xorist | 96542c8ee4501ee802f5af3f8788eee478d0a069f34995f811170504552a1f91

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe
Size

291KB
MD5

22d65c37adb2e4ed39f280d086b7654e
SHA1

d977960eb14db1f97c77b9f8ee8d72df45180b89
SHA256

96542c8ee4501ee802f5af3f8788eee478d0a069f34995f811170504552a1f91
SHA512

d0ab00479999b363286390c8488f7d98ccbe70c782a92e577f95eddacac0693eaaedc9175d3cd632f946ee14632fe9ec0b8eb83bc922aac7bf130ebfc76a39bd
SSDEEP

6144:LVVISiDXfu0UpETghQjYnmpuYHULalgsN5qOY9nZGP83S3DauIc:3I5DvgpETKgYnmpF0Low9v2DDIc

Score

10^/10

xorist discovery persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
behavioral2/files/0x000f000000023b0c-4.dat	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	virus encoder.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe

Executes dropped EXE 2 IoCs

pid	Process
784	virus encoder.exe
4976	JF_CF_ANTIGHOST3.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nPde7iS1iFO7aSy.exe"	virus encoder.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\@EnrollmentToastIcon.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\@WirelessDisplayToast.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsCodecsRaw.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\DefaultAccountTile.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\default.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\default.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\@VpnToastIcon.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\Bthprops\@BthpropsNotificationLogo.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	virus encoder.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	virus encoder.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-150.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\index.txt	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-40_altform-unplated_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag_retina.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_close_h2x.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker33.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-200_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-250.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.scale-125_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Campfire.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-40.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-256.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_email.gif	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-400.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxAccountsSplashLogo.scale-180.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\SmallTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-20.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d8.png	virus encoder.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-warning.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-125_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\TracePendingIcon-glyph-E72C.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\Square150x150Logo.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteLargeTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\check_2x.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxWideTile.scale-200.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\MedTile.scale-200.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteLargeTile.scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-60_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-lightunplated.png	virus encoder.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-400.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left.gif	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72_altform-unplated_contrast-black.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceYi.txt	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Preview.scale-200_layoutdir-LTR.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-20_altform-unplated_contrast-black.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-64_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-125.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	virus encoder.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_bow.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderMedTile.contrast-black_scale-200.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\3039_40x40x32.png	virus encoder.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-200_contrast-black.png	virus encoder.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-125.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\emulation\emulation.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-40.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\NearShare.scale-400.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\500-14.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\previewTabClose.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-96_altform-unplated_contrast-white.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-white_scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo71x71.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\Media\Windows Hardware Insert.wav	virus encoder.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_1x1.gif	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\de-DE\assets\ErrorPages\PhishSiteEdge.htm	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-white_scale-200.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-6.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\http_500.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-usertiles-client_31bf3856ad364e35_10.0.19041.1_none_df86f0e7b84bf07b\user-40.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square44x44logo.scale-150.png	virus encoder.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\ErrorPages\unknownprotocol.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\SplashScreen.Theme-Dark_Scale-140.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSplashScreen.scale-125.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\WideLogo310x150.scale-200.png	virus encoder.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Exchange.Theme-Light_Scale-400.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\splashscreen.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\YourPhoneCallingToast.scale-150_contrast-black.png	virus encoder.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\YourPhoneCallingToast.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\retailDemoMsa.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\Holographic.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\activeFrameGlyph.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.153_none_e95531bdadf3df5c\DMR_48.jpg	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\YourPhoneCallingToast.scale-100_contrast-white.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..erymanager.appxmain_31bf3856ad364e35_10.0.19041.1266_none_20804a45b5801645\BadgeLogo.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\502.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo150x150.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\colorPicker\alphaColorBar.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\images\debuggerNextTab.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\SplashScreen.scale-400.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_sort_down.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-80_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-32_altform-unplated.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\unifiedEnrollmentOnPremAuth.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-iis-startclient_31bf3856ad364e35_10.0.19041.1_none_689a6c454db469ea\iisstart.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.scale-200_contrast-black.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.powershell.pester_31bf3856ad364e35_10.0.19041.1_none_8a237828132e61da\about_Mocking.help.txt	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\http_400.htm	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\pdferrorrenewrentallicense.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\logo.altform-unplated.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_save.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\http_501.htm	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.15805.0_none_3303de6fba37b5c7\image2.gif	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\views\tokenManagerErrorHandler.html	virus encoder.exe
File opened for modification	C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-150_contrast-black.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.scale-100_contrast-white.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.contrast-white_scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square150x150Logo.scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\f12host.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\NearShare.contrast-white_scale-100.png	virus encoder.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\needie.html	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\SquareTile150x150.scale-200.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\wide.Devices.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\saveicon.png	virus encoder.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\feedback.png	virus encoder.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JF_CF_ANTIGHOST3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	virus encoder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH	virus encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\DefaultIcon	virus encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\shell\open\command	virus encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nPde7iS1iFO7aSy.exe"	virus encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	virus encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "TBFZLTGLROVAHFH"	virus encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\ = "CRYPTED!"	virus encoder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\nPde7iS1iFO7aSy.exe,0"	virus encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\shell	virus encoder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBFZLTGLROVAHFH\shell\open	virus encoder.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
2044	msedge.exe
2044	msedge.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe
4976	JF_CF_ANTIGHOST3.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4976	JF_CF_ANTIGHOST3.exe
Token: SeDebugPrivilege	4976	JF_CF_ANTIGHOST3.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 784	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	85
PID 2712 wrote to memory of 784	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	85
PID 2712 wrote to memory of 784	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	85
PID 2712 wrote to memory of 4976	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	86
PID 2712 wrote to memory of 4976	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	86
PID 2712 wrote to memory of 4976	2712	22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe	86
PID 4976 wrote to memory of 4472	4976	JF_CF_ANTIGHOST3.exe	87
PID 4976 wrote to memory of 4472	4976	JF_CF_ANTIGHOST3.exe	87
PID 4472 wrote to memory of 3336	4472	msedge.exe	88
PID 4472 wrote to memory of 3336	4472	msedge.exe	88
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 4448	4472	msedge.exe	89
PID 4472 wrote to memory of 2044	4472	msedge.exe	90
PID 4472 wrote to memory of 2044	4472	msedge.exe	90
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91
PID 4472 wrote to memory of 3224	4472	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22d65c37adb2e4ed39f280d086b7654e_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\virus encoder.exe
  "C:\Users\Admin\AppData\Local\Temp\virus encoder.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:784
- C:\Users\Admin\AppData\Local\Temp\JF_CF_ANTIGHOST3.exe
  "C:\Users\Admin\AppData\Local\Temp\JF_CF_ANTIGHOST3.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.crazyfrost.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
      4⤵
      PID:3336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
      4⤵
      PID:4448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2456 /prefetch:8
      4⤵
      PID:3224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
      4⤵
      PID:2772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
      4⤵
      PID:2516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
      4⤵
      PID:408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
      4⤵
      PID:2480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
      4⤵
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:3632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8391056898994570236,14843547783528746274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
      4⤵
      PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
1d519bf88e5cf1830d3b90edfcea7f34

SHA1
e602b309bc737fccfc580a22583148849ac70a2d

SHA256
a40c1007f86d8e69340d256189a2c0f727ce08f71bc1a73cbbcdbc527feb2230

SHA512
e65bb96a50331e6bf0f08511138a9bfaa89c117519e2b35155a5a93031e5381fe3e410ca0ff81898eb5dd7cb490b15594c3e3938cc7c9aed3ac4c123ecb77317

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
61c14d075017074e8a3b7a622b10bda2

SHA1
5442df128a8e8c417ad2bd5f5d110f3f87ef0052

SHA256
fa4afaac3a71b3889d6c50bc6908295b650111b3fd4dd82ca107288bf7c44c67

SHA512
c578035a50252cf54b897ea00b6b5d5b0782334cf07d14ebf6ac291a1c27c3a46e3b9612d2392a14606c564ee9c403b9e0a83b5108254faec3acc9e33aa64eb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
5626465c11c2ae34c5d5249c2534c23e

SHA1
cf4aba80bbb8dfbffd9c3ebaa38aa6f949cfb996

SHA256
d648f9f80c0bddc08a7d60480baa42e48d11190e84a8afeeedba2bc8baacdbf4

SHA512
0c4934c299f0345751d5756c22b7ffc79d27e837d7c78ea092d0eef0d5b2c0f68526b0c269bf190347e4d9735e5dd837fc64c29506c1a908d9fabc6a37323206

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
b96f035fcd3bd17dafd808d6227c3608

SHA1
48eac48461f68e95ae785116fc85b3a039a4c5be

SHA256
8871eb853be46a2e3f02d493c43ddbabae50a9ee9755ed365a07d93bd885cea9

SHA512
be09828fbe12fdb3a9d9ef709064ba259d6693bf98e3339db629c5739af9ad4bc6abfa204c0cd32185e779856ba54fafe4d443e1a50fbe727b5f3e7cf02f6b49

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
5c59a3dbc9f6cf9e886dfc2900684c24

SHA1
68805bc1b9d8c6997fd4b61f6dffb55fb1a91bcc

SHA256
edace7ed21f32d1c436954e72330282e100e228be5c435886ddf12309b88f08a

SHA512
e47c271c4f642fdaee004486c1409902687578254bc3cd4ce00b8e5245d6090c9470acf39cd543f1d9a91493bf39485538c93cd6f3105b824dbc93bbac0fc189

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
12023acd07c78a1f81d63fbfa8e9dfff

SHA1
2ab4c3297d2c0d6e89b0df75484ee6d9f6529b5a

SHA256
a5fc1c269640754a33fe841f9fd5f71e75fb264666c17a2f61406f485bfa2804

SHA512
7ace5c6659631fcb8999ae8ffa9769ec0d3b07bb16c0b5ef0ea7ee2b87779f533493f9517b3c9f570483fef4ed701d2d847b7c3b88bd18a27c4343aa85654fd7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
eede219ed4676f3ff901c047d67eec6d

SHA1
69789bd7935bd5e9c69edb93105bc5dd9db073f8

SHA256
f5e422c0170b6032592ed1b96a0754f9718f18cdb52f0d09feada0de2502e3d9

SHA512
04bd8b6049015c2d75c7bafbb935aa86ff7266624bb006acfbf62e8acc6f76c820a5e844bd108cd1f2cb176a6ed2dc14f23b144ae8bc7344e324f1d0ba3a8f94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
949cf3fbd8ed2de3e770b25635147175

SHA1
345430a33608f8b967ae73fdb13e42d37f5346d3

SHA256
4fd91663a7f01977f5d6527e48e88df8baa0a862639b16bd18a3ef770a6344c6

SHA512
255577a1e3273d1d90a879514813c3b3162b9972e5b19c302d7c8e7297319b008910f49a7d56b78f62b6c232bd8ad30539d15fe2fb5a27f690860fddd0d2c333

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
38c00d173f13e79cc872215059eddf99

SHA1
3f6b9165ab0efdecc45d0f131746993fcbbb14b5

SHA256
72203297c463dac9687833034559b06b211c20fbb9d89f6e4d3fafb7df59b756

SHA512
15377d65f47b61f26df14e78d0dfd2e2f2372b3f404395cce7a22da6c97b0a1087d1360be3fc7a60ba0a3e9e75521332e9d6333a453f68713af52f69518e5521

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
50703b0dcac7dc6bdb7385b1ddd59c2c

SHA1
5e28c6c07b1f98b1a16bbc1d22f418f20d0e14bd

SHA256
9b0200a2b8a5a299b4a07ae81a7b797eb5499c980fc578e57309f826a28ef0f0

SHA512
4b3290e85b00b42db6347ca456b37254e5610f33818caeecde424f64406d5a36781488966d0909d231e54c87f2fc7caf69ac9848ae4c464d867c3b53c34b1a01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e36f2027e814a6c2c44dac57f3efd4e1

SHA1
d513f3ca00facdc857f990aaa7c56bf8931b2c26

SHA256
14e38cfd657b9ea67efc71ef2b2500da623a977ad73e533e9eaf0628f5ecc202

SHA512
3925167634458b444ef2069cb648f86c5f1f15dde6e658d83ea9b16cbb5fb3500705bdd6f275047b67e86f2294eddfa98724a86da4cfecc289e2b726dc01ef5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
1b0e97786ceb99175845e62618d3ca92

SHA1
7d359ff85f01266209f10121bf2da019329330eb

SHA256
3df74537ef2a5e9118910bc3e419fcbd61e18aa0204f08c32dd511fde8eec0b5

SHA512
db234c1024f42edea545e16f079b491ac212cacfd455d55afa699acfa6f64c491b91aba2bd0914a4768446b97fc96c7a1ed850a2e4f058e74106912eb8296241

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
be86b259cdb4e1bff8dc6bb7fe3c2177

SHA1
5085d68751928cc7e1c47c42799fafd49dae30a4

SHA256
68f3a25f8181bc914d6ee18993e6a3097e62d71895fba1e529c4629fdf7acdb1

SHA512
c1e21f7b4b45639fc6303ca2e982d4af9b69508e22d878e6dbe628f50be82d25f4fd0903fb032dbe4b5e14cc7e56dace20530be2bf35081a17345601a85858d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
386e3d159d7ca1461427aa614168b1c9

SHA1
eda7a3ba7da109195d25f3e4e5298833be7dfe36

SHA256
9a065b0f62845c91818c830098d5cdf00623f199a1bbed3f4fca7e3fb6f27bd4

SHA512
40951859d56324b76d5b0f8d67b700e567f98f153da6a43273f6a068064963c4d9245b0bad1a3ce15372391f3e4eb8f61ee65af74074084f9d7e1d2cfca95804

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
ef98aafa020c6796c236bfbd9d914dd1

SHA1
506ce5d6a671970bb51451970e52517fbadf3797

SHA256
8a163812f93f6be9c662d5d8e80f5f3dcea879578c7a5e80a574feec9813fdde

SHA512
6547bb413ab1e7c091051b7a3446bc81e3c5427b3770b4b9c073a343fed88df1b56ffbe08cf0591e1fdb02ecb208ac63b309a65879f61f57b1bf87c68f1db60f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png.EnCiPhErEd

Filesize
15KB

MD5
9419983e91b6739e33a1bea5df727f3e

SHA1
c8bd10aaeab272dbe74ef629acd81161fd1fdb2e

SHA256
095cbf3edb5b56b0c69d50e0278a22187a6a2d1613bf12eeaad45efcfb758e64

SHA512
7635701e6f5b9ea3c94f98b3b6edef9ac810d357df5885f44ef87241c6102731bf526ab65bfea18047b6348ad8b76a53a332ff83c8d6d9073aa6d90cd6593c1f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
5af4aa8051e1c91b06c4c697578f1f8e

SHA1
a607015c2c3caafb2baec30a01add02d3da0e73f

SHA256
e0a0057c925d8fcb822136db8650121f82441d0d725942d3fb079112ac69bc73

SHA512
208112464a98c184c93ad247fd131b925cb2557c86987e219f5c664a9219362dfc65a3f73610babfdc570f13a6dc09288aeebf5ab6471970e95f74d072e86ca7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
3a3d71a3cbb45809b6a40e58fd844226

SHA1
ee113bedb2ebe96313f0af3af9998a4d579c3dbc

SHA256
e166465a05c304257fb607a1ff021b7fed2b42a2955b79324ff72ab4f17cc948

SHA512
966aef6c2fa1979f5cd348a539eb707f90fa1b55197e05207c5eb3c6a31c77542f37d492f55604f1370962cd12644e3b0d20ec32daa1c251328fcaa5e4f0289d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
280ccc7c2399abda7dccce5d8b744e90

SHA1
3560adcafee18e7830aaf90e71a4030309e07c79

SHA256
5246e95783e5dcb915d4c38925f87d6852593f8276ff07faed33c7827be4a5d2

SHA512
1a62dc0d2dfb9f05096844051c8a081bebe656c4afc20845a78fa6046e9caf001388ee32aa575189b729f1a1de3dab72fe5c17df2dc5f5b5661fa4ee47b36b3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
1540990ad4ab365a9ce864ec50a27529

SHA1
2e0d66bc8ccb383e55cf95ea76a8b0cdf1b09a30

SHA256
8591254ced0c1e29e55593e7d5a9f9cafe9f253333f079b4bce0214c61310503

SHA512
31cb1326986eb3f1cc96b4ae7ebf561d12c0d7834aa13bd6fe12cda09e52f392df5b645bca231bf4af0d5a6b6afa19404b004be9db370b51ffb834fe4ee71550

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
74079a74e1862bb80b1b96716f195a14

SHA1
86af278d1860f134c00ca5f0541beab50fc827df

SHA256
6c18b7c6a0597b9381f8385a7c5254ca616b326792115cf5cc463863a52355c6

SHA512
c395d806f45317c8e0d4b89d9e4e628b2e0f40f4e1fc60a54ee5852c946702d8744a2699eb007be439459d53e11c967ab99d98153c2065b651ef3d98ba43b44c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
135907e8f8951957503b8dabca4a6bde

SHA1
5179db5ce270452b7508b3e46ce8130a4ae846f6

SHA256
c4c924f087a3758ba094a554d11859d9ceb4514f06ad4061c506c8b6f01e445c

SHA512
020c8ce0ca896a52674a1eb868d6d9aaef1053f1591a3c1846cd5de2bb8fe14a144cf9747b8ede710d7a7bcd845bc441864ee7c306b34a1455ba21390e88affa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
864daf7ee48c384b017b8051ba275963

SHA1
d8bf20470cebacb4d33848c608ae41f22286ace0

SHA256
38594053fb11f839b9f51086fa3a2b9eb63beed365cdeb0a662335af8d3aa0e2

SHA512
13a5a0ba25ffff1d9bb644d929bf5b3522532299cfbcf0846afda311fe38fbee85702317d9244380c1e5be26cba769cce34912a96f35da043ac88bbfcaa71a80

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
b30c4f85bebc101981a7b8b12d55f0d1

SHA1
61a6f2bf2b6bc4b24c1496e993da46a0501c0408

SHA256
2829c472e856669d75ae7641211735b73b1ab9eea112b8d1c2406751bb80ee72

SHA512
ecc35fd7d5df0b00147c9f085734590ad72d3df0f73ea60d880dd62bcb3fa9f8fd596ccb429bc7ca56a50cc3da4a4d6a2511b37634a45096c09272f49c5aa9a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
f1a8a9967928582885df1e0fa5f84e41

SHA1
5a110aef4d13eb27bc4bcbacd7c5c21059c93237

SHA256
f809a1962051b73cd2858fed9036984764bd7622894d76abba9fb62f8ac8b77a

SHA512
268151d78796f0910044cb26065b354f86c2ff45802b5b35db2891bb7220d459f69b12f6563f4ea68d87fcbc2a831b60b76a888da87b3456ad6c043cdcf2909a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
3ca2508b2fbcfd9a84454620d8de75de

SHA1
bcd85c424795a8396fa9094d67b7fd8b6a2af53d

SHA256
9f8b6ce225b994ed30f4ecdaae6586acf2f539b53b1522bb9079f5bcb6e85e7c

SHA512
e94492d3a32405a2239e7397d68aed5bd47e109eba8fce27e6a2ff6ef7554e8a49d0d078dc39c693a345d62d020ff4f47e05c636151b59509e9a3d45044a4d2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
537b95190fabf160bc5960aef75bdaec

SHA1
9d4923cfca871221a700e9528431bc1ffed90f3e

SHA256
22dec97ff4b070444b5c343870fc9fdda6d14cb6f33ca26d2847d0fea6a14737

SHA512
1cfb3be7815a6190cfed9b9f1bedd7360832fbe524d2a2b884e6f6e220c18fa4baec0dc8d309f9ce9c7fb57a0416e58c897bbd6e16a24511e9b9ea4e66145e34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
3a0abf1cefcbacd925dbe91e5e8940c3

SHA1
383d41ffbc5d917c9f5d97637663f90fcc4b8eab

SHA256
f8344198118aee446249b19712e63d7c8b08951801754c0df07c7ccb6ef2fece

SHA512
62953c4e13f85e887175d3625442242b0de19e655b741605db4427dc92d342eb16b11c06fa9a0ebee1faf8dd3590d5d2e513b5181346557f4e58a10e3b65ca01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
29863a355ae71bb521fce7862aa4b977

SHA1
18dbb655396a316f80e667257efd9aa71b9ee061

SHA256
aab1bb93161d97de9c0cfa02444b6ed0beb66ba9aad2c1551c716501ab9b8115

SHA512
fa2cd41b513c5f3153e5bbf635d864dddc8064399ad8fb9927ec6339fa410bb131a290d433be97fb0aa82b46f692f3ead0da9cf3993b679adee0cb1922be2e57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
8c442d0be5147b9b9413ee7f60227378

SHA1
2bf19b4e8dfe83e8df683544aae32799818d753e

SHA256
f7f6f03d0397c01ea21858cc433afcf7e814c7b74fbf575c74536c68a9241586

SHA512
7aecf644437b9b6f12955afb9764a72541749f2f6eb330e3fe612af91ec9ef124f01640245ff45c6b9bf8bb1de3bee19aa0feeb8005a87be7addc5ee7f3519e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
4363755aa59f84d2f4040165ecba0006

SHA1
c6ba552b38b49b8059044db3d411681bbbfbf807

SHA256
6eb19b4ce139e9a30c033d8f1bb2d4eb02aa9de4accdf30530f305c02aded9df

SHA512
dfd2fd3ef9ea087380d092ca5985d441c0d396641200428ab324790dc624cccbdc719502115889ce127923f564d50ebfe6fa609a8c6c639f0ac14a78ff585ce3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
f3f63b115984ccee22c59d488d536a9b

SHA1
e040431fdfa9438732c214103dc83b2476172e81

SHA256
e7ef09e3a2f7917f6d5c6eb0e725d89857ef91fc82a20d215a0a8a1b9e57d742

SHA512
d78c7599dba7761ecdec7f8b704599a072e2fc768ada2455c410bda55ee72d8960525d336971556d7c5663e5a228abecff6e59624e8b9c2e0e737b80a83aa38c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
d004591440483faee0feb03be72987f5

SHA1
d7dd32c000847f416d6053693002d4224fb7a2d7

SHA256
50e26ac4c7d75321038319b0adc6d3fdd04536e73eab27c276f63766e8d6973e

SHA512
2586a8a5c2405244d37d7154e2dd73e43261a4fa0cb19dfc6e7a04fca9327cd10030188cf60d365bf0d2499233279415f8fae58c4e46f0b2603b5b53aace151b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
17d36e479d6e7db3897b8649ea89a562

SHA1
ed6aad32e3fabc2aa23b41e30f07dae89403bfab

SHA256
4db61108f7658dc0eac4f39ed5bbe06319f4f9414c44d74517e6ce7aa5fb2304

SHA512
f411ac591524a52d5646c7d9388d1289fffa29855e892f7f52906fc8d36f0a3a3dfb672bf3fd25d4be00b3407699f6dc9bccd947a3bfdeb5d5c87da672cb65d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
69c093872a7f25d89d2a8f309da5dbe1

SHA1
27ad94fb2647cc52e6f44c63259d1a83fa321efc

SHA256
33efa24989df08d7e27000a81c1cfcf765be154844dcfa9f887de4c25739701c

SHA512
a3af7ab7b10197d4ab282afb5789208b29a0300d456d4d72590acb6e942c8a4f20da200e524d357a89968f45bbfca8dd9c1cec713daddc8a528fc0b88e259f79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
60a1c38521a0dfe8397f5c480087e37c

SHA1
6d41c46f300cf303cdc2c2629dcb3c8859165dad

SHA256
de268b1aaac1d4e72c19b4ade7f740fbbd67a22ad844130602b4f8c367939775

SHA512
5ef98ced691aa455fd156a5e57a3511a2c17518b6494bab9c3a179fe1317b3f290134e9309beeb12d64c24fd930d27c97ebf112143b0ccf506853e3d6a7d6e99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
4135f082dfbd716d177e62ed0827013a

SHA1
69a6bfb5de3c04982d08c00c548b7462db2be37a

SHA256
4b2b37ebb8290f56eb023b66c4e268ec96e003c2b6346c26642adcb8d959b3ac

SHA512
dc34330ab3838b6f3c393743080e976fdbd3c1697608b9e17edf8da2e731c01dc2023f4cd49d14c5b4c928c10ebae2aa17972a0e49859bddf421e34b5c4c65e2

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
68c9b2541ae3b321d34ffc380d7e6af6

SHA1
f44f1566956ac9ef13fe4a09ddc5af736d46572d

SHA256
9b9e8e3e3aeda847815e977daec918ee8982f56ab80545e2829728574c4483c4

SHA512
49258dcfe676b6f35a19a32ca0eb2f1ed452ca052fc07b025131a1040073195b968e1f69d3c30b18dcc1f6156bbb28c380372a4b11d1752147b68ad59508c6e8

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
4846e06f8c4e12a788aecad18f1cb3d0

SHA1
71d4055dbee8cf298bf438312619ce1adaf0f20c

SHA256
fded5ad3099491c3314a3c41c8d5a69d27bc4e77ab195edb1b8db8e44a8b9df4

SHA512
bc6bc5e775cc54e00a3588fecc35366c2104ab55cdd4decaeedd6e3716108973beaa2eb7e474a4ce5db470ed9ba717aee2d1d198afc4516d926343730f125e6c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
eef6f664bada7096843208e0c492eb52

SHA1
bdbe1b2c6e61559f7bb118ef3501733b6b020923

SHA256
479e5bf0ef457e9d2683dd6357fb419d5a326ce39a2aaa05ad01ddfea5f118cf

SHA512
8c1df9b6c66749a821f134b6acc31c276df6d8d9881bdede6cc5ac9d9a699bd8f96ec70dafc1d9620e04c709ca7f04ad92d1e44559cc9c2750cd0b50c93bf373

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
d950d8716bd20c86c119bf176e110ea7

SHA1
1b067f6e40958361225bffa96502fa94fc6daa1c

SHA256
0ff4ff36e7bafa2f2edcce9dd5540f4129d7664704871e1af889ea8cf3938b05

SHA512
2a23953e13359a5268ab6a79c6720f590218931bb29532768a02213e718c6ab4c52d5a7771ce74ba0e083b71664ad159f5e2aa8fcdbdb718e27b50955a575f59

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
8ce4eb635bfa51442f07ba9bc5ebbd11

SHA1
e18ced501cc96c0274705b91430c7942658bf13f

SHA256
f93a5d3b2a9841dd2cf8d9caf1836afa68ab7a6aaef441b4f3794da0327a083a

SHA512
2fb76d369da854d91aec8d7290c9bb6eb0c35df8ac49a2a5ed9f4369a029b3d35f1e23f0da2435dbcfa8d1b3b02cf244c8a4f08d561391fa298adac9188d0fda

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
ac1a3aa57d2c4d2a0f18f33b0e042951

SHA1
34e323047fc98e4e99ffe6b5f7cc5d235b25756c

SHA256
2276e2711ded2c55124c6ab4dda28683b434fed3031614e9523ff207be0537ed

SHA512
43c531f64d5c87d565738a3cf7117e8cbb664ba444f53d425d3020c76c579d34b5f0986504c7cf30cec0cac98e959a3e2cff12dc59130613c2b2e3cb78526686

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
b01b7a18f0e6cd300f936960cb53cfb4

SHA1
fab9ebfac62da8e8c171224ab71381d0556f0d5a

SHA256
555f8baa5198c3668e355dc6a1a66ee76a725f71dad91ca2947d77644bf05d64

SHA512
d1a74620609a9e5850de9ec973b183b6c41c7844fef19764c4a60cddbe0590d73032967616b40f523cfe2262778504044f50e1a832ddc9f70bf68563aaa3072a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
87aa240bea5939c1293bfe320bce3551

SHA1
580e7188e3ff27c547f9ccd85bcf1d4f9c39aa3a

SHA256
3b289c6dc3d8e25993f9d472d18682959a5129f6617ad4e6a518c9eb49420974

SHA512
3a05ba386ceecb8930a5cd442034073ff980dd3776dd92957ff806d83bcbc3875d6b2ec20a098cbc072888c890f45c7a705c1141fe39762637c1fa5fe805423d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
914d6db719e8a76c2387f10b81b2758a

SHA1
d569b2d5b88d7a6e58caae4253eeecd762b1de06

SHA256
3a6267cab60a27adbb17126349eea7df21746014465b4f3cb9b6d535c1ac9814

SHA512
cdf112d4a7a981feb50b50779c0284ca7c45ee08aeedba2a0f0b8c4f129808dae4a3bb85abd0a9c6e904aca895029257badfa16c5b91ce57dbef487e37fc52ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
72c8a48215da2fb8f02b87d745ebf03f

SHA1
5dc7bae96c63964a0b8c60ed0eadf25091b2153b

SHA256
fc54d12fcf62ff011e5b5e4c8af451909f84ad6780a8efc208596032fae606bf

SHA512
7fc12862fdaef48deb991ce679dbfa38f47d07e3cf43619c0d43f83916bb5804f8cbac7efd0a8a2f9f0edba2924d6d295328b0ef27591496ad44445e8fc63453

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
6f3874364e3e76083908ba5bf8bc892b

SHA1
dca8ffe879b2f32007e9de9596a8bcfbdb12e572

SHA256
0ef060ca304619f3e207f32ca2d6c6f1e87ef0033060378654c0fec4a7d0f164

SHA512
206fba42917b11d77337fae92aa73ea992968c5b9ed415a7971a82b1324115d89b3850f1a6c40efdc88e36a60b9f5cfabf760374194bca41277f06510391b2fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
f0cd38b20aa90e0d5963cd602a76b745

SHA1
fbd2a9bc90982b0ae99231a0c6844945b6f50144

SHA256
f13cd10291bec64e0883a4546af1eec73109be31ce86f6d22e8d5908ccf5592c

SHA512
13ad8d736a43490c0f3e35d8550e5d25108f61b619da5042074506afbb0a7edf305ba505166ee08c7d21de5dd3387a0ff574bde99231e892dd167fe2073c1dfe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
7b890090f67bd04a02a9e58935a19a09

SHA1
ae8a97416a082d7afe5bfb8bb2ac7ca70b1d82fb

SHA256
30af35197e548659410b0d54ada06a208d278baf4a9290eccf1591fc72df9ce6

SHA512
32dae9fd890dda15a05800572bdff71e6b890113b64e2890075c6d91aec024dc7ed2a05b6604c8ab4e4d1c64f40e1c50a49926a1cb5695d8d82300b30a8d994e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
9619e4074abd50d647784777d3e97aeb

SHA1
88deed1015840e9db98ab7fb5d71b5edac08772e

SHA256
fccc839440f60633a55ad5e1f1c9df075b3073fd7fc231caf004ddd80450cfb7

SHA512
ff7a8aac2d1295ebf7bfd6e51e5446dc16f10eb0ea72694e8b1c510f1c6bbb5855921b1ac49eb2079058358fcf4162363056bebe303778f13c63d3047dfc8362

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
b5c83da35eb713576d94a1391e6f5a87

SHA1
95b2487b8907fdc64634ba3bdd911c6e55986fe4

SHA256
d2d8cb2ae71154d6fa1b1f508d0193c80df231a96b728e46f980cbc1add28dfe

SHA512
b0f615fb3051d421e5061358de3e38f04a8533b84519bc809c48cfb73d62ca254786a57c4d327e9caaa84f3d7bd8816f69fa98e8fe4964492d651d40c62d8b4d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f7ef9b44ec588d06aeeade8aa2fa4876

SHA1
ac60c20f4e072b77974617060a451dfefcc82b6f

SHA256
a0aee26f00898ea108c99a3249dda9840515f24425dbb13a60de969e0e5345b2

SHA512
f877b0fd176b5bc598a9f450b8d50162bd703cd2a287cc00086ad83e3ec89ba1f75d347ee92e05fd953a87efecf86c64b91a2d22ec7829255a97994289835ed4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
ad63721be6d3403046238228cde310cc

SHA1
ee0e1b8ee6c9525cf21ea12a43ea5d6e60c10973

SHA256
bea9e0e00d1ff5eadd5ae3e6c1a7caffeda5255d39a637583c8f2e5a5b1f77b5

SHA512
4f1c22c22ad4731f1e35c62447fc25b35c04f5ab8f036ee2e97c42e79ad8bc80649babd3312d7f57cb1dd3e0562bf76559126d069980d35341f3c95792fd160b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
3cf0d867c54db2f44875236885faad2a

SHA1
d810c929efad6b9871ed3eeb616f03aa25959da9

SHA256
7dc27bda443727b77a17708be870d1f40c86f4b5182cb25f7f89eda115c54e2e

SHA512
4324cc1e1d53519456b4e90c7e1179e8b3f526f489aaaee804c2e4a8d1ed9eda57c402eec97801234f09159b4db34e3cbdd376529297bfade72e50ecb2690ea8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
74ce92d30e43861163befc80e61aff73

SHA1
8d297ed7247567eb05d32685b437f85115d118cb

SHA256
1c86c5bb5ea6d603f572015337a814c3dd98a0f8fb08068d215da97bfb4f834d

SHA512
88f160e41f8249d50e292fc4433c30164738840675eade27244ecf12daffc7d10e070828abe05418a304925aa86d2f28cffafea64f7ef2995e88d6a2379d0ff9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
c37f9b9f284de4055bd9ee302673d317

SHA1
51806b8afd67a6e6275c18a1486d3c9e924f3bf5

SHA256
5d8dcab3b8a69a51215999cb9a63eda0d50bc7601d30da4fb40a1d43de5c6665

SHA512
6f632a80569af40f56982f865ad159427560c8bbc954e8ab716da1bc230844569fdb52f6e23a0783cbc2b18fb2206c4bcb33c64fe339ed869ac97883af04d19d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
23ad19d465a688120231e042fb3a810e

SHA1
711088a70ce8d9eb55d6c786064fdf4d9216c2c1

SHA256
1bd041461329a6850633efbee4b9858bee39acb5c354995664fb0022858c9860

SHA512
585ce1e5133f0ccf240287300040a9ad66fa6e5cdad85947e859fd11adfde50ae8f0db013fe01db2c55e3fad847858c12034ff93c20b4a187f05f7cc37d9a37c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
235cc6536787eadafdcf899dada3dd65

SHA1
50f7b5f413595f067493de4eedf2fc0504ab8b8c

SHA256
3e9d24f108976352ef4db164f8bb2cfb3525eeed4ebbae1c924ac048ae68d94a

SHA512
14a8dc0a6d7523d35cfd0a3ea188886ef500f3fe875786a1ea8d2432654d716180250946c81eb896403457b1f91dde39d5ec9f271a6898b0284843b61a8c80a9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ff532133514f3f5d690826315318a6f1

SHA1
d8b2b252777d00e6372262effde8aa97bd36ee4d

SHA256
b694542853f423e01694a971c3a259370598cabce9700c4c1b5a5ce15e4e204d

SHA512
d9c14fb7501ef68ce481454f815a2d00ce83c19418ff50ccb0c0c0caa936876d016d1523d024e5d2b935d6037a6e51a8d20742aa0c94452dc1c79a0321146666

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d47ccd77323df46e2cbb13410da7d250

SHA1
abb431965bd65c556b6971d4dcc94d3d976ef37a

SHA256
0bcc4ee9df6eb760d43920b8ca499782ad1a7b59835331c9a0a0b937e2631e76

SHA512
799f0daf05cff62c633e83e53022ebad26619d987c119ed702d6fd451ca1b40fef724b1d39c82b16425f83276fc2a4e7a7fcca515912ecda3f5d42ecf9b0391e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d708f8cb7e71f6a577ecee40e89a38c0

SHA1
8323b1ad01dc9ec4c993dd07003140015b2bddfe

SHA256
ef4e696ae71db13b94dc826ece5d19735df5f1be10f850540e2261e22951e691

SHA512
bc32a4ec8e0e07cda9a3f8bad4e167b80e0d0fb9a31718e2f7a2d6f7965edfd5c3f6457dd047b888d702a0db7cdb9a83f108b9916c9df56b83c0929086b4f73a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
4d51c17cba5f820a39a31e29cbd9bc33

SHA1
1feae540f21fd524ccbe83010b34119a13ecb495

SHA256
98151e6474a19809e76df3db5f3890a7cd82c321b20ad50d07fc59d28580f1d0

SHA512
939087d58e5ae5f18a7b4efa3a703f9fb93a60bb613496fd60a73e9137fc875ca7beda153c4d429b7ca972d40f74c191213b6b7534f6ce5fffc3f15b2a124a0a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
23c908c8c35b9bd58399fc6405826360

SHA1
9ccda3779496c106dd9853f813b8131af08454d8

SHA256
628bed7e8bc1ae530ded12d5071196a32ef01cf619dce64d7d1d9b51f7250456

SHA512
cff1af7258168acfd9ab75e93feb0784a9d80eb52cb198e312d8a90cafca36d97e657dba92bab17f01746ef4bccd55d005ad1d9afc94f8580b5bbfd3f5650d5b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
3ecf220c998b00d7155571ac76adaf7e

SHA1
40120faa9000f9b2db3ed974d222788bd46f76c1

SHA256
53abe1ce7ae8332eee032dc2461dbf5619010f59dcfe1da24e880747acfbc292

SHA512
6649f0a95eac7356d5b816d175ef79c2e78eecc50c4c3c9dae0ae5731868ead3aa02e17a6031377b25bbca8e98ae2d5cc2e717fba5fe3557effd931b17e902aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e61d9e048aa3273d9190314b2e4299c3

SHA1
242ed6770616a6f80241dc81ca4a1df12a52c46c

SHA256
e56bf14a11b8ba2a1d86d59660bbe724b35a1142c623d3f9b957d8f40c376ab8

SHA512
f1e3fade052b0eb0e5c30949f8868113014e1af51a731f4d18df6f0e6096ba3dcc08d1a6a06126df73e05c62abd5c1e11d0fe7e98ba8cc8cbe5cb718e8e4562b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
699ccb24640674674a9e275e2a8cf42e

SHA1
639a00059d421aa6729c2bb88cff406d4551b6a4

SHA256
0c2f26a032a1a372aa1838c8ca294217e78f375c2fb5abc1b432cc6050d989cd

SHA512
9443131b6ff9e82b3d950f66716a7966dd22d23670b29c4053f2798650756cb3f9046bd91a4c20a233a6602bf407b8f5e5475384ce7158834d3ec5828d645dd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
0eeeb96f7194cfdacbece47db63a3a6d

SHA1
e5b1ed351bb5a51075f05279e077617ceb3a205d

SHA256
25217c768750ab30f7c0a4f3796e78775ed9a9b55b4f97fed06f39cbc99199e8

SHA512
8344e7952fb80603559c2738737d19d96ce0dc1ed34302238257a15ecb9c259794098efb57986d2e3696dd81eac3d5de589b978e449fdbe988f4bbbb38f646c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
e9fc345dd779e4120ba11114278baede

SHA1
895747b146a4dd81ca661c5d0fdc4541a50cbbaf

SHA256
b833dd75374f753308cfa837ed501206008a023e514b7cde0c9775a6fbf009ca

SHA512
d0c2a9dd68cdc0ddd62d94577225781aba9825fc8b519f92bc06b3e779a99e87568ad6e4cf3e19ccc31c65bb9b58b182d855e93822a2834cf1801b5b25f66289

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c308fa4645757cc716120a47ff6c0ed5

SHA1
3b3997a4a5d5681661d8bb94e649c5716863589c

SHA256
2532037c61753fe8d30f01fa0ad0ebfd7bde0a9c3988d82e8b24bf2d63f9ba98

SHA512
3aecd4545560b8c373050086924aea56ef12f641f4b9bb4d9aabfaf4cb9adc6318522b5e7e6feb0a4eae742f7960ac21c8cca1e4a8690dfc4a2a78bef4669006

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
cf84def930e2d95097d3fdc820b3c875

SHA1
6041ed4d2fbd62fe44fede71ac2e7b73eaaad408

SHA256
2be8e085e7ae82154c920b3d608da15d383c31fc7f0fc002ad9afd9837034c5b

SHA512
4a3f12cdc7c3c0d4e5a41dafd0910058541fbca5892a085b4d68169e0b9d31137cb3e3b64446233d1858df57e3fa25b4f90b6ef4751532e3cfe0cdefffb76a88

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
d0e53a14a445a58c7c873bd5c2e8fdb3

SHA1
256c19ed35c3550607180e1e920a566e87459cfa

SHA256
d275e12970c93352da7ab572170f15e49e0b5adc87ae00df5ecaa3dc22cb0092

SHA512
d7e9704b058b291bc5b55bdc2b73e2b6eedf7d071fde0aa4410d928b958fb8e05c42efa9ea05aa0e436b6a11f39ca3cbbb05f69d6807623d7cf8ea4feff6b5c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
89294e74a00cb29b7b568b8f1a87f5db

SHA1
04be93e35cae1a566ff1d4a23c54848307ddc68a

SHA256
b5d82d5bfa1107ee67cbaba66d4298915d0b03e731dcfcb1b97e47bb7d1df180

SHA512
88484da3d775ba3446cebfd4d91e7ddea381b9f2b9c28a55ea4f1ba52f6fd77cefe15ea663da02fd13a8c0e4a91fd35b49bc6003de7395b59b44f1e268020a9b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
af0b4dcd5b69277b3b2149d22f153e27

SHA1
d0e31925cfd7f4443f1b48037f67e6f09df06435

SHA256
bc334e0b71894abd4a86f669ff25a614e161d74823a733f9da6eacc470b91103

SHA512
eb2d3c243f6320743450c13e6e29749ca65905e3e32bc745d10cb5ef820118a773ff0a5906748b68d292f9d2abd177b5fa88485b223741f047298d3a38976305

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
65866fd549f9a0b48985defba785d7c3

SHA1
b42c95caf492d48ca8251cb135e189056b4956ae

SHA256
e9850c9962377139d461840b58c19a23950c6d3f9045fcfca9b3b971d04bd80c

SHA512
005f3f4f918193d085be184b302b1f803319512d0ada5c65f717a3bc96a8a95a192101893d7a52c2163671a0be9aa4bb678b95b9ea0fd1f7ba15366bdcf4914b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
06f9270d4d5103827fda4a4f1a465586

SHA1
c0c689f3ab0ce5126fda998cc9cde1bd0c0a5214

SHA256
34ad7d9b5748405fab86ef40af5e86381f189e084cb6164b0c4a44a4cc07fd41

SHA512
e1efcdb739f4c8f50c122c061539a16481e0d92edce47049caf2e08f94e76c9657672b21fdc2110c50b9bf96e1c59c72995ed177e2c83cb4009ec8419f227612

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
0529e4bbd7e489c69bbb0249696db914

SHA1
3c542065141a53d6aba3d3efad45c1a1cfdaf2e5

SHA256
dfff90ef9db5a06a8b8aa546f6e2fe5b1592c866f6c158437cc0d538108b654e

SHA512
5ea50f994782060a671140d015045d8d90c7c2ac8339888587fe22ca83cfa3b5cedfdb48543eec3520025eadd7d09fb412336e57d78dfa522e60a5b3faa4b83a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
b1d54b5bb1f09d021b5764a8b1a3548c

SHA1
7c02aab92098ee63c69315eee6df22fbebe948b6

SHA256
e754ed4e95ded565a44fb641e1326b574e9258277558accb852948ca82b56ac0

SHA512
a2dee1ffcc4c20413d44f7286b934351fe06b80f045aa6114a0173c1644937f436ff69c31e31c0ee6dcd7d587f8890c7fbd98ba2f913af30443ce78494542c8f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
efcb2c5a3abddd577462b360ef3b6e41

SHA1
315bf862544f12fdf64a7d815cc8ae1c55051554

SHA256
d607f9a6b8ed10cbe4fbec172d80e91d895b0530d48ec49a6c559ef310138f3d

SHA512
2312ff70adafbd668afaae771038e19fefea65be6d818eaa015d360efec97625da1b786f45a9a637dde342bdc01aa1f5efd6be1ad633f7b0fa71dab639a40eff

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4a76709d3e1305db81c37acf3159ab33

SHA1
7af99a3814679a50e35a193e04fe597e114c3611

SHA256
d0345ce819200e66986431cbf772c97d91f1381057b1abf1fe436a877a0205e9

SHA512
9c17fd3d48f8b601740553b930bb118bb984c1655270b5c0fd0bafa847fba5aeb5a4eb38bd4c42bb4b11b16bf20cf05530087891f4d129457ffd0a65318c54a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a2ed9278b97e59a4c254e527046210d9

SHA1
72a43b970eb10e3a7f1bc503079832b93003a071

SHA256
ae5655e012ac1833f81cb8e9af71943f67b2ed6f60b5b7de3a61aaad53b02859

SHA512
fe06a2633ea23146766a09ccda3f427a93c1d36c15312500172ca726a02db940d5807a85eac2469d715126f73a1fa53df58164b684d789e5afe871ca90919f4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
90c08a272fed4135b9df2830154156ba

SHA1
4c960b529336f7cb8c9bec4264635f8bfcb50920

SHA256
1f1ec720f492c0f3715aa726970783ada532e52cf149034e925e7ea38b1b04c7

SHA512
542eaf6769ebb7ebdc2d66de299e45011ea2ff875538eb0c2ad65d0b04ef2c3f757ca76429e46f91cc1f3b3da51de434fc892232fd732034befe448b76f00063

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
7cb64b5e0a8da09ba33d01dc9e2468f9

SHA1
0abd38866c399d7d36fc9bc84616e5ed54edcf0b

SHA256
68614df547f96d930b2bfa449e9a8ea7e29abf09985929ecb0da3a7ba619ecab

SHA512
c5551fecd8e36e62a68383f7d9b5aa98080ab31b4461b72a84f9f8663ee4696c442085d2256558d0993792de0cae53f3c0382efea0441ffc065a3d2df854e404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af4ecf91bd1104a72fb5d8ab7822dc81

SHA1
e6aaaffd377737906c9b4d5ad5b0f4ecb899721b

SHA256
4e3af3d09fc8a9d173b9b40ead34fc8dbe87d04dda034fb5c74407122ffc6269

SHA512
c365d9af9d9fcb5297e1e6cc826f560f9761ae36f6332042cb97e0a86bf1ff8f2c0f3493beb39ae6656bb24bd065450134b359fa300f0a163644baccc01a491f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0cacdad35097e76b3e0b2d1b84c1dcb

SHA1
26fb50ec682f4bbc6c121d5a3e98b5cb5bf9668a

SHA256
504aef4415741b03424ff58598222a9abe52f8389905cc1d1083d970891a92d1

SHA512
dda4f252475e31f8d52ac622441d6c5aaee28e41f7264efe791df9996d184250ebe4df11189116d7ae29bbe39d86957ab8e41ed54ae0cd35da8ad732b7872a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
215c53fac64728bf18407dee1dc650d6

SHA1
55009ae96f4fddff86dbec6c453dbba5ce7484cb

SHA256
ac94091fc5d6ceb02f88e35e738799e8ad9e44af0ebfe6a0ad8f3abee1865e5c

SHA512
ebeb290d1534af422378f003424bf9c595067d0426959227f91e053aaad0dec58fc1d3a85ad1f10cffaa9582c64174b59f2357859fa7d2e54e7f52f48246bfbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
e987db698265d924a5d4836a358ee168

SHA1
e9e14661da393225d6054c358c7e1d568f2176ed

SHA256
f39d8c35bb84a776648c8369b520db8f25c3d35c0fac880b665e4e844bc3bd68

SHA512
c8e61b252602f99eb779702d02e5e2928dde0f8072f40aaa56f7dc48786613b60adb7f9d69bb8130fb3a1c8b71ffae9f851bda5f88cf4ffe5ce5214963b9fee9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
35cdd76ac67443c74dc0a24905efa8fb

SHA1
4228e0f93f16760660ce4647874370b19d9a5540

SHA256
40be6fc03c71cd9eaa52da6552692d6e9f96b245cf54c9a8731ab757298ccbee

SHA512
9cfca839bd187d6ed338b3b86490e4ece5ff4b3cc4feea32b3b8a4b75029f387a05df8d6454b3c97bf9c4a13010f8da1c92ec2ca1e8aeec73f23f58de59b7fcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
418572c46d9a4a32a1675016538c1723

SHA1
0a1b038091b713d9a2b458a370fa1e77773f413d

SHA256
8b256dd35eaa4b647afdff78aadc2b3d7a6776a82cefc14a4ec37c00a21be2c7

SHA512
eb10813f20af259fc010fc80b4474b37b6efcb159e65561ce82c7b97bd54eee3ca21f635dc3bc73512659b9b0baef84918afc95d8425b81a5f9623de06263beb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
2ebc7490e9b2ebac5e6f94f5c0bc9d8e

SHA1
b4457867e73d90b261fab7760e2fda0b56c2e545

SHA256
17b79f31c6f4eac47ef6c2cf4609ec4becaa1e74a2ffb084aa84ed23f41c66d0

SHA512
cda5722a0a6a09ca1a9b9d8e8b17e80d8e2a7fdc8f5e67f6dc8b126c26cbf0ce98835b6c657db1e1f9fd51da0313e5dcdcb1e26058edd0f340db1e9de7ad71eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\JF_CF_ANTIGHOST3.exe

Filesize
258KB

MD5
3ffc01adf1bdd98bc7675450ef673882

SHA1
7c8226cbc5dbd32fe8553fd17edaf7f4b946a039

SHA256
75920af382027dfc7baba45e56b6e007ff6d5a5dd7b1506bbb98e08ddcd6742d

SHA512
875b7d94482c3ee7a20fff9b49f56a502f7858edb9a47c61c7a4918bd9ec6bf67ef72b4decd5a68775237ea592c27b75fb3126019b4ef7743aa0ce6a9e3dda04

Download Submit
C:\Users\Admin\AppData\Local\Temp\virus encoder.exe

Filesize
12KB

MD5
63101d9664ce362eba241e2bddc54a74

SHA1
3fa8190d6a1fea2b54efc6804dedffc6d29c4221

SHA256
20c262be3ce3269b1c2d0f6af38c189c69e22ccbdf0942a23c89073563445326

SHA512
118d99caaf939ffbf3b213a1c51f3933cc7badd737ecc13b9ae1c85163d352d8b10e7ec65158070860b0b78b50a50b3e2d416a9f1910aad0629ee6560a4435cf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
b3c45031f8e832ed3b6adfc3d0236f1f

SHA1
5513dcbb467854a77113f9f4b7ea036b9c73acd9

SHA256
13ac6bac80fc810c69128fe6226381d68088b4a7c6db15a492dc3543b15c0068

SHA512
22d8019c96cc273cd8817eccbfe4ee5ef5ac4ca6c47e7a5969c1656568832a2602fda1dd516d87cc20a11093d655c9ca73c0d71ee64c420194b3ec26f5653cf4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
bf04dda9eafeca1ff7460356a0b0d2e3

SHA1
2cc1dd2f5095850930d0f52395d2e9ce103827fd

SHA256
3d4afbcc6e1fc187c51081cb0991b0e2d0599b5b5612eacd0b0426cb8315fd2b

SHA512
38b7d295537d1793a7c9014376f763ccc3e11c3beea2a3e6d04ea5433599a0cfb66599c0ea4b733ce7d61cd2e21a678c37b356ae233f609e139a3c17e5dc57ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
058a42dcd5ea0da05b4978e759ed91be

SHA1
8bc48dee9bca0ea921f3c364210269005f41929f

SHA256
05361a6898a7a529e931fd750ff8cda48cb87a5c59afd155f7b5372e1f1cb626

SHA512
f3e6c0619975c01b83e6fc74149b8ba7a9ac43f969d862c9dbe235be0c95ea407142aa88127fcd83e0b3740bf90b30a00e5b0660aeab7cea2462dc4c3e581bde

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
712c270596192cc191a891f222c6de32

SHA1
d2622900405f2faa7993610a19369dcf921573a0

SHA256
703c224ea50f854b58784f75c928ec5d9496d56e57d15653a76bc7201e1f3b10

SHA512
5532cd1df504b39ce5724fee8bc1e510254c2610e020c95ef20158f706d1cd63551e83896261e531cd78fe308c2e1bab20373ce92198308031175fd0b8f81001

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9329ee8a81ea6cd13942fa1eb6b771a3

SHA1
fd8ca48ff7095675928506e45fe72ab47e1ea473

SHA256
ac33ed626dcff31c5dd7399e8c29a391261e77ad0c7c92e285d8d41300b63b94

SHA512
17f3723c2a19363522b01539584a8bac50d0270a0105a090cb958935f48efecf8db10b50b085814e68db66757d11b45b44aac65c2f96658a711c08ba0a4b6b68

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
3654a9ff4dce6d01d5c64927c708aafd

SHA1
22a0b4956f8ee9c4c67280c28333f1840c6ac430

SHA256
e8b6e42d2f8b3015806859681e6347da2ebb7d23cf0962d01f3cfc4f33391ed9

SHA512
94082e4938ab501c6e44847315784f4d8c06a5129db78811e43412e1c1b03d4f85cd85c078a871638c9c8b08b335f9b5ff6169f72f2d06b850f4ff3d1a100b3a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
f4fb6d351b3b0165bcd49367eb4ffee6

SHA1
0b91cd8acbd331eeb7516a28f46cba263d3caa59

SHA256
063baed3d5e33361eade9a32df9be2d4da7ac00640109ed76301ad25696a2f91

SHA512
86b2c18290305780d0c37470d050d9b36cf7d630eaf2d1db1dd7979bb62eb9fedc57a9c55a5d01800e3af2847aa91d9669b3d01ff91946e00ea3d4f4d4a68cb6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
3dd3a9d6d0897ec02d63f4bfc44f2729

SHA1
7ca87c2fb8231500093531b13f0a59d3c96ef481

SHA256
47e0a48454ef73a425423ed2768e58018eac35e9e90c528eeff9655a6810e3f4

SHA512
33547847f4affe36f4944fbd6deae29dcac4acbe1a76cbf941c5c6d31644a6aa456cbdc90a544a8556969e67528f66856a19abe76eece6ec25b0bf8c482aae4b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d5915a7450d365d4b98bbb2a23d35568

SHA1
082eed7453c062e03e62c3ffe07d16121d78ce16

SHA256
d502f46f0b0f36d1ea0b48eaa59f98c1586065364e2a48e1099119ac1f22edca

SHA512
7c2958738f6ea99f552fbd1adec23ec2a4aa19af4cdfeeb99e0dddae0a3fe8499194d2d237c763e193278a7fc23dc4c6768f34d2b4e841cd13f610511be08bc3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e698ccbde1772e46e60b5dc5653bf9f8

SHA1
12e5fc8b0dd0ce2a723232ffa4111b5d52b764e1

SHA256
540d847750f72eab316e99703a6c3250dd0fdbfadb1487bf9a8fcc926b35198e

SHA512
b8d998e497d92559f299f7cdc0022310e9afeafa2b8d59c4114884fa599cdf7cb3e56099b9a94899216bc27ac6661dc4db9efa06b4947a796ce489bd7ebc5fd8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c56e24536ba6c3819fa32ab29c1af148

SHA1
231cce2277a6b300224f7a989b21687e1ff55988

SHA256
2ba83a2963d53bb663747cbcdab16ffe14ad955a945bfadf6a98ddbe1f9c8a81

SHA512
5f45df71aeb22c9d9a2a5d7f56f2bfe7455a9f542ebf2e88419066d21e8afdf73cc53f3c165a417e2fa98e99612bdf6aa360fe4f32d9acd4311d7099ccfdd0d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
88541ea12723a5ab50a255b7bf61e792

SHA1
6cbdfd969a73c2cf50c6eecec94c16610ad55b18

SHA256
207907024900891cfa97b635c47ee8b52e1a953765a567cd588a199269cc60d7

SHA512
d4a10f5e3389c15747f1b9f3a2fb9d6b11b429c086b7a3e24dc62a2db83fcb099447e8bf3c4fd5b6d46aeda756fb68eee504f1da1a02614219664ece37be7c62

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6d82f17fb8435ce1501753f94159209d

SHA1
7f831f88bd3892ab4251492a1e2b6419f6a8d2a0

SHA256
bed08cfcc23494f3408668e494c7462195f471c6c33263ad9e17d0ea0914ed54

SHA512
40cd2dafe00cdddbdbf8eab5848dd6d013af597da983dd196b0e1c580644ced1774cb670dcfd3753daebfd35409d9ef78d83e6a645c2f3cde6f82ea922af722e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
0e12bb23ae932054b2a896dc9cb279aa

SHA1
84dda25e3e6f93f3e75139ffeca22146cc3a0a72

SHA256
66d394255390be8386193902a6a7017cef999aafd70fb2d23d8713fc9c565f77

SHA512
db4d1a0dbb0f93d963d10e739ee70f7af16f7dfb7a89422b5c7a2df7f3b40cb8c07f6f326a1a7e91bf71cca277b6e30dd06017919a38516b59a15e0829d55685

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
35bc541ef2081aa9fe8c3d401c447c5a

SHA1
3f6066b7c61f7f8a1e4392cf20296f38556a9aa9

SHA256
c3a09246ef916012aeaab6de8b3170c90495eb1af4f2f70b27cc88a5e06744dd

SHA512
b7431c830abc7a9628b3d20d4e78f506575f416acda1991689e99861c3c9f2a81469c9dae92714661ca21aec0115cdda010700f55004b41568e7367526091403

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
cd9399f9d13099e5e76d17507a2524c9

SHA1
307c429900cecb2626d03f053b3192fca50969aa

SHA256
d5f2c702de271f9117976246a454a068319c9252d0a953c9813d54e3ab23b699

SHA512
1006424a76750beae5ab2314137eec88896b88413c48a330b9ad4e704c30190e87443726994b698912977b805c3fff228fb7d726e1674a1407c0e5ebc6db263b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
8a0f6446250b6edfedbe9513dd2e4e4d

SHA1
8e3b4448eb354a2fd0450bb2696947035df9e084

SHA256
46555cc7cc7713c4ffbd276a124e93da1eacd5c8eb55a48475468ba9fbc9877d

SHA512
680e831ccd8d2b22339b569d618e1475767a1d95ca2843692336ddf45f930bc760b9ae2985a9fb4209070e64fc0d0716a5814819ac5b5fc2945e7a4f1f549ca4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
7ce7ef132c4034838543becb88009c07

SHA1
e0d4ce9cc8a9d63a7b75e2582a84f5a0319c2b73

SHA256
3691a7a6e5a811d6968103f971fe82a6e37e8d030cee522241ed9ba534f65a02

SHA512
3825b464d62b7653108535131663710e67991a54f2b346711c9d7c29d62b9351d7c0053959042e8696f6a2e456b2ed658876d0d352f66a5b4904a5505220f831

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
6dd1f9458f8228b139c22dfafa9772d3

SHA1
e3ede18c4861a14642391a4c3d73215a67552446

SHA256
c334bd270afc1f789edff34cb0d7026d527a580eedcc0ef5f14d23681b4fa2f0

SHA512
5c27bf2420c11d5680bb8de8e5a2f91c3c724944f246a37d378dc3f89be9fedf4da6d08883770c376cd44701459761b1d7edf5f82fadd4be3e24b0957d5238b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
c0770e4ed01b239995d60aaa83764edc

SHA1
97e7ad58881cf3a0f181b173280c40478c9a2a30

SHA256
5211aebceaa46deb0223de6b43dfb49563adac97a56249df7fb05032361223cf

SHA512
e25278a9dc1d8f999d69640de0c7f6df7fb35931a4e203afc7cd9421a867c8ec1ad6cd52e342227c049551f99f91d2b529305c995eef73fae4c20fbe762bb156

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
a68c26bdc1c7ede5b72da2ee48ec4aae

SHA1
ae19030d9383a9b1186bff44929a42f3ab707990

SHA256
e755f3e461bb5419c9b1e6c450428f884f5c8f3388b2351c59cee61e15084c3d

SHA512
d22fa487d9f3cb97d0e3c679e72335780defc83ff5f0ad724e50ac031a51c0250b588870a39c934fa6e4da33ea1708bcf2d4f3136e64335e6ac0dedb31824c8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8c90010720422fc3bcb76594f97b743d

SHA1
33479b2b525673acec785a05f21f62f84a858bc7

SHA256
663d08f7a2fa652625afd1d6cacd7057ce0ecce9963475aa4b06ad7aa7ed82ee

SHA512
8eb92ec485fdfc607bb7c2c3912d8c9c6f33926981d155577f3faaf72e0fa9e3b46b17cd99df668a264efb407ce362d92e0e7d9bf4cef0d4ad854adf97103c4d

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
3223456ef16cfcb0a110c5b2dc087484

SHA1
bcd57bc34f16314f55b2709d2ddd36f693d8dca6

SHA256
a89a178908b46e50f03772da2544e28dd6e81c264f80aea2eb989dd0bfe31982

SHA512
b87f762706f50273153a4f6820130129fae3bec00aadcaf96b84f964446a871847d14427482141c4db71b2d8547c543325d1bb93b75e503af460b041df14cc86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
25b48853352eb8440ab546cc7536db6e

SHA1
398d855494b0b8196a20d3ece5597b4407813d70

SHA256
6fda95b1de6e26ec2984fa93a76b27deec6b2bd605b068febb543eb5937eacb1

SHA512
d876701a344f1599624fbd42ea9d3ad99a98b56d584bfc4678ddbd57804bb6dcab8f4c793b6d7adf7c8ff1c5c78f4d278cf16b35927588880bd08ac1a4db45ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
8e66ada90daf75efc2175c841ee15de5

SHA1
b88e156c92c7b43dd061c3bcc989b144d20ea37f

SHA256
a56debfd4f0ce62dc82ef6534897fb294b4b43f31d974f8026b7aedff015fd1e

SHA512
4fb5cf8cd6d06ded13e410b3adef795b01cbd94dd943c6b6d15e296f4d050d00b428ebd77da25a21693f069407a21c88d21fa10587c1b7578a0961651868aa95

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
45f4cdaf00c9dfb1dd3238295ca9ed04

SHA1
ef58b272fb73085bb900d03cd6efe7e1908353da

SHA256
6e641a4fa2a9ea49d1430a9c2a9023a2b764192ebd079f68f52c323188850194

SHA512
afa53452a184ffd9dda4584aaf47d56fc519b6a25116c15e8c21fd9dc7dc358c6f1799c4170b9e43ebe30c00bf0c099eb492c6675282c42c8646800a88cc841b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
25fb5ea876bc36904f664a80ad17ef4a

SHA1
1b572d9cc032269f47b943d48cd158b1a824f858

SHA256
6193fc254c1193dc98975fed1da9d07270fde6057e50a56f2532c6b54fac5661

SHA512
4d4ee9989f94b4d4aec64be314baf35072318fa3930ee951f5697fc7744dbe5c13f2218db29f945b08d3272a254bca5488d951c463856344374ed2c9e18ecd09

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
5cf5c698b732788c035c2a76b6ca7039

SHA1
1fd7293b1f9f27457f4de598b3b5ae28bdbcaa2f

SHA256
3db2e0a0b3108d7b186828260b6683ba6bc71fb44cbd7895a1edc2266c622176

SHA512
d2408626b91557fdc1d553553731c0fb398f8ba1e41a2b59f490e269f4d573432c41174ab75d7c0bf0993ab63a30d7c5563321b5e07736276b0eedbcb57e121a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
c05b89ef5ecb3616f0d13248ec7b2df3

SHA1
90ea821f818284376d470ad9f029992606147a6a

SHA256
587469fc2c07548d158729a19fa6e98f416ad20fc411778338a629bd26e4f6b0

SHA512
cba0ece53034f007a0325877696a758107d37f8b59b5361e4629a6b47931834f74eb63af4c016c4d65ff2a027e799baa63afb2fe21888603a299daecd4501492

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
dd11d32c1afc3186d308964680137e8d

SHA1
b6468253189f7b35dc7aa6b3b256c75b800786cd

SHA256
7de15701059231d059f67fc24667ba5d5c38e2b5ebd15315525843615dff4352

SHA512
18f54a6c2abe7b75e9d97a9553b68cdb11806c9a40bd5fac9fa00ae3727555f24d44555d92a7a379df463133f4035a5c3e844c60b4e3061d1c4c7602c9b81d71

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
ef51326f31b9b1ff359559fd09b5c641

SHA1
23c444282472da76433b66dfb5b4ec194ba42806

SHA256
1ac47d7fecd0d61c792e67bc37b37386aba4c89c76c162d8c2b62e350f018054

SHA512
279b9721fa6e8e106fe52f0cb82939f1170aa01e3f57e0283a3b742a9d98b1454721a20d55e6b58ce8d02ec2fdf00477ad6a5ee7ea126e763b910d8611577f7c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
14ba33f49fa83ccbc760e76302e43e8c

SHA1
c684e5c699bd0aa1ce9f6e8a4a9bb42d8be9452b

SHA256
c958ff139151fcdcc01e4772a5f13471a740e0ea30e324f9873d815f49d3a282

SHA512
09ee244203eb501b285901319c25aeba668ab1bf7bd497ae67aec49de337976e88c771b1a95d3831a7d4b5ddf4288649bada9bd564308b39895efd1b73bfaa8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
fe7a37997f3b6737950d8d047418c3e3

SHA1
72ad475b5de4495e1c2a2d4e1416101ec40fc6d9

SHA256
09c4418267ed5c2fb4fbac3a9b1697a151ab2794a902212a97ae1f8241723114

SHA512
02ce135fa5f498953dfe2b5af42e28b63c5720ac52c5ff219c513fb25a057bb64ba663ae18d552738c6c9b785441d0f76b4075be7d6e10a3dd6b1c866e7c5edf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
99cf6c3026dabbee7cb879849ab21b5e

SHA1
fa574d80cc95ff9b959e9ff1fa393ca5d6ca0c04

SHA256
4619b957d4989b08e049a23f8bcd367778d8373c6725f259dd49a86312f07dbc

SHA512
ad6e0a6a209c10974973dcf4f18db61389694820940e59a21b9b4d20b2b1a9b3225a7ce331f199deacaa68b304736434a3c05411dd88d8b31760fd07718f2692

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
17b47b2ee4ca638dabfc9988ff704ff5

SHA1
ac0b6ed300c53840c81d929d9d4440bfea761516

SHA256
8e3b59d386f5c4f225e4467734c6c651fa9281c2bcda3c696e138d419454d105

SHA512
1c939e674a12b98d281fa515d772f8b0fbe6a7f9aa911236a2f263bd254387471df899f05cdac0e2baf0b6ce6efaa4824b375c36d73f9ae81abc265ddb22ad2d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
16896b75c0fb39534f31bc5b726151b8

SHA1
ea279cb63e5b0ec2a6917394b9a351c9b45d64b6

SHA256
d7f3992da7b6f1d7a88cfcf51bf6b636fa06e01b9c2d70653149e66c41e1fdee

SHA512
8711eed1de602f4b6fd4175eb25007c3e84dbafcd1d8a489f2aeefc6b7f7b231a17f64fd63900b6960c7b9700f90b053c8afe500b9d1d8f45efbd473aa41c86d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
40fa0819c357050ba37f822bc2338574

SHA1
358a0f111570f00db58738bf3451cb12f4186ae2

SHA256
b2bbb6d75790e8f7f8013994a9f072698be8520a31d0bb5dbda8218d494abc1f

SHA512
596cbaedc507bfce3f44bd85a7780d01f7f4c4f1e0787b3634f7f93940773567fe1a9e4f2f7429cbe1d9560978afbaf62515dc23e53f0c45bc12a878b51823bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
1541fc3fdaacd6c4ed0e3cb6f7a85876

SHA1
df84f1044e75b3c05769430d220629532ca6a050

SHA256
affe5a559916de3cd38d6b4a5dd8ac56dc0a1c380e4a2f941a20eef828490e21

SHA512
6ffd5c5459ebc2428dae87168e7d337e75b19d19ec17a5b4f0ce5d7a7be78d75d1ce5ef2a1d6f98f13684a3222a57ccc1a40c6a10ee5239879070f164170655f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
482fc111692357231a121a17f0ebf006

SHA1
141bb3b806b706a51b386b3314f6757a106e3809

SHA256
e6a57f4dc690c4bb80eba5667272f86e9740b8f17b87c9c52ff02070153d7109

SHA512
cd52ed5d775dbbbffa8b608b7c481b382c9e5fab44e558d03751d11558e3c0ca455b5ab3bfa84a0d29e4fa121e3cfeb82b82bbffd33eb304adc4a5b37f2913c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
aefb16fe063d8552feddf30d50c6f4ac

SHA1
bbd3d2ba9b29097df8a8b994c4877c922792789f

SHA256
efc4e18eefe45e640c4652923068a205d743f0dc995958f044736f6a771c73b2

SHA512
1951f863df78685aad61ae597be3f8b61b7df79b97019d9c2776abb495ed5f7de3e923ff3a56caf6769d9433f47ba9c21009f9375c32d19f5c4a2ee9196bba71

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
23c502377b97f175792cd9570c2d21a7

SHA1
bf68771510c47afcbf335dc8214119e647bc7a41

SHA256
cfb682279d5488ad8807140c77d0cf37d4986ec7f50a6c3b3d3d1cb14b41c4c2

SHA512
58410fc103ab1caea92e809c6a07498cfdf35674970539309f35f56c7dd5f9143ae4af6068985791f5904c3a5e803a02fdccc94e855cf96ed1c649ebcc77fb27

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
7f26b7c15b4f5ee5c90eae07b1bb08aa

SHA1
cd50a6288424dd630dd1e4e0b129f6be3f590d22

SHA256
1f9d817d5a7221c04c1cdc05c8b91f118db860518487eb418b2bca2c8cf85bbb

SHA512
ad506b1ad63d2d36ada1a17938af769b38a31703b67f47f819ae919c0a0832d8d5ec47f6346e55f516a4d0d8ad04320c107342eeef28c8fdfc1f756c320e375b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
455284717fa5de19ab8b2bbda8508ad6

SHA1
490d774f36aaee7022913804f922a1ed6aad0234

SHA256
daf20628a6b525b05f8e79e430112d519238d22944221e3c84b5549b89871229

SHA512
560dd48f6b5bce08542844e5bd7e9610e1bd56005ebab26a7c406eb09d1a124aeb8b5aece2385b083c3c99b8de7acfe54eaf1aefb9de801206bceff1302f11dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
ffb22e03a634b573722f4efc533bf737

SHA1
951a6ea51e54d0913333a82bd3f5dc37261fa3b1

SHA256
e3b676c46c4b920e99138cee1aff5227afc93171a90d720f4f961d1fd576e6d3

SHA512
826b9ef469b37ce6aeae10c0527b41b61d11d376f7517ed8fffcf054e6d147c3f8e645f3ad593976f47e81f484caf110891313b53ebea7ac4925be0af22b8fac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
b0559879a36ab3730858522251723506

SHA1
8345f9cd1bc4b7965eccc4b7ca14de01f71bee90

SHA256
57594051d5238c736b304a907a27dbd8e5b2c37e64ee86f08abc535a9faec1fa

SHA512
a08598b39b2e350ef7cd26848427f72253148357be01377383ceefa79c997481af70329189086262ff244ff2d9c9fba052e60de6df7a3cb2f1223383aadc6ba5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
f1fd3b1c98592088ad14b0433e781efa

SHA1
9c128f9667a976c2f4a76dc94925f2fe08e518e9

SHA256
8818ce614f7826c28e661d0fb51d36e97eecc6f89def9d59ed9254398a292a0c

SHA512
7ef9dd85ddafac04e7268bb482c30edd498916f94ceece6e98c7ad2586cba635c31cc5f6a40d17a20e45525793d2f6a9d615761efb3ddd4fdfaf927e59d091db

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
f945482918a8aefffa251748ef4b66d0

SHA1
c5cb0042c665eee0bb830c27f46b5c7a26a53479

SHA256
908560817aff36ae51413adaa6d449aa726bc8614f8978e02de0fd015670740e

SHA512
afa716efa18e3242e4073897b482cba2f6077ec070bd883b27f0e051d06a0f1d3121e73e6d9be5e41262d89a29f576ba476c48404209341e3b1488c8aa01a947

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c48bb2883565eaf989df5b0e02c17c32

SHA1
3e4d1820790dada49fa9ef9688f6a206d14db610

SHA256
9cea4931ca346a08cc5c180dd6cbcd638f13c2612e114c26a32553e630418f9d

SHA512
afcdff4fd47ab1a03dabee76823220dbc4a6cfeef2f2f1db06f9975c04eb4485b8d367a034163a79044bad719f25ed611ee201a0b7469e6f84eef70082a99d13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
cc51b9d4ba573459685c8965c4b4c1cc

SHA1
d7e665100c1e9844c21194c134e3afc9cda1aa2c

SHA256
ce8f9d759e652e744ddf8a0944f7d920fca58d59e65f9bb6f4788c27f27941ce

SHA512
7da4faa2024806dddaaf4d3823a38627f79334dec191656a5c79e340f7d39c2e3149cfa2c5b8061332d10b76fe437dc9e507ac585a52386200fb5db3d6556dff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
af3c6af70526c75fb84273ccaea2d025

SHA1
e5cdb03887fc905fa170c44298de534d206ac380

SHA256
79062de7b0b15cb7581f420a1635c93d0ba164bc67cd739b85ecb01e173a9717

SHA512
7254dd4ae94d614c5441bec82042bcbbd99ec943dd249e4a750f06b710c45e753ac40b679f78ee0149f2902eef4e939b2e3418886e4afd49e3d56f521f5cee70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
7c4c8ef15630ccaacdc067f78f6ebb17

SHA1
3de1e7c1b0027f9aaf02c6a9400f2d6d8ba73e82

SHA256
e94955c067cdbaa4c557b7954ef0e933319b39a9c489970a5b0412ee6dcc2664

SHA512
ae49ef7d78a515bbf42ed0d37fbaf99e612eef7ee5b50354ec48374524e0d97db57488eae28828ca450f4d30c0db6ca9e1ab21bc1e7c31e2309b4662c105d20f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
75125560c2d0b734769e0768c8bc8a9d

SHA1
f44cf186976040adcfa7585c0866bb20b4c0eb4b

SHA256
2b4cae0fb08f2e1379dba8a1a93987131398e21ae1431a778982db4a346e6ba4

SHA512
f45d5faa5e9aa7500ba5297c3c8d6e3d08f6b44db6878b5b95a7f161f8678820acc46809867d19dd896f44bf194ee7b93cda3452000c7640fbd4a88a41f73b1e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
1da13517714536dd0b317953c88d16c8

SHA1
3c34bf8254ed5f14f85f7102c0cb27cf7bd8b4ba

SHA256
2d03740f73a0f31256ffa93533f7365df23668fd4e1bbfc01cc60b946b1ee7a1

SHA512
26a0b1f1482c6cf493608c900a4c5ed78d6d5ef3a40f49b2104848194ed1be7c5b009acee9600b99cb8d93cd52c1f306564df82e34921b0f77dbeeb6d14dc0a8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
79fd2a72efa59e84f9b7eb699ba13a48

SHA1
1c732a8e8787c5dbad58e3b03861a4c15b7d6c2c

SHA256
3ccb3e6d686d469f513d98373b9e0cbaab274d3c8f78ee6c2fd4e50dd7543752

SHA512
3e822c3d8596be9c59ce32de4c79defee1b38309489bba28cce0a93bfa7a8f728f2f761455b5cd83e087a0dbe69bd6d8cc613cd1eb8202af2367730a045d5b97

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
32f023ebfa0576eee14aad85d7977526

SHA1
dd5d1a576fff87d7646427d8223b6fb50573260a

SHA256
7338fd943c729c37eff1882eef8c0075169a2a8f1e5c8256d5f884b84509b771

SHA512
6a8a86b1eb783c4a5d8fdac4281a6685ba1dfb8907280463a896a9f31ed20fe0e89b33bea1440b9a602740cfd07ed7e19125a802a288ed560f63a44d5d1d0c4b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
895ff391f338262b6c5c865598f997bc

SHA1
c68cc2ece9312d74368cf692646e43e35a635c87

SHA256
690d51c8c5152717562c5b5b9565e71e2688ee97ab8144fc75015341a9882765

SHA512
4731d2db31cad9d56863a7782244d2d5193478f2ebc01f4b0c12feef580d00483c1509ab11f700b8d413f7a0f00709ea2e2273cb00574b00baa3bc7a8ac20822

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
eccdea9512d9b17d86e3cfcdd2ca48bf

SHA1
3c860b43c252cf0dd3859bdd67503c5633e314a0

SHA256
9a10e770d519279879bb4552550c8ed88a4ff54f31ada4827dd018fa72a4d0ea

SHA512
c80843172f5303bc8c5f9de70f26848428b3ec044e848bdcd4fae50e0dff58053ba20f59d86d3d8d7de78c1f47b15e6291c219b061cd1345a21e20ae5748b308

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
213294bdc322caee25abef783e137679

SHA1
1ac33ccf770388e63b41e3c1d11154d30ea3a75b

SHA256
ebf24b5204059bb0f2f04f7747913c988f02f402224236749905155eac95a389

SHA512
72a883a8b539f24b5e5c64b4e8197be2c49feca6b3ba16c312ab7023fbfa80742665f36970eb9049e6d4d0ba9d387beca86dbb1af74ada765a7d0b7614cda311

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
7086a715b6ffdd70ef6fd43e7764c382

SHA1
9fcb28049923fab340d2a28284b482f3df98c97b

SHA256
a0824374736d356c2383be16b04ac51af416e8300e037010b079343e4da937dc

SHA512
cfb1e65d2bef7ac42fd3ec83233a55528a322ce1a71dd4538b2c1821adc2292d1f05b3cd80c3f635e780accb16d1e89e244b420bcf46d7fbcd9a400e9ef9de5b

Download Submit
memory/4976-3387-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-3388-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-247-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-245-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-243-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-241-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-237-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-254-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-1180-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-856-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-236-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-293-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-285-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-239-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-255-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-259-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-261-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-263-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-265-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-267-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-269-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-3935-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-271-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-275-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-277-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-279-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-283-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-249-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-289-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-3386-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-287-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-2934-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-24-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4976-26-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4976-25-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4976-23-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4976-41-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-61-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-52-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-40-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-39-0x0000000077570000-0x0000000077571000-memory.dmp

Filesize
4KB

Download
memory/4976-208-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-231-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-257-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-273-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-281-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-4219-0x0000000077550000-0x0000000077640000-memory.dmp

Filesize
960KB

Download
memory/4976-251-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-297-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-295-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download
memory/4976-2515-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4976-2516-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/4976-291-0x0000000000570000-0x00000000005AC000-memory.dmp

Filesize
240KB

Download