xorist | 2443e9a982e62ad116f871f7133e9276d48f1c84a0663c17d6a6a1348efdd552

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_1def9a900a56445340184d0403357d4f.exe
Size

39KB
MD5

1def9a900a56445340184d0403357d4f
SHA1

40cc24cc783e687dd53d32d13309df5fe0248493
SHA256

2443e9a982e62ad116f871f7133e9276d48f1c84a0663c17d6a6a1348efdd552
SHA512

285cfe35b74faf5bafdb9907cf9bf73fba8b213fa27bed883e1a400767c6b8a612b2028c0d222af20899e1936277673885a58a3a2f9b038d2c750e2afdb3b226
SSDEEP

384:LWwB/3N38titKkpAqonT6lri3qYvjSQTsq2AMB:Bc5kpZoTLaY7ZAF

Score

10^/10

xorist persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/3892-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3892-10726-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3892-11169-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3892-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3892-10726-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3892-11169-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe"	VirusShare_1def9a900a56445340184d0403357d4f.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\winrm\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_cdrom.inf_amd64_f08f2fe1cde58aef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nvdimm.inf_amd64_9bb46b0de5ea33cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_amd64_cb18bba4788e47f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmti.inf_amd64_bcde2913bb6ccf3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdgitn.inf_amd64_6360d736a6f64e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_416a5877e9180787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_9f214efed426c12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-32_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-200.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-1x.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-125_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-150.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\warning_2x.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-fullcolor.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\Common Files\Services\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\175.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-400.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-16_altform-unplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-64.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-96_altform-lightunplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80_altform-unplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\5.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-400.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupSmallTile.scale-200.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarWideTile.scale-150.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\Icons_Icon_Wind_sm.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-100.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MediumTile.scale-125_contrast-black.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Tolerance.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupMedTile.scale-400.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-32.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-32_altform-unplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\README.md	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-72_altform-unplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-100_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-125.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.scale-100_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-400.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsSplashLogo.scale-180.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-200.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-16.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-100.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-48_altform-unplated_contrast-white.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-200.png	VirusShare_1def9a900a56445340184d0403357d4f.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.Resources\2.0.0.0_fr_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..rm-client.resources_31bf3856ad364e35_10.0.19041.1_de-de_5613039bbfe0adaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..ation-mof.resources_31bf3856ad364e35_10.0.19041.1_it-it_a3ba8c70093945fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\storage\images\clearCookies.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_pt-br_d93db0ddb7bb6ecd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_sl-si_b068fa9d1555b8df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-energyefficiencywizard_31bf3856ad364e35_10.0.19041.1023_none_8da7e725ec18e5a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tpm-engine_31bf3856ad364e35_10.0.19041.1202_none_5d5f73fcc27582fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_netr28ux.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_583d55fcb94d6860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_ar-sa_99d28305f49e925e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_dual_wvmbusvideo.inf_31bf3856ad364e35_10.0.19041.1_none_de3985843aea7810\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mdeserver.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b7be61838be66b76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.1_none_30ad0edc0e18a0bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ja-jp_d7c2226e3af6bdfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_dual_ykinx64.inf_31bf3856ad364e35_10.0.19041.1_none_74d9909a2f133e3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.19041.1_uk-ua_3b62cb37e40af85a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1023_ar-sa_e22186bcd99c5e74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_termmou.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_730b6f8624f3512a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPStoreLogo.scale-125.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_mdmcxpv6.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_b717e6f2fa1c3208\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-datacollection-adm_31bf3856ad364e35_10.0.19041.1081_none_309fd9c951d17145\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\logo.scale-125_altform-unplated.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-systemreset.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c6bc1952a741c88c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_sysglobl_b03f5f7f11d50a3a_4.0.15805.0_none_2fe56efb7550a3de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_windows-application..haringsvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_75089cbee9925e38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\msil_microsoft.visualbasic.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_8aef14ff0bddae86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-c..dexperiencehost-api_31bf3856ad364e35_10.0.19041.1266_none_3e4a1f32fa3e072c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ime-korean-hanjadic_31bf3856ad364e35_10.0.19041.1_none_bb3f98a8e1d91663\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\x86_regsvcs_b03f5f7f11d50a3a_4.0.15805.0_none_8ce1f3b4679d3a76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\MiguiControls.Resources\v4.0_1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..ker-winrt.resources_31bf3856ad364e35_10.0.19041.1_es-es_b8c7295ca06feb27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-radar-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae638ed60d150e89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_b6c01d1118c7ab06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_52a6881a1d366196\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\http_404.htm	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-1.htm	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credential-manager_31bf3856ad364e35_10.0.19041.1202_none_c656f06e3c8e48a0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_49f783b1f36de27b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..vider-exe.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea5258c68a7f04e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ehstor-api.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d727b43062c6772b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..comserver.resources_31bf3856ad364e35_10.0.19041.1_en-us_8fe49495bfa745bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-propertyui_31bf3856ad364e35_10.0.19041.1266_none_11db9eaf53bdd227\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..lient-wmiv2provider_31bf3856ad364e35_10.0.19041.1_none_b6e04df4280ebfac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_en-us_1380b2c3f88f7a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_system.web.services.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_16ad95db264cc22e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-b..ndactivitymoderator_31bf3856ad364e35_10.0.19041.1_none_959a3e1eebb4b6e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..sreadline.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_178c05b8f743a84b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.19041.906_none_21ab306fb502b2f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-media-audio_31bf3856ad364e35_10.0.19041.264_none_ba249fced4fd8374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\wow64_windows-media-ocr_31bf3856ad364e35_10.0.19041.264_none_edcadf6b3d9a92df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-125_contrast-black.png	VirusShare_1def9a900a56445340184d0403357d4f.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-shell-wallpaper-theme1_31bf3856ad364e35_10.0.19041.1_none_8ccb1090444b78d3\img3.jpg	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devinst-adm.resources_31bf3856ad364e35_10.0.19041.1151_en-us_c5879c35d42cdfbf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_vmconnect.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_376e8047a287bf8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_hyperv-gpupvdev_31bf3856ad364e35_10.0.19041.928_none_15ebb515d8aed922\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_57194a3ae3ef1c18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9fd7db543ea1e83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-schema.resources_31bf3856ad364e35_10.0.19041.1_de-de_c869a372e73f44e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-onecore-winrt-storage_31bf3856ad364e35_10.0.19041.264_none_c21173097c295ccc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_lv-lv_59d6e4ae3c6412d3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..g-onesettingsclient_31bf3856ad364e35_10.0.19041.1081_none_ff08ecda79ec2207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	VirusShare_1def9a900a56445340184d0403357d4f.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe,0"	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open	VirusShare_1def9a900a56445340184d0403357d4f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7VsEs5EZs7IxXFr.exe"	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\DefaultIcon	VirusShare_1def9a900a56445340184d0403357d4f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XMETOVVOBKTPXKF"	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF	VirusShare_1def9a900a56445340184d0403357d4f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\ = "CRYPTED!"	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell\open\command	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XMETOVVOBKTPXKF\shell	VirusShare_1def9a900a56445340184d0403357d4f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	VirusShare_1def9a900a56445340184d0403357d4f.exe

C:\Users\Admin\AppData\Local\Temp\VirusShare_1def9a900a56445340184d0403357d4f.exe
"C:\Users\Admin\AppData\Local\Temp\VirusShare_1def9a900a56445340184d0403357d4f.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
8959273d5e117f3cc25f7717b4f2b0af

SHA1
b9867143eee7b5bdcc330ef86f160420cda52e1c

SHA256
63d09d9cbba093c1b2f462a3b8390f8b8f784bc66b440b640830f2b66192f06c

SHA512
8ae62e0dde04ff720beb095df926856a9e4945f584d736697a0f7868d33f3aa7a902f4ad31621d2f4b52ac329b2f8256dedb8ae5f0b8d8fc94d56d061bb1ac6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
042b1e03885a58c84a0db59c64b50752

SHA1
ab6926c4b1a63bc316b2c50ff415f74033858240

SHA256
31f21f1a5b141b967b4d34325caee29c5c6c3924373195cdf802a2c196455fe9

SHA512
f5784982a0b6e8bcb9dae1582dcaf32ea056ce7c97f77aeaa289073710b990f3f1ae4da3872ab451b1835d32ab212785eec5f7749b83600228ae09f24a8c7fd7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
b182e631b232dc35c60440d68a94a8d7

SHA1
5be1b18dc76b4ff6c729fbe8a70fead028876b94

SHA256
b17aa0b76272962bed99cbeb676fcb31509ee773490bc5512177972391d2f088

SHA512
b327e679844eeb6d8063b1eb9e5f6c63932a1f452e13dd51e232e68243774dad0e27cb7b7a5f1a602e8c35007c0f7a932d9a138c91ee794f4cb7e92af83644ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
15ca41596fa8d4f458801234b54ed7f6

SHA1
0504cc6cf11eb2c6340f52ae0a11824814b6fc4a

SHA256
2720059c9881c7dc69432799efc7998f78b95c139e50c47e4c9ee084635b7205

SHA512
f5e031e179d32f14c8a72b94ce0aada355b73b826ea2d92b8bcf500c452da40e97d8e732aa3b33922f2ffa4fac6e299c577ee91214e893ff305239e5104f8deb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
a38e839663e87600b8a1d17f1d9199bf

SHA1
795fbe91f706beec8c94817cf7608f049cfc0bfb

SHA256
3ae0074bba85147fcac9b3debf6b65afc7a3ef919841259e74b99165a280a4cf

SHA512
aee46924b821ca90feeb6a49f4a6812c220e2042632bfebd3ec9ae6707a5d80b3221736e18531ab555defed3f879465f95a482bb20a80384e31d70815aac9419

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
64ba41bdfaeb8ecf85e11beca4b8aa61

SHA1
b64057665ed02ffd1772c987c57ea5f9451b0d9d

SHA256
999ce205ce116ffdaa79e04f9d97b6e7c0fd9e168c6f3387c31e0ad0f5ac47bc

SHA512
dd7e4c3f47774ed694d4d2f8f313a2873c3e09131b4d267667435a8bb5e48e0f579d3d48fdf02187d823746f9a6ad299e4206e55cb95eb6583a4ab2ae50f9aa4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
f17f743d46fb04395bfd687ff6e8b82f

SHA1
9ded89ed36adc6f5c7a5020d7c4743f755166f65

SHA256
ffe773c925be6e79bb36cded09c7fd8ba32cb626ecb56fbba2924f91d2ae5be1

SHA512
f37f548b8f93ed1ec61baa03ea660c560b89320885e1db9ee34fb86afa8c36ac7910db780254f1afeafd4b0d869fb44e1787eaebe919edc8a33f8a7ca1ce74f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
3d8d2cae0ae72ba437dc3400b53f3bca

SHA1
c7ddda410b4520d9c249618f55ef39db20f0bb98

SHA256
74550b89d6d3da957d070c59e6d4621e3edb1090a7a6f5df215a95fa9cb6ce99

SHA512
2ac0e5df8ae9bd249f886691eb4082048d23bcc69c80e43234766b2abb2c0cbec1410e370edb5c680d4e8f3ebb6710e1e52b7adb551a00e408d5ff58ca0533fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
385bc789fc2373a367f5aee5c9380d1c

SHA1
ee5976149d0dc02b1839f8bdb5a88f4e6d8962a5

SHA256
e29171c1841f64a5346c3ac85761a8888e27e2384585bfc06cec5bc1602f8381

SHA512
e26134a89062df58143a0dab3a2eb92ab8b14ef3d608a7e45bc57e0862513910a756086274f9dda2e9fc539d65bc90839195121e6812a9911d8cce7ec852ad2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
1fd9d19976ef48fe4a9d045fc14eac82

SHA1
1e54877e6b9ada476920457f71737b60a5d7267a

SHA256
3d313534d29d4410fe21a7d883d4b5ed4678ef6b3a2475c0f9e52056e860bfed

SHA512
7c18f068ed2662b18488c60daea9a47eb8aa737571a934b17339d864a31969f9703401d81ef731cf166f82f6cca31ef8cb29cc97455c7d203408b23b9fe222ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
75165ef8f9aca7a3bcf74218705e8d55

SHA1
fceff8c4eda8e951f3be9c7c81e73d56b0b5219d

SHA256
5a150e6a8eab141fd4ad513a10d2e80f0eeb33e75f18a8f08716b371f860c9b8

SHA512
58ef2b54fb65af1f05c650e4adb1615203c6889438653c80170c5e59b0bb68772919a6aed3a60fa4e671755a489b3d94071fbee05da8b408fc1b99353fc7d1a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
205943a56be5764974a3bfa5d9080c86

SHA1
e5a801653ff8785dae7e2dbe61533f76e9b84321

SHA256
5dfe34e6d8d5a30146daedfd6625f84c6ce9280f49fc3f435e360aeff64f97a2

SHA512
9c5f044ffbd4b61e58a54efb8f475950c43d71ade657c8e3932f0bda882dd005901362fdbe59e1988507ece173a7f0da144a4c6767ae03a827f6aa527fe0020e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c285af0b028708240595d22c02a2f501

SHA1
b439b5dd7c7880126abe47f7e03fd973e6504f13

SHA256
5421c0c9f9b1b9d5d0f44fc918720e8109d75ccfeed5973fdb6acae3aa7ca2e6

SHA512
9e8105b99bba3a96c37e92a10e14d06f86aafa0586ed0fe38616ea27585b0f8994fbd1620b29119e12a6043c01c2d16df80f52c74e0c3e1d1290525a24049a4a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
2fbfde800fb156f4803068f309713ea8

SHA1
bfd559b94aea7ed3201dc52562c9a592cebf8a33

SHA256
c4b2852b9bd8808eaa723dfecad269d08aaa6c943ef0f569b0dd70d3f88a2a75

SHA512
f16e82e1078c5810bef829b93b77ec2ab33dfd6cb10219d8824302f1e5c550f08795f1adc2d99f5e9603b4a0977d13788c15301f959e37df10fd1d3b5e3b4f51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a45ad91500f78b8b82a6e71c765ea06f

SHA1
3a1f3204df76e392ce1b5a112c49c181cb218d1a

SHA256
7e5e524cd00e5b51d1eb8af729b88322186c2e17ba611f0301d37577275479e0

SHA512
35afbfd8d95a5169d90cffece386cefd7e1b246a67551f553da047ee77b3b383a9e20cb83d6bd2e286c418a46be2216dea92602cef221521bd6c628d1a6c85f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
724085b877297f1e3920e140bbd23872

SHA1
74606a269e01d4ae5c73d55118e66065241abd62

SHA256
66aae1364af4b4a9638f43e8a4df75f420c5d1c97cd8e86c514f62e2f6657e70

SHA512
abba7afffc91099dfb661ea467555caa1a32763c541edd7d243af0ef7ea964482f0bdd226f6b2bd669836077da51c72725298192b85bd38c4f51edbeece866b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
50ec0c69aa116f5a4e8a5402c2b6def4

SHA1
ef9c3ea6320aac0efcfc44e4a9f155ddac958f99

SHA256
61aa864768f03ff317950c4894accf3c42936bed436159f614dbd34c995c7f38

SHA512
419f5872cc311f788f95d636b73f4074517abf34c5062358dc260787ee062e985d47c68c1ab58d8539882163b970117f5d5c92980bfd49ad923aeb5ad0521dd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
f0b642ec875586d1f0808e0402fb3bcf

SHA1
9dfda98d232023c296be3f2cdbbc7064a615af50

SHA256
a28d825f204ef65da17cd2cca26c435123d15ecf259863c277f7b60868a2cb7e

SHA512
55367e592c5b19e8d7b1e22f2b4df7b96e852e53a7e1265838822e54d90a0222e75f5681251f2e4077700b3467e5a8f6e77b5c1a2b241666b5a1608541a9ebe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
651f1d2cba92dd6aa35bfcd663eb4100

SHA1
cd5f1279799c9414980d7b2a7bdf047f7cf85845

SHA256
5a0daf9ff4ce6a6ae2846ef75c18dae7e45e034ad206bb4f0fe810fcdb7baeaf

SHA512
76fda2228eddf124bc1b532a2450bd5ea85a421a0641fbb84f64a3946fe4f082f7695a15a84067b4e72527546a4f133ec51fa2b9d2dcf4b4cd8bb9c058d1c260

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
ede8137aa89df201e9c2fc974fd73c6c

SHA1
6c32960d3d9800cf295bae6edbc4255372c321f7

SHA256
d302f948530cba5fcac314d8d67fb19f84c3418e00bd7134f95ff0cdeca2a55b

SHA512
7e399df0273273db5219ed53bde437fded339532004519115b9efaf928fc6c5d829b856ac35c0784443be423e7504b39a68f2bfd5dfaf049935d33a2b3b4a4ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
3b99e94a33574c149b905db0a7f46001

SHA1
400e7a63c679d3578f085b4cdf78c98c3db34a22

SHA256
089909a76ce827cbe0e0d91d4ab80151dd72ee4bcee6398750ff91b605e8f22d

SHA512
3d3ab28b42108e40773f9953743cc1adb2ee9ebbfeafcc383ef4f63a3e2cecb7616a3c45124d823661936a40c7ad9e010055f8bee6dfebaf694a8a0bf8897931

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f78a3f712711ba9c1171ca3f872d62ae

SHA1
793598dd1c9c21e7d5f61a130020f6ca4faf0679

SHA256
d5dea754a2410a1dffa1c09fcbfd26fd95df0e98863a4c8c1f058aa434e8b5b9

SHA512
a6ba610c40a8cf16756f31c9d8744ad216dde20a1169d24216816184e59421e721c20861d0788620388485b943a6fd8663fc4cf6fb2b59b5aea13b5f25a6313c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
840d4520913d82c80399e8c39d5b6483

SHA1
93b9015d108d898546ea8b8c4586706d013969a5

SHA256
fe803d64b278be29ef3c719460a30c3d7e92cdf1c9d5004eadce4151ea02b150

SHA512
aa1169a5218e06b03df33e2e422eaf5a6c7369be32e0a32602e73f6b47a7d8055ce71fbfbdaeb5ffeea8e4dfe5054a5626f13b720dc529de21a5411b7e19ef63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
74ac6e5b49de8d550833e4077c6f8786

SHA1
c198cf7e5bc516a3426dfeb3aa4e983114e57c32

SHA256
cb7768c487bdf9222b07e86c8eca1e6c9b28a2100f3ebfdd74bd57efe144471b

SHA512
140a832e957daa1e4ac42b48dd0624212be01a88e260ededbd4b487a2890a65465aa0b17de289679de79a43a8e18d1e4bbffd0ce52d6c075cf22febb192b4b0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
f86fe7f313fd40871c58eccf88cb564b

SHA1
0ded8499044201b4f8c4d7dc4749bae966d86b15

SHA256
7a75edbb227b8530a53e26ea23dfda0166b1443a5f7d81a3c162ac5978bc72e7

SHA512
ef5f0eaef59ad761572c8af4f23c4c755ec427167b085e83d7bab295be43f187b5cb8a935e8da1ab946393f7916862429da773bc4d1f3676044d223f404106c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
1d2f79aead8f2435ab6a35c3e63bf631

SHA1
cee72b13c9e207e0c2c39b04474c8548a1c0d624

SHA256
24fd6bc86510dd0e0d80fd0befb1bfddf5a98db762135844d0880151d5c1c976

SHA512
0de14891a99072494d7be94713fb8cb53ac10cce11363f2c723e94cbce92d70dce8927fb3e5cb20b39a1c7bb4d78acceb9f1675594627c4e3dcc59ec969be304

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
7f3663375cc03a739ae5fa165bd86286

SHA1
792129a7d5bd83e4bc156ad11fe4a4247e7c512b

SHA256
ca2d76e570fb2552bd4e92d63a2d15b9fa3badaa67c6935e6add07dcc369fcb9

SHA512
7e9efcf3d6b543361a1f43b5f8ee95a21fdd1bd41b2c97cfbddfef7745ff8e597e59ce7407ce6b8e331d156f80ad7c610e13ebe38d774afad6ecf3094d78be8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
e8929c3d99b9791c324b04d846cfcc7d

SHA1
f603b547e8848e31d6359d7bc8ca869f2aca1b59

SHA256
f280a72730438196f704f9ff9ec638b2c0be2178c4b544885dd92a89790a1aee

SHA512
7eb6f4fabd2955f41aefffbdce789cc8685e599128968facdb9e6b6ab5f7439f55e71579aeb0d4792a36a44a313549e4768c765b3e926d36630c6e25f285afbf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
876c510fb700e26dcb8c8e54a1aa2e5c

SHA1
dd5eb9d496c6f30bcafe1ed5b02a87a72b48ae17

SHA256
d6d08c9b2e04baa8962cc0a395bfaae93b14df2d57160c91e5d67428c26c65f4

SHA512
02bbf3a0c4566afd8fc26e372e29101db9acf6487530947465bde47b90410e07ca6c909b6c55b1fbd65aa4bd0433f47d2b185d22ca8f061dc5a44c0ee59f1482

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
d541d46f06a69f88885692595d1a996c

SHA1
4b70fc1baad95aaf94c40719847f1697c164e211

SHA256
1d65247b04c2daf6ecabed0eaa30b5c105a85bc9490ec7e9a360c6aaa570a98f

SHA512
f91ce3b64210ea9edc65ac636317f68579a2efb56d34baf8421342c14f07fb1f18765ed2632b75bb0db040d822c2518bdaab24a764a79241540adaf6e844efca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
df7b6d173bbe0f1d70dde8dddace3f0f

SHA1
769ca31f3b88c7769ec75efc55dc71b7dd8744d0

SHA256
08fbfd65eefcfdebf44d7cc565672fbca40515b7f98e938e0c0f3136220e6785

SHA512
b92650e9e40f3209f3987c52ee60ad18f22f7d7d270c6dbb57bdd62cad18838445e6af796dd8f87053ea497321fe5b168dc98c97776f113df11a2b7ced5e3bab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
350b6542a0a77ac461e1f2043bbdc89a

SHA1
a0ac12e8517f28030505848a20b27e84cd0c2125

SHA256
23351b90770adf5b7afb122e043273d348eb36ebf5e41467ea7cc4216b10461e

SHA512
dfc7e8ca0b4e16a3b15b944f127f8a015633b96ce98718a448d25e0d8a7ba7812f7827cc1dd544f9abb9c7072491077a9c8080ef6b969a233bfc8557005cba24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
68ff2a5518cd1139adc9666a0bbbde74

SHA1
c627bcf2f359265d5c479f24a82efa2c173250e7

SHA256
c4ad0c5acdd0319bd7ad1109e4b8260d29137281b2efe33c1bdaaab757c6724f

SHA512
98dbe7565bb81d80d85bcb9d48ff07c5c8e2c6adf69d54d05a107c2a28b7c709c1cf82d15e5f1537fb0dbe9eaa284a2a600c2c1e1200be2e066b29a21a96e138

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b6b6d0f00199b19496fdc267b72d59ef

SHA1
2a8aa96c9b40021937e7543c59840fb64bd281f2

SHA256
9892cca5ac921f8ee65a9d4d6402b4c668c8f3b41973996752e8c03ccc686171

SHA512
8e7a08335748b787eb730cda9fe609d102246d41d67fbcbc056dcf628a95dd8d539b13160890ad4462b64714c2c5f9b6daaf68086e74f04138af9a470817b8a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
3129e98044ed91dbad3665b1fb60c82c

SHA1
b7409c1b785af8f7bcaf356334f0ee5f15a2fd34

SHA256
a7431b80c80f4d2c11f127702ee411a7dd926d08110722354645e8f72adaf257

SHA512
5de54b49c27cca8e382eed927330e416550a7cee0f986ae799aab3cdc3bf002e310b229ea487560b94f93b64205a8faa269c6e8752e2f7f9adb5da30f1983ee5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
9151fa82f8a4e6f73dc34e11689178f2

SHA1
af98400e3ae0216c8c0696beb8890f9c672a0d9e

SHA256
02a90e7e73546816ab9368818141855bb01cbedd9f5403230cecae7f48b9450e

SHA512
600f201fcabf8b19895de3c84a09625f4baaf28a8be46eb02a9673b042e67a2b7c7473e3bdb897f71d25dcecaf5ac4135f8f55ea20b6eab6c32fa0f127dc99c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
ba726c913108ae28f15d7b007ee01850

SHA1
7ca56bb656a01dfe175d7bd5d96f0f72e0440bed

SHA256
3f6234c6b2bc56039c27c172800abb1f628908b18898396bad79262d0822a5ad

SHA512
3c09a14e3061a06f1fb6e487509f4c0f61ccecc68ac2663ca33f5823110b48c89615c579ec2fdf00f2021c356ea97065c0f0e7a8509db35962ddc4de3aed37d9

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
ad38698014f345cd7fdac590abc28d29

SHA1
a027d3d4b52b5368b7f3bd5e2d474dc4113ea22e

SHA256
a9a36d65cffa9f8690131aef60c800ba462db08ed2e0d0176b3324dbd0de6b6e

SHA512
7304f29c2058f5d31114e769517eb13d30de34e6f3a101ab6985dd8f8a2772fb12e96d3d16af64c4c8a252f13e5b2c58dea196075faa9c073ecbf3418e611739

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
6387701fbe1898c05075a93730b640dc

SHA1
f26a214d2728ef18f1b8121ebd0200bd13104137

SHA256
e06b94455815843a9edf0a86e586ded641800b97d8f2449d663984fba32def6c

SHA512
eb447b88454903e1a5f822fe9a0a8b432e362ce01a1a415adeda6957a5b6f62a231ec045b5f0ad6ec254476b01bd18cdc857e74c2e462ca72968b27d34ca3c6b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
041187173a5d7bae3ac8655ffa260dfd

SHA1
6887f27c75256375a3410ecca4bf9a309e57c72a

SHA256
d169dfbbd69fa25effa7b394ced00cb11b16dda6bc5d0c79ad32d5de00d2b1a8

SHA512
07fe89553d1d6e554ea0def34a765eeca213e26b3bb6e2fe2c457104c90f5a37c0cec8fae94979a37510cb6621c08c6d3a9767f7a5d144f3c5a6330d518560a2

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
36750d15e3d899b1322b8575ff9e6b55

SHA1
6a0c5734bfd6d920022898a0bd2761d55eb4279a

SHA256
c893ddb80596a84440ea15e4a26ec714ca98acf44fea46885bdd45d230e287d2

SHA512
e210d38ef8e207c573f9c66a8887610cc647a3fd844f79254d3062d269c0a04a01451b72f6c8d34ee2738e93bebfcf927e093495702a84213c2e9d13c050f954

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
89e553a0f201ee4a5ff48ce86f0cb2a8

SHA1
7a996b5ec989e9c24d3e347a5504d9d44a9f260b

SHA256
f17f738c0a5e6e28c389f458ca7494e6655023d682d00307161785a065a51ba5

SHA512
9302e3bcb1e37d0c2f8ab0ddfae2d435aa3b4b68f4221a4ba57aa7599a8dc8b30b79dda8d7f576bc4ec33a175e31af5a569bf1bf2ca25e8146fae3d643c518b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
dc186360814a0899af7d68ca98934e9c

SHA1
2331a0abc8f1f600cd0d2c40208e0ddee26fbc8d

SHA256
9b374e4d4883beb375369e1387b13f4a9a6a5c12307fcdc6adb83ed3f953818c

SHA512
259ae08abf275083b1e90f8a290f5faf904d7f4cf563c7b3e2ea782a9ba0a262bbe1ebfa78966e16c095193956dd6eef31b7a24787b3122b9e2a025019966ccf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
39da9a2da1d61ca73c04e316d1705ee7

SHA1
a1e2e301b7edab0523a1441e808795f553c82477

SHA256
510a5504e29888bf28a1e96e86a4fd291163eafabc6feeb17d75effb66e79bad

SHA512
417fc71ec650d4bd9e636c160f6ee8e9fad2d886c0eda952caf7b4b88004e41bc6835a8c15c3b779d62995c5f1c85b5dc0e8c6d62059bcb5675b26a68f198b58

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
463c930922139a8cd6a25fe3d3c2dacb

SHA1
a85ee18b6a1163d9d38da875847d8205792ac0da

SHA256
252d422fe8d62a757595a28d0263ef24fdc5e0267658203309a5b982bd52ed28

SHA512
52c425b5c82aed3de32fae640233b01b57439f2d45096699e56131af737bdc1c001ba1a230ffea6b29a1c1222a96322af156ce17919a17a162fb3438dc5b469a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
5f65ceac4b6aa74c44129e081a2cc5d1

SHA1
63d57094d2c44a1549533a7df85fb1de02ee8f67

SHA256
92bc8270de5019599c32c52c2b9218f4e4a184b0de552bb5164ca083a7e16dc2

SHA512
0486c8f313c9a2b1c74efa785e10c6ef5b1cedec22d0cd540ca7d75ff19e04789ac21ae5d264a918416fa228930135143ea258b8d1f8d78e22c2b6f0839c1a94

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
e85ca222c69c0689ffe8d98ec9a0f9fe

SHA1
86f76bf626b4b8a923e3c505028083586c78418e

SHA256
6316411c4d06acb60042882cb60a3b5145d8e92cc5a7ffcae280c421abd561c7

SHA512
0cf5e972e328f4648d6018d16b3a7d641a706483c591468a79d6d909c712bb0e1942d393b891c101246e261bd6bd42ab68b1d45209d7f10230d4efc25998847d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
6e1831570a1c0400c2d710a700d87bc5

SHA1
0f477c2d53ddd56d498018ce5e36681ed2639bde

SHA256
63a74b6e6b938a692e4ad70eb2fb4c5d744d1f3aefde2ac53faeb303c9a38d70

SHA512
64661b2ec9687c51230814f9701fbbb205795f161284ffb9e2a6ca4bf4ff962730ca4c29b6283d5e59455cffe45c4ca27942c9a2bf1082d48d4c03b975485881

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
e528ae09cecf76981657311988535f8c

SHA1
560228be4650211e2cc9c4ebd72493d27c8cfcc7

SHA256
4f6071ed435bd33df9e917f26c918b710bc9f873ab96b68a58fc6014c3001652

SHA512
fe33830457708f13b9211ac7b0f7f654b5c034ef9fefe7e73b5c5ab244ff0af77d539a62e0598135b51dd2e70c356ba83cc1d1fef859e175dfeab8e162d3640c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
6e35b70da9310b86f161ee5013cc5a9b

SHA1
6b687b0bf29bca1e79ada881c626e34e82003be6

SHA256
2888a2ccd488613d7babba6c7d18e26389f7e06c470b55b07d70b7034b228ec3

SHA512
c3c9402078503913050551cb6be70a76e4c85d135dd260c07f3ead6c244e9821f70853e6d40d6b95642ab3405db131428ce3e23626594773ac7e65dd6111c5aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
8d0e573b7fba6dd229e8a444c00fb669

SHA1
87ec664d0a2721ec194488d72e9d0332bdcfda23

SHA256
c2ad98063c37321bd204245cdfd56691bb9ee6ae1cd98388b89fde80d72f954d

SHA512
d239855f619ed509f2529123869b55dd622cec6c5a80d3876c32974008a033f6df92c754a65d9f35769c9324148e36e173b062d99c7209d0c2f0e1c0fd216701

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
d8ad821153bac06e1a092253f7878b40

SHA1
7d186d51b619538497b3f6a8822ccd063d40028a

SHA256
2062590434772eaaa4774c225beba71efd4dd1fc693e03d43b76b4f5ea9049ad

SHA512
cb8b209eb71daea03eca3f8d26fc5e1b82b1dfa8b42b4f83c6b4e6ba7ac80c66ccd11e81e51d07c5ca9586b7e5431f4947b06c5455be42dd2674bfd8c819e429

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
d991d7bd864c80d48e9c412ff0cd4e14

SHA1
c39e52b0d1fedaaafa3c5aeaf15d41d46ba312c6

SHA256
da18c7bcec4f036c796b26fa58677e840e14e6623a2a91b31fde8d8819bc9600

SHA512
5ccf4c5e766a9e0ceba513496ac4c49487b708c6dbaf8cd7b043e93efa4d906dd1f4e3cbc5c9bfe9140fc1c967f671e104ee8d8691938566d0e8e853b7dcf0ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
198bfaf8246ca2424598bb5a00c96009

SHA1
467913c458f5ef448385934b845ce5ffb4f297ed

SHA256
25bef674f5732683fbfd4a2fb7d593a77c8847a0fef01092ee5171f5e5fde202

SHA512
f1aaf9a1e6cabaaa6722d1cae4f9573f16caa41f1d0be09044ce46cc98b31d0e6177a3478a3d7cc64028bf1cdf1cba812f00f079504b6f3d4bf488ab54e0a0e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
244ef3cb26c880d98b0b3820aa937841

SHA1
600974c9c5dd729bd0f5603c7efbf51619eafbcd

SHA256
13b1ad017d8a6190aca500e721d18b58613ff5cdd77287c90df2f4d201a6a5dd

SHA512
d101cfffa7cdaad922019c1db4ec9f7497b2776df904476d426abf4eb0051a147fcadbef1d26622df3ddc7cc4580b5aef4b88af5a85ffe0aafcd462dce26e6eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8d7d4b8236b81e9c6ddb7ce1c647f6f2

SHA1
9372837db89610dca4d286cd4c05dbc27b1502f8

SHA256
41e55bd3931e35a122a21487b927d0d34f586cf4bbb7425e3cda3b8966428047

SHA512
b609336fb1f021551e2b6cb7dafe8715713a2c8d342ed19249c8b2420b920d0791e3a7f3463e451d5536a2e9ab95be2a0bde48d176d85133162ca3f170d60b03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
ae1f265d89927106fc9121fe520acb31

SHA1
97acce1bbc7da712f17338521a4db834075355d1

SHA256
50351407bf263dd920f6cc7c1adcb305b715b7541ccaf746f67baca6327b5505

SHA512
b6018d40a9de10f0d6b38b10d02b4b495187404f92dd00a7537a11a25a1220ef0d0186f22ec5d1504ecf71594bb60b6b9ca8b1bf9d4766d46c606634d6a86104

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
201c84222161608f8b2f2b09f1e8194d

SHA1
61958cabaff3082b1b3a770e73f3865250aaf5c9

SHA256
67b4870e75956db57b37f734222886765dc4c0a87117e7043095802866eca43f

SHA512
2d41d0ce73f71cf272574818b60fb0653a22336a9e22283209c370abeaca45e06d7da35f6f01d17b1e9e6021d69c5a2149491acd7d2d63351da8f080a6e06ee8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
94c5130f09830cf5cceecb8fed62ae52

SHA1
fdbef341e8c1482cef063803a22c0bd9bc5dd7cf

SHA256
505b484fe0578f6d40a9db7d19c7006f8237f8a4c3f26d789bc8d2732601f3e3

SHA512
07f139659ca957712de2fc1e9f6ccf30318407feafcea06f0b31f54afd2416d8f4f6eedade52aa1901791284def6ef65f1329e5456217c77e021466ee687a1a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
5c3ec8d57503d02fce9776efb57216ca

SHA1
11977cb9cbf58aaa348662219e6ea5bdf4e8d3bf

SHA256
4931f625ad400643e36750713e86e573fc3985962c1e164765b04bb39d9e3ca8

SHA512
22300e86b1c665aa07ddf504a4a30c7967fe5893a2c40fe27c42d57548786a6af728a214f25198f83e4d8c867d847c2df89c7b84a4bcb9d7a5036a50fc3aac54

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
f58310b3d5a9980169cd0d852d8a7ace

SHA1
adab9f892c8cb1c80d4ff29e75067b55da0ff1c9

SHA256
2206f9931b7751cde894fd53cccf18086adb221eba7d66e29ceee0d8419a29cc

SHA512
22288a551e761ed29a93967952fe198f87a7111ba80f6086068915c093a52e2afad1126a4575d2a97121083fb07b1daa772f97374b511fa6851bafcce034a111

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
6dc57afd049d4311ad28d758ccbe1283

SHA1
852413119bf9982fe7c63b3544b9289a1e6b3df5

SHA256
4f7d7cbcdb79b89e30723dd33a4431d021a231e79ebd32b54a44938153643773

SHA512
abeebb7e271ace1b99d1ce234a21726b65c28e88d41c8d307ad35e4333ce2060e60a8e88b826ea0f7257cb16efa445b5f9c9fe2ecd1a83c4de01de50ee45c374

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ead8cdeaae8ce8c7da84198fd3edcaea

SHA1
4a9a3a326d36e077682096e8b3ade73d5474fbee

SHA256
5bd8f6d1acf2ca9aaae17ee9e78608a5693c40a59953bb10e886eb9c51dbfff9

SHA512
9e8530c68d733b67511e7080f5743a07c053edc09fae6b77b241feb07b1c5a85eec6626a166a35437bfffa6fe97e4b60933b0df4d7844f8549b9d1857fa6fc42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
1ffa87ee79a8030c146e34766d5f61d9

SHA1
513b4adb1217a84ba9e05b608fdeb2d19379604a

SHA256
d611129a70041b52b77b176d8d5656644d108c3750febbf3038ef5423929a1b7

SHA512
aa246a6b956fdf3ed913bd4a62c5ce4838682b0135132f8544c684d79f99851442092967adb0c248fcd497ef64423ce350b21756adc231b43032acb6819d2860

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
6dad8a7730b7e6c18becad3dbd31169f

SHA1
57150b3e3d6b2d2814e3f4b51464938cf12dc330

SHA256
47aea3b248117a70d259982ca5888170be324b7e240b395e142039eeb1436505

SHA512
9ab49c90a59b840c493c832cf0060f2c7c9914dded9100934ff42c10773f6401bfdc64aa2b2194d6f77b2d2d74d9eaaffad173d0af94351cfeb1bee7d6bc4a15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
4d0e72ceb8b57676e8dfe68466aa7805

SHA1
55bf954358ea9925a99f49ff08f2b807f0061488

SHA256
bafec9e22365963409ffc4001fe92cf918cc929ab0bc43b042498f09a680c521

SHA512
652487a5c9a2d141ec9eb687886f6d347cd6f60aff00ede117c7775b41633f59312829d8d48006621d45f00dce08fbb7a919b3214b8d6aa5bb4eba839d39d39b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
0d58fad9d0bd30e4c3fa81af40833e00

SHA1
82c7331b010cdd87be439f40097df00fbde83362

SHA256
5d42ac59470e8b1c049094cd6556eb6eeeeba1c36e8cd98c4dc233f28f8b51e7

SHA512
148609760c8b0e3f7377d92f64f1dad909fb147f4e6d8519edf5a0a0ae870316de17967ae18021609f79010944d939f9b119fc8c6d3dbbee45dc5bed399a27c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
f572ce4047db8c4453d329efdf30db12

SHA1
fc7b77ba95b6630cae75bb9f30b7113c701f6adb

SHA256
7ec834185e7803cca88c0c72645916c426205fae04b933f1aff92ca3417e4c18

SHA512
e56563de8bcddd89dd5b3aa83a0ea5eb778e11d6be905ba056f6b52eb94bf3fefafacf8bb2c1f10da62caa39e514557c4d6b5820028b92a87e505e34a08065e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
45bf415929f0df76e521eb114b67cec5

SHA1
5fc9a322689ed2461142d3af6d5c764cd82d5bb0

SHA256
cfd227f62b87147244a01f7c798c745b3facc7b8f2cbb50a708ebf036a7caed8

SHA512
3a819f4139869da477bc0514decd033476ae2c18ee565d3fd05acf06db23454d69776d4ea4dcbe6562b1f098634cc7e2f73ce15bed0b1b525a440828cb00c817

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
d9fc4ce4cbbf355eadb7debb61c8176c

SHA1
5e027f6110025496004f559ad6356c2d506e8101

SHA256
019dfeb236b8e39d10efad00600ea340de1eec1550d7bc04016467a368833fa8

SHA512
b38aec7a967bf05359e1fe40679c4c5dea07728e8aaef572624b357155db056bc2da3dafe5a4e59d321b7b626393e9442a0b04ccbc0e59e065248e7d4ef960a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
631656c53f71cc77a0792c7648bd8aa0

SHA1
8c89e72037579eaefdb22aed3efd6c347060d427

SHA256
8f68634444e17e74e80a229f17473a3aa5d17194475b93236b3ef0eea67a3e80

SHA512
fa7f6bc2db4be07f9ec8dd1bd39f391c7ef52c5583932dc646690a98a35f2fa552c8ae3d810d6f8fac9be79259007b19f2d853471d37c8671bb0a37de326a410

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
e7290bf6d015c2706578f057c383f30f

SHA1
4be2e6f7c4437edd1d4fb55bab7af59be3b14314

SHA256
5574daaf4aed58541822ef9ed59f89412056305406bdc2eb1b108ff066654f72

SHA512
5df22daac4b5a31de9a52a6f39e22128c71b03864d6b9961d1033a35586ca24a613dfa31ecc56aa4c01a0b6465eca9e99b047f9dc5462f22c2adcbc3a0d4a484

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
244a1d291a2912f55568edd46d5a9616

SHA1
d1467b822bccc2d21f0767fb66b2f10872feff8c

SHA256
2a345f36af06d6d92385ca1e3df474ffb8f486c6e3c88c910ead1acc9b056f6c

SHA512
2a7e758a7cdf10674f5673b9d8e6bbc768924b83a2a6330bb036f204f84b5c8a9656a7788bbeeb4b64164d889b17898bf37878f7c209ce71e360936112bc7b50

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2a188a184941ad292794c7cf3850e5e3

SHA1
f96354c6361e6117ca38a7d1c4e1e5fccb66818a

SHA256
d7c0ef87486416e1eaf315a618ef0caf5ec60ae187b58a0980a2ad558335b3a2

SHA512
99fc3e8c4f9b76bae81fa19ce94de11723b886878988cbc5fece07e2020edf6a26030ac4c3a2eed41a08586b6fc531cd568c4596239c7e71f354230988860f18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
7e16c02905152234111347d27c73a638

SHA1
4a5391dade9fa6d0838bf1cbf73f51043885fed1

SHA256
7dd167e1ecf819a65dd28f9ca872d74f4fc0050c06e5186a0f6705a94e829185

SHA512
faed10af3df149a1cb8fff722f167d7c1ebbb006eecf61e6b62b8b4991224ee63d13ceadf30053cb3bcdf808a13002c0548693ee174600bb55e9d2c24d4ccda6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
584b4728592afffbf4c1fc5e532790b0

SHA1
d414a37a712086c99e7198192c7d43a0fca99427

SHA256
50e09b4a5313923a972fb3dbb211fbb505a95cb9ec9ec55343e61a31d2c6cf97

SHA512
ae647ca95cf230cfe8b91986d82a56fc51490141f47edd54b9408748832eccad84c5f59241b95219845f5dd821cf9aceff75a045161cc40be4f0c17dabed1f80

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
62df17a167b4bf23f46bdcfd381703e3

SHA1
ccd825502c869b372af9d9968b443feb84f0fb8b

SHA256
d52df7fbaedc23c05a048945fe100b02ba7ade4c39118013e4c63fa3854b4f88

SHA512
21f09861afaf3ec4e89c869ffb973dc78734713bb7553521987d339658b5d25a169d0e65c135789e0ebb8f4ec61a80bfa5fb70cc31af5c702da9f702aa195660

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596438811717470.txt

Filesize
77KB

MD5
345d6da3a0e36e7a47fe19125a611972

SHA1
ef08eee5df07600346d5ea7558ea7fe1faff9b16

SHA256
f445a16dafeb001d6c57682b01513abcd5a88f397db406a4a73d3c5758b1d085

SHA512
435bfdc95f3ed157cd756956e96bcc9c3051281c7ce00f69627eb3b707507f462844544600a6065fc85d5bcd80752750dae3233294ff6b14b8f3715cc28dd07e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596439372677212.txt

Filesize
48KB

MD5
d99381f04b1b7634024b7865953bf7ea

SHA1
6be8c9e527f78fd84e0032196eb3757df4dcbbe7

SHA256
f64902d6aab1597aa31a7f75a065f231ceb9e3b42b04c2d4803219e4d56e628e

SHA512
b01d8e8b9a7b6990b2a8e26b093527c810708ef944feccffa3f27da5067c4a126c17feb60bc9ec2ed3436e0e070b7fff1d831603ea454cacb511d1b88ba6a235

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596446339488261.txt

Filesize
63KB

MD5
91df82f595c67fa82e16f5928dbcced7

SHA1
e835ca14ecbaf94afb1f78210fa7e29a7a82eeae

SHA256
ed1ced6733084fb99b8cce0d3ccb9d7224f5bfd5cbd4b679340cbdedf79b0b1c

SHA512
d6dde0e795b9814f6ec5e75a1daf60a12db30b43d04886880139e972e0745f1ed3669b89bdfa74ed87d4960741f1c16db671ec108dd2471de8b896690f6eb49e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596449526171674.txt

Filesize
75KB

MD5
d3b73629cab0ef3960c761ff8c56eab2

SHA1
c24d75dcb1d32b511b88cf1998dbf215c4181d51

SHA256
6d3a06546ec9f61d152dfdd5a06bbc56dfc602d371ce0ae25687a68972e174ae

SHA512
9d25c5d9060db2cec534aa3cb484bbc536a609b2bae6e7eab6e2d6926ffbd5cad76b90ec92ca3c55bf122738f5222022e79650eba2aecfe7de31238b816b150e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
4c71d258e13eac6c3c78e77a8dae439e

SHA1
b8707ee34ca3b44d82a076683d1b06bb58f742c7

SHA256
9f359c6ae7d50fa19ed6f6fafbc73c7d6645b643619a2454b5dbfa4824b56620

SHA512
cac2f7bbda601d7afc249f080959b72a1c20c1aa9e61ba7185ebd461eae1de17007f5314b9ac79946816331a6a26e53ec99589cfa41653007f85e91cdbf6d08c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
d1ce16e75fcab34a2faebc900607d3d3

SHA1
9e0b28f2a0e835f2d0b543c21514da0cec4c81c4

SHA256
fe38cd5159ee073790dc8d05db2c967a7c5889faf95e50955e240cd5635be466

SHA512
387bdba89d8c677c842a403af408430bf34e50e106af7049311c075f0c0794e52b641c73d5d1ad696c311267c078e7347e8a96da6d0f7a70991589b3578c422d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
d07eb0e7262036f19b47fa613e316676

SHA1
9107a63e473e17135219740cd892314096602990

SHA256
463223dd53547e73d7f09aed6f9b60cfa673374e124ca04d81429d6554116778

SHA512
dcf3bd198ac537bb38d8556e55a5fa7e0d93f0c1dfcdc510d5c48f0a4be633f0fd1ff3d3f8a18913656c158212a15c8b8d6606eba47c6c1bb900f092b22045ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
8f79d1e35ce5cfc14fd391c03ea15e97

SHA1
f24142c6ec6935e41fd92e7a15d22b08245106f3

SHA256
c4e5473cb713441511e5efb2698d80fa7b2c2d81a2a0dde01cf7db6cf1d12b40

SHA512
553b446e6fb9a11bee9dc97b9864901745d13c287a2f4d3a87cea0060d0cf55dafc89d7f04402b8cd90e0142276048d690f9e74749e1b77e0e3cde75b59b6195

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
12ea42738126795963bc7aa7b3383d78

SHA1
66b2363ade09ddb58c4054b714c84a2a7195d6b7

SHA256
1562cc360f0c333cf3eccf51f54aa64f1393af43d337d61bc0401dbd1803c860

SHA512
96162a9dc84d5775150d1432f3103644d321e35b82a747a04fa38e901c41ce28df66e9e62e9eaffe7c6c5675abdee6c44dbd3d54e53a08a819fbd21709545074

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
86977fa5d3038115ab6de011f6a0a992

SHA1
a9d15953fdc53042f82237e89c9f976efed7b58f

SHA256
d6af938f6184bb8593dde6a710d5c56e49616f26f2c6d546d6034ff149bab235

SHA512
cdcacc596538d39fb0a9e28fe03a4777d4d63501325fdbc0505cd959579dfc2011cbe4fde170873c1aec4e0f432b464a95f4c34200450de3b8d119869ffe0b2c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7ce6f821f89acc23fbbcd026a82074d4

SHA1
57e888eaaafb0500177c2d16fb64a06808cc959e

SHA256
eee27afc6da772df868b9045d918d1854f6fe4149ff8073eaabb5fe872132088

SHA512
818c4b0db894aebd4f952a138e05842ca8ad13b294e3f9a3cd1066f2f87bb2fc9b72161a46dc22a66e4dc67dd852f55686a5412d281dde8593f10b391c9e93d9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f51e69d46729469a8a31e24aeabde7bc

SHA1
a6abcada61589235ff3534a14afcfa5076e7ccfb

SHA256
3701f17832ff3ecf2f6c55b51d19e2725cd992236bf73f2acef79b928207b10c

SHA512
8ac5dbe51cc51b3acb058089bcbf8d3e254a51c74c3c15936cfffed191ec97d908f795214ce9956c6411f08a1e8b7dd492337ad6e1c3e8361ae9e921e5cfd6d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
55ffce0b5cb2b2b7083d8b3105dbc306

SHA1
6a017e807138d3f490ad11c5dc3c88431225fcd9

SHA256
740529b1e69b8919404ef1e344cab0ccae2743fa6525ed7449c6cc01d67f8340

SHA512
c1e5c0fc197f409047ad0b7e0349962256bf8224a154d1f1926187f6237fa1cde8b9adc8d8c642f064a0afe734c4d9055ab933712ff185c7feb4026422932c83

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
bdf66f52493bc4b807458fae81e5f580

SHA1
7fd249a9b9c53dcdc058a663d604b9788da3a8bf

SHA256
e99a8f816dfb5e75742ab50e92f91aa62c831bdde6ec8798f4cfeadb4141726d

SHA512
49fe52dc12b0e4b6b3a57aefe0992accffea8700c9c6a28bd899211406bb560f2428ceebbbb0f30fa824de4938f836335723f36e21d5c3a18501dc6c67026858

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
bec22784013741d009e4ecc61aaa304b

SHA1
94982f3bb8d7652a03c4f96427456a819376929b

SHA256
1ed8899c0a352eea3083645e093d4e3a94a9e8af51209b538e3caa4f4449c754

SHA512
829b55f5b4841b883f40bb4cd738f1a021673109164b44571215f930290446c9ca854ffb7ec268363091650d8f75eec65864c184ddfa5e16be3d244929b5c80a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
eeb13368e3d9e096287283e30e7af3f3

SHA1
4853e77ab53cf90a6eaac6f39bb18e0c36305c05

SHA256
e74723a1e7e5446b24d34fafc71699a2794e667c8040862c4c8eeb00767278da

SHA512
59b413cf110c523e5d6cce982308f4192ea080249b25d6aa961b6cf1786cc89ca98c58d55ac29a98dbbec59ff1c25bdcd3c0ed5669631ccdc8b6a2f8d79a64d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
2051209da422ac054c75d22f79f7058f

SHA1
5010d680d748870383277dbd8060a7f7843554e0

SHA256
f139decf4fe365b089dd693354aa903ca08ca8da1da707701594729984c02dac

SHA512
392cb115d62cd15554bfd9daf3ea4940593f7d8c27d7db3940c5815039ad07781da1e96cfcf7d06e9b8cdfd054b23746f02707cd0e38190062a94dfbb1b575cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
4bce4ae8032505d3c8de0a328e1f4f42

SHA1
c8cfa9522a35d93431328cc7da0d9dcf390c61e5

SHA256
bbeb46a5c425cf151bef674f07299356b7b6a85f7b5a1669a25e3672f24ca020

SHA512
4c7efdd9316f99030de2b7864ebd7b932b1b2766c2b4bd853a25efcd2f479773ca879e22bd3aff4a024c217d0e2c8fdcf2283b5c9c8cf1482e65dc5d19ccdf13

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ec83760e86ce100481ea880bed7fbc18

SHA1
a88c68445af8bb454578e4263d15f49c80de1032

SHA256
1f0ca1fd7e43590abe53011c24fbaf0673b72a7b940b9faf25001658a8b6ab3d

SHA512
24316baac3a451744c574c5b7239d290bf032bb35d85fdbdc98df4d70a562b5d5209db25fb0b17bc123942259075db2041d6f88282eb1e35fd5152523b7ca8d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f5b296f9bc15d42eb4a7a61dffab2a21

SHA1
9651658dcbdb44f6509170fc03d97c5195e6aecb

SHA256
076b24c36d58481085271a751507271e4538fd6ff684cbf7c00531456cf3f6a3

SHA512
d39519a0fa236b9b093edbb8b7a7da31cd75d76c5640bd62b52bfa55bd9ae83aab0a9dff85d52a88ea463248e4b533613e0e67dc58ff78d1ac8a63b59646793e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
97f9e5804c5befe1813517221d0b2339

SHA1
f02c16e4402d05b68a4028c458c76d1d55e99fe7

SHA256
a65afaeac6ecc1463e2f0045f6247317e9f785a0a8751645309253972738ea7e

SHA512
5cc3d20f35dc04dc30686f6f8aacd8a8188a9951fe8f3e0ea970e05aa91e08f902200560655cb93655b8d2c877b4bf9c2016015ab659ddc6dd9d1b10292f2c39

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
3c92ac51a1853ed7b0d6db95f6bde542

SHA1
bfa168944b10514042726ca20253fecb8ba57198

SHA256
fa7637e6c57ef32e478629498950358dca72f46aed7e8189c6f6d730b5218a8c

SHA512
d1c7dfc40b57b10cc24f5e87a01b7429fb99cdf2dceba87d9d398b7c411eac4eb4fe7e5ccb9a42e549089b098f5aa3222390189c96700e222ac3b1d266cbfd47

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
0bb0c3826c50e5c7e3019f4d7bf0f37d

SHA1
098f63601d52c19271483a3abbd35bc53fceeb1e

SHA256
079ade77730a264451dfc281bd9e7e0b5ecd0631368b91ee77ff761fb8365878

SHA512
2fd0a27276e08d4b9987fd67b29a98422fa25cb6e7aaf56a74b1b632555abb6ecc8a2621dc0e5e542e1b119a83b94473ab90cdae15215851d12abdcb0a0725b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
46b07866399413cd1605e062d3c924c7

SHA1
9fa23d6b0491b852c9e9c7e6076ef7cb1fe4c50a

SHA256
dc574f711ed870bb91ac4c01f3ad8e5bc3b25303984b30b585b53cd22d622c76

SHA512
ea8f0094760de947a2201ecf2fe342470ab6c6900df01177ff7545f0a5aa90f35ff7fdd30277e86786f006bbb10bb9ab4f5411bb6ecc3b4f28cc6bf2f923772e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
6c1d18e1827e7b8362909a55b024fe1e

SHA1
bbb26fee22ebe29a2ca2a4807da48ea67a91db00

SHA256
0c572e08321080ec1e7634ee801c541b422ff231a75afd5544b5efb0ebc23ebf

SHA512
9220567502b27ae2cbf4f30c36619cab1310502172c190568a5f833b78c4d49536fa51c3cb2ba3e5588d20785e01a3afddf635dbc8e38d459c98aac0684c34bd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
06af3ca34403c04cd0054eb4cd988f76

SHA1
641f551a3afce6bd17cafcce5da05f22b325a7e6

SHA256
54e28610f2ebbaee8ab5da9ef4095179b5f99f40deb1ccac130771c18a1e4bc5

SHA512
e3296cbf18ceb422779b1a041ba876ebcb35ab4cd6b660113e08e1d623fe6d2f3e51801dbcb4a9a8e80cb9c77b140e18b46be61a53543ad6068218892fd0c288

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a121d070595c52321aca83f4d78de991

SHA1
8354a878eaa2875631c46a29520e998a0a42e9ab

SHA256
b067a9ecb37bcb0d1c8b15c2f47631f57bebecfe6c44be690820c6a6749e8db9

SHA512
636da7910af61246e9b71495d45b16aa0cda711e8bd71dcd9785c946610575bfabbb7f92fce5fe09f0f1acc3536082aa498a62a4b7d07b7d4253ad8246914cd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
a68ab3c98d11b7a97661a7c0ef7fc6e5

SHA1
98ebc82c0bbe3cff459b17aeb86c1148b6c770c0

SHA256
a10e84f38e8f966f5349d63cab1875c66cda5429d4fd92549c1e1a02fd7fc245

SHA512
52ba91899e8cc19c67da4ec782ade5c50af9fa78ea0d04eb77e443928b3bbcf594dc19c9502e68bd2501a89a3d496f5a359a3f9fa135775da95c2715f69ee723

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
0f922963e44b68e5dc57ba68749f03a9

SHA1
ebeadf493d30e436fd5503d9846eaa2f5f8c3b03

SHA256
f5cab3a2d98903d3cf9b037cd50e959578b4f813e94e472f6cee45997160e1d6

SHA512
c8124c67cc41d6b6abe92eedc8fc74297aa47dfb266503ace5a721d37fd9646a0dc95cc51e0ad2fca916c94cf77484583dfcd2d89bbd0be5d6cf54fd4b7002e6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
da41bd6ebe488d4ca7e0ec8c63ce5a75

SHA1
de023ce3bf9ddfbeab236f9dab03eb3a2010c9f5

SHA256
1204e08d9bf47c832019c3b2406dcf2b9d990c4a96f2a37c5b9a446229ab87e8

SHA512
020de78b1bb2ae8a21d048423135de66e120d98187d54d2ec460db0e575aa2fc06fd6dc416fe32aa5c696706186282fe39e574a495ee0ce3f05b4763ff5e7d63

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e648e0e53b463e313eac89eb931416bf

SHA1
b7f2494ef397269883f0c077ca292e7b09ea7afa

SHA256
42a1fef2b0e8f9edaf3edb306e017284a9c95b8587c2951ca381556c796dcf71

SHA512
27fee629096884058e6a5408da3a512c795694e0d865f6fa5521349d837a6c20d7b0b6ad937f8faa2a5e90ce8686d248a37e413ad50d7adbbeda78aade5c59ea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
adc30b8b7f62019ab4f75c6778c4aa39

SHA1
cef5f4306ff4d007e7e8640a9ca289fc422d007f

SHA256
7c8a07aeda6e2f2033390b32f14a3d9cb465fc113fc5e3c518918e3ad509d84d

SHA512
b948465bd2ccb75c3975b7ed8260195e180a5893f1f0a4d3d387062fa5ef9bdced7dca5ab926a0164b4af3bbcb8d57dc1cc641476470e814d4a2109251c7fdb8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
43e7c0de09a2b5bc73464b71531aa910

SHA1
a50c53740666e292fb017da77cf3beb5dc6e4f29

SHA256
304eb159f176e00f0da6b93b0c4dffc212e0dfa2748046c684f71af354425cc5

SHA512
c978ecea83a4f53461c990d53aa8b79b68879a8a74d4fc04182eae3764b295aac17f03112a6e663440d239631827370aae3126a61286c68e84a34739d902b557

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
9883f8ce8be2b49cf0ef9aff7cfd95f9

SHA1
289f424fd050b166e8c6857f55a0814e06c77c6c

SHA256
c8750daf33af68f414d4fa78544ab8477c3718b02aca863388bd854fc5028893

SHA512
31c95cb5e182ed37c0547799bfa20342e36f8b981bba6abbc03aa07af465fe927aab3095fb09c75da07458ba0d3937f99fbb08b922d966c1c4bc8ee4c3fceea4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
a95ac54e43d5915c99b48ea665675728

SHA1
1c5e60af6391ae6e683db1eb82a67832070db93b

SHA256
e78995583fa7a2aefbb5e7d5857b1dbd42afb91f1a35b6dbefa770d3b118db2f

SHA512
18661b4fe99b90bf6a910c28f1c18eaf57d82ef38c0c2d64845e2c9ca84fbbf7f5ef646871725609dc346cc0989edd6992845a7570bcc7d7bfa471701a6263ef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
b914d0cdd14af538c8ac07f0b2ade06a

SHA1
1b7227ad5d31c55d1271bbbdf20b4cc4f8d67d58

SHA256
d7b7730fabd19172cec1441d84a136f711e8ebaf3626bd44f0e51423eef068ac

SHA512
10ba9c7685d0a024ff74e94b9455dceafdd5d66b468952d8ff97df64b7059d037d0b396b33011c7be8cd61a4c7e94f8fdf1dc0566d541b3c491e2a43fc78b8bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
f4fc407d614f0b81d15199294278d66a

SHA1
8b2987801c61f28c5da8869e1d28b93798e848e7

SHA256
72460c5c725c431029048fa0e595e69ffcd212f4d3a85a4c4ffaefaa0be947a7

SHA512
00324a013ed67f43479cf75cf62150717018f016878068dfc73ef0c6cae0d0de752fccf176a6756aa64d24c970dbc28a875aedc93f9561839a0087918dd5c8ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
0910add48addb879fa27ba7139045d86

SHA1
c47d80605267f7ab5e53c0cdad9b603fcf361d47

SHA256
3e57b5627d5140cf7ba3d700b72a53d526677395ab09007d1782c61b2c2177c9

SHA512
d5924106b66cfc5b2ee7a646d4cedaa8632ab2f3838095834e6370b63425021a3ee4d98898dcb291ae3388f4b57f634d298d213aeb25a79721d83599be9bb132

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
46938454e03151852ec1610e0059c7b8

SHA1
b185ce2780fcc8a901f2daa8b21af00474dfdb66

SHA256
38fd7c90292681685148d4c3cdc4d0cc412925395b9475fecc6e83b083de8347

SHA512
1da8b8f63feb9a48769a915ccd76178f200bac4f6ed2e051484773353b659567f930f0b716fb84667c88c7690ecd53325b98f7f98e4f8c310d2adfadd438c8a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
438982d0113ffeb8887c717d0bad5a74

SHA1
21ea5d4371100a0a1c70b3be9f1c959d837a6b0b

SHA256
03d47a19ce6e815a07c011546ba26f666d06c73c95f2bdaa645ad8d8fee091c0

SHA512
71eadf15a36021b00e4998005b2f9c6991359cab25dc19982165063f6d054afd033e239d5bb8a97229a99ece282d17a4d36effcbb8a0598fd45f5dbfa653c98e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
dda8a173f0aa2924e8a6d5cab310769d

SHA1
31cc455e03b09255c1a46add4c66e07564a15473

SHA256
fb325f802b128fbec9a19129b5b86c88db23c837ca01af7c84099d4844e7dd9f

SHA512
c82c5794ecd381dfad412f1251799999bea98d45fa7184b7ec4147110cc16a3df09caa52b1768a78fa2171fd826295b9fabfc0760287aed1dff43b4cb35ce9dd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
9a92a1981f8309d139a773655d41580a

SHA1
53e990ee8e8fb2e5a0da48020399d1ceb636ca1a

SHA256
15b5ead7805e851f0caa2b39c537da5e6bbbe6b3d2c5a9a76a13d227bc2779c3

SHA512
73bbe4bdce921fccc531f0486e6f60cbd2fb18e79a1625054e0e1993cb515196a825a4c645980cfe1c15ca68e9b8ff29b5b94d6d2eca0241429c4e32e80e3897

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
e2911b4cdb7591e5fb893e37cce7ca82

SHA1
e813726f91fd4c8c7d6be10e4d438f4a7870e3b9

SHA256
64e6bc914795005ae33fcc7b029ec4973224d8da4ab1a0c08f04703882dfc480

SHA512
f7d3caa04505bb854df3603768268754c7500c2968fbb6e35eb74d7578b0e7730875f18a21a33f732221e472867efa6f9c633e16e8b2a5cb7819a1ecd3f6560c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
49c348d273c56b9925582ef8460b485b

SHA1
7aefb77d78fc3dcdec5653ec9db33bf08851900b

SHA256
f66a6eaabe2e11e16ad1771e626402dca54983940a2d1bc83dc4f615ac2857ac

SHA512
00318341529e577a4a66724e9e1c6c9aefaee1c7a60aa0d834283acce754ba921f08e1c0db52540d45d75b21db2b12b8f558e016c98831dc99ecbc9a7129ac0c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
d588c34e9a8c5f75bf5a63d32f8d3378

SHA1
d16bd2d58195f7855dea814928509170ced63128

SHA256
ad1d6b0781b9021d388d17f32de07e1b03d9b59743ac30f8eb8a32507e454b51

SHA512
7a226faba32c3a62e46cf5e2215dbb2dcf7cb4292d36aa939187f2827b25e0019692aebe0bfb1fd6d497956c9b19b3688686ccbfbd36becd019d7b1340676043

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
e43701b1ed4835a156bcb3608e2686fb

SHA1
4f2e35d494890c65590cfc052ed902c394e31cb7

SHA256
f0491edc4ecd0f017c71ec5ba3ee74673740954e03270f367f447a5250e77c30

SHA512
abf44c7f9877c5a310ba4622648fef403d3edf0081bf588ae5c5648f06624598eb4a725566bc5bb4aa76e8286a369f2e1d54148b3b33c28781b4212780428f98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f3c49881734d7a398e72723a84712186

SHA1
3aedb4c1eaf5205609d1fd21ad0a0ef8dc9737c4

SHA256
ecdc027dca15ec1da61607e723d240de50accfbf33795e3dd97df48dedcf43f3

SHA512
f791935387e8c9e274e4982296823cec91e574bfec412244cddca9a6aba2705585dc872027dccf6a8ba9338118c9727f61e4a2ce35c6bb4ce6cd31f2155b097e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
fa2d67753aa141c0cba9c48a2de92a41

SHA1
b7ca97fecf7a4b776d6433b727742ac31427b057

SHA256
a5798aec6357196d61692e71a15795d1363e00dc8c97a293c225a6cc171d6861

SHA512
11d0039528efa6d529b67b31c9f26b8e575a4b7e0693172661c0413d861094e63868f6edec89ce55f00371caf001bca881999bc27b9af941f9eccc1087bc0e59

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
44be5992948dc09c020365e92136b120

SHA1
6161e9b8113f60d03a9001a0b50edca6f2b31f35

SHA256
3e63fd43638709560fc22b09328ddf87c6f855d8ded2900366e728823716b549

SHA512
df662672ab45f7482b71677ba0695c061188da66a2b1354864d54d7cd8e916e831e25bed43b5127299dd14ab898bc7d545b1db6f4ae50976d3cb35bd5335ec7d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
b4121884cb8eef8cfba61ee8d1508487

SHA1
16f9d01029a5cae66b4a25eefdb88ee4a585c79f

SHA256
87ce4764725107e0aba60e17d0671d18337bd7346fa8b2aaadffcfc154c1da4c

SHA512
cfb76bb6fc2240e287c0e0d92a17f7cb0a3c8e8b85a403e8a05ebfacbb2a0abc663d62525c8683fb8b5ee1df5a16f2011ea1495c774fd2865876a9d610059ad2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
071442973c9b06f117a0cc8fef6df98c

SHA1
f941103acd1969b80e7138def18be34bc3344c83

SHA256
c9b5177803f5fb9d534fff2f26873293bc17e90904065eb64a4d2888bf30148c

SHA512
5fcf636f8dcff60cfe09b60228bdf42035f9163b84a029ea0ce18511697a5397eab66170b1f6905ffae6e6b080623755cb275af1fb54cba9649a263cb9509a0e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
f2a026b09e380fd5d08d0c97f7e759b1

SHA1
5c3c6d9e5f292da5665bd067a79a6eb49033d672

SHA256
38bb4f3112f5be079af893655e035bb6a08b1906854dad991f4159fb8d3a1221

SHA512
7eaa3f21d0ad9130d442e4f9f398816ed8a2f360cd440175baf340d2db8f11e1afc67f7e7f75155152488ceec1289bc17a42f5d0d5f2f28fe491a3828a9fee06

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
5ea21bf2c5d7f5abe796b2a26f38a7e2

SHA1
2a79ff39699b0865f21cd43a50d0a389cc392ee6

SHA256
fc50238cf5e3f71adc95a75032e4da7c8bcce23a3c3574b6382ca25446dba888

SHA512
e90a20acd921be523df8e1cf453c7dfc2b1d2fc3bae4d3d832de2ff3bc990c0ca37c62c88111ca1382741a08962cc22b37fe0cc291dcc2c538e30ef902b5050b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
9609d624a466782f6aa0c7f72febf4e2

SHA1
541cd49ae35a17dd6cbde9c30464fbe93c1d6309

SHA256
a4ad2c1bbf689c486d2190a122acfe93bda4bd047d23cc93ee4df2aa9261c0c5

SHA512
bdf9619e18c5234d5d12d8ca250965e27ebf0f8a53eae655e2e731a606939b8624231348e0940165f85fa0031c7e4a21fbaa122b9b86dcef4e6ebc26c4c65121

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
833bf65a0782f5bda1c53e1a0711a26f

SHA1
c23f83d7c6da946db19d029ad3990891f69b7d31

SHA256
5ebcf8b0c203d7bd356bf39d545cb16d49c439ad11e501729543d79c2721e730

SHA512
c48119841294f7b2e1328435707fe6a18611bc34c63e79874c249f780d9190ee7a2c51624a364ccfd27c30e412e50e0d99eee65bea5cf2e42a8ccb41c6e6fd73

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3157d90cf301ebe9d3a0408e0ab45e29

SHA1
d7dd0fba7d9a24bed2d2048b6393c33cc850523b

SHA256
b95782ff82d3822c06b14dbd1277ff52db64ac8431a4364a64af53f883ef471e

SHA512
1ed0cac207432ebd15dd774bc94a4b2fa17be8c4ec8ff423d86740700bc780d93ed2a54119e2f0816da77e611111fe54d7c74c28d4f5664dc0a25fcd3100585e

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
1d761b6d81e4f5dc44f3f680ac3de4fd

SHA1
1acce080b9055089ac57ac5d5cfff82055b70e43

SHA256
ac0df383f808680ff0609bbf4931a5e98aa1ffbc065d78ec6e8d9b4a2c1c7c7c

SHA512
d2614adaf7c78e00310b3b6ecc8ee980ddf659df0cc4d02e5ed1e9523e80ee77b97b6592f31340e7b764203c533bbdda666f459c3828b4cc8f917e595f5eca55

Download Submit
memory/3892-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3892-10726-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3892-11169-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads