c2bf26d1b3a311be1bec839ca7c26bf2c944fd79333485a271230ec435c318dd

Analysis

max time kernel
139s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2024, 20:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Size

72KB
MD5

c12a9eae7b63f5bdd90deb3969079492
SHA1

f0700457e66091be7222748c7170881608d3a0cd
SHA256

3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e
SHA512

44270af6f6fed42dcb190f0761714bdc1a4888197f3d19f1c6c1d694138e54b17ec9403ff24658ee6a9e7379fceaae1e727ccefe512b26818e2310669fbeabc9
SSDEEP

1536:1ODavnxrn1hV6tXqHa0Fyp7Sz4C4OKqlmAC+YyWd4AEZswQUI5GLy:AoV6puaMypmMTOK/41krQ+

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Program Files\7-Zip\HOW TO DECRYPT FILES.txt

Ransom Note

All your important files were encrypted on this computer. You can verify this by click on see files an try open them. Encrtyption was produced using unique public key RSA-4096 generated for this computer. To decrypted files, you need to otbtain private key. The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet; The server will destroy the key within 48 hours after encryption completed. To retrieve the private key, you need to pay 7 bitcoins Bitcoins have to be sent to this address: 1Hxq9SJobRG8xZc2h4hN9xaaga2jFBiYqQ After you've sent the payment send us an email to : [email protected] with subject : DECRYPT-ID-63100222 If you are not familiar with bitcoin you can buy it from here : SITE 1 : www.coinbase.com SITE 2 : www.bitstamp.net After we confirm the payment , we send the private key so you can decrypt your system.

Emails

[email protected]

Wallets

1Hxq9SJobRG8xZc2h4hN9xaaga2jFBiYqQ

Signatures

Renames multiple (6436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gm.dls	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M8ecYZeHedVlmXa.exe"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-RestrictedCodecsExt-WCOSMinusHeadless-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WMPNetworkSharingService-Opt-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_32023cb966fd5c8c\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-HypervisorPlatform-merged-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-UnifiedWriteFilter-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1266.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Containers-Server-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Remotefx-Clientvm-Rdvgwddmdx11-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TFTP-Client-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Common-RegulatedPackages-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.264.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-MSMQ-Client-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-RemoteFS-Client-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Vpci-VirtualDevice-Gpup-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseClientSync-Host-Opt-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Storage-VirtualDevice-SCSI-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~en-US~10.0.19041.906.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NFS-ClientCore-D-Opt-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB4552925~31bf3856ad364e35~amd64~~10.0.1.3176.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.264.1.6.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmke.inf_amd64_b83f029888180def\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_2afbe7d3ad20f42a\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-VmBus-VirtualDevice-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0413~31bf3856ad364e35~amd64~~10.0.19041.264.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SysWOW64\dvdplay.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Client-License-Platform-Upgrade-Subscription-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-UtilityVM-Containers-Shared-Package~31bf3856ad364e35~amd64~~10.0.19041.1288.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1266.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Internet-Browser-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Containers-OptionalFeature-DisposableClientVM-Package~31bf3856ad364e35~amd64~~10.0.19041.1288.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SysWOW64\wbem\mofcomp.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-DeviceGuard-GPEXT-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-msmq-adintegration-Opt-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Multimedia-CastingTransmitter-Media-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Format-merged-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\PSCRPTFE.NTF	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Vpci-VirtualDevice-DDA-merged-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Lxss-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Not-Supported-On-LTSB-WOW64-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-PictureTools-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-VM-Setup-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\MPDW_devmode_map.xml	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Compute-Host-VirtualMachines-Package~31bf3856ad364e35~amd64~it-IT~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Hypervisor-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\license.rtf	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Hyper-V-Package-base-Package~31bf3856ad364e35~amd64~~10.0.19041.84.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-Storage-VirtualDevice-FibreChannel-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-TerminalServices-AppServer-Client-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WindowsMediaPlayer-Troubleshooters-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-UX-UI-62-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1288.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetFx-Shared-WPF-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-ShellLauncher-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package00~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-Graphics-Virtualization-Host-Package~31bf3856ad364e35~amd64~~10.0.19041.928.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\prnSendToOneNote.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-RemoteFX-VM-Setup-Package~31bf3856ad364e35~amd64~~10.0.19041.153.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ConfigCI-Onecore-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DISM-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.1.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mpbehhjmmobbegjj.bmp"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\161.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SmallTile.scale-125_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-400.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-256.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-36_altform-unplated.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-400.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\pt-br\ui-strings.js	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\WideTile.scale-125_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48_altform-unplated_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_altform-unplated_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\ui-strings.js	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_PigNose.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_altform-unplated_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-400.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-100.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-400_contrast-black.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-32_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-20_altform-lightunplated.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-20_contrast-black.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\ui-strings.js	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\Logo.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\vpaid.js	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\PREVIEW.GIF	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\OrientationControlOuterCircleHover.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-high.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\manifest.xml	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-100.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nl-NL\View3d\3DViewerProductDescription-universal.xml	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionMedTile.scale-400.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-150.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalStoreLogo.scale-125_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteWideTile.scale-400.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32_altform-unplated_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\dashboard_slomo_ON.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-16_altform-unplated_contrast-black.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-100.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-30_altform-unplated.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\75.jpg	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-white.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..libraries.resources_31bf3856ad364e35_10.0.19041.1_es-es_104b48f68f21768c\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.19041.1_none_8a292178f857b8d8\SystemPropertiesDataExecutionPrevention.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\diagnostics\system\Keyboard\en-US\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-k..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_it-it_0b25b3ff214029bd\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ptionhandlersplugin_31bf3856ad364e35_10.0.19041.746_none_1a59c9298354bd15\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..pc-tabbtn.resources_31bf3856ad364e35_10.0.19041.1_it-it_01c6428c58015ee4\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..torclient.resources_31bf3856ad364e35_10.0.19041.1_en-us_f48fd009dcb81c75\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_wpf-presentationnative_31bf3856ad364e35_10.0.19041.1_none_0cb7195de5ddcf63\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\CROATIAN.TXT	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..mogrifier.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_747fbc55d654a8ff\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..a-casting-shell-ext_31bf3856ad364e35_10.0.19041.746_none_adf410174fcf3c9f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62b18a0a1648102d\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\PasswordExpiry.contrast-white_scale-125.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..settingsenvironment_31bf3856ad364e35_10.0.19041.153_none_695eb49b8dd98fc3\r\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-100.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_wsynth3dvsp.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_1b03665686397ce0\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\d2d106dd3190b895c0c80ecd9ebe91b2592aaf226838647f785994860ec4b7ec.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-mfc40u.resources_31bf3856ad364e35_10.0.19041.1_de-de_d342103dc9eadb66\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-editions-professional_31bf3856ad364e35_10.0.19041.264_none_ba5e4a287945a683\EnterpriseEdition.xml	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\HeaderMerged.js	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ctnow-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_42e6f7bdbe6ef971\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\fadb8d4b32f3b23fbcbfa8b4053d50aac0bab1e6c1042e19e42469c4c53a1bd9.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_dual_tsusbhub.inf_31bf3856ad364e35_10.0.19041.153_none_68b3883bc908d457\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-display.resources_31bf3856ad364e35_10.0.19041.1_it-it_de143b7d37ad0fbd\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ktopology.resources_31bf3856ad364e35_10.0.19041.1_it-it_a799c329163ea6ea\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-black_scale-125.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_es-es_7b8ca346e1fdd6a1\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\3ec4e35b4a526b3e5fa4a0fb86e9905f8a3817817da8e75284402c95b57779f3.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_dual_basicrender.inf_31bf3856ad364e35_10.0.19041.84_none_e4c76534c11fd2dc\f\3803E232ACAB2476E81BC8A88D5B231A677DA3BC\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bluetooth-mtpenum_31bf3856ad364e35_10.0.19041.1_none_b872a80597251486\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-coml2_31bf3856ad364e35_10.0.19041.546_none_fbb69b00dcc6f312\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kernelbase.resources_31bf3856ad364e35_10.0.19041.1151_en-us_ececcfbf6bb1cf51\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\SmallTile.scale-200.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-xmllite_31bf3856ad364e35_10.0.19041.546_none_71896fe5367e9aa9\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-format_31bf3856ad364e35_10.0.19041.1_none_e6ce9a885db7db4f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-gameinput_31bf3856ad364e35_10.0.19041.1288_none_ebea267f5bd97083\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..qlxml-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9b13a30a15fcaf1\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..35cdfcomp.resources_31bf3856ad364e35_10.0.19041.1_it-it_91ff6a48fcbc8d14\SqlPersistenceProviderLogic.sql	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.789_none_9beee4eb02a5f8c7\Narrator.lnk	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-publicapi_31bf3856ad364e35_10.0.19041.746_none_5ef1cc16910f181f\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_system.identitymodel.selectors.resources_b77a5c561934e089_4.0.15805.0_ja-jp_cce719b6cf9ba7b6\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_11.0.19041.1_none_da0d59a26801c4e2\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_sv-se_0a628080059d3e4d\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_10.0.19041.1266_none_622873cfbda33994\f\convertvhd.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Regasm.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSplashScreen.scale-200_contrast-black.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-d..-netsetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_cc1d98780d42cae5\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main_31bf3856ad364e35_10.0.19041.264_none_29367e02ede71097\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.19041.746_none_cdf422107d2779cf\r\cttunesvr.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_10.0.19041.746_none_092d70d1898e5ff9\r\DismHost.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\f411b42a035a8d3b86e926e6205fc695794926d8a900b7e5a18fcada3025e0d7.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..idmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_af4f0ab73e68b5f5\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-coreuicomponents_31bf3856ad364e35_10.0.19041.546_none_21a414279c9a8074\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartzoom_in_disabled.png	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.19041.746_none_4b1a1978d1832a5f\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.15805.0_none_22bbf2faac84b21a\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..r-wlidsvc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_7d8bc51e4bb0af97\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\Catalogs\4427233661ba75a2d20337538a2d5d707a2e979ca88730b6aee74b26548eedb5.cat	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..alservices-webproxy_31bf3856ad364e35_10.0.19041.746_none_0f70f5a5b71ec478\f\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.19041.906_none_23e2379a6f03d0cb\r\gpupdate.exe	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-printing-workflow_31bf3856ad364e35_10.0.19041.789_none_d8add883fc02d9a4\HOW TO DECRYPT FILES.txt	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\401-2.htm	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\shell\open\command	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\shell\open	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\ = "CRYPTED!"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\DefaultIcon	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M8ecYZeHedVlmXa.exe,0"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\shell	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IUXDVPSMYQNOEZW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\M8ecYZeHedVlmXa.exe"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.DECRYPT-ID-63100222	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.DECRYPT-ID-63100222\ = "IUXDVPSMYQNOEZW"	3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{CAD6F9B2-485B-47BB-99A5-C937F5EEDD64}	explorer.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe
Token: SeShutdownPrivilege	4748	explorer.exe
Token: SeCreatePagefilePrivilege	4748	explorer.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe
4748	explorer.exe

C:\Users\Admin\AppData\Local\Temp\3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe
"C:\Users\Admin\AppData\Local\Temp\3da65a0e613fadcff41992bd4f74b7dc1e71f9cb542339679185f79de6503f0e.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:4728

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
8d8231c08f51bb706ca6fa9a62cc92e3

SHA1
61d7b912ec762ec047b0bb0bf2e5a5308d23dd31

SHA256
3a127d692b40bf0dc133103307e9702ad648b929f05f3ab07daee3c933a9d497

SHA512
94e30a2d1f44e2d9408988439c0110680fbadc5963c00eedeabaff30246de74abd9ec7890a856ebc882449921ad2ec2d2559d47670112ecfc5ddc9a6f822def4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
24d43a3a409d009793fa6e6dea443833

SHA1
b1a83d0b371e7fc909660a3bc5326803bbf3e8e8

SHA256
424e98383d414525911a57e92c9fa1788489fdd48305a0ba6b07ebee55c01098

SHA512
7acfeaf7db8e0ec1122670d57fdd3368733cc53283220881679c7920252f1b6ba17e566a24e7934bf587e16e20a6a9ac870cba1935fed13eac39e0d78ed547bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6c2020e023bcac89e73d8f2834976694

SHA1
d0ba2eebfa96b6efd5d03dcb46a6ccb3d8e18207

SHA256
09e1d4538ac867553cd7d62a3c6e3896a6e8c92401571e5123168d14b9ac6e01

SHA512
b38d3670fb20b07824bd2471c090d0b7f74319434706bc972f3c96cac73dd0a987b9d26f0ddba94754835085222779f51b4edf331b80a67280ac78050c59fae7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\ui-strings.js

Filesize
3KB

MD5
68e5184130aed6bee2b625f4634bfd0e

SHA1
937ebf8c58b8857e04807be673b905ac1eb97614

SHA256
c6b2a4e2ae68ceae96b24096233d1c70b46d50a8322d281bd29cc6ac6fc1b74b

SHA512
5da6ac47bb64670d072df55a9634708ac58ba5cacc23aad7b892c6cce3177d1fff546bf0b6b10e68dabe98f60799f84266ffaae087c2c54c8abf4ceb1cad1853

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ui-strings.js

Filesize
28KB

MD5
789df27ab84d07ffd2c62fa7709ca8fd

SHA1
60241984db09bab90e6c1265d04878a3c2d12991

SHA256
513aa9c947079685c659f0105a748272b0e55e4286ebfb10649f61a0f72bd92a

SHA512
2a34962757054dc2f0809aa42a313a36fcf1d79b8ae21f9b2ddef7f79a5af29b812416b269a0f7ea6a6d7715eaa422183986e235ac05253e91a276c9387e26cc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ui-strings.js

Filesize
7KB

MD5
9cf3b0fc646e63ce3c71811cd5691366

SHA1
145f48000c4ba45b7b137d96b0a5f8c3e3b40e12

SHA256
381c2a8a63c47a053072c05d52779999179e4acb4431673f76054d94d508af15

SHA512
d29946ad1ae3b239f95fc53dd80725c2d8683ecc2775eb54b52fbd99e5ed517110ee9fd1ac1e2dba6d816121f73cc888333e3da1ba4daeb1ed36ef8707097d70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js

Filesize
886B

MD5
6d60a92bb23cd83e429151c6d3b48f86

SHA1
cd7378971937ab29692e0e6931198a9a73412ed1

SHA256
eb10c23b44a7e2f23e8bda7d28d83e60df5ed8af9c7d1e457c73724a2534ba61

SHA512
3b293b49dbca3f2916909027a34ac0319506565589a6029c55107126d47dc7c0fda956404c0f947eeaa1bf5c84305cf7aa4a335e535ad222c3aef6c121de8752

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\root\ui-strings.js

Filesize
4KB

MD5
d74b2fd81a37d4f1c00f09b72ed420b9

SHA1
4ef8e0bd706cbfeda2e39bbc987cd6e1dd4f7094

SHA256
f6d5eb2a142360ae8a4eccfe209a6fc589e1b705494b943bf5f528b4be9dfe14

SHA512
a7eea95c397a0bdb72f575ff421c2351b6d6b4307239269d6aef68ce9288df6ecbd50ca3780f0acb430cd9f39857533d8480eed6821bcde61546ad33ec9829a8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\root\ui-strings.js

Filesize
1KB

MD5
145a292a724e8f09a251a6256a620a18

SHA1
953238bf66b590c025ec8aa725c72446ab781e2e

SHA256
e2a110f1a0a8da8ed0b7043eda81827d684a04b62ca27c5188a908728b46341e

SHA512
1c4996237e3a74486e4a1343dafc05a4b5b610134ea3561eae2d809b89c853065ebd3566c0b7463127795e56fedf064d7390b021570b0b43793825b8253da2bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\ui-strings.js

Filesize
2KB

MD5
cc5a82b11cc0f89b147778097cce07f0

SHA1
9121b95509875816e407d71de8252303012729ff

SHA256
0e237cd44ec3167f939d8d7eaeed322ad90077e1ba1bff1b01bbcc6ea84104d4

SHA512
9b77bb77e09fd2ab474271b94e00c2e55e19361ded7ba7d78daf14dbfd0cfdfc81c59053f05e4d49f728f265849e571dee3298670adaa4a81042dd427bdacac3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ui-strings.js

Filesize
1KB

MD5
c313abdde235cf7cc66046ca457de44c

SHA1
ff32d28c6004d804f9f02e2013f52e43067ffaeb

SHA256
7311c1b326687cc0586ba57b3c5165e238ce99dcb8a8f0267c11953695790212

SHA512
f009f11f92ba953bdb7db274b53ab164ac2b50667c78981a543350e72c7989f584b384b75b41e5186e9a0525c70f48de1900cc730fdb5319efa4460185790b3d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
1ed4d1762d432445181df4bebe61d3d4

SHA1
6e774528ee18dabb09394afa28fae473f62e6b54

SHA256
9bfa4ec498f71812d729f3569924502ce6a1e87563ef7885551f77192bfcbacc

SHA512
f8e57f55700215446cfcc9b14e4c4c26fcdbb9876bf914520db75d07c0103d836f39edaaa41dcd5784a86560f3ee708c00475f88ce42fde63abb3321241cdd53

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
07b6ffb88a6ec8069d953cad90383342

SHA1
eeac111420d6bcfe35300e8dd5d8b252f2712946

SHA256
e8d0986d2ccc5b1d30ed105da74692614f5242be4100e3fb45b5bf0c9d42c9fc

SHA512
21492b3a26a55695db2cf8420b63f5622f2f634fb7c4aa9b963d5b6826a83860e6a08fd4bc744ee096697a9133969d91b24da39e829813b1fe34d77ef85eeb14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
d3e29edcbc395284a5eaffb2c8c14404

SHA1
284816fcc3a8439776c9e15875c50210f26a2423

SHA256
e76ee56d7c3d088e638fae1439a4e8f5b89cfb4398c522231ba89adcd49c0d9f

SHA512
4b3683b8bcc48dff9b9370133771cc1b8c6372a528372fb50123fefc5e36ed4fc408bb36a885e9620839bc324948942a62909551c3eb57725e2807b5bab27fcb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
157d54109a1d77cff03f5689e610b25a

SHA1
7666febca7c7244472c77c692cd3b97772a6dfdc

SHA256
4f4ba0fb92cbf101aa38fe8727dc16228a941f76fb7377b6e4ed881cda0fc8b9

SHA512
90c3653863a2b37fae4316b88b3c243f5fbd6c33281539ae7facd810f15d37f78aedda263cbda0e0186d2df882e1d12f5213217f9ca91b24e9ef51cb2f75cfaa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
6ed25da9131f6fe1944d51a9077e3a6b

SHA1
be0c826ad519653b41761833b8931c95a7db993a

SHA256
351074f68f6d49d6160a85a7e61fde854da6d1b273c91d990f7692901fefc017

SHA512
2ab4a8195fd2f865dbd7a12d221ef3696c0c6de5944543c78f1f06a290a0396432e0ce6572c3bef30750404d409581aaab95003161f9ae7538c4adaca5e39594

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2c75964fc073cdba87467285037215ed

SHA1
a25b30884350c4f2ead47a6511ef4274319f64e4

SHA256
e063769d74778fa47af1e2656480c0b195b963671a3359c65d3316886f47b1b1

SHA512
3726ab5e5982b7d0b203e30638c7ef06106dd95391095d93aed3fa158bc32f2579c5ff85e117ba6d1c70943238580e345edfc8bd1a4b8c33cdcaa51be394340d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
fb9d304ff04ea887ca1800582390ff1a

SHA1
e64388ce6b074ca152f14fb2fd4644cd19e78d1c

SHA256
b97c8c87d2f70c7d1860321e6a92f70a752a28022e2cfb3e4557c29657df2049

SHA512
590b7476554ccd2577a8bcd3f0eadcad6ad216b556d1c7c92f15360cda96f216e4de86c8fa4cd8f98c10f6a69bce88d7b3873678de3b5fcce8f83edf92ccedaf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
c4ed4f6ed1fdbe3785e543f3b69c9ff7

SHA1
be4a752c95258b8dda33a884025839b353e7b771

SHA256
c6554b4b27b16f9465c8329581076fff3abf7f96cb3137053b052ac69ffd80a4

SHA512
e26bb9c08c230e19a26c36cb6d47607950f0d3e4071588835e397f3602fe7772a3608ce72d0deaa67b918251289e48822fcdb20e4fb329a6e171d6ec380e08b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
54072bd3ad9a083133e47656bcf47c39

SHA1
f8b53b67f880a0f175d51bb68e7fe286d6feb7b9

SHA256
1373aae71b317ddc1f7adbf55762b214604624f584ce3effb0753e5a85c44b8b

SHA512
d3013373de002f0fe04101bca6aaf5a15cbb293a2ef4356088dcd2e5fbb5b554153a56ab4474089ae78c9217d1ca2d309e57a9f3d4cd28c55cf2a47cc61ca924

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ccf5fa64f5cc1db079e47d30683f8d87

SHA1
df65e58f09bde7746e5d3f082423358a7f36a778

SHA256
05eba787f2424a15a04e00b8c665faa784f820247bbd9974128f209aa02dcd25

SHA512
e4fb014a2b4e368113a3c225add8c8360c16d5eda41573f9e28bc419b8b2e15a7cf3c6e6ca69dd2f85c0a41d0549efcfb2a1634f06914b9aef382cbff5a383ed

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js

Filesize
1KB

MD5
fe884bd10816b3159d0febc4535809fe

SHA1
9f5a1fefb969fbcb3b912b05ef95783b7afff73d

SHA256
c9a8e07f5f3e2467f3050cf85ffcb67ab9ecbb4c5559fe93d70365c9ac537cf7

SHA512
eb295dd645cf2835f867c8e7d651d67131b63bd2ad9ef8dfa92d2100fc8916c6d688da9e8ede6fc42bce348b178dfc1a07cacf212d2a7bc4b156c4576b9e7bff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\ui-strings.js

Filesize
1KB

MD5
e0d0ddc6674cfc11686389f2e4c7c9e3

SHA1
45b6dc67609b1cd5cbb87f70d9cdb2a1a243df28

SHA256
d5b9f902ced54aef68623ecd7a7cebaf3aa3973be7a6302a1ff2ae49dde51211

SHA512
77c4ed4526ac0ed03234b7aa06116c2cd2f7ab9faa84323b4085ce89dcc54b08fcfe708093eac9b24552c4a9a9b96885692359fc3e08d43c9ebbb15143f7d882

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\ui-strings.js

Filesize
8KB

MD5
f3becf91e192f12cba2cbdccd04f3a77

SHA1
5449eab7fd3fbf8680be80509ed421dae636d582

SHA256
32b51a00f9540d01a2c2af3cd14ee2b699c42d81aea002c819ed1481579b37bd

SHA512
0902ef1e7653b6430ecc9e00c085238c1279c3a2d8c00128df1ca4af7fc3c928d44da7e00b3c70b934be1b41eb541b7c992e7aa758bd292e4aa15b41335cffdf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\ui-strings.js

Filesize
1KB

MD5
c909f6ccba733f1a68663f3d8ac25cb0

SHA1
075538167e5a21a64c510f79323fd0a8c5d7502e

SHA256
e54601fe6b29f6c7b6baeb1c51ade0dce0f324aee817fa0eb8e773c25c5c6310

SHA512
edeef79af8a26ca193517aaba5637b9e2b7494d7c625f54e4a1f6e2692eb884eabc4d10c9ca94cc6ad51abf3087caa781732ba4824ff678ece03cecb96afab24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-ma\ui-strings.js

Filesize
1KB

MD5
2977bda9b678849b4e471e1794608c45

SHA1
9389c443dfb3519c3f3db8a76f93adcd49480876

SHA256
b79ef6d7ecac340c09b5a397c3374669351001e0b75268bf458df364dee2c2bb

SHA512
5ebe84db2a3fa0a985a1cf5215f1be38541fc266c231f838d2b507f31433848ff6bd48898eefe9d398bfa595852c1c00bc2825178af7db6c1cf32cbdff0ccc6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
9717c70d916e117cc6c716f6cf6ebb0e

SHA1
81fb96fd7d010cab805802f382b145597a5e18fa

SHA256
93ab60e485e0e4ebd1090e6a19638f255701ef10c87bb932dea26601b0817efe

SHA512
5a20fc19695e6ec0a30768aac369c6416a5c897d10b83025e898ec6662fa34630880e491846c866220cb8ee00e4d93cae0254b6eafbadb997f5f42c4bd3d5d82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
bef49ec1e207e90d502b66c7fc987625

SHA1
29f0b2a974ecd342f8678fe6865224d11220c4a6

SHA256
591f4d2f9418ef5a20f90d9b025ba4878ddff448a7765f3d90be10947118ba82

SHA512
828ae4dafdddeb841f09e730582f616230d7fd85f7a30dc10eb9a85a14a42317034ad08a4d6479dba84bb9efc6febe0bf11f7120dfc89af9325fbbcf4b9fa748

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
84c159f7f164bd9d9497f0205c7752a0

SHA1
58c0748807e27fe1068743b867653c458b11dc59

SHA256
cbdd5cb00066943f1b937cecaafc82a0002eb6b12e257598a75732b3f0e7ca29

SHA512
b2b39637ebdc7f3d002ec76fb36e8fa069073eb993e3a2252fa874dcc2f2d254d2d5541dfd0eab7ef016ce1d037e061279125c45cf0373169ed0dae87fce6c50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
2ef356da00b1dd1879f0b9904eba84ac

SHA1
a6f1c88a3eca9bb41adcbf924d16a7a94d5117c0

SHA256
08d90509443f4bca2644c987bacb8edd139a8a7dc69c6db126671b5cc4f9bc8b

SHA512
2b3a9f29f0dcbf086ef041e2324bb2bba636900ad901439c270ed3392dbe5b9f2a9eccfbf4fe97fedf4e7de56edcb13a7f3d20842adeb1f5e2590d27f2bd6712

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
e865bddb094524b6378d0075f4aa44f4

SHA1
74babb34d2ad422fff9cf44aa2630326142ffcff

SHA256
9890fada693a3e2125cacf87cafdb23e457c3c4caec631131a6208b8e60e8420

SHA512
11c8a34c5b5c786943f32ca2889e810a012d65d62977ee142365041820d275f446dff895cd77532533136fe0462057ccbbaef8a9efee3e7b2acc3dba69de0ca7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\ui-strings.js

Filesize
823B

MD5
d8015d5f02d68a45f75fabe34af51440

SHA1
a47652777bdb1d88e724c8547499fd0a19a82a1e

SHA256
0e7bc11090f6c9a76ea6a5b66eeadb2827cfe649a48fa8d04ca7b6bc75f94d58

SHA512
8cdcbf62b542f5075cd4824ccf8179ce007b8eae823b0a0449e1f5dd7b8f1fc3e95feb0ffa90c36e904ca5ee7344322f162dd34c9d21c61507673ef3d7144381

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\root\ui-strings.js

Filesize
850B

MD5
753f9a685627842b3efd528b6853eac4

SHA1
98d4d5987989de120368c8de5bedf4c4b22716c1

SHA256
6b59edcfe2f8b0059916de3ffcc78bb7bf4f92e0aece3ddeb8ca14003566ed6c

SHA512
b9d23452986fbd12c24ee50772fa46607f35df1a2534724d869abcd975810b6dbcb3554827f7320a3e387613311612beec6a168a13df3c7d34296d1488fbbf93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js

Filesize
1KB

MD5
ea3a0e71a3de3427ed906bd49d67f977

SHA1
f90497b59d3ca58ecf75687bfbb6e7b49a17d987

SHA256
034a45c33372ddc9c83c84002f4a6e4a96a944ea57be4c5d35aec3238270fbc0

SHA512
7861dfca9b48defb9145a2f06205a1a77dad69d86475bd254c09013d4f97791e1b2547b9b7d2201ec1cb83fada5218ce0a93aada48538d71560c8bd5033ea711

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
6442a57cdac85eac4a0bfb48fcc722c8

SHA1
0b00debd71a91f490364648b2f91c2bbe6fc5db9

SHA256
37a99be96e41a434df8f546513ca8d723e11e976a34178e706782d199ccccf73

SHA512
cfd61bea72f23c4f2ffb829ce60db971c60d8e55d072589ec57f95d23a058b989682ceda0bfaaccf0b70af3d624a734b91004029911e4e64eeb46cf9ac149fb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
120e05a95fc8e111a9bbf8fc03d94ca6

SHA1
817e6bd4e49d86d6c202248a44e68ce0ea2a8db7

SHA256
2b535feaec493166b4e944f0319780d03b512b52d28d5e955b3b1c439ddd5d0b

SHA512
e300c4476b9cb4ecc24a19fff93adf0fee48cf243c50ed415266479bbac0b7607f46babded5f05c39a5b3dd9e91a1f8de8678e006c59ddabc1347f7bf5b4c131

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a37de4b6e64bc8f668bdd6afd6b84536

SHA1
85b8f52740e3a023e631b830ccfb61477b7ce156

SHA256
6e44b9fa8dd351972d3b5c56d9a22dfe97232d0b9f4e8e684b0e5e1244a4b79a

SHA512
7dacfe538c7590c6912eae7863f77664ad634f18b19196f4b62b6af4650ea4ff3a1368b8122d6d5f6a34ea900805b761a7f1a5b136c7b0381293fcf5bfd5a771

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
716a573a38d87919eab9ced75f124cf6

SHA1
9bbc28bbbf416f1102373a5d41ee5e7c30349943

SHA256
4dabf37144c87195505465289113b8f8dd58d21dbdf0dd47df43685e57e08915

SHA512
def1c7fe1ac99855676a8931e575bd4aa54eee92a03ffe1ed83c0e3ebe3a6d59fd7a5f02582718c92278ab8d01d978c5d204538483650173b603054eb7b8205b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\ui-strings.js

Filesize
1KB

MD5
98ce8ec66efdd044e344089ba06bc11b

SHA1
8622f5be79808a17ac032ab5668d00e4bed900ab

SHA256
323319958499c54161c4f816f17799155476bed27a477161204ce3c70c68f9f4

SHA512
e38557d41742a2307e061478f40a203b9c0369e5db0a6556749c408c2de11017ef3754525b0d5166643b1c26b067618420b8215278c5539ffdcf6d892c593a6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\ui-strings.js

Filesize
1KB

MD5
dd38d8753407574019ee0f601a826e74

SHA1
80a0e88074e96cbd1c842e31f74ac8ad811e7a87

SHA256
177633d2303401f4944489d65ab611f38086ad77216f1d7a230e5209068096ad

SHA512
37fe54f7be837fd9f2154ab426819c483869a969a6177e582d8f2001270d6e4cb3455d33132d0fd0bb5360aecb374cdfa2ce8e1b4306985970e5cd52a48cd3c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\ui-strings.js

Filesize
1KB

MD5
d9123bf2760f3dee31e2745402d6acf2

SHA1
db5c77b399d055387a4308325f934dbcf0d17516

SHA256
11d7924ba54603ba641279047c5a48b5668fe1c7abbe6034b5411bd198500d65

SHA512
d8ff0fed42c601ab00a87afe315c01d4aeaf66a9faffd346ab780061900ea3452b3cb29b1754e7c8a417311f51b483db23fb1fe1f04a85395ab3f6fe48810187

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ui-strings.js

Filesize
1KB

MD5
b2d5f46229502069317e446e9922ee75

SHA1
e6370a4e7be5e02f6379af739870dc26ce0fdef1

SHA256
6e9021aad3097060f252187b3f95d661d722a044aa6ad6c3839625d4f1666afa

SHA512
3dda65268a3263a5582de6782c7887ba6b4d72b410d52a4959c9e27f9305fcaabd9217956cba084c6bf279ba9b594f16ac1e57947da787d990171b1b0bb94877

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\ui-strings.js

Filesize
1007B

MD5
d0460c03f4e49d22266c7c83220c13fa

SHA1
be573b213670746db0e18b3e7dd5995e14dd0815

SHA256
b2bd3eb2f905dd0332446962be5c259cd43d2c19d352b2ff7811613072d2ecce

SHA512
b34b5dec0519cc056162b5cb530944b4847ec34a94b39b505fe2109a725cc66a04e1541c5bdb65a1c969d67d4a36888f089cebf34d901bda6627dcc0cada0e2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js

Filesize
4KB

MD5
8cf46a57081acd3214f82d38892b82ac

SHA1
0594e8086eb406b824320864a0c34cac3607243d

SHA256
403006e1ec568de0dd4c5769634fbc62943d6b62c26d5e8b7906263608c22789

SHA512
0e31bea3bc8e737f24cad49d8d3c22b3a2c7ce8f1f81e64886d55ae2941e816e900f0b6c74f03438013450e2c8f60a4041dcb9a8f8d70f2a8a94408b4d29172a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\ui-strings.js

Filesize
12KB

MD5
8e90b5b24b0c27c8006885f013059892

SHA1
f7c0e65f8d2a28db762651dac5540aac6f2c6cd5

SHA256
023098ef863a7cc5703e03b6c2249fb7439ff7438b7cf425f58a2e03dd7f9010

SHA512
a856af9d5988bfd2b94cab442b18896513a369943b101d0c165483d73b520dffe3b49d165f176161c0a703fb62270b2702aa0339e972d8e2875e50c79031f4ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\ui-strings.js

Filesize
14KB

MD5
43ec2d61a03757e007c3d72e6e5a5d74

SHA1
0fdf6242ae97aa249a99bf7bfd4e6a8a3888cdd1

SHA256
32f5d736bf0e8aea157fe994a3a2895ed9d5443f268964f86753e8a622c6c0ca

SHA512
1e6f114fb19e88248c79e443f50dc0fa38c705c7b98a854438fb20aa6ec7979fbf4f874c113cc51d87bd6764c097ffb8473b551457f37bfd430408cc54af80e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\ui-strings.js

Filesize
924B

MD5
dc5df43d0188694405c70feea3b5ef7b

SHA1
0254c511dac3e9f95995e48f69938fa23a03d5d9

SHA256
b2196309409597c7855c1ed267508e10efe8044ed722a46c4442ee06fdfa9426

SHA512
642cc07d516a81a25ccbea288a76ac6ccdb34bd953da5e9d030ed6989e54441844eb3251462810043425f1d6a642c4064ad0e95b7c30f1ee16c831d19af5254a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\ui-strings.js

Filesize
1KB

MD5
981e5ede2fc70b9efbb77180d8386b4f

SHA1
735ac3c17ba896a9a28dd2c3a4174ceacf8f10f5

SHA256
7ff8343d517a1d33b7c5e827794d186ef364a5440d582d7239680268ba7b83ce

SHA512
f26118f14d32f28d796f8bcd9ea03d05e38d93ea9f883075752935987bab36620c3551b600d6e292e098793b2b50679845ad6635c7cbd22f90ac0c13fb867bd5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ui-strings.js

Filesize
1KB

MD5
486232965a7b317982161547b20a40b2

SHA1
a4b2d3e95c298704486f75200d47c3f631ddfdde

SHA256
11cba594c509b94c4aea283fa94562031b7ef0009d42c6d2d9daeccd5b80febc

SHA512
ca8b5026e9303fe22d8f82e2c864ef05c427be79ebe1ad31977db9fb4dde54a79b4ff9b48f667d61785566a684ef946445c12ae2b3bc854dd2b710d2e486e15b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js

Filesize
855B

MD5
157e49cd2da2a08e10042adac364a1db

SHA1
97e29f250978830b0a6bbb44039756ce4ad88443

SHA256
38043cf95ac40668059ed7b913e8f1114e6d84d8cf0629ebea46e6bc58b379fe

SHA512
ce8c83afaad3e7f154fe74e8ad09a16308217482c4cb6f3c7a63dc37a841208ac7007b478f80fba87a5b92622cc15db815bb934ec5cfe2cce223ba6585ae36f0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\ui-strings.js

Filesize
850B

MD5
f442b5b07a5c8edf9a3460c02d61ba8d

SHA1
ec083abea0c2885d73f868e527f9c4144523120c

SHA256
83d4d61437036bedca6d2dc37e08576159a9f9be926b2b282d54d0f161971f2c

SHA512
83f4a95a6c7c9231b9832f22169d68db460521f1b1bcb5291437c1e57a09ae0fa210e084c20dfb8499238f01c9fd20999d2ee502a35ce564384a2bf49b0bbf3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\ui-strings.js

Filesize
849B

MD5
1d7019f594775bc0c49cd7618846687a

SHA1
5ca458981b41279e7697fb55494bb1d2427b48e8

SHA256
1e8143ce1286d61d9d635f9620e9b81ddd5b26e3dcb9c2c8dd748fd8ae3dc3cb

SHA512
9adfdf18298304654f597b3aaeccb910f1ec78b156fa0aa3988313316307d05d7b77f01a944fd9142ab55f6aa54d2a7e2291c0702a1d29686a70aea02deba4e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
decbee783481d32016e3d8c88c3e7c83

SHA1
b172fd9fecab1b89fc02f67f0a86138633dae857

SHA256
16ed271930b6fdd6ba9f1eb7959daad92f780bbd4902fa6a04d9bb4f5573bb12

SHA512
03e9837dde939454e55813c221411b32ca66477fe02a4712c21d3928a0de93fdc33b673ef77199e47e62863dc38038dd65c174fe85aefd3fc38b28b0318eb934

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\ui-strings.js

Filesize
7KB

MD5
486b02c571326eeb44273712d0b1e898

SHA1
91079fb696c1c67953c9d26db153ea6db68870ef

SHA256
2f092c4bed7496b0e182417428a15036cf7a8624e370600890335bdbc3fcd8db

SHA512
1d0662597af2646e231b380a0eccc13574e7ed8718a91fca3006547371998ca91bb0c00c7bbbdecd60ca13d33ffab5251d4ea1d9427ab016c55025372252352b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ui-strings.js

Filesize
3KB

MD5
e817227165d556f10fc632424c53e14c

SHA1
30f266887739bda99dc8ec8d11e13d4c526ec5e2

SHA256
3014f8f98e072e115e32b741abd128b94a990c793ee2619c60e4c3e2cbdcb75c

SHA512
5f6aba934767a4c81f82936ea8d02a08e07635d22d15a3be92fde82a59097e48059823bcd3e4c4d612d2731f9411427f74d4cec86f13d39fe9abd6089d71fa6d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\ui-strings.js

Filesize
1KB

MD5
180e5ad93240cdba25df454e8a1a49d4

SHA1
c8400dbcc8b46937d473a31b2641fa2df820e77b

SHA256
10ffdff52f317c4245e325f7bc1dfa7523af2ed181ed1d64c0c4e958256c07ff

SHA512
2696788557444a5a1df422630aef08654d51472b9ce816dcf2442b4ae361172c2e21d3ab6ce61ac1a1b1f57b24d40c9c375f44b925fa004adc1728c4a0999191

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
1da418e9fddcb4db94658e6c86238b93

SHA1
c0d302d75aa633419c0a06c9d9c233815d51c31c

SHA256
0989b6813500bc16a72beeaf5a9211196bfb9b0b1114093cde1f9affb5078706

SHA512
2180c472df292d20a44596ed1fead72d585fe877e249518cf33354d73fd73fd690f42f5b599fdd9a2defcacf8fad497949bc1f653a8811881d0e691003ee6981

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
a82818b2769590311d823dfd06b80e2d

SHA1
5f16cab00ca4002ca39898812b36301ddaa59d40

SHA256
6e003f297e1aee474fff7df67c46f6fa82cf53d887e5e9b2fcafa6805d2b9f04

SHA512
73c99df16c64c596519f9edaf089aa7eb1c3652950bb79ecaec8860c41826ce735ed3fe4409255fa1283489f0742b3ee8a0849969d8b3fbd5bf4a4abae00b819

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
b4d776407c5a649ec70d23c1b70ca037

SHA1
eba18443d6576f3735cdd6178f7b76a8a7a28474

SHA256
d2f0555e3b82bbec827ad74c19d3f3ed7711fda0627cdf346a981f13fba89ab2

SHA512
00ff0a43bfed073db1345ac6300484d9ef5d75bedce4bbd13eea0e5cc4c5a8cd320222b8ff6ebfbda7ace63d19e77093c17f07bd917bb6217ebcba2678140494

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
7e0f19b3604afc48803b45559d90fb73

SHA1
786e2b1ae70fd2f125ca7cf2241787b58b19ca23

SHA256
4b2ee47756befb76b56fea239143ee7a0d22295cdc44472b0851a1dbe0d7e950

SHA512
979561ce10ab071a5241f67ad2e473051035880f75e7d1b062521f88fd0dae375f3837e985b349bb2dd9b701b07b69693974259cc27f6c363341f8f8ba2d3e20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
0caa99f671ebfb1ebc909a2245a28c64

SHA1
0109c6c6847ab0046551a6eeaceb3487d49b7afa

SHA256
4da68de4942f5e794d60d78f52801148761ac40676edc6338e4132b1dce71856

SHA512
9062a8d760121d7f995fe21f5665593c6c2e080c4a4503f1a33aa63db3fb9b2efb7aeb26971993cb8104d4f1d123d2e4ca3e96169d89f93eabb159da820ba7a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
8de8027564b089f8a8073e1de76a2762

SHA1
279d050ce35a22db492e3f013d25e680642195db

SHA256
6dfa269f68ba74db1e4e732e7d2893d366e9eb5d2fd5d5e2ef008ea167424523

SHA512
ddeffa65243a048c2366f1e6a44c72e98d99613ec343f163df3ede16c884ec3288865714a0a99e2d6fd55176da69a6514111f0cbd8b3cc4d4968db3a25f173ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b16d855081fb814443e2e6ab6aaf1d03

SHA1
08d192cd004c393162de7075fed0f23409b189f3

SHA256
e23e4a43e2e2e19cb8d41e9e6208fe6d9336ce244be6cab5d0f16912d357028c

SHA512
7734cb6c12da5efd4c5a26f4b28e46507e8bd2a7b3336419408033d2859a8e11fe14288dfe94c9a3599cf01c05fdc0f1921f87ac230c3c4012ee02a364c96b75

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
d2bef4ea3c1952927bf2b91b62df2e9e

SHA1
129441a1088621168ea439997cb202eb8b18312c

SHA256
1d6419db0489244166b677b55238a7884a630eb0bad29f632120f14bb06e3c03

SHA512
d28ec6af11175ce25560616c75ac793ba527dda1c6257a644f40a084251dc17209bbe38228309f774b8e3db197a8e29829669dc00b9039f796ec0b0ceb22e18d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
2f6612441b5d9cb1864a82844db25534

SHA1
6c4019395df9f90c6341a928373a4297932753da

SHA256
8a9101a1e3ce63df20fe16ba9864aaf933bef00152bfbccb1dbd5c578ba95a33

SHA512
9567d2016528ddb5aa12125af1a47b9a707546cc1f73f745be11a9d71022eeba41af3738ac00fb7234395fdbfe1c507cfcfd5238d182401d2ad5321056791b97

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\ui-strings.js

Filesize
13KB

MD5
0828f067a528ab883a9a1d030ea677e6

SHA1
a69603fed0c7745c63d0eab23c96e284cd738abf

SHA256
8d6f0c8a5285e0a96c4064aef4635a503bd4085481918df4276b829cec2accf5

SHA512
7159677985db751b1263879dc2bcfbbc5bb7fe317eba02833517747c6b4b0e2bd0586b959707ff399793b820cb10cfea54cf2155a31825ce2f6acfc1e9b6b83c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
5644ec441dde3617d1ff2190445e843a

SHA1
46b944b184292936985638f4e1a574b774e45af1

SHA256
8564f7c67bc7817174bc10a4e900f418610e742b16677ccaa9fdebb5c4c34426

SHA512
7ce2f8d96afd10403844665785a3864b82f16828a463662b77eef0de96a35dc0bd2809308c54da1972fe7b832336d0ad94ea7c2439604028f6e79aecd3cf0b70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
61e43c96a111133eb39cdc41ecc5b7f9

SHA1
be33c973c01b7d386032b6bc45b8ba8b84da7157

SHA256
7acde8095c2508232bcd4be44338fb8e3483c4e3ec5518f2ba9b10262a17f28e

SHA512
925de01618df226249e9179deeee362c33dbbd0495a7aa1f8ab52fba40901110f78b0b3a9144083904c06188304b516f6ff4f611b96fc74b4b19c4b50685f72a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
a469057aa935942b9ba71993b7048e68

SHA1
845af1b0e780742bc1c470215a1de83127a46435

SHA256
a279a24f9b13bf672490b29bfc67e64ef9d4fd576807dc4dd72e4797d57c9eef

SHA512
f267bb9befc74f6426f06f9d849ac7454733bc95180648a5d8b7bf100506659abbad51b2da0806df0a4716bc72812f63a482c7e1f31d782e79966104a66e25d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
77f95963fc8ec830dfc12e480aeb6e43

SHA1
bc62f209b5931631014d794a917359e2fa1da8cc

SHA256
d8ecc1ccd5322e1e320cbacc159fa237c9aee51eee417a2b8ff1926bfce70037

SHA512
48535671b6053062f551bc0e9c744e2192976ea193ddfdd17f622a3f120bda5a984d987a9f3f18f09d2142495be02ac17e7a340f8368a23d8e608429da6587dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
8000e42e7907fa55535e58760139b6f7

SHA1
d0d053f8523f4f7b00b73c68d4a6d3dd16377606

SHA256
a403dffa8aef7f827a4e973bc7b10c6e0b987a84613dab474fb0f58113e09b92

SHA512
e3317889df44327a55eb641c76cf9b6c3b7ee93633e2290ee813671f52204a44bf9955f9c99bad9a31e84c6ff4f04178631fa08d92d4adbc84aaec3f1c4bff7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js

Filesize
10KB

MD5
c06f39a406dc843666c92b70934184c6

SHA1
20ff363b21d225274fedf66e68490b331512a20d

SHA256
906aba97ea5595f33a17c5e643314796823878e2ecd11e09a64ef533f6078b26

SHA512
55e0220d50e326d5af8c669dcb58bc3624df8862ce814b09dbdb1edd08b9f3855d93549b2362e08b1caad3fabdaa46accb817805b5a3e1249a6eae993680e159

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js

Filesize
13KB

MD5
1ba7c69dd971c57e0d1949439a095de6

SHA1
04f6dcfef9d203badea19d282b6857f79ec9cabb

SHA256
aa050459c6a0c319b9927735a70162c72f353c75a3ff4ff571870747314c706e

SHA512
ff813cb056339c9563da5f693aaf671571fb96a05859f6e20d03be367eb51491728867b6b75c5f361b60fc1f2f3fb3b7f0a431ee222117c501a881f46ab925c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\ui-strings.js

Filesize
840B

MD5
5f5fd81fe5bf084ee1b1b41203775d62

SHA1
3e483d881b96b0b7da1906e44cc9d72f3508706d

SHA256
ed3d635112d1b10f855fcef95659318fe33653f493cd4021f26ff549c7e89572

SHA512
9a0c4973faad4f83e476d92eecd552ecd2a5690d681f0d5bc8cf59295a68b94f985566897f402292e51e3ced3f066c10c211b6356ec408e1198f97016576d7ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\ui-strings.js

Filesize
17KB

MD5
dc8e8f4a6b43a4aae3a9b05898e63c9b

SHA1
f430966eabba8c6f0a304cc250d8da2de1f0f97e

SHA256
2a8b5952f691ecdf7afa2ed1d3ce0b6c1f06d7e08f54771aa998f04af820832f

SHA512
a8531948a2f276fa731f145b9180d53cf01bf16c4026e53dac59d0df3115676579f8d3ec5ef4a6d8dfb00258f822a9a11cb5f25988682b8429181d68548937a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ui-strings.js

Filesize
1KB

MD5
659cc39fb94856f3707ffe619f2bcc92

SHA1
3fa05bde0ff2c7aec6bc0706484dcc96fd03f222

SHA256
d3056e3de827475f39e2c359fb12e9046bba64f549b402ca9dc6211c15bf3415

SHA512
817cc2995608447b46832bec9824668bb5517f47766b454defdf0a6ba3e7366d76ae44e6bcc9caf95d83d7ad7fed4168f93d1d064327b91765936402450c5ab2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ui-strings.js

Filesize
1KB

MD5
ca89647ac66ece4aedb6406246ac7135

SHA1
b9f22b5e9503df4f6417127122933a74799d899c

SHA256
fad18b763ca3d53a32894e0d853fbc2fb763a0fe49b486b1da08e3bbfcd63666

SHA512
7faefd6805523d086a3d8091844e2e91871ad6230dd4edd2f1986d8f0ccc769f389c0da92b3ba7371fdf6ec1677a397fd625505bf6d9221f8c4b068dcfdd80ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\ui-strings.js

Filesize
2KB

MD5
418e7606c45bfb42969301cbee1675fd

SHA1
16e0833278286d5b7cbd13120907c98620e2d35d

SHA256
190b29974a1260e623328234ddb73ba7fa81dcad48f0439e531757ba4a35edee

SHA512
2be538e82b008bfbc0426585041e71dc3b5cb08952fb4e211a8626bfee2f6a2fac65799127de39f8a9ad7a7167b7e8fa26d7518de7a69b8a1683d0437b36b0b9

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
96b339beb5f85972a9cf663581cc4efe

SHA1
228f6cffd77cd6fb2194d9b88c173643ec8edd27

SHA256
0f39d87a86a6df8229870fa7137d3662790ac8a7513d475e00404cd77b00081c

SHA512
3633c4a8c9928bb5f1a6fdcaf26749652229246905c5a7d27ac3d69e86fa61a6600e36705895d5fa3942c7da860e18e527a9a03ed13a16c7891769b730b19f9d

Download Submit
C:\Program Files\7-Zip\HOW TO DECRYPT FILES.txt

Filesize
947B

MD5
6ededefcd204e226449681e01df34645

SHA1
1084c9a4a0b9837687b990f7b4b144d7a96063f6

SHA256
27b0d41dfbfe7e6fc43a9fd8f44c5bd206e01a9fe2679b8904d4d0523ca801eb

SHA512
319770a391ca6ef4050acaab9ffc9ca9f3274f63bd90eba64f7dd39a7fe17c072b9ffa2fddd196601727266e42bc1174359e06929e5ef940a31ea2e6b7f6064b

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
57a02185a91b28f746d2a2d94bb8587f

SHA1
115010e64b81a16d8109f4f612deeb5e51a801ff

SHA256
991adc421e6ac4426aad4c7c1d15ca5494ab6ba431ca75aed453aaa942ebd2eb

SHA512
4c8a77da64a00728bcad02a6ac82a3ed3b8f04b004119857f4fea2860330b9402d9cd19d0ce94f64f435b2ffa811fc9173dc9d08b9c538a636f5aa145c0369aa

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
ec84dd4c9f9782d64f6eab65e6182056

SHA1
548d44656cf010d90ae9bb85eaf039ef4641fe26

SHA256
6225d9419e13323587fea1b893df21a6f2487141bc28aea9b4b36ed7a57bcee1

SHA512
d68c640c603d03e5c26b89704ae47b88433f513d2b583e24afd78080559d8225720c80ba6f4b4ad1e71d6e366202c05261a25b090a250b941c1a56b10a855535

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
0828c2eee5e7247dd9413f1a6fa2d7c0

SHA1
daa9e70ef64d536b34d1d4467d33a27b9c000340

SHA256
3c59b5a4f5cd9b632daf089c30c74fd77952fefc4dd0aee7a448741b8bf5f7c5

SHA512
c6832cd0c94726747e2e2184d20b74bf7edf1521ee6d65ea24357b6ec607a7ff38e08e6f242f127c2c709baf7d0f9a8e1881a28bc9c508b603254778c44fc9cb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
a8ab861dae8ee1b2db56d8e4bd829098

SHA1
c5edabad3d54b15ad7d62b8ca5325f5888cd87a9

SHA256
e4e49aee8d6de787b5ff1259a1e72721475df854a5f577727c830ef4dbf21df3

SHA512
f1e51ff9ba067eb43da8d952611852b66078402cf2f33fc2677f4d8fd29c2d1dd7be38e8fefcc771ed9da5ced1964669e209cd59e28b8485d7a36335b5847135

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
36f7cb871c99a1250f64f9e8b0c66a19

SHA1
e5625338be5b4cfc5f198152caab7794e90a29e1

SHA256
d770bce3d2e3b7f8460c8e55cad332722c4093f9008d07c61fbc98885f0f2839

SHA512
3940808cc08bf9a0548ce5879e2a1fa22e1cb8b077cbc0ce0f551107c4438e97e1e6dbc0945351f027b26933574e1bddaad1c48791ba674ba57fa8052a92f212

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
5f6288da5be3c015a9b79d0e126749ac

SHA1
92b52a84ce60185b953b86c20af52db71572e4d5

SHA256
0935b04c5e41d663de4691f3ac500df1cfe13c1a461e65ebd03d51c6e268e410

SHA512
59e5e621ed99ba8f34281d81be752cf29312e600edaea252d0766ae3db695f50439c491ea9b71fbfe0c3c2d99ade98b2243d5a88a01fe0f2ed21c3a8a69fbdee

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
2995f93d1941bdc997f920f94527178c

SHA1
4bfb458820e3ee51a3c68c3e9d15f45bc22a81ff

SHA256
1ad88e6bec4e871986539827fa7c5e8b05a7370c983ca4f5a20752a8f77f4c24

SHA512
c7f8d7ad55a0f380d432b80a1a00084be90bdd6e4ab7ae08bee73f08c5d60c290d9c1ec9eafc3239205be0aa3eca8f243516b9cc75e0e07de3efed8d180930ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
3a1ac58afed8e9510ce22a34f7968012

SHA1
5afff25438f256b9393440cc5cb5869e83c63a1f

SHA256
a31b1edcb8a0febc105775d7d29413fcb5474bc70a8caaa1dcb610fa906c441b

SHA512
bf603c387bfa673e03803933224f85090fff8c11ca7ee6d9616d1d23cfc0cae340fe46b214b566cf1c94f960fb196e1e1ba0ebff6a30fb1182064ac3e0d72d76

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
148750211f4334a35e745146d6684de7

SHA1
38e4248e7c7755675ba6b2f3ca0e5db56cc911f2

SHA256
d3db81e2e0b2bbf360607a97b8ad33ae0d9227218712f132b22be201e6fb37aa

SHA512
89887388a89fcdb2f205b542382a1656709a2554770c640811deb7441c7c0f18f082b65684a57e95cd526567f6fd5d67a93b5835629d034f51d8ae68e977426b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
60f2affa12ed80c87c3358f0c8368d9a

SHA1
08a4b3cdc8ad35af8d04d1d2fecde86aaf624748

SHA256
48225bf58b44d41700cd09055707b613607356b788ab802ce93d09b96cf84477

SHA512
f3ef11fd9df9fdd206a2b32ed4100a85a0efd3d1e874ae7af0b5e9af309d6cff50b18f324758e334eabe1be865a1d659b0bd4ed23c96eee0019d457f63cac68b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
899f01a9b8f1a95fee0343caf50b9efd

SHA1
15328736cadac06f1ec5f3c5a28465506d789ef5

SHA256
30822ca2e4acab648b7595167e845c40fb28c42ccff7fd2910f974de5242601a

SHA512
20661329bac157d42d08b400c969bb2e397b0cde76480cd756f2829a947347e7af52668c527c68b4aaa5172cd9eac2906796280eed86f466d8579971e3fd35f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
f4f4fe0a95c1f0ec754e6d78db3cc771

SHA1
79f1c5300485d6c73659635f44eb4adfbb4da613

SHA256
883f861132ad74c1b11691154408cc6eccd2894ff4858f59357a593bbc8167d1

SHA512
1bcea6ab308cd671425291aee9e64774be5d9e3346fd05116eb61e486a0772c969c6c86ef0cdfa07842bed2b7c8163aaaded8fc4159672fc3649fddae662689f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
2bcfb49562af7e87719d06e31138cddf

SHA1
d890a49f3e041f6e24fd2ad032693aedb5887fec

SHA256
de60f319f489dcb9dbc0683cc127a5e3bfcfc3fd8cdd321661625774f774bbdd

SHA512
8b015b23f05cbf73d278715a1d60129ab1d4995443bc1cde6d797811c7056aed5210ec29d93ca32455c873131bbba67aedf10226b2faa8526d6a8486613c56d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
4e839fa502d9b42fcf9832f48a9ac08e

SHA1
bf84e9a7613bb8a3e8987bde201174bd9b77b1ce

SHA256
1f6ad87f06da1da50e3edc241330d65580372ee0a15258077f996afe804d16c1

SHA512
e0e726624216d3998f42f13fcfe92583e3a1504562ac89be4a7b9b1b4c9fbc71ec7eb1fe89bac5fb539543a6f8693ab68573ca7c8a3a692ba1ce486df3ded098

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
d8f7eb182c634b9e5cdb6ab13b3af53c

SHA1
11897a66eaa0059ab6fbfc965098d108436eb085

SHA256
fc67511808c2a14fbbedb53f28626fd880fc19f307f044c3dffaaa3b4565fd7c

SHA512
a6110b20a868b5c13973106c64f46f060507ee3dc8e19cdcf9f3d6778307fe195f24c59be97646995f8bce52ab6d5cbe30d87f89c61cdc08bd78c8ecb4f19bbe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
2a2032d174936cf6abee7f9315390557

SHA1
9b00419017521f1acdedbf898f4dbaeb27b03f6b

SHA256
0e55df16372c6beff89bb1647396ae58dc5e33453c60778593801f27fe271c1b

SHA512
08d009d06a6a095324614f77b5506ad9c678d4e88e555e929f3e3e5ca6d4d6c3b8ce8cefec93fd4626b94d63dbbb930fabf36f1eaadad955a27d9b3971476e97

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
1a499dd4bb5b896b5dc17bf0462e6fd0

SHA1
ccfd8dd1d088032d4d43a038ae406d07c737402f

SHA256
0fac0e323566e3b0083fa192bd1fbb50e88a5b8ebf7395e32a439e45135e03d2

SHA512
3081048484f65bc635f967a9ed2c6a409aaa6345484e66c37c227b732cbd28d1f9899f903f2eb0318529bcfec01bf74dbf879e43b69b8b85c2b89dc4bb7d58ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
267e8af311e4856b6d53fbe9c5216f01

SHA1
78100227b3a5843931890735fe887e6cd1dfdf1c

SHA256
356dccba778033253e7fab53b677acf9ece31657df18a5399824a971d9cccb2f

SHA512
6d5f5f83ae9750bf1110d6be71e8ccefbcc9718a67efb1c6d5235068804407f09ab5b6cdd7d4678b39f381aea843bd10911298e0cd27ec077feef6b89e5e7d38

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
5eacdabbedfc7fac1f3077e02e67e4bd

SHA1
916d01902dac8349ec70a07831b161ded5c2a7fd

SHA256
ec939b093c88cbee6a909bc21381037b6c4fdbff32069275884e5f6ce272cea8

SHA512
42b55de4dc39a3aa235b58816afbc801327ec1d0cd25244d2d9e9982e438add9269a9acc3112233297b454fb1c518a5f4cd16b2dd34fe321389f3c5a3ceba109

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
b7b35c802afe4d261374d8f953d743fc

SHA1
ae41b00309f87b00ee6cd2339050882a5b9e4e40

SHA256
3664da1f9917d39df322c7a17c1eadb7f1aede1126773e224bdd8ddeb1265795

SHA512
c798b06b0a645e6a2a2387102c2bf67abd7a520eb5c0fdc2b2190ffb772271cf74750d5611355e7ee02dedef51f7af3a40d08257789caf2e1d8d32235615717f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
95fef1f5d9038e9be98785313837c119

SHA1
15378881257b741a2992adcb7bfd74e24524d09c

SHA256
e5e143ae8ea1fbb884b11a56256a46c748b26c0974db81d33381ec856fd3babe

SHA512
82c78c9f534c57af5ca930fffd83951419b847b79d1d5cdafba2981cf9fe89fbeac482532aefaf03c9ecb990fa7751720b4d2faf69a500dda450aea8f85ae3e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
c98c28679ff70083e664ff025e5310d2

SHA1
7e9690c5224b60eee90e1bb0cb0ad59abb917955

SHA256
e1356c7a07d6f38f7d78fa3cdf3c9bac6964c15b1dd19bd37d6b6d103c149caa

SHA512
7786588a1831d5ed6151d217327d41ebb2de83fe8c2cd4e5c2dc6f0f48e7a49a8a97e1bc1e476e8a3f8ee079005eccc48aa8ea388f42f562a2c6eb748d168268

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
a9ff2a467990dfd8856d052273828845

SHA1
c3f08ccf0044d4b09e022db48b008be25849d54c

SHA256
0f9608ee89294e33005155b54754e2121092075ea59e56798881ca26081bfa99

SHA512
aa9b0ff980ce2757c16b0e998d206011c8c0c143af7cb2ec4cf96554d20f064d3ef6ea4123fe6dc19d34fba23c8086695790b544431868c790505cfa21011265

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
a279a5c7415a7702859a102d3e4d55f0

SHA1
6367a6d9bdee8cbbdec864e87e2c8aa58584a344

SHA256
c74f9bb5b78ce6b3c381a53937562906cdc89c21d966f4ae849777d62f2f0d5f

SHA512
a27bf2327f844c112adb4ae5c4644e6e63acb60f40cee4649735782655f283340884799805d15eabb57394e17d409e7a9ac42f4d52d3bd958268536cdb3ab1f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
b21759ccfba02116c9bfb0c1dbd50002

SHA1
7328b3ce935030230762b76c398abb97034f24b0

SHA256
a0ea3f4f88b4b542f9e154a8595daaa6f6ab776d7c91d66bac7961108d609441

SHA512
f20f724f5908cf2589648515818022060ff40bc887dfb95b559e61c7aa386c166d58326d9a239829297ea764872ee2117682d6783d5cfbd56545cb96d1865ddc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
6b0165e5d12c94e10905188e3ffdc300

SHA1
cafd5ea54d01fe89d34d1c16119f49b1874d4b85

SHA256
ab628b04e20e59e39cea1d5b982d453df9a559761b1feb80151a01fbc1438a74

SHA512
6625f25ab92494b0a53301853d1853fa41682184d79545339c4a418803bde1964a6244a97318bb04db4dfda325e0e7e43631981ad01a8c39f1df50a8f904dbbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f2e8f69166721bf3b6ef78b4f37084ef

SHA1
0c5221a156be96b6bb345cfe4ff5abb226233144

SHA256
0b0f661fb226fcb949e74554b5bd66ac6b64a3e1cec666ee1ba83d40bf805a76

SHA512
4de812706c9b24df44702e59e231907f8d9e2fc7ac77b236e7e37793a055ee439fe14347ea1022c378b1a89c71b22b3995fe07378ae29443b2f4f17b51ca452b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
fe4565c99ef1b7795196af98107a339d

SHA1
63c81c8375bb7769a00231f633cce00a2f440319

SHA256
e2cd6c784d9cc0d702f7618d849953449a1f29bb24a2e056e1fb465437c805b6

SHA512
f22046f515762f7d6cfd5ed80c6c90fc1d4b788f3bcf5c05c0bd90f11d171062bf7f545f403088a46dd8c0659dcedfc0436e2cb5c578996b7fd7add8f2d35cc2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
da50fb76dec6a55fee4020e004de9ba1

SHA1
4f3d7cd430568e0eb8e9747516eb64d02742bff6

SHA256
1c9473e9718bd07de06e07070d226fc6ee9a845e8924a23259509dad779bc3c0

SHA512
de4c111d72bd73e3bc1cc608cf3bd67b201e8a5d3e32e29d28c8da2550b2b3c22b340a55f7355306248779ca07b2b8b2f0940e91656402ed0a3548486a1d3b19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
1dac14b723279b1ef7768fc01c90cc7c

SHA1
be0fec262b1fe19bc6e18399d0f8c688ae130f32

SHA256
ad8a519d80d960d6c88b4041d830004fc9c4b4e0439e97fcafe8d32696615300

SHA512
b1fe314c36217bf0693308e6908ebd9bc021c7aee4c67976c231566cfcc69705ce2be5e7263cda97260da792bce6f7c4109831f15f4efc2bfc864ab136a7513e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
78adb72e500b2e246a7c165751997147

SHA1
95a35c6610cb3aae14cd248c2e9fb89991ffbd35

SHA256
d5a696afa238f02a4a1ab137797450c2717acd940ba8896c70f8ef93777ddf32

SHA512
04d98f885e78fe5ce300767235644616ae1fe71aa44add1c5854d8015c7606a42d2902aa0e951871ecdb499d53d6629481bb92e7ab431870b466f2a40c18a5b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
a10ab981493990fb82079913c4a89eb1

SHA1
f574112419d230dd2c2ebcd3bed0266a695286e0

SHA256
ffbd02976b7886f761b1fc7e9d3db51a6ac1e53b60fefd031247411ed4a5ac7d

SHA512
3dbf8d96ff9243b1cd39253b0fc0476e309adce6241e19048fc3357820aa7385498ba57c39b072a7bb68f085c8b75c5c6df1e42ab20fbea18d597642a93f9395

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
605f5e3ae396b6aed04bbadf7dcd65c3

SHA1
ef45e620d2ba78f28ab4bdae8fa321896e15eeb7

SHA256
8c7a89b2661eaae8e1f04a20a3138e4bc0a1ff12b43283b9eea30f1df77d4a62

SHA512
36700d399f61af62391eae0ca68cab661597b1b06783919c8bf1a4611a91067fec865ca18e0243f410dcc0f3848f9ef808d75d3bd6b0fd2c77fec5da668828d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
617c8b8fbe7a4651ae8bc7b6dee41afd

SHA1
e372b06f7e36f4d5bf289e94d81f58edfd967ba7

SHA256
142c65f650ecd98bda9ccc722f58757752df0ece56a7c105a35f85031d15e8f8

SHA512
f0b6a4daab2941d27155f61cad962ded74f7428d2d5fb6dc9d15899f1580d499c0d5a2eb24f5a3f442ebc69dd123930958394ffaaedcc1a0a0f64a9c9ed66464

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
51c42f9b091628212809699ebe36ae79

SHA1
26c72b5f66edaace131006381cd4b66f2a572bcf

SHA256
4d0f840966472aaa37d70db538ae8851e06c62856b2191c1237ec2bc55e45112

SHA512
38593ec301ea92207aa7894384033c37f5e7442a2cd7fcdcfb90d6b99a66deea50ac2a4a5c24c6bfd1a92dc507bccba8f4e881c14fefc72287d0a389d781d80c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
6496242d46d73ec7acfe923d7174827f

SHA1
45e26d9698787b48af4ec3cb99c0ce2c1795a2b0

SHA256
fd77da4c1aadeffb74c8cfd8741cfd33bafc158671a778fb19a92d3d6635b391

SHA512
c2b8be515b1944369b9be61d0d4e3422412516b64f4a9feb57c9306acf73452d4ca3c3b9e59363cf1b538250e12d12f5c60ef5c1fbe5e0bbb3eb4e979861537a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
137f20c332521c613089478c0a23012c

SHA1
e9f1d44c494efd32eb74fd19b814e0d0b6e0e798

SHA256
b20f69bac2c5bef18ce326f92637a50ec8f270ac5b2632de871ef62c06f06ff1

SHA512
7ade52536f196edaef72ad6d7102f23028af7f545fc02d394193cbd766a438d9efb991c73ff1fc73917a556782faf8a35d4a55a5deab105b9173f3d10ced9514

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
d5ee2b6c660e4a62e9d7500018f5103d

SHA1
19ca594b915a2e89634d10e783f2151c5d08fc6e

SHA256
e05ea2fe09d67a4195418da2909dedee0b6c8d693938e04e2f4a0b6ef2862c39

SHA512
fe0f1cdbca46de0cf2ab3336890580e4a79b608e139bbf5cc8e4df9b9e1292d32fa89aeef3d457ca2eecb9b5aa5150bcc41295d6730b91d4a995fcb3ab67681a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
0cf8773d6bc7932112836ff72187d413

SHA1
d3558b099c83396b291f6694f7e2f13a70fcfc2e

SHA256
ced9b09e8096a3e5e8b8446de1299c47218af7d4cdb9183b8964ebd0c2e2967e

SHA512
33264093d9caa575a1cabc78c7c4d85539f9a788ad634aae03686704b4fd65b352e8098bfc6242a032832066b79bdfab37c164cb59a340898754e1dfe2c21d90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
d93a574f75b6fd76791a9ce8fb7df998

SHA1
ec90d98d31d873c4a2219bed7d8e94b94165e0be

SHA256
d67e72e363d31fb71d6f86005f3639d5447bc1403d4e8052e5fcdc35851893c3

SHA512
3099da356d4c34908a365d9cc15a697dae16ca9a5192bca8136797af4b31262c9c8e27cee259ad63655ef4049c7928a36a926e4e5251044b01aa3396aa0b9ae1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ba4ef7182c7a0254aea27035cc27716a

SHA1
9a66269268624ea74aab52bfeaff74aaf8133891

SHA256
8a4303082b915baf9023471d880e9d0bcc74efedaf352a3bf62ca20b7eec60e1

SHA512
61b8d3ef0b65de94a79a3de7dccd3c38e142e61599e2af67c8655e349a5f968d99e97646defb8dc8887b5f5901fbe6647c369979f952306f888fec6e3415a9dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
dcd88c0736bcf88780610ea5640af842

SHA1
554aef923d30df102f337a80e961217a2168ecc6

SHA256
e4b95edaf9e2bbd2f7a9609742a1fb7711256a780ee8622836cb41f487aecda8

SHA512
f89f35b6294a568ef25de8c1fbd13a63ebd139e810c91b7a56fe8cab9ed71e0b4c366efc44b6aba219adbed7f5d25fc5ac4434a3566c634a6f13c84ce9103857

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
3ab5caf7cd258399efbfbb3e3dc277c0

SHA1
beb4c49a4ed4884bc1607161be6fa4b13a21229b

SHA256
021178f7773c1c5fa75a38b042a3187108519aa63df08afb54dc896efebe3467

SHA512
3741d7663ee4bd0f62a9fd8a6ab5b4ec93e65e93c503148bfd9f67403bd33492780028d60d69d279085b38446989788814e6dce57b964df5eb18a7fe57183210

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
bf378d9325a0a2ea88ec644ff60aa3c5

SHA1
8d35ad900655830ec7e80b8ed376c07f4dec9920

SHA256
9cb8090cd22e573eddbc69fe4a8ef09f6a62c7a77f064f79fcf3d47434160808

SHA512
079fa019d6ea9db672e7c543355eabaa4649736ecc5893d06ba6ec2511202987b6912a78d435446663f2001c698c1437b6f6ef6c1f2893ef607a44509fd62ab7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
ac154d8a3b1315e61e5905fc6fcf547d

SHA1
a50f49738881b22bf11638420bba2b73b2c2368c

SHA256
07fb57b9dd876615fed4efcd8a0f138e69c935e952b87ff2f4115125e06a88ad

SHA512
8a31afa3dc49ff3979c1c2b5b46aa56e4dd2edea918d520c4f414839e6d9bb852430de0c18962480e17b3748bcf7f2c7b0d2f593d70e33be11366fc099acfe0a

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl

Filesize
29KB

MD5
de8b69a499efe3b2e9f780c35ef87e08

SHA1
7d352dc6ddea1c3358b0ffb9cc39a0bc9f004b50

SHA256
5f27f90e140a3e0c018171ee6444fc138fac3e632aaa7bf7845a57a86589e71d

SHA512
730cf9d209bddf1e2c04233dc33484d5c389573bb6f9238e41f698d87786e203b116792d67141d1ec5937fea878d9366f95b6caf7f420689850b0d2d716f279f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql2000.xsl

Filesize
34KB

MD5
46cad1481e28784e181fbefcbf13388e

SHA1
7daf29a475655bd90edeb6115665784991876304

SHA256
42e74ba5ecfcecc674d34640b7a8139e31affd0c774d5deb8887d8e0ac81e689

SHA512
912b7a13d4d43cdf47b3ebb7548cfaed74a45f7a68f82072746c2dad90f5a1bd3f52fa2945ac5daf03aee62e5b571ebb31accd028c505bf2a5de1cf5465b8478

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql70.xsl

Filesize
32KB

MD5
52500141435c8da3dc4b4aa936ae1275

SHA1
3a89ad49f7c1db61d8ce197e3c8555c22f97c33d

SHA256
bf9130b84e685f781e82d38888028d0daa108921b99350b9a327b437e2caa004

SHA512
5e58ac4624680758e14b3d0153c9d759c519734ba727a026612a4481037bdb3221c0cd0a69703f977f46bbbf8361791966d9960479bd78396a97ef5870c647fc

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Informix.xsl

Filesize
31KB

MD5
49e63b3836a038064bf63ba6577d9539

SHA1
1a2c0c8884e9271838e6247bbdc7e41bea46b60b

SHA256
eb095a468782a26c1370877d45e5037afe56cfdd5d43d33b9163c5a0b4b8c05b

SHA512
894686be3825d7350504bf919a4d015b41e58bf856ca3a65c218318ed0e03c7021d1362d704deeacf90087fc5f77b02c125840a0d04e8ecebccbde7428146e2d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\Sybase.xsl

Filesize
30KB

MD5
de51a97cb7d087cff1506fd4612a5940

SHA1
73e862963aa0cf69cd32a30ef22ec02e0942d5aa

SHA256
7ac4f8754eb282f34a4de6e544a084b736f53c6f1b355db37820009dfe56cca2

SHA512
45bffb72b4cbc7e0fbb0b77942d0fed868f9887684a0187bd2f516f9cf4193bc66e0b277bb2c4f39834a9add83edfc9291bcecdcee7fe5bcda33e710496e4e43

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\hive.xsl

Filesize
79KB

MD5
f28ea30c381e557437bbd29a2ae073bc

SHA1
f4a5126c0192a1fc2d39ced5033fd7e694921092

SHA256
94cc04a116e7a30cf5b76a5e848d25a6f97c0ad54b669607cb0c7230a19a9aef

SHA512
5fe55cfd6ecdcfdd3337dc46141e83866635940133edd259dbe7f2de36a59321f37cd29fabdee9c17eb0f0c0347a32e4e08ef286dc64d9bca2f10840675f77c0

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
7297d79ad68713de121cb7453a8dd3f2

SHA1
f9514bed634100349e1b5fd074f700bdf76aae07

SHA256
92a75dbb7256c7be0c9e423e076dd9975398c2024735218322707402da71c7f0

SHA512
42e02eaf2875e981a517fee17051c71c8594338ffba359ded7b1e282e2b32b8e55580051bebeea958a27e7a9c4477ee2baea16dfe44acd5298c459e0692b8a93

Download Submit
C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

Filesize
8KB

MD5
416583a52cb506abfb9b709619eca010

SHA1
52d991d77bf0998c32ce9f3c4f870c26660fdf8c

SHA256
3aca16bd682df2643404fa523cbf0e1061425c6d5002316a401be4228d6c647a

SHA512
b072c43a2833926f31f086306319531f73148b50a37a01d535a64c4eac0f8f3c28ec912a8ddb0b606c13700a4dd5ecab021068254404ad6dc9ed6fee4e6e2e3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534300936531520.txt

Filesize
77KB

MD5
d61fedccee5033ceb5cce6da4cce3bc8

SHA1
529b5d72107f35cca3930f29839a4bad14a9027c

SHA256
3f1be7224559e481150ed0e8e38e12ef55fede4e5820eb682b1e36e360d20717

SHA512
c672ec5dfd63efbc0532f56b746d83341eaad8ef3dbf690c310617e240edf6b35f9d2166bf19f7698a6602e57e674ab9bf1466519de52725ceb9594727697b57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534303300411997.txt

Filesize
47KB

MD5
d3c4a4404f90ac0c1c6a8c32c9961eeb

SHA1
3a0ab58152522ffa4a71759287427932522fd04c

SHA256
a92c5654004623fb8a5a43aec76102b8532d467faff3589479e51ec8cd2452d6

SHA512
b0ea6aae79ce71f17dae9d0756410fdba7faf0b46525987697cec2c161fea2230fd9b0ff72e167d66a0b6c0d9bbbabb91ea13fc9ea7894cabe5ab4fe61deb717

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534307844559628.txt

Filesize
63KB

MD5
9922541cc9b85249ba2ac144150a7805

SHA1
f2e5db5849cc3a9aa3d0fb10db5b257f0bccad47

SHA256
aa8793a9daa3b046c64c89775b3468f0735d0d40cea3aba9701e94d4190e6b4d

SHA512
3c83c8d10d4f2d127b5c7fab400061202e999a5cd6e5742a167bac1551b41848de1494b4aa9bbcfedd504afb3083f52ab1aa1dc6bd37c895becf14889a7d41f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133534333717101821.txt

Filesize
74KB

MD5
7d80feb1aeb9d522f4c19fdd931f50b1

SHA1
f1af9c336f168067f23fcf956a797665f1606cc3

SHA256
4fdd742f16bf5df67981052c25f0f62ab63560db2a9bdafc3b8d22fee3cf3134

SHA512
839b4bbf186262ff4b03d7f5bb8298d605f63dc327f031e38be39e17ec80aa07661413ffbcbd1432042e34b26f8c04bc504f499b571ce8013bcf23c92b229558

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
341bf112ddb94f5f8ed415f92d69da4b

SHA1
355836c0ab9bb7104281d660bfac7bc7702977a1

SHA256
eb3bb577b5fdd1761d0b2806611ef7e622b9da9d4d759b1bd69ee83392068ee0

SHA512
d9e6b3df83473e1a29b1e11441f40abc3bbe371b3d39bf27d906988ab25e4c10b2021e7128ecccf0e5fc8a3b79eed797ee5282836d31ac274dd56e57fd0be726

Download Submit
C:\Windows\INF\PERFLIB\0409\perfc.dat

Filesize
32KB

MD5
c53730b195e061fc55a3b276f9141090

SHA1
dcb637cdc17eb35182e73dcd8da40a4ceb45d629

SHA256
e0c35f0f9fd0c0cb77879e101ca361164e0de0e439f10a71b27c1b2acfa97668

SHA512
82ef86b34f4dbddedd728bf7b8e11cf2ee8219897863d47a9b4f082c5781389c3d60e776f73afc94881637a2051a969ec81e24a349ae26c7b5ef964ddb4e8272

Download Submit
C:\Windows\INF\PERFLIB\0409\perfh.dat

Filesize
290KB

MD5
c5484d9d86616d139527fb1b342f69a9

SHA1
2bf6a13c8aade476e5c1b100f3d9b2efcbc097d5

SHA256
e4af9b1d061ca6ca11d7232ed57798270c89a93431aa62214857edff06eccfc1

SHA512
9954d3e2d0093ddc63d1b57ea729cb3e488fac90e212f25fdc9080884435a0146fdd547d1126c69fd915172a3ae5b622f319e9dadd23c389eeca5ef044813451

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\GroupedProviders.xml

Filesize
317B

MD5
7026c7f1f05faaa79d50dae3a366a505

SHA1
c9f9ac4cf537ef07c81c53a951ee5604c07e0b69

SHA256
d1d2f1ef620523ff8849fc0bd710971d2a0e148f613467d4324e79b454d7639f

SHA512
67b436031b33c4a46b4b72405718b696bcbc0ffa385bcdb5248247d18253271f2b5c7ba798a0b5240c5e2a7dc8d00c51e3c239ba76532dc7ecf0bf77abd6a4d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f66598ac0c67fb23c3fe141ba7a39c98

SHA1
fc5108be3a8db025f1161b6fcc1e536f2bca67ba

SHA256
7e487c53becba9a0818ea016e191817d7712345a900675028f8e65bbb8dde6a9

SHA512
957f37f3e005b693be5695067cd4f0890f0d6081c41cdcfc574415b125249a71b8eccb719c7f231914f2004d4b7389dc1faff2e3ff7e9ef920d172b5f5c7dd6e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
8ff4f70272a465810a01942f830b94cc

SHA1
52df250e20adefc00fd4069c13926031812703be

SHA256
e540872858ca53a00394d2dfeea1925eb4a24366fa60131fbe0b5ca37ec1256a

SHA512
fdadf33a1d992834318384520a9a6542e58c536ce4f99557200c353a7473f1588b747bccfed5642b655d9d02e1d59afc6180796344cc3aca939cc627035c5349

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
c17bd69ae8abb5f97bf3d9f62bcd264f

SHA1
73bae7f2cb87f055505a51d1e938ce89e559c4ab

SHA256
0ab1cef59c1ef94d43ada0f47fcc9e9129c89c698dbc972e6cefdf6419715c05

SHA512
a098ef086052f3d75418d85b4bd41400a8262b6c6a32c2ba459237d78b3799069df03b029f510d541eeb0d34fda629b11759504b1c9264c1b2559e6c75d117db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
6abf4222eb074e2cbc4530656bb40899

SHA1
a2b38899e02c1a8ec322dc17996f6ca5e33bb674

SHA256
6476d08c5973c40ee4f9c943159a2e9f1d146b55e8a81b964263e2f4f7f56d09

SHA512
1250dca1e94f4a24fbc505acd360d87affbebbb3429af57039c7aa60d6e1e5fc57a6f62d5c448dc41da10ffbb7a3f330c80b2b96ab10ba4db57c5b330314d3a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
cdf0b0aa18e319ac8dd39edc1db84092

SHA1
48d3ca0d75839fad8d20d6fc75810b539f38330d

SHA256
5e21022ee2ef22f48d92426214e20b41b89457fbf8417c73bf8198825e563e50

SHA512
adcb6f4a285622ee975e7b384c0f39829db3c5625afd7a9104e453f958a068400ee68b7ea9d3ba8adecf1b3f484b31fa9e0e37f8abf0ed130bc199a72695ded9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c95053c7db9d25c19efb9c80a148a400

SHA1
8a07596d9468bc30aad96258648b849d1ee61f04

SHA256
19c54db414e38da39edfe0cc8015a4b0e291334c0ebc677c23bcadf384a69c5e

SHA512
5fc5363fa3576ecbe89a174fdf7a5103672862eda771f8de448847054e159467a8ddbe8b598fe3133d0b4568e9ecac5298d2c70af83039a508cb4113585f5020

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
9ab4e6c01bcb5e20d78d28ee3997de79

SHA1
6d6cf725915095d1b01adeedccedd46756c02a4d

SHA256
2df1366fdacc27dbbb490d5711b337779e5431667cdfe60b2d14abd4c0d5cc7f

SHA512
b9a3889d2ff474be901c7d2e5c8d2e5d2ec8ebed086651246c3f0ba8503765d4a75ab3e232a1ba4ab68789f9f65e58f8270dc7a82d23c394fc4c48f74ee5faa8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
b1e692dae20f8903c537f5c5fb9dd7ea

SHA1
fd09f3c1d7292510d2fa59778b2b8a45c1ceb586

SHA256
bca019efefd67996006c8718864376fbd2614359eec9d36198a28d16f6c324bb

SHA512
22af532bd782027ff28976da5c39ba53d19c5c84a787c9b2e3ba2ed69e64707956fece207e6d878e7b156049c6280c7b84963d4b114e722095dad0dd3d585bf5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
9477faa705f80ac05e503d35c4e73fa8

SHA1
85fcc5d1d151958a219cef382b7ca895fc9f7253

SHA256
2ba004a6fa405d1c22f716bc4392b378c0e6d9e25d69d0088398bb829833e9be

SHA512
32f54cb4ff22e83ba004d111c885d1e76fda442e39acaa33e365bd2f94f69ae39dedef67179073a132ae90635a99637fb2809edaa86ee5b93a886926d1f51fd4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
341307a0b3a2043e8774522eda561f77

SHA1
a5b349d819f1eb03cc65752fd2e4d7d94b5a8efb

SHA256
a6fd5279a7722315e0e4302b354f975463411a0bacf8c04751a94c27e5c67b02

SHA512
adec8df3a64d3632a5e148db5a21cb237536160c964411466b1fbd9d78a5242a93d5e8d033c81bb69f76ca81cc7937421c32c95c67ee10674e6099f22c138304

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0ad7cb526314caff508220187f5913b4

SHA1
c6f51dcedb6a9da4954ad9f497e9f72ae3c289a4

SHA256
320f54c73220d3fbf0b698c27d4b1f5052b6396a4b38db4710dad67457e6062b

SHA512
1c0c9d509adc99f81cfb1166ff384ff8462bd4defbd8dd7a8917ac76fdd4ae0e8a455825d0f2a70e893f9587fb964e023d174a055db504a5c5620d93a2a63dfd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
e3c943d49ef07bb9d54c39e9cd27a2ae

SHA1
3b1750f8963bcf8e97fc6b5fceb876d8187d799e

SHA256
70e9a4d070955a8750bdb3403e3dd14beb131fb7a2aca43ed72e4d5d50a32f3e

SHA512
863e2006fa3193226111eca25b7d5f84df805aad430b52b31df7f349a375b2bbb088b663d260ca6e695e3d0201e201a207fbf92694fa14fd08dac1acebeaf83d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
dca20ea8919f53acda5508789074c075

SHA1
652d7da03fe552627f9fac5b95880c7abc847eee

SHA256
63c6abe82a0b8ec30f076a470f9a01640e8e35e5fc697d32f6501e5b4ff97dbf

SHA512
6d5ba9e6241de68f2a49e0998028c80df75768daf0d67860ceb7ba3f7fda2ceadff204bdba7dac6631d6c267dd4ec5796ed648af1dc360e5c1a201ca9428a2bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
a7f566c45a7f6aa2afdbbebdf14cddfa

SHA1
5849f106c3d942d49517b08aa7e114f62c1f937a

SHA256
4370529d8898e3ce2163063e8c7eba14c2fe0ee61bfe70972c73479706d4f631

SHA512
a9f904f41204e418c6e7272851d504faf5e012ed109776a2dbe988c2bd46c3994beb24f4739f63e09fc119499a31bc9eed808a295989d208feaaa60ebd1773fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c41c0412a2bc83f49b0d59f6936d4003

SHA1
02ce5eaec3645c741b906aa4b99d5171fd4b5345

SHA256
76e5eeda6cd5f3f3e4ad799b563bbba35745130b5461302a04c65881547dee34

SHA512
4153cd6a18d97b40a6d00c8e851d090440ab20e00ff9a96554c4958c69d7c3175826dc2161393d21e72d6ba182ea0bd230eab573cc7dbb531d958799a512baff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
131f708e3e0e56ddf975293e230fa5bc

SHA1
5b9b42b824a653c9b5146d406069288117cb70d2

SHA256
0227df4bcbd2e8da92236472fc3ece86d521edf1502bdbb8c40e47b775984962

SHA512
309403126dc46fa7f76a7405ab15a2f3c6a0081ad39cd471100a1a3d67603e0cf4d2c58fa03d2c1f240ad816d5b092fd565e744ccbb0463c67a7d2f6426916ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
3759ae18773328a30de1338e93c55658

SHA1
b7b423aab591d55fc203c2c99e2376ec22e32928

SHA256
47a25cbf3e9e51fad788e852be2c11f9fe85b627d61a9df1263b890318c2cfee

SHA512
ad937d43de9f643ed9e0f5bce0e7296421e77f84719219ae2d1181a350a644708efc248735de007f029b3652e418b9593735815a5461956df78727f3ee5f3e6e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f9dfbfaca4aa428861f65d9584c0c72f

SHA1
b029669dc8d18250d40d0501e1f637a16fea4637

SHA256
21b574b256bf137749e4f5737d84f0859dc299231ba38d981b130bce8f7e7807

SHA512
41cc7fc0252cc2e2fe92dd3218229983cbb8e0554aaf3e8f4e9898d036cd0604e4d915e7fd6490d422e998d80984a371f678d8050e45ce89d3f29463e139695d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
3aa80a74896b8b50fe17f9373ab20e48

SHA1
b1053ba98e796a81eefc7c02a5275af4efa132e4

SHA256
efa549a62644344ea932cbae694a389c5fc1d55982b21f1405b25cc2887154b3

SHA512
4160c8993ef985bda95270b1eae61c94604e896c7e01ecb92a746d1478a193a1526544e1966ac197f5991c354c457f7c629278632d5de56ff1ea6dbc13fd7381

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
58ae0a5162d1125150a4bc6111d7375b

SHA1
0e961861ae4131dceaa62b507458cda4d30452b9

SHA256
fa16f15a55dfe5cc26e083d5e2b834194b0120638760a498036055dcfe2f7d85

SHA512
c562d154b0f8b70a1bf5b0434785e4e142ececf46852118df3a60a7880e36d600e71d7e4d9635452b3682d17f3c5e6e334529c27c6b159b74c92e48abb81495b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
760b8fd118e3aad591cea7c4b72c6541

SHA1
00c68a956b618ed67c702536dfe70b5f70c458fc

SHA256
3decdc7c770d2dcf359854e8186e08412ab1455f267991fb7915fed292aba322

SHA512
22ee6cd527fb173a6d0b44e4cfceaacc852a994f8dedd519c056842282339b1cef4ec4c8ad3da2d1d4b8b216a669884eaa574f9f3882c4206eaf2fcb1ed2fb3e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallCommon.sql

Filesize
24KB

MD5
85149c4a0c3c486dd3468550ed90ba18

SHA1
e3747925ee3f0f16fc1b76d67bad6c624bf3351a

SHA256
4cbe9beb4bed6a3e482cb682252c893afd7e723e049dc6126770985b62bb870c

SHA512
c7bba9878501a5080ac8897568791c0c54443299d8578ebffb30d2f67bcbe24ea20c106e299eedcd9c84416462eaf59b96ce91dbee5e3b86ea15675c982e5f08

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallMembership.sql

Filesize
54KB

MD5
da5fc15621aba8757c0c610b6c30e126

SHA1
51b20d02f28e1036c6cd8048b01b8eb071a9a8ab

SHA256
0a582939c441460b36e06c683dda15c4e4f552007ee6bd445f9c0010105f74fd

SHA512
a8bc40382a90cf04db8707aee7d7f375aa0c3c0c6157717c27dfc5de36fd2972ec94e65602c11a96322d3a706180b04a40cf93bbab122aa50b623877cd4d49c0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersistSqlState.sql

Filesize
51KB

MD5
1565b6147d3435868ce8815679966f5a

SHA1
be3df2b80bf963ae3a027e9a755a3baad99cbeb4

SHA256
70269d26575cf0b5c9f806c31eb5422625204c188e90ca4e21523467178a1e12

SHA512
a10447748f29e4b455f8a4311331ada3a4a7f2e0dc275e99f3336ea9d53d82df92102b807000c963390c2f2cb590e1b79ca7866fe9c963349976909bd1c8dcf2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallPersonalization.sql

Filesize
34KB

MD5
dc8ea8d9d77b93eb393a71b022e90d44

SHA1
471243221b1b3aa7ff5b5342386dc311d79ba505

SHA256
cfd15aaf82e46fe684f666d9c790e4f333c93866a2e1d7c6b45ba87e7bb83df4

SHA512
c7740266d16ff504992f094196a04f9b4b8f75ae5b01eaf85e84eb6f0c699399a0d167051a8f47dc7ea5fa1b45a043659272051baf4661efd3a37eb304c40eb7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallProfile.SQL

Filesize
20KB

MD5
e6cb8d600190d6c0ec239db911dde102

SHA1
4f41874a58c1b74e86b1e9ebab8d1a9d984e765f

SHA256
b84aa558b707387f1865c04d5606fa3b1153749feeda0a7a3c3f4202639d2def

SHA512
841e24665b466c13a6c4c90a9f254652037663372b6dffc6b158453199f53885b2347db8bb93bf85a160623b8c865f971ecd139353884d720b7c43037484864f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallRoles.sql

Filesize
33KB

MD5
d93b5238bbd0ab83851a4cc07030005a

SHA1
b26d8125a097b6c03b1a8fb6e000ca305ff653b6

SHA256
41ea6cf18470e69836363ec055457ba7ec11ae4e7b619cba3d3dffbfde5c5950

SHA512
58dfaab20f93bb1b61b79a7c7804d717a175d33a8072e686fd859349dfecce023e3e0b2f5df58600eb51a6750dea0e0e1ecc999bd3a0ecc8113ac506db9e7467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlState.sql

Filesize
50KB

MD5
cf49c4fe0c781b038d8b2ef1c4810c75

SHA1
a6fdad627f68a2694c056ad024c7351bf96c5a7b

SHA256
cca8ab899ee4aa3e50bf10d4417adc1acb1ba2e94ecc09a135241ebeb55f2902

SHA512
b059236726a3b6dc38e4dcc5bd8f9fc68513450cd357abc46d7be45febba455e1e2200782129675d275a5ae5b231b561a37ff7683130dbc0e4e13435ae87828b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallSqlStateTemplate.sql

Filesize
52KB

MD5
e11c523dac6d3578f31c7a4e78595c70

SHA1
45672ca96992af20481e60745507762e3f22d982

SHA256
8ae4d0ae6494d462712dd7bbcdd9899ca9f349f722f7d4fe6389e26a25c0755f

SHA512
f2915f56252780e0622a60797dbb8facc324f41e9c55231ed96a44b49e7dad613be8b0d52cb472420c8c7157b7913bbaf64bedcfaf188fc50b085c1ba834e75e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallWebEventSqlProvider.sql

Filesize
6KB

MD5
a1d6f4e381cab143aff2b40dd02be9ae

SHA1
5278a3aeeb7af409aa00d4984b2f7d4467792e40

SHA256
6dea61be2224dfd17b664af3aaa28f5637fcf286f7e9b8797e3a90cb787e96d3

SHA512
5093f3c7ee5d62f85eb77e71b9596cee0857c255b48363838ed0a0dcb432c4fea29d49b711004b1c9905c71c1ba7af9442dd0f07b8ea1555d02356da5f7db721

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UnInstallProfile.SQL

Filesize
4KB

MD5
f82f354948cf0a4a0c31bc6ae85cb841

SHA1
8cb49832453c48a5f71cc20559fa1b435a3a2ffc

SHA256
aed541b6ed4551a1f0cb3852eae065626d54b2ea3515d783b5072aac7fd420d7

SHA512
189ec974391323f1d2a43d1f05f3cd59aa2bc9fadd7df24530994da7d5a7566857079c43a4afcda01c6b915cd2b5a8f535a3c110aeb600cdf2758a0f289cdd11

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallCommon.sql

Filesize
3KB

MD5
2e1cc6d6aa25d3b35912b95a21119b5a

SHA1
135723a691ff20f14fcaaeaaf52e7194e2c86f18

SHA256
046331bf24df2bbe3acc02aba46b532802ff9ac060502cafe1779d5a1f3cf9a1

SHA512
c5c96db28d813c75642feff52e22ef4874a8c9581c6bbcb4c4c2c8c0496430b7375c0f3e5947f2f1d91e2286f66c3647b6bb857b5cdd9ae7ec4a40c0843c5edd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallMembership.sql

Filesize
6KB

MD5
68400e1a29a12706fdfa2274df1bb235

SHA1
02060ff4b7ffd7fcbac4f5848807b7995888a5b5

SHA256
2816e408ad804026fc5b704ddff1aad3341d91e64a812a8e48ebf51ce0071a4e

SHA512
ff603a2ce46b7c035a089d27faf894ade70bacdb4dec8366231e8262db9f4e9ccdb94182cf88a76165ed34b483a1de8b47bba2f1b986522be1c2969968f379ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersistSqlState.sql

Filesize
9KB

MD5
38a2175c0224fb744dc00258dd13cd3f

SHA1
1aaf49cf9da52e6666ca50d1581d321a1c5e5d2e

SHA256
536c2b422298ded23886c85dfa72b3b7e0150de24b081ba979f679c398896d82

SHA512
7ca6079765fa30657ee04ed434e50dbe44f0d7245940a8e895250041dad9a00a9d49e7f39c4f21b573fb502281db48c18c65ff6421f0dfb5e732345540ddb41d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallPersonalization.sql

Filesize
7KB

MD5
f3ee9da7ea3d35ebbf32f71d6af155d4

SHA1
244f4f7bac3a7b9e4ddf1107d52f9d56e73b7c5d

SHA256
21d64dbc0364112cd148962a59cd5cd9ebe83a71c01782b08b50e1f5d92fd58d

SHA512
880befe71559782ca46adf6ece895a010194bdc8359d8b10ab2da7e84b12aef28d9b660a65e4266bf239066ac75abb74ff9d51eb0c73a2d06023a5340aed403c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallRoles.sql

Filesize
5KB

MD5
e8f299ee224b468d67357f89d4f01307

SHA1
979305bd4746d3d8427fb24a889196b07e106b9b

SHA256
8eeb21f8127a36aca89b5eb0316f38112a705e61bbece8481085b38d047aacab

SHA512
bfaacef1c25a2431d1566e415aa03fcf6f3db725b89fbd01a550eca3a3bfec9544ec7735928ac6a36053126ea2e2776398ed95ea6d3e113c82b0be70f3a11cdf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallSqlState.sql

Filesize
9KB

MD5
e9ea226812c829404c405453e4a7ddff

SHA1
3d94036369b7c8c00c85bfe40f66b65600ebb755

SHA256
223a379aedf813c0ce6c3e39b48d792786c7f0543da02336dcee4a47dcf94614

SHA512
cd0fde6bf8295b1e003ee4348916780071bebb1d8004da99174c5e9195c0f90ee338306a97303efb6d0b7ae4760c628408b200ac6baf6ec5a4d0c4a900734869

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\UninstallWebEventSqlProvider.sql

Filesize
2KB

MD5
a0142de0fc18d9d282039b8ee7be5056

SHA1
a7cc3681f8fbe51ed401feef8f8b0436e4befa22

SHA256
75e77cd69923b326bab4bee67f149383cca5483b6878295a6b613f2e0caedb9e

SHA512
25a9f65fd203e728cc22f1a1443610c70af2a95787f86a350310d63e5429d313483e2f7b4f8c90bd50cf28259975f4f5ca1e2bc492dcfe8d1398f50a666ad1b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Logic.sql

Filesize
23KB

MD5
b89228963d99ef339e9cdd1e9ade971c

SHA1
c2b3ae13ba613d2dedff81c5a4e2cd32c9d804f0

SHA256
fa6dda0086c0558ed6985f67ce2667225af27c02eed1b6ef270677ed35ff79a6

SHA512
d7a27d99e3df4d0147d67af6df11e449fde2cc00c37cf254d0423b38126bb99e36e8c58314f282228b8775d2bc1715dcc0338c52ba211f6b605895276a9bc23d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\SqlPersistenceService_Schema.sql

Filesize
4KB

MD5
830f4026052a9b38c63c7e37328d4f59

SHA1
1e50d71f081f558366bc0637d0f6e8211037b386

SHA256
11b9ba8484c6afe82c696259d878c127409b7db05ef11dcf7c2bc259904db050

SHA512
27b7151a2ccd531ff75ae4b7d6278def2f14a5b88481c5544bbd19977ef6cb00c3912486641706f86e850f5ba7c89eb98a2339dadcb4dafb5a37f09bfe3db91e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql

Filesize
372KB

MD5
193127c73f311811423cc559f62eeb1d

SHA1
c289bea7ce64099aeb9d5b14fa78a6f08e011f58

SHA256
e65d882a353ce10e7fe0f7e80f4286758712d13190714a2824ce0bb7105fda72

SHA512
8f51688b5e1754503736928f4f245244dea7e90eb14115dc4807bdd426c98cb8daa37d7aec3bdd29c21b5481d70ab11dd66d4f492cc7fa9d85546779a8c251f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql

Filesize
49KB

MD5
3fa96c4b52f71003e0c85e45fa9ad003

SHA1
4764a02cf4d461d458e7e3523267e88649149919

SHA256
3bb8d99e6ee3b8479ae61dbe3be2afbd3aa34f49691c4279cf2353fb65999204

SHA512
62dceee02fb2c498a1825798dd5752cdee8d2325a44030670c4775d83a90b89f1724a0cd5e1a21349b6d08c5ed6f65c3efbb0d41a17f5fff1e381e9451d05095

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\DropSqlPersistenceProviderLogic.sql

Filesize
2KB

MD5
08ae2bc80ce400fb0a89beb68752e50c

SHA1
819dca7c377e2a574f281a368314fbca3f8170cc

SHA256
2182deffd28655d317b050f5940291dfa1bb2488cee2f6ef0d0f6b15ab2d239e

SHA512
1aba915982287ccf713e1951025877587252a647f4d4151da49c32698a3d1f6e0ae3e125e610f95d236f0f586f1952335196cde1bcc79706da3178abc3bc75f3

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\fr\SqlPersistenceProviderLogic.sql

Filesize
13KB

MD5
e57e0c7e99983d654353ce236600cbb7

SHA1
66dba9d1c80dcfae6b6c389371402364357db3dd

SHA256
b0f4e5cf843d6e2cee00c0a4006e4d6029cfbaa39363ba56784990f36bd309b0

SHA512
7a11a55deb909dd1da9ee8f38d8922efde050ba0a97de60b0f167302db588e7d053f9c329cd3915fe9420d3490c37ae10888e37f30c206ad8d5e59ac4320802f

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
182ebfcfe5a2295882e1a091c6c9f94f

SHA1
efed38665e15c22d3efc07a7b253851c4f1350a6

SHA256
8b0e4654dfb555b6d6189c66ad1ca18caf7258219593a7a96481f936b84c7285

SHA512
a336324e70df56cd6a47ae9c738f78de3c8bfa9fb7dffde0c5852ad2eb64525538f87b02274d8aca504e9732941c321241fe4020ca0eec3d4538a016862cfcd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

Filesize
62KB

MD5
bbcce44785f7bcc004445fe0c1a27e2f

SHA1
fe3b2ca892c44f66ecc2f66b60772522c12b4cad

SHA256
eee90f50b58c8b295d7efb68dce2f416e400746658148ad61b4c66a23f9dfe04

SHA512
55492e8349ff0d4d41be5df5d8bf2402a80f798f9856aaf56fc740a1b3ffc3ff34595749b59956eddb0db994030321bd28b9943d87a2e4783e0cfea18fca220e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
47986c3dcaed6be7d7d4384c8fd2a3fb

SHA1
d7ec6e3ff92763d31ed472a908ca928d1dccdd46

SHA256
1423c1e3e33371036e3d6bf6374bb42cff192ae891cf3a0124e2ac9d634a35aa

SHA512
10a301a472d186b24177735ca59bd9e2bccd615498b9c6d02abdefa7c993c6bc1a181f003b5021a3bc7a8ee2b20d6f79efb2a3d254da8244c69735dd240b65c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
51b188216e5c40614308480b384b7248

SHA1
18af43cc4d8357ec864dc413a520598828ed1afa

SHA256
ef258190e5f66a17fbddde62c71c99c436fb40c248ec9661b9bd74e837f5cfd4

SHA512
ee69cb42c2edb7d7112634280df0e3721e87b6a1e80a1154cb88872bddbbb8298ac90f582d08e054235347dd1e5789106b9ed39f7122ae19836d6d1771e4e904

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
c71860325a7d149bb603705e0e6be6ab

SHA1
64bfb8acf2f522fe7a732389d5861f99ae48de39

SHA256
9043ba99ecc9c035ae7be0c367b8893527fa0454dc1140b364372925da98b481

SHA512
3486d9ed43e58a595a9fa71024da23c169075338caf76ef95f6eb04591f5527ea35672561224f03b0ac7cc39a076958ff6c786711eb27b33401144e3c654d048

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk.DECRYPT-ID-63100222

Filesize
1KB

MD5
21f595930d288a3d41337b00b24ac1cc

SHA1
a9229fa5e549c00ec90990142c9fa3f213e5e1d3

SHA256
b313f9c45c97ff7ea29530d6191b645994d1f77aaaa3565ca72832b2090fab9c

SHA512
92c76bf0108c3e8c3c411fa1495de9f49383b2dd9395686559a116d394025c25e5086f543a0a045ad86a5395efa8b7d837be82944fdd408e88dd189cfb368527

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
91a579c496d136a454618203f70d4688

SHA1
58ba231b4be8ac35e4518bf2e2f62d551aa532d8

SHA256
e18a09d638012e48fb391dd134ab042d929fa8ec12d86fec0fbe8fc29266d3e2

SHA512
af97c7ed24037ba063dade899ac8a9eb01bac721fd64869b1fb528fd525e666a91b41163208b0a29b751c2a92793e114393b072b9ece7fddda175d2c8ffdc1d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
ba43b159a3b62b1b41222454d486127b

SHA1
c988ffedf297242d40cd32725207d482e28ed8cd

SHA256
e0bb038dd739bb2193b07d5c8fda83d48d51e1ad015264bd649067f64f1bd3ab

SHA512
68d75ede94a64d753fd80fad6554c85783625fefcebcf0c76aef07eec20b9b11091b11c2f2b42bc8c59c12f7bc06921b195a1ad0cc92071968f787476000ff3b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
cb328550702cb12ef42ad08c13134758

SHA1
910f3a15f749e185c7656fea562e5cf382464884

SHA256
06d99f8b50fcbe7c4907c9102a0750593aa4be35534982c8aafcf582b0730568

SHA512
d08391e7a4af992320ac6ca3da20d4c50d078449d2a05233adeced6d5ee3c62565255e823d6e23509852d9bcca9c8dd47b1e0a967ffbca08b53a4bd637d1fd7f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
9ac59831d674c05391787d5c02e6f65c

SHA1
21e87cec106175c93a3b15885a31ae25e7343c5a

SHA256
8f4b30d902738d14b5d57a325a67ed385dc67f55b62e12b28637711bbe2597bf

SHA512
6d39fefffc6d112c136753fdbece930ac38ef11cfb51c8ed6a982c27e294b1c32c365005632d43c9c13693c19f0a19db67dd1c82cb5013d05d4ed515641cb47f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
b163f8241a949cd9f2adeb255e242427

SHA1
d08132009e578076e5979ade6985fe954664757e

SHA256
9dd460a30713deff86c221c35974ea858f7f03284915d58a449b48a91e9ce20b

SHA512
1154cde2850723e844294471c9214f248ed690af99dbf919670b2788da1e99881346f9119347860428b0a27e018756cc9b1ea77ad0db8505ff7db7402df100a3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
7b4c3208014d60b36eefa55df175653c

SHA1
823cbd1a3ff998f5f535fc4a2837541db95e9edb

SHA256
85f987808fe7f2b3e9c93ae1f18b783278f2139cc974cb63adf8dce676e23cea

SHA512
3d076940a2bb9c03729d7017fe9a8ffa9d2cf7975ca3cd751b5aecc35b86a6d9af9028ec2a04cde1ad1e8874b039663fd32dd954f49955412487d83897dcdc8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
b2aec1a451f1013fefd89b723a357665

SHA1
fe96c46e1ec53d4b019d7f56aab0b7df0027310b

SHA256
69af5e543e05aed39dd73f2fc9e9cef10449ceac7b7e1acbbf5ef9a6b165134e

SHA512
b616c7f73dd741687a79406ae0604a9569e9ff2d26bc93aa5cf07e8ce80ef540c1db86ae5d487b6fbc11980c3b3f8edaaf13d5ab7b22eb967f66076dfb15ab3d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
321090c39510c100d30c429b5532a496

SHA1
cb190e855a463e7d07aa899de92ac6b42545412b

SHA256
9fb564dc446599238a9c8fac680b307c8b81a8eac9330c13789c8ccfc831cfb7

SHA512
585ab554d26b9adcf373545aa7fedf500a3a168b479f4b8b8391cb679325c031265dfef111f6071c7f3075833288c98f695f1f83cc146b4b6f7cbcc8bee90855

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
3670af000cf051eb856463af614577ff

SHA1
123f5571b5e56a6d08feb9027115d6120373287e

SHA256
6832c9bd31595f402bb6fb79329c8bba5dd80b637e098d3e1ce0c8edc8fa16d2

SHA512
7477acf2b126d6cdd8b16e52704d45b9e773a8d7b9ab6db9f70f9c29c57315f3b539efa23d3e558490917b3981ce55078c6b20035c033ec93c8c5490d418b009

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
0c535075465266c68d168e68da38fa3c

SHA1
838e85e200d4118beb451552599e56c4e3a6a4f3

SHA256
d9fa585dfc28e0a5e41438a9d45e5a378a1061b47d0055b3f63b0d054e88a4cb

SHA512
e8966f14837c9d981ecc548f5953ecd66a3e8d0451c2a8ff9518386c95a2197fc9bd7b333b86aa9a26a338b6c606b8de679ea16647ff4785533391c52ba5dfd0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
11cff36a957a3449794fca133f92dbb0

SHA1
c4db6d9f31bbb9c59f8c08d8b7fc742622a06ae8

SHA256
a0096d6657dacea28ab4cac887b26d6c5c92c5a2c2a425e040fc2fc56227f632

SHA512
42438a084525e217f78aa8d9f8c946c88d2afb35e98dacc7ce041bb217ba5e11061eca31651b8283559e1f69f5edbdbc88c6de94b4d2e1dbe7ba950dca5873d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
4d9d04f70247a9294d80966d8b649170

SHA1
b63888ec0112940308774cb58657b94218d7adfa

SHA256
c64bdab80985105a608726acfc61d480c1e90d99b70cb84a80f2fd807588fe55

SHA512
12e3352eff6e53503b63dd09014895232973a465e39d5ff54dd7ed21c366118e664dd145ab64410adfde4243be32213fa314de225d5328121dfdb5f6130e806e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
06f28cb6da4fb5b43cb92b3d095380fe

SHA1
5af0a7e8609e8f2173a09e1639ac6b3d597439bf

SHA256
f0c5cdf6b7af11e68dad271872d7394953d7e9cf243dd06e4ae5d8d42136ca93

SHA512
9664e9a5ea8b42a071838c65f78ca20a8ff8597b5c60fe1f6d42c07e2a38a98f2fe7bdd048009cf71c3eccf52fa93b9418cb6315e3e51e7feb8e83be1da55483

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
347049ed724c821a2abc5e53ef7e53d4

SHA1
53c8c3107522ac5a68a0dcfade3abc8153ef4f8f

SHA256
a6f04be5b9032f34ee860ee2ec1e7b9ecd7300de66de708f40497cc116d5e1de

SHA512
8c16b1aee38b652706e93da193cd8402b7e4b8c142b6128cd32603d2cebf87dda86f7d371ba83f2a292eb9b268ebd3babd2c30e09e94e3b10afce5417d9c0fe0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
1c1983ef056a0bb8339488418141b124

SHA1
3b48abe4924ec4d16fb03a651c69cf931ae99a19

SHA256
7afb1ebf5db5439e81ec9d3021858079a28206f999a96c2ecca738ebc8a65002

SHA512
b86704f7ec5c3b19ff4d25423f288ebe032cb91556c924b1e338eca9b57ab3874f3a746864c5fa0b77ffa8eac5dcf8599fa360d1c9836b7f37ac2552829c2d4f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
afad8ca31aba15720dae16a92c1b27d5

SHA1
bb132034e1fd427e9668a98342cd45482b51d1f7

SHA256
6afcf91c316ecdf934f2a336e044a61ee0c41021da137ead43d54b20f8041e86

SHA512
bf46509e6b552e5be12952c4476127802f5b63477c038138e38cc58d2f0146fbf72b61e5597b17cc5ba2a95d459623b4e2dae94660c685e6b9c10c6760f3da23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
410a7bff0d095e5a54162fc4171c775a

SHA1
7166c3f624a66b88bd56fc25bdccf26c9a3878de

SHA256
8b1dc28f35a86855be63f45bd74bd4154bb9a2ec61b61118376f3198b29c3d71

SHA512
dca7f6136fe3dc60180c06ca0a237f81fcef922cb9d5bbf6bf9638f7ffec1a62982c9bf977fdd5672593d4b4453b156a66404d4dac8dbe5333ff4618794500bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
f07b2d44e59ed976f1e033be203e963d

SHA1
c23d23abe5d286706c1238499eb3608c10bac440

SHA256
d84af15b11f0c3815330d006f12264cd12bb73be0ab42610dce6c25a54ab9c32

SHA512
6a8e2a680c432f402d97fcdaf3d24d6b4888a9c9bf79fe3b5d1fd68359613adfcf5a88d8fe49438499467cc16275591538339868782c673170afc13e8112bf8f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
31f6f988f262e1080dcdf159f7e40fa3

SHA1
a2ff14f1968cc9cc41c4f078a7bfeb36b461dc90

SHA256
9ff0abccb9ac48f66024d8f4f357b470a6331fec81e334c6d4b2453c5d42139b

SHA512
cafbcae5dbf1097aac9034c39e8a82cdbfeb687edc911a85189e249b3382986520b994b98934d0b68c995bfa2d2d2fe9fc3b8be61521aa0e0af02d9d6c96feda

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
0b2aa2a0eb4001c9eeabc487f9e45f4f

SHA1
3b1c40cbffd8e6fb615f1c2269b605eb6f506887

SHA256
7b1c611cc960b04845e8fb4eb7f84103fb9160247a75c29e6e28ab7d2f9b2e5d

SHA512
099d59b8c73bc7db6f057abeb1421475fe6eaf5e5d6ce00623da47d2ae3087fbe3e7325ed8cc4fad79fdf81e8d6a356f13a629c5d39adad4c72b31a3e3091675

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
748a79dbf19d35a825c6993983dbcdff

SHA1
f070ae04ed946a0609aa694e7e5404bb08c12098

SHA256
f532607d680ee6f0473337f74c7acd9f02d66adedb23d1299223b8e8a0c33d6e

SHA512
4bb0c83b97db81d3e6eeb68e37a2437f3715b60ea8c482d8b4c990f386ad8da02defda5feee00952e2e2843273e5ecee647803d0ca83e455984f69c0e8b9c65e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f7c3536a80548b3bea121c615fd1636d

SHA1
08798583da55af37af67c1719e095fdd4a8dd1bd

SHA256
7e90d74176b6d765ce8b522326fc53b1960e7daa19e9bfc7924c2c1b8de9b094

SHA512
3d1823f9ea8fd96a0149a9a6262de20a81de7c1bc4c3edb966363f50cfc0dde751979a96d016364e3d9569491dfe227c2349bae0f9a5ae9ac0684e7b3189504d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
260808fe33f32f13ad52cd101c9e161b

SHA1
30996706da3d5507d92ad1901ec37b94b22c9b29

SHA256
a2312864d9c1977436f993893c518ad6206cbfaca813413dcfcdfc629ca96cd7

SHA512
b267e1f02bfbc1f52a1029cdfe8414c9d35894ba92ea0fc71fb363a11bbb92dcd56d89e9b3c7870fadac4c239a7ba5f19d143969db34d70ebe929b6d470598c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
62026640b5dd97f2c21f019fe0fca823

SHA1
1a79e4b26fdbf7ce7e7a5257e63e9a77d85c30f4

SHA256
2d140e59ff263f7fda94bac7c957d9342a66c3e165ed58e52ba0de19954a612a

SHA512
681a8e2b2a3b34b42216816fbfd6015ccb7b2788595198801fe0f9f9c106ea65660169b59b856902a94a6f85bf84e931509eabcd180a3630d90ac4773a713737

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
8c80c5fc238b44a08dc130e4fd24d0a0

SHA1
8a332d3e9ed7697d3df5c7d8873bf3ed9816e462

SHA256
1ca7634d2aefe6997414829881e4f759302fb3a0cb96e5b1277fe521ef31bb46

SHA512
0ee23e548d7f9f4518eb0bd269f87932aa74507be3095d325b067c0d544ede250b6c3b5973e1763ff2416799b2510f7c4b0de343fda656c58ae7bd765371d7b9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
4bfd287b6c02320b5c557569ff1b949a

SHA1
49906c94ad8d038c07989df626eb37bdf6676cb3

SHA256
590faed1baf8f66ef8c71d2a75715f0f11a4b09e0d1ddf12ab674e7a0be0d360

SHA512
9cabad02a64be135d45b3f9b8cae6cf54fa67a48dcc292f3343c8bb1d12bfd2c43ea86230fc561ec10abbf362fad84533d6310891ead01ae1c538f091162e47e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
f8ea529a42f0af139f6f79b01a2c2016

SHA1
ebec52cb7bcc8a7df00364adf83b69a133cf5a37

SHA256
98fb2440da496364445e1963f0c7fb223bd308983a02a78c4ab143b8b55708a8

SHA512
0dea37dd1003a360eccabb6092a0d578405ed109209de5e65ccbe9ec5045564882708cbd331276739fdca2bad57319788138b252835e7de2f315e30a2b2e7c41

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
05110af1ecafc6f154508c3a24ec8b7a

SHA1
1402d312885239d1fff259ca828431e538b1fcf8

SHA256
41b44cbba7c8e22b1f75b3cc7ce5cf2315af08f31b0b0b5f31daebdedf9001e1

SHA512
34ef94d26cf4977275d6298787d2d0e3e162047a45f258092f29d6c23b0d72134ed3f6c9d339c40e9794e25284f29332ccf169247adc71d2f3058e86ce0e227b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
57c785dc1398a82b7d3f16a042315b1c

SHA1
1f53970597ed3c6cfaf105f7fd032c3a3d6701a9

SHA256
1ddd9d3fb7fcb739d4f0f50ffe19c13b3dad1243e4186baa5dc16301a5eb6a98

SHA512
f746d5b24840c4bab0a3b262844acc2b387d0022e3d0584ed5ad98538812e1fd6b3c08615b86a5558aebd77a2fd75733c461465781498c6ec5d2317e428475c3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
913beb631b1d411cd278613ca3c0a748

SHA1
db01f2069cbe8adfd0dc57955b1a762420665498

SHA256
50753a4ec52fee2941333b9e4989c1b082d1a75d4878e9547e6939fc482c2f2f

SHA512
b6dacf208cfcd82ce01bc1d2f2c66b16bdf2da52e31ee24e678885abd0c000714c8a6cdd5150557f5fe99950ef817480e3a071f1b78327350187d6181e9bcb10

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
370673ebb9339b26bc79c501fd77fa57

SHA1
39a035e8e9fa63d01eebdb0cb497fd41f027ab37

SHA256
c7a47ca6b2172d8ecccb01a3464001741a710bea89923d36c969bcf759773c23

SHA512
a23588616d570b31ad94f469d39c296ca5b73ec6df7e54175c3fd0cc28e4ddb5db129738049c763709116200e27864f6772e833c6d3d4d121ada2a9581e640e2

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
ac6d96ab4f65e6edd62ba88f744931ff

SHA1
d711e4975d2da6330b232a71cd2d579dacae35ba

SHA256
e17fd97bdda2efac6d21befe790fbba3a92e01e7d3333a5292c9fc6807b5e99f

SHA512
719206a3a19a5837ac34ff44c8b3700e7e31eb7a7c7c2f5e0680cab30917f7e466545b9bcbdc2d58ab0409764addfd882abc276ea24cd2fc48699fe7a9c88253

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads