xorist | 7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9

Analysis

max time kernel
1s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27-12-2023 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3aa1f331e9be757cdb400d278dd8891.exe
Size

7KB
MD5

b3aa1f331e9be757cdb400d278dd8891
SHA1

c1b5956632dbf7e961e51330e53dd4ecdffacee7
SHA256

7d4df4a459ac14bdb81cd85ef4b11cf9de4a56eb062bd9e21fbf769e72709bd9
SHA512

ea316b5a9e6aae42ae16e8eb3dce6a085dc15fa422ad0966a6085cf81a1607844cc4665ebb4fb08e53b730422c22a43519e29e7519b0f3266ba06f7f3dcd12db
SSDEEP

96:leZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExjS1XqJTSsfs/+GeZUeP:kzdrr1FG1WDCgmjPZjzThE/5eRGMUA

Score

10^/10

xorist persistence ransomware upx

Malware Config

Signatures

Detected Xorist Ransomware 6 IoCs

resource	yara_rule
behavioral2/memory/1372-8019-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1372-10617-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1372-10690-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1372-10753-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1372-11030-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1372-11035-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1372-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-8019-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-10617-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-10690-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-10753-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-11030-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1372-11035-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe"	b3aa1f331e9be757cdb400d278dd8891.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.PPT	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_w1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-180.png	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPack2019Eula.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\System\Ole DB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub_M365_eula.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-100.png	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\ImportTrace.doc	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\System\msadc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Microsoft Office\root\Office15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo_small.png	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Internet Explorer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png	b3aa1f331e9be757cdb400d278dd8891.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	b3aa1f331e9be757cdb400d278dd8891.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\ = "CRYPTED!"	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon	b3aa1f331e9be757cdb400d278dd8891.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe,0"	b3aa1f331e9be757cdb400d278dd8891.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\QLUm8OR6vUIE1wP.exe"	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	b3aa1f331e9be757cdb400d278dd8891.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TMBTQNPXFMFSJFV"	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV	b3aa1f331e9be757cdb400d278dd8891.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TMBTQNPXFMFSJFV\shell\open\command	b3aa1f331e9be757cdb400d278dd8891.exe

C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891.exe
"C:\Users\Admin\AppData\Local\Temp\b3aa1f331e9be757cdb400d278dd8891.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
22c841983188e9a6ad69ce8a936e06fb

SHA1
510a4ef6695a57d7b172346850b514d84b4ac051

SHA256
f29a08a6d4e38b7c595fcdad6af83833267ca03e5808b062f911ffc2dd6c2706

SHA512
92268f7e0b7fc3ca705909701b9ecaff0cbc03653786a2911f0948644d4f3b0fcaf82518d54562a469257005da194fac1fd2c577f7822f3166d19e5a45b0087f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
4b464756b2d70396f95ef75f4dc5e08b

SHA1
c5ba3720c5212ee7199d406ebc1e57cdcb115ce7

SHA256
041cc9d393de0a54394604425334561f3a437416c4d5dfbe4f0195a1a8e283b7

SHA512
0f8a54908a1f3378d97a5f35a4d2d0ac95284eee0df3103e47cc10065fc1825fd0c1974352c6c791618cb511c35917d418ca1439d903cb338a4d28e309d8426a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.EnCiPhErEd

Filesize
552B

MD5
973941562e9c73c6bcbad4df2bf9ef59

SHA1
bd9bd92299dd25facf5693a063609defa23c3973

SHA256
0ecb1b818733c7329e0520401a134c55be8e097a7635f66558054c1821156845

SHA512
c23af930052a517ebc5a039b538454f5d719c79dd0bd1fdc0cbe4843d056335d895088201de51c90a4eef156c8b6d021d4d25345fac08de1d7880386319054c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
1b33610ae284de22735fe8221080cbf3

SHA1
f500dd057ebba45c4966c649a4b3cc48a37f2578

SHA256
682a8c72e7c447e97e1dcf1bdb539290a2e51bca85e9744024504e45cbafe050

SHA512
2ae910a31cd12b38f27645682d2a00b43da392d95edd1bd28d8bfbae3f6a090f374ad1dc7906f7f85805c6c657ad7408a3db03b30a26f528ecd4dd93184bc80a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
545ccedfb1e07581595bbecb5cb34ffa

SHA1
aecbd2980c782b8b7c55187db0b2f3cb4b4b97cc

SHA256
c0ce3c84e842fe5722f71e543dd21bd6185a861a7481aa3e79ac749ccff23122

SHA512
a7ed81f65884da94fa82b9634b72dd67b8ba738d61ea2a22e55007d21f30ec3dea6778a975cd0debef47de615d7d0d3f78cd201789eb0be4742484f95df2bcc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
4cc424b8a5b0eeb9771a33bbd51334b4

SHA1
eacc1a6b535f1e2102896a79e91d78d7d3ac577b

SHA256
6a181282afee0d34ffddbe1013f37ae321a2fac1c81a7efaaefaa8cfe655b1f9

SHA512
3745ce0f6fd85269b485643bc8faceca35f654c6587854feaf33a8c2e173bf707253d8d659ae388505b206ca343bd03b98f83280c1c1db1a1638efb6393fff3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
6f43c1c4768dc287c3c05c70276d075f

SHA1
7e4308ad69bbef4acde308e177004ef0d78862dd

SHA256
c224d88f84ed1dd2c0fa2ebf186c15727e18c8cf29dd192f3621db5098b6aa2b

SHA512
6bc30862c1fadfe080b59a847a954da8f237593b196e0f08d7102cc621b9bb22c9e1b766f288746c028e05636241fee750cad26781e8f67166c71a940f531653

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
4f803049d7dcaebd7906f9e6c184b8e4

SHA1
1bd7fb9882f09ed47ee134ebf8a37790fa4b8e3b

SHA256
c841d067765d3cc4145b71745452b99f8a4f57fb9be8c1187e8903bea0a31c5c

SHA512
385eb913c0705d0142604bcb49fd0e97006f6fff4f7ff03b6cb4c9247466288d1eca27cb7bc72cc9ca27f8b54a2f99d0b73d1687bb3c6143eb993d2ebb09ff86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
e96ef41d4958ceeacd7a6eca95cdb8c7

SHA1
76c9ccaf4a86485eeb10a8e41a032a4199519a5c

SHA256
0bb157c350f9cfe3db8e35e60c4a2faf0c3d6b8aaf2cb3ccb82f0b9e0881d35a

SHA512
db1009885d814546d14a412f41e3e1fa9e4ec925272547e2609f1ae42c49ab539d8169b738125f641e9a607e73dcd5dfde70da5b59c64e4b5ce27bfaafec4604

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b1203907abfad2f5232154e3ad4ec47d

SHA1
152b0c1fc261d1a7a08d33466ebdfc1dbe6fcf12

SHA256
99a5aa224d5089f1aed21e8e0c5355258907ee967affe57c5c6330becebd7e2f

SHA512
312877ac5209ad83fe4ea533df4f0c229ba18e533fff5d68b6fea787171e2bf80cabb6401969d54c78cac17e6177becd378afd1d84cc36a20462a3908b917352

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
3d842d90cbb8d03abba989465312a171

SHA1
01d4f8d3c8a7be1e01dbdbdf78f5aaa6fe5820d7

SHA256
72e8102a7f1e8838f85fa654e73633467ea7c736c311fd947fb00e254391d389

SHA512
2bb5335fbd5c31b3765ec2ccccd7c47fcf5b4ddc6a70ab248667bdaf5ecc05842fdd2bc4bca72a327ce475384019177ae8e2b520f789cafd8556ca708d949cf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1177d013f7dcbb51f1bd00a781d63892

SHA1
291f67da3f200ef9e3c76831c0a45465d25cc046

SHA256
6c63627520141ef96f4dce8ef4d306b927c3dacf0db49d3dc3a247b9ba7e43ca

SHA512
9721ab2ba2154370a58d9f30000d57eaba8c86fef6206ad259330e322d8e9120ccbf1b4092983132a600e1c7c377f525833d328e11f55d82d4ec4ea4fbca64b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
20c6235de92d01dc647f9dcfac9b937a

SHA1
ab83795e692ff0f11280632c4a6eaafb5f748277

SHA256
e87481900c53e35841f9188588a38dcc296ea5f1bef1f93e3902a6f41d3d394c

SHA512
945acfc3c5f9dc750ea3b6eef7f3a3b0c7ac8250f5d40cc4fe0715cb64ca18191e3f49dd3235cfd9ea0b68d4cc26f85a8b18607aa8b1b50283b47ffe131b7a04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
da60a8e460d5774988c572f12d88f7a7

SHA1
b335e4be71e6eb1d833b83c6f0538a191803b357

SHA256
d7abfcc67ff9925e523627b7dff6e3d86b81073857a62fd54d2cb5613a1a23a1

SHA512
21291603a82dcbb261f305f0544d013a953af5ff9fa3dafa85d584f6349bf9db391ec7b8c789695103a05fea7c5ac9a5cf1ee6566fdd422a0f247c14e1fd497a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
6686ca441eff8a43c5bd8d4407985377

SHA1
1b5d012718c7f49523fdb062fb10fd9fb1a1e049

SHA256
94fe9f24dc8ce7a9805c294af84bcdb93c7ec40ee42910260076d53b239551eb

SHA512
3ede087ea2fc65a13fecb83b98f1306f274d414dba3bc47236298c264750fc84fc6965915ff6fd115bec0c0d19f5c7ffb5edb89cbc21379405f18c2d5ba285d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
e0b48a12a119f09411ecce1e93f8a514

SHA1
8fb1d518158494293839f9311087b39f552c88c1

SHA256
3038b294cf6fab968ec72c3d366506f3a6eb6e349ef8dfcea4a81df368bf8a8d

SHA512
5b43abc430384c3d6e28c6530db69f8abba405412445a9ce3fe69fefa40ce66431c42d820ed36cb75c732cf9c3e05d69633c5a37cd57b2981e0059976fc1273c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
e6782a264b3f9db8bf6fa7eda1f40005

SHA1
5dbc81d3f487d8c0d9e9e23a242a1a1eade31954

SHA256
86d51ba1206aab56317b5d40800129db8cd85122e30cebc5478231303563da09

SHA512
fe934ed88e9992d146230f2bfbb62694730403c737fbc8eb09365100f1398d2230b38816a6364df00a919a30c20e0e6722a8413e314d2e13ef9c819815971c48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
f5456ac5b449cb7df803908a66c3ffc7

SHA1
9b78d17a05f6a493680371f798e6610fea919042

SHA256
9027f0d07bd84612184c8589ca4ed205bd41f3a64d145e98835982c21cbbf311

SHA512
b89febddab017a8265bf0a60d56192b6ab9414febec65d4c40372cf5a30641c06a4584edac3998f942d6dec89f94844cd0f7a4265d7e94262df409759b3f4c76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
7a82adc35c8693aa349854d1604871dd

SHA1
8d810bed2860e5bf9141adfbc90c68270f6d150b

SHA256
4fa2840ddcf0c5c1964cedfeec526ff96f0e6456fc61401620c18bf884f74510

SHA512
71ed3dbcef2dd81d20e735d0d3c96b608d8661bacab622463a5395d12c40828f3ad688935748338e0137974c61f63bec902c69914a703599f2aff99b7992e72c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
8e3dc5934c3dfe085b9e0e46236729d4

SHA1
65ad2dfc7272a42ad5c567307078a0055db1ca0f

SHA256
88ea9bccb64c412475e489af77f8aadbd49f50b4de9ac911a519bdea52c1e2e5

SHA512
b785cfb1e00f74595a3f7794aec5b6895d88f8bcf1d88e2664c57b107c5f8b0ef300587a6d53ae901756e45dc6cf447947ec5adde5076f1717ffacf9cfae0236

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d418e432dacbc83b161ab856f973d989

SHA1
3f36b8db116a1491e182505302d86c3615c2354b

SHA256
011010c9da59905c3d30eb54402b1b21fff1236bb4a3f3d1039b77037aa46b69

SHA512
06d47c68731a3ef415a782a305770849395cba691d29c99e77087427dd758831ecdbddcbf1b84c5914b1b1bee41e413d11b65782a136d1d0e58611e405d23cdb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
75687ed41c50e46f2699a522bf429c84

SHA1
40f8acedce94cc79a977ac74a189d1193d9b6513

SHA256
6fc01945cab08bf7f66598e039090a8efb518b7680c208f6cbe8af394581d7b8

SHA512
50f0f877904e4b4e4d9f31c989e5ff818c0f2d8b65b636621063415394da9cbc008ee579dee8e615a8dc948506bca6025211f748bb0b04b3b6b315ab11ce2820

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8d4a5d02c88340615d5e4387c38fe46e

SHA1
6508a5b460e89bcf85d9c58c9bbf2ada38dd50b5

SHA256
5ed42c22077fa473df080b9732e9a333f39348ac21c1cd7ec306a17f9b657089

SHA512
cefb394c40df4899be8a0b86e9a73e0abcee081fb6582a8dc2a8b2d6cd4c2048751abf0441824236fceea07725d3b0b57a1040bc5bbfdea53c3ceedba078ba81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
0d567bed633411ec53230f9e84ec39bf

SHA1
b7d112dbf4294da08ced8b363dda31869bdb4f1a

SHA256
7f446f2479d02a9564973ef4cb997712c9449d6d05bb4a37ea1ed9de1863fce6

SHA512
de4c73c33bf77b1dcef42ad72fabb7929eade6d0fea366ec2e52474983a96b955893265e5545263ce8bdf5cec87fa81c8a7646bebe19760e1048e2a30b165283

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
e089e1422fe4b401e7803e55eb0c51e2

SHA1
e9e030563c0aeb876edcfeedb49d08ad1974cb2a

SHA256
9e5940b8a707a1a95dc77dac6e568a211e240643b5316c2e36918b8d49382d66

SHA512
324ac2a8959488fafac997c59a7ef6b07b279e0a338409907ff2e4c48f2f3d2878f082e5b363c95da35298c88ae7e26321045423f49258236d9444a906737986

Download Submit
C:\Program Files\7-Zip\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
bb8fd8cf1555fd6c7186b68afc2abf21

SHA1
d8bfb963f5b4180b00dc3045776d7ca9c4e3f58e

SHA256
b2d9543c876f8920b0ed346f16c0c985a4784dad44168ddc345dcd07df6b319b

SHA512
4c4c7ca8aaa0af7840d99ef5fe438da99e34abb56bd0b92bc437f60d45aa8965427d9c3e2970f946a37322dd1f310e3189b04c8b75e76d820a30f9e394f6bc93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
200a2d49b64d143a388432a11fe5194e

SHA1
69522af151fb0006bddc03f25f24f289fefbd552

SHA256
06117550d93a0b81d79170de2b6572af8300e5c45618f1387d7c8384f77dfcaa

SHA512
78ac1911cd8589f80f9a1979061b9224afd62c3ad026560716c7238ee7a75fd31c3ec789eb5222d33b438b6a93851f0ded8e31c007da6137befcfac7e4cd47a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
36dbc40434092ac33ca8433b7904268f

SHA1
f4c9a16352d77afacb3116397a7a754ebf233780

SHA256
1f5acc2bc4025e273b53550422b8f9dab2da9528438670ce29b1e0376dc86390

SHA512
b9f80a4ec526d182e3d19a2092ee236d1041d545d5be342acf854be463203c0e1cb0956877c2826a2331f383e97890a483002f7b72c220cc97e83067ea32a4b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
748e54215c5539d9ab3c2fc9fd49f893

SHA1
158638eb27859728437cf013abf11879aff5d77a

SHA256
be4fe396ce6545d75f39b7e265776cf2c513b66052f2bacd65941f56e18a5181

SHA512
8963a09959918f50c6e0e62908e242117f64300f2c1232fdbfa009a682cf90127a9a51f0b7bfd6b8b5389ccfde921ac3b5c0bd89516815a40cdd8256dda2a6a6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
f0f45ff7944e13aaa4729bbe9791985d

SHA1
5dcaca93563f983d2c9fe270b5351d5e1fb9d6cf

SHA256
8f142b1154d34ed6c85d4a6d64733e06165045de3ec56bddff898fbb647b8d0c

SHA512
9e3a76ae8815947dba782460ab4b2b6e29a697d350287d9112f5dd3c1de831b44bf89a1c14be47d72747179cf7d1fc752f6cef649d7bf649b235340d84f55f0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
08955110cebebdb47c067316f7070bd8

SHA1
dde54817b9cc4565b0e5fcc8ff401bd058651f10

SHA256
9ed16c752eba50b1f36d6e77a06c87730a0ff3d2a89a2fea948b0a4f868a8755

SHA512
edc55a3a79e31aa5bf70b0b814d09eae7b63a772b11402cade11f0b2b65aaa40c0d42edda6b4eabef7ef4dfdbd18ab9d46acaca49b347c9bca91807e903384ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
0a7dc260a36908ca30e639f815377de8

SHA1
9cf983273639255dd8b324d4672e192e9bd8e49f

SHA256
458d5a2f08370e9221ccea32d255b703428ded5e4e0e5a0378adbb98f70d4e1a

SHA512
614f79b8158d0e9b41bde6d9667f021a21880c2497e2611fff4a4943efb4ff6fbe36d7e5cd4c33745e98d0d97c1b27a0302816429c59516294c91f7ed199fca4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
3caf8dd8ab4fa2e9f507b3df68f8f9b1

SHA1
8871d42bb7fb820a43f5c40a323bde94ef728b13

SHA256
ebb94f04c833032fc66ee9f6098440e503b5b39d35fe68dade2c9e0c773ffce4

SHA512
caeef75eeb4612773aa6dcdd31291afee82ea36ad2da0fc35f1ec2d496026818b38962f8465eedee215b86d59783b73d63c110da6eae525b2f34e9f9855e11c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1f125ad28fd417325bd9060fcb3e40d8

SHA1
8b4ed256687176106e98312a969e9d4f4ce89051

SHA256
a2e9c7fb1755e3716b007cfb4c88ce99814bdc5a5144a076afae165a4af62df6

SHA512
91da425ff5963003e558ed9191180864dd881d940a4532578cb4b152d4ad552933513284e096167a4e34749a7581721835a9cff6b7558630c5ee39359868f0d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
dafb3ef9a3a35a06eedf4ca62035b2d3

SHA1
22b77fb6ab3263acca0b4dd3e71a17910ced3071

SHA256
3ac8e340b1ef0bdd76501321d4a8a85265e1498d5fafa2166503f5c63f5e599e

SHA512
e2a6877f387dca72493bb5debd9334bee4d17db26452d56d35145d9d058065f8ddc80478ebd6e114effc049237f441b45b7d47d094af2844d486fd9b4bf1c073

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ce15b0b9e1496cec881f656e6f88b00e

SHA1
665bd7304da3c1261435d64e5f381324b6370603

SHA256
abd511ebb6648c0af983b478bf7f415234bc3616839d71decc1b687e5b5c4652

SHA512
8e3ae94518fd645c65fdb66be196d4def414c88b175f4c94164d3aa6fa232ff230fd07712e1d349a321e52902593ebc39001a948487ca7474ef695c100bd6682

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
4dfdc11dfd838aace3518e2e003732d4

SHA1
4c32b2ad4fbe7d4f8ae9d6226ea0aca58150a64e

SHA256
69165f2301aa021130d8d03d2b22ad42b8901d32b86bdf658d7f92dd068fa808

SHA512
a29a67c125ed1b7ef19add87eed6911b23eb0bbaa393e20c2f277acef73bfd10134504f47e74c56f7e35418425d1e34dd00c8952479e23514f15a68532c6c6e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
8aed0c2f9aa4a04b419472d659d2829a

SHA1
6cdd3a684173970f5ba2f3652226c4d6f2644e15

SHA256
8accdfbf4a4bc6bc7345133a4712c8072c655281af068d0eb94f2c4ab9eed978

SHA512
a7825ace043305e39bb28671cef2d14f3469d3eaeb32949dbcbab9267cbac11f8a2eff40705023932828b8ffb516b17677ac7b92e7fa9bb80dd6efed470931fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
9f2cee77c87fe356a6f6404f3488e8e5

SHA1
3907608de8cd732bfa127f9d514773db30507df0

SHA256
b0df50b1f2cd83f2e69f03a29601701baf10db10675859c082759f46a4f308b7

SHA512
b10a58b3edec5ff3449c9bd0c8548ea3e43c371f6ce290371d9cc5044f7906ec6dca44219fb2b00666cd8ab6e84bb4a0f4ee324672aa2c7183fc9d14ca02b4cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
d71da9319bc2febeb9d7dbe79e80f77e

SHA1
3853049ee02a817cc3a992eed9630a5f3d68c42c

SHA256
00c15fe42948782c270b8f9dc57512ad124b9dfe9943799fb340183e4e58c539

SHA512
e10971a0a7b81241edc16d04f8ada71b5f8aa3dcfe59a8e2143e668d28a9a6afcf8b30b2a777ca5cd0f712d0b52cf6ee5ab074f992e52853ea2d2addf534a077

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cc93f52b20c69673f9cc37b3ff9159d3

SHA1
d4f8e6a545a3826bfa8b41087da3bba38530a75e

SHA256
ebc6fed676af7b5c7875e983c333f2df409628ac6b276ef117b4c888d7b9fa52

SHA512
5e5c2aa112fcc28b94beb05f83cf6d9218bed3916e3b58b0752e1455be62d84a0b280e8170e77b333902558f763e2fee866f13b046899de614a541a5a56ae597

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
29e34240f7d1e8517203e647a1836f90

SHA1
6954ff59148131f9a475c62d7a8fb00c98fd75f3

SHA256
7ea6774ae3045eae97e10b71dd252844f5394ece2abd3ce8e53b7507a5745673

SHA512
804fab43af4aeb39617689c4818e5ed88d715dc3c7acce3c70fd7a0d9faf0a7cd6d2d920c3d452653a64b8d05dc2913e4dacb2d1622d8446d7189ec0869bc9e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
f3857f3233a8d19a3647ac2cf05ccd24

SHA1
0a79f4c5c15d82731f389e271053d0ce56a7c23f

SHA256
ac63d118cfb0b8eb86edbece578cc4b88f5806792babc17adfa9615b6cef646f

SHA512
b23e0a61809eb213a8d99b9dba6fc38abf0a266e2de0178b9a7182413ccd513e9413eee7a631fd41d40f04d4908f7937ceacb81956ae7aeb412f47bf956117ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
95c88d8dd89344c16a52aa8068f02e11

SHA1
5e06036414195f06c37c22c09563e6e889a371a9

SHA256
70c679a9abdfe351d1fc427a5085dc7a3889d1def38ca6bd1ad3429a93896b94

SHA512
c0a60ec67fd63f57ae3ac6736036c8b33162fc2463ae5708b06f9ac44f186f69f579e42439a425392078b1e36690155988615f36616e5cae35a51b89acb0ddcb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
3b02db9a3e7a1807e3a51a9e58603201

SHA1
13d19ccc4b27a25218549e5db3b6f6a73045d4b9

SHA256
74d3d1bc45106becb609d208db0a34319606744d01b0bc01c7bb180287ae90af

SHA512
d6d22bda5273b9d2c4ae4017e6346afa780f43a89723fb80e2d21669d6ac0f551963210c53c0889760ef2df2d288882b398fa0b5f5a7214bbf4fe6c8aa9f593a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
fccdca160f0917b6b793c5c3733d47d9

SHA1
36fb23fab7b8addae783f5dea22117f49695f8a9

SHA256
c208570627d19c199de76819485e1b89eb3f5849b184b834c8ccc3ddf5a89db9

SHA512
9ae12d9d8f25e926218105f07919519b16b5d71f1301bfbde4830742e54cb1b041b3c407cc16a87865d584f937d40e170072acacc4377ce3167ae6a227c44bce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
022aa580214930e1b7f32f9b8680e757

SHA1
8bbef7686db7286f361ff506fd5b3740496b92b4

SHA256
354b335cff054c70e671107c56b4d9a2a0ad7ac0a1a6b9fc5a4a2e46101dcbfc

SHA512
0bc2862e4dfc0dd7777e9f6c9bb2fd44cadb3d60ede26c5448cd5344f9923ba80aff7b6807f012008c9667836e327ad8b3e6f72f278bdca886f09b31723022d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
775631358882d5ea9f7b70b10017c2dc

SHA1
8a9d36ef2e24af0bbb906ace3dff571c8b2d873e

SHA256
e54e27bd1e4cf0c61bb3109298e8d109ac839a8e359aef5ae9d77b6d56df6318

SHA512
ed15b5a42f040b044438d62a03b1ad9ada72913f7718419e2c97f3e459d99d957165dc4c11a89b0b7a06afef29fe03b2c0ba5a6e348fffeaefca95296d82dbc0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
66045da806a1b3a575d7ed6f9894c178

SHA1
07ec2b1df175f6617a0f73a3bd06f852cb3e210c

SHA256
bb92a65651ab3808609ebe228057b91458549e413f5dda836a8be7b59df15c5c

SHA512
da169fb82e915ac52a31c5d468fadb8a83cc99df8929c6c1cc4dec552138d502180b990ac832b5c601c83a24821c3a3281249024bec387e136ab33686187c0d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8dd6998879472035c901a28e1ef3d521

SHA1
5fe57c1f49f7039371636c4e2d461fa8447c3b39

SHA256
f807f22bcbd8a0d2c481611a53ab4f9abc2b96249b9dd431e55621d53e14dade

SHA512
caa6702b8d5e829f52218eb2d2631f3fad50a7360d294683c444fd34b11960b86f298c899f2e813d6731b05bbdc1f249af94152fefda81283e3d048a9ddc823d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
a640b2336ee4d0d5428862289a8ee008

SHA1
e65a75702afcfd11d940c968cfb27704259cbe08

SHA256
c1f151c23e6fe382393c7d60a9bd309a5e7867288a4dcb8aa6c6090dc3bed730

SHA512
f8a64edc7e0ea2be941bb5d11ce115d559c39c318f10afedf66e95853b50d5a2246ecadd67774f504987060f70835b6bd3b92979b5804376e4e20332191b6855

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b423bc3db52edb1e33b040082d4b6b23

SHA1
42903d1a2e4ba59ec6a11967eec29eef4a77b515

SHA256
41d016c9c77fb5298979d82b6c7df8e4cd42f12fbe6ba2c69e8976c573cf5bcb

SHA512
141f360dae1dce71f63e60ea46a8c6603ec1f0798ec60b533b1cc86f3c84426ceb45f4f5fae027589e53bba4270aa925832c906fcca8e5085f0e40f0a23c4253

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c459edb1b30fc6060a32fb39a3683ae4

SHA1
993c7b562c994e90011b4e5513331e9d8213fd45

SHA256
b3a876f4dbf67e6832a2b2cfd33afaf28254226d762d357a8a0e047c336f7aa1

SHA512
3a0e7ce115e28d271c718026cd85d2aa23e01fa47504b53009c313a2ede650d5c24df4fd49cb832bb78a1cc5707a288d213cf26428a266332d5db4c62edcc6da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
3af8dc22c0bbcbaecd343dc14a1d2c88

SHA1
a4d27153f29094b4d0470f367ac954026f036395

SHA256
3f9cfa91d82e17d3bcf6cfd5d7eb27fa15b0186b867af9c7eda977b538824164

SHA512
ead9a802e78e1a63f3d4c638419de3bdd0d9e3278ef055bfbbcb9e7aa5d512170ae0be87144eb34215eecdfa174a4a978ede7ad1758c0791b5adf634b1ef84f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c535408a9f97edb1f921542aae4f99be

SHA1
45ff0a023ffb45bcbc57b0f398987eb33530b863

SHA256
03b54d012d21421d3d2b04ed1b2751b74f834e89ce2c02e1a16e4d563c3cfdc6

SHA512
5840d094a8c8028d93e08959816f5c82f253289ca40eb9dbc8b44bd1e7b9f84f7772ed97c5a4818a4650c0cf367eb624546fcd8a1bc491c8c273134f4eae8a7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
909067c66e334cf29cce06df138f3291

SHA1
0677d15f38429423ae0728246eb265d0ac4762aa

SHA256
7ee70c828378321a21fe3a69247a4486b8b7389df88054bf5e310c01d4e18075

SHA512
60536e82b815f951dc9a7f9f9218d2c92f610f0fa6952de790b5be0993c8a66a06215d123127a0e2c7fcbf5e1d7b03fc2ac4f33d651304eb0829a7c1db5603cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
5c874ca7e00009c3fff6d2c0d9aa32bf

SHA1
742109f1deb2958421ee5e684f637ecc4331c5ab

SHA256
273a1c91ba11be1df7b6679dc1d639904d5e5a0e31ea18b788ba71cea627f798

SHA512
e937392eb1afa8b735b820100917fc193a938bb6d5cc193da72be14c5d7473eadfb51c5df569a8d463f7e5b1022dd95ad9833b91211aad772dd562990ddfc416

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
5e82ef34d28f3902dad5683d08d3807c

SHA1
78e6ac68daa1779a94f1ee546e74bce7a308313f

SHA256
2c09213c057e662e660f86a2c68d6b3f67eb79172d5adcbedd03e744321560aa

SHA512
d9fdcc1400f42246c4d3bfcbfff9c61f84cb0c410f99fe6a01d802d7ece2912d402e3d5a3644010e6b06fc34bbf13422744fd271757b47ffb6538db3de2d9b58

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
e5ab704572811184a64672f0d03a084e

SHA1
4cd5f0448c8a9782388f0f88d0eeb94b0b66ba47

SHA256
253f01dc284e59451e332a0ac3e198dd94755de27f61398c71409002397b86da

SHA512
154bbca7ca713f85c286c4c97e4daf6be7e45f3d7def89f2616d6994b7ee1741439507b9d66bec2682a89313199def58e1a1a2f4729feffc2aaec1f871e390f4

Download Submit
memory/1372-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-8019-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-10617-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-10690-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-10753-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-11030-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1372-11035-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads