xorist | b013b979c5af00f1bf252afd94595a5adfd0a88e53267d7c17c9e89d18ec4b31

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vmpsoft.vmp.exe
Size

9.3MB
MD5

1af347b1b2623db94b2989c2a484f478
SHA1

e51910554a9f8cc0af056abf449ca176389ebc4d
SHA256

b013b979c5af00f1bf252afd94595a5adfd0a88e53267d7c17c9e89d18ec4b31
SHA512

0ee008b67bbba078c7a8ed526492a32416f0d33ad825a4b9d382d570847dff8202775b5cfd4e6a137d8bb06ea3fc184fdc6d88cc472e69f2417dcbf252de5472
SSDEEP

196608:1/owwGS5r7uSEjLucA1Qr+nXEU/NCevTkIFOylylEv6rcV/sH/b:2DdrSSEjLTA1Qrs1NCevwIFkaEfb

Score

10^/10

xorist persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 4 IoCs

resource	yara_rule
behavioral1/memory/3956-3-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/3956-213-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/3956-11095-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist
behavioral1/memory/3956-11387-0x0000000000400000-0x000000000125A000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2517) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe"	vmpsoft.vmp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\oobe\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_e84a289dd0df20ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\SndVol.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\setupugc.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\Netplwiz.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\control.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\unlodctr.exe	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_biometric.inf_amd64_edc558d403ab30c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_416a5877e9180787\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0019\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_securitydevices.inf_amd64_f10a5650b96630b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\userinit.exe	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\srdelayed.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\TCPSVCS.EXE	vmpsoft.vmp.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\dcomcnfg.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\unregmp2.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\Windows.Media.BackgroundPlayback.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\PickerHost.exe	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	vmpsoft.vmp.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreSmallTile.scale-100.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-200.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-200.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-72.png	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteSmallTile.scale-150.png	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-400.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_altform-unplated_contrast-high.png	vmpsoft.vmp.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-24_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-unplated_contrast-black.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated_contrast-white.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8041_32x32x32.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-200.png	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_OwlEye.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-125.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16.png	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-400.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-256_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right.gif	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-96_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.scale-200_contrast-white.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\new_icons.png	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24_altform-unplated.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\remixCTA_welcome.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-100_contrast-black.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200_contrast-white.png	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-32.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-100_contrast-white.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-100_contrast-black.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\MediumTile.png	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png	vmpsoft.vmp.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-256.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-20.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\7.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-96.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-72_altform-unplated_contrast-black.png	vmpsoft.vmp.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-100.png	vmpsoft.vmp.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Google.scale-200.png	vmpsoft.vmp.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\LargeTile.scale-100.png	vmpsoft.vmp.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-time-tool_31bf3856ad364e35_10.0.19041.1_none_a2fa28d9db4c0081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-upnpssdp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f84b2ed5b180f80a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.Resources\2.0.0.0_ja_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_c_monitor.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fe25ac50800f1fd7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..smsrouter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b5b320c8c37b456c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..ce-client.resources_31bf3856ad364e35_10.0.19041.1_es-es_ff722c38d8cd03ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\PhishSite_Iframe.htm	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_system.workflow.runtime_31bf3856ad364e35_4.0.15805.101_none_7867dc928726bab9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_wvmic.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f69b04eb0b1f3456\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0f58e48a88b39eee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\PolicyDefinitions\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_c_volume.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_967fed3868e66714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\cache\Desktop\2.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-credssp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_eda66a7640d1a704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..rverifier.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c43138b0a33a9cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.19041.1_none_17e048fccdbcfaa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_en-gb_1dbdc338c2468486\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dafipp_31bf3856ad364e35_10.0.19041.1_none_158e91d89331c34d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..mcomputer.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3b21483effdddb5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shcore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2a4eb43040ddc569\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..4-payload.resources_31bf3856ad364e35_10.0.19041.1_de-de_8ffd584ccac67eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vssapi-core_31bf3856ad364e35_10.0.19041.746_none_b83305e47a98185b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..necoreuap.resources_31bf3856ad364e35_10.0.19041.1151_en-us_a603c25e81a37573\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..anager-unenrollhook_31bf3856ad364e35_10.0.19041.1_none_846c69fb0d98ec04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..k-service.resources_31bf3856ad364e35_10.0.19041.1_es-es_e3a19843de8dcd3e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\MicrosoftFamily.scale-200.png	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..etoolsmqq.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_786e67996d4c3087\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\YourPhoneCallingToast.scale-125_contrast-black.png	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1d6e0433e9628ce0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devicepropertymanager_31bf3856ad364e35_10.0.19041.746_none_9ae154761e6a5add\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\HDRSample.mkv	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_403.htm	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..entsbroker-bmpolicy_31bf3856ad364e35_10.0.19041.746_none_a0c91ba2b0abd9a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_system.diagnostics.contracts_b03f5f7f11d50a3a_4.0.15805.0_none_92c3aef55272b339\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-gpm_31bf3856ad364e35_10.0.19041.746_none_5a299c8f4c5974c3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_it-it_7a0398b99992ef50\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-r..ndows-media-editing_31bf3856ad364e35_10.0.19041.746_none_68c543a02c20d01a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-compact_31bf3856ad364e35_10.0.19041.1_none_afe6484e54f00fd0\compact.exe	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_c48c1dafbb1a035c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..store-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_7e9bf0fc767bc63f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_es-es_f287c4684874aa25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..package-managed-api_31bf3856ad364e35_10.0.19041.153_none_692d4d323b980451\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\INF\TAPISRV\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cryptsvc-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_e762aab06014b740\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.19041.1_none_e6307765e4f96817\msfeedssync.exe	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-sysprep_31bf3856ad364e35_10.0.19041.153_none_48a10c747e2f96a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_devicepairingproxy_31bf3856ad364e35_10.0.19041.1_none_f0b3c9e9e9910c37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_umbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_74e8d13cb3a2fc96\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_dual_net9500-x64-n650f.inf_31bf3856ad364e35_10.0.19041.1_none_83878a63b8b589ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ce-router.resources_31bf3856ad364e35_10.0.19041.1_de-de_d543a8da7b67f1bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nb-no_d81be221202a5cfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.19041.1023_none_a465e131bcf39899\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fontext.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a8789900ed00ab37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-holoshellruntime_31bf3856ad364e35_10.0.19041.264_none_8c0ff17d5f0dd1ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-wsdahost.resources_31bf3856ad364e35_10.0.19041.1_it-it_01615b0dbfafa508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.19041.1266_none_5fd6523a3130632d\ResetEngine.exe	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\msil_sysglobl.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_da1aab76871b148f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-schannel-mof_31bf3856ad364e35_10.0.19041.1_none_a60267c03918ac9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\http_406.htm	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_10.0.19041.1_de-de_9b9bb1b46f8e2741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..e-apphelp.resources_31bf3856ad364e35_10.0.19041.1_en-us_4663eb3e6599455d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	vmpsoft.vmp.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\Ignore.scale-300.png	vmpsoft.vmp.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vmpsoft	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\ = "CRYPTED!"	vmpsoft.vmp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe,0"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open\command	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open	vmpsoft.vmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vmpsoft\ = "VFONQNYIIRSNELN"	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\DefaultIcon	vmpsoft.vmp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell	vmpsoft.vmp.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VFONQNYIIRSNELN\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\HspK19bVp7X4fjN.exe"	vmpsoft.vmp.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3956	vmpsoft.vmp.exe
3956	vmpsoft.vmp.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
392	OpenWith.exe
756	OpenWith.exe
2164	OpenWith.exe
2072	OpenWith.exe
2164	OpenWith.exe
2164	OpenWith.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 4176	392	OpenWith.exe	91
PID 392 wrote to memory of 4176	392	OpenWith.exe	91

C:\Users\Admin\AppData\Local\Temp\vmpsoft.vmp.exe
"C:\Users\Admin\AppData\Local\Temp\vmpsoft.vmp.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk.vmpsoft
  2⤵
  PID:4176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:756

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
dfffc2da0ed01fc5f9dcd843669ff58a

SHA1
01e48e48b03cc81a8d3e4cf7fcb702366fe4fb6b

SHA256
c640bc8e411f727b8b8304f8bfc28b6dcd8759544067c3aec56b4e2fa1a48e01

SHA512
7ce7e9e092095fe6b58eefde615701e92b68e8b61e677e4f92ed8c21b026b85abbd20afd48eb1ffe47cba0008f412555d6d5841107fb8e20f828b2c1c9aabc0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4523edeff38a84983c27a0b4a2b97ffb

SHA1
4e1bc6bc56abf61f043c85d5c600bd5ce4951323

SHA256
e87d746b1b5cbf3638e88de50a847b1871c14f15b5e300278c453fdaedf9aaeb

SHA512
8015a78d6b64f9bd8101b06326cc3364454cf5ac27e6cfb3eae5ffe401b92896a85be24d904c0b283f7e281538ae635a1db2a2ff87d4268d4432370a6adc3c84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
e43ca00b1beb5d5c46ef90fa68373f84

SHA1
78e21ee07e1bb2fff8c676c1509002857b7c49e0

SHA256
b271950bad77234e7b3943bfc9c7aa2d5818e35249c745b5c4f281319b1f9259

SHA512
e69e5e45daf7a5ca4cd30c267f55a7557df5aba4a81cb2a334cafd80b505dfc0baf0b38bf6d270e1212c5b6e29f2e5cc6e6a2fb0ec1c78280b1776e5d166f6b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
bc4e10052685a4bfad2ed32171a40c68

SHA1
85f6de40920ad181d1594659666b9520ca624f2d

SHA256
97795c9e3b7d8b2d582e5fbe60a51db5da1ad7cb4bbb572f2c3e5d8115b2f021

SHA512
3543039572248c56882eeca195c7babc59e9bd864d297b301a9a18882591cea1f1cb6b0c0595158a17c1e7f7c4f85c48719de1881bd920fd3103132ddecde694

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
bc9f3382232d8fbaeb8deb4b2e1e14f6

SHA1
804f317d2220fd7a10fc3a317f377d8d413715a4

SHA256
50a39c63887f3f4a3242a10a249162eca5dcefd20d8c80cdb6badbbf34ca1e10

SHA512
d13240962d9966643d0a4e2b94bf415a75e933ad620a1b359fb87ee149b05259f6a3a5ec1435fe564464148d9017ad30678cecbce5d1c7ef6684db885a1e5304

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
5d2e69e9ef487911b76fa0295753412c

SHA1
c81be32ea6b381e7f851e594c2f05f66c3618ebf

SHA256
17d6a765fc98c0de2d4bfd027f0eb7aeab6b529ccdb33c6605f4c18f8e2b717f

SHA512
aa9b3e87bd0dc227f85d440e38536f29d278eded3567638d48e3440db9cc1811f51c3a9014ba9a17096a570d6f56a2867889574bb28a66589f19164dbe481637

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
06d07b073e54d485b7a7fd2cd388ca9a

SHA1
964d97d8ddc9754bd94b0f06458eb486f35230b5

SHA256
b0d55cf84e3b8fefe761b6af5754c660fe8fd45b46956c32222b76a6ac952213

SHA512
79dad76273ce8f804a69648c121e67e63fef025b2d5a2b33c148b60800d9cd4b7da4a372a60a4c11d40533cb16caab35425ff2009c3dad3de46b7118c65cae35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
f109c1a502c77382492a649e7861951f

SHA1
4696c0daf29e1ffd1e7f03e87baf09338e3e4df6

SHA256
645c41fb126cb852742c6dfa22ade450520acc98ed7fe041db680ceaf30e63ae

SHA512
d521fc971df137bb1d5d3c207cf6be306d1c486e03f8708287e2acbc3c330e58fef6540f0286fac55b2ef47596bd7ebda173bee0d19a9198a219bb9df5d84c02

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
fde5e4086dc1aca3f0644e520022bbd3

SHA1
6d9a71c82d0f6c866616ee1d6a73a7d2506266c3

SHA256
e68da56c1139b43279b416fc7fe11d670f8458388c18fb457bc160efa5855afe

SHA512
4cc1b76e06fbaafb488580917493500d653411c1daba629327f0fd7bdda38ecfe0a48042281ec3982c05a3a2cbb0ddc36d63bbdeb367e6983c43ed4145907775

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
1a4e7788ee5d359b2a938dbbb49d9699

SHA1
59a0f5ff573c1656bf0d584a10daadec38aee5fa

SHA256
8df2099db16df1157742c1042b3b3a86eb5bd8c12ee0a9ffb039cac168d98680

SHA512
48c5d0befa46ec14f5002b8f773295e4781164c945eb291a64ca8c48307a57cc15826b7ab51b37d62de5e69385531ce180937b6d6968b3f81353d50042e5df47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
643d86c3e20feb3de53c96dae2600059

SHA1
06948ae394b9f44cb00172aa1b384601cc9b4737

SHA256
48bf284dd9647de2c9a0fd6a3ad86a0b206e6fe310045e5447f48941e4826722

SHA512
8b4340d52ce102d9ca5f39b82501ebe6b982eb5a5ad5bcd99d34ce2a65348115a45bb8c6830585269a8b134b05f1986f2c9ea2d527b9899229750bd37b40fd31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
23ddc84847af4a33088aa773ff545f10

SHA1
eafdf41b4184dbab2ce5509fd971e88e8f8b078d

SHA256
c1889e6be841f25d5143a6fee8f7ac2f321e3092b2b800dabbdb582ac87afb21

SHA512
558d8c6426c64a5b7f2db85d26acaf47bc0114901d78df3696ad7138a97f62645e59e66982b677fc87659e0c15196a211708e6fc5eb8729f87a819e32eaf2bb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
74856611c4901d82d6afd8972a444b13

SHA1
ca998bddd34521d1548669fda0db8e309a667092

SHA256
fa11025aae51115bb9dba41d95abb399ec5132f34e32038c2833a2b34eb8edff

SHA512
28a78fa651f06327f4c1cc9b2a41b83b3d6ae39cdc5d0ac974743bf09f2f7d4638b7c9bda049bd4d24b4eabc8180ab0c55fca2fc229b67df70085803a704fe22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
9f9bc080031bf775585e885355440ee6

SHA1
e0068994aa991770595d0c82d11894ccd5368512

SHA256
132c63873581b652ff31040567cc5e48694c5afd63c65580443998fe6cc47605

SHA512
ac3778b39f0a1820d6ab9303f08af0019d904de295c6d4010ead12f17546721f6c63d8e4bc092f1d83dbcfc81fb8b7129768b41691872150ea4173911194e215

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
eec5aeb8ecc988f517d84a4b812eddf0

SHA1
24ff0a04c3615678f56ba8bd839d252d02379b24

SHA256
b743da91f187b8f2e3c3229e6b847d8f886a889dcec04f36a4539cd083e8f8f0

SHA512
b9111faf0416eec63ba200cd37ec1849248fce6e433f58d80186e88a586bdc651560bd1a2dbd105c1a3809842f20a459cdfd0ec24c1666b79eea205391c045e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b4dac49086fb1705c472a08f06e24a86

SHA1
5176da997c00eb7afbc64396313f71f9ab627c8f

SHA256
dd8742895cbc0619791d6d699d6efb817e24dba091a8e2c4b2860b1a4c739ab9

SHA512
2e22cab8178377d8c95238769051e25483ff4eb8edd7897759b22f704f80dee01f6ffddf3e48dc5e93a0eaee28a0bb0e813c03a1934f4d2bbbdce02a7ad89d2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
133978dadae965d06e8e97a9071af702

SHA1
ba26a155d5e1708b6d1c3c2d17a18d8f31d4395c

SHA256
803917d375f300d0cc9efe9df676c76bb9bd831a52673f85ef5bb3e7da188a21

SHA512
c15fec3c9c0f54d2c3da825ad9950c13e41bae461fe146a72926200506612d8c0c773dfcaf6a1cf0586a7023d736742a5c0fbf02e231486ca894ba2bf073ceca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
171a4917be3ee82c34527fb838056319

SHA1
9e663812f287f3eebb7fd2aae6f81487e935b60d

SHA256
3a049dd4f535d9bcec2ebee6f57f4c2108b6d43cae8d33fcef3f6f61e755cf8f

SHA512
39b8ced627cab3e13b0069a9a0b5bd78e767036daa490f6ae903c69e322cb099d554c1bd6360486d54cdcae1ba159ce68d83c25368847ff62f3e6c4450767e9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ff40e9d0adc0a240f27bc6a32df35243

SHA1
49b16a08b3b563e36aadf2f357a4ee522a31c0d8

SHA256
e03127e4bb71096b1a26300a38147d18b2590bc574830e80612df4fe5f0735da

SHA512
6b9fc0dbab5c5fee816f29b833c9b0d2e7b68787d655e7cdf9be603cbf95b5955b68de0e1cf9c92d110d76834aea894505308b9487d6657e8bef1afeacf67b05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
02158113cd568be2aa1ffb072d4b7156

SHA1
69f71816589141fdce603ebc65b7ef89a4a374c9

SHA256
c0815c7937417ae6d5d098e168b45bfbd95fc3c778e6fb572e6da61485dff1c5

SHA512
d20c4cd5db72c66eff1979f019f18615ffcd45025112e3b7cd44142baa5a59ddc17bea3cee4f5841816cdd225d0bc1fbfcddfb87b2fce32d718b07d3ec6c21c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
bcf0531ce25652df7fa5cd89d90624a2

SHA1
23e36700f13956f83009f9912a3918a158ccd2de

SHA256
3c75e8d756ef11c639a133869ce45e1b5b7e41950a388da4786d467cdd9d544c

SHA512
adfad2ff49f4a20186fdbdeb321023843ad93755df5f1270f87987ae28058471d3e57b255b548710182773261d00123fb4f655c7d7b17d1992aa61871abcface

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
9c4b22cf72f4eeb633b9be16d7661466

SHA1
055eb0b0cde7cef0cd122c1c0a647170c4584e6f

SHA256
3710b4de51cacb3160c83f389047f1266a59f0ee7c6bb10a5e8acb8bc183950c

SHA512
3c2193be8cd493341e5ac391a2012f345d9cfc2bff5147520a5fb5b5fcf344c05aa6fa7adc4cba92bad4323fa20ed5d80965db78511a9f56ba68f4167a3a56d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
2d6e924c652c289147ae1462a2e319fa

SHA1
ab44db5a3293151a24cc08ef905f25739bec3121

SHA256
89336737d2dad5eb1c7f3754b39be1de25c4dccd00d1585fff0eef02a652ec18

SHA512
b239a9c58a5cf9c98031df735485f6139021a4347f240cb06d430965930be188b1e7eb264ca65b88b84df0f84f19619df5573a8680685d8602e1ea40cd88fa1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
34d5ddfb3ef3ef6c19fee7e8079f026c

SHA1
4b5634f07e2c1f834c6c23786bcb16c6aff96b85

SHA256
8804410db41429a419a267c6347c8cfa7a5699ac6c33ad156114b6ed5ed1014c

SHA512
63675e1893698dbf3b3a2b12113f35ab046e618e6c4cc88d61dc78a8389870cb99964826af9d7539aac014678c89b507d55f01e122dd4fe11a12283fe8f2751d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
41105763908d181525c793a637153731

SHA1
ea09fe80f8dd48ccab934f71e08872002d25d4ce

SHA256
2d3f32da5f702f034201b41846951fa09c9f9a708c025a2d4a6c6d9736df5a8c

SHA512
91a7c26f1374fe639c46d4753e9dd56c4d4b36b644ab9f6a50ad29e8648bbff8cf62bd0a2e8c3cdb65e53cff80ffec0be5edcd031eb3115125db7c0a740b30a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
ca1902bda85252dac0133fb262d0399a

SHA1
e86a28aec1b25a135a83fb5fb4077834b9170d6f

SHA256
15cb124fb90935b771b6fcf3f943c0bb2e584dcf81a522657ea6881f5bd26ca6

SHA512
adb0428eb9658044dd162a6fb571ec39652e940131e82c435cf241b4104101e5d89c88fb42e55c3f4c1851c2eb0bcfab5ea8e4a003feb5e4a1a37871ab710b0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
98b6188bd666837f2d17940cd3db2a1a

SHA1
65f13945b31a79d2be597b631386ddb222b54e98

SHA256
cf0b779998d4cbc137fb6fa10999c0005e9a9d06e569a173785f589d73933644

SHA512
2cd53c6a1753e4b434fc4f614f344f29e3a12c3c9ba77646b333a4b99fe14a93a2820e4959e6caad7a69efc2b2f1b9dd1aa604ce754817636b12bb102405b29f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
11724446528cd49512628838171ef53a

SHA1
be532aed83cf76859f54e0625f47e6b4dd03092c

SHA256
8541d51a6b8accc727949fcbd28c4fbf0aa6c6a9d84cb4eeb8edcff4b1557797

SHA512
91bd6e9d33b93c5249b3f12e243e2fc996ea8f4b83d915738b61858ab8bc89068fbe0152066385b5af682d3257d6462c44d27f47172a5777cc842a4c9036be17

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
45c6d2e8dc4fae6a78444e670a450b99

SHA1
eefe718be87ce336be24ff6e46527da452979a11

SHA256
d7db4add666d19565a7732f57a5517ece4588df3d488dad5102828a3ff9f6e90

SHA512
ae8be8600f979081e23ef84b7976c77caa96250c67fb5e426fab3b9dae974bb1b156d3dc2b9cdd4564535186af219599d8bad7ed601c80ce304c7883bc6cc154

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
a858b46ab24609185be34d9cc52ac956

SHA1
5dfb19b493cae93712cd81763094d61cfd90dc9b

SHA256
057c2a3e71050c78bb53496c937118afab409be42287f446754e4e81e8c2dea3

SHA512
9a2821900d86e3041454de9a9ce06fba80aad876fa823fbc6b5c9689f9d18e405fe4b50ca7d66b0a62da70ca0f6e37bbd63c751a03eeeb257884178d15682d71

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
fc3b1f452c506877b5ae6d003c7b818a

SHA1
46efc77487b672009a93eb9fc8e0470170127b03

SHA256
c71b81c4886d2d7a7c63fbf629bb59d4543fcaff7e2ab3510fdf01bae05f62f0

SHA512
37fad2cf006296d5b33719f139cfd6cffa0ce53b1a62a59cf6321102d89cabbdd5de29cce91e0db32729368217d6a211d8c2eebaef9630d42b4302f326a9e108

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
fc9d5a69c88c202504d0334c91cd2cdd

SHA1
6114802c5e892aae51ef4d0300d893e133e82d4c

SHA256
ebc92b6a3065564b0ded60ba88f893589cda7d8debf8b9ba5803e5af53f11ece

SHA512
5207ad320487f52bfa9b5439fe81aef6928994aee3c0cb1ccb4f80defc5431f7e50ab2ccf1d0e8ec9ed75bf1e26a17952521e686ead06e1d1b86867396dba752

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
241ff74fd91b4f37283cd34f90d86fdc

SHA1
c1593bb8888f0e161d8b7e0549d831594368f36b

SHA256
1c7459b2b8f4bd1c2879f535716659e613b9f4a0cd40a227c27a0ea8be012802

SHA512
0a0fdcfc2a63b83eada15d0105017a47efbb676dbf3a294679fbf5388e1a1d93ba16e6bf5af7f4718b5c5a1a5bd59c33d73558369411a89bd66b1ca2aef738ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
1d4b87c44b85afdbb3cc23a3fc8190cb

SHA1
9cbe2fcbd661d289ec173e1335cedda2fd2f9d10

SHA256
54c9d792b3d8423c599738ecc135e3559bccc4c9528aab4c1a9f174ffb4c1b3e

SHA512
43d3aeddb2396d4131ec4cdbe9e69fb6c51f612f6dcec8043b517ac4d954bbfa1ea969c2282a68022a5a71cb8e6c11fecdf32985c97f58121ab6f8c42d28b3fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
ad529735b0b6e15596d4ab80ae8f3abb

SHA1
0a7f6138d077130d319e4fd44b48175712426ceb

SHA256
21eb8f5d403f0234cb3d3381372f92756bb3db8a14924c285e00c4a6320d138a

SHA512
91d82b020ee0873f0d32c78bc169342a9ea23bc51f9893151b421aa9f1e8151d253c19bcab67230c8c6c2fd50ac3677f65bde7c78820b8411a64d33a5b7511a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3ced20e895a1538b5c21f13ca9f0664f

SHA1
bbc9557d4139ee40b85de893f971ffe0d4e20f17

SHA256
2d6de623a95761cab5c958f049f3b217aea0f08e2a551bda7c340b09c7fddfa6

SHA512
2246c8a5b04aa8f7a6952d424409d2b7f79fb8bbccc157a3833b1d3a1d53890273a24d761ded9240885b6c2846bcd05baf52aadfb4aeef9576a3f1e46a78d1d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
21a72d1b322a3c2f31c46b6b51e421ea

SHA1
e41d93fe220970a8daa2648edd692b433a12d739

SHA256
4947763a06f87809d0f586099b91f6a1abc88f2c9a3e83f3d3ac420efcd69f7b

SHA512
38865eddc820c631013190d7daad27d6a923382e63602588ae220c27a943cd72d2415a2cc3477a2ce2709d5498893e16504f73d202f403ed352d5fa9990faaed

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
9e105ddd7d305d6285aee6a75a348d82

SHA1
5f106b5c9d32f641bbd8f7cc74a506d304e5a0d7

SHA256
a7e641d81ec774d75608ed1eeb25e62e5b71d14b0e15f6b91693cb8b275f876d

SHA512
5b13f3bbd967bf2574ac489b795cdaa05c10408b156c84467554b8ae031e091d6a7cc78b0fb9ace11555ced8b6db3ddb8eae4c8d10ffbe89f93c44a6cf2dfddd

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
173B

MD5
89dfd51a88ee2ae5a5d5129b69d8ce06

SHA1
6f51d0a614f55c9f6c30469f90fe50c32a0ce00a

SHA256
9d89ef9068f0aad029eee71e5a3524b10fe5e438e5b654fb6977ae5a267717b2

SHA512
58a93c49bcb7eeeaa6b19eca58242a98a86a7681cbf309bf489af415b121da6e8d8d8ae0fd44a4c95fad40548d3b14b7185630c80749cc95466ea7442ebb3cbf

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
788b269adcffac2ae64a3feebbe1d4ce

SHA1
bb4eaa41490724e3535d7da09291ddd79af481e3

SHA256
789cdab67230bf34bcbbfc4c4295c623692aae24dc3bf18d7ce7443aa06791c0

SHA512
bd34e55c6d3822c5ebbaa753fd0a849b5a133efd241855cbf65180141c9017409bfe865baa8a3cee9a361481fe3ae6e395c0d518473640bc68d638c15c924fb0

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
76102b3c1811b5d1ba22def696785c10

SHA1
ad700228cf6ef25becf92d470fe9746d9b77f435

SHA256
5ed3b5702236eea2721eee7dc00861b7e81e8e1fa1e2a9e69f92c9a57934bab3

SHA512
715f4033c97028c834f079300961ae67dac5efa89e33a30d177b3f376fd9b530ab9d3084a0e050eef9333c99d26521a4fcf874782820b553fcb0ecee4462828d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
08889e013521481690b8587b497cf9bd

SHA1
ad1105f0583a89ac05289ed372f09a426ae7b291

SHA256
2a004b46bc27af327743ea195124474d4f0df2aeee23c7b1cec9560f259e3f85

SHA512
b88c135b6e10e57b59b93944cb68aaaea9e56a36ddde626bc4d4ffedae89f5e8e60b04329639b737ed814d5ed013fbf38cac1ab4202f2699fcc07101a308ca6d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
c72bab6d52fca355747a0556dbfd8d0e

SHA1
6d089dcd632d555119831cd0eac9a59565f28c80

SHA256
05eceac8337536bdc52305072f4859289870341fb54dbaba5cc7482eda15d071

SHA512
46dd7681469675c9c4657e86d1e142933b0e3dd6d5511afee6ab66a5d25be2f2fbe70be57b386e5868d0943ed500f5c7749846bee2aa46892b12e442d19a8341

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
5b9a192ad1d488ecb7b12cb0d6590522

SHA1
a855452630b05ab9d42c77de204ef0a5c67f5491

SHA256
d749b4388a4e0f3d1118df698695fd6252a60a742717b83a56b31f0d2ea67cbc

SHA512
4abef78b4af42cdde21742634c11bc2953733880d1575e0dfe53512b7eb442b6d310d1e0c9fb226900ca69ef80ea9939ceb1d61aa9e47b66fcd08384493510fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
56599c5fb95e92660c353015e2789d3b

SHA1
9391b00bbc9a05bb135913f4aa19f35deb487f9e

SHA256
6f077d1d56ab9b8f7595603fe9c7979613ed7b516fb7dc262d718cff09aa1a7a

SHA512
98d1622db3d8315dfaf719a83c0208d2665278218bc2caab66cd2346a50baee776c93624ad35400e19b99ef316dd4c4dac516edb6e321a7be4fd7f00fa52a828

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
c7c7a34c1ece8c094a5ef619d0022556

SHA1
52ea2793bbb291a8972582c28abb7fa9f3720004

SHA256
978e6583797caa3dc1fefe491644e2e745ede6a7b3170912be6d5fc770b5e18e

SHA512
f64f93a97801e61749aa9f1533c5e6e96b87b9368b3fabd400e7d75d61e3b40f6f14e0050f08302f8f1c72694a30fe4b8d200ecfca3613628317350000a1dfe0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
11b8ed8a82ff8a66012b486a8000174e

SHA1
5f34acb27698025f5e7ec399e5e734e7fab69aa7

SHA256
8abf22cf02bdcff2952b7f451522f5370cfdeb2ab7942f37d92b3f78e6f63cf5

SHA512
e7029fb426eaf62b0fe02cf40afd717f34dff148335f592fd875dff5632261a7cbae4df2c92866db81a74f08c19f91f9c0bd2e6b6d543d9d859ca23d353f485e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
66d8905358e20ce1151f3e3be1b96f0d

SHA1
2e06da8a776945893e78a2e275945ae2f463257e

SHA256
0739a6a8a9655ed8ffb09063937c5c32126dc391d75bb812a0e1ca1bc9129399

SHA512
6189ce94dc34c2b850e3288490c6d3837ae403fa6d06a3cf513bd4f6b376c261f13c92379edb31d2eae4d29c05209de52895fcd5d48419731d69d62d20be7426

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
83c4b8b8931ef5384e83dad30cacb925

SHA1
78d0a661504f6aa6c41b086cb763b0e11d9dfe2d

SHA256
85160af294b7372adbab9a2076ccfe9ce3752c59853d3aec58fe33eab7029ffe

SHA512
26a5b4ca14a1f54b543693c608b65afa8b71769152480f10077dd1de8bd5918e6f9b068121203ac69d872b1fdd1fc10a8dde56195203d08478db6f61d4f5f76c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
640763f6186d36d7ffe65edd2894e42c

SHA1
76ef76b709cc5f68137b9f15124909e43e594d81

SHA256
ab6345e9bbe53058842f3592fa98bebd6e8d709c238738e790a167742c7888a9

SHA512
e6761c139811f263279ee0e873a99c279c1532192ecd525150993240fea858b289a7fdf17b90d8b01f73439ef09abaccb1aeaed6ef712fdfb392397ae5c2e424

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
f01c6862a7bd6454e1eb28d0f367489c

SHA1
01fe4ce39955c756da217bedb3c589e3e60f0430

SHA256
08b8ade3549f65038c39b24df4f58a849d2ef98516fc3f56e9f0cee336b495c9

SHA512
8138df89b1b95a6d49ce7c0f5f9f24bef4e1bac551381460a5c5dfe4d71df715db907073bdffc214cc0bdcfb42f43d745dfb4f8db71ce1f5160ea60231df2779

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
0a4a621dc2544de6c1af4bb7219309f0

SHA1
53732b440bd0e56c2919a110a5e8d300d0c3e8ff

SHA256
f39ae84df3edc092d99c02cc5c1ebb02c3b1caaa9916a9038ff515ea57c307aa

SHA512
3e4e6de255178ae9cbacb15871ad5431224a5319b02924c985ffe516ce5dbb6758eec6497ddf978864fbd66d74ceed9d3f803efad3fc18abfb169766a1477b53

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
78f761433be9360ed7bbf996d777ba5f

SHA1
fcef5ea0bc18e94200e17faccb6a499341ab5b27

SHA256
71a3a0b145feda5f1d0e490b6ebb00da56ff625fd1e57523ac93f9bb6d3bdec0

SHA512
b4c07f4451404efae3ffe37dca432a5c04b2c249b474b5b61aa06fa6deadcb9ad687e31154b22316bd65867334eff43b177c71b2198d8de0f03e5204db9b4a7e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
ab8470f5656a0ff712e5c6f680fa8f01

SHA1
ce7b91ef057f2a7c394a88b5bf986d247e4f245d

SHA256
db9fa5882d5a057e80e19507f7adb8718e76db31b3c13e797a7e10ef28390d64

SHA512
9ad2f0392977484d0def349b3ca2d3f708679c1e16048d6e0c1e9560785b8d6beae2b09413b58a8470b31ecd6cdd69b6479d3dbd394681a4132b847b75f91c71

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
989e1eb5dabb20c2256296b1deba1b90

SHA1
0005ec5c4f35e3a80702e9a62d1e3f8314aba5ba

SHA256
e6a4be50af0c41cbc367b29f085ccf9fc2ae684683776901f7deebed1dd154dd

SHA512
7704de21868dce0ae7fb1081f97a1fe899746edd5b80ee15ed01af1a7facb40117b15b40446f942384694a924c128e05fc09aaf9d0f3592229acfb980b471900

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
d5e68d6d4a917c6d9745d3e225986a7e

SHA1
7adde7e5eb7aef3404710b39531b0ed2de66e522

SHA256
c489ca2fb0643656db3d5c10d399a9fa1e722b83e3c9b4290d5992e508ddd4d5

SHA512
ff9e1efddf825f86c44713626ef7af3e76fbac4c235a3df3f0534d65e6cf293531c8ce38caceeb27e626c5b1d8cb98d720aea3eac877c9c94f85242cea73b98f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
f0b4e4faa3bee28b0d12707c3e807ba3

SHA1
a82e027a85fb1ea5ed4d443327f723fe8486cc0e

SHA256
87edb8e35ccc6a304952bbffb60f19d0f9463ca4de2ff9042bf4dd6fb628eb4a

SHA512
0c197504463946a98b9ea406b6703fde991a5433ab7ba00d9b780216a5aba5da1c22cd315b2df5fc0179d00bec3fe17b987d5974c995e842c8acc27d8e852964

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
ce016617f13c047ee7c91596bf6542d0

SHA1
6c698e4dc54c63e108f10f398fdf77f399df35b7

SHA256
35520cf20383cd027452bfe2c4098a6d93f67bd6de4a2a20a508ac78892ac395

SHA512
08c64d484c4f1acdab5122b4cda2abdc09c87dbe3c0afed5f5ee43fc650b727191b804b86b468e1b3d40449756eee4edf95102191c3b3fcfdb22b61b70220bac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
3b7f2033ee7edd0c887a35a6399235b1

SHA1
7d6b7e1cce08175f07116daa8c1116038973c546

SHA256
8a530cb0b94373b15a1d9a843bad67e3a53da5e1617ec3c82d0c83c1ad461f5f

SHA512
56ca8b52ed02d54c92bdb58f0d4dc2ee4b757f1b62d0fd9d65e84fbc459dca5d7600b5349915e3a4557537a0e9f3c062b1ae0477b4afa479b838103e6f5b030c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
438fd14d286cbcd40b3572bf819d8877

SHA1
255c45ba09a7337dd772bb1f5fbe582ceb8e47c6

SHA256
49023057ca0b6d9370d378ef1191df9859307a5cf302ecca2a5d7b49609c2ba2

SHA512
8a3d77c3d3a682a8a028663993877d1d467f8d5086efcd0f99b81795d4dfb62967ffbc8360f67ae30e6937e3ab64fe6f6ad2c2c08f145e3b248033d29ea90a79

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8ad2c462398189a7ac950ee4d4fc9fc2

SHA1
727477d6e130273f74b50a4d29330427e9ff249e

SHA256
2f90255c30a272a89e83c70086615d480c5761c02f35aec95f8885ef5015f673

SHA512
1fa60b0c8135674039714950e4f34184fdba28049825088b69489fcbe6bdd3b083f50c0768ea0ec816446b7e4f441a58246ab6f1dcaeae6ba2a9540cb1e66981

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
14bcc70ba101b15332b08fe654d08dd6

SHA1
3b0ac2fae0c443ea2e56fe2979fe2dbda16e324b

SHA256
502dba0417d63b1f531319e7bc6701ef7e79d31bbc43b5324d5dfa73d713421a

SHA512
c86b3b9f1ee665b1b9205035aa702b04a82f92a8cb97735072ae794c55c3a71db1a170353de54fb5fcc11c83b3b648a70ce12f8cd263d0b61c58a8feefa46dd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
0d87b07cbd63363a4138dfd01c43e23f

SHA1
49f8c45f53a2a1e7adad78c337a42e940748b7c4

SHA256
c121bb8939cbdab61282c2165b4874a441b8c3fb3020ae38b15e37276cdf994b

SHA512
40149f27060d39fc056b27f47a3a1d81773aa5f2b78141c7208516fe667cd53c8bfd7e72fb4c81302e2cf26b029735cd8573092fdcfaff98fb3b5523d6de6136

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
387f663c859a3dd2aa4de20445a1ff1e

SHA1
bf923f296ae7739c404d9c4129a7b1c0e0ddc4a5

SHA256
c5add3350b34d012380da169b748b004095a59fcb53a833d0e173936efe54179

SHA512
441a6394dec06dd9bf75995936132d84cfea76231323cafc8dd8885422622a102a48f2fc722e4739b12c078b45e1fd6de34d06bc96c38951aec9083382972b19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
8c8c7f1a6896799c0af67e499b2d5870

SHA1
5d902a0f73ab7a1176b58466a14514937fc2ce92

SHA256
685873fa8cd778a8ae859cef0a3f2f61a4fd8bcd8d0186fd817a0fc21e2a6a82

SHA512
cab8dbd8136600539162b4f676ca434ece984ffa8a29be2c130407c63888812e340cee47a471ec866745f7605d7a2a7fdaf7336b5949528e13d6e5734459f082

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
ec2f9ad1f1da5c4ecdb25966b22ef025

SHA1
da15b069ed60ae0af906a2b284711bbd9c7a26eb

SHA256
f6d90c85f77cc7a5d2102c7ac8c9b7379ec4660853a92914727a8b2cb51156f8

SHA512
01405ca8e8be5f3c3db563afb47329e79d2a82b5732660da2784593bf826b8027c8cfc745e0e2a05c0279741bd6b0d5be5b14028c05494a6464acafff33142f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e855b2e4d11b1d1b66b84de6dbeccbdf

SHA1
8d3eaf3bfc619a44f10f33953cf67f09644694a1

SHA256
7e710ae61115f0ec16e34b214e89d1bf32a466f3ba3d20aae52a6ae193537434

SHA512
ee53d271bf669288b7a14e56dec73cff8216e2d388cfb495bc44fc8d103b83cb812c5347f51a9f0daf0739a345cf723b380e61250012c576497b30b46c004c50

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
89060b7262e241deb60eef617ecb9ac9

SHA1
d6d53001c2a6a41ce9dbc7f4ee572bae38901205

SHA256
bbbaae170cc88bd4ae3f324c44ea17e9d4c924d2353fd3da9f5c138639ba5a9e

SHA512
47814d020c9af1fee2d44888c5284650cd39000b77cfbcb0cc4242764b31c68db7e8e1969f0882565a73fb7f5b527131b7852795b8fa6b937564c88b041b3ac6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
3dc005712e939ebe115ddb4ad5fcc3bd

SHA1
afe13ca33a9802f1a99d7d905fb976556e05a66f

SHA256
c21cdd4a8a51681215216f3a34e193cd8e75e17c4bd8c3f8b2f5533c0b589865

SHA512
4cd794855ef56cf2dbad55173a525a866137f3231b7c00dc5aa21d675a8204f28e1ec6be9e702b6b53080d27d633174c57db59998031123e4d1c30bc3a2c9d30

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
7e252058b0a5846a541c4c1b2e6d4f48

SHA1
4f9a14d4cc15f05c4889c0a51bc0502bdff67c68

SHA256
7d08999d7b5e2c281d700dcf9309f0e311c2873fe7d5d48712d60ac87741795b

SHA512
b63c024d1fa6f7ccd7209b21bce9a2fbdb6d8edba3d4d21d9d1bca835c60e89807792a319ff971c83f847d176a2465db5cbea09e98337d4f348452bded66ce15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
8b6c104b10a2a0fe1f339a129af420d3

SHA1
8491bf8bc12dcc98a7ed250c7f6153ef85d15d90

SHA256
de5cace09e615bedc351685da14dee0d0e0d5c036a055a82014bf2118728cb18

SHA512
fc78bbdae9c7ff0420b4737823ccce52fc08c4d840e20e8a1174a10b9fcb91107778fd61d3faab37f5e1012744bcbb88ed5e1898269adc2fb2e443cf1f79a68e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
c8477e99e86caeaffdf90cb99f48aa8a

SHA1
9276e4221bb59c120f13cf81db3b86604ffd28ac

SHA256
05808fffba0f156dee80824a97964219c769066c71a47c02f8eb8032bc0ce613

SHA512
7a5a9ddbe45d1aea001b3af2925a0fcb144d4d83c471086a768a41ffdbd9a27631006630549c70860f94e8ecbe2c475e133a765183ad52e662692ad4225ab7c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
737ab19634c807d35131df0da83b17be

SHA1
49e270cd7cf5ec65c1fe64d213473c968e5ffa6b

SHA256
ba2c17ea8932f6e536e8fe330ee811a815ac2edeafaaa8c8ca04b890542481cd

SHA512
9fe81c073390bfcb6d4493c5e48c3ceb666a753cf6ead789f5948f585d0e6872f477026f6b0248b33c9d93ad823ca67c03f635b31779741727cef44dc4943e44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
3db33b5b8723225bf8f4bbfed7aa5fb8

SHA1
ccbd68671d351033691d5f003e7c5f4430f398e0

SHA256
43db7567cd964b6e94cf08d7cb9fe2e96d32cffd0a861f1633d489a7026b42ab

SHA512
1ae201d100330e5016075fb4bb59ccfc818b6d3cf47997b244a24ef1ced3e1c10bf830ff0b1a9b8536e080dda89b7d94ad62a89010f09be1fa465808afefdfb7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
6d2f3eda36578cd8fca7bd700c2a6036

SHA1
6bb3b1c6276d6213cdcb77d3f1ad0f4c10c0f2fd

SHA256
61c0949920dd9364fb6657362831999c14f92eb01ec2c0650a7232a87e52ab97

SHA512
d4d742a700e2db8075ba3543180edc60e1ba065132d7c7b8a897e560770f1ce522ff07aa2770318c366debe7a20e44652ca62f51989866c9933680f506a88ee3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
570198e160b379cd8e93d8dc78952a0f

SHA1
ee6121b3b9ca578c76098242d01323641cbd359d

SHA256
32e27ae33ed84b9be867077081b35e74a79ca19c89df6cb75477f7bd9788eb19

SHA512
c95156c6147ff7c453aee33621abd1fe7cf47eec00e0f1cae6109ca7415a838f77c36811d39ac00ee9efc53f1f883f020300be510bd8eef7d78507e3568c52e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
59afdf1fb7bb8945b3bd5ff8452d13bf

SHA1
629b59934eed64cca14de799b34eb91fc57c3279

SHA256
99c0e52f58e0ae5ae412781611d9462a39a52d0db478a75e5df4f5e0de9dce4d

SHA512
65859e8095f1b0676edfae68c44279a5f5a3cb36c6effc1a032efa23b7fe629e55fbf4b34a1f7dda33fb28723f0cec41e3d6bbdb5d178db410fd78dc06a2c0e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
8edc846523c115e4af696aa41594ca38

SHA1
1723562d991c365bfac8999f1b76a7a3e386640d

SHA256
d2bee0660f4bf54fd8ee91f6d7bdc8caac5ac364e8f57998a54467d3e041a2ab

SHA512
f5fb7068d5e3a5ca612314d401750241183c2e65dbf19a680ecdc7e356805f582715c355af32025602353c3974cca2e04d12f5dbe34c5c835c954a7b9574e387

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
8c6fcd07681b155bb980622a2d760eab

SHA1
b44d709d64ab124ed46e267203f19fa48428dedd

SHA256
77695a0832d36c98c43ca75120695aba665795720d20a2e36726162482e4dcd3

SHA512
ac6aa15760239da5b5ec7fb18341009e9cd100596943122190edd33899e5bde11a4d468a08bfaf39821459dba2a7e3f325ee69c120b20f0f2922d93364433775

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
e7e52ca44a07ff7f592c4a8ca16bd075

SHA1
e7af4cdd0b81e4d45020d9d558abd0721982205d

SHA256
bff00ed4f0efe84567592d1d3c1bbf763dd193419e68637e2592a8ef925bedf2

SHA512
154f23bcf4b8ee859574a3653f0dab38a2958cc4cdd8c4accd9da5ceb100f6cf1c72d7985a3943ead9c6d33f966382ef2b2e8dc4495596b276791f3b888bc84d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
14900dcc154f03cbfd36ee4599114ebe

SHA1
f1fbdcabcc012679a6b382a739c85065b9ec2c08

SHA256
c97d6fff67ff05463b96f69e3ce8ba0195ab395c8caeb237e6fa4e881999d989

SHA512
b55d14a4202db318c9a74f9b7aaf589cbbe1f865eee96681158186ad81ca5358302891b7ebf7e40e6f3cfe492d4b438e03b4e4a8cde59d1c2b5b5b28cbbe6b03

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
b46cc31823a3980a1397df62c4e4eb58

SHA1
9483c9df12a54dc01ae6a2d07019df89190b5c07

SHA256
d31ecb9f944e21f97f37a00cfbe5db6bea55395e960edb10a291c5f080485380

SHA512
825ccbbe86e02f2732b2f3e99b736dcb432d76bf0fb85678fe27ee4ed0bd1feabe51499d8862e4bef5e26381b2d56a47ad2be8d94a4725616f8dcadf0e30c67d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
60c4315938525b6e84994d488e61e65e

SHA1
04f4441a69eb4d7d316701730a966e9fbbd825ce

SHA256
b130648c63dd8eefd03afec12136823aa18a2d045674fd6e747a5e4ec14ebc42

SHA512
83a74b686ef49574a7591529eada51fcbe412b2da8bdf3c01ad6cd274a899d86578392edbc7ee40fb41dfddbec8675f2fb406d01ab3c8f6767d8cadbceaa4bb4

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
5180f4e83164bd2067243a2ab1a5559a

SHA1
f91460227579e0a8569d018c998b0a4c87fb5a18

SHA256
7d799da03ac85f2f603c149af74d4e51eff33970fb12adfe550147c9e3b27964

SHA512
e5720e953adaba369a3f3234bc312c392dea1a3a0858112310a111506bb80c039d2653a91a54b310c0cc88693204c5bce24763e97335be17ddd534ecb7160994

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133650075301821617.txt

Filesize
77KB

MD5
b00983ac8825138819faf2bc129eda06

SHA1
40c8b8e81c83cee2725a7b3ce07eb4d21379bec7

SHA256
8ee54c610425b4ffa45357123bcb7b44cf570ff71a38745ed04dcbe3c82734d7

SHA512
2aba0d14f74dddf4b6ce5a4760ae1158ae52e4922ffe18d9d2afffe62b8e08aee94b5702883074e7d90eb0e743f428f1f5b1eb336e5316baeebd88be535d245a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133650075825463008.txt

Filesize
48KB

MD5
976833ad9657d45f357e312bac134569

SHA1
373b4ced486ba0058aad8c052d89a101d09fad55

SHA256
786b4efdf13e922f9398bf6a94b4061672539712c6054e176b0becae8904867a

SHA512
8ba83783286a4c52e9dc8adfa3588b214d3639e0faede48710a0a816661a562f90a6bebc10d8e184016af6de482c9ae7d402f3726ad61e819ba839467993e50d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133650084779760061.txt

Filesize
63KB

MD5
a7ac2846f59e4946ff3d1f449c54783f

SHA1
b06a4747526ad63c009c9b528026dd79198ed11f

SHA256
1d63de96180933304cb89faf4af21ec2a0e3764cf8a266150db513797a76489a

SHA512
b9c0e08fb1d17a80b188cfe361e4779df1725e1a3be1dec02b51a128fc85fc1ea1e2cde2596fe4a52c960ae1b8b9c50a221be9434f49b08c2723222d31a16d8f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133650087488853645.txt

Filesize
74KB

MD5
ed7d439c927d77d300242244424f54d5

SHA1
b411a9f2f88f53a4dc4ff34efec6f293baf61d12

SHA256
70f0efae7baf653d70a6acbacf65dc1373c49f104cafd81ed2aec049180ae201

SHA512
24ad7b1764310892dd6ed9d0b6d370d194ccee40d3cf63a35fdd232c7846bac295af0f68560e3f1878e54d554adb0c603557cddace6e9983ea7fe5c6fc8a2c0a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk.vmpsoft

Filesize
1012B

MD5
ae3518bcd2c1447b405540368659a868

SHA1
dded52352aea486b011367d5f37b40519aef008f

SHA256
3d22b0762659155a42e69f7def045060dba92ad86b359100906573e99c89bf95

SHA512
7c228b55a0acbfe110642c922e7994c1b75438045b7e2f4c036e5c6be5f273a56733d8058f6d144771ae2c52c98b30a2cfb2a8037bcc8a8ca081600d619c995e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
855af397bd378d8e384ee0f0bfdbd40c

SHA1
de72b8d7f2487db6ea1b56cd1ea402e8daba1738

SHA256
fbe81a9a3225234e6ec80b950df372c40e860cd67258a8ccd0f5a4ffcbca8483

SHA512
3d8b639d333f93a220a8b2c16e989b5d42dd746b1de40d6711b0ecde0da23a20e964d0d702f0cc2e254c5f9213447fc49560bf6f54517c18a72694ad86a1dddf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3bc238bd73b44da016b6876eb6b32db9

SHA1
f0274c4627dddda36efa36f374ddabcb3578759d

SHA256
6f65b2e4ecddf8d75fe6f4dcfc6d7aa1fa16039ac80e524829c8a9ea3eaf204d

SHA512
3e263c73a56bc6dfaa919e9019c4d664ddd2815df19008d950fd5af2881533cdc995bcdac11ef5a690043373e6c47e720f56967cb53c14cc80d93ffc482e97ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
1f577f9ee1e109dd0aa93d0b298a7bc6

SHA1
0feb7adde90f0749fa36b8ab791b8d9da7644ed5

SHA256
7faaa3cee046b26b6f88ba9b81eed987d162b5332c728a67844a4aea8a0878de

SHA512
d58eb9daf437c024427b0868c40f5ccb2b0d99bee3923c2c69e7d7f05b6eaf4fc7e2835260789d566af626e124c60c5da2cc9e07acf32f3f031c7a3609050dd7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
02cd6c5dad2931d01981175a4d32b3c1

SHA1
ad0bbac40cdcd65944ed2b02db5f7edc1b12992a

SHA256
c9acddb5956dff27e2638177e6af3de9e8facfd78ce8ed6add44f5c75c3fd02e

SHA512
be35700784e83db93a22fda858376873b01524cc3b90de23f39bea355310a285f1bfcdd017c8c774ec566d78b9d1f4ff60b965d0b3f8e66773f58eebf045a91f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e2fc4666fb782b418096d51939470e65

SHA1
82bcdc2e894c1e71985cea2b87840ae66245fcc8

SHA256
41f13d29a1239e5362b81d8ed2190bd198bf6b930e34133d08927f5910152962

SHA512
8401c2305b93b52476e93c13274d86ec97d0e48df7e67d5918682c3657bcd4ad402ec551440a3cabcd04eac257f44de8234a7693fbc93a838aae1c0ba8651eed

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d129d930536754210828fbb19cb0e4fb

SHA1
4526df5e219d00c60fc51ea7e710146fe4878541

SHA256
918a4456171a9834b1f27025f9afbe181c59ccd9121df8595f460461b6687866

SHA512
3ffd7aef5d89ed70a2dafd4b2281406dbebc19a048035085a85a39675d6d032ac8024fe30f4d7121e615a630f373c9d38fa5b039a3f61648f0787da0f701a90e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f989d088751bebab79a81c67639a573e

SHA1
d09d258c719aa2aedd7cdbeb18c90ef9cad2f844

SHA256
76087aac01c3e940b08ca07b17ede61bc26763e8f1ac9f2b9afc4e72472d5573

SHA512
3b83f049a99f2f1c98eee5f330ed67fd3be52d5a29948024a5907ba68d99e63ccdd8d901d05acc1f8928ad61421d88e67d9a0d99239c869a88cb573c4013e9f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d265dc1e5a02b15742f8db7a5a102eb3

SHA1
e42b068819fd571e114a5e1e527d6d5c2882f001

SHA256
e7bb069b0d9aafb13a794b33cba807e981c43c901b122c8048d0a1b08c298e54

SHA512
c8ee3fad9d8ff9b2747d87a072bbb459cb4103a0dde315f8de2e75a75d547d43cbc07919d15f78efade3c2e07993ba949dc4cda41bbf90aac4e15a97de300f63

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
2d773f76a958a0ce459cd34826ae00ff

SHA1
f4d5a6fa4e3f4023867e288b174e9b4f0af3ffe5

SHA256
7736fdcbca6d3b30efa84f6610c09115a7bc14fa2f6b2f8087f906245cd5fda3

SHA512
999175211c6b2326b91597769f273cbfacd77cfaaea377be242480f8728fe07bb4a1dceecb264078a979e8a779b46776c25b673942526beaad7d7b53525b15d8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
9d138fcb2ee7732633af25870ef966df

SHA1
2a59f79ce6f20db4194f4e6bf69a5f359fd60b70

SHA256
a5c69d24503eb5f50153d6422604b98b51bfe415db2b412487919205d5672f39

SHA512
ff45ae6119de9d9c5717244ce6bd19763709f9837e185d0a9da201da12a6f2fdae50e16a0b3fbf34a1860b4633ad64f21231d49a2eaa47f9cceae7d12e823c37

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
13dc883e61ca2aa489e7a7b31c598935

SHA1
9c461ffc72d321b8e84ba8f9da6ebae1b287f632

SHA256
ea6c7602b7909cc6d52dfc0e866b81961e964507be54fee808557d219a2757b0

SHA512
31d0d9f1d07f810a9ee2f285768c7fe0e37d1f00284e3ed78f7c7a75fe6d843ce165b1148805e99f151b2a62264538b8807ac2289b4eaf17347f16f500cb6205

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
45b1f3c77837fce6a6147bbd227827ba

SHA1
90d0f587fefd654e35378e610d6cdfed7ec0a590

SHA256
7b99b6095f804917759d860e7763118c26fb474398e4313a1dd45c2ecee7f8fe

SHA512
01dbb9d83b827c7328c6f07da99af63487fefa6ba022d1fb9d6cb6ce2b9752913f767c7e13ce74241d05b42704a2d6c0670db064dc9d17650ec6c7cd509b97ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
63e04d8fd50f732ee16091e31b764583

SHA1
6aafc99b09bf55ccf806b91b908008056fef89a6

SHA256
5a58a1e24c58493d595b49b0835564d8bc3a82d79f0f32be28cfa0cb89400622

SHA512
6c380316a1ace94f386184262134f483643705d332a674b672b4f329100d059089d26cd6cee5adb43eb536f9a2ad1856f963e0ed2230b7dc39e772f7571c5864

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
2c9566e8e8ba4da4922f85e318994ece

SHA1
663eb8ba3c21c11236fa03df5cbebcc14e265728

SHA256
18b79f661687003f8ed3c83ebd48b5cb69fdf49886d4d3ede28207a154f38537

SHA512
b173e002b370b20a1b363d7bd90420c1e1e23db47d9c4d4b067e2457aecf908377ea324c8b927149b83bc39d8dc3cdc56dda8e9632c36442efadcd3ced3f99b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
46dffe4781ac16394e94407fbd439592

SHA1
9f41b125c33274cd444e687b05094dce8bf01370

SHA256
9d48565e016fc5bd97b64cdbde631386bf6bce3a36d3122fee27318a8e20a92a

SHA512
d5173627b3786abcafcf30dcd91d07244159621ce481df47169cc1013343a117c62e6ed38f227ebe0ce342d555a4b1fae7a457ed2947878d3c71e828238937a7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
35e066b518be9ed28ee6254612f9c914

SHA1
c263da0890dcc3a9f3b54cf67de34768520bf4bd

SHA256
74ebb43ab8732b38be1407f5d9aafd1d24b774204773f66986e612d587cd1140

SHA512
b810afcf5f8c4651984f14684f31841b224bcdf23399fb6ff88e7d5d497c2306fd4edfb8183917e9d951075d0044cef61e720ba24b3c8ce5b4147ff14d2c7f09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
9526b2defede083422edb78de0ac746b

SHA1
c220cac11d39bb48ea4c8d1af687a4ee9a87ab56

SHA256
aa0825c0bd9cc927efc47a3007d31879602050e2673c6a3215946026497c4a13

SHA512
bc44cd5e145bc1d82ec8c0abf40f03faf69b7e37d1cc73e819f7ced139802af41a36c7bad4ef5d43fc4bf0e308456a95e10012fb2e1f4629545e94e976efa5a4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
a5924d27dc7a6f50651c8da8ed96d921

SHA1
dee7120d3087e4f617540c79b6f407f35cc898d2

SHA256
ab2e4c22eb203f8d58ddc6d36f0567bda058cc64fc5d10666e02c78db4c321f1

SHA512
d2ba2d0bc081f99a0c01949bc34161b89f9674aa9b6dee287cd0482739909a1606ded8f65cfeb0bbeb6454e2d60fdbd31d4780930bb53a65c960179c401747c0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
68c66181bfe2f53918d85bf2b486186b

SHA1
62f42f4aa03d99a2e84975c642d2086def500df3

SHA256
1ac57d3e88fe3952fa6d2e60c6c489644359f63c03e4f39bd87d4c8e19797f92

SHA512
71bc20c17c6ab47af7938dadda43bd2589d2b54fc5fd64f12635a6368c30c67318dcfe49b4b050fb5451cf95dc3a92c224d774d8266969c20457e788ed55716e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
dc8aaca8026f2b94036b4496afdf1d0e

SHA1
93f8ba4a2605db46653a6f706c95ef641eb4cf0e

SHA256
df5ab2a37891693772e8358a0485e607a8b3bb99137b8c1c1ab6792275b9d34d

SHA512
f7996a4e3045e91b7a964ffb5d1fe52fccb0245bf566712a95615a73382fcba0ec4e73c898302546aa550971bf05ea143e040f9c0cbcd138d62493c3a3369ea0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
5f658c34b213d580c10a93a869b94df7

SHA1
a17bce6af213e810e71825c37423f60d6d22eef1

SHA256
292fb5688d79963c57f48c4a5988caf7f9a46fcb9f8102344abce3f6ab8b51bc

SHA512
3212dad015394682460141d5ea2ad46fe9823fba10be0e2f28822674dc8d9781a03b38c1cf83791688c6b47ab3de50298d0b5cb47185c2879a639c43f3dcdc76

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
6621ff0ebed1a1242b344d446d102f76

SHA1
7d7c93a62224a4ea5f5e5ae7020e047ecb1a2364

SHA256
6b6090014180e1e22de2b5f76048afdf0255a76b7ac13cc294f483457d2899c1

SHA512
28acfd78b685aeae18bcfb287fe69150b561ab7fab00407dc31caef97d9edb902e95fd61ce32de31def642669e958a729afea146cf3747b29488b754e1f42be7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
56f8e1f5dd47bbec814c83dc47c0e7bb

SHA1
bd1ccd7042a8865c7616c47d095f8a8b0b3b2c7f

SHA256
c978abca69be897ed1258f349a30046571b07e497b456b8272dc758e880ffdcd

SHA512
2edc6df73e47e06ea174c61c2e722d9583dd334f93119c84dcd4dc2c441a9d530f25049d57f74ef140072ed5443f1c69e9cc876cead49ee72f31c8d68e96e6fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
9077d3d0b2fcd5efec69649c874694f1

SHA1
5852fb37406f769864f88fe76993e14b8fd73798

SHA256
b794a391d73deb3cbfb257a21cee99b8f0de693959e839f615c8fcbeeb51a510

SHA512
dffd53123ef3086c2b347ffce5b47fd5501c3f7f156a1d5d90654a1b7e74f4695644ab2bb7b714d24bc32540fd8e8ba9032a13b940c323c1a2c5624d6e6b0487

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
3c2edbd63c4e3dd78b6841dc38d8530a

SHA1
3c460db97134e63c7ed976ccf46a828c4be87aec

SHA256
feffd89a1ae250a86f55535b6d6991d2753cc3b5a4de8715980056c6986002a5

SHA512
5016bc439d76c0110e1cd7603324929024fae56b87c014ddc7e000c59cc4ef74ce9c02857db52e9c00fc93b521bfaeb892fa205b1fdf50c9abd2df12c3b967d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
af950b80d3c87fbc49a3d52a818f1a1c

SHA1
b9a3c7c6b5b1bee4df11f88fe15d51f3269b66a4

SHA256
e158351c8394231828b639664ee290c82c2b49240d0cf7047cb503bf2e0dbb91

SHA512
8f529761ec6ddfb405bef21e86e71d193dd2dfad84c1e672fe7f5f15a1baf49a5cfcbc29bb5f3385b7da85dba4801384d2772958706d65d1a85dd419821701ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
82a95542239fb0b6b07700f1541db068

SHA1
806b0b87c2fe2446f5c16527a5ff214dd243b114

SHA256
9e3344991b721b372b3ff1d09173d7f8f1d35777b26667339b69d5c6e17f4652

SHA512
f097c584d4f374342da79ee84bff1abcb1467291d6976bbfd45698ac743a5e1644117cacf88def6aa03c8e2e35c9def88116fba47a68ea125871ca6e1909651b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
40039dd2bdc6a339c0f6b27842267555

SHA1
226d69c2201d9e47065933a27f1ca23818a9e32e

SHA256
f49af8d421b2dcb0eb30dd59779bf7457136cc57e288ad8f3c7cd7259ffbde87

SHA512
d02ba78c1480a94c64cddfabe957c6699256e43c68278b58d2dc663e45b11de93c0e781839579d70ee6ca280cfec59e7fec7538a01ce30122d1d1736a4db4a6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
c120b4201eefc12d3f763c015f81140f

SHA1
502d6d53b13e485bcba1ce1ad88a3971288a2d86

SHA256
c90f6f832ab7f956f3cf8dd82b11c390757ac674750897c34ae143763520e45c

SHA512
037ad8474d70634568ec52c322782c1fe080e6b85f5eaac7b3e43324a25a99822d90f565cfd6b80c720249bf981f53ba878459eb8347419fdaf13b608f820d5c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
4d7cf6f2399ee981a5aea50281092285

SHA1
73e791db07034b78939ca59cf13279d018d37958

SHA256
761db0455560c727a2abec9df2dee0607243e58576208d80ccab1cfee962452a

SHA512
3bda20c162725f3464970310e9303ccf2ee70e30445cd40ecbab3856bc0e8d9ef75788484b7b6c9e46057bc6834098cf39e9acfa396de01c37c3475319828128

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
a29c29f07857b505d0876f3d1b66db33

SHA1
acfe24f08a018d231c8ed39a5150d6e170704ceb

SHA256
d5630073a8228f798b5b99c2f3cf6c419378c4c0ccaaf67fa7a73fc2af2e15d2

SHA512
a0d642502a5abfe7eeca2ee6e24a5e98bddb19b42cca63d0f3802d0f8ba2167c37f0c93af978e8f8b06d1c00707eef11b9c7a9fdf4adabd8699276293e8efb8f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
596f0b095f6b839098c2f0e8d21da2f2

SHA1
cb9190610ac4d6a4569a7b37a851abae88abd9ae

SHA256
94217718fb068d64206f04a69e441dee8a41e0b9b9dc471758cdd620f09b79f8

SHA512
261a49d46f8d10366ea3eef095d93f4e463a49d7f32cf2f20614e25f381ee758de30dd389b3ec2dcaf588fa55d67d054f9f808f482351b731086b242dfcdf32c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
0e50c04d3656853f8ddf65e23ab46e36

SHA1
0779b56bbb2c9793f63d783f77be7bbe026f1cea

SHA256
c4fee22456bf6543f0f84c9129d5be31db46a5de49395d6fdb5699b9110203bd

SHA512
4a9f46df297f7cbad7652ce56ff2ccfba51960109faba441e7673b9c0a3bd297d017f27e5d98b8f91760648a36f3392cc4dfa50bb68469845aeb7130c09d1e2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
0c56c264b6ca193633470efc069897a8

SHA1
37de8a65a330d1283367dfa609914322b5c0036c

SHA256
4ec01b48a05a882350e0f6ed3fc09353d7d2df923a8f7f078a7d90f8a255e553

SHA512
af6c39cd12667d032e900e00e9209b8787de579ccf28b60b5d3dea64ffa8602ac9b80055e8e29e543828634face81d7206c2386c615710c3256033061e2f7da2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
6c7599e0b580b86def6a71cd0d1d6e5a

SHA1
5a0a89418896f2935c21873e4302938b14fc7b5f

SHA256
25c4dd63bcae2f66ac80387cc1ccfd0558f0d17fb4691104bdf109c4aa6ec92a

SHA512
9817585beae4e669fbc10c07063cdbc6d5af654cdcabc31f2b520374e5c6ba49b9a72f5949e8a6a7e4de83b5f9e6c5d2ca337ade739410a4f148f3bc1aa3e6e5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
55452824cccb91343f262beddb9734e7

SHA1
358ea3efc84c25764756e610e301e7757adf925d

SHA256
ce1fb1db6a4ed3a6296681900d2a6544dc5ed55bb6c93a19492d9ed3761e4658

SHA512
e3dec6f1ae587bd73b47ba285c7baf78ce60777ebf5fcc2443f5b6ab637cb0066d0881915567687ef2e4dc3a0c6b99af4cfa2a04b2d0e04a28ba74ea4161501d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
4138e18743a94e3a99c181b237ce3db6

SHA1
474c2b6a2cf3e3fca06fd7dd54ad580f272ca87d

SHA256
51466978a13528b17ea3ce1d155798715d8b49ed2df3af64bfa90cf7c7ee8044

SHA512
a1d3a2f51fd2a36270f1dce9dc455392a2633fb70cf89f9d478d7698c17257fb2a8fe20ca16976f0cfae11c291b2c59ab63e929c0655706ed4803a2a11d7bd20

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
9aa4f4c99e4f7fb19e495ab1a45579f0

SHA1
57571e17b4345d8d980a2d6082691f30270574fe

SHA256
64f1c3bc079f9784d4284f5d513394459f81c91fb27840028ec7fd906acc0610

SHA512
14449dbf4b0f43dfbdab6b2da12140be1b00228f922a8cda172aae1cd69e119daa268080c85b1686dd83dd3ad24b092c7868b9a602d3bbb95c22eee8d0169a52

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
890de1474d9ace403f3b893284a9e990

SHA1
65ec250e8208afe279b87753a18ce60be30aa9b1

SHA256
21ebc7510f8ca8155dc687847e4d8d844e36486ec9f95c7b28e1665e2044fd67

SHA512
c5bcfe41e4ea26eed428dd56edd7fa9b30de95be6bc037f0e7e639d045d0d2acef45e3970fb00a7c138df9dea5a5104cced133cc102a3fb15b025849dac1f182

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
029b765149dd24971989a4dfe53d102a

SHA1
ea092436253b427e4989de244fbef554a285a5a0

SHA256
c9de2ccb1b1a1e6f598c5f77d7c7a46dd1928c2788d8c8339458c9d2fade1ccd

SHA512
9866ae973eb2e66e95e75178aaac2495f4e186444fac2545ac7d437d0e59d95b3022ea93ec9ca2a50f291775a855048aa01bdd0ffd3e7ad55ecf3f919473c0c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
ad02a6e78f37a96e8aebb05ed85b89ae

SHA1
25d986627e05285d0ee4dc4120ac7a51cd4e4d22

SHA256
a171b440e140da2fb22775ee90d0c56f6cc39cac05e92b53b7e754f59aebe90c

SHA512
bd2aed3bd7ceac5c4d04c6544435a94c639006742f9599fa44ad007136ce8e564a4f7300749e66e9f592ed539460e8bb2e18c9a12fa5791c2668deedf7cb88f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
5a06881a0e45e2e133153feb37de8b84

SHA1
96960466a97a31efa8e61ef2d4ea66d90b89c210

SHA256
0dcb7db614d2b6f2001e046c2fa8e21817f6a5294d2ed6abb343e0b95abdcbc1

SHA512
a4340c392ecca488a332d11a379c9db411f4f4f05907c4c157e2df17e0db677d4e6fc60993cf0fa1ef8df240ba8e4c4b74ad3242a5a8aaf3fc276f71158a7ae1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
03adbc9b373242777569d68fc9584251

SHA1
22276c6e350d6c0a64dbec7727a32a87452d9a7d

SHA256
003a8e3a8c5e03218cb1f57417084c23ee4d38d9f64d7d5d5810e6f76505368e

SHA512
4c9f06fd24089f7798d82211b238e1979db420de26fca962bc6e5fd08989ac8f75e6ac06899572ccd6847b7c61cf8e08a5c1858a2fd942ce6695a121d6246e5c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
1797ea84dc85f30b70a39d122615c394

SHA1
7ec0539875488dbb9f3ce5e2358e79004224f29a

SHA256
2cc6b9f8e7e211e29b7844f5e8cf22995d5920fe3fa3e83302613f72072608c9

SHA512
99f89acfc75b491ce37c203dd76f53e042159f3cd3339ece1542b36a1bb098406805548fc97f6eb35ea4f386d74156d91b374996487bf6603c77f542f0c78555

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
4ac66a550479607d0924e3d1d33055f3

SHA1
92d234b7153d9825c92a2e1f0abd6e29681d6dec

SHA256
5fd5d073ca54f266724c7eeac9fb48599570b0924e7109d2fa51fef24705001a

SHA512
da2246779bfc7a6b5eccfdc59f86b4195d9e1beb5144fedf2e4b8f0084755a7a3e878c6087d7fc6d9f0e84495e3fc20d9d71ee5070d0c233384b54a807355346

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
ab678a1a2429031d5f25080a5d59e2b2

SHA1
9dd00a222986e2c805ae43aea5cbf581a5c8b818

SHA256
41cf23e32e07bf76da939faaf61d039a3f07979620e8d287ad7ff8bb1f031e41

SHA512
6174af0aaf091d0261cc3751391a55910ce699f2cd53cdac64bef2721cdf9ff1fb8b7082e4764d4c8e3af1709ab03de3fe389033a7f6bc94e4f809e8c35d3071

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
2938ac41a0b68df9656fcfd220452a30

SHA1
fe0d8a8e16d6a8fa46d97d3dda2d2735352a075b

SHA256
2a7d6daf1d42efd74a356dcbb9c4f83acd39e0faf5654b591c9f231d2344e885

SHA512
bf46045f71cdbe82a4b8f922cac7c4fb748fe8990454c8c9ffea90dd8b048c5485908582a692b9f2290b081fcdc1eb537704adfd4ce4063d259b918a3d178e8d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
175f656ef8ee3761a2bbf93d965d6290

SHA1
2bea641eed998280bf8580e0f965562f5b3ff1dc

SHA256
cc54b005a2a86593f2b6c68d5b013d3945a224e971562f5fde45bd421f5f4add

SHA512
fb3bbe929acb6fd7134075159afb7cafec575e64d1904dcdb0e8dd9d65591c674afd59b267033ad7cc9b4d0ad6af68986d395eda22486adea4fe327405520fd0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
adeee7452cf1b581458cd1eeb2aa9c25

SHA1
364a7b10a53b1f28dedc3e67e9f6ff2be3e450aa

SHA256
d64b89adca2125c94b25e58d0a3a270afd34d4ad289742c3449043eccd0a674b

SHA512
d527b1c3a4eb6efdc2bb9e4f618adfedceb73a7050c0754b8ee21cd6804f8119f7b7ca2fec65b0b90cee29cab71fdc01185904b1ad6fae364af9548efb269644

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
f2fbd4a3d2e0246c6a3478babbc0b7ed

SHA1
dd9ca4bf8eef7cac2d480b96d313de237d09f688

SHA256
37a8f0555c85efc18c797ec228e448e0179b9d42d2128f570c337ef75514cd21

SHA512
36c33002cde3dc39caac106676061291e5f0f4b6f18026b85f8abe5c767e1dcabb5ed18dcaeefd0dc00031b29c083db84a5e630eab896367195fca31450129a4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
adb45e099f5cf7061fd2140c38c40f98

SHA1
6c013ade8ec4f36a052a2a97bdbce138dc460498

SHA256
766ce969e103a70b7f07d21f6ebe64f938965312a477313aa8d86f0d4529c590

SHA512
0b2aee677144c4d0fb1b2ec9001f2bd23952b9f450f55bb5d100069530da559a5774135b2c650f8b5a8f71374d3158dd5fadd803d31b23e8c27c4d8dde3222a6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
93bb08ab8c88fd846da573b79ea3d834

SHA1
833b23c29928ae9a4519f939ace7a15a8c8cebc9

SHA256
518dabfc0a67484a980eb2bf6ae02f0a71c7cd26278d12a1110a8c9058894a9b

SHA512
0d1ee32e96934f2b0473654163581266cd557d649de26d74ed03500f1c68d14dd3f8f65bb551ca2b436f679514a9e90c8cc5c50c831e8c8ad06a92b3d4ab9a7e

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
2c0e73bba82b9df37f7c4da522795f84

SHA1
fcdb569513acb789cde2312eda7723f3e3471309

SHA256
6bdfbe57f6649d4d5eadec1d3a8f2af6a05a4fb02f068245d5aa71b6587110c3

SHA512
eccb8ecd6be05c706dc3c2aee1fb5e68b727eaaaebfcf122658d135db5c1fa2cb409214d3a59785590181290da507e128c5634be5665d34ef76335782431e995

Download Submit
memory/3956-2-0x000000000041D000-0x00000000008FC000-memory.dmp

Filesize
4.9MB

Download
memory/3956-3-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/3956-11387-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/3956-11095-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/3956-10483-0x000000000041D000-0x00000000008FC000-memory.dmp

Filesize
4.9MB

Download
memory/3956-213-0x0000000000400000-0x000000000125A000-memory.dmp

Filesize
14.4MB

Download
memory/3956-0-0x0000000002FA0000-0x0000000002FA1000-memory.dmp

Filesize
4KB

Download