xorist | eaad06b4a7b1072a3e7e361638e75ffc18d81e17d8a443b511b77162fe4251a3

Analysis

max time kernel
1499s
max time network
1175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2023 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mbrlocker.exe
Size

7KB
MD5

61dc75a6465bc7582f873b554fcb1b6a
SHA1

9dcfd74bcb873ddb4ed65ea234140f33664a9ff2
SHA256

eaad06b4a7b1072a3e7e361638e75ffc18d81e17d8a443b511b77162fe4251a3
SHA512

457ae5e5315645f8d496fe4066f2487f8e17372f9225b648498b5444b9f13ed1b7768a773c37153cf32518ec102d2c8c5f3f89f7d760a81ded9bc96848834f1a
SSDEEP

96:lrZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExs2VKi6oWd96OGMUA:Nzdrr1FG1WDCgmjPZHT/OGMUA

Score

10^/10

xorist persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 6 IoCs

resource	yara_rule
behavioral2/memory/2424-7416-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2424-10736-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2424-10883-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2424-11162-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2424-11167-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2424-11168-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2424-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-7416-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-10736-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-10883-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-11162-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-11167-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2424-11168-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KQR91Zr4H5Ab7EH.exe"	mbrlocker.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computer.inf_amd64_aa72c8894a821b32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhay2.inf_amd64_e87e378eb673af65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_9af3a8a63d4cb5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis1u.inf_amd64_64035dd8a7571ba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\1394.inf_amd64_a08737ea39f5790b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\F12\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png	mbrlocker.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-200.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-100_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-lightunplated.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\LargeTile.scale-200.png	mbrlocker.exe
File created	C:\Program Files\Internet Explorer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-100.png	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\rhp_world_icon_hover_2x.png	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48_altform-unplated_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44LogoExtensions.targetsize-256.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-white_scale-200.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-200.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-96_contrast-black.png	mbrlocker.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Sunset.png	mbrlocker.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\[email protected]	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-200_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-72_altform-unplated.png	mbrlocker.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-16.png	mbrlocker.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_altform-unplated_contrast-black.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-400_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated_contrast-black.png	mbrlocker.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png	mbrlocker.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-200.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-300.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-100.png	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\40.jpg	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-lightunplated.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\SmallTile.scale-100.png	mbrlocker.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W3.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.scale-200_contrast-black.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-200_contrast-white.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-36_contrast-black.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-200_contrast-white.png	mbrlocker.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-white_scale-125.png	mbrlocker.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-40.png	mbrlocker.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.scale-400.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.1052_none_6beee285dbf74c9f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ices-wmiprovidermof_31bf3856ad364e35_10.0.19041.1_none_fa1d96c2f58f4c30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_6d48508caa1f00c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..madvanced.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07b941291e57150f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-recover_31bf3856ad364e35_10.0.19041.1_none_465905a4885947e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-i..platform2.resources_31bf3856ad364e35_11.0.19041.1_en-us_a81f60945d226994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..tauth-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62d8c0f82650e0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.contrast-white_scale-200.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_10.0.19041.1288_none_5b9e83b565fd4c11\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_spaceport.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_12e356d6df5a5268\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfmp4srcsnk_31bf3856ad364e35_10.0.19041.207_none_ef2a229a4124215a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_dual_rtux64w10.inf_31bf3856ad364e35_10.0.19041.1_none_1d98d45a56548a3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mskeyprotect-dll_31bf3856ad364e35_10.0.19041.1_none_884589516eda6fc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-deviceflows-datamodel_31bf3856ad364e35_10.0.19041.906_none_f9e06dde35eb611f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_8cf8fc22ad29a84f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlanpref.resources_31bf3856ad364e35_10.0.19041.1_en-us_b511a5babb2e8bc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\x86_ntprint.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b919638a09a244be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-japanese-legacyapi_31bf3856ad364e35_10.0.19041.746_none_955d9baed0aa3546\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-expand.resources_31bf3856ad364e35_10.0.19041.1_en-us_40dea5a39ca5c65a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fat_31bf3856ad364e35_10.0.19041.1_none_64a43903f6c1af5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msvideodsp_31bf3856ad364e35_10.0.19041.746_none_ad89793cfc7e4a0b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\MOF\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..onservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0d4b70ba2eb23601\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d39a2a9f524bebb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmtdkj3.inf_31bf3856ad364e35_10.0.19041.1_none_cfe3a5fe151abe4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\x86_netfx4-servicemodel..ormancecounters_dll_b03f5f7f11d50a3a_4.0.15805.0_none_d5e0ebedd4e722c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-36_altform-unplated_contrast-black.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-q..ions-core.resources_31bf3856ad364e35_10.0.19041.1_it-it_3141c8a52f3dc023\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..xdiagndll.resources_31bf3856ad364e35_10.0.19041.1_it-it_6f66a70949bf3998\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..p-ie-sqmapi-windows_31bf3856ad364e35_10.0.19041.1_none_c04626485f10ec69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_wvmgid.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0bc1967910361b7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.19041.1_none_d5bc536d9952e426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ealitysvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_bc209a5943e3974d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..ionmodel-lockscreen_31bf3856ad364e35_10.0.19041.746_none_a1846c5cfa5f5331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kdscli-dll_31bf3856ad364e35_10.0.19041.1_none_f4cb1971d081d8b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-lmprofile_31bf3856ad364e35_10.0.19041.844_none_30ac23c2ea07ba53\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-simauth.resources_31bf3856ad364e35_10.0.19041.1_de-de_2e2dc8a45f953c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-20_altform-unplated.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_multipoint-events-files_31bf3856ad364e35_10.0.19041.1_none_c50ef4c38571a391\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shmig_31bf3856ad364e35_10.0.19041.423_none_47ff08020a418834\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-printing3d-winrt-core_31bf3856ad364e35_10.0.19041.264_none_741076a3d4cce13d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo71x71.scale-100.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_storfwupdate.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f580224f6fc41dcd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\msil_microsoft.hyperv.powershell_31bf3856ad364e35_10.0.19041.388_none_829556baefedb9f2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.19041.1_none_e8a5ac944557b7d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-125_contrast-white.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..provider-msauserext_31bf3856ad364e35_10.0.19041.423_none_bd04f33490fda539\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..ement-wmiv2provider_31bf3856ad364e35_10.0.19041.1_none_32764845a9bcec63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-mls_31bf3856ad364e35_10.0.19041.746_none_4eda1c6d21dd9881\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-black_scale-150.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7981a3f10aa67067\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square71x71Logo.contrast-white_scale-150.png	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_10.0.19041.264_none_1075dbf41234b43d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-shcore_31bf3856ad364e35_10.0.19041.1266_none_458e5adc0ac7b84a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..ventextservice-core_31bf3856ad364e35_10.0.19041.1023_none_a381359b51d29b19\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_networking-mpssvc_31bf3856ad364e35_10.0.19041.746_none_f2c77bf84c5aa93a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ers-assoc.resources_31bf3856ad364e35_10.0.19041.1_de-de_2dcf4b065e5c76da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-hbaapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_a7f32d85490bf69b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.ApplicationId.Framework.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_49463b0bbd784409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..tance-exe.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e4b2d9034337b1dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mbrlocker.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KQR91Zr4H5Ab7EH.exe"	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	mbrlocker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "YWSNXDOPROZLNQU"	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU	mbrlocker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\ = "CRYPTED!"	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\shell\open	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\DefaultIcon	mbrlocker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\KQR91Zr4H5Ab7EH.exe,0"	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\shell\open\command	mbrlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YWSNXDOPROZLNQU\shell	mbrlocker.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	932	svchost.exe

C:\Users\Admin\AppData\Local\Temp\mbrlocker.exe
"C:\Users\Admin\AppData\Local\Temp\mbrlocker.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:2424

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3420

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
24216784fec7663cec902769cb75a305

SHA1
247329e287ea30650c5c63a89350c7370f051e26

SHA256
b75f7ace306ceebe49f487b0dd5c1a8fa608bf44678d8c3c2a664988442c3637

SHA512
0ee8bf9ffd72bd9b95acab6cb16340495b02ab53cfa11d2fcb7887bc1ffeb26a0b9ff6eeb0893d16b346848f2147787ac3f44ababfda0d367b3301efc5fe089c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
a78afca613ab58dc4e7da4136d0b86eb

SHA1
d8d19a98c892d0bf05dcaeb474cd3bc5381b5695

SHA256
2cf3b72c27a1a6384274c57dbaa639a880fd70ed721296f9848feb4a62137d54

SHA512
bd15f9cf9c2464bad127dfa96de13281967329803f1841cf439c0c3566f7e8497fcfefcab2e3612ae5c0994754bf908a376f864bbc73f5096179891f06148153

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
2bf98aed96536aac0092791ca6c6eee1

SHA1
c2066937ed96c0cc06e004dd50533f2be20e107a

SHA256
627f7a84b21074f52f5cab7ef7621e7b87bf7bd17e8a313194139fb61621f53f

SHA512
ed7770b1a64a05c386b4406175be5d62171fbbc2546caa0d8aa0a09985c9d0c39184ee4c89db295bde3525652571367025ecdd313decf7d3b40622fe55f77153

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
8a63203c5ef3f25f47a661505f65b0d8

SHA1
690ee784cc2cd841366491dcd83a6cb170ce62f8

SHA256
2f69a6c5093d5f9be2b743f0688ae092dbe997bb597756a3c614b57dc7848c2a

SHA512
4e6ab46ddac3e4560e88accd9215111422d95bb939eba7045e35a224ab0169de622897452a8ede030ff2b98cebf56ac4ead522a8b8d3ab5bd3e2dafce1da9eb5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
e9919e4fa76a0656f1c01a23c091bd6f

SHA1
d44ca9e8715e5bc16cebc7e6a25636b517316da7

SHA256
ed24355acc0b7cf801fe5a9c339242d5cf9d1e130b01a5a536429df0814886a9

SHA512
f31ef4b850c59be3fc686a5e910dedd7d9f1992e18b088277dff30e040571ca4a6ee8bdaca50fad2060c6566bd0f60b5cd6a2fba55030b2131356482521f0785

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
25d1ffb3935841cc5a21029dc05bddf2

SHA1
ac10ff4e3c60d3ed7678fb30761141eefd61b2ff

SHA256
7035dde3add53af074ee17c27f38c07242b21361eb32e37fa1165e94b1ef0bbc

SHA512
9ed34ed6ed6e613fc10a548f3b6a365ee60bb576c8aba69a4519b4af129d524415ded4b9f154aef6991cadab5159b2c592640ddd0b7de6d1b1997a84e9794061

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
5e2414e2bf3233df647636a922ba68d9

SHA1
d2d4416ff1477fc50ee2ea308e782f099d01f325

SHA256
d86297097f0f50e558ab881c557eb0af48d9825e673943b7f40cd26df34346c2

SHA512
681f549ce7ae9f482af162c1e19fb4b242a8f5e4cf4d76d53bea43c6286409d530a88a48ee3566d8c7fccaf379ad9bb4218df13c14ad394d6afe76590233c876

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
a67525e0283e4726316a15f790aadbd6

SHA1
63caba7f8395898c4c6c0522a725ddf857c326e5

SHA256
66d479a8fb49b4c29defc06d3079259c4af92ff5935e9f7c8796b328bea31c3e

SHA512
96370c50815092b982680cac84fcc31996433b087d941f5e4ae8bbd32cf3033f42263c6db05a6c6a7e6eeac7b50773d5e3723811a9e948432065d33a14e9f0f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
0592bf93af3974d92602f2a7ed09aecd

SHA1
5bcb859f4844502948218968a9ca62e9c7820d7e

SHA256
1cdb4ab24fd3c3d9011e2e8d13ae2832fd2182480ad7c2d5f5e4d3e44410a2b0

SHA512
727f5e62591a370ba7dc712a9fe2afd8140b7e59e92bc434cf321c5a51f647b2c25abaae81bebd5f9dfe583676afcbb5b7e802bd17f758a50364a0d63fdb09be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
4536522f9becb3760747eb5628ea8e17

SHA1
be552301892a42898ec1a157decd3f4cebeaef5c

SHA256
c4653c1aa6711157182f6e128ace574ebd66cd0b1b3f20fbed0cd9ce610bb9c6

SHA512
9c234ec175c917c4e7ca3b4c7b8c0a310023f61408dd17351c6c48d948a4be9315e46cb57552b96fe129c4cc2444a6b3ca234d05529802b1781e704151358ca1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
10bc04a5e96b6da1daddf0ef8286c934

SHA1
19a3a7cbf2fef0859161b72ccfb042de0af46117

SHA256
ff0f068e4e33693285890a60c3abc90175b9de0ce99d89a4aa5efae46c6918ca

SHA512
0587bc8e4422be220911d47bc193f2f3a44bc0b606a04ae07becad66d2db31f5c046eaa90bea3bdfb1469b847eb47cbfda280fdea542fb50dcdde3c42ad7c720

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
7b48c132f1aa18476ac71165f69519b2

SHA1
e89111d992a245199e8180edd56bbb25b1d69f5f

SHA256
84e72787c006ab32f270698387a108ab72335200309434a2bd9e64f9090d8291

SHA512
9a970be4dffed698b3cafccdc24d32de4edc0662c21fdc177b153c9aea4be765cf72295da9d202b6715f79141a6e9d6c67d05c69b59b11f33e4f13cb3113db89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
b024dcc8d47f90373000ec5aa2fa60bf

SHA1
6d01fc21f7ce7ebf1defbe3f3c041ec48f57918b

SHA256
833f889e8e2eea2d66c2b43ab7da75780bab957556449460e0beab781f8e352e

SHA512
5ec07e7f6cccf929e9f7b2bef69080f115a103ba3793fe84b9f94ac67b67c190a16fc9ba8a22dd6fe103e20cc403e0d3b949ceb6dc76936205d8bb010834c4f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
22d8b1c764b13e0c767c974ca22f5b26

SHA1
d1974e54950def5302b92b0844abe62e65235fa0

SHA256
0dabfa945c5531ac5938712d9f8d2c5c822bfa8de0270d8ad593c642cb670bf3

SHA512
e577be6d2701a5d10a1359bcd31941ea914bdb514740a929b310236b32d589775e3a66e64acbc1f98a0e0ec7818d954070ab42af1a108697a8121604c75b90d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
0952f90afd6b2c87247fc740ca62d434

SHA1
08d2898da9a1fc48e8e98395674bf6af12dfb12a

SHA256
0c1ee0087c9f4fca6d25dbb287a4cdc636d7c94c8973168d2c47da15aa38e481

SHA512
dfa0df8614a900a87b89e7eb1331500f47305d9f376c29170f759b05937865990b3c71bd76c4a13f78d7ed389515f7a3e9fe26e626a726bbceab966841c32ac9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
f9d563f16deb2d1a1cb84516c2b0b8f8

SHA1
332baf26701a2b6f81770af02edceafe77ef1e8b

SHA256
1be342d5b49866f9e6d4544ff4add165c389ea95c9783496364f598097fe36d4

SHA512
e3f8c59e37147109d80a6b1433219e2fd2600a7381a52aa4d5330b0b44e72aaa4ae4fee4bbde2a9fe65e95e5a9c7da3d8ce49dd44d48d3f1bd6f287f67e538b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1312fb9a5aafaff698b435c97273b62b

SHA1
7c9b5c9dacb107d2957b6f682b166e952197bf10

SHA256
825e146fa50f2418353dffdc7e464def75e0fe88b2508bed5e3538cde0d1e408

SHA512
81b9bfdea7da3b21f90d2a059cc3956d6cb78edfbb2cfeffd9e56a8ffe402b1a4804c59848deabcca0651a8d2429977280278a837a6f31e57173592aabbbbc0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
8d584b891c8a3798d3e0c7c042894601

SHA1
8414f3220baeb46b7793deb62e81379650d9cb54

SHA256
942616ca9beb12e8e1efeb3e81c424697ebd606983cc3de042092a332fe96ba6

SHA512
38d17ae1ecc9f8af0d5112c13f55eac1f9e3a8e359a97da39e588c3d6a38b679493a32f78963e92191cc9d9e8085e4204a2999d53ee7580d0ab12019ac4cb7dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
8f3f68039c2c09baa06df35b17b3352a

SHA1
9f6ec2f2aa699908fc6ec7513bd63a8aa632f6c0

SHA256
320aa8ac839a0d704be70f5d232f3d28c486bbe9ba0d60b15aec10e1cb2ce58c

SHA512
6e30b075f74769ca39d3b82f8d9f16ce454fb64361052e8108b1b9643db8b17757f140ad79470aee01851e822284dcc7f99af120d096d3109f6ec1f53cbdfa03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
4b960aa5564a608c4bf9cd3dbaf6ee81

SHA1
18521444d2f0fd205fc9326ebd65f0f49f494087

SHA256
5661a6e29dabbaf32657bcd81be2723210a1f430a07e03bc49da3d335761dfc2

SHA512
f469b3254cc9ea0958b781ea71647ec5d904e98bf4c87b1f24d3c0e2e33f63c547d3888188e62f35d0ef08f25e61d298606c5a8b099f0d7e77e61cea7933ce57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
599944b7e5693f23d75e8666643eadec

SHA1
7fa38174552ddbab4d6bb5a57be96058895ff194

SHA256
cedab46168b68c12cc3c53f0c412c2f00cac5c58d011fce4feb3b71ead797f43

SHA512
0e972df5ae34e34f73ba86cb64ca84948900870c5e649e7eb317e7fe62dcc1846151fcfbc11fb54acb3c28f6e5841e23e0dc3a30350d9431c27cea9f3c3b5f30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
49bd5240ddc3c4a5cef5ac94e04b756b

SHA1
2d9fca90ce716c90794856176a1fa36cb99651ea

SHA256
d6baaf23a4e880a668ccd9c73aad499e55458effdf5fc9744fed4f6f80a53a82

SHA512
9dec233f39b8d414c1ca0d79dbbfef5868e885f73857bac3d15f5a8b283fd5dd9260327328854b5be65b7a5bfc29feb33fa939f1df59598b7dd7742b99d7c0f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
ae5e1b77d837b9ac4397c893daa61478

SHA1
2fdd8bb33b25f4d43dcfdce8bcbf7f6c9079aaf7

SHA256
d5a4779e12c06deb6258afd7c942e28ec77abdb7efb219e8236cda33000a1c02

SHA512
691e5e6114861e57af364c16592ddaf4de21be095364c4deb758fdc1c955684ea8785a4773c4a7e2ba7a3a2162a8592ec67744723abe63a2b20b0bebce1c70d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
d43634116867006bdfd385bea6a9f43c

SHA1
8d56d044d5c763b6ac6659a6dc371767c7f0f8d0

SHA256
50823feac8b809ea8cd690f49f996804125d4d2abc23f37459d7b05a416eb30e

SHA512
8a2202a6a210259909a218a3c084c00384476346ee83097e875319d9492eecc55f90d779d75e43445cd2e86216fe296e8d91c5f7d96961e67d8cc757e1d12c1a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
61f8be5b757b1b1ad8a5b0b249951c46

SHA1
6969d138ebaabe81fdca74f5970a3697290e82a9

SHA256
439f8aeb5db09f73c7f250deb22c3ad1a6c9b91775921d100b6b30b410b16e0e

SHA512
f1fc703f18a726de013c8fcd7f4e038d272e7b4073ee80bbd7a13c30d84164b7d4a32599d145fb9f1d3245bb0268f61ece035e1bbacc177076cafcbb8b372ce7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
3bbcacbf75200346b3d4f94505197f2d

SHA1
7bc0ecc81bbada5264db8d8b5de9029363d86c08

SHA256
1c74c3fb39fde1bc0cc0756abcc632c80bd04efc8c4080f59436c75825b66603

SHA512
bbbd2df14cddd5e3b16cb09489fd948358a8036706d05e39f9fd1b580ff9d9a3048884e0985e2388fdeaa3d0909460ec0c366c9bb2df560a5a763c0843a13b7c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
c24ad144876b73481552a077af2ff874

SHA1
0b0fd176df846c8cc32ac575a4c28d8ebcd72869

SHA256
a48d9ec65037bb2c0f5b7dd458d9726fde429afaad8a0dad297f5d904ebc4953

SHA512
8a28e77b86ffde95fa2a145e5ecd10683901acc07b2619041e411d52e76fded7fb22a5169d6b7751de418f3a98597c52ac63fe4493339446f9f9dbae0ca028ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
64c4a2c8a2591e164da0087aa6fd30e6

SHA1
0f0aac66ad5dc03f488c215c8e4423b3243ab61a

SHA256
fb77b0438345dffe1a7ab36d279761d169170f17db98f0d7f710b83c79ca4c61

SHA512
0abedcdb6bb80b6e111f2b14e823a0ae9b1fe84878103d6b55f509659ccb5c24b1f9727fbb840c4ebdf6d8abf0afb5dd3d8d30023217f1d0aac1af693705c6e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
5f4cffe8cad8ab2f298e84ed68bcb8d5

SHA1
68a56e2baabc03beaf897d09a6da18f8aa72a988

SHA256
835bbc4b474c2a12c0ee394582a4965c02f63bf664e61bfcfe6a22b4ae8bf6ed

SHA512
be1575c36bc441ad4fe6eff0dd96d64b72083b123e2ea72b3897938d961327aedfa4e89ff45ad0000d37c602b58b73264b7574924b2b4baf523ba88e6fb3df7b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1ec683261d14aca3f69b72087152245e

SHA1
2a6662099ca39211cc5e0b82893e99cb53163b37

SHA256
7d72a8970f132ed7859a8ef4541a9faacead18c5bbd18b4c8c06b6649e303b95

SHA512
b485c3f3925dec850737e537529297c78e84c5bc9310e596fe560b201446d8eb8ba8fff9b154ac9eb03eeb48d6490b849a4f5082706e68d85d90e1b3deed0a81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
b041807066f243d42d4317d1e33a289c

SHA1
6264a3a1deac080ff4f00ace7cd5a7c00076e3a8

SHA256
cd69ab2c5c48323dd4d1dc6cdf4afc83b060f8937cd765d648800cc118383b6d

SHA512
6d77704cc45f6df77f8497c3222c23690e71b7e00f919933fc04bc5e51a43bd7f2051faf0b2870e197c53c9a846215d22bc2881ee5d5568077c02575296a4b18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
108f3caa949e5c34ccca917d5fdfe2e3

SHA1
f4c1443084438a4059099e6527a48a409fea0c97

SHA256
bae404f5a695c3fbc66f69736c3f6e191de11dfb8c0000a0f92f9337f7ead25a

SHA512
6edbe53df1b4d4fa1728571a2da755fa2700c5424e942726e80ea1890ffb5161e5a18d8014a3d86509cc478f12cc7cc9723709e3475833978d587164aae33a28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
0bf9afff9cf7263c72339787db1c57e9

SHA1
4fa1a4534ac3e043e7e669cbbbd625bd2cee4a12

SHA256
fbe4d2efc68a30de9019afd55e8b4d34febbdf21f61e80491681e8113ac29e36

SHA512
0e1a2b5c99780372ad0ffe11c99c9564de055a69dfaa0689b8dad064fc42afebef8c9fdba13b536bd51e00e43360d5c59218f455a0ad3fb11b0986188ae84e12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
0828c568985020391fa65048b5612350

SHA1
5eb5f69b4181f20a64085ec6ef5b05dc7aee6365

SHA256
bc2221323f12383d368fb7e8d34d65a26c344b9e29be67ed430c2beb705fdf80

SHA512
524b5ac58ef55f8bdf09e5a4a8468ee466f78e2028e932f79d90bb33b3d46a183d8728321c0b72bb705f46799747c387e13f7048ebdc8614396055fe0688802f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
ca0476d5860c2e73240a2db5c16713ba

SHA1
b1cb093b62322d90d7ec2c3bb3ae3e032851c02d

SHA256
93f4050ace2c349f8e70fc3978b3ac23a4823bda1d778e96cd80b759b8fb365f

SHA512
281c9e1f48d183f27ae6bd60e21f1e2602f5cb0be24695259a2ca300d35db5841fd1f23751503be5897fec43ffeb8f85d19dc1ced2b86423ba6ac7b3b717a936

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
719c05757ac8b703bc54fa0745046236

SHA1
aed1106836b4a9df789c1755650ff241cd97bd8e

SHA256
314dba4ecacce8c510f48ad4fc5c3022c78f8991a923338f7628e35b9efdb919

SHA512
cc146346905044c36f14dfa4eb4b04e8eb1051a3a4f75e53be0f5ff5c58de2a592784a601b0ac3f0d34de311bb20013ec231849d6e816368b5f42d5f7d0b0b94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
4fa75b338ba1629bb73ce246be881d41

SHA1
66b6a086674c684674d2517ed98bf5d00fa85746

SHA256
708eeabfe5404b843c4c735baa7839372d7f771da02207320c7c088df9dcd3bf

SHA512
823845c3bc43e63f597644991ab86b645f68b7d328307013744ad8ee8928c31c689458811f147d0be6f8cf40bb40cf9790d0cb174bbb30dbbd85ac9cc97181aa

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
79dafd17edfd5dfeb675e74c0eabf65e

SHA1
1952b71bdab6b0b4cd49b0d86c3002094c26bfe8

SHA256
45411459d4760987200a1ccb2ad80afe8e3d0501cb5310d6cb92ce95cda51d3b

SHA512
2dfaf3f70ba48f62dde74c4faff0b4011374eaacae148a1204487dc38322bcd6b2978aaf67fa585abe4f2aa0d1f4b0f5a7cb0fec47e77fc556f8a65753e9719a

Download Submit
C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
7f2d0c43a24d1c3584568f05c05c50f6

SHA1
13c0358c20cc1a3fd55e88d25be48bdfc060c109

SHA256
a027c6ab4196da9b6be8a2292207568811dba21f86749ae74ce561a0084da156

SHA512
0dba138888213780cc77fe88011d0e96f919e3b078704b382f22f7ae4970a4d3803d90a3199f40d0db184c086c1dcfbb7c4dba73a90c869e63e22d71a65d7fc5

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
cf6c5971eea9038e8f6d4297eff07ef0

SHA1
309968fbbee23bd7cbb0ab0259202351a279eaf5

SHA256
cd7612e088b72416fde96ce27c9e339f97c0fa09bc5c99b871004882ffc24375

SHA512
0f5451de197436564514249512c07942b6dea1daf0dd42bf4b13c5c422086e809ed56680cd9205bc0fde610994f1ffa703ab2da5af3d88c9d5b0b429cbb53db9

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
47a09f2343c6736765db864befeac69d

SHA1
f85eec61b50bf5609dabe5f748db72a7e38b19e2

SHA256
ea81c57e1c21c210a1a3dbb150130307abb100b6498aed2f3850c569e92e7106

SHA512
dca444ddd11e30ed0fe823e358bd2238f00a9fff7652e2aeffca6a21beb63ec20dacbf1eccaa21c18e632415de36b0458a62ec35061e6a00e1b6a1f444b40ed2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
52db06349e840fbaeea208ea265650d3

SHA1
7b19e597c4cca43182cc74c6e7f6f75e3abc9fdc

SHA256
5d55c4b69fb5a686e97f19b03d655fb5b4f2199be763256a751682d92152c467

SHA512
39d82bf594fe58f178afa870749678f946d09de5e2e60151b93d412d1b34b39602905f9bd83a5c614fc564d193791ecbea1710d8321b03bad3a77840d53661d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
5b37cec3a69bff8d07407aedafe542a7

SHA1
cacb816acf550e9f88258d3b1b214a6e29549c40

SHA256
f8a66364b97b89bf0eeffc6d1c6ee514889d20758c5b38e39165e3d262c2eac1

SHA512
31589567a02b4d2df7524dd561191aeb8418df3d8c4e6b6b477f4621b0e8fec794c1540c48247d9507f97b5cf94d1ab3593d69edfeb266fb249773cc4333e1c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e921cc73fe99f031f962a41095441a5a

SHA1
b809fbedc59e6ab17ba913ebbd88316ce3726efd

SHA256
a087cce2e5b67df5f74b6be393ab3383bb7b394bf0499860a3ad38f0a181ef29

SHA512
590d794719d94ff25069fd166eb6582ce102f77f517c035fdb97d4bc7dde15818a391ef0d73322423122c1f65d5c94c4130ad6d8a320fe7809cb15bca7679fbe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
658d427014114e888a9b8338ce3399f1

SHA1
a8201daee67666033aab7989dcc1b042bd3ea319

SHA256
17a9958030f2b779854df2d2d7ec12c5fad7f01cf552a02ccd668ea92c9216f6

SHA512
0e9e63e9c6679a430ac0561702c988998df95f9aea8711f516a981388968350511846165449803c62b702b319e25f44ff06d4e115a52a4e02f329ab30cd6bc78

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
fdeb596f95b588c45f2eba912e33aa24

SHA1
557e7fe218a6ef1ddb6bb0197a00b34642e49bcd

SHA256
a913fe4a8d64b90a331dc89831b21fedd9e59bc404e75777e69a6c4140999c6f

SHA512
5ade69212a1f014cd665a6b98dd81fec7b6259c1ea62d91481309e4c0978ce5029d8ca298145a5a4caf2506c4df14556bcb974832d585b889f1b69f643f51e82

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
2ea623b72f470b3f91eb59872acbcd8f

SHA1
f764a66e90b8167ac543a8415d54cc7bbf61c1a1

SHA256
8cd3b7e7974b3d29572b83b44b296ff291b5491afcf27e2d641cae0d8792dcd2

SHA512
ae786bc8e9b1eec83b60e386f94f3c85d602f378174bab4f3b4886bd2500575f70ded7724d54f1516770abaf94aad7c990db45158a886b430199082b4d6108b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
68b528faed4922b43b34cf4064cc0b72

SHA1
b07a9be4e1f6f0b52fe5956362a5adffe12cff17

SHA256
cad23822b321509155972ed17c1bad353d28c05911bb330ef0fa8c33a8b3a668

SHA512
4740235873dc73b9d93d022ec69934983ca3c79b16e906cfe0ac3e62eac38ffa3ab5fe0d003daba910f0952939cb2cb2d7afae51959daa2a6b8028f80711e9c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
0f2e628160483335bcfa2a260547085d

SHA1
59b1063ad4987a2b031622ab11281d97e7edbb29

SHA256
60e21fd441006a6c1af596347c37fe6399ee4437ade94422a45395ff7ed616d2

SHA512
bac716f8a7ab4aa18161691e3d3fb6a4d79dd0bfae9db8e0fca8e4d647a31fd96f224698a5f05becb7e22efd46ae8ec78fb9945db50b09c0c8b2c393e26a7897

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
512e58b6d5a9a1fe5cfb6996ab3a5b1d

SHA1
6a77bae4bc0658a6f49c8d7f2bc19a02d0b9c5d1

SHA256
878518b8bf63b8feee64e9080aec73b0875c83c94096e54139809218411762fd

SHA512
b0f5a57322ddb96a2d27a8e66fdaeaaaba12c87caf66962ca6a71a864bd5c0dad045785de5de72698d65f1b2dfd7ec5b9da1e874c38be7de030e5165ff3e7690

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
fa04c1777dc183819e2b10fc725e041b

SHA1
b7bbcdac920de006af858156c69dff5d22d20b51

SHA256
7a24f8a49b2fc0603c5f4df7542f78efab5a8c65a08556fa8f4961bd5b1023e8

SHA512
30106c12a169e72aa6d06eb9bf41c5af0818ae0632d99cc7289e2bf4c3b40b34cd878d3c523505c1d2c5d8ecddbc00c899b1a0f21e134c208402532d6f8bcf1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
64b4e82cb27006ee7cfa20b44d7343ff

SHA1
4e9d15c3ac905118539494af582b61666a634a49

SHA256
3b50bf4667b5baaef782d381451e9317f120c13535454ad53dfbb96d5827c5c0

SHA512
08b451a0d8b5597860069b3d10ba0c6abf6faea03f0dfb6ed51b6b90301f49052013167dc47dcc096a4bc104fa1c06a9559658604b69931967be5e4334f722b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
9b456ddf0f752ada636b90c8e42f6524

SHA1
3a9dd0cdb4b1528ab26a06f352bc29bdbeda57c5

SHA256
7d266dfb748ac5a76c80df1ef317e74db7e0135215fc724bab3f1789d9306026

SHA512
9c44e71ac36c4d191e5f9dd4ce45aa4bf4f8f013ad6801f1e642009a1ec94135ffd1b2bc07ff6d0cf0438940a2988c2f5129c6652f3950d3557977e7c5fac625

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
e926e5bd8c4aa62a6da52927dcef8558

SHA1
39d2db533d68c735b6c32df0b7bea32c75f1a378

SHA256
bb3e4c4f6439d064069f66f823b79c41aa26f13b62b2b1e469fb38aeb2b0484d

SHA512
77e7936f718b0183f186e903f0ba4b186d04fc414082ba91992f8d3ee414e6cd37ca5896e556738b9a11976a714dbf787e24a216726337bf15a5bf55691288f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
238c3abab3fd7a3837af393964c34a76

SHA1
ac529b4769bda9b9f574014b9df11808fde1ad0a

SHA256
70a16dfb2543d2f897d5b9e86cdc17360117fea8ba3ab500bd849badf65a24a1

SHA512
6bb6624c9b54f31752df44a0fb5ca6b314adf6fcb6f73bca0a8b59e24d1f9e7d6c25c40d8a7a2efb731c526dce82870efe6a707d2864c6c9808ac34353c09642

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
3c51601e194a34754a212735abd873dc

SHA1
4b591f554165c3a7f02c6f90ba13ac4ac7cef409

SHA256
503f847f6fc4ba91fed188deaa6d521fe5177f7890f3b9ca2f8d6089eae0ecc6

SHA512
d9719fe876532b3315f543de44dd61221b660d12504555c22b9e8b774cd5a9ebd6a5b43e03e4ff1179ee116f742038301eb165882942d26d10b31e00753649af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.EnCiPhErEd

Filesize
1KB

MD5
a72061fddef325c231a15f0aa8167763

SHA1
f8bd110e5e99dbec572a4f087efe1e5a5789b906

SHA256
79d4911ea98b4dace21b80d02e2c426ae97fa2331a5bf26bc6d8f6b8b56a7ff8

SHA512
98b41c04f28d17aa37b1fbf28de19b24964e15cf4f159f3fa63a8203d9e4eca5a38302103057691df9e6ce00683cd129479cb58e45c84a7ea2ec63fe31f5edae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2636f32f0a80a45e13525b1f8fae9e82

SHA1
3b91cc098c74580447f84eb4826f247016e1bffd

SHA256
71bd17bd9a293438f2566ee868bc2c8af3de613ec09f248b8a208827d6b8f393

SHA512
3d136a5b2f39efc0a35d3014b32d382d12635bff73d7fd4212aa2324320a83708487c776ce2cc65537f6585ae0364fee453275edbd048fba18bb490edf6ebc64

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
0ee654e5c56f23e133352d929958ded0

SHA1
ccace056ad65cd88ee75c139ab27c80e1db8d695

SHA256
16b16ead13837eea2c41466ea6eb02178aeff69548bd49cbc9eb21653afeb9b7

SHA512
43c1070fba26a62ffe794e8a99baf8b22737841056acff7e69ae8d1a30ea69a45bf5e62cfa3c978235cb2f779814b48d7e3b996b81974ed5206d0d090d81e378

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
6f27509ac0226a7babc43f1cb4b96d4d

SHA1
2f3acd03886399689ac8d215fd3dea4c05737652

SHA256
7cb0a9a3b564fe882d0f58fd02826990fb4dc21e1d0843399d2c307b6f18fd0e

SHA512
d90b3d362163ed0282a914c245ce0c1e1c6561d89985a4935bc040b4ef42d607502f1f2cc16729f7b9db2528b6d5fa357429c66d2e6c5e900e095f0e06233e8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
823ff4239897fb3dd4fa37f8f934ebb1

SHA1
1a078b8f0b4dcc98a09938d77a23aa087eeb5d67

SHA256
bcc70de24b9ba8eaf232cda9456fd8ba3513b5b712edba491d81ba0d9037d8d8

SHA512
62328857225ee352afa8db8fab786a6d9fa57250a4f9900714e2c503ba46d50e1de851edda8861ae9c65c9765ca4b914f69419237b47e42535a42b068f8adcc0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
3ef04e1e5e4be2325e4c8012356d1928

SHA1
b5957de58089756374aa47e4e55a76a8bc37534f

SHA256
8fd7f90997f44d603067ae9b3ce6d2d308c2f5594389b7de0880b171be7bc6b9

SHA512
0a033045438860f153923a2f873cd11ff338054627517b97ac831e54bd8ac42185b54eb7aef19a639761b7c82cee2eb31a02f097a9a17b872ad926e5e9392d81

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
1b1d05ca805e32f424134bae2f015f82

SHA1
38cb4e0684ad59baab71660afa201882e71bcf60

SHA256
17a553ce4ce98a0b7fceb778b07d83408455a7a1932dbd868e5ff481f0bfb4ff

SHA512
79e7267ebbc4dbd9ee40529ad3d63b5088f7b930792fc1da205c2bf4c4fbb3667452daff7f890656d4c221590f95dfd95e0f872894eb3b16a4902aa5b737ca7e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
986b484a5c705133b0529081ab3c60ac

SHA1
59c02eb8c8435e3d6a28bb878b4c2c4e5b887b76

SHA256
73e251cf55d75a4f24e64fc731b685fce87465b09d23f21bf503829ca646a35e

SHA512
0dd34f11d032768059a51b028bb0408adef6d3db2a29f602e07fb8d1063828148d544ba253e2fbd0ac808b102dfb59893f735cc01d9cdc1b5c97c4a99e74384d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
db24bdf6549db557a01c3c485ca227af

SHA1
21bcf51c6ba0298396bd7ce9d8cf9b704b691608

SHA256
d67f86c692f1a63474751d5e0d10483e11b01be5d7440c9b58d699c6d4159d38

SHA512
d59b2a71de6df48e70e09de7c07f134b6711836e93269b089a942a31c3c55f0625dc00ac2a93d82c3c0c8de16cc3455e64b7ae37c000ea106df084c02360f687

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
90372f1096aed466b892bd014e10636f

SHA1
7be27c196d54af872ef6209e61bb2c4ff92a0c9a

SHA256
ca5026806b937da27195b6869480d15dbe13de4686f3664eb8a82d9fbd9d22dd

SHA512
705806345ccaf8254550c50b85e7b4d59f928ddd14ef0684ba8b6f241fd9f35a1d86ba9a257956fe6dcca6551363d1f9f62f19162e9a5fc6fbd0dbd7048dbf33

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
b68c75acc571272d899fc74bb386cf2c

SHA1
1debcf3d693f6903f2ac525f91b0b98d32693133

SHA256
af2b61a635600ab1c39398785e0439cf7182beed88ce3f7e58452126ce902cdb

SHA512
0817ccec9ea0204470a105c02e260f680eff7121d19a245c69e38a4691d3afee7a6cc9ecdc5d5002ee07ec84feb33e77d4981149f7f0a6408555e765650c6934

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e48fda475ab0851ad6df3f0c5e4cb1bd

SHA1
0230e962ffcbc8ccc44cb70a4ca72dce505bd916

SHA256
55dab01dd38a9856a236da814d3acb646b36206e789429cdd98549014d498f34

SHA512
adcd8948412086b46dda3ce02669802ba77e45f338a7d9889a5ff9343068ed6b71d43faaad87c4037cebcade9de12c7a9a5de7c7953be5fc32a0357281069a01

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
9b06658a96292fa496b1415f3d425fe0

SHA1
e291ad6bf2380e7748330b1e0c271503857f96a6

SHA256
08e9d8d9ea59d74ed329ee989f9aa56cfbe2d0e6e823515303490ac0b8868fa6

SHA512
13517d6fd2665b65fb52352522e1900b77cd98fc264d9ee5215cd48f07d107009f699bc8b7a52c2a43034c2cd4945c47b022cba26d2a3e2ccb0eb9147fab1b53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
912af296ed9b0eb7b4733fe5715fe292

SHA1
3b97b8b8da9e6792135c19c4663bd0ce76c6fcb7

SHA256
0484597ae8212386de18508552bb0f0de67761617f9c9947fb8be6e8be178dd9

SHA512
91a06dc60a8e0ae2f72938b4bd5e8c3c46f5a667256c6f4e86b677e1f7089c8ad885f764e024071a1fa5c0c3ca0f72abdad12710f2c44191d88958ec8ce34802

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
1cd42e9bb83fde58733e12beacd71aea

SHA1
12eb54e2e75a00b3f23cfbc054a69d45ddde36d3

SHA256
cb3375b153416f267ca7398bd23bccdd5b0eb09664589e2f6a40aa8dc6e59ad1

SHA512
c7834487123fe56f1b067f7f5029f485d196b010e255c494643fc53bce138da6bd59dd2cff659b295ecddafda55693b2a9534a87e218d8ff7ebafccefc27c247

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
edf7bd91515cdf8ed5d50109f98492ce

SHA1
21d1f9da2707195e5ca4b64d65ac87ef84c9f50b

SHA256
2013f6ea78d0fc66bbc17928cd66f051197b01c36930d6151c243df0974b40e9

SHA512
9a7a02e8ea4042cd6c75d811e2d2438ed2438d877398d3baea94833cdd428e1efc1d93e0366cf4ec2bca362e6a85e04cf86a0f162327ddd2290e5ebb576bd465

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
d24e01e20299f766626f9692dd378a59

SHA1
5d6df9644e24f4a40b51cca709f1fe3eb3614ab0

SHA256
b2b060dad6d47cf75b80485a4703eeb4908786efd410f22f11ffd93e3a2fa5e0

SHA512
d6247f7301ba0801b26a0ad68be05d3db14617a70dd43133dbaa393431468283d0e5c786c5a60868052c9de2c47bb3da9ace62b0525499c96cedae2a1b9dbe34

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
3d541269e6cbbf393ebdd868dcb06ab8

SHA1
edc62c9188417408898b79107f78b6311993e42b

SHA256
dedec6e9ccd52d841a0c47bacc8c958b6c813735a62f6b80fc6f85ce3f086e1a

SHA512
dd5684efedcaa46df2119289916cd9b7cba731bac26a6d645b42480b1cf5fe26f4c0858e3b95c57888910fe9cff3f11fe11b0b86a98978fd28b334ec22d327f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
fb665b82ed68d3b3e0cc8b70f868f624

SHA1
a63c1970afd97f0b27f3b32b3b471db043ff717d

SHA256
5dfcc5615177d92847e64cd6ad9699d3287cd20af58aa313000a11e85031900f

SHA512
fece14d7cadd5c8e83f18d19c9d1c5243a2e32a286b2d69e98d7d8929c5571ce96c23f14d4309e60aa8e0d3d445194052aec468fab05d97da11dcbe57bd16364

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
a810fde66cec4d012f86fd3c79639b7a

SHA1
af6c80aa599c98fa17f7fc3013323a9664b969b2

SHA256
553a75cde0af4f848c16e7ec0b784dfc3132ccdd6c6658ae0ac2a734a0147c45

SHA512
83a73d113b1a5eb1950dd22bbc8e179b2981c8f34a4564d029af226114ed8a1c756aa99d666120fe5a6245b7258f1f917850cfb3f088096acacd243748d342bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
23609d83fc4fcf0674bb171067dce2c4

SHA1
84fb4998822e092b1409a4a8b9531b2d714990e9

SHA256
6ed68d8714aa74cdf39629a209f065250f9cdf94a3b56915d4b30b2ba824d9b9

SHA512
8ccf4ba6e03cc970ec12f82c59040d962b26c1607bf64194162b392072d4cd059fc50759fec2f45a70b7855fe77c8732ce669832c5b3a9f58deca0edfe2fb019

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
c6d029680bcf5be0fd2f7798cd9805a8

SHA1
80892542edb32468ff755f56db358c7b4a23dbc2

SHA256
e6388a955e82b3686553b5934132fa8cb7c53a95bfaeae04ab595767c60a4d7a

SHA512
1dc44f2d6e2b74ac49af217b132c80a1c83a6891621ab578fe7de61211fc7506a09d3cbe113bb18eeb48e48292839105f06f9a967847e03d9e7492d500066429

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
8969157311ae132fa6ebcd102f9a1929

SHA1
27a51610a9d028eeda55217d79bae776704e19cd

SHA256
e8cc15bc21cf771acc008b8b404a4f65e2fd4964d0a88d7c55a5b4724b59ccdd

SHA512
3be92694a3677ffdc1d2d304efc663a965f93000a151b752783c52e3fd712d072b301441cc0ac76a161a2f6c6fd9fd79745db32059052820e3397065e06f3728

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.EnCiPhErEd

Filesize
11KB

MD5
10d94d5e508fc072c046c8ae7e23ce0a

SHA1
3ac0b88eb748f3cdbc43dd80f33812dff6b45c22

SHA256
d3421517e162895cb913a2012e84f6377b2fd63b82518b6f726c6b90a10ddf53

SHA512
dc423e6e376e793efbc204756efd0208a9703878ae7ea9e93e6d2aa2417806c7a310f0b0b80723c8a89ebaf686b4f2f811de8ff9f03b248c85f1a5b4ffaf313c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
d613dd888821942ecfa15a4c93db5290

SHA1
90d31d265a5f25abb8edbb04561c36ee2fabbab3

SHA256
4be03062469496e2d7e1e2f7a7d69717197f10d1888fbc738b73de20aea213fe

SHA512
265cb5b52a381461e5b4582c35ee8a44fb5c38f466136fd493aa662bae66f48c7198ad97f84b20cd05885a3283d0386bd380fd5738768694f48f3882d26876c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
fe4a9ba84467788c2f027cff8632e85d

SHA1
805cf3caf829b2abbe3c5dfb898db9b05c075cd8

SHA256
d924b63425ed3d790c7fb575c069873d7e99c292fb1f6b5ac73d7d5543c29a88

SHA512
629310bd5bd0214d2731528906c9f48a9d6b976ebe4aa3b9b7423c188b303505414d1511043e358766bd1efc0aa4714457289bb0ef71c237d50109fa3157a6f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8f999c8-4dde-4183-ab30-5875abfc2097}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
bfcec23f6f2f5cd9d4621fd654b888d2

SHA1
6c92ecea090a0ae713cfa34632bd1f6fc6ae0a62

SHA256
c6c4540bfed58efb4e89bb49ceaed9a5443c097bcf406d1482ac67334643991b

SHA512
87fdbab196e45f6dc62056a14278120ef8539ec92ced4c8b6cd777ac59539b0faae187f908b1ea88572607d43ce0b32d88bee3be38034164891ee432a5d428b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471124331548540.txt

Filesize
77KB

MD5
694c4f13108defc91f9f330dff9de071

SHA1
111b2b556bdf7b2d7a40951743b706d367697dde

SHA256
2f6c4fc1e170e00e2d67c6ef625201752596272976eea54ccaf81667eb9053e9

SHA512
48aaa99f5210836373b736416748814595178c1d85a5e26cbd237b595c0c83c10250a1cb6bf712b6f7e465a27ea368d4a1f85b5399e102f30a5705d78432e3a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471124857825062.txt

Filesize
47KB

MD5
8e5258fad7e907a1fc2501a8f622e8ed

SHA1
6f1fd3a0e9c3f8ca8e978c25dc5b34138ece9a98

SHA256
7e053577d5c1a54e77b1655ba15bbb2d86b1eac77b388b947e70a543f4f5e71d

SHA512
07413498043b15dc1ccf302fd00fda82276b8ca89a6e5b2a8a1ea3664296c745f9b40ce83b25b981167d63dba5489d62fd834c4007c61456da75114489377317

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471130637370897.txt

Filesize
55KB

MD5
202d224e295188cb262bcadd6c263989

SHA1
c09d63abdd918a1704c98d1fa2ffbe6fb1ef3514

SHA256
143b68bfa4fe04d90cde267ff899a8580801b005486143febd3370e9bcf53ebd

SHA512
2df59c5ad5720bb7a37936107ba7c925af3a953ef8933bbb76ad82882e130c27b0b8db7dbde1632dbce45e92747b1af3acf2e8f519c4e07c99b82d7d481306a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471150880853276.txt

Filesize
74KB

MD5
b3b8c4dd5b638ab4d33b58bb125a82cc

SHA1
60f682616f2b445de8ee4fef8b0346ececc6854f

SHA256
8bbffbfc3f9e2f715fa011e4032c0504793ca8c13c2e14ac414f7b8d884b4391

SHA512
59d459eef47447b7479f1aa986627acbef62fc8dfbb3e4f3437369d8a2f4939528dd388d19cdd8d4541f07fe4c96580ede19a5df8c5c096c551519213404da2a

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
c736ffe3cb527fd9a3248ef3442302d8

SHA1
3ddb3837965053abdf39af4375a8d72f4b41959d

SHA256
a6359f3def966bc5407b00258e6054744472f8f4ebea32b25a825cd356e0cff4

SHA512
35bb95c00d1eb15059c3564f71e010e9855edbef3507eeecdf4ee574f9eae093e033a94d3d16cd4272d50c3360273daf2032c15501e256aff6e1884ce2dba898

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
7cfc77d6f2f3ee383638f76115e85247

SHA1
a3275da34d6bec5078a33b1825abcf331424b43e

SHA256
f2564224a7a3a4d12e0fe492ad25e5966b918810152d6b9d6bf631a8878858a0

SHA512
baf1458792f3471f260bfa2677fe5e043ed934ec8c87f8e0978ed0ee46275a0945c87e1365f756ae0bb128e9774a3a6522703daa75aa3d70bcdab1c860680670

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9cf3d5d032c0d918c904a5a84b899f96

SHA1
509bbd54bde26e2b110cdf90d429edc99b9e44ae

SHA256
d37cae31fa749db4c4001771f9c578d2eeaee20943c30b8a3bf21b5996c51fd1

SHA512
9d7aad104efed964655bac582a875f0810f769b00849e6adb4558b07427b03a757b05ffec05713fe27e6d623832f98276bbdd3661287304c6c623afd2d85d009

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
2374f078959157e0473b2731cc7467e8

SHA1
de240db5b1de76198709b6aa07d8aa7b0781e749

SHA256
125a430088c050f3b9e8eca04e51e9d19c816fe15de6381950db671efb564ee0

SHA512
d46ea2148f2ddefb0bf8e7b3be388c0f796721f0100e186785b0aca0ee1c9ee11ba02758b8225a999603b086895ae1c6a3f56cad4c065904bcdf1125e59e0e31

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9c5561f742b0e96eefd9b656b02ec7e5

SHA1
5573a8bfa5a676c40786f96254415ea74e4291f9

SHA256
b883c6d0e10a9ae0cea4a2c3499a8569fd1a960da643537fe85959bae5e0742b

SHA512
e193bc2b7d7ee4f2bf124d1ff815ad550a13db6f22f545d4bff90d92922611d7ff2706508212408410381db37a192aed994a56cbae72f200fb0f27638b67dabb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
7771fe1042ad8136885e73a6b63cb3a4

SHA1
9706fdbc2ad621d627ec6ea655e3cbb369372ef4

SHA256
aae7ad96c15dcfbec1bd35f6450ef6fe1b4350124f6db66f4310c6912ee1db4f

SHA512
fa3b34c1e0ede2610c3f5c300cb389547f0adefb8e112a549909c1cd4526dab84230e19b523e9f3c0bf23633b86247d211a1ddbfa80efb92ada65a04e8e501bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5c1eac7233e2c99eaa69856aff80e865

SHA1
1c6b680c783cf06c52a277b7a5a0e737e9b68121

SHA256
484414b4f0cfb75014551767ac6693bebac4bac541d2c80403a1e5a384a5a30d

SHA512
b46f32a6bd4c96f216fe3fd8fbf6595f41dbf4317611140ecb2869eb5f9012abf70c1349a01e6bc1a7a65536445c53d866344751c95c16f5e504aacfb90b469d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
aa7e7382c8c86dcf81551740f4bff766

SHA1
bbf8586b75d62f54d1ab9cbb6c82e1446239137c

SHA256
f1a62c5e6f31826bba20d7767dd7f68ef5f9d62306135ab49cdcc0af375ccda7

SHA512
6572940ec29358c766897cace0c914fcae8a5f2f88b933496728c9f7e73573635c01275567f1b3dcc487da1e189a3ff37d2bf34bfaed37834847774f04933af1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
e8a0a96a2f6fb20490c8db6247828a8b

SHA1
a306ad08bf3b341e60ff0e8c7dacafd4ad7e541d

SHA256
81241594b54f5e7fd9b418b7ec3f43667d522be842c16fbe3e50eebfae1ba188

SHA512
6e26bec744e36e8b8c4f481e6698f3840b6156073bad14dbeb777fcb54173d870c08751a9eb3607fdbf6f9c1b6fce450b995ce0a5ebf1e23a12a6a792f7f6c45

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
eda44930edae8d297bb9b8f835c9ed37

SHA1
d79286cb55b6f68c15cb2ecd8134d87136f83d37

SHA256
c5b6afedac4909572d86ccd3100203ff2451b1da28e1ec1d7385627564b51187

SHA512
e14d164be6b9d1824801095aaf2bb8004fed5eddefad3676c03f359a307c30b38caa4ffc23225257b6e2e31bb1b65fcc60c90e2e1b7f336440c63c74ec499ed6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
2272e127ec82de31cf361a14c1725d98

SHA1
84158a57753fc5e32032694ca50e0d1a12e0326a

SHA256
c9e32a51d8752d063ac2b7ec6258f2f0d0f8898d3ee40d08b7f680ad0fb5e2b5

SHA512
9110e71b6caa7f4aefbb887009d9b9f21fa5e4bbe5468b81babc00a2d94deeb63a18ae470b058113938d774dd222548763320ddc834e4417774dc310a55d07e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0af5d1d0fbf45b6b8cfadb009613c8f4

SHA1
84e5e413b33ca4984ffd6cb4ccd699dd7380fb86

SHA256
06cf1ee65582ae7b17c380172f32b4601fb4300a6e9677a1dbaf2f1cbb8cc7f4

SHA512
db1ef83419321e2594f2a4a707acd7c341c31ebe2e28c1bb44ed7c77d28514a65fe0a01bdff1b03fd2bf6f03da02b9a616a539fee1baeeb5b895dab0992e711e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
dfaa1ae08ae1cadfa5facd557c09466e

SHA1
e5742de65f40f8c45328169c97f4aee397496cbd

SHA256
1019198c79768511bf6e4890a476fdd60adf2b9985b06b6e220abe109c6ee7f3

SHA512
70b4e9fadaff17e5bb21162e9ac9a87746067072cb3f041ce534219f3aa1aa469bf366348f949bf0bb5afb848f6e77825e582ee917319fa65ebbea2282a3b9a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
5a73dc456f63a9c53f95b6bc4922ef47

SHA1
60be64bfcd4e7a32a838b1ecbf222a84f4aae954

SHA256
4f0dd2cf2a508db8a2f3e69151bc6a3517711f2d00a64cf47d41edadc163a75f

SHA512
9f54ebe69b8a2a01d6a3b3a8feb62a2ebfe5c8e9d93a5373437c71520d323c309a6c6b9f73210bf4cc394de3b1f13960ca2a5ea039c7cf437f81196019c0063a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e7fcf823f7e1c872856f299efd38b965

SHA1
5aaa4e52459acfbf6d9194992dfd2902f995012e

SHA256
7a66b69613451d6c58d4c77793b7164cc582b9e28f6d0df3751bf7a9b35457ba

SHA512
064749e25638b7b9ff5c0d8b73e7dd6a03258a7b8e6835d8c9b12c92c3c637dc6fc5cbc791b859b9a1436c307fffeea326026808ffef9183716a902135bd6f48

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
9ae17e36eadc638a77530c1069dc260b

SHA1
98a3ae66f1a2d87c9ff12cd2c23811baac30be97

SHA256
3dfb50e3e0544063289c03d84e4d46e26f911f252a474cd8d96d7c42ab377c0c

SHA512
9e386593218e49ccdee2186a031fa65291b1aab38c9c812e8743b7012b9fbd66aecf040ea77cb56169e2b1c30d5ed62002a4f8db33749b622a66ec70307af80c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
5728af786b3f749e5333f8185c188d1f

SHA1
e9df3df0aa8ab1b4b28e6245b8c00d4fc5a1d1bd

SHA256
1a880f7525e19970cd0e970100e6410b90168e41d5d0812b145a4f0c361b2802

SHA512
b92d2d906fda5e004849b3c0d3b81dfc2a6f05235d2284e5b09bf680f8a0fc77b63789dd32225493184e991977047db18be2fb5b9b73bf55df6c8377efdb0500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
3fe20e143012998c2136be6803ca0f93

SHA1
7f5d66008e5be4411fb7b994c5afc947bfd7afd4

SHA256
6c59e3b72273901074a96f6e8a90fd174fcb4afb21ed96188c59f862fdb16896

SHA512
44b72e562e717c376ca60657da391fa33423684ef432c5ecc16a93201deb98273afd87dd1217a3a8725335716965d45a0aaf07a349d5399b36c8c28f24bbdbf4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
7ce5672b1aea819ca97ef40633c696ac

SHA1
8c4cc90950aa653fbd817c15d0f56e46da0b2bf2

SHA256
8804c659e8a51c60ac33c280fe3d2a3452be3ff98bef2674bcc5fec3cdd9f779

SHA512
2612d469336ef7e4407a680dee8632a7c54c8c433ef98d770b4c1f150d577a0587bb4b6567821abaaa1419feacc7f718740a2ef78c6d280764816b7e1c969816

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
edb299930cda8750a49d4f3b5f9ce14c

SHA1
cac311e5514ac89ab95faf3e74cba64b61a96eed

SHA256
add92a2751bb165c10e2ce5a22407e58974837413c89db80371ef6e65e2aeb85

SHA512
90f05120d46dc1de2731c1d2eab44c166fe362b981170daf458941bc1a44f1c1523e6a096c3433935cffc97ce60985dcbfd8246e07786571b14b56528760a1f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
5271460bf01caf2ab983820a1fe0591f

SHA1
e409739459f96892f29bc2b4087bad57058dfce7

SHA256
2811800cfc05c19102972458b2b38b5b9cb58e9b58e4de23332d0b280a5b7fec

SHA512
556dc0b7efa18e6cced012b94e378810ae449a9ece57ca10c4edd6f5cf0d5e30e2754cacaa6ce8933ea0b50b41ac05bfeaef86f2c0298b2761b4adf9c163be15

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
54443cd244ef042737e4a240b8b1e5b6

SHA1
899a37b886c0a80065f5ae870e1b6223c8fae92c

SHA256
82fbd7a62912c84ada8ff07df2efaa66a15ef21e4f318af99cc2df1c33044c22

SHA512
56339ed0f74dd1819e862bd4878caab6189a1fb7d0e528ee46137b9ac65b0f8cac19e0c2f6466544c2e60a6645ef3ac8747bd643eeb9f24b2e4d05fabe504732

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
a1eecdb6da3927fbc6fa94de0faf1416

SHA1
871ca7b9f889570b75eddce067f5710b128a2507

SHA256
0901e4ddfdadaf9e757543b811f2c9b702343d2de0a005fbd1375dfd82a2c10e

SHA512
d360e6072d5f2b4f529ee387c86a9f07e2af3ff4a0683963fdc0837d2861ace98083f625218cf761e8b4aa07c4a8620377d40aacc87d06dc1191a2cf09046338

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
d7395d805d9b981bb1e6e4dc7c21511c

SHA1
aaf5cb0a9fa02e021407eb3e540d051e093cc70d

SHA256
34c74d5568c6434472093ea72bfd5840d01339cd51609edce60518008e85c60e

SHA512
e9779e08de3ce51137576b05f4fb807ad691bb8d1a91083c70649b12177deffdbdd67fd4d5f7a8b75307af5ad5a9a2359cffe5af93c61f142918831a76a2c0c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
8fbfc7623d4db48c36c2b7c862c14721

SHA1
99bb70f8e8aa7be77a386b1120f22c85df3232c4

SHA256
97d01085099b20a90e4ae2aa827c05ed052e51524581c6d7f43ff8b64076d493

SHA512
d2c0c691f914de2b61f0eeebf5d29ceb24d9ecfe23a963a2be314e1d85a5832880c1e07990044bdbc7967359fc66b61c21647cbfbc54a340f567021c6d36db70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
5d438e8ba2e9b26e0304e5006be19526

SHA1
273c7e78b5d358d4c0415798c238ad8ca489fdfc

SHA256
3f3fb6dc008166ac6e445c5e5aae4cfc6337e96bc531009a40dbebe6a3f94874

SHA512
474ca961d7528d2c536b47572c275b7a55a37efcc57b5601ce1845c3b88155600072ac9d11a26f9c1daf83091c31fc73135b75c85662b84d9a2789c294ad7536

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
86a839f614b4404d5564cc2807cf0961

SHA1
5a28f90d7d8acfc61e217a67f9f50447bee045d2

SHA256
3ae3e9c1c9146226874a78399163cdb8716f9f5116bd77ebf91e1958c1f3b461

SHA512
4efe618ad3b92bc7311645c33883d02c91db927b0e489ceee9659d475ecb6c07519cd2e6bac332c4b8255ad6929c9c2606a6c48273a9dee0d4c5ab88f5788a31

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a3818ec9abc85568f68d7daf99ced509

SHA1
c17105c3053d9579235db6536ec98cbb726781e4

SHA256
0898ac16c49b873e2044defb0e5d633d97535bb4ac0647a169b34f621935332b

SHA512
887197d20311c7250596d80f6c356c88075671b3a72e901059add1fafb022376228124572f61050115d86274848fee370a0143c7dfff4ac3475d402ae160b231

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
7671f75d053ac9ba0be531ec2970a196

SHA1
76c46b3012668acf96950f794f16dd8f417be3ff

SHA256
9795665a4aca65907341689271ec5e7ce5291123acd3c9bcab4991a7ade6734b

SHA512
13af072563b6ab90a002ab82bd9e044c208f9e13507037059a802b3da6620986d8c799089e27baf2a9949a982bdd943a20d0e10c74b84860362047070c225174

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
7dde6931b637726c08a2a8a515050a46

SHA1
547d3225336dda538505133b254fe270a91c83cf

SHA256
5be4d7eaecb372b399e09b27a1e7711406138ee69a178d9623f4fb02b5f42a21

SHA512
1bb368c4e54b9f18e95287b06e7e692fb820be987ad30e59e5b841b5dab2d37e2394238fdddf462af061bc7bdf879fdb0b0946276012956974d6d85eb22ec620

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
b70aeabfa74688dee93f41e00400be5f

SHA1
4a919176e4f2d996d52b355ca9517bfa2390204b

SHA256
de9d3f2d9bcb4275a0170b03da000dd65b900e90c392356c970ce30f962dd21f

SHA512
218708f4cc27b78200c0ae161273a7eea12a1fa7b0d0b0d0c4208e495a66600fc07fa12cd3a4c5f02e5361ef2d1403b2625737751eaaae384fe8f076a53d8974

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
c7b1a5ac31886d35c9c65786d2e47fa8

SHA1
53e87f3bda3a098e732c6c3bd9a0da90490b6280

SHA256
c6a806262b6597c6d7cb6e604d35146526037904be3a04707c456e9be95a13dd

SHA512
769ca4dd93b66151d48a56afe65b105723ef65b8834f134605effa097e5ef152aca2ed4eba2ec43e88f89725e00ecb197ca823d695e1415f7ffda49e9a9640b9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
feb86b5667567eee77aa519924603b8d

SHA1
0801c103b36d29883562a02e8b612a3920f67fa8

SHA256
666c09d2d490c0620f5e122680662f59d3340736de3375519d1c28d024a069c0

SHA512
f1bde16ae56b8bf543467fabc17936bec492548f1ca13d25a1ec7fe87a0b9d889a047baf32a1c5d0202a04dcf92c96c557eba1c5277f8ded466e6e8b0197f77d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
2b1ad90d6359aaa8cd81b0ef7d8611ab

SHA1
972fc52f321e6a0c6e7e96ac7fc66a3ea084d8f6

SHA256
9f44b440a54dea107fb44fd66710a4c7e6d8a46a3971692a44208832152f5361

SHA512
a191ba8461f8fd23a5b6a87e114f0fcc8dc4d8329b902c9b3a46ffd98efc706da92a000499f4b60ad838f9efad8832ffb1f9bee4e5af9348545d2d9a9ae7ab48

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
cab8b1c93b2f49a413e525b31eec2612

SHA1
9a5a5a3b30f713e04122c00be0fccac22ae2664e

SHA256
4e1f14740fe9d6cb44e6363a3c39bee8630d4c955dc49854670a984f5aebb1e1

SHA512
1a9a381418e1742ef10a530228d2f35d8b8259afed9196951e591cd4f850929b04b5364bce8a5d25b99285f1c22944ef9609ffd7c31ae57ee3440c11ce8d29b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
20ca4aa38cae7f0636e125ceb82b0407

SHA1
435823b4ab94f405b1d4b27719778285b77451bb

SHA256
7885f51ec8e411cfc42e14274a761d09ab542a6009d4959e99d822e49b9be252

SHA512
361d8d224272267dbeefaf5efee24fb10e1f1826b53660db7de291af53cea7982f5f4ac0434b76d4d77f9770eccd44470d3c3e935b5b7ba4f2670e215346023f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
bf451a1f8c00e01808c41150ef697909

SHA1
5e15e6a7a3741a0e0a14ae7665491873a71cf638

SHA256
28a8c98749c8e0f3e0648fb92f53774af436ba92d277762de25ed898dc5ce8d4

SHA512
1412642990fca96ca30e5259ff362a6304f2af25949cfc067da980f62d248fcc6f5696771e8532d71e98ec5a1d7112a62622b957675964335d9fcb7b8b6d5b69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
fc774fba1577fb09567220fadc7c8aa3

SHA1
c83ceac885cf0d6fe997a2e7c584231c70ccc080

SHA256
6015323d68c63f8f3697ad18f2cb6167466ff04d4d1595c6c4dcf5d51ae57e4a

SHA512
f410f4ce82c178d15d44fcdec4e8a1ca2b2ea4e1786ece92c8183f254b73cf9e2e5f7ef6cb9c24d97aa5b381644b1eaf08338da0c5700c7ed951cac48208f0c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
7b6f9902a4d52e70c13eb5ad4038ef23

SHA1
805ca725d20406f3f3da7c862b8c4e60ad481d53

SHA256
d2332ac9ae49db16b416f9b1692a0226aeb6ad3f0b325945f6d2f80b2fc39b4c

SHA512
a398a46e03235d15dacaf911050a6924da46b6b079fbe576a80865678d857a351705081c95a08e6e332985325535b5aa31e781a8fff1e65c40b26fb17f495186

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
4bf20e69ea02ad8ff428fdf0e8e5492a

SHA1
b0024b00fbef32ec1717de69c290df5ce618eab5

SHA256
cd2d5db5a3f066915e1556a511f4d7d7d4520ebc99627eadc4df7cffcb3879ff

SHA512
fee3c0d968cd9346c884ee0670c744f8b451d0f7309c2ee1c9f60591ffd5fdd05a22892c457ca4291e10758d5002395749ff2e0e013dc59b0b743b265a61dbea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
90c2e39fc1b2f7959ee83f34805cdade

SHA1
35784d000db03d9f06ffeeff11d7370ff529b4cf

SHA256
93766b3c5353f1249467e4bdbae8e22d5be85a9e4691a41416f94c81cef98b78

SHA512
5fd22eda54b2c67b9a745ecb96fd040630394b70afaecce774d25290aa31773e61518fa84af860304d07fd12a91befae2cc74dca7f1934d0f20154bd9115f223

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
560c2d6900d1b10872988bc72587e292

SHA1
15ed934c25c6cba924d62c8bf23bf9f03fb12e6d

SHA256
0a7fc7f2c736421b16a6abc179ad43f010a08a3ad36eadcdf2c612b2aa274241

SHA512
31898b46da9ee4338182091ee2ac3f7c378a53f884d6deb202878e6e126e8667f8ff4ea304f9230072419e59deb1c50e82323c59f173afa6e344cc1e0b1d77f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
f5997827c0cf231c7af393d03f1b0a30

SHA1
7e5de1ac0b39ee1f415936f1697d5ef21a60d493

SHA256
4d40b1c821555f969ce5093fa9d4617121b57b92ac1d71aca9d958c5fa19ba4a

SHA512
2b4ccd4de06f4c2354456d117a1b05b306055c5d5078f86026bbf01df31cea97456116d117d02bed80dfa3f4b97753e90ae9e95a5ea65675be780fadb14f30d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
f49aa8160f09e552950bfc7a71fb8dc7

SHA1
12ce953abbd0b268b9e32069eee78f41316e41e1

SHA256
73ff583b592eb6fe60e9140dbea9f70cf5fc33ccbbde9195f69d8952516b86de

SHA512
9337e613f72209824e6abfe78df9518410e594186c381df6b87bf5483dd9b2279f2c44fe4305ee64f58626f21f7a70cc26fc1b7dc564398191273efb67524944

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
a6dac11978a0e468ac7285d8b4681d3a

SHA1
8d36e02879b84b7a814640096b7295f649eb6613

SHA256
a174d0955df80dbd52e5bfb785ca5ce4f0eb594301c7b5d63a74427c6e22f88d

SHA512
32e049879db97055cae87e491445cf8d58c12a8c76f759f852dc03bac053903eac8f0fd3284168a535f1251ebac14231e011949fcc5d28690e817501cabaf315

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
c0c661679ff76a820e4a07687a40e970

SHA1
a1eeab6bb357538bf3008b6a628b74fc0bdd58a5

SHA256
5371dd2617d9c306d9133ea2d17927868ad28ef5ff8582538aaaa086c50c8379

SHA512
29c97ccceaaf59add8fb62a5ced17c827668d12378238f45c5bff63cebce0d3b2a5c5ee724c25c774381861a35ffed40255f6752cf6a45cab915be0439ab6b6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
6d19e19abcb02d7bdd06dbf1d559adad

SHA1
be2d14a11d3a0dc495abf82c1c1eddd7b3cbffb4

SHA256
9b2f47d6b5328bdacd3d758b880f16224de31fdb8866858a336fa2f1a17c7e47

SHA512
215b6ab0ae378f82f4d19202224a67b9c230aca68abd2809678cc979e3c1b9da3b6775caa176cc150133b6048259bab731d031c17290ab798bde2060733c15d6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
9d738ae69f6c4937b2e6f16c09c0c465

SHA1
007df4ae5d83af2a33f8614369adfa44d24e091d

SHA256
2cf92a4d92910f92be30db13531ce5f68860c31f0e49a0f14764e7d2033b0e30

SHA512
aff180abbbdf9347073ba1d70d529b28f5f49e0ae6ea8373b1df6b1fc121248342f743d603bbf16fed7b3ddf1441ab5618997597d5b83339ccb3510fd61a9146

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
5e670b95334d58b974fcf47f35ccb766

SHA1
6adab5f622b03e2451792c4e5b511355be6aea59

SHA256
ebd707916b26736408d795c96252aa70283fe7050df2b4a55553105b4e677da7

SHA512
f2368360f7bd27bc69ec877be19527e8521790eaa0af39f5058cd6aaca760b3edb7a9581fc765badb57f5070c87a0bca51c07abf1811e47e2e71b889f30b4be4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
3b21b4912ba48b59915e62adb354b1e6

SHA1
c27ffdac6002a49fd90ec40a7a7ad744506638d0

SHA256
819278ba76cede26922e817996ee4b591fcd12cb3b670bc5a8e8e13e90fc7dab

SHA512
207a0749336e574810c731361ba4cee4b709f52b4b7731d79bab1ad21fa975dd8c9e29ccf0c8ad8b99d729218377450872c791bda5cc8399a195b0ac75712381

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
c7d20481637c04919b2431e3e4e77851

SHA1
2601106556eaa4e7a5b742c3c4284ac09718f36e

SHA256
3406a05eb9a2c866db02587b1a9a46d5d62418946e3c1f18275ee3323c0dccd2

SHA512
7eb98cf6444fbb48b2babe4018e1c4a92916abb850131bbda4220142f7437922468f6d3a26da9c87e580775dcc0ff1bdc08a0c6c9c8599a3c6c86b8573d9a555

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
e39fa0a0d56535e55830d03c470e5cbd

SHA1
3f2c0b3746699e90b89a260c3ab8e2c3d6bb241a

SHA256
1f22f1fb206eedd43f65c7b0a9eebdeae1210c61191e29d6de63ba2cb7ec978e

SHA512
b0dfbeff6abac403eea39674732cd0f9dfe18d0175989d3f845c0a6e5f02734dfd6e7c11f9cce0c0886ae39fc8db0c062d29ca3b1761b39e0c30f465b49bc86c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
ed234737ed8a23831aa96fc1bccb4a0f

SHA1
67a41c969a054f1973157a20dbf006b96583cc03

SHA256
ea2d30aaaf0c3134a7b2d3fd83b4e9e53ea2257c67f78afb37839ac11a10549a

SHA512
85c37c5ce425b495c5b5a2017e524e34e0a0973b6cd28e6585f97ebc3c2eb54fdbc75e37909d8e2d80f81bfde2552bb37cfc8f28ecd14d20b8b4acabd7f13f29

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f09f45d90413dd149d3126b8651b8f01

SHA1
0f1453fcd8759aecf316cc3126e9528f804dd638

SHA256
ed533c7343d22944e862869a5b57376d063a74429df57f87969d5fd6dc50c3be

SHA512
8510c6be4201d3fdb0aa36211350da2f5d0427733427333f30c2a1fc039547121781c7d1977d50d953ae03ab8ec6a174fc5e055cae35f2dfb498980c0bb27ee3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
7905c1e144e2c92ca365417fbcd97090

SHA1
d474c59bd23397212a4466c60e1ad21003c9bd2d

SHA256
f7c3f9ddb4234930499af8b4aaa1f5e1eb99faad71cffb8e50918fb640ffdfc6

SHA512
875c4be54e684659f1e5fc950b443eaf482bfca223ea1ea77692a78cab20aefb8a11caf08dbcfdfa12e8437234c7c330745f03b3c64d05cc2fd2394300a2264f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f150931014d7c041223845df5d6d070e

SHA1
fe67bf57dc476115fbdf3cba4b2463ba788afc35

SHA256
87d23698de491245388fda3a3c28f43261b2c36f1d28292820062f6c47dbbdbd

SHA512
f8e9097c1df123916a6b0c98e5f025e8705defabc0704697c913e9d4e1568f5defbb80a613da8e5ed55fe2acdaff19c864e16e6980dcf7a7f628a50784bf80b3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
fc6e4a628f34fee8fbd84a7914a8d878

SHA1
070733bcb2ed52334a739dd5a9564294b103c889

SHA256
2a49a89d3270eedda29232e4a343dee1d3bd57ceaa7d62a6e08008ef0c1293f1

SHA512
12daa2ceff01678aafe00fb063add62be2b639a76cf68ab415d1e3591cd6d6033b1bcbfef1b275db746a7df3e54ea7bc307be7f9afbe5d5091d28b9566383a99

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
58dbf67d8b4461328ff0fae54cd626ce

SHA1
34069fe8fc9af128fe62deb7fd15c80c69078954

SHA256
822516d456459c98730d154147bcbfa5100a137fabced26c895efb3ce1198749

SHA512
2d252a0a667c97eebb888ae729d98da02a38e7a816f411baeb627fe6938d6ab74415670c004175ef0d91f74f39000d40ccc5fffb34e11ceb5849cb0c2248546a

Download Submit
memory/932-11207-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11215-0x000001EBFC3A0000-0x000001EBFC3A1000-memory.dmp

Filesize
4KB

Download
memory/932-11237-0x000001EBFC5F0000-0x000001EBFC5F1000-memory.dmp

Filesize
4KB

Download
memory/932-11236-0x000001EBFC4E0000-0x000001EBFC4E1000-memory.dmp

Filesize
4KB

Download
memory/932-11206-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11235-0x000001EBFC4E0000-0x000001EBFC4E1000-memory.dmp

Filesize
4KB

Download
memory/932-11233-0x000001EBFC4D0000-0x000001EBFC4D1000-memory.dmp

Filesize
4KB

Download
memory/932-11169-0x000001EBF8060000-0x000001EBF8070000-memory.dmp

Filesize
64KB

Download
memory/932-11185-0x000001EBF8160000-0x000001EBF8170000-memory.dmp

Filesize
64KB

Download
memory/932-11201-0x000001EBFC750000-0x000001EBFC751000-memory.dmp

Filesize
4KB

Download
memory/932-11202-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11208-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11204-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11205-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11221-0x000001EBFC2D0000-0x000001EBFC2D1000-memory.dmp

Filesize
4KB

Download
memory/932-11218-0x000001EBFC390000-0x000001EBFC391000-memory.dmp

Filesize
4KB

Download
memory/932-11203-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11209-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11210-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11211-0x000001EBFC780000-0x000001EBFC781000-memory.dmp

Filesize
4KB

Download
memory/932-11212-0x000001EBFC3A0000-0x000001EBFC3A1000-memory.dmp

Filesize
4KB

Download
memory/932-11213-0x000001EBFC390000-0x000001EBFC391000-memory.dmp

Filesize
4KB

Download
memory/2424-10736-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-7416-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-11168-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-11167-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-11162-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2424-10883-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads