xorist | aeebbc1fedd0c64e0b65ec0a2746d35d91d33b3ce4fd8b77a321490226ff9aa2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
Size

157KB
MD5

aa74466c958e79e0f9a14147f3758659
SHA1

6a4463024660bfaf1c500213ee52c04c7599b8ab
SHA256

aeebbc1fedd0c64e0b65ec0a2746d35d91d33b3ce4fd8b77a321490226ff9aa2
SHA512

4e5eea738e894d6bfcfec82b50fbca29efc65463048376ccd7495738e9045f1a8df686a2a9271abfd0fb837c0a46a6483bd3fe587bd9e6d7ede3dae2ac83fc95
SSDEEP

3072:h0mldz9wxNd/zXJuV+c++LTVJdbUU4pRIFqBngIZArG9B1Reuno:h0mljK/zZuj+oP1wISGqVReuo

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/2100-4031-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-6389-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-10916-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-11049-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-11344-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-11349-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist
behavioral2/memory/2100-11351-0x0000000000400000-0x0000000000417000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Executes dropped EXE 2 IoCs

pid	Process
2476	multihack_by_kopojlb_1.exe
2100	multihack_by_kopojlb_3.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe"	multihack_by_kopojlb_3.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_processor.inf_amd64_4431cc603de6e020\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\battery.inf_amd64_a239bc596073092a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmot64.inf_amd64_2afbe7d3ad20f42a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Speech\Common\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Com\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0006\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_a8a4ecec7082e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\MUI\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TLS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rawsilo.inf_amd64_1cbfddc97a663ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\MUI\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextpl080.inf_amd64_15251233835ef753\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisuio.inf_amd64_6096fd74a67ccd5d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\61883.inf_amd64_789f35bee584a939\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_apo.inf_amd64_a261b6effa32e5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbdevice.inf_amd64_815550fc328ea85b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj6.inf_amd64_5a503c811e650e70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_unknown.inf_amd64_9f92c189b415c003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\DiagSvcs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_printer.inf_amd64_cfb2c47c5677c442\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npsvctrig.inf_amd64_b98e9a5325075265\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetNat\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\egjloobdggjloocc.bmp"	multihack_by_kopojlb_3.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000023bd9-16.dat	upx
behavioral2/memory/2100-20-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-4031-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-6389-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-10916-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-11049-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-11344-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-11349-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/2100-11351-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-200.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_contrast-white.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32_contrast-white.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20_altform-unplated.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-125.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-16.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Common Files\System\ado\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\1850_40x40x32.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-200.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileWord32x32.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-36.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\PaintLargeTile.scale-400.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_altform-unplated_contrast-black.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80_altform-unplated.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-200.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\id_arrow_black.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-400.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WebviewOffline.html	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\NoConnection.scale-200.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-60_altform-lightunplated.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\NoiseAsset_256x256_PNG.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-100.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ThirdPartyNotices.MSHWLatin.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-100.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-400.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-400.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-125_contrast-black.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderLargeTile.contrast-white_scale-125.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\css\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\info.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36_altform-lightunplated.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256_altform-unplated.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\Home-Placeholder.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-100.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-64.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\27.jpg	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\3.jpg	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-flag-dark.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_ReptileEye.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-24.png	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\LargeTile.scale-100.png	multihack_by_kopojlb_3.exe
File created	C:\Program Files\Microsoft Office\Office16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-180.png	multihack_by_kopojlb_3.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_10.0.19041.1_none_a545be9e97ec5400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_rc_dll_res_b03f5f7f11d50a3a_10.0.19041.1_none_a95544a87a494b24\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-c..experiencehost-user_31bf3856ad364e35_10.0.19041.746_none_a5506db9e54cd669\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..s-mdac-odbc-cpxl437_31bf3856ad364e35_10.0.19041.1_none_b75d98a46addf494\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_10.0.19041.1_none_4abb348747cf9a2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.19041.84_none_b5c0f628d1d661eb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.746_none_61e0347e850155a8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..-wow64-setupdll0816_31bf3856ad364e35_10.0.19041.1_none_a464b0294f701575\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..duler-compatibility_31bf3856ad364e35_10.0.19041.1_none_28dab3a0aff9fbc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eappcfgui_31bf3856ad364e35_10.0.19041.1266_none_032284d250fde56f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..-lpksetup.resources_31bf3856ad364e35_10.0.19041.1_en-us_b2793038e338696e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userenvext.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c536553cdb8b28db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..eparation.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2d41726910b21d9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_dual_nete1e3e.inf_31bf3856ad364e35_10.0.19041.1_none_013962e05f5ca163\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..s-admin-compsvclink_31bf3856ad364e35_10.0.19041.1_none_88835f4d79d6a242\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_10.0.19041.572_none_63c33172f70e8c05\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_757f98765687768c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dataexchange-api_31bf3856ad364e35_10.0.19041.1151_none_5d3cd4501e6c8c1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_system.globalization_b03f5f7f11d50a3a_4.0.15805.0_none_8e2f2577cc3a1891\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\SmallLogo.scale-100.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.1202_none_00db2d0511543928\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-azman_31bf3856ad364e35_10.0.19041.746_none_3ea50e5445e96359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\PolicyDefinitions\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_lv-lv_59d6e4ae3c6412d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-feedback-service_31bf3856ad364e35_10.0.19041.264_none_57ad9443efc6f7df\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_hu-hu_56cdb80f01c273f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-48_altform-unplated_contrast-black.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-w..aincompat.resources_31bf3856ad364e35_10.0.19041.1_de-de_02bea235020debb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-mtpclassdriver_31bf3856ad364e35_10.0.19041.1_none_91ff3c6c6deabb65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.1_none_76b501b13155d66b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkdsk.resources_31bf3856ad364e35_10.0.19041.1_es-es_0be570c9ae221c97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\needie.html	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_edfe6b44a96d2430\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_adbc089469a13870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Help\mui\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mitigation-client_31bf3856ad364e35_10.0.19041.1081_none_e15c172231b1940f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rdenrollmentmanager_31bf3856ad364e35_10.0.19041.264_none_ce5451e0dae618c0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\NearShare.contrast-black_scale-400.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_dc1-controller.inf.resources_31bf3856ad364e35_10.0.19041.610_en-us_50581d2c454a61af\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_presentationcore_31bf3856ad364e35_4.0.15805.0_none_afbe4f310a496164\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..it-snapin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_03538d0c62ab8c82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\Web\4K\Wallpaper\Windows\img0_3840x2160.jpg	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..nmove-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_881ab2c3ec7e1415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_it-it_144e749f77066a12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-internal-taskbar_31bf3856ad364e35_10.0.19041.117_none_bef628d45a8a1615\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfds_31bf3856ad364e35_10.0.19041.906_none_83b2e84f7c2bdfaf\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..sport-adm.resources_31bf3856ad364e35_10.0.19041.1202_en-us_b38dd4472b830446\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.scale-100.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.19041.844_none_487fcc4fe2c3cfbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..wscollect.resources_31bf3856ad364e35_10.0.19041.1_en-us_381f343a0780c6d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft.visualbas..lity.data.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_21765dd45c280395\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_windows-application..meventsbroker-winrt_31bf3856ad364e35_10.0.19041.1202_none_760613fad0044db4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-codeintegrity-secure_31bf3856ad364e35_10.0.19041.1266_none_05ab1c833d8fb011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecoreua..tringfeedbackengine_31bf3856ad364e35_10.0.19041.746_none_3f1729c1dafe3907\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..nvservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_598e1bd16db0c4b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ehandlers.resources_31bf3856ad364e35_10.0.19041.1266_en-us_de7145e968c0ef4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\VisualProfiler\images\i_f12_context_chartzoom_reset.png	multihack_by_kopojlb_3.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.19041.1_it-it_9e3971d94562d96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.5\1031\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	multihack_by_kopojlb_3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	multihack_by_kopojlb_1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	multihack_by_kopojlb_3.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\ = "CRYPTED!"	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\DefaultIcon	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open\command	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open	multihack_by_kopojlb_3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe,0"	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LTTKMRPKXBUQSIJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ZIfIQs4FjG1hc1w.exe"	multihack_by_kopojlb_3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "LTTKMRPKXBUQSIJ"	multihack_by_kopojlb_3.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe
2476	multihack_by_kopojlb_1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2476	multihack_by_kopojlb_1.exe
Token: SeDebugPrivilege	2476	multihack_by_kopojlb_1.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 2476	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	87
PID 4240 wrote to memory of 2476	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	87
PID 4240 wrote to memory of 2476	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	87
PID 4240 wrote to memory of 2100	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	88
PID 4240 wrote to memory of 2100	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	88
PID 4240 wrote to memory of 2100	4240	aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe	88

C:\Users\Admin\AppData\Local\Temp\aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa74466c958e79e0f9a14147f3758659_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe
  "C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe
  "C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Sets desktop wallpaper using registry
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
7fbf9722efa707a35206fa031757850a

SHA1
d2a1cbb3120b75ddcd43733766f93dd4a3769ac7

SHA256
7805ede4bc88bf5ff7fc47129fa078bdcb6766286c5f4cd8871896b9211f7efd

SHA512
edc31d63be95281ebfe5eaedd8e856a444ba8eae83c3e41b0b4bcc218e6c9fa4a20dcb7926aae3e32b2b383f4c90aa52fc11fbe520d67b025f2124e0f33b7915

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4d311fb4942994a8a0aafa69e627bd37

SHA1
ac79350dde43c254255ccf01831d637ea01a0f39

SHA256
076ce6a34b05eaa83aedcf682fb65d96222537057207912607ee9fa322f8f981

SHA512
51b1c6f77b1d6095c85da97711bed32ee77c2fa1fdfe4ca2b4b702a1de51feb510f0abf7ce5c6fa21162786d8c7d97f13b9354892a156996c87620ab14560b8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
b467482629ffb5250add13780c47cb89

SHA1
6ae3f35806cc8846c3b25d89a91b6f45426ae65d

SHA256
37218a2bb6df84bef782d296dcf35d0ae4b9c26162577e2cdd92447aa0a40ebd

SHA512
4e6fe68d9ef326eed2cc3fe276489aa97eb543c61ce29d710c325a905ec46bd33487847713b51b0cb74b04dbd48b973f320a838cbe5811721f2a6a0be9b7ab90

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
6f4aebfe0a20d960303c9e574a428713

SHA1
2abff5295065bd23d021bebc454d3208a1baff43

SHA256
d9ab22b95fa9e312464c1358793421f4b88309e2390641d424051b6d28aec0f2

SHA512
47bb41c094838b6241429efc86474e4debc3cdd057faf38c250cbe8a4f6f8af09611428282a76ec7467db5921b5f00e1e06a3c7f8720a80bdd3e527039433254

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
a17b30110d8a724bad1f7056b2ffc9ad

SHA1
bd28007ac5d1f698773bae969ee8838d248de3f0

SHA256
a93e1b01fdbce43c30bbe66597dc4362b38428fc3fee69c91dc2ccdd38cf3eab

SHA512
4d2268614ed165b9300f72d5ba3a34b02868691ee25a2dfe4280b6622e8be5b25fe71ec1f343b4f960926ebc6b43fa28f908d60e8705159c62807d140980e5bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
9d6e16f49b4a98c8be6fb91b4c8bb64a

SHA1
ebc20922896ac5c65889ae6549e755a2ac5f81c8

SHA256
0265e1277baf986a20646a3712d99f8fbb0bd961f3bd20bc0f71604867d5ebda

SHA512
8e58ab9d4eca0678431aca3186d839a8e086ece8d6457797be3e304a1a14248ba8176926ad850ee7903e0ba753bcf15862ae71b329b82e4a5ac620844c9c33b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
9c39682a1da1eb5ecae648b756527625

SHA1
cffbb08c9b91759021e88b0ee144a45a92f422ae

SHA256
f1f19dc817cf8232ee38b851600ad28eea538df39a0838cef29e9732f33278fd

SHA512
86ab973ae0496cc04cf160316d0315808b2100b1bcb24e19489670d608d7c54f6c262b0a37f265b750853c31f79cfcfd4d12269a036ffb965914388472c6f685

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
7829ee40f0fda2265a0a3f53af3c40fd

SHA1
6c4c33a3cbd72ded845dbcf175f976962d8cfb93

SHA256
56202557d5297784a1adc65ae9fc3b7200936c35eb0ad07a469a28ad94c9d7d4

SHA512
dfdc8d9b7d86d25b38b1fdd7f7feb5b82029efdb38fce8d973df235f0702c5fb299c573325f1aa2c94086c1e421e25c9a1beb7046cb05c17448c5ccaac411dab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
6b9db046108d79a89ebd8610b2286e65

SHA1
92170bd5d7a01db294c0a62b5299cd58c43ddfb6

SHA256
edf3ade43a0b5960c40ad80ca274557df1fc0ab8c5b9b8944f3aa0ccb98dc538

SHA512
1586cb87b404e488eadc5f98da6de410d586e9647e6cd0dc3011959e36671534ddeca826debd05c373d5ad9e907c97da30e489a5a1e1e5e554ab95f5a5426b81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
27bf34475c06d62a8cbf4c1fcd5a8b6b

SHA1
25b667e5f7b490c63635a1752a4be0dcad9448f5

SHA256
75fd4440e2ef4003f563111ba6d3229840e6822bcf56a3da9c5293296564af53

SHA512
2a6284bdc363e033384a72dc5edd2487e6934731e2facb45357d4b5db9b8f0ca86cbbe46090fc408cc75afc50512a4f4247148ba212951de5ee5d5979e45cef4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
0d829a05f270ae10ca690ed947a7e3bd

SHA1
e9728866f0a3c63d8befed41bb228db3a0ff2744

SHA256
c7d0a283d0044a71d1fa3a8066c829a879157fc8f41feabd3fb343a11fbcea64

SHA512
a2e39f838487b1dbbd73189d5efd33fd8ec59a12d841eb4cb1819704245a756962182c894ab04727e618701fe2414c8d1a24e1cb6af7c61c4a879ae11fd5e549

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
e9c98ae4d241e7d68f40b53921e6ee05

SHA1
d6049dc8210571c055a90500397c7b29ef8a5771

SHA256
2ca75e52a40609d28a4c66744cc7e6be8acced77957d577b81367661665d9377

SHA512
22b5f2a53927bf75f441681bcbe9e7a1710dc279e2d3f9ecc95f39bf3d96e9a7cc87741b0273405ef2c815472040667471442e0d315b0b0a46f4e759d42700d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
523c36a61e554e83a4f9b18b1996968d

SHA1
2c5b9ef4304a01b2828a8f26eecf78378f688abe

SHA256
396acc96ae0000789c565670150401436470cae2d9d8e183b4517e7c37d77484

SHA512
e1de1a87823017dc88cd0ffa135b824898713951f8a930c042114314e640b49ba33b6d5bbf4755488031745a350f69692a0e28cc9bcf6f13f26bc054b09676af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
648a6ea22991d07a41c33c5fc6b6b57d

SHA1
e38c99574e02105ad1b471c020c9a167fd255c4b

SHA256
f7086079a2102ecfabf537bac629765323393d81d421e8521e8733096b7f1e85

SHA512
c18b96d4c93cff4c6aa10b2d737b9c5911b99cbb057526bba3eb42eaa7b746a0a1b0b106525a27e958d6cb6fb02d1995b9b3933e15aafb1f826dca12d3b6f6b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
6f88930435257374784b2612e8869e71

SHA1
1145b25aad80d4243200d2b97631c753acf0501a

SHA256
dc530ed57b72c4989ce8cc699b7e698863969e000d9c5baa3a6ec1c4796f4d6c

SHA512
0506e1eed890dc65ac3569e5b9c59169383ef2984b50ac64a668af11d10d2cca13253a657cea2ec9202e870015c7cc7cceb776bb1a5cd0d0d97c8f8bdca3cad7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
d58374eda893b0f019679906c76fd6e0

SHA1
09824ec59184e54609a769d3bc9f0ee361e02fcf

SHA256
1ec5af167d0aec71a1be04879c0ce0c50627fc49c318aff6c61f3272c88a8856

SHA512
3274738036e9aaa560aa0e74babd50af922c8ac91f01adaa6e1b3e2c70cf796f937b390db78e7bfa881ede231640a5493ef3518cbf192c6deb2d5a4c53f546b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
6fdd581c86d513b7d26fea1b36d67f3b

SHA1
04bc81ea06253668ceec2e5624e6596f4d10d304

SHA256
806788f1d09ff8a010d30f3d08dc7aa48350ad532c89a00a6c9206589b1f1448

SHA512
de0da0cdefa3a2cfcb60deed76ef987bfd0009c4ff8d7d4a014fa8263d4eaaa0d4eefaf529d3eb0f49178f60c9a1f19b1b62fd635c477e6c8a7555407472fb39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
80060a33c41fca47069fc5cace4ed53b

SHA1
0b45dfddd0936cbd1c9452ab3fb4ecc7c45bcf1b

SHA256
9aae5551d7f702e1934edb6f5677ac30b5837cd4d704e54a4b2b6b41b7ad1275

SHA512
b11e08df970686e776407695fb65329c4aadc09ccac74fc91c10189746667c185b428ce0a714e1bdc3830864bf12bb5fc5187d9f9befbdb25cf838ba2bfed46d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
fde689c329c6fc13c0f65d3172e685bc

SHA1
c163bd93ff35dd51fa4d36b0f03846b6b099c68d

SHA256
c4f50826dfd50084e9eed06d135f00451a64f627b3d26fa01ab9892f053ea7fc

SHA512
c2a5f9afea3745a22b90916d259a8e441a3e73e0375f0a8fcd4959b07b4bade52f44b4d204b1112da731aeed37e0ee3d45ddb92badf19cd3180681c5a54d07a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
5a5090514b08cc179b6eea5485fa24d9

SHA1
e088f22b0283aa59f310ffd922056ce0728cbd52

SHA256
facd50115a0f7acbcb336387666fae15b80e7bbe9433e4670ac77e4e324f0462

SHA512
40a7a7c8b584a325284c4dbbe9feb0f36149535d71d0892f258994c475f4061be49fd014310280e6c02b19cf154a2a1a24fc4630fcbe7b2d8c59de85768776c4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
b0117aefa840dff50714e0f60cab8dcf

SHA1
7c9e75d6ac70215b6b77ee5dc73e1c6730e6ea2a

SHA256
1e22f3f755fe9ffd75c27f2de91a2f7a2df236a512c124584b3f5851aa0cea4d

SHA512
33257ac098f9ceef1d8aafe616b72453bed76c3a4de2c6ed8ef28e7db8c10073b156248648d1b2def653fbdca72754df5b47ab44b93c77af761fdee896eae718

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
15faf7632ed2c3f8723f6e681081f24f

SHA1
bd2a19b03749a9a24c867faa60c888988b109572

SHA256
b1ce1073f7243060450b8f1efb173e999f268adab14bee63db66af52538c5728

SHA512
40be682daa6466fcf2b9b67c1f514ddec3f7f70d65896ee0c4b7cf2a84018d811cd73dc63c68cec3bba8162ff783d5b6120b8b1723eebbe61bb85b0dd9e0d848

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3aa836439a1a98ec9f88971225668bdb

SHA1
dfaf3a5e1ec04cc979b670e359024bd2ff0dc208

SHA256
c974a35d54b65f0c34b4576e7f0c1e2314f707cc6b6be69d76d40a96d65c19e9

SHA512
07da28d2fb8032eab222fdce78fc550003f8ca3c18c34c385ab36cbd1560465c2027d25515bd0ed206f183972a0c3d75c1a2911588c22eacec2f96bf863ceaae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
b9f2354b965e344b81f7ac4e9613af92

SHA1
7f099af65a68c887fa825ef6fb2583f555dd62fa

SHA256
99a03afc28936e89a2e74d06f473782febf421c00f6657a16c37a2a60943942c

SHA512
7c05e95fc451ac5da41d767de9d953321be0f246c502b8c4837d0f0fa4cd25bd06cd79f5340baf237990dee127d2fd5b3182403e8636d15fc5bae559315b1e4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
773136d37be8107703e3ca26f9baccac

SHA1
b25fa6e5c8afce9cec0f0395f5452d62688cde6b

SHA256
09fc3eaaf767b03d0f500c4716dc6b0fca7a8eb17dad9720ed48295f2fc65611

SHA512
ac7b1542d9e152d0c7737c735cf1fd7578dff546a00fe35e86cffc8711de6787dd607ef8f7fce2b8a7ccd4d4d14d5c9107b9cce15f8aedacd0f75bfc03f8dd09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
436c9315aba10ad82dee5f18240ec7b5

SHA1
17239bd9fe12b8c0393c835cfc70d41abd07e458

SHA256
cb44cc56ae827ba64cdcf141f22b4f3a48dd1aeb4080b2a0f1c297ca2bc62cee

SHA512
19214e0880b4725c4867b0b7e21037c50fc5b8b9d7fe38b1c29793ce1ce4e88e3c847b75545f2ed9a39dd2e4d04f89e7793ae9c0acc0e610f9fa4b2cc52babd8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
5f1f73cfbfd85de34dbc96052f1efef7

SHA1
4bdb1e04ac16c57dccb82c960755234cc5f98791

SHA256
45198a30bcf09d4eb1fe058c11467718f1380f3fb3f0268c4c9845369e9817b3

SHA512
1f60f5233c3b6d37230fc67f7e3ae6b51606e7147869a5c6ebcd0d9259bea5b6fb2032cc0fc3b5602510318680bb7ec6971a6a3dd8d0973dfcf0ee77ed2afb0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
bc87a7fa68f8ad49602fa153bae768f4

SHA1
4c07c7ee340b08f90566de03d55f4e85d9e9d1b3

SHA256
6b3a08f59b1389a3736b736a1a7f97a1525f75815b0e53470189801b28f5ed04

SHA512
5b9b2d71e15178618f0aa8acd528c9c141d8569a25fa6b770be3140884f69e1c152679720f095f23c26e04928140b0cf4f6a546266709e1f782aea287f7b591d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
ad77087de76cb280d5be2e0c7e3cae65

SHA1
259b0ee7c10a005b7d6968eb59613ca2bc88c028

SHA256
4a6e3aeaef668e017ecbade323b49729b212066b296565b8a3f7e4ad89eae9d7

SHA512
6eaa99f350b8eb0aa050c69b7093392328d68a94906b7a6ecbf6e7a745bdedc3eac541df224f79d1f47d39918e736811662630475c591a1e02e742273876a816

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
59fe2caf552f1b6603141d286a707bc3

SHA1
76a48e634d53b6a9d09936923cfee59c78935330

SHA256
7567958c9ed96fc8e8b95fc441f0e8c7712375cffc03877ed1d79990fad4c4ae

SHA512
2318b0a997231caba8d8befab8d504157540e21c96d62f873c77c3651d93bedb001f7342dc40f38ef918882baa998f8efe6b6b3194b0201c4e7d8c3f15572a8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
4632ce370d39a71f6768e2e9f02d1a16

SHA1
885cc4a7a4704dd0f2252c29de6151c78a63ce68

SHA256
453681e9b03d94fd1793c495842e7151e6ed93108834c585c3b70012cf22d765

SHA512
6c5169fc94d2667f8055b29335aef608287c70262027445cae6ad51f9b03491e6b0dc2dba2cd3ef89f526d5580adb52922166a58a696355a23380c88fc24e2f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b9a4ee0e8a50f4dd0f67e3bc6cb85809

SHA1
3ee319fd36b5072f5dacd689681f6046405998b1

SHA256
f4b23264213c918ee6c500c2bd3ee20c88a0fee785c3ed95f93bf8b79c35fec3

SHA512
566e1fe23ea5a219bba15d6743c9a54dc46dfd02f07dac1b52dfe279705e2bc64b748e9f007b5a81642ff10deb83a486b4e91903bf328ac1d508eedfd4b9419a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e159899cd15f957e0339febc372130c4

SHA1
055f3b8c33ab49f79ea37c147444e746517c59b1

SHA256
06fa035232918f0d8336f8948d720863b70e8d948060948b5834ef88c7a9ed5d

SHA512
34ec1267e9f43bf13a6097bca1874a78442ec177a4c3a7e343dfe1d13bc9053912468d799ce15e2b154990a5b8102a70dcea802ee4c78b78c790bcedc2166781

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
4559be8536d3228878776272ea52862d

SHA1
78e550f9c0e2017ae62527c74adbb0fc5c87ffa4

SHA256
4375bb93e6dd1962d5e4ee4b1950365cd61f89ffea8e8b659a9e4b44655e6078

SHA512
e848662fba231a2d21c2e6a1209149d22396c7fea3f8c41e2479629c0602d0619f2d45d0c3ab5159b77372969e3d2222b824634dbcb01a4fcf0bec0d1a6450fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
4221a4a4bcbd49d74a1d134f6c55fd87

SHA1
9ea14b81a54d95008303fb02c467d8cbaf542759

SHA256
b3827d365b3fbd920bb103c70855cb4486b2c0d55e095771e380f34da977c7b5

SHA512
586ead78f014f8ec4a44d569b1a8b2c860df08d3e67648837aaad2521ab9f99dbd7a7a84ba16004b0f2c9f44f4303941b2aabc54f34b407c866b0eaa73f70488

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
dea765e69602b6cb9b4c7d3a8db2e1c3

SHA1
80f2c53893205feced9c3157e30f2c48b66af8a3

SHA256
d7e091dd452928ff10a118a94b4a57065379f128790293ca8ce93f7273f9df03

SHA512
3481b3c8f296fc2b68d7e9dd3a170fc4c85dd78700c95af07718e689584c444ac71972868953c55c35cfd66dae33d4a605961b7358438f94712ed203eb127fd6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
2f956ec1f37ce2e3d05a07e440c022db

SHA1
172f3f4d127604d07dca2fbb1ce9e5263096994a

SHA256
6a8e191b3390d34f935edf8dc033d92fc349c98fa3ab23b3d614b9114760f478

SHA512
30503d6deb2e9a6e412d13e355e004eb008636fd2babb8f01fab54fd32f4d2d38dbb042ef784ee56d1a82676eb541512aa80c27c0874fb63539295b5ab73a66e

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
eb1e4f5102636d17ed8ce604db0b122a

SHA1
b93e5a4010578698f3c9b585cf44ba98aecec966

SHA256
73aa29e3e49a789b3d2f270e55238683325478bc59a199fb724538a51403cbb1

SHA512
356809fdc285af659cb79c903fa1802e689699a592cec2b9b22dbb894f15d838c3ccb662380d1860cb7cb49a2a09d4f577a56bfae6c493c80955390b189117d7

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
386B

MD5
1e9c712fdaef7a869fb59b950bb31357

SHA1
8e381a29a0f6854e5a826d20b2805d4a9a54e6bd

SHA256
aa1e8d8b4b6e818fef554d02cc55ba9c1e52ffc4601471546714d35b0db626e1

SHA512
4310eb844cec2b7524bef33784720967567a3b68a361f7fb59d1807245f3fe97508fb8877e9edb4236fddbe13e5aec928997494b29b9a9c2e621f3971b716b56

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
49bb23790fcad40f55ea5a608e79a42f

SHA1
0e0d7e9030ad96fd2d2a59418ceea1d24d3138ce

SHA256
b6a6aaf46e92196cad5f975265d8d30388bfb80be2f0ad932503e08b2b5b555f

SHA512
fe8ebfea653684d59b442edc1794ba0160e81c657e590aba66f77e1bed171f817f30d9a8ebfcae1aa6c957bc736e2508addb10fe22c657b758e384ac15a900da

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
ea6782e4d8ea5b65a9fc920d959435ea

SHA1
bbcfc4394322655553972233e8b727a9a9d36cce

SHA256
85306c26913711c63dd2d84859f6b06c54ae2f7194b32e30fee5f8c3499d0cd5

SHA512
a8a94c93f780a29a3ad2a9773b4861ac2056b8b4495ed208114a10abc5512a404ea226a8f3ac94b0669ffc529b221b0b214aaa4935828c4eaf1493938f8daa0f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
a84904edfc523d1953799d41c96bd59e

SHA1
ef5145a02a26ed60121ace7aeb180363fefe52db

SHA256
637e96003919c07ce07de6941928bf87333296e9d6ad717431e7168a30da0ca8

SHA512
6d20e48a7896714deeea0304015726568ba3430703db0ef4dc8df3726560a3b56467d8188d048d3773f5fe2391c28f7227a4846936966de2b917921be0387192

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
21d82a380b0e4686e5f33867aad17a49

SHA1
218ae24d38483c785b973e2b741a9000326da176

SHA256
2d385118e46840cab0d7de5c95b19bf314a6cb6e95198ee7d355ba82d12be724

SHA512
adf40d8aa8ebe5776328e438196fb3812fd93d50a41dff9e12306d177ff682a6e42a41ebc7f1d44f5d1c3ec98f88fd4193c85b1b21236ef7f3cb614e54ad41dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
7e160872bb24c190023904fbb0079423

SHA1
9ae145a3531271fc86d561c417d1d383d37ce91b

SHA256
014eae1c51ae2ca384c266bb0bd97e3cd323173ba53c9bafb0296a5a1f6170a8

SHA512
ff3acb694c320589b9b494ab85ccb1194344fe97990ba398373d2db07c8e6cb8db2a0d610b80a9d594a3b70c5ddf21893c5206a0865e9aefdd2b4f35f3a1d142

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2d562ce1e8b520a3a86df4f6437a7087

SHA1
ee212e1ac66d322f39f3cbc3ce15440b8f91ec4e

SHA256
59275179d08352d55271d9c34dbe6b5b6735264d6691365ca59b9836094dc93e

SHA512
9cd63f4222b7f7b83a8d96beb3b6412e46bff2652046360b4e7cc5469c5e0c8eebe837644372d42110d350822de2eee4f31d2b1336643e81b816c388ef964822

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
5dd5d3bdcb789108297ea41bfff75577

SHA1
b77ddf327a4f2c90125337903d8e3e9fdf5d6a5f

SHA256
0510edae1a89568a2e4056e0c838b3c6988757e4c30440bee044fc1c560bbc92

SHA512
62adb3bc8ded438326593985d7619b3840c9b5185d52911ffa578b3d4ac17503f95233318edf7fe911b7ee0a293b386ee2f9261b348985ad0cf1aeef06019fb5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7a68f9f1a618fc9fbedbdcd6579933de

SHA1
19cd15aa7d769fde5eb75621d2057f0eb8ec9db6

SHA256
cb37bf707e4b42b28ef0d46830cdbf12af717c243b444e4c7453a882ec35e1aa

SHA512
0a63f18e3f002a90f569bdc0aada7cb2f5ad45b04f2a1c3f4114d85623b0f0fb630df669b69beed619580e7815b968efc5f76d362337232bb079787ac24a1d15

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
284978bfbaf54a39c5999ffc8c731cc1

SHA1
64ca7cc46ee6139de2dcce215443071cdf91f02c

SHA256
56c821375b51236d67197409b69afe7f196d1305ef76b9459cf704b292de0f62

SHA512
4e4b84e1978437dd79843ea6a01bfca4a1ec0a65de3b3088948b88e09e938aeba1c4d89f60bc5f92f16551279bf5fb881d155d554758dce6c962c6e3a77c28e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
b680c8863df32e577724f81ff2bea042

SHA1
e250ad5253d52f76abfa11aa9c46e6f0c9ce910a

SHA256
02e54df689b24862b017edf26e58b6d345e26af1a235afc789050c146342b2ea

SHA512
aa3538015a208d489d207cb614cbfa87907df1c45b069d89ca8873d2ad4bc7cf6657f6c91296e208a33a04e038498cbc3807223b295b3e698ed4065e2dc66838

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
24c2e6c5fee823dfd968242d4ced96c5

SHA1
797c55e59960170e15cc32d3897d9805265c4a26

SHA256
bc73e2098593b4fd86287fcd9a9877e38bd705ead6346309248e1eade496ae1e

SHA512
989aee1cc7cc7b7f15627ad8731678a650d543a127e1689af25c13629adf8580ec25de5cac72ed8976adac15b30b0cc434c112909e3062c873c9b9dee8603827

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b7a5d4f6c876d2fe30f237153a92cdde

SHA1
d10e9787fe30a17de48906ab5b95453a6331d497

SHA256
bda8b55070caef6ce23e67094c475086ea5b70eea2bb488bc0d2a81d10a16280

SHA512
1ee96cdf2f0b633de552680d3eec405a9474ed97262f44ecf67dff5275c67774fb0cb45cb5e73ed381765d434a42ca0260b3625a2d35ee1905f2dcf17382c39a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
cbab78ee5ab5bc4abef4d8c8f7942668

SHA1
cabe29ca8fb7608b9030c6773745c8fbb74f2c5c

SHA256
3b299c27d018e0d6848fe8b7f461ec55081e6ff2bf359ba87292b719005bf4dc

SHA512
1788883719f24be9c85d7f6a06759089a9ecaa6ead329c208e140505f48f831131266da9d5ef2a2cb11fac10d817840f2fa3bc6825824de91dc77d46c5d89d58

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
01223470318297ea6b44f2f847ec84dd

SHA1
05e0e0b10f0a6763803b583913d906c1fad75368

SHA256
a439b4ddb77e34f9ad9303c0531b63268f436ac8993e36d2bb82a5362718cb08

SHA512
c80668b388fd663e61341cf2854c19d59875070574a2fd8690312fd489bf1940c56f3e982976bdebfaaca18bd04cb0cb5a27f13b8a292ef5fb22767e2667358a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
a5c7b629cf11d9ebb11d20cdcd46f8d3

SHA1
2129d8f4c1ad59d716d3701fd8250f0f2794a8a5

SHA256
6859bef5992e8246c177f74d4248beaa2d761e01e7e228cb0dedc89675d1ef4d

SHA512
a5a8753729f90ea4b24091a1ffa3d466de7c33f5a0bfd9c8dcce5a2cceaf350a259337ef0450fe438a7d737b05f8c1e1c45ed7883282ebed273e828987d50a06

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
4c80052d4e20834a8d6791164e91e1ac

SHA1
f19f304a70de5240a551af86353051648e074f29

SHA256
0ea920c5621eac7e686dff97f34537649650739d0e33d569367b7a12c98038bc

SHA512
688ddeaf852a78d3ee38b474ca0ecc4f5cd3a17ecb6b1cc4f5bc346b119d4ac09239b438b2516e7af549cd107034075b6a1541e681d1c49e5f5f942b7242e07c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f888036da7631fced09e1a51cb291437

SHA1
36c5245ed90765595ac65156e71f6be92243bd89

SHA256
1844587ab684fca6c2e983d875a7c00e6e934463ad9e19d1f38adab6ba704f80

SHA512
ad547f77568bd22ce6cc005c4dc618ebb85f5a3c717daa0c10834c0ba15ec18cb379ef02747a8ea16c2f6029315313079831cb2b5498253407023b685d64aa31

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
6ecc15d40864a4fd206d7f1ffa78350a

SHA1
a8bca15b585d40be30ca4640d169a50fdb7146f3

SHA256
af25e028095114587cb637277ab2e8decabb389d7d2758ae1a4244962c42f18a

SHA512
e8550dccd0624ba1d219bf37b338b3e79e81fdedf1287d5826eac3b255de2e227acdf948ac7a92c76c5152dd3164560181e6e45504651d48c2b11bb847b89a4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
5bf42a2cc8a3748f050242b62ec156ae

SHA1
a87f4e6a317f52037c4692fbaaa17a02fccbeb9b

SHA256
eabc36cd215b204eb3605dc3761009fd30c8b121940b565753b4124c61cc1171

SHA512
c57ac5e9096fc6c911bfd020436cd3e128f48018296bd4e2801374cb0e8bec52209ef627d2526fb7cd3fe9cb22454917d99f1a6a00c51aceaed5af3e923e643d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
0acfb1d02bbd8e6c58d1539102072d76

SHA1
6b76da85e7ac24bc2875b5483a694d4d4a222fdf

SHA256
abf1b7875e9c6ca884ccc1a104703fd4c06d37f799eb00127f33f04c4c02e941

SHA512
fac53c4102b0bdda7a682657c2df398de9d8240998f830df59501efcecf957834e4e0b533bfdb48668e046d80183082dcc94842358386f4c68cd7e0005180453

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
3aa3c8be69c837393c3c4d85391457e4

SHA1
1819f2877e7712d120e4d7258b023a2bc2e32bda

SHA256
f97b55b173cab127d1fe9f2530614dc4d9076c3943f560e7e0b91e4623fc9a88

SHA512
0bee55674bc3865cfbf43f1e49b44c1b87d125bb27c2cb06fa23ce0a041a36109c858ba4314a32a9f23b58a605cc24eaa4fd036f0e2645f9984075dfc96af853

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
97f8c7cdd51a21de4fd3cfc3b6a6747c

SHA1
fc8f880a2549c97d0c847635c9612c7537a0e750

SHA256
7082f67123b875afa0e71e652a8857e6585a1a776c897d40283d8c6322b8dad3

SHA512
cbcc984c1c527359530dc9883f60a9bdf7405ad4ac5e7ac598789bddf081099ef419ba8501c7b33a2b6daf868f7ce421f983c56b0cf9bf3d67b93dda7e0f0809

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
d062fc6136d7dacd0906aa91a357ec23

SHA1
6a6949c610b54afd703b981a6a2b5e827709f873

SHA256
1f97193e1b7d34b32309ebba04c6ffac809e9806ab3fa06c8b2ebed0427f6291

SHA512
48aae1df58665c38fc801b39be7917ccb8c3f24beeafc73d8dfe592f6dff4863acedfc9f29719e260880a3512f0af23a9b8b4500c6548646e5a2be571c9663dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
decd21893f88f90eeb34e98ee38a12f4

SHA1
76fccea1b7d9e45e88b3802cca53869e2133bbec

SHA256
a1d34f4e379eeea41e167d0047062648277996b6bde0620a1a4886cfbec1a4c6

SHA512
078e91df4096bac7fce33dc7be514e223a0fb95d71222557a26c7a13b880cb27ee8323265b91e68459715aa9e46df30d0fecbc9002e10f60261aa0f6d6f4b375

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
19bad7f587e8d9b1fd2188a26ea135ce

SHA1
70f8d2f3d9853d9da3eaa72142e6a75472c62e7d

SHA256
ba9f42ff1d16c0970d4f99e949c0aed81ed9bf9291633093f78ca9d1ec7d0b99

SHA512
e8bf2b0e8d54108f3fde6d4a516d4492d0c9f30415936de28ec7c1802fd54aae7b104d4a0c3e0cb3fcd1bd0cdd77e5180c59a01d56c5d0a5d247683ba0665310

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
c57bf9b3f42c7d7f9a32443e5af26997

SHA1
8509ffbb6f4eb929a798d809040165a0e0136e0b

SHA256
9cbae7e1d2bad8b8639b70408f2a3b106140a7f31d95309e71118fcfbaf37da0

SHA512
ecaecf97a1dcf410f7be8b6c0956feb49b9c27227438a1eca9bc6c92212d96160b172777b036cd954df3f669828692f1b4034fe81711fe691d7624020fd2a4ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
668b31c682c14699926845f409fd0f27

SHA1
86bce3c2d5a09c5492ed63c4f851269b0940f483

SHA256
d643839ba03c8770ce8d2bcd8f065c6df6be31ff99bef342a33b86e6d0ac5888

SHA512
82d93911b34452c2894b61325162759e1f30bc565692307e827ba7ab962f37355881865ebc1f4cd208f6b2d4840fa505ec86291dcb251c28afc28259fd02f6f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
327cb86b7538d29175e9abede312b238

SHA1
f385cbf08a764e547a56c5ec099daabf03b8c5f7

SHA256
de326bf305487b4f1f2ee6a387d6108584a8a918ffb6a0a3ff07203333b91bd2

SHA512
290266c539f19791d40d67440714eaaebcf1a8ad42b388f7cef244efd7a656c2e0a9740df53201c269967d23081251647d1b155ef69f58356a4b254689ce7e0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
dbd7e073f5bfdbe829a4ebd765616be1

SHA1
114f4917ad79615d8657f3d188fe23303cac7c08

SHA256
f51b8c631ac1c4483a76b8995da057a05be41d325df3a447f5305252e8007919

SHA512
25fd36b826a1971179263cc97bc0022f3a7db35177997c7745fa0e689ddba13887da74e09e17cbe3e6b8a6869d5fc14c2740c665cb79aaf0702d9ac90be77bba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
010573849d96baaecc3dc47a67676689

SHA1
c9c166b81520198462b9097a6d044fa67f8617cb

SHA256
295a8bdcae70f920ea5def171a226f11ea292781296c9c34346a620d8dfb3d21

SHA512
52222f1a38c4bff65909cd9ef9afe028caf9e08e11afce57c0775768bf5a6d7db8d2a8e919d0b2ed3a3c6c1badc31aa6665aba656340b5d7a21c4fc640dafbd4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8e59be1313ec1904d3499a82631be277

SHA1
ae5c5cae6a04f825349c4b8d2386495840fc7919

SHA256
51515fb7ffac5224c60fc62b0ca5efb958bf9800b3efef65b155b08e27a33131

SHA512
909609cd16bcd208bf5e77b616c8274e7e2c3d8a0197dc850c0a1ef0caa26a5072bd33cfd3a3b9135f035d75b8bb0c320ce9b9614a1dff1e8f4503b8f093785b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
a071e50016c7f113ec53d1dbd5ad62ac

SHA1
42677cdfe7b0165a9f37a84e039f9c1125748697

SHA256
a021d8be5d38cf1b1ae42aa66ecea3f4d0e7134fc03fbb938bfd217e10eca864

SHA512
d3687139451ae735f4ff8e1ea88dcc7c762f5db978c618d9474326210b2d85d1192111d27551146f6b29ed77eb2231c6ca764dbd963571fb452afec3b43b6138

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
b5f1a8f522e8515f4f666fd1490e4aab

SHA1
f36b17364d4b9b502875d3cf110b070fb9cb5832

SHA256
3373db65d39ff83dad7b6caf8c13a99fc91cd88fec3ca8e4eef81b2721239b4c

SHA512
855534b4b629f7d448805a012fb5fcf949f169e9005e8f40116da04198652a9a3747074a6b985bc93fd8cc573ad039f34a54312ec6209b899bb1b7a4211b3dd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
2fd68c6526076b60039741ab8a083339

SHA1
9fc15020deaf89c72347179d8cbb6eb253da730c

SHA256
6e66c6aa20386ed6fc92974ea667aa7e8857e0932ae7201289b8949925ea7440

SHA512
122f8d6e6bac3dc54511938b434809d54ec02cff23252e78187e94e83bc130183e47296f32fed3f27be224c12ca4d4cd631a85e1ab70741ff028862b02f2d0b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
18b37ca1abebade3dcd5fb2644723399

SHA1
8c6d970ff8c45d4a88415cda5d5943cb5d9d9f3e

SHA256
1d8d133436c5961db7b65dc429e3e3639c605dbb5a273834172c9809e096b0d0

SHA512
3ff42461eb29ad5239003925fd9f1d44e3a2cb2481feb2dd6b4fa139b100e595d112eb59a7ef47ac813f61ec4107a727d25aa3ebd216b1cad18a1aca2a94999f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e1e5592b35a5dc1079319bb77820f3a9

SHA1
6a828545fc7eedf1f68ca6c1e3ae820eede05f4f

SHA256
0fe74681a8be0d9cf115dc812ac28523320fc9f4bc1ac9773b75264359559427

SHA512
ded2c15b77eb91bbfe4ea9b7f826f08c8abc9a893995e7dda68b50a094273e776eb0b5950a788cc3c3414a3897b7edfda80d3bdb3b662724055bb98c7c86f68a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e788d265209c8fff102f4030b50b763c

SHA1
0947d96c0a452f9bcabd709940bb47e0bacbedc7

SHA256
1a379051ea0ceec1e6c4c0f1e9a364e7375ad34d99e9e5606cfcfe4628f6c839

SHA512
012601677b00f09a81699634e123a0c3e6d026f1689fb15a3d3b4e51a79fed0db28e001b0513dedf9944764b272d1e6b5c95f97dcf7eeb219c8eb0e9631afe5c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e3fa45e7bcbe0d7b8b984ced9ea5b708

SHA1
635d70c5e8a918bf286ed8340e5d2a78ac1645c0

SHA256
21066468e74cdd91e17d83048a448ba28824c56b84aa66ad2c2368bdf5f121da

SHA512
4e5a4588eef709a5f5b976d972e64e41c931ce58910ea064c7b80fa24196a029b76eaf403c0a6c5acf866e69c9b7d2124b6fe45844ce9ad84d84a4c20864936e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
af072e568f373350cb4def19b6745c26

SHA1
6b77abfede6d73f050b856b66631a912a8051e14

SHA256
0b059abc103ec52c83aed87721c4f0ed1c4b4a8e72d7111e27f5971695c76db9

SHA512
ffc5b93ac2311a5105fb57c481e299b6a0cb9b5ed505fc804e7887deed5f6fb3953826e53f24ae4cf030a5ac0173d361bdb4f95e3bfa0f0ebd27b0a2b7faf328

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
61d864e6230a5cb0f0f528204282440b

SHA1
6a2ec398f0371fb4c0cecd2f8a651e485c187d25

SHA256
6e70d493d01ac1def66ca861e1309c2cc96655c3927a6b641cd88fb89efdf095

SHA512
a62bcf9f2d249c568bec3116c2ef0b2fb3206a2aa19d09dcd0b95a28dcd7b91299589e95347ce51bdfaef08c1cba119e2da78a8f12993232fc982a4cfb735669

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
b65fa5d374fd090b47c7b03748d4ddcc

SHA1
0dedd26536e8ec67ed3230792d0498829f962b2a

SHA256
36242df53f622620c07d0a1785c70e3c2c6bef11f4334a1ebadcccdf5ea1aca1

SHA512
c0ccd7562b999055b678683d0ccbf4e1e0fcdb1b9b18f2d5ac51889fced08d520113514434d37e26348d3166eb5b4f0c09908b10752962bbdd13581c85b26c2e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
54dd5485658706a835c5be892a8f98e2

SHA1
60724a316927531aea11808bac60696fa01c48a2

SHA256
dcae91b359e88cf1cc104bef683f732df0c76ce05c0239d795ea25b81318bd61

SHA512
c1e986a93819ee8c10743e15cd7746a29bfc3de1d89a51a7116d42719b476f569e28a2207cb79b62e96453290fa534d6cd704ae4b61e30c07912081e59fbc47d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
8d63ddd362851368053e3580f4f55f7c

SHA1
8e0089fb905ce39b16cf6a2cd7430c333bc92fab

SHA256
de61bca91ffb199518574fa8e7e422aa58d84be82b7c28f39e00ba28a20f03ad

SHA512
003f6ce6dfc2d8e959afd5db82ce8976d61c7e09a91c0a91d02b0103b402854f43365f1452639c3121715c2c72ffbe15d24911a71016b9291434de2c894c980b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
83c4c7c2bba327cd3e0d1037b2eadd2b

SHA1
761a761da8db7f2c2255fc0dfb50b2072189b818

SHA256
c2dfa5dcc32c5ea87192324ade41805346fe68c338c982c5b91c97593a8cd305

SHA512
5ed9e53612958222f3912e83a662c0c7eeef7bd48eeb6e6a59c437f2841c68f5e154bdb0c5433d74872733008ad5ce8b7f1ec73fc468e95a6b6ba3251d84d039

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

Filesize
77KB

MD5
241d02d3c8b9cdd1a8b0d5a863bd69f1

SHA1
9d26a75f3a82c64e9e6f5e9011be9a26183be9b4

SHA256
901936c2fd61ed096cf97e406741121b75eb581f7f18ad4301d1a19c19fb162f

SHA512
e1aab678034d1b4aa67cdd5679a3344c4291c926f969c49945568e28d69221c1ea6f7233d43bdd1ed5bc3e7ea49e11b6d810007672a0660d7f608cde32816fe1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

Filesize
47KB

MD5
b96051f0681711a7f244c9fa1a352805

SHA1
906b02f3ae85c62613de4469ece1e8a92281b4a7

SHA256
dba1c1d03ad18d786b7fb88910b3e82d1af21278cd8336c4c5b8b505bba965c6

SHA512
d8ef0acfc84865224699f41e0520717058ced512a93a878a1a27e86816d6a0ac01035e040b723b4d93c968b97388f7328f7a8b10e3e97026fb9daa6ecde6b457

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

Filesize
63KB

MD5
5b1c5a4411c6fa679d5bbc9647a11f00

SHA1
a29ce85a8771c991e07ff6d80aadae82685ff3fc

SHA256
d7743bd93c7acf18f63ab5bba5559bd3cc7de3987cf75956d15be0f05098fab6

SHA512
0e8b90d460f8c7ad30bc72913b9362f336b30207919378f98eb659efdd855b36bbf941149af4d3b03f393dcbd3a7f16e86ca2bf761c0622560493fc8d9aa3598

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

Filesize
74KB

MD5
36d3bc82d8debb5a20031a13fe5d8867

SHA1
8e0dd5894f9c73c404883c9857043ab55be2bb06

SHA256
70c7d71a2f4f3eb086c8857caa5a11841051f0f814d9ee747180932b105555d4

SHA512
9ec90a2524ffe3247f7b21c14c9430a8070a5514f78dd3d61adb41dcf4182bdd2a0ab61476b6f6d3c7c4167903fee18bc41be195ecbd5d2aeaa7e98ebf6a3093

Download Submit
C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_1.exe

Filesize
105KB

MD5
65f0bbc1cc35e3d170addc7f98ee9f08

SHA1
7fec758c39f8e6c121ea841eee7fe16677051481

SHA256
3a4517a8b14f3baa2f2363d09fdcddedb13d2ad77cbb1f71bac4e454a91c141d

SHA512
6c91e8f4c46b933b41440944d45315a47255fc2e4edec5dd00004e5ed340938bdb66271d88ec59cd2a9a02acbe8f64ec81a0b1d6bfc41232cea284e65dfefe36

Download Submit
C:\Users\Admin\AppData\Local\Temp\multihack_by_kopojlb_3.exe

Filesize
52KB

MD5
f3fd6d815ca6cef81c9d88d118c2a5eb

SHA1
a296086b213d0d15927e2bf4109563dd29a92980

SHA256
e7d401f35028459452ca04bc049cc9b744df5a2a2b4da1b6be019ff472f30a82

SHA512
a896879be6d397c6c1f05d67396b4df15ad4d3ff75b58b5dc06c316aa5c5bd5e35cf08461b44add2450de6fc08488b2d9772286d52bda850eb04b8a2d4f67014

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
610b32f75cc0dc4b0ed2d216e964b19f

SHA1
ae65ede151f86dffb2ba975fbe803a5162a0fd3f

SHA256
226473840cd6b433c7901745bccb2f1901e1d45d0c0fe496a99371ad3722433f

SHA512
b831adee88d3735f837ca6cde06fad78ad2d86ed71a353083baa5e7fee1d466517dcab0b435ed5d03461bf29c40251f34c61c9b1dab65cff204e1803b6a7fe32

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
7fa7432f4b872a983279486e628b47a9

SHA1
b4a503d178b7e01828c9ace1eb632ab5c78071b6

SHA256
f4b0f839276be735c31cf92783829f7ce74226aa51b29d1a1786c32f7be16935

SHA512
e22ed4fa460e1eb9f043bf8e6b69b808a4aed19b5dfd1c8c8ffab47a13929024e55039ce77b4795f64e3e18a722f880fa1dbaff123ce5773170d25ce53ea1110

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
86ff3b5c4474409495f8b37f67b587bb

SHA1
e2bce980ec70d75e5ca497976a9280b892798554

SHA256
12b805127b8df00823e291ecd8dfe75ad6862c4db97a649a81f2d1378a9bb976

SHA512
da95698e1d77f2ec360c124e8837531d3a119878ddaab19220069e9711600892e697fc50a1caf7e9bc911a96f1475e79e9e14b5ac709db0a15e02a6accab3c4b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
cf24395670aedfb35bedfc4757120db6

SHA1
3499478c7cefafe5100227d5c406108aaf225af6

SHA256
7dbe83012ed09a421ca91ab05cbb5f503de7a6be77a5f01fd6262620a8a1e4ff

SHA512
bfd11efa77958e953e1e2374cfe24f52b6e04979e27657aa8e23c1db259b1871f28b0c6605048b2b95e6682e85df0fdb002e2c4ece15710418db9eeaf8da0f44

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
6ed8a78c35bf37c9a665e2ff825c75c4

SHA1
48f2281c005a3898be6412d8b3c0f936a4ebe720

SHA256
359034d4644ac6a7342c36a95d9b93ca67698038da9772dc151386ff9523ef9f

SHA512
88bf3d3cda76e2b5c8372594c8cc1ba542d89006b04e686a8a3a320170d417c3948cc53ec104f602cacd923ec9847ebf2eefcb8d34b9366bb1cecad214d39eb6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
365241b1beebf004bb77bedd8e2a018d

SHA1
1dae5b4845028827884cb41943c062bdf9730f33

SHA256
5fe9461ec072386657247e9b3b57c35dd9754a3b3cba562b94bd71867dc8b71a

SHA512
673b3d580178b96a4f48093492c6c001ceac25608e7d363931b4fe96ccdc837d5f7d6c65f7f338beb06357fa21edc945e24a9edfb7a4a0a7016211d117c19775

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
e5c24dca66e6a3475540b72180038759

SHA1
2acacd191f293e0a35f82bf9d46e3dc5cf7cacd9

SHA256
38dd4600c045c33f732c2825516283c1c1a923fde291e68dffb9cdf9031d5231

SHA512
fa189c365e3952667c5704babf31a9664dcbfe53de1e81b7726060ab81f0f61e5aedd627bd98eba32265183d9c5963c898ff65074db784a423fa01034a666615

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
3a863fd419e0a3263c3d914012e040bb

SHA1
fa3574a18803b653111a937fba234992bfc2f4ca

SHA256
6ceaf4edc9b3b1d3eb3c2c7027dedc8e688527f857f33c553de5d77ece1296e5

SHA512
293cb53e495bfaaf8c9e93c3789a657b96fe4ebcbf77696a6734a326d3f40191b269da4a9dd4c9b43a961da11dbdad2e8cfcf8c5964432a7992ab1454a75f164

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
cf3765da5878c20ed7ea289393ff8119

SHA1
d3a58bc26a168db0c88fa10dbb9cfc54c681952d

SHA256
d71c78ee656df17214bdb737151b1d7dad7fa552415e4a834331d8e3b96e4901

SHA512
a74234a79953749a21bc5b010ab60b69bd8379b69d87860ca3e4388b5f5b1ead86973afbf04e15b4514ea9a72c770d0f809b532820c4ad06c6b9cf592ebbfae1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
5c9052ab7d95ba55537e549174844556

SHA1
336de9400f624a28654aada3bb6874eac171a0fa

SHA256
0c2592cb61b1d45412459505ba6400925bf8ae14ea089c1a21f28058c23709f6

SHA512
95ba07eb8b52726eb22751d9ab144c8ad1d78f460bd0f8c074235a7d39954d94f659c76f33315d541dc41c4b3e4c516aedf494493a59f59b6e984d2bbd962d77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
da6b33b95b79c9e26e2e9d3cb6702e44

SHA1
a058e68defef2fd0e44943a8af821a54652be79e

SHA256
366c8d4310055e8c5a1123e1187ff4938a480b9092f28feb8232f3c5f031cff7

SHA512
f3348e48dad7891fabe45a72abf164f005ded627abe071c6bd8616239d017d52c214fcb9fc62a48567a81e939591144edefef735cc1808c842dc33d80b4d72fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
387e814300a7dd86bc91a46fa71ad193

SHA1
8e44f6d66dd00b1e848e5f91530a6f850e43f757

SHA256
e964ebe81027675fddf3553b473274055c5923ef66fb33ab30fa6e62676c4739

SHA512
39873969c7267eca37bef4625b8f6a043f0df37ea4a2855ec08ef3b2eea9b9f18ac09666e742620eff540ee5ee704d9c4a84454d9aba833784e3e842b5028a7b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
89c55bac38376384efe21f163cc648ba

SHA1
db15dad7724483a5622e5fc4a6c8c023807930df

SHA256
e55f643e28ffabc511e7e05046f2a3346072a96daf985070675736422a808539

SHA512
5788ec388a0c90a005efd87327a9489eb1d78150f8a840f324e063de177076d1065c21514a2fa359b33f0b45c8c00cd7f51298df48517dac3c25c2760b69cb8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f53f87509a68083b42959bd3e009f7d0

SHA1
03ac53a5fc9905ab38e6ee85fb287ca0b475b805

SHA256
8a383bdd3b9bbe1046e3cd702ae0b0c9e0ab2a64cfe6d833a14cc4c649159a56

SHA512
ab56668f2a596b3cc3bc1e03d43ea97e3354633af3228f942f5a56529f4becfcd4ced897886d401ced2027bd337911ceccd37d3b691e4be0cdaa6b85154a2cd0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
62c3e16c029836d1844fb976105802a6

SHA1
5c0e4dc7e3e62f41260aff562c396bfdf72d794a

SHA256
60e55a1870580122531fee3671e4028724c07a56ad945adbcbd8ca4b9932a1d8

SHA512
4a5a4fac797b5764b2d22cc5dfe10bd7e5da5ba6983c3fb32b212377130aa0c1706fec2f9142ff21ea10af80a33a91bd4ab079c43ee7b885a1805a0f862b6be3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
e5c50952e792aaa53da9871ee882cbda

SHA1
d617cca8a99fd12d6ba91cca8f208148aa961fc6

SHA256
2c5eae7c9cd9f66402faefcb547d5f8c0b7b3662397a5056511e0efc64a7ead6

SHA512
bdb901402fd1188d5260c1481d9617e7ec6ce8eb19d871c9172989d163c3560cc425c1f4f6b136fc06ff60051b150ea70e90715a18d6d38d627ce4c10e84818d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
1d600ceb086d9f438be58c6ce52136f6

SHA1
e459a197705edcd8205b4f6c0f6fd3b04348b15a

SHA256
b6e530a00a013df37c986e1082b49826eb966d75bb5c0969dccf78ec4f31a790

SHA512
4878a558bbb15fb64337c7b8f511bddaadfeda2254f14ad2bf6d9b977114b5faec58324c312d2ce4128eedb945563fc4d7c02f99369fb884f41e478368abe81e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
c4478c2ec07ae17230ad54b518990fdf

SHA1
d4e574d8115941288f0cc17df27988e9323b24f5

SHA256
de900d2f5e2727f91b3462d891c7ff859f521ecf4fe96442106d80a470ec5228

SHA512
2d2d46f1b27fa19a7d6f1a74ac9d7977b6da0346b99bbd747b5b4eaac462e21032ffea127ed0a268c2355c2facf78793fa775e78461844ad492a3bbffac315b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
8257da25f3fad906e5d16b770dc27f79

SHA1
5a4f94d47e1d27a733f7a770d3d0601b94f6cefa

SHA256
18db08c9e7dacaf863ecd5a66f03385b0c1718bc76515992627f37c6c93be514

SHA512
edf5c2582c10db38841e489aa5a014a6bc12d32542d40886d35ae94e1402c162a044b2d088d1f5d9ff8882535459533bd6f8eb1cc89bad4d1f84d93e5509d6e7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
a42f04c793862d40f6c3c55ecf3e11e8

SHA1
8d49270bd97a02490fe41a588bf993ba65a6aef3

SHA256
5bfed776864d6d1ba9d8c6cbe4094af4e18c5683969d8ee0e5aa42e2e6b00750

SHA512
133edc35c92df014714e50dc1c4e088d05fd500626b9ecb997e57b186bba9d4e7510354112a04f07f4df8919d5e4647740194690e038e85df27498ff3647b524

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
9694489621bb42726d3911b1ee6c706f

SHA1
5c05057cce8beb7d270dd6b910c5de399936e253

SHA256
2ee0464f4b0c5de72c7235c949f0c24dd42d24a9d484a8f77903b50a45317d62

SHA512
59a95cc3580b23e15fc98f36908996d726d1b23cbd9552241ef42589e82e7992042f130ffdeec50d916c9637ad27e0117d7bc5a8e609caf9987d21cf7bd59be0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b457beec7b6aa34e1f03fa422c9cd0dd

SHA1
4783c84fe60865546bcfd7cfeac199d3decb9c58

SHA256
0a2fa20a720082ec06e92b0ac3e85d0fada1b45969d689053c1229da078580c3

SHA512
5aa9ee124d38fc5c1cdb105392caa87936a4f7dc48fe8e08fd3c067e08e8fcdd3e76239b9e5896f4f17fe12683b18c25f9a47d6ac0ce2d6c1589e7f12c2f3fcc

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
cbddab25c8e267faf7e7741c12f23196

SHA1
16659f5cb699e982cb482fb878467cd0d0596f5f

SHA256
519119631bf85404bfaa54fc73587e5b70f210c8ba8b9e0aaaaadaecab9fbf11

SHA512
cee50b64708dcc00be7813615ca81359319f2dafeb404af492a97ce591c834798c7dba9499de3b53909278a86c98c18b01ce84baa13a8660262fb34b5264e517

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
da62c15ed01f244ab8a9c355b9d900e4

SHA1
2514289fd59e38e05b54bb5e320e0f47c5511228

SHA256
3c4a7f0b62d353458552b10435d0701c6937364fcb67f88294888ced4cc1a961

SHA512
8eb7c353ded931776dc70f00009553adcc835fe863ed99a23ac128f8753e7342b77600231c46f8b05953f96b5a3017defc8180f1c4eafbd7767b4fad078bd3bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
17e2a3b5aa99821e3259e0d97aa3120d

SHA1
65c5216b2eeffed4c50ba8f240c5061ddb598b0f

SHA256
134faa6fcc20af1255b406222608bfaabe516852a77bf3828a7557a7f21158cc

SHA512
bdd272317f4998e407f51cd4e2e8e87bd2fc18a4163c314bee2a61c0a7a353f4885c673d14bcbda149d8f6545f72a6d385955d03ce3b33b99fc46e44a650a3f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
a22ffbaf8e4e91b748ddb00a29ada9bb

SHA1
2c2559b98e1ce508e9c370b6ce8b5c6f351a1f5b

SHA256
8f044b6262beb560887b6af7108ca87abc724106995378526ab5c0826557a527

SHA512
eb9336ec9161baecc67f90bb536bd4dbc049ac906568403c772f3d141f32800d1d6e5e27ec449b4c53303ef023980b0d095601735fbbb7db49cb63798bc1c68b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
60c43ab6f370c50a3b43ef5e6c9e46be

SHA1
1851d01b0b8b3964602f63517e61adac8c6cce27

SHA256
d9ee4a7a039c3ed459e44db0b24fb066574f9a502782992f852c4a141425608b

SHA512
e71db210280a20111aa567333b6815faec6c723fff0d45ba08b5485f60c2cc18e3d4697254f5402e729c1ecd27069f9a8f48c3bda08334f1492d6490e0746466

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
4a340a577a9547a9c477f9b5496e2994

SHA1
46c7ddc638e1b41fd04d18d38460995a95ba4692

SHA256
94c01cb3999eb111dadf7043a5528fdaf73978b3a5b38caffd2e5ae6068c269e

SHA512
c32fcb3e365efe0f7770bbf30cb169fea366048b9882a8c8ecf86f095449334cab4a15ebd0126076683d0f6bf68089534bb6205016e6db6aed99f85f17d69a69

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
b362d519272b2f2b2f6fc25c7cac16c9

SHA1
a854f78562bbeb421fa7ef0fb50627dd4be3ee60

SHA256
a29e1eb7ac58ac6421a6946845da9115e4c6ad5a3e93373eb9968ca26bc14e04

SHA512
ba17e2d2067f4e7a1f765a766500f7b0235ccfff58e2c697eb2323d11f5ee9a9d220bd601ec43a5efaf9fa4696f5510b73ea59aa51e740d0ad460c95a8f633f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6b14cf9d064ef24e00c63fbc3bf3402f

SHA1
493602cb24ea119905146d659cd7fd678cbb883d

SHA256
b1f1ef86c65c993b8ac124938cf8cbfd8a7336d3753e9cd7d0bdd0c7998a6f71

SHA512
d3ba93a40f86f595d066c8584f46d9f81f0111ee083e202b84415047a925b031b3999a78660b9cfa6a9e3b58a1c1f469d5528d75c59af175fe3b379d5ee22e13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
9ee479d54254cbc43dd8aa6dc9c63b8a

SHA1
2d9700d8dbe62ac85b5e4768b613eaf85de72adb

SHA256
11707a56b062cd5ea75873ffcd8d2c17cefc93a5927a06f489b80420db2bc61d

SHA512
451a55882d8d5da136004396a2efb3a073587eb21511c34215a36546b7199c67595046f1c840fe4b3942a844c89e7f3c61b2849fb70ea60ba0f7c31f298f03f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
a4855513833df07d56314e0eaf17c801

SHA1
9fc7b8584532c930fb1818f9bda3ce3294a26e11

SHA256
0835bfe3b88175b35bba96b2b81c8ee63d9f74e86f52e16ba36d278982e0059a

SHA512
4189e3f76d689110f976f6eff5b0c9042908fa738bbda96436dded1fe9da653ebe7f48b70cb38da8f09db1b94979235f0cbc377cf00bc1ed2a248afe866cf3eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
411408a8693d77c1880f9fe873875ae2

SHA1
bb0a2f649cad13ae7eceadb012ef47c1eee3fd55

SHA256
97a80a24edf053570856d9885ddfe34f573768f5f1864476d42362d5f070fc15

SHA512
1ddbc3fef38d1a8f905bf70a00b16cfa0ca82ce8201b7ce57057fd62112ce2fedf541ea4844652b4db01ce910aa887373ce6a5ae3d7ba6c13d9fb95b399b5862

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
50bb1104a50c152c870f86ccbdf1999d

SHA1
0e330353194c8eeb5a507111a4adb232bc1caf84

SHA256
d9261fbec8bea417de84f46d11f7ad5d009a96d435faf98dd4dc7b38212551a5

SHA512
ff7c04668da15acc22e5ef416a3b2f31b87745d865b94629b6572c2c9553c9ecc719d37cd9f6a1210b4a89563fb53edc1a3adf0101aa7a43acf2297e71529152

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
696298e6e7935f9ccf5b790f1cc886a3

SHA1
94d3cba2870993ff7a38cccda64820e4be1b76b1

SHA256
995ef003d973ba9848de7bd061edd45b934dacc0602ac1d5e28741d1bd2a4b5c

SHA512
4d8e17f234cbebcfbc8b9beb46884d80d51660bc29c0f27c34bed4b084cd0aa56dc9f624da13b3d00b8b21422b40f27f0fba00012b831cf276207a791b33eb80

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
e5070a2275a53a3dfd3f297c7be183b2

SHA1
f8bb888d55dca3da7448bd083a3c32024f7db683

SHA256
bc84098a99bbae17ef1fe8f79c1e00e6b9cbdbe2773a32b9db423281ec9372e8

SHA512
e25191f1afa1673c50d293b10b1ff3889c61c3ec202006669720f3bb8185fada8fd8d99da46863a2f1867b830c5cac21de244d8e1f5176ea0a1576f120b2bde7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
071408f5beb2adad062f233b05aba3f6

SHA1
e83d42fa2a2ee98ff96613cec2263b714a1e9f44

SHA256
365b3cde9ac28a665cbb172d01b24da7ee2a40c48ddb7689c71ee72790bf3ae5

SHA512
83664c37998427761deb579c121a590c6716105500145561cc55e475ead1d00fc0a125623069ea2164b3e7ce3fa08902490847d415d017b4e5e7eb0a74457b87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
843f5f2c70658070cc41a8b8335917f5

SHA1
47a137f6926368376573536a002261c8e0e106d8

SHA256
d0c720ccdfd0f00a8238af6cedb0b33bb1b5e7571b1965a139bc57a9cd2c0144

SHA512
a0e3ab66fa6e4016237264c066191a1a83655aae23d287735c179aa711f9edc3f891ff84fb0e07b807033e51ff16471ba28652f0c6ba18620dcc6330e2af151f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
c0bd0ebb6e22d14aee3867220292ee1e

SHA1
f692e3b88e9e5356b4bdab8364941e1d4e4bfbbc

SHA256
436f9fb156c29d48456777d24f596f681061f14ac2c0d5b671aad26a4cc08b3d

SHA512
6b65354ad8f8867cf2cabad3485dc9ef6f21555ada80d8e43c18c3b71f0f73ae2fd4668ee654dafb83d4fc47b9cef336e290f94569ef3f91177f7f5e1d56ed6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
33b66cbc21a811d964b33fe05b21a3ea

SHA1
29e7de1dde4cc4cdb682a7450810c501ddb29910

SHA256
1a487b2f2b0df9635cc6cb8e7b5016508743a5fc2bdfbec48fc38c9c192de1d0

SHA512
92648e71d045f010686ff440c58b57b38b9602dedad05230b1a9329318444881ee583d7385ee7f3ec5234b07c84b681890acb551c1ad92465ccc05952a7afa01

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
f3d134f3c350cb0761b5583348778409

SHA1
012030a882b95fe9ea4de097e950ce5282848cdd

SHA256
b535f1649dc3448c960613c9f948a59d679403d9884c086efae5f9f70e1fcc60

SHA512
31323f89271d4826fc79adf788307cd81a671056ea7bbf6264518eef307e488bf84735e80e8d0be82d24bd8f064b6fd5b15384f6cb45a2aa53ce894c23fadeba

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
9ee525d38a480f5925225c26798f4045

SHA1
f93cfc2496d5ef3ec90660b3b0201e401f74597a

SHA256
31e142b2f6741766ef136abd08c46faec84f4b2ea2c996fe924f67c6911d8cfd

SHA512
e297ad34acd9c542bbdcb2ca95e344b6983f1851cfb11b0442da4e2a5d8e4768d764d79903c98993a22c5c53a61839f94ea5ba1fe026bfb0beb554d95ba693a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c562933382eb6928bba38d844c484447

SHA1
676aba59b1042ef6b9959a03f26f2b6f2b0224a3

SHA256
1ec8ba97f7a69d462850f613fd177becd2a5da44ac78ff763b1dd2e8b27a1dae

SHA512
48dcea3c1d7903bbcc17373e6694df2b31fece30f067e5fbc2081393d97dbc3c95e58d0c636132ee7a4ef877ddc20090e03714818169a37a6096d610ea0ce79c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
472075af4f58bd7e06c0d98d2d59a5db

SHA1
83763b7bfd03196122d7673927311f6a234ebd8c

SHA256
dffea3fb9ca553e808c41333c2f07bfedb5eb0f42707ebdb9398ce6fab55bbff

SHA512
fa0dff09bfed9c7e0c156633e15c62840606d4f64045685119d2e19f097a968b64a15b0ccf6eb4e3380e88d57b649fc831fc89e364e2178650bc8baaf2e745d6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
e0aae5b7dfb4f9468e62899dd3b553dd

SHA1
af733233d125aa37bbd7434dbe26c6ddaca7a478

SHA256
932f9c2fcf0e40bf93d8c29b78be57f417b449af3636a7456d8e9ec4d610fcd7

SHA512
847e7d42969ac7c7e481009351a8b917b0a2dc2f87d58a922dfa28df8ca0a50841f5c06195effacdb90993cf0e81f9efc40c99e81b363911d3e1ce68ee67d279

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
a89316f66c170bab7aaf2dbabe73847f

SHA1
5d75f38f6d28fd9221362b7c797ea62bcf39f6d3

SHA256
c88e7a6afe257bc9effe189896c9caf85bfbaf02ea3654cce08d52516eec4c78

SHA512
4e7860a15a1a4cec2a8bea5e7182521b1d806f8f4d4f4733e1401dd234e540edf5b21767826fb9bdfb982ab0beefacc835e41d01480924be7c9e4e32e96eb6c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
27dde6afca020ca12a22711791c171ce

SHA1
2ed82e9402af9b00c7d5775cd3f0fa80ac293ee7

SHA256
d0e58c8249b5c333cceeebc9be6dc739472981a5280cc7ae5e45f3615e87ef15

SHA512
4e6004c24496dc0309d5b778251f82d5042d5ab216963686d63d3738dac8c9273e864208770487627e87319a9fa8d1eec475e7facf761d0116d1a13cf12d9152

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
05ef54078157459099c40caac47dc2bd

SHA1
8b437fdeaf4898dc9e7a999c29f24155c75d8a85

SHA256
4457e6f36c1fe1ec3916708b5c14b079ba37c831ae33e2bc9715e014436d011d

SHA512
99efc9b3fea65f49ffd7f87ed55170236796add84538963375fc59f95cfaa77680a796ea16bf422f5bae8dc0cd306139b4fe0ebcc60534900ba251e2f4a340ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
91838c8745bf358a96fb8293200bc9cb

SHA1
c78066c5b0defedbba2ce741f698ce475d8730fe

SHA256
0995c783bf97ed2614f67569afaa91200b040b84bfd9bf0fe35f21421e2fe06e

SHA512
79041bee6625cf569972582050ad0eebb7fc4b73b3509ab83a0e097ccc911a7b955bb47c1b02e9202ed831c7e9e3271c347f7060029d4a015ab5880004ce095d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
3719555b245efae80d83df09fac38b48

SHA1
6417a52ec939bc99392459bcc7e9d62f8273064f

SHA256
39dd622297fe5d955a209b91f15d6fa8e75145369dd97128a86025223080979c

SHA512
03031cd6e956c33a83deeec0638422730a0ba0df417b5e24e33a79df4813b3b108ebfae4bc2fa33fd9484edb7bb009b42d97f0ba0fa36f13a3698babca13013b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
7e1016c9a5ae03fb6e75a249bacfcb18

SHA1
4d97a7f10d3ef05728e5a8c9911f97a8891a7d83

SHA256
58e975826f5ea59e34dd68d0b1e99277ecb271263a4175bec87d01ba16b2eb4f

SHA512
cc1e1dd747cc63b072cc106c01ef79a40a16010f8162a7479af49dbb99997794d9fe3f52e02d6aad8db5c4ac92e4dc15ea9a1811987ff222c29afc1168ec2da3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
9ed44397e26d7b449aa3ca73654cb2eb

SHA1
caefd647a8336d38ff909c26f87435f992b7e2e2

SHA256
0cb53cb4cd73a61b122dac4281650136fc268e4f14164e3c42ec02198441572e

SHA512
1164e09cdcc4243f68c9b54b378099b45f3f6faf3b99b3b95527f0cdbfcf4cd70e4905d778a487472d95cafc409f67e6feeb094632aac53632504b8f26bf93b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
642452f3fd1f7f4811123df5a747bfdf

SHA1
9163df234c02e77377254445d20f451769c7eec9

SHA256
8d27d0adb7b98d8ad6bbc951df9f698388354ae44b9946ad91710ece0f4b8900

SHA512
148543dcaf1da5f5aff5a60d5dfca1b4829c5c22d7b2c7648ec52fa6f3e887c0978368a8c79b1a98e56413fb8a2cdc97b864d2eb666210e435bd57ba2a436a1d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
59f22e3c8acad9964fea0f49602eada4

SHA1
9ebb324d10e5b8e666e56cbc1d0d8335f590dbd7

SHA256
a2ce8e6f7480f5965f66e2328133269fa28c9b3014b18d124fb7e7f6cff6850b

SHA512
2cf62b5ef7cbcda4a7ba18c94dd07c0fe3f65064488192244e6a031a348a1166c06affa5b6ed439cce7e1c5d7c4bdb6b95fe0e1e288128b7c3a4e6f306393fdf

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
cdb193bd1eb8945127d3b06ae975dfca

SHA1
d63f1530156d999937e7d323d208c94b301c442a

SHA256
7af78a39bed792af249c22358a583a77d1a0e23c433ed4f4cc53aa08e0c4ce10

SHA512
b3f1749e06eb67f01f81ea349e065bc535f7666e7f4a3eb6285456b1788acbd1ae1f3d7ff37815c229c8f3c71f5e9738b2503dd50b0a75c0be7df63cd804c448

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
cbbc5641c36796e93fa7e5c7afc9c3c2

SHA1
24fd3ac7bfcfc8245f7d9a90875c5bdbd886fcc9

SHA256
42caeac7d717453759877a84cf56e2f03138dfadb111eb387633612540584832

SHA512
910538c3ff232666c22e73800064195fdcff0304a18ebcc9f02ad8fa0de685561144b1cfe5cb56e5f9e3c82fc8d1feb89578e4d4538f55ed42cf519aa91745e3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
ab9952870a04d5d890f318afd4197149

SHA1
7d356368e46420999d645a236a20185aca00291c

SHA256
668dc9b811bdd01fbe2e3e1369a11aecc6bde2b710fb6b8e1213cca028a08474

SHA512
23953a184aa6639384bc4ab0bf51c612db474a33a296f9b99b61072c9a452692966bace649104333bcadd301fc9ca640ece3e864fb8d33bfc0de7474577d1f91

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
e5f573e847925b9d5de1052ca9e850fe

SHA1
5f53a31c30683cebe31654cd6bb86fbb75293289

SHA256
45af0b201598586cb81b7cf127d09069c1b9963bb34703840229a5fcfb017476

SHA512
e37e9ce319ce510555778b93f8e8772ee40b1db8266dcc42c65d59dd63b821ad5f7ecff01e80886f84204ff8e908a187e7042b925dfb7039cd163de7a3aecdb2

Download Submit
memory/2100-20-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-4031-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-11351-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-11349-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-10916-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-11049-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-6389-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2100-11344-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2476-35-0x0000000074E02000-0x0000000074E03000-memory.dmp

Filesize
4KB

Download
memory/2476-166-0x0000000074E00000-0x00000000753B1000-memory.dmp

Filesize
5.7MB

Download
memory/2476-5076-0x0000000074E02000-0x0000000074E03000-memory.dmp

Filesize
4KB

Download
memory/2476-244-0x0000000074E00000-0x00000000753B1000-memory.dmp

Filesize
5.7MB

Download
memory/2476-6390-0x0000000074E00000-0x00000000753B1000-memory.dmp

Filesize
5.7MB

Download
memory/2476-5090-0x0000000074E00000-0x00000000753B1000-memory.dmp

Filesize
5.7MB

Download