bbdbbedea10c83ef9261b5be949cf13e96314ec32127

SHA512
c43abf91baa42d9d7b1d2f0c871a3fff0a64b7e06d4080461ca48fef6f7125de5578a236438a3a9d3f6f27e59c0153ad0b490f00d350978abf134d3746b1fe54

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
3af92a0c47f32d5a29bc06c17fbb1949

SHA1
dc517c5b75262e45d99e7ca5155c73d2c4604e2b

SHA256
1843d81b23aed8191be45dbf4bbd908017d4c6fda441fe450b42ea01146a0397

SHA512
ab7b961dd0532fccf8da7d84ebc736afa23ae8b3219bd25227f02986271ccc7b0302700aabc89caba39e9532b787d63136193bd68c71ad67dc4a34cbad6043c3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
81940e614cf69aac49ac6d845a545083

SHA1
3fa211868a79391be86cbe285b387607d5d8cd69

SHA256
1e436efc8aade46c51a6293880153edabbcfbbaa812b0556933c322233d70690

SHA512
e00e5dac853d21705662371d4b04682b9c7f7ee4197ec2ca08d610e4fdec42f436ccb0f4aeae4f90640a7a7ec3b38df630913b3da12893f35f7c83aafdad8a62

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
024352d30b36734867d077b024acb983

SHA1
9c905bb34c974ad6ff5fd238baf616eefa40f62d

SHA256
63fbc61c53acf2da1395aca52036a9a78e91a6e1e3ec8b20cb0f42729b30e9b9

SHA512
0d3078f747ac38f3c1fd7f8cb9303e4d892c5282020f6f0058fffbdbd68f50546304758ed666d0139aae04258f1bc9e3492603fbaf2a0b795234f0fbdaabb580

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
408ddc413e7543cd29711c0cc5f70c30

SHA1
9e14ab948870eec6514abf4693190a8175c54a4c

SHA256
62c31be6d14f8bc2044f70393392f546145c17d3bf53defabd5db6be28ee5277

SHA512
04e9fa67c1192cc4cddf8fc74cbd91dcc4acb1a5a81eccdfd0af5289b6155bbff543646cb663b203f5d3193727f412659dcf06c7dd88d6361d987edc0a5cf713

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
f98e748682766298950f90cf097aa797

SHA1
99cdf60a75fb6f2adf848d78adb28cb4dbee6400

SHA256
81f66a8c0274b51e22b9a328ec86a81579ad57757f507e43c0841dd9364bd514

SHA512
295266639b5c9e62233b34c44c9686f8d8ed2f38310554ecc3501fdb1b4263a739a6edafce76d3c3c759d6793048a038f0dce8359242a6de4a9aa22b66e6aa82

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
4fb7c6d07ef9aa40c1f392986db7b48b

SHA1
9ee91b7caa6347855d6e94a2e7f108afb624dc8a

SHA256
39c2c69ca0ba2387656a460399d6fa40f935631d61f5a118f31c5d9ea5290f72

SHA512
98aecdf5a877198b5203cf2d678c095f4ef80058e034d2db094faa41e7737a5083c19a1bf8584e073bf967a1bdf7579cd11fc8099da4921c038d6f33d693baa8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
59311f7ffbd3ba2c181d252d01c1fd5b

SHA1
ed3688b8c4c6c315d68822af0ad24ee26a6f08a0

SHA256
0b3cbea085a2db072bb59a34a5f77f64b95c404d40ed3f013ccb7f61e5905723

SHA512
f87546b53ea1238f46e1ed20e4e56a29dcfb270eb916ce9cdb3c09626c9fcfc3d250fc9c32847754cebc3f343e303f031b61bc5da894f431e3585ff8147792b1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
2a4d7c5b3d6810740888fbd3edafd70d

SHA1
5d97ce579b0c30b033efeea7041d80957b6b8436

SHA256
5ced3345265975e740701356bd8977cd19ce55138548fe7e41221f554abd712d

SHA512
830cf522f95af3c65875f0784e2b9427775c549a32b9ff9404e2db1b1ed547d1999deb0e3b5bbd412f3507397ab70c9ee45b3bab5193470cba73a05b5560d072

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
4291dae8dc0b66a2e2af443732d48a2b

SHA1
4508602c68df7f1166c80dc74044c54ee75cfe80

SHA256
aee9e6507ebd39fd9e8d628cf4a387c533612a109eb43c9b0f8cd8f5ca7c40c3

SHA512
f713897e4a81cbc601d62ef70091c12ff613d2b52de97a9624d559eda7cff44b85adc13dc3313d6c84de434197258c2612a3fb643193d3eb85d00fc3aef0aa0c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
7ec133389bf918b9442a79a7eda9d5b9

SHA1
b9e279b3cf6421033ea0690007cab8d45a68c722

SHA256
d86525d77502796f9e5088e067cf9592918ec23233a073ce1e64a8d20d6f0728

SHA512
e889cb2eea3849827150534185b9fe86a3e71297368d0f458fb3acbb65a3ad77620f3756e2829f1fe5894e281db6ef187844068fd3f842b95c0853dc88bee9f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
9484781b2db3ed9913de9d40ac1c599a

SHA1
95909f24465dbb40c5230e81a6c574dbdc49408f

SHA256
8314e9419fd2c3c2e3c1aca68440d5825a5b436d0c84f52d5502dc6d32d7a6f1

SHA512
c017293ab46c25b491d2391411e007d96503decb8d51449391add31eec8df23d65da63ebb08b377ecc53b7069afd8b5b37c6bfaefdc5bdb624054110769a4c3d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5f10ffb2b8a5aa5df1a6135e533d1a15

SHA1
36486e7c68a2844c9a0007f46b4a53cb649a0fd0

SHA256
c65fb01a0ebfeee64a8addc88b6c5e3292994f79c01dee8950a6a2d9329d6710

SHA512
b8e5a9ba2479b187382f0cc166358376470ed44e44efb5728067e052a7bd462f7e0da73a297e62fa92ec5f3c67b9602dfe3ed1b6a06edadc3e2e9c15cb438afb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
98784086fe22a69a158f647d3c3f3ded

SHA1
d9d40963c4a164b7bd9117e36498ea4745dbc5f0

SHA256
fcdd110f140e49467bcc7a19c1bc8343b806afde69079542dd260211d0941c15

SHA512
5355d93dc618da98530ba4c924bf88a3c697f2435bd6db97cdf946619ec4787977ef7d27ad538eb84f6acbef2763339859ee0048f5f020557c13c198b00d9f98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
8a1071d643f8426dd8a4e81de4cf82b2

SHA1
9beea39316d08bc059bd788285d94ff3d7a32ba8

SHA256
5c0ade43fb0ea70ca801474a105cdae79517b9f684fb5b9836cb644e87a4bb8b

SHA512
bbe4206ba84a2733d7c578734ecd8c4ddac17f9855c69f095b567cb7a36f3392dd71df56e1cf7c373545996205289c7bd0dbbf2bcf3d2a41d6c983ee0d0b0328

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
76b086472b62fe05d30525ecfe7f087e

SHA1
3533d7b083d7623361daec945d2faa512edd6d2d

SHA256
5385ddc1de31625b29d4521e09fa3bac06fa029b58b9eac9cf5495854478a998

SHA512
cb3a594de0b0dcb993d8f4007626cd3c92b0ea1aa8ae22bbc07c2f5fc47b5916410d20eb61dd9a2d67090907cdd8c0cfc6167ede80fdab943b507ff3f0dbcafa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
e3b2925b46f6c19f919fcf74b5d00b99

SHA1
3bf3ce42fad49fed4041099a7410191d87bc5496

SHA256
33f22d48630d7462ad0dc2db2a45644dcf19a73b5b13be84a9befadabf3880dd

SHA512
4cb08d1106e90f335398690c15605ba1aae6d726ad50c891bdb3543280a516842076acae271602abfb2b21fe0d4d5c24692a44f73cea1f4fda4f4b94df534408

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
cb7d3eaa565aa04a0a8f78a39d5a4fce

SHA1
c0f7b7f270faee9b42240c6116d8b85307b94cf9

SHA256
09e24ffcab5467a9edb477d200d4d7c2909d0f3f726ec5ef2b612cfc83e54906

SHA512
6a06dc8cb544e16b4375da029827678336b66da48c2a71d07d5317847e6e3a752c0d7dc48bdd4a1a9aa7019c52df1224b8a687e03e43ea0044bc78b86e37a79c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d5abe3bcb6f66eaf0bc96eaa8c786ad5

SHA1
c0f0e99bd5214edff133af77b5b582a37223808f

SHA256
79f5b0b55fc4b525f9052fb84764c4b78577757db37a27466806d4955f0ad1a4

SHA512
865acc8ba9748e1c682ba012ad364be1e582213470df82560a5894931ef9d2c72a9a481da7f447759ef395fa2aa79d5533b2a8d94b1a6b058f05a89d194978e3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
f9da7d6e40bbd700b20eb2acc93ec861

SHA1
527a95ea5630568ee2540103a9309cde7c7d8c7c

SHA256
276af551f72df6909e66c7e4d37ed0829a99524c2a498e5f9390e6668ef10ddd

SHA512
1fe4ddb8a244075e475e44a2508b23a9de52c1df61be83b4138cbc8ba36a125058dd000f29aba6194175abaf0e0f89d2a0b6aaa9e1c2944dd81269a06e298fbd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
4698f8249ccb6af133240cbf610e8ac6

SHA1
0736affb1e66c1e6aec1d65380fa91166d39b70b

SHA256
e58719495d0031a33f1c18031ec8b0f8a0c01998fea1d175c9c068ccbfe3a7c8

SHA512
855172a9abf584bead742bfbfba53deed08212de67700d002debeac4da009a8b7e67ec2e63a4dee48737698ed876ccaf1f2b7f7572326060e2d376aa04cab051

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
420cf8ddf2874be61cfa08d3a16ac11c

SHA1
4f54b7dde17d52fa63ddb26e787f0611de9380ae

SHA256
090d308657688920ea7817fbb791a8f7a05e6b806c184778687d7910864082ca

SHA512
f58a5514fd6e25b6f91af2f57ab4f51d2c7c46cc3dc98895e08c7718f7b7449aa7051a7b6bef8eb4b6804ca58de2a9b9a9582473965609d7ea125206236a4677

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
0bba4040a3fff1bec17b6aee8dee8e06

SHA1
15cc81a0d9a29642968856ed19e887025de28463

SHA256
7acd1f0d9adedf70b17542554005a58ed3da4f61c664e960974d137a62614128

SHA512
330eef06f573baccde61375a75d91bad38b6411adf3b329b4d2d37dc25ead5b8dfd8d338638da8f6e668590ab19ed19448f1a003726af893cc036fc80bf16c73

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
02fd70661981230f7300e1b7a32b4e7c

SHA1
b60aa70e79f0b800ff38381d377b14841bcfb104

SHA256
6cb446ef3b4ec09f6662fd61ff969f1075c337ee7371a96982141ff4a9dfcc28

SHA512
9eb2073dffafcc0982f012365cc1fb11dff40db9cd013388b38039491efd8053befa27503923ee5de116341162297e8d8629d090a9cc4076c3ae96791bd9d96a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
3755ddcf1b1eaddf4bcf108300f56ba1

SHA1
af36c9c8d926db67277a5620b1505ec613d34d90

SHA256
78f39827ae5d32924e4a1dd48b4d50e383f6d65f2ecd8d579834e41de75a1435

SHA512
071d84d314eb6908b939039c8df4a57bbf85851d5b5adc91eb42bc5846e7f5053af9c219b5f05c62e6f3059167754eb3a0a820320338916e7a8ff427ccd0f215

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
75be29f3c9089159117fdeedcb4214bb

SHA1
3e0875317da7f7761f20b866477107750809595d

SHA256
8c921ed6c8ee607acf5ae57fef5bbe260f60f8369053961c43c5ea6e63350b32

SHA512
50c3c061c6d33f7990f5d045b1f5a7879dc00095442473f54d3f5b0f41021c72805fbc37db42ce80e5cae6567c45486278f5657efa4f0944f9cccda51d64b730

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
3692eea500dd55a14a333fa4f232b9f4

SHA1
a9d7fce99bdb14c954259a908702e2e29143f22b

SHA256
fafc2e6c28415595e2a560dcb1036f3040783f2d0f37b3b08e6771bef64371d6

SHA512
166590878de2e7e788143724a769ea77931559948e57167d8c9031cf932f674162644e45decedfd71f8171b805a73a0d2778b10fe669dc9622270c384d4aad92

Download Submit
memory/3296-2974-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/3296-0-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/3296-18-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/3296-4-0x00000000770E3000-0x00000000770E4000-memory.dmp

Filesize
4KB

Download
memory/3296-3-0x00000000770E2000-0x00000000770E3000-memory.dmp

Filesize
4KB

Download
memory/3296-1-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/3296-11121-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download