xorist | 04a1c752bb88e842acdf2b0b05f47d9909f5d871b0631da59020ff71532e51d9

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe
Size

754KB
MD5

99ac20481d26bbdb5e5e990b470d5e43
SHA1

37a12949d6147b33e48d6ae7bb95c8adc502781e
SHA256

04a1c752bb88e842acdf2b0b05f47d9909f5d871b0631da59020ff71532e51d9
SHA512

192695662fabb4aa2a45d53fc457a34582541e3ea308d7e896c7b5c4a185030aad07c4a25d2be34bbb4b70c1b58e94ca1e7b4a4a11f26c5923a8a7ac829f6f05
SSDEEP

768:2n+CJMZ07MwvFmmELPZjE+RDUIsN+LpkSC34NPBkhLQ+:bCJMZ0IwvFm/PBEwDU5QmmPd

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4348-4390-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-4398-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-9595-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-10846-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-10971-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-11250-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-11251-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4348-11256-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe

Executes dropped EXE 1 IoCs

pid	Process
4348	asdf.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe"	asdf.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_9c09bd1df352f065\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\it-IT\default.help.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_barcodescanner.inf_amd64_266a07997c075b30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\XPSViewer\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\slmgr\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_7534987814b257b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhandy.inf_amd64_d2feb24c2d3b69d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_c20a3bb7ac1cd207\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisvirtualbus.inf_amd64_e8d548ad6f0a613a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023cab-5.dat	upx
behavioral2/memory/4348-8-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-4390-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-4398-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-9595-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-10846-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-10971-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-11250-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-11251-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4348-11256-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeMediumTile.scale-125.png	asdf.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\COPYING.txt	asdf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LargeTile.scale-125.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64_altform-lightunplated.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png	asdf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close.png	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-200_contrast-black.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-96_altform-unplated.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeSmallTile.scale-150.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\SmallTile.scale-200.png	asdf.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-96.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-400.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-64_contrast-high.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-150.png	asdf.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-100.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png	asdf.exe
File created	C:\Program Files (x86)\Google\Update\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-200.png	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-125.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\167.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-24_altform-lightunplated.png	asdf.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	asdf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right.gif	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png	asdf.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png	asdf.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeLogo.scale-100_contrast-white.png	asdf.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-100_contrast-black.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\StoreLogo.scale-125.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Thickness.png	asdf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation2x.png	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-64_altform-unplated_contrast-black.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\AddStroke_Illustration.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-125_contrast-white.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	asdf.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png	asdf.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\license.html	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageMedTile.scale-125.png	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64_altform-lightunplated.png	asdf.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..nt-dmpushroutercore_31bf3856ad364e35_10.0.19041.1151_none_d549bb8355b4ced1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ls-setspn.resources_31bf3856ad364e35_10.0.19041.1_es-es_077c6deaed8efedb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-proxy_31bf3856ad364e35_10.0.19041.844_none_d1135ab4e51bb45a\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tapiservice_31bf3856ad364e35_10.0.19041.84_none_e534a0664770c42c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.19041.1_none_da6b9c85304fbda8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ninetcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93d9a22b0b887089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..w-capture.resources_31bf3856ad364e35_10.0.19041.1_de-de_103d7413f2fe0492\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\404-7.htm	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_es-es_6f4b7699fc5f797d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\uk-UA\assets\OfflineTabs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_hyperv-proxy-vmms_31bf3856ad364e35_10.0.19041.1_none_d7f7c81f5ce3ce59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_a0759aa090a85964\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12app_31bf3856ad364e35_11.0.19041.746_none_9058677ca855be17\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-trap-service_31bf3856ad364e35_10.0.19041.1_none_857c0c60dec56103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_net1yx64.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_3966cd5b62e026c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\msil_microsoft.build.con..sion.v3.5.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_1c0aa37fdf72b38f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-crypt32-dll_31bf3856ad364e35_10.0.19041.21_none_5d87edc64039afca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_dual_netwns64.inf_31bf3856ad364e35_10.0.19041.1_none_4b1587310307e248\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..g-jscript.resources_31bf3856ad364e35_11.0.19041.1_en-us_482dbe09c5028863\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msmq-bpa.resources_31bf3856ad364e35_10.0.19041.1_de-de_9af7b1b078108d85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\msil_microsoft.visualbas..lity.data.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_5a77f4f3e3aa30c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-components-jetrepl_31bf3856ad364e35_10.0.19041.1_none_5d4257f18f6f47d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-oledb-stub-er_31bf3856ad364e35_10.0.19041.1_none_4bc1edfb5708ae23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c8082d297ddb4f2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.264_none_33cd145286244f7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d1f435fdf91e63d5\startfresh.html	asdf.exe
File created	C:\Windows\WinSxS\amd64_wvmgid.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_699c176c1d1b09a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-v..nthfcvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_6ca4b4247e291981\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scanprofiles.resources_31bf3856ad364e35_10.0.19041.1_es-es_ba16071ddfa7f550\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ingflyout.resources_31bf3856ad364e35_10.0.19041.1_it-it_2195f9b1bb8d3b6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_el-gr_1cf4939a9885c794\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmiccore_31bf3856ad364e35_10.0.19041.153_none_b2ac5416d1727af7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_237aa87f7ceb2bf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\404-6.htm	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tioninput.resources_31bf3856ad364e35_10.0.19041.1_it-it_2a2289481dc681cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\assembly\GAC_MSIL\Policy.12.0.Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spb-classextension_31bf3856ad364e35_10.0.19041.1_none_6fe049417df680da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ebf605d2eae43c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shutdownext.resources_31bf3856ad364e35_10.0.19041.1_es-es_5499b4356c70a60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_10.0.19041.1_none_b0477aea8cb66999\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\msil_comsvcconfig.resources_b03f5f7f11d50a3a_10.0.19041.1_es-es_339ec615666b43c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\wow64_windows-foundation-..stics-tracing-winrt_31bf3856ad364e35_10.0.19041.1_none_3b597d04781f6529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..os-snapin.resources_31bf3856ad364e35_10.0.19041.1_de-de_fbc7f28fff5eb06e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tzutil.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5c7655d2e64a1466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_multipoint-privacynotification-adm_31bf3856ad364e35_10.0.19041.1_none_c2843f017df4be3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-12.htm	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_fr-fr_c7c95139b0684052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-ctnrgidshandler_31bf3856ad364e35_10.0.19041.84_none_5b11e4395d8d1b02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_es-es_422694e7d165f91c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-q..ions-core.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cea02e92932e00dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_10.0.19041.746_none_251e769058968366\background.png	asdf.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-16_altform-unplated_contrast-black.png	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-desktoptaskfactory_31bf3856ad364e35_10.0.19041.1151_none_557e8a9a2302105b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..n-desktop.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_19e3d51da40eb67c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\msil_system.runtime.remoting.resources_b77a5c561934e089_10.0.19041.1_de-de_0ab77cfbefa728e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\view\oobe-chrome-contentview-template.html	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..iondialog.appxsetup_31bf3856ad364e35_10.0.19041.1_none_a029d8a7ac063705\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..files-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_37c80eaf011451c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..stall-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_c4579cc09c773ce4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ngc-local_31bf3856ad364e35_10.0.19041.1202_none_7dd671148082fed0\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webapi_31bf3856ad364e35_10.0.19041.746_none_eb1dbe52976192d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..vmbrowser.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b6479af7f3a8cebc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_43b9c1ab93991fa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	asdf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asdf.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open	asdf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	asdf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VGNELURACJCCFEQ"	asdf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ	asdf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon	asdf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe,0"	asdf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command	asdf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\ = "CRYPTED!"	asdf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell	asdf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VGNELURACJCCFEQ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AV68mcapbm5byJB.exe"	asdf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 4348	4536	99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe	83
PID 4536 wrote to memory of 4348	4536	99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe	83
PID 4536 wrote to memory of 4348	4536	99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe	83

C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\99ac20481d26bbdb5e5e990b470d5e43_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Users\Admin\AppData\Local\Temp\asdf.exe
  "C:\Users\Admin\AppData\Local\Temp\asdf.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
0e1097a1b14970e8acde0ae9857a0be6

SHA1
17fb67f851aabcd7f0ba31a50c03e73978039a29

SHA256
dd5186f4140edfc382a97b19b225d2263736e5352afa9e18eb02c4a321ffefed

SHA512
354fee1c3a754f57e65f9c5d146c3b7fa736b88f90aecb8bc27ae4820c2f1d9d0232aeb5e93c02f6ac8666869eae558b620cb167761c359709f733a73b91f5e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
e35976f6e39d2d8d132575b806cac655

SHA1
d0ced2d0e6212efd9a062d3d04f6b0168a05135c

SHA256
7fe824f1f026ca54a26f7551e4ddb2c7ac79ebb9a1fe92126cadfad00fd53d16

SHA512
15f79265de51a6ddee5566fd211e444bfde1c9f05df67ba52b27f7ca03703b93ef771f42547ec1ddb66897ae212e6a618654159a52586a19847c3b1b8b1430d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
f1f0697eef7a2e2399656e7854cc388a

SHA1
14461cd38f24642b76ff5ab38b5f7c513abbe9ad

SHA256
c2ef95d4fb757b9176aca042e7cf0762b2d1c7758edd44d973aab4ea733192c0

SHA512
2b9f8ba9827de28d10dc4e1602374c0c41ee8ec9f06d76f0d24be4a490903118c553172fbb5152b90be7bde8bd04b459a6932acd6d673351d746fc31205bf4ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
053fe4783d2430942b77336862b31733

SHA1
f2761e2282c4f6a1a65ab5d904e3bb51cf4ab021

SHA256
916af9fb0966e83a051624009ef413bd74bff13c716b246c7c6a8e6263bc6703

SHA512
71554afe10448c3f0b03a7b08eca077a1323964637f0e66f96a4d8c627c048c5176491d281ba495e32e82957b83c06189e9d3fbe40438e224cdef92cf383e8f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1f34a61031c8239c91fc8c097ac35647

SHA1
3ecec4b7bf5a96ac711b9c4555a9d813430cc094

SHA256
18a9f382eb4e8ecf2e1fc6208e1e317b3f2a1ca154d2cbfaa3eb4f68b86c04ee

SHA512
d3ac60ca0077852b11999a22f51583e042a7d696f776246914cf29dbb8c8de87596b42b3d324d5b3cb9119558f74901842129320ee89d8e2336c6b5f6d77ae93

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
da5d4ca9cccf79f2f52417b99f8f8001

SHA1
de7ff4038b8d7f93eb781c6162b1e4177d988f4e

SHA256
ee4381975609fc16214d9059a428da9e75ae861bc14a4066813d1a450f746fac

SHA512
06bdef8734be9df31c7639cd30be93cc2c27e4c7884a551c62e07d2c061999792ad44f531c0a73eb05759d3edbebfc88d3cec480e1253748f6230c63af180da4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
ec60795503840c270974195b4672500a

SHA1
a3a2868a5cad2943ad3789c0358e3b2795c9b323

SHA256
5c111ff5e42ed59cc0922376e4923984e8e06c5efa31fec003d3c4ca0ebdeaa2

SHA512
c4a887b7b3e41a3e512e2cadbb35874efa1296e007a3e09b8f22c39f9e56b829e35cfd136d9ec6b342dec4ee1ff3cd1c656908d21838efecc600d3d0ad1c46ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
085f82fc22b74b410be0f60a4d0456eb

SHA1
e1c7c8fa42a3614e1bad527a0620fb65cc2fe1f5

SHA256
9e91741ae872ef5c8d4e97270bab75248cb38d1d826c3b2b19482c2aeb6c10e8

SHA512
e89a5c3f9103625018cb38211ecc07eb578a53c58b53fe92aa5856d84d9fdd9e5106251ee7eecd4ffba0da1ad0281718070361f98ed4a0e63f04a75a1ed57162

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e2bf2d1a3a6f34ac91985c66147644ea

SHA1
e21c7e5198208d067702ed7dbf5a824b2eefe11d

SHA256
691f9145e5617165ba97fb2f05b274fa09f213599691cbd50fd177a51b1177f1

SHA512
6bfdfcaeca0b9ec9c19ef2d28da410c2e1678b9c7db4cc5942386d3adb7dfecb2d441687a589f0b50be154c8df2526d734e8c9de48b540586f19e678bdd6ab65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
78ea09c6a2a3532515561f8b2fb8f07c

SHA1
914bd5414261a9f1c5970267a9480526937baf26

SHA256
13ceedfbc2db62790bbde597207fa43c900e655b7031e877074322f1bae8ecf6

SHA512
a679d10c95fef3f9e6ecc98ea8aa9222de7b754a7dbcd643c6d268a08bd69b8b537fad013c46f710c1441619f82946ecc1d1b9f54220c69a758c16d5cb289ff5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
06210e07ecbd67e52b94081e37d1fe7f

SHA1
2cac84bec349ffcb18ea8cea8d85e1c93b007cb5

SHA256
b4298d7d27a93abaf6ac7059380163cc3371a7a0f42002a8768daf227f0f4df1

SHA512
66ff3669333e176978dbc1ee0b95ed55ccf4f7915b612062a1a397379a1ae5c1894da1242cb08413000ecd97922eddf20b12d395861f1caa0df40f2ac6afc8b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
8f1813e8fda2306f4af70939e96a0a4e

SHA1
8d0992d9c42778676e61a5718b467f8fa1747be8

SHA256
c8bab83c0cf3609e5ba201fd2fa1d0eeb9164000fd2abb055cef74ae9284aaa0

SHA512
835810a7defc72aee6ef63374d4b8e2f07b1abb655fcaeb1e8c6a4578e193221e6429da4f0d8014ebb64398cb024ba02a322f5a3694cd4d67901f29ae0d3f0b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
db323a14da5b0284509822ee8c4a1180

SHA1
361008d58be25acee2289e5865523b9d493513d0

SHA256
81587147a101af9c1741afc0dd77e5466605bd6a0b7f856e6591fd1a9e0a4b25

SHA512
2d45b609b1eff711dca265f89039bfbf4105afefe4399e533f3cf8c73f822b00e37f960281004634e7ea97c99af07c40965f292870dce0d2430af7abcc5ca351

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
312d3042023234690d05b7c817563b66

SHA1
7ada5b64d6f2daf0d2837ae77255a9e8295bc9ad

SHA256
faa4a1cfd554929368ffc1725e196a0a361954fa071a52b146bd9a811350aa12

SHA512
f03d6559a11f5bc78a694f0b427a3bc15188bd37084d81969256bc86a6220249f124bc90bfe087cb0675cbd06d5be1e9ba1b277921c5ea11d09c5d51064718f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
fba5c7734542756871627d42da7b0d42

SHA1
6de37831ddb3c36f2249d2b2576ce187ecdf01b5

SHA256
af42fc2d2923e16096d08614475fa5546c4a8c9bfa83c05d26f2f2b533cfed0d

SHA512
308657f96191adbb665f271c1bf5b88c7e78201b1d29104063a781561e73548248a7b34d905e8306f6b1c08713753f026cd4e02b7ef63a81b0750463984eaf86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b17438499cca601012564f76a6d95d5a

SHA1
fe1ea47ccbcd9c5ceef9a9fa6537c8243eacccd9

SHA256
5dafadb951709335e95b65240dbfdeab015404f5ce257a736611a71203441ed5

SHA512
1b0a6cd76020518dfb93f20a69da512a2cd4742569d2ca13faf9e0d659f09dca12e3a6d01d9d94b54c48f4c48941333bcdf98a8775e8c2fd0e2f3d3a5946c998

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
2050ccaf2c21e9195d13c93d2d479364

SHA1
2bf4ea41a1dfa28a981d27015de4a2a9f355098b

SHA256
dbb2e338cf15571388b0bcf0b8e7c9f01f0a90c0d0634506ec92006d1d294362

SHA512
ed8b9b81632d4b38537865bf8668215e056787a62cd819c72c80c2d8642220c354384e3cb422d841eb2aca32cec908073ebe0fb7e32c832e1053c324264d72a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
75f3a2c9c63258eaaf79136f4b44e132

SHA1
a6bc7da4043821849837fdd810729ece9f05df19

SHA256
19be1b87d57d897f75b26c01bb914320cc6ce7c13c7dfeee19629b15e8d54199

SHA512
ffe7adcb348462d108e320018dd08d3b8114e8b341fc42b1f2d5ad744a5ae645136a7a8ec40f9e3a1bd3aa68903f8cb6688ce83b863a93c4dcff1bb4d6f8ff2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
f1ce7fdaadcd505adbd5cb8e09c6ffe9

SHA1
d0c90db209ee8e066e5fe9dab34c6ba539a159ed

SHA256
9aae5c004696d3504f76c32fe38b3ad758706509abce48829d4c402971c67928

SHA512
236d3d4845ddbc08b9eb1b3a2ef418668660b3386408fbabc40d3335f09be27c0fb7aff3855fed2768aac6b68269b984342aadfdc91c32e98dc0ebab45a5c90a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
5de91adf6acaa691ec2ab0b39b3c0ad1

SHA1
380e43691317206254ef005089a66aaf5180df8b

SHA256
4151edba25c325aac5ecb54be2be43ddb9841cbc2f22842459f8b54dbe89131f

SHA512
28d51b799074984766d08c0c639a4d428228d9086def689086bee41d3ee710ebbf9c3ab3db22662bb2c94486ec5082f8899011e81888e584908856e09347396d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
31d89423b730698a2cfd7f617211e21e

SHA1
36776b3d863198f843464978ba6339a05b318738

SHA256
71e4ba15ce2d881f2f56371dc68449e1c451f421052b8a555928e004a4a68cab

SHA512
7a7ef0b1fc9c66acd8aedcfd69fe2ac00a937df4da9c407d1b6ebfc70373976c548916d681c6e73afbad646eac8f1aa4c018715ebac60e10061f6fc14209c1c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
67dd98f1b5c91f57b9f4b4172b9a8f2d

SHA1
96be094664685ef8b73ad649638e214e4a2aa526

SHA256
3f45dec4506e3f6ed1f71f03271be3c0733e18a40c966826fddd35d0e9e5b9bd

SHA512
3ff3888abed10078fb2301de04fbb2b4644e0b80079c17511f051e6aec6c463187d91838abf8e459823cd5ada6bdcba834d9aa629c41b632bf2481cd60b341d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3d2a98ba1573fc4f511c5e7c3bf0c66e

SHA1
65090cc1d89750ab285a2c0f1c3db46eaeec6e58

SHA256
f375e193e72744eed1d4cc31220a711f95e93f0bf7b3ff840d5e3ffac40d10a7

SHA512
92ba331b8d534969175ab4d3c1e3fb14c2b34d0ef6831234b074a114e1e61614d0c4003e6c94852b85666252ebf1e7634f4155d018641ee48e5d63f48df98276

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
a55deae52120a3076fcbbc8531f7759b

SHA1
60abb1e1b8f89de48015728d430883c8b3a6e4e2

SHA256
0feb2a39487ac56e16b323cd89f0c1747b9c070179d9019ccac93de26d230340

SHA512
a88ccbc8da7c4d26a3e02b76ebc077c9c03d95cc1aeebb10861c354fd247056adf8099a10c1f7e3747aacfb7a563dfaa3765d5451874d9df0254c18560583520

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
635a49a25d78eb530d3465170baaa475

SHA1
eabc89cba78c13cc74552ca7bc9b3e147ec6f887

SHA256
50d1cccb0d15fab1a5811bc93deb407068104221389e27c6db9f25dec0add322

SHA512
a05c2045d77383fdbd841e4fd3f49d29f31978c1db8b7e3dabcd908c10662b2a3cf6dbf52652c2ac8b85a0e9deb93801baa9242fa2f3a0644ede5c7706260c10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
5b345dff4270f438e119a5a6d61e881a

SHA1
d5a26df281f8fcd39d36813c876e99e083943501

SHA256
230c8778f729d48070b34cc3766ac8e96512e5726e2dd217600d4808fa8c6afb

SHA512
3a07f99fb7b362914c1939e6579b3bcdf34833f9e889237c06e01dd4ad1be21e20bd2fc6e0b87706e86349c32cb45132ab7af25296e8176e85c863eb8fa6bd07

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
6483e6d51cfb5793d17cb5971bb7c921

SHA1
682b57856c5fb35c01b51d9cff25c34d1f6bfc2e

SHA256
e83eaf3ad4017ddd5c34dcacb727c4b70e62aac6d938a1636f6d04bfe87fcc57

SHA512
96c50461c23b4b7386977edfff680879e42de8270bc75f9eb8d720418ae07ea77d60c9b900d6b10300174d0ba6a5d9aa998dd737754343d20cf49f22f371f468

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
dfd61b5193486710e418e7b01d3aa897

SHA1
377655b43505dbe6e64f532e4b88f4731f189b62

SHA256
381ba271d7595cfd56dd12d47f294fe281668f5b81d192b89565a2a11d0c435f

SHA512
e30dc4f5521f3d7a00efa9958d6d8d5319963bf97bf65d9ec57441c5154eba7feb6bff5ee60166fc5b68b8fd16b89cf399e0bd795ca2cc366eb5eea58b3d84a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
5f9578f06b42464f4e17590a9493e7b8

SHA1
f148ef91e629693fd599731aeb68f8a1b8176a51

SHA256
62e0553dcb486f0c8fa51b9e699d9173c39fbb7399cb55da088160e02c98dc9c

SHA512
b9e6577ba966e75b6cf591c68fcc0f8d99593d6d1be7a2319003c7e196dd382daa9722a063df7821f49f87416bc93ee7a84b3f542010b4aa7601067eb8e13e4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b5ddd75c6be21b31c25d3030828d1774

SHA1
146499a08a37f0098c759addf9102d86c0a02dd0

SHA256
0e10d4c6b08d30074235b1e2484adb70ca388a594b44a1dd812469d63997917f

SHA512
b41cc6a951565a86a063af2d2874d46ae9511b23808c29ca1f50d2691750624ac9fbeec16374efdd0528e9be0bbe8cc1e5b0c61469199a0de80abd2e5b784bf4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
1e2acc0f9e55be8ba91ecbdc4311884f

SHA1
af77557ab385c9061de78f5c9cdfc042f6e1e390

SHA256
709ad228686c2425d035586ca150fc92f0f0ced23f3895cd24d256f157fa1477

SHA512
31e5237c15325cf3f60265a95014e7d9a59deea6cde2cfb941fb129cdba157245d0539e4b3cb76837c145ead43d8a41042953e5323d1407b1986c1cd18d63ecf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4644d1e45de28feb1903d70dcd14ff93

SHA1
a510e90c428e401d2de8b92a150d157e1e65e7b9

SHA256
b944fd1496103fd60d8874efef24b3cc0aa56673f15758e4e6300e86db89904a

SHA512
d9090fafa12d2e9d15baf473520d85f669bfe1083f1835e238d008c2d6f98eecee45a0b90a476d05e6fe56d86c22bb956ac471010741f6dfeb9706e469d21adb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
8868a00c83049cca23b38bb0612b9d02

SHA1
51dd029a3e81bcf6c9913fd103ae740b5ef4291f

SHA256
4ed993ec990ae531c700ba142b4029e27508ecac9deee6221b8994007630473e

SHA512
34916df50eb577ec534e6f3d47e91b9348eb830ade09553ddbd7136d97f142c801fd28efad9bb14efa7c5edd3de2410cab54f0d131ab1c63f3fa650f01528ce1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
eea371e800f2e783b632807cdb4ea930

SHA1
3e0a4a80679e7e8ef18212343ec882fd5b025624

SHA256
5952505f6c4b69fd57109b8163bcc405e0efc95dc8344d9d102114896356adac

SHA512
9d9c68d1ddad1ab7c253246b99876b5c5c595fd900ecba789b236e68d7ad1f8e3696220da58f480856045faa9e3adbb6eff49ffd83e8ab4be493be34b8408f61

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
0d7a29d378a981f5db3a8246873c2c38

SHA1
910faa4e2090e928444be4cdc7916a7b0f7dbc81

SHA256
71a06fe851261f4ce50bd76a06e1b9e7bae24638a6942c5c787748c680526cf8

SHA512
6dd616495d5a57bee82c4e74b49dc1826e372e9f6eb05d2f087d7d6e2ff18a33e0544da10e0a48f871efc14e5979c279f912adf27a532d09a2f54fac06c0f91a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
4f70672c37c02320f363e6669510da30

SHA1
6d32b723a12cad852d55bc148f787d20ccc46f59

SHA256
652c5c2607da274aca88feea59ff7f63417bcf544c6a6dbce775ed9811485ee0

SHA512
48db9b175ddabedce64659ee822ed3a5f30fa6469e82aa06ebc724eab337baa08c843a0c226bc1a53baec2eb8c023e011bf43f59a30f1906308ba08375231c26

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
303c8b7d032a19a1fec58860d30941fc

SHA1
ea1fe314bd49f16ebe1143c7ba7be453e7d12638

SHA256
3aaa556004b07a1a2b1ff64860e28e7ce862b190271cfd938b737e5a23fc2b35

SHA512
a898be32df7f4f4e7002ae9599fd763cec64b7348d5b78d61408c0a307f7065e8dd6da03d3751fdaace8c55d2d2008874b9d321f162b1bf1a96c24ee12d82c37

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
b2e34a0f0a839bbee8dde977f247236b

SHA1
47dd867d67ed3a66558920bcfb54fbf5a8fb5c1b

SHA256
a4310a37230c9648c137b08e978d6e479e9d6e905e5213e6cfe33c1173d08e43

SHA512
1c486a21746ce4bc2f6f147dfdb58bacf4ef32918e9b1e2ed1be4a5b5959282c780f9df2bb46547020c6c1158f18ecac0ffd45d4cc0f0a0f1bb420176e229c23

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
566B

MD5
bf7c33fefc44b06d8745cae5dea04b4c

SHA1
9d6dc0cad21510d21a9413e8af98c08f31892ef0

SHA256
e875b7b939152a5af40aad0df542fbad5c9b96584c2e99e72439e364c57a9ff9

SHA512
b3fb42df3087627db830cf55332b569f99a00102c102783265bcdef22efa3829a996829c0afdbcc95e4080dd34ab3eea7714323e51978006a6a524603a9138b1

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
665e1d3ef858211c7eec7d03dcb16e33

SHA1
1971a8b3cf40b1b7e910fee82582c0b1a0354f5b

SHA256
cc9b89c2659f862b0d147f1df8af59c5e8fe5828e12cafe3a342a1ce942dc15c

SHA512
5a67f8dd33db5cd074edb8f745c83985beb973a7786e0a345ad6d29e71c04955eec3de0f7b6dfadb4abed7dab6ab668a8b997c5abba95570d790087a0432819c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
5c81f28f95b820e94df4b84b334329c3

SHA1
5fdbcb3609bc3c51ef61dc3c96df94e116ddca38

SHA256
68db222e2529ef55f2a9a8f111ed3cd90defe5a4a1f6ea9cf9a20046062820bb

SHA512
f596a9f14a166ab9d49641e421235a7dac091ef8af4a9b7283e53c7eff1b08b0441d275ca5616a8efbb6b67908c2e87700f21d1de02f381e8cd3be5867a83a8d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
a827c24f4a041f6da8c55be4fc94c087

SHA1
31d3e4f237690675711f180642677e49390fd602

SHA256
c059d92dacd2b9eb69028420e7106cc2bcaff32e9d26b536a75db0c58ebb5eaf

SHA512
04a5cc7d76599eee01ca1d41622896bdfb32abb9d33656fe80f95c5dce8094af7cf30d787b6d2781ec49421056c0ffc1224a5a23cbbf9afbadad1185fa40e3d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
fbf4e7353e988cf796d611e13669669c

SHA1
598950f61ebfb537bb2754ecad4e000814850994

SHA256
57839c0d9155f40a1c647ffe278535b0ef7540c7657ff32d6e6a684a52046a91

SHA512
e71addf656e2c78e9cf0e7c3519867352da1be8cb8c62541ebdd797c6e80f1513c4aedf0e4b3a4a6eb9a5ca0576837b40fc29aba146c199452b51bf5d2453ce2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
ac71e5c81ea7cd4e20a61c11ed986eb9

SHA1
7d2986483be19ab8036e7663a44a885976e78aa3

SHA256
20a2ab9fe42ee7ffb89acfe535d9bed5f5b343dc643f19fce1d697a328902948

SHA512
e415064a1ee6c7bea00f3fae1fedf90df26b1af702f624d8d6c2c5d511713ddb6f760fa73eaf2cd7b921e025743ac0a67534f4924833e154283b6c860c12b23a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
193169d4c8236aeef47e1656ef4d9093

SHA1
dffa95a4655caa386727d448b14f97111999b371

SHA256
82ca8766b47e0e1d31b5a17f0f5d453bda3ebb1609d9a3ffaaca809644c27cdb

SHA512
fb10dad1cccdcfe59be5edcd4d0a01b5ec7b163dd9115bfe21cd432ef62311aa1ac90d31a0ea9df55d1cafaf31e0031fc4c3884bd5c49caa7475038db25848fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
a83865849d6f7fe01fe72042a761393a

SHA1
7112a23c2a789878b145a6c18497dbf3a861aed1

SHA256
f582f79294f09c2da8f6e5874fe70b14583cf8a8d6d959d31f3eaf502a434e10

SHA512
d5ed5820c29e4fa0c5556f999721e58b7c95a01a0f9b7bfb2a6fbb9512ba9d5d4dc0a795bd395d35b19983c2f7d9dd4230718b4be7a1002e510e0c043decce38

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
ecd42a218677e3501aa48b77a85f649e

SHA1
a8d8968f07c19282b5ec25dda0556cad7fc41c01

SHA256
4d8caf24fefb396cd6a7ca2c70f1d206c711738aa394240086159e5ce3ec01da

SHA512
93026832e6ffe8fc385c43652fb091a74aa3b1af9b04e6c83080be89e93e3c93605beaf6dd93a590279b0f5e0a4baf43a8e9ec1857323336435e03b71d9dfadc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
d2aebaa1129531641f14b0629f9447ad

SHA1
b1b638d65b1b9c1890ca6578fcdccc948f471b3f

SHA256
83101a08a7f39757edbd237d98dec66e70147145aa11650761b41e2d2ba380d3

SHA512
dbdea977ba8e9ee896e156192c8fef4292da47294ac5d392f0eabe12a677539f8a697663fbf67db999da4232dbe060bb8d9bc89645ffa423769c48404e6f021a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
330d58341c2f15db0e518483c5ac8987

SHA1
863640c1664515c1aebf6325039e0e57151f37e6

SHA256
674b7e26f56f79b12b66676302344810e5380a133aa0a7c4cef8b0d1138d43c5

SHA512
edef0694de6c2e033c1a69498cfec3677c3fa775f2711fadb0c5e88d957909c21d81d6ac86a113eda3096b1aaad87781cd54c5ff08b54f03d3df83bde1a3f0d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
78e97dc92867bd8bd32eb15d9df3b69a

SHA1
62a09030d7823ca40f464e3d877370271c165e1e

SHA256
0697f27c7abc8d901007ac7b6a70a70c280c6fa056b40d1f864f7df2db0404c2

SHA512
910674ad09ef629189dd247eda6911fb5e169a9974ed01b5927b455f49d479ea264fbac8cf1ed19bf5baf35921741bc318d0094ffe115656e5677758614802d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
318bb9111e471cacf001c81ca9b174b9

SHA1
4e52efe691c12fdd9ca02fcabca1845f2b78d0d2

SHA256
ea888c601041570d2c153e9357a8478e80fa7488255247c745986e772fc08d3e

SHA512
5ab7602b73b77e7d2bba03f6fb01593dea68f42235ebe2de86f8098ecbc5448c428584cff0665bf9620e2a96dc0a1f9f8a2696fabe7377b5b5a84512e64d1ad6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f54005c34f6cb8bc69c73a5cbfaced64

SHA1
c03bc0a2f0a350d34428b3d71cb1a0d0b06d1f1a

SHA256
d4d48cb9955fc36adec677e626d6aa83e126691f44bd3d4e62e137f152e9f9a1

SHA512
8a73314c0d861792e7a896f4e9291bb9196a72961974083dcbe45bee1b64f44ed5e4b2f564fcfa06b7f317405c72cd0722e478c611e5ec35be9c4c1aa815d553

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
96fecf203218ae18068ccfffa70e23ba

SHA1
7b908267b9ed92935f262cb96f36b9a7225e9c4e

SHA256
24663adcd4fd2651991252cd3939e3506146ea67da1c3f0b5732ee4705bed888

SHA512
aaaeb385fee06fa7eae0ade13f73588d346c0408f4742fea87efb3cf89bd2febe9558cfb5eb50f99acacb11d2681a8b52a1dbad35cfc581a5bad0896f06f4b98

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
7119924d10f9df487d6bef590f2ccc85

SHA1
2f88a050d17525dc29c62a0452c3d3e0fecc8b78

SHA256
fd94f81eaa3e1703e89656f125f139fbb5aac91ceef37402283cc884ac07c8af

SHA512
16ec1ebc1dbccf2b3f7e62c9c4cc4ce4babd60e9d469cc1cdabd9b22c306df582775530b5f8741671eec3de1e9d4bae0fb8b711820f1aa5781cb79d3231ce396

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
d9a7eed542a266bf3c6f477cc9f1c1b5

SHA1
22de0eed2ff913ed635b6aa91dea38d693fcd9ae

SHA256
78f8e1b3e47f1480e764dfd0440ce4f957848841f3b4864bdd121f7a0855f974

SHA512
3820dd431b4390ad0e16360125acf4b8726520ec64437f9fd6d052daed726dcbf5de64f7f056f56410f5dc6569739dc309cd8bbb74f95157d3a74867149faa2c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
e116b8f5543a1922ab3d4f1b8c796f20

SHA1
340f517e79645c8d3863f3ed6b094d35b7bbc301

SHA256
991479230369bf5ab70aa03a211c47e682f6bf3138c8fd9e8e6be4b9578e8302

SHA512
d7420822e1577933d8543bf376be2a06675690786ef98228cf80e66d80f9b36caa20b63f22b3e6d8d6dc2c2e3cfe3ecaca0475099b1ddf67a30ab95d2d605066

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
61f77fa9fa7f1f5bf2cd1e4d46a5d30a

SHA1
b86fad293b47aaff299fae5642e7b7dc81b65a04

SHA256
364da04368d795c4ac27c128bf9406b7c03b05a81cae4fdafc6e9a5ea98f74ae

SHA512
747106e31c13df26b6b99a4f551f70f1094f91d2bd6a0a7372cc296fe0067ecef33ed29685d8258ba8df3b3e8fe4db95697f3d781645ecbdaafef82707baab6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
aefa645b7b5d7e4bfe4c1023f01de569

SHA1
9c9bb4e85d29f214b9fa8845b2b5f0b21b3fe213

SHA256
669c7975ae32dadfad3530eb62edabe95ccc9e9a6e540ff7f227186ff20b9be5

SHA512
878f322cc4015e52b54af308e3b2c5139463e255ab118e8cb7435eaefcbd9f80da493dc897504928d14dc008117d42d1363183d6fcd5909bab96975e67704170

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
67262abe36683d35d324881c5a83c500

SHA1
fdd99ceb07cadba221ec88ebb94784d65f48f103

SHA256
cdb18b413cd86e3725c41d2213f973f443fa238ea324945b4c28293b44bd1694

SHA512
8e9358681b3429b33c5db6d997a50e5701ca0ff15595058e47e5b9c7d90b7e35db85b52a1b3e5cb6615fe6aa3bef66ac174ba3435ec4efd17db595f8bf214f21

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
2310b3b7278e8cca6f679f33f1626c8d

SHA1
0f551bc7b62bbec58b7618cf61cec8af10131289

SHA256
42a1badc65fabc947faf2b4732bbd05716d683e1f343f91388298692120d64b6

SHA512
3843f3ba226bf3aa47adae507e924e1a0eed86081f13d024a23a81536d598bee7c39ef4fb09730d83743d536eb44290966d1e966b228c872452d0a1595349833

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
3c3d0910e26ed3a4d852094dbf3743e7

SHA1
b9be5ff39f12d21721dd6f6dbf28bf16c0b777e4

SHA256
7c91f4d8ff0c76db71fb92c29883350aa5540fcf27094d61fdb14a5d1cba9a9e

SHA512
b1629304f78c0cdc31d3199b37a9963978affa4c62c9682e07c9551100f6126a687985920f4c4960f16063b5bc3f9c4c321d52fc98ff52f1486a8a9091a493bd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
eeb6bc12ba17f739f6d14e03af90a3fc

SHA1
30572fe5e70a67dddf6e618bb552eeed3710b6bd

SHA256
99c7a2c634b8d08b5599e1631c84a41ab4442d66692a4964ecbdbadffcb92d7e

SHA512
3a7c1f532a704ec9a19253e9319fad9c65cdf6de91e5774fa96bef49dd16b7c5713fdb25e88dd93d80b1d6a1cf4e54930730d1043ef27afcabdc599150fc4237

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
d2125c3377dbf5291c8e8279118bacf4

SHA1
1f370bfb3f43851d9e9bb2dbb4d044781f90b48d

SHA256
3458b8c4d9c9de2dce1404fcff5507c41b7ca09277912a1c48c7d36bf691af97

SHA512
6092d55fc8a740ff3d3e8cd76efeac3144c772f3c2410471802a4c6991ebf6f1edd583047a4c49120d8a0dcd4c36aec6c101d35980e013045edb871e46f020ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
85a52fb8fc4049ebf6b06c9c9b0d9f61

SHA1
fa7e2ecd86189392bfe583f5ec361118cef71e1b

SHA256
40c2237e44a8bd426c923437497ee65c2af07b41e3bbe5b5572559a8cc10e518

SHA512
933c27e120104ea672fc1a84a25660a3ff0e3b13339869b28e70ba55b30e043ecd0479f3b072b1f1fa202278979bf39539030a1bf3e6bf9db2e0dda6fef05d30

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
272c4ef3fb5f53df09c4da10b30143b6

SHA1
130a6aa407e3c49f14cd858b21e7bbf23841a288

SHA256
54f423ac5ef353b0c181a6c042dcf798e536171f5c81c2cfa3f99c0cb29ab361

SHA512
683d967fcd8e726346379a6b75ee731098d28d5c0f85723d2f25f0296705e1c2ba691d5d183e2e1d28f7ee1adc7f90f5599ab7d09e4e189fbeb86cb951cd189e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md.EnCiPhErEd

Filesize
1KB

MD5
58694e08e76b577c80042893fe948788

SHA1
7bdc9c6180fa71e88d2e140f4221758b1e4754e0

SHA256
26779e6f7a03a31615606b4a0820f7ab467b1b35672721d22c7c2899f8c52628

SHA512
04a3612aa7ba0a716a58f802834aef072d82ab7ec7669d2be681bfd92b1ae0521cc83df03302be22cc0cfc2756539981bd9848316713adc031df15b950cb120e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
f31997e07fff661e4c7a3c82aca0fb1d

SHA1
f80b3559374bfc579fd2d3902798198cd3346552

SHA256
99b0d233238b9d9b8f2f7f4fd108f1cb8dc719c43215dc9cb48a1a643ceadd7b

SHA512
fce665310bba7f6163b1b43fb9ea27af6e659623c2c0c519bc1e540fabd5e9864516170a5f2d628bab0a9a12e51c1f98f29da9b6c5325fe74675c5d050c0ea4e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
4f3675c9e04bb032c810488d4ca9b940

SHA1
184ceff81c95893da92a7e7f4829e5ac4a8fb104

SHA256
7cbe658608569d0450d3923defdf4d85b5c5421b31afc60e6e240a6493987fbd

SHA512
f072fecc48ec2f89d323890f6c5cf020aecb73c0c388f2334af98dcf74e1f85f79612c94e383b3b6526cb6a6fcf51333301af44e3071656761cda867ba446bfc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
aebac28f4f49a0e637f37ca13326a582

SHA1
24effd44df4e7c087fbf97fc39fbb24626a7cda4

SHA256
ef19ff34eed2621574a756d3819207deb21c2f1d9bf8bc9e9415dfcc5fb0145a

SHA512
b81fd6023c3ff285ec0a2a8cebcd50f94ad31f0e1d641e87f5cb8298c7616ffecfb85bf61e11ebf76c59683a4df823e7483d064f0cab7b85e31990c439175e0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
5801047b26a06dd5528d68062ef743ca

SHA1
e54ed6d865bafb43d7a4c031248ae62cf44160b9

SHA256
e529d9e20d9b7854a392b29f0681778f0911c17e35da02fe8f98d3e87f94f93f

SHA512
294259c627a43768e8e820cc6e6707ebdc3d628ea192946956b51d25b6ed2a2d344a92f30fedab0081c82c6b1586c2125b960d55afe4fcebc1e64488b88f9c60

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
97f888d28163ea7ea4534b7bb6587e7d

SHA1
568fbc555ee6fb4160c4b5a18ec546fba68da85f

SHA256
cf48d7936be3c6264a013d84d204b2a3cfa1a6f7077f5c79cd5896bd442beb9f

SHA512
311d84e170308c9d7d2dba44f88694250ab72763ec1d191b870f6c37ffd907f94e9f8c69a371ba2d92efb2ce066c610b9eaa7367ad9762efa28ade28df7bb288

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e9d6dbf9b54b313e9dd443b88ef9f9cf

SHA1
aec55fdf4d3b3a90f2fee83e0a0f521c7f04aba0

SHA256
d8b0c09b5652f96a2000bb03faf10dd9e159403ec11a6ff8c063cf8cbb2dbcb4

SHA512
403858758add89762bf9c91acf00fc63bf77d07567e9e26153bb8f39495cd2e660cf9ead3dff571bf27c24a6416352c992180ccc60bc09070ae3889635f32707

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
47153092bf983646e310f55eec676805

SHA1
dd050bf6b94abc76c7a0eab53ac175160f496995

SHA256
aa006c4475bd892fac3d7ce7b89f9cfa0efb3fd6ab0d0b18e232ff68f5234fe9

SHA512
89522b4d7ad543e9b3c9c27c3e2a3b70aa8325c90eab22067df7e219e32b8100bb07875871b99fa2a9092a616021865e45aaefaa5f189cf2ff49153bf72950b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
e198d271a8daa99f0fa4e1b4b94cb8ba

SHA1
c2b37b06ba1d647df9e61d32cea8f4af07738f47

SHA256
30b05fc97b8dafdca5ee2facb821546550441c6e3c2c2cba27749f1f88d4fb7f

SHA512
2cd0cec8598a1f0d53a57cb7936118beed7ebf712ef22721e9d26e292263d0bca2f2ca2c65bd950f3e0054f745dca6f88d3beb68a1052a668782d457972052f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e998693c7be3c0a634dfefeb9fc20faa

SHA1
6f3f2e16118a32d5b087ac3d414e60eef9507479

SHA256
a46a23e10bc35b83ab5b3902fda21702c93e2d1f994d2b6827a68fa4a89f6fc7

SHA512
4a70537c6cfe0650858275b0f053ae9c6840d4fe6c14b3eadeb0ad3bac6aac0981ad3ea21f4ea57363a338165ef6e590d10a68ae3bb017b26c438ee91611f024

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
2a647cc29522cd4c5b4a3474929e52c2

SHA1
46ff711a593c9eb066e29f034ea82108654c8104

SHA256
0fc016858ed6a7d5dabed393ebf6f4dff8118ea6236fbf97642040fb63d02722

SHA512
97070bba6a40aff252c53c386629d6761a81ba98d1607abf71e890f8f881ab8032fafaa106ac152919bc57a8c9051a156e82a4e684f258ccdb25755f208d0ce2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
14b3e2b08dc1e3b524dcaa449032fda8

SHA1
c043616e8b505c7482d6153f2aa7c9c21eb40cdc

SHA256
c2f9e694f004381e3060749420a29055c04a6c29379d93a9a82814a562d6fa15

SHA512
8bfca54b74316e0865e96762d7b2684a60d5c4d8bf11bdf7480a04ab16d7ffc4e18d0699c18bb51a60bcd3b2d4c6dbfce9bfe68637417e6aa8f55e065021f0f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
652c35dbd50be368da76b1d53b0449b4

SHA1
1790456f74cd609e40adad6376df2d4194fa01f7

SHA256
35601957597be37e7c5537fd5858d890fa81e5340dbe6448184dd8c820d39a05

SHA512
90b90e71b2bd66ebd169bd30084ce54d1cb23c860f7164ba2f23c196c319e4ecec6b963ff7233fde4b59b6ca7b3e00675b1e3b039b0f584248ba69bb9f7f20b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
665ccb8f9c1d0bdd6c64ac163aedac73

SHA1
d765db0c6c5a66730aa21efb9c1c95ee9fcb4f23

SHA256
9b0c795c54a9a91f9b11f187cc0bce2a68907e6c2a41c2b43f4d7126ae370f1a

SHA512
ee5fc5135fbced2ad25001d3a74b4a78087643b7cfe586e4884b1ac37b3244252dd12f12fa067a8cb8552db900dd87c9ae8166066f65bce2655e7552934a8322

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
5903ab97871a3cf853df1472255535eb

SHA1
9dacf3c736b4b1be82fa331e3e27e9df8aacf112

SHA256
64e3670615e8428b8265a34fe8295d8e0fe38e693147f51c41ad67eb3382dc4c

SHA512
53c9ef4ad8f6c168672e898fb69cc95ac7bbc0ae780afe394412701e4315bcb6e140beca308c2263fa87293ee050fcf5877e1bf9e3c57819dc83b35cdc29e082

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ebc5bc52094ab4629a49c7b4e8d2142e

SHA1
e04c5aef81cfe8b65a7824d3e37c5c2e1df5be54

SHA256
af9952ea7ed79846c60806474b48b0fc01de7c6fcdf3def414d02fecb0b28547

SHA512
771263273530836d9e9b54c1a5e01f74a3df8bbb92a379e6586196aa241e99b15985672b87d8ee41411f9af771bd8f393a01e033a15c1694200cec61e416678f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
b0b3a90ec4c7b37ff52d270a17c5e135

SHA1
1dd6bad59c09d4f092736038e20c6223ccee99ec

SHA256
ac4e62a66d43dfc95aa07cbc65d63c8162093a5b3590caa50a5bef9684724de2

SHA512
b1a2333228b8e6be1967536bf65e697ab8853619b0a00a9556add71b8a313ef9bc1af6a5dc3de86e240f23d6ef15f8365209853b5178bf8b25cb24204034f8cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
da5761b5d2c5f12a640f82ec33d56c42

SHA1
c8138a333db3fdad3f309262b067efb9add7af1c

SHA256
68ab52738598ff27836c88e8ec13e7875f83356d57c5ace0f9cf8766aacdd926

SHA512
66260b2695668874c1ec7ba6312f53796c5d0b4d47d1a6c1e7c6bd70ec32152ccdb2937987a3604011d647f9912002aae10664c3f8a9244c5a76efa0cf693727

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655502487171.txt.EnCiPhErEd

Filesize
77KB

MD5
12acc09d978b0da8d4427cc6e8e17768

SHA1
a75a75cfc97a88f96b38db57d3559123a9427552

SHA256
26931f752bdc81bf1c209f6a566d7de453d0932ea0d5c54fe3aa978c17e5aa4c

SHA512
2e98c77d7dd9d7963833d89263f4b6c218a4313622e0da4c6c4365ffa7b91b5b9bca8c7980d5a5f6ae53097ed1f151fd29feae73f69da78b06b8f8472c2f50d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656590293648.txt

Filesize
47KB

MD5
877056a774147229840f513cf277f98d

SHA1
83afe889fb83c583d24795871e676da2ecde169e

SHA256
0b3eb3277bdcf5af9690bd45940d165ff783b784c49df251ac742a1dd84591d1

SHA512
c0613fa2f8661ff1a19cbf89cc4c35fcb972a531a37fc842ada2b9a942e4c84c0316e33a7e31ea571aa472db9ac54b54c50452111833d8e620e9b63c65344786

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663328721506.txt

Filesize
63KB

MD5
3fc9ac4aec934009136013069f77333d

SHA1
38b6c5d96a2d419949924dcf3ea65855916e7bfa

SHA256
6406bdd0920669884904ad3039ee4e7c14e569ff262d087cefa668f3cea49345

SHA512
88bc4627cc720cf3b45f52b9cd16e272ca90ac8f2f008e052ade0d835a5252d6e97acb5f4fda662eea5772863ff4c5902144d4891bb4c7f3b7995611325ce374

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666039184869.txt

Filesize
74KB

MD5
c821e3ab0643637da8dee6ed331ad6ba

SHA1
a270ba73dc792368179e4427b79142a19364f055

SHA256
f76e334d2358229a6c2e45d4f7f74b58c7007670eccc389408a6701fa0f1b404

SHA512
586815f4fc995de1cf589836cffe29bf82974ec4f91b093595fe1b833f9d3cbf671e556d578a3aa0ab8abf2dac0147182e16f3712a502e80bfb16a883e5c6d14

Download Submit
C:\Users\Admin\AppData\Local\Temp\asdf.exe

Filesize
7KB

MD5
44f5857802e6afce8b8fee1f5076faf6

SHA1
c9f3839db2e0e3c64929a7ca3f9ee4a1d11c9903

SHA256
d39530b8fd308d46f9684df83ecbb52af0215b273aeb1706e56e2a4b6b1b2662

SHA512
8b82d36fb81554b3ecf19234c29a5345c046c63ee7a539485f960cb0a03e41f072c3c005a9efc41bc51196abd5d679aa3795d0239bdceaa235a261242f38f77a

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
ad659b9739f39db94259209505bfa8ec

SHA1
22c6b8a94a9aac32b802bdf9192b783309780926

SHA256
f27c596879f629d436e5dd203663045a772d595b521054acd7b56ef8f4dab8a9

SHA512
c7c509fe0f37c2be006310f80da7c0d776a61110852121f6fab341fff84013c27d83cdd3034616cd26e1dd8026b008569b4079fc8f1d664130f77b28d0c39809

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
0b73f4e7f3285cab3424ef4854c78fa3

SHA1
e77edc9799e7b603b9e446a402f9d1592bd51e42

SHA256
63a859e025bce1e96d839e74180890779dbd67a1dd8f8e03a01217b85492ea44

SHA512
9b96de461e2b05f6bb532453afbffdeccd185e10987b7c4ed25ab2467921c54b159d3769895d4b29968a0a6af5d9a41ed52f4519787e60937c8216bbf4160645

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
b28a2b94ecca7129a82810b18a017a59

SHA1
8925c4c5c73d0a0f58d9383597ba35c50e5b899a

SHA256
c528a2074c48a4447fdca8f74fee2a7d5fcc6d1925ecb33ef6cd7e75bac25ed6

SHA512
59f5a0839a0318134a00b36dac0a067c3e4f5ce463e5cea475d2d04d03083e15fe8b02845c91c0282849a743972237b72a654772c35ec799fb9f1efe2051cd23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
983653f00946f2224b9cf151fecd9ea2

SHA1
af1c673bac69e6b98bdd44a3657b62ef28c69d79

SHA256
45eb6bf7e29a267c29ea66698736d30c1b930900329b68461990b1b7e74e1333

SHA512
d6c02d75e0056d11e4691bdb3727a313a698b0f515eee6f2aa527390a111015ad61b0916ab53924aa3846b61058ddfa7133eba4fd986471a115de208bcf55423

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
cc6f01d13384715be5c83ed0a0581b18

SHA1
bdb8f5675c2299c7de621c63f0220166fa239514

SHA256
232718b534deec376113ed2e8241bacc07eaa60364f155efd2e088220dc3f051

SHA512
1e68f57f652f81c57f8a4d350d44ff233bd80f59560c516cffbe6bbefd2be514c37882f11db604f72d9d01b9189e81972bf772103a4640ca1dd952faccc8e7d1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
f7d93abc310bb11f60690807e4356326

SHA1
301b893ce9f0314989b640995aee70ba8a56ad7d

SHA256
ca1a4a2e5fc2b314a51c3235f24f12da8e2895ac18d4cbe082988dcc3a26a1b7

SHA512
52af5d128b2fef5fd8a22fe4ea9f5fa9210cc7dbe7d4fabadbe12696178e89f2516a0eee8077bcd6b7068ffba6bd4fdf831c5f8273ec1e3d88fcd5dbd8d00b06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7cbde54ac6bff7393d53e18c7ee883e5

SHA1
d75fe4b98fafe36a2c50b287e21fe75ced187673

SHA256
5f469a5cdce2a9bb2ae4730598607cf488a616a80761250fee6f03430fd649cf

SHA512
249185cb7cca6e6a227c54f619db916b13fd646ca56d8906115f4c95f77e92de0df5b782163567db68705c22b1c14ae6bb1d61db0a5883307075347f5627c0a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
2843174a0e12a16c17d601ca2a308568

SHA1
2cabaf6253822f426ea1e0aff4aa3f7cf29369f4

SHA256
7135ffb63794226e705030b4d6f26f5ac35c976d823c0fe35b192d88ec74f631

SHA512
b27e78376915d235f035193948160a980106b5f284a352171e3dd86cb5948bfc791e19a430734918022054acdbaf34a72b3352e717811f6716c62a1e33762cfb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e2511ecdda98eba90bda87e7adb39896

SHA1
0dd2215a2b2e274f0c57e945eb34376a2cf5dbd3

SHA256
f47d736a110f93a3606b049d70a496f252d90740ba9a7bbe82bf69d4dbc36d20

SHA512
c8383844e6805918e3e0e435a403d32b647f5b955aa2a13521db1f30254c34a32c0c47d3aa56fe42a91d25a0e990ef920a12fc62ebc4eb50810347c367d53abb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
0e7c25d49075d572d3a774c11a3cbff8

SHA1
5ddc292396cfab116629aacd885730add6fa93b9

SHA256
aafc58866e459e731f0d7c5b069293afc40cf5b9370add0e86f9fef1c94beeb5

SHA512
be7a3d784280804256b9fe791ecf23132c0f2dfc627dfe7e10163c27a2d75a14d08d7a5b330331ae2079b45290168c6fba1716635d55f0f7667db93a13ea322d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
b8359e601c80e77c04e43dc766f0aa5b

SHA1
bd0e1eea9defc625ff3daa9087435dda9f44f82b

SHA256
ed39fc3cb648df9c7768ae5cd7a52a91bd58503ff16cc36d557f3c9d36c241ee

SHA512
a4c4a81d3d5c758b73384aecdcb4316d4ee03e984d86920363d5813e146feca409b659bb26929ade3419a40b474e9d68399f575c5c6e534ecf30d790c9b69042

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fc002c1de3f25a53ed70e4314bf5932b

SHA1
c61fa826da41647d1cc28474683ce34f5f293cf3

SHA256
70eb8784cb4958059d42a6bb6d9972e7759b7f89a42d2df2642a5698130abb88

SHA512
74947254e74df6d361fc1fbc970e88d0dc17125256373c5aec542512b769e7d51d93d944e4704b54604f3f62aebaff1e939fddabb82cdd2c89eaf9f5adfeaa6c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
72ce2da875ff80749bd2d0c3e3a02016

SHA1
ff4e0aa7a6325503b3dac00751bc9a3af23d74c0

SHA256
bb1a37f9ddfa809c930911fa5b4824ef762af9745fcdfe869c61f6c728249543

SHA512
dcd44901c8cae86aff1940cf35e313a056f3c0d32a25e2b289e7ffc73cac22e5cbba1e8ac51c5e4e1b5fd213c811fc97e904d9fc442d8f113af64af44f08b1fb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
f9ba5109b37370fe27884b578dd696d5

SHA1
a6392bb943ef2650c480c8856cabf56cdaaf1966

SHA256
ad238a172eaaa307a65823dbbf2719d867fa27ab9b4c852e927a6c6329157acc

SHA512
98c4db58e545284316717e84a0f0a13a3473e20770890c75568450751c676d44f709da1ee0b68954baeeef3261eec7cd44f890080993407b04c0cf57076ca147

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
83afd2a715954abfac3308079b1364a2

SHA1
be99e79e4dd915b0890c1e6b994cf9b63a1d70b4

SHA256
0aaee0e39d8381365d636d9b7f74b7dffee1ad11c6406253ab6c6574e34547f8

SHA512
52a45d2df2f10c942c6507199c6953786a0672510f71c67a520ae678c3f5dbf3752ed6ddae675f57df4673ae14fe8a8f9afdb69c836f2822e2ade7e39381647e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
2752ff6abfc32f0666365e52cf2cac7a

SHA1
ba09e8b84bdfab9828779228b318b02925df07ee

SHA256
3c7a3bda17af6b80c24f93d39a9b92db8f8d095757b7e639a9cd572eee3d7f85

SHA512
cf565547efaa6de6c6b2cac9b4fde6b1e4024d516e1596089859334ca25172dc3f35e09e3ec8ffd1d3d72a4210d70a89a48d17a82dad3b0417cff93ef48b7f49

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
d71efa9529cdcc0df684019d6577405e

SHA1
d8c6bf96508daa8aee79d62ade3c51ce5447707f

SHA256
d82d676c3a08009973bbcf943dc4898e4d410b0a1f5e4f3068971b27a9a5971e

SHA512
bb99fa1991d33656ed7c8fb88fb44f7f9c290dfcba76a1b51f26e12d9d6badbe7eb02b5c14662411937d0063a8dbf7ecfe6a6e1bdf53b15c197952d4c4da76b9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
6f46002ecb7f3270567748d29b9da221

SHA1
ecc049f243fa1a87435f38f536743d3bf2ef325c

SHA256
3bb9b6e1e03230f6c5eb1bfc2e7e277e08d97feeb547f47ebfe628c7875bf060

SHA512
b0193ca00eb140f39a65144ee1609603836e3b2efe2a3be94673978de6b531c804ae98fc387702862ac61d764265311a0e5dd10c7ad8b4cb7b791ecd69df1b99

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ad9f489c2eb18b3c56293cd6f4dd3149

SHA1
160404d3f1ed03a614c5059659c6cb042da4b741

SHA256
584a940320a813091a82f96cb430f14da9299031d099267a1db7c1fbda036f1f

SHA512
456fe022c3dc1852638687d448650329b2fdc7a6ac7d9922840964a6215d229c35eb30a3322c1c36241adc56c11a557990599a8ee449bcb40f14342d717e6443

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
d4ab1dcced3d369768aa39371fa1ed14

SHA1
8977111be0675c940337b3d5d6ec3afcf94c4cad

SHA256
26fa3d86c166f00d6db27f932e53f1d2a5c59e2148d1df69512d35559ad7fe14

SHA512
59e3b91a2747b814008bd7f2769d3bd8bb8ee74e516333a289e0bf72841c53bf065550372a526dce44540e35341ce70230f781363578edaa74957f8fe8701ca9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
8051d5e385ec747bd42fd655cba2824b

SHA1
22c890967bbdd3e2521bcc8140b82e2dcf19ab3b

SHA256
b9951ae6559c226ec00814ace1a1ae048e36bf06f6af97bc97bf2b8dc4b655f9

SHA512
e8d497a3cefad29ed7885540448da0071e3f57f11ef053b867201dfe467f91a405fc2ebbf2d8b6057f5954a10df3ee932cb95a105dcc1e68939e9b83f72d96b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
14ce83343b3e3a8a403fcb17be06ffe5

SHA1
ca1f53ca28963ccdd9256ff60b27796c5e47e902

SHA256
bd6382bd2bb2d8611dcca8aed56c5e75a50aa13d2afa6a81fad4c90969d2a066

SHA512
4318905a5d18981a783e1a8e5b9e02e9ad066c1e1aae3362ba47d5d69800ad1746d9bd3d481dc2285784fdde61830e22c6ede9e16f6475469a61cc84936504d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a441908078edd792e50c0ca5ab40cad9

SHA1
4497a291b82f0ff4ed01a3b21b8f818eae3bd858

SHA256
eff303523958d296a80b6ee6379fe34fde19f59d0ab837a16a5e03ac3fda7742

SHA512
e59d601fd05a8c95b2e20ba19b56f8c3865237a1fbe5da53aad53915bc91bd11223afee3485cf490a7d2ce7c3095f7d430f5c7b46f95950560ca0aff3861b64b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
56f80ca913f4b3665d96375878a836fb

SHA1
39297aa598c3691a8bc2dc7a715fc9f7141ef963

SHA256
bed801ecb8864e6a180a34ea6c1caa1adee51d1ca5c25cbc5e52396cea9599b0

SHA512
af9d7cedad45ff4e6313182f13faf793f12bef0d720e6e8d328f05848c1ebff16dabac5c02925695d730dbc357be004ad8010685f5458d8f8efb5012b2c163d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
e5ffe8402fa2665230ea24ef70798ff3

SHA1
8329e8ab336dbfe7df692311e86979ee81a4789d

SHA256
66aa351a65637ab0741921c57d549cc8616981cf250bf6cfc9e7f4e7a3ac59dd

SHA512
952bc1891d979c206bc86b32fe897019b8218d6165c7130f4b80936e319d7721eba284f4655e882d24ed962d97a877ca44afbe0f431c11cc843dc8b5de93c7c4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
fb7e465353430e0cafcd9b839c5eda0d

SHA1
3f657bd15992176914e24e36b3a239b7505084af

SHA256
e17909dc9486ff872c63f810e62879e9ddb3c4cb1ec776f46407190d4898afc3

SHA512
1c6bfce6a9f94f3a3d8d01efaba866c1eead3d53594356d8e96047f407d33449bd4e80637c9a92c8d4e179306e561f7ce7600541b4e2c74e028b3720cce6fc73

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
f185babaae74b29858a6cd9aabbbc39e

SHA1
c1b6cf1560f1c1da326d3e5e95b133a703a0e60d

SHA256
228ac55d67b86bda03850cfc6aa82cdf8f514969089cb2930486fef21afcc6b3

SHA512
8629a1739c23281ac8bd232e61943c84e5d78d26677c95644b5d75dcc1a30684bbdb32a0415c90f08cd6196668567bc1eae4bc455bde8a009e2b637174ca1933

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
be2421f77d712fb9aea409c27134e0f1

SHA1
bb28292c225d29c31b9a943754256580fe74f93b

SHA256
87bbe399ce0197c20bae97381266f54516e756a74709a69e42af07709347509d

SHA512
8ddc14207661c2ee93a4c32decaea6c0032f79ce8877f11ac2198e26947e44983360f7e6c1780098d7f22842929061dd77fe27059d597ad5690e53d890fda835

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
42fb9c01a6ee891e21e5c4a94da90efb

SHA1
2952229751ba9c074e36288e9ac774ad09115c21

SHA256
f23b8e3f5a514947f9b35721317ceafdda0f468f5f08de94fa6ee6de77416a9e

SHA512
a37745bd2ad24289ff3a0455f7b7ce2fa51cbe52f5be0844e020066d00350c81f6ecc93001f5a19466e5b47b7658fd29fff8a7d510b4d1410a76e2bfb39e543b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
75d38c417dbd17bbed8aa27a46574f5a

SHA1
11f5df43b0af496b8ebb5a521c25ab0b661efaab

SHA256
94859c05fbcbc03f2cb03feb314a62b13550ada9346600febce28c6f24a4425c

SHA512
0e58fbae2d8d72f6fb71e4145ff3b6eb9e44351966184ec5172626faef4fea090ca01be477d1e62c77a6854cd6f0769e4f6143c707695e8552df7a0dc9b6a00e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
947675b4a0092d1829acc082c3809788

SHA1
79c1ad3471a125b38fce52fb82d6d877ec96e789

SHA256
3e8992e0339594c89a4806f64ec0b4dc730495c6c48d7edb0d8abc5b80948ef7

SHA512
608af885461a20b42224340e4bd9b6514f2ea61cce714459dad14ac25b65f72b635492d403c234fa7fdbde8af2d0f71b32d93842feb570d3d35c18286e86a1e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
e8cd2543a72054185e1190dc4ada0bd3

SHA1
cc1dd462e648e6b1b4af39869a4c0e60dcb42c02

SHA256
4cb8bacc4d2f541df4848a9481c2b9bb5b115b95e6818e0e1b6f328324892f3d

SHA512
927e87981d524a241a69adfba130ac715054e5f1a6e9bdfe8d9e7de5a590e9dde31e00037360b71895fd5e3994c1355fdbcae6dfba4fd19a90a38dfb91cc17fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
7069fbf4b0a45b70404434ff5d282f0d

SHA1
00fff6d481cedf1ca48e37b9057e36219b1d9492

SHA256
08b9b4bcf9b92a38b44e3ab3da4881e762f779ac6e3bde8eccbbf3f6a50bc3b6

SHA512
0660a27d6d9a592b9a5e2e9212ba164f44e51f69178d4797d9a140936765489523759ecad80cb6ec70d85651da08a5dc30c90ed5fe0b817c85e7070bdf231233

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
2eac4f281b64ce0f3c974459b4805441

SHA1
6918270ded305e2c5cc82260aadae3b3f681f50f

SHA256
d3a06cc4ae3f4fd353fc5cb21dba3f8329ae4f7e589aa2bcf7092e70ba02be40

SHA512
36280488309771fc9d0ff7aeedf31ab31365424476d1534419496042ff1263a9d59f655de844ea16ba6964f33d9cadaecf412c6ac0338a650258dd5ca1d346b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
147a79c4d28a0f2457aa24b964903440

SHA1
e9ea86250189c7217e24d41c79594966204b1952

SHA256
62b19b7f8f59064ff61855b919f20692aadd36cf589f4aba15f2b92436ed7185

SHA512
d864530d33582ff7c8c3a4625894efb7d6f06531c9df3fe106f93eb795939ae66d6bbe8256e6fed0f7607f2a74507db325017aced68b26ac2c557531c528b5ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
e636e69aee8f49fbb40818905d1f885f

SHA1
ec99063f6e99cb67c0eb2340addc989426f97525

SHA256
6fac5007773f0d9117541d6d152d87638ee165f03c5d4b07792330beb387fa7a

SHA512
c3fee007c0756e2053b73ea30484a5763638e08298781d3f4f5175e89ba80f1ba9fbecb3aa4c70049ff222cfab6c6842cf728c4629cdcfecc7db50138aa096f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
c85efc655a2696f7bfb4a9abf67dab43

SHA1
b33210db7ace32a76743d386cbf4aeb34f54a561

SHA256
b9b2a772ad333a84999cd0e2e8ca38e731aae5658271c9a5282468aade6ccd6f

SHA512
0d51ecdab1c25b7493805bf2e77841316bcea79d90e178e713ee56765660ea80b386e508e32c90cae302fc6fb199f979f49244ad4a21d3a51a1321f240f23265

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
82a4054c0d26bd9d73edbb1bac181178

SHA1
777c2ee858411c62d0bab7908dc310e8d6c7a0be

SHA256
127981ad45891b2e2fe4888da0b8e1c351801e18a3505a01071e15f5b8b48620

SHA512
eb86c33a800ab2bf013bf7534be0a81278535854425d40de73f3f622194dba0bb8bfc93b9127cda99885fc6f78584295de0ed03bd9f9b372960731e72306d619

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
e9ad194d60b7b60e028e6019324d8275

SHA1
e3d074ad8bfbffc1cf3c4115da6cbdbb2cb1ae0d

SHA256
c621f2c9aa7784539eae4263df2da0f2ff5aeed9ace3e4361ff4f3ec8169633e

SHA512
791d0effff413718ffb38c25fdde411e8ab6e034b3853d0a6f784546d158c502ae0b83eeafbdbd989cad49619bd1da7ea4d6f5adc3ebe0eeaa67059ca9019c25

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
c0c358cbaa69ea8d553e689ad715971e

SHA1
1df16f0214bab72f2e97801f9646e72f58a6d1e4

SHA256
c653b45b89b2dc1e3ce58a48b23432d93019f574dbaf9d68929ab788a3881a73

SHA512
e6fa9d58c7ef1dd7e9324b7179158acaf02d52146e22fc99a7ca1aae601fdc969029b69355a3f6574c094fab5bd78e2165537901d84ffba8ca8983841fec42ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
7abf42aa50b5f0f326f840f26c9fd347

SHA1
2e5e7a54a594f97a85491990195820dadd9231cf

SHA256
def4a7166ddaefd224a64e402cc88bac946984783620c52a3b37cf6c4c183323

SHA512
ebd38652e8b791bf54c06be5d738bb8b3e23a24db2474a73ac94acf971c19533eceebd2e7acbcc76aa389a7dcdd5e3b2923553510d1b32c447e00f8f74ec7d0a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
c4b18dcc716b252daa0d40c2779d97e2

SHA1
94c3ce4068d4bf34d29beb694d3bbbedb39f4af2

SHA256
1d0bb39c7a267b30b44944d30a57c7d5d23109a10d21a690f82607dff7b3b78f

SHA512
08077015696b65b661b528b1d3c1fb05db398de80714b3290734f05075a7762a35d72785572d925d462a8d501c3b68e09ed11f4db7972e755e781c423faae1db

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
d4b8641d3a7daa7db6261d41f4c25a1b

SHA1
8a24bac1ca45616642c0acb60edaad399caea2d2

SHA256
514ebd9c0f281c7440135e128253f20e3a599c6c6016479b716cdef390a1c715

SHA512
1188b671449cb29d2c7277e8aca1d27ad2479227ebb126810450dcb52f8c2abbe2fe658d69de5d4178a6a9df09b8ea0ae1f6371c31e5d67515305995206879b6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
1894cb255a223f9adab803c5e2a4d9c1

SHA1
403e2f1f9068b81901d8aa93acc05547bd58e203

SHA256
2169ed72f784696838a65b46649fb4e3db006db025fdd9958b0f8bcdb7219489

SHA512
9178da41c060af103b9cadfeaa787b8061f92aba6b73bf35c01f77b8ffcbfe8328b83055675f71850498d66ac86f8133ba73cb10fed4f8b563c8a5e4dc5c7d69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
254207eacecb6fd716814f102b95c93a

SHA1
4b46583dd42cd96b8cee4d96e2ac84a0128c42f5

SHA256
a842b6ae2a40b02acdc7bcd116829e9e80b5472fd022e231fa0014cb6f26803a

SHA512
a58272705d5f72389465a478dd7bed7199a83930e066c77328e964ae035beb3b637a71985b7063ed8b217c560c10d6802e76e352605fcac4f911ba450123742e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
254a6c66c7ef92d85ac999a33c31cbba

SHA1
be0adcd5fc96791511daf4f1a4823ccbfc55b9e0

SHA256
10d83643cc2bfd435a881d76f2fa7596a714d12671c176d07dec8705163a0836

SHA512
18e21da4af899a9c48057edadda8b3bfb10b0ff052af7369489bbba91d44f0bd2dcba259bc94f10edd5c8d627f03d2ff628b47d6787edeef48b37620cff41a4b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
eb3179a3ef0fb79274a06203214d7153

SHA1
925b56fe94e4769bea1963fdef3722f1f4a4c678

SHA256
d0f3654f9305bcb22963b9ee79d09e0423e4ed1c59de1b601bb41e11192d9308

SHA512
8e379c94afca61848d9f6a33e031140406b5f617c3213c8e252ca1d283eef49b3afdc3eba5a6663a1ac604cdf9dd56cfe1d02d0b6ff9fa7723dfa53c413df39d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
04b2f5ecf46230421e38772e8fef6f77

SHA1
72fa7032f14f29576e94878b0565b0b83978602d

SHA256
e15c093939b46c30a57837b3a22b16ebbebaa7cf0838bc2feb10e8c99fa0b58c

SHA512
cb1768a19a5fd482e3c6ef89d8d5c36bc97d54a586ee81c4593f1a1fededc919e693e53aeed7db01df79eedadcb2478bd73b1f363e18deb52bfb1a1bd38e6a5e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
658941e79c44d6a6dec7d0b028b7db5c

SHA1
27c201c8dbe9d5cfee841349014486f2323295ff

SHA256
085e9bf430b9263f4b3a379f364f4b395426238118dc5792008f12fc20ea3a2c

SHA512
d65e872f257f0f3ad194702297b157a7b79e1f4167e4346614a676ce87d759d01a8743fdd8b6e110a85a5d3221c0694e33481dee3de8cbc25ccc0cce4d66f588

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ed43c3475acdf5e7b81b3dc40180b07c

SHA1
23cbc5fa45b80a52ce3dcf7779cf57d91ccf5890

SHA256
dd24b16bd9895f32279ada7af052a6d0e702da4c61892c1f097d311d175a40b3

SHA512
deaa7b6d9c941fa8101383ca7833594175a39318d2bd1229a870360901da020c5357f90695d5fa17a68c433953f03eb3f082ff40934c3dd91b24b2121aa811c3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
d6adf9ee4be8c4cf5a5e09851dc4d1c6

SHA1
051d297b768028e14affa79df5e75767c117d19b

SHA256
a582ace4dd066986e17d408f8685d48c9a1cfc299dfa6adbac4c88798179ced9

SHA512
1fbf55d8ab1732052dc4d466f9b0a8710abe12d9df241c019984a1dc93d455c8acd3c75741c96c0acdb9ab2477d6c3bb359dd28e78e1f2f7f76e66bca16af21b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6af5c4484136abefa572cdd4daf7de7d

SHA1
20aba4841cba1413e1c706437affced58f6094aa

SHA256
1749f0f0be75c877cc04950503388fcce3a0ca410c77b1002450b08c8c444d87

SHA512
e0abd666822c462e4e66a87307e1d5eb7b3e03c8575cb0800a7235b11b4732ef05fba6d28377517a59aab9a1ecee6fbf170f0a84213e6a8249dae0c2f52787fe

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
55420e4e9371262bdd3b565761411ae1

SHA1
f03c308d0f204f6c132928a7488ec72f1fa51c52

SHA256
f21e4c806efa2106593f18e6090247044071b8d569e2cfd1d63988012c284d13

SHA512
10c54139e8a37dfbf4762495f0b3660161809e29678a6f22bae2043268f9aeed7c9533fbf59cd0c492238bb99b8d85e55e972a6e0b3e9bb0a696affa68d82b8d

Download Submit
memory/4348-4398-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-10846-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-10971-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-4390-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-9595-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-11250-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-11251-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4348-11256-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4536-0-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/4536-111-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads