xorist | 55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe
Size

115KB
MD5

26b5b579551b88501d8997d8a6b9acb0
SHA1

01a917f315ef1c1cda1adf913f9ff5f6be8916e9
SHA256

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9
SHA512

1c5c3828f22e89761842f0f061941a526835be5a13eae557d4337bbf172e6ef521d36059be1f28027d27cfb26dd1cfc64a70088bfb3c9c60ebf03f67328daa1b
SSDEEP

768:JV6pJbqz6c8CS+kzx8J4N6+qduTRvU7tCLP2kRPKIWhUNMD:J8pJOS+U8mN6+VU7tCLUIQIMD

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/60-6402-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-6401-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-10817-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-10966-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-11245-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-11250-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/60-11251-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

abxd.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe

Drops startup file 1 IoCs

Processes:

abxd.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe

Executes dropped EXE 1 IoCs

Processes:

abxd.exe

pid process

60 abxd.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

pid	process
60	abxd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

abxd.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe"	abxd.exe

Drops file in System32 directory 64 IoCs

Processes:

abxd.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq2.inf_amd64_2115846fffc22bb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0010\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrdisk.inf_amd64_f945aad6094163f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\DICTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Alert.png	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvv.inf_amd64_26dc960cc4c84207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usb.inf_amd64_17c270ca25f45542\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sti.inf_amd64_096c9e42fe4749d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\IME\SHARED\res\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\abxd.exe	upx
behavioral2/memory/60-8-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-6402-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-6401-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-10817-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-10966-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-11245-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-11250-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/60-11251-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

abxd.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-400.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\SmallTile.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\24.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-24_altform-lightunplated.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageLargeTile.scale-200.png	abxd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\adobe_logo.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-lightunplated.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OutlookAccount.scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-30_altform-unplated.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-200.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarWideTile.scale-100.png	abxd.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png	abxd.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-400.png	abxd.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Dismiss.scale-80.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\PushpinDark.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\MedTile.scale-200.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-black_scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200_contrast-black.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\eml.scale-16.png	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\dd_arrow_small.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-256_altform-unplated_contrast-black.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-96.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\nav_icons_messages.targetsize-48.png	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-250.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated_contrast-white.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Large.png	abxd.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100_contrast-white.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageMedTile.scale-400.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_scale-200.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxLargeTile.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-125.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-60_contrast-white.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-80_altform-unplated.png	abxd.exe
File created	C:\Program Files\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\IsoRight.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\BlankImage.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-100.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-white.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\9.png	abxd.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-24.png	abxd.exe

Drops file in Windows directory 64 IoCs

Processes:

abxd.exe

description	ioc	process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_772f0f365eca5ecb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2cd851330f8efb90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_10.0.19041.1_none_8fa99a7a19792d59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ba01d4ba21c3c739\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_ba2b07b5ed02761a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..cesetupui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_56961a0e15460059\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_pt-br_e4a05bc207bb3d6f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_10.0.19041.1_en-us_7257bd26334fa430\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-bwcontexthandler_31bf3856ad364e35_10.0.19041.1_none_9f3bcfa756b9dda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-runtime-metadata_31bf3856ad364e35_10.0.19041.1202_none_a5b26837bd103d61\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_10.0.19041.844_none_ce50ec6f0bab73ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_c_sslaccel.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_54d5b6bf0f7d1355\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_10.0.19041.1_it-it_bc6dc6e0de71a48c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-printing3d-winrt-core_31bf3856ad364e35_10.0.19041.1202_none_0aef02ab2b21e0a2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-status.resources_31bf3856ad364e35_10.0.19041.1_it-it_5568930e5f7a823e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\Help\mui\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Windows\ImmersiveControlPanel\images\logo.scale-100.png	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-windowsuiimmersive_31bf3856ad364e35_10.0.19041.1202_none_b0e4aa5cbda05866\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\msil_system.web.services.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_aa13ba04ea0442fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_sr-..-rs_a63977acf10b3386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..i-ntprint.resources_31bf3856ad364e35_10.0.19041.1023_en-us_e7d5a7ef6b22aa09\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_usbcir.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_88f64fec92b23ecc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-provisioningcore_31bf3856ad364e35_10.0.19041.746_none_a3a6d99abff32d48\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\401.htm	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..nsors-cpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_40b957b6532371e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncrypt.resources_31bf3856ad364e35_10.0.19041.1_it-it_0c95d72cc000d5b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_c38789deca008bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-class_ss.resources_31bf3856ad364e35_10.0.19041.1_en-us_0093d77aaea81498\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\StoreLogo.png	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cttune.resources_31bf3856ad364e35_10.0.19041.1_it-it_76f931d237c9d4e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-direct3d12_31bf3856ad364e35_10.0.19041.84_none_e75b5546fbc99ab5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1_none_0067ac1cb4a6c8bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_10.0.19041.546_none_b400f714c4b791cc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-desktopactivitybroker_31bf3856ad364e35_10.0.19041.1202_none_4c851fc6f75443e7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-bluelightreduction_31bf3856ad364e35_10.0.19041.746_none_b7e8b7dcafecb3fb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_usbcciddriver.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_fe9031f03eff8d0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ebf605d2eae43c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.19041.207_none_11794cc79cc85d1d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-r..ne-editor.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_16652bf4c60b7ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..skmanager.resources_31bf3856ad364e35_10.0.19041.1_it-it_4e6fdaee1028962f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..m-manager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1db4e371e64bc3e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-30_altform-unplated.png	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-displaymanager_31bf3856ad364e35_10.0.19041.746_none_041cd29ac291b008\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..orage-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_952f615295df5941\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_en-us_d5f8b953ccacd563\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\SystemResources\Windows.UI.Cred\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsynthstor_31bf3856ad364e35_10.0.19041.928_none_933d1de9c7825854\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.19041.1_none_8b53de27def16277\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.19041.264_none_a71c9f7fdcd899c5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_system.runtime.dura..nstancing.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_f1defc7979bdd66f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_smsvchost_b03f5f7f11d50a3a_4.0.15805.0_none_6d5f51303f9aca21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..rationmanagement-ui_31bf3856ad364e35_10.0.19041.746_none_4a55c09f59e239d8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_startupapp-task-data.resources_31bf3856ad364e35_10.0.19041.1_de-de_27922e70e9a44f76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_dual_ndisimplatform.inf_31bf3856ad364e35_10.0.19041.1_none_20eaa444057f0dba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ellibrariesbinaries_31bf3856ad364e35_10.0.19041.1_none_30ad0edc0e18a0bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-shel..-gamingui-component_31bf3856ad364e35_10.0.19041.746_none_d407adfed080a942\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..opeerpnrp.resources_31bf3856ad364e35_10.0.19041.1_en-us_5b40fff273fbe136\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..paces-sso.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_81ff6db180ffa71c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ninetcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_650959f44e427129\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-uiribbon_31bf3856ad364e35_10.0.19041.1_none_332293efe6f35600\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	abxd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exeabxd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	abxd.exe

Modifies registry class 10 IoCs

Processes:

abxd.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe,0"	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	abxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VJCRLUFDMKVPTIU"	abxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\ = "CRYPTED!"	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open	abxd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NVEux3c6nuhNCn5.exe"	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\DefaultIcon	abxd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VJCRLUFDMKVPTIU\shell	abxd.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe

description	pid	process	target process
PID 5056 wrote to memory of 60	5056	55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe	abxd.exe
PID 5056 wrote to memory of 60	5056	55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe	abxd.exe
PID 5056 wrote to memory of 60	5056	55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe	abxd.exe

C:\Users\Admin\AppData\Local\Temp\55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe
"C:\Users\Admin\AppData\Local\Temp\55ee01d87bed54d1df327058d655c35ac422e70c2e287ba3b086128fdf2724b9N.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Users\Admin\AppData\Local\Temp\abxd.exe
  "C:\Users\Admin\AppData\Local\Temp\abxd.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:60

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
f57e62da6c62f9a0d5567e1d7e77708f

SHA1
fa598a60748b7b882cdfc9e0772c2e4a0109a9c6

SHA256
28c7fa2710584e24ba42399488174ea6ac391563c9e366e07b0ff6ad06ba30cc

SHA512
90f6e41341f00dc05216cae4f9df4a99d63cf4205b105f53b69f1b0856191cf537afa35c1a8e3a01e7a3b8136ed8db9ee66ff7c0bab57100290fb0f6e5c07e31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
7c82cde418d7839c79cf8b97d201b659

SHA1
913899126f9b71164401d51d738a690aa7f1fea3

SHA256
3dbaa240a4f98caae19aa4fd36ad99f665d28a22db03817c7bf55041564ce371

SHA512
6d9d1fd421667c9df35f958707241cbdf1379c93c0783ac547df61d6b873fddd1d06f36e0c1944f3c035073ca357bf7fe45031450b7903da02429b677722bcb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
70afae87710c77a4d9d85cacdf7112e0

SHA1
fa4610fb8a9fe87a9e471bf3c274ebb233677d53

SHA256
cc4f96a098c4a1f9560f297423ad167f5cb2e4bad9db0abfc7ce2e4589fc2f0d

SHA512
f71f3bb16eeb18513ad1ac8f7e88d7517572d5746cc4ff61e098bfc985eadebea21716b9326a75d4986a550bab6f09d00bea62d9a43b7ca15cf5bff2b245e660

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
05a0728045338227cfeffe950b584cb2

SHA1
88904339b32531967f2e0141434aa6fbcf71dda6

SHA256
b9a73c03d6de8fed50ecd2c43ee6ca508231840025d932ac913bb2ae10274ab5

SHA512
bcca9ac35237f0d7ff44583215d86a378866374c85adf8e929091c7a68c82f970ccb2cc53f964c6d6d77085f6f8f0004e91964615d5e236918d9dcbeceb98a2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
78fe2c428698d13077ae4fbe9f09efcc

SHA1
052cb69e4a891fd2f264432d497dac42a14b0403

SHA256
739462d187effc995548a08b386994d7431795a52ef9d77c0f53587cd5aef728

SHA512
aab58e8cb4a58672831db74f6403026e91ad8aceababab3e0b1b1747249b062476f92e43f750aed01217e4264862d183e8a8940f2eb179f5991ed4306089bdd7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
9004f4246c62c3b89b134a3e0dd9979e

SHA1
9d86784fb650916f9f4e3b5c507f3067ccaf4f1e

SHA256
f5c7bdba0ab455f1e102699c9adfb56d1ff61990be56f5583ff599e79fba867b

SHA512
8a370b9a4e28811d018a0ef75b6fb7b6cea07fa569ee23a3be495719221edfbe6ed37dcdad0d2cb55489991d4a6f6a1230c9e8e52a1cfdfae40a0fac151a108c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
1f22b2bc67129708e2c6fb39a8a23206

SHA1
901b8f9dcffa38c8085bd7a1d52520b01ad32459

SHA256
f1d951a70c5ebee3c1f8da4b22bdfb8d5f506d04c58ee3fc8d02ad0664d88349

SHA512
219bfa80dbff92112f696bf74fd79fecdef7e27465ab0bc52c16919009b1966a4ef749a44b02bd51978ffc990d2dec6497371a45200e4c4900cc9f14b999c9ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
34e16f22a2aad337409126849d8ab7b6

SHA1
b49ccbf2351c2e92913c78853971d388a40e99ed

SHA256
b0044ab3aa4442dc06272511d40a67fb93985326703fd6ec41db1b5ab886bf2e

SHA512
48b2fdbdad0c82dc17a84db69045ed3000c2bacd3fade9f4297e936a86dca73ae1aca06d9237a21c289fcbdc4430048f3c08766620b0187346ebc8779a9f9745

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
0373ff24b1b22dec66474fcd49682a83

SHA1
c63000d50b22efb3ac7f2bec4d30e34f480d52ec

SHA256
3f276d9e85dffedefede33ec2da80f58f70880ebbaaecac2fa37224204327e52

SHA512
c878cef45f45aac5ed9180173b988a8fded8279843a98c0a2fd2399399c97070720d684166e9d1149d0cd6cd027abc7cdf42f58ffb8e32e5cf93ad7d4c077c10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
36d87c77e7be1d9d2c065d142a75d64d

SHA1
0acc315f11107623fad881bec46dba2b9d3b48c2

SHA256
08912f3ea1f74654519935c83e6f1abe176bdca42bb762250718482b1abfd64b

SHA512
e6aa0caf26cf492879f92fdd452b70afff5b9e23b2424a9a4dfd378fb3199b184076c3adbb23bb18ecaf00d59494f7a37c4e3b6761cdd32d670ab6ecc4c55e31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
a5326e37a6e39094e9cd2731b511a79f

SHA1
bb23c73eccad05da6480c96f5a5d047be73fab3a

SHA256
e684ef70b3461de0a379e825d5887101cc212f5b1b26e2b03e197a4e92faec67

SHA512
32b3aa07ea2ffcd6a905b30450b7834b6c7b45721c63d0659d64e3f87ffccf998479590a6241e2718cab2d0f764c84d0d38f37662714a553486ed9a7d9f389b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
fe0e5ed557d70c84ff668152dbb8c2cb

SHA1
79cc162a13132fc5a78d1f7fb4a51aec46caedfd

SHA256
8f2ebf6a95974e9692af914ed1e4eef48b523f9431ad39b0391cd2b13d209580

SHA512
d702c1db94d3a9b701f06aa203a43bc798096a88d82d08b6376d3bdcc37070088d272fcdb123a05be1aab3c3fa60914cdf974a0ec81a0e43638e78beeece7b0f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
b14c5f4cdcd1be278774631acd2732bb

SHA1
62b54c6c2d898406d4afd9267fa31570ce080900

SHA256
7b7d09c814c670971bd6f8e11dcb3abf20a12d568d12500a9de9196952e940b5

SHA512
575d8c596460d959974b1fe2afb406b161c622c16abd79f2958139f4f1e6ed4daade7d0b5d6101e4a2f27df47b1266fa9816016b392bc65edd0025d84d5e2010

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
3afa367d93daa1d601dd5e7e800675e1

SHA1
b6345d090950ce3d3f0fd5e77796da2f86eea549

SHA256
7498edbc083215918ff3674f0d5e75e1a8936442ebdc187aef7cc82771b8734a

SHA512
006dafb9d76b460d4275c081c241112a9a3abe3d84172f1fc8eb3b77e6c98eab8d1a41e9f6519e7b5d549c55b526ec399718291c0f7676f7abf98aea84564a65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
44bf3b098c853dd853ba0813325ee2b7

SHA1
f8e4fa0564eb8af68086d869c8b298d60946463a

SHA256
20203108ed0b161afae6effbb027835369c02c20a2467320d8eacc67c4f0c2c0

SHA512
16dbb3c490829b1da7a93f13195d34cabd02e8555bda25628819d57ab5fde367021efe4b62144f9071eb692c7b7ea6716c94cd9db6b9c043fe7eeaf1d40bb915

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
c12f77d0fccc596498ddc7f2e39823ac

SHA1
cff0de400217368d835e8eee8f0794a7a5a5a3a5

SHA256
d4a9bf0bc6f8584c65efdff78cd78c1f54dc681111c8e1fbb82d4de0832f8ec6

SHA512
e38f094decb214051daa12ac1518af7666c0e254a49f91e4a0b16000facf79dce3b9ae7b1691dceff4851d9e10c1857974ae00093ab166dc8961757d2fca0af5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
a0ca8d6b72ae1f9dee74203a6f281aaa

SHA1
18d032011101aed9c628cca003a689db70e28ae7

SHA256
25335efb97f58f49322454af568aa8144b3744ea786220c9ca649cfdca9bda5c

SHA512
6d047d3dd8549eb276c979414ab98f5357fab5fc8aba8e4c568edea9007fe83263770e0283ef33cce31ff05dc078de1aebbdfa58a52cfa443be6326478b15154

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
aef9847adee0eee0f386a1455ee1aae6

SHA1
6900030308325ac081b3487c4043a7227a8200cf

SHA256
efc521bad4145aed24fd4f352444f9c1700a8d32a1b419291ca869ad387ce556

SHA512
20faced1211a7f4bcb122a8c15269be779e958308af222b6eaef572f00e972c9e448a53527847c0601d234b3ee2ff86c48d30f45cc62344e90d8efa237a68f16

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
4f0a154797f58512efcaeee8180a0a8e

SHA1
e8046c62829ba3549c2fb658808042901e6a3cc9

SHA256
a12e22d6eb5354f97fc71a0e4e6f14fdaac6f47533cf36f3b6b840e74b1edaef

SHA512
04f0631898e950e2bb2d62d4e891060a0b1a521057463be2d184db7ecba3f8e2f8739b46b87cd1118b5a17a6e7d30adeeac766a1fa635a11866bff8ccb5714b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
e951ab40e17a282fd02a6bf4c80d2386

SHA1
8badc45720d88b1018adf1b1d502c666d3df7445

SHA256
96c3b81b1ca92c3460f3746446da1ddfdd8c1f4ed560787a2fb5a83e2eb17722

SHA512
a16b8a2e02f55ba8134755740dbdc531fa607cb97117afa4a021883b54ad4818cd00baf8dd02aa6a9e87f80d280a897ad4edd0e6c648d8dc46362c2430a9a4aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
c345fc5c914f4cdaa6d35d077558257d

SHA1
c5a50a1b8ef220de07ebeb3b9cd6ef6d7f6d16d7

SHA256
3ff8b162acf68e9b9ad435c83e31ef5caa320b917f08727c9426627556c60f4a

SHA512
a54e65575298c5db6314deb7d57433e3150f27968467769336d373b0f0308fcf7164c873b07995e34356592d14e0c0beb2eefe909b4c55ebf4e0a81a68bbed57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
06f4649571532d6b22674408920002b1

SHA1
9eea719fd2a1f23274e305393699516f39f5b1c2

SHA256
d779cba51040a5b401ce0ea494ead152cbb5c1383fd1018d5c139361551ce233

SHA512
fe179c7e4c7e0207bb55bbd821e3dc3309a970a398c01ce2915a9dd3f7bc030735d1454f8ed64bd0d09183f5d1285286e9d99b9a002d5002b20409cacce26224

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
27d5dcac4a6b3062888bb84063925caa

SHA1
bdaaf803964b7a23b4138f3878de11794461521b

SHA256
26421942c621b861de2de4b9166e2f4a42f8e4d7aa73c1a11897db03e83fccac

SHA512
e08cfeb36d0d885449d281af0a4efa089041395cf7e4c30c5d6559a551b9a27bfe19197b86ab001bc12b438ee65b9de4f7424463479777320fc392cf6f6036cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
ce276b89a0e17a3c98e53b297132efd4

SHA1
c1e39e91c1e25b8c6d9e0468f11a290e12462824

SHA256
fc0bfb6834dc7514a493fd8ae9f12f628da4702c856855187172455afed23ebf

SHA512
21c8944f939c6e835b1438d4cadc5d2290c198b1ba180523e7bcf27b1ec856c77da41b14d2f37e7dbe22c59a6d24a179e38ce552124fc7922895d667ca25ea5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
b1d82e75e7fbb562de97d6ff0c57bc58

SHA1
8c38dd3739a5f70c38dba6e4471c2875997e9212

SHA256
5cc1712c6d2aebd2ef34337e7ac34b9f0605d4178712bf66785599cd902e5fa9

SHA512
7512fb99e51d17c27409bf0cb3b080a23e70b102ccd6ce52e2133446cd601fd7a722cb2b7ef8810e2bf9dfb7e23b30daab9c52c17d505a34be34c21fbf59320a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
5de785df6a09bbe054cfda6d45021b0b

SHA1
9402dc52d0b8828398078ea9044d86ece38c073d

SHA256
bacb9ac031040131bfc8346239c75155e9d6593d4337551b623a894a22bc1848

SHA512
c3798159b9687ccc83dd62c4400f77a59897c461987da52f9ebd7496ce3bacef681c2af62d4de981b73626bfd36fa06986c8df5793a145b2bfb1bbc1427f7c1e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
f569e6d4dad1e3009f3b87d1259f789b

SHA1
7e88d2375bc845b45576201a3479a4181f984212

SHA256
f9f51a1b7bf4d9e818c7da33a322cbf3697206d434778a76b97c71ba39178297

SHA512
ed97a11a70cee25ea83b3096a24940a00cbae9c0f267b72c517c5b984c4c517858dac33ba669aff45395310704c3730b14fc7de81128a716bf9dff9a5e0066a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
ff90586ed315dca8a278e8089d1cc16b

SHA1
d8bfd30bea8076b9fd4217c30b43cb9cd943c27e

SHA256
7c9f9ffb70eea519136980fbb8607547fc233f1532acf85ed0ff556f82f3bcb5

SHA512
be7c588b2095b6327266b7a529c9f249d5058472f3e3ded76248659187a582f4f81b8e2ccad5bbf0ce33b94d8283509a92613bb0a3c35bb68a0122b10eb9da24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
f2d81e5cd75010e414d7c6f2ae94fd0a

SHA1
3e0c3416c96e47d726823fda404bd4dbadeeda25

SHA256
5415decd92e0e0d59975c3bad18e1f91f2b34d146b86eb9622baf65911aa3f80

SHA512
db9471da5a114a538c8a2039a08d1cefa46c772aa107887162c77fda2e7370d3ec4b73c04040736aa3aaf51716687a8e421d25ab432d26290382d5d60b104ae6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
ed7584d2ca13f6c369785fb111d89e90

SHA1
43779359eff5b3f782ea72f47e7e47919833aeee

SHA256
dd7dad66f7aa8b73da641714c64931e41023692ca367f0bc4a4098c02d76b37b

SHA512
bd0bf0f86691d527d69389d7494acabfd6e42339ad84e55cdd4289914bc36f5f94e57913fe7097f76be5fa1537df043aa02403f19f7a3fd59b7bc1499d4ee5c6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
aa50a804e82d4f5ddd4834791b0a4a4c

SHA1
d88a5431e98fbe67474cec1e29b0146b10e535de

SHA256
386c5afce6cb65f41f3112472b6e69b92d33f1d0adcbb917f0250c077fc290e2

SHA512
baf255ca96ff69668618ed52d44b9c0f0f47904feaade8f9bdc07ef5c193e84dd44f9240e7ac8fc2f60a2239dda4c0bc412a39f3e22af070c89176cee5565b8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b38c1ec2e7f892c910248980e394ed51

SHA1
e20c544fcbac1a237afee28be1ed1939be73abf2

SHA256
06a71b8e61fb3ac463352bbd7090d28bd73ec1780c2f598cedea0011d9af4b2a

SHA512
c6f152b0d5b559588378df9fd8dcc96f1d992f25f2e2cad514b00e6156cc030ec785c1bbccae1d0477302c467d483ddeda4829cadf223250820a6be7da681ea5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
72ced2a41a1ac4968d4981be13715fe5

SHA1
d88014ab16a4befcb96baa7a6a68682647cb9a41

SHA256
9fe426e2cf426ae5ff615e99947e56757f5b7e474ff19a525b056bce088ec9f8

SHA512
30233733481e5fe57d88e3c8476aa375cd22f7a0a9f37a720aa3288914aa8c440469b6de3af81ddfc4fd32ef2cfb3c7f394ea3eb8e1410fcf3103a61e3bdbbf7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
203078b447d3e5b987994f7cf38c17ef

SHA1
116e0de61fdc5278a73a35006703661a0c07931d

SHA256
59834dd8ca373a630057949413db30fd7dda1cffaadd242f1445b7f8b3e7374b

SHA512
21a7650e4b2a4420450e1d079e0f83ef42702817e1ef0bb6b47a6b5d12b47f6fca77c92567ef495884a071303b5fd2b0d32e4cf81f8a1fd2dfc1c37ea78dd874

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
c4122fbb2c070f73f0a0eb38cdeef8c9

SHA1
67e813fe9997bbc31e53f0768f1ddde19be92a47

SHA256
044d314bffa85bb6d02b71025464908453714f915a5a1579130ad70cd2a909ad

SHA512
200ea9d9cb4e852097d2b098b8b5a06468c771f2ddd5c23761983855b331df3e081b0172eca96fe779e453c628f3a6eb75cef46193d43a78c1e04b0ba8324fb1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
81cc1389471f185074b8fae7312858cc

SHA1
8689cfc7119b1067189c40e6e57c11f1c3b70108

SHA256
76198b3b81e3bf6778debadd091c19bbca321f5a02acce8dd21a2439ed51ad64

SHA512
66b0346eb424733e52491ee4461d79f15cb78ddcf8e75d98786369363d31535477c7109c85422cb11fb9598eaac5dd98bab2ce8eecd5883fed9cb93d125edc6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
7a090d04619d9990bc1460f9009e744d

SHA1
7ad00b577fcb2f3616ce7b5ceeeab6349d453557

SHA256
5ff5f77f3029302d1d3c7ad963db74397688a5ebd773ba648b718045bfe5f8b5

SHA512
d06438f42e8bae5e80b7d439bb8373d87532028e61423869d36e2e0adc5bcac719638ed70a53de87e669c06b6d3806c3a0094defee38a6d273c6dedee7fa7bae

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c5d4cf989984ee3aace100ae6e2fb8fb

SHA1
2f036cf1a73c1814a09bc69326fe4849f6ffd206

SHA256
0d6be4428b9d01bb5c2dc32b7a83b0e490d4056e9c25565d3cf0c1545ca5549f

SHA512
a5aa1b17a63f9b9539768af863620f0f61e46a25c958d4e9b1b0cf00159722eb0595c5816e4088125ec1e95cc72f2ca1168d54430bb5f4471fb9827d22b54bc8

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
335B

MD5
90e1d1f0d1fe153315fc40723607dddb

SHA1
ba93dcad39e699dd5dd99643fa105dd3237aeb32

SHA256
66ad45695d485a905e74df82a43d6e8fedeba94cfde41bf53ab93cce21194a17

SHA512
f5c7e0f0e474326b4674770ec9a78efd6a9daf52de72cbbca72d7ee49bc568ea86e3f1d0e3b5d1b1a47957b1495e462f4d99642d8b9ca8792ea99ff2a9763915

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
0d86c6fe0d9ca1838909bdc3fb3ab026

SHA1
5f3d9ed880f31e48fdc03b6887c79c9e7577c002

SHA256
28d8eaa5dc0a0e02e4fd4e1028edec1b34618647a28fb39d5dcaa7d950806fcc

SHA512
4dc4e0d58fa1374d1ff49bdedb82027d5e45b069fee887a085dafff91575af712731833746d66bb285a8d76a51d282a51e7b2c9e321c0d68f3ef1f9865d438fc

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
6e604924313c531e61d486b85f85a9b4

SHA1
1f3f877ea18c557a72946d7a1ad5a744d38751fe

SHA256
2ae2c641f75c1f44501d7d6eea9cdee7b99f05d3cf035912cb70df95e6e0d067

SHA512
e9d18a45ee3d4840454b061e1c74dcfd5abfefd6e29e3ac7b63fc3466e8577802c5f892de88cea16586c60c142a4b8477756432210e2ec20552191187b22f5af

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
c86228e434755bb09f39c3b22661c174

SHA1
1df325742ae963215013a565260f57a2f16145f9

SHA256
76eca00f9cff8067238c9f6d9ce85b924d3bf4501c8f9e84d38961288a3136fa

SHA512
9981b795e6fba1aa3313b580459ff0ea46418dd0613eb3989c249dbcd8f6078225733cc4cfdc874af736f4d06a457765219229ab76f7f389ed05e9ed40799114

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
09d30328f900c24419d39dd6d9bc45a3

SHA1
f02bef7b4eed27a3cae1eff66adb4708ff2d1fc5

SHA256
8e9f5359aab286b9c6e3ea338435262aa33a858a46b45cdf72aea35b3b859856

SHA512
6a6f4231e72c972e9a0f513029c4b9fcf0a9130637c9f1883c027b57588b4ff1bfd80dcaa76d5e1b4487c4a33ddd2860b080788956e6e5db1dcfc1c6cec52660

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
37df87f3e454e1f5e2c5d936d0cb5ab3

SHA1
b9ffb94bfb4a5916be19d12b488a5e5650eea874

SHA256
c5234e2d41da3a0a15d09738a628b32f550b2ee868ac06155ca32c3b5adb38e6

SHA512
82c9f882742326b375590e78696a569996e907bee4d802017a5842de64e5ff9debff28621c27ea10c7ba7024c23e09cf867af65d321a3bdad42d0029d8b74aa3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
0b22e4a8cacdc0690f8b5b34e0420fde

SHA1
bde34594840e6d53f524860bb3e9b03405b90970

SHA256
3b4697834f19b0b3653a92dde8bc83c4b57230aa373e4fe5c62611373458087d

SHA512
c57b56b700dbfd24b9b61fd1316605b65bd2c9720055b00118dd76cc552c67c365002680c00405b375051c84548e42582fa3384e17617f72300e139a893d7d06

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
7a021194c42e7b905a65c0d665000697

SHA1
74bb728e5e22387877e0e38df168569e265fb5af

SHA256
72a818ce933d75ff090f6f9c6650a019192042f3ea4faf3a9763e501350ae278

SHA512
18e265e61d982998d00b7108e071830fece7f809af695dcaba7801673563eeca845e856648ec2476a74365e410dbe695f67b9ab6693d3ec59634e92287c44ef2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
255b4358bcfcb72319346c6ea9491be3

SHA1
6e3253362d878d3cbf993f969dbf15af2f4af3ef

SHA256
3bd079fb120c9e573502306f4a92ac5d639137f4e53beb43dfd5bfb9e5733d34

SHA512
faa1785efec95304a68b927d3cb472e3c88d4b68fac63547ca792fbad6a9de8517f846bc4ea1a7e41590678ad0100baaa0f6d4c1325192cfffc7eb5c490ab917

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
5877c6d55bcdffdcf734a593a4838ffc

SHA1
fe1149bac89753ff2ef41a0976dfc29a9e0cd757

SHA256
b77da9d5edcfda94afa6846f753897d3cefff154ea2ff7f6aa64e375a299eaf3

SHA512
4e6edb25fe38f3ecb5eacf56ad245af2292cf10c2e3d0d4e082bfb42d99ec503f0ea22877ea8949b1254b291b5e8d87c6f099d11dcc0464ac6243356e16f4676

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
6066871cbfbe34fbdfd6a2b13398e55f

SHA1
298ee27eb63623b10eb5ed33ec1cf5b5407fb7b4

SHA256
560fa6b4e6335ac0e402cbe98ef45416f1d616e6b8317631056084906fbc7815

SHA512
6198a700898d2f38d48cd33f3ab68bc9911dab136ba0293f2e926e062d05ed2eabdd05910403e126c9c40984dc28aacfad5778072a9b1bb313fae28b9554e74f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
8cb1fe7474669e3fe32d41281f4d3e4e

SHA1
8ac3e87ef33f712e2442d04f927f34e4630e05c1

SHA256
77bbbaf5d5bb2e4fd05e5af8e8cff9710ba22020eba5d9320aeb097c6895cfcd

SHA512
f1f6f90a9b7f113ac89b87278f8327d3899d765d6cefe8eb4e4036a8997316425116b87b4faf83cfda0691fbdb315fb8745450dda9591c653385a994547a672f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
75cbd8778d8e19207d8181a89ad61fb8

SHA1
a1271fedf2e61e389ecb3a712282d155256e4dad

SHA256
3ff57ca94f2ffac1a7a4e5acd375f039b9f8f23e40a384408dd59355b6988dd3

SHA512
0999d9f1eebb6458e43cdb72693dba418139c01544ebb00090fafa276344d62bdc7160508e432caf5f8fc2b078febe8fa8d82d6c2568d849dd134ba14dad5999

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
aaa97115254e558eb676b62b639860aa

SHA1
a40d4bc6ac6c807c11d306d8236ee80f7a9e0cff

SHA256
06c12a1e8db1f3e7dd58d3fce6b052e39a005d33712ff73078379635ba49987d

SHA512
23e9d984c3a52a6fd2ef6012e7ddd94d62fd36c1507296b124af86df90a9575759f1fe7656350e1585b77d64101e59a89477ef2c4aebd4be365f0791d7b64b4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
cee03d0d0f6f54d25e9ed77df7f0e616

SHA1
f58a35d65a702262cb1e28f910a40a9a11419a26

SHA256
e66962fb422a78e0aa4dfd01adf67a09dba5d70c463454e99849e7f4ac3171e4

SHA512
e7b81e90089ea4875635cbda2804954cb735953c2b262352425248272fb0b94367c75426b3584e84b087f45a549139cbffa89a04b6844ae355ec984201d166fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
76338948dd6e9ad047095f41d3f9bab0

SHA1
747e1bc57134d3fe5f406c6586d6e954626788dd

SHA256
c9f939c5a1d2885260180e68a0a00a9209cbf6b5b4ef01581144029186b369f6

SHA512
69b4dd336b224641cd29d7f8748a09bb61f56153130b51e1c7f616fde75168a94a8334e65fc2cd254f813efcc0816b3709dbfed9ea85e5ec0bfe03185f3b5c1a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
37d97722d405045d5a80ba4e7498e111

SHA1
02f00b67f610659f7183d151015b565fad972237

SHA256
8e2ae58abf3df3b812b4dd26ef2f69dd0d9709b8d9c56764865687613d9a21e7

SHA512
b6ce812d1eb18b65a4f740b99f917337d74d810fd0caf26e5df3be733961da891349b940b08d0e1caedaad43eb710eabb7d1c0aca56a76b7a13e4875aef2ce0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
554b1a8ba78463a4719e821e598414b6

SHA1
4cb54199933b6b2235ee08c3dd7971a8c5d47061

SHA256
77573046e05d1c6a4db038c6096f11d9d30144cad2b225b003064af3eba55067

SHA512
6e41d3ce878795e0a3955d99cd4693b871da274b6dc685c10b98e3d96e8852b46846e41c831b2b042e976e72f57e6188c1be01c672ab0065e98daa0b0d7b9665

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
b4d841a1af1f098197df64d6af0e7b20

SHA1
9e71d9aa24489118a1897c57f96cdde45543c2d0

SHA256
fc75a7733c902a9164b500430bcee1760b7405b41b2f044af70a6a34db813cd8

SHA512
73bdbab14627510aeb2e4b125123a033f9e36bc4658e86300c39365414891bd6ef9550feb29b23c26747158ec2aec573f8c80736f14847e81cf09839f77266c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
385da9e2db4d6973302eb81b6678594d

SHA1
ff6ad65cc6a23e8730a6d490ebb4e571cd856739

SHA256
155bfc38333306346e5d70e64a483a4fa54d032e30ae63a276840018ca20cbf2

SHA512
16b45d994694b47999c05ea0d3b432481dfb191423fb6b87540f0582981ebf1673bda3d6971751d916876e6829f8db2a670c70251f001ea635f50e7964774c8a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
0ebf09a17781bd67b3d2cf22e16d7f1d

SHA1
14501da765fadc074d3e0cf2b97449359e4ebe03

SHA256
f0d32a125d3550ff86753a154e48f1186ead35fd6bf5649ab140de37ce32c5f4

SHA512
6af1c12bfe56ec9f37a33c260a1c51dad97658883fc58b197663e486ce6cb2c5b81825f689805a5fb14f99d5737d4810c63b5f7603c5f519e5721b0c7fdbb6aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
4e37726cf9ac59097d7d718415953a8c

SHA1
f919f5652ec44546e2cfdf3dafd81203d11e463c

SHA256
add23c6eea9aede6dc7939c61ce7804febb536edc38bfa5699b572bfdc6094ca

SHA512
f18fc9d6db1dc9de3ddf583e685e5d75d631dde934d78a42bcda7f3bb4ce70a0688915eaa573ebe40b52edaa0ac1c7ebc4559a1257c8030f3bc8f661ac32fee0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ce396937f233b8b8022a6e5eecbfa23a

SHA1
22159c9dd36fa32bd6ff56ac224665922c77ead2

SHA256
6665936c8e81d23afc14cbc40a243bfe55e04ff2cc58d4090947637684e36d7a

SHA512
d4117db4f938418f7a9edac50f8e9b6b5f2be35dca3493ff21171fa2fac9f97ccfa30c9da9b7fa8d4ab1be861f474260639d58a70fe3f197e249d141ddbbf0a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
4b68befa289034efcffc27bbff3bf4d6

SHA1
1f2c5008f58895e8b2ef2e1d7e9299f69931b925

SHA256
5c6fa5916faa28dd0ba5850f15ac730b5114c0885cd549bed8855124aaea589d

SHA512
2bb5e7dba71af619f29aeac0c2e0f3dfd5b4ac23885cea76350b171584a94b48e4b664fff6e8f2684d77d01cb1fbd473184bc803ca76038c7e0c636358439621

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
22215ae083f0871b2c6a0cd1de9419f1

SHA1
f1943e83261d7b1b839b2d324c41b5afe57da3a5

SHA256
940d49d6df0d8e71da65232228385aefedb2b3dc88e11738471a9e9b847a953d

SHA512
29b9e1adc81e9c734a9b1e14e4055a6aa0586f87a1e57ad0878ec32091f89945066ec96cc3afab4c754dcfa2eaf6cc6198f4b7aab551e36a32d1f1f8e10db0c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
f83fcb3ab40ee0bf6a117515cea2d9f1

SHA1
3a75e249203117b08ebc38293e7f73d1c6fbf908

SHA256
d0cbf045595432024dc75fb72d34382643a5c27e964b1a4df6f9f9f289e60b7d

SHA512
3230df11889e7eddac405902b8444c80ba95a9d86ba31ebcd9227d7e93ab90e902e9cf2bc6ea62e4e9d8a6cbf50d7e12da8a2f8378e67550e55e2dac5ca47977

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
5c5d4ba396099220e277f636fa809693

SHA1
57aa22c57b599909aa985ddfaebb60ef242725fd

SHA256
52d11f772269f66fc8de3cc0f39f01c461cc63b3dcf2ce6e53e238b82cdce0b2

SHA512
002b0c5c1d1228de32caadc6af572f822bcb9ae94feb89b22c3010a1085f32bfcae25ac726e249033e114e1fdfa40e7756dc1d1c885952a647c26212175d1def

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
15dfb8323034681435686673ca84b96c

SHA1
ccd5ed8963eba0001c464c7d9a3a98c9430026c0

SHA256
9f13017fd74eb756adfceff4d5e1d71b0865c345527d530a725e0f278b0a9167

SHA512
4134f7b984c5446c6c6e04ce21c0095443904607e0d3fc8ee9f830ed2d3221a00e824b08a261c96925348e29c85ca6e3f0e036136e8e36a6b394e8f8a4ae0777

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
f0291584e5d7277bb0ca0094e3f9bfd4

SHA1
bce58e8da5daef54044eb0084e9d25395570c1b1

SHA256
2e94a5ef70d4e771b78ee9e2112365625cef6db96d909318c3bbc2ad5a5e4fc9

SHA512
9a8ed1b4de0a4fff106e2523ccb60201da211037cb9051ddc69663edf9dace3c0be37e39ad0a22a13de561b4708aaef068bd5484419bb499b68cdb63d7d6f338

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
1700f012afa51263034ee4cc90e5d202

SHA1
4593bf601fc0723cfb236d0793d285d9b9d7419c

SHA256
5bcbcbefc2cdfbfc0843d2a9c2418cdcb5ad2aa4ba8a3749185186ca894ee176

SHA512
0c5ceb9c4d9a80e3f7af1c6e5e63376f74d3a23b81bf0ba97a3fd8c160a7171ab72004b41262128a0ccdbb3bd4d9ab0c69f47f7a941b8c3fd43f38b12261ab17

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
4625a037e83b4008ec8237a66a523e4c

SHA1
535e47a0a0ad0ef3f255908622c18e12e43ab068

SHA256
61b719ab9561622e8933eb9aad706d87d7af1b9252365b6fca3c007ffe332630

SHA512
2ea29705d375cbf337c9e2616e4d03b1b57d1ac0faae8ad8649fd35b6466ce36bc7b2fe8ef7ab4a6bec060d7bc5c0a3ea779f325df8152ba0e7647d655fea455

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
b563098b3cb8e7550911664d71ea8dc4

SHA1
0d6aaed17ff84f835309a8c8547f7bd540c97fa4

SHA256
66f59ca6ddae02f17c024bf38193f37183ff4b6aa9ef7eb87bf8bdec45d86b81

SHA512
d910c1febfcbd336ef11232f559d5fabc187154d04394448606a0409cc3d222eb4ee915782bd2db6037e0c520f822359fbb2c69014b385b596b002bc48951aeb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
b40ad001ffdd73950e7181e087ed4db6

SHA1
e24d8c800e90b96beaa1330b35a4b6299398eecc

SHA256
c2fcba3452dc94fec740651225c9d9381345ae26b0c713ad69a90653694e5985

SHA512
9ff8e31c4a54411939c93239cfe769d957c339b93f17ae49f29262181a3b23c171fe9507ff6806d29c3d3879eb87d83c0881e15d175d3fe46a565eee9ab4e248

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
3cf8ed7f2edb56c23a9d0542779e7d88

SHA1
dc6a2a91adc3668bf0335c3f6a7be6a2e3e76a6f

SHA256
414ee32d5e3fa86b4a9c33377f2a98ef254cfc0c922d9c43656ffeac498101b6

SHA512
1d04b3d26d7750ef13b490025cd5a929b7ed7ea2e8f12402868c6fae5e213f13f8b47ce624b3a45e80371ddb9782f9776b19c9ebd58f5360d7272df332e91ba1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
c91438abae283fef0847da645f011955

SHA1
85084deea415d52a5d8cdc7ce4148b26462b7803

SHA256
0ac24707e72e58d3945212809648c3d4564a7ecdc4eaf68f9e95630352cac328

SHA512
b19b1e402b4fd96b0f84d77ee64663ce16a88ddb79b53889b79225e22d9643f4f689ac6b71406be876e569e52f5694367090a5c5edf4c8128cf9916b1afc663c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
62bb178a8bf2aaf127df3c3b8825fcd6

SHA1
a0b6632b222011371bf82ec8aacb4d05b5628f7d

SHA256
da81658e118a14796874d2eeb56c77a05d1ca85e7f84b8947f59e5a03d27c268

SHA512
4e73f826dee06beec68e1a0eb73f5b30f43bede6bca45689e85377e2afd7f0ecafdf77bc51eaa555addfddb5dad0b12e87ad4ec865f96c67d8b31407a4c4e1ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
3ba1a78841982455aeffdd4d1c42e60b

SHA1
8433addc9798c9926b150959668030eb8214d9e6

SHA256
a55761b91e2db403af6a9e464a4a818672a6154cae3e093e5423f422eda505be

SHA512
a57c5dedc521edba1bd25ce4e8ef988d26ad41f727d75cffaaa7e13f6dc96d6ae8947ef08eee91b0cfcfa627cc485bef53ea691ee43850583eb6213c5c7d99e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
90f366ca1920e22a064bb46c37e50bc3

SHA1
8ef064aac0ffb69a4e7d7bc33442d37dbd56b4e8

SHA256
eefcf208b0f50dbc3fe71ff344592ac1c5a5ae05a6ea6b6a888828a3b467bbbe

SHA512
fe99ae524d3c0d78c0c40bc20bc5a49bce22390e6e66a04940bdf9d81ceb5860010912c2d6bfa91f008379467b73b8bb5d27de2a4e9adeb63ea1e92cede614f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
48f9bbf1894a7afbed02d67570d0f3f1

SHA1
d2356b650724db032c18c8ac241cecedee88ce60

SHA256
6719ea391072768cf2552376bc4be9d130314c928c9bb14d260537dc81bfbd05

SHA512
554542c7770dd36b85bdb459a84dab103add075355004563f865c8609a7e6b051182564b6376ff3276118868739c7dae76ebc8ec0da75da9ba855a127bae7142

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
200845800d73a3fc0f85c3c8f551c717

SHA1
139b7079c50ec656119ab85e98cd5fe9ec067898

SHA256
564ed9ca7e751557adf8b1a134cc1c3c63ee10e6f6c235456d129e3dc421b643

SHA512
99a47a20d768e78e5e0820bcf6c03f66595357431dc4dd1b3b37896ef3b715af1f37d1ff8e7789949e03c5926aff66bdb8270b1593cceef859a20092b0997490

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
f319badb55ea46bd12b073d9b7cd66b1

SHA1
9904a817ab5a15c45504848c3c5de40e9cd04002

SHA256
58986e822290fb0be349ace966f4e22135c205cd6a96200fc364b444399028e3

SHA512
c093ee2347bd81ada05374ec3dce26ca0dad98734c16586af38b204bb033ffa912f43fd049cc5eba513c091fb6f6cd3275c3779431dcf2af28912262d0bfc71b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
cf304994952a52e3cf8ae133b3817dcf

SHA1
ecddb688d92e324cc265cd6a38a711d2cb1cffd9

SHA256
5ea56201e002d7852e17fe323296a5836d8c74f4600e6394d2c77c8a635c24a0

SHA512
e942b04a14ade7345363968de7bc62de32e50d9f40fc3b78733687137e431fdfb7455e3708191122848d7f89f8708eaf113ba99726fa7f00295bb8cfb675155d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
11b2b4c0a2b5b0acf6211639a87153e2

SHA1
4e50503f1435a92a307c460b6010760194be0ebd

SHA256
eb8190d98161523a0875380edff11f9a508480c57591988643d53b9b2a468c2d

SHA512
a499376bdeb6baad090938482c8ec148c43223b23648d65ceda286972c70023e89a64d4003aaad36d7cbd297cb11b74074808ead7f2ddebd91554157179f8111

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
28d8bd3cf08dac1e5aa6dbc4e735375b

SHA1
d0490445320350faa672db3939527f78e3fa0a15

SHA256
945085f42a32804621d490389265b785d0da6371b9c09aad58cb094fad461f13

SHA512
5c87e1493eeb488c7c792737674bbcb2c36e8ff78f70e9bd3640d3ca500309bf90eb1906575c7327b5d6c139ba80349df1e97669c26f644f70072bb99f2bfc79

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
473f2c1b9776702760ed0b3a11716c92

SHA1
bfd05a34f2a81ee04cbf02c352e7d52a89a280b8

SHA256
2a246d7db0a06bab8a9e976f28e0762a90eae071c7f2cecd0d2fff75307a8547

SHA512
ddb855025bda96053193ea21271ed52babbd4408949a4c590c41e3c610d59378d21c0194f11f2fc60c059776201c4e020fcee06150a7315bf1dd5ed16951abdd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

Filesize
77KB

MD5
f0aea11b7f5f37c8e81fad8d2c87a5c8

SHA1
02fc89cbb38d111108441b1176b2ac8fe9108bcf

SHA256
e9b69e1b13b723abdc2e1b75a2838f9a2b410d2cbca82b571cc07ac5d9e11b97

SHA512
1329fea03beec07a1df7c947790db811324576a66cf0dd1e47424b5f51ce834cb82c4191753b9193e3122dddd509324ab070ce86f3ab9c47b9875377f69a7a9f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

Filesize
47KB

MD5
56a772403f328b4f9d602dc615daa13d

SHA1
360801422def1dbf6d52384a503feb240a5d7616

SHA256
be1eac492b316b815b2465af5b2cb14cdb2999d47b34b50019f10cfc1bb23c45

SHA512
3bcfcd84c989047efb95dfd3e33282b53aa7c060fdb049b8be9538245ea66679f32eabff23569f29fb6fae0c431863f8c4c31df6b358d2abae8fa8d6718dffed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt.EnCiPhErEd

Filesize
63KB

MD5
7fda7d8e8eaff1bce01bf103f5846ee9

SHA1
3ccaa7759f31ffdc36bb875465639fb829c24cd2

SHA256
0a62e8bca293bb06f1ba104ba1b46ad2ae0302fb8507c5197a2d9ccf63f8d552

SHA512
5fc378bbeca4132f2bb116b1f5ed346b26069ce3951ab10141f086840dc1a2307541b213925e39472f03e46ca6f81f77104f5c116b1b14458b424c0e8a168534

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

Filesize
74KB

MD5
9b880c6372cae9b7b20cb6377cb4d0bc

SHA1
9272c9806793f0d1b4d0004c3b2a8d0f447e8c4d

SHA256
9cf968b31c1c89815ace90171a78a483edc8f5399a3e20b11e6ade69fd91238e

SHA512
8aa0e39d941069f084b50f6ddc91a86807d72617eb42c24b1e9ca0738549ab424111aabdeb152d602807bc0a6f92e3b0d38eefa43efb4a3ee9dfb7d244bf066a

Download Submit
C:\Users\Admin\AppData\Local\Temp\abxd.exe

Filesize
7KB

MD5
a1d121ab07f4a1aa4b616a40a2e9d9ca

SHA1
f01318ce084ed79c39a441b50ea6a5a960e24afe

SHA256
bcd79036e5b04304f16dd88aa5f971fe07b17c93607f4466b476ef79cfeea518

SHA512
c009d2ad02ad10cb1991859e80b95ad8191e864168b62216ee3d13efa5ec416fd333c1eaa6cadcbe94269fa398d9ca7340b0d089cc7ead8d65acc382076a5787

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
cb988e77ccead7cca5b32edc0754b02c

SHA1
81334eb4d6d2a601e8569dab9c228b289211ad47

SHA256
90d7832544fcb3e37b1e0e975d0399ed27199c4b72d16d9cfa3334cd74f12847

SHA512
467387c610a54b8c55fd0cb599f3aa8202da28467ce8a7465ea22821db64f8808b81f54942e5dca1a18ed538acd7ddc3106e86c3543497c7a862dbffbad6fa20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
74f40ed2c15071e54bd7daa5f5e95d76

SHA1
04097d123f44ad7edc4790c225d2e3b182e3ccec

SHA256
55e77829039bbca8283824b658b6c7e8988458378173a1418b51756a8311f2b3

SHA512
4152b300747b4cd608fc9d2747e255f96bf4a7e289cefc6ad311dadc7c9c860fad92c7467c370e8193c032382fa66ef19c72f0bd14997fe25ec3d4413e08cd77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
51b82c874f39b8f498e760d610b206de

SHA1
d8f14e83763f061494f85389fc09f817e465c36a

SHA256
d0f4491fb7cf0ee972948fa1dffa9b1905029a50590ee0acca047bcbb0f9c644

SHA512
308838610d8403a5087d3e11da7b468b6786c2aad224e796a383a72095a021850c65c5ff6861c3b78eb51d62cd94eb64c06fe5eca0eb5ff7c68e3295f105a4dd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3719dc15cbf9a76dccf29ed12e10c2a7

SHA1
5dafacd01e4b3db9fccbd6aeeb1979835935a43e

SHA256
6b151e3f151397dc31e943e37ada5be155659d30927e229919c702d78db85cf5

SHA512
7f6efddfd8231b674a7f8968c9832967439002df4bfb5fc9cdfd133231efa88395a8aefff028b312918c5976e6469b6acb1a371f1a20c8abd4f70f65dfbdf4a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2768a7a4be7f853cf817f85cffeb565b

SHA1
f1d5d65dba3fb1db78d1423be25f48d53f04ea63

SHA256
5441debae8f2221f04e5d96394e24ccd385a3881ac250d234170fba04c7b8914

SHA512
4a65a9543a03e4954e5565f4a85306714d6340a92489525245458c4a701bb26ef227915c720dd35828e723c3fd1cd2b6e03808f6a3204b93f690da8800fc69a8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
f76936fb112568f14a9eea6225a12337

SHA1
9da1c8fdf9bc8b4b9031f91dddca325477787034

SHA256
47dda8e08d709d130d092bc8d186ac5341a76e6b3acde9874b54f45be0898add

SHA512
18bf11353287c897bcc3a15468c764b004090793e2c3f4d4fa81716c24a8713f5394d1dd1b63e6237fd9e397546435ac0db523cee8c4ca16d50b9d67b2f0a136

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c97ca4f00840f401f44cddd424ba5cf1

SHA1
0c8fff2229036eb5af11b8d3c7ae040789f08758

SHA256
36e27f2944ee5015ec3df30d053e9df1b5cdaea9b65057ec1d6f5828f0bd52f2

SHA512
f0b5f2812dd6ba98af0e1b05722f76ce7bcd918361efd74fb42ca253a67ed63aa38ceb06856202cfa67b0e72493ac6ce3e11a927fd9aaeabc2dcad460d34be03

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
3a78e5aefa5303792743bc55683fb3d4

SHA1
28e3b6085365c1038088522ec273ffb708aa7fa0

SHA256
de51c18aa28e808c8fcf9d033f4a57b0f5667ca5c62ee3378aa2cd338efb7fe3

SHA512
495de55fbe7ed2b1c211876ad692ba67dcdcc13dfb93cab546b13be7b424e1acebd6e5e15c6df04fd518b616c13acb25067192391cd40588cbae49e69e1b9365

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e0b1c87d53e15a6216290456af5a4f55

SHA1
1a3dff0f38222776dd6989aeb8b9fdedbe29b005

SHA256
41c1f950a7d7fd53a037c0f468465a086778bf48d0571125be91a82885b81348

SHA512
cc87b8b8c1c76445d39237ff9aaf82d4b5ddfd367f717d6b1f25a7d3947d61614c931e2f27bfa35a32ab80f74212d0ed2fbcb78853836024a320038aaade8cbf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
ec488425a145c66571e6acae5459eb5d

SHA1
f1cdd1727929db1ffb91196cce3e7f60415f0398

SHA256
47c8eddf310347816ea57fc16ba5ed84c4646c04c665c3020aa18e9d6bb97d4d

SHA512
4aff26a1c2d6f47c240f34bbfbefd5edfa9939c44531d4a413a8d86aaf57ed835625dea3b44b291a1b3ff99b007ec9bb2c34e7ffe2730105548a706823299e69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e7c2fbd6f49833a4dc1e44dc253f8a8f

SHA1
0bf12d8b09094053355c876f970e5f5c43acaa82

SHA256
1fb6bebb574fd45bcb432609ffcf7f1b1a67c005349cbff05359ee60bfee5634

SHA512
58214717f53b4ef8799b58a7a410df6f2ace6c116b22516881a2708e81a13d18527443cf1802116ee649d44a6b7ea94c8f1ada79767eb1cdc2758c5cb2bd69af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
f328e703e45b6eae68a1918c27591b07

SHA1
b99d060db889c8a29ca0b9fe722ccfa4f6da11ff

SHA256
2214216004aeaaeb06a4517d2edaec90f0568038e67ce881da6187d2e076e5fe

SHA512
f5bcb5ae05ebf503973a615338ffdba0f2ce70df8bce80c49b8113d02a3b8658d2b699a144e62c3afd9d806f77e9b1e97581c56f5beaea148228d2c55cd93af0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
45c9f2099b4059e29481e1c7fcfbfa5f

SHA1
ca898f50242d75ac8f4cb0c2b1cfe185994c743a

SHA256
6e95156a78e9503501cb6e5607700b91ce0c5b603b49f15c84bc628b57990122

SHA512
8fbcdde99e1ca2d72f16ac320003b8dc8ccefd2ee548054e28726723b131a5676492c6d1ef8e7759fc21c8f5535a9844eadf8b4fa2f2bc1139a36313b25cb5bb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
8593eff0fc9b3de9235dbcca9b054448

SHA1
ebe7be8fcf85a003792c4e28a43aaba3af624873

SHA256
941778d49620920f66aa90e5b7e5bf92fb9f14132c38bc2cf90b3840ca1a93b9

SHA512
48059656ba3675087c8d4e57de1fb5c1e8f2a36cd4d8a5dbc3f1ff7ae187a09bbd8d698984b05854cef1472267621c6074915a01d40140ffb2edb1cc487f09ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
3a3a0a236f4b3bfe956d44e1d61e8c2c

SHA1
70af6da4d6039ffa2c8de4308c644a086d180971

SHA256
871901e9c8660f05b9300ecf5e38d7ec1b5e5304be1eb608080f5669a609dd25

SHA512
a9891e91abf211c8cfc5376ae2218a59481837c2c11df0e61205c2ac676f943bc082961eeceb62a966c2a3ca3605ccc3d1a1470180d0fc359e0166258f1daa57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
19d54cab01a9f98395493a6dbfbde6b0

SHA1
cbad37eb8be4409d96f6c26d41de8db20f635dcb

SHA256
3c20dc5c607091dbf9ec09c58bf74b0bf2bc8164173043b1a1075f32f8e4df66

SHA512
faa1a117778af4ebcae13ef641b356c5574b9d394644122ea89daeb990b298be71a8f798ce35ae519f2c5ca228301498a8d257c848e231dfc488eb60ef0c2b6f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
aecb20258b55aa32f7d9f74211179f8b

SHA1
66987ebd8dbfcf82538c50eb5317824f26676b43

SHA256
386cf93f756f95f696ea0a364a8a116b17c3a68179c14f9a31695f0ab8eb9c69

SHA512
dc4c926553db9bb0a915610b8a62659c2d0757e6935d721c7fb13e8862fa5f18cb182d437eb6e676464d67a91ca032959127df1b45615589e9febff5d6f0aa33

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
0f4de9acf6cea97a252fad4e26852309

SHA1
2b06aa731849e37168c181e4c29ca129e3751cef

SHA256
c603bb78c078ddd6382dd27cb8499d0ffe878a4d9a78d728250c356a394ee016

SHA512
2e5dc397d5bf380a6604711d7216291d72e27bd93b9dbdb9ff77c6861bc95c3d1e4baa82fbbd0b8e462ddeb767e54b16f8feedbebb6c66faef4e1754a0c5fb22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
4f325e48475e4e3ded7e4c917ed47a13

SHA1
47eaae757bc198e1bc68bb237a0b67d9bb1782a5

SHA256
8e5f8b96325876a2c17c2aea4daf98bc9a5a39574aafbf775121523b839fa781

SHA512
46849c9231d2afb0fe4f03f9b3b0729d561871e46b66abd556cac83c8386b7e6dd96d1f5cb34429f4cf7c75729b197915e2a374b0a23aeff3b39ed1e624105e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
fcb965b9a1c691d38cb664aa72eff883

SHA1
9b39397b6f7408bec40923c9cbf20ddedabf27a4

SHA256
0023cf1b14eb9791d1fc3765777556ca698606bd67cd03b232a06fae44410ae1

SHA512
e32aafb4d21e71d7d7f1c1e324b3dc0a7d370c4a9afc3059e1c511f4544a431c31aacc13014f1e9e3c59e9faa97b3bf511fd1f6fb367fbb5fe110374fb91ed87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
981bfdeffabd0729c45f03d4b894bec6

SHA1
9185ebc2e6dc3286eb79fb9d0b28419e2dbc2885

SHA256
ec7f5bf7c1637b4a701d8a90aaad55f211fe426ad63e7048aa1b1f10e28b653c

SHA512
f37ad249e8986d70307f6e5f7f45d1aca852541e37ca79d1656a00eab5b6e3caac8680ccdf5e4cb2ecc31e4104b16297697bb11a1637ba508b7bb9765ac3de8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
5aea7aea5e9d5983316a81cde2efc44f

SHA1
87b51d0edffdc7875ff684b0a3cf7b3a010a06a8

SHA256
69dbca5077ede14a50f207b11b15617a3483ec5f6f075d3024c11964a74c95c9

SHA512
fc5c583ba27aa756d939dfd5634bbeb1dd6499754b48552de2b9efc1feda44f5966479b2b2c563f892c1b34cb69b59c88f6c76db321e1204b7248401ccea75ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1bb79a0ab156cc0cd1d47dc6170eb26e

SHA1
f327920d55b8cbfa641dbbcc45fe143dcff182f6

SHA256
b32ef4e41472d5dece4c01c13d105c61dc368786af8cf8a508d52466ea020130

SHA512
e3f72e826f637baf56abaae0af6d3a4ecd2fdbbe07e900da0f642fbaf0ae1794b8cf5dd8c95cc03aeaec1a4d14c265b0a95321e01d3698b11725870f2d3acc3b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
4db1e7066b6f146ee5bd67954c9476c7

SHA1
f0c275b719006661ff12fa078c3b0c0c2e1f344f

SHA256
987b4173555db682317a289e47fee1636f464b2f89f3d2d1780d7af1773d5afd

SHA512
c8feca954d9588a750a91c816f2f29ccc65e312f84a625252ca83529baaded37872a991d7cf8c1d57c03c4f3620307643b307565ca23e02c9ff0c252a060c74c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
9a38fafc10ba1438be469a1a2d79795b

SHA1
c6c548a12d6dd48b38eadb6c5e948172e77f2f2b

SHA256
43a93ef35a8b5f41d9f7ad0560a741e50575383ba9c9597151656aec199fb1c1

SHA512
e00702975fc41708398697dee4eee546a98340740bddd9df46429aa7c4b49e1694b3db914df698f5f3693e4e8751c62c0f9b31418ac38754250fefd60a313da4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
36e193bdc1c2bab6231b01e8bfe9a4fd

SHA1
5ac33161e19ea9d7768d5d557f25deb6b7aec814

SHA256
c00dbbb9aea507a1ae8a3b015785e358f23904ea7b3229b02c2b06078ceaf162

SHA512
3d33f17f5b946897e52d47cd90ff42c09260ca3129d23194f0d12fe7a234746afde6c149ce07fae85c7871a52a2f78cc3fc93bf64403509f5292a76f95986c97

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e5b15d88f655ef1001bd6abc0896f4d8

SHA1
04efd255a04ead941126a9e09a297979b6e7dfbe

SHA256
3d16670ab716fd6b8bc4235a78e1224e0dfc48ba1ffb7a484e5613be8a7746f1

SHA512
4d2d368a383a5fafafbd9b9e0ce7bc955effb50adacd677e36ea5ed35275e93e7b917a4bf744b2fa33c80fdc0b7c1b812dd298d9b68bf69902aab94b19379bb2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
ae7a39217af965f193cf04ee8b307e5c

SHA1
c0bc92d0a3aab99ff0267ac797f156849b7db013

SHA256
260f41ae88512a48cd452a2dc289b5b623213f7a6e0400ba5cd5845c2646adb9

SHA512
944ed7af82eb6438bae841f04502c9e27b75dcf00197e5874189aeb9233dd5e64cb3f005c72cc574c25cdb82d654c62a7015e028c23d2b1914ea4606029584c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
393eb2ba2bd8f8d38a896593c11046de

SHA1
f5127da311fe687ee27188ef6c5db5634f9ca3fe

SHA256
67349244acec2a1a2ecb0d8c06b93edfbfcf45371192427922cca83f3fc21109

SHA512
38953e1f25e48b8499d0d49aa7d4c16d5a3dd8421884009cb4a96946d268ec034f91d2297ff830c8bf858f9298df775a67029b25828835882de3c16a4711e3d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
3d5a43cfc7b5c4aa777f60dcc148bf64

SHA1
66411d64987402c768047b254fa61bc4e9950032

SHA256
6bf7b89290242ab01ee505f781bb969c9057489f530bed8ff16af1fbbf9b23a0

SHA512
c8461d73a63c43c856fa297965ac368fa476aace9eac4dfdb34190d74e3af8f810609fa3cd09d7aa97b143ca6af1b9b012bbf64342236e3337e884072a5cdf2a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
5310278c3463c0596ba08ec2ce70d1f4

SHA1
f0ae6f987998d7b0f88579d871fda49d79459a4c

SHA256
0bd58dec1f2908327e6919864f5a3dea83e31e9c308e8db4a69f761ec4fb6165

SHA512
4a2bc7b8cb4b0fca0d51abf5e14cf4e1650f609c4e45057c07ce2a5801fe1395dea0f4f7cd3a69e1a6a4a8b9fc3ba5dfc3bdd3b0472b6f3320eb47328c015285

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
c9c758c64f2abdd7a131c571ba6e96c4

SHA1
320cff0e48d35ee09f85ced089a823a3027bdc23

SHA256
fc3e44b355a58c471c3fc2639127571cb75e303ec3080b79524bb847dcea59ea

SHA512
2282e1d840843f640125787f8dacc3526ad3ab3bab2f26287336a6675b963394cd2a1afff124dd101d19b26ebcac8924ebf23fa87a404a8ca9d6665a76892dd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
e902d5e699651763eaf6429201ac6b52

SHA1
b1df862eea2cc5cc3e327081f77f56a7fb5f7af8

SHA256
ca6b32ac2cecdb65a0f7741e0a6056f76bab7cd7c8107259547d924307645d2f

SHA512
a359fe16583a532a579177f0eb4e2bd8e201ba3dfa180e2e28f23cc4deb9a4794c837e6302badc9aa9f8386d54c3a6f5662b1973d8dcfb6c7fff7503cfd6d778

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
8f914bb74e7bc7de7fed2a23ebce80a6

SHA1
ea02b39e8e1b58f95dcb742e30a97332c1064840

SHA256
6f7450343d9c6567e59e4d417a184d768183fb8f1ef086f947d9ce1d195fa8bb

SHA512
5bc1bb3e2f77913ad1ab66c22633accc51040193032755176c5298211332eea18944084154d5657bede2aae3cc0e1469cfb2dd17319bff1abb7473d99494bb9d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
ba29849d9a38155e5b8a6e22b761fce0

SHA1
9f069bae7fa34b0c43910bf974ce03cd1a494734

SHA256
96d91323ecf8459933d934ef36f09a621b3d432192358e2d82b959abc288d6d9

SHA512
c29a06600a1f6960d5e60960a775e7a751f512b89000f0785180e18db90329d85daa56fc9944bfbc9651b7fbd7a96222f38efdb3da9ed1ff5654e8aa0f636079

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
2a3a10cef990918cab2d75c2f2254cfb

SHA1
f2d4eb83f661bde5f2aa16eeb32ec851d2c068bd

SHA256
e057a18ba2ef7c839b4f0a18b7d03aca5803cd357341e0af84225a5f79fb3682

SHA512
a6a80b8faf9159fcdcd0d6b9fc520ad4d1f610669dce4c58b280f866dac79703bfd18adc7dabe3b938a05cc34def8e934e17927d3e4b11ffd9f2aac764ad4395

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
05d7382c199d6608b7c0567e65a044c5

SHA1
2a5b521e97a829722b7f397c2cea2b3e21c3db22

SHA256
a0c189884f18cb679d45c746cd883028c4595ceb13cdeb67acc580e288cb3b78

SHA512
a874fda1202a24090a3b28b8bb16c439f4298d7b7d4613697a32b46cb240884b5f3f80766d1334347302a79cbb57f94390e4ee3b414b52e557d0c3a1046dfbe4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c2161b50cc492cf58f08e6dd81a06815

SHA1
b30b1e8ede63a5c3039bef016abcba796465ffa5

SHA256
9d2797fc6a15d1bf961543da3c5b57bbdacb0978bb759045a7a60467ef2095f5

SHA512
19fd4e3aa44bc37f759d6fe336dba2979dc28b704d5474b60a8bdd71ff19d57ac79210dc5eced0c39659f01be9c649541d5e9d04b94f88550d3448e9125c0799

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
a50cabf7c89d60bb4e11dc3c5b1c7fdc

SHA1
7fafb8adac6255f213374274835b01637bae522a

SHA256
8813e7b83892b63539c93f2be1cdfca9b71c9dad4edee5e83f33af4e65ee5438

SHA512
7b2d05a223bcf9876527cd82e5300259a1f8bad38d07dff3184d153a272c534402153a68fc56fbaa91eb483f8f63b32303aa4ef5c711f75e24aed7f522d567c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
18d943ce86d0fa9cd8fad6543f932e52

SHA1
93d604d4152f7e097e130c5cd6ce4d3279ba4b2a

SHA256
0b5bc361cc58ef3d055c010bb013dc8e5f6c03352d05c62f2ba4b31441699ed7

SHA512
84c03268e390f840576e5ed718e234602207f257b11b65aa275d001514bda46b67f2812a83ca46c58b342ae21bcff7c7a2b4d83c6345ea71505d6397f33c6978

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
c0a961d5a0351535df923296e227639f

SHA1
e152ccf3ac8809701144ac8d2bd70613f6bfc901

SHA256
70937a114b9f0fb46d7039fa290f92dae4ecd0928a96bd9c293ae0fd9234725c

SHA512
da20c16c66a85882f6afdd90f4936adc5c3c53c38ee3f9c9ccc8f3a5b2fb45e85b02bd4246a00e010e36622d550e87b2836cce5a60f656049ef86f9091a3506b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
400f3f5eb90212d78d64fcc2502b7f70

SHA1
7e184bc1b36b186b7cb1ea3908264f396526159a

SHA256
d2170addaf791b45ba71ebb25e8539d6ed0c9df9f7e73b61ae423fb28baaf6e8

SHA512
e029377e6aef4d1ec044b1d3ff3d5150d6e2e0119db8a0f26d525296cb6a9425d2af190f31d906e521ff6b1b134826773149d183f82f25a8e82dbf19a4d8d32e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
2c3c99986cf9886482b3ea3c885dbfdf

SHA1
d0ac6308c2ea831320e654ed315d99a4d724dfaf

SHA256
161197b1461d7232cf8c1e013488d70ae8a2c3cf8eca45ce6b635d3e3a0ceeb2

SHA512
498a52cd9285ec130c561771b387ecd4437a2c336bb61050d92a8894dc5943f7e285a735926baf9138847acfa28e44b627cf50220e181cef89b1e4a82699cc2a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
494328388138a80bb0f883d025e9ee10

SHA1
8f1761c49b22e1ed5415fc2ac8a2ce9b60f42803

SHA256
c08ac6c27a534ac39a3d5a30f52f19b23018d4d12187cce3d5030747da34a7fa

SHA512
407659ac1a749e6a5e86603a0ac31889cc5afc17622c08c2f0ab7662f059f8cee7e6d54985e3d5ffe2bed97136527a22614fae2b804aff0a3755ef6c90fc0e75

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
f616bf0f81c01c97b60125ed78057bb4

SHA1
4ccbac5bda192bc660281e2fefadbcb30465a542

SHA256
7c0e843e50b9463f830ba1cacc5d8131b6ace5a589a26f728e891aebb5d78117

SHA512
1dd9356c2b54c53465013b1a7d30bd8813c5efb568c32d30af64f484b2d433e0296027824d29cecdadf5dc1e47c974279c6eb7157927107ea3680594d3833719

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
93c5decbc30c84756bfc3ba6791e6dc1

SHA1
b916f2867b2ae43d7995575bb7cafd1c5d73f677

SHA256
e945b4d5927331f6f9bd73510596a0845c1f80be840fb9021fce3ab01dce2f5b

SHA512
9d4ab5b906005715ab17abc3171aeb744db97673f60ec78e33f889ef4b122d361179c5d2c253874db15f7c78303be735f0c18d10eb97f4448fb86f60478115c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ab2dcc37fe7424007756ed99b963a124

SHA1
a98956749819d4f7c36976b0526cd093b2a88a0e

SHA256
aaf0dfd408c5505faa00873e7d33a4a6cb2b3f32a27ec2245312f22025383cef

SHA512
9aeb76f97a9148c0b725bf3bf14c2fca5c57e0722e47c935d350abcae242c1b79f984e322c61944d5eb42f6cc2ee2e48b94f1f0b651d0acde74403e41d104e2d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
1d3b7544ac42b00316e6ee42b4bbebbe

SHA1
fcbe6be030bf80af7ed16fecbb647ffd9e7340aa

SHA256
c8a0e5fab9ef118f5ca9e8d07ac31bb78c52b673b149f0d6c8d0b9c0fb860155

SHA512
e32edbf71bce6633929ac27d7577b5a77b95936c26efbeab9f23cf25f9d9bc13d7999726e9ce0bf944c6700a02ba4deb9f3829ac9c0e8e2576ea3cbfdf37e3df

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
1fc72f0d9352377c911d18a5de418dcb

SHA1
1ef59d00ea7d49d8dde1828e43f55ff311a8e2aa

SHA256
2c6aa482aea7a8360d016815bea73d2440b219f1dba305657b2fbab36d965787

SHA512
9ce02950c5de83f5e157c52b49f0c382cf17ea38e965a8ab4e26f1afda8712f62db61dc99d09f304e7d0390ef706c7a5d5579b758b31bca018dc6719d7e2dac8

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
978ae2f96130c2df948843d136e55ea4

SHA1
a3cb18432500bcaaf326dadda6e558f070a22b3c

SHA256
cd19d77c6e92575eaeb1a829acc14f36477615cefdec5a860c8e0a0b71ff5637

SHA512
15f03002155f9e50459f1d4f9e66b3b561c915da899a95fedeebf54b748b2401ee77b8ba0fcb7185402956fbea286fba741d144858f53f8180fbbfd695014406

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
0e4fce14d9cb7b71369a4a3a6fb296e3

SHA1
b212b77e4ec51c6c541c1ae0fbb36e572ecc2225

SHA256
6c0311f83768b8f5238a126a82c3af2dc35d3fa31d6753f1aca496cf0a985bda

SHA512
284332b5e3a3b4a1ee2074b76a16decf047725645ecc6c03c4817623728fbe9472bbe493b8dbcc2758809428796f0a4f37b587dba686915ce2419863497ddb8b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
151742ff9354d321b9ad0ed845b91c5f

SHA1
ddadd739beab70d81b357205cc2795158ac335f3

SHA256
8e5dd3afc21295014ad4aa307ba65ea81538c516bb973dd81687c8fa29e2af98

SHA512
baaf52be6411a00652bb86962dcc705ebb1b1a1f20a8b21964b69d811a29134f811f8be3a2b4916698900de142e749b2a20e9f634dc5c34e7dda967c7bfbf5b0

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
5508ebc2d0cf46b7549df20e7228a33f

SHA1
fe7cabb50ab14c97c35a72f07a5a6da3a4e43eab

SHA256
553b85dfc8d765aca0e39f2c257853ce67255c02399d221d409b3c40efae29d2

SHA512
e4d9d42dc9e6dc8c87604a6a1a6e7aa0e9f1e083fa39f0e506c0984fd77eec963932edc099d2ddc0caed81eb963c93b7f6c09aaf27e3c3e7eac0e0d9873cfdae

Download Submit
memory/60-6402-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-10966-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-10817-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-6401-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-11245-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-11250-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/60-11251-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5056-128-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/5056-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download