7c1a1513ae242ece2f964779e1aca19db05d2d9804a1e1e61980ece32401ca89

Analysis

max time kernel
75s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6A19P_razrusheniye.exe
Size

20KB
MD5

0989843627697f68330485e08033bc3d
SHA1

c313d0d0476e85b4013436d34641be930c29f394
SHA256

7c1a1513ae242ece2f964779e1aca19db05d2d9804a1e1e61980ece32401ca89
SHA512

48afa380d0726b6660a47857af65668117f363762ad231d0ae120d7d5c37478a0276114002f7a51f99fe8dbf8b26066d1c4be498a4abe042c0358bc6269aab84
SSDEEP

384:ThepVQkCBbX1V/IxzJjWigeY6doSiKkU+aon3TcoUURdT:wpwfIzlgjyriKkdo1U7

Score

10^/10

persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\Camera Roll\README.txt

Ransom Note

~~~ You became victim of the razrusheniye ransomware! ~~~. Using AES-256-CBC encryption, your databases, documents, photos and other important files have been encrypted! This means you will not be able to access them unless you decrypt them. See for yourself! Look at any file with the .raz extension and its content! You cannot recover these files yourself. That's not how cryptography works. Do not waste your time. Nobody can recover your files besides us! If you fulfil the following, you are eligible for a 50% discount! - You do NOT contact ANYONE about this incident. - You contact us in UNDER than 6 hours. We can decrypt these files, we can guarantee that your system will be just as new! Payment for the restoration of your system is $70 (with the 50% discount it's $35) We can restore your systems in less than 6 hours if you pay now. However, we will not decrypt your system if; - You go to police and report us. >>> If you report us AFTER restoration, we WILL attack you again!!! <<< Do not delete or modify encrypted files, it will cause problems when restoring your system! Send the personal ID to [email protected] via email. We will provide payment information, once payment is done, we will sent you a decryptor! If you do not pay, you will NEVER get your data back and sensitive information will be leaked online! By sensitive information we mean passwords, and similar! Q: How can i be sure you won't scam me? A: You can send us 3 files (not bigger than 3MB) and we will decrypt it, and send it back to you. You can then decide if you want to restore the rest by paying $70 (with the 50% discount its $35) >>> Your personal ID is: F5GC-T8FC-K8OH-84MB-CERR-7W2S-LZAA-YHN0 <<<

Emails

[email protected]

Signatures

Renames multiple (5639) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 30 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\UMDF\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\it-IT\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\it-IT\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\de-DE\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\fr-FR\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\gmreadme.txt.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\uk-UA\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\es-ES\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\en-US\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\etc\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\en-US\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\es-ES\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\de-DE\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\en-US\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\fr-FR\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\DriverData\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\uk-UA\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\en-US\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\UMDF\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\drivers\UMDF\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt.raz	6A19P_razrusheniye.exe

Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

persistence

Print Processors

T1547.012

description	ioc	Process
File created	C:\Windows\System32\spool\prtprocs\x64\README.txt	6A19P_razrusheniye.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.raz	6A19P_razrusheniye.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\README.txt	6A19P_razrusheniye.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\README.txt	6A19P_razrusheniye.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock4.inf_amd64_bc507add47f436ae\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\TRACERT.EXE.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\@AdvancedKeySettingsNotification.png.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\it\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\MdSched.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\MusNotificationUx.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MsDtc\TestDtc.psm1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\spool\V4Dirs\EBDAF76D-20E6-4FDA-8569-5EE133F8ED5A\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\PING.EXE.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\da-DK\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\esentutl.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\NetHost.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\Tasks\Mozilla\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\typeperf.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot\SecureBoot.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\ClipUp.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\netbtugc.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ServiceSet.Schema.psm1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ja-JP\PSDesiredStateConfiguration.Resource.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DFDWiz.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\ja-jp\Licenses\Volume\Professional\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\Speech\SpeechUX\it-IT\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\F12\uk-UA\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\Hydrogen\BakedPlugins\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\ksetup.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\Licenses\neutral\_Default\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\MSFT_EnvironmentResource.strings.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\ie4uinit.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\systray.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\mmc.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\license.rtf.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\F12\Timeline.cpu.xml.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\MSFT_ProcessResource.strings.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\fr-FR\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\cipher.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\fr-CA\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\PresentationHost.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\fontview.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\MusNotification.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\NetworkSwitchManager\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\WindowsPackageCab.Strings.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\license.rtf.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\cofire.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\Amd64\MSPWGR.xml.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\Com\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\MSIPP.xml.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\UevTemplateConfigItemGenerator.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\System32\WindowsPowerShell\v1.0\Modules\WindowsSearch\es\README.txt	6A19P_razrusheniye.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\TXP_CarReservation_Light.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Windows Mail\wabmig.exe.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSmallTile.scale-150.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\MedTile.scale-200.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\ui-strings.js.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-36_altform-unplated.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\2876_20x20x32.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-20.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\PSGet.Resource.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-125.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\1.jpg.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\ui-strings.js.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24_altform-unplated_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_contrast-white.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\MSFT_PackageManagementSource.strings.psd1.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageBadgeLogo.scale-125_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-cn\ui-strings.js.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-140.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\nb-no\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-16_altform-lightunplated.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-32.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-30.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-400.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-24_altform-unplated_contrast-white.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\SmallTile.scale-200.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-200.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-32.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\1C4F8B62-4D78-4948-8B5D-5969816D23EF\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-400.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fill-sign-2x.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	6A19P_razrusheniye.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-60_altform-unplated.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\README.txt	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\AppxManifest.xml.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-48.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_altform-unplated_contrast-high.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated_devicefamily-colorfulunplated.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-150.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\SmallTile.scale-100_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\ThirdPartyNotices.txt.raz	6A19P_razrusheniye.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png.raz	6A19P_razrusheniye.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-gb\README.txt	6A19P_razrusheniye.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..on-onlineid-runtime_31bf3856ad364e35_10.0.19041.746_none_26823bd61b21aea0\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Printing.Resources\3.0.0.0_ja_31bf3856ad364e35\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Splashscreen.scale-150_contrast-black.png.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.scale-125.png.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools.resources_31bf3856ad364e35_10.0.19041.1_it-it_4a7311aed0e67bb1\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ettingshandlers-pen_31bf3856ad364e35_10.0.19041.746_none_b5db20c677eadbd4\f\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..resources.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5eee870a3c6c28c1\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_nettcpip.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1fe3d891ab30990\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-packager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cfa9425698a035b2\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_10.0.19041.423_none_e02c324d08969a68\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msports.resources_31bf3856ad364e35_10.0.19041.1_it-it_1d9eb3c049935763\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.964_none_21f025fe4ae682b3\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.19041.1_none_962bc7b24e8d9f3a\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_es_31bf3856ad364e35\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\Media\ding.wav.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..figurator.resources_31bf3856ad364e35_10.0.19041.1_it-it_0369e340ceb29441\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_ar-sa_58b92c100a6577eb\f\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..lity-base.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_152af6b06813ca6e\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\assembly\GAC_MSIL\Policy.14.0.Microsoft.Office.Interop.SmartTag\15.0.0.0__71e9bce111e9429c\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_dc21x4vm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_3b0f1d19dad31335\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_10.0.19041.1_none_f0510b72ed025043\RS_ResetIdleSleepsetting.ps1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_10.0.19041.1_none_7bb04eb43a16f528\TS_DefaultPrinter.ps1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ldap-client_31bf3856ad364e35_10.0.19041.546_none_db8a38e9e99bc04d\f\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-xbox-game..scription-component_31bf3856ad364e35_10.0.19041.746_none_a056b7ee9ad5989c\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_75a8272a05eb1672\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_10.0.19041.546_none_4f785cb38143df80\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-profsvc-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_d07bce8112bafeec\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_10.0.19041.1266_none_a4b3db427ad98ca6\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-enrollengine_31bf3856ad364e35_10.0.19041.1266_none_17fe6387a82e5ee2\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\x86_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.264_none_66e0b708f017bc79\I386\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\diagnostics\system\Bluetooth\CL_Utility.ps1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\oobelightfooterhost.js.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..deosettingshandlers_31bf3856ad364e35_10.0.19041.746_none_e2a8d0ebfd7d4f71\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_mrvlpcie8897.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e2a54d13b666f460\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..sions-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_7370f7f89400621f\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..sc.mpeval.resources_31bf3856ad364e35_10.0.19041.1_en-us_326cec1099928add\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-bluetooth-service_31bf3856ad364e35_10.0.19041.264_none_ca2ef6871bfbacb8\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\pdferrorofflineaccessdenied.html.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_multimedia-rrinstaller_31bf3856ad364e35_10.0.19041.1_none_c8deb9da2cb2458a\rrinstaller.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.19041.1202_none_908b22903a403149\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-x..lugin-mui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_98ae1c0e66bc3de4\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\diagnostics\system\Search\TS_FilterHostCrashing.ps1.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ionengine.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_41bc0c61ace426e0\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setnetworklocation_31bf3856ad364e35_10.0.19041.746_none_ed1556d332a211c4\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..mpattools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a5d30ea02604c52e\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.264_none_df4a5f86ba17c864\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-view-provider_31bf3856ad364e35_10.0.19041.844_none_3e9a7f12f93f79a4\r\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_32602d1a95f90be1\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobenetworklossaversionv2-main.html.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..adam-core.resources_31bf3856ad364e35_10.0.19041.1_es-es_37755db61fb352d4\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1_none_63e4d70575e86068\setup_wm.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..an-plugin.resources_31bf3856ad364e35_10.0.19041.1_it-it_51b3ea8b079cdfbb\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_54a73aad2cc2f922\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\PrintDialog\Assets\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..rting-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_8c918152aaddef74\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\Media\tada.wav.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inputswitch.resources_31bf3856ad364e35_10.0.19041.1_es-es_29747dadd91a70cb\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Ignore.scale-100.png.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_uaspstor.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_cd99dde8b91b1930\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-offline-amcore_31bf3856ad364e35_10.0.19041.1202_none_b9662ef4fe1412ad\f\OfflineScannerShell.exe.raz	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-t..ngservice.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_be1c4e03b403630c\README.txt	6A19P_razrusheniye.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..t-winproviders-appx_31bf3856ad364e35_10.0.19041.746_none_25ae87d60ac5b686\README.txt	6A19P_razrusheniye.exe

C:\Users\Admin\AppData\Local\Temp\6A19P_razrusheniye.exe
"C:\Users\Admin\AppData\Local\Temp\6A19P_razrusheniye.exe"
1⤵
- Drops file in Drivers directory
- Boot or Logon Autostart Execution: Print Processors
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Print Processors

T1547.012

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.raz

Filesize
720B

MD5
83d3860909532409db3984b5a35a10c8

SHA1
e6412d76d76c74936064cf55a9d3d0a2f2fbd78a

SHA256
0f6fb4c0de17e8c2b1273e39fe040b5ac8c9459147482202778b23974c993211

SHA512
051616008bcd9bb2d78ef52c715fbd03f4ee112902208883d542334c460ff441818647d19c75e77deb3f537af164f2e1968cf12397258c8d5d056f1444f206c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.raz

Filesize
688B

MD5
71cd954515f3be4d7f0f1a78fc27d2dc

SHA1
3cf3ba327428f20a4a0f93d96a09260267681250

SHA256
4931a4214d31259e342b6f0db91fed526a921f814e9c5cb9b89e4e02d546b202

SHA512
ab44f1ecec253c50d58b0c19f33167931633d7f5075ec400e4cd8718cd8361a1f4a595c8bc4c1041c04f35a36af5ec658f1e27f35548d9cc2ed19f01add7add8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.raz

Filesize
1KB

MD5
d4c12f145e6cb9c381e79e7a5dd888e6

SHA1
f4534b4b6bcb00e781bdedd6a148f5d5b556b690

SHA256
5cb8e8b2219908c06b7771a13cb5e4d6c625694bc992e6516d18896b2619ae32

SHA512
75db3e794d53e61b0e590715e9ac6851c0558366088c74166be0a93d6a243232021bf4214908ecfd07df28b4f05c492e799eddc5ffd42233a014937dcac94327

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.raz

Filesize
448B

MD5
6d26df17f02327c3fe5d317094b7ddd9

SHA1
d0bebe922d3473433f2ffa7bbbfd7f328f9e8f6c

SHA256
f705983fec7c488b33b7301baa5f1aacc762466e2ae3f3c1c140d2e9169596cb

SHA512
acce0f4f5db38cb05d82470071cac6af57bff0bd1da812120af3dd611c0d481c70b4a5fffb4e04e106acbbc8b4f43354d254b99990f1a0c19f9e245c7145382f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.raz

Filesize
624B

MD5
fc80f99450dba8c73f9fdb080089103c

SHA1
180f738298e28cfc87c30b609e8c77572ec65cad

SHA256
f7f7da574fc749249fe7f76e9cc74fd81ec8615352c699964b60d0f46300e76d

SHA512
0edb2009cdead93f1c50ce5bab9ed954acb2025f1330c64caea75ec1a347d364a75b2e9751a8535002a59f9dc9bdb657665a46bd911274c83b29b5e49c2869b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.raz

Filesize
400B

MD5
d899e3bcb13b7e24846477049ffbf5fd

SHA1
32f3807a153c79246a11498d0e1ae7c608a3e7d0

SHA256
4e7dc09a682ee35b606f6a6f6fbfc14877d7fd3c0c4c2ea3cf548b6242a8fcc1

SHA512
2b122727fbbc7b318f4c4f5e343098fcf38b71d71c683ca00a946d3be657a4e91e2b528deaa25134340ed4d6bbc4a1dc925c3960a3bf545ff1313dc90ab6e5f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.raz

Filesize
560B

MD5
b1bd81a226fae80c22d4c0891c54e1be

SHA1
7e2e6b5f06ce49a818490003142e7425489bf952

SHA256
20450dd146c16776ce1b2962524a76b14d8cf9628df39a60a1e1dce0b7680260

SHA512
d3ea770b8aee9da7b1c8e0833a992b5a57b4c11ac982f4723b2ec272271238d673f5ae3ec416646a66e6a5a461b227783970abd658d26512fda93cf24e07e38e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.raz

Filesize
400B

MD5
3fa1f5ea80c3ab176a7a9875e133bff4

SHA1
97ed9422788b3798143ee4f33f6a8031ef807a52

SHA256
587ebc88a4ef50e0a0031cffa507bc30d99b723c33ecd226cb57bce9d9f0d210

SHA512
15767665248677749682321a7f6cfb99aedd13b325f79f958e730737ffbc8f62907a8a8a2a145270ab3f7a9c51084793c77c62fc0e3fdfa70b59a333beda2e1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.raz

Filesize
560B

MD5
295185138d65c5e96a781b67522d406c

SHA1
9c342f64f8b97e9640cc3e084cc5526c103e9406

SHA256
6403ea3d68b8b0259d19abfb23167077062d61d3c9dde40248ade4f7afd8e97f

SHA512
9122ae1cd2eed8952d9c6a258451ee058d7630d3ee1a8baef7f1e37254c34e3e3c7fb5d6f393197670ab99e006c11b250efb20e39a997034e583ff2d80eb57a8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.raz

Filesize
400B

MD5
abbab4a96020560471e050d8b8cdeebf

SHA1
8ff7579ae16b6fd2eb825c4c941358ef891a355a

SHA256
f548494fcada421f02387b8675b9a0e619bfb84252d14d29e7c21da2c6b1de25

SHA512
e7a67bb1524067a4b04165a8ad6d9d901252ec301fa0769e268a9289517d936f81cf9dcb41f712e564deef2ba11c2172d6a0d7e00bab70efd1c300246df6b5ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.raz

Filesize
560B

MD5
43461dbe750bd231282f2b1088c169a5

SHA1
8e471de6d6bb875c3b6c986bb7d0bc13baefa79a

SHA256
d30d968449d19eda38df7dcb550c4f1b48705cba859856351b975599d46abcc7

SHA512
c03594671aea230fdf6d144dd5bdc6cb5acfafd9cae3443abcea121715a4db9375c7bec042229101b7b1dc7fed4b2ce75ae9ad29ddabc79d75b9a6ea1057172a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.raz

Filesize
7KB

MD5
9e18e34b9da15755eb2d259d564ad8a4

SHA1
50841e40145d0df2ab3612cbf15c53dc95fd12d0

SHA256
7779c873e30d3adfb5df587fa35f0324f50bc549da39075c0049994a416b54c0

SHA512
145d1065f694b1a90c10ec57fdd447349b6cedfcd961d17147570c9b38f754ffbc5efb458b0923032d6fa004f1821d165ffc501456ba1cdab114465e797080f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.raz

Filesize
7KB

MD5
2f0eb7a3e1f8930587deba8bcb239e9c

SHA1
c01f56f7a4f436fa0ae28eb885add763da3c5947

SHA256
9a44b04fcf8ec581fbe00daae786b8eb70a20f2118db71d851b7499795b01f94

SHA512
502ee3ecec80a9058c0aee43c25aac242d336a394383f08bfda7ea9b18979e8893a37c9efdc8ed82f861a94e24d5d4c914f1b66ed9abe6e61226033a094527b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.raz

Filesize
15KB

MD5
b01a2862b1a266184a4fb307eb7a4d63

SHA1
dfc32bb52cb1a0db3c3d29930c55712e97d930d9

SHA256
58821ff469393fe6adf5254810d096c5fbcb4b6d0e955953f95fc506abb19064

SHA512
a2a0909bcfbeeb36c9a9bc526ebb25c6c68f08619b05978986997bf895e86f9f8f3c8b62bfcf175e80aa55710f9963d6b463a8a760b4c6c58438663c84c43a38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.raz

Filesize
8KB

MD5
78f37a79e26868f30ca55563fcd49441

SHA1
8fd876f4af40fcadc1ccb393aa9e7505445684c0

SHA256
21d75022ce3fd85184dc154639040fcf11e7c594fbab93f01f698791a193a5fa

SHA512
93b80341afe19fe5b003d6a6788a66b9c8ff2ac62370e0f8ddd54fdf3b8c5c02d4b85845b42549baad61ed54a1fd1c42deb947586f1a756fac9195fa788ff444

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.raz

Filesize
17KB

MD5
cc9b30f760282bf20175c8cf6584e8ec

SHA1
b0802f1e18546788235ff090683a5a60713bd6b1

SHA256
dbf825d28814bec1de86a98ae1d7d9ad303aea4811757627591184a9183d30ed

SHA512
05ae8322ae86218a0d3ed6ef80bbb73c5983ef5881281c21569108cad620212c6d2da193c0934642a7a604cd6843a892c1d65f1f5f25e4a8b8d333ce5e51ec8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.raz

Filesize
192B

MD5
96fb21eb5bd517c2717165fb9c2a8fff

SHA1
d82660e41829f637502ad3afc08457fc71ed4d01

SHA256
790551603c1662c27912da533b9f8b6aef27c707daf894a84e41e196837aebfe

SHA512
10372681e3019e52068350e546935cf5214823ed031cc6f1ed3fa76cc3db93119ae1d91e1f3e9e9de1ac8ba259426627802c0ed626c104c8bc652695bed95ad6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.raz

Filesize
704B

MD5
9bee5f25405a249820c51814d44a7f12

SHA1
a88c248dcbac3355107ba37bab06d205b90cdd27

SHA256
3061b10c940ec0077f6e1d6f95f371e3a952c69d944f4a9bd3882591382935a0

SHA512
a70fdb7889838f7f23da809001f32df4036d0577a852cb1f59fcaa331c87bf67e42ecc786adcd1c9d7cb28238b23013bceda4abbf77359f9e5e07c7f8a584b3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.raz

Filesize
8KB

MD5
6df8156795f499b9f6ab27c29110f89e

SHA1
f011fbb8533949bed18d6ef7585b304dd03cfc92

SHA256
8ad9fed7d3f32e8e9781debdf056f3dff910e639c1ef7551fc99f63b597c30e5

SHA512
ea152203893a1c73be933da77292a0630ee1676c67d29e953e56bd64c0fe0d89a9e11ee4d609db985c502824b74a8d8646787dcdfc921f39dcdf9c2269d1303b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.raz

Filesize
19KB

MD5
ca4ac1805aa53f8986a1955933103a83

SHA1
aaa6ef8e912e3ef525ed220112f2614edb013a79

SHA256
91df27d234b23816b9cd7a972b6dcdd7183921476f097d83a76d921f2d5e8f77

SHA512
81ca9d8abbd3b47deee66da7f10f19cdb66bca5bd5790bc51ca398a9292a061f27496011ff4422c5bd7e48bb4966f4f26a4b913ee974b8eaa2488679401a9bf8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.raz

Filesize
832B

MD5
eb44aee329abfd09a7df1832e325d44f

SHA1
e5acb9aff71a1df33ef05afffaaaa5759b5fce3b

SHA256
3ae969898529224c1d84d23f3f098db78a802b9f8fe87040d8d3f92f99b3316f

SHA512
cb35fb28ac5954d6a306d7b1851a5dcd8771572cc181ab6f26df960f7e361a095e2215bdc6a2556d704f1f319cc73b249a818a389fb29f09ac46ebad2b0120d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.raz

Filesize
1KB

MD5
f7852418aad2a4518f37426ec78f878b

SHA1
6231865d716ef41329ffd873da027d263fc695ee

SHA256
9b07b896d3167ff203ef65f42aeb9172a0d971dad107ec58b96af5ec87e10e15

SHA512
3166a713f7bb47eb382747dd7c63c239e1c41bddcdcfac5b0fd2e12301af406bfa399774692cb7cca4f730891c8ad09be9506b11d90e1ca5fc3bc295502d3fff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.raz

Filesize
1KB

MD5
e5d8ec9b673806eb71877091af4ae6ca

SHA1
727e057464b7c025fe214e6f1f999086184a0ce0

SHA256
18f0dd84e8611628a231554700c0b5740764265cd69b899eebe8f92f44540ffc

SHA512
49a63b3d63515ca87367e7e75523a7df6dc2e565145feba90dec868a80de7e9c59030436adf67e3cd6c798b31af84eb81b77a028b0a1f92c3df167e7b328f40c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.raz

Filesize
816B

MD5
5fc3f942936855797cdf6157367978e0

SHA1
6f7e769d51ead05bc18b0a1bcdb93272a4328937

SHA256
3609e67f44a3eea57ff97e081dc2b911ca3758dac7495615c526b284ee6c81b0

SHA512
220bee43227dee894b61bf6213278ea155a22632a4369fb1faba63de19be2aebc05721af9f371c0ec1b8d3db6562b192c455082876c70311368d6e3baa1b07cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.raz

Filesize
2KB

MD5
e0c7f0ca3360cf1ca6ffbd5ac37aac1d

SHA1
86c6f0edc203570dccfbba4e7939f588dec44bc9

SHA256
39ea964453bf10b68c0567169869abf19035a28d13961f963407bbaa4fc5e434

SHA512
395236075875688de917b4a2fc011f7e4058ef1f1b0d5530e7f9c771d132121fed2be06869f02397436f751a4893cc541a5d4ac26f83f61170d8c2534b72435e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.raz

Filesize
2KB

MD5
26847186f30b2b60587b8db140939412

SHA1
f96504011b67ccbaaf1125e0a6d8b819b27ec394

SHA256
5fdcff0259c98bd48f4edf41dd037f8e723dcc5f6430786febf95f9a14684a18

SHA512
e1a537962c8ae4749f9525a46427236045393b5efd8ee37c08f4d4a34f34e73b945ee2932da8dfa09c9dbe519ea733597406c95b64a75db56185d4ba544f71a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.raz

Filesize
4KB

MD5
ca3f19378b82ad9421c77974b514f181

SHA1
e9078ba013476642d40ba9a9e0fea556e5a1b6a6

SHA256
fcc7ca0db03939e884f29905ebf486fedba97fb6bfce733c1adbbc4b6da638da

SHA512
eeed2fafbc71d127ce6abadd16f2b82d3ad24815b8b786992065a902306ebfd02c41c506fbe7d7575fb82c53b4be28c27cef62e7d9b7000a69498455d7234912

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.raz

Filesize
304B

MD5
304ce4eb5d9fae8fcd5bb6d000183dcb

SHA1
d591c787da4220245d762cfe7d2ae109d2002ec9

SHA256
9fd1013222b9face9d1392392cc0ba1cd16b38c8baae62f4b7fa392082ba85c8

SHA512
2139cd342771da354bbf72786c42ff8ff916bfb7da31b6d4b8de6edc46ed0cf3ac95e181dd84c599250be14c953217f26bbc54cbb7d11bddd20f18aba1cf5258

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.raz

Filesize
400B

MD5
f46ba92ff75faa8a7ad34535a78a6ea8

SHA1
d5f9c44b3de8f13cba8df1fb0a0ed00f0262b3a4

SHA256
65822004a608d6cd49c83cd042c25be1d7789302fbea616cdf9f3ecf3e765587

SHA512
2862350c622fbeb5def5273682d56be4bbf6ccbcd79aafab3c3be1174d53b760e73f77c7e3c92a2202435ef85c1487cc483fc54da784c089988fb8a83046d74c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.raz

Filesize
1008B

MD5
479b4be81281982bb15f5d4e0de15c5d

SHA1
e771c39901a3624c2acb5a6650d0e17602bf4841

SHA256
017baa51da287a39bab8fa938acd883c4560787439c329cdc13a5407b4784f49

SHA512
45d93a457372c7a4d4603ceaf74c0f774d40c4c130492f3f7d6ab6a98892cc22d69dd023abafedad55679b1dc38211584d5930dbbebb43fc4da907c6b4db2ae2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.raz

Filesize
1KB

MD5
137d9eede1eef1b1a46e4f72b5ccd2f7

SHA1
da9a0a76b0f2a8aeb287c63ea883be4ce1cbbc0d

SHA256
78947410be8be9794fc4af9a93c27d9860a83b370ecf7844371c7925733907e8

SHA512
8d22b9326511b351583f86be2e96f08c5d36b26ed6b7ede8d53314fd02cd3b1706a5efb7a9a801c5b5d8362373723f693b81f43eb66c8a993e895a850ed00b5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.raz

Filesize
2KB

MD5
59cd53f9f53f374249e56631fac72334

SHA1
fec131757ff0d5173f7040011c12db0cd8136930

SHA256
34126c2452374a123d0bd33a180f592d3eeca96517bb1ec81b502c07f2fcd837

SHA512
5ec825747800c197d2d660e0994bb0a09b0d46a4f67c1072caa74a3d067f95e271b0c9b65073e633613bca40070a50ebf822f4bf6d363939e0dd4cfd37b2d744

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.raz

Filesize
848B

MD5
f1baaf1c689b8d1253aa91f2f4d0eab5

SHA1
46cad5effdfc05d8f4a1bbe46aac6bb3237c9e41

SHA256
37af00c7638dddaac2c649d3e21692081a28a1ddb3bb05df9912ed3b81314e14

SHA512
4e1fcf64d31f09523b588a3ff45573b2e5699fb19428ff5d3c2b5cbcb3ffd0e989e08b3b96d56e8fca5f89401dd6eb98034585f34df81f0c20e5c9e2eed0bc31

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.raz

Filesize
32KB

MD5
b7fe9df9cc6a05a8420230769fb9aa6c

SHA1
1790fb0d8c878b389cba5c50024fcf336a0b9c48

SHA256
79ce50506901188611c908de73376094d8caf21c20b33e24b3cce04d52f7e4f5

SHA512
1b625dce444338eb890e559b388e825c45cea49c2df59c40083bf441792b9c5d3ca9c2de96561cbf98427a7578562918b2990e6d194b812077b168fb557c2c5b

Download Submit
C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\Example1.Diagnostics.Tests.ps1.raz

Filesize
256B

MD5
4fd04a773b89732db82a50eff6cd6744

SHA1
87313311a5011d2112a4ead07817dc9b52ba874d

SHA256
34d974c873e41f18f7287473713dbf010bb571e3d1cfe333d2801ec8052ee9d7

SHA512
570b126af855e3b3b0e2d770acf20d9bc0a66b2e8d811254f232986f82c58a3c5ae7a64487dbc5b7903c1e3e6861dcf000a54cf432861e076a5ed08747bdd369

Download Submit
C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif.raz

Filesize
160B

MD5
291e7422ec4904019fd5a007e3007e9b

SHA1
8b94724c06a494bf274c58f62f1eaf30626dbae7

SHA256
88429f666f1f9d982f751de27deba3d5f074f555f1eee5a45aff11f5f3652b8c

SHA512
bbe4da8a3a2c63fbd031da983449cb228e7135f4d40ecbce2e2b6e79c20254c8fab6843ad8691372df2969c1f4fcff7ee2d51a24f39a9221f74fa0cf94c31f9d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe.raz

Filesize
1014KB

MD5
0612bf91ed9f293ea78871e6ca0b4552

SHA1
6705bb0e2d5065f01b0060590867114058c0009b

SHA256
a87ca4aac23a88de94b69c3048a68b03260d8c47006754235927dd7fc57d6a30

SHA512
f0d9b74bd3c27666cd11c1d4b650c873d1757e14a7e46713fbd3c3d94695269d9d8dbf7c1f58378d2928f62ebfc398eda6579654623595f947bec0f1b658a2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.log.raz

Filesize
16B

MD5
bcd350717dace4db434bc1da3217ad4a

SHA1
022d4c386a524e79123f3c550ee2ba9827d9bb5a

SHA256
eaccf2ae0e99e627af84ef94164b3a7a415778f4c1e9262f1326ca0543e3b724

SHA512
3b91c652b496cf720ef2ce4fc338fd8013ea1668949a5a98609445ca2652ce4ebca37229df387dcf5171dbe72153c2016be2fa76da412c4e6753df7a7ff08c1e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.raz

Filesize
8KB

MD5
c9f77decb68b52674c5ef83747d69817

SHA1
a4eac14e395c37c04bf89ad58d974263203027b6

SHA256
2b7852d605e12039aefe9fec02945e7e776718851fe2bae048e89bff4710b28c

SHA512
33afed0a45de522f8f68445108eb5b5bea77107c1797fe770f1539cf03cde94ad8aaed343cd034ad3532f6b0aa6e49cedf210a94c4aac53d7ba229a155df48cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{64dadca8-0aa2-4876-ad86-78b561efcf8e}\0.1.filtertrie.intermediate.txt.raz

Filesize
16B

MD5
08ad014d9fe9aa4586b64c735f2e554d

SHA1
445aca0a9003c30577e1d5b64c33ba947dc555bf

SHA256
552bfb31e7d980d5e0870d71b5e8c8b4efc402050414ff64a7d7fd6ea829e3aa

SHA512
0e808317d47d6cfae295db831732f07b1f2ff18989d6ac6b7484e4b8b039a13eee9f6767cb9c3c4b189e17bc3c0b446424ff57556d9501660febba29ce944e22

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{64dadca8-0aa2-4876-ad86-78b561efcf8e}\0.2.filtertrie.intermediate.txt.raz

Filesize
16B

MD5
78bcd19516953d58354e231ef913bf91

SHA1
5edaa6ff1b07a0122b481cb75afd7285e8c868ae

SHA256
411f8154582e73acfb8fe8d607dc3030f691840d21692272a3c0959a4175d59d

SHA512
1c866e52fca0d98ea1340e77b798438100b42bc4b679a7724360b361aaccfc642e336a3a78e0a4e30b2abd61977c068bd9d3b136b05c2704af55e1eb582941f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754066107026.txt.raz

Filesize
77KB

MD5
7a7ac0725b7f5539068514c1946de44d

SHA1
9d3d80123fd9060422750790df009e5312b5b580

SHA256
75819dafa15afe891760c83c2865aff9f6d26e71a9d28b56f1c3d61c3d2a21e0

SHA512
eec584f24c93ba78e08d59902d3e89c0f3e9dfe537407540d1dc1b02d8a81f030b97d9ba4ee283d72ed15b67589b2f4b94f13b18e1e10540e1c28e9935ae1a15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762621537007.txt.raz

Filesize
65KB

MD5
d8ac09341a761b97ce94abf60214cf02

SHA1
2405e806cd8dd36bc62dd5da36102942419c23f6

SHA256
c3cb1b7070bf5ecfe992171a9105c510769eddd922821047ab8fd0c69a4f0b88

SHA512
e3c901542ab0c168f70d33561585501afad14654b9fe103e3455bac1a9c3117a1bfea07f7c211b1dffa9f1b7f2e38d8b2e3bbdd6f7cea65e02e8f4cb05a085cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670797040874770.txt.raz

Filesize
74KB

MD5
87d13b68dd23556663ee243b09e28acb

SHA1
053bbb36b92d806e066debc2ec1c49b1e63a6714

SHA256
0a20be56c2f92aca82db964f4bc0ed8d06d9fd517c64de2b25616ed206d87839

SHA512
a3c66ff156bb667ab538585ee596738dcf249f31c1a1e567e85793a06305e3b6da87b105c5bf0c249957ac834e80012fa3c09c22c26f5fe0d3e34a7429aea4d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.raz

Filesize
48KB

MD5
f03c46a418e7427fe6fb62e7a866f6aa

SHA1
af6ec5903323e1fdf2447bb3b59fa8091eafd68f

SHA256
273b65b30df5fc85c15a2eb48c7a5c4b5adbe2904dcef4d04c524c13d038373f

SHA512
6f9e04e0211dcb35e53d73619dc96b5e3820a6e1a03e0045697e1f97f63b96bb9c76536f25b5392adff29484e6d42bb704c2cee84be13cce48d51d39383b3cbe

Download Submit
C:\Users\Admin\Documents\README.txt.raz

Filesize
1KB

MD5
444a49d33be2d453ec407e7cfe981bd6

SHA1
5663dfea4c755ef681ec1ddec9148907b0379e5e

SHA256
722c0183f9dc3e1c54b2490f1368ce198cc706358e0cea9587530196a4c3acc1

SHA512
35976a55ad8eac3e85f0c03e7fff8bf68d349946269f5376e6943817b1ab6889e8996cdbee2e19008c78dd39b017b1b9152656f45f3b25d6157f4293740d780c

Download Submit
C:\Users\Admin\Pictures\Camera Roll\README.txt

Filesize
1KB

MD5
72d40eb6e3f1f90696fec4610f14febf

SHA1
8469a8f1c1e53c9e96f4893eaf082ccfd70337bb

SHA256
ed81b89d6a64fdc1a7199e9f5f94e1f3a7e139b21d5e4019005ba0ca13a69262

SHA512
a6e48f3908649923af781397a0b339f9167abe356663fb95644074e973646af471402464da12259dcf10f2a8a960390725c74b44131e25986e86c9a583ccc78b

Download Submit
C:\Windows\INF\.NET CLR Data\0411\_DataPerfCounters_d.ini.raz

Filesize
48B

MD5
acf4aa4f61c5a291bed05f325fcfb352

SHA1
27a9d044b51da2b9116c48530c463aef2105db72

SHA256
fa3c8ab61b80cecb892db9ecf339093dfaea4d666ec0a0c52b096490e19d2847

SHA512
579c7e1a3e109b2c7bad8d9e126e19f55813df1e5e620405e66f9e56b6a02985a7ddf47f4bc6f42a95e830ef141a373c24803c662547c387072b66c8f02908da

Download Submit
C:\Windows\INF\.NET CLR Networking 4.0.0.0\0411\_Networkingperfcounters_d.ini.raz

Filesize
48B

MD5
72a88f7842567acddeae97ffdc3d1190

SHA1
689611c4fc1d665585ca606be905f723e9798ce5

SHA256
48734c0cfd235d5d5acced64e705e6c9e07d19c556b6b26ea7908bc30ae4a1fa

SHA512
81b25ae5da93d01a4aad500041c6c481263be49e5616a6332a40e5f81a4df673093303b65eac5843275b03cbc1242b38b2689ecfd790ca37f02395c5a9b593c3

Download Submit
C:\Windows\INF\.NET CLR Networking\0411\_Networkingperfcounters_v2_d.ini.raz

Filesize
48B

MD5
29a546bfcfb3fe6bcc379279d3791e8e

SHA1
89caa5c6e7514f0263bc961a7a264d2d34e38bd4

SHA256
cd42b308a8053ff4451e1cf8a7ba475cf8cc617f927185b59ed2fa1585b528d7

SHA512
af2d13b71606e244817a61739642cb0a44ea02869fc57f9a780045231a6a9971141ec82e720cc0b6775f3a5b96cba9d0865e153607ae79b815ca63985fb73b3d

Download Submit
C:\Windows\INF\.NET Data Provider for Oracle\0411\_DataOracleClientPerfCounters_shared12_neutral_d.ini.raz

Filesize
80B

MD5
23b38d55114b2267258ed6f9a7fac150

SHA1
cc58ae07e5f7f674091b5e7252ee329a27cfb8e3

SHA256
2f768eb5cedd957fa0a63699e763f4d14c8550bf6f9b7e7b23c3befc309e8a45

SHA512
60a1cacd8a87cbae4ec8a0c3f86693508615c64bcf90e44af472d813ac06ea8ec21d5b4afb3f2be8d9908d6f5d0ecc55b8b53da7dcb9ce1be3881ad672e4053a

Download Submit
C:\Windows\INF\.NET Data Provider for SqlServer\0411\_dataperfcounters_shared12_neutral_d.ini.raz

Filesize
64B

MD5
87190d323e9895286046bce95c957e38

SHA1
5ac8383ecaa68b7abd209d926390cba32eaf5c1c

SHA256
65ec8793778b1f4f3f10149b84b3294971ca9bc9839d09906b0a17baed87528a

SHA512
2dd12159c32d0f391383190fa00e3a2aa7f93a812051db86a68c689b2684b9bf4cb6b9ad87afdbbd6ecb5ed8e1777c1a3c6d4aab42925ec94e4b350889f17b51

Download Submit
C:\Windows\INF\.NET Memory Cache 4.0\0411\netmemorycache_d.ini.raz

Filesize
48B

MD5
a225dee1250adb9e66c34f6cc55c34bd

SHA1
25c48909b87fef6245945660419abc36bafd061a

SHA256
146b68f6f35cedd7ce4eb552ec986a4d36f4135a7bfda95d477a4a8bb1f9db9f

SHA512
5e2054e93bf1d51cb1668616cd513c428268032c9fded15954fe7b4252655b23d97ce7c9da6233720061d4ffd1064201b1620902096658b76858b715f7ba36f1

Download Submit
C:\Windows\INF\.NETFramework\0411\corperfmonsymbols_d.ini.raz

Filesize
48B

MD5
a09215ce6ab8ee533ae030ec2b9a0d0c

SHA1
166aaa5fc4db544d688c03edcb0e2c14373ce745

SHA256
18c86a0e9b2fef4c08c0dbd8eeaaf6d45eafc186c0f5e3e8e0d4224d83635b2d

SHA512
8e4913edad47577f3ecad079166e4578e7fc92fd083b7b05100fbe5d674816efa9a7231faf041e4e47f6d2731189a0b5d687269d4f6b2212e6833632b96bd517

Download Submit
C:\Windows\INF\MSDTC Bridge 3.0.0.0\0410\_TransactionBridgePerfCounters_D.ini.raz

Filesize
64B

MD5
273f2a45a326559a7d5f1dcfa070d996

SHA1
dff213c42b1a64c1f4b9f413b67984243edbdec2

SHA256
3b753bd6025b7d19a4783246a9d1f01dce53b62897c84094fdb2e7dede3b09b0

SHA512
8861ef8b89a080bd2e092f36ae78b6ee96f33011a2e9026ef10a8326f6244279a019e0b0f4db463a591fabd260f5ef6b3384bb69fdda6a935396dce870002205

Download Submit
C:\Windows\INF\MSDTC Bridge 4.0.0.0\0411\_TransactionBridgePerfCounters_d.ini.raz

Filesize
48B

MD5
05bf1cb4cebd99c536d290479bfa239d

SHA1
af72832a7f9670032fc647fa948d9953f6d01356

SHA256
f024e9f213fb8f7ab73b7b76967ea6cc3cbf43bd80f3cb84094980027bfa2e18

SHA512
3e701b6033b9d761080e7413e760748beac78ebc6b2cab724a03adde8123e9fa057942361e514c1c9b46fc7789695f8b8c3f4b300a452ca4074af41014b8a236

Download Submit
C:\Windows\INF\PERFLIB\0411\perfc.dat.raz

Filesize
32KB

MD5
9b3ad391de959a134dcb7365a5ff3303

SHA1
f5a001ecd93f626c7ca49926f3de5138322f6024

SHA256
7af7bb3f052f00b679d7d7d118e31563363e518c3080c06f1883c33fa02e6729

SHA512
7f7b06c6b9fbc17ef89a6e9c59e31093a33cdcf0c62c5557f9bcfb2c54608e5d5335d06b49bfdc7dfd40e829d3401ece178a5813064767109693ef2a509854d1

Download Submit
C:\Windows\INF\SMSvcHost 3.0.0.0\0410\_SMSvcHostPerfCounters_D.ini.raz

Filesize
48B

MD5
eb336bdb72db5d02921ac434859035fd

SHA1
39eb41748f91b78610ee541e89119f143a266057

SHA256
0355f2805a1d880a958d0e5a8817b17821f0b4cbe684faffb35c49a641ce841d

SHA512
a2589caf5f52429b6e7e240636dfc428600bc1d660e39f33167bf91d42e06825e448f3679aa3b8a69c2b99e827fbd12e8f60946e4f19af1daf738c08b1652952

Download Submit
C:\Windows\INF\SMSvcHost 4.0.0.0\0411\_SMSvcHostPerfCounters_d.ini.raz

Filesize
48B

MD5
77e2fc3a044024d8d414c34b13a9772d

SHA1
8525eedfbe8110601badc59be9cf187893d3679a

SHA256
9dcd6746e79b1ae41c46f0b25c6e92c8f6b9df92847eb8e9671c907b5f9f7066

SHA512
ea378a0b21d75c248d8464b91a4b135228768e78081a476aa166d9158f254544cb54529ff086a6aa931ac64d0e0852c5102d1eb22b8bca390bb06fc3033a8532

Download Submit
C:\Windows\INF\ServiceModelEndpoint 3.0.0.0\0410\_ServiceModelEndpointPerfCounters_D.ini.raz

Filesize
64B

MD5
23e1f0a43583b49ced5fce64a86eae43

SHA1
12543674aedfeb24a0f5a9a3704a242bfa2c4db0

SHA256
ff63a127260cca93f3f76cb4c3eaa22d140c2465cf3f81eeb5ee16512badfef9

SHA512
bf6d384508a3f6b500eb54dbce11b3a2c93f6161135eef2522d798f3af636b814825910a36875d69557f80514dff78c0a148bfbb27bc5ad5f28967db0613056f

Download Submit
C:\Windows\INF\ServiceModelOperation 3.0.0.0\0410\_ServiceModelOperationPerfCounters_D.ini.raz

Filesize
64B

MD5
0622014b466518f646cd509732a357dd

SHA1
02ab9929f0d9f14ff7f7b5e3d4993e2fac73a2cc

SHA256
b322e04ac6a863c25050b53423020ebe236c52553060e70abcbb3e16763770f4

SHA512
eeca81fb7543dd7a32c7817c9dd0fbe2f0808367a504284b428bad3a92545d84d547ae883d22b29e7a667f960b084a58c31a03e17e107159d645a867aea333f6

Download Submit
C:\Windows\INF\ServiceModelService 3.0.0.0\0410\_ServiceModelServicePerfCounters_D.ini.raz

Filesize
64B

MD5
0cecceb5feb2aa925e327ca01661771b

SHA1
733f1fd1ee462016a70af3e00d918a9e13928e42

SHA256
881c27732573a8da4446a9004d219386cf4313f84a9c187280cc611752cb4e52

SHA512
4c352bbb6623655c578d0a1d6641418e1f742577dc0619382516cd936ee0ccfcdf87ca9225457babce6611d12cda97b2851fc16b48683e3505c1ade67e0ed91a

Download Submit
C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\0410\PerfCounters_D.ini.raz

Filesize
32B

MD5
5464fe092a819997175daef3e5cada2e

SHA1
d387e027c81f7f0c8fa0ec7d8bdda38432efe087

SHA256
3bbe8cdab9ec326190747cea94c7ca954c5cf0af8a89f2ae73b94155b56add31

SHA512
29f7ef2589eae178bd52929a3725c53e3f41fca408511f12c31998f1269779d8e9e1d680c2fd9e68045c886064755e8cd5f3e00e5ba5295895cfc1eb7c75aef0

Download Submit
C:\Windows\ImmersiveControlPanel\images\TileSmall.scale-100.png.raz

Filesize
992B

MD5
3a1b55271def1a57ea3136bd9d285b19

SHA1
b3c06f9b73bff54ff7c022ef338d1f617f6dafa3

SHA256
ed3e168d79f48364b37d51657f04b9a0702c835815b3711751628c7eea52f80f

SHA512
6d34f7eb2f19d347f2e0102f2e09891ec6367b1f9ba5c59173d3c323e98f8326a2d85dd85762c452b9613f8b4e7ca6983967bc53924da3f3b94aa1ac4b8e2211

Download Submit
C:\Windows\ImmersiveControlPanel\images\TinyTile.scale-100.png.raz

Filesize
576B

MD5
5ee3231c170053b84745e2d68e5e15c8

SHA1
80ab39e9a71ea13cfa30f5a236a6effc1bf5f49a

SHA256
6a9a21df5d5bf7016041dbd4558580b90dc825fe48ba3ce4776f9d857d5694f3

SHA512
0590b9de00c863bcf4450ac56f0232b8b80cf45a7cf5d0189210d625fca5542740127f05e52f6954e9b373decb14d6ec8f06f0a957ab922cb9dd386025fe1fb3

Download Submit
C:\Windows\ImmersiveControlPanel\images\logo.scale-100.png.raz

Filesize
368B

MD5
6b887ede3bba0b24a096f4295d34e2de

SHA1
c261c033690d62755c555835d05c9ae27271ffe8

SHA256
f89eb427aca22f15894fd4f0ca22ebd434fe09395a8baab65fd09452ba43c089

SHA512
fb8f72645cd6fc8cd63e304a62e044fde427140c3ea551aa1a8c37437f2f95585677ade4b4577cc0fe51e7741727aa3f6194c362c8e18f6d0e274dbb4eb68bb9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif.raz

Filesize
64B

MD5
fb9906e838d94352c3a5b7147baa9815

SHA1
a2c555331ef960d289b2f68112c6c1e3df30db08

SHA256
3b8e88d90c84c8b8bb4db6408af90436447a70d606d167628baa8057167e3a26

SHA512
7a0cd4a0967f35e6654debee6029026a7df5231923cba2b302e59683cb29ab288f3d5921196421d289ae4c7b485ca8aa8ba4c25be3d0718b35d4b9975965fc66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif.raz

Filesize
80B

MD5
e1deb236757c889ab3772ba361912a6f

SHA1
7d5c7e1f407a186c4aadef750b21a06af9f006a8

SHA256
407fdb95f614795a2239331854b613e6083f8bbb5dc6c60817563eaf6ea1f693

SHA512
7ae46a733c9489a18f88205f77b079ab8958600d4ee3b4b2a45e4fa62d98dc0968ee93be786d621d45e42403b80511e9e3e79b83d0b2727f46d38e5b49b07de2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif.raz

Filesize
80B

MD5
02cb4119e357d0a1de287fa388acccc7

SHA1
d99e903468a00d5fabf2d72c5d6041bd9dc51fcd

SHA256
89c80b3d1f5f994a04c13d7957091828ade69f05642af4537cef2b980c5e218b

SHA512
bdb86f3cf6dd00d4692ff7f8ba7a8f9219ae681fb1ae9ebdeea8afa4fec984f07d61b82335b1d4dfc90852011f4770ba6f640e0282a34655c57199314847801d

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\it\DropSqlPersistenceProviderLogic.sql.raz

Filesize
2KB

MD5
d692f803300606c62e044e77849bfc22

SHA1
a5c974cbbb6639a6040ac8f15c730b089a4fe1b7

SHA256
6160aaf4271baa399f2ed5eed3a2dd26543e43afe885187282185e346238d4ba

SHA512
650463fb551d711ee0e0202faaa15e408fb17d2420aa7a8529ea0fe7f8d447bf52fe84113148f72b4201a96534083b40c51b54d6113fc2a5dcfecee1ecd9ea9f

Download Submit
C:\Windows\Microsoft.NET\Framework\v3.5\SQL\it\SqlPersistenceProviderLogic.sql.raz

Filesize
13KB

MD5
1afb6e9f226311720e1eac8e7f6fe543

SHA1
e6b530810ae1ffb1b4077304a535ab04e3739d7a

SHA256
67748d135f6270b5c9199617dedfff1c3620d3492490aabfeeb2038d5611621a

SHA512
2386812bd4628f9258e430f3d05c2b13d8dff712aaf377ab8a2cdfca8acfb01c7227bf120b464ffe0a094f62f94a209c385592bfaee10825cfd2cda39279ee91

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\fr\DropSqlPersistenceProviderSchema.sql.raz

Filesize
1KB

MD5
9602a8bb5551de5317cf5f8a014339d8

SHA1
082caed137345dc0d8707e94f0570d9ea68a3970

SHA256
86e4401b49f56d558ef26a78786236aeceb458ce406bcc3bfca278042404f83c

SHA512
0aabfcd87444f5225c9c73b25e9111b48d5b2e3b116e33f5bd3ab8870aed3ba7f92c2845c593c3bbc56afd12bf97fa3f2c60ae2036b25942d678afadf4cf533e

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\DropSqlPersistenceProviderLogic.sql.raz

Filesize
1KB

MD5
c303b3257cfaffeb50fa2490b2582fb6

SHA1
df4a7d997314e88e1fd969f3b7cb916810d181eb

SHA256
6e0d04d9b1064ac55531b9440712d3491234e5766e926f9615f73abee8e49ad7

SHA512
63930d84d80b6614cb6b190340957807a520f2d60007023ed17022cb498a4ad47167b54034d8327f9d0fa67a944fe3ecac3be3f858dafa47293fc4870ae7d9a9

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\DropSqlWorkflowInstanceStoreLogic.sql.raz

Filesize
5KB

MD5
0a800c24574c4bd9a51b65e33f86b1ef

SHA1
890a14bed8afcf9596971028918480f887642137

SHA256
a90960bd9750dcd1c696d6082f5c53e5cebb5f8fe53f868987cb6ee87b5c2037

SHA512
d017b24769f43873661e8ab927a859cc5d3b66f445ad5f4aa23c896562ddd634f3b8000b8395eb659d7a6dc92228fb60dc865c09228eae5680fbb9c83a8f9041

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\DropSqlWorkflowInstanceStoreSchema.sql.raz

Filesize
3KB

MD5
e2243290471598d1788fa54f3119bae6

SHA1
7aa738e5888d0f300c836c94d4cc1095d8e48898

SHA256
0d2e88538191e64447d1372ad919873df3c30938efe172aef332b4aceca8af71

SHA512
a4a0abfa7db1921610f0834eceb7ed1d7886eb2625f7dc79560c29e9dae5a5dd3dae357b2cecb41d15e044ce76c3dbeddda7912325430f5c096f973b567092e2

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\SqlPersistenceProviderLogic.sql.raz

Filesize
6KB

MD5
2f8fe6fd3b1f9fc33c6e24efa5cc26bb

SHA1
a97ed9e6f6c8b88cd67bbe290e3f8f63742f5c2f

SHA256
4cc572239e6f0d9171f9b93cfe7eb9c9c113b1c605849b17b09955712a230db4

SHA512
dbc981b3711cbc774b72c05c03011d54d2307163d3b5321371ead71fa2ed01694f9472db7ee331960388414273242b348eafcebf14bad1d27f7782efa1c6a696

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\SqlWorkflowInstanceStoreLogic.sql.raz

Filesize
62KB

MD5
0f89d097ec4dfbc343386c78040063af

SHA1
45b70f5edfd4a92373807a05efc52381c53b5d02

SHA256
68c1c0df1e2fa2670625559306f097bd0e22108590b8d28d69bfa4891d5e420e

SHA512
6791468b57762df98971eadfaa7a1acbf14373c8d8b12e56482b60ffdc87bf73f0b69f67325e0d8207f5f7b86c8b45ed3c7d765fa36563eda80fa18f47305755

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\SqlWorkflowInstanceStoreSchema.sql.raz

Filesize
28KB

MD5
e5dc9bc13c859deb98c9d3d9d0091c5d

SHA1
031c18d2abb4a09ed066f5dac9e0cf0e22efcf23

SHA256
22d6cfcd1f24d1767cd9e1729e0553572e9f7a7095cf8fdbe4fe5cfd9b466317

SHA512
b431997e11c8b4423d496d292c335ace03c95eaf8913e13a09ecd01872ed40be3458f53ee491ce8403312b63f466bf842e9ebd12602b51e5b7f92edde110cead

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\it\SqlWorkflowInstanceStoreSchemaUpgrade.sql.raz

Filesize
88KB

MD5
d9f0bd1f1253d1d2c86497554ed9afa0

SHA1
04a42c2cdef3810d7587ce324c23ec4e07ccc36e

SHA256
eef95b71a3502490f39c62e51a2417b92a28d3d837573d6f5146a53b32ec11c3

SHA512
37111b7976c19793c9ac6967d05f543eb1698cbd20298c8b3546d34586d26da40a0f3f029b4a9930e656fd9df02829482b64bf48f6483b44fa8dd8959ef6dbd4

Download Submit
C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini.raz

Filesize
176B

MD5
203dfa98561c97a87a1b23d8ea36341c

SHA1
4d6b89d201f43d382b01ddc4d9854ed2afea019d

SHA256
10d933c334d83ec18fd9f1210a5b5aadd1fd6cd080c90388f843a9c92964c988

SHA512
752d34d4545b6f43826420cf0323950007b91e41b55af0f595f3739ea18c063202385f1197b2572cdb50336eebf0189b9d1a302399f0c21b79d7f03a28cb2f8a

Download Submit
C:\Windows\SysWOW64\Licenses\neutral\OEM\Professional\de-license.rtf.raz

Filesize
113KB

MD5
60f7d32e35ff838f47e40ef06de99ef2

SHA1
5c383aacb1d87c29073e96adf2520a4a3d0768fa

SHA256
3991a2f52073c2fd14dcf034f4c61c703da0f5585aafaf8d6731c28ac88ffe0d

SHA512
f34be0c746e0f7db077161b0569a4993d5cb4c103c481f5007ea064d9b81cb35a1071a3586d58db36aec5fc94d0a38438eeab7aecc7a3d8b6a51d83d26723c4d

Download Submit
C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\license.rtf.raz

Filesize
236KB

MD5
753698fd0dfb6cd62475f30179d6174a

SHA1
83b46348baa92d1a29fd51e700c2ee702f454d0a

SHA256
a9acfd744d75a47801cf65b9c7ce7bbc79996365dfc78ba40c020a962c11e225

SHA512
dc9c9f02f766fa7661b463832d966308d5f19a30543cb78ba287b7e0cd1b57a57bdd4caba0df266e977afd0c005c5c93d515600a6f2d3cee44ca4bca68e2ca2c

Download Submit
C:\Windows\System32\fr-FR\lipeula.rtf.raz

Filesize
992B

MD5
db1fc8a7e585806f5771541067d23328

SHA1
c1d71e4beacaf98a17122fa5746841d8a0daf61b

SHA256
fb6abfaece756869cbbd6d552849d51dc9e6a3a64d1969369fc79f03791bb412

SHA512
592fe0a6abdce7c35e612ed674ac57c633894c12d0c23182483d8fd0da142453b6f4fd09cfcaf769fecb56fad9f17a60734aa81ec6cf0134b49516dab291af35

Download Submit
C:\Windows\System32\perfh009.dat.raz

Filesize
693KB

MD5
b77ff1d8c5aefbebb45391d51cf929f1

SHA1
1a88b71d5b5512b14c3b52f8bfba0ab06e97a06b

SHA256
700bc7a9e2470136807b622b35f98c15bb395608573b8395cc341a44133cfcf8

SHA512
495c3f683b33edb971a260be042d830d40ae2a8b277c17079d0a84f602a667d936478c926b555f587d86de2f300c1f1611f1e33a9ae81b6fd4d5cc929e50afaa

Download Submit
C:\Windows\System32\sru\SRUtmp.log.raz

Filesize
64KB

MD5
528a2a3e7218c9522fe027492ec5bd50

SHA1
10de122a0618217e673f8bd9c88e6c429cf2a006

SHA256
6f5b95d67b90f0f8131162742c2773d7c0083c66a54a35e9769812faa74cc842

SHA512
ea4d522fcd4a35a1c412716c7ecfe7b931d1717969b74e628bbb30021ad9f8029bc825618853725614238c8db9be070734e1a703713adc0d13e9e666d39a4259

Download Submit
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\ErrorPages\PhishSiteEdge.htm.raz

Filesize
112B

MD5
4b2380c0a9491f63e20e5970d0b7cdf6

SHA1
c75622bee7a5d9436052416b7449e90a55c2b9d4

SHA256
fd5fd3f2943e106fad22f89f60ec90a71d3448f580f8745470b269cc55c37e09

SHA512
43a9a6d6940c626484b11187d85d594ee20dd84a3fa6f7461aea282c7b4ca64392007621b132d1ff3614622812845a8b74af7169202d8956d91f3e8aa7d93006

Download Submit
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\ErrorPageStyles.css.raz

Filesize
57KB

MD5
016dfe86cd81843bcefb475eb3557c14

SHA1
ad2121adc64668d523a6f20bca155e4477a9c9a6

SHA256
e41531bdf7abe9ca20be83f7862dbdf4334b9475596d52a9d1502e5e8b9f6d4d

SHA512
dac8578b6991e74b4bf42ecb633765263a3222897db17ad3472f1b2155b050b965997308cdbeed192d769b6e9a9b2abf069f5c9b7667c21a4f441bf0c695ad89

Download Submit
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\PhishSiteStyles.css.raz

Filesize
5KB

MD5
ac1d991493df3d16acdd87643164d66b

SHA1
6beb9b13886816eafdf915a3512ba7bc541791be

SHA256
07037c8d1660e01f0d89d18bce3cd3461da2b1a4c18b8ab719ebe4f2e22da229

SHA512
2d9c12fd1c6798324fe2db1f6008fef80dfab406585d4632004a30ba0f75acaf9b3921d590ed7925727ac0d0ed5b1a23461115d3f1f4998113ce5dbd9fc5632c

Download Submit
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\TridentErrorPageStyles.css.raz

Filesize
4KB

MD5
518f5acd3beff44eadffee61eb35e945

SHA1
54a0f62bf18688128510159a35fe1d8dd779f4a4

SHA256
e99605febd2e984b1b712bb36a11a7f3a8db1cb516921a1a046daef1961d4182

SHA512
3083726da11fa286bffe7e3eb43f096619be347e0e9a6eada328cc4159ca495bc2c6e9ed9b1b55e6fee603ddf3b45c6fe6dcb7c4ca6a1dc13b69f7008813da00

Download Submit
C:\Windows\servicing\Editions\ProfessionalSingleLanguageEdition.xml.raz

Filesize
30KB

MD5
05152eba6299f54c14c39286d2043df2

SHA1
6043ee8a447c48551ed8eef0baa59f5d23ca472f

SHA256
4b0f6eb18592405a60444b88e6fea07d94ea986cc70b8f492c1d009c637ec9fa

SHA512
09cf14e5f52d84c3a1a05decd6ff840b09f93878183066b2e4306756dbd7f2bbcda5dd8ba748ed6d0692d03de1bdc87211f464d34b596bf656306b21f5506c67

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads