xorist | 591623808907b65a75e00b1ee2c1962b92938267fc5fe885ed976bc7aa570635

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe
Size

86KB
MD5

04b42e42fa2ea513f893d4d9b1701fd8
SHA1

0087c0edc0dd8f154880abf57f156751922eb771
SHA256

591623808907b65a75e00b1ee2c1962b92938267fc5fe885ed976bc7aa570635
SHA512

94adcc3675b37e414ee97bc7b45b8a7c08b9d8a10f048e2bae6eadd2245fddab61c71a76fc5ea990323c7c72bcc77fcf780789d0a8660ebaec4daa54d70568ea
SSDEEP

1536:YVnY5LpE8JmusWUcYF59yNQTU7grIXy7r0:YVneLpE8eWE59yNQTU7QIC30

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/1152-5606-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-5607-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-10450-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-10821-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-11150-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-11153-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1152-11157-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	encoder.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe

Executes dropped EXE 1 IoCs

pid	Process
1152	encoder.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LAFOHMOINCAKLAC = "C:\\Users\\Admin\\AppData\\Roaming\\mbrlocker.exe"	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8jIPTuNn66kTv9M.exe"	encoder.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_cac08af12caec647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystem.inf_amd64_89e15d7e662d6584\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fidohid.inf_amd64_c446be9403cdcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbatt.inf_amd64_a6fa9bcee39a694f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthspp.inf_amd64_bdb56f181ef6934c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mgtdyn.inf_amd64_a6235e923dc4047c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_6383331cfa0a32be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_42b97498c7087292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\GroupSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\Msdtc\Trace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaus.inf_amd64_f9b71b1d9c8643e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000a00000002345f-4.dat	upx
behavioral2/memory/1152-12-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-5606-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-5607-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-10450-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-10821-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-11150-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-11153-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1152-11157-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-150.png	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\contacts_permission_ios.gif	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.contrast-black_scale-100.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailBadge.scale-200.png	encoder.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-40_altform-unplated.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-200.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200_contrast-white.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png	encoder.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W4.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NoteToolbox-light.png	encoder.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	encoder.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-100_contrast-white.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeBadge.scale-125.png	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\rhp_world_icon_hover.png	encoder.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\2876_24x24x32.png	encoder.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\models\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-unplated.png	encoder.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Program Files\Internet Explorer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4	encoder.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AugLoop\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.contrast-black_scale-200.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-256.png	encoder.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\MedTile.scale-125.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteMediumTile.scale-400.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-32.png	encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adobe_spinner.gif	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-48_altform-unplated.png	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png	encoder.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-150.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare150x150Logo.scale-200.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-unplated_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Wide.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-30.png	encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeSmallTile.scale-150.png	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-180.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubWideTile.scale-125_contrast-black.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-400.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\fb_blank_profile_portrait.png	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	encoder.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md	encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-20.png	encoder.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_wvmbus.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_30884c157d121d34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers_b03f5f7f11d50a3a_10.0.19041.1_none_82a36c559596820a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1023_none_3e879b530bf1ce72\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netcfg.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_90676172b39d3cc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..lient-aux.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_06f80a84eb31707f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_10.0.19041.546_none_b626b8cdac730080\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..edpc-accountmanager_31bf3856ad364e35_10.0.19041.789_none_19519254f4e696b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..rofessional-license_31bf3856ad364e35_10.0.19041.1_none_31de674a953f3f59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\alert_sml.gif	encoder.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_dual_ialpss2i_gpio2_skl.inf_31bf3856ad364e35_10.0.19041.1_none_c17445f7fcf185fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..xthandler.resources_31bf3856ad364e35_10.0.19041.1_it-it_7a25feaf5a4e455b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_windows-id-connecte..nt-provider-wlidcli_31bf3856ad364e35_10.0.19041.746_none_8936fdff4ca167c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_dual_wvmic_guestinterface.inf_31bf3856ad364e35_10.0.19041.1_none_a3750aa62b1952d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..t-windows.resources_31bf3856ad364e35_10.0.19041.1_it-it_5f18cf6199b1be56\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.1288_none_e0f8082a6952ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-aero.resources_31bf3856ad364e35_10.0.19041.1_en-us_f0379010f961da55\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataclen.resources_31bf3856ad364e35_10.0.19041.1_en-us_7338cba7bc66a170\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l2na.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_09139c739ef8d86b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wsp-health.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_7f8e68757c0f0c07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.19041.1_none_884ef285596dd594\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-magnify.resources_31bf3856ad364e35_10.0.19041.1_en-us_ab7e0e498c008cc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-40.png	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..lter-mgmt.resources_31bf3856ad364e35_10.0.19041.1_en-us_cfde1148aafaf969\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanhc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a030df5a5ba3a4d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_windows-application..meventsbroker-winrt_31bf3856ad364e35_10.0.19041.264_none_df2787f379af4e4f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dfsui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4e47ed980533e8a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-unicode-components_31bf3856ad364e35_10.0.19041.1023_none_8d723d8c46de7ebb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..vider-rll.resources_31bf3856ad364e35_10.0.19041.1_en-us_ea06f36b4e80ffad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.964_none_2ecdb1dda972d026\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_10.0.19041.844_none_66e08662312299b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_c_fsphysicalquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_305010e78c79c168\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-blb-cli-main.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4d384605232fbec6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msmq-powershell_31bf3856ad364e35_10.0.19041.1288_none_3dca463a092508fd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..-service.deployment_31bf3856ad364e35_10.0.19041.746_none_c947fc61b4576314\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..se-client.resources_31bf3856ad364e35_10.0.19041.117_en-us_f7f9409ddc9bebab\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..laytomenu.resources_31bf3856ad364e35_10.0.19041.1_es-es_f42db83418fcb7b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_10.0.19041.746_none_1ff999db200c4640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..ker-winrt.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e304fb8fce6427c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_it-it_2fceb6f1060351fa\defaultbrowser.htm	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..displays-kernelmode_31bf3856ad364e35_10.0.19041.546_none_1ff0deda5d6ab79d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..astbannerexperience_31bf3856ad364e35_10.0.19041.964_none_acbf591d9a871232\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-web-app-host.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_5fded4783200642c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.19041.1202_none_e17f082b30dd9027\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\msil_system.management.i..mentation.resources_b77a5c561934e089_10.0.19041.1_es-es_e0a8d3f5635a141f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..licy-base.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a12ed8363e5ee46c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_nvdimm.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_251c98bd4ec9842a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-retaildemo-retailinfo_31bf3856ad364e35_10.0.19041.746_none_cb1337974a09f324\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_10.0.19041.1266_none_b1ceed25b5aabf3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-windowui_31bf3856ad364e35_10.0.19041.264_none_ef8072da76d7bd33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deviceenroller_31bf3856ad364e35_10.0.19041.1202_none_36057e94c281704a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directml_31bf3856ad364e35_10.0.19041.488_none_911950774fe41ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-printing-oleprn_31bf3856ad364e35_10.0.19041.1237_none_fa3e428c48d78526\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewWindowIcon.scale-200.png	encoder.exe
File created	C:\Windows\WinSxS\msil_system.web.services.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_9a0da1343608443b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\Icon_MMXresume.contrast-white_scale-100.png	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ess-guard.resources_31bf3856ad364e35_10.0.19041.1151_en-us_699204d71041b23f\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_1d882fc56065eaa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Xml.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1081_none_e3f87355251e8c43\Notepad.lnk	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_de-de_1782264ad974bacd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..gine-isam.resources_31bf3856ad364e35_10.0.19041.1_en-us_21ca9b7f148978ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	encoder.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	encoder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2008	PING.EXE
4340	cmd.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "XCMQYQTTALIMMVR"	encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\shell\open\command	encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\shell\open	encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8jIPTuNn66kTv9M.exe"	encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\shell	encoder.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR	encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\ = "CRYPTED!"	encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\DefaultIcon	encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XCMQYQTTALIMMVR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8jIPTuNn66kTv9M.exe,0"	encoder.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2008	PING.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 1152	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	84
PID 3020 wrote to memory of 1152	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	84
PID 3020 wrote to memory of 1152	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	84
PID 3020 wrote to memory of 1360	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	85
PID 3020 wrote to memory of 1360	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	85
PID 3020 wrote to memory of 4340	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	86
PID 3020 wrote to memory of 4340	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	86
PID 3020 wrote to memory of 4340	3020	04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe	86
PID 4340 wrote to memory of 2008	4340	cmd.exe	88
PID 4340 wrote to memory of 2008	4340	cmd.exe	88
PID 4340 wrote to memory of 2008	4340	cmd.exe	88

C:\Users\Admin\AppData\Local\Temp\04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\encoder.exe
  "C:\Users\Admin\AppData\Local\Temp\encoder.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1152
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  - Modifies registry class
  PID:1360
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c ping -n 3 127.0.0.1 & copy /Y "" "C:\Users\Admin\AppData\Local\Temp\04b42e42fa2ea513f893d4d9b1701fd8_JaffaCakes118.exe" >> NUL
  2⤵
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:4340
- - C:\Windows\SysWOW64\PING.EXE
    ping -n 3 127.0.0.1
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
60bc3fb82561a8b7060c27ad97970b96

SHA1
e907426c0584a19f751f5a5a49b93b4758c85a64

SHA256
d9bf6051b47dd74018d329c607f38213273b3be205b0243dd302030644e7f54b

SHA512
cec7f2d9cbb069d124278005b03038d614c3af015486c35048420821e4b8f720556f1b80e004d8f97e7c3a4664b0750266efb7dd77af7ca9f15321a517fa3f0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
f072b4f06b513f156b38a085826def85

