xorist | 51b3773145652b5d559396a08e1282a3a1d92d4df473f774d61791386fca0598

Analysis

max time kernel
92s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Size

33KB
MD5

d9789bfbc54d5cb6d52c385fd8f5d288
SHA1

b8f60c64c70f03c263bf9e9261aa157a73864aaf
SHA256

c0fcf3ac6b125e985c6574ed7ef1a7929f3be8f6487b68e4d58a48a3b1517b5d
SHA512

21e81d64136897e86362304666cb0a8510ae2280c432c8b768875d5459b527e2cdafe9a61107433d3ff7ccf8092f3bbc226f9366623c1d39f76445fc490dc4c8
SSDEEP

768:IPXirrjYZp0Tf6yFz5Om5jPwxgjAqJTKV/Z:I/iTYHQCm5DpjhJTKVR

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 11 IoCs

Processes:

resource	yara_rule
behavioral32/memory/4836-8-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-10-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-3338-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-4288-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-4281-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-9828-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-10892-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-11209-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-11232-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-11237-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral32/memory/4836-11240-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\en-US\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Drops startup file 1 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe"	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Drops file in System32 directory 64 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmbclass_wmc_union.inf_amd64_a02e4111c770770d\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthleenum.inf_amd64_11f9ff6c12dbf9b5\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\he-IL\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\GroupSet\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\migration\de-DE\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\AdvancedInstallers\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\wbem\de\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\es\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\hu-HU\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\ja-JP\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netevbda.inf_amd64_1503f4d5a0d6ba56\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsvirtualization.inf_amd64_078671a0cdfe2870\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\migration\ja-JP\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\oobe\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpenr.inf_amd64_20c8782372e47bd2\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhpopr.inf_amd64_9839c838c72c0594\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\de-DE\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_9be5ff0f15b15eb7\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\F12\en-US\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpitime.inf_amd64_e1498a974ab95ea7\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_aa94d04ecf56de1f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SysWOW64\winrm\0407\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ehstortcgdrv.inf_amd64_5cb0c23f45dac01c\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdfrd.inf_amd64_25779da6eca4810a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	pid	process	target process
PID 3588 set thread context of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral32/memory/4836-5-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-7-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-8-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-10-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-3338-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-4288-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-4281-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-9828-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-10892-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-11209-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-11232-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-11237-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral32/memory/4836-11240-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp10.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\Assets\ValueProp_Unknown.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-white_scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-400.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\BlogThumbnail.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-150_contrast-black.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailBadge.scale-125.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\1949_40x40x32.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100_contrast-black.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Archive.zip	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96_altform-unplated.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-16_altform-unplated_contrast-white.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_hover.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated_contrast-black.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-400.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-150.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\directshow.md	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\CompleteCheckmark2x.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-125.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-125.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32_altform-unplated.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EMLAttachmentIcon.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\rss.gif	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_altform-unplated.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-48.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Dismiss.scale-80.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\IDPValueAssets\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorMedTile.contrast-white_scale-125.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireMedTile.scale-100.jpg	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Drops file in Windows directory 64 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-store-licensing-client_31bf3856ad364e35_10.0.19041.1_none_bd00dc33a869a94f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_hu-hu_11a814b6853ad606\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_netefe3e.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_900d874815c2c1c0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square150x150Logo.contrast-white_scale-400.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1_none_595f2a7acaf53bba\Logo.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..enter-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_c18c99ced7f1d11f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-accountaccessor_31bf3856ad364e35_10.0.19041.746_none_a559ad45f1fb284a\f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.scale-150_contrast-black.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-newdev.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5305eb26ea027c5e\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-twinapi-appcore_31bf3856ad364e35_10.0.19041.264_none_917d9ce81cc2c3a3\f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SystemResources\Windows.UI.PCShell\pris\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfaudiocnv_31bf3856ad364e35_10.0.19041.746_none_f1d2f6b3087cdcfe\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..ers-assoc.resources_31bf3856ad364e35_10.0.19041.1_de-de_3823f55892bd38d5\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-media-cap..ternal-broadcastdvr_31bf3856ad364e35_10.0.19041.264_none_95569df974df5dab\r\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_4dd3ee60dda9fdd0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-van_31bf3856ad364e35_10.0.19041.1_none_620b128ff86929a0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-platform.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_151b3246dd8769e3\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\LocationIcon.scale-125.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ctionflow.resources_31bf3856ad364e35_10.0.19041.1_en-us_c91f468d556191ce\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_multimedia-windows-..rotection-playready_31bf3856ad364e35_10.0.19041.264_none_2e9bda11f2a82335\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\diagnostics\system\Audio\uk-UA\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_input.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_d75c1d895c3a8363\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.FileSystem.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\msil_microsoft.backgroun..transfer.management_31bf3856ad364e35_10.0.19041.1_none_ebccaf368c37409c\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3conn.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_edf0754475854d7f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_he-il_22d62adc8b943f4e\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\msil_microsoft.hyperv.po..l.objects.resources_31bf3856ad364e35_10.0.19041.1_es-es_805592c314a9535a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\msil_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_76044c8180079878\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\x86_netfx-msbuild_schema_b03f5f7f11d50a3a_10.0.19041.1_none_9c5b30664b9b4c83\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..s-service.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_204db206c5980482\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_10.0.19041.1_it-it_02797566dab1a781\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tservices.resources_31bf3856ad364e35_10.0.19041.1_es-es_c71e5d24e7c18c93\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_windows-internal-ga..forcefeedback-winrt_31bf3856ad364e35_10.0.19041.264_none_dce7e1ee9d4882f1\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-r..xwddmdriver-wow64-c_31bf3856ad364e35_10.0.19041.928_none_8f395bf70af722d0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-u..istration.resources_31bf3856ad364e35_10.0.19041.1_en-us_2407d4644e9a741d\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_ro-ro_efaaa65fd03af775\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1023_fr-ca_fac701f61ce3c311\f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..pertypage.resources_31bf3856ad364e35_10.0.19041.1_es-es_ddb9f4e20e31b05b\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\WideTile.scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-clouddomainjoinaug_31bf3856ad364e35_10.0.19041.1_none_bcce1e8890098abd\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_vmconnect6.2.resources_31bf3856ad364e35_10.0.19041.1_it-it_c742241b31b56d3b\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_es-es_197e2d469b031a1a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.964_none_c714ae0c7ae90eff\f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wer-sdktools_31bf3856ad364e35_10.0.19041.1266_none_bf3c721eca7a986a\r\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\common\Formatter\typescript\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ureengine.resources_31bf3856ad364e35_10.0.19041.1_it-it_44e2d3f797c55ac0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directml_31bf3856ad364e35_10.0.19041.488_none_911950774fe41ed0\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hnetcfgclient_31bf3856ad364e35_10.0.19041.1_none_474ca1a7ed9e683d\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..onaries-german-main_31bf3856ad364e35_10.0.19041.1_none_eca86426b6e81225\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_perceptionsimulationsixdof.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_10715a7616bb7659\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.746_none_e6778e5b0114e5b0\ComputerToastIcon.contrast-white.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_zh-cn_3727e4c732294b40\r\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-irprops-cpl_31bf3856ad364e35_10.0.19041.1_none_edf7dfae29e3ce3a\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SrpUxSnapIn\v4.0_10.0.0.0__31bf3856ad364e35\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.contrast-black_scale-100.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare150x150Logo.scale-200_contrast-white.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-xbox-game..scription-component_31bf3856ad364e35_10.0.19041.1_none_784e7aa5db63da52\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile71x71.scale-200.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-kdcpw.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1cb86269774890ef\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..uicomponents-events_31bf3856ad364e35_10.0.19041.1_none_65b190960dfc2ea8\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..mplatform.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f527766c73a084ff\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..elmanifests-drivers_31bf3856ad364e35_10.0.19041.746_none_077033db66b1e8fa\f\HOW TO DECRYPT FILES.txt	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exeb8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Modifies registry class 10 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\ = "CRYPTED!"	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\DefaultIcon	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe"	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZIBXKKHVYMVCCPW"	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\vQVykYApjMM758B.exe,0"	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIBXKKHVYMVCCPW\shell\open\command	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

pid process

3588 b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

pid	process
3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

description	pid	process	target process
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
PID 3588 wrote to memory of 4836	3588	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe	b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe

C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
"C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe
  "C:\Users\Admin\AppData\Local\Temp\b8f60c64c70f03c263bf9e9261aa157a73864aaf.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
742cfd1b2c91f0bc866443ebf8b58740

SHA1
091eff805dd145f609f19070620db2a1c5c69399

SHA256
688417adb50242ee6144e6f8888fea3a1a556aa06f21fe90208714bf177e0208

SHA512
6048d201144edee673d9c574db969c694b96a953dd9b66fb86a46ca23555645c483a352b5dac0091719e30dc9833d76c5f7b25ff82466e1b9fc2b8c3f88e93c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4fd34bef279e7f94904ffd09eff264e3

SHA1
dfc962967577d69534c830aa2a9dbc9d742c2413

SHA256
e16bd2ec9893d9e7fad9fc10ea015e99b50a52d79c5340bb9b5e9404a5e5229f

SHA512
39c44987de4c912cd7292b503a844fcb299347aaf81903a269ec8ff8792e59e5e021fd82e046f2ee974ad7754836912fac5fc8cdcb4a3e27b7cd27d7504d9897

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
d398bf414601efc3f232b2cadafb266a

SHA1
2ba655c502004f441095a589386db3a4e142da2e

SHA256
082eab0cc4395597babec03c0907f291637e6513039f332b48f8a647912eda8f

SHA512
b1b1cd4251fb21edf68b242a8ba3652a5ac225670f23698e00a2caafe312770eacd4d5d13b007313f9557abf6cc3a4ec007332ba00d70c456a7d74a6b0307739

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
bbb418f1cafff805415a4fd09401b0ad

SHA1
147ecdf6c26b5f1e50740ed3d9a26bf090e42e82

SHA256
87d17a8055ff1618863016aed0a9000be967cb0a23de1d2c395d5982bd809e24

SHA512
dab813790f9925bca6359016a1751375c83305921b54733cf52c8a178e330a3f39a1af6f7b4d30392dac24d11f9594a9630559e52e345bfb9b763028d775254c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
0250891f51f1a19982361f7d72309dbc

SHA1
beb69feeb4333088fec978aeb7fd8ce3250392af

SHA256
13211b854cea9f9307bc741c4bb9803a8b3b4b3259c0702426a41cd2d84dd3ba

SHA512
6d1e00e492c9434b31fc4dbb0291a4bc9ba293ef3b09053217549261ada0f670e3915ff64d186b3f3dea981b2e94b221b018f71d2d050d68baa2d78d9ba708f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
bd19b88bd84cd377c30100e86d909d23

SHA1
178137a6a52c426c030f5a1c1ebb8d3dc20eb16d

SHA256
bb64e7ffa5b89a93471694cc248d76c87021863f93bbeb61f904d96dcf585f1b

SHA512
51bcefb3149c657dd697366df613954b7cf758ebe1f942b572601d249ba9e7364e9f32a15890d65dd6368829713eb32054c009273a4e03e722d56938cd8573a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
5f00bfa28141430d2a7c32a1f9a79d9f

SHA1
5f9be308d6eb54fc23ecb0f49319e45a5f5a4561

SHA256
da042c976b4468e9d5752e86f58bcff665e3bffe9bc56f7924fab5683ec14a1a

SHA512
99ff557c3bded9451062a3c3f4f15897bb785fe056d617563658b9333c2d7d8e9380ca42b16a7d3be19ad98f1d74adbbfa341d05bb15c6ffa2a752720d9b1599

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
2840306cda70f778c0cda646dd69940e

SHA1
b9bcc01283df7bf1dd0bcfe1ad1220004927e250

SHA256
68ddbdf4d7bb9bf723015de77d65e304d2cb96e6771e55c25166d07d8af977ea

SHA512
cd36efbb35686ef6f55f5dd5d409a2cb8f88a69d068012b160306e4816c4f3097f12327b88be086afdfddad544aac52ab78dbc500e5115f5be40399a8b18f298

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
571a288b1b2c856fbb2af9df718f8468

SHA1
0bdfe49922b3b0a6bb5ef093cabecabb8098d4ce

SHA256
453e79b99434f037dfaa0543ba56d06a8111a3d5747e9d9d794fcd77c3ba2342

SHA512
ab956852e45fa2240f6529e8373b0241d7ef0745883c52c4434cebc1893d0a75fd64afdf5907cfbf9d8ff263ea0d2889c6c60e8b2a338c213be727da5a038cbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
6c09e177ca946b0b987ae192fcb2d058

SHA1
6e831e91312ede1df72df54994a13afbc98127a1

SHA256
c8eb2566c67ecc64578d57d8a5ca399407e9496f27ce4d4b65d03d80d1358dd6

SHA512
d0affb17bda7452ee056a5010d1682175eea7829596b510039a10d89361be7495408c41b4d68994258c9cc25f66d9278149c4ba4f78b851c9f7adcf12ed5a25a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
8fb3b5bff2873d01417fe38ad15c6416

SHA1
a8f9fc32ccfb103511014f3c6064704bcfe5f08d

SHA256
efc54132e962100b780d93da7ae388d68cac77677d6f80e5a9843033b36c8aa1

SHA512
33781a2a89d27d833bc2bf77b91d1391503959d76cc84e6e8f56773a50f4d440cb9413899e7f93ab19fda6e9785e78a40ff7b7a462b36fa6c0d0fe4d9bf044ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
5ba5fdedf2ddb1cb9810e52fa76cd462

SHA1
bafb01d7f71e7d12f0847f6230fc6adc2d1481cc

SHA256
4c812cce04e4a120d8bc170be6773d7f6fcf9812260c2aa297df204959c0e8d8

SHA512
328e88e1416b6d6cf3e42b82fb0419e5702a092e79794e8b88e30309b8f3669abaf840472da8e5acb036936d594e4bce0cc6388f085316fd11acdc2af7fa7923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
cba735be654054a5ad9368a2526a2a72

SHA1
9b7ca90a9d028efd98ef9dbb6a3bd050ccc30e30

SHA256
becca10f94dd0569c09c2b8bc323fb0fe4722fd873ebe827fa876dfeb600a82b

SHA512
982f9c5b2c5e9fd206fb941ecc13c363459404b1b9b399458725ee8156722a43922de1c32fb9ca4f74519ff2d170fc583cb75acb48dad9f031d70bdf08f352bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
5717558bc21fc7dc0f00ff23b0c19b2e

SHA1
936704aa0d2822a1e7fc9c4c7d5aa19aed4f9524

SHA256
6a3dfe71abf3f8cedaa4054978621fe720f3c53db6d79a7995cd8cfd703a3d0b

SHA512
38b59649c07c9989363b6e086cffe331c31a4913d4e1732c8c8931688eed41c319f01fbb01789210fcc7c7b0527690d51734943f6f78f3d5eee06b5b901c2f15

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
b1d87b479c0956c65570bf2b656b5e5a

SHA1
8722cb1762c073e0a118b0f013300f7afcc82df9

SHA256
f64121d9ed18ea96800cd55ef4fc7ffb6e60c050cb4b7a738f37268a1600fe1e

SHA512
cabc634644b112d5dbb50f4f18a3a83b8d3e1a4f4c3354acb88dc909dae880a8774fc69d51f945b9509c3d04fdbf34f5e2cac10f30ee7bb04f76731bfac9a5a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
61d2ee4a76aab8678cc8193b67e37346

SHA1
cd5e05eabd65e3989d5147e52d2052ad41b58b9a

SHA256
0283a8da988a750768959fdbaba5f4623b78a6ad00b022bc85bce84b8934d009

SHA512
b7f5bbb93073705b2516457eb89471e481dd9badc17d71facda3cf7be4d0cf6ac1b0c60ea63fe0071b394cb09ab8d0b1a210548f38e2f2c9292757f85277b0b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
bd8d57332060ca14f9fc453dab7eedf3

SHA1
c87e358b84570d11f95dcea372615eb722a991a7

SHA256
6a3e95b10b298e317418f81dfa2badaaab6abd157c066fcdb9ec14878a8f1622

SHA512
97b762a6a9b7d329945f2b654761274bb25171a69551a2ad0447de3a4667d42e569c34ce758f95fb18e5e997f88e608a01dc6adf36c6ce920f8da9095089966c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
454f14554289db3acc0a5adf6378bc7a

SHA1
649841330e47afefb1e09037061b6bb7d334a70d

SHA256
a3bfc24f626d242c24ed0cf8bc7556700259fe671e6556fcf4bdfd5cf14605f1

SHA512
7bd4ec16fc837d19b81f40b1d416132d8bd69a43e994774219241faca507d6b0d27e345640432a455786d6c4e49056214235c14fba2b19238c3df60cea8c031e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
cc4253515e8c6b6f19274cb337badb52

SHA1
1393cba3fb26171612ca052a776e8eb74bfa76f4

SHA256
532730a6e0c1374c8070ccbbc094d7c11d5489cc027f3fe537137a0f621b2249

SHA512
f74dafa4fca581408e4d1c1ca81ffb3f12bc9c0cf6f3a031269d10894ad4e5633e0296c5b39dd6f330221ea128bd7d212717bef65870838463016338500a313b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
1993287394ed12b823855d40fd41341c

SHA1
949cc5a1895a82f8abb1188fd5569adc5011595a

SHA256
94c81ad025ecef750cdc5408e8a7719ab2d1d5e53f93f552a27a1180fa9fdcd1

SHA512
577b93beecfcab3851f39231fe7865e5ca90d17ca6a9da3cb2ea488c3ecc3ac77bbab255aabc865c34b465133cbfe83e274875024d469265c4e8a8f2ed0422a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
e6e48ac34995c24f356137e1c8460d5c

SHA1
43dd65e226192ccd624616a03334e663b1f0b134

SHA256
d4ae7cec8c9138dbb10f2ccfd60fda7572c0ca781e220aa1c134ecc22249f944

SHA512
0134ed538ccbe2d2236de892a502abf913d6c8e66b21e56202d4a9b0f714adddad04a9f32c13b88abc657ba37f1249c07f412cf6e5750318136c5c2ccd0c1c9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
12d5e12cc5f03b148b2aa782e0906610

SHA1
d3a0e5253e250a3ebc21613ab5a5bd9330ef918c

SHA256
4a8ad411cad4e221d256408c663e003940315cc9763e642da79ac2d11ad8e532

SHA512
70a5377b73b2211f88ee0587324717d4c36b86d2f2a97723d2f703158d2bb5c58c3ea952abfede5916f33b5ba4ece79694ba04eb3ee5746adf678b78e01ac7e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
897c883a30e927a0bca5e4a441db8cf2

SHA1
20414e69d2a453b553533848be1e21af6dacb45f

SHA256
bae94c2d8bec01f639fa8f4b9db25914c4c3887a60d53fe3841a0caf7c769c22

SHA512
6d25d6727f1c5855366e3b3c9f8ba1c3088138107fe08471f3fb0a44354e4a87b96efc9e2e4a59caf4ecc0c2e0894aabc332956fe9f7cb9033980054375c4f8f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
12929e4040bcf36477cc2cbc733c2176

SHA1
04867208170beab54be8dd06a5ab09feee98e828

SHA256
28b02a2cb73edb39643caca30275859d7b81df5e28191c95aabb23c15bb40cba

SHA512
05647eb1b16b361a940c549f405ec033e4d3d74884ed4096b2f9a6d9b264d53dcbc30495c07375c03f5c790347ea12cbc7aa726b40dd60880de3b90aede4e1c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
22a6543bb16946c08079d6e39500887a

SHA1
eb8a8d191c8705f0a179ee1542965c8fddc0d89c

SHA256
fcc4bbf7c489df258e952e29975c6ad3a4553578e8d0d9523c203aab9d0722d9

SHA512
6983473826be1ae793f85e53e552d379002310d36c70c7068e3a0cfc6c5157b28bc0041e2a04a1a82073c17277e6f6175842dc8e107afde32d4012d979ae7548

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
922e201c23d671691f4b70a369e986fe

SHA1
146c0e3c6fb160081d89aa4b88a3be36740556bb

SHA256
f37e57d289722b91aaf87e6afbf85ca3aec80030b1e747c4bbf84e6e7d55a385

SHA512
aee7fb0106f93d251cf71230b5a25bc07507a9feedb87eb10057073e39784c9b146e788ac8bbd8be4c0f19c8b5a68304518a1de2122ed8d4a8228bb38cc2bec1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
cea97013e3eaebeaec69c11824f323ee

SHA1
d04666b0fe9984c85377f40100ea58c90d218ea0

SHA256
fca536933f5a7ddf0bd7ced131076892fbf165c3dc29ad486dc9a27cbf3a43c7

SHA512
037df1a97f61c822ceb7a648b561f7d6e7c92481de3b373bb64714a1b977837049b48a21f71d7957267e62235241312ff3379007ade7eb486b48748318b9fe73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
c366809c7c412ba8079df18e4857457d

SHA1
5a77e5f6aeea38fd559edd22870c6142f2e224c4

SHA256
24aefd4bb5b78b0ef4229ae255f09152f093f095cba81e5896a5b9426396482a

SHA512
2725f8f995fa17f6feaf08710997c09effa35c2ee6c3237e289466f5a6b129a25e052e02ad849ffe43900b2fcc279ed1f527898ffe5a33ee36a1cd1366a81d30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a46c064a820cb4f4ad7fa7f28d3b9c98

SHA1
c27e76c2dcaef876abc568e55dce1fba19b6c6eb

SHA256
caa4c3cbc82f67b8c9ac2384baaa6197fe3a7503f805231c93c5f902d201dce4

SHA512
492562ace0a15ddeed7644265b5dc827d787d7e57eb0ddc834ecd8330d9123b31451aaedf0e1db5ad46080433e54ef29141092c2c5155c4bf41531d157256d70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
d4e8642b606afd7d2a5a89a94990b148

SHA1
0af3d7dbc3fc036b5e1f48e52ab216dae3293aac

SHA256
055bc8e41b22f9e181ff7ea87c87ffe21a9c15c46f44e2f0366f9268ee5608eb

SHA512
524fd5f9e32ff764d7ee0f018a27920ad03fb1e35d1466e8fa8bb691d6f167a26a49b4403dee3558fa2c506e0d6256c2bc6d03b53a78efd57177343c0889c20c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
ef011752436c5ef86147b99bb6abf644

SHA1
39479d7cc673795cb12cbf7f226dbfdcbbb1b1b1

SHA256
b005bb41de6bc8733ee9cc1c0b8da37ebd71d02d55b07527230c3a559e30c716

SHA512
459114c48cfa5a70459bbefc075e875c75e9864a5dd00417796737840c2c70ca0ac0ba2292b7bfb46ccb7ddce8841b57da43bb9a0195da8617f510890a873288

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
239b8016067d55e8f2ffe89f1faf13fd

SHA1
5cbe2345182839eca2f3053c9cf8af4aed6e99d4

SHA256
7de25db9ea7b649b34e1e3d9a416b0c2264742fa4e6598ade94b5766b60952e6

SHA512
ed928b4b912e6fadbff56c717420abde6d74c4b4291941310a93f720c3712f7475b27db60e333917812755c5a4a6aa842553319c0cef3af18db422d5062e08d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e5566b65431d9506ed9e439942697671

SHA1
a6e95f3fbc0466ba29278d307453ca6e69f6e610

SHA256
b710ec83792dc0a02f8773c8e9d6851f74c44973299d2bffc3c101cefb8ced53

SHA512
f4d5a0adc30f4a2c6be4c78576a52a1bb48bea7c3bb85ff2d738b2f7c1e4d2882e21686b1373744b9044f8921355e191ae582aecc136d14d9cab4b4cbadce12e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
8fe3cec6d9dd45354f2443b8060d82ef

SHA1
b607cb4e2810048e9d57a8bc218ddf9e88227731

SHA256
5e944cb5c444bf39a04431d47b250c54391cd51a44629f37291fa6e1ef501e77

SHA512
d30529dfb4d42233977ae995f70239f3b27bb11dc418e22528f61f6681378938185bc2fbb1089695993a27d117663b72e0d1788f7bc2c807e8c2043ff93db7da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
372972c295563a9f4f30416586fbb3b0

SHA1
54bc6d9fbb3e7a6670992a3a9cb529eb9befa902

SHA256
ca29081ebb879418fa08a3bec305a02375ae9f2c72142bfba0b81544aa9912f0

SHA512
437cc9c169ddd2ff0feb49ba8498f4278bc60201d716ef13accaa79e842d642d3e6d71369930a205ce73764f126675a7b3331f211b76539c3b0c202b6250af89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
6adf4391a3523b218b0998631f5a506e

SHA1
fb3f8408fb3f7111f7a1ea6c051a1fbcbd7fba3f

SHA256
69971803353c9070b66bdb01a6fddf71a03b860c3f246a2ccaa0b410e44bcffa

SHA512
b10f61d9cab2920d612d5ae42296fd14db96f6aa10d55b471ea1f027a0bca0f7a700a2295baacb97354ef2b6a77da007607af33daa93258fd79cc72d36c0a538

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
aa342183320cea15a8630d235b2fa9fa

SHA1
be0646e0c58a96f6ae2cbe9a23a8f3a859543f51

SHA256
1ab299f972d95c56a72773724307ed4676fd7f7a5efefb08377333ee6143d074

SHA512
8bf4a3e0a8a9649837817d50466fbdc88a82b6498975e968881d8656003b03a7b48f89dc281407d4aabf1b99dc2283c106ae15c212982b65f320e89b8fbb7068

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
60fb13617090fee4f9b0be2f7a5f4abd

SHA1
3cb97e88c3ec718ee591a104b81b8e4af87bdd66

SHA256
4c16a175d3b988c63c92081793b03dba1edbf835828d31a7f3260b3a8e69c132

SHA512
d4c6ef2fb1f4486484b587fac74344dde35bf0134edf0a79e4c552a8cfa06f435f1dceeda3909bf3009af2bd5b1de4be77f0d641331bed3a21c1ce615167aa54

Download Submit
C:\Program Files\7-Zip\Lang\HOW TO DECRYPT FILES.txt

Filesize
394B

MD5
84aa889a87f60a5efba19bf8d6464613

SHA1
4fe67d41d2ed917651e5820f131780bf078e3c7f

SHA256
43fc35d4b08e00236a28300d95f7426593db8f95f47e995477a77bfa5fb0ec99

SHA512
1d67c2552d16b8c9fa33417d45c8229d291077f45a12692d8a7e9ade813dbc629a4b13eb4107a773896386b9c4e6993fbefe54348568ef28f44f40c6153ff0a4

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
27c9d1245163f6a2ba76cc91b0c3bb3c

SHA1
5f126d6fca1dd15ee1a058e5e96a0b3c89dbbfab

SHA256
e25e7c97fca79b1146429e074fd830cea1283c464836c5b0e9676054e9469542

SHA512
c331ac3a69f9c599bf00cf6bc934ddb6195d8454af11603a7e954115376c8e0d1d7d9513357c2012c200a57e9ef6d43caa2d3bb3f2eae4eb0a063a825edf616d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
b5ba00f5ec2dbf6b1fcec0ac6063233b

SHA1
b2b6225f1f8aedcece2ddc54944ef8fa4c3f9b93

SHA256
314e683877ba1290c8f661be0692a3128a92a0073997b38ed9afa5c6f8f01958

SHA512
6371fdd94e905e30d02e39db82b4ee5274e40ee12d6c49c94a59a45ce4bcaa33a20c4ee03d3211bfc4e5ad9d7c563984bb533a59dd2ce84b49fa82fb54cc70d5

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
089a26fb8eb056cea370e280137a3ec1

SHA1
59a2d5fdf8c655164080792f95a37b99305c8fa3

SHA256
fcf418bc162502420a70ac77aa46f31be4bb88b73469bdde386e24ac1bf0da58

SHA512
6a51d032fc21c2722dec3b55c175666637dc4ba62cbd4cc4eb3c6a6df0388adb6c214bb162f2c20f4b0ab855695e398bf54256ef3c944b9c56347ac4d6511809

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
447ba3078ae39c96bad23284c0ce1c37

SHA1
407e455937c8a09cc916aab769f35c0a328622da

SHA256
fb72cbca2416887d19dd6c75032a265d4d5f6c45304ae2eb33ba7b92583f412a

SHA512
f5e99b5ec64b071cd6c33c44559a07e79c5a383bb7ca8e22dfa7e7cb52411e3ca9a55b24519664c7827f019f6986aa6a2eb07dbc89eaa25fac1c10d1fafa7300

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
0a61124ff4d5f5a4a8877a01c03e7e85

SHA1
0f5d643f988157f06fcd64e78ad53722c63379bc

SHA256
b01dd5be355ca9febb829e219f9a1d7ba82bba03128895b95df4a0c85ff0405a

SHA512
a9baa426a3ce56d6401a9a46afcc12c355eefa1a974535d640ea52ad697d307bba6fa5978ba86b13221c73909f98a54bfcb7685477850dc9e77fc2d021c7a7ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
62fc029f21f901df1a8b3f7068fbc679

SHA1
13f2627718807512efbd105c157e06ef33ad57fa

SHA256
3a082e02197b77cc70741d4339c2ccf2d89413f696ea1a4fda5c63790acd165d

SHA512
c4980e6658e4724d5868cf3c58422f3962d715debe02e2bdf0f31d918f013d169521dc6edea92feb35e5f7f52f4887a07b12aef49a0c933686288ebf0e0ec21e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
24e46dd90848f164ed8ed0af5211f0fb

SHA1
3126b4a0e282a46a71c416e78c0313134ca6161a

SHA256
7d5cf5a621b00c8aa82f189226a23c96aa935ba6e01b33e41e34434da006c8ae

SHA512
54ee08298c9778f3f13086c65cf71a43fd84d355ff59b194f19abe1d5592998573cd5fb120e7196e6acc9747fde12a97a840bc964cfe624fe9ce46242ff85ef2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
cd7df679fa4e95668164470324d1eabf

SHA1
c68d6eb1b8bddfea694f04849c2e630d20a441f0

SHA256
481640b504204be5790aa88b1ee1ba09f455151a182751f51b99840b44360fa3

SHA512
3e7895b2d0edd990dd999f73ff2f6f6b7995e20833481087e3fcdbef1802296bc6e4cc2be967fd322c48171ea066a963cebc047f72a09c236f6c0181d8b7311b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
6cc01d5205d4eec2db36048c409889ca

SHA1
6fa02d3ea4d0dd2f2c002fa149e495759d9a084a

SHA256
0c5a6bb3e2d0c5f28ff3d51735e20626533befd8f73d2dd2d32d7095797a09c4

SHA512
28988ff14047d4890db5f7f477cfc038a372eda7318fc6dd7dfb7859f2ed969d6ed1acf256ad3468808ac8f96c3d9df0ae6353d9d48cc6e62cfb3b67a34e1c1b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
bc95c74cd948546d8d4951c2e6525fe7

SHA1
ff6e0e18cd8feca8fa360cc8d1f4c5640e91016f

SHA256
8ade00f1a561cb6ef988b2ea80491ebeb90d2e6c0053c16d3599313ef4465078

SHA512
ad5ae0f72d29528b52b95b0b05e61d59d5542d3e2be7fed368b4aedd586ee58d522b9da76de5d7c19e2182396d54a82cef8ef992b49b9b6607c1b8e9f6ac54ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
2138d8e6dc4c2842e859fafc4b374f48

SHA1
22f6855bdd11690dc136b320a177bd22224ed51a

SHA256
edb4544c79834f9d09af2ff71761387f187aae4843516604cd0a6e72dfc87c59

SHA512
f729b860c2dd48dcd17cdb68f28653e6d3a21f76d82105a2f75982e59b744435fc5f4ed82836629d96b7ec72aeab505efe435b5f03ca58d8d22cd0ba86dfde1b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d3171f6edc094f61cd44236e1088d1b7

SHA1
0dd2aaefc21c3f177f14ab2d1cce51bca560e604

SHA256
89d42d61a9fbfc6fa5187df61bc6b23108d0ca20efa9d48d19c86b069bce77c4

SHA512
2e0a6dc4a5e757a8c53ee742ed7eacb721700e8671460384fa6e60d0448255da1e247f6da47a7a59998a4b3ab2cf2b035a7f5913b3d0ca7a973f9d27aa080cb5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
ea7ba5a415f120f7cb54d79985e04fe4

SHA1
c1b88c54fbc3539cd1e25decb277a23d0030ffcb

SHA256
62f0ff6ee63cc7e5c11a004109828a5c79e05906dd8e650b095ba99b6ac5c790

SHA512
df0e3de5bdca4d445f084794e837d8098b95270dfac65112cfcbea4c041ea023c91ae034c0a437eed420008adc6304b56d7232839c4fc34a3ee3aaee7069c0a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
f98dccff5d73ca90421557f690008b6f

SHA1
46d23a7d333888a1a332674784fad6c206e8ea52

SHA256
fab0df9c789cc984987c78dcdc254d371b2e6316e8484d428ede96f5cd44dc26

SHA512
18e9380c3763b7c7dca6a36ed83d89671480c69e99d9e5b984f59521cb85ae82060b2faf458135953bdf6ad00bf24853ed23f905ee896775620ccabbf29a0777

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
5b9bf7c00a193c1b622d3a3c64ec31a1

SHA1
17f5c63ca77bb07df2def21694561b2ac9ab9a8c

SHA256
6c90339cd7dfabff5ebd48745e89012db00c0ecd0b4fc9a6e178e1c31804eff0

SHA512
daaf102852ed8c2668c2cb3353efff1f712620f2a3db72b565bc0faf2e8cf5e96749104e18d3b57aff06be21d4e5e331dcdb895851513391ad2897c267af177a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
3a0b928f57979541130f1e8b56dbe3a0

SHA1
e35beb4d0cae820e9887c457c4f240ed2d3e6700

SHA256
b6bd0a404ecda0fe3de79292938e4c55b2a625038470eb575482b4ffddd16979

SHA512
dc731b0338b6953752ba7a0247828ad214b8da7bd31df46372f4359fab025f2f9743ad94555b3c4cce8be0ff76eaa766fb1db850fd5b62a6e59092f368ba16b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
1e40ab651b8fa79fd8660a7cf5220886

SHA1
c33c170e510fad9dd2d0073df05d80ba38c7584b

SHA256
eb96a1ec2b646f70a4531b150f308550d53182c9d574b72c343a471ae748b1a8

SHA512
a254a3023a4cf55a066a61c44bd818eb40994ee471ce2bc16dcab4d589f5d8b51f1f99dd49603b0f21c102e633837d9e5a01bb1a895362eda2aa590bca812bd1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
d89ee322babbc83289180cc7cc83c05f

SHA1
2276ccd03b7cf06f935a66720252061941a9593f

SHA256
6e50614b4cca3dbb28c2ff6c0c908507b60ed710dd7ce115e974d06872eeb498

SHA512
39fa84c9ddf27331597090960af8a96c3e2bfef1bb328e457a31ca29fbc093a4866b191c2e1baa79b35ded544fbeaff4c9a43817fc2d37958ed69b19835d3d0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
5d556908daf9cd748181dc320c63a44d

SHA1
1a1e1715cce0cccb7795163b753587f5586b2fdf

SHA256
886abb82a69889db6fb21d7be3183483aa46b8963c817423ca8dbbdf841ffc67

SHA512
2812b2a7d4e14e3178b82dc68bce092ee9a87c03af0c55413cd225103ce8808134900a1ec36222dfbb4fef8f1902402bb7e99abd2bac1e1fb591fc48f8be8e68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
07c656010b4241f8038e9054226b97d7

SHA1
1352bcf05d373feda4df2925d5c58d969faa0b36

SHA256
d93c6864eafdc7b7cae2df8c0c7ebaa0e5f2f69939d0b1b6a5935c63478fd95c

SHA512
a83d0a41186e2afef2ea76b7a31443043f5e391876019ba269ef3974edd7e4b70f0cd10266998701f7fcecd6712d94f5ec3eff96aa58b7c3450e50006f6da1e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
b12fc4195c69d41d03a4535d825a01f0

SHA1
1f4ef8d178888182387d61c5451a731b5f369e11

SHA256
987cd759c0f19bbcc56aa50ad588599c7a549d3f2535d7e51c1503cd91753988

SHA512
d92701a8f3bc5e0e16840056e274c52921113567386648b16396b6616445119d998bfcb31da51010b25437cd54d460f4659b2d756f8bed4b1a32af31cf49e687

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
b42114995b66874e65c3fcec2e89c375

SHA1
f1b2f091e6b42c2d9cc74a3ed8aae7fc4dd58666

SHA256
4a82fe9743373256d199907fca7dd6e3b156764dce58576b272c67857499f4cb

SHA512
7c8a856ba15ee63bd5555518c69a130bbc0ae8f6fe607709b28605cbff80b46df7174466228c8626c2fb16de25888fb7eb8f38c7812bea68f0866b7f55351bcc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
771242022f8e2a744f95950de824592b

SHA1
be11ef5269f8377f77fea0d44e8d255dcaa6367c

SHA256
c93aa5f59901c20a40a2f0632d1d08d899ed2ff1e9834cdb790a362df8a0dfe5

SHA512
7188047144704851aaf58fe0a3aab20d987368a02eb20c8536f8452f4866ee23b2e2f1b93ea0396ca428614a240a9e0433fd4e3d7c9bb53a3bc38829902c6bd7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
2300cddbe7b5d2f9840ca30dda229f20

SHA1
91854de0d057a1b244f290f661412f2fd22fba49

SHA256
274d6bc145fa91c54e7ceac1c2076f2019741249711aafc429b31283981b7403

SHA512
80c8ccd0cef2e64a54315e0f662977edd537478c109f06a27943a1e5546ca3e5968d492cfcfd6f364cdcc24ceab4957c29538bf2de61771f1ad8d2bb87fde3da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
dfc0fde76a3ef23b5cc19fcf4f942d9e

SHA1
0e534e2e58d4c5dc9fd1179219e2c53c845bbd00

SHA256
85b51240ba6b44e961b61984d82752b2040ea89a58a1fc75e3926995737b1804

SHA512
2405710e6cb54f980ff06a95a04266d750a516198b443a7b3296440c80afe27c3757e1e18beb49834481f90c8f57c1ee36fd4d4db39946607a18e4751ac75576

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b37de7090c0461728c0f4440b9d659b1

SHA1
debdfe834fe042938ec17dfa7a0536f89f274ffb

SHA256
70241000a40bf3e3ed1f80162acfd3bdfb551eab0fbb35a5858460d9e159b667

SHA512
57788cadd0438879eb1cafc9e32b616f9e2d85732b830ce852d97a48535b42a407e4e0bfea8770652c5cbe1a912dbb0173a0421d13fa876d6c0bdb39688089b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
edd1cae4cc4bc7a88e2fb96464e885d0

SHA1
60f44f61d2cb1666e6619c48f9b6eb191439524f

SHA256
e86bab5ccc767da63b6799d2a7b7ab7be8e298b203382477204ef74c158d44cf

SHA512
dc6e6874150259e957a1928e6a7008079c6939c4f69ae5c49e82ebf1e71ae7fd60a2b230c5d2e2ad308ce0381c902199e2422908aecadce18f6ce4acb791c173

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
80e7bad3dc9dbee24849dad9cd734a9c

SHA1
70cc34f74246f6c3f9c666022c8259b20612ed5f

SHA256
1cefb01933c29f688116208f8df5e0c72a23431eca82ac82e56e2485793a3834

SHA512
33b2ed9f9c68d7944a1ed7581f133e4d6b4bc1ead9d05416169b8b66a40d01068548e4c0ffff9a31e8d0b9703d86831a64f492477ad94cba09f512cbb1336941

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ac9eb4713a288421f9d8766cb622d9d9

SHA1
fcebd66c899c077f63704d2f699b12f9260273cc

SHA256
566cae4fe94744824db4e1b1fd0c04efdd42e61e47126e7c8c0b4ceb89df9b46

SHA512
c17740a745a0197ae73d14ea6530f55d2982710b989763ac184a0971a195663fd22b4de76aa885a97d1c72ddba25bdb4b2b458143d679e34256d7b788c8a21f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
897ea2f793badf25a193bf6c8b5eb50a

SHA1
b7a8b181a6e4b8df2a903c6d7e385e5e39a54277

SHA256
ad68f7cc4f3ce9325d63e3195c3e861d7d50c7b1a89dbc02b7c858df570a372f

SHA512
0a79365e7f1aaa356a70fb995c9ce51a9e3014b56b967e59b12d20dffc8614ac114bb98b1ed56dc018905c6d769071b32ada2e92c3d5d5ce11749c2703948962

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8bd5eb39a0c5cfde449b8f2a8dbca4ef

SHA1
3d1be6338ce65a2a2ac0b4165db24ae1d65cca93

SHA256
3b9180e2cf0fb6cc80cffb6808fe87b731db12af5cf9b2ce0f43d585599b841f

SHA512
6f7f1ddf36b7f2c48ef0dd01bf1621ede5829e217a0f286bbef2486cbb89e7246370b3acee25dc2674c6765f916809da4cf7f9507bda9529c6ee4d88122b1a08

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
30aca111cd7ae7f5c5686622e48453f2

SHA1
091b1b4d35fcae059b6aab9ac874ff0d9cdb8971

SHA256
0efa0ac778d3dfe1e3dddbdb3b8e89b01c407a5ac8a938b188fcae80aad73d5f

SHA512
499b249b4a4e3b74712ef45eb1ce08c630a44522ee7fba3b85f39cce24365c50387a046b5d852f9a6931f00b13620c7df48283ccb01fbec24585b5b764df53b3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
96b826b13f9afc0534131c336647ec39

SHA1
27ea3855a05c61d0247d030062c9e73d3461e7e0

SHA256
e2a1bf1d800879b45acf29a2b1b4fec474d16e1ce3453487dc8949a9f12f2f66

SHA512
d1c41d7f79cfc6d0c0f63c112fdf93615ee5610e9cb37ddbdd01acc580366507f78cc07fafa1d7127f7d839cb22b8f38982ab87c412924b4ff09b599623f1efd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
30f320fe9b1a0500b86af632749812d3

SHA1
16c94c1ff3014b329d4a1d6ff2b271fff13093da

SHA256
256940f1373c20076f8b928d83224950bbc9a6e53ae8201952a34ecb59bd65d1

SHA512
50cdcc8a25c3223609554bd13fe2fc0e5923c850d9a1507c2af160d791859bcebcc9da9120e9c0ad050e6131119fdd46d48f5547349a8b698a6f4cdd4aecffe7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
804effa43aae5f83333c8d5d4f523e0e

SHA1
367714459f011afbec55e06e55ad6cd8c34eaf95

SHA256
e70de21f35ce75990c07c968170bb9ac7ca3a016748e1b4975ab8f62a18acdde

SHA512
6904be78ad2e558a5dd1cb1c2264ffe6c3ac6d92a06a3e2e619e004fa6cb39f19e8ad1919eb750852d49c7cd56dd6bfc5112ce89529af7d05237b91edd58d211

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1ac36a46a9621df7206315184b5e7bec

SHA1
b79cefc470751759372872075cd9189be3e9ac3d

SHA256
2e4b0f3a7aaaebbfc11697a66894493bbe50327292d55ac04ecd8adb7524c09b

SHA512
99531e54ef994ce6e2869abb894f1d88cf8dd195860610f924d8ffeaf04c9343109aabf534253b29ba0874578da20365659dc0395c507ba2e9db353d3ef6ca7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1d6d0587b145abb11de19c40b570646a

SHA1
dca9ce36c5a18b2ced30fca5311602dedd65daf4

SHA256
abea6a4ea56f99f5e990d753d51813834bca437dc29baf7b9925d1f21f6ef3c8

SHA512
a0f7c0ab679fb3061f9e1246ac4f22904894e4a6b7c624323178f202524793da560915e05d0d6c423fc716c1d722a62230cab093d0adcadf8fb91d5991776b9c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e078b6263bdd685926dc4a12cde47a03

SHA1
6eba6606569bc3f0617c982ab18215bdf7c07585

SHA256
c16c8301777988bcedb3bceb4101cfbec5990bf5551fdb299407b53be256226e

SHA512
b1f9ec99d32f4746737247e106ccb694a29a6a26ea1148faf99e21299d7bdc2d4a1d2119de0752ae2086540fceee00f625d59695fc9cb1c8f8358b6e6b396371

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
72925f67742f3e57831c5bad34949210

SHA1
d8acc705adddda42bc7dad76b6caa4f24b2ba387

SHA256
39c0145eb75906cd091f6ea86e8a1288737b57c9b6acb7e3a4807a5f76b2881c

SHA512
de27105efb8873d5a4d996f0abde297a8d1d264932e41c6f39b8cfb04f91dd42562e600f99a03b4221f320b403871cd36a001d4fae32aeea1bfce0208dc764e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
1d8323e4194a5f683fa24a3f37b7fe81

SHA1
655d6c8ff01c9250878f66b17f371d8b375131af

SHA256
b2dc94f4c6b972324f6602d5454d5200395b39c761cee6687bcfef52422189d7

SHA512
fbc9ebb24d84db95acd4d1ea283703d2b508010ab5d11221bca54b477c44af3e784ae2957baab84f8df52bef7defa7d0400559fbf5ab86e3e2125313fe9e8217

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
95733793649ab4147c5fcd54a20e8c4c

SHA1
047fe5e9ca63ceea9085562e65bb43617fcce56c

SHA256
cea05c4266acd306b174a85beed817aff137ef80d041d1806f602644c59b54fe

SHA512
873928daf2abcb351ea6e6bb604b61be6e8d78733ab342e4c625b45eb5debb3c4631c625651c250d3518356a17b39c72925071cece335da311096d1d5f237d08

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
504f8f8c03aec9c47dc484f92c7219cb

SHA1
e432e02ec26c1367fdfa0bebca6f5c9a9a991356

SHA256
d7921e8760f22cc69ca1c77a08cf4d008b9378230a6be6ad76f03e1da1541481

SHA512
f162a3ad2ac6909936451087256820618177d0dc539f39acaa26c36f7130d5d916ec1bd4384ec34cf1419002ca8b4256200c610146fcbed9d0353008e5a32640

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
1b0007b5ee36c1428670691402a5c1e9

SHA1
7b941926c6ca84361e04d9b4063a69cd954b2833

SHA256
3f0332813c3efd7a1b8953755c4c782313ac7c49da429be06e8465ec8b92de8b

SHA512
d736d73d75534baf294bb5759f13247c14d15171807c6f575cd1694253407c1571b2a6cd6c89cc21d318750d5b819cddaf922c03b8c1d6915a84c8286fb84b35

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
478d1b7d51abe37a14aa9144b1cd3d92

SHA1
7f8d547de5534f8d2bcca68cc8d0f985f8774434

SHA256
04e3ddbb8cfd270c3b780c2def2d184b3cd46e25a9c30f1ea7fcbc52279e4fab

SHA512
917bb9c2c978c807f31df898fc803868811bbf8be2872e2b6a206536b58714be8c58226b7cbbb784b78fc2928ff5b5ead0c48385322c41cac5e3d4e2feecf39f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662498327333.txt

Filesize
77KB

MD5
902f3fa655588b49a745192e0b50c838

SHA1
e0ff86b47ebc11b8995506b1e3e25c7ca350e6fa

SHA256
825ab1ba3ade28a6f9b5862f66ab3b164a6efc96828f9b14aeea71520fee320d

SHA512
a6acd6d6add87c528abf20a5e5a0a01cbd71c822d1c6d9195e235c7397414ea0d1197dc8c220a773e92ea6dac201e31d4aba5168d263e77cab729c91c7b3ebc5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663013511623.txt

Filesize
47KB

MD5
6075d3b4633cd54a9c2498cf48fd03ee

SHA1
475e0f2309adf7b361dd01b74120b531f33937d9

SHA256
0115196796bd765164849bef076bedd56cf3ce3ad82fe9eaeb96a92c2a5d75d0

SHA512
9884a52120f154ed8e572d9715157101c20228865577b0fbbfcedb3ffe82d033e76458d0297b8b7e6a3919b9944e6b89d32b656f1cb49c4556cbd38a472a1472

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727668912544901.txt

Filesize
63KB

MD5
22912d0b9a5fc69bc11f4fc9292fe19b

SHA1
8e661b360ad72e2493140dadd1e53651fa7cdcb5

SHA256
8955c3e3e9cd1fa8d9df1a20397f5856810ee130b06096e13d29e4ffb0a30c49

SHA512
a066865fcbad56300f23d17c0eb002b5929db3ef683bcb1476af0ad23dffd6c11fdc0a9b0e1f999e99e18e2b4c4fc15787c0644e07f5aaa538c5cd9fcb658603

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671578469739.txt

Filesize
74KB

MD5
605550930abf352ef1e7cde603e6ae2c

SHA1
831f13b29be25c76a9b2066f50a871ba208e8ef4

SHA256
b44a096b7b7c3b95af4f2fd6190d19f8121a4b3739495553935c58754ec6e0ef

SHA512
d99ded8b5c7104567846e86587e353ef855827d9bf6a76471a543d7c118b9bc4a374b965dd94a2c85330ce5c2d958fda2782932e36a2528ac39c1c744f136bcf

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
30f6cade378618c6e9dc777ad2e274b7

SHA1
ce94ac4b712d2b7aa9b36e50f7d9a9c96a200f20

SHA256
872be5aa3e7662c53478f6d92ecc1299ee69af57bbc365e0df19e5ed1bb9026f

SHA512
7f4bde656c7671249e6ed14569d88e63fe73cde01326bed41aca03d2cebcee43d887e694c4f1e9fb34d97ef2ed7cecceb9fdde57edfe89ca128e36ddc3fda990

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
95e26a99f1735b921594c263341ce2c1

SHA1
01b3a9a236573f120f0c786124ee9ff2ba96f700

SHA256
59105a9f1c1c11ca4e7abb87a266e7b2bc594d6a9d4b49d51bd4afc958b4713b

SHA512
30ee1538d076d742a8e684d157c16d71daa37f7054711bb9368e3d2f69a2795a0f972fcb298becb527eaf1dae4632aae86db09e210af75f1ad554eb07e8a484c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
41526eaef057cc772abb093fcf3a2f09

SHA1
7ac26633f72ef4e634f665242977ceb9405bc983

SHA256
70964a3775e2d2e9dbc68ac218fb0a30b45460f8327d0dce70eefa439f9de82d

SHA512
89d44d65d738891559d0ee3e78fe3dfa46476d7418b5be8d989f3788d19a09914b41b2c8cdcdb126b2e1fc106832382038a2a201d2df6e531bd375fcca38162a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
66c643fe3add0b511f0667f7190daa3d

SHA1
bede5464a77e2b9241103883351d67591f3c829c

SHA256
53841b17be03947251789fd8843814b2d686a330e353d0934ba59e8a42d440c5

SHA512
ed3f84325e86115948b8b59a534f5cd7153b9b9e1fa6e532ba092ec77eb60fd43f57bc3056bcca6f171ca59dcabe5964a864c2b9299846e0a9163a1ce9e28578

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
c4c893bd72e7f20347c96166150212be

SHA1
b521785d1972475fc0451b4e185b69d70a0f002d

SHA256
b3065b47d6999dd2dff7f1cbd2a490a1a0cc14925264e77ffe4a78c40f2fa014

SHA512
d9a994ad6d864e2b890047e14a55cb354d03a782387276f45dce56019ce32daf4e25d01d59ffe337e54645f7f94ff790ae81218ba04a37b941295066e11e5da5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
92ca8e0fcf7c5f1c4094b66090b90391

SHA1
73f9dada15010e660e996c270b7e66dd4fdd4cff

SHA256
e3bcfd660c68d3dcb98f84447d260f4adccacbea46f6deec8dfc315a0ae8366a

SHA512
1df478d4a29b9b853d4f4270a48d1233afe397537ef6685e2a9145b00e89fba82780c4638afe6fc8dd14ebfb17b5429a8492c40e531fe674df41bc674ac6057d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
48d0e43e1ff4c61cbb4819b6cc87b8e9

SHA1
78b5ed201b438366946419de394450d6dd63adcd

SHA256
f8642f052cfe5bc6543252bc9ac14dd3d5323d7e9cafe0e2e0d4d8ce08224f6d

SHA512
d7ace69436d70f1b19b0069ef55773d8e9a2a9b8ce5795649141deb9ec2ba83b42b836830e3bf53f2be66ff3f6b14a7ac208b908864f100ed492048158240750

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
91f00ff2312c7974c0d2902391da8399

SHA1
4f8ad04d575cc8914fc6cf58695429836eaf711e

SHA256
542013c56fb0fa58084282b35891362bf8d2a516cfcc418ea3efc7e8a37db86b

SHA512
42ec7fd1e2646ce908e60480d51c021ab4fc78aae43e8004b33400d38d620c3fbbb4454d61cd7ee8db84d7742085ad2eecac0e2ac090af52c642d942614bf2a0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
74a92b45e5cded1b5af9fcb568ef242d

SHA1
c5d110452493c1b92cf3db67b39779e5a3e7ec6f

SHA256
93afba154fd15e29879528cd877791b73dd2acbd8549020b912450ca3e26dd59

SHA512
72eff94a1b385c602720d437e8d1ca273c0c7556b2dfeefe571e455ab884574ab80e2e19770572cdbda0330fe5d19388aa8da7d82d703c4a5dfc53163e8b8c8b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c184ee4c96058287f30cac484bd9ee8d

SHA1
7a8ee8b9769d276b1aeea044fc74c1cd441a3d6d

SHA256
45ee7e26cb782243f7ae1f50c99dd6bfc77fe844dccf875d349781ef044ba4c4

SHA512
a40597141e860e48bf58f8a6f9d41edb8ea01a6cf3baa82d86242898c4b44821471722b5bd12c3b42ac15f8c989ad9697c724026555d8585c9ac25792418e495

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e464aeb5dfe85b1a1ccb00ef09935905

SHA1
f89e3586da1385be7826f4a3163bbe75ae84594a

SHA256
ab393467312bd56b428392b869cef5ad1778ff3af8cdc4c58d636600cc597078

SHA512
3efa2c00c0b96e566a3aa9d5b0ab04a75116655a7d8af0e45795e26992e31ac8f8f5f696b76573c2b208232ea53b8b8b33514d957fb9a25ba719733c641f77e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
6e7f2dd48c147b13d485f6c839d41846

SHA1
ab257d2d00400f165c3848af78e984f9cb6bf767

SHA256
f7e05c4121962c4c052c81b0b8c0151afa4ae01eb2b52c37f4c626c2f9a22b05

SHA512
7f36fbfad0aeeb038ecbdd3bdd182cdecbfd624db8f7c69e58f569e35e29c592db66dbed0aab025ecaa9c1f7cf6c6df9957195207288c42feec72f6de0814789

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
744e7b23d328c836034fd5ca01423ddf

SHA1
b1e81e0d03a722341145e2e4e17dd69dd2285010

SHA256
727ea69cbf7f5d1e7bfb12d05ca3adb4ed647b548a41eadcf7ea66508aecdd4a

SHA512
f7c9facf0e90e8a091465fe124389b89793c55b7eed21bab610da5a606d57e9009ce9c394b60ee6cdcbf118b628cdf9f37d58d49c0a8370c3f1a95edf81f1ad5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f1d235b8ead9bae3004d2828c13c95f6

SHA1
d88007a4623301884d63365b7f5f5576adea7e92

SHA256
feca6b69af4912dd3b1f04dfc091bd73070f2f29abcdc38ef69f185526f5c769

SHA512
07af1cd5cc2e753b056d2ef70f1775f40b814721672229f243f6cfe0f2a3a0ad7952ec1b903e870c355f135a65d0a1334403e3370c72d71b0fa6e36cbca97577

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
0cba4e5e16ab58e7b932c885915de1d2

SHA1
07cdfdd0dd483b5200e3e8a838cce317365534a9

SHA256
6ae30d8599094052b05af2e94519d3f0f8905a425ed9e6538ee3b65980f9bce3

SHA512
366d986db2aec0158a48d079f1f12dc30d7cf1db717cf1608d95d971d0d9850752a87e938533f3062a8c15126c5fc3a13249a0d2b44b58fbbbfcfc997cd08e73

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
26ba333e7a7d012f740b211ac508d149

SHA1
ec4b64c6de7c16249ef9aa7ad2c28cce782f7140

SHA256
315291cc7a3b5aa1fc7eed56347bdd68fdff3cd77240ee58ad07b73388408de3

SHA512
0acaa61a8b6f6984137d20389a7c6085afbde06df45cff2fb112bf9884280b7dba6a38ceb9cd92124f53c1d1a9ffea0691a371525da4048c2ba8358f57f621bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7344a100eae6134cca920134ba6f3d1d

SHA1
02659c0b1d95addb9498beac7faf7d0acac7e34f

SHA256
8f6ab273a64fb63622e6c307b270f5d5c9c6ce9012b385ed5e5426801899eba0

SHA512
d61814141277177fe26dd04f86bf736d705cd655db9342031945d1a89f5a39913f3d2d1ac2a7826ce1561a544dfd6a8bd0f24cc6459ddafe54f8f49da1274607

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
c91b066a1b530051bce4a7f151360a30

SHA1
53d692c382654a2e0367b3883615afec6d19a84e

SHA256
0665431f66eaa96cc58429173f6038595bc8a804a5b22f36f99706393135c6bd

SHA512
48a1da5e7b8f21bfcb404858e752225bcd658a2ab80be4686dbabbe2595783e260733401af567cefc46e8547b90e7fc114bfcacb93e32bccc1078631fe8c522b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
d699ee58b59a5fd70a6a9ec0c9008d28

SHA1
60c79962f0e97acbf50b5aee77069bdb8d25e7e8

SHA256
d13dd805537bb9daf623c22e3ea786253548d4f6cd0d6a671169d07e8a11dab2

SHA512
ed94abf926a7c9ca2645b3e38a61b222d59438f112ae07bb3ed1bc517eaf3d5980ebac97e7c62cfab5af4deb0665fe279b22bf8edb6c486ea28ae5aa9e8119ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
54d9dec62c5e50e662d0dc25668a93df

SHA1
8b1913cb98d4e6d8a04106c57531dd68dc5c5886

SHA256
8fa9074d1df2ca313abceb75c82408bcc1e1bd740d916f51ab9f3fff67793b4b

SHA512
48cb6ed223d6fbb8803e3c81fb2d3c9a263e5b67967b3d9976856f03f523888180c22a220d280fe33d12abd30104b9c651287ad3c1d5e076a54edd20bc01867f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
197b8c4cd38e024f9fc67f494fd45163

SHA1
ec3ea42d155de56f09bc5e1774207685cfa18301

SHA256
077878b3392822aa4f63dca1b5dc48a98b442c5d5f1f022e62f7377188383446

SHA512
9036a3d553b18f0117c3fe0f023ce2016d99b60f862094a357d5dd7b0cbf6129c30923b67ceb2bc4f0bbf7d4d91659a28fb468e542aeddbf54260520e6dd07ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
1fab9d1a05875bfc3ebd76e5de2f9ce9

SHA1
77dcbcfa6b335033787308e0ddcf62ebb3038426

SHA256
70e15f7cef50cca926cd68397d41afb1b0528a9afda5333c03a3323381bcf577

SHA512
73adc099b8f474caa9d75b60ed3ac4b222c06b35d79465f6e3d6b8c8cee7f0a676e3c2557b5e0bd2fd537de62e44df489f346fd43ab5888c698d5e37cd148b15

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
80409a71641f2992ca4afaf6f7c8bf35

SHA1
cb266f557225af36d425c423825dce435f341e89

SHA256
58d295b012e27baa0680ed3c306d0f0435ba582355b34afb89296124f209b250

SHA512
0cca876b77c4a20aea33d1d73e44de24341466b2892e807fafd473c7831f130852eb992a0af5e5086e8f61a029c97cb271f162b5058e906b4a6d8c9ff770bea0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
f405e6a11a28db1289c606974a55f0bf

SHA1
b4ee285f424c43cb9a5881b90ffb83cee6f90ae4

SHA256
d9bc33caa9a1cb31644a8f42988354d1205d44c55f7c885e793a30210b735f29

SHA512
ef8f9bef0a78a0e1e4e1509595c8564f610f845abd42476cdaa948f2adfccce7008df4f7f391744cc6c0474f1e5ef71b70402fbaf10705d2170a80770610075f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
301165ab2726f760eb41862125665764

SHA1
fc6f0a1b18af33538df6d98c81e8002011bbcb08

SHA256
505a71607260838393afd0a848c3469f2c8a38a5c968879471aca20e09478982

SHA512
477338c92efde8ee023f615ed0c4d596fdb9bbbf48541b0ea733364ed140e517401be8b06071d9fe04b06d8876c4e02feb71dc2e3d712b52c7ecce2b3192b338

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
107a6e0b037c7934a47ddc69b6b098b7

SHA1
ee83b1ad6f7c49610f5b0cdb53863101da359ba8

SHA256
cfb414002063d8e3f1f11bf1a4f4d769e67165c2fd8f6eaebcce08faecc76e4f

SHA512
9544356a073c14329bbbd8b5f602ca6cfae77770025a70c31531b05f480fdec38db070f227fbce56a8705a9432e1a9a09c689c13f2309d8a0968a9454b0ccd79

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
c8186f4dd5709e657d6b97d2c50c2e41

SHA1
17d0f35b21b3105e56cd02541937f291945b9437

SHA256
22c2758395a801273f9c3bf3af1859a9dad4e1ca0bd93996d9a9ecc5533b2280

SHA512
e6f27098db83f8b5ccf9265e1b16c7c5409b21200860437bb15ac3c61d67ce1e709d3511a19dc455ab2bd495966fae74012a913bb3b00894e7f8f5825e6783ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
048c96bc4f18f0d14a0e1b733ec9cbe9

SHA1
fe84da663980058c9b92bbc073185cca5e9cf963

SHA256
bfcc837d38d966d0de421a07625fe883a646e1aa36e99a2cc24c45e802f5c348

SHA512
82a507db83b73c33b2ae7e2df4518b2f04536566121a49313b2ba04b2385520917803c0e8f741a173ab326d2517bfcafae347de7b55c93075987d6a9292d5928

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
520ced1129ddfb0d8454ae117c72cf43

SHA1
b5f746b2ffd9e4590274a0c46681e428d2ca3ec8

SHA256
2504dd32ac30cc846c41ac8e15158fd240b956b996fa2b17b198a29d11a28ca3

SHA512
837a28006fc291f2eb13882e98b9ff37bab2fe0c936a79e2acc1e7a7ebf177c2f3224d344c35d6b010738ab9c79dd8d7b1b3567966dcc12722d66126a9fec2ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
da1489b2b965a88b1c8e045e0989ec28

SHA1
bd02cfdbaf3bedad233858a86c97a6c0f54fc1a2

SHA256
e7073ed51a40c1c998158542cfef0a9b5d19f0a5fd01739d44ea29dfdd4ce5f3

SHA512
3f332e0db8ae579904731a754ef86a7a85f86444ac359f3b9468e442f4ad48433622a5a02d5a8ff919b2fe25a5b95efe76b42227c42de28b329827fa974d6653

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
3a9c4066595b9570089ea4dcef87490a

SHA1
b504092392cda25c986f02737b0eb291ffa13651

SHA256
83fd31b533bde176e75ace9c4bc68a17f295f3b7aa09867bd05d42d6a30b771a

SHA512
d96c37df5558470ade88ed0617a03a906e3353b6539aeaf5800491732eff4da89a72e19170310c87b896901ed85dd0b2fcfe38160975b8c7dad1e41c0d745143

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
6f5b1392972639ac020831b36b22d8e5

SHA1
61d57d3e8ef363708a61a1a27a9406553cab983f

SHA256
afc78069c618c480edd44fd49cf6e427d6d2f73925fb81601f031417fee8c47e

SHA512
921b7f834f5c23b792cae3e5e07950e4d6eb63c31a82ac516ee118e2d7af48597a0c40be0fbd0799033bcee5d302e152466a594e11a969c0897d5a81b4d99010

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
94f2854105a4500197bcb11d51f3fc7d

SHA1
8ebe5dd4a745a5a87caf17f123b52e1fe2dab47a

SHA256
34fb0761596919a95478020644d8b4e6e41830d4f6659728bc32b510ac831b0b

SHA512
c8db9ca36175cac6f0080de6d7655b85ed6f0f9f2174d20b0e32a9c2a59f6814db7b8e3822343df9576998bde842d4550da67ab954fe8f24e8a95ffbec0f2de4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
9cdfcbf2b0d1b285acc256f7ddc852cf

SHA1
763143705df7fbbf16467c1d5b30eef7e07a00e0

SHA256
6c678dd4db578c2a955105dac18370337aeb79a2e8489ec203ccab8df39b2595

SHA512
30866baf903ca7950fe5f44547a768cb00cd52203391e7b9c5a987acbbbab94f2535f00fc787930c54d0b37b0a1b23f679186dfe22ca8ecbb4343ceddd79246d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
112e2ddb55610636ffe807082b7c8239

SHA1
454b66cd1e654b93fab014a1270472c0febec6d4

SHA256
ef1427b4073ad7789b144d2ff507f7e377d983592eb219c12edb45c039c686bb

SHA512
73de138154ed5ed487d1eea658df44d17cc3fc4442d7948d10b9ca72ec979fe2821126716af54e48d9aad54f2abdc538cb2f402f1228063dd3129b796a241572

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
73d95331ea801ab4c38782f8f5f191e3

SHA1
bfedb2e9962238cb903db4392f93dc7439c7e62f

SHA256
39ddc6d346de6b782e9b2c9dcee23dd1d409b68e8368791e3257473c5643a9af

SHA512
0562b2574504bcf1c2ee16f9fbfc9a020b12e04fbb56a66dee43c38b156dd3dfc2d69166cbd1c50d237e5972a573abd4ed0a7b818aba33ccdcf5e59e5ed92067

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
67d9bfe3ec21cd2c3155d2c0271f4663

SHA1
b3d7ef2414f2840ff726ca43b65729fc5a8d70fc

SHA256
4303e608dbd410e1c30fbf5b18ba6af5be54bdcc0652b8e6a0b0c77e9999e562

SHA512
31fb557627f393fc9704fc76dcb749d100527ab7fd8f6e9b71c004cc3da404e0f16d59f9e815844df291b654cf543eae3c8c55d4379e5fdee4ef44a8193af46e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
f37ab8968a057eb9252c2b3554d86f60

SHA1
836d06606a165aef703b5ac8df1032d85056c2cb

SHA256
0d575122f783456d96730628683f8173d04c710ef42788f3dc6be27c5f85906c

SHA512
ac6eaea23de9a98acbf8f572d8fb9f101a7058c7e00133402421a67bc822464dd36f5a8354e9eef58a0e329a4fc03881a2a8a83de0c960ef399cf417b16abf57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
0a31dd22b97b31b434c66306c8770ee1

SHA1
904ab000e6a9f0bde89b2792b376e96e14f78e4e

SHA256
02df4a5e9442390cc39dcc23575f25a8464ae24a9e7076ca8e6fb457ec62137a

SHA512
db3a823e251fb2cb8924ce96bfb39bed4f2ba0b47b157c9b12b6aaccdcb80a8ba60a6281241dd135c104c6a349f76d3b34e551a773bc4116c54231b376867705

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
66d95dab8c867c757e286847efaa0039

SHA1
88f017d787da5d0924c22d9daacfdcf9c2b5241c

SHA256
40a14b95a9ea5ceb499c5087312caff53757f5fc9a31da0248e6819cdce7e6db

SHA512
5014da183bf3842e85aa199f7db1b4958904ba289f6c696c462157d389daafd11d9a74d88b6928b7ef0655f9e2db70b7b734dfd82b363a60fee1c526f06e160b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
1d6b2348d9ca540e2047dcf9296edc2a

SHA1
8d3f6f72851350c2189ad8c6f731e98cf57bc60b

SHA256
8c507b0b1fcb06c4a10a0a8c014e7a8459a9ce6ca7e630ee80e1c59ee3bf4977

SHA512
99027a4a0579d124cd81d6fa1636187ca13e192feb30c9f5a0035b1020ddcbc7eefbd80c42320e0783248524c140ff58b931ef4609d44bee9e5a64a8bad514dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b04d613e7b3a74d757a89101c51cf873

SHA1
2782dbafbbe100f889e1846b1be736230c8c3e2a

SHA256
4b0fef85e8fb781bfe90d719ef473da1e844ee877d5f46dacb4ad10fbcbf0973

SHA512
011d0ead131abfc1934a50f14807977378ce4a7bc706249fdecd32726fce70966612d71f6794043c67853fa7157b1fe00a4de31b195f5f96ebb29b5aba62f8af

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ff3f6b3f1496386c6584046ab5dd7ad6

SHA1
316b2d38aa5951e40401657d71f70f07e5f88e49

SHA256
beb24ddb693005c3c27af72465ccfb2abf51612a13e5c788a4c65859f8e84297

SHA512
6bac0ac2ceb3260c718101f611c8223594f3938ee1bf3cfbc9e45f46c6a3ca4732c9e793f302f3f24066e032fb0f4203ad54daac6d402afcc8b32dfcf2857287

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
ad798bfb325c0e5ad6d33f2acb06b9a4

SHA1
b98ada32e1691b9271ccd872c68d78812efecc13

SHA256
19d31f773e164f7b9d70cb254c2c28d4dd3d4d7edf9891fdc4fa39a597317158

SHA512
4eb415ec370ecc8bdb53f7c6bf9c0bacb8cc8fa2c766aa92131a02c3536fec7d33d5340fd2ad44d7a9e01c3152ee76c4ec9e4ffe736488c9f2d980652301fc00

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
2c18b295a5862b229ee119980fd74ebf

SHA1
463df16e00f05d2fda7c12f3e5351b762e319def

SHA256
4ea289652baa7648a0c1a5401637ef59d7d7521d49bb94f27f0e430549e3fbad

SHA512
69297d405ff48849ba3205da013329490abb4892c6ad1d96b6062730f2c39c70efa67ec5407b4856438465a7c90508e2a96797b87c84dd8389e3493664ae671f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
dd7f9a0c9ef154f860d6d9e41a7279b3

SHA1
39cabe865c6c3e7ec4686fbf19b4804d4946d21d

SHA256
d8c925fdba38da814403e24198ac45449f9b3f81647c7af7c6efb05bb2dc29c7

SHA512
e03190d47d3ec40db8b26fcfc06cbc262e9bb82c18af1dc75f0fd5c5d5b7865fc5139702046f8acdfd01320db8d3b7f576ad0908811183933fca5f2a8d374dfa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
66c703a2c6489050e0d7871239fb0252

SHA1
8faddf0337fe1c1611e825e7668756bea288361c

SHA256
4936528b2b484bb1554e4ae33a9e8cba747d3896d420b4c98c42db469fcecdff

SHA512
d9bce55c5a92496aaa8eb0d6e18a48dcbf527dde55001ecc20af6d8fe2af4773c9678215da19ad2f2c0f83cab6647baabf88ecf77ad11a48a5e4a7a5fb415bb6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
392c0cd7e1271603c7248f6c8dad76c3

SHA1
3e10c105e65fa7dbc617a90cd2f5f3de9dfca29d

SHA256
24cfa9182e928045b10c506f60c5088b18131c166653671403a116ba9c29888c

SHA512
3c170fb5a6028dceb4ec861e6a33a3b9f2e801647c3376cbb17f943afcee920c0b136c2da105a507a6de8ed0c151fc4000c024f9f2c30ba1817b59d1978d85d2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
fc16b79527dcb115c908034366b3d29a

SHA1
28a1d7a6be1823ffaf6648f92b98162599fdb93b

SHA256
6a4c52f94144bd8eaf7bcf374c12a33e8f7aa79cee7d957c30f911a0f8b25bf0

SHA512
1e316d5adb5d6e1415743f6fdd6efa444714f0f15c6b7059a95ddd9e8fd470db6decb74b413346cea991f66437f29ba68c8d7aaf1d21e9c4ef94689893bd270e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6934d310b64bc2fef416d3042549f229

SHA1
fc94928ecb380bc2307810fcd83d7216b8746704

SHA256
5d2583d080df3760814a9e2c2969f597b8197652d20860f75a3faa421922c655

SHA512
49f996bb3e25a98a71e4ccc6dd9bf3e02c67aa3c54793b0ad74a8ea0cef84ab1ed9d46aa806554429a49861d5ce4ac18251de2f1ca0c2faf2d9d001e3a251360

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a730b91fdce8b20de037293d56302f48

SHA1
b0bb39c0f1a5070c35c653abdc539a48dac504e7

SHA256
fb9ad4369e729caacb545fcfc349a53162700f24240243fcab68d894c1189ca0

SHA512
ed7ab5e4c0c0925d281594e3f48fcbeca02d21e106d9e8b484124a41549bfd54e7a10a0b3dac218778127b24b846bb97094502210f09d11b6298bae32606eb1c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3d822fcbd564864160a4bc96ce6ab132

SHA1
da0975708c2e518c21b6902425e287b7818de61c

SHA256
b0c97c789a8ed5072ed6d5c5bfdd1d3a55d7b70f5f3e26db731ab1b3136854d8

SHA512
dfd2bf7f8cd970ffce267a5f234418ee21e6cd10af4440e7d6ea62be70d9c1a6a6dff64aa6b1642133ba230beb4b32b754914ff3550e15e475bed32dfa889de3

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d34b23b53461c8cc212c3057cdd07901

SHA1
b632713b4aef2e96d33aa6069b7db47cbdbe2205

SHA256
469abd1bc402e1b845816dec8106fac6b43eaf3c030f25ea16e6cd195885868a

SHA512
2ee97b8d49eac8a9a774f9cdb705828b19db9948fc1f91f8ed28ec76aee4a77c3721cd17a6ccee5031f553f0f8d01ac0317416767f9de006ebd6dfe4a8e98d35

Download Submit
memory/3588-4-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/3588-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3588-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3588-3-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/4836-10892-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-4281-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-9828-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-3338-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-7-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-10-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-5-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-11209-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-11232-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-4288-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-11237-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4836-11238-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/4836-11240-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download