xorist | c9718b8354f67e040917ac8519dc2f286d53889e6ed7f513cc71e468a3bb3492

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

300.exe
Size

21KB
MD5

0dcdb939e8524ce89fdfb91a2e675e93
SHA1

a68934aed2b0a430dab8f7ef3a960218faebe583
SHA256

b7aefaf5b83cb8ad0dcb2a5b88d727e1375f54239c009a921a40145952d35573
SHA512

92626161d11c09c8b1fd97fd0ac5185ba981f75ea09b5f205fefbb00e3127ec14d47d28ec3da5f471005ce676cb78ce263e1ad16fc994749a8fb02587665daf1
SSDEEP

384:R4oZDeeumrKCZ1swbbVC2aJ2mO1yq314ZBfprXo0uLpRgMcBi8e/tmBciGN:R9Qe1sIbwOIq3GprXoTLpMeFIctN

Score

10^/10

xorist discovery persistence ransomware spyware stealer

Malware Config

Signatures

Detected Xorist Ransomware 12 IoCs

Processes:

resource	yara_rule
behavioral4/memory/1764-4-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-6-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-3-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-9-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-5667-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-5692-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-9971-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-10949-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-11266-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-11283-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-11288-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist
behavioral4/memory/1764-11289-0x0000000000400000-0x0000000000409000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2194) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

300.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe

Drops startup file 1 IoCs

Processes:

300.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

300.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XF990lmKs5g9Qn0.exe"	300.exe

Drops file in System32 directory 64 IoCs

Processes:

300.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_dot4.inf_amd64_55905bb33692cd84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sbp2.inf_amd64_1d08bca921956372\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxchipidea.inf_amd64_1c78775fffab6a0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rhproxy.inf_amd64_7d28259fbc48ab7d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\F12\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsreplication.inf_amd64_cadbd20a667cf903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpmvsc.inf_amd64_9b03a5f041e8d2b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmscli.inf_amd64_b39ea5f4658998de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls	300.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_ddaa09c6103bc6ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\pmem.inf_amd64_acec109593aed940\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	300.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_e1022e6b4f7ab56d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\SysWOW64\AdvancedInstallers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardfilter.inf_amd64_3573afe136371e51\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_8b49cb79b258e1ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

300.exe

description pid process target process

PID 2044 set thread context of 1764 2044 300.exe 300.exe

description	pid	process	target process
PID 2044 set thread context of 1764	2044	300.exe	300.exe

Drops file in Program Files directory 64 IoCs

Processes:

300.exe

description	ioc	process
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-336.png	300.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECHO\PREVIEW.GIF	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\191.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-24_altform-unplated.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-150.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-white_scale-100.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\index.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-200_contrast-black.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_contrast-black.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files (x86)\Windows Portable Devices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-to-phone-tiny.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1113_20x20x32.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg7.jpg	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-400.png	300.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\CottonCandy.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png	300.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-150.png	300.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreBadgeLogo.scale-200.png	300.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-up-pressed.gif	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\LargeTile.scale-125.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-125.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.scale-200.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-400.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-80.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-16_altform-unplated.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-lightunplated.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-200.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-64.png	300.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.scale-200.png	300.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-96_altform-unplated_contrast-black.png	300.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSplashScreen.contrast-black_scale-200.png	300.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-125_contrast-white.png	300.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	300.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png	300.exe

Drops file in Windows directory 64 IoCs

Processes:

300.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-exfat_31bf3856ad364e35_10.0.19041.1288_none_ca2e859dce5b4f6d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_dual_uicciso.inf_31bf3856ad364e35_10.0.19041.1_none_3532eadd794ad5ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-150.png	300.exe
File created	C:\Windows\WinSxS\amd64_net8187bv64.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_310cc237b2b8eddd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Assets\PasswordExpiry.contrast-black_scale-125.png	300.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tasklist.resources_31bf3856ad364e35_10.0.19041.1_es-es_809e02e807a36e1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_ehstortcgdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_b9c8a7382faab648\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.1288_none_4cc02c3b6c5e5630\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-r..onmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_90e56f27c9dd7f49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.19041.1_de-de_83b59cb41949fd21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\msil_microsoft.windows.d..telemetry.resources_31bf3856ad364e35_10.0.19041.1_es-es_a4da0957b53b1598\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00010445_31bf3856ad364e35_10.0.19041.1_none_4217376ff502d5de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-eventlog.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_516a0a55e3c827ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1_none_7862ca1f7379fdcf\SplashScreen.scale-100.png	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_10.0.19041.844_none_ce50ec6f0bab73ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..kcontrols.resources_31bf3856ad364e35_10.0.19041.1_en-us_0d940bcb0cef2392\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\StoreLogo.scale-200.png	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..wslconfig.resources_31bf3856ad364e35_10.0.19041.1_de-de_81c3b41b0784fcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..cess-poom.resources_31bf3856ad364e35_10.0.19041.1_es-es_39cdfa8478403f14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-core_31bf3856ad364e35_10.0.19041.84_none_100185bde62a04db\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6a89d717951e98d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-analogshell_31bf3856ad364e35_10.0.19041.1266_none_e92a868d7f810ff7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\Assets\SplashScreen.scale-200.png	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ement-wmi.resources_31bf3856ad364e35_10.0.19041.1_en-us_f528f5271a5c4053\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_ab15c263acf06c6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_system.windows_b03f5f7f11d50a3a_4.0.15805.0_none_7c947c10df2bb025\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..c-runtime.resources_31bf3856ad364e35_10.0.19041.1_de-de_06d4a365fe667601\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-ole.resources_31bf3856ad364e35_10.0.19041.1_de-de_f156cdb5d3773d29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ocsetupapi_31bf3856ad364e35_10.0.19041.1151_none_30ebf4ad4cbe1a7c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_dual_c_memory.inf_31bf3856ad364e35_10.0.19041.1_none_60499d30bedf2ec4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_80ead5d8fc3290b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-comdlg32_31bf3856ad364e35_10.0.19041.906_none_9e2a4a3c38b724ef\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-white_scale-400.png	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nwifi.resources_31bf3856ad364e35_10.0.19041.1202_en-us_86d6239ab7fe61ed\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ndu.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee4ab56d4619b61b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..nagement.activities_31bf3856ad364e35_10.0.19041.1_none_35682663930abef6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\diagnostics\system\WindowsUpdate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fcounters.resources_31bf3856ad364e35_10.0.19041.1_es-es_55e87043a94acfa3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.1_none_cbb8b5ac44e86ec9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..k-service.resources_31bf3856ad364e35_10.0.19041.423_en-us_0bf111f09dcb1e87\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_wwf-system.workflow.runtime_31bf3856ad364e35_10.0.19200.101_none_90d2e46e68293ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..component.resources_31bf3856ad364e35_10.0.19041.1_en-us_ed536ce9110a85e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.19041.1_none_e8b8012dee3ba92e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..brary-mof.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_06a5e5f6c9306486\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-branding.resources_31bf3856ad364e35_10.0.19041.1_it-it_f8e91bb272e76f87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_zh-tw_a566087bd822eb2a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Transactions.Resources\2.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sensordataservice_31bf3856ad364e35_10.0.19041.746_none_dbfd31e3890afb72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..peeradmin.resources_31bf3856ad364e35_10.0.19041.1_en-us_cb9a0c348cde5e8e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-syncproviders_31bf3856ad364e35_10.0.19041.746_none_833e536e8d7274c4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Splashscreen.scale-150.png	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-networkhelper_31bf3856ad364e35_10.0.19041.1_none_716aa238883e95cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\unknownprotocol.htm	300.exe
File created	C:\Windows\WinSxS\wow64_windows-storage-compression-winrt_31bf3856ad364e35_10.0.19041.746_none_ca8ed320fd9e7c56\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-userenv_31bf3856ad364e35_10.0.19041.572_none_7869ead9de8ed48b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\x86_netfx35linq-arrowheadsubsetlist_v35_31bf3856ad364e35_10.0.19041.1_none_25cf62ee1d7345e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_da-dk_3cec3f9a5f74655d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp.resources_31bf3856ad364e35_10.0.19041.1_de-de_a9c82e9ce75a1605\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.19041.264_none_64b3f487e354744d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_system.deployment.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_579c9a6c3996fbd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..owershell.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_eef074ac29a8ba88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid.resources_31bf3856ad364e35_10.0.19041.1_en-us_447494df1222bcd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	300.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobeerror-main.html	300.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2492 2044 WerFault.exe 300.exe
2556 2044 WerFault.exe 300.exe

pid	pid_target	process	target process
2492	2044	WerFault.exe	300.exe
2556	2044	WerFault.exe	300.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

300.exe300.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	300.exe

Modifies registry class 10 IoCs

Processes:

300.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\ = "CRYPTED!"	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\DefaultIcon	300.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XF990lmKs5g9Qn0.exe,0"	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\shell\open	300.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XF990lmKs5g9Qn0.exe"	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	300.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IYOIMLDLAUEQYQT"	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\shell\open\command	300.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IYOIMLDLAUEQYQT\shell	300.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

300.exe

description	pid	process	target process
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe
PID 2044 wrote to memory of 1764	2044	300.exe	300.exe

C:\Users\Admin\AppData\Local\Temp\300.exe
"C:\Users\Admin\AppData\Local\Temp\300.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 300
  2⤵
  - Program crash
  PID:2492
- C:\Users\Admin\AppData\Local\Temp\300.exe
  "C:\Users\Admin\AppData\Local\Temp\300.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1764
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 156
  2⤵
  - Program crash
  PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2044 -ip 2044
1⤵
PID:988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2044 -ip 2044
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
bfd6d2787cc7db651a542b8d939bd3e4

SHA1
4c0c838c1ce3a3a5dbb42d2f9a1e2698c26789a1

SHA256
0aa5de159c0e58d4efd8acbcadca1d95e7d1b54d5ca95b6b506497cbab46061b

SHA512
189249fda32f2e1695fd81749512c8f2bbaea6e46062f97e5528da5884aa3d0992947607679ae477849c5ea9d9ef81971e13f6f5000d4069487d06b8f0ffd985

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
54b5c8de94268a58521dff33eb421c6a

SHA1
0e45618dad4960e9e6e487fcb609e786ca56d2ef

SHA256
916110f5e20929d75d69d5314fa157a02c9916a9831adda342b7d9a6e83b8a44

SHA512
926086da9cbd389ad702f4c83c1417a19838618a3a2d7073d730dbad14d3804189f5145ec2cf14e36de0c70f5820373fc63970a09171a4fded65ce964bef9b47

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
186ff2d9417a9b5e093e6d462de94f1c

SHA1
020296b44b35f91e4065e8d43d15f5294ef55de7

SHA256
be785d30aa87b354ec46368241e311eda475c0975a96e5388e695e1141b79324

SHA512
d023a513040503589afe1b9f8558f2f0fcd5de1fb2ef61dda850e71dd15dcd009e93afe7992ad8678a8df79136f8f99487d3ad5894d7da0cadc591b6a9a0f2e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
f563d5ab972574b6363f54d303cf3fef

SHA1
b7580a154c1a033baa7937b252c32f676fbe33a1

SHA256
6d43f0697c8d67f5601ea9ca6c8b6b8f5ad5f380db9e023acaf990c09b758163

SHA512
d24d7ad73992732b8f10e9b4efbfff4a9b4498528de507cfc1ef0596f7fc4e672bdcf56a314979c20648eb9e319c8eb3309718e6b90257dc36ea800326ca10c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
bfd4fd2e7b32d14b5448fad89511f955

SHA1
6ca04a90dce065fe227e546b5139e15b749fca36

SHA256
472137918e5f25805244c2fbc082eb47a5ac00d3427da7c25fd87d5a9a8c7fa9

SHA512
d2950a702c8b8acc1b52144300ace2ded7e0d2374665811797c319ddfc0c98f943428020618e25f57aa3508ccce33e658564381bb64a2327a567ee6182e6ae68

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
fdb170ee319331ea2c6777b769f09388

SHA1
1c7c096ee16c9cd99d994067057871fa09f20e3e

SHA256
dbb25d148c2308c19404398c9b06b8ceaef8f912f9c80eae3896faec47ed8486

SHA512
6af4c101bf78a868cd45e13373548316ce028c62e775d4ab1e90518dd344eb0e3bc01accfaddbbfd76e0cc92f9df435e8da787ee368dddf7ccbe51c95e899717

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
6c7f3e963098d1a080f8c9f9fc142c81

SHA1
6f8f94d971774852d641e747ad96b87d1b90026f

SHA256
8c699450b744e88649f49947219e875f86bd858ba74314883574579c3dce5e3a

SHA512
95e066d0af1794f0e2a8556d9f8873d55542db4a8ded8f5a1c25822f580f7a7bd93932e35a41bc87eecbf18fa5177faa2741347a5013a4a92b99a4a92d6e7b09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
319754be7713054453ffb8171b01c156

SHA1
d3dba12b73ef9a32ad8b3b92a2aee2c771d7f0c6

SHA256
00dd42b93f240e9b21b07ff9fe8a0f6229580693c2e4bb565498bb36a08ad7a4

SHA512
5b54b9ebf58cb8449a97506d1dc0e39cd5288ab61cb3daa872052c1b8e6c318eaadefb24fe72d26902378a5b6b8fe89bb05b62eb13c8a1ded974c5b932fb424d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2c372a37f216a9437a6462e681f06d50

SHA1
827314a862f149c9bd6b6581b676cb723af06dfc

SHA256
65de8e0e4d1973b6304614bdb40ed2efa0a9fc1f72dc7dc0cbd72af9b9ef8d97

SHA512
b65b4c4eac04689873daf86e257df2909f67d2b8be8ca3350079e3957b81650020445dece0e66b926ab73d68e458d6e9b824021d351aced0a6438fc770c9b284

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
7279d7b0b2f3e9b9b63c63a6e5b76479

SHA1
8127af74d5aa6943a910c7899c13425c9a746994

SHA256
cc0fea0603ada73e2124d0a9eae87795fba83215068dd379860201069f6a4d9e

SHA512
6a03009b5b7e7ac8e32d52879ade784ccc48cb73f9f8990e8b348e86a6b5cdbc3b629eb70e4e1b79f1e0b55999a016880413e290fb2454457c424b10652196ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
e58c908807757d284ea657980556cba6

SHA1
5856a02c5d9902025ee391128b4a5fb84fc33a71

SHA256
e836f07eaa3b9a13d4c4eb8213a558785c1dbdb9d0e94b8cc86237ddc09d59f6

SHA512
1b08a792dd796191aba7e6a2b191fc45b7598a4e75c6e32c0e5cb16d687225b210b0e17ad960b4ce23f8852847f2894aecf0e19afee292ed3c57fb4f47fb5095

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ab24bf0ad379d47241397a78c56a4862

SHA1
feb9a53b2aebd862e63915943c87946e0c0e6924

SHA256
66a3671c01caf49513c580037e2a64fa93c0616c75b5ccfa7b2a803c857d0c10

SHA512
bdac66260c05fb35d6e8c84befd2c9f9703f4d227c42c265cea51843cb8543349ac448c5b8780f037d2b6833ffeec79378f0d3bdb01769e4511a1660e0104ba4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
38843dc167a2c6c5fc688bcefb1fbf23

SHA1
4271b7ef817af23d5565194e68cbcee0efe715ab

SHA256
55a334752a31cda895b6e9792f64f4d2f5395b6af44bd952045563de0e7b9e19

SHA512
4f1fe3dd4bebba1a98da7e1ab30360334d6d8a5338bf85be63597abae002b855b0a160b228c81db6ed662d3fd0caaeffa4a4e072772517891fee1d4076c84cb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
9ceff5d21f8363e90fbc82a593029831

SHA1
9e69cc55fb4623242e62072a35cd99d545192750

SHA256
1adf5b04467a98d7c75ac4851dcb66467ce16b3388b30be727fbf7fbdef20de4

SHA512
2aa3cfa99ddf03366a86d4bc9384aa538a7721128705d56e409f02d48f90af9236ea7e725bd868df9d082927694373886929ba7f3052ead8d5a4c39cfa9f4e17

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
5bb16fa3d9603de7ae7baed2971329d7

SHA1
15de63fe8a9bed3449114ebed447fa85ac0654dd

SHA256
3bc7196e2a83fd34adf3bb5e700fb850faeffe228e08f9d7b70e054deb657e71

SHA512
87e53797cc244c3c8f02c59110e5798dc9174c854620b9ced805a4d4ab7fa0b1a822f5f8525ed37a2f7c1d8a2b4ec4aacc063971ef3c89f1210e5b455cd3fd93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
682ecf57ee96205718bacdcf5e6c3793

SHA1
bb5037f605f7b264bc59d337a53aa197e6446aef

SHA256
9dca6bba3db46c0205b3cce0bf15e6e649d33c61d8f77fc9c7db5ca583e57f47

SHA512
63879e3759b7494dca1fc22f570b0afd2da66dee4718bb473234a5457d0b0c13e5d4d664fbd4e8413375496cc6bdd5e48566015bdd0962df9d9698f5a5e967e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
bdd854e451e7397addeeb88666f7f7ca

SHA1
c7bed8b1c28fdf81e38a82b413a1730fe34366d4

SHA256
bc30711077f1b2319aa496d78e777ff4351062b7f7b37bfdf521fc1d716d012a

SHA512
e6f0a235ef99b66584f006eea562ffa17de07f9d64fb6e3969750e3b7b11a64738ea29a3f18408005d56f77292009ae426b97374396c0ba0a6840bb4ba786c99

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
2042e008dedfd0337864e2633abba51c

SHA1
dab0ce347e2061af0faae58e26ad5cb62fbe608e

SHA256
7227b963d97883a3d28f8647f375e04e8aa6f102f450ddc6a30a42eb88c20158

SHA512
7eecce2238a15d6018ab24d3610902acc759ca97c2fd9bd21d1b8ffaef4386afa9a4768714e19d146a06c3079760fb2732b4f54977ebe86c71d6a5012af041ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ad013210c798b8a1cfcc37378081cb20

SHA1
411f5dc7b0279df42c0ef0c1f27cc91ed0325771

SHA256
175a925ffcf296550d61993b103d3cbd6194822f3c1adb33368504deae44d11a

SHA512
1b7124d8fceb23e27abd1d4030798363e0bac2c5561cd60abbe24fdad2e2329c1fa4481da3b0d2fc14751ea49a3b61b621f726a57227bb8b5a6900a65a0b3030

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8996cc4d641260365216f2b13fc303eb

SHA1
d941ad35440100f1286eca005fc1d0717b4f45bb

SHA256
d10020f29e02be9f64ec29c7052e14c08e9028356031c28221800bdde37382b9

SHA512
23ad32fdb412a1813690a58ac854551272ae172492a327b752246103d1db3f473d912a61d536cd8fc00a3d64be74ca0e32f488bf81912d5810bfed7354b5cd32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
4ab428efbe9a77c9a93b2885abfb9b3e

SHA1
ddcac5781365b50d6f7661b137df8b09380af8c3

SHA256
8509ba3c4c1495537461bfbeaffb6879eeedc5c39a90f0d6f2dcf58fd84195f9

SHA512
8d88e4d9f1bfce8ddb3939cf7039018504284e0dcb9ba7804749439fa93b595504fafc687178c8d673b6562d0fbbc7142344bca6efb7da2928bd2de51d9e7d7b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
93988c1722a3a0f79cd0793e55c10e13

SHA1
d262aadaf31e304b480d8cd1a76244eb9c13595c

SHA256
adfef27add2644065726003d1e7416694a790617444c6a214d4e831026ab5a6d

SHA512
5180dae1010224bada18b73d2fed3b062adc785567385d5f22e5ec4947f37e2bbb9f9942b1ff3c1c61b809ea0b76b80f1f8ab146a9ac7e7e5f46a779d8defe8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
1b24430b5d9dbcf67672a8ae8d712031

SHA1
71b39aa35a3ae21815dce4de593287a97b7d46e7

SHA256
788c22f4d2d06bb74e7ee92f23a7cdf5fa5b5504335b1277d21ca5e6bbf32a23

SHA512
1f45054f8732158e30fd71ed2258da842eaa0c23d04b3892777088d8a06819b85329b6de9322dedac1155a94c0a5ed5c65699bf3def99433c1516cdd00899f2e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
c732e3e214d79090986fd32f09a2954c

SHA1
1ac1b296cc4ce117f846571503768387c17689b7

SHA256
2b27d0438d1bb08e30885f0ed2986e9ede64c6ff69739593afcff572ed5f504c

SHA512
25277a05afd407f4ac2d55d75e0f5ce098ad05f3bda1ed8b0049a4f518b5195fad0f36cb2079cb21a448bbb24e10a16d7fd8a21547ac6205229e99817b4037a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
4471225de7948d0731c3447bfe0b68d8

SHA1
3038e025f8beb04d8aa328f1dfe7430843cbb7bd

SHA256
35dfd538ae69c9867d31ba20c90bae6b86887fd06d1467806099f83415d4c272

SHA512
dc3fd07c8181fc350f5113057d5abce9fc72005bdb94e1274b843972b532aeac3ded546fc1dcee1e117c5abce92f6db03444d4eb9922808fea3e63a9f4939912

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
165417fe443ca2cd0648f0d8d4cbb6fb

SHA1
aba6e5cbfef4556713bb8ffe1d82d1de7493b2e6

SHA256
fabaf4884a9c86d7beeead620a0393d5afaa9d635630874e92fa94e5ef903e8b

SHA512
395ea4b7211e85c3ee7fb7cf97b834039fe97efff700147ba45ff701a5620f9c69f091bff60c31f5cd1afd0c35ddb86ea3e8cb58cc6e706132f592602b1558c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
860fc9967ebc901c34f323b9d4567b1c

SHA1
e0bfa19c487a2148fc7b4815cf71a90fbb36b8b8

SHA256
2bd9bafef263f920fee915f755d5ee4f493565310e0851ed3eb2346e6cf2d264

SHA512
5e6a02d203ad7e40981056438da14934474cc3a167d8fc056d7bfaa81f693299dbfe4ac77a560852d0d603efbf158be282a46ffa62f6256dd9a4d71c4f3db18f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
a430ba3e78c2a80e4cf4420d8e6ea718

SHA1
59dd35bcf415480ee582369a6ac77627e619e758

SHA256
af325442a28d763608c859c5e82caa9717787d21fdef01ec587677ce2e8f2c0d

SHA512
b0d66961073a78b30b2c5a8fa199ba5de005861ea3bcd87b5b346beda9355225cbd999f9612a0339ce325ad526006418181bdd81a304bda98c07e08954b60c34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
4d26b8760bfbbd1b92f90532e797923c

SHA1
a33532eed8e191ef500346bff6348b0f812e3812

SHA256
83b8f29f4efbdbc3eed9a63125c9d0975719cb23ad2ddf0d5ec887533ba6f145

SHA512
9d0e04b90f78762077e5206153b949ffd24131475bf999b026f975f791596ff224f10c8d2da55644c74d1b9d36dc80acf637917cd80916cafa35f4744956971c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
ddfd25d9d39b77d90381a0800f577f31

SHA1
f18d50b7c282b0f1231d32974293f934060c714e

SHA256
bf42e6ef1b3c485a963b6188bcadf9001c19a598f5bd30a91664b697732ccc69

SHA512
b89d66899b65b09759758cb42f940913bdddf3671f2c7452d7cdd843d94c264abcc484211b9aa13e3ac864ed9d3219b6357106af5bfdb9af1e60d0c990bb0ed9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
3358dbf167ed2a99aaa20a6366118597

SHA1
4b824c0c2caa3a540c31852abbfada422a1bcd36

SHA256
970f8d1f3e4a6f8514b727327b6754a42ee2cd63eda844ce23a161e985435f04

SHA512
a8d52f98c7d52fc6ecdfab53edee96fe4789493acae72d0bae27815fffc6db915a001c7f0f87fd464fb070517370a0eca78f1a6c6af703c42c00938447942114

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
8be298865eeff26b608802eb9e8ab7de

SHA1
18f975f58fa173cb7490d31ab57f5737e3dabfcf

SHA256
0f8d311490768956228a6dc0eec9113d292c0bb01db9ec293482f78c2a85475f

SHA512
58a794bf66f7ac79d8eaf1f724008a4e8d8e5248c24dbb2683a6ef46373d18525a7848b93f6466f31dab04b0aa80b87c864c84a2c420921e71e7ef4bd6692b1d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
90c965a8ed5bc2551b5fc7b2393f1202

SHA1
a000f7dd0ff3fa17a4b71801f332e42a95b554ab

SHA256
ae48073556373aef74cbb9eccaa3218aafd7503993f9febe4197d82d1347ad88

SHA512
e59fc67e3c0eaaffd16501513bc6931b7f8d4968545c28f761b567e9cba8e0485db43a56341a083b715a0c3aff69afc680fd814f93242677bd8a3e9cc15bb794

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
da7002c96677b6a6af543d12cce3a1e6

SHA1
76ed6a421bfb8160ed6b6dd5dd8bcf12e08bee94

SHA256
49445624048e26089465e2900db8d2ba15a59bb975521fcd1956e2c9b215ba9e

SHA512
d0bdc1ef5bda4697d2261308351c3032010addac54d77015812346f99d5f1e675e656f3c28fc838fd6b98c15e5c598ff10aa3ee1480b96f5f87bd97fcf1afb14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
7f28b8a58b4e4d5a17d862eede67be3e

SHA1
0ce49a6fccdbe727ddfa61fc0aecd978b97d86ae

SHA256
facecdaddf571039e80c703757d94e908a3fb7fd690a8b28136936b22657f1ff

SHA512
0f20aae0924dbbfc589ed74a2bcb0e86f2b322c8782acd41c1ae165d51c64e2e77557ea87b4094a0f8e2aebce92a7c51f12c97f852d810b532323ca566b3ea4d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
5a63debf14f19c04c69675665eccc5ff

SHA1
f99af0588668bcecb4f47b264cb28384fd7d0d87

SHA256
67c00d9877cb6fce2af6d9b8df1e9fe4c1a8811932ad702737d71e4d72753da7

SHA512
f7232bc0d3c37f06851183ed6d0fb2cabac450617d444b419cb861897d6d92fcbcf5d7d89f635cf41ec467df070308b4c2e716ec9661f181274f328ee98a71c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
e7e40b4447ac72326a13d4cf885fb8d2

SHA1
7262c2c2ae31fb615732f796f7fa45ae34143206

SHA256
9a865a18ed46798b342dc2927d72ea6be4698e6dd8d54f28fe7c4811b69eb7c1

SHA512
c08f305ef63d1ddbae54ce020eb741267762209f4329e1986a96b1a5b0294932f8951f4f47ac5c7dfa7846447151078c0503e8f67481779a59545a2bd25e811b

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
ab560e0193c17b53db9409cd58921c05

SHA1
16e65e625fca6d69c450212fcbbd7332b3b5192f

SHA256
78a93947bb0b36dda037848713581559d0c39d58ba53555df90701d48e08332c

SHA512
61a02abc445b18c23141cbc323cc98b3452102593a80326c2b4fe2196244e60db570af4c5d71a100eb11c6d751b36574fa0ca75cdbcf0d04ca89ae181f6bfc1b

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
600B

MD5
48a90de7d6ce6c321aec8789dd7e1401

SHA1
f717edb78f38797ed8e000c0004465508cadc699

SHA256
c802e0c2c158a9742466965c115a6d270ee4c42c95998c037a349905d14c10c9

SHA512
c0af0ea9c5f772e5074d197639f352681f49da7225e8530c2072080fe7e760274c668cd427c075f2a6bb36167fafbb2b53ea36403e199566bff0e1856d1a91a9

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
08f2cfe34cebe148078c3a7acf94bb31

SHA1
315b3938f07790fb2157888361784391aa0d61a6

SHA256
bccf7efdee3b264eaa9ef2aeb0ac8a1d08f25a734dc5d3363d5e93d3ac018f45

SHA512
9957b419e1bdc3307ebfb91ea1f328e2c78f892978efd9b396ddd670d846d8f55f10654f1e2206f480e086f7188bb00c5a633a8bb6a33fea20ba4fa058e1a447

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
067996f2d28882fe5cbe9af43db6c398

SHA1
52664c56e98b05af51b9bd0b42f628ee497a2310

SHA256
59ae7dafc6d9e1c022521c421b1c1daf9a8f8a10d400fc82e605b5289939fa9e

SHA512
9a8700fc6ac46786e1fa92b4670190128d0d5f6a11a65fb751f1f4bf3861d7a6fa9802c6ea4a0329675becd85bf7a8205636ce782232d30842c4a0fdddb02b8f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
797f5e29c9c8324e70deb82f11a80b0a

SHA1
3969064a45a3e23fa647d24fd1c0da11d4dd663b

SHA256
c02b61c4b3749791f490ada1541972d0c5cc4283bac516f149d510a88cc64562

SHA512
25ea3b3778035e1d1ee95ea835fef23664537d74227cdcb1926f059da9002254c816d8497c4d4e2129dcbaddbe22af1ce2f336885f6010cf77e300acb1eb1646

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
fe238a414c6b329ad565b84da03a3ce8

SHA1
b5b4861bff0bd3723e8617bfbb51c6a6685cb78d

SHA256
aaaf8684be5d547f148469a8809582f0a23f095f69333b382529debb18672b6e

SHA512
9897aa678178f263138cfca2c464347c633a65db1949d2b508474c9eaf6cff6d22adf9302719a9235c2720ec8ed712e5ed3736d4140639300265a69bbcff4a39

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
5983953a3e11a00d6ecf3770fc035877

SHA1
ccfcc757ab89e4d04720bbb5b531c625903e2694

SHA256
7ae8b09c2bb90a90ede24b7766eae629e6973adac0b646f57df079240bc619fc

SHA512
fe0a2bded5748a9ec2f7d1deb2e2ffcd4304beb8e10c218b3cd14dc81dc155409b849e73d2e662e86739af53caaf7a1cf1e17fe787a44b7fb606ea61b62f09b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e186d2f363d2b01f32c11645679b19c2

SHA1
3387488ba36d2822aecc507ed7b942c44096166a

SHA256
2ba95beb6ef071b4762ebfbbe328dd57663476d1d8497bddcb21122d46ddf0b6

SHA512
213cf4c8630abafabb4bcb8ebf5a528a8c9a2407b748d60b8c9ba1c934708cf0b0584b3eae06ff426292dd6afc9bed6aeb3664b3d5f97e1ef9987004c1cae4d6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.EnCiPhErEd

Filesize
23KB

MD5
7f9e45ed24128b1a774bd67440c75eb5

SHA1
2b29ac908ca730dfe3b130ed04e787044aab30cb

SHA256
1e96853d988bf2cc4726174e0e6c21c4dfe4aa45e019a8820e7b9335d9334946

SHA512
4630c6bf4245e8fbecf871aa6ee8774d7cd644ef6820e0bf94d2664b2f2b64396c4e04938b95806dbaf090242954c04c1dbe9ed814e9e91ef44355bcc6244470

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7f1b805ae5a1c65bacb24bc84b53a24f

SHA1
3452815d2caa04cafbd68f0a806627a49680b14c

SHA256
e469317459c74c7b9f310b741baa8f4440376f632b084aee96b9fe66ab550068

SHA512
8d92884d30875703e4f724740bb27bb26e84c8ab296bc90353048ef5febec465e40ea02816f6592542a937c28e6e32f29eccea0a086f714733f0dba83ed80d46

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
dc2d90812025af3d8dc16d02180dad09

SHA1
4fb9a0d1078ad4aa45101e3b4afbf82a21539a0c

SHA256
7367916e93e05f97b839837d51ced054668d3480a52c452822f28cc03794567c

SHA512
22bedd2f623b2143617d923ae08377954ec4ee63314637b61ef64bb9df0fd02843139614661666164b201177ebd48deb8142dfdd19dadcc981a65185ccc9e381

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
d94a85c4f30f3c42ce1a836fb4d77d5d

SHA1
069ea0af0f14556a41d745d6bfa9fb8f5a8a346d

SHA256
460dd4b6dd8e624dab7d853bb4df6fd4232e8db9a2c3291e0f495154f33216c0

SHA512
48271b8317f7e6d7c781bad5fcac5c04b91b9c16252cd1e025ec7fc74c0a12a338bf0f3ef5dabaa02350a501f237c2b05bceec2fc3dda2a566562acf8f526c61

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
e69b62a42548a0299c7a93b3d21f75fd

SHA1
ed3623ef4aef904abf1043288625deb7c3f572e7

SHA256
1d92aff4a86ff0421a65b3461ddb435429c601f5edaee60a5dd32e01df4f3ead

SHA512
2f54ab6d368994f07708149dab39e8ee94b60737adcacba5e9232f9cde16bec47e2f187d90790211b8a284e58df8e0b33be5e9c9631afdddab9b98cdadac0002

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
74eaceeac11f9f40c565aff7f9e4dd58

SHA1
8ecdf81413ca32c654fe4fac6a2ffb5ac270749a

SHA256
8854e8e3f0a4350caf936ac9ec0169378be851397b95da051578e0d2c371b104

SHA512
44f9e9162c9d724aa17953494717fdb45e80b8485ec39f9236188e2fe4231c9ff194ad6ab305a25f162ab822dc004fc5222d1cc3458d2aa07535d66297d26e37

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
b2ecfef1f2023290668e64da8029d790

SHA1
337c347836344caac83499b9e150030c5f848d9d

SHA256
7fa5c03651cd9b2a7e88cee1e0fdc33b8426fed8c56c3ddeffdd72e3895b7f6c

SHA512
ecf21917d29517445c39e470749721ab8cbb7d9edbac7b1f864631120ab4b2e4931435b5a280d3d2b50937316e1f708ab81f3cdf9729cecad7718ea40b9ca198

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
984af19a6f697682b25faabac7c8c631

SHA1
1bfd44dd8e396b38bfa858d71d3417bd8355eb8c

SHA256
75ce6b6cf3b1cb6a9514205b32c310c0aa6eb8a22d2796e89a8ce261d730e229

SHA512
7ae58661bfa5d556553a056766edccc8440aba3a67088756c3941b0dd3c54b3257f590470209cd9d29e5240987752f70d452272cd9f326b00bc5ead136857200

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
d7c2b66004a7771d22e3b3d9d692c5dc

SHA1
9e76657c21c4c7fff22a68f09385e8b2788ce37e

SHA256
4486a15ae6e83cbc43afb97349c6a916bb9077420418475f4a1ce79e022dd3be

SHA512
3a371a6f5c657fb1aa44194bede18dbdd1f0dbd95e7c312ea362e73c7f7f4b05e2da4c281574ad59cef42e7c5b9170fe47fc3ffa992fef00769984226512619b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
21847fbce2108131d174234af606b771

SHA1
ddcbc4b42d199317b1485ea2286140aab7cd0ba7

SHA256
6c85644b539190630df1c9b8458654570cf78ea9f91a488848f88a10b640afd7

SHA512
e116d6b3aa67743c65c84ab0843e60514cc05f995acef5469bc6a6eb41d095cd3abed91c41775fa90011612188db8d1ae5c47071213405906b970bccfa40c52d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
aa6ae0784bc4ebf1090cf89b83166e8b

SHA1
a57764779f95308ae57c375b770b2ccb9497d438

SHA256
f75fad44b192aea309cd02a4de7315c9f8a4aca0406d5fc958bfd5ae58709808

SHA512
49e5602990ea80d700adc22b9f37289fd02bd1f573a218312d21bb7a18334bd1353d064172641b5ce8d0530098996bcff485eb3cd81349546ce2e2a48269add7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
a435c55c5387d2cd3b03a89f60513bcd

SHA1
95870162a236fa5059772db4ec4f6eca2a39cc0f

SHA256
39d67070602d1c740223b1266aa7e7e3ccd1272c2bff8e3c831938777077662a

SHA512
88717b93d86aa7cfa509a297b76b3d311ef7c7d4c192ef3234c161f54b8a13df396fd31db2f738cbbaf1e2a25e79d802fc4bda1df6a1024943375b9a2ef573ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
c8a578b8299e4afc2ec98ce608bb5ff5

SHA1
19c68e5e22b8819e05918ee7154df22aac06deb7

SHA256
711cbb11001c44b1d5caaddd22c5ae613358d18591e17a80a820993b894f951b

SHA512
0bd13c5754f767bad395e7a1bd7b033ca53591ade71225e61b9792b7163e608d1ec950c3e629e59533e05f0987e8b3cc89d5b583e88f9adcc2523eea7104d705

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2c0f116aaadf83ee98886a4617a084f5

SHA1
379c8e1ad1c69526f7f13e1d547edc61c82d0d8d

SHA256
02fb82c09c632c7bbd13dd72a8c9543771ded385c3e8ddf1c10cef81d1fc362f

SHA512
967d32da3592e1c4c9abf8794dc4e1d4039ced8e83adacc5fbb2a37454bce9c4df024263ac320a6aa8b3adfb00116eaf5d9b2e0f1ad84cd80ef49774abb272e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
7c193f87310f496b2119243ba732315d

SHA1
007a67b347b0c14fdda020f01fe930b9ffc90017

SHA256
40a15cd20db41c2e6dc3df0ce84bc513e3c1f69bffc0657412b4a29c81e649fa

SHA512
38242054bcbb9be004e0529dfe30e028a455119a16e048c65f5675f1ac9fa696b519332af4b5d053e89e9c36c0864adee1f37d5cc2c56a2476f3fa56b2d1234d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
5c0774148c831134b2c47df00df96081

SHA1
9183d0c9188c69d8bf3a9dd8e710dd6dd41ec84c

SHA256
e7de936b0ab52314f55e03ebecf65154e7dfdccf8376217118a95e6cb57b54d3

SHA512
3d4681d749615d40d5bcb8fb54c0000b497162ef1d3d40bbe9c3917488232442fbdb089480d672900c91809e6880480d6769451d0bbab173e7a6b84358078b18

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
e6dfe2dc320d93edb962d234132c8a3a

SHA1
891da865d1686f35be3428768ecd530f761767ba

SHA256
74ace0f7b7ccabf300173d94945f9104027f42c1bf3d964d6a5bcb4b5bca385e

SHA512
ee022f3d36caca129c168460e0a917ca1caba3da73e3eb288869e6c279c1b4c250a517ffbe7f227d836e8706f25cfc67ab8f4eb87977885efcb03966bdcce10b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
98ced6c8111f9acb654df26d059fd869

SHA1
9091bfd281f65e0e3ff271ea2f7fb482cdfedbea

SHA256
6e17cd7ce3c4a6c2c9be3fb82d26858ab84824ce8f017e55816564aec4749eee

SHA512
ed82e17af8c9cfedd87f3d95da377d055c3edb424a23de5cc3e42ccb7068b9e90b7e019b1e23a851633a8947f55984aebf29cefb86c259ac3fe28cb556d4b729

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
334e310e41edb7f41a24db87da435eb7

SHA1
15fd1743baaf8f25e01e860ec58f80eb5e9c2466

SHA256
38e78ab2d037883a5248be6edc9383d5a792384151c4826afa766cf83a84d46d

SHA512
c1338eb8d242b14e5959627fa338ad1e104e67b45b2bd8679c3d1504b621a1cbde5ddbf7a5f9ded05cf0a68fdf22997a161bdf012e984dc5bc7d5ae493b95307

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
829afc6bbd8a37c2266d7acaddb36a73

SHA1
cb1886dbe25feff7fcba2b57224a4abce43a8539

SHA256
18d92e84fa25deb6978fea35938e00296389224e470e7e99ef01184a94a12e44

SHA512
9a9a88115ac3bfa2259dc5d884823dc231daecf064d61e95724011cde4c1088e9b6c43a17a9c5a7c8380a32ba1aa8bd6e8008e9f228fc6a6afc9b147ada3860c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
6e40c0c6bb89a2bdd8cea8f64369d8c4

SHA1
b0b8719e4334f086c7262d3a880e94b8ec21b06e

SHA256
f6d80f1a21c2c41c8f379bdd57ceca20becc1649c3814320b969370d101a1c67

SHA512
fa921a59c632e281a74c7390e3e514b2c5a9e2909a0d8cdb1d5d258b76c3278d0fa2ff47ca8437c4f8b54596e55d15f125cf5b757240910ef60261e799054121

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.EnCiPhErEd

Filesize
1KB

MD5
044701fa59436538fb5c2f2f6dc7a70b

SHA1
2005cbb97c33de361135005819cc166018a2fa6b

SHA256
ed8cdf199aef21f11f9299fc882e53045a9cfeb3046bbc2ae57d3ff9375981b3

SHA512
1c007863c683f47851e032ab9f42f508e3d70553bfbe1c690807cc1f32aaf04cba3baf93c40d2f142212c988a42252a68eb2669aec97b02a4ab92ea5ee1f21cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
005b7e690b24eaa20e95894b2c232245

SHA1
ba09224a5016220d0f4bdb0139d830f07edfc5b6

SHA256
c9f924b7d32311ed723470a5dc0f28f12fa292e1840ea32891f9595b1c760703

SHA512
e6bc9e1a4f886cbd4fc8c3b57a741b78da2cbcda65b3d6c7acf6c91f24cb006be401b7d7a0128412325ce327d2c9ff4ca6de422b39b4bc89e86d692dfd44cc52

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
7c92bd576a40a10424bdf47309e4c521

SHA1
f2a8f12b268f1f4f007044e1769c7485cb4872dd

SHA256
cb37e0686f1ef71b3166dab33aa2c27e0ebf8a7ca791526858629622df9ca133

SHA512
61df4d8a412330e777ea018aec3b06848eee6614f218001cd2e29892a9f9e2434cfdffbe2edc26eebcab0fac5af882e39f7546fbfc94ecf6dfec64d1c6d9d776

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
06c0bc2d0af55258ce145310705862c1

SHA1
5ce3c09235e06b24bca326e11d558db8d34d2ed8

SHA256
57bedc47a221b4709e5d018eacc1130fd0aedc9de34171a9606d96d1fc9e4573

SHA512
6dfb1f68cd6e41925b1469e8c7590717a0923127d8fae9b8d032fd738d18d838f8bb1ffa64bd022ad33ca3591de906a65c21d6094677a234b3bf85a4fa80b020

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
09edb35979c303e78395fba1a9e8b724

SHA1
02bedc19654cbd03b5bcf55059bbd7d3deed7d8e

SHA256
f88a5b937876ca978bbe12c805172e220df704394b2ca3d3e06450f9545ba18c

SHA512
393b96f3b42b064ab92e31e7c231243928dbaf800b21f28e111ef8caf23c978be2c6dc9a624ee1557587c395ef9a8cd638b54d78b8c961a33bf8452d005ff954

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
add79a03e4d9bf0d500f1990e8d4da3d

SHA1
bcf214e50ec379f7d46cc92b3289a4e2fb3a8373

SHA256
cb6604b3a8b3257081b23d34bc5708c4143d30ad33acf9375c08ca39b93c59f6

SHA512
30c155b0d3939014a5851e2ee19f698fdd5c18ae53abc6b4760d66ce86667681421d1daf9a495346b5dca67c822fc0b41682dae125dd6156f4097849d7b30ba7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
d9dcf3c9f4c0c9a8bd55003ae3627eff

SHA1
6b2a17518c9ed79dfa007fde222182142cea13a5

SHA256
bd5cb82ab7ed3ad19a7b7da657cfa1d8826052fa3fd232503b18a733235b2d90

SHA512
100418365e1540324a4cc215e1e6bd68f482abbdee77d712ceebc7471db3278dbc3651a402a1b75938b28db06387848339b68d73b789eb564cc8dfcfac7bed9f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
1ad71b1dd66cf2b70a196cce2e5911f2

SHA1
bb49e4327781e43e3d60675e9de191b4ad767254

SHA256
5a91f4074bf666a7018115b9c0df368c002aa701a8872b1d099f1abda81d0775

SHA512
74a7a4b86f35f97d87ef93d65bb6be6286b6822e7e0ffe2919e92231368f35abb7b7b22b2df44da3657b142014823655721653b97c72fc78650c0d92d544dcf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
d0d223b19daf9eda6b7958e2d03e94f3

SHA1
88b8e98e869606700d8d4abec7cf011798935ce0

SHA256
ebef0035487e3ef746336957f8b6ae6a00a51df12e1655d44495aae5d8a5c938

SHA512
9ef47a1bf4902fc0984cf5ead38ac4177a9a03b9f654b315aed09dd9e20af351058a3141b703580729c280ba4fec95b8332b5e72aa10b6ac2d6545627ace1779

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
9bb962b3a8ed2f98258e58159d0906ce

SHA1
3219610f34bf66cc1ab0ec524287b4d0c41c61b4

SHA256
762fa3644ea958172ee1a535ca0b51f7d19efd94e6eadbc8e90a1af03a63b56d

SHA512
da44812e12d3570188091e098fa081331b11fe05edd33b09310a3469678c3b20c6ad9e222c1723e7d62ffdb3ee63f5161457d49b52b4cafa0dfcdb84b319b9b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
fd5f40026e52d7c910f396ab0f514d0a

SHA1
55e3ba753fff3f57f040a25d9825d75944648b46

SHA256
4c5e34d6ddcda227c7acdaeac90ab6913293f35aacbc602bb402723ef8cc18f4

SHA512
681a0bfb7d00aa5d5329904470a1e995b726d5ebdc672cf490fde4f4f5f42cad12ee0e8f77ea10ca351dbcce06a08cdfe6bfb29f930590dd24ddb286c8244002

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
b9b8ad6095c6c520b614b24dbb5951b1

SHA1
0456f9c491759f90118ce9053082a89b2c5568d4

SHA256
9ab720e48e083f1466263eed0c99a75368a3e0fe3719b0427103e0e54a8bd45e

SHA512
0756af9ad32d63fd208d557abab095a6d8352895264499a36ab7a468745d99f189643c9d37107f2f92e9dd3faa66ddae4cbfe6bb9e04d3df6eeda0afc8369524

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
181f362521842dc1a6f21caead0ec845

SHA1
4bbc139f8673eb55c8a9f22559511e9444cde015

SHA256
5181a46eb5cd54c4548abb82940c49009b96b159d513e923fabdeb32caed873e

SHA512
29a753b4552b365e788691d3470c5440eee640fe8bb6d0c3b3708149d0eafe2f43f6331b96cbefa016aa8abfbbfa0ec246f243e430ba8562bcc990e99329616b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
67a1dfbc38c6f7e7a6c5268e7982fcad

SHA1
c9bc413615692cef7c578d796b435fffc3adcc39

SHA256
ef275cae81ad6fbb3635ac01c270b800ea9cc6129f82bc14dea835061d463308

SHA512
4d3352789eee51d3bcb69ce155c8b1be670d21f869cd9e9584451bb39ea3b08173af863f272702ea46eaf9f677b2cf2bf89997059f81993aba6f8a579b538bb0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.EnCiPhErEd

Filesize
11KB

MD5
0965c39ca438b9ed369c229ac390ef3c

SHA1
39bce6ea98387a6b03ccf238b0670b2a069fadfb

SHA256
f7bb549acb56b4c26f1a488df88f2bc876c5738eeacd086ca1f53d294ed76fa1

SHA512
e2f3d723a05f077466ea0ab9d2d28139539cfb3771249cecf44d023833282ceaba8e5b83f6902059c0db6589737fe2a94a2ef765a650f3db0d2d24a3f814f072

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
c7cace17ea6eb626d2e763b1806d994b

SHA1
64d72e76a185f54645b0df18aedde4b42f06ef81

SHA256
17f77b1a3e287000713ea08161ec18a459f04f0a9674454f2ecdc2c2163cbfb7

SHA512
86ad951d7de04ea76baf94139e70eb76d7d175d5a56b540b2dbea61dc87dda21057b0bbefbcdf798d6d31cdb2e106f9fda4b8460754843a42669dcb6b78e4cae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
f67c7222f25ed1530646e256a4649ea2

SHA1
1a6dedb1ff262cddaa3b350289a1e8673d425f4d

SHA256
9c26f1f184bb44969b36e33181d67220e2f9efcd6037ad19d51d5171f5c8f111

SHA512
fea50ef75c6a9fa15ca0b44662718bd66128f2c43a8abf7333302fc7069784c41dc85984e5c6366094bedc1374beff0af6c68a112a4805bc64bdf00c8b3d8cf3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt

Filesize
77KB

MD5
c8ad5aad1cb4bb81a966c4a4866cf33f

SHA1
de6e2223dd22a0328b4d77807aaef8954ce6f67c

SHA256
a829c3dcc48b6eba425a3c6dbc0b76ffdee29b05248c5f00ef627bb590f6036f

SHA512
439909fee7578943d0ef5e368ec4d3475cff0715ac76624334b701fc0e33a7cddf7f98063b67dbac8ad8d39a327ea492a31cffe2c82f3c721439e8d85c909a6a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
aecf31be84269eb761e8d3e6a1d7ad13

SHA1
07dd38b380ae001e10e54260d80a94e8a989acf5

SHA256
621c8cb95d84a18485b71d1109d6a4469106d35aa79361e403fd56e6b175eb27

SHA512
70fb2d3c54c1ced487cabeb2ff407c6aad3bd6632efee873edc0b6b409330c8327fd93b0644374ecba8a45c9d27c43f75f6afda0d07bda5a785c3c675fc9eba6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
8228d9df2258171a3899a67dc4535e6f

SHA1
698f747c74503e90c38991424fe2a13f967200bf

SHA256
29fd20c03ea03dc329cb6af3778781f876fd2793b0850db29db38340f877d9dc

SHA512
68b3e457f731790f6ca0047e385a9d6f5e15367958c2783e46ec09f5fe4929e6e73d53d37f54a286ece1f807c17cbd9206ebbf175eaf71d48cee6bfde98f5c58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
e4a223cff0e990667d0ad1f2ed941f1b

SHA1
663c833d7162298d3809b3797af60ddfe0c7288b

SHA256
64303b33752796419d13a0aa9d227c9eae5a44507e687c3d99f5479118381ca0

SHA512
c474d37835c93574fbfe7b90d5d3840625ce26b65f7f0997c515105c4775a6eb3d139d28978052a4cfee1fac1a3395a4265fb79de9e3b92c2929c290f5c4d66d

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
1463a5d4dcb2b234f4cd8140d98948de

SHA1
e9d51aebb09ff12429e8daf04204b56834566f1b

SHA256
c60f1c8c0656ccf84a09ddb867f094ad8c4a158d96edd6458e8e9e676df2f84b

SHA512
212f51998c264f5e0e8372282ff7ed85e27779396bb85638e9ecb8ead3e357ff2a15266efff55b96e6f4c0f1466c70f0774d68de82b8c524f8fd8fc44f4637c0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
3415999555a454a84c4df6c71d8b4478

SHA1
2b9bae38d0c0a09dd020f085658fd3acda89d21e

SHA256
37ed87b67d0671012d526990dbb0db5218e9a12f5c6440adb19cefb4801dd76f

SHA512
8150f13c009b1369beb1506f0e11a1512f4ec568bc8124a2ea9d5e3f3df7f029053e99478100a6f5a312d39e62646cdd8c7adb3ae416e3f34070bb4d7fb3a108

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f788e769962fdf5b7401fa5f612ead99

SHA1
9dd2ff65788900b99406ec1a0c179bfe58eb93b7

SHA256
effe354150f3de056e5e8baa436e82b3246a980eb9c5304125761adf144a9019

SHA512
aa14f80794c0da7b9c2db2c5f7a2414d3cbc36ee03cba68838ec3d4603673f47dfe298920fe5da2547be346bdac69155890db7c12a9c1bef93e280689dc44c67

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
8fe6b564061790b55b40da0986b34b17

SHA1
92c3ba477c6bf8ad1d0716c5532e0bbb28fc4cdd

SHA256
589aeb27b53cef581781ce57d810b4a87afdc7f3a3cb564be4e90cabe430f485

SHA512
b31b58f352e5f4042bc9c96795c00ac81235b54c4a4bb30eb9da5f8d67e9d9a30d0f2dab158e579c782427da6ad1fd7f9e0ad4582e50f95344ec1ff441fb5bff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
cb69952f532d80e150b1a4374972a33e

SHA1
aa9fd84d2d0c0c789260c2015e27c84ac9ada283

SHA256
0550b93896284e53c64c38b64a4ed7c49bef24ea218ac125d80d407efb600ac7

SHA512
2739cbb6583e7409c028dd670bfbcfa3c6b85fee0a756f39e3e0513ab99f63dee2d2d3bf10a38bfa104f1b51e67aee1527c8f94542eae08bee5dce41a39fc6bb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
4b55384ad143b7b5d26f0450ad58812e

SHA1
cb86199826f0e80a83ede9d56add571289ad1d17

SHA256
657d1f8be59009b0ca070e1b354b033d638af8ebd8c366b93601fc9389f8f3d9

SHA512
8188ff9713e3cd332341517ddea21ae0d4bed2ed5343718c36736d1282943596620fcc168ba53d50abfc1bb07d6a858860f5d2625118643419d8dee9843df1fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
1f529927fdc085cebc5142660181ce57

SHA1
dd943c069f2bd4692ecc6a1133462371fe923dcd

SHA256
2f58e4679693cf3e3a03874e1735eb435114c984bd15eab9ea9647852ebb64b9

SHA512
ddf50f5e0bb0b33166bc5c10da6a93e8e6dd2c5bff47cb1b108202354e315978fa1f5ced9db6d840b3f70ffe37bd40ec4b63a776ca13e4328a8f0d3e2b6b58cb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
e6ee79b625f4796d8fa71f33417dfbbb

SHA1
27ae23a79ecd542fe5e896ed81cb7246353e9a55

SHA256
6e91bd27a30b52ae1fdcfb3437783d8674679c1d43758f6c4978736238d6ba35

SHA512
38fb1e3af1ecb5b1c5e737be303ba841a1248f32745a0129706e5decbe078ffbfea70c10f50a56a98627e65837d1be87a673d11343dd99e0ee3e23689968edd3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
fd276608c917d7362d920fda637e00f6

SHA1
3f1e570a444d1d6e80cee4db73b7fa2bdfd2abb1

SHA256
1e987b5ec1eb345d6c7b05f86dfeffece0e3f654b1e4104b63acbe1c014df2b4

SHA512
60fa5493fd38f3417e15fe40020c9b52bf7a8c83176c67c19489e879e10e04455e27b7b49b0d17a46e962827884cd3c7f0ae4d37c5bf5265ed1c510b3b2eb5b2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
190c8fba6feb67b0ddafbce5d10e93bf

SHA1
cf4b04cf92d3791b3e8946be32d87cea8a398deb

SHA256
b844b91f4902a6278d260bf6f018ba9ed4be16841855cabfb50620da7c7a8ebb

SHA512
10c4d6cfd520e8eeb8f1f8343ce3cbe92c46eceffe75a2d8836a89a95f362c1591b7c8bb68b5327c7cdd42ab0d4cdea98d76c8168f8fd4be92455a932f408fcc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
3c7ac6f3888b0721e7651f7f555d5f15

SHA1
8a589a12a93363806a5bebc114372aba06228a33

SHA256
df2c5dcf2ba4e54c97cb9005ad357774600f91abd3d93aba181137ec20ace282

SHA512
bed661317e125848d34aa319dae25c6b8badcec3abfddd10f7a21990bd35c6d2483548ef23ffcbec6fff904adcd8d4705d6f4bd8bb55bb544f555776668a20f6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
842511335c505a6c78b0c9e2f64b1e88

SHA1
1993c79644d93cf303ea1658af7acf4868af45fd

SHA256
5f5c43b24b4c4f8f601fee1467494a0ddf487cfc9a0dc2147fbf4731d1dd2128

SHA512
f72d44f900d3de9087f0a058f1a6cf87eee188b1a6a4aa82620341888ab7c123bb683d1d09a69820ae1efe7a2bc2c197217a37f0aa44fb782581aba2bae22cc8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
3acc32c348572764f29d57f36571da64

SHA1
40d46266ce58dbd747c1509993ddb82f8512fe6b

SHA256
de79893d41254e5457ac9a005f67e1b8863f0fd56bcaec28b6d642a2efc3ce1d

SHA512
3a88bbcedf29633184189339b5be9c288bd8bec74fb93a2a076e9531d950a8c51a6cc950d46e1641dda2a6e05e8b9a259d38e4fbe9b6818d8325db41cf7c1edc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
64bb6fbe1796224b372bcc2f810529c7

SHA1
b0f19e6f61bc3467a427fe3f26975e061c1c7f67

SHA256
b4873dba017286d134abe13335987d20b51de7cf814d3d06eb89d970563be710

SHA512
a55f8e0f94a0401fa882119877608bd23c29e4f179fa413f1f32db02d7cd7cea1f08e117fc4c4f7227bce1bb4137b0145422670667e81b002f5b3f81a7cec907

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
660cb04130784a0381c56bb3a3b28187

SHA1
06ba083030f52df062e38e1139f08bb418e5851f

SHA256
28800ea587d3fa55ec498d47c15a7907db09f4fc9821e931a13f4140db372896

SHA512
35d05e6e5216d0ffbb7605bd84c6ac02b96b1cce9e32f1865806ece5f6b27c4234fd44a91e800b2afc0677494cd885bd49b725c1cd7bf35d6c318d6affc6f68e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
11b2c256a38f7c40474dc99e3cd7225f

SHA1
95b35c186189a2a379c361c0a9a73fc99611285c

SHA256
b5a6fc5be725ecb7bf03f937832686c35468508668fecca770e7df6e022ec62f

SHA512
befe201854675eef10128fb742d517dd1305e412603b079c61fcb3d263ba0d772a43a8d7b2804dbda4f3f3ccfc095a316de23c198ba3719f35bc819a52d3b9bb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
4ae36f977a335fd4f60a598bfe1bae2a

SHA1
f58f334fcf94ebe13eb5356d856b64258c81f531

SHA256
f2ef205d0db66bbad7d828cdbac4b51d1f21014ea7b4595224a023094a9b2446

SHA512
dfd7706c0a1a2effbd0cfe59bdb62bd06f2122454beee348a5a98ad6efe12d78e3ac02a2daf7670140df721198ae2f1e4d563e183bd5905b6b5dceba2d72518e

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
cd43f10f293437ed98b69feed71d30ef

SHA1
16c84001f49586daab1eb7042bf2c74755c77183

SHA256
9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

SHA512
fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0bb6bc70fefb5d6ef27e28664b39b1dd

SHA1
511f31e41e564f6220b8a332654010bc96c4d5eb

SHA256
d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

SHA512
25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
7b5aae1157d6fb779e8f34007f3c9972

SHA1
acb406fb4069dbbedb89a7d9cd06d8395240fc13

SHA256
6ce2ebb682f6f8306ee341f0a3864db40c289b5756ec19a64a4810297a90dc17

SHA512
0265d171dcc717a813483d374f1c97552e4aa140ae3e961242a31923070b9bfc532806eeda407c1b6298991f558727422ef186b30e3e759f67d3b20842b57b00

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
4ffc3980a8dfe36efb0febd0ef42840f

SHA1
73bd05b5897793f3ba604167b2d007821a027b3a

SHA256
3052d8704a3d43cc65f61738b9d0122e62fb3af22e219ec47f0a563685fa5ab9

SHA512
8b5ae45912a753adf6ebbae4713633fc634ae5ad053f7681c1f00d3a3daa1664ad05852968e826c1b5d7b0095712c7d22acf7907313e02b09ba82bacb1db7a89

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
cfbf23f24c02fb39fd19c62917a3a92c

SHA1
379acb08b9138986840977a3617e26b1e8e9a9e7

SHA256
0e69d9acc1d67ec41c6fb2cc597ffc5a26f9bc165830a567f65d41d629bc7959

SHA512
2242af946cf227be7c9b835214ae298944d138a89513ff90332c0a0441d79e011b58d46f20edc0272e218fe60ff13c413c1e2bfea090f76a4651cb29fbfb0e22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
ab9af8f239ecf684656a9a0c050d9921

SHA1
a4e5614d1a22782a2e0bc495f4a86d7ffddfc0e9

SHA256
10ec25520a4b713322210e7d62c872bf4e2be1101f45ee44d09140520358c5f8

SHA512
d1eb254182831a970143887c2372528dab528f9c73dd4839c8367be4836ebb9acb8b7d12778eb75f8a90eda6d67181d21de42830093770ea3e4d294f03df6a01

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
5cb9e035dc96ce401da4d5c9176364ef

SHA1
98ae83fcb310394594b321fbf67c78edca34cd13

SHA256
2543ad3ed94fd1c26a185c7e54695372b0544e0eee489462cec164aecd685cee

SHA512
3da01a8b8e934178c4786534630b4a00b8f2ce554ca0c8d46e66d4ab314c1eaaa5186fc8966b97c244d7f07546d5385c21b34f02d38b7c835225f08862baf3b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
2c5358e90b17e272afc35cd7667d323a

SHA1
90c752e64eb1ff86e97e37f8c9524b6c73cee3c5

SHA256
b2a75dc5254e8037c2eeff472a50ad20fb86ca975944e12e92ffd6c035bf463b

SHA512
403f15458e16a6ebc14f1c8d6ad95b35978663550fa5592ee8052834ae4ea76d6af34cd96263d286fa7f6fb90facf70454882ca5f1b39a61f98f3162d7825f16

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
035bb0ab45b83c15dcd6b2ef76c8170d

SHA1
c8975715ae47ca7f54389f19ad19e59d39caa94c

SHA256
bc54767f0b627b36e0ef33e882495ff49be7592c93f7dabe4850492075344d32

SHA512
29cdca2f0865a5fbf7f9778e0b48f167346882d865cad5aa90319f002794aa9d07bc9087cda4b0e92db5ac007e4f7414015a957c7815f8374906801c98875a76

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
a82c903ca1400b6a6bc2322f0601e6a5

SHA1
2b00e75e21c1ec36598e321c07590198bc80251c

SHA256
e67c2cb6bfe3c7484a388dd322c2891308629db82af5db8ade0de6a57395169e

SHA512
9e25338998befbf396cbdbd9e5f51fc8d6a3fbed9de31a89df4c4c75a94b32f2e333dfc520d7580e101e45585595db7a407a133ed6c9927b8cf939cf2202f42e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
297f49cc01690574050cd1409a8ff3d2

SHA1
aa9877b9fbb0247b4c6c6e3c5e7b6d8ed6b97c2b

SHA256
cd4a3a93765826dc5731466da52cc98085b0b4ae01fae9a0cec5664e912b8185

SHA512
3d447b45290e77ee25fe7c2215e6b19834fe00129af1ce266ce4589a1b467224811ea60f75220c4499ed0e1e1e338f0664a09e1c509f600a96ff1ad84bdeb1d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
9f9be5335056fcecc432b3f0bfcddb51

SHA1
bc2052b8561f25c796ea29bc58691b28ef03d207

SHA256
8ba1d51a25d2bf1c7b0c9adfd179141e92d8f905abc87c1ca7f6d2021a2dcbe3

SHA512
c08e62a56e5c0869a472eda940e0c18cc49015931e4257d72f9fe7155f5693d029d2a3499be2d5dba27b88f1811105cad2edfe9beb847ea820d2a5ff36185259

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
16ab1c18a1a4783f313afde3ac195cb8

SHA1
e152a1c5498f7f5545951fa0ea30315cc408201e

SHA256
28026bbfb5610ad40018bf6224955ae9d196ed59bbecf94ebe1adad956d7d126

SHA512
747f9006216b7882efb60bac79858de58b2f13a3fc8fa3937b5eafb9e83e2660a2bf2958efe46613df3ab9f6f9acf56518b3d34945c3007ffc38428cca6d8f94

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d25e6830a43a6413ec951aed89e93822

SHA1
3ba3840b20e9f6fc57c0b4c9e250c7c1e6fbc52a

SHA256
3c48c0087beca7e8a3bd28d5c8b48af880302e6d5ffb024c8cfe5bfcc65aa898

SHA512
bf977ddff1bb2b5ffc38086e34ed6961dc0e29272ba83bfc7bc072dec09b79560f1fa45a8b7d6e1c40b5cd1d1d3133a6c74b68d0f9c9a324864853e25006106a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
2776a7efae921c4ac7d47429d91d9413

SHA1
6f0ffc755ad77bd578e5ae9463da8f4434ca21a0

SHA256
0de5df14ae67213d81113a6420f5e1f751df7ad86033be986505eb5b5e939016

SHA512
c95307308a00f4409ba5fc49d9b62c84864ce3b28cde12dea8a522f269b3c6db35f28e6a54544bc5cc4a400743cafab3a8a1d44659b329ef8217d6a31fd58f83

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
f76fb4be003581dbed61168077e76b48

SHA1
0c69f82e6cdf13f52b891d9b9ca5d5c901288924

SHA256
b2b6f02c690ba3cc582b31292b2cca6ed6af769641f8545bd3d997aa96ed11e7

SHA512
30423a982e99f63788e17e15b1d6040d1cb17fc70daa04ef200575b11caf8e5385862385b2e40efcfeac542567325c569f0433e8744c38d3f45b30adf9de11a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
2913e8c36666389266be1df06caf1624

SHA1
952a9403e6e7566f4ffb14eebf2fa9fdb5d4fbc3

SHA256
4f30d6828a8021fda419decd41777eab73262f2f49e959c5fbb511019e6a3fca

SHA512
169e791e99f396534da7d9836561771b57d4e5b44f9740542805d45e9ff37516671f6bda14d73c29bb918b478b299bfb8042bff4e52c5842cc68ea4533960b2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
edb28888eabd43d9b42ff30c3b108b1d

SHA1
3e28c6bcd010abc1c84c1bcb42184375d9b7bcd7

SHA256
3c7be49aff336fc6c06c1facd9baa88966806c8e21f3891e727967a490842178

SHA512
4489eb934e7c8f05efd0523fe3596bfcc7265bbfd6b63c1af3814629a1aa547743d87817b5bcb7d3b02608c917db7db6f0d6a897592de2073cc4daab1f6b889b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5ae62569524488d3f70f7f5ac2c3fa05

SHA1
31df34525a94de240d578be049ee632077b57575

SHA256
3c30b3be3da978c00f67536330a9dd91a1b1ca0178535fb91f8ca519c233b9e8

SHA512
0666f7a90c0a69f7c3f8dd26bf78ca195cd9795d065ff385773411de0bdd828450f6bb79ad3f1541f5b49c459e784f070421073d662902e030b7be6b1387fe86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
940545b9f0588a192b7c0a2afed893f0

SHA1
87dd63d999ab3695ac95081b21d9599d21ef84fb

SHA256
6bbe8a7b77456cb4cacb9672c3c0f31039a228a833d1c42a2927948816570764

SHA512
7ab26393cc5aae0fa170ad3b5738f1303f2b0b6cbddc004a981df6dcbf7b835ec2accbe67e29b7d2d0d31427eb902792bfcaf2e7d8c3e71401f929debfbe3e35

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
a8f5b6b6c9e080d865b60f97464ee9e3

SHA1
58b241cc19576c786b428422f63602ee08910021

SHA256
debbe5a58d69d1cefa24ce478f9a2d71e7acb22455ed0b4700d9756d7b43a930

SHA512
fe9230e6d9510d88f94b01e5123c7c02524643c7e3073b8152a3ccdddaef3b5133337a6e0ff8dda54d5dd0c081c2f062d771410c5ce282f89ef52d644d0c27ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
bdf555ded47741e586fed11fd868d5b5

SHA1
c58c2785e706e7b6ba45f79e0dd951fa8ca4abfb

SHA256
130bcdff96c730e6a70ce2b5fda5d1ac7be329fcf6c2e111029d2828fb2e09e4

SHA512
7dfa262ec50733145db087339337af03b8b4c87572a456a51e76878efdaa26f6b83833dae465c552db967cc65369edf0d99d4b1a8203b6d08e99297ec7b533d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
4d2879d8d2ed9491da2f8de4c03e8759

SHA1
7b5b4ef2be2a4f5a010fe4c2f75575a1631ace00

SHA256
3d2bbfaa336eeb8517b7fd95a751939cdeb15791654657be0fcfec0571d1901a

SHA512
9f530d4de84b65cd874f1566ccfa5ba855e644c6b0229844717c879a070de741353307b36523aa88977d1bdca7838e3577cd8a62b2e7eb2c6f02b0aa29dbfddc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
363594f187cb0bbeee91e796c5b5c9f9

SHA1
67879d182410a6ede2089b6a2731ca7a19e84e7c

SHA256
b7df8ef32dcf233209cc881a82aa7061629643d659dcfa4346059ca54f27b2c7

SHA512
2c09953548deb512e456dd95046d885b4783f076a39641ffdea53c64c8e1fee310842b8bf973999538c45fa2aab2e05e17e25aea8628d074b4d8dd6071875b84

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
10a5ba7d9dcfaab9edea0982cb02c140

SHA1
93fb69a3a5a20a233fc640cdc8657b3af3e5d7d0

SHA256
bf401f549bdc2ce08d885997488aee7a3c826a390d1b8f4a9202cffd42e8fb9a

SHA512
c16ba86bd465ba49893dfe6f86d064e30c8a80e14dc2e7a622aac737a5719e3a2725e70ca2c77e71be1c73ee29badd65e1ad708109b34446e6e84fd8c8fc6f81

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
71c00850270186dd194e807eb12d270b

SHA1
81e913834180e5f976a14f509ae842af8661ec48

SHA256
9674f7a5cce4e14cdf42a28b4af7b713cac91af2ceba48dc3560cf05fc767d32

SHA512
5377c527a2ff98eb9ce1b443c7d3cfea6a86c26b9efbaa7f0827817fb176ac6789b9d1de8e4225cf9022d7c7f6097888a87d894ccc2ede320acd5ebf5582cae0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
72f90720e56a59f516482937f04d5ee7

SHA1
7b8060468942a6369bd1787cdefbea0cc532baeb

SHA256
966f5bda0537b09de422c2527bf358df78802d829480938a84d0a10fa7abbb13

SHA512
2a90ab30bd53a28cc789c15b0990717e0413d3946bdaba90d4fb76bcf49f2a91fb59926f99ab6cbbc1742bdd1b3f3c6e21ac99eb9a7e7d50d70f4eadd3087e23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ad8dc02b7557e923fd988b1eb183beed

SHA1
e417eebc6e17557d86e5863b4ee32a85b047451b

SHA256
4ef01480fd2b4ac787e166b754c467e17b9df3b083b6daf2b95f716b76e77680

SHA512
5591d2a469dd9075ae79626f29e073d83b228c7068bc37fc0b3fccd619d8a3bf1294f68e25f0166ea53ab113cfe05a4831e95263e1e734e414d566df824119b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
b23c564f71b14104d5ce15a14bbf6673

SHA1
d60dac722c77c4c044d682220519198144a34efc

SHA256
8ceb866d29ece749f36bcb90330ec5b00c102bd03e2d0af26b3910ab4b77c975

SHA512
a40ac669d28f436e2a04d769bd0ff61b4866bd770d5b6f4db8a54a5ade362825a2d452ff70556b678442dc083a6901346f0275c751149e618dd807bd8af0929e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
c73667f11cfc1efbd844925cb94ccaf6

SHA1
d37fc456930daeb25ba256add1984c50805d3ad7

SHA256
e2c521a87943b36088a73725cee6304603df1dd9724a43090a8c5c4bfb732bb0

SHA512
ea622e0e84328838118ac82caa21c40b2022a53cfdc0fd8c522f079a9f23f861d836c452f95c093c5c3ec6762dccfa56ad6712437738f081ae54d0863ea8d6c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
9d0de6b4710cf196ae62b6d974032d58

SHA1
a250517b699a66f83db77e071d1af04cf1a1c6c2

SHA256
1d4270a261803f4eab5d7f00d1edace46c76b58762b359ec04e486afc2b8dc96

SHA512
762407d10ec7bccde2818f44642c103ac324836ea15518bac8d674750cbb1d9760308244e3a26eb5ee76519b27bbab97504cc9ca721fb372a69200cbb263a029

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
c1ceefb949816f2a8c784c4c0bb1cd49

SHA1
05b64f1b77b12dc36bd9d97864fbb1aa382a4187

SHA256
dfaf3f647149f6a050c895bedee8145672ab7e959e7ca4c9a7a2b7147b72f8a7

SHA512
2df71cca57b531203672e048291966a00e9ce82561dc44114c9f83de9832653653228dbdc414485a9a686f77a4f7b76a146b9569a620971cb4a60cdc42a7fe82

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
bcd1c0849ef2872a18ad689348317e2a

SHA1
f89b2a77f04c35f4b003e9fe9cce30f96cc5e2cd

SHA256
32c036390dbd1a24e749aa13f1d6d7a832d0b2023d1256f26c6db83b0452e132

SHA512
b9ba645610687efb03e04a1b0f815277de43fcb3570c610ac9138cfa0845608c534804a17ce512e7151656040ce8846ee5dbb4b88feed1a78d20ed30e8176572

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e28ccd1a3dc184b9476252349838e896

SHA1
d9e3d801d2eb0217bc0c8f6233df5742e2eeebb5

SHA256
4e31620edcd2004ed7126d71371b54ad94ddbe3f8d1af1a18c6fc166cf68f519

SHA512
73fe8d1d12f51b7857737ec270915f100fbb9d429418aadce5a36590ba18f4cf408c52c0f9f929546487d9e291e17f3abd4ffbb0d3ead7cbe616b9b6c5a0c0f5

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d9b5c8f5a55db4a137a3cb70cc359d65

SHA1
a886340287af2052956727bf9f51921948aad094

SHA256
9b85f49446583755ba1b854efcf105ec628aba706b2ea795e3548b1a3913e39b

SHA512
496ccf3096b5e2163f2ccb1cfce830fb9558a41ad77d9104b5e61d1faddcdb1bfab2a82304ee39f52343da032b5c05ea75aeb01adb9adabd83a440488067ab56

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c0c8c20af6bbf41d7ef1e3cd72b54f91

SHA1
9f1f9e97d725605192fce231fa19d60744b624cb

SHA256
ff0ca38c816df6c291efe16b173525992c449035254b9802d0e16ddcf59d2798

SHA512
940eb8adbf9c34c2a4e27f0ce243ba51dd0e5de43ff53e1fd0f493568f520f689c4cd6d87ec4b77e1490144b1ec92883bd06736128077a00b0dc35ade20c0bdc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
52ed0506361235b37e1051bfd3434458

SHA1
b363b477463fab4632621320eddc676571e1db34

SHA256
7e2616526b127c21f2cfac72323315375b3e19c4526f1f32b2d0796b473b0b20

SHA512
61831382414c0d826a98f4a57d7e0a3d2ae7e8fe53400cc1737f54e932919ab7f1fe642442b465032f6f21b7c345311599c922b385dbf888da263e26c205c404

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
aec80927f9edf1588afc41801941394e

SHA1
782eb1a4432d6c727cabf1fbf037e4a30d02e188

SHA256
032f82337319738e587e163c8edf712b7f9295a65d85956b9ddb64d3ad1b26af

SHA512
6cdb428f0971b7cbfd0cc900f1b99ee3d03a4040d4999ead1380cd9c5493c3b079b63e5ea752ea76fc533b095dd9c335afa52c967b14d306bf2912f2cad29277

Download Submit
memory/1764-5692-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-5667-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-9971-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-10949-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-11289-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-11266-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-11283-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1764-11288-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2044-296-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2044-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download