SHA1
17fda7cf4fc8582f99a12e9585c7f8958ce43fa2

SHA256
47ff67c328be834d165ecf5f2506af9f01c11f3afa20ac4fa58f0b4a0cc95679

SHA512
ebd4892f298ae19c6baf69c55d0bc2d84b3d87c654bfbc6794160378c0f0a60f0e7b370d1449c56351e3a0cd0f4276624264434be447f3bf52bf07dfa1224564

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a6a1c83f02f3fdd00fff21010f938ca4

SHA1
ac26a7cd48593fe1377839e86d92f9434412d43a

SHA256
9a643d337d02f807b38cf2753ab3226fb029d616967476698fb539e953b52eba

SHA512
8c320f79bdd6d7b4b00b611c2a05796bec6be8852f11a21ba29fde1bddccc1762452af764c6b41dfb5886b39a294ae1015f97c6defe85715c63fb1c24e5b2fe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
f3e3502363ec72ec3d563f11b88ef55b

SHA1
e50779091972de6487fd560f77b5b5b61fef02f4

SHA256
86c9a7a496f0518eaaf8e76c88c44a36a629eb14c703d32d751b050493457e19

SHA512
fdf535225ecdd35fa3223702216be4a89454c15482302d55b68053219315cb4f56829d1ecf0697299f5df14e0fa6b3bbeb62961e5883517615021f88b60d1876

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
51c38e94c9d914b1e5496b9487535640

SHA1
5c46aa4a1495f12ce6a9f5af830b492446a1bf8f

SHA256
4b923e1da106cdfc240fc752baf833946c16a0426cb8ba07fb83e40bbc3dcce6

SHA512
134f0716f3f304cf63e7af9adaf7ef5af7c9d67d90bc87462560051d5596f2ed51ab3f0c86ae903bd4f8bb34aeeccab0ced334c6b7614783d5fe3980c91fb083

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
c8c312548ee63f4ef6ee0d07caba2b39

SHA1
8382275ceba15069cbe05894031799cd19243395

SHA256
29d0bc99ef3caba677a7694f5d7aac7e6499e613ed772f5c9073aa82a94b31d9

SHA512
85cc7500e81813f7ff2a6e79a2b43f81bfea71b142ae400487ac10af7c66df458724a11d45db1d46065f703791adc4f5405c4087e2b589cbb8ef8c4692765d59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8780e2c2d2bdb7717cfac49cdee4e829

SHA1
503718cd56d2165c46f88ad0b717a0e598e9e2b5

SHA256
473af0735ab63357f97e63e8a229850b32d7a2cfa84928280a118c7705a50724

SHA512
10cf21cec43fe715b901045f2cb668ff9683630b54e52440f975fe4926abfcdfbe9db97ec28b3d623b632b809c3a7072d73fd22ed76ff275c1f0ee313fc1009b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
ae16ed5073c306866fcb98e4f0bd2669

SHA1
8f96c8895ee9ab4ca864b7e40e5cbb748135214f

SHA256
16c482537a8bfd59ce41e81c99f51f104c7db69105fbb294555398065b27f4b2

SHA512
4cd967c9e2813e5954e307b10c5ee45b2f53bfa2ce146431fa9fa17e7632abd6a5de380d2172e1f53689e32d48c006a01da46a059ecbae83bf2211379d9debb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
a88ac9866ef77e334a4628c9aa039463

SHA1
438724347a267d6f65e98532e0336cf3b846e69e

SHA256
5298e28597e0e13ac916d8b130631cf73047d78143ea3e7a192d20ab1d432245

SHA512
c49ca9080697e2765330c22fe2eabd11f416834c06d7cd1e9602b690d5dadfa9b03eb78a59b061b7cf99e6b2e2ba581a721dbd54398c3038e735fdd987a6f971

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
241a08f29d08503c2c518fee7db6ff11

SHA1
a1f29369d4ebd55f1ca9338a013b54a05809ec22

SHA256
d9517c7136e8f269b1b90590c6ea25c8160f3be68eb73cb2fefb69234c7a3e8b

SHA512
cbdac6f8493b2ed1e6fefbb7c64be4d57e7e0845ad9bee9e87bda6dfbce480980204cb82fac775211f84bd3a276cc4961e43e58e260eaeb686b059ab489b37b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
3230bcc3ce40de95b8dbb8d7480dba6e

SHA1
d5534badcfc5ce632602968522ee6ab7e6725f4c

SHA256
cb3ab3a89841de45ec436c84c98f7a116b4553371e640a2718f3cdc07b859c1a

SHA512
26879fc651bd1c3d05b5bdb71f7f15da31ed61a95c3fa17285e8aec13ab7329dc75e8f0ef7605e1d1697568bcea32ee9aaded3a715486bf6ce09c0eed19fc686

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
8f8ed8a340ed48a22d1535cfa4f1ab19

SHA1
0fc03a1be4334958ebb0a8c1dbd59965d50c5461

SHA256
dfee0d9655f93cd3cfde91d12527f300dd1f1ebcadea7ce21190f9437f3b32e5

SHA512
802f2c883c257c8d93fe77574063c5eec6e4d9c0c6c428f8cd26466d877ec3ab33234d6fabb321fdc6d2769edb04393b87535ec86491e2ad815fcc4d4e741a5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ea4a0672cd4dbfd39c86d9c09a1adbda

SHA1
652f7fe19b239e917d0b0d430cd4640b655df4d0

SHA256
f54eb2a0332277f024fa5480194169a735d54b3fb4b78466c20fc35fa99a8803

SHA512
da27598cf4a9b41b69ec7ffa6ff6ea0b5224d2d0fb3d606753f2c7b6deeb918178e96bc3d4ee80b9b980032555e58babf38f2cbadf13661839f488e9c9194241

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
7fc0017a13b0f2ca8382b363cabd9e67

SHA1
1f93e5e07c0b5dca8d86bdcb925ae803d4baa6fc

SHA256
d0741314dda49de88564f6412e1affc71e9c3e644b34d65f75d2e83f943b1b16

SHA512
dfc8ea47ed657d7c76037eb08f242b5928e8b9f851a115cf3d2cd00ee356e742aea7757606fa6b5dfbe387f4b08b7bbad25848ba4292be4a5e8f06edb0ed200d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
f1dd96b6ac82c7925c7dbcbc8299d751

SHA1
94abdd4f7e8ced32972b548d77a0629ac221541c

SHA256
0917ca280da31aeb134a5016c861fd1487e1bdc6ef70fea9817603b5e3594eca

SHA512
d124e611cbdb80e0e8777d37aff5ecfc63e977c439fd95ed29bc65e782660d7d02ea08460a07c0833e760b318cb9bd0751a2c09bdb8ecc61cbe73ace082000e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
924560a9f97dcdb630219578afab58b4

SHA1
6cfd2d31bce93881e372179bf81f81b1415cead8

SHA256
4c43cdef4de1ff486cae63f4d948de540ffd86145fb7132e6a4d5de42bfb66b2

SHA512
28f807d5a2fb484f09c9cfd4c3d451e4a38a1d0793e07fff53f7867423689bd4b248fecbb9bb866bc7e831bdabcbd8b9539fd11f1dc661e48229295028b308f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
3aba5213160ecef57ed23656d46d56e7

SHA1
3e665c27b3b7fb74f69ceb278afb10554e865adb

SHA256
1fc09356c654afe37dd32848588e2e114d922558a5602a442912f64af6071f40

SHA512
107c60eac99db2c26652b7e255f1cf63cc3a8bea6a2a7ff1add82fa66bd4df607573bae269fd95e72014fcdfd0e1afa755738876e50470618f87340fc96e48a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
d3c92da0e422dd3d5c6661638b28f9a2

SHA1
d5dfc83ef11b7cb47fe31066e7c4c26af7197107

SHA256
30c2137fdd53fc33a40120b1e2ffc9dee74aee64b3bcdb8b1adf6bfdb5a054da

SHA512
03fc185f664ddc406df1a7e0ee3fc412ab50f9ff2b1c9667b8e6b9dc106ea53b46bc6a6a8605ce552c2ed31785c5cb023a40f85279bb6eb0d1c80d09f328c8cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
134de796af525c97c8e45ff8868414a7

SHA1
0a0be61a51afc58e5c431c755c7410a0e7ddf1d8

SHA256
6473d4dab9d046f21f965697e00d2ca239575804dfd067eff3f90ebe5b128504

SHA512
14c7d2f2648ed296b26ccfea552750445c11b4313a36b7093bc8baaef236b6e96cc9035547d77f36e03bd7d84aa851d74b3bf758e40cadfce92257b6ff7a3a26

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
abb6b1aa703423b27a74abcfaa72c09e

SHA1
504791982a474bf22cfb146f81532a1d75517fc3

SHA256
473284da64b25f09ff8dfae07d79ce5183e6522bce44647a34dbcd6c8d7ca2b1

SHA512
cd715de139916654a2c47ee0b656c00362f1edca0b5fd7a5a5f7833e81cf8194f35d040d851eb3a33596f76be3ac333fb6743eb3addaa404d6148ec806807de3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
10ddb6c328c9126d9c472a1584b2d43b

SHA1
f3bc89a7326367d4161536e82b3877d32ccdf95e

SHA256
b8ed0947f3d51476660acd89a40b7da00970b7938bea583d7bd2bffa1b07449f

SHA512
c2dfb157df7645fb8175be72092476ff15e9dfc0cee1219ffc5b89645fbd90573c0d4017a25cd3b519ef93210a8e726058a206b4b8b9e741287eb511de2590bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4de86adca863328788ce59c11057fb39

SHA1
4608f7b50014cde87dd38109cff858628970835d

SHA256
060beac8fbb3a334a180b001620d3b79740855d6af7f3d809eb4b75f581951ec

SHA512
d70391b99e3fdb8bcbf47185139ef6b1b7210991f24bd10e0449a0b23acd39b69fc0ff6c99e13a042e39384658ab41d90ba49cc97154fe7d7fb8d2130eaecb5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
ba662b71b608f544556f20a405c04276

SHA1
851d1a28c4c1e8b0255004dcbbad580b94d05168

SHA256
3bc487feb73f0c6f1922b92ef1271bb13f24e6435f1978e08d62db13ef4235f4

SHA512
2ed9c1b4beea89232f2d4a893cc433cadd75740ab0ec106597896840bc40096fb9a1c8c5a676b785c82c65214fb79204947fc703b147c8d3e91f5cabe6b02712

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
e87b9b1e9a8673e83393b74290aea17c

SHA1
f67c6d917f6693895a81a62f94de651935ad2c91

SHA256
9539e51c8243f4781889fe841a466f2973195482ae8ba4c32312fc5254453cb6

SHA512
17b33ef580c85195550ff901dd870dd9a893a85ccb953d37fdd93f88e631040ae759b241c34a84ab92fd49205fc50d5e306ecdce4bd82f6bc9a4119f64b8b4a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c02be0159c898cca03f7d32ccc35a06c

SHA1
45611ea671a3b59d7326c9003c4aa07a97c9821c

SHA256
b2fcf89caa332d3cbb56ec8e362031a3f4c374b6a732c51f4520df4de0ac12bb

SHA512
d984552111b96d15cfc6db80686cd130623402f3ad873858344329b870d103dc22e27ca0aa08b58c1ab2a16dc55bb8aecace40759ad88bb28c3685b35a909e10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
00ebcd76b4a1827549f813eeb618c39f

SHA1
cfdcefdc3545e91469898805af9188d4d1f5c7f1

SHA256
f72b8f6e9a2ba4219fe1765b147ffbad137b98168503db260649c0a3c1dabe8e

SHA512
6f5123a794638fdff5a4ba65db59abea9704f9dbf43b786594ca02faa6a612ab771e9a72ef1ac4a7ebef55c10c4f9f84fd925e081f7b7234508606ae80c4712a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
08c59630e22a0576fa68ac6fd243ce50

SHA1
af62617c362d2f85ab81dcf12ab3979fbaee47a7

SHA256
afafcda9a3ca4ea07bb062a989fba808a592acb55419cabd58ca4a01c66b8830

SHA512
c4744e2ace5dc376bf3c9289326b63d82e7a3eebda89252b25c4d06a927758add338cf7dafc594d5a6f22795d892dd5868de71b10901e0e761aa447e29b2e737

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
a9f15e1128325b65004f870fa22a5907

SHA1
9c828b5b77b6a8839d8a83fd60a397343997ea8a

SHA256
d59c2176f3e2bcbeb275eacd70146ed40f5ca8b43e47479e5d2bce07103be6bc

SHA512
0cbaec519bae288f8387f8e6f8702028d73adabb7b86dfd2cb1e3ddb0aa6b660dace9dc1cfc362fbe28a0f0c53f2663e16b2a14abfdab20c22c25ba423351e66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
da6e67419631acf235a47aa2f8b2f695

SHA1
991fc70f8ac74f74250af1c2d0d057f310507df3

SHA256
03f3d2b1f5a6cd4d614247831e61ae10ed8c01bd052e095a364efe261a949268

SHA512
768225f2780fdd28807f78769767d9155b865c41e5a4da5ebc0a051e12d9111987f89e473acef2601510cb1e1d1a71101b9dcfe930a687db5cc24ad8469dc71a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
96f04f34b145ecc117ff611c9f8378c6

SHA1
70c6178882219d2b90b5151ca8af66bdb42c0570

SHA256
fe7995850249e504619582d673611d49373a9889ea4e20e39c88ea0bf899a48a

SHA512
67a63ff58c57c73a3546d5099a1997170fd22833464062f6fa29a2223d6371ddae335ce745f139690b2425e3a5a52a9aadcaf1f7c2276236fc9f607cb9d8bd09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
112c40d3ca248b48fe35be7239e285a4

SHA1
5cc826b7c78ca282bac8f95418873118aa41194b

SHA256
0fd73d672d66609c4696553b60a2faeb615cac559926abb3dae89c67435bb9eb

SHA512
e839186e51ad9a83a190eecbcd452569fc57128043ddee1e56fea5997b44c528afdcd9e52bcf0ed440aacc0a6c89e7b309bd97d98232b690fd01b4dedf6859da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
838a289fb72f81156ee961714950ea5d

SHA1
994862e97fe85ab5b30571d8b811624d65023945

SHA256
6dd8af1e411fcb74a998aed5ecd4a1e124ad05462aa0e74e74a15359942bdfdb

SHA512
3e6aa3907fbd693005c9545d618e2af7078fc83d4ef62e02c7cd6e510b4661185eaa9aa0a54c2e5b9b3397cf010d11b2c950faeb7c3b9954f3cb8c59f689e81c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
4337688313275bf6c1170c4e59278ff6

SHA1
f71231facfd459d899f4c5cbca03ad62dd61860d

SHA256
fb9d04f8da60d5693b3838bf0a2ef111790062ece7f7c048753f998fc8a0e609

SHA512
9a3e9104b402f63cdd098776d561241b532d245a317b43019a4358eefc82d91ed7c250211088a4d5b5e80a97bb481204b5023be28fb2f1ce67cbc92dad3442a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
afe9e96a004089b5995bb700592e935c

SHA1
d5cc931e29ee087ac770d6125d81db25c9bae0b7

SHA256
e1578c64124f36794872a243fa980d83eb3836400999814a849158f72c7756ca

SHA512
a02b720845f9a52edb1cfa0d3050027b9d31feb84e1bab6b95acdfa6f1048b27167f60a878fc7daf0505be74afdd5a0d3c474fd70339db5020ca6dd89112a4aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
3ba86bea877ce751fcf1e44077a3dafe

SHA1
9780af5d4af725b142531ccf76394494f490ec6f

SHA256
7226994961c3a06607e21ee0b7cda9163946964ea008e667336cca442e604cf3

SHA512
85da23eb5c5b8044dc06b0f5315d3c1d8f20244383e71cabe8ea9d500411a39f2105e949ced6f47e870dba99a23115898ed78362f9851a137eb7d1e4756196de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
ba700d62826c0fa79225d73a81941544

SHA1
16e42216ce21b46957dc06fdfc71ace810da5596

SHA256
d162e895eafeae8d6e2495b822787dbafa2c1659350a520322f9fbf5afb98b77

SHA512
5c4ba4fd064dfe5e53656dc1ca2818c76951b5266dd354f18c656ddae2655d0f5d9861b9c17e9c009c9465222d32fc18a0bae6ba27da9654211662d0eb98f1f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
2bf98d15d6da398f4ffa4213534cede5

SHA1
da1a6288a69e7ea5464221f7efd3624c6d30eaae

SHA256
5c32a5337387e46fbfe25ffae1da6a0681c077abcf4157c7379f31898acfec54

SHA512
7b39249a27c36d1f08dda3deae86606157ac9a4aaa2ac0552838b36ee0245995a243f71e9cf429a1e62c811b2526c4d42e08e09ef1aeeb5a750fdc73b02dcca3

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
b1d031a2aa71f9d0dc9a306bfca1e215

SHA1
3cd03fee5ac8715bb04c609bd8f71c2c666a993c

SHA256
fdd50e266120b23629b70fa1374a354ce4fa855353b3940f9216d7029d71ed3e

SHA512
3ce5617445aef456773717366b036efaf9ff3f1bf658e99022c8717804e30a2e516eece396812486efbbe5cef7e55f3e03438c5722b8d4f68a7859cb24a04fee

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
86B

MD5
f60efefbd24662af994316cb4ef5343e

SHA1
f703eae4b6767908f93bc52227e3a2ea7f1402ed

SHA256
918b19c1033dff730e603154ad9b1d69598c42d14d27a9bbb05c976a0f367903

SHA512
4d5190f9b53763692b04074a79faafb390e220a9ab10c7a1cecd0e36256da001de5f5706e4e411099935fff04a222af23e4a9d869632354177ad6b3498f924cd

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
53c565709fc97566eba17e109bb1afc1

SHA1
0b3506888d4c5f5f5a39fc89ad1155ac0312ca46

SHA256
51bbf4f48ca9c395f4b238fd24dea45976e0a9dd632cec94c1c028bcf6b015f0

SHA512
6be1dddd5bc68412d043d7d1dde3ea58b198593a40ac94e07886027e2672f6871be895b410776dc1b1fcebea9f91822830e46b9ce8c5282a5191f2f9808bee89

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
5b109ea6eef670b02f488bb943e498e6

SHA1
3af4efc5a8e3bfedbcdf5e0e06ac19c8620abec4

SHA256
f46f6e0b0bc4b5f270746e21e2c721ba1e29e1087b98a40d542ae0ee0017f4db

SHA512
7b8500262160ceac2595edcd5389e0ce1cf41681de9f726db704cd5af76fb5527b11caf710277c686c892edc026f40cc673476a5d3fe160da2ef29366e5c7d8d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
fb0812335ad869d1a95696b5900cc95f

SHA1
1a02e219e394d877f6e1f2a66b6590fe7e4e8ae0

SHA256
741b54f25ff397871beaeabe05ac7e7a7ca93da8a396d2a063c051162dbac95b

SHA512
380cbf22c86391b756cee801efb057d3da27f896f63f8ed6b35b66a3f28ac5ff6f6d39d30f78bb1de03dd6648dbd42c25b1ada6ba58ab7484b8e1ac0a704cba6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e1545a5bd83b74dcc3baa50369f559b7

SHA1
b249eec1ae8ac95927f1e29fa0de322fcd7fce7c

SHA256
2d3c2db4c4ba2f5a5fe60cb0a0872b5014e5c1ee5446ec2046c0af50c832b858

SHA512
33d81651a9b7d871a1d30428edfc09f5a989e5df7a3450316aadca0b8126e4ca6a7bcbc0869970cc52693e41c47fa9ab26bbd7ec792f11158be92228b9c189c1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
e4eda075ca30c45b1292991af1431de4

SHA1
6f37a51525afc7c399ffff58fb36a81d683f2033

SHA256
7069460549fa829a6a39bffa3d69c2e70ce5059ff15d91abb4a64e1c7a80ade4

SHA512
5d3be586d36704fe1967314965f71f3a23f60cca87e7a4decdb6773bed93dd6b555acb6a921851e5415140a61a2b742904c5a3c438adcc72c68220680699c8a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a61901597f4e0aac0db42c99c2b7056c

SHA1
3032e27e4ec6ee52e6185bd2d3dfe88f9027215d

SHA256
8f2552b3731c26d4fe47adce587b8670d04185ca1eb10d953eb7fe42934376c6

SHA512
4d03405fca5c97d0a6dfb995c3ea3fc96dcc1605d7ecc6fec1a1c7f76b8747cd8fa0f4b4f924781f88cdc56c8c1d7fb33cc2d1602868ca9b1f0ee44bc8c05e67

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
c60a3f65b417b48c36b8dbb2d96c80ac

SHA1
1a562a060d3df05352e4e488c5344b8a04758382

SHA256
d43cd7cc782fd4fa38e84b4347b30e58ed3841fd90a77df970ac8d93bac3c676

SHA512
e63cfeff2bfb9e5505b3c91d9947ec8e980e821b6af79ffc05e0c330e0b2ac370cf25d1bf543305324b6b8bb82bf7f79fbc2eac7f5a4500d95f619026bb3d7d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
416ac3d2717410e6e8697fce1b2c716a

SHA1
b23304eb6d519aab79649c837368f8bcff3cb7c1

SHA256
36b687dc958577df46ef0d9ff760a45c5209ce69e4a1a51d12046e4794946580

SHA512
8b8447ea78f6f1e9287fd80fa046c85a4ad4e12591b29c63e0a40ac0a0b32a369e2d35d1a74c77e8d071cd6e92ec2e677e1fb556e9b09b276c08741f49da1c17

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
d2146f41f4a3c8cad4a0c27f3298cc83

SHA1
f987b124209addb8506e43a11d8dd31e847c4965

SHA256
23567bf002952955b7d617135761ce952deb9115f14f2e94c0c21061612ad6f1

SHA512
dc1cc32d4d9a0fdd9a329d247eeb496017c12dbb072962bd672de518f6415892dfb8f9e36f391535f2518b143f1dd7615c7677bea5627ee22d122489879880f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
bb3af948848688fb71abd4c94b88cf5b

SHA1
9c7840aaf339ae8d6c46178fd7b777fc0dec2136

SHA256
9ff9662f75de9c3d8441c69f34091717b285f6ca8640fc347dd3a12a77d207d0

SHA512
4d19bbbba1b4db86ece4cd2e9c2a0262540b0a49085a0d2390323019e7a93c7ed2158a93389ff04ee4a3157b5a26b2d97cefa506b121e787bcf7629cd6fa13cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
4499ac69c9e6f02791165b97ba7d2c82

SHA1
2021d457c58b3934d15b804b36e4048e60ecbcf9

SHA256
f3bef31ce1b1499c8d44616ef7edd6062cf21bf5ed17ad1a69fa7779bd8d43db

SHA512
d2c5fbc4f3c720a1ee26296627745bf596e92506a3fd94d88a854faa348687b2296f8ed6bf08a74ec11de5bba5e5122c1a17b24f943a27179bbecf7990637ea9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
a9d7c909fbc7eb5091714c4d8fb05155

SHA1
2b321101434c32e24935faa6a3812a478e4da9c5

SHA256
101876883775781327fa4c6331b37a41840ac06619ef6f1ae259c4ffdb763875

SHA512
9291b5786afb71c574ad4869157f647c64b5f5122c0e7439f400731a8a4931c8b2be681e5aee7616e52f4b63e6e5eaa0186b30c99e1893e807a79bf90c266ced

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f2bf4bcc37d06d4033757880bb4e6f43

SHA1
50b914c6d61d125f898d2f83de5f73de1f525339

SHA256
62e8554b6e1f73d3a620db046b85ec31ef14af62570fd9f3ef8380e4ec9ba9de

SHA512
ba36ea36d97ab01bb256a228923cae246115fdf0cd07145fac6a158fc99ef53c228622738feb3865bcad45dfacc3dda1621957a099fa07f02a6bb5d4b2884040

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
d8892027963b8dc6e92c48b762bc1b2a

SHA1
bda3a1b6b53db7d23c8c93bbaee5fe266531bce7

SHA256
d113ab894563aae1101fd7cffdf85560f55349b0538befdb688547934f014bb0

SHA512
9271277672f40fe060550e988373c8a6176adc9bdb6587ef6c5eabc09bbb70907a6617824fecfcffdacebbbb62361f662f53d259c85af51a328adfa64bdb0953

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f9de6abcd68868b35750aa0e23b6d82c

SHA1
b66f1c9aaedff56d728fe1ce721219909006f208

SHA256
ed0fdf895eb5be5d4a00670a502369b948494ccee4ff4cecff52552262871485

SHA512
077d12a3d86562df43999caa1d15c2ee24cf0ec070d41b39abe98fa146075e47e333afdcd7b4b7457e7891a4c0752b72e73ea673ba6f4f8d5e46623d32c49042

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
0089b8ce01798a7f04fe58647db03d02

SHA1
44e05156001fd06d5301804dc87596829182d5ee

SHA256
49fead0733bbc32a6d2086422bfd83d35dd73bb45a1a9a189ced4b558ad31069

SHA512
bfc294514b13db5abc14a5bd0a236ccd81b5850b5385bf4882e1ddd968b363bf9c3418f13df4cc179f25bb792600ade0ebe3895056c465504558604bb651b96f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
77492154d81d45673c77e9ec09548b7c

SHA1
2f3b1362df707f73c361be994de5673175e4ce89

SHA256
672bc62307f3da9ca92dc05c9f4bba8803e3a0c49877931ab88db0f6e19e0fcd

SHA512
ebabd836781a3e92d28689e9a8e215018698e4dd01acda1c44a79a3b5dfd1ffb28af09e666a3208fc42bd9707ee21a285e3910b674cc33640b9b99e99daa4606

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
658a372447d8ad6b98cb78d5f34e7d71

SHA1
afc6884d6cdd7858c55e6f105924db59e53c28dc

SHA256
3d29eaae4e679ed1523f83ac2bf27d9ea935ced672c9f6ad5b8743def8e2c5de

SHA512
c6dd8b707c97a56a41090084ac27435492505721a3865912607dec20a814f68b15da3fa1dd45ebd9221048dc090abf6bbee1c9f48abfc962338c16442ce579d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
10c7490a86f1f13250c50ef2c4937b5e

SHA1
25a419d76fc4896f34d0ab1b69ad8dc24cb6a195

SHA256
2183ab7c1f68abafd48daddb668336b2ac6d8a3a6bfed806042745ed8c00ba1c

SHA512
150753f08b004783d321d1ae935a64c2d67581892a4b073377798b3d51d7cc6b5dffdd5ae8232026cac761b657986c31b4e46d859f9ee8570ddc6b5dc6c18f75

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2758a255231ad023bc5df01047df4ad9

SHA1
4c14ad1e32a526c1d84b19f28a6cf7fe0a6f53e2

SHA256
acc93c4ee1972f678c4d1bb397c3798052ff821ad4759621e5288138f686faee

SHA512
f72141bc863de13092cf119ffffdcc85439052fa781a8790e9533fb4269e764e4076ec36283e580aef7c2b025b5583b8b8694b3c77d2982099d2056db268ee69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
4121f76e645bb8153c126b8a4b3d8223

SHA1
0a111be042b5c7e83789a25b1795f7d39cdc4285

SHA256
c30bde1ad1a933d69bf71dd3ed89c1da7072a1c440d184dfbc471a3c3b533349

SHA512
e6f720c353e2dc6e878906ae36a1d0a397dc56d9e901e204366d56b3b8bc8104168b757fe9234688523d81653b5f15e4b4de8aa4b6a357409c4e7bc283de2d99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
10069bb0d3962d503e72e1285caf7bae

SHA1
300a4caf62515835bd6040da64320a12218829d6

SHA256
5ce29f23ff5425096dfddfbaaac7ff02482644991b3109d5289acda7e0f5623f

SHA512
a30f8940c818314acc7627de258e194b1e8f51e25aacdc53663a54d8824ec19a4c426e5e010d9a316a75e8cbfe719a556ab459392440c5b6da1c86c7eb0aa1af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
46112f6dd2f4a92ca83f0ca58a3c5931

SHA1
32d50726b2523721682ceb580ef46573a5f14cdf

SHA256
4ca9abb3eb0cb531c4af5cc3f191a024d4a75be5cf580bdb27dab341dbaecac2

SHA512
7c574144a8e98aba4d2b47945e70560742d0c945f2458e758356be94bbeeb978aa1569551c14976273dd9d9bd960ac941dac157a6718aceeaddfc00910e555b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
7ab48b9f84c61e4db842eeefc8c8b67b

SHA1
90cb93ed0df4fb01a9d8d931627fdb17477d2445

SHA256
bfe0fa2f5831f4def799c43cf4ed66590ce8660edf80934d5d0d84e943d5fe40

SHA512
4082e459c1e92a8e12a6e4c5d906ccc0919b34fdf031dffb7d798c3c46617087b7925675425f373cf824cd555e1cb248c3893e2abeea8a1bcc2d2c4efc61e7a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
48951bbcf1eeec401634020216131a3f

SHA1
a0faa6d55963d57dcc3f370a6137a5ecdfc3078f

SHA256
b4df0c34a7eca1f6c191e7995ac726b559a9b34c704c7801b2e84e0d2164f036

SHA512
de874cd484e32f47b7ce221acdaca54e0186f3545813cc9eb7913875990a4dad585a89485d7b5cf776f29db202f43b5cb65c63586d80bb772e027ae04f0a4fe3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
577ee24c498835f7df503e67b6e9ccbc

SHA1
4f39a3c5befe722bfd943fa9836c3efd49ea912a

SHA256
6c03c81f48e3891ad56c0456fef22af9a3c6b9e62847b83f304cec26e34db3df

SHA512
6c8b022a1ddefaeea387af898fd37ef1cc8f404679c579b0dad3d0b59e754dac6ddd8fd204116e1163f628f45b48ec66b03bdfcf6eae6d1d4100b084726a3b9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
d202f370bfe6768b61e62249d4c30981

SHA1
e00ccec317a836b31bddfc4cefcca9d896933552

SHA256
449abca25df9b050974bee7c4cfccf6b95d86ea28366ebfa4247e0102f86499d

SHA512
a070dab551c592cd98f2b2f7e2ff732d7933ac94c0d640b0b46ed8787763ad504597ef53476982d918b9a4ffbc4372deeb27905a4856d5440be40dfde4fe8268

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
c187344de738cdb49e48a049c08ad41f

SHA1
ec7482985d2f5a06a073ee13c354cbbc8e7759ee

SHA256
2fb3e6200b94c2a0f17c8e17849cb33e582a57798cedcd53483850911de84247

SHA512
11a05f855f3edcd9a7e5af9ab36900c4e27141220d020d21f5d738c3f44f9fcdd2ad057061529fa76c6506f24d1e3e91768565fb182a06c81d535dbe6a7bdd82

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
6b4aef1b82848861d12151a5d6c20f0b

SHA1
4ff5717e8d0050613ace01ce65d57f9bb79019dd

SHA256
06a871593e71657196e60ee5e2101c3e900c0be8ecf73d990cc45095ab8e3a86

SHA512
43fdd41beb5bdca3c4213e9f647863bfcf3de48b8ca554d38690ecca95cf7363868b20e50b10e51a68bbe781e230a15ed0dbeafc09eb0be7118be23a572eff4e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
f44ec14fe805eefd73f4bf865d857775

SHA1
82ea1740c082b4a577fcff02d6fd710f5f7290db

SHA256
f66da2a7694ffaa5a75cc149f86769c6b0f45f4d8655c93a1900ef97fa0c5621

SHA512
d740858511cb4d2722b68da70502a427b5712ee1694af14dc73fde086d900df16d07f161526ddedc2b778f6e0165a957d64e413c6d1cac6e5f287aacf45f5b3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
d67863cb5678ccd4f8fefd040c45d33a

SHA1
8d3f80a9b0ad9108f085db672ccde38b691a7e0b

SHA256
41177287adf4a3104544e895805572d925a905c26fa58ea5a5786edb47eaa76a

SHA512
43ab61082087d2136f121017b8214aa1e747f402cf7b4c68d2c585b662e9143da88e8958c7d7827f0e93b3f90a46eac421659ebd52f43e5da8fa93895c55182e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
e1e4f368aafb55dfff996655c8c5f241

SHA1
a1efb79d2b05d8b113b6747850a53663322f4879

SHA256
4505b809603be4d0b92bbf9f9a9c5ad9d0c597c30cfa9235f4a1dc8b1ca5e27a

SHA512
fd9ab0969c87555d019244a4e02e2edbbf11b13446ae7bb917c171713c51069076ba68075018ae6f67d2b0a4682691a0d0d034b76f7f7045cd87f18b214cc075

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
8ef3b7ef0f7291b23cb14ccf8a337c4e

SHA1
b3e2514f55b716b0462b6d6a9dbef4991b95eb38

SHA256
e735838b98cd3879fb3e3107d11eb54f9bf2c5ccd2435d0e763dac16a5550589

SHA512
b2de123487cf02eb57ec7cac5a68b23ea6c8e8f5821ac6396244877ed9e107c95364940e67836c2a74847ae00edd31c89be13665262ae496f1073fabe5da21d7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
ebc2366cfa89e97382efa16b256d691c

SHA1
0145045e87205e9d443702070491ea6594dad8de

SHA256
0b63b567ef730ec03bb4874da48b36f14a4d296dfb280bc654cfdf4fd7e8ec7a

SHA512
cbab98b9eb814b36fcf9e86f4b1aa887104847e8116bf633fc2a8207e8564e532b3faf145aea77688dae61da826074c0144b08268cbfea19677fb9d7ae17bd68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
ec4783ac9a4207d41f74342bdf51c89e

SHA1
d94647c182b4118726fd419bebabca9c6ca1cc83

SHA256
8e940701f3af886155317e521f35d309f8967dc048128069111725d0441432fd

SHA512
abf5cb3e741fdd50dd76404d6a5e16beb8acd26287bad28f501f7e87af265a79cdb2982d6d3bec63dc5eb843fd4e0fd748c0d280f10c958494eb225eab3ccb0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1cd3822c112396e82575816e65c5349f

SHA1
41c29f337d36cf577b175792360dd6f2fd525b15

SHA256
4755a5fdb97865c7f3cdaf7dfcd743b717e74eb7c9538b06b32e1a8a2d842a01

SHA512
38ba09aff6d58486b89483518d014571987c22b7f518cf07555d1837407d504a6ba9d46e0d435d2d3315df7a001094028b782b80ff55cdddfa621f18e3346065

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
b2fd2e9b6be94cdfeab25b893745cb31

SHA1
8d73775104109c95fd0628e2137747b284ca32e1

SHA256
cb445c3f8a6d7e71b67c64b0ef10c1f4863ceea92fecbb3ec5fc773d1228b351

SHA512
f783440136d4e1c4cfd0d0a1dab6e48bfc9a4b6a7f22b0bd28aaf82201a85bf8c5577228794e71c21f7c86b1f4a0f5c5eb4c5db7e4581cc665b37d66189a445a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e1bf2c21b5de17bb3a119741101c0bf2

SHA1
7e3005cc5cf4fad79ebf052ccdd7f01d460c9778

SHA256
de7635334e0f429fd5fe1897527373b6fecbfc27786a829e61bbcf37de0be408

SHA512
cdf0a6ec38c64b531949da02259ca0f7347c1c41f4ec40c9ea2ec502a2a9f8c99029151fc3cf164f6d5d045aab63b406f0e6dc302c3ed04cdc2bdebfee02c394

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
91ab5a3c3675f04337d176915d31baa2

SHA1
9f5a12cd191676d44267b79cb0413e6d6678dbe8

SHA256
45c0c66a8b1231d9c209d965a24d1af0006c5a90784bed759a390cd4153b6aaf

SHA512
c867dc9d5c32b32d8d66dc05a3274527125fd84c9b32a71b3c5edd2439254b95fec1b7f3524b2cb13e6366c683a892439e8b7489675368f84996cee791b55488

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
97f2d060552745e12a61550e35ea3e73

SHA1
4a33849127f800c6c5697d9588dcbd22819e05c2

SHA256
e601f1dee83b0b6836aa670dfecbcd64ca03d4c8726d2b67c31e920d26e65928

SHA512
86481b9e7da67cb98d023be7e2bd926557de2436b218d58a626166a1d09f39af0dd8bb4cc5fe74fbc39bde3dc3b112811cfdb269c0379d1c68c36347eb479806

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
024a8af068347b6dbfccf5c160e73102

SHA1
868a653e54fec0f1db023b964947a33f221a3d2b

SHA256
2aee7088df35c760c8eeb74a269a109277a36dc075988057911a005b6df4d98d

SHA512
9046b17ce8a6fa9db3fa8b25f4aca08106cff602f5eca0d1dc0f5c0c5fd72c7d478826b78b4c6e39c9e35d51840c0a0cba98cc8e91fd92da06e74effcea51659

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4ba732b1a7120606c7dc77117802293d

SHA1
b620ddb903a41dc93e3bbd5c752e121625bb464a

SHA256
c6d44ea56558438c51544f3830ccd080fe12940b5c858f4858b923bb1b304962

SHA512
f3aa56ebad3e791122a7a3f78548afd252bbbd569b81d5b435624b9e54d284b5bdc5907fb24f674fcbdede246e1dca2f36533b313e05c6f8f73afa7ac04b7224

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
151c52364c9c961f69c23636e8db5ab6

SHA1
980247073b94f9a3e3cf18b290a146301775e502

SHA256
05681ea99535ab5b986cabf603bd323e4391669aece80fbd97ff0eb749851379

SHA512
a7b9c47b5cb431c54116181a288353502e11cbf7b332c9b35be44ea746495ff3d3dfb432cee18bb439919092cc5ae1ac5504322f5159ec45a9dc3b6e4e5abb85

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
313bc9796789dfff7034609242ecebb5

SHA1
2358bb866ef1cabc3e0e09093ca27a267d95137b

SHA256
6057ce5ade1136beef5d6fc3f3cce701f7642a3b9490e9c4cd1062a5aa63b14f

SHA512
8f643045bd342af45e5eef28870689c917cc540da8ca80f0d63fd8edb6a67d967657dc2d662c3f0517af18344d0fd52d8e70a3a0bd61e6a11480865d6f7bd855

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753988092688.txt

Filesize
77KB

MD5
44b9c2c0a5f22cbe357d6cb033d250d2

SHA1
a0461d2167609cb070e9380c2f7c93d4d178b6b7

SHA256
d22dfb5c16e0a43e6037bc69f12eb5d08adff307676bd82129c8e299ce7976b1

SHA512
8f4e3c6a7997a7d4aaaa0f0d479927a6d64b64fd1858cf5915cb32fed412fe7dfd65aa6309913829b091472ac6a361ca187990fdca093e096aea69d22a5bfcd9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754513600213.txt

Filesize
48KB

MD5
1bb97656f4933bb238b405fb7a13e637

SHA1
5434b1132d4cade0b1da427d15eca033a429ea84

SHA256
69fccf6de131713fd5ba98cc087aaaab83f2e555838b07b7f7cdafbb2e41eab9

SHA512
df815d438d79f52672ccd5cd5f9c3fd5e685f4af20e3fb272bda82ffbaa83dd69a80494302b00b5151f43616f40e68e8c42fad24729fc311ceb87fe491118851

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761155176116.txt

Filesize
63KB

MD5
55e63f2fc412be72fae00c40375432d0

SHA1
63a541e323de252306cbe148ae114d55cdf40f9c

SHA256
d738c35aa3807c2056ff34002db0223cbe6e97d5a4006464c3a77c2885bdf538

SHA512
5c8624264a92cbd3395f7f0dc591fa42e2f919dc4661b690522fd58b5ecb8a671555a7c025ff8297476441196b5251b1132c4d6b4b370a93def395601ea2b143

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763712487382.txt

Filesize
74KB

MD5
5b7c0fbd7ba9d5bb099e1debcf230241

SHA1
5df11ae7017e8832f73b7983a0b664b8e33b8196

SHA256
70d1938330b6b83a87ae288deef49d09d19f672368d1509eadeab2f3c8e42ed9

SHA512
a15be061fa51be2bfb928fc0bb1974b03223d83ce20ce43202807a54e93dbd1170e5848da085995f3760c9e2fecea3f5674e8d079f96e7131390abf465c9e421

Download Submit
C:\Users\Admin\AppData\Local\Temp\encoder.exe

Filesize
7KB

MD5
72afe7942cf0a08a9c5ba53717b858f1

SHA1
26015bc863ac1a7c6e14f9e3fc24e9ab3ab3aa59

SHA256
0e3814f4d10eb19b95e9514392392a7295aeac0bb104a55b33836dffa4ca25ad

SHA512
86463ebd91bd94c2f6d75b7961137bddcd417983826fdcf8ddfd2898a73f7818d1b3ceeb9832d9323773e24ccd2dfeb9c79e521ae432f595277c4b1cf0918037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ìîé Êîìïüþòåð.lnk

Filesize
1KB

MD5
c2dbee26af2fca2945baf00921404a37

SHA1
508fb1245c6c61c476a3834b1e763103473be621

SHA256
747bd27b25e15dbb243dcbf5385b545f5fc85084396b06d5e000d02c34f6ada2

SHA512
1eed53c77d6a9862318fd67dd2d78be54c69fdbdd06146d88afc02db721eb4b6805dd5fd66a558a3cc09fabec3169a631279af2b9bf415c9ecfc13a9f9419951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ìîé Êîìïüþòåð.lnk

Filesize
1KB

MD5
048c380584458615c0f4aef5c182b9cc

SHA1
f42d595e42733f67ab23df15150f8df15e778c48

SHA256
fc7194b817bbbfc369e5c4aade5df92daa286e42275c4b606ef9ffc65cce808d

SHA512
c886c165182f47e992bf477afbe28dc0b737325f05072521738bce52ac6d227c364a40afc7194aa059327797651488764255d922fe6991456b1466ff98e04873

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
69e9596bda5ac05584951eee08734ff6

SHA1
569efcb4af11e9d917dee8295d0ee867c0e815d4

SHA256
93280249c9e2f9610b52cc83a110b07862187450138d8857d745e0870234b711

SHA512
6bc31d70fd0bfe8236a0597e2ed611b515d1ee0b45f73bbd05be6f3c2c597884c1767ffe5b2172d917e63dab2ed97a108d648f1dc8373c73184cffd2c87da281

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
781f6ad4fd1ed48bb5b53e7e8b4b8963

SHA1
260b10a04dfcc9037b533efcd0089a277e2a3325

SHA256
d92c8784169fdb49cc4cb809f13b948fd9c215932036cd9a7744c13f17e31556

SHA512
5b65f2be7f3f3c6d046d6865482902558c5e3c6adcfd57bb4bf48d0d4e7cb74c4ea77f19e8ec66dac814599c62695cb17e44bda774be687051d4f9161988a68a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
cf578ff7cfe695a58ef3fd10d9ff829c

SHA1
2ac70144327ea710e7ad0b90b4a9288aa7b3a22f

SHA256
ec69edb57a31d0e8ee13049b28dcaf398b1dc2001d2fe98c4aa65a56d687f0aa

SHA512
c9954f9e24287161d144959365446e53d577b366bbc21074b19237a18db8fadc8c463ae23dd7fbd8bb764d087c5b63f2b62e7daef4cb1d882579c4e44d6cf2c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
f8423e6abb0eae7752cf5b0287f74cd4

SHA1
63fc655044fbd2192004b7489c393f570ba77555

SHA256
d2d56e1254514e902674d5cbe56b2bdc7e79d1b7cefe5a08be1983bee07c5d54

SHA512
19d24832b9a72083ebd74146d68f1d009c6e52832d24a05def0468d5178fc6dd8328f0776efc21fc479e284be5dbf5a92a7448f269dc7866e6626849ab68c55a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9bc9a3908e6867109a0976172fc3aeb0

SHA1
debbb2ad1ab788d0e237c4b7cdd62f4f0a184e03

SHA256
77eebf76dfc2320a67422240d9128d003a2b20e507d613b6d881347f9166a174

SHA512
2db69797ab975fc575fd302ee23060efc7afa32711d89598d4fd2b1a43cd0a43cded6ed7fa436b372ec8ae89cea563648632f270772554397d8a5570e4e5c38f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8ae9460118a8cb5d596be475bda37179

SHA1
4d05813ea767d25efdc3365b36415b7e0effd081

SHA256
40602fbd37b54f95c44ee141af94683356867169ab6e48089d1dad25e7e0d37d

SHA512
f00021a44eaa841bc6c5f4973f292cb55702bd17be9d48827908a25eef9451fa624cac241b26fa84c1eb16a9f522e6f09ea853abf5442051a64c086ae13bf670

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e360f3d714ab1fcc2bcc67eb04b7bff4

SHA1
5657a42cf9a478da54c88d32eead927b45e37dbc

SHA256
b524087f2480c70561fdca83aa5a360626741ad3e2b264651ee6a05e87d8786d

SHA512
36f41e7a5b104948fbb4712229856b84389eac6b1974f48f10c2b7d898ad5e19ed992251aada0590f23c7840bbf51ff3caca7d6209f995854389b85cd829c128

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
35f66f219c6737948b1fd1502e8d7e00

SHA1
00642d563005486b15c9434d5565a9a72fbaf6d7

SHA256
66f7f48b82d5b80d42e5f5b4fef03660f26c178b6527c151d659ed54f7c04977

SHA512
5c5a04083b9576540779d227f69fc8f8ea246ba93c6995b2f5fe589bd274c9caffe1ace00ec1fdb10ee0aed082f99f8fcc0e78735dd748ba0efbeea56ed01f37

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1c1330c66ff9b32372652d60fdb8d693

SHA1
08ba26a8270d283481713362c4da4f64a0e53491

SHA256
7cf43379f4f93dde58b1c0d4ead08672ece428bfe5b185d3c15ca87ddfa8f603

SHA512
cc8eceb96c87ac4a42248ddd5193602f34958f3552677213370858f931e452d9d84720f205a2e087703ba0800066e28e8c29987ae71ffe8d3b5560cf01395e50

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
b5ae8b9f961aa74603ad57c5063fffef

SHA1
d24d32a844c93ff62d69bc91226ec268551e4286

SHA256
1d54748f102f8425657317d0eed5deb5855466c580eaf23e0d02e573b5c6b665

SHA512
125f6e93941b9e4e3ce8ad315c186f75e8b858cd355cfceff97822ad2fb2a29a3a01bc6f5bf65243018381892a602246b4e5718567a1b44dbd67d67a8f3011b0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c6d9435d571b82cfc6c661daae3cdca9

SHA1
c92345146cbfe9965ddf4c083385e6b1301b57b0

SHA256
29e1bcd5e47cd97736c0545c536f98bb1728e4c5c824f0e3151b3cffe1f3fa50

SHA512
19243bcdf8e912a5becdf6cf3681ef22512eb68b2e9c4989b5424a55b1c645f3afae8d09383e04e60cf58c5166fd38d758d485d1f81ece41c949fff529a96b61

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8d0818337ee31595c6dbaea587c3527d

SHA1
334090e1528e1b00ed615e2aef4d4c4404ac2d29

SHA256
f26ce8583b756c7b3581ed8ef52f54ad8ae546c05ce7fb123ec278b954b9329c

SHA512
90c05f5ed655caf9f10cbe1122a03ab30a8954d701aa4f9b1f86d67db25dc51bcfad4987ee8ae8f9435b29156cecada272005550d655b1b6557c67d2ddc5fc55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
b1298a08448a65e28a91a09d2d7c3476

SHA1
4184d08dd6298219f8df0f9427cfdbfbe13fb5b1

SHA256
420bcc02f4e7c4ba346422aa16ca348edb2ff13d1a7875e93486a5abca57dcc9

SHA512
85597a65fdaf36a365647de90e383cadbc10cb9593b4e377400a6b26188972d18524aa512a9e906204fa3c51a4d0c1e24b66348cc927cfc5b1873064ba4f87dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
440d65632203bb3f99a34a3353461aaf

SHA1
041c22111e2f6033b09017513326b462ad9de34c

SHA256
c64b07c24b75099d6111a8e0b9b139b4c9d23482675371d3994f82a5ab5601a5

SHA512
e8ce7a0707b0aeecb105078af4eec96bed45c1cabb06e33f4888258946586ad4851a4251a481efbea9917d40ce75d569b5128b0fe6e4aff6b9eddf9fd62df1e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
734e275df14cff980a235f1829e08540

SHA1
b78a7e686c2f76a82936a558f516cf8dea3fc8d7

SHA256
a98dd98e8fffc40665666aa8a497eaf8cc6a8997678ed990d61375f63d0f9d11

SHA512
160c137ef33eeaa64b7cc9f40acef9927f41aeb1b15cd4d660a44551c5531833e443b8300588698031b94ca95e84707a09c0df5ca3bbba92278562f9bf8cc2e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
4bcec5d4ba3dfa8ca270989e84ae072e

SHA1
43b6bae14951880abe4f8ba75483435704972fc8

SHA256
5c1b8d5e6f73ed9335a093a869ae0b8a84a7df0fcce535988e2c100ab75be6aa

SHA512
10aa03e1005485092bb6809f8cdbb1a2abf9f785efa70f506bfce8c75059ade3d91c3861bf653d3a6330c16d8832b195eefef163ae4ef64089c85352f353065b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
1f2f89e159e03a3b05e3089bfa1cf75e

SHA1
cd4ae4db966bd64c84fbf9518b3167d6c16b19c2

SHA256
6dab57fff219206db7660d222195e01f92e57059fc36a5e3ad52200001bc66d8

SHA512
aae46a7998793760cd8b670ec789fb28f6f7afc325244d61f297ac2f7f81b4e93f35216c27eb8b89c1ae159a398d3bf51a489e7f7f4abe9335fcc30fd22395e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
dfc748f1fa0ba56dc727c36fc01a93bf

SHA1
975fc413e333b841c01626e571089321da5c56cb

SHA256
79f42af88358b3fe359ecfa4f5bd1f15ba7f7a483a9a42aaf37ba9b159df5090

SHA512
e98ce6fdd3a58990399a546974f8269c0dfef3c724470c15852c398ed8195adcab16ac5dfc45c571772fca34d605837ad280b813ec8f3d865a5564a8ed39f7a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
4fc741f3e0611ce62420f63bb29e520f

SHA1
877648c4287dd47c4696a26b64d02fba92b1ed5c

SHA256
a2dd03080c926cdc9e25e97d70915589dee146ef71a1b561271cd97941d62b6c

SHA512
b2e4397048473687c85be60e8843b6d6d212a304f54053cbfc18527525b83df716c6fe3d2e8225ec5da8a06cbba542a51e31313416c77f9946c823749be196fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
b20bb4b9fe9b3117130ad39bf3f93eb4

SHA1
335cf5cbdaad5c23d2edc0a6c9c8c5f506075a4b

SHA256
cf0aa5e6154e501654f8e0afb5198f863f663d6b788be9e1db0ee1f233fbacc8

SHA512
e7cbbf98ee5d1692601f29196c3e4c12a32427ab5621c6a3d71ba889bbaa7b9f444df12cfcc17d481e83760cb5b40721f1c4b371420746ac055cce60840e4455

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
f65b1dd32b2f90b664a99bcd7d318aa2

SHA1
2196aaff8ef1ea49e10a0849a5ac0b7d0c7c42b1

SHA256
51c2746251f7161994e7863a971105aeea774e4586c2221a538b6b2b11b22b56

SHA512
26f88ddff9f2f130aee5071ac5b75184a6fecb5f8621815b23c97aab23de6c6835b75acc2640176fc7c3161f633d94ae3d0da635f1d7bfcee782f12830772a5b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
b4234a1c673eb239a7878c231fccc3ef

SHA1
169ed37f20504210f147d797bb563f520c98a2de

SHA256
1d1d41a2d5187489353fe3bdf88a8b097bbd69048b9a6ad3db04e643c00cc1af

SHA512
3b54882febc76462c3a7e9514bf3822fab8477541814b84f05d763d83dba4227020e5c05d99058b2c191eeaf84657bd83ccb118817aa0b6706f72830664fb109

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
bd844a73bf18d4400f25c1d15ff5d2f6

SHA1
81e2ffc9813b688de048ab417e96c63452b5fa05

SHA256
764201316dd961b38c654119ea1f7f4c5d4b0cabaf432d23e8412ce235fd222c

SHA512
b03c4d38e6309b6a3fe35bc0d31628e388b1e3dc74a4d545b4c88fe582df247fe16b1f210615f431e6e29cc187104255597660ce93737900d496287e85224f25

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
59a9c2f39f0ab58cd9bd6a2b1e191e13

SHA1
69ae9dc1b456c1f74f12d5cf8b3eb0ddfa09a9ff

SHA256
6ec02be203c4416ed982821e66bffdba87dca58d71542a22409bfa7f41385a9c

SHA512
1715d5413c1ee096e05cff96cb1dbe2742bd7bd35d3e064e263c2e1d9c6953efb285a94875d227582ff2c19df5aad137b653d5825ca34d229f4cd661fc2e4de8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
f5f80f44fd49afed67b6f5791bfa1970

SHA1
ce96c5f4f892845b7c56414a14c224ebc44581ec

SHA256
010af1adbff6374ccf124a2a658e16875d8cf24b6cfd03ca7778843c22b7b24f

SHA512
88984a92fdb8ff033717b2ad74116018513362ac74b2debc7ed34abc754d3bad8a110267e366ff54487b06dc46b74117c0c31c33c45922ce8b1877c17f0ecb27

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
71ae58efd9c079019253c3e85f6f4169

SHA1
c4e27b235fea1ff4f9b3137f19ede1d03bdf0728

SHA256
a3ca4dfcb47b32815d57455fd52c7247fbdc409b732e7b4b7afc2ee62ef09133

SHA512
344f6b58a175d913f9549566ab8fab8ae3be80b95d0cf0a502897af465aa6611c3d937d00664f5012f18c290fa45736689fb0d316a10a9fc84191b250e6aed7a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
f68e67502351823c89479397e3b4a37c

SHA1
07db178414e4a2e538a05c02e1d7c6f5a3ad0e53

SHA256
8ce3e68e94df9c4020ab14407381f06b6a20f2a12622aa72ebecb7ab279e2b61

SHA512
e02bd4d31f0260593ea2461dfed202a28d3b2aa194a243e942bb39f06fe86f125b30d1bf0d50ae76d5200149bd32a2ef2af7fae15f08abff7f41feaaf87a03fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
80f2b727fe39d1c67cd8e6fa877fc205

SHA1
8f2e9044289e5f2b311058be7197691d0c436077

SHA256
9697fedf1e8212285dc08130adf07da317f760abd89824f337ff1e6f03e05492

SHA512
b9d21b6df433d385461dbbb460e0c703e03ee801ebeba200530cf359fa9680f6f7afaa9a3111f571b4f772ab980e2463995fd6619ab90d1e125b71b79702eaa6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
3179678891760f09203f4d34efa8025f

SHA1
0e1108478b60c600a9640244d94d7fdbdda3eb28

SHA256
80149825c5f364ae71f292aadfea67c80e5af047ab279b590307f99870e34831

SHA512
16899612f65ace7c21e1f43e7ca963da154ec3078e48a92865d99dbffedcc2967fef63c06e9b14d7a730ee51e2819d3b82c26b98ed90efaa12218e0c2e629ab1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
5ceee8a6289db69ed81ed6c22fc710ac

SHA1
d6b8312cbc7a453f733b24b4fe58387e5a28c986

SHA256
5ddecd33b3ccc101af67b9bc649b5a7f42c2f38d9264ddec94a257e048d6d18f

SHA512
2b784908f64b29c5777e875046b325f6b075cede3efc013fccaefd31407f60f521675f872698c43d390547ed57a51284c295791186439539885ffbf1c5067587

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
5a4d33110a1ed0a220aba6376e3455d2

SHA1
fa04eb69d086b57d79b518f3dfb91f627d1d308d

SHA256
ec556ac11e6bc0e6cc9f1f05c11142daf15d342a6fbdeb25b5b1a3f68becb571

SHA512
6e9b3de38e1f9d926d9cda24b50be92d1d76305b572cb14ddde47a7f32b5ad963ae0ac73cc9f055952aeccb3782aa4c2d0e32ce2749a73b19a313f350403d74c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
eb6b5343ba82071493e9d8ba30ba0096

SHA1
38491f4839c02e21a181a959f6d8cb1e6485a080

SHA256
758798ceca3acb72a189d28c1f18b99482dc35f55779b89ade4f593bcbd30aa0

SHA512
9a14374031cf9d06b6d841f0505873e2de45e7c5996f5d07106b498c1cb5ac28dd2cf94345305e35c4d524da0a9c694f83b0d5e3322022e798617e1161462cfe

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
d6d59c94a29bc929cda93f25fe722e15

SHA1
a5a3f1900107abcc0919ffc7bc87af5632a88408

SHA256
bae6691ccc48da657461838a04350bd575dcb02c9efbc87954b916e11bf643b6

SHA512
ca54df0b9ff0c2f3008aa45ce6c4e284195db918ecc1384aeb188d79ee6eae97ff95918aab53f393df4c814f30003d3ad175cca4c6ad8fb5dfeac338914383a5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
7a690f852d468a291da55cc91e66af3d

SHA1
1603b34c29f5d878746ee9c4c79112414ddd5079

SHA256
11e098c6436e05a52c6c1e357e448d3e161cf2c90f602ec1a9b4988ecbe142c4

SHA512
b279ddc3f64068238e5384d98c042ab0a2db79911a1e94266534ca58647132c63170a8af5055a7ec00d6df896ad06b39084dc930edeffb9dfe87efb5c2b3c3c4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
71d2db54a49a9f074f9adcf11fc84b12

SHA1
07bb1000943330130329a804db3f68d5162d0fb9

SHA256
bf11145be94a1fb35f4236180c428e06888791fd8a433128233bd45b384ccb57

SHA512
1393acc366d3958f3b76ea009bde02ac8855b65af3107e2324aa47fd728b49fe99f855e7242b210e7935b630e89e899547e23f6094a1bf4ed84dfb4306cb84c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
176d5fb9ec3707f6cc628df05cbceee5

SHA1
4de0abc8edf7b1ca846cc32352765e7d86c71270

SHA256
cbb1b74c1d634ba2e04fe9c8b3547755a0f5207dec0867506871861fa4c9bd7e

SHA512
bb0ece1970e816d3cc450be3685e977ac19fbaf758fd02e089fd0c98a99f4f03e757d09e1f7d60b9b8236a7d1f06ad2f20e3074c1ec7db133801fd36cfc1b5ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk.EnCiPhErEd

Filesize
352B

MD5
8f3eec6bad3e7fdfde7bd4d83a61a830

SHA1
142508655ef6eca612c094f7c9d811fc4b9f2069

SHA256
9f9f62af0ca9808ab45e9e2c9e90540066d8568b2d310fea09a1c5c76bae9c69

SHA512
4299e6851766bbbcb49d72e573dcfe10926f0cec158e804ca10d82cb9525c8be3a8789f5c3d39dab5f2e7455eb1a58c8afc11283fe37948bbd141e2c9acfcc65

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
dea58fcd34ebc886dd551416f79b765e

SHA1
1523ff371b125d845c08c615ca5612e4dc9b6754

SHA256
495fb79222b95165408d3eb5749c0bf9383a18148c59579b08665aa26664f058

SHA512
c71eea34abd92b82d7c7e41e3e7aebd1299392b86e1786b868020725deb5d983d21531a60b0f36b7aeee05a7e1d66f06492727e9fd3ec8b72461615d8485d792

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
c4574dd7a38c67a4d63c23cf8e3eba97

SHA1
da4312ab474a2ae7be23875497c07b9e6342ca5c

SHA256
3be166d97c22a6b882b7eeb6694b6a0a96d7dad7ca7448a630fe42940a9a65a6

SHA512
415599b22fa14767977b4d93dae95600faaa999a985f96e75e20375e5bb2144256f849c069b27a1c0fcb5a07a3684ce4d76ad9c22280ea2e5b54006f94471d70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
3ff1a71d21ee68a23c4ecc15f83db172

SHA1
8a40f896bafba5d862320ac469de4fa41869cda3

SHA256
b71ce224a661e757d5eb26856dda465153d3d5b6776fa42033e934b95bc62b20

SHA512
b87c66487cef27eefbc0f67583f920d339db7c4f4dcfb3eac0fdd71d3271eea46f35b41d13386f4a44a40315038e63e15d262c21af505fbf29adb67ff5420221

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
136baa7992fa664594f96dd8bcb008a9

SHA1
3f8e57442dfa36c60bf8e862e8d28a2d8738ca7d

SHA256
2a691c43ae235ff822ca518723d5c0facc6e45182560d07d34ed79bd266d19a6

SHA512
adeaa762328dcab811ef884ab93f58f4c94dd7732b8574a5e626dc223b4e503916093854522e762133741e6506d552087fb7fa128de43d5904dd809c326e1c9d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
d17f32c1ac39fdaf3c9a27417df86541

SHA1
7464a5b38f1d0f848f144556fc6ecf61fe921e7c

SHA256
57574512cbe06c49cd39b6649ead175f4f0013dadb12b7a1f00afd7fa405405b

SHA512
27d4cac1acadcd3e3301b69481a50cf02d3473aac5ff381eb2b2c0518a82d829123f566108d0b3b7f8267d7112ecd48b87fdf5cdeffdd4a9c90f24cd501181a8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
e442e121fc3c5c502ef91a29dbd06b53

SHA1
5b4f55b7e1456de8ce0d3ded9c8b9985e6a623a3

SHA256
410568a1408ecd89822309911e56af59147d436bfcfdcd10fb7c96384a6d43bf

SHA512
ea75bdb2b4f7cbdf7227a6e0d64bc1eed9ae1d86d9c60f76f08aeb9bc037bb94b92cffcb582fd23e873fae5623d9a5ec54ae12e9303d5de8f71447127d87e668

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
c05d1f1d1d268de5045e62ad772d35bf

SHA1
6cedd16a03778388aae0b2598d9a2652c2416983

SHA256
2f2c097ecd09704323108387755e93c62978fee94b78c27b7ada66241d72f022

SHA512
d99de3592b49f6dc0fe5727d50f9b1e9fe003dbaf00b422c3b22036305b446a4b83ade1a05fe8b7e00cb7841e6ad5cac8bc4680bda6835b1547530f6f24a640c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
6a8cd5dc85f4a3d2103179584951f986

SHA1
6011d25053e30b7e5abb70e294d959c387ab5328

SHA256
e14c51e01d023539c50cee5a30d370fcae1a631cdcbcc5e9ac4106cd30920fa2

SHA512
c51f93eb8579f8e7c5710978924ad582c5a2701724b2ee9769335f9cdbe2ef0a385673f8d32bbc8dfb455f4258b8e5bb57cd2dbaba02066d0f4423cd791ba12a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
12ff6528821dd3b58dda3ddfff986d56

SHA1
f2992ac4a36ec93575881f15ee1bb3e56cf2092c

SHA256
6ef93775a9b55fa021114444ede6633d00d3c80c64fcad8df173358452f3f14f

SHA512
759442eb2e825295773a8fd31c5aeec52c13425d29ba0e323b373475c5ff75220b7310a3033adf703d61b16d4384f2d72c14fb6ff17f9f081dbf7348e53c1fcd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
7a15faa0c6fed321503a891ae6eebed1

SHA1
aab7bb7ecd9b455ba67c8d79a152872d207a86b6

SHA256
f10ea646106ee4e85dc347e3a806de685f6af4ec48cc252192953618bc9f78e4

SHA512
b33166b4b2424ba4c258e522cc79f0a92c2ef5cf5bdf35e9116e206a919192cbce8711cbc09eaedddd9ded7b6d0a3109e88bce1a28e098c7ba61a2f2d909dfc0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
898556b3e5755f04a3c919bda62fad48

SHA1
098429019ce2a3fff5c2919ec0e26ea65d24a7e8

SHA256
11c355dee8b94489245d904e1a47921fefd927712542d3abcdaa39f4a2af075b

SHA512
f5a2d3f22091a4ff2bbde425da256ca3fa76714f9e3d6dca5fa4872eea42231af8184bef946ccfa115500185844d56493560bb57e4690ba28b7574c93fd945d3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f953a543c8a0b137435b859863baf4b0

SHA1
992d92129dcb0aa184420c0beca651a15d904058

SHA256
4e9db589569153964b7a91ce60ba2af9c9a987df58df5f7b3b7162d042c182c4

SHA512
4ea52e787d8ceb02df7f274593893af147e938ca17754b30fdc4b9b02200da55e90590cbf34a55a64b8d30085dcf04404afa1f37ad1bde8651b83262538b4ae2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
a4aef14a42d9ba2adc2b06cd367e0f85

SHA1
8cb77c09a50648e0c0fa442f3fe0a3cce72afce2

SHA256
cc184808763cf922feb143ba52454b2c6142ab36a4144fbd5e6c039d443cf6d7

SHA512
db4c6cf103ba3144f82b49f14c1f2b2d8e3b9650ac7e3437c5a62e53ab8a0e743745ce12b211e253dc201d1761bbe2cb0b711fd25174a9cceca60f8f80eda320

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
2aab66e6bc84f3759de91b193e39db4f

SHA1
cb58f81ada5fe716b6aea5f3fd2358cfb00c6d36

SHA256
65b6ace7eaf481e386dda8846a57bd8c1846f2a889f5e87ca8f05cd52a5953d4

SHA512
9fa550bc871d31a467826c7f6977c735b02000bc28ba47b5e9d814616d3911ca60d86bcf15d39483d7e68f51ab6071778c575759e786930c2ed9fa951ae5dc80

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
fb0e02c294dfb54eb43be80227f866c0

SHA1
588d487818be7ef5113ee7e39721c2a79b8c5401

SHA256
e33f2f49a489c76f6435b4a1d43d002e16ffcf579137c8aad338687d4441e2a8

SHA512
d70e22316bfbd272290ba79b614d79be04d55ed148a1a3ecfb9d2e5706e18e545fb2e5e13d83a49afb26119a691cae7fe4421aee694c9a184dec41f211d3b08c

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
164596667e78c11c79c0ebe4f1a468a8

SHA1
9030431ab34528f80ad815c0f74583d4a0fe9f5a

SHA256
c4e5d514f2f30af855e52a082e883802f225481c8d3889c8764e6d342b71673a

SHA512
a706ad7771cfd7249cff73a8e6ecda176c06b2c9e3e1adc4e1e62980bcfc0059c99d496178d46f1907c8bb4f5a12cb75235155f389a48242055a80a62fe8dc08

Download Submit
memory/1152-12-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-10450-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-10821-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-5606-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-5607-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-11150-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-11153-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1152-11157-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads