neshta | 5e0f3c08bbf613e917106a6a776782d33f1c261a48b6a3fd6d58036d3cfaac7c

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe
Size

5.5MB
MD5

4ed4a6c0d1e58852258a982ec4bd8f59
SHA1

91c455d5b4823e9f1c9c435fa3a38b727efa20fb
SHA256

5e0f3c08bbf613e917106a6a776782d33f1c261a48b6a3fd6d58036d3cfaac7c
SHA512

675827a3e67816698b6957cd159532fe587c962035abdcf46e075330d6516fd375a96d0d4279da01465f86dcbf01eb652d09647894f65872dd56d17003fca8f7
SSDEEP

98304:SShvKZ9My4WjLDCLHdrLbyUCLN19MaWSHGFhluzlra/+amH6ckIF1Y064Eg22ki:SxZiy42D6lvyb/MaZHJlZy34Eg2K

Score

10^/10

neshta rms xorist credential_access defense_evasion discovery persistence ransomware rat spyware stealer trojan upx

Malware Config

Signatures

Detect Neshta payload 54 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\bwin32.exe	family_neshta
C:\Windows\svchost.com	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE	family_neshta
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	family_neshta
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE	family_neshta
C:\PROGRA~2\Google\Update\DISABL~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MIA062~1.EXE	family_neshta
C:\PROGRA~2\MOZILL~1\UNINST~1.EXE	family_neshta
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MI9C33~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE	family_neshta
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe	family_neshta
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE	family_neshta
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE	family_neshta
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe	family_neshta
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe	family_neshta
C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe	family_neshta
C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE	family_neshta
C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE	family_neshta
C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE	family_neshta
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\ONEDRI~1.EXE	family_neshta
behavioral2/memory/3744-2474-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4228-5401-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1308-6116-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4228-8669-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1308-8849-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4228-10184-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1308-10186-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/1308-11124-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta
behavioral2/memory/4228-11123-0x0000000000400000-0x000000000041B000-memory.dmp	family_neshta

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/776-5074-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-5402-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-8670-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-10185-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-11226-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-11571-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist
behavioral2/memory/776-11582-0x0000000000400000-0x00000000007D7000-memory.dmp	family_xorist

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

bwin32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe

Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.

Query Registry
T1012

System Information Discovery
T1082

Processes:

ufr.exe

description ioc process

Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion ufr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ufr.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exebwin32.exeMAxPayne3_licence.exeinstall.exeufr.exeip.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	bwin32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	MAxPayne3_licence.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	install.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	ufr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	ip.exe

Drops startup file 1 IoCs

Processes:

bwin32.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe

Executes dropped EXE 16 IoCs

Processes:

ufr.exeMAxPayne3_licence.exebwin32.exebwin32.exesvchost.cominstall.exerutserv.exerutserv.exerutserv.exerutserv.exerfusclient.exerfusclient.exeip.exesvchost.comrealip.exerfusclient.exe

pid	process
1636	ufr.exe
2260	MAxPayne3_licence.exe
4228	bwin32.exe
776	bwin32.exe
1308	svchost.com
2212	install.exe
1712	rutserv.exe
4920	rutserv.exe
4916	rutserv.exe
4700	rutserv.exe
180	rfusclient.exe
2052	rfusclient.exe
1668	ip.exe
3744	svchost.com
2388	realip.exe
1460	rfusclient.exe

Modifies system executable filetype association 2 TTPs 1 IoCs
persistence

Modify Registry
T1112

Change Default File Association
T1546.001

Processes:

bwin32.exe

description ioc process

Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" bwin32.exe
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	bwin32.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

bwin32.exereg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\02rbw7ONTlI4dnt.exe"	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ip = "C:\\Windows\\system32\\win32\\ip.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Drops file in System32 directory 64 IoCs

Processes:

bwin32.exeMAxPayne3_licence.exerutserv.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ISE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\win32\dsfVorbisDecoder.dll	MAxPayne3_licence.exe
File opened for modification	C:\Windows\SysWOW64\RWLN.dll	rutserv.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas2i.inf_amd64_b4e933c4540ad3cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\da-DK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmetech.inf_amd64_bbd46500a9d0e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\XPSViewer\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\win32\vp8encoder.dll	MAxPayne3_licence.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbug3.inf_amd64_aef240978776cd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\winrm\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa.inf_amd64_7cfab61cbab23e11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swdevice.inf_amd64_12050f4158021fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xboxgip.inf_amd64_90ed6b3fdc759a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sas3i.inf_amd64_79c7a4d8be0a9744\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\ar-SA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

bwin32.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\obbdgiilooaddgii.bmp"	bwin32.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe	upx
behavioral2/memory/776-55-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
C:\Windows\SysWOW64\win32\install.exe	upx
behavioral2/memory/2212-422-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/1668-2381-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/2212-3186-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/776-5074-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/776-5402-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/1668-6710-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/776-8670-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/776-10185-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/776-11226-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/776-11571-0x0000000000400000-0x00000000007D7000-memory.dmp	upx
behavioral2/memory/776-11582-0x0000000000400000-0x00000000007D7000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

bwin32.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-200.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Config\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailMediumTile.scale-150.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerSmallTile.contrast-white_scale-125.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\x_logo.png	bwin32.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-en_us_2x.gif	bwin32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-125.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteWideTile.scale-200.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailLargeTile.scale-150.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-125.png	bwin32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC	bwin32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\PREVIEW.GIF	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_contrast-white.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-white.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\quickreplysend.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-125_contrast-black.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-40.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-200.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60.png	bwin32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png	bwin32.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-400.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-20_altform-unplated.png	bwin32.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Moustache.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-100.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36.png	bwin32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Sunset.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-100.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-150_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80.png	bwin32.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg4.jpg	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-64_altform-lightunplated.png	bwin32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\adc_logo.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-unplated_devicefamily-colorfulunplated.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-100.png	bwin32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-1x.png	bwin32.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_contrast-black.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxSmallTile.scale-125.png	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-96.png	bwin32.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md	bwin32.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-125.png	bwin32.exe

Drops file in Windows directory 64 IoCs

Processes:

bwin32.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_nb-no_e0132477454b2a7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_multimedia-windows-..n-playready-desktop_31bf3856ad364e35_10.0.19041.1_none_ef166e795b249cbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-creddialogcontroller_31bf3856ad364e35_10.0.19041.264_none_0ae66a71c22a4b82\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_installutil.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_b3ae48eec49b4d05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\CellularToast.scale-150_contrast-white.png	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tpm-engine_31bf3856ad364e35_10.0.19041.1202_none_5d5f73fcc27582fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..emsupport.resources_31bf3856ad364e35_10.0.19041.1_es-es_b5a569b8ef1537d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setup-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_aecf9459731f7141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\33ddd1d414c8f8d6deceff1a62363c2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..eservices.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_be18ea1916c99427\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-vault-cds_31bf3856ad364e35_10.0.19041.1_none_ad5745a3daf6345d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\MediumTile.scale-150.png	bwin32.exe
File opened for modification	C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-200.png	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..nc-host-gpextension_31bf3856ad364e35_10.0.19041.1_none_a80ed6206c0f9458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.546_zh-tw_44008cdf4a0d575e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ining-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_43a98ca6667f0342\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nputpersonalization_31bf3856ad364e35_10.0.19041.789_none_a6e314d71940a7c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..-inputdll.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5e441aacd3723c4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_netfx-wcf-migration_31bf3856ad364e35_10.0.19041.746_none_3531a4b299a0b78d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..lter-mgmt.resources_31bf3856ad364e35_10.0.19041.1266_en-us_8eb2d74ac0cec917\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speechengine.resources_31bf3856ad364e35_10.0.19041.1_en-us_cec727bd7591a582\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..lerevocationmanager_31bf3856ad364e35_10.0.19041.746_none_ffd09f17e1195116\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-adaptivecards_31bf3856ad364e35_10.0.19041.1_none_48036451e98a0518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..owershell.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_cff29ade12ecb5f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.19041.1052_none_b39097e5dc722fb4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_system.printing_31bf3856ad364e35_4.0.15805.0_none_255352c97eef99d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..mation-asyncfilters_31bf3856ad364e35_10.0.19041.1_none_370f21fb8cdf7312\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.scale-150.png	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..mecontrol.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_bd32349b6e1795fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..dlers-accessibility_31bf3856ad364e35_10.0.19041.153_none_7c6b53a1203e6515\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..y-webauth.resources_31bf3856ad364e35_10.0.19041.1_es-es_600ba9a741a3440a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-search-adm.resources_31bf3856ad364e35_7.0.19041.1_fr-fr_f3aa625b3df3bacc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-antimalware-scan-interface_31bf3856ad364e35_10.0.19041.1_none_16fa11cfaad240cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hardware-policy_31bf3856ad364e35_10.0.19041.423_none_e02c324d08969a68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ivesyncprovisioning_31bf3856ad364e35_10.0.19041.264_none_76f5f1934ad68c04\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_10.0.19041.1_none_0e1fb02a57158eaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.19041.1_none_3e188ad1a12f1c4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-languagesdb-onecore_31bf3856ad364e35_10.0.19041.546_none_5395fb13ec09d1fb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-audio-rdscrossvmaudio_31bf3856ad364e35_10.0.19041.746_none_32acd44767b3fca0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-q..ions-core.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d36747b22258d1fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-400_contrast-white.png	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..tasp1.res.resources_31bf3856ad364e35_10.0.19041.1_es-es_c76041b823262df6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..etintlerr.resources_31bf3856ad364e35_10.0.19041.1_es-es_ee93ae3691280880\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_idtsec.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_168ca9d058f54306\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\INF\usbhub\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Excel.v9.0\9.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dsquery.resources_31bf3856ad364e35_10.0.19041.1_es-es_0ccb75ee07dda134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_rndiscmp.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fe24cbc32598880c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..pplatform.resources_31bf3856ad364e35_10.0.19041.1_it-it_b3d3e27a9ec2e61e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_hyperv-computelib-eventlog.resources_31bf3856ad364e35_10.0.19041.1_de-de_5d7a7be2a031b586\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ux-wlanmediamanager_31bf3856ad364e35_10.0.19041.1202_none_e60886959a887b52\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..oth-avctp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_290e7986b0b6564c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_ufxchipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c8f70ed0cb10b555\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-256_altform-lightunplated.png	bwin32.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\eventBreakpointDisabled.png	bwin32.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_10.0.19041.1202_none_1fd41533d2b067a4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ansliteration-nowow_31bf3856ad364e35_10.0.19041.1_none_0a1dcb44ea77fd15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\rescache\_merged\3970336390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2a727c323385f246\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.906_none_c3423ff2a842a4c8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_dual_prnms002.inf_31bf3856ad364e35_10.0.19041.117_none_cb9f3b702835005f\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.19041.1_none_95adedd5fd07f242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bwin32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 23 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

rutserv.exerutserv.exeip.exereg.execmd.exeMAxPayne3_licence.execmd.exereg.exeipconfig.exerealip.exerutserv.exerfusclient.exesvchost.comrfusclient.exeufr.exebwin32.exesvchost.comrutserv.execmd.exerfusclient.exe4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exebwin32.exeinstall.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rutserv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rutserv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ip.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MAxPayne3_licence.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ipconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	realip.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rutserv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfusclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfusclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ufr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bwin32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rutserv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rfusclient.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bwin32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	install.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ufr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ufr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ufr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	ufr.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

4552 ipconfig.exe

pid	process
4552	ipconfig.exe

Modifies registry class 13 IoCs

Processes:

bwin32.exebwin32.exeMAxPayne3_licence.exeufr.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.RSA-1024	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.RSA-1024\ = "ZONRADBSBAUYYBQ"	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\ = "CRYPTED!"	bwin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\DefaultIcon	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\02rbw7ONTlI4dnt.exe,0"	bwin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\shell\open\command	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	bwin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ	bwin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\shell	bwin32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\shell\open	bwin32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZONRADBSBAUYYBQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\02rbw7ONTlI4dnt.exe"	bwin32.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	MAxPayne3_licence.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	ufr.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

3260 reg.exe

pid	process
3260	reg.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

ufr.exerutserv.exerfusclient.exe

pid	process
1636	ufr.exe
1636	ufr.exe
1636	ufr.exe
1636	ufr.exe
1636	ufr.exe
1636	ufr.exe
4700	rutserv.exe
4700	rutserv.exe
4700	rutserv.exe
4700	rutserv.exe
2052	rfusclient.exe
2052	rfusclient.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

Processes:

rfusclient.exe

pid process

1460 rfusclient.exe

pid	process
1460	rfusclient.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

rutserv.exerutserv.exerutserv.exe

description	pid	process
Token: SeDebugPrivilege	1712	rutserv.exe
Token: SeDebugPrivilege	4916	rutserv.exe
Token: SeTakeOwnershipPrivilege	4700	rutserv.exe
Token: SeTcbPrivilege	4700	rutserv.exe

Suspicious use of WriteProcessMemory 63 IoCs

Processes:

4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exebwin32.exeMAxPayne3_licence.exesvchost.cominstall.execmd.exerutserv.exeufr.exesvchost.comip.execmd.exerfusclient.exe

description	pid	process	target process
PID 2612 wrote to memory of 1636	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	ufr.exe
PID 2612 wrote to memory of 1636	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	ufr.exe
PID 2612 wrote to memory of 1636	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	ufr.exe
PID 2612 wrote to memory of 2260	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	MAxPayne3_licence.exe
PID 2612 wrote to memory of 2260	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	MAxPayne3_licence.exe
PID 2612 wrote to memory of 2260	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	MAxPayne3_licence.exe
PID 2612 wrote to memory of 4228	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	bwin32.exe
PID 2612 wrote to memory of 4228	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	bwin32.exe
PID 2612 wrote to memory of 4228	2612	4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe	bwin32.exe
PID 4228 wrote to memory of 776	4228	bwin32.exe	bwin32.exe
PID 4228 wrote to memory of 776	4228	bwin32.exe	bwin32.exe
PID 4228 wrote to memory of 776	4228	bwin32.exe	bwin32.exe
PID 2260 wrote to memory of 1308	2260	MAxPayne3_licence.exe	svchost.com
PID 2260 wrote to memory of 1308	2260	MAxPayne3_licence.exe	svchost.com
PID 2260 wrote to memory of 1308	2260	MAxPayne3_licence.exe	svchost.com
PID 1308 wrote to memory of 2212	1308	svchost.com	install.exe
PID 1308 wrote to memory of 2212	1308	svchost.com	install.exe
PID 1308 wrote to memory of 2212	1308	svchost.com	install.exe
PID 2212 wrote to memory of 2528	2212	install.exe	cmd.exe
PID 2212 wrote to memory of 2528	2212	install.exe	cmd.exe
PID 2212 wrote to memory of 2528	2212	install.exe	cmd.exe
PID 2528 wrote to memory of 2896	2528	cmd.exe	reg.exe
PID 2528 wrote to memory of 2896	2528	cmd.exe	reg.exe
PID 2528 wrote to memory of 2896	2528	cmd.exe	reg.exe
PID 2528 wrote to memory of 1712	2528	cmd.exe	Conhost.exe
PID 2528 wrote to memory of 1712	2528	cmd.exe	Conhost.exe
PID 2528 wrote to memory of 1712	2528	cmd.exe	Conhost.exe
PID 2528 wrote to memory of 4920	2528	cmd.exe	rutserv.exe
PID 2528 wrote to memory of 4920	2528	cmd.exe	rutserv.exe
PID 2528 wrote to memory of 4920	2528	cmd.exe	rutserv.exe
PID 2528 wrote to memory of 4916	2528	cmd.exe	rutserv.exe
PID 2528 wrote to memory of 4916	2528	cmd.exe	rutserv.exe
PID 2528 wrote to memory of 4916	2528	cmd.exe	rutserv.exe
PID 4700 wrote to memory of 2052	4700	rutserv.exe	rfusclient.exe
PID 4700 wrote to memory of 2052	4700	rutserv.exe	rfusclient.exe
PID 4700 wrote to memory of 2052	4700	rutserv.exe	rfusclient.exe
PID 4700 wrote to memory of 180	4700	rutserv.exe	rfusclient.exe
PID 4700 wrote to memory of 180	4700	rutserv.exe	rfusclient.exe
PID 4700 wrote to memory of 180	4700	rutserv.exe	rfusclient.exe
PID 2528 wrote to memory of 1668	2528	cmd.exe	ip.exe
PID 2528 wrote to memory of 1668	2528	cmd.exe	ip.exe
PID 2528 wrote to memory of 1668	2528	cmd.exe	ip.exe
PID 2528 wrote to memory of 3260	2528	cmd.exe	reg.exe
PID 2528 wrote to memory of 3260	2528	cmd.exe	reg.exe
PID 2528 wrote to memory of 3260	2528	cmd.exe	reg.exe
PID 1636 wrote to memory of 3744	1636	ufr.exe	svchost.com
PID 1636 wrote to memory of 3744	1636	ufr.exe	svchost.com
PID 1636 wrote to memory of 3744	1636	ufr.exe	svchost.com
PID 3744 wrote to memory of 1504	3744	svchost.com	cmd.exe
PID 3744 wrote to memory of 1504	3744	svchost.com	cmd.exe
PID 3744 wrote to memory of 1504	3744	svchost.com	cmd.exe
PID 1668 wrote to memory of 3304	1668	ip.exe	cmd.exe
PID 1668 wrote to memory of 3304	1668	ip.exe	cmd.exe
PID 1668 wrote to memory of 3304	1668	ip.exe	cmd.exe
PID 3304 wrote to memory of 4552	3304	cmd.exe	ipconfig.exe
PID 3304 wrote to memory of 4552	3304	cmd.exe	ipconfig.exe
PID 3304 wrote to memory of 4552	3304	cmd.exe	ipconfig.exe
PID 3304 wrote to memory of 2388	3304	cmd.exe	realip.exe
PID 3304 wrote to memory of 2388	3304	cmd.exe	realip.exe
PID 3304 wrote to memory of 2388	3304	cmd.exe	realip.exe
PID 2052 wrote to memory of 1460	2052	rfusclient.exe	rfusclient.exe
PID 2052 wrote to memory of 1460	2052	rfusclient.exe	rfusclient.exe
PID 2052 wrote to memory of 1460	2052	rfusclient.exe	rfusclient.exe

C:\Users\Admin\AppData\Local\Temp\4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ed4a6c0d1e58852258a982ec4bd8f59_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\ufr.exe
  "C:\Users\Admin\AppData\Local\Temp\ufr.exe"
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\ufr.exe" >> NUL
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3744
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\ufr.exe >> NUL
      4⤵
      System Location Discovery: System Language Discovery
      PID:1504
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:1712
- C:\Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe
  "C:\Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Windows\svchost.com
    "C:\Windows\svchost.com" "C:\Windows\System32\win32\install.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1308
  - - C:\Windows\SysWOW64\win32\install.exe
      C:\Windows\System32\win32\install.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2212
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BE10.tmp\install.bat" "
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2528
      - C:\Windows\SysWOW64\reg.exe
        
        reg import set.reg
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
      - C:\Windows\SysWOW64\win32\rutserv.exe
        
        rutserv.exe /silentinstall
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
      - C:\Windows\SysWOW64\win32\rutserv.exe
        
        rutserv.exe /firewall
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4920
      - C:\Windows\SysWOW64\win32\rutserv.exe
        
        rutserv.exe /start
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4916
      - C:\Windows\SysWOW64\win32\ip.exe
        
        ip.exe
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CF27.tmp\ip.bat" "
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:3304
        
        C:\Windows\SysWOW64\ipconfig.exe
        
        ipconfig /all
        8⤵
        System Location Discovery: System Language Discovery
        Gathers network information
        
        PID:4552
        
        C:\Windows\SysWOW64\win32\realip.exe
        
        C:\Windows\System32\win32\realip.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2388
      - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v "ip" /t REG_SZ /d "C:\Windows\system32\win32\ip.exe" /f
        6⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:3260
- C:\Users\Admin\AppData\Local\Temp\bwin32.exe
  "C:\Users\Admin\AppData\Local\Temp\bwin32.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies system executable filetype association
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe
    "C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe"
    3⤵
    - Drops file in Drivers directory
    - Drops startup file
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - Sets desktop wallpaper using registry
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:776

C:\Windows\SysWOW64\win32\rutserv.exe
C:\Windows\SysWOW64\win32\rutserv.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\win32\rfusclient.exe
  C:\Windows\SysWOW64\win32\rfusclient.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Windows\SysWOW64\win32\rfusclient.exe
    C:\Windows\SysWOW64\win32\rfusclient.exe /tray
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: SetClipboardViewer
    PID:1460
- C:\Windows\SysWOW64\win32\rfusclient.exe
  C:\Windows\SysWOW64\win32\rfusclient.exe /tray
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE

Filesize
368KB

MD5
a344438de9e499ca3d9038688440f406

SHA1
c961917349de7e9d269f6f4a5593b6b9d3fcd4d2

SHA256
715f6420c423ae4068b25a703d5575f7c147b26e388f0fff1ae20c6abe821557

SHA512
8bf3c621725fddafa6326b057fee9beee95966e43c5fbab40ebaa4a1a64d17acca97a19d0ece10c3574e13e194ff191316871d1d46d4d74ffc0ac3efb403bca9

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE

Filesize
5.7MB

MD5
09acdc5bbec5a47e8ae47f4a348541e2

SHA1
658f64967b2a9372c1c0bdd59c6fb2a18301d891

SHA256
1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403

SHA512
3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe

Filesize
175KB

MD5
576410de51e63c3b5442540c8fdacbee

SHA1
8de673b679e0fee6e460cbf4f21ab728e41e0973

SHA256
3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

SHA512
f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE

Filesize
183KB

MD5
9dfcdd1ab508b26917bb2461488d8605

SHA1
4ba6342bcf4942ade05fb12db83da89dc8c56a21

SHA256
ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

SHA512
1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe

Filesize
131KB

MD5
5791075058b526842f4601c46abd59f5

SHA1
b2748f7542e2eebcd0353c3720d92bbffad8678f

SHA256
5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394

SHA512
83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE

Filesize
92KB

MD5
176436d406fd1aabebae353963b3ebcf

SHA1
9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a

SHA256
2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f

SHA512
a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe

Filesize
125KB

MD5
cce8964848413b49f18a44da9cb0a79b

SHA1
0b7452100d400acebb1c1887542f322a92cbd7ae

SHA256
fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

SHA512
bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

Download Submit
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE

Filesize
278KB

MD5
12c29dd57aa69f45ddd2e47620e0a8d9

SHA1
ba297aa3fe237ca916257bc46370b360a2db2223

SHA256
22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880

SHA512
255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

Download Submit
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe

Filesize
555KB

MD5
ce82862ca68d666d7aa47acc514c3e3d

SHA1
f458c7f43372dbcdac8257b1639e0fe51f592e28

SHA256
c5a99f42100834599e4995d0a178b32b772a6e774a4050a6bb00438af0a6a1f3

SHA512
bca7afd6589c3215c92fdaca552ad3380f53d3db8c4b69329a1fa81528dd952a14bf012321de92ad1d20e5c1888eab3dd512b1ac80a406baccc37ee6ff4a90dc

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe

Filesize
366KB

MD5
927c75ca98552179273baebb2038b44e

SHA1
e85f3a6b2f25c344a76306579a488ee3a757a1cf

SHA256
625a894f316118bcb6b291fcfe0d35b3bf0204285999885eb5b489bf1bd8581f

SHA512
55b0498c69568b3ef45a5ea22dbccb582b45e969678339b66264ab2186416ff373a3cef4c13b4ec06fe18dca575e7d54ba20a0645c3c54816882fd3d51c48bfc

Download Submit
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaws.exe

Filesize
505KB

MD5
452c3ce70edba3c6e358fad9fb47eb4c

SHA1
d24ea3b642f385a666159ef4c39714bec2b08636

SHA256
da73b6e071788372702104b9c72b6697e84e7c75e248e964996700b77c6b6f1c

SHA512
fe8a0b9b1386d6931dc7b646d0dd99c3d1b44bd40698b33077e7eeba877b53e5cb39ff2aa0f6919ccab62953a674577bc1b2516d9cadc0c051009b2083a08085

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GO664E~1.EXE

Filesize
146KB

MD5
cdc455fa95578320bd27e0d89a7c9108

SHA1
60cde78a74e4943f349f1999be3b6fc3c19ab268

SHA256
d7f214dc55857c3576675279261a0ee1881f7ddee4755bb0b9e7566fc0f425a9

SHA512
35f3741538bd59f6c744bcad6f348f4eb6ea1ee542f9780daa29de5dbb2d772b01fe4774fb1c2c7199a349488be309ceedd562ceb5f1bdcdd563036b301dcd9f

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOBD5D~1.EXE

Filesize
221KB

MD5
87bb2253f977fc3576a01e5cbb61f423

SHA1
5129844b3d8af03e8570a3afcdc5816964ed8ba4

SHA256
3fc32edf3f9ab889c2cdf225a446da1e12a7168a7a56165efe5e9744d172d604

SHA512
7cfd38ceb52b986054a68a781e01c3f99e92227f884a4401eb9fbc72f4c140fd32a552b4a102bedf9576e6a0da216bc10ce29241f1418acb39aeb2503cb8d703

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOF5E2~1.EXE

Filesize
146KB

MD5
d9a290f7aec8aff3591c189b3cf8610a

SHA1
7558d29fb32018897c25e0ac1c86084116f1956c

SHA256
41bed95cb1101181a97460e2395efebb0594849e6f48b80a2b7c376ddf5ce0ea

SHA512
b55ab687a75c11ba99c64be42ad8471576aa2df10ce1bb61e902e98827e3a38cd922e365751bd485cac089c2bd8bccf939a578da7238506b77fe02a3eb7994c6

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~2.EXE

Filesize
258KB

MD5
d9186b6dd347f1cf59349b6fc87f0a98

SHA1
6700d12be4bd504c4c2a67e17eea8568416edf93

SHA256
a892284c97c8888a589ea84f88852238b8cd97cc1f4af85b93b5c5264f5c40d4

SHA512
a29cc26028a68b0145cb20ec353a4406ec86962ff8c3630c96e0627639cf76e0ea1723b7b44592ea4f126c4a48d85d92f930294ae97f72ecc95e3a752a475087

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~3.EXE

Filesize
335KB

MD5
e4351f1658eab89bbd70beb15598cf1c

SHA1
e18fbfaee18211fd9e58461145306f9bc4f459ea

SHA256
4c783822b873188a9ced8bd4888e1736e3d4f51f6b3b7a62675b0dc85277e0eb

SHA512
57dbc6418011bcac298e122990b14ed1461c53b5f41cb4986d1d3bbbb516c764a7c205fc4da3722399fdb9122f28e4ec98f39d2af80d4b6a64d7bd7944d1c218

Download Submit
C:\PROGRA~2\Google\Update\1336~1.371\GOOGLE~4.EXE

Filesize
433KB

MD5
674eddc440664b8b854bc397e67ee338

SHA1
af9d74243ee3ea5f88638172f592ed89bbbd7e0d

SHA256
20bbf92426732ff7269b4f2f89d404d5fee0fa6a20944004d2eeb3cc2d1fa457

SHA512
5aced0e2235f113e323d6b28be74da5e4da4dc881629461df4644a52bccd717dc6d2632c40ed8190b3ad060b8b62c347757a0bbe82680d892114c1f0529146b7

Download Submit
C:\PROGRA~2\Google\Update\DISABL~1.EXE

Filesize
198KB

MD5
7429ce42ac211cd3aa986faad186cedd

SHA1
b61a57f0f99cfd702be0fbafcb77e9f911223fac

SHA256
d608c05409ac4bd05d8e0702fcf66dfae5f4f38cbae13406842fa5504f4d616f

SHA512
ee4456877d6d881d9904013aabecb9f2daf6fc0ec7a7c9251e77396b66a7f5a577fe8544e64e2bb7464db429db56a3fe47c183a81d40cc869d01be573ab5e4c1

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MI9C33~1.EXE

Filesize
139KB

MD5
1e09e65111ab34cb84f7855d3cddc680

SHA1
f9f852104b46d99cc7f57a6f40d5db2090be04c0

SHA256
8f5c7c8e0258a5caa37637b2fa36f3bd87569a97b5c1ecf40dab50e7255fcf9c

SHA512
003176cb9dd7668b1b40e4d60d86d57c1a9ec4d873382aab781b31c8c89f0e388f3d406963f159412e2828d0be9f6daea146a252d8ee47281dda01123c9e7ace

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MIA062~1.EXE

Filesize
1.7MB

MD5
4754ef85cf5992c484e75c0859cd0c12

SHA1
199b550e52f74d5a9932b1210979bc79a9b8f6fd

SHA256
da6de758d909ff5b7fb150a4a6a6b9774951aa2bd7c93966ea8951647386c330

SHA512
22c557807b81aac91c65643abb73f212d13f7c4504b6bb14e82bd9cf91319f2daadafa67425d91fa95f1d39c3700684f928e7d68468cb192c4c0be71b9f9b5ab

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~1.EXE

Filesize
201KB

MD5
c7f7803a2032d0d942340cfebba0a42c

SHA1
578062d0707e753ab58875fb3a52c23e6fe2adf6

SHA256
0f201a8142c5a8adc36d2a177dd8d430eef2b05cff0e4faefb52440e823b54bb

SHA512
48e3e1eb3a33c1b8c20411209d8ed261c00798393f5fdd691d3fa0abed2849d8eb241bedcbeefddfebbec292c7abd254023e25df77c85b46000fe63a7324172b

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~2.EXE

Filesize
250KB

MD5
5d656c152b22ddd4f875306ca928243a

SHA1
177ff847aa898afa1b786077ae87b5ae0c7687c7

SHA256
4d87b0eb331443b473c90650d31b893d00373ff88dcbcb3747f494407799af69

SHA512
d5e50ee909ea06e69fc0d9999c6d142f9154e6f63462312b4e950cf6e26a7d395dbb50c8e2a8c4f4e1cfb7b2c6ae8ad19e3b7c204c20e7557daa1a0deb454160

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~3.EXE

Filesize
139KB

MD5
e6aecae25bdec91e9bf8c8b729a45918

SHA1
3097cddcb7d2a7512b8df9f5637d9bb52f6175ed

SHA256
a60e32baf0c481d6b9db3b84c205716fe2e588cb5089c3d0e4e942e453bf086d

SHA512
c9a6add86a2907f21c5049613fd8300800e4a949a943feea9ab36a271596343328bf0856e3d8dc4784b1c8357e01c3702761b8d9a3170ebd279dc4e1f1cacb01

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE

Filesize
244KB

MD5
da18586b25e72ff40c0f24da690a2edc

SHA1
27a388f3cdcfa7357f971b5c4411ea5aa1b9e5f5

SHA256
67f6e8f14bcf0e6d570c1f4ac5a1bb80a4e1470b5bad5a7ee85689c476597d8e

SHA512
3512820a9d37b61f77a79b2d4d3f6aec9ef53dbf81071bee16f5dcc8173393a1cd1bffe9f7f39467b72f9c9271a78e42078e68598934188d9df0b887f2edc5ab

Download Submit
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE

Filesize
276KB

MD5
4f197c71bb5b8880da17b80a5b59dd04

SHA1
c3d4b54f218768e268c9114aa9cdaf36a48803cd

SHA256
a1a0bf09839e6175e5508271774c6d94f4eb2130c914ea7666c1ecaf1a6fde47

SHA512
e6104ade74dc18e05be756e2a287b9940cdc98150ddd7c562b61282d57070e1d7272316469f1e1b294d3dfbcf191c2692de0d45a2fae59e73c4c039d80f3e002

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE

Filesize
509KB

MD5
7c73e01bd682dc67ef2fbb679be99866

SHA1
ad3834bd9f95f8bf64eb5be0a610427940407117

SHA256
da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d

SHA512
b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE

Filesize
138KB

MD5
5e08d87c074f0f8e3a8e8c76c5bf92ee

SHA1
f52a554a5029fb4749842b2213d4196c95d48561

SHA256
5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714

SHA512
dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE

Filesize
1.6MB

MD5
41b1e87b538616c6020369134cbce857

SHA1
a255c7fef7ba2fc1a7c45d992270d5af023c5f67

SHA256
08465cc139ee50a7497f8c842f74730d3a8f1a73c0b7caca95e9e6d37d3beed3

SHA512
3a354d3577b45f6736203d5a35a2d1d543da2d1e268cefeffe6bdb723ff63c720ceb2838701144f5fec611470d77649846e0fb4770d6439f321f6b819f03e4db

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE

Filesize
1.1MB

MD5
6088771ce98d1dd4c4f3b70291c7ef39

SHA1
09f041bf16a84d2214a75672d2eb7e982b68f0c2

SHA256
9300eae88b3af629d2041145c0b9692ae7d8ac0ba1d4fa626084c02ec9adb1cc

SHA512
e1470ae4ad68f95655ba55c0ae578c46f030e2e627eff44f42934119ddff6ce2f58afbd4b7fc9a94086d954f1a053ae3b520758e1a536c0e823da7882a9dba14

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe

Filesize
3.6MB

MD5
6ce350ad38c8f7cbe5dd8fda30d11fa1

SHA1
4f232b8cccd031c25378b4770f85e8038e8655d8

SHA256
06a3bb0bdd2da870bc8dc2c6b760855cea7821273ce59fc0be158149e52915ba

SHA512
4c18a112fec391f443a4ae217ac6d1850e0cfdad4b2d2cbe3f61cb01c0a1400ea6bd5c3ffe0a9978ead50e7f6cfab96ae5090bb9a611f988f1a86ccaa5d4cd4f

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE

Filesize
1.6MB

MD5
11486d1d22eaacf01580e3e650f1da3f

SHA1
a47a721efec08ade8456a6918c3de413a2f8c7a2

SHA256
5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3

SHA512
5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE

Filesize
2.8MB

MD5
eb008f1890fed6dc7d13a25ff9c35724

SHA1
751d3b944f160b1f77c1c8852af25b65ae9d649c

SHA256
a9b7b9155af49d651b092bb1665447059f7a1d0061f88fa320d4f956b9723090

SHA512
9cfe3480f24bf8970ad5773cb9df51d132ee90ada35cbf8ec1222e09a60ae46b2ff4b96862fea19085b1c32f93c47c69f604589fa3f4af17e5d67bef893b6bf1

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE

Filesize
1.3MB

MD5
27543bab17420af611ccc3029db9465a

SHA1
f0f96fd53f9695737a3fa6145bc5a6ce58227966

SHA256
75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c

SHA512
a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE

Filesize
1.1MB

MD5
a5d9eaa7d52bffc494a5f58203c6c1b5

SHA1
97928ba7b61b46a1a77a38445679d040ffca7cc8

SHA256
34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48

SHA512
b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE

Filesize
1.1MB

MD5
5c78384d8eb1f6cb8cb23d515cfe7c98

SHA1
b732ab6c3fbf2ded8a4d6c8962554d119f59082e

SHA256
9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564

SHA512
99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6

Download Submit
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe

Filesize
3.2MB

MD5
5119e350591269f44f732b470024bb7c

SHA1
4ccd48e4c6ba6e162d1520760ee3063e93e2c014

SHA256
2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873

SHA512
599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

Download Submit
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE

Filesize
274KB

MD5
d84f63a0bf5eff0c8c491f69b81d1a36

SHA1
17c7d7ae90e571e99f1b1685872f91c04ee76e85

SHA256
06d363997722b0e3c4787f72ca61cb2a8ad59ea7ba8a9d14eafa8a8a550687a2

SHA512
865aab84cfe40604ffd013d8517a538eb1322b90372d236821c0e39e285a20bdad755ddff8d59d8af47a9b10b6c77947abc9148761e75892c617db8503b0ef6e

Download Submit
C:\PROGRA~2\MOZILL~1\UNINST~1.EXE

Filesize
141KB

MD5
3cfd732cd6a3399c411739a8b75b5ae2

SHA1
242b02177cbec61819c11c35c903a2994e83ae10

SHA256
e90c627265bc799db00828179a5d76717a577086755043ba223a9ac78510a2ff

SHA512
b7b61c5f9dab2c6a4e5157a934db5bb26727418698fa44f05fbb9af38cd93dee0261f3f28700bc5cb21e8947a542c3ee6166375ea262c19d41e84c68b0d0fc72

Download Submit
C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe

Filesize
494KB

MD5
05bdfd8a3128ab14d96818f43ebe9c0e

SHA1
495cbbd020391e05d11c52aa23bdae7b89532eb7

SHA256
7b945c7e6b8bfbb489f003ecd1d0dcd4803042003de4646d4206114361a0fbbb

SHA512
8d9b9fc407986bd53fe3b56c96b7371cc782b4bac705253bfb0a2b0b1e6883fdb022f1ac87b8bfd7005291991b6a3dfbaceab54f5d494e0af70f0435a0b8b0da

Download Submit
C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE

Filesize
715KB

MD5
f34835c1f458f93cd9041bfa7d01ee7d

SHA1
283ac4059492a22e10f7fcef219e52e0400a8926

SHA256
afc5cc567db1a3318c89dd0efad2ca60a353290bc25d98bbbba8e6f1492e23b1

SHA512
d5cc2244f1b6492dd9e66c6e917c2dfaa11376d4a8d1dea2c241cd35ce947ad919e47d1a78dea0c1f6cd6fa1e74426f806ddcf9ed3e8f25a9ae7c370b09e6857

Download Submit
C:\PROGRA~3\PACKAG~1\{D87AE~1\WINDOW~1.EXE

Filesize
650KB

MD5
2f826daacb184077b67aad3fe30e3413

SHA1
981d415fe70414aaac3a11024e65ae2e949aced8

SHA256
a6180f0aa9c56c32e71fe8dc150131177e4036a5a2111d0f3ec3c341fd813222

SHA512
2a6d9bdf4b7be9b766008e522cbb2c21921ba55d84dfde653ca977f70639e342a9d5548768de29ae2a85031c11dac2ae4b3c76b9136c020a6e7c9a9a5879caeb

Download Submit
C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE

Filesize
650KB

MD5
72d0addae57f28c993b319bfafa190ac

SHA1
8082ad7a004a399f0edbf447425f6a0f6c772ff3

SHA256
671be498af4e13872784eeae4bae2e462dfac62d51d7057b2b3bebff511b7d18

SHA512
98bcde1133edbff713aa43b944dceb5dae20a9cbdf8009f5b758da20ccfbcdf6d617f609a7094aa52a514373f6695b0fd43c3d601538483816cd08832edd15ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4ad291fbf3c7f6139dd387c2c8a3245b

SHA1
61a5b9a8f66011d7f2e6f072b79e81043d1ff5b1

SHA256
95c3c4f826fe73de9c3a33e697f914cc410638d3c088f0a91f83c6a368001621

SHA512
002f790b5c51a4557a4add3e012bc26d2a333e29aae4d5db1a5415d239dfbe7d88b9b3ced9b80b841b5a8db453c5a063467ad7a58f558e0f34b7ef8b1dee1e77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
b8b90bf9a28970ac33246ac621fd3ed4

SHA1
be709d779f1328b4e9d55e93415e5ec5d7c86b9d

SHA256
07d9a44f1cb665b88be1d55199d99c45ffc2b159c85e62d7e64fb7110ec034cd

SHA512
51cce7712b21b2857ce270e22a1b1a3bf6873cbbce1235aef28a3322a60dcb5e546b10cdc76577456d12fcdece409178f63a89c1bcad396039eef2b3e44df223

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
6779d6a08910cfeb81840fe1601e630c

SHA1
e09d4f945c99328b28d19e0c1f6cc04096ea6627

SHA256
6bb399acb77bd32d72024f7af955c151b70cdf5245c804407a3d399f474722e5

SHA512
eb04e4614030df3216da5f736a102bacce7f53e21974cec0cd6e9e75b7164d176e6f723a8f69af938682833d5d05fe322f298811bd691083834adf5164c9bd12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
aa36183712c5600acd35d2408b3bfc34

SHA1
0fe0d15c87a10a0ec68e4cdb2da788877ce0e1d7

SHA256
daafc347a04c962c2e1c14046ed6819ffb7c6a2f538fae2ad7a952b121afb469

SHA512
ffb04c474d7f561f5c005a776f697a2b5d7ea85320b76dd0516c17bbd978a0045c1dc21155a54d26b2ba86cee68a612361a35d464da941ae7f879b2c644ccc41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1465ea8b80919d39d188f7889579e786

SHA1
dfa077c0d480b098af35e275fe8d9e80a07d5374

SHA256
7d2ab09f778b6156764a40f200e32232b74c1ca334a4af17d7f55f997229cbce

SHA512
a01d2c18c9725e29b177d5b72e92d5eb48f7c0271b124d7136adb9a4abb282451038eb5a25e17bd3c78b2173068c9838342e0a8baf9843c0ac311fbdcd182c52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
5d8e8571f934c52f2e1ecaa09ae9d0dc

SHA1
e7e3390431f2d52dc0942969235a291923696a04

SHA256
ccb345bd8a14eda6da0763d45e685a2fe306c02babe722ad2efdad20720493b9

SHA512
c3136a4553efacde85b0b5e2cdbbdd7260add7b00ea9c249de8bf942f5729e0efc82522e2f862e7099ec5caa2636fe3acaf479fb32499ba4e60dc86819d1522c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
edbbd8059ab27fb6b3209243d624ff8f

SHA1
b196678d3bce9208ef31ed5d4f2077fdadf391d6

SHA256
68f9b9a43312f9cbb3293d217764e1057353fbce3b0ded2426e70ee5f49a4ee3

SHA512
9da185564b8b29f12d72c8131311173704fe7e004a8ef3999ee062995243b99a27e5d1489221c72e69e1ee2857b42144c0b8a784f29e10ec5168dc10b9aaee2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
485185a7dbe44891e2119dc61de95c55

SHA1
1660c1d88dd0604346979b3a1e0656d8267dbbc4

SHA256
b23cd747619214cec4505515d994fb86b9e16e1f738c2299623b93e361a0b511

SHA512
02ad7c68aaccf493efcdd3193ab1f0b9e102dfa3adb9de4f27e40acbfd700db3062ac55e21a5309242866ce4b35699fc2eeeca7c096489223452cb4eed4dde27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
45335da45654b10980237a2a1c9f73af

SHA1
11a86318ce1224d2d51cfb386380dab9706f624f

SHA256
28192d4f06d4636411c898dd16e6614ec265602d437690a168cdccc8a5f674b5

SHA512
b07e175f7d2615f8c54bdc870af750835bb40d72652c27b5025cbb684f2b3ed91d9d7153863a095463c7a3b0cef9fb79f0db54354504c680a95b7ccdf4bca0ff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
c7da2bf5c6c9dcf02d081378e286ab3f

SHA1
d29f1c1929df6accff6dd9b67ea8287cf4a716c5

SHA256
1b85dab24e22c1634b30b7bad7f6ef4abd96ae08528f0b94a3a3747e3d5bcbee

SHA512
c320c1a468425f03162d900dc4b0d4f50bff15736bc79b79b10e9eabe15c5b138e80b1ebd02b70bfece9fa34e9e34be55402199629ff8171aad279929667cee5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
5445b58a75909bfbd834683b48e9bf03

SHA1
74be14b98f922faf7e92ab6454f618f95b1e770f

SHA256
07ab11c3a5f3b28897a660560dcc49f35edb96791e8cd93546be562c46fb7a60

SHA512
7c815f6f42496643ce07cade01cc9b72c81b48d76b0deefeaa1a07b81f91c3426dca1ee7acd585a6ef3b2f06b2c60e017a875905989aaab236d1e8ac91414dc7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
580da09704605407ac44ff4881c701d9

SHA1
216f890f5c9592b8521db02397b17e1a96588609

SHA256
43a7249c5fbf78c8de5cb8c21a53586b7a16c4370f55f5b4a3ad0732a1f9dd48

SHA512
947fd6effce8b1d5484dd903431959c0bb23984c175525dd3b1ed72b1181c2611a978cc2435dfa9cb21af6fde4a2818367f9bac8ec5d7d260fa7e5b8cfbe4e12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3693a926d5bd09868ad0c529fc8631e9

SHA1
b2cdd70ff52f05cf6c5ca74538cbf4c889ec3ad3

SHA256
cfac17f1bc2248920ec7069693b766db6cf7a341320a806ac830e791858d8b25

SHA512
8777a314266601ba4fe7a88af19dc5d469a3ceb646e0d97c8915efe6faa518b70f240d5499beeb768151b77c60299c4d2e7937c73d7e2d0a73f5df9e47bb9bb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
eb5d8a0abccb3aa86a9d2c4084162512

SHA1
9d13c7318b7a420bf2225c7afe08687a5ea8e2e4

SHA256
eac5dcd507bcd9e2eb3c12ae74a99cef1fcc46c9d695e750cd9b703f1d839500

SHA512
e44aad741c202a49dd2f09cc6ce6cf1e56d51f66b8c2b140663c3263211033980b5ebf5d90f78930aeede58ec32068a2904c8e0ccd5c61228a08cce3b983e862

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
bcf1749eff767b6e0a3f0d8e2f1c97d7

SHA1
ba1500e1c3c9420cd86c520069c943d40ef25f42

SHA256
8eeb54d3a40830e8e00b72f4f137fdb045b8310b44a16afe911b7b5b05aab5fc

SHA512
97f7c84b861ed4082d48634dd0a8d240500def2421f3c3d9f0a91b1d1c374fdd13015b1cb710f21d437e9817a1281cdce072134ef85e23075f128e3baf5d64b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
fa80e073aa1655929800cb1c0e6f18ac

SHA1
73d694fe68ef88d007b54b42f89054bbc6f91706

SHA256
6986c42e142176afc2b172d13434ecc3140d164b3df3700f509a63aeece71c29

SHA512
0b18a78f79143801069ed0c6ac7b536c08d2f182f7cf5b9db731449624867b520a2171a5e968d86b38a3b81550f5ebc7ddd9c7469a5e3e53abb1545f35c23c1b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
6ed626ec508bf67017faeea9d0b30a45

SHA1
5aa38cc74e7338ae224bb6416c6e984b07cff16f

SHA256
9a034ce1c76bb5b17d050e5dd34bc725ccb29e0a6f286eb6473d49166563c5ce

SHA512
2c489cc0b38051a6f9d57d15a558762d14ff1bec689b6dd08322c1c93e8eaa00eb3800f3f045f0648c11e4767a73806f24f6d21bf5755842718f3aba1e0a8970

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
5fbbb51d40ec2538134f821cbd605780

SHA1
b18b8b28a1cde479f7af3c48bc4630c28eb1a725

SHA256
7c257b81020b8edfbac1213703533d87df11a2151943d70c68c13ac4adf97ae0

SHA512
68829496d18dc5d16f4850801c76ccbf64572a39ab9d2d30bc68c067fc6ccefe2e69bb5f8563388ce67bf1a99d605e28ddd4981daa0b5be21dda7ffbe73d79f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
6da04832a96e09aeae966e401bbb199d

SHA1
f1fd6e6f21dd9badf801d6ae967a5db65e9e464e

SHA256
30e28556ebe22ae00232833173550f0139ec5df0fda42948fe2b5d1f446a4664

SHA512
280c706dbe6a1efec81c274590d84127048b106c3915429a1af97ba9298460c8e460925125a6a8c786004995b60e68d47a84b4f375d85dc46f5686fb226fcabb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b1ebe357aad8143026ef7759f4858b4f

SHA1
f12ae6511f26ef564a09b8cb38b25f48a98e130b

SHA256
9e60de2f469f6674a986eda2eeb1d352c0b095070d0ddeadbc278cabb37af3fd

SHA512
ae9f87090e4ea48979e91c896222d8db3d8a02d553ac0cec20b03ae9c5eb6f6c894d1565421a4e36a6cccc1daab7c57cfa144b6ae264eaa4bb4c19030acbccf2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
396c64f2b17247fbeb0d9a6bb6fb7550

SHA1
6ee451e1336060135adcdf1cecef7fc22110466b

SHA256
abba52f257f07379bcf14340f866a04b50680593880d1287bae764b4bb129638

SHA512
c57bb0cf9970e8a2188e6b4a4a9f2b7d005f017062cd0332e2c847f5185db73e0c6e19afae7229351ab91a6d4b3fc93cfb62e12f0f4604e5269ef374d521f96a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4a2edb20c51c20fa028fa3ce93e55667

SHA1
2c69a1c20eb85d5937255247aaefe34983c26494

SHA256
ddc64112167582123635b706a252ba456ede3a15249d0b1ad0c46f5026b76d00

SHA512
1d84e84df16aefe536da57ab28b6ac53ec9b0ef2510fba13c4333838a9db155e5183c8b481a4a956d60ff0379004205f69472797f07bc87161421f3ecaab1abb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
b6cfcf2e593a4f0b7720aa4fb43a3841

SHA1
c67bf7dfcaf256880f4086b4e84437a504337647

SHA256
93b7479eb56c8ffba2a902eaf6ec4f55efc029c6522d0c1071aaf4abe31d385c

SHA512
c4b2e5c3e966570a44f99bb14def9978d645be620a55920af91ca8b373f5784ee72b3378e122a77a12f23b77981ddc88e278a45f64d21c19a9102c4b75078fc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9425535382fcd769d1e41cdb07315675

SHA1
ff951abed27e0fd256df6fc1d29b4143b8c6ce0d

SHA256
b97f17dbb2d96ef0c7af64a087a2aac49c9400f39229d44d9201680d699822c3

SHA512
731a2662a889a05c5860d6bc7b16783f48c76eca72d167957cce1455b757d06c557b0641215e03bff1624a1abdb86fd403efd3a5c4d1bfc919b64984f8e91869

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
1c0a722a347de0d8e66254a74facd5bf

SHA1
66ca7fbc198e4eee63e9b87f13b153de63a76fad

SHA256
456bb40b70d7774da61f0760292778d92db930ef3f5329021e01e289f1eb9bdd

SHA512
47f71c05ee308165f995844cb31abdad48b58adcf9938a91977c2e31981d3e2feb5614c9a481ca0ea007098417d01f64d2a1d22bfeb3a5b7ab1033754f30a2ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
f9deb102691d4fe6087aa12700c5bcdf

SHA1
60fdce592a438aa8a6eb6e67d1fc2c2ec574ad63

SHA256
9fcbb94b603e4a71f672357b571acfb673821a5e9c6f64115c1e8c5b33d6d0dc

SHA512
b77810c5960a7db745e8db93d11c9e63b466d61e606fc0b80d7838097a1314dc7ebb835e4b893a41010884c08a06598c19fcb835b8ce9d1a9c3285bb08f17587

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
8f9b0c9379b2353ef3be7f6fecf826e6

SHA1
cda556f09874921c68e45856a5526879c6859be3

SHA256
47be9b4c490b3e4954b1235ba578fa210d61195b4e7a8c59f03b7c22112191cf

SHA512
b00660f9ed1c2b1f3d60a9cb6a399199263abea6b1db21aaa52f316c63aaf028b13d7e0a23b8a3e58dd33b279a7c76c7606f052fc426b373bb5ba01751c4e35e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b689e6bb65aa134bac32203a7e2522b7

SHA1
7972a20219b7dcd42e072d7f5395c19ef6d4f6a2

SHA256
f2c99e0c48401ba0f8d2431a32f58f4552ddc2079fe18d3ccb3dc4616b43bea6

SHA512
2eb4c2d63f76f12a6f167fd77e5643eb7f3c10b78c53eb3a6c99fc0231977516fdf3c7e8c936589b5cbdcf3dfcd179bfac80b533ef21a7d9578bac66858a6028

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
faa562a4c763340a952eb4cc104884e3

SHA1
919ec903cd7f58484ae3e5c770143cddc08a8e0d

SHA256
e27c6f0fd242355d3f99c14c583a8d62db96c86d7f56f470c16f2fb80a187e69

SHA512
25baa8379cc5e2e7f90e8fc4283fb1cf9e8d88ce01554fad210f698b08a41fed55ed48f1952ba69379066d4a8293bf284c4f4874b13dacb1515b488fb7fad4c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
3f843ebd2c378c591f8d5775bd9f2305

SHA1
93368b3314ef89faa91ea4c50a20e68c9968f4c7

SHA256
33f86d415e1276cc89934ee6444b752266012c0ef50428f219cc6a8e90371af0

SHA512
ddab04bd134566aca61e3f3f511d24bca16080a9bce0f9633fac39c5702ace6bd503713ad70e51eb8ac97310a81032d0c0e1eb2f521277e45b9d6c0e6ef29f7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
537793df5b8601501188b82800fd4100

SHA1
cd620e13125d6f54fc6de71e4e4dbd14974a6273

SHA256
71ad159585c31a5de067edaf4543b80f034f65bc79897e61a477b58fd5efe5c0

SHA512
4bf6a56980a120845cf23d299faceaa322f492c6be9c75066117db7bfa08ee828ac96fc1955c5399b81624075cec87575f47b09cf97595c86fdb361376026771

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
493901da38dac2ae9af58d22dba96759

SHA1
b5fe9f50cb509f1065b12a74ce2240485c4e1416

SHA256
58b2c6c3ca22f3bd8388e3d58e04efaeb5f6a85af048035807b593d565086f83

SHA512
e72f21c50b2455aa4500dcc470e8370c3b54735421d3e2884d85a2cf0c9eed948344c6980e344bd304b34e0f9c0abe185ee09bdbdd1db4a7b734a2503e65f08b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
2759ecd7617206e8d12824f0b9c3a715

SHA1
dcb0291ece77d7512c73ff0662c0b9844e138abd

SHA256
6b637a4845f0a75a0e813041b76d95728ab00b67eef54627f77f54bf7a706679

SHA512
4c46a68513e0a34c2ed8b81a40634d8064ceaaedb92360be325a4b0f3ff3b012390381ba8f2fb38706033a6e7b6e5ac891c76a8e7c5df5480b20d6346ce9bc34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
9389dcc529c4b916ab26b5269cbfc870

SHA1
b9fb634a3256d9b505a10f22c98e91e945d97240

SHA256
f6a13d780c1e831719870d0cc232eb1a30a4f3f441e38ac6d34e32c6a580d88c

SHA512
78f89c654e9e61179a08bc7bac8a4ae8181850e307644f3963a706b039d8e809cbfad092b3b7c18457abeaa191e84bde9c47c59f5e3b995d2756d97930cde30e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
3bd97697be30d26bea4a4a4db0ec9d31

SHA1
af70a0d3bb188545a1ee4322d2c73165364bebee

SHA256
6855713f905a227a8bf90e0501ef27145aeb817adbc7af1b75805128a7cbc9ee

SHA512
dd36a0a7770c3c9b2640c97a904a2bf03d2590bd8392069c1d0164d49064bc642aa29866206d81f6d13c03c6ca7a0c33f7c28bef0384081197164087c00737c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
218a0b551335bf30109de74ca0908fdc

SHA1
e5b3bd9df337509005b4f1eda6a1aef2ea897fb9

SHA256
97f27b9043e7a674c06c9bc1ee4ffe1f026224a7e75266980ed1af7d167669f3

SHA512
6bf678263d3bf3658149ddb3351e242265ad024389cdd42027a05957e2ba35c3affdb925b1ca1a3b8fdc16a804c4f79432f3d0064b7f79b80b746b7bb3c5e6bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
f5c76b73f2bc74b41e1f31a2f27b53f8

SHA1
cd7d88ce691e6cefb01f7dff84f55924fcd211b3

SHA256
3e4038c20d158140d62bac27b26871b68e544feea3012ce7a4e6e8c699560139

SHA512
4211ab7febdf24fe9b66fc6e2a17bfb0e1b52d9c0c9dc0011cbf868678fc716abe79748117911598de0dfe9523649e4e3c75522a2323f26aa81f963838fdc976

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
46ded00b8eb243026fe8c28371c2dd22

SHA1
6f29b85848abadd12586f5113b61a897c3a7fdde

SHA256
2d522bf0a5a6f7556aba4cf88082eebf25cc77b38c80c995523259e355c8276c

SHA512
3616d4a530dbd22da91a199a6c536f3b61f98093094fef21fff7c4fcc4aa575d50f44530a06f8ca88c734822d4fb75874a1ebfa729dda6ceb06dc2fef73d1503

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
723B

MD5
7301095b88e445d75b0e2f409ffa8da6

SHA1
026d776da1b4632ad39874b10995cbfef37f73ef

SHA256
f85c3137bccc030fc160c23a48444f55741d5aacaebdcb20ddc5e6eb3098d6ce

SHA512
38a77f029c820b9f5bd9bd75c03e7a1800a362c15c3a441124029639468784f2d6cb39fb6176a53bf219ae1df44ad8ff853b4424375328c5ae6e0a111822f4fa

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
74a1ce9324d765676a22a7dfa5e2c8a8

SHA1
cf11d08fcbd9f109c757b47e1a2e9f9fba9cb484

SHA256
8d478421d405847da9db717e320468cce8fe8e50337848ba08405733335510b9

SHA512
cf7d3181eda2e7d296c544c67959355c52f146ff7253048da6a4996900f2c4820a10026d140d6f572d8fe1b06eb9359dd97cda1a2f9233a507bc8c2c55e61e46

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
595a96323532afd8e135222783d15622

SHA1
9d65a6fc5f44ac184585d085b943ee58768fc29c

SHA256
3f5f307fd748d844c2c59666969db16968f135f84a2a1e34c0c4aa96ca52705f

SHA512
8c4128bd1fd57ba0cd6b0ea9628792cc54bc7daea266a30b7208c8692d5a8c782f663c930637818ac3b006ad5ebfe98c4debf0c39ce8aa6e055155496ecb077e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
a9b272e5a9f3a5793182e8fb64e77d22

SHA1
b240f8736084c5e0f601c34ccfd6f71c974642bf

SHA256
ab89ba7f9d56585c8c734e4bba987a3c05d91c7f7b97a3f795dec174c1c5a465

SHA512
86fc7741435df95997a1af135980545cda9c7ab02eab0b95521dedf462240a40acfffb815f04caf51990205cd3946c22b837e2e19595b5a411ed31fe653690e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
590eb34797be23b6912e4744ac81bbaf

SHA1
ac45a65e2a4c88837159f0f03b25616284fb8afd

SHA256
d545b03526dbea5a36e49709796807fdf0b4683a234e50233e24fabd55bd9e0b

SHA512
621f95c5ec28aec7e79b9beb66688c34b4b6e893453e0a3a638dfbf211f44ce564179185682434117be5a64b026298eef448b8346509707524bfc016ede2a36c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
82eeb516819ba0747594504cf7212f80

SHA1
96ba7f0e29d211b5e5013d4a394b807002994849

SHA256
dd415b097947439a403073147e3de5c48ef080dcddebc04c1ebe1517cf883bc9

SHA512
d7bcf1266eb03ba90dc785dc8869cba83e50fe8d0603c76958dbbde20180f60f25077ff0903ebb15352fb165a9fd9849b44d125756dcd33b7b6a6750b2af80a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9b362ecf4f0e121f6f77a285076ca01e

SHA1
7f1560f8298760acaed08fa04fb6fe7f4a10c583

SHA256
493e38a86b112c73c9f834689e4e8ca00233725c4649588eef86e5e0918e6f48

SHA512
dfcf3a1a0ff78d10a1ccd57577513e54d0de10960c087aceede8aa422240fca9f9bb26763d423584793f77fbaed0e6846effbd7d353d7fe4667ad6f1a1344dec

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
2f0fde512ca2f8d60f58c1c369c892e2

SHA1
857497614754548356d5c4d4c1b2219dc047f23a

SHA256
709e935cb26a19640c65c5ea438b60f67dd1213162da0affb37065e254a0c5d4

SHA512
e5829b43a4a9d94cb28476a98f59d958d32bffd05cbf94d525076fb4a0adb129df1cb5f9fccf99ba85f15a52b7c8dbe5e0b0db2a7ad340c0e66b76df323c10b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
d545ab766162732f0088ea80f38033eb

SHA1
b9870ad3afaa6e352caa93bca8f0c0f9d915a077

SHA256
43689be1d0675b3870e3fa84e550e92a2d06d117c5e4c74e0e90287e8deaf134

SHA512
619834d4fbdf9efffc0522f32f7f67f89537eb4be393a33e696337e26be95b89e643d873d6f40cce77c22a889a09675bd81187d44e8ed4d1d8b8d366fff0b3f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
5a154daee1a6a5ce2a0e2ec2c9d5cf95

SHA1
c0213240d9ff7544c7b4dc3b978c5c800c22575d

SHA256
1bcadfec7abbbe4c46f5c7edf9607fe559e75a85c4931aee963d1d34966edeac

SHA512
d369c2ddcfc401fd74a960747d5e2e173a985057cf7eeb7ba9725849a9593e77bf79cc6424426e0db3f12bf7f68bf101c8d9774f9a107ca7387db13b3c448f69

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
8bca79946cded0610f00afc09b1c9f78

SHA1
c7d277323003102ec94a46efe040e8daa386ac56

SHA256
bfcc343a876891dd7b52565f4d32332fbe2d020f77f8682dfc000b843a8e1226

SHA512
b72599bd5ba968e7b5457f90a0cf4b6cd8d3a85dc708e6e36908a6d73996e3b9fc2d1537bdfcf6efc50616d50d9cec3e8cbb50ff6a7160042d727ab6a2c3f0ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
0f2d58e35fb1135137106597bde8e483

SHA1
e45c62e560148ac1026d75cd687ef6899fc8c89c

SHA256
5c816a614045d2632a646b3ccd3f087a4a9be66527f241ceab2390406a4c10cf

SHA512
2efc35b337f835b13abf6f5c791833c81d34d55dc22743c8dc31b183779029e352d51edc65091b8a5645f990c5d81d3f43a56890bdd487b0a12adaea893d1e7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
17b3058871efca2eac754dded6d101fb

SHA1
afac1e44e7d0f9b7c2918e5ad3494499fae73eca

SHA256
5b44b125949c5d6c503c3fa32368d35e0d5d7b490e404b74afdef4637792e2d9

SHA512
ff6584c44a86c5e506ea30f24512d8d7a02c38522d975ae422bb9babddfd9dbe2983adce9e924458536abfcb147da3ccdbdaa59e03f1e8e4972583d9464d207d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
9e8b5c96dbef1211347d3db20e1fd768

SHA1
6213375fad416441d58ff281860b15cfe49f38cf

SHA256
adf90802d28a4c5e2d61022f66558eed128e3e9dd72b6a8d570f5c59bc336fe7

SHA512
5b26c508722f3dc3910df3d709c142cc354c323bc319201dd302e14c24414bbefe3f2dd9bb009496a0b6c5dc4f8b650776008b25707427787626ef374362db80

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
db368158f0252c01af3f70e23163fbab

SHA1
d33c3e9eb02d9c0da8cf02e51c3054a1ce0a4f26

SHA256
4ae82c090c24d17e7f3592a3d30530fa869bbc926101564266cd49de6c849dc4

SHA512
4ca32277458d8a3ffb72c6fc9b2b65b072926bb9d8900f909c39f39a89cbe4a504145789cc861f699a4f7aee632e577767b705651f1f593569fe6e69f93b9cbd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
4b9583188824ce8cbd3bf118f34f2f65

SHA1
bc019fc20414bd4466b2342b6db83f2ba2418c21

SHA256
7d9955c71b8ccb382ab90b4616e14248aafe7733f9db6490463a06f9143f08cf

SHA512
6663205337040d9ee0b201ee88016df67d5d8542fe3811a7c13b36e4ae049a4a2331f11c2b813674524cc7399333b5a6d4b3824283aa74a025673f7d5c4a025d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.RSA-1024

Filesize
10KB

MD5
ed127a8a5e5a13966d3579fafd4335f0

SHA1
a4a8f7807e8617f7b10bfafd2f4f38af690d890c

SHA256
9f1c8b53000fdb9faf3e6a10a16188ce1c8e39c56173e57f394d158da941c2f7

SHA512
c6bb7b9750e986d1cea37d5f1bab57dbf923071ac2e1766695d18cfdaf77d1b720140659cf388407a336f9d7783b8fc8d2d08837e77cca1e768d464d8353b702

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f476f3e7511cde5d181c75a848847525

SHA1
4235772b66e7aa61a5013cd807ad7fd59d8fc51d

SHA256
ce6cb49652f0b1c62d773a8acd1eb3bc007651039c8c7e085330448e67203fb6

SHA512
8f76af80044fe144a0abd98e00bb36f382b7fae474c25a2c9232800a22c0e9d693c40e4b6ea361187fd0f1ea97429a9156357d7368403c56b9d7d9fb2d8ab157

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
aa26daee90a06be3ec1e5569bbc3b58d

SHA1
4730927861dfbf17f6733bcef94d5d4250f6cb61

SHA256
1de519a9b8181476de1c99f278e1effc05a0cd2b7d177e524999bbaec26d0e25

SHA512
7e64496411ba62074a44d254c6bde05f96013859ff739fbaed5e299f625f542b2611370615d600abfc003a28a59fb0a551f0e8ec81878e33d45589e501339f52

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
86139b6d0c60336b7fb2a18a665542e7

SHA1
744a71cf9ee0b2448a2852d9b5e2de2d0fab45a8

SHA256
eec7ef9a51c4f14a5c513b829e0c2505ed6bffb8b9093e5e3ba1c4c5cf98228f

SHA512
84ab970331a34a2bf75b231861be229825f87d6fb0ad68462937550476d9bb8dea581f87dfb19ec955e220c346f2136cccf7bfd7225a21d784fb3982e65c69fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
5a8c45d04bf9c99d6cd4926691daec21

SHA1
e94036544361a5cc441fac10bc1651160677d5dc

SHA256
db6666586ccf244a879fd0a834d87486323d16b23ba0bd2055875829095564dc

SHA512
7f6073571f059c75285433ae7f879a76276fe603b5ab9605711c06409de6f9f4c605a6e7e7d6eedffac36453b4cc70d17d67580c88ae732fcf2f79bf02b09972

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
232aa1bbb2874ba4e8b9f86ae81aaa20

SHA1
216a736c680f03b2114a7048d7a65bd01952f43a

SHA256
ccc1ae41a1d784fad54aa6b711f0fdf4fc771ddc262bbc4da7e0cf1706c5f302

SHA512
7e1780a9bc15d50835f5be73c886145f297e05be41f508ba8cc64cd25455e8c344db9e54f261c6329e2a38f208f435c45bba27d9f306b806a2b6a4e954b98b0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
7d576e2e81036c49964e479d28a2746f

SHA1
e8a543edeac56146976ea41ad4cf1da7a95e3bc3

SHA256
720b5c6cbecb28472d1a2ff0315d26b72493f8b5f68e197745488d32762430ec

SHA512
a4f498824d1f2c5af13abee4ff75da1870e13fb6e9017bb956d1233a9cc664e329580556aae610fc7c61579e2a94af4225d94745e6da8a6f94d3992e18c161c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d2d01156883d5f43ee3784d52f96081a

SHA1
064116f96fe8f8cee00e971c1d929efb878f9219

SHA256
8aacae5eb452cc52f72facf54e82a5ee5a52c56034649f4d37786eb2c28b37ab

SHA512
3781c007a9bcf94ea4b7d998ac42acf10a34bdac4732fc93b666976869845a74cd29f8edef4891e7e0c85f540be42f83456758a1d55b19125dc9b318e11b6863

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.RSA-1024

Filesize
1KB

MD5
8ac90f0c78a816a858abc9d70893eb14

SHA1
ff0ff437911fca0945a963c8bd52c41f5c3dc46b

SHA256
e621e2c66d5eb0d0f521aa7511cb21690fd5f750aeb6662a9610d1bc1c517799

SHA512
50f2f652f25b94861dd3ad6b395e9feaff25c2f38d40318dbb458a7813140b9afbb32a66a5f20fc337d30a5b55854f903944302bf16a72a560c2d1835e9f7c6a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
556d85912b7b27b8defa2914fd733839

SHA1
2698135072768fad4ce567e5a3f593e5d777e3eb

SHA256
41b7bb6120ce33609eadf1f540b5a7431287dbbe665328336c320af3f0519e81

SHA512
b323fa844cdd0b9b35326b4cd006d7654305b79d2df08a4d0537336a88e8b17bd1928952b07b17bd6a2235d296aec4241f96da8b9c42418074b5cf673252b539

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
67c81d369ae6d1c103a0aff86826589e

SHA1
e908368ccd31de857c0b920095fb593147af75be

SHA256
261dfdcc45de6d712c0806c0172cba5b01a3283d4faaf6da5ec49f63d6ad710d

SHA512
b957715435b35ed13d7638834de7c8bf0a5d3227539e91706841c3a7ad905cbfef2acea1fcbd1131adbafae378de183264b6164bcb43199bac9be2148f80985f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
1432d3324f8dc2b3ec46d1bfca54f0f3

SHA1
2f18977d79918699b42951ebe3f68b0c78e4621b

SHA256
69487ade7a9aaefe80667356bd982e78e291f490ad97b9e5fc5450e40ffd1cbc

SHA512
39522d1feaafcc54caacace21bb068e7e63a77c14c2383f332bb245ad08ae40a9544826e24b840824cb4d28362e49aed0daea7a7d6eecc35331bb3f0d795dc44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
5d4491356e26b6439025b633afec299f

SHA1
3aa0dabf1e2ca810042bfcd80ba61a26f86c6e25

SHA256
4e4416374e389505c623b179c04f2f82bb0b8f42b0deefa1e8fcb5e82e7e0806

SHA512
4ddcc77415af1c64cad9dd96988d38a43f34c441b80727705c0d9e33406cbaa63d04f7f8c455b3a8c33c16f058e8edca371739100e657f9ea18f00bf023c8d45

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
b4cc91c808cdd671a80dc59f624f43ce

SHA1
ec8a724f3c6d326ad7fc0df2dacc30528d7d5000

SHA256
5cc192d11152e73cf90c83b1389ec335f3bef26c6cbb720cf3829c18a7325f19

SHA512
84adcf91f709e3108af3d8fa4dd8ca5d5e4f7c67dbce1a5d4844be46ec463323dcb97185403ccbedca6ba06da302ea2371b44979cbb7e0faa7d4565fbd8f3e3f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
9c24b5e2cfc5180aedf37da90f02109b

SHA1
8b07ad2d2d8c86de94693fd43c86c6e0ce1bc41e

SHA256
c9c66f8aaee9b4a727e021140cb4bc52e9ddb42e41a550db4782657159c4b6e9

SHA512
9e64e1d8e8cee4a0cd775d56493a6e6040dd394a48c5161cfcf069f9be4ccd70f947f85ec546c6308516ad7ba93f01dd07c2e58b1f33ca0ae90a3150aa279429

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
f37869c432ffb2330bca7c5e774ec722

SHA1
0bf02f5676adc88ba697db94bf6756b0bf03c420

SHA256
fe2969d23dd94f7452d2d50bf6225a93ef142fa42f2f614cada5152bb451fb4e

SHA512
d2f2b8411a581fdea7eb81b93c446c3f74650d2fe52ebba0901c484a02896a4301dedb9e500b2fdde2ce0ad83687a0e59ec506047f44c3a0f74cd6a081761f88

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
d7b55801181ac9da4743b2c89fab598e

SHA1
4f3c6737fa171ac9489a1ba55e88cfc55fdb8324

SHA256
ba42e7653d63e7c70e0e52842aa0744c15e0dbb3ac7a391e15f1836974a369a6

SHA512
8d12f91775c101a65abb5ba3c18f2003d0365e47fb69d3c24b8c18e0001e72ef624a51252ef2e595d2615871fc8078c79b3c651f32fd35a2599fdd55c6c52599

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
7ed38bf11aa6757deacd6958136def6d

SHA1
eb2ee3080825a40322f1a9a0c65b15bfc3eb3c7c

SHA256
122ef74230fe6c7727a829fef7129714ffedf57c27030588a06c8020ee3ddb5c

SHA512
9bba5a9e66f721563e91cba824494561d1bdcf17275910001c83ff56ac959cc4a71cf3d03b5101b7d1139cfdb1d9c9da682ec21588c01ea142dd3914f57ce57b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
7ac03c8b4be6f5948b6174ee36f95337

SHA1
b2f710c273f2d0ab866aa1e487ff04a2f79c4603

SHA256
a2a19d4066c76486aa14d6d0b336580bc0409b8a854578d1cd502e9340bdd959

SHA512
6685fce93da053ef28c7d78702663b1bf910670455d5afab2281db0d33f78b12c434474a7a4fba12506c55259e300d555545cbac36d877202c4e703e1f53174e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
8f6166f806a576b1acda2194f249bbbb

SHA1
e4cb8d9ac77026248de55c17388f6fb1865951bd

SHA256
af6a7796d68869c9b9712e75db96951039709c39322a20fc74c4e4d734fd2055

SHA512
5381c23fb017d96a3755f3735076c01f8d11493abec271cba2c0811bc70fa789fe0a3e029aa1c6eb9bc833189638de97ea7720074264eeecf32586d8cee75aaa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
856ba4a4714dfae68620e31c0ccb53dc

SHA1
78392057defcc5990014c55c6d319ed94228b83b

SHA256
226f843d929c026197567174f186c93a95a0cef7e5a085caa1a5e0e9ced7c8a8

SHA512
766c0cd6d176e51beb6cea61c39e01b9c5bfab8c9047bdfb37bc8870d86e73604f09b2057c8300f5f40eb61e9fcdc2deca04138486cfa3e0823ecd56f405429e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
9e1bee501d095c535ec80dd501efa63f

SHA1
deec453c4e48fbcbbdeb29b96ca046f1d8b2b4dd

SHA256
6287a6ec87ed5266f9ce0842afad28dbe2553a0927ff8e31df73ace327fef8f6

SHA512
d8acc490fea9003ec6efaf6e146115e5f8c3d6a81536221241d9e3d2e4f46fa8024ecbc4e14d0b451b1b704e68937a656c30254e73ae53125550ca14d6924fd0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
3d99ca98d8c1d41df4a9fe7a929a697e

SHA1
b1aba7bc7799846ef7bb0792955000a8e7665803

SHA256
93fe5b0928395a1c2b3233d62f92af09b484394660ee62ea644167af84aa77dd

SHA512
586adaf41fa6d87d3de9c66ca7374ea67f5ac2ee2dc9e19408f6ab9b5c6ac1146389f8bd16f2b424c19beee0f96c37e6e0bf3c9cf00c7ecef95603ac08493fe4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
446a14bcdc6be585bce59dad2543235e

SHA1
c25faa9cbfab012e834344370bbaca0fc12597da

SHA256
c347baedbdb55663a712f455405fc7a82fd754bab0a31dc66c746d9ef5821ba5

SHA512
e1fa84611c1aa271a70d524d1e24f2af146b3ad4a71de6413e0e41899fa64e0467ee99cf2c3b31a86574a97937451f1b400ca490a785802d6058d972961af2ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
4ec6b78a413f49b70bb024bf9468ea32

SHA1
d973fcc5f85af0bdcfbf4c5b89d9dca39ef5af4f

SHA256
fa8922afea7128d7cb8a3e1921ed6888a1ec20c2ad4398da6fa2a82825beb15b

SHA512
7a3cf9b8d23d2b8a6d365f358776b63bc756555daa06bb45377a6f737fc1bdc057c4539d202526a6ba75e1dcbbc41fa21c6d980cbdb7425e3e0fb36ed919fa7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
685b7c9ccf3e906d9bffa26ceb578894

SHA1
f8d56af3da846e82ad0ecaf6e62048988184f554

SHA256
0c636fad915806e09cd607e7f34d5277a91f272dd936c28ccee5c2b8d774b66c

SHA512
4b463dab8cf5d783974114f5b67656d8718e0a34a1d4ae77dc992a6ca2fe2e876f84bc7749bf59f66224471a1930185321dc72e7c7180649343b8ac3bfca9c7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
c5b0b8c4f81cbd91e0567d62b5c7d7d1

SHA1
f7b358a5f5cc5a67959165dbb81ef17838cf8c57

SHA256
09ccb42babe392ceba109dd07755b27fe3bba80e3ad60e0dfa404bfd23413bd3

SHA512
be2197b2841450a8608d70a2413738bb26e729b95fcf6e9228a3e177e128d1d8bbc2359db874b6b183fe6ede857856e5fbbab607a1f50831c66dac8b3f9949cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a64e8638a9f721da91d3883259eebb17

SHA1
e8e1eb2f34db5a91a604c1b199bb987cbac47f38

SHA256
b205c78f45dc5416eab38a95d78d77f71b7ea61232621fafd8210e60f56399f1

SHA512
a93d1251081545b5a65adf09509d163daaf1cf9dfa52c0dd50400dc837a0d2045b05fd24f361f9dd3b5752211b123dab30f4074e65478df2404005fb9a6a59b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
447e2baa4f67cb93b99d43f497e0a30b

SHA1
9297d8defeafe9c861818364524fd239ee767284

SHA256
45f2494d7203572a8a6cfdb2d58061a2d23f8155b2c6833ce5606f8623b7eea0

SHA512
302c7ec9d33f2c9e6f32e8f928abbc40918322987fc14551674552140601afd32ad1757b36faf514ea24fc7722755d8dcf0f04f8e217a0da95b74ffa5b7b0a15

Download Submit
C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\ONEDRI~1.EXE

Filesize
2.4MB

MD5
1319acbba64ecbcd5e3f16fc3acd693c

SHA1
f5d64f97194846bd0564d20ee290d35dd3df40b0

SHA256
8c6f9493c2045bb7c08630cf3709a63e221001f04289b311efb259de3eb76bce

SHA512
abbbb0abfff1698e2d3c4d27d84421b90abba1238b45884b82ace20d11ddfdd92bf206519fc01714235fb840258bb1c647c544b9a19d36f155bf3224916805b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
5d10cfdf14975f36032804a3325bed82

SHA1
1dae1eeedc663d443c371f110baf965debfe520c

SHA256
a32aa034a71e1cc55a7a023bfeba4ee4976eeaac5ff809f38b272312b6cc3200

SHA512
8be0922ec3234294d404541249fffac7bc8079f273da73997f248c7c30491b8ba6446de955b7bd52cd304d8b6330ee97741ac1e0d791d2dd20760b2a4a225794

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
a3ed6101ad05bbbcc761530320139a3e

SHA1
d43e6c47eb04cf9dd7f0eaa307360bbef012c332

SHA256
6a856967d3c6409607103eefbf7c49cc93d9f3b8b8af0418468445750d9743a6

SHA512
3941ddb611018df4f6900437013f82be07576b88c40a645b94058b2d69ec600a75624c7aa26f904d7ce48e9c6924ab3f604ec49c79fb4751621ec6214522709c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
4372b81d78e4d41be31ece2536473968

SHA1
a0bdabc0ead466b592a0e83e0e0903a65dacfa15

SHA256
5f90d370b40586c09144284553dc79cf1230333e6fc3a7677f496e7ba5325a8c

SHA512
7a6464f1862cfc1d6b84a7a2f82f493bd8aac14cc03ef633439f120c221dedee7af1a57018d11c1bd6ffe2dfe25d849dbe8523c713f9fcff9f637a1da1a31eef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
6ecd3e05dec267070731c15f8f8e3afc

SHA1
4ab29594c3c7ee29f7dfdcfdcc59f00dcdfdec04

SHA256
82df64579abbfb1df4c3d9c19b48b699881e3b40eb8abee044a4f40d390ae5e9

SHA512
4d281e3cf8440dd740d0ba93429bc72ec2fe27da6a79e891510da7dbae2979b5cf012fe39b4d7630e86d6df88fcb476b687634bcc5ed3c488f724db16e33de37

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\bwin32.exe

Filesize
305KB

MD5
6c3bc7a697c564a965e01402285b4543

SHA1
6b659471414b42cf6d543d105de6cb4742cf3424

SHA256
f5d6d3b42d1c0f05a7528cca053d5fbe8fe7656050031cddc9a3a3521f0b82a4

SHA512
e4c49b906c2540c9052223379aab2531cd868aaccc62b997af1e956802a7cef83e321b68d41d3aaee4c47071fbe533c8f1aa4422d0d5fa9376e317da95bf0a11

Download Submit
C:\Users\Admin\AppData\Local\Temp\BE10.tmp\install.bat

Filesize
261B

MD5
caf576fd184fa7521f7ce40848fa5799

SHA1
281f35bb9d5583b8e5a767b3d0ca347fc0f75d0d

SHA256
17571d6e267f2ba051d63504c84fdc80e29e5b2b6cea1f2f5b41a31f5dbed6ab

SHA512
eaca9969ea4e68e537c2364a0ef438d7e26450cd6d5ca7f84a1716bb576ca060b85680531214dcff47fa3a1563ac04d5e9b1e213c98069b609b22b2bbf1adbbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MAxPayne3_licence.exe

Filesize
5.2MB

MD5
59cf2fe5fc4de6ca98ea1adfa9030ddd

SHA1
9ce5cc5a0d06984d2f7a6de4adb95fde898b55f7

SHA256
314d5eb3f1f8b695ad3ae30d2ed509d781c6ccfbed7f5758e63efa308505d0ec

SHA512
b5a920d34d7359527fdbfd226cda7a8a61936eea1db74a60dc9a095c73a67a4f2d13ad056e7b26bebb654dcefd404f73ff4405772456a9fcca3d1ca03c0f0d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\bwin32.exe

Filesize
346KB

MD5
6f62ba2251f37f4d75f132a3aaaca878

SHA1
699688669e0dedda77dc1bf31a1bbc4d325d1631

SHA256
afd132df79bf177b3bc4e1e25bbc180201328a1113464061d26187efc675f117

SHA512
25a703bbe1b4d3df94e3b84252d3107fd95a6a7f4d4ead1cacd18244d566758b9bec6e8031e41b723938402afaaff5fb427e00cf8cbd1bc5dae2567bc865147a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufr.exe

Filesize
23KB

MD5
19eeff783ffa7c11692992092d732e42

SHA1
90342c47d75e5b3ecd09ce0af8bf25c0570d4b65

SHA256
97f3dbfd41584eae285de5d61ee924186141b6a52f0e6e3d1d56683599253d80

SHA512
4e7d7ee9e7c526e9758f7650a81178fa235d9c3bff8022cfadbe66983f581cd20ac557ca000cdd26232510e060082c7ce27ab7b92f8834eea1ebed11e196dc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufr_reports\NO_PWDS_report_16-10-2024_20-21-00-6D7B77BE-HGNK.bin

Filesize
1KB

MD5
cc036accc8b2a961574c3521eb96619d

SHA1
1b41617f2bc2a4ae8bfcedddfe9727f45510660c

SHA256
f5483a8b5a32d8f915d27da1dc097692b7c318ec14a2ea3b308b2782b83d451c

SHA512
650dd386043b944fa7033a9402bfe74449ecd87a500a536ba5e08aa306762825dc45ca56ea9350bd02af93402d1e87ec9115a8e46466fc6b758e03509557d860

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
cf99a8b498f7845d308a8b44c6ff3df3

SHA1
0b592ffe58ded58d9fe5c0571c1a9f637022ed4c

SHA256
8c01d2ca2ffdfcc32f07ea206cd2f8bfd47a78f72161f52001d396410ce91f33

SHA512
ec060b72c761113c4b5e72f6483b7cd97c0472c934c1da44e3d7302111f232dd2ab3110a738b9effa4e9a574cb09dd829bb5c3fba6e0fb1e8cf30d4268ab48f9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
def7643190bf57060e7cd97b27b1f6ff

SHA1
a24c52eb91911dee6551edffccb2667077232838

SHA256
30f08d88c004f6a54ad68c618bd7df855ae157c9a2caf818002b78421701d726

SHA512
55e54dde0a249477e25840330c1b288e8b3ee3dfd65245d1f8dcafbf8286d50068822661a07c01bdc19d48d4bf3500d1a7795e0f5b63fec75941f30bf002754a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
d0c97ce19674bdab62229e2f725cf22d

SHA1
6c9e2fb28edd1978fc325135314e41edf47beab1

SHA256
d3f639272a91cb9db00a31cadb62f86eb9b040ed9e81a026255e49cc540e9110

SHA512
eb0ac8b29fa803224d04adfc99a237a79827cb561fdb97e1901643a5389dccacb90d1225a0556e867e0fc00af319c161417802f540437b223ff1b8d70d903b7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
2053a116fea458782f801428c4577d27

SHA1
e0a5fbf47acd205370022953afdb397f4d8829d9

SHA256
e5faf54ef321c65867bc93b5203252d69372029d992124cc7d7c586a30d5d601

SHA512
db170a1591e0e10d0cdb0f5ac098b069fea010bd74a47dccfd4c44fadb4c5cd277da259674e67f2dda483d57f63cbd309d363887b3ae383236346c368dab339a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
a1cf7fbf3092eff70f513e1055e88a09

SHA1
5d24680ea943ef73ad9686c09ce19c26d7eb9a80

SHA256
c041844ca8aa6436c55c285b7cd3b4896ad49d66e6b8cf9660821f6910308d4a

SHA512
1cc4a6af9d7966f2e1194dadf0a2e3b719407b38a99a962e497601ed342e0cbbee153814226ef5e947d327843cd0f1ee99305e7e3e34e6c49a77377f07c21e91

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
72f3c400ddb4b6dcf723fb1d763ab189

SHA1
a3e7e6e71e76496aefa94c30bb0e9871b25ffdf3

SHA256
c7c302a74123465aa8ad286cadaaaa777ef1d20adfc3de0ada562f1a988c44dc

SHA512
418ea01cd08d9dadc9d0a5f185729df4f0ae8ce7442fc7214955a932d07257bfad86e53fa377ca4af6901e625852deeb21ed6accfbb3c2874f3579220d7da50b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
32d691af789f67b85c7ea468ee63ab91

SHA1
c2f5d21b61b3dc0f5ae1a3add0362be75cd8c0c2

SHA256
f554ad858dd8376b4aa04f16d9a29b20af1674993e77c0a785e46d33548ce899

SHA512
fa6751eb0a43a0efdb58bdfe242f15e6734301b603d07bb8861fb8941fd0ef398ced70d1ba2af1c630c93236cff5fe69229a9d2a1de6759724fb8e37c86579d7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d06ba22702d36709e6b9cca17c37e126

SHA1
bc2d4bcaeace8aa2b2f42e667b83ce3dd871b6f6

SHA256
aa94dc44d50a979b6be4183b0629dc7b2c63523dca1f4d83be9587eddba04144

SHA512
11d7b52fdb5b8b2ac977ab6bebdb138d72a689dd88aeecb788354bc24d77c60a0e9bf3b7ee63baa2f332a1574c6b560385daded22a9b1eea55b2cd6da28956f8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
01d3652eccda53872a4b29c234ee5e7b

SHA1
cc426e5f3cb299ed88ccd17efb341ebc496858c4

SHA256
53ce05a2f7d0f688f3fe3c136e9bcc4a20602a81a5eef65346b15c4d6279b557

SHA512
9078e6276f92a026aea984739d4e74fbbf1d8db16f9b0ca4bc9f3b47a635b06463219ef1c835d3439f7ddd908b12fb9d98d37a2d8f0f3cba81e03e07b363a655

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
e44a58a24e87eadfc2d9da4af9ff4a0a

SHA1
ee6f6f55f16000c1028d0027b6ac47b5ab8917cd

SHA256
c61a8b6f9cc9e803be4de93292bb736c96175b7a42e02d1fbbf881c6889c4044

SHA512
b69979fdf8f598e77d969e51c5370b2aea500530cdeb72c0c5eb82f06205bbc6a093d8cc8d2535dcb69ab13bcf4797a192e106e521a581134d95d37a3cb3aefd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
9bbf815e2efb3df23954fd919fd5f35a

SHA1
6f95cd334f7330142a040874558ad3fbd6e65e06

SHA256
74697da4850560c62ce48a5228f53a490d4ab2f42831d13ee04881b49a156eb2

SHA512
99bb776d9ca1be000b0f42f189defda85e0314813e1389021e44e68bec149bb2b05ad8a90b12c1fd5ad9d8dd44073fd6907fd3a25265c97f7921a39c60eb2c5c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6a65a1aea5c19d7a73d39e779ae507a3

SHA1
ae6c91678a37214c1a33a721b3b313bffd8352c8

SHA256
7a0f42337ae9fcae68a24804fdf0f184787c13823367410bb776c5a31859fc6d

SHA512
46eded6486aaefaba71e67c9c1613abaccecd4b37da54407d13d9d2db4b1ba62d51b14f7c3a0ca3a4b09aff29bdc7d4bf1c15c383583b2a03b4ee7aedcd63cdb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
abe80e7c36bffc392223980ee44e1974

SHA1
5fd98a69d022a0edcd995cf2d16718dc988fee26

SHA256
bc09e17476654e986d85c6fcabad97556be1eb538f9472e7b52d975f03f94dd3

SHA512
413d2efa4ce7071b511368844a454a53b2f1448038d40afdbefd7cdbea44a1e76b08c7bff62730d8cd4580ce751b165ed85b4288486c2dbaeeef68b8a5145ee3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
7ddff6f207b98f8ac93c8a88a75370c2

SHA1
1e3d8951efd24f089afc9b0c90d72348aef85212

SHA256
aaf243e0c31cff0f3418b32166412c5cbf893111f390cb1914fff50166d5efa7

SHA512
46691c1f5230e8ea7577c3f3bd3e2071769e49019fd157869960f916097332c2d58e6efa56133c24cd9d5036aac06b5935070650167fc9b8f4a092bd3eea2517

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
4abf02c8776103d4eaf3f1f05d16cabe

SHA1
3f5c68ee7f7776f1152cce077eec00cb2bd9e63c

SHA256
5e1bd8a3a1bf4218a2d08ffbf7b767005efec55b403211cfb2a21391b7d12db1

SHA512
854293d71e58693aa1f82084230417e82593bd6f69c43661d9b7f08bd51738824d3e39f9f449e2f8a8c07695a88543ce58c76a89081aa7c035725f876c6ae50d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
1a26212e3d25e424f152a113b45af077

SHA1
ec750a5060a57df3304c75fa21c7c436543b9ebb

SHA256
e32973095bc958d7dc43a169c4cabf5b4b21dc0f6c79ada0ec6e1ab416dc4a07

SHA512
7bbeb9649f1de7c9c6e82293e5135c23f10072d5096fbe9d4fcce95a3c5940c80c067ef7846c8a5010c0a5b64e0504f4aeeb5e796b2314880846dc152d7919cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
af2588fac7c8c88657e79c6c2cc7e151

SHA1
9a73a6c67e1ba9d7be925ffd63dec5b20e407aca

SHA256
956ed76b303341d50aa8e5a7e25b2c5cc26fcca9c39c685bb347c14f6b11e1b2

SHA512
e5a33a3707d1dfc9dbc33f9fcbb3bebf5cf013dbe2fda3a98587427b06b238b1e282184f6c1bc20b7948a368e6542afe765ca768f92a2789eee97037022535e9

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
cd43f10f293437ed98b69feed71d30ef

SHA1
16c84001f49586daab1eb7042bf2c74755c77183

SHA256
9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

SHA512
fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0bb6bc70fefb5d6ef27e28664b39b1dd

SHA1
511f31e41e564f6220b8a332654010bc96c4d5eb

SHA256
d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

SHA512
25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
d4bc019c042298797ad457f7356ee8a8

SHA1
bf7d18342b26072cb5ac11ce411e70ff1fbd3389

SHA256
3f5fa9b8b26080ba3111d952f82ea85fabe6be19a19c169b5a7c58d77f4d3785

SHA512
345e570eb0e60b06934642eee4daebd5def275f5885b903c82413c1ee16c9f6b77f876a73db61a02f10486ccda03f8edc5e23189ba110211ef906eb6ff80aa43

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b18fc194372f4967eac33092b86449e6

SHA1
afd4fd4eef2747a6538d182f802cbfaced6db34d

SHA256
75a8eb53d23ff2480d69f15866780ec2b7663a32d369502019285dfb7bff5851

SHA512
e6aa6ef2463dbc9f7ac0fefe8cc60a4812b7bdc7fa3d4b4ed1162f45213e72fc81c251ed2e495b1e02b36be5b6a08d57f42aa289f0e582ecbcf6f7c1374b3e60

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
521bd60d1c70e75c094820ac8d66cebc

SHA1
6d658d2bd700ecd2a19e289c6461d3aaa19ad23d

SHA256
1ce1d1dec57eb25946d8550d8dabd0a1c9514a5e3016d059d4d762ac92ca3c81

SHA512
a78422438905c89eb27e6d7c805d47a5e6251749fab277751c0bf58acf00355a7dec1476357cc4d46916d60ee1e4762adeda2375a55e1c6dd18fe47d6e7ec842

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
fe4e5bce728e1babe0b1979dd4d5a93e

SHA1
0f50cbdeb421506c01e6cbaaaff8b4909b023365

SHA256
8384d254c37c1d55a19ac81185cecaeb7492978a4b0e8d4f6bafd1a1c6bbdde1

SHA512
5cf3921539bb573a9278165f4705600910cca17d17f011ab12f7c9b1a9f70254fd4e837fdc2f678d94c3073e678b59e34e4a7b7fe43891f320af9c69fa7ff778

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
12ec5b8bcc31c981796dd26160868318

SHA1
496dc4b1a5ba5bf502f01e5ffa7f0afb5c21456c

SHA256
8135291e98453ad4ee062ffd42b256218c20a12d6366255a3f4dc591fc9f0903

SHA512
eb462312bf8a8f15faeb99221833494b329faf850b755d16d7b52708faa42e28fdb15ac977dcc84c7ee6c993c8e3be27f241590780218c94d059425342bb9b9b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
16d4ef2ae40fbb2b0598aace548fa178

SHA1
6b51f7324ab4120211e4ea3871797f6a23710fd5

SHA256
77aa34551cc76ddc435f7b7c4236ece70be37d7b3ed24e0d9811b23a77be63a6

SHA512
19b462bfd0e383c5721280cfabf065457cf9cbfa209556e251750326ea5c9b202c2972d770eece126a99b478b60310e423765ef9284243a0ce77b4ab3f0dcfce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
f8d201ce5597dff6784e6231207b0594

SHA1
e0e4ab23a4f932dd58aac8936cea07ddb20a045c

SHA256
394c13790c31504b4e289253ac2e949c3d70885224efd533c602da6a244daba6

SHA512
23bd89e0c951ac8760b7a12dc413333f874bfe69ae09b1e121f68780f228821cae5984094a97196daad03c17451262b8aaae16c3032e824d64652a6eabd00ea4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
5548717fc11c94e87c8abd63d0df5f9e

SHA1
32ea0b23d9093b562c9c67ad4145fedf93825532

SHA256
104cf49291145890aea79ff2ba29a0d12efee1018b06b8ac70ce4dbb7c8c33ad

SHA512
c538984b0f02fef5d3975053b0f3a213f6802fcb710c5baf6812e30ae349c73bf38564d5ebfb6f37b3d2dab32b51de1367a83101ed661094e3868dbcae9fb551

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
98aec679e775c27e3f3443781c354b36

SHA1
1356a2435f6e25998208eb78c9d6b7811d5601ec

SHA256
fd46873d0ac0bdb7d47df03adc71dc66f5190dd70ea319ee327f05372353fa0c

SHA512
47cee429cb07baa7d556f85b7756225aec6eaa646f3e3f1a240a572db73a5410179bfff18a948a89336a04640a863b069172cb56f3f1f7aa1e344d77d8b6cc2d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
8a908c6a99ba6a6f1c8faeddf672796c

SHA1
d29a21eecd80edab37d91cd386e4ae5a6ac82e8c

SHA256
a7a26c7ba4d9129f2e5f1de492d75739e02a5aad2387943b2dc215fed7ef36b2

SHA512
2c23c3cb1bdf1b063bc790eddf4841738125bf61d26a8435c945cfc7d729186eb69641b6146b3eeb08c436a9f4a838dbb66f660dbd252e808f97e76ea86660d6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
419c8e922d05152dc98df2f9c89fb33b

SHA1
b8577252ce34907faa53e3ab57f0a09bf1834432

SHA256
5b6e569676eb7f6d311bfa42587d5ea85000f8cb653f13a5ae119980bdb99125

SHA512
79ab9d4c1c5c6a7611496db4645a6fa110829591b893d622da387137c8a985799b69d0b0d6c0338e296db6402539e77c29fcd4eb78e48df9cf52f40c912951f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d20d063367429f5c40b42410f74f0c89

SHA1
7f282de2f6391f5243fcd10acc9da85c9ccb6260

SHA256
a869c694c3f30bfaab091093904e7c2aaa31f08f42bdb38f43cfe8103ab8e35f

SHA512
fb07ead1e979153598b8899b82e8508d4435596d72d968e610541e187f5d60272ca57105bf3f40fd2491514d300dc574da55479053c68106a9e320a2fc1491f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
49a51857fea59968961381fa6bca2af2

SHA1
ab6946cf9d93ee39970d886f848548f9faadb1d3

SHA256
d264fbd3cc13ae38da9979a5538370675dfcc3f76e38d667dc1ccc1f62bd5343

SHA512
0aac1c60f255f8ab7a6bc344b9b0133647f6bb281ff49a2b9f3632895e118e033fc5f6ff24cdc8239e57278fdc5ca4d8342eec237f9e429e95ec06f4f851594a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
0444a956cd02e1ed65bf44bd0bf40ea0

SHA1
ec9aed57d55c4e1f4c2d5abe2307b6b31a277942

SHA256
0d3859fe69d0f1260a06d569b7b24c4d979d1520c7adb9258c63c2c44e1664a0

SHA512
d624f99a12fd80619d4da26753ea735059873c30ce8ffe806be56eecbb87d5b04c436205630bd38c5a644ebe58bed3c17fb32e5b007d30f46d0a02cca152b6df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
e21d98d412f76431771f34fe34ec3e1f

SHA1
aa3a5d160b945972d2d71f1f4bc281b99de7f31a

SHA256
451e9b0282d7cf31f07c5f50435dd813e9a284f0495eb7abb83305dc9c0e8494

SHA512
8c380cb838ba1a76f317168d2c1c4d110490c99e13462ddcde05666ea34f3d71227f9c9df2bda65fba34ba7b9aaa4474e147306ad03c3e3fcc9d2c413d2716a3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk.RSA-1024

Filesize
1015B

MD5
1d924b3492cf39d2db4dc0e68df6e4b1

SHA1
b0beab82d0a147241d76c7fd5bee4f549c5dc3b1

SHA256
628d1d11186572e4615e92ea38cd059381715929b56983cf2bfee148acb50006

SHA512
20613dc220cc7851a04bc7f624527eb0e5ef65d3db6c850deeb7bc8e0e085b27d5b72805ca161cf581143334d1a21b61aebf9e54be0e01309a7af8f11c8f7ddd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
045b345c4299d37590d7dc0213d44b40

SHA1
f30821c17b135aa5100a3071da4899f13990984f

SHA256
9bb7c9aef773d7868dcd32bf129d62db5168f95914ad9566930de82c79706e9b

SHA512
bd2cb08a0b77e5009362ab374e6b3664802df8f0a70652982ce7ed6437cc2f312278438a6324db7e292393c9fcbedf0d7441effc8dc2943d98e1fc112f5a7558

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
0c1762e7a9ada642eb6dec0bb112eed4

SHA1
a066a228bdadfe8a21e6ea07f1b898ad0bddfe67

SHA256
ee9f13c6eeae95c706c163a1c1bb41c03d1ad2a2cccabbc6ef3292cd1b9215c6

SHA512
693eb2286cb8a3ed73ed6962799c74a82733129935c560f1e1f592a5f8117f035dee368aeff1a9a79c678fec34c6da1995c12bd2a1a7eae7ff0f7fbb819e958a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
b71d1376c8cad3de38f8202c3df995e1

SHA1
1f9048e5586b7cedb75a58e47e0ad3cd907fb9cc

SHA256
048c31ff6453c976f16ebc9cc09a4e85b3e8dab5442b5850ff0c7e83679cf158

SHA512
f1b8a710c01277b87d1b5ca3bc8bec389619d63269cd644b848e9362332b3bb57150cc376b4820ff810fcdf5a4d84b3709418f50c1ab3d3097c1ccbe177d4197

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
ba7bf8be4d9b3f0a8701f066f77ec0d3

SHA1
380c6ff34d8824f35e65b4f2e93827d62ce1cc98

SHA256
fbc8c360d8674c28226f6e235f1d55373d68a5517642a1fa08dfd729dca8c1d2

SHA512
e0cda16005f3ce38001dcb3ba024545680bb89d3ca81842ca2030fa78c1072612f12a39c87440f4a825eb4c5c050a5c1705c781f733b2d0ae482d72a29ac4daf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
4065c3472da85aa5abe822c0c61fd770

SHA1
c94b4c9e3d5f0bf619f3320095ac9f9953928d12

SHA256
27cb3ba2d6c172b96033c0532bcf7a47b00c393d1a79e68b491f937084575f94

SHA512
754de558e4e49400b16a90c2327e21e9df0985c0b049e7c9165f0a46221eab3074e269e6aab162a02415996f77e63e0f83df387fa871913884d5219c642e98aa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8dc5ef2a1a1a95b695ca2887d671f8ab

SHA1
1c3283b1c4c9bab2e2bb23748a8d6a4b375ed99a

SHA256
30b320fd6d3e0e06503ca1eb647dd677972680231c2135a76db496020459a3bc

SHA512
24b4c21b2bbcd99b67bcdafa239295980bd6a4950f00f4603759a70a803165e6cfcfa5523be6c69fe7945d016de8177b3f523661e2cbbb0ed142bf03255ef09c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
9488008949baf27333699ed12ccd5a3f

SHA1
7c397a9d4dd763c9e8dda92a300064586808dbff

SHA256
5074a700e4023c371aafc74cf5d73e474869eef12ef7da5c51fc620a01367166

SHA512
500c18aec4c983cf216c64242342d51da9f0cbcb904f783b8fd3148a965a03e24af1809b43e02df2aaa3977b579eea01377fa7e482f0139a8735493721d120ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b7ed169d580cbb2bb03f9cb57652e38b

SHA1
089262a11185b62d3071072693a5c150deab09dd

SHA256
0dd2861de32d36bfb37f68f9f9e7aae1d0bb6a5aa6e4b717fd7689202f66133d

SHA512
4f0e3437b4e3a93bc7067c80a1ee22f6e00b3929a79ff89ff258f2433bf9e7192681ebe4aa21079b9f1a4d1b4ccf28d6b18e4f190f1ce2898f6dffaf84fd3ab2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
0e2a4a1e3f84de3a163db791ba41020e

SHA1
a1d9e12630d19d8283f5b98dff2664359dd04d52

SHA256
df9442c889be1ab7d7ceb49b792c88a93e1ca563cd88b9f3b65c36d3e799fb1b

SHA512
7a54f9810dcf01895b7babee167200e8e53e1bce45612f77531bc1cbc6f583a2b70a133a45885f37a40e286579cedf1b66648ace6ef661c0c7f1464b1084e138

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
85fbce68879e344482ffb025fdee7041

SHA1
786233113bfe2c5570dd94532e0747c16f336613

SHA256
cc6048be224afba1eb05e22c24d32161b4fa9c8b231ea90debd3f5169e15b35a

SHA512
345e05281682fef612668c76cfc59be2c61d16a2eb06ba8200e72c2b639cc16dab4bf73a5076b14d889619719bdea21b4fd95075f162a779668b5cde73a79c9e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
a92fe92b829e7d2116c986fdf693d292

SHA1
75e2069ae087884cdee1eeb498e9da01f2181591

SHA256
3d48d8c7da53f22fbe1895e9de45cd5b79fcb5e2587dbffb27838b729aa7409b

SHA512
8d8fb97997dfa3c2dffcfc6955d4eecdb1143c863eb98cc225b381c4ffcdad8c3fb543dbd038e5d93196e4c957d8b07d59626e9fea7bac7f0e534166a34b4a70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
05957497e6dddea57ad6b89daf765edd

SHA1
3217690e169b5d64ee2336917696dde4cd1f7ff8

SHA256
cd0158f678d99e0cc2dfb013a73c524144e5307f1e229f5b9830afc5d69c34aa

SHA512
a7bf434719340234b1be0ffcfd59fc6a4cb5a5b12a7239b4fa50e0abc63363a183fdd845b82cb01bb6a98a3274cf86647f3ba4686c533d00395d4073362860ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
fce6294f26e30fd5832f0e5152d586ec

SHA1
e3c2d41c742b84eab8615d869960e851282c3edd

SHA256
8575930baef6e830009eb35f859f57424ef4927aa5d0b05324c0927e6b378605

SHA512
1caa6d534c4b6b1a19577ce96101582ea2bd0a6356c40b7ce6653bd757ae5283b7e17bca63457ae5f104f1f851eb2cb205d1cda3725cb6afca0ce862e84ecc69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
74894ce7dbb19f98325175860a4f9297

SHA1
ad9490c28ce197001e699b6e9a9b2c75cf09c72f

SHA256
4f3e5545b2e42b815802f4b3c7a6b99906ba27dc6be089c991b53f050b73dbbb

SHA512
4b90f70b2024e9abde8759a26fdd5ac560fede5526f4badbaf73b79f1d93b27ec2d298bab0d9164bd5ba0698214fd0d30588454cd830b8b890505a0f9bd6f106

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
8edb875f4f9e16136077c5850839a622

SHA1
c57d4028222aff02369e8caf9bc6097063a550a6

SHA256
153c34ed5bb455485a3fceab42cb999807fffa894d44bd803d0a7f242e4e4215

SHA512
ba685260576675774b0783623302a3a54bc5e4fe35a725c883d3e1e049d3f95c495db4cd3f69ed348054fe3533c2873cae6fc7dd3bb02473ada17b6154862235

Download Submit
C:\Windows\SysWOW64\win32\RWLN.dll

Filesize
357KB

MD5
bb1f3e716d12734d1d2d9219a3979a62

SHA1
0ef66eed2f2ae45ec2d478902833b830334109cb

SHA256
d7e9c9043ed7df2af800d9b2a33e3efddf68b70f043e9717afc4b7dd4e13e077

SHA512
bbc90747dd45a01b05f5c0b6fa58ffe18af894b05363267ac1cc9fe3262f5e65c8ae4e08dfd82d89b9112e86e42d24a12784b79f5ea30b6443015c19b6792c9c

Download Submit
C:\Windows\SysWOW64\win32\install.exe

Filesize
21KB

MD5
7b8fef8b39139cac8e9c9f39e2269499

SHA1
747bc7f3186645b3581c6be058ce2e12a4f9d680

SHA256
2ba30ca8c5dee924a38209e097c9eadc7c4a307d4e976ae274bbcc044f0dfde3

SHA512
bfcc837a2fdb265b28dbe2eff01e93cf6d96d7e6911febf1a3c28ef97a58e54b5e7ec8e66337e639c5606955f5f544327399bdfa5510fd5ca3afb8470e332102

Download Submit
C:\Windows\SysWOW64\win32\rutserv.exe

Filesize
4.6MB

MD5
133f0e46ef52808957fb6eb6f8021067

SHA1
5bf8a4f293a9a136aa9acbb57e589be57aeb563b

SHA256
8e29329e4224eb064638c6500791224d35f45b6aae54ab52fb15de737ebaf52c

SHA512
9ad88e421eeb6c82cf84c4216f541e0266c4ab113c6d3a51a0b07c2548ef614608c8af2d658612891adbfb4f83da8340caab9d528a5349adffd7f011d90da958

Download Submit
C:\Windows\SysWOW64\win32\set.reg

Filesize
16KB

MD5
b17fd4af930d44b3a808fad310162d8b

SHA1
8bba93027250c0ab9d299c922960456df4c8c46e

SHA256
aa509f49df7f3508db591c27284c2020afb32842ede47c7b330bc3174d044391

SHA512
dad972731b55b65e5ab3fd32e60006539c6b35c5dc35456c38128728df4f9ba5c8ec7e55e6743cdea910bcb9c6d775909fb5021cf93026de3d0baac3c67d2743

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
864ad9e455bfbb83b4b92dbd9b317b85

SHA1
5040e88b6b05015245a518e3a2876de839c97e14

SHA256
dae045c6e4c8488d3c59477c4b5b554e653184cb64fe7929a1a51b19d647fc0f

SHA512
49e37b56031b3da5356a64e72d8218127888d5094e0d06f620b0a406dd7d9de7ea0fd8665e8b0f39cfae22666ebbcbdb983375739bf51c39eb7e8bf6b203e516

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
594763f10f777ec9f86a302d825d3746

SHA1
e95b19bd6ddbfef9973f4ae375ec7872012fe31c

SHA256
c76c40e5924e1a416a06031e5ca6dbe0e90a30ad97f68d3cd5d56aeaa6ff6cb8

SHA512
ed244ff644ada776f5a574778420b9355e8f4d68340fe15d5bbf151dd47ce1f7ee6f69a52f0445f2b955e369425ee33617f87a4d1be8d7215ee1a2f0c1fdafe4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c1f895d8682fe5466a53a51785b43c51

SHA1
36c80ded276585cff31a8cdbbfcbbff76845b94f

SHA256
401b440fa844e446b52c4868edc5d84ed27e6e6daea759ee02799830c6966ec2

SHA512
115948815b4b8e845015da87aed99b1db1c938feac2349a84d6f51d55f4c13dcd3b04901fc5aa0d7514d7eb869587a3759894e8757391716a0511bc70417c60d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6b7de9ab4502c16ddbafff8e9ee40257

SHA1
e513bcda03227bd89a78048a04d4de965a0da8d6

SHA256
139e2da1233b8edba3ddec37bb543f10c42e4f5f95515dc6300ac2f8117b9d55

SHA512
5621028334f90dffa9161876df6d9b1de6686e8458d26f294780b625c627f703aeea833303eaed6c9cceadb7437966f3c049f57c8dc36c1ccb92ffcfa376230e

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
1a680fc9592d0945e769e6a2a3e59f4d

SHA1
cac4fa6f9099603d6843fc91393a92083e96bf38

SHA256
9bc18ae67722f9efa1d84670c558705a739120104dc217ff48298f9114b5ff0a

SHA512
e22fbc9e561c1f38405f18d4499678501c1c01aeb7e2b8ee7ad4d79a0b2c6ea878ea1aa5c7fbdcd1000b63bf6d87fae6cefebcf586bd6bfc095b3a749dfc72e5

Download Submit
C:\Windows\directx.sys

Filesize
72B

MD5
2772501fc43ef1a7f119ca5190f39047

SHA1
9e57d9c92d7c23db1189932a950d3e602f4c3529

SHA256
d7bdcc26f973b9a9d6ff4dd2d1a50ee463c0d0915c00a297b499a014f268d56e

SHA512
1953532b6c40e6ba22d78c5f3581456620c3e544f38380c5bdfa964c8fade0c9ba60a8fdf4dce80c442dccc854bf1b9d76e43c6fe1d3bd37c700e7b0b2f3b84e

Download Submit
C:\Windows\svchost.com

Filesize
40KB

MD5
b207d9485fe63480996c2975b889340a

SHA1
59a00e0a2c0055c94ed250268f71f1eff55d2ab2

SHA256
06bf9b2e89a82f953983518666e47d1f92bc9ee6edb3080349cd809318ee52de

SHA512
b591deffe4765e27d819f20a2610cd2f8131f22ec1280e99686c5ba4f34dd4d716f8b88bd5542192259f5dd730f6f7e8d43119d01fda8b839edbd3f7fd8641db

Download Submit
memory/180-11578-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/180-7066-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/180-10141-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/180-11586-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/180-10903-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/776-5074-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-55-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-11226-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-10185-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-11582-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-8670-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-11571-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/776-5402-0x0000000000400000-0x00000000007D7000-memory.dmp

Filesize
3.8MB

Download
memory/1308-11124-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1308-8849-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1308-6116-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1308-10186-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1460-5883-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/1636-2485-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1636-9-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1668-6710-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1668-2381-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1712-1275-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/2052-11585-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/2052-7065-0x0000000000400000-0x000000000086D000-memory.dmp

Filesize
4.4MB

Download
memory/2212-3186-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2212-422-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2260-419-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/2388-7712-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2388-3733-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3744-2474-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4228-10184-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4228-5401-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4228-11123-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4228-8669-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4700-6709-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4700-11576-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4700-10901-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4700-11590-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4700-11601-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4916-2377-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download
memory/4920-2363-0x0000000000400000-0x000000000092E000-memory.dmp

Filesize
5.2MB

Download