xorist | 4137f8c196fdd99a5cd64c518ed27c466953e37b78887954ea192b5595a0a076

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b7eaffe4dffcbd06445d0b32785cdc8.exe
Size

39KB
MD5

9b7eaffe4dffcbd06445d0b32785cdc8
SHA1

af992e2e6c045137b8220c60f534f80da968dd38
SHA256

4137f8c196fdd99a5cd64c518ed27c466953e37b78887954ea192b5595a0a076
SHA512

3639fc1b3ccd57b6a61acecfce8030a7c2c634deb44b75345b5c69eb5cad03a8aecae781b950c254e35f4db248b5e9113fd06412f14ca7a90596985a282e123f
SSDEEP

768:BPXsWRbrIA8vxG/VZ0xcv+n9DfUEGC4ZC:B/s+HUxSZOcvI9DsE4ZC

Score

10^/10

xorist persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 16 IoCs

resource	yara_rule
behavioral2/memory/1400-7-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-1430-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-2124-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-2125-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-3186-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-5966-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-7488-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-8371-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-8849-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-9821-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10038-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10762-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10841-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10858-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1400-10867-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2034) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1400-3-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-6-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-7-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-1430-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-2124-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-2125-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-3186-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-5966-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-7488-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-8371-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-8849-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-9821-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10038-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10762-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10841-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10858-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1400-10867-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RYiGElV1ZFlQ3US.exe"	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\oobe\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\migration\en-US\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorav.inf_amd64_87f761c07c99d5e7\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetQos\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\gameport.inf_amd64_edfd5301fe3972d5\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\nl-NL\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj4.inf_amd64_3bc71c4327f9f94e\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\Amd64\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\Dism\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_image.inf_amd64_31731e48047fa274\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\MSDRM\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_e0577000b188c16b\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Appx\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmomrn3.inf_amd64_c2314613ba3f3585\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_c4c8f901e3534194\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\de-DE\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\migration\ja-JP\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\stornvme.inf_amd64_1218fad01506b7af\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetConnection\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1948 set thread context of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Wide.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_contrast-black.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookSmallTile.scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\WATERMAR\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\SmallTile.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-white_scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-96_altform-lightunplated.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\messaging\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-24.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-400.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\184.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-400.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\android-call-monitor-perm-illustration.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\AddressBook2x.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\MedTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-125_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookLargeTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-400.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-48.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubMedTile.scale-100_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\js\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\6px.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96_altform-unplated.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailWideTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\WideTile.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bn-BD\View3d\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-100.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_trending.targetsize-48.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\tr-tr\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\multi-tab-file-view-2x.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_dual_wmbclass_wmc_union.inf_31bf3856ad364e35_10.0.19041.1_none_c155eb8fc7ea0c53\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_hpsamd.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5bd25787b20f9ec2\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.19041.1266_none_ab5bdb26141e0be5\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.264_none_93c3704f3937c819\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bootconfig.resources_31bf3856ad364e35_10.0.19041.1_es-es_7aa0c3dc6303defb\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-coreshellapi_31bf3856ad364e35_10.0.19041.153_none_c5d8cff48405ddd0\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\v4.0_4.0.0.0_it_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\WideTile.scale-125.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..lter-html.resources_31bf3856ad364e35_7.0.19041.1_es-es_5706e3c68cd4008d\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-96.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msieftp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_99356202bd502194\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_c_multifunction.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fda6760d5c07176b\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..nagement-dmcfgutils_31bf3856ad364e35_10.0.19041.423_none_110a0d6fdac45287\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\pdferrorofflineaccessdenied.html	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-management-oobe_31bf3856ad364e35_10.0.19041.207_none_504b6becabbef9fe\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_it-it_d6c620afbd8cb6cc\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_sk-sk_cb40419ee1262da1\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..iewer-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_8bd28239fd50110c\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SplashScreen.contrast-white_scale-200.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\ImmersiveControlPanel\images\logo.scale-100_altform-lightunplated.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-white_scale-150.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..llservice.resources_31bf3856ad364e35_10.0.19041.388_en-us_3b9e163a021f3ac3\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..in.preinstalledapps_31bf3856ad364e35_10.0.19041.1_none_78045c4b5f61a56c\DefaultSquareTileLogo1.contrast-black_scale-180.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..changjieds-binaries_31bf3856ad364e35_10.0.19041.746_none_22f5e946b6a0c359\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.19041.1_none_6314a7411fa6f2ec\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\SplashScreen.contrast-black_scale-150.png	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-credwiz.resources_31bf3856ad364e35_10.0.19041.1_de-de_1d04ec997409cb73\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..iguration.resources_31bf3856ad364e35_10.0.19041.1266_en-us_301baded6360969f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mprmsg_31bf3856ad364e35_10.0.19041.1266_none_8853c7d008945971\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\diagnostics\system\Printer\es-ES\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobe-header-template.html	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..irectdraw.resources_31bf3856ad364e35_10.0.19041.1_es-es_2471afb10c6ba20e\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_10.0.19041.1_none_2c40f135b952ab85\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ice-winrt-proxystub_31bf3856ad364e35_10.0.19041.1_none_90eb60acb91b5786\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..kprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_e06d72f98baf052b\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_caspol.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_ebec4154673e791a\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_0673f18dbe87b723\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-http.resources_31bf3856ad364e35_10.0.19041.1_de-de_1ff5905086c51169\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost.Resources\1.0.0.0_es_31bf3856ad364e35\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\1033\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_c_fsencryption.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b54761a0a9a99733\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rolpaneldisplay-adm_31bf3856ad364e35_10.0.19041.1_none_1ff794a14e994825\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cipher.resources_31bf3856ad364e35_10.0.19041.1_es-es_55cf4cc191404792\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..iguration.resources_31bf3856ad364e35_10.0.19041.1_en-us_8885724bdf55a608\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nlegacyui.resources_31bf3856ad364e35_11.0.19041.1_en-us_80e27ced5959a9ca\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0804\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_megasas.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_aec38d02fdb80c6c\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_b0bf434d91c672d3\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.546_none_2e110dc7e116d9cd\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-holosi-desktop_31bf3856ad364e35_10.0.19041.1081_none_6a124ae31ae9d36b\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a22d4db313525670\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\it-IT\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_fdssdp_31bf3856ad364e35_10.0.19041.84_none_32810fcfa25bcb13\f\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..tionmodel.resources_31bf3856ad364e35_10.0.19041.1_de-de_ae4135622fde55fe\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ro-ro_5f739d7787cac478\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_nl-nl_18d9d627ae1a50eb\r\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iverretrievalclient_31bf3856ad364e35_10.0.19041.746_none_0416994ab23ae00c\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-keymgr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_46cf339bd26eb4be\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c\HOW TO DECRYPT FILES.txt	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Bl9c98vcvv	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.Bl9c98vcvv\ = "RRAHKKYNJVTSHLG"	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RYiGElV1ZFlQ3US.exe,0"	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\shell\open\command	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\shell	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RYiGElV1ZFlQ3US.exe"	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\ = "CRYPTED!"	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\DefaultIcon	9b7eaffe4dffcbd06445d0b32785cdc8.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RRAHKKYNJVTSHLG\shell\open	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83
PID 1948 wrote to memory of 1400	1948	9b7eaffe4dffcbd06445d0b32785cdc8.exe	83

C:\Users\Admin\AppData\Local\Temp\9b7eaffe4dffcbd06445d0b32785cdc8.exe
"C:\Users\Admin\AppData\Local\Temp\9b7eaffe4dffcbd06445d0b32785cdc8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\9b7eaffe4dffcbd06445d0b32785cdc8.exe
  C:\Users\Admin\AppData\Local\Temp\9b7eaffe4dffcbd06445d0b32785cdc8.exe
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Modifies registry class
  PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
c486e67e0e5e0731b50428dc7c562622

SHA1
c0152b8be06bf23903fefe9a9a475f6533beffef

SHA256
6ed87a04178a934bb6e314dffcec82aa1872338896aebccd027d0a4366bab842

SHA512
d84002f942262580a2ad48ba986780855a132fe2bc749ce8033db42d71c75b1de114c0038999b500ae455fcbb5b54eb0e0f00c884727b68c5b0c8bacc381dbe9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
9690520836bba662205baa7c9bab8a1f

SHA1
4b22f810e1b1a36c9de26c74f3d9145d6616c4f2

SHA256
9f40a8c1ec36cc82022443f680207524c839f979cbcd9c01f8802ac69ef22f93

SHA512
ea6fbb7202c5abcf9bf9ad0e3832277ebb8da270de4ba05fff90033fc9ee51eb6cd6afffe10556f4b60fb2841015758ab792e2c5b9e6b52e7bd6dc7d6b3b2701

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
da29106db8c8034e72fcbd83474ce080

SHA1
507ccc49c420370a5fc50817fec14bddc58da812

SHA256
3c97229963014bcf65c481b4e07baead91ba21a770978f95e405e246d6e09041

SHA512
d15eaa55fa2e182e153d53136f5c7e7d7e5b5a1ac74ebad900569537315b1c6d0f8c40c1ce29dc18edd7dc28bb205fb95894bef0f636d3eaaaca344aa6a4e5f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
9f70478add08ed5e5a573f3a9d347499

SHA1
7b937202d07b5b69e5cf5db607b56a33421ba1d1

SHA256
36b019109cfccb75fdebf982d1aa8380c6f2871f529e6b99dbf74b50433aebe5

SHA512
56db005437c87c520ba073d2bc189c94bd25a9ad84689bb5ff178075e3fa2e635132b47bbee7cf1c40de82ca8cab4a930f9436a15c1e08d8311a256b72ebae34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
2d352ad0eb2cb368b975f153e35659ff

SHA1
eb6ec680c9673163db31345fda0df24a21c3d37a

SHA256
d1919ed2861e781e94c344896d741690c7667802cc6d8d3084aa2a7601ea5ad8

SHA512
5868506fbac05fde6a00aa4827b238f54a901f4414876729982006622fbc4b504e6c21163ee181b93317996294b8d35f8e50409e854533b473c9c4c5f45962c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
410ecaecbed60c0d69657a47ebf53cf9

SHA1
26d627c37e1937443916648d12eda2fd6a7bc655

SHA256
28bb4a399cf1e6f5a65854b8810ecd9382f9311323124e596f899a3eb2a59f87

SHA512
78b79b66632fa8819c0a5e13fd3fc658da8dd04e6a7f255e122bfc165609a870b11adc4f903fc2ec092f8c1d8ca094abe3a44de1478d5f3bd69d4d0b90985f93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8d48b36fa2d2b194f0c54516d008e5ec

SHA1
4625e5c0636c0e626b2b8b9621cb7fbe4ed87d7a

SHA256
06c2716cf62aa39a57ccf4b7ffc591c7f2ee72b3fa8b35f03da9ac10c5f73931

SHA512
f225b5ba26baf8db408eb49a893244f4d2ba11460877bf6f377d59d0636cd9e565d89d19babbc08dc265f9bd84f1024f5baf9515eaa6705aa9e2da252efe216c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
7f6afcc7069185487c4430fcf0a32807

SHA1
2cc15c4705ca949acc451bd7cf04209cf11a8bb3

SHA256
c5831954a9acabf5b4f9e9fcb00135cbf3e260db6ec2bef35bb2a6a77c8b3973

SHA512
16f5f64e7d840befbe651849573d5ef3701ed39b3e77f13654266ac9ad104f785f6cea62079ed2c77fa0f8b14dd60e6cec9f133e81dacdc8c2af046cc6df433d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3d8e940b55b854b5c6e31f44d8eb1995

SHA1
88ce302e6b8d8d2f6e15c3dfafacc3c48b1afc1c

SHA256
44a21013b67d84b04e4be15b9965d70549185e204d1c1618ae29b5567ed62124

SHA512
cab9ce2f2151e39bbcac6e24d189b13f41adbf31dd108af7fda366f142e44f146a2e7a36e6c64bfa4a329f82675089e1fffce1d09647b357518f53be57882983

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
7b3cd5083d788faca3fc99a221968124

SHA1
dfda658c881ff4996b039914915cb19ad0bdb608

SHA256
425419d9bde058718ed4c5c6d0ba55850edd2cafdd94a936da3e45363a229dd6

SHA512
1874f8c5ea791ee3e48fe692c9a5d6e82726ec3e63323eaf9bbb625905a3c34acd4491f3fede32e7784042618231d1df197a2a197fc279a96ddae5f232d69583

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
95b1a3b87bb2e451a358344b0dd96e55

SHA1
004341d22bfa1a0e078e8c21389fa13682783917

SHA256
35a3deda177a5345a0236d29bc518353886e72df929118b34414add84d350576

SHA512
0eb11b5172063a14cf478132ed2e2465a7b575e6bde4b0df20852f1bf7baccaf22e4ae25d03fd7199ad4c03bfb5054a15d65ef4035185859d403ad6df6ef1665

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
fe25e9a650e2716631324471af8d400f

SHA1
33b0b8b8cad78937126866b4b75757c8f725b16d

SHA256
8f5a6c44a3aa0653ea912af77714d5fc6b72d8771497eac64a8001e9c1f6c8d9

SHA512
48914cbc9e344b18cb332c2d68cb234a1c774a414e9e33b6231bb0cdde4241625c67c73c18ef29065d994799f4d16a6e2cfc910e3923e9020bbbd70c43136e48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
65feeced779242e6f6511ded49720475

SHA1
e0abb699a64893efa3e23b831bcf4311e3c01ae0

SHA256
58ef4c91757bf630e25293fb8c1560d9c1742991b9e5a5f2a1dd704a19eceafc

SHA512
afbf5aa5142dc7fac7789be7858d53639788cb7fe87f8393040c207372bb5365a326a252abfff0dab690567b780cccad78f73c8a696b9a648759933e9434bdbc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
02720c5a7a4c68dbb46a68e04b07513c

SHA1
8cbbdba33b05904912582086bb4b6c743dd87e2a

SHA256
fa94d44657a8c74275e5c2770e67dc925cdf1cd6344a4b32f7ef22c27bcb097e

SHA512
af397855cee2f0f0fb9f5ca75a45f0c44e5b145ceff0cdf5335342e1e9dfdbdc2153cdc7499c42721b2f5b1d14a99ccb14748203dcef05b6023356fbf44b65c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
122e87c702bce30e26ed05b93a09d4a0

SHA1
0db00e94e6c05d464a408d817b2d5dd49d7b8f95

SHA256
b90c42a456a5b37b54810488f525f63cdf2035b60c60f0c1d47509e9715549c3

SHA512
2b755615ec34ab3139fdac4ad7021c96763e7002865228fea41757879a7a6184ac6b9ac3fa1431d9439322957c3b9640d3f968c7c326a1b23a45160338fa2bfe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b2f0a8c33a177ef7dd0dedcfaa94d2c9

SHA1
07b9d4c3cd1f1a978ed9cce954dc856fbd1d23d7

SHA256
7e1c9ad4d82881829c6ac5668af65bca5fc98d1b01b486222dba57b2e54f1a44

SHA512
ad65b1fa2e4d075151f1538815e2d0fcf8c3dbbed490f11ccf33952e1f2aebafbbf3d426c0318786fcefab56b817c4ade976f36fcb19cc7cdff186629d8ad0c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1c8260c09b9229ab92a9a3c1c03f66eb

SHA1
d4b055dd9f9753e79347246c4c8b08fb92955bd5

SHA256
5359d1a66c25e5781f299df79f4e946958a7285900a3450c04e721bbbf0c9171

SHA512
a2b2df0f2d16212fbb087c0d8a21cd8e1f191ab824895d77cc4a5f3e4b3f66ca79300cbec213585131b122888ce36339ba6eb2a81d92efaae2e2915c17498d7a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
8a217343c64123d06fa9785f4505733a

SHA1
131ee5e2128cbf5a45b8d5a985fe499911931659

SHA256
8a2743bd6d71e843454ac0f02891780a89ea7ca39f2667548a921e0a5517756d

SHA512
8837830076c9b9da87b41f2259feaaf946c952bfd1c9dfaeb819bb828a0bcdfa0f5771fc978f342d5d144dc4bdcc4ad433be4df76db1069b6345799d019cdc0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ad01e98a5bad59f12a9903ac51684804

SHA1
af575235eed587283440e63b8a6d9f5d02d842cd

SHA256
a6c65b97c70a20b7d507e719b98e4d0eb4ae85d57606f5127fe5e394ef1f4068

SHA512
6d85975fe8e8ededdc5a35274d26a04f15f4efa071eb30d78cee0fb0434bd901c1851b1f348555a5d8b43d5c0a1a46c7e3dc0bcb71124d6fe0d4c24b1ce6f79b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
d26237e084b0efa0ac2221752322b89c

SHA1
8e86bbad305a924d15cff0c9a9aa4655f91ea423

SHA256
268f4df039c0a9b405bb6af0b1cb1b272028eec8b4d87a1dd2aaaf07dec16245

SHA512
86ac3c8db8b1f7465faa10b06c5d8f00d1477ffa6a4f1e33e2af1211aff1b99ac0f06ae329cfca528fdde5ab66fa8aba85e29ca28ce06d66f16f812c97981841

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
414a471bcba5314217627660561e8866

SHA1
faaf1b92999bb6c3c7ea80a968e10fa3afa86be0

SHA256
21c66390d8d10d60f3c590927c7a960f93caf2d339a4a6d107ffb2d8c9182484

SHA512
8a4037390389c5eb89cf926198f87b7d5c73ee5a01af3873a0e4de9bf1a428385ad87981eb557f5fcf1ccc39a987b8cc8ef93e9c462de5b0d3b7e786dd7a90d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
9891851ae178cd7c6158c35fe5a3c193

SHA1
61336ed229f442c0ef2ff95bc39839691c4bf8c8

SHA256
fa2a8da342afa08a63cd067c92d40c3820f9e89899c6a9ce9ab453528068b665

SHA512
793b6847919c2a6a78e3d9fb4fc51bd8ac1a3b440afc56f8c2104f5e0fdd114b5b2849940822dbb61e900c042eb46d6231509b036997207c5ab5d6ce22105832

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
7c6e794cfe0a7b4daed255857ff9b14d

SHA1
700ad12ac548e830dd3c19726db78a8f3be7ac8d

SHA256
4773b01ab272cce93391643b1bddaee4ac223f018b24fe752e888365014343e5

SHA512
98a4a59933844827d5d28e26c01b302ce95fd5a9e943004c315e70dd6e4bc1b86e0728061a1b9238447bcfbbdcae8ffd7d996717036bc411bafa6613b1adfc27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
34d75f5b27c3c6c25d2cd9dfd0d1a6ac

SHA1
b4116bd104909a8c0d7d76ad5623b137e36fc694

SHA256
094279b650a0cc8436b7f6c253cac0edabcbe099825d854eb401e2b891b27b74

SHA512
669bb255a06987ad2c73213bfd6640aea4a695db14aa1b7a27f25059cf03dcc115e3d57ab4f949e8e3a27561c6f0d7be8fe705ecc05a30a8d711aa8658974c60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
eed44777be87c1f5851a5548cca6f551

SHA1
f53e9e1d67feeb6fc5b23d0d495789d402deff37

SHA256
979716fb57090c64ab26cc9227bcfd18698b3c46c9732fc3a3eacbed3d4a5c35

SHA512
b1f05256e4c88046e09c19c9f750d200b020022b592b589dfcc500700a81ac4fcdc8fc6a9f5c1a4e69e12109e936137914dce02c5106eb30a119fa9e848f73a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
4cc9c03ad014298debc98db857fc7bad

SHA1
e341a3822206eded38dd2f4e89ea86254dff226c

SHA256
9752686ecc0ff621c93872a1ab139116ba9d5ab187123d55fe0665715ea09382

SHA512
8f0579f5747bc2509d4ffdaaeebb230e1b117b908e5f0b8b076fc657f7ced3a43d4ec108281f2fe242d27a5fbcf082a485dbedf8590c900ebbc84d0103a0a955

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
dd7f14abded97eca8c4f05a1d00500a3

SHA1
7b97ed4065cc22c9827629ce4685f0622f08e8a1

SHA256
9036a3ef33d60789267102db589454511f75ecd46cf18d1c7171c1fb0af6ff30

SHA512
2b08b55f1134a46e2304c80a5a581aa889d2d9dcf3b44d6457c21b88a27fd0d06f88a8652f2251171d12b7866fffbb07528f155a15eab7884d4b8b5475b8323e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b39f720f1a08c45a001ae8857ac3ba4b

SHA1
cd679be598286b6d82e2dc1930908767bb3cfaed

SHA256
03a91c4916f1a1cce94bfc1fdde2fde030ddee1b80d346b49355584866e143de

SHA512
2d521568a8804aebd79d35fdb4c9e7c15b064ab66b7298ffc5ceb4561f708b1d95184f7e5bb8bf84b2e0abdee3c4ad9ad5413055957ac1b7d2b0a98aee44d736

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
627a9016067ba18477e75c89f34a15f5

SHA1
622c141a5b94fa0e510ea5fd5923e7884ef17e38

SHA256
86378a567828a538df66a2de563405a617dd8c20d07ee5418c19df6958f81918

SHA512
d0ffd2c269a7cbee4fb0463dd3533417a365d28f7b60be9aa4ef651e82ce3a8b77d4e7c4e62acc706cd114a7e527be7d7da559845185b04d5ec87ad1d266cedd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
aa8a74d90d26fbf6473e24cd500a2a0c

SHA1
473ff20b61e6404a216ed1b15a5047f764fb0941

SHA256
58b6adfc8f2ab31dfc9e59faa6b370be392882e058e356a6a067c99eacb6d1c0

SHA512
edf57be569f82adb61354bf44a97afd717f559a08c887b9e3f8dc535c328bda3b99ded0b46bb203b0ef61b25190b1df3293df4c3858107ad9595f1be878f400a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
9c5c484ed2418dcba3b482d600a890e5

SHA1
e784fadf947ea2c16d08d4cac218f7167e3ff48f

SHA256
9802606a3e491a8f8ce2d56aef2c1fea923a536c7db480f63fd2f441dac3da33

SHA512
acc878d5e2e3f15111140fa08da0d3b9905c7065e17e5d59d8d6886c77b18d98c4691be4a3100334b285c36ad092ada56c5b33ef398f7c1797975272752672a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a1c088f92ec0b51fe47e3361a685c7c3

SHA1
bc751185890217b392cccefeaeb83dc7603079bf

SHA256
c103e95f9a69fd89cafe3a6d20813ec13305379cb852ffed8c07332a9fee01fe

SHA512
44d7cd1d935f5ffd7aa21174ff537bd348473d9b9e579da212cb63bc2c8800ac9bbd19f370a46bacc5285f90cf9305cc801f02035cddb405b78a15e424ddee78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e1623552db78036f49f76ff9718db7fb

SHA1
e64ed60c9836c600202d663a2b1843d01332de87

SHA256
7d83391498653cdd2f1ec74b70bdb19df56a42e2f6275710f2647faf748899c6

SHA512
fd3e6c52a5b85b225689e147f45f4cfa738bc3d753b9cd72db066adf595ab20db00b82350bbb6fcb6602d18ee599c04140f5889506b764485b24599f66ce516d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
9fb50d424b31885bcc2d89113c0e5aad

SHA1
b889dcb78e161cc3aca30e48b6af64f9a0e744e5

SHA256
a8938fe35fe61a2e3d5d19c47e5c0f8d0c92f13ee08a51101c8c3c174f98c4a3

SHA512
c700d4185024a8f6abd46a1fcfde141d0519a419893738ab42bd9606749c4dd670fcd95d314572e37396b70f4d2c7d0e475c4b3765ac12bff41a1e32fe659662

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
547eea0620c9b2e89cc632ad88e9a99a

SHA1
cd7032190b078626c950950111e993ec7c25b519

SHA256
9a2e38fb0a8a8493a5707927e080953186a3fbf4d616ae30a1a478f8dc107d49

SHA512
e9b65e9297dfdb793a1fd832eb2288b2e88e5d80a8c569d0590db8ec42b72d7d4272bd5e044ce0d371627661cb41f7b39563ebe3aded99d3c74016a869cae600

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3bd7360ea6a505ea88abb00863f9db4b

SHA1
c2eac4730f7612fa55f9255e00d4a0de6e545bcc

SHA256
b7561ab328cb9b463e92be21a4afefa6edc7348bf78582087c21ee0eeb3bb398

SHA512
13ee50d9bc99435f52e0b8ec04b1d9d8743b2396ab7762d8cac8b6988a12c734a6aaad60d3a5af62bf118bdbea29d20ef2b39c3b09fecec40220ad16242fd116

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
31c5fa5b325357534387602fe784eb26

SHA1
1fb16f758cbc87fa27956dade1009c784e8aa26e

SHA256
2fbbbf499525527b89d9b55ef9bfc7f63af70ad2c7538500882d43de97ec06b9

SHA512
6a35507076620a222bd3bcfd093702f0504bc0918f84b1e0483049d71826064d40a76569da02b0ba848dce4b02559efe6b50985edb35c59877cb4ce5313ac3f5

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c39ad1a7dd5c95973ce7bc484fbbbdd4

SHA1
e0e74b04d643236c72716341fad85690185f69f6

SHA256
d0bdc5b9bb503badd39851a196e7fb90e1689ab1fe2c0e7e4ce7b43b10f046ec

SHA512
7ab9992c48cf1df1f48125509913d4adc45d5ef5afd3cb6687cfbecb9347eba725b5a725d14f52923c29cd2bda4a3de2655e2a69ae35ce4f4965181855330795

Download Submit
C:\Program Files\7-Zip\HOW TO DECRYPT FILES.txt

Filesize
937B

MD5
88de38daafc64c8ec113507d490c9d7d

SHA1
a51b5c3ee4c306b1a3ec68c0cfaaf41bef29e1e4

SHA256
f78cde7119f31d0e3ba5aafd8b932c342f5e762c5f8a1a3c7b115133c1f9f1ec

SHA512
3e3b42d9c2b42a24fe753dd2e24df8405edcc0c89bdba78bd4e20e5f83faa372a23008d0e7f568f4210a4935a68a1a03eebeb4e30954e5cb56542016295ddb71

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
df04943e663f25cc1c915b6dcd28552f

SHA1
68cd5574c7e213f1ad89384d66fe673695eeaa01

SHA256
2caa4056f47fe5029b33a4bd71fd871b453a2d9a1f6bf54080bcf96a1628161e

SHA512
91848776349f491a40c3d906d60222d519a651be2e13686781ce186af0affd53cc06fb22e32d0f51e1d9dd02d1c5346cfd0c350711c2876af2412e9310102ab2

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
dfac3205258ab328e13625fe28206073

SHA1
ddb0075ce6525e502fdfc591c90aa7325a2ec31f

SHA256
511556b7766434e063f40e8fb5a095d8a902dc64d2300a1c9a5657d5b194f311

SHA512
af38cdd645c5237fe7c7a7006ba3ae310346f026b8510ce119c463a57e62dc98c6493a46e2efca82f2a605c773657442d5fe2c5b2962faa4c368ab1f76651483

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
bb2efe53f68427734b852a88cc0189f6

SHA1
4fd906236a5347cb14ac79d85824e9d0c4c60cd3

SHA256
5f9bbb4760e5cd5f36a80c8b1671f0cb03a9da18ee68298f8c4d1766c9a91103

SHA512
7e7f2f77f0089bf3c06ef39f41fba78e3a9c555d779d95cc8cb97d0fc3344eac9193d79acf99d31591b4c2876c82dadf6531737f0f3942568280dd0e051a39ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
97d87f55b2d6d5c6ded5a16c09c86935

SHA1
631791c8a530b52a40b9b79333847c1cc87bbf72

SHA256
a7b8da6fb34a9c91bc4bc2d921c205dc4142ac7cbcf0e96845a7f8db4d4a7e1c

SHA512
265acfbfddd051e016e78e88df6aadea461aa041ba6da7abfc2eebef9d04af4d9d0e53cace0d9b77981bde7617e74bafb180ec6134c3be388a775d39254fc0eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
c506394aedbb4c2068ac6f4ad1b96f05

SHA1
29c7098dd7179ec409121f6bdcf9304196b878ae

SHA256
dcec6e866d227872a0b3e14ec4eed9b2f9928fa38a1d4ab56f7ca1923c3ff928

SHA512
c42f8dc299fca268db5c9594959a5dad2338e91c46f41b53f710c08d59fc07b05a081b497e9f2c8f99ec64b7707a0d32e922894d0aeb8bc403b846829d976774

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
446f8f0cd049abf36e00561937e57bf3

SHA1
7837fa3ccc557de9e13f46d9b3c4dbec7003fb45

SHA256
b941b3801e657183e1895d7e517e5978d6f018ec23de41171c50735e04ed8858

SHA512
359c1339b554dfb5961fa1a45fd923ab1d2060c9176669893839d7ffbe71d70332dba4e8e2e94ed2fb296eeb4c36301586d396672bc4f163d3d2887d19dccc57

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b09d99087c8a0506f1e03630c508041d

SHA1
2ad0ccac35ad29546bc1f9cb84c03241344b1919

SHA256
a20734a7d3353e640c2595ccced9e7a368304e8546c5583d8414967e3d75dafe

SHA512
c2da83c3de16f42c49394f6ed5a4f3784b879d8268b774b7bc6b6d7c779345fb06eafab4921340c72aff5fa4b525c1f40fb6c5e432f6172fd4aa8915cf57223b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
61eeb9425b7da188366e6a25013fc819

SHA1
32cef8f25adc39e46817dc9ce4c426548aece121

SHA256
650dc8a4cfe7c66e66fbfa202f742fb3bb1986a70ce4432c140f878b2b4eb700

SHA512
1faf17a9ce674fa28c3c73345f810f1bf5115820885773d2ac068481e77426ff305be9f93a9694b3ef97edfb9ca948896a161e1d4f43464624cdf1d38160b74a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ab6381b2667ba0be9c72f1fe558a2e71

SHA1
ee079e669121030e9de81801edff83a01ec2ae6e

SHA256
710f22bb1dc120d1a7c068e178e9ebb806cd748fbd3bacac72e1596784bcb9f3

SHA512
536b5075990ea37a0339eac8cbc57df32388e50b5005e02cabeeb2b414b3b8e7f1243b93563120e0ff29fb7e69145f2ef07f2bc88eb5277e68d062c353225ea7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
109e4d7fdce991ffe6c4b04bcdea95c2

SHA1
4d98c0722f6375adb698cd662eb924a3f2cdf44d

SHA256
9d5fedb35e80f2ac0422ebcedd0414b5cce118a2457bf1b5dd53b6d952b200cd

SHA512
5a85be5c14aca73bd44999e5d76b5b4b712ac4bbdb0d6cbc7c5b2d396e326aa2e33405993dcf74df1e85d0739e360880c280b0b50d15c6b5b66e4bbaa4a85ed0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
7264c3d087e1c02bdb140de3562f99ea

SHA1
fbeb6bf206a0e62807a78907a1d3fd89c5372201

SHA256
669ede48203cc301d423ece2e14be218c8dc8384a8b0966a1fe104c64f3152ff

SHA512
1987274d72b510e96eac58d061bcb8f681a60478e67dea9e5cc787e7e35688c8bfb48fc91f88c659b096ae99f8e9a7a00290cf3451e1ca6d39fba8e30619ccf7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.Bl9c98vcvv

Filesize
5KB

MD5
8359950229b3853bd3cc45a915b24462

SHA1
00eb57ef52dbf4091685253d628bf0030f067dc7

SHA256
ffdd6a2dfdf1c161f53a76cfd157c870339cfe258279d1feaed5054e5a41deb9

SHA512
d6ce19dbecdf9190dbc731e41c406b8e668c4bff23fe0ee0db5e3c4ceb0199032527b5bea42695f1cdb8286c6f87468a21c6588486d6ea67e45c56963f9f8e06

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
8e9125f72a052a3952464486af6920bf

SHA1
db75c3313fbe1d51fd0a0b966e6cca6aed4204db

SHA256
f6863d4de54e6642e4c974024faa45843284f9d2e4470220c88e74fdec283f90

SHA512
1a7eb5ff830e3bfc2b2bf8c9f8524ea315cd753eb99fbbb99370f1284d416a266990eb32392bfb7b6ce73a7e84d8cfa9783ab3f60ac24e26388899efade44aba

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
13c51a249e1306c6ca1fb9bfd16727f7

SHA1
405e8c58a7e8c04c201bb4bf1ef05cd793b807f6

SHA256
3b8cffcdf724a37d45104f03620f2a74549b5bfabf7d6f51f1d1e33d2876aa31

SHA512
6c015667822063473f31467b9a592b2f002928f1d28a600ef810f76a4424b9cf354d3c8e9f736080cbe489e1b96a4aec33da04b6aeff5413c7b06612ce4b07c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
cd2ccf48cac19a208890c7b429dcda40

SHA1
08b7769c82a4338805aecf36b8e7872ef460c31e

SHA256
daa85217c7ba56311f05ed93de1fd6b8fafa0be2e21ba724b452f231e27282d9

SHA512
76a3c728f053d8cbd62ed4826442f60dc3a68a8e45c0b3fee1ebc5758b39436c3181c24d4edf06363056a4762c33ea46c3f624e8eb8d21d155e3c02ccb19d4a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
ddee5bb4b029a3707d4dbccc8891e191

SHA1
3949771bb968f9de173ce21a1199e15af194121a

SHA256
32c6f5196ec41158416cb657a6f9314d9e725c1349e543e7b93b5199cee17e45

SHA512
0d7128d7b455ae1270d996dc1a96e1254b8b737f907a91a1f035239703f8b7519a6c786770624cce56a14d30e1faf71edebeaed7b98cb14b12cc27e42932d68a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
0c469dffa8dd91a4731f9e432422a30a

SHA1
794c2e24e4b8cb6e88d69dd2ee1763a3f1d0001a

SHA256
aca7cb2fab20d35a1526819727fcb5278d73804bbf11bde250ea1fbba8d5746f

SHA512
7182d9a84d7f047dafe18e351528ccc9103ee89579f2b2cf852b846647faa7af9eed574a6679bd8b183b447b592bfe80086ab2ae91920bf7f6538d216a4a7bd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
8906814dcbd0dfcda614e5abcd93294b

SHA1
a196e033b222f448a8a9f4a4059262a9477815b6

SHA256
a14df0c1ed66dd5d65feda216af7b95020de6433bde20014adac4163470f5805

SHA512
74c12c2ddba1d171d2ef26284970c46590c7ea85ff0676dc03f8f885e2f0b483c43adeaf8c805b83df43054d4a34a4d61eb1f97c6c993efd4c0628bcebeee659

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
eb63c2a8f753b444e57935c099c81f8c

SHA1
0f4d66dabcaa468dca3a20c22abab4d259ed106d

SHA256
928a3c6cf008cd29f24af76c4dcea256c838c8ff38d9a70ed4db4362efa32536

SHA512
3fae00a98664bba955d8f2d6e0cb925fefe9a512abb8f6fb75785b53b4d159b7a332b908fbb50815827f38294016f56fd4d67c9ec65d40abb566add9338af503

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
223d588731b97cdb7969e9a66010c9e0

SHA1
def3a8dbfcc2f5e4c21eb02f90c12d135029a914

SHA256
097e05e8018cea5f74b00ccd635147d1198617b180930a98a896cad38e73092e

SHA512
65e08fdc27ce22acc7b3f2b4e24b4349bbcf13577c1ed4228836a1416fba00193adf8ec71dfd2172f084339c313a56799f4c6a768ab5f42dfce1e342377a7e44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
fd5ae1f8b08dbeff61f4cabc7a9b217e

SHA1
be3190f827191cc8bdfc7f58ea2f46a0dff2f9bd

SHA256
f7e25852970b00e611fa561eaf21176664aba5ec6b1f8c3d405d46c0cc2f1ddf

SHA512
e91cc39b687347bd9c7bc86e15a7132bea9481fc4a20232d05351d164d8c0ddc8f105c3345c87482d929423cd18d3b9dcac84a11116dc02391edb129636640b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
4b8a38dafb7b3c02683f1fa2cc46fb97

SHA1
fd7b23de46567320637ad1c349dbf171a9ded05e

SHA256
1f3e77e735027a67b85eaafef6a8bc698ee9956aa24b43368729626df0b6cfbc

SHA512
cd07a07a4bd0f13715381a0286cf8bc880351d9a261c78baebca101cda2d740a210013c943dbdae60f83e8e9467cf9813cffae643305ce5a6c370f696bed42ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
4e46459eeab4d44a8065c5e72fbdca57

SHA1
4e1b983d64807a9f4dcdd15ed5507a2071e8f953

SHA256
66abb187e2f4b5a8dde1326519656d0992ebe84566e57dc75cc971cbf2f5e8bb

SHA512
737c55a17f4f64fe47e92165d09ab75687277e632ba57d86a0567b62a472540f26eaab76f0f45ac30f71e76e0c1637fc85c190357d0b345a99ee6515a00ecf04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
7a78299612fe1d798e7b6e5b04d15813

SHA1
f6d09e18dae81c77dd7c1e706f2556d1fca39169

SHA256
2cc9813576b7b030afb995365276b348e7821fe3efa0be062df5ac8a82023ab5

SHA512
4efbb3f19e72caa16d6b3b437a08d2c4611418388f86c0e14dedeaefb44b8ec6f16cfecc0f1b3fcf328cc058b01d45e1cc4e8d4acb1944f61f143dfdf906b3f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
9c49b7b88e681453e8f708dfebec6568

SHA1
b52ec3e72b57ee50ac54b30cf0ebdf50204e9175

SHA256
2e94763f1d844bb5a46aacc8a7d5b8f91f7448a57774267c0cec78596727d558

SHA512
ae15ff0da59411c20c640afcbc9186328361b6b9e9fb856aff75f12f055ec287a1cbbbba8af2e3dcee3675d2b84694b706fd5b9a2a93287eb8bfbf5df7fd1573

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
7914f5a3c97ac0cdeb8047d156668937

SHA1
216bd5237a08bc335d7c99b3c50f8d14dfa3dfec

SHA256
8169402cbbf7236b7d9008795cb54e4c9c983aaab98db700d72e2520fdd31c67

SHA512
b083178dbffa1f74fd27cb7ce3e74de04ff3c048314f0db0373621e1f97d4d6e741bdcdac45473de569c64606cf4408cd63caa348eeae4808de2fb264e4ed301

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
80ce78edf607dbb0cf9b2186252954f7

SHA1
974700382e5240c6b01118cbf1c64f515ac7591a

SHA256
b1df93e630ff77523949b590a9e7c793bc143af893fe0dfcd52bad4c9201b54f

SHA512
ebbec40176bbbad00112bb2587ab38c15426c4509bee414835338e99e2704896467304be9f68ebd0183ab6055dafc50d0bd78fea1bd12d5cdfb37912db9f9b3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
82f5a14e31aaed8bab7043b02cd556a6

SHA1
2432d1735452e6c88dea8b870fc9775ede34d3fb

SHA256
d1a69d907f16e97ddbddfa71051afaeefac6a94a11474b0a29a7f4baf32af32e

SHA512
f1303ebc7e39d6a67064b643c5e8bdc3ebb9243f4168762bef872454ab8a34c53a33f9b2ba81a45ff7658137056afdc21f956a4d0ab0c28d21ebc3c9bbf471da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
397ab2a42f5699acc89aec8873f27f21

SHA1
1d126a2acb0bfaa5c0e32ce02da86d28ed733ab8

SHA256
cc2cddb4432ac25ff8a92e38fd0381ea3c77f617df7599cc74ede0339db533b3

SHA512
8fcc4d601cbd47300e03d01d426fe7e47389312a1d8afdeb7b055c15cc7cd19b147f225b64774c0a3a1fbccd2f7ce3fe03f35a2942c66dc6d4e85f4ea226386b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
88b248e3daef6babae0d34c3417a2590

SHA1
2ac170b6fc62273642672ca7ff8ac12b9d04f7ad

SHA256
64dc9d7ef8c8ff93fc9db7f4e2704ab3c6b78c17d771e70aceb5b15311741b9d

SHA512
3cda46f255a49f9d6b1a45dd9197484da356dd097907beaeb95ee5469e6e35d0a90fb2e0d5cb1adbfb49340dddda337bde8e298df72df28e0b9c1859cc0d036a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
59c73f0010c59694440fc0e94986df6b

SHA1
63f6d5bba8d6b578f829d4cf754dd6aaf7c3da03

SHA256
5ed182c941ffb756004f64109f4d56ddb3ceef7dd9533fef0f97df6f7a916cc5

SHA512
8934016adae4bf7a938a0e55b25f73b1d6e25b76766e76f4a86331c6490a2be847d5361aaa0ef3b4d0cc17f558a458ec6bc07f84d7a7f3069e21e340df3b09be

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
900bb89adcad51c72fbf6a076dded38b

SHA1
da02d88beb476a59c5d09a167999abb1fcf07937

SHA256
509dd41d23d930da87931717cc4921fd7f86d782ed7a4762c3c814ca5b04bc8a

SHA512
f32ac3e72f46290954534b05d0601bd48b429288f9387315eceba88e12c8a69c4f8f0637c7db295e4992d82ebad1e98be6817620ac2a7b00c22ddc7231c63d39

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
0d7563b7dc7e7819c9962ba4876489cb

SHA1
3a3144bcd4473665b9c72d43a2034739ea0ec588

SHA256
1aa2da4eea2b4ed42587281de716e6f63a2a4abc639da53732b0d76733216196

SHA512
ee831a5100ebd9af7ab3938084ab5ad2b3557b8bc18c97c7144af5dcecd2923c2d795bb4c49bc71b5996b319e652ba40051562773c9baed0232918b5fca81bb9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
a69da3806b4fa2185243fc44c18b9aab

SHA1
1e75aa466a0d9de1783e8de22c9815b20d3b81d8

SHA256
70e75e57bc8278154be88994cbd8ba48bf73d6aebb546a300789da29905c048c

SHA512
f3d7c454d6ffd3f3260b243ca843896bfd6389b784c6a20ba9a4660ad8c4b394dbb9f9df6c8df70e353761b7f36a640bc46eadf62fe1b4baba189abdfc2c7b0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
88de0e272b0893cb60099d2491dde72b

SHA1
a355b577820fe87bcaca929580debf56deaaa786

SHA256
7eb6384ca6ea387153c70e15c6ce479230cc2ce382ed6163638d539bcb63b36c

SHA512
d6c3800708e815915894db2ff0249bbb105c2eacc0eb689c940fde3e7c4fe84368c75a648a748e68b7ecd16fac488d60842920ff6b98bf0dd68b505c4079fd74

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
13205677879cc2248b73a4ed5fee007c

SHA1
b2618c1deaa5b7cae42209774ab1352ffabcd528

SHA256
234e049bddd3848cc5d05e96d1619ce0e8eeb28d48bc604a2758f9b9807f25f4

SHA512
42a31f174b66155fa6842e36582695c7663ea25bcd7de4a946d21d4c431945fb067f6c507160b71e51df5c67f95264c53cabce889e8312f9a1072086a75c2a00

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
0a7f909d86e7328c3fb70d5d54554933

SHA1
7c55da98c2ef080c70d2710aa7ee75f5048eebb9

SHA256
6630761bf06f687bb70566f5ea39cda90295ddb69f4d29c8aec77984ec34a47d

SHA512
896a4ec9b6ee951321400b65fca0e9f28d89634114048708f3a881e42816d410bd46f0381d4e09dcff47323a5aab64e6aeea20c86d05ed6bfdffdc73dce23726

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
d1102344d3a60c2ab9ba689b9a79abe5

SHA1
b3cb2a9b2383e9d34c3fe311902db84c8481add1

SHA256
92900fa2ef628cf034d0e59239178afea0108faf3e6722581dd0b41dc3afa262

SHA512
2a98d5b31f157b7d51276acf4cac802c4e81a7200c2075044704f040e2dab5464c8cad6be8cea3ebdda88877563a37b96d6750293e52dda1ae481d9a24b6b870

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
a9b6c48bae0c259911f4b6091a303f08

SHA1
c6f078da9a2ce4c925ab82df25a138a66bf1fdf3

SHA256
877423dcbfc11cdcb79622410310e8c2bf66b992abce6076fcf18e6f4f933a95

SHA512
7f72b74ff6f005c31924136103bc210426564073dd6c4608d580fc5bf0dfdfa1d82207cd429e3f75517fa2f6cc267a18240b452a8e88d515790323c4dc9afb8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
241d0eb25a46fc38ebc5581c2313b0d8

SHA1
b5186b75d266787f288c1dce705b19ffe38db782

SHA256
8aa154ca7a28878f6f540db3500137125db881f4deb2610056e17bcc6931e1e3

SHA512
640ec9c8259e883c26ac4dc50deea04f0c1bf77a8577af74f7bca04a1898e276f06b08f71e8e98ab29ccedaa0dd1d98fc18a1bea8d8b3614583a9ab7189ffacb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2555dbb6231633b8f7ca97657bcd2b65

SHA1
2834e993363d1779d78eba5c27060b82c7c6d901

SHA256
566b4a5b052a165dc53943b7eb7af75a07c8354e3b25445917993b2b1187c333

SHA512
91ad29bbff0c454d72325269a6ac202e9f07093b15d0f1f973c6d7913dde3090e787dd9c0e6d2adcb21687bd5fecd4b3bc89f0170d3afec43b9380b80874fde4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
e4b47d9b53deb0db4670190dda796963

SHA1
597128e9d45f4211c789299b8b562da953cf09f7

SHA256
a479fa4fe62472c2e95e3670deeacfd9dd9842ba383498ae1cfe176196d810eb

SHA512
4a99c6ac8b9dbe22850a1612fb28a5d31551ed17cc206325e016d9bcb0241cbf98143470909c77862fbccd0d0f654885d5ec8a937dfebd46862ac6554fd915ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
072e9b31236e3c2fe9bed0de50dad181

SHA1
3962b7d9a9bc8c78d97c04bbd887814af2d0e573

SHA256
3d4ac1b376eb57fec46f1042c1122bd8270e4b76701c0c3910559a32561c4373

SHA512
c7e1d7970a5a1f4779d7d7a7ce3456ba22abcb8ab8bd7369c56a4abb76c76b018f21df1c75a923e853bd005a09b4d6cbf8f1ea24457941526c764be38f71a181

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
1fbfbbce09e5254aa05732984fad179d

SHA1
a4a0f532078b2631a645b105cacd54757f017527

SHA256
deacc20f2314a3ab9032062a5ea61edec8369eab729d74d05dd33d72955bb90d

SHA512
5fc00d038f2750d57d264bcd31f2f8dc1db5973f34c899f2e5551da42de3c02d69af5b4dd90e9a28711ff56d09b5a728f082996663f263ffaee2458d9c3978ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d014d514-6954-48c0-9b0f-cffedaa9dd22}\0.0.filtertrie.intermediate.txt

Filesize
28KB

MD5
1880151d94d932f8229244e0b65dedcd

SHA1
2869910c746bb2b9891b4d7227046e72999b20c0

SHA256
af27302590ccb81d358069cbf2d7b15ef1d8dcd932e29cb19f4e0515f3479a15

SHA512
256efc53ba26837162832738997f7250252b945a4aaa3762f6ebc32c12292daf5816cdb0ae78f4b62743bfb8c27e1c8aa4ef9c59e1f0ad41c1f9f167638ee3ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471134582342837.txt

Filesize
77KB

MD5
5d82947da012888ebe7aed03544ca309

SHA1
369888f1c67b8449270a67770d4172fcdfc9ad7e

SHA256
15e6ce2fab039df7aa35661fffd5c1f4d7f5eccfca193b3fbc2b310175234690

SHA512
cdff621553c9cdd3bbe4deeef6acc6986f660674923113af4acd61d6761ff0cfa4af7f0a7b464acb91344054bb08ac86c8226c7674db6d188a5f707b957143a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471135002645886.txt

Filesize
48KB

MD5
4567bca13e6f8e472311e9397fdf74c9

SHA1
af0ead2809c98de25cd740790926f6f6d4c9a688

SHA256
cc548d32eec19814b24af07ff941884fb08ebfd9ec2eb87bccb9a4c42485c5a6

SHA512
4a3474187d2a97a254f94cc9fef2ea62fd3cb495915f9e0c1641f9fb112d2bb5e20b7b49fdcaee0c8a54ec17ce189ee2dcbc9ba3b14b1a29bb4eae4bee75f0a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471142463946277.txt

Filesize
63KB

MD5
99a78f59f83cef5a18299a43cade5a3b

SHA1
642bf93bdfb97238045465abb9b4417ef4559921

SHA256
57e41081c261e260b38f325074c25278375462b0da79284b13a44c53701e685f

SHA512
7d8747a08f22e76a562f7a30ecbb59d20d718e15b6e1826372770156420b26017144272e3cc6264a06d2ed028b61e33abcd9a86f8808f4309d69ed01b768af7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471146239586940.txt

Filesize
74KB

MD5
376c092e275ed6e90310a5b473888d01

SHA1
dcc588360787ecdf1d11efc325768823a0914942

SHA256
0c6ee9cf5a71ed86eacf9387f0d3958b479398218aea4f80b9ace139c669ad20

SHA512
25276ef51bea911b51d86d0bfdb881cfe3ac1f7be7c55c42714abb6ceeae5b6d019038f61a249d67052bcb2ee9a87bc9855fbb3e324085de08d0fd111159cdef

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
8701c431b11ace57ae6237b5095a2078

SHA1
c40d42c1d9f37692ec387715cd81c6b0c3326b31

SHA256
dc5164a80e1d65deaf078c4671c32cb0953ac1c4fd083ef6a5ec5be52c8ec76f

SHA512
97fa328626e463da595ff556789ea4c804b4a839db4ea3a38f5a8499a7f5405202ce938e0f0fc3925b3416bab8a718b5cd7ddc7d41fa771600297e5c19bff91e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5f66b98035345c741845d4df520ebee6

SHA1
c73371a35aefc26303b7a7e7be729714a5f5d1e9

SHA256
23476dc0cd1f84e63d058d48011f5a38cf490600f188cf030609780e28c75c65

SHA512
8c224f8cd32a0befc6bca9e8ac1b84dd13956998c1b188c70739c8a4eb326a51d3ace66fc508722978cbd59eb8631a23dc5a11c06328e576762c8c110fa784d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
88c97f9ae243554565e8def5cab285c8

SHA1
d30a0eabb88af9ff4cd3554072675965b094304b

SHA256
f675696fdc11ddc4a99fc45c82b70665def2cd9eb47feca3372ea36679d3253c

SHA512
d5a0bc47578f6d5df36654f33d3df293e52f1c6312583a273ff1746176a4507ba5cb4e0e7c237ab19ae2d0d8215c47907e2763422d42e52b35b1b9a52eef474a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
fc18677ca4043b0d8a93d01d39063887

SHA1
3bbe3183e7c766be774f40c61f42ec19880cef4f

SHA256
e27925ab98cb485a948fdcca19a5916815874769b5af5d3d254b7085c9581835

SHA512
73a4a24ffe48796d3db3ac761770fd81af89492bfd6e10e3b7a19838f9ae8f9da7c45902a350e8d83c55d8dad441a398a61b9b361785f37f0cbe896fe619c0bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
b95280dc2d0f115eea4d02e5b67c3ed3

SHA1
bcf7fcaacb4ea2dbaf5f20f425fc2c58e0964d59

SHA256
382f29a58f6673297b2578cbd4aec4b7b6f225af83f74faaf5983334a651f97d

SHA512
ed98534e020ff950e56fb9074b8145a158d180fc9b46c1bd3ab27981ebfb8d5a84e805602c7cf409f963c9851421c88ea4277a07310b429ec0b7f360bc4008d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
a084499c4b14d106dc6ae542a55148e0

SHA1
817f92e0ad9704a62385b2737829fb86c2e123f0

SHA256
7ced6b3f05d22fb22e7a2c96df13d9e1f7d2297961a55dcd49205f43aef2f17e

SHA512
b5e42547152eb17e3dd60a10d04bcb8bbd9bcd96c9c02baf741aaba29b8990d7e0f0fa7738c7294cd0d19ccaacde66adf3ed1cc8ad74ee6c9930a01183e25e88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
0305f3935eb97f0e28576793fed2a454

SHA1
b6f32c3487aaa7bdd975fffdd7c97963c28b3e44

SHA256
0bc62c17bbf1aee86137cd8d36804b3f2985240c91fcdae942f1a51dae696f95

SHA512
b63c28fbca595ccaf7ba1a0462624970c214742ba60892c9c64674d6c6728398ef92a480a2d7e41b6fdaf9138574247caea959c006fe71e4a7466429d4b80a29

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
b40036cff7a236be3c05c4ced98134fb

SHA1
d7156ce9dbe28ef15470d0ae556d9bb1c8706fcc

SHA256
ff193e5888d94c897d36f0132433d46619a75c2d8b652b8cac61dc1919aceda6

SHA512
f22b2956d7093b5e61eee47f75a27f52fc0f0963ad8786e24dae878969684aa6d15d5a39d042c2960b2a41f28c3581e57f043e43d926476cccb9136599b0f46b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
537383f503195b2885e38cea448ed5f7

SHA1
73bad596c39249e5aceab4cc66ddf5c7e116858b

SHA256
28ca666cbdea89bd23c1262dfb262f6b171a462c50b4b6a2864a34a9f6124f29

SHA512
8f39e25c5df04854a73f9c3625ecd06a17a3ec1c83a905a91af7d9ec3be20e61febaf1243f59b67d98bb32af4a9bf0186ed9788e4ee12cf8f2405dcb82775fbd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
757b8dd52893816d18acd53747bfb0bc

SHA1
bac3e7b9b85b233e713b8dfbc5c3ad45c6d99d2c

SHA256
ef562177487f2e8375c153bda7afd567272aa3892b8db33ad6da1f1ec581eb6b

SHA512
874700a1a4f8fc5a88209a9778bc2e0594742db9d88638b72228f75c01f6aad723568b3e59da8175253052d2cb9534a0f94689e02758598bb94c943fc3011a33

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
7d79542dbeafaa523f55e565365e65d2

SHA1
448c53227bd2a68744801f4861dac88d58be27b3

SHA256
f87964bb48f948ed7fc49858a39a17ae0c7a8b55b0a4cc0037ec6f6b4d5ea335

SHA512
f0203bb57c1c36852b7ceb90c28310de4448a004b1ed784d37ab05f7e18886ece077886b50c6f7c2f250c0196df8cea92c3e84e577bc43bb494b121d2ba25795

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
8961e7d295079a3da8de9c5aa4a819ba

SHA1
934731afc0065c164ab45335f216790b0ab119b0

SHA256
c5240b6a850c5116fc7806e010930a63fa28f629ca363868dcad746dcc3c10ed

SHA512
562b630c5d6df67711413001b6824a7a4bf8205a8b4e0562f249bbe02ca3eb170a9c75e4fd74cf1ab129d8942329a38b142f605d9f7a54fb7b07b3961068eb74

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
4bd333d90abaa611759c63702460a97e

SHA1
1bc0aa55c84b4cec249011659d1dd378e8827224

SHA256
09a860d631b024dff2ee0286417757f888a21115221c1c7fa8b31cf22b0449e3

SHA512
40968cc945139f23e587c8b7990f036d3f61e385bd2eab1d8580ec4125ff30d2889dd5e45b8ad5df9c567e778b8d8d34e6b78d66dbf6b8050cbd9922bf08c439

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
65ad39bf7b613ed2991b768c5a53a6bb

SHA1
f74e404612b32cef39de33727652708873d825ef

SHA256
7bff5df8f5c5e87bc4e4a9cee04de9d14c3e9e23b0f60563f2352a38c39b01ed

SHA512
18f22e62d8c7fe432aac8e26609c125ce5eba94889c8cf581311dccd7caa2f73d35f6825b39c05f16e131fd771d645eb79c06f4c279a4f0f51231567abf46ff3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
642a4f7bda16af066f503a5f102088dd

SHA1
e1536dfdfe9d1e6ed495d04ecdd3e9d1ba4dabc5

SHA256
478ae124c83ab5d9dcef2f90606e7f5614f1a72ac3509221ee456d6b38e47465

SHA512
078b0be1ee69cbcf320200640d8c66f2776e6065a866789ca7610f577df49748487ae0edd695820cddc22b8c79ef50fa57ef4f2fd4d4320e770716a2e2b8c880

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c0a36b230311e53a684d35670a60d347

SHA1
3aef9426ceb9e6d32110a87e1a34382df520da4d

SHA256
b882c41e9a17264effae0a81103677a351248c3d9c9687b8f33b832428caaafb

SHA512
cf3124b8e9a6e5f75a861522e47d56e21b07007e1819a8874938e0a6f2503478eae00cfb512d5a13977ba6136c61b5fcf00bb099751d130162d8a23a6b235be2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
e14c7cadfd93f3f1c3aeca220474adfd

SHA1
1d043b314289718d395f86016f5a56898b95b7b3

SHA256
854a3d06095ceb965d0fd3c2b275e4b84cedc05f93c3abedcbbcf2afcf0c1348

SHA512
a7633878c664da07c7bef1293e4ebfd185a1f4acdecf5ebc49b0a3ab103da16980427e17026920a5c3435c6793e02a32f358e99df14fb45ded2d0ca3edb5043d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
26b44f78f18fc0b219e29871667efde5

SHA1
74746f735cfaa9c2b9e217821dc61a5ec0000433

SHA256
2f40ad49d115567740919bfe99eb0e179d68ee53628b3aabcce265c355cffe53

SHA512
83eea8ab21a74333dbb2a5871ebcc45f4acaf21c3a1bb4ab3c5d5cc8888ba52fa08a131a123e3091e72160dff7ea51f3e66b76362ae268658123f20bff4eed3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
ebf4afc630984bee8d56d68a63ca540b

SHA1
f415d41514c38f3bb1581c43f3ff5bc275870590

SHA256
b1eaf5fc907db4aee35549cac6866755cd51610a463abec89b4c62d2d781f760

SHA512
f63a802ce39e4a25e1cff9de9212cd546df38c5d9f35ed69cc9025175c782546c3f0ccf4b8506a3d8e400f7e9f6a6a3990d7f6ae10d4b9a72ee862790b31d6f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
69212e15dc2754acfb98f4fa6939a194

SHA1
4c4cac7d83176f40c2cee3dad96a41e7d306fdd8

SHA256
3528ecd2134a99c8ed567453257ea29504f1b96744546c339f622abf855b8074

SHA512
b4900e2c21dba35f5f4d3eeb5deaea4b2e7256b6cf84f2ebd34cc7fec19499dfe64f69002ebf970b7103d591aeec469be22d7970934892dcaf936c63618a640a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
feb5b28daa7551890e6a6397b7e93bde

SHA1
a7b20c3fb24cd64ecca2a4a1f43f4bcb184e8abf

SHA256
39772bc872af06c80efd8cc80a0023a02fa2a8532a9bd392b503501550e44918

SHA512
f35366347505f6fc856e61d2457ae63da08444ad0fc6f8d6ee0f21acca80f0abbf8d88147d18d6ed6138aa69cb7d001e7076fde0457a99b372d06a27cb2b654e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3d8afe0e5ee0a2e3eca1f1ba36736578

SHA1
a2189ca542eef367336ef3fe6637c093f7f64a2d

SHA256
92d74e36a166d280fc2df176b0cbe38cac3346f84324df00922aa099d26d126f

SHA512
94db04e298ef1e796f793d2ee30dcd6baef04b4ec5a540ed2a23c5ca83c6f7ddf794f5aaf6d55a943de3d21e55bb3ff84e6bbaacda994cd14150c85f056088ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
a824b12529ed935ac7677ee8cab75b6b

SHA1
4cdf566ecfa4fc721e493b607ebbd99aacd4a80f

SHA256
87ef1861e499d5430672e1600b9745badd7c49495f12d3883e61cd0c6d6ecfd8

SHA512
570f404ca9605952296b0f5ae2d024dc4bdabbd53d4106aea952277836762ab8279a30456796dc268184992e9dfffe6cea4431fd2a1f53e89f07c5160cd156fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
be08c0f206f9b58055fe9deceb58c1d7

SHA1
24ab347239b1c78005984a083c2b0dd07798aed6

SHA256
f7cf7ca8a19401718cd05167b0a052762e0b2e63e57dc109ffff21b271f2e5f4

SHA512
8978c89b6c5fda76fe9c225d8d6bdefc8d815a690d703f1097610d46adb65217e2351e1c3f9acd811539fd6b15a0f9eaced6dcc02fc3be800fae1e61aa31e398

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
801e211fbfff7d79acba416296aaf2a0

SHA1
c48e4c333afcd76569fc8a947821dfb089a60941

SHA256
4d0c2e3dc0008c4b182f9f032b383a1efc6c073736487a79dcae0c6bb21f4a7e

SHA512
c09f09c4fdaf7bb1686b28ccbccc801fe74d30aa744afd847a0cb52acded721f473785bae6b9df6966ebee5951ee0720159c7a47bfbcaeeabefda4ced630c62a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
37cebafa127d49d52736aab5b7f814e7

SHA1
e4b211f188ff4280aad3aad38ad16164a2238e30

SHA256
cce1c0c87f03da03397dabc0735013d54ddc27345f5c3127633ee495be0f63dd

SHA512
aab516d71b871e29f0d03c089dd1cfb0d49a1e7ff8158fadee8bd328328b3165a19004d31ce68d6159c7e18d9eb40b665f0841ccd0fb5e3843295358c5003dff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
d514cba913bd9e02b412cf783eedd738

SHA1
7d90a71be6f8bd09836bbd7dd5a9a45afe395fd5

SHA256
eb01af350d3c5d5429da2a04c51bd8cca343d6c578e7184a77ae53478eaa09fe

SHA512
f3cd33f5e3e010579972de618a15bf4371bccbf1b335ed08b9e3ccf74bfe1e6b8adfba08d6a8d7767bd0031439e86c8c93198746c0b3c8d9572735e7080ded92

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
b0f8055fa406e39fb675a8a2b6aafe0d

SHA1
a2680507362be708ccd09bb4c52d6130c7e508f2

SHA256
0bb72c310a8473eefa2db2cdc776595e3e3247c806af8e58e3c4407fa654d8fa

SHA512
da75b80809271b838f847cbd6f2cfffcead90966067b2d81ccf0f944268982f2061f751c2e4b01517d77b0bb8aa28c4cd69d60604d0043244f16bb79cde5f094

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
15b3dfd4952dcd83b700a50032a3d9b0

SHA1
9741ab9a5164024adf94f81e51c45874f61812a4

SHA256
326b4196223a591dd8b6626a0da7571e22cc4cc3642f6292c366d82ee77d8058

SHA512
98a156e641cf21d8dd2c9b44a45dbae2a75630d5fb641d23d7ff6bdfda0e05d025f858c7b6a0317f7b2f4395d0dad120f68042bd5585b392120dd429b63ae849

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
52eb1e6c341d492d6f4fbc0d1eca6918

SHA1
09226f86db935fdcb1fe4039869e73d48f0a64e6

SHA256
66a5e636ec551180feff8f023c2bef54be0a44c4c26a7362571c938dba541666

SHA512
5251c2381cd51891ec675d01b15c5b4690fe7cf103dbe6db5c4a65a089836603b15eac6929f46343932b152919ce42e747d75a2a9bfb830361f2386e57598edb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
2e0d2e635971b26d8d168c53f7573822

SHA1
1e7bc7cfcecb8475cca4136dc19297fcab9ba0ec

SHA256
fc546df56831d72e4727a6245b14b1670aa6d11ce16c244b1c3641cd2963350f

SHA512
5986ee1a92185389128b6557e871277d421433c8c39dc36cc3ed95d4877b954a74e42431f691d16d9c7781d769ac348474a47c01deb5780064daa1a3408d9400

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
c28f71237b96acb5158ca49c905f2c27

SHA1
033c6cdd169bd085debc184124d3466d6b30a19d

SHA256
e5df877ec681fee35d81826ef84d179d23fef8d0fb45a68c74b58ce23b0c6996

SHA512
10bca5fa5b8689ed259a7d78b4114162690f3944b22ab05d46d100319c6e92c1c7db0a3760f4e7eeae8c8d6030e1d5a096ccd42d631af7e214b32c4749777338

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
0fe86bf21018e0bcfc0cba17ab51fcfb

SHA1
e42600137853b3ffb848ec1d31e63bff20349795

SHA256
d593cd299db907457d036acba2c3003beec8a1885b90f317f2ffa550a5fad674

SHA512
6397d56d8a9e466f5ff92827336e108a783b26225f2e04d6631b31b87583bc8920bd048a604250a8a90054678ea58e10bcf984c8aa1ddde8e92e3354393556fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d1a0a3745ee89ff6e22e8bb6e93fffee

SHA1
d969c93df99f47fa69bafc30a1c4e8370055c40f

SHA256
834dd93b98c3da2eb73402c406762b72e26264d02309aa4c65c91f28604ba6ae

SHA512
6e90d2399fee3f3b0a746ca386f38933e409a37ef5251c973eb56a9da6ed610404554a18272a720cd7ea489f68a9be2d18d81260ad483882250cb9d8e5ae398d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
c0296e5e6f0dd0689da739f359eaca4e

SHA1
c09ecbf9e1b11aafa1fae4a0651972ae26beed14

SHA256
b8ebe96b7152e3778b97851962cec5fa9e398621526348cb1fc53769d0b1f823

SHA512
3a4517b6ab7f19d2bf447ab9ec27b6cc29cdd5b2333f195b7acede2161940cbc2d4abc51e2d44acd359ee2cca63e965fa1b4962cf9a6b45be6291bfd4ce91ceb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
177745b10c7aa48586535ffbcb1615cb

SHA1
dd1edaf4abadd7efb1599c4df5c9085daa408bb4

SHA256
3ecdf5241e30e9a57f21209a3901df430abdeb40f2acc5bbe207f664f440eeed

SHA512
1278ba9889c59d6aed429f06ab9bcc66c845e3d5ec45523c23d22f24607c9ff82d5919b0e0dd02762f0d58b1f60de4015b7b1c2695502396d72e30e658a8833f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
cd7bdb5bbf9907a6854c9cc0de8d96c9

SHA1
088fdc07b8a5f73d3eb0d6e94bb27a787504e303

SHA256
892b9b0be97d2c35373c5ec8a7668ca048512df4d66900b04555694dcceef17b

SHA512
3dbae981a5dec9129a1c726589d63514126e5111f36651b8a8e14ac00129ff7f1be173199d453e9db0e9d106a68faa661fe9b8594529cc4033ec217148018a2f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
2796297089ff34b458fdeb6c55919c43

SHA1
40bc75e439f760624774f5119c8ecccac61e9257

SHA256
b05bd16644443d3a1072f72a1681655eebb58ee244edb6c37c6dad5cd3554148

SHA512
a9b1a5bab14e0df5c046580952d2eef7d28fabbe9620c6edff5cb7762cf2c7bbf726618f95394267146101e298dc85d8f2855c59f82830dba34f81a209ffdd6b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
1cbe8e293aeeb9c8a0ab601eec9c5bb0

SHA1
12d9507d7049066c6535530484d58722ead01d08

SHA256
bc1ce2bc4dbfef0d09646b976fdfec3691c12647ac0fa619cbf08e4b3d72dedc

SHA512
2a4d236f74560d15356cfceee94a1c0d8af18d3a442a5308896929db71c58c723b717f5d230a29ac6e06661fc0add4d55dc3848986ef2b0837e5a2a7c1e0bcb6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
685e74367ff157b000bafb89004f8e38

SHA1
6b5d607122037d1148024b9aae50627941f83a6c

SHA256
a59d324c2ccd09ae327ddfe83b2c927b6f9b429616471598ac9100a4845992ec

SHA512
60bc6ba63ae741570d0aa1f4cb406aeed513d3dc84b0bec4268cc93a25217d0e01d485accce1f1f9602322c9ddf085e169f2e68c321f1dd9a37b845e00cd102d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
b1512c6dff9594ca112453ffde723c49

SHA1
cf9b2e84b460e5bfecf88a25b2d814300c30414f

SHA256
c5896f8522258f06396d6d83c478ab2f2c70f8284722a3e6cdd9a5409a911f73

SHA512
63e45ec28741ccd7c501587dc0f6b6ccab5425fdd38df77a3f0d4a212c23e79b6489d0f497205d6755b9cd0e212e4a4cc37552ac1743b64fa732236b3451b53c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
cde4056dfc6f273e8790c8a06f44a8c4

SHA1
3a5f243ca512bcbd721875f79501ac478bdea5c3

SHA256
29cf41dc34391726285288b889adc44e8355775e1c326d462845b96126e2fa1a

SHA512
f5ad73b305d527d8ffe41149e3a5d971d57385123915e93980a318925474fa0501d73fb08965ac800f87dddb6cf179fc847768dd23b438631328e3dede2344e4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
b032dbc7a42d42b70ac666adff3f3552

SHA1
63843846433f8d85003421d66b5689eb3892d616

SHA256
c7b7457bfaa4c4177312a966846e690d29d010a9b7e3d7087bea302371cd62fc

SHA512
8dbd10d2811737dec726fce1547543192c160742ef91e86ffc107b35c8a2e44f363e6fd55f4e3d4803b4dc844642233913dc0fb119c0a67c06c843f06217a749

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
1e3171a0bc67b74cb1daf101ac3697f5

SHA1
c4d4d612bc81c4b24758ecd2ebec21fdc44ccb64

SHA256
86405363a8808574686f2a06b794b1621459bf346ebafa025aff552868084f4b

SHA512
16a86d581f765f745bdffb7c05eff0290664521ded16bb500b3bd2b5958acd95275c0f785092a3f4f507a61402a481e018f1d19b7893ce761cb7f955617be61f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
73ff90c85c2a4f4259b175338aff2be7

SHA1
bbec18c4ed1137b39101b7501864eba2e0072cf9

SHA256
e8066111e95d4199bd4080e15fca45beaed591665c0174a23d4631deeebfc473

SHA512
96b34da518ff26fbac59c163a14f6df7befc375881f9a3895660601329dabc653d2fe67525aa9b1556bd9feb4e59133938fee31e583780c6e16e00cd19111497

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
1519a6a440aa1ba5ca35070b6a47e759

SHA1
2eb2ae6d792e52dd6648a8756bf52323b64b92c5

SHA256
11a95c9103d6af28c2510fbfb07815ad0b5d55f043fb2db9efdf0b0e305ecf2f

SHA512
d919808fac4763b740e286b59db2beac54b623b38c474edb42ccce4cf14e4753c7917521afd4fde3f637633daeea985089d8bc9e71d111ebb9f80a7e3d597842

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b2cbaf9aa921dd39042abffd505c2fc8

SHA1
3df7cea93d5a61693192e947573b8efd3682b9c1

SHA256
f007fa7bc3c69faeede20ebe4409278aa26835ed2b2ab6f3f018050a945c28bd

SHA512
8cd8fb32dfc76df4812771cc8972621cbdf755108bfd7bd5c340a6b314c62c0270374e661607caa40fa2c20d9e9078f34d1815c64903e4c4bf6ceebe56be2734

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
a2a39bc981c9d38377018476f09979f4

SHA1
35c91aa6932b5b8363ba1a7ff937665b45ccfd86

SHA256
e32797bb74f4d4da92859f976c8557675b698caa3b51fc33f2a62b02f36bfa02

SHA512
b68d42c51d068425e0aed9c702cd0f61b5329ce5f38ab9d7f29688057ade60285a9181d7318397f2c4845df640bc1444ae96691f567ce01391b28dd6161103cc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c31695319e801ab59e9a6ddd76556090

SHA1
d69bf6fabb7710837302a0d327894d542f26ecc8

SHA256
e838b23e543a4db434dec79b5bdb2db88edbcda25b143432f5f4bf93bed94a78

SHA512
85d832ae76ed20fd14fe16341cc20daa122911893353aacf898c69165fe4ddf5c51ad197c569047117e96f2db95f6cc393e30d775affdffdfcfca7f1bd59b8b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
27acc3e8df44f6abf12977bb64a160c2

SHA1
0cd28631f107c6a33211cab859a013dcc4bb0bca

SHA256
b8260c096efb106aac4f2b978b9f31855faf6a9d9a992ca3cfa80ed1fe78228e

SHA512
1e9958e22fd9189b09177b6e7a9b7e933ecb75edf5a64c2484d27ec28fc04a035b8c67e6e1ffbd8c4afcca1b9c5e18ac1abf3b3057f4aa8d4c16dc517e30a2b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
2479e78731b17f24b7b5958749f07b4b

SHA1
379e5d94475f8d8d8bcb6f346fb4aea54a7511c1

SHA256
d336eb0647e805dd0db97af2adc1cbb043f23dbc11bd4e67c5f107ce585a3811

SHA512
de3f584ad1056058fd2ae6d560c841703d441b2b78094bbae7397fb8eaf69a63b4c7e9a8d8f02b5232ed6a531d693c81ae9b4a33c462112cdc475ea82cdfb5d6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
eb1835d55d2f928c4da36ff26e37aa59

SHA1
87bba452d8d82cb61c6acadda09a8c231db50682

SHA256
c8b48e494141d6dd1500c6aea0380e241f8042abfb170775986047cf61ee2a64

SHA512
67f6de6ea705ade4632d131d44a2ffc9d8712015e960c354a9773c6ec84ab24b2b2b1e4bbd292313345ec0d565966475b3c5fac510f2e4751061515db67d3636

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
4db8b347bc9ae9a1d0b532460d976913

SHA1
13fa894250d23af232e92e2b530a9e8e5526369b

SHA256
f4d062c80312ef7ebf7e7990c29931b8ac94618a5b39a4089e5dc42b99aeddb4

SHA512
b0554562b6909f1d6b0249627a22c10fe9c8af523c02cec617ea35128a0e0ca116e6a999692b53ce9d459105c2a62da402620189163fd2ad13699c6e18ca6557

Download Submit
memory/1400-3186-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-6-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-7-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10867-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-1430-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-2124-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-8849-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-2125-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10858-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-3-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-5966-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-7488-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-8371-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-9821-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10038-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10762-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1400-10841-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1948-5-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1948-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads