xorist | d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f

Analysis

max time kernel
103s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2024 03:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Size

366KB
MD5

38d9aeda5745ab2d524d8f29628790f0
SHA1

3d971bbc61c99f5cb5a1c8506be5dfba7fa813e7
SHA256

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2f
SHA512

7a11d80b36f5213ac7a9ee7ccf50bcc652750e8a3521382ce40304ed2e4cd1cb20b1932070bd9d176b3d6def43ed109ef6af87b28cea33d26f7e463ee1ddf56b
SSDEEP

6144:3/sNJUbPaYnJ3deKx5kkdsg8jJa/R9QwA0rM7WqMkCGbRQ:3oJU2YJAKxznQl4MpbG

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3056-6208-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-6209-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-10510-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-10967-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-11300-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-11301-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist
behavioral2/memory/3056-11306-0x0000000000400000-0x00000000004BE000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2187) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops startup file 1 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops file in System32 directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0008\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_cnl.inf_amd64_a60833fda31e9831\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsupr3.inf_amd64_9cb7ddc26e30b52c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sdhost.inf_amd64_b71f983cb35bfde3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddmdx11.inf_amd64_e8336336d081cc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_bluetooth.inf_amd64_7e49a68f06c14d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\lv-LV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas35i.inf_amd64_4df7f6223ebcd28d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scrawpdo.inf_amd64_466615aad3be8e26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\bg-BG\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3056-0-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-6208-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-6209-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-10510-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-10967-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-11300-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-11301-0x0000000000400000-0x00000000004BE000-memory.dmp	upx
behavioral2/memory/3056-11306-0x0000000000400000-0x00000000004BE000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-150.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\rhp_world_icon_hover_2x.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\256x256.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageWideTile.scale-400.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-lightunplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSplash.scale-200_contrast-white.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\wiggle350.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailBadge.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageAppList.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-32_altform-lightunplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\4.jpg	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-125.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-96_altform-unplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-24_contrast-white.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-150_contrast-white.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-100_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteLargeTile.scale-400.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleSmallTile.scale-125.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Rainbow.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ArchiveToastQuickAction.scale-80.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_retina.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\assets\assets\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-60_altform-unplated_contrast-white.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-40_altform-lightunplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookSmallTile.scale-100.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sv-se\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\MobileScanCard_Light.pdf	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-150.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-125.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-80_altform-unplated_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-256.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-24_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-36_altform-unplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-150.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-100_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-lightunplated.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Drops file in Windows directory 64 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
File created	C:\Windows\diagnostics\system\Search\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square44x44Logo.contrast-white_scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.19041.1266_none_93a0f3defb54e912\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..es-workspace-radcui_31bf3856ad364e35_10.0.19041.746_none_855a311770ee3d3b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\x86_netfx4-legacy_web_m..rust_config_default_b03f5f7f11d50a3a_4.0.15805.0_none_733349d88e72efc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o...appxmain.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_62bde4342a4c7869\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ivesyncprovisioning_31bf3856ad364e35_10.0.19041.746_none_816245cf7f253a8e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\x86_microsoft.grouppoli..mpleditor.resources_31bf3856ad364e35_10.0.19041.1_de-de_3db4f9e32e25697b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sysprep-spbcd_31bf3856ad364e35_10.0.19041.1237_none_8736203f05ee2cca\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.19041.1266_none_adfc223229a335a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_656ed39a0da7fd13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..cesetupui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4c416fbbe0e53e5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scrnsave.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_2911f11ab4f5be62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2cd851330f8efb90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..omain-clients-netsh_31bf3856ad364e35_10.0.19041.964_none_e298a0b3d7b36f46\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile310x150.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..omponents.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_bc253b18ceae7e3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\inspect.html	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_transfercable.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_61b78fca91ffecbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0013_31bf3856ad364e35_10.0.19041.1_none_a485d62d4f56f49a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-cryptowinrt-dll_31bf3856ad364e35_10.0.19041.746_none_350a7ac2ae852f14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wfpipsechelperclasses_31bf3856ad364e35_10.0.19041.964_none_507f3b8f5adc2210\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_c_fsphysicalquotamgmt.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_bd2f7d2d567dbd48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ents-mdac-ado15-dll_31bf3856ad364e35_10.0.19041.746_none_ea2a2d52cf75f59b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeEPUB.targetsize-129.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..anager-unenrollhook_31bf3856ad364e35_10.0.19041.423_none_b6dbeade015df0ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-pnpdevicemanager_31bf3856ad364e35_10.0.19041.1_none_d41c5247f33f0123\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-editions-professional_31bf3856ad364e35_10.0.19041.1288_none_51444fcfcf940a66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_en-us_e9c94509a7db4eb5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_net1ic64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_d01738b53431569d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_netnvma.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2a25d156d7c8926f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_10.0.19041.1_en-us_9c821901b17ee0a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W193497eb#\a32f4f54a0df42f1dc8d6cb91d471bb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1023_none_3e879b530bf1ce72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sechost_31bf3856ad364e35_10.0.19041.906_none_65e76b262ba5060e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ers-assoc.resources_31bf3856ad364e35_10.0.19041.1_de-de_3823f55892bd38d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cryptext-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_25638dfe55945840\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000449_31bf3856ad364e35_10.0.19041.1_none_a0bf101f014dcac1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..on-aad-wamextension_31bf3856ad364e35_10.0.19041.1_none_1f6364c44604d80e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..mentmanifests-admin_31bf3856ad364e35_10.0.19041.1_none_432b2ce92433732e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-100_contrast-black.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..tmenuexperiencehost_31bf3856ad364e35_10.0.19041.423_none_62aeb4079e61ade0\n\officehub71x71.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_appinstallerprompt-desktop_31bf3856ad364e35_10.0.19041.746_none_df9eceb60009427e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..r-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a26b530d64eec39c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\INF\ServiceModelOperation 3.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.19041.173_none_f837263e7fdd508f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_netfx4-globalserifcf_b03f5f7f11d50a3a_4.0.15805.0_none_e089f3ebbb553e00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.1_none_2aca75a3f62203f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\debugger\Breakpoints\images\breakpointUnbound.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_gpio2_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_e0de37704d98333a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui.resources_31bf3856ad364e35_10.0.19041.1_en-us_80b65e99e944619c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_79f91e31e95ca6ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-time-service.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_37c7228cf0c127fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_system.windows.controls.ribbon.resources_b77a5c561934e089_4.0.15805.0_it-it_bd53c6cf369a688b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare150x150Logo.scale-200.png	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-payments_31bf3856ad364e35_10.0.19041.264_none_3200af893fb6326f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.264_none_df4a5f86ba17c864\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_nb-no_27a70b04b2458f02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
File created	C:\Windows\WinSxS\amd64_system.numerics_b77a5c561934e089_4.0.15805.0_none_c12291133a07feb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

Modifies registry class 10 IoCs

Processes:

d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.leycoz\ = "GJXEVPQMPNXFJOW"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\ = "CRYPTED!"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe,0"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GJXEVPQMPNXFJOW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b7q7TsuBvQ3W12G.exe"	d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe

C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe
"C:\Users\Admin\AppData\Local\Temp\d7285f6df3d2865b38862767dda78f08d9f8aaa8dedaa975d37fb4a394a27d2fN.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
7fd04ce517bd7943af188effe50dcea6

SHA1
679852f77368b2784a492300509d22c9845cba95

SHA256
515127088a08427407db5ecc216a7670ec11ed6630d82cb95b5860b895fb5eac

SHA512
3ccb402c43ae5ea3a53154e9d32927d42a478755d5915e6f6ee0e164d9a19ea96e4c9718c9022d3a2c3998be1428b49e884a6a2a02733bcd997e5db06098c70c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4b68f43ebb62660360d4cd50bbd7b7b9

SHA1
38500431b08506b7cb37447d4eed7ae2515ad484

SHA256
0fc101466c3343e0a74365afb238d8ad477ef4aab4d4cb279134fd59b96940c2

SHA512
fcb8d41e0e198beb37323daed64f532d6129642ff62327947c25c1a12e01bc669c09a4477a401657bc6dd20c52bb472b838d3a93fb05fa60cec53f89892a3764

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
364c45dbeaae5eb5c9909564b18f63b3

SHA1
0f9d5aca18915f11008d9b3b22afeb2bf8203f7c

SHA256
d88a80177770bab555f98b7aaee5a2a229203df771bdd9533586dc1c89752034

SHA512
5ce6761a1079802a8d10c612429dfa7d4d8a7a229359ca7d40d27b57771cafc4996e939640162e91ab5cef9cefad6d9cfd7651b63205d22df2c5fca88451ec86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
72eccd93cfc1aab518102b92b50f170c

SHA1
bf0afed61789f971b7671acb366269528c7d7244

SHA256
c7191372821b3f2b7d8da401250068e3dd98f701372be9597f2b204154d9ba7e

SHA512
7d032b29b20f7534e8b71ee782425190c544cac7995b0208b78077f474bb9b7905d479d8f5be1397e5cd9ef26dd42af24a4f1363a2fe50136f23730548be6166

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
54258f820bbd49ac555911027d780021

SHA1
9a7edfd1919b177a827ea035e92b6d3ed1feba19

SHA256
7c23a4e1ee1654f2998fa83583f6af4dfa2db913e2ad29450e360372b8343451

SHA512
c7674c438cc334055e082d4b7a9aa71b5b65f06568e1d42830809c126e9be69a967ea1fcd1183311fe6e8e3106c0348154200022e3cdd1c35ac2605d555cdf88

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
d473a853fde41db2dae6b5d499d1fc3a

SHA1
c66b5bd1c0b64fd72f19462bafe1edbe712158ee

SHA256
86726777e3b10b3fba881db6eafe4e45046f7040494445667000972596f160df

SHA512
07e6f9e2b585cbb61662c91b038c29c04ac634561587d92bec7d9e1122195e6c468b7dd0ae19e884260500438787e829095d8e41cd8b20f80898277b2f6d42c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8b2a93ae028dcb123f99e375088f1858

SHA1
2541952c331bb49d55fe84c67a8b78180d4da9ee

SHA256
7895b212da1f365efe97850cfa19f487b9b9371df144f502577e771dd2c5571d

SHA512
75d84c22a98e2b2d35d23edb3c70295bf45a72f7095892e46862fad6e7456a22b3a40c04c75d550e1d3356fde547d90ef0303870acaa80dc29dd885e265a0e82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
32f20d9bd7c825756b89898ed5549c4e

SHA1
b510feffab77a07435ef25de7a4a15a2f8820102

SHA256
22f0092aed231b3ce89539ec00901ad805e93ce535b624b2c44a47c02c8bac3e

SHA512
caa787167ccae15f9b66fda948d6b45d9429d8caa6235d82af873c4a37d90bf17bef277beb4d6680d6706123d1d0c141b7b6959165c44e067139a2cd54fb22fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
936e6a72c86edfd822ef52760bf2dc71

SHA1
6421f85eb4835eb28063c9313f11c8d84f5207fc

SHA256
b7b3065303e7c932ed7fa260f7c0055743a37c06c1f4325d8e62d5ddfd652fec

SHA512
6ca096c98c6945b8c3dc752f8085555e70f332d4dbddce6064af34d6753c3197e578750f23fb163f8f701a061e1c3dca579301513071528189aeb386f563a9cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
01aa439998084bc198e4e30b8eeb7bcc

SHA1
90d1a1f5f4255bd8a0c9469751b695b7ce0821e9

SHA256
ba03e80aa8448deb091610df5b7ac3c872a4c70c541fbc7d58aa926865ccb016

SHA512
6a1e237cb44c9f1e79214e263f62722e247954c37c4d19b9f88a4325eaea718c4df57915302144b603e7e24fa8464b5d5f8c7987709399521113acf5d1e834a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
87b6ac82d93dadf13f82e01a9b6f86fd

SHA1
b39702ffa85c7382b6bfafec0396b9b43d6f520b

SHA256
786613aa51f257903b1e66cece5732541aad77a862d53217f3ecfffee4b69e97

SHA512
f5ef8f6f8a21a7e02c3afd6e8f26dc17d37cb5d8d2ca0dcb8f8545524521765e792c9a3d8a4d2552943137d390fbe7b8b2df75d4aca3e4318c5d9e21934da535

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
aa162d6ac90ceb744840cd0e7660ea94

SHA1
bb03403dfe06c705fec0289e720adda2df59bc63

SHA256
08d04c32bb375e11c283032c842847ba2ed3b835dcf6d274b807bf4a1c4ec69d

SHA512
5b655b7b4aafa1b8facb4b06d70ffa43125e498c636f07c653cc89c3efb0970907a4a538e6e612fd26dce37c64f8e0cae638dd917e44ad668580481d41434fe2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
abc73fd1739294541a0eedbda1947fbd

SHA1
d76bf01d40e7f3e9d94b421c63fa0627b3f020b6

SHA256
0ab098936435752743f99f8e5e00abae18220b7c2e7a3a8b8ee0d3c376148311

SHA512
9b6eec9b04cd15f311eb96649abe17360ec5889f09703fef659d1b5f37a52690253618018924d12b927b302cca0740c0c9cc769a5498a3b6e11c329b056fc398

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
ed5d7983fc4d34d0a7cef5b165b5d162

SHA1
e97922aad5832c4e2a56f1c0a2faecc501db0bad

SHA256
4c593f3a32b408ddf9191a65c457b7f39d563e5f03261268af697dba1a976d9c

SHA512
a64d6895d1b6bfac27ae4e1ccf6e4f53d0743fb6576cf2e4b03a3a4e819079ca85a77aa2ed27bbb9e8a489ce299081569e8d85d80e247e4c460606f7779ba7e0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
18f836967aaca967cbc52c2f12c800a3

SHA1
8d1570a0a0e2c6e2c10d35e1680db831dd7d35b8

SHA256
407a9503f536e73c45c7e4fe1557a215c929fe8911084fb548cb1950bdb18a81

SHA512
8ba5043f52092d1469fa49e85fdd1bfbafc290114e5deb88e0e7091e1d4d2d4e3dd23f2fb507d6117b8a5504a6e19b43da1df5518e3e8bb8df3d2f5bbbbedf49

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
5ab57d9ce3d0436de22362b8d1a55266

SHA1
a50660dd6ba0d12865cd932b9dceae4005fd24c7

SHA256
3656f3d18c30fd33faa2b107f6e4e4c39722173d30910ee52249eca769d8bb8f

SHA512
1cc778aacb1c206ab0d5e16f7c6305ebfbb29db606109351f3f43c1093eaad215973b7369bfed98bcc1644e51a2c480c4643f52812e76fa751c71277ffe94e66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
209ac3e693c7964b4e5354a92750419c

SHA1
9c1a5f0e482c012f376fcbe854e6fdd018379311

SHA256
817555d679b07136b710abdff23cc7555c0b198b2db9a71bfe7072d8d7aa72fd

SHA512
49a7e33f370bd4964ff31afd8bcd4fca4d223808c0d257ec4c1abbfd4e4b29ab15f8c9f6a3cabfb53811c9a029a8f4b65ce8d002584a58d432fa478e9884f6d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
8461ba2149268806ac1e74e361f739d4

SHA1
c089f911e68014b0572d2b854922427e3e8cb30a

SHA256
90d3291b3bc220612a5c05bd96b1145d507de6321ab71fad2f6ce2bef8545db9

SHA512
215b27a66899f0af64497c9556c293149c4e7b61f578ce2cd3ab0a823e26d47295e4a69c72dbef94a1bc53a52fb2b39903643247cf935e3da5de32094b8e55b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
34fa8eb96861dbd949d777de1149d989

SHA1
69c0d16c05a21d2afda95f4fa1774c13da8c6591

SHA256
23919a17bcc4f7fe0af9716ce4b91cbc6d492a29807be0bf54a51ea1ced2e01c

SHA512
86bc67e9c2b8442ff3c82b331d0b61fab2acc80531e6ce30b98db50542e5859a3f96a2426b10deb5b84199b653f5a6f899bd942a8251c772fede78e1c0c02d30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8866f1e0855ffa593c2090789b9592fb

SHA1
4181895744a7b441d2d93bdac8d46feb211f71a0

SHA256
78a81efbecf006febeee6603385e6cc18c122d49cd9c40770e7df2c748adc3e4

SHA512
d67f284c3063a266158108710a394b743f93a59b7294a1ebb7f06f4cf017eb9e72fdeb3a7fa84c8623c3d3666379eca826247de0869c22af98d3de6856afde05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
21661972b3f97be550443aeea4bc88bb

SHA1
02cea3114bcda92584d3cfd97532d11a7cabdf27

SHA256
ab9a94c3ebb9ef72633de39916290de822a3ff36bce1f3fac65d986edac6b929

SHA512
ab989ea11aec7bb85a94fb77b513c24eefb44be009cfb43f2474f58152aafea8db0b3b04a49bfc9d95a17c9b5c1fa30f872ff8355f2dac19b710ce88df9ab958

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
e0c1da56c834aab6dfd88b63d3b2fcfc

SHA1
32ea4c7d31892d4ae0af119e3f850ee1b6f10382

SHA256
3fa6704013c9582c93ed5ce6ccc1eb3ca3604af129cf869250dcde0d2f8481ce

SHA512
96a6d2123ddcdbf79a9efc31d4e2c9295b9b180c684913374586500e38827d84127f62a5e5db0ba9d9b28a54aec7a45f737128721b68da6c14271410ac87b558

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
988c0147a9bf1e60ba48d380f46dc88c

SHA1
5f21fc234143919c0c18715bb6c9f1bee3d1dbdc

SHA256
da919094fbdcf2f71a09213b80a869d215f2c372764c61097dcf58f02d977b32

SHA512
fb6d2e7804ddf3e9ed008ccbcc87c2b2084df5c6ba9f18b01784e530f945d1f72c4f968c6c170876a26ee2f46a83063d2b18eacda5f31cb1385feb396832ccd2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9b5b6ce85234e422041535114f051945

SHA1
73dd248a172fb24248c8207fe554bbed63ad71d3

SHA256
70b8ed50a7212bead23cd8957a3eefd667019ed102fb1aa3e03b96f010abad0d

SHA512
7b46fe561bf54dd4b9663eb6ae1605cb99f02681578aa2d69da3c4ee3c86c43f9f305473a18301e8bef6276f54bfee75068463bd4a8abaf2aae68e7d1b6b5b37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
55e9f865de9393d01e97cdab045bb8fc

SHA1
929ee5f82b6e6c3f9336e4715ddf83c0f5040a42

SHA256
814565a09a975b92bd8eeb8017ae2fd33d41f50d6e004859982e7cbedea22108

SHA512
240630e5b0a27acb07f216cd599140c96c246e6642d5254330e762f89f82d33175e2e23fb726f9577614571ee1c162737b28390f155d66f5d89766c491e0e239

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
c00327d8356bf46632779b163d3e61f4

SHA1
320046e9bbf75d14c18e35d19d6237496de86068

SHA256
d03ea2fe40fdaf7470fa1fbf01052de2c7673b04db1618e1787565a802fea00a

SHA512
72e8d8ed8c0cd4f5d908aaadaacc5c14ac7c8484fa70c58a391744766f90be5f1e000ec1faf2a98606745b64e6d52137db374ec101027f2b2fc95b87e6debb80

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
f509ef34cac1e01b03dc709c0e14e207

SHA1
3e89fec86852cea944915f732b3970cf887be9be

SHA256
1064f76369903984a89ff735fc76252d3330311ea72bef0dc03e0ffced33992b

SHA512
7cb07c6179f285d7cdd9a321e399a3bb8bbe6f17c893dd7aaf21d09f3b10efa551d0c02f4678902c8ca7d11a158859098c74cdd6589a41b8c4dd251d2e6e4674

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
fa6952d1f7b82a6127c2c5caef5c9f49

SHA1
0eb97b07c8fd9e930a5422e7736d3bc47e0f59eb

SHA256
5160c552f9605e44503823efa76d400abdfc96ded48958539bf003bc6adcad6b

SHA512
7d38fb35991aeab6d0a7859457dca7df364541417bba2d7290855ba265959fe5afd5ca4e3fe410c2159ea06cafd5724c51903651f016a792370bd5f108467672

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
21db025f89830b3e6569c9f28595bc73

SHA1
8ec6ebcfab578be4326657a94aa6a41e394741fd

SHA256
329e6b1ba5b36fcfe7f0687a1fcb0ad55c83d0af2ddfdbc3ef7be7cb349e3cfd

SHA512
1697ff29603d72cfa0dce012c2ed312a3b691f3671d1523cbb2f81aa0fa7817229038011d289878a68242fb5a46bfc7d1541869c25462a2b6985d97de72680f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1a9b9cb8dc1641f340dd75325a003800

SHA1
2965310e41909c8bdf66a4cfc0fe142f175158e3

SHA256
1ad872e2acb7bdb601a9e345126a08a1ae5bb8a7bda6d0a3893694038fa1fbad

SHA512
ecb3a88f2f93e2dd8062518d377ea7c3dc744e651610bf8ff1486a134394976330a3b4fd6d9cbcbc0b9a924710c1445302de7c202e69e6bb3785661b2df0793a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
76389c9ebb4adfb72ae8874e0f1264cf

SHA1
60347b664c9249d3d9597a77f364b14cb30231fe

SHA256
dea51dc20927b4f9e4019a39112b1e612b7f1b63be935251780ef366065c046d

SHA512
d2e359e4c670c56b4d96e35d3bc9585451b17a7c5b405207013845f5f799810b1428e3d584dae304dd13015c13fa3b6eb34779b97a0c7ce1b58fead6d4d88710

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
2a206f4c65ab3cb352cbfc6480534650

SHA1
7af781cf43e737ec5769d135ffc55490e9f7e7e3

SHA256
194a37d7ea7ef49dee8ec545cf03ad0de110f985a02d959fc24d3afe2baac5b6

SHA512
0d9134d11a385a83902a0ee05e526c5fdc417a04bab8a269c59da2e91a3554855de6aaf0592396ead139625c48cfed65104115d6a98590d03e368d28ca7da1d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
8ff1ba69c403e56a179204eed3b290ac

SHA1
0b0bbfb8d34ebd43606cc4b0df3d23c051b1f24f

SHA256
4f261c4018a8bcb7e17a7c741a79db08f660b245e998f493b76349b29711737f

SHA512
542d2b0c17f9691dd9a5d662bb22af2f7f9811874b4b2dcf922e172d90ec3d40d23d659160c4e8a8c266c86e20b2fec64711b4bd0eeea457e39d550ea991d9a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
a3e60d76e1441f908603c8637983f358

SHA1
8a68edc8dfbd44e6c97ba9a0562fc7dcd64f441f

SHA256
da2835be214a7e817a8e57e7c9fae889a072b31e2558171f69014bfd3082e9ed

SHA512
56d70c9497cd217ef848739e1fd0a6f710d13799d354b214d6fe0c865de9f9c879bee46ed001a997becf1355dd2ba49ec00370fbffee89c4cfe264f610775c68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
a2cc2d060d08630835113c1d895c4e83

SHA1
5066af214311bb3c0f7277b4a8da31ec9c5909fb

SHA256
6af465dc3559ae36fd59bc5cb02c841ca8835cdcb632fc3de5c4a20cf30736c6

SHA512
cc1fc97a809431b6b0b2fb3f65aa7b6fabfd3e23970863fd90f1ee65bdf7bad2a603704e273561d2525761079e1b7d4ce1157898c484f4838608eef8048d89d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
c19f7df8637d15bf5a18001626f006a4

SHA1
fdcca7f96e38f0f22d4a2d79f5eecdd2ea53441d

SHA256
d1dbd58394b283585e8e9ae80f0b33afe2d9c10cd07e563fc7748c0648222023

SHA512
f0b4737eed2c5dddf99e7365fed05c49c9aa6877a1811ca32cd084d4eab159352a605f9d61d6a393ce42ff0ce341001a4f38d64cbc77e30874af6a86739f9937

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
bbf841622ee77dc7cc3227a136723fbe

SHA1
2b5ef452769e22c5156e9c64c4923de92f50515e

SHA256
9244c4288edd411f257ed38ac959becc4dfde85848f8cd984fb4d33c0d1ea8e2

SHA512
e338f8e7e27679a93b4a4fb22a1e1593684a89aaeb2c5c62a88fd08a2e554a575953bfb9960167862b525101d0920cc1ec4a6ee1d6372259382b9c6379f1bdd0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c1e3343ea0fb95f910e134e8f2339ce1

SHA1
7c0e451d937dcbe53f40832d6f4697cccba59dab

SHA256
b94dafe6e4a670b2cdbb4f6498f16c91e75b09447fed025302e72eda8941f6a7

SHA512
47c255a946cf02b22165f094672326ce161b8c732083060397a7295d28183f6ce672f5435663d116848be1f969f37a4d88b41eee83ad3434e9ac43e0bdc49045

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
422B

MD5
1ee5052508eaf02a5fcf6c574a83d175

SHA1
29bda576d6c06f8f6031df7cfc56b5df6c42dddd

SHA256
3cadf5cca10ae2f3ccb227c09be5d789f1aaadb0ec471f9ad60ea511c158a471

SHA512
c28455f45ab22b02406f347c725d6df5167c54a58bbe11369ab7bb84dd677b393e9f9fbd2565cdbace4d7f6a54716cb88f936ed058b65f9060cda9cb96424f89

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
190a4d6dfbec070570623d62a05c7ced

SHA1
5c8cbf4a27375e75b5715ec5587288a97d78a2d6

SHA256
daaa944809817e7c5ef6f218a14663698715b984c07a6a3ac7d5ab5bbf479ee0

SHA512
fd2e60d417e5e19a48d22660db497900891bd3bf9b41ded5bf917b03d64ada3b32c239405be3804e328356fdba32a841424c04673d059473fe33135cfcd5da83

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
44806d00fe4206213a711e9b8325a351

SHA1
ee7e1355fea1b0e8fdd1f3d173a5e857738eab52

SHA256
36451d15904f6042d09727778af8e9bbb5fa01cafd9e74088c6a004c02c578c3

SHA512
741347f88375cee534a073929942c3118920b35158c242be6a92b3f9a1b75c32855da465603a38755a9278a195eb6ce6650667d93246878cc4484811821987de

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
60715b862df2218d12c536862263c928

SHA1
f4b79a501f2ede7496cb801a19c8792dcdcde7a8

SHA256
8b8f55a391b286450688f8cad4ff0bcab6d5c9f1563230e01172991bb7380f36

SHA512
bcb11b1388f24d1359692117193aa9b8bb15a60cd47b3eb3dc322cabee58e768e73360cd317c9119073237d9d44fc1cac9160e58722494f85445f2e23e27030a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
25b4898ee8cb4ccc2b08615b21bc3457

SHA1
3f305f8e2b7f088446c7dda9741206ba8c46c7ad

SHA256
86b2604f7b1bbe39ad86f4430704a9c0c75120cbb14577d70bc04c9ee9142df9

SHA512
9f6882850bee902f7534a2f4d9604c477b4c1fd2c324493d1acf4d4320362857a8e990487fb919b8b2c6bd2303ab110e9210f4f8cf389c2b26ae3873db993df9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
ab0201ecf15512e92347962d12dc0b0f

SHA1
e10c20e0fb5425d2fe989e52e641a3f1e8fb42ef

SHA256
432e2635a7b7c7aff8e4380729f335ad627bdaace88b69ee21a0d439870b534d

SHA512
0e4bdaaf40f59d7490cfd5f7e65b53c42adf80ca6a260adf9e1a7d0b75397ee5243dd3566b2b91e0033bf6bb9a1c2c93532c2eb01cd839f406ccde873ae2c406

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
34cf301703656c0b1caace668555f692

SHA1
1692262f37db47eb719d1819f184dbf3c23b132d

SHA256
fb267455e0f166c8275f12119283ac0a91a2cfca7fc73f32082d083facecdb80

SHA512
9d9cef0705f274ef5190c075fef170da1bf6deb475e9f40d45cafa11254a507c7fde6747e842425aca578698959bcb677322782f3165ba0d6a808752c0f14a4c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
feeb7afb8e2e5cab86b59e9693516a08

SHA1
3905bdc7cf362955565af38f3304454e72ccc7f1

SHA256
dd4e187bdf7ab4c9102ce05186262b9d14effb0ec88520ddf1f50b0009b65bbc

SHA512
a5aca4df0b5b74bf6de1edbba395b3dab076f4b184427ff13a832d3701907f4808267f6fb620ec69c9cdb132249a2311bdcf24c128f6acecb3169cb65cf40917

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7d8b81400645c29b047bdf4519f2e310

SHA1
a94cbc69b57837f0ff94d877e9f1e7f94e790dfe

SHA256
987949ebb7795faed52ad905227ce02ca6d7aab52cd148b3766fa043592ab497

SHA512
f9afb13586fde97057f642db6c9403424c235a13790ba3efd3e7c8f28bdff6537b89c567b51ab4be9bd9191bad0ed8e085bf6cd8f0830392602a6db7de0937cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
e297e0d6ed974633224eed4c2587efbb

SHA1
6beec1dcff3416a19672d5553f61ae222d93e405

SHA256
ea61a43f556b6e2992305b02dcae2244ba538b4631d624641c6cfed20e2e63cf

SHA512
0cfc63f6af417d96dd26bcd67e36920b83df6ff7834b2675b4c6ef83a1514a69a1f20d5aab97d43a26467d4c6817b5d1bebfc734419c09f9862e8f09253c01f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
f7053b553a0db85d94f43ee7d97c6883

SHA1
82c4daf100ca3a54d0cf35241e5e147c8eca5cd3

SHA256
8c1f5a82c59673b38b9e6443881bf707b313e687d326f39abcb29fe12596b5a8

SHA512
8b23ab55a699e7fcc652cc393be09f03e2691cb74c6d670756816d3bcfe9b4e36a7a5bffe36d3423833689c50e286f555156d066289a3b81ca5a338483015055

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
dfec802308ebf1c8d33ac6431e19a3ea

SHA1
9aae1ce4858807f66b6e9f4b830524b2b5882ebf

SHA256
1df5021cd8b724569805a9102daeb2b6fe7aa193ca1cc55814c3d309a9a19c83

SHA512
40f0d44ca113636683b7367d8b299fc3ee3844c7d651bb15b72adc3185a70993c8a2f273558f4652ddd6b2929ec74832dfbf20c124766fe848b2b7b06e948081

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
ef139168d151d9f9106afd6ccf15da88

SHA1
16a8bbd4d96091ece7124efc191e9b74e40491bc

SHA256
88ea9c7ade77fc0640e0b8d51c2b78fed5908b632c285e2a24725c6b99d5be1f

SHA512
5bbb83b9d48ec408a5a762896a54c2f96a919be9da5b7d6a451fa54b37b84036acfef796cbf1fab5e0c36860fcd7e154fd7879c0890892813cb5eb8e73a5b897

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
eb3be1261fbcb707568f8dce93fe4f7c

SHA1
89cf098abfe3f5203c51bf30d93248d5df469f00

SHA256
b5efeccb0052043b91b32f9cef94e1a5d4a5eafcc69b4b8ef31e2172fd68a2bf

SHA512
70e0513a0af2b69c8046bd6b046d13199591b252ccd811b3394d068cb65e1f5bdad3173fc82c8991bfea69320cc6f9218e585c547327ae80d30c9581a222fa7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
f78fe70eb3ce46192e0c4bb3c5d98e05

SHA1
0149647e37f821c07f7516b0f5212cc3ef52dfbb

SHA256
60562c5488c7b90d2fe668ea9b8268e4a98a4b5d36f040fb28b60ed7c550dd68

SHA512
19ce6d9a2d0af08027bad60a9df994924d650a20575f62d887ffe1d41f0c5eaeefc561f84989efdd5b766b3c4c9fea6c0c75ca8dd6327fc417f0876ae3a334e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
b75bb7a39a76a30648a1ff3245b23fcb

SHA1
301ae0ee24968a3f516a3aea9c8dcf018ae2d588

SHA256
36c690004e0db4d25aba9a4a74d84f29e88736ec1d4571e6642ec85d83628b46

SHA512
100ce308387c2c6984f8ca3e44db757c1aeac3538898497b22983378049eb78e572ceaf368eb522f7456f2909834b7c6f82dbe40d34e996619177f1d7314ae62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
be445c6a8d302edf36aa981d82df1b45

SHA1
422484f3e514d7e913c87a12dd9b2ea02911090d

SHA256
0324cbe05ad0fc8ca469429e7d3bf82c1fb627f6ae71f303c69c9d544dee5b0d

SHA512
9f21d055de001d3390682807ec25f48b050e66c602a00bc6b53290fd6d2ceb95c66968353ac4b1d13b3637e53ad284cac0eb09d546ed7229a48fd6987c9dcf1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
bb43c481aff6ca0dabcffe32f247d413

SHA1
a671e6c5bf56badabae84757db862e878c14d0f8

SHA256
0c0a13dce4b2510672efc9a1b68d7a4d86d0c6bf1052dee04f052c2445c9fe97

SHA512
64342f46a22cfa7bd72928f3b5ee2c310af792e79ae99ca00a1e39d8b37bfebd69ff3751be59699358641770a518a25188c6257c2eb5b2d6042db68ff72419a9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
2f8820644aead551d1827640b55c7ae8

SHA1
3cc58d9da12988d9cc78473f1001fffa233aed2a

SHA256
03820ea865ac52daf4e7048e344f88a4804632f2fa2ce3cf99fd0165a038cfb4

SHA512
6f99f3c9d282ec0e80e09ebaf08bc0f6ecdd93b34f07f1e62a2ab46bf5e3609efe541382e8ce65cce9cf369b670830eabae3fc46ffa47fa0f548b3140053888a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
893595374166913093323da602f704da

SHA1
163e73a6b21fe0e65384f8fedbc5bc738f10cf03

SHA256
f01b31f0926b5ebb52d9ae2a929717dbfe4f7cc2d62e153668e27cbfbc9a56f9

SHA512
0ec20a91c06ce9b54b413fce3991047dd298e6593cb4a866c2b5e217eac8b99bf57e158c6dbd10ef1e18b840c266610a6d8100cda94ac84d4da070f29d10f18f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
fb042410ef1ac8502d42a28d62cb0dc1

SHA1
ada63d5289561908591a80c02e36f9b4a5649f2c

SHA256
59aac938f89672e8f7f10a551c4f3238a9558e3a161c69667be2213aa1dae728

SHA512
b4a7d393351e44f51c58f994db691114157a0cc09ea069594cb974fdc4c8c09d1691bc51140328ade53d7a696c91cd3eda8be621b20941fe09556110e0d9b4f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
869b13a54d398caaab35f014cb4ab366

SHA1
42012e38cc4acfa16babe7bbe2f3af59c6350d37

SHA256
1ef343b14a0d53b27733e7567e59227065cbaeaf3585aa65171901023cac96d1

SHA512
9568568db5fceb1ad977053aba424e1a5b46542847516d92bc009790fb6db4b89f31ae6053392ba472ca653e4e6944cc18895d0dd5b3d5e9c524a14c7dc049ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
ad92e58aef99448724f93bb774a8a34c

SHA1
c30f44c3bb681c1e7a7b7a4f7080c86af5dda88f

SHA256
aa1cb720a2972921afb8d832197f2268d2621795e21c192cf11af010ea8b28bf

SHA512
5a7b9761c5a85e9385c9b944d69a91305d052d07d3db74cf297ed714cfefb971b8cac1e4035c0abca85ecc65e3295a5af0c97828a109542316ad9e18e2231802

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
c158712d4fe7ee6063381b1f378cafe0

SHA1
3a2eba692e7d63569f5422b403fd5074bb8089ca

SHA256
873473628c689ea278b60fe24d1de7788c379cb1cb6279b4c789deb9af095765

SHA512
037665e529888ded4aed7133023e84429e6594ee67d69ef5a8cd06e57a4be277da1c02f7131eae902eba2f8ae6311ea36ef624bce27229bb5ad09413cc080331

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
291194c499bac4d3f29b11b80e8f2e2b

SHA1
912e82d7e720908badeb275b9b40688d8b9377f9

SHA256
eb033d1e418c163edf045cbe751274519c14b254abe225534bba854b519cd992

SHA512
6b58bf7403ce22e99c811cd33b870d824248b9e05d577a6f74309449c3a50d3aafd6915728ad9bf796cc986764e6416223cb5df8ab9a314f2f5b58c941a7983f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
45bb129ff78e4b5380f96c8106f7cf3c

SHA1
e4a62f04922752b8d6e75a0583f674fd6b989310

SHA256
a9281dc1d5839bacf5cfc601d2b1067c5360b8632cceb6b70d059ac38a2f6eda

SHA512
2d717b994f7145224ad79dc58afe7d7f22e3bed96bd8fcae304a3c62ef47b709c18da317ec7c1e6eeed1ee7849a3cbc80f324570c04ddccc6b86b0276a30dac3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ecf71d9abc8ce7f9788f658736146881

SHA1
ba06547b5eeb910e1fc69086fa688b2fbdcd3c70

SHA256
4dffc90c3d76b50c37648dd65ba50ff49715c138785f2f93b3ca30e45a0f4eb0

SHA512
a00ed42c0b0b247ef04b10ecec60c2bca30830efeff46660b46fcd0f8265d830cf760db91c22f74d45d5ec48e3bb96e5ffb8a0638a88fc916f3b27c1b50555c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
4a23005ac0257b2091bff515fc91623a

SHA1
704deefa073b48e66068e0169da8c2f98779385f

SHA256
72cd5ea21e58e4ecb04e12530aea6e7e5e96f009fc06ddd6cc6ea6aa7cc0bb4a

SHA512
15d911a3702c9d0f6b1d557892bf587b5d6589236eb450a0031e9ccf3a0f4d212c3556db3a26c9da35693c80c0f5734bb9b31717765828fe5da8f9a2c330d7da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
6e106a2786adfca5a5f85405279d2fd0

SHA1
aff6642df31e25e7a8e5161325eee0b6b2485a9e

SHA256
f5231ade8508547d2c72b596946d406a6c43a5461e8c6dd9848d86e428a8a449

SHA512
537794848d84f2591de12a484f88ce841594dd27f2c11003d1a4f9147a3800aa93eacec7399abc5ae5d121691f22ed91621343f81d91587d0a815a0d77126b17

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
57eae7d4c55baab403519175b60b9f81

SHA1
dd7ed0bc41ab05f1168376b96c4cd130c1709728

SHA256
2ac738bdb692651b45aa9efbd56e7d55e038390e695353399ab0ed9513c93f39

SHA512
78ac1aca24886ba9786f9adf6c31d46b39fa48de6441c4f55996499413b4b965842375ab6ffb8f2a8344fbcd1a06ea0389a13b30f6cda63620a30900aa33ad00

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
2368b9cedba6dbab496386547f5324d0

SHA1
e3ba3c502c0971377ce024e06135a23bbf364368

SHA256
ca5edd9dd1d0151431bf9ce940ec03fb9ed9a40ba52fc529b37119404c1cb13f

SHA512
57d88b86eeb14e7e39e751483e24a73672963cc48cf4d8ad49b02f80174047f49ab81044e2c380fb44f2195b9cd2c3d8b29a8ad6c3d1798078d5b47050df0a76

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
11bc08802793c49c7d1abc4617b34ef1

SHA1
c904a73faf24d154b64f6c0ebbba3f4e84c61c6f

SHA256
567bd56fc8c37ac9e76dad25396bf1d510160a0dce27c5df99a0fc7ae1f9c5ff

SHA512
aada0c5de550308f02a3570ab52de31de3b5ea19fc2aba217196425f75c7379bf1c54ab6d8c39005297e4ccf6c503e2de7e2021ff9a7f5b8e79d85b5b61bba98

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
606fc87c6e8cecba85341e8ad4a5fd88

SHA1
6a8f2948d7c57c7195789b86fb8a3f74f7b0cdc0

SHA256
faf0feebf9b392072941014445e97c0338be52d02fa76aab0c3eea066d6426f8

SHA512
6116695b7bb5a37d6534c287451760f245d04ba4dcff76340bd7b19d042bd2fa5e1ab44c2824159898e3e8fc6410aa102f9d9d4f56d17858444ef532a7116973

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
268278742c21d529da291f6f20dd4677

SHA1
5c7fee053bfe585cfe57d5c013805eefab326926

SHA256
eb1b9e3828c3dc7d42dbd12b6289814b7d38f3e16ae06450c65df687b890f7ff

SHA512
43cbb0101ea69a003bb7e8bf2c863c12e49e5a436c738276778336d1b5f93d63be9d2315741f581a3334b35061c7dae1b979a3416f82ae2889773c0d9006f7f7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
b5007a100d7a83cfda1ba3022ddd2d8c

SHA1
77be4586255d1eb3d2dffe55c713efeac3583c15

SHA256
97534f4a25a4a2140fba826bb23ff5d7900ef554da4bb14598091fa030fef258

SHA512
7180d4b030c99fae41801e0d45082ec2650664976fb8e76f74174fb8a503f71f8556f18fe342e749095ce152ade76bce188d83e4350f29ad5968184efa932f41

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
360be9f21b32789b82898eb4e079d961

SHA1
478b76e45265078c28cfa5e86afd0a21ee7b5f60

SHA256
f5298671c7aeb41c75ed2ae40b3d375a7ad7c2ea0af555d917e16a844d591c67

SHA512
0680cf66056c778c3a34c7854608885149730dd824c96b34ed4b8e5266142305c8ed15404916852b95c24287a5f8ef62c3029e5146c5e432d60ad1d9d4f5d6cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
302065d1d987eadf6d5a6b003ddf2050

SHA1
8091749a4b402fdb77377490b8d7ee9d5072e774

SHA256
403f5be97e42a399d16d147cb1e741291b6faf940048e230f0c317d4b30f326e

SHA512
7e8c5c9061ba9c302128bd7d7b272e4712a818cae88212aa4e9a4cc3b109e83479351071470970aab97becfd5b8586b9ac5235afc8a36839a81223e91d993d45

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
082fb6176d4b0a11a068c70d6d0c98a2

SHA1
45889b71efeefb124aac61a5f48f56685f06ea9c

SHA256
04ca0294775d2905d0fa68c8ea306b987b531e2643ce56cb42bf8146a5f965b8

SHA512
dff6e565b381f0041ea0e30e09e09ed7afce1dc2ce2be99fa20549e2b366451976692ee502614e744642e0a73415c11041f6cabc9690d83361aaf91f511e562a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
571d5c9397069fd32638d4bde3396ba7

SHA1
7b85521b3fc934e3577216a8f82649d189ddff26

SHA256
58a3113d66a40a2775c150d4948b64b9eb4a6239df2dcf2e6ddf4e5bdfbf0258

SHA512
36719f0b70fb8b4913aee35bc6cd93e3fa408e3e9074e0f26e6cfd4fd429600a1f9f005ece33ce38eaa9f340004a9e4372619599f621569108097d550f32ebcb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
c100047b84911b111213714c2f2cbbee

SHA1
1bbf3631272e87eb4acac625be67b5bc0b43697c

SHA256
3a5984206bae021b3d2010e3e66f41e964ca43596d703c1125e7034f59008bc3

SHA512
c61455204183738b87fbfece3cad53b0aa0a7c9355609d190d4b037b65846fad229b7edbb043f2105756778525129a7fb87f73a6f41c1c691609c812fe61a649

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
5411bad0160c7046050b27ea58277672

SHA1
ae5bec22488c41640023356621197b37499cfdc1

SHA256
fe54b174fdd952a1cb8c38f5cca4704badf99ba19048a9f3339df925128d3701

SHA512
d8591252d3eb71d232db8adb4e7d7dd817bc9505dbd061cbb84f550a17662c8b0379dded07cc5e714c9346e107858efe14e392299c1b687c4bdebb43f84a7e71

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
ece95a8aa7061e2e7c04832a8195d2e7

SHA1
89bb28a3e34b07f4f38ef6dc9576226164e5dbd1

SHA256
d48d7db763c4145efafc9f19df24ffeabe2191205425ab2f0cfd400286251049

SHA512
d978407ffbfe7c975a9b91eb3ddc951d8c27db667cf188a50688d66a70ddd7a7e3816a88a85d1a05137566a7d26658f00239ae8c84ad973921978388cdc9b6e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
0ca99331f156d2447868f7133039234e

SHA1
37645df5f6436e7dbd02e6f52002267edc25e90e

SHA256
5b8b9baed249978359721d3340704662b682df4de5f58516e1783339d8cca7ef

SHA512
7ad0091e736914e2104c0bd5407f40cf7e1ca84fcac3644ebf4aa027927f3ff82be7b35653fb09b40653cf04b11d850cb9560b817c1ca929af10f96aa529c0fb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
b951703fe29bda5973cdf6caadb57da9

SHA1
338d0772329a3c7c2bafc42a2a83784c7c83df14

SHA256
309a5ea60de10d60ab0ea38747d626d783feddabc39d47e18a4f65832ceaaf09

SHA512
17e576d1277ad935ad5515f5976594af8ff8f393fea0c836877bb1f2768d4bf6870f460ac4e070a1e2f3119956ad2843e73cc182db54b528279a6592e3113251

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
25b17245f1aa9a02524258c13922443f

SHA1
111533b78c572d355f9fb9f2345a93d637daf52f

SHA256
ce22bb6fe63895fcc09d7dcc53f8043f78fb8f68681d3dd323ec9a3f6bb5e3bb

SHA512
6d72b68ca0d1efb0ad28727808fd6cfe3ae84ea89ce55c48ed9f9140d1cde68b4bcf370df82d5d96e5a68c29d75d797b6554cc9656ae7dc2303d788a2cc58ad9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

Filesize
77KB

MD5
27ea03fa482bc63695610eb5ec9f5779

SHA1
f4d90535e32467e592f5a85a162d84f944c58bec

SHA256
71b2c9d8c66c49f39fd6c80094dd34b05d77bee671fc757064792acabf7fb460

SHA512
d6cc16af5aaa94309398fb191fcfe3f2c12069b9dc3bc941a62797a205a35fe98947d792576d082c803961f75625f2ad1b5a7637dccdf0f6e5c1f5d396fae457

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

Filesize
47KB

MD5
4b007e026bded2ed344152568a6aa251

SHA1
11c7d7345a4e0fe822982ad3d164b66e68a4d2b3

SHA256
55803dbcf73761c7d86b7e55fe28a96228ca3946d8e3dde176f42e5b2a4e23c7

SHA512
730baba47004f50830efd0e7ada218d02534980d68f3c59ae4aee5b2b8aa5392f4acfb9b7b1c057397a9841fb6839ebf05af1fa22b26eff7a793d45cfd196c13

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

Filesize
63KB

MD5
6027a2b7224f9e151bbcfe7948f8cd5a

SHA1
d75990ff1700e6dd50af29d46c8d4710998674b4

SHA256
bdaaf95e310556182fa63b393a308c146954f42c06c19556eae955eb813b8ace

SHA512
d7cfaac81f6c1e49c4e53b4a9d9d2b6ce93a8a74ab196dcac8283e3effda7b295e4a2c9d030f0579717ce6662467c36463bc2bf6312189e7aa38b6c1adfba1c0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

Filesize
74KB

MD5
3ecbe6038ec8ecc7afb5b7559c675e04

SHA1
25dba67a9bf2af772649bbb05a0f0aaf8d0bb34d

SHA256
7f1be135602a062dce01ce19632858a819d938ad626aa70d170173bf4c6fcc53

SHA512
87b3b3f940ac749c720996be97574fc78ec4185210ca37a04f90a69173c1dc87f0bb5283ce301db4558c33a4e961e89f96fa05bf568bcf459a3381a062e1b625

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
a525275e89cb8f1f90b93f0c1f1a1ffc

SHA1
91ea71760aa597358c90c72b48dd1ed781fd3ff3

SHA256
24144109fe4ddeda2357c6bf380941589aa5ed5c94bc942406f533ffa2161c93

SHA512
b560de7b4aa4e05472af97a544fd2f23fba4d72e3c08013ad4ba3e0f039e228fd81d8383f82895c0dc207fba335176bbd23e8d68ecc8cd0bfe97da8b1f858646

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
60ab67f9b776a7684697067c292e9bb5

SHA1
ebbca44ec73c6d0d3c587b6600185e1f6d9622ee

SHA256
a90324434911cdd8beff915385c492c8cfb47288e5c9626d92aaeabfcff16d44

SHA512
44de40c5292f2e6c86318f9af2bd856d7af3e3c2432db0ac6a1a5556a0c8c761cae15ab2e2835863ebaa4e3cbaa1df614e6095c6f23550f9a6852123045bbeec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ca8ec462edad386f065c26f364f6a0aa

SHA1
1958bd22de7ecea713e1150b3dc4e19058259682

SHA256
383cf8b387e7a871428e76d4c165f60876ac666f95fd9549aa92ff2a19cc8b83

SHA512
712dacd6a7afdbea862b52c7373148d833e832f28038584fb7dca2f31d6b8fc3a6957aab9631e990fdfe32a4e7207673da03293ae25514c3aa1a7f94cc1b130f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
6db99d1df393d7a67084a2c0160d6a58

SHA1
5011f5f89b071e38387de32319c6eb805525893f

SHA256
07f998a69a0960902da083cabdbce52600086f259e979eca16ddf4feec19d8c7

SHA512
66909332b1154a2e8cf4056a49eadd4610e7a95ba890e698ca49be0f9857cf65730712751dc3ced4b196e354e96c83ddd2c2a56655239de2d52854d972218ba0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
9efc0acf68fda4ec5b17f6b5dd841e67

SHA1
d5f437a6fccdf937825b80acfd08d3f13191591b

SHA256
cf52101bfcd22a7e76872be349170826df267593ea84f87a2991e4fce337addf

SHA512
45dfbc7a3d3cbab9d22fe6a53c0d9bedcc0cdafdae96aad9a299b9e8a7e0de9364865bbeb4f8a175017a2126ba40d832f2c7f7729a8f048c2359fbc591df1ca8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
d5e366806b979e3a33e2e12ddab03035

SHA1
936edbfff215a13fc528d7f86f31997049a3a220

SHA256
c5319d529667a2ec89fe142b69827d4700729537e175ed185adb945936271db7

SHA512
9e53353117d90362cb04663d07a44f4824952f58a80a9215bbc761ae4a91091abfea070b533193fdebf5c519fb6d96c50c4091b721e783d8e789755384e71558

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5eaee4d83586101ca94cbd6db23419ca

SHA1
fd5653258c2c7932e3b21b43b62895d5e3726010

SHA256
66165c9f5673e46189a6ae110483ca1f2f8982256c38ec33a5586e7e76b66ab8

SHA512
37982a9f3d21abae069b0fc9d10f3f8ecefe7d46fa99659ca9de628fe394674731452e5edae487885a05e19123f7f15990a6a1a40127ea7acef114084ffa6e5a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
7f4512385e062b8f6169e308de3f2519

SHA1
c6d872111ec511176621d003624adb148788bbf0

SHA256
7e1ef2719b5ab8640221112697806607bddeb2c47cadba01b968c87294b23931

SHA512
3cd4e005e07a9f7a4d3204c60ff8d6d007bf6115baf91c6adf480eae8268336ded6256a743c039f6c631776f41d42f5652e82466e1c1ace1f955147f0fa0b59c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
d118f5558faebacdef6d4f6800a8d8f8

SHA1
c491a38354a52dc0d77ae50706aac7fb412e7470

SHA256
1bebaa6e3bba24569c14e3f3b3d88b35d7b4b51b261dbc73fbc3ea9125edbe52

SHA512
9549ceaf47ae3abde83c1db029e25033d8d94908b92fb4bb20e173c739f3bd41b02f324fbb3a7551b3e158e95849768ae946c57ce5259313a5f68c45fe90ab4a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c3a6cbc73d2959018d1c808273483d08

SHA1
f47f5efa301e88d9cd7137c1584dad94b9b721eb

SHA256
ad0ab299d5b9e06fa45a2d3430300374a51a92020af46390aa10374bdf6ff6f8

SHA512
5ab4333b3adbc3f56cbfdcf5e3013b4988727fd7194e2ecb944fd955b8097614ef41c904b83feaf701d3624842aa69fa78e66066e9872cdc652fcca7cfaee542

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
a3a2e8e4018769171634369adced8d53

SHA1
8542679abb36379dd4c99d54191c73306ba97ad0

SHA256
891a38ae41ef4309bb412cb344cf9615bb9eba558e20eb66e24fc3e3cf96477a

SHA512
339e3b054c7d00f3c8262a8e28b726f751ac37d90490c9891c79b34d5b9882953a7dbfb033317c8ad27239da4b160f2363b3aadae695877d708b7a1ac2c68924

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c1dd8ad38d7a1f4613520f069f0d0646

SHA1
74132395034ac3decc4fb06279135417769cbc8c

SHA256
230157fb1f1d8fbeaad9d76575a074fcc0dc6004a6bb4fbf065990ffabe52ce0

SHA512
061e9fd698a2ce38a2b74f9480f4c8c65147e4aea70f4bac75f74a0c3529c4319cb2e6469a37c1335eaee757d08b44501cdec9b674d99c316cfa7cbceb60dd8f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
cc570935f09863c5b030dc97480c530f

SHA1
8a723dbb7b77dcabd135e09dd6ac5a60535b02b1

SHA256
585af654ce19f1d03fd1086cbb74d095e5fe2a201a44ff3ec3ac1d35eb7c8945

SHA512
aaa326847fb77e37329f6d232dae8a7c97b61484296de6941a295111db650ca7dca6ce15ee0e802e731588e803fb1f3d7fe40183a83df701d9cf752246ab31ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
32491050dceb3e33a77722a372cbb8e0

SHA1
b31f4b75cb4076ea8ca4de7af2f705d406137210

SHA256
c8b12d34b12ed2206e24562e9d5e5eaf7db456baafb79dab5a299b23f8458df1

SHA512
cdcccb0bde6cf65ad40092edf33d687b5df808fd8a1272a46b913570b9ae2adada2434ca3f8db939b7d0bee44f7eb800c0495ebc33e62b1d39e448f7356d7f3c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
bb6fbdffae67128f0c4d1acd64e52f96

SHA1
4d2bc7aba05c36fd1df6baecd3ed4cd292743533

SHA256
4f4d45fb2da2953cc003a51b7a0ea5d439c7fe163f90a703c446c7a9b702ae26

SHA512
8300d6e9bc28d8e61b3cf01b13011f10a0d2dc59ecd05032a14aab42a29af1e61af6ae13856c69b395d9e8689ac01f67bfd1c8b3a0b1e5e25c4d88b64d589d23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
18d028b4888b6f6e9db8ee0f427854d7

SHA1
3748602bf75d436827e2176147e6ff08fb8f691d

SHA256
f4007d94f35fbc83e87bd2fa6f7dad1321e80db6dbbd0175abdeb530f56e68a7

SHA512
65155193b7d98183be24647d628ef9738cac380c988fab3cd775f89181dc5adff5fee1b1f6aa2fc43e5650f8e11b99e23c28e7382636307e361119aa871d773d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
21b2f81c7de3321ce7004af728d11a81

SHA1
cd7e72941fd5e7980e8c81fb8dcaad45b2b05581

SHA256
30a37cbe50c62b343f48af376084d51ad5f0f4a38bf0e21e8bb72d633a206fa2

SHA512
466a5be67281b38e9d779dd2f696ecb85618b000ee7f748cfe47ff630b7f9ef0d2a7c97581c4cc0c76e79e0ee640f684c26367aeace89836470c285de2a2a52e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e19461030bf2b8f5bb805b7431028e56

SHA1
d4645d105b9ef395d26b2e41cdec9af3279438c4

SHA256
e0cd484a0256cc274c15a855d967da47298a9f373851a82b77e0e966b3602b6d

SHA512
aa1d59368c1461f5c3cdb07565f8e7939e731b185ef5e540048901801e1e19b326a582b6ae3ca84d990f4f62bee2e4a7a7947135f966b0b2effc16cf569b8f80

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
eb84c814eed81f69ef49848d03420206

SHA1
45b76a995aaea76d9ba72fcdc8560b89a7b1a0dd

SHA256
d9fd61b1a3e5fc7f7d39a3b1bd6b5f8227d85b53786146f3960cbdf32dbb203c

SHA512
e3b5bee34e28b56e8581529865cd10747ea96e9be558dbab8136c0dcd1160b0ce2382ac51c1c09052536a969f1d03fa00a6bc7a91487cdd0f76d5e0b67260bdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
7f92eeaeab07437f434742ce0c4f2827

SHA1
8edc9fd784dcbb612856ed32a28ee49d77267a9a

SHA256
e9e7c651fba92b26a74573d452b2dd9e2115ed06c411499e04445fd86ade2eb1

SHA512
7a49ba34fee8b461cd2e8b554a38ae8cc1bf69f0b616676565d061ebdf0827bc5af89f53161996f05974322c7e7b2de86e4f589252c09eb0dc9415b162fcb78b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3b7e64065cc1094746d92a408b05dffa

SHA1
985e0b8f5ddaa56efeb989a2f8d70cf81a1b7609

SHA256
f533c7760611fc66630e5ce4681fe9b57579a63eda2a311fd74ac6fdf55d2081

SHA512
83109513ffb1b3444869925a509b63313347e28a0ace4cd10cd9a2e7523af242fab28858d0f8829ed30fd83b052f0ed18a74712f5ca6572960351a10594565d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
f3733ead2da8ec7307a0003dd673ba8d

SHA1
ffa41e5d1553ce39257a89f455c625b6bba6a297

SHA256
eefc312bc64df42e05af2d08d898ccc271223ab62035157078e590035b8b2bb8

SHA512
54233f26ac88839a35a2db7e91b0016eea9125df273e79b8675b1bc920ebfb08193e5ac91b023edd60e35e9662b8e68c45136fe374fdeb99ee831e45a9d15755

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
f8c2fe1f3790e6c4315a161d9584a40f

SHA1
8af7736687a097f48d822b1c3aec86e3387cf952

SHA256
604895a0926e85b43d1fac3af312ec0bc95270e45dce6acdb6c11fe0b924d476

SHA512
e5990a2af7b3f91e71a43da3ff000788b1fb01890e864d89f095a74c5bf6ca2cfbc91d2870e9c6c76d44aae8b1b07fafabe563c8961e3543abeb9adb266b9a0a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
f92a0acd570ed1d32e21a5343d5e87e4

SHA1
9b7c07400704de55d5d5cd7b5084bbfde2c8f316

SHA256
536144ae29d4f9fbf894a3b9c76e12fc105e09370a94d8d972b423e6c0f33c6e

SHA512
779bb45e71865efa4dbe08b239a5ed13b9451ba496ec6f673c16d14cb8034f499e6d24c8effdcef892ee72aff5712fb372866a7146a8d434422d0c6ddc678e8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
0d2b5cf53272ceeed193e7c93b4afabd

SHA1
1ae4a307f5aa6e37a23e6aefdbd0f96b11379860

SHA256
b84a881e3bd7a3afea8f2fb84b0becaea421339a99bb3e92d3d9f05d60d30944

SHA512
b834599d7b0d5f9c739587ea2e836ca50bbf0cd40b08dc398e68147ccaf642cf5215c11755e27aa3d28f100db68c58e6c018631ef4e4796d9c9b1211521372b6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
bf49a7156215fcf317e7e852c3cb89b0

SHA1
15a3b4f7b87bd5a9cedc8c2d1d9dae55994aee3c

SHA256
aa635b514967ad50dbed6217e4d7a384acfabf7a39a425bfd38d140ca526785c

SHA512
2a472cad7136dc5e372b32d6d7b77f96a6dc4f960d68e6c2b0e2599f53a2278e525a0668d0ad2780531ad3d06af70a796347f0ea1c4f797f1587bcb4bb1b0354

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
9323151503ffa5c8ad122c6de0393e54

SHA1
b95f57c6f0429232df39ad01f46287c431fc7f08

SHA256
840c7a1f11b43dbc04bceafe9bdd747bb833e064a5d74804bf24d2d426abada6

SHA512
6c289e001f7b75e8de87cf1e8e4a5229984a9d6208a37d43d80ca25d80fb40590d2cf5e02924d9e8162ed070e7bfa8718b671485896cf448ecd85d5cf97316fd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
e0ae916d8725c920f936bc47f6b3ba8f

SHA1
6e3821cd9f3b3f914e0db17ff49fed57764b8ec2

SHA256
29990a64de3760bddf9db385564fa55b0f99f10a74fbc21febc9480c0f68d5b1

SHA512
f6e063a9293f5546fbaabb0523e9419f37add922f064f2696ffa6cff463109e8265a965d561577240a3f7de7460425ef580b700f77b672615a6388f93e4310b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
47be01893ddc8b8d7994255f5ac9e7d4

SHA1
fb3f8537f7f6dd3a5ac41e9266156d834df52543

SHA256
a5859dd8acb3d3b0d98b698205221dcea0e0b8e93f46a9ed7d386d02f3c5e210

SHA512
fd083cc8a8d6b99c0489446f08d7a533376c05204333ca3325551d56a79bdf45f33d46f144ebb6d544ee578342785cbe80197fc360bcc509bda02f4d07e4566b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
334ccf8950443619458fd4fe9c4a996e

SHA1
4e2fc7268eb440cc90be88bc1c6cb64611283245

SHA256
f47938c28dc0824f3e6994e24cb9d56e5fc12c0b75ce39d24dd99ca149cd2e5b

SHA512
fe916bc1be596924233ea300c273ba11600d1a5e2dfa96cbdfde341ca1a07c212097b64e4c5bfbc986be16fb68cfa2c7414eb2171439aedd037a131b8f7c487c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
ebb39518fdfbe31a8139ad88999d1a6a

SHA1
f7ca2fbcaafccc4d863fe112a7e73ca505892fa9

SHA256
b0fbbce230d40e4476ed1d59b288f88c189c4dcfa07287a67590dc7ab5039900

SHA512
885a995c6a64f65122145999bee4e3a8dedbef6e954b5535c024d54c77e1e0ad5441b41f7728543c428acfe9ec5cefa53187613366ff1d0e6d3a6f8b07d9477c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
823b0ba905697ba3c9b57d863b37debc

SHA1
b8f41d160e0ef7f5138eccfc0c448527db49e03c

SHA256
65c01e8e1fe306fb7d8a828f710f084acb5706290d061b2bd7b186db7aca7eed

SHA512
6ae173a41a00f72658d3289f805b155ac510db68a61916260c1fddb3b43ab0281653ac12d3fe298087bc862b7f02f93ae0235f82beadc18e21d860b0f0bbdca7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
51226f9d11e97ff52e56703ac6500bba

SHA1
09d996416e31bb1fa1682c95f4de9a0376295755

SHA256
00156a9c0ac7d76f59e33964a4d4957158f6f13975bd5fec9d0fb87b4ab50a7a

SHA512
fc0c32d8c212eccdbb0330b5d83e06caef3632ad1044acc6f16547a3db1a14631047900497e93aec0afc76b7068fd1a5315a43101940a139981a1f2000db5d4b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
ffec32174a95c05251fcdc51f5224c97

SHA1
896bd699a496698764489485582b6a348817be08

SHA256
80a1a9fb26e952cd656135357556a08883e4e2d5664a8fefe913765a66229244

SHA512
47025faf5ba8132d68856982ef1d0458578305079fb9d022032d378112053c559bb270333da58b4c36b1e87e1ab1ec75136a55ae6e09fe62280ea5dd596eb069

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
78a8a00c50b5529028bb9591766b945d

SHA1
e31a84927553c36c7d9ce07e0ab52e137efab271

SHA256
b5e6ddde4d0dc7daf41c740df69cc85393f3684b942814e05a523d3b8904ac16

SHA512
e34617d7103f9ac0c88c477b96e1f7251a0110f3fb4762288ba309ae90b0a4baa67d5bdfd28c5bf029af1d034e572ce66fcfc356155d479ac1aef6c76292613f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
ecae7ef9c1a86ac263f874d298fffd0a

SHA1
92b45a2cf24a644f956c9146625e7831a305a8e0

SHA256
150f4f2594fdc647967d3074320602e33ab657596cbec83ccdf69c027b81b3a0

SHA512
f022311742ec80ff23298c283af3303e726ee3d4f4780487531d468f808cbf74ba94401091792c82ea2c29a505a8131e3e4a0e648a4cb81d50d4f54bd728201a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
fa05b645ca36cdf53c67c1e51f8ea57a

SHA1
02209f69f214c066dd2d05df76490b99a8ac997a

SHA256
bd791f10df40c528446485f6da5b344c6202f6801229bc16e3ba7596f2289f03

SHA512
c50cbf8f807a5faac8c190e27ef5bd0b2211a63e77452c0b305c083f942cd5990db2931c4671b903fc1b036a7c159690a8a9183d2bd54b0f2c456bdb54b74d3c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5d37d31b3c69d9ad556cf4207ef2567b

SHA1
d41f60fe6e11ba7f1b262f98f6f42df49ecac36d

SHA256
b02d2e41fdca15bc5de1dc9be7da3fd013958a122f38a71b71b9ff28374e53d5

SHA512
066d96f5fb1697364e281c56fcee5fbe8aab5932462993f5e8719fe3468d9a7239ada1c8955b4d6747774e17cb6109d667c66314c7a8acceb683ca66c9a5b33c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
bfabfa2599edfe8f0bf3d533d996dd39

SHA1
2bacbaffddfb6730f71b2c30fc3356c8188e1d92

SHA256
06ffc43c18ec8429767117416868dd20e16df07a39b60a059a416442743638d2

SHA512
98274341f863c29b88813fd5ec15032881c431d2b7bd1040968e0c54b101f1947dd937ea05746f299593c1cf37b440c948be95658a7b3fd0c3ab74ce194a2f69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
e1d4d8e2a9313a4c4556e24087df1121

SHA1
8d36e74b78afb936ad67aae62c1f933121d3918a

SHA256
a05d33621b75fd7d4667cc02b9c0d8b86abd4823b14ae29ba2151200e2a09012

SHA512
45f4ad7e64acb110fafb76ac6294ef92230bb4c7a56b508e614d51783cb24de6cf78400e8bdb5bb691515abbda82e911e69c1ba09d21706a48609875ad85ec98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
0406a86fedfcb73569aaa3bb4b197d5b

SHA1
70d0b7c1919bbfe7b7b91c1d6308a4b01c7873f7

SHA256
3a247a8f0cd3646e3fd7146a0ee019c2d2048aa7977469449736475dd60da6b5

SHA512
cc732a0961120d674bed0c37471790b94453f9ca0791e7fd3b512fe58ad56aa59e76862ad77dddfcef41b4dc3c74e50cf1f2eccf0ecaf8c4c04ccb78aacbbc11

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
7390c0630e70d2160ec66a7eaf19a285

SHA1
5c0705311bb201f3e93740365f4069cf4df91b55

SHA256
36bf78fad37a4e6c82f9d965f17095286c27a84fd9bb214d792f30cd28411dd5

SHA512
89605bbd5b388ffed9c729cc88acf6b826fee2df861bac71ae346f111c8114ac61d8de2e7f59e1b23db67cbfd330551dfebe5a2a1ea97f5cd88bcde467d43b11

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
ea6bfaf5ac52c762bdd5ce7e2c93115b

SHA1
7cd31b0226a81964e620375bd8961be1f1a5879a

SHA256
182a942e2ecb7aec501f6174704e437ddb0c2d6f947199521418a70223b41d91

SHA512
28a41abd5f0e74a081a74afd4e36960bf2acf28eca9e6f7230279de8d88054262acc5072159c73bc2ce2a2f52599011be4218061c02b984cbbd3474843060035

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2fa505216ef60b51fc500f12e566baaf

SHA1
aaa1916a8aa515996d6d7ea684f134cbac25b93a

SHA256
6d41a5be1171266f0de0016aeec537dc1aae31c165a435539b5250e73dcd1b48

SHA512
286b1b23e884dfc2fb75af3aa4b3c4513e1deeb5e21957189b669e04255aee0114c1bb5dcd86d3ac8c248414e24bdb9d196657c410e25074740fd8852bd81437

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
c5ff1d7d3779c84a6da3c39da71b494e

SHA1
9949566e272fa60379de92e0d1c8b086d034cb42

SHA256
12341ff33e9549faf9507c2dbc4f837a5f1507bf9e7590219d76bb07e53cc011

SHA512
a42d8f91bdf7b131ebbc16d777c27b457b2b3f36c24fd51d05e1c791706a26bdb85bbe78be771e71e13d1efa1a62eee1a0daa914252f43b0c6bb703615ac803e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c6b6420f3320f6606da263b3bafc9fea

SHA1
7af2b352fb605bd5b7fabc0a353f32d1ba2ef30f

SHA256
46d09d13749027de380c1647c5b070115ba72f6a113e9c103e3f4f2294814a8e

SHA512
b5816d847194a4f911f6fed2f35623661dc8991f8621d8a0aeeacb153fa01da455824c6781f00ae903b4aed2541d89d430d986410511252e2f03beccaa7d1f80

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
23d49a360fd899b05751d676cba11dfb

SHA1
c4f2c1a08c2322fd9489c44240aeaa7c51c33222

SHA256
203248ad2bd4fc678376d51c5ccb82e9d7c8e3f4fe5a95eab5f6c96e39c55983

SHA512
8531feb9027bec9b2873768ed728f6a634268eebfbacf3d3e99b749f79dbf4f636d8c4ad8b1a96b5e2ca6de24b59bd3e3c36ac36d9c9c74e7d7ef135a29f0f00

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
ea33eb69a7c0e434054b097e7e4749cb

SHA1
4bccd25d5aaaaed16a0300825321400b6e89d6e7

SHA256
db2adc732c9a2d7fb142c84f8cd3ebc3f091c2f6159606d4ee31ab77186b486f

SHA512
e6e6161f8fc8eff5b80cf6068950a5c22ceec6ff739c27ede71c36c8b1d143aad592a93461c3e3130caeefbf4cd82b730d84193afb49313bb51e0ebc0b8b433d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
36e69316cd3b3e880a43766b1030331f

SHA1
8c3e057ff44044b354c1f32cb581472d9fd41763

SHA256
608a96bf3296910aa875f205fe316f767c6fab129eec4d374ee2f07e3e479a9b

SHA512
13e6cc0bc4840a06c44fe448e576a1d4bec17e8ab3f9d14342411e491b5672b0bf3546cee7c27eef099a5016798a62ca54e61e5c15f8eaf7fecfac80078c725a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
b7f25cc5d33c57d8a5c3d532cca5fe92

SHA1
d595c7ba8aca34eb441f88c287ac1658ec92d073

SHA256
dd3d66089276b16f9892448b3a92650bf02a791c58d525b9b14f9e5204cc4b49

SHA512
2d02786c9c1dda227821d3f5bf8c0aaad21abe8ad150e09a99cc9248493daf99adc53fc93a4a39dd5e3075d54237f99131aea4bc25a5a8f138f47761a4b6177a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
7ff13c0f08c8896dbcd323ebeff5610a

SHA1
3d6d483d9de45cea22ff0c13fd35ac83443aaac9

SHA256
4c2175d011ec4cbf6826ff61abb91bca19c72114e85ec031a75889c0382a725b

SHA512
0bc3a006128dcbc426af44f20fc0dacd84d5624bc11aa4aabe45af5767885fa127b54520d01f0f047beec236ef67aa2f6966bae853b22ea97f9f9298527f6fd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
7764fb3cd0b770bf069680422a730d81

SHA1
704599c43ee14131e702410425a25ad8fcfe0c8e

SHA256
3184ebe0fda0c65b05b77de0b1734ff449f716a5767f38c654b07e60cac01c7a

SHA512
058237c3a40f09d1a69d5f4a85370b6e12968d7050e57c6ac9b60ea94a602c03cc7875230d8790b0d196627d5dc1a4add9657ecdffdc8f7a347efb24d0dcde54

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e61ad8fdedc5a70e593e63088c9b52cb

SHA1
d562037b44e6b2d7c1b1f88ad2a332c3b740d3fa

SHA256
e48916e6cb2b238bd081bb841a72bdc62375b6a15b7a182574cdc3c7f73410a7

SHA512
4f852d8a2b724659efcd6f97c76da0c9efccbf25d8fd6f317547c0e1959a9e4565c0707fe1ef8fb9f238564b36b77850be5e1bfd1b2d44dc4e4b990139938f3d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
5248c2c7ca8667d527a9ab9fdb6ed36b

SHA1
464c4e615b45bc3fe2cfc79bcacf4434299e5bc3

SHA256
53c7893646e8bad6947a46d6e7e6412e8f72f7eacbb1abdbcd8b3b73db6deb1c

SHA512
4de760e9c4e55198c003de0d32a273c7069e25c45b0a77042e62e99adc6c302d75793b723fa6a5349b33c7766f6756eae8746aa8812d90838e0331a1c134e4b4

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
77718655ca116bd9374aa124df4289b8

SHA1
dbddf5b36910d4430710f4b7aa49703077a74352

SHA256
cf9af1255cf77ef780d5c5f2ba25b2d54ca17f462773d246c1c2b42055a43f3b

SHA512
40323660c3cbcbc0482687cc4f8378ca3ce86b10efbb7a144d1cdbe4b31b1133ff3ad05e626636ac86b009ad6ba665ce8a2ee25553e6b7986110a99ea69f7d0f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
68eabdfefc76721953e07ab2af95c80e

SHA1
cbacdce119f890f58b316ec418b7b7a088806934

SHA256
e7635242a3302462065702e3c757e70d3bb32b3fd2e3e40e7dbf3fa38d4ef395

SHA512
1da19e016c0a5aa7d357a0af3177e53dc7d4812f0acedbc061824074b79dd5406bd4e09041a4a74fccde778a3c38007fae38411eae6479b27403b428a85e36db

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
2e61b0a1dbfa515b2560489089ec0927

SHA1
2e6fd30a26e66be98d84b7a107b625d170ce0cdb

SHA256
a2d9e5ec6d8aa07f8064beae9105e554f86b4a412982868c296db98296091bba

SHA512
3fa96adcb4676fd0944924a322d13fe77289df9e4dbe3852dedfef9b5318f084cbbb6bef4c9bb5488906a0cc95acb3acd91fb7bde6ea13cfe685029a0dfdcb15

Download Submit
memory/3056-10510-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-10967-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-6208-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-0-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-11300-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-11301-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-6209-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3056-11306-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download