a8467de9492387559bc693b8430805aadb9761d4e3a708cb35e99544bdcfc0c7

Analysis

max time kernel
140s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
Size

3.9MB
MD5

b3a402df4012df2d094004f103bdc219
SHA1

88f6093dcc0e5401609e076c1b6ebfded0f77807
SHA256

a8467de9492387559bc693b8430805aadb9761d4e3a708cb35e99544bdcfc0c7
SHA512

2dbfadc6faf5ec561c53e64fc3330e0a74a4e09db61624d25e76040076389a8dcaa47846b5da476d6c3f1fb0e932ee27d20b4813fdf5d09dff165be67f32d272
SSDEEP

98304:a3HuDURiLaNypLLlhSGYcrJFte0MEe0V3gkD:wwURi5Drdr7/V3Z

Score

8^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2236	netsh.exe
4364	netsh.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	api.my-ip.io
17	api.my-ip.io

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 32 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4976	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	84
PID 4108 wrote to memory of 4976	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	84
PID 4108 wrote to memory of 4976	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	84
PID 4976 wrote to memory of 592	4976	cmd.exe	86
PID 4976 wrote to memory of 592	4976	cmd.exe	86
PID 4976 wrote to memory of 592	4976	cmd.exe	86
PID 592 wrote to memory of 5032	592	net.exe	87
PID 592 wrote to memory of 5032	592	net.exe	87
PID 592 wrote to memory of 5032	592	net.exe	87
PID 4108 wrote to memory of 1912	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	88
PID 4108 wrote to memory of 1912	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	88
PID 4108 wrote to memory of 1912	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	88
PID 4108 wrote to memory of 2344	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	90
PID 4108 wrote to memory of 2344	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	90
PID 4108 wrote to memory of 2344	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	90
PID 4108 wrote to memory of 5016	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	92
PID 4108 wrote to memory of 5016	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	92
PID 4108 wrote to memory of 5016	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	92
PID 4108 wrote to memory of 4484	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	94
PID 4108 wrote to memory of 4484	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	94
PID 4108 wrote to memory of 4484	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	94
PID 4484 wrote to memory of 5108	4484	cmd.exe	96
PID 4484 wrote to memory of 5108	4484	cmd.exe	96
PID 4484 wrote to memory of 5108	4484	cmd.exe	96
PID 5108 wrote to memory of 1952	5108	net.exe	97
PID 5108 wrote to memory of 1952	5108	net.exe	97
PID 5108 wrote to memory of 1952	5108	net.exe	97
PID 4108 wrote to memory of 552	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	98
PID 4108 wrote to memory of 552	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	98
PID 4108 wrote to memory of 552	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	98
PID 552 wrote to memory of 2184	552	cmd.exe	100
PID 552 wrote to memory of 2184	552	cmd.exe	100
PID 552 wrote to memory of 2184	552	cmd.exe	100
PID 2184 wrote to memory of 1876	2184	net.exe	101
PID 2184 wrote to memory of 1876	2184	net.exe	101
PID 2184 wrote to memory of 1876	2184	net.exe	101
PID 4108 wrote to memory of 3460	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	102
PID 4108 wrote to memory of 3460	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	102
PID 4108 wrote to memory of 3460	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	102
PID 3460 wrote to memory of 4024	3460	cmd.exe	104
PID 3460 wrote to memory of 4024	3460	cmd.exe	104
PID 3460 wrote to memory of 4024	3460	cmd.exe	104
PID 4024 wrote to memory of 3588	4024	net.exe	105
PID 4024 wrote to memory of 3588	4024	net.exe	105
PID 4024 wrote to memory of 3588	4024	net.exe	105
PID 4108 wrote to memory of 2988	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	106
PID 4108 wrote to memory of 2988	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	106
PID 4108 wrote to memory of 2988	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	106
PID 2988 wrote to memory of 2236	2988	cmd.exe	108
PID 2988 wrote to memory of 2236	2988	cmd.exe	108
PID 2988 wrote to memory of 2236	2988	cmd.exe	108
PID 4108 wrote to memory of 4896	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	109
PID 4108 wrote to memory of 4896	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	109
PID 4108 wrote to memory of 4896	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	109
PID 4896 wrote to memory of 4364	4896	cmd.exe	111
PID 4896 wrote to memory of 4364	4896	cmd.exe	111
PID 4896 wrote to memory of 4364	4896	cmd.exe	111
PID 4108 wrote to memory of 4588	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	112
PID 4108 wrote to memory of 4588	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	112
PID 4108 wrote to memory of 4588	4108	b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe	112
PID 4588 wrote to memory of 4232	4588	cmd.exe	114
PID 4588 wrote to memory of 4232	4588	cmd.exe	114
PID 4588 wrote to memory of 4232	4588	cmd.exe	114
PID 4232 wrote to memory of 3440	4232	net.exe	115

C:\Users\Admin\AppData\Local\Temp\b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b3a402df4012df2d094004f103bdc219_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSDTC
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Windows\SysWOW64\net.exe
    net stop MSDTC
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:592
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSDTC
      4⤵
      System Location Discovery: System Language Discovery
      PID:5032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c bcdedit /set {default} recoveryenabled no
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c wbadmin delete catalog -quiet
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLSERVERAGENT
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4484
- - C:\Windows\SysWOW64\net.exe
    net stop SQLSERVERAGENT
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5108
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLSERVERAGENT
      4⤵
      System Location Discovery: System Language Discovery
      PID:1952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQLSERVER
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:552
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQLSERVER
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQLSERVER
      4⤵
      System Location Discovery: System Language Discovery
      PID:1876
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop vds
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3460
- - C:\Windows\SysWOW64\net.exe
    net stop vds
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop vds
      4⤵
      System Location Discovery: System Language Discovery
      PID:3588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c netsh advfirewall set currentprofile state off
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Windows\SysWOW64\netsh.exe
    netsh advfirewall set currentprofile state off
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2236
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c netsh firewall set opmode mode=disable
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall set opmode mode=disable
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:4364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLWriter
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4588
- - C:\Windows\SysWOW64\net.exe
    net stop SQLWriter
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4232
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLWriter
      4⤵
      System Location Discovery: System Language Discovery
      PID:3440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop SQLBrowser
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4796
- - C:\Windows\SysWOW64\net.exe
    net stop SQLBrowser
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1456
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SQLBrowser
      4⤵
      System Location Discovery: System Language Discovery
      PID:1100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQLSERVER
  2⤵
  - System Location Discovery: System Language Discovery
  PID:392
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQLSERVER
    3⤵
    - System Location Discovery: System Language Discovery
    PID:912
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQLSERVER
      4⤵
      System Location Discovery: System Language Discovery
      PID:4992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c net stop MSSQL$CONTOSO1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:444
- - C:\Windows\SysWOW64\net.exe
    net stop MSSQL$CONTOSO1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4400
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MSSQL$CONTOSO1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
576KB

MD5
46d7bb9c29a6d2704a866ffe74026a5c

SHA1
0dd373ab4a753e90addf5876a6b541cb2d68adbd

SHA256
8a3bf6fa1c26b1a79e7906cbf41a32518181e2de7e7fff66f5361607406335c6

SHA512
eee00de41aa7dd974e4e955d3a39bb2e8de1eb366234fe627cbb2a5df94083cad1fdf7333c5856e960e86370028a32cc4602fee2a823484e6973b8f3a2024304

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-tool-view.js.[[email protected]][MJ-TB6871253094].lambda

Filesize
320KB

MD5
04ac9d1a24b5b0a211a66e431589f05c

SHA1
d6733ca4a65b8c78271063c30ef2647fd909faa9

SHA256
6df638eda43922957b6f2a0084e6ff8234b97fa1053fa8f67dfcdac9e16a52fc

SHA512
f2c7cbfb4bc63faa7fc9464519b80dfb86577fe480a6bb6391ffca1d4a8f6d502c9583506d2a7545cf985fad37abcf5aa46f39b21ebc6eb24ac855bed2f83c38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\css\main.css.[[email protected]][MJ-TB6871253094].lambda

Filesize
192KB

MD5
3faaa109393d8636005812ce9fa647c6

SHA1
7dd1d529aba22ef9c282d28f7bdf1ad7e525584e

SHA256
4e6b669fb036c9f365bd8d556423a2e8fd148e5c335480da41b9faed003625ae

SHA512
6755b617ed1b8f087b87a9a84c070437c8e3e5ff5ec079f8ba711538d11ac35b4a26df34531df30853d5a5392bf0a248818dc6a558bc9485d82bc5a1f0c6d9ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Cloud Services.pdf.[[email protected]][MJ-TB6871253094].lambda

Filesize
44KB

MD5
25e4c07dbfd7c2d648699a668883472f

SHA1
d7beca029d76c773cb071e6ba67c00cab60271c0

SHA256
d65aabd3dc03b1ad907cd52f71bc343cca76e0c930bd7e1c2ffbef56a1833312

SHA512
0fd0d270a110f0bf9207c79ee52b29affee74b86ec9fdffff14b098433db097c780cf3540b0bc2699946e751c22bc0214537bb86cfb0268fb4200aaaad8704a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api.[[email protected]][MJ-TB6871253094].lambda

Filesize
414KB

MD5
a10decdb6b48a72b75e4f31d5a93fd58

SHA1
00d4861ead6d518ea96250c0daca6678bdd752f7

SHA256
51a30039bdec0ebfbad2eaf828727147cccd8af1578ebfb67d844c96507999d8

SHA512
72a8aebe612c918df1e62885cc204ca5df27e097c8276afb47b00926ee9998f5e0d3f81cb71ac4518908e8c210129ea2b924a87754e1e638cfe1d40fdb5c92c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\weblink.api.[[email protected]][MJ-TB6871253094].lambda

Filesize
300KB

MD5
8436cd88a19a85466453c889e7f40aa9

SHA1
724e58fcbe1432dc9de14d092346bf152adc1637

SHA256
bd8689c1dbaf7cc1cf9f3c54c08a5fc0276acdc2e2cab647b4e402f469f47f36

SHA512
ad15eb751c1b91d5026477c1b8b8c2788759fa89932988bb61fe39c90efe2b5dfff6f2a0d3f7e9ce71491439cb560ffd488e836a8454eadfe8d88ed35d8496d3

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\psmachine_64.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
126KB

MD5
fddfad7007e61394a31a896a8e9a6bb5

SHA1
868df2919e11592b700c542e288e42d0f4bea94a

SHA256
e763f7a1047a39516a473408738a2a3ed3b935484cd48105eef766bfa9328825

SHA512
30f8457572b8e186bc69d12bd2d56714718646b5bb2ecbfcdc9d743f74f6694a23fbc787935ccedaa3447243007a4d319cd777f5459da6fb2f08382a2c84f847

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\psmachine_arm64.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
126KB

MD5
83b67f8115521be0a90c2b1ae5c88cd1

SHA1
3c5f3adc8a37754fafa51b0538858c58a7fc458a

SHA256
956bb716299b712ba5342f57b94e1fc9ba1d006eda88dc30c0241fa19b55436b

SHA512
2b49ee2c9cb9d51dd2ac14dd06a43d1af588a9a720013751bc842aaa76b7d2b5d568e2c49b7a4c3d90304c74569d643b13a96d0be44bf1625c5d274122afa315

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\psuser.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
126KB

MD5
606d2cabfe6ee2b234dd0a5d70ef67a0

SHA1
2dbc4e078e9473467afb8c992c052c41aff9176e

SHA256
66e225d447d3765611766f1c3c0a247eb3be38dd2a0773658bc543b117f8b2a2

SHA512
ab87f69776a5de32d27646f6f469ab4dc455ac9e92b1acf78ea26be498e2e184f619a89e2cf74245a785f0a1bdce7ee8eeec1d56d008ffa0967417cb31c226f1

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\zh-TW.pak.[[email protected]][MJ-TB6871253094].lambda

Filesize
21KB

MD5
a8aa1360754afc91fa03866c1ddd0f9a

SHA1
1bf1a8251a1629b046773281ec6e33d2cb2dc7bc

SHA256
b988860928a6fe7d233824a47077121db0833088cb3c59585f19750bce979512

SHA512
f5e52bf3a3931972b309068d5da641c7b7a27b4d47ad79d6ea0c6541040c53e5f98802e4e14cb136ae7c18454a50baf594407102c3553f7a2f9e89216c1127be

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe.[[email protected]][MJ-TB6871253094].lambda

Filesize
234KB

MD5
7ace0254a4ffceafb3b4db746bb073ec

SHA1
bab91c7e6cd54b3fc7b7c7cf0cf6ac8240b96c85

SHA256
c4c9821d81dcf2ef2c5ab581e3fc3750b8c7eaf6cdf98cb5f4d45e5a45d58150

SHA512
80444a630e0131f6a37bc504f5bfefd479c9d9ed3f5959a47d14590a596c82b62ca9c362f80b0b044c23763824230be43bae5c861e8a7d7602c49d55f60e8dea

Download Submit
C:\Program Files\7-Zip\7zFM.exe.[[email protected]][MJ-TB6871253094].lambda

Filesize
930KB

MD5
7428cd8368d2be548fba67e4de2f4ce6

SHA1
936c75230dcd32e628ea7bfd734258336c17d627

SHA256
d6f06cfe4cd92d1a65b71a5c1c6b90b33913427d7d480aeaee51129d9f940c2a

SHA512
32b95ff357c42484c0b038e2b4789ba4832e3cf4a802a923f9c9934ad551764bc71961bc821742d731094b8d8360f1a18aa61590717d670c9d37939de01b3c50

Download Submit
C:\Program Files\7-Zip\Lang\co.txt.[[email protected]][MJ-TB6871253094].lambda

Filesize
10KB

MD5
141ed2cb18f198ca1b36ee71bc23b581

SHA1
afe8e85e058d5a2cedc070188a4762dfba0b5655

SHA256
86cabb7308591bf7a2c6222583c1f1d07138b36546291792a4d4f726b43c7b7d

SHA512
feb6619da5e449db429f012b86cc89d897972d5a0f7b37e6b071ff9f3b1c99fccfd8bc15e11209f8fc0bbe632bbcf7036d6f70ba7aee3fcc6ba22de6b14ab18a

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
1.8MB

MD5
a17a01a511f4e5861bfde5ab50611a4d

SHA1
c9c39fb59c0ff89eea1c7cccb2d373ba8421db1e

SHA256
5fea54636e65caf45565335eddce639fbb19c975e8e4aeeade5e587220772e54

SHA512
b1183172db2affaf27dab632abfca385cc2c3f54c6c480c668e84dae541ab6bc45ad7e5dd3944255f6f060c19c8646050e3a22afed886795f3fef527bf8397f9

Download Submit
C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
835KB

MD5
aa747ed19993f513917af1aa0674d430

SHA1
3736cc5d1cf0a266b6d010c155103e2197a08caf

SHA256
4ac78981800ab94a6306c35533cf4f8421f829c11f2313f025eabc02b9aa3e5b

SHA512
403069e991a7ef17ea0fc3c9d8a0b6ffba9b1b4a040fd1835b9545d29620890835e37489b560198d5fade385e8ee29c12e6edf92a7a999f3a4a0197c78a3d94c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
942KB

MD5
eab6c35fb344807d5a16344f13503566

SHA1
709d52a7b450530082ed397ca143a43d7c8e4af3

SHA256
2e1e802e8d5e9ea13bcc1c5ea2da4c2425c3547041adc9d3c875232741302d32

SHA512
bc760d2f5f32b1207f4cf7ac874eaa9d6b0c3cf9d0423a893e09983c908148d3a0c95de57b414bcd747ad4245aca8472cfee8e710251f9f62453d918b3f5e987

Download Submit
C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.[[email protected]][MJ-TB6871253094].lambda

Filesize
320KB

MD5
663f4c7660225d4e142545097a4d9f27

SHA1
ba4721586e3a41c89a7755d7a3db2c00ce2c66e3

SHA256
27693d75972b0921fdbaa22ff69c1dd465eb04c680b496e9706422715bd09490

SHA512
a6506979a255df7215f2a030f1f414d1a6976d12303a6cf540b7557c19fa498374140af4cbf1f32aa5b9acb877ba64c9d9baad4cd78dcc3f46a875bf08840267

Download Submit
C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.[[email protected]][MJ-TB6871253094].lambda

Filesize
310KB

MD5
f263a785e273dc89ab8f4ae9406ed1f7

SHA1
592e8454483192c81be0718658f988753c203785

SHA256
0c86b2a094ad77d14990efae27dddbad9ac6e4597ba36d83d0da789fe6c41c4f

SHA512
b7dc0cbc5f15ec5f00cee194ba5e0beabe528d703aa41461e6743d84fc41c747ee0339e5ac50c7c3aed4dff8f3982d35989d940fccfd6c5c9597e415d8db5e98

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.[[email protected]][MJ-TB6871253094].lambda

Filesize
332KB

MD5
fe72ed9afe9b9dc9eaabcf37d3b410a1

SHA1
c0834b077029d5a454cd1c93d8d583dc3ad930b7

SHA256
6a15e81352967c01b3c61d0d2922f78a823dbb5b791f527ffe7f512e6d8493cb

SHA512
570c3f1eeb583610c63d144f94d0c7673f168905f5c65d4467fd39c7e231d75e22f9affa8ec79ed3c6915f0e1ab0e6878eacc6f966b32b35689b68162b600fe6

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Frosted Glass.eftx.[[email protected]][MJ-TB6871253094].lambda

Filesize
326KB

MD5
41492e6c88b25a791b1b15e211263d7b

SHA1
abb16697644543726fc302394af9bac4efa33010

SHA256
a2157c8f087833cd91716d43bb48a22207aa6b98da16f25a6fd02771aa2102e4

SHA512
a4bb3e4c3a8433da0c943ce8a951fc0861f70cdc34434850dfd65b69c9f74a959c55d77675faa831f6e96fb4b0e4dbdacba1837193eed2eb2cded91b46d29b5e

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glossy.eftx.[[email protected]][MJ-TB6871253094].lambda

Filesize
327KB

MD5
8bc4fab486d2ce63664aa4be4a595369

SHA1
7f1ed9eb0a183077c561617d0013ab1089012ae2

SHA256
b9617aeef909ec25fe3cfd265dcaac0ba0c2543f969cd33d176333058d7d383a

SHA512
5964fb39f21534693317855fbd7ae7d2308f94db56c1c1bdf7b175c19b8d747afc044b41f753b961d2ca649dec4dcf16bc75374b8e0ef2f71f27e0518695e87c

Download Submit
C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.[[email protected]][MJ-TB6871253094].lambda

Filesize
344KB

MD5
f304702b4e8b26a3055b3d5e103fed0a

SHA1
3afb0514d02aa02e6b0a023c2821712dcde78e47

SHA256
4c7d972b0a69414f2bccf467449d12428eaa2c348cac6e1aa76e863f0be70180

SHA512
62a70edd76f5baefc52964768b0839a7546c2424563ecec9c7722c7d7f3564472db3e4debe60d4eb21b278e51d3ddbbe8f34b7ae9cee617af90663cf937925fd

Download Submit
C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.[[email protected]][MJ-TB6871253094].lambda

Filesize
331KB

MD5
f8fc3cc147f086314692b1515e7548c1

SHA1
122946c3b419d121e3e7189fb4b602e9cafc76e0

SHA256
a86c3fea06b0b70a27cac63e86162ff627921af979c330c29d1e6d2a663289e5

SHA512
bfe1e18fc70f9968f81c1dff66b677a26c5f4f9b37d13e04787a21df0fae861a2ae14aded58f7ae36a45c6fa943f3efe0446566be6fd53313595306b2f845914

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.[[email protected]][MJ-TB6871253094].lambda

Filesize
430KB

MD5
7a8d26f9a5934ab6116d5916ca5291d8

SHA1
f496df140ba14483a3d38a14aa86025dc5e9dae0

SHA256
64d2dbedb97e01e59edcb8644642b746b78212bbdc7fac2e076249ad3179186e

SHA512
887742af91e68384204b52f64d0dcbc7758c6fa46a4d3ff8b61b6183246ebe160825f88a4df0cb0125c6c10caacdd270cc2a34f57512f77c82acf7393c7f8218

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.[[email protected]][MJ-TB6871253094].lambda

Filesize
608KB

MD5
19580d9e09ba52c0f29ae9b1bff03daa

SHA1
a2531053f8ddccb6aa5ee273acd87278f93b818c

SHA256
df548ac2a2c6a18092c4caef19703dc0a8855210fe789e7c906b72d7899e3dce

SHA512
99fc7fab5b4e73f384987eeb6f3ef3578d4b25ed2347b87cd6db93280aa86e64904717d858765cf6bc2354ce2167e3a690cd5a253835d29dc643fa44cb27660d

Download Submit
C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.[[email protected]][MJ-TB6871253094].lambda

Filesize
184KB

MD5
b4613d4dcec43ee72f5619bc1a41a617

SHA1
3b86e37804c5448502e0d3d9f7c6836213b919a5

SHA256
73ee40ee94c037bece36a600d7dd6f65efca47a372e7c03c70523bfe8a08ca34

SHA512
23bc9c79b61f92f09500038e5014dce9d441e44516dc8d4a4b081b475ac5e9c45d46ab2f03c62272c1efb323b61df779d927141ebe181a7513324e76415f7dc0

Download Submit
C:\Program Files\Microsoft Office\root\Office16\Library\EUROTOOL.XLAM.[[email protected]][MJ-TB6871253094].lambda

Filesize
383KB

MD5
ed0f611eaa424e8341f737e40e0bfda4

SHA1
b54a4bd0304f429ba65992e1247207a3e2c59929

SHA256
44cc7f57b1b8e0728700b0f4d7444ab389021f2476f99e63dbb84d403352368c

SHA512
f73961e485b1a43321d2e72737eeae6fd5e8c0b722a8efd463e929cc51f1b8f25a125b1991f5ab841f1edd734cb091d80294638bc3477a94d5ed93b0d072972b

Download Submit
C:\Program Files\Microsoft Office\root\Office16\MSOSVG.DLL.[[email protected]][MJ-TB6871253094].lambda

Filesize
1.6MB

MD5
01ec4c56c1cd5f4e11fa6eda225373b4

SHA1
aede010ecd7a7fd5a88371311c7fffb5a3920ef8

SHA256
f41801566b8269030ca14fb928dd6d017235bf96b05f868652ef0d64000689be

SHA512
d212f4023ac70640c7264db229ce0a920e40a8dabefe96c94926f5b686010ed888a73698b70b5b490094953a9379f98160b18b8830b410e7b1b088afb2105451

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PROOF\msspell7.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
411KB

MD5
6a22b5f482a5aa97dc270a606f7f6c35

SHA1
4e75894e6414b3b07e9ea8dbdcad31fce70d2780

SHA256
8a69e94858444b40f094e84c6a8354aebce7679cc48c31a89a33a5867822e2f0

SHA512
075fc23ffcf8f3fab50ac22c1753bb3e8b8c469cb4a02027d8562a4eeff7d30d3cd637084a80f7287adc860106e9be0a63857762b0aa5c5383b752aee0623f28

Download Submit
C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.[[email protected]][MJ-TB6871253094].lambda

Filesize
230KB

MD5
9923468069f4d23a4cd4050f0a80de48

SHA1
1b32041106a5e29888c501e62fda60aff07ddb0b

SHA256
05f10fa035d965391bb1334eed3bdc76310997e774b2c17b77a5383f0a4f668f

SHA512
727388ee21f304e40b8d716062a32a4d3881ce4b8889f9f561e2086ddbad919bbefe33c4cf3ba90bd554e7437a426d9e9dba22b887d033e653d7c4d3fa22f6e4

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man.[[email protected]][MJ-TB6871253094].lambda

Filesize
412KB

MD5
a05137a687837fdd8f0cffe191aaccaf

SHA1
49bab4ad56171c26ab37de1a267a0a97bde1f716

SHA256
17ac6ce302c4d129e57122a27e42d0b4ef73016e3b3da890b12d7a73540417e0

SHA512
5bf865aca59c6fde7c3ce54755d6b43cab2586498cf7573a433f83ed44fa55477dc4fafa84795dae7826cfe3892d0d13ff28d65bd33c2918466436d81c0bf110

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT632.CNV.[[email protected]][MJ-TB6871253094].lambda

Filesize
318KB

MD5
0567d6151b0cb86e19c97efa768bd31d

SHA1
b087ae50c8c5ff0dfd3d53dcdabcb10148d6e8ce

SHA256
032375e986337b2422da6d8f26777de561b7763830780b1cff470add44f4772d

SHA512
a0bd3e9c20e4368197ffe4799e61dd7f07ade6e1947bd016d3e951a5fcc48c1183f0ece0848dde7bb88b59070533a48d0f3c607bd6438016608cc1f957919298

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolui.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
305KB

MD5
d8ac28a86511f85b4d790a303f5b31ea

SHA1
33fc0eb3ea7788e093febc30eeca2346902b70d9

SHA256
63cdf6ebadfd4dea586a99a8e3265c4bd5eeed32f79ac59de2be03c80b140f7e

SHA512
fbf7e8a227736dc7014fa2144a1541a7442c2949b4aa99d3248c143676ef44ccbbbc05ed0739e99449b94cc87db9596a725bc0d6e815bcbcd621a91a6e595e3e

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected].[[email protected]][MJ-TB6871253094].lambda

Filesize
423KB

MD5
a3a6ad9a1d12783663b1035d3d67aafe

SHA1
eb9aafabc80f04f8181fbdc62ccbb6f0100fb290

SHA256
2b04eaa742fa5d106e6b24969cb0a4747445faa8c49fb3d7673cf03ad707dd03

SHA512
b69a44166ae5fe6d221c986723e799e1458a06beab24b24e9c058372b22363f063728b926487b0d3b9f6d13cdb60bafecb1f097d262bfa3d4d52d01376c648b2

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
256KB

MD5
6b25045a8a980f25ed2f72620ab4c4a0

SHA1
2bd823ca3085c30417a26d6ca4095388c7381607

SHA256
e5f4aa4e64975fc58bed3b63f62c92eb2017f7e0f66223a333d31ca71e37df34

SHA512
2ff0a81b1979e294bcc3704efd71aef01fd433d0bb30e6dfdc3ff65e4cdaea4ef033457660ae34bd0c12a1c5e90496429256bb7cac842d88c101c7c94e777d7b

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
338KB

MD5
373a1529acb9b172f30051ee453fe71e

SHA1
5583a683c565d5ace63869633c6e3ae29271e813

SHA256
7d3dc0482dd5fd1faa64be4d4ff04848f80429e4462e1939d3ddc15f751ec629

SHA512
f3ada157fe50f0c47fca373a26ab84e55b33efa23cc068c30db60e80c320faac5a345824ccffa938fd90bde3be66102113b0dc9e3ba7c7842dc0ead41b53ebd4

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
387KB

MD5
fc842b4c3ec543fdff7ad7562c208524

SHA1
a7d8d4c22308115ded43a0a0744a950c84a44b48

SHA256
0d330d8b959a0e90754114e629b418b39a596b0df2f8f066f3d2a1616343a552

SHA512
738cd15bd631493fb2a1e31058afb7b5e31979bdc85acaaca3326518c828f6a306f2d2e36ed0c50c16324abd36ffadda3d1e2fee69fbaa03622e12e0c933d960

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.[[email protected]][MJ-TB6871253094].lambda

Filesize
308KB

MD5
4e241294d077dc447f28155954bba2eb

SHA1
ac777113d0e39b11e7e5f5b05e4e4efa8e512730

SHA256
c6c4ca47bfc08ba7ee81cf92e95bf376d93c0f3db2f375873a12af75193c303c

SHA512
e0cdb90c0c7582c22157e46175e2b89b5cc7f29bf761b6027458eaaebd3dca3e8ca47f8c3767cba0ab008bcc5ba0c083659bf312ae00313007803464980abb75

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
150KB

MD5
7d780136b246d27d5bd978db2823e45d

SHA1
f21a76f7bb480036c022a7c8e2e1c0c0c53b9eba

SHA256
f7d0a65d852401e5cf0eaf65fe10eba8f5136fd37879c137de603d198608a387

SHA512
de2de53fead904f08058a539522630a625595f54ce81163accc05fd770d90a57e7ef6b2506fff9d7ddc6dd9f8e9cf77f160c315e1274245494694fdac6db0b15

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
360KB

MD5
439055383a19ec0019fb261af1512824

SHA1
c00983ea8769be9d5c1c902f334c39c5e6f630b5

SHA256
d9e812d04690f6fd01c1423f69da9f1dfb4d9be1bc00c92e1c6d446bf9a24800

SHA512
5cff251177ca1240833fbc1d92cee534cc5e59531d454037c08458c78f0dc4aa7f162f0e9cf34c3a5d3d4cdfdd392a680f7396b9c90a34a1a340a2d3d5a9cc41

Download Submit
C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
433KB

MD5
8b80c61dc0166b6e6d5f76583620339e

SHA1
31642375a84f7650ac518a0349921ea0522f2359

SHA256
2da21e41b0b494fe3ca34ebb7b3ebda97cb239431ec09ddc9dfa3df37031a268

SHA512
d18a096f636d3189f5319b182dbb1b49d406285704b6c89a135c7e86bcc9a439c5a679261938625e3f1a1b0d38e3fc8ace826d84af253a4191fe70f4465521dc

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
262KB

MD5
52c38b7e9ce2b97963e213301d65b8c7

SHA1
98a79867b7a5c23b2aade9a1a334f949c75f6de5

SHA256
70616295232c6d31d8518288a63789e228cd1915adc1f85a3b496f651f9717b1

SHA512
f687f97425759d78311bfe43a7fadcb46e785c57efc4aa2e7b49c8ce8a18c12b64a9530823a54e6550506299e9bfb7917d04269d042de4cdde1add0cd96d1fe5

Download Submit
C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Mail.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
422KB

MD5
24f1fa2cb081e933442f5b25edd09e6b

SHA1
8bcfb98d9bb24ca6e260932c2df4f8480c14b5d8

SHA256
7cd510f79076deb249f13e48843e21eed6bf2b962825255105eb28d03904b580

SHA512
955b998fbd4648d49d89bee291ca1afabdb12803aa9528b383f3244ca4b1117b40c3d64e7ba83fb6a95371938ce3c8468d938881e0f90d7be73bd7746f86ba0b

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
514KB

MD5
39b2082c2922c4067cdd084c835c26eb

SHA1
5110861016ee8addb06149eba3e0f75174afbe66

SHA256
01ecc9d30bb0f7a8685a7aa3b501f663c698a135c5645521b3b8ff83b92b75b1

SHA512
91abfde5381168cf5ecf3ceadc0d55653fb0bf37b43f541cadff6734595b0c6a574c1f9289c5eb3022f7adbdade2d46d0ac59f5cc2595cd9d7a5144079b9b015

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
2.4MB

MD5
9f79089c1587ef5b8add1f1619330e80

SHA1
8c2b9b9ce01ae1297f9168fef2950327106b18c9

SHA256
485ef8f9dabd05a11cbcff629cdd515ea3283620626e20ec2c48fdb6a58f8620

SHA512
a6b3f67739f7585f8d932c7d4f1422baa62e24a47ff74924f4d4ad6d58abfdde42d8736498b8fbbfedabe5d607d7cba07b2d48fb410c3ed133fff55cdab55b52

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Controls.Ribbon.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
567KB

MD5
5c1d51e17d4de47941964c60172031cf

SHA1
1b25a2a78761f3f7190afa97bc79acd60239c655

SHA256
aa3c51689c0e06674d1c24129e4b8443d25e818f7cc784f69eb72fc9f859abf9

SHA512
972b3ad2c30e545d52c7773355319663fccb5efb2f6e1aff31ea7c3a94938ec2e29d952f9a0e7f0ec3180a59928d1087510c14f186eff1eea2aeaa2f9caa8b7a

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationFramework.resources.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
192KB

MD5
752db69ec79a53f91c4a2dd7dff79e7e

SHA1
c6ad29dee4e2fbbada94967bbd0a769d4ea5b810

SHA256
6cf1b627fd73ab14f72b7a15401c93ea1d4eb7fb556ad8033eeaf5d6a76ea093

SHA512
db106a869335b988471b472a9458a630e80c2b7b39094641d8072c36972a5faeb7ae1fbb0de29bf5a8b9ac16b94e5baa7248bf4b718b5537edc14feb0a1a8666

Download Submit
C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.resources.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
357KB

MD5
aa3a05b0513d7597dd6291b5495fdb57

SHA1
fd9431146cd7964286115f7238b033583b6554c2

SHA256
c1aa3c6c758dd5cd7b822d01facae6fc5f7f6a5f32bca70c28d2aecbec19ca59

SHA512
c57d227ade08a2286632dd0a951a16f42630a34947fc28830c6639e37c78379f81b5ce3bae0c440f6d3c2759299e3e85a3a6ce301b1182006310be0acdef4b35

Download Submit
C:\ProgramData\prvkey.txt.key

Filesize
1KB

MD5
25f98d9d7cf1213054a076c215691398

SHA1
d1921ede1c40a2d6a168399a9cd1cf0cc5b382f4

SHA256
7f296807cca9a818b7abf971818922ce67e44d662714268023ccd24196a1db37

SHA512
df0726d5793a8e29034da53541968100fe9cd8b1ed629be12bcf92bca706cdfc7f073536c9a97e2196fdb8bb3ff339d621d1f0d439dde4536425d1f759b9fec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ssleay32.dll.[[email protected]][MJ-TB6871253094].lambda

Filesize
286KB

MD5
fb82cd1bd959b3e9f84f7ecc312602e3

SHA1
c3d3be7f2d8834f726817be5f605e2edd71fd848

SHA256
8b575e4642fb60092fcf44dd06185a7f079a535e945793ad8a1b166a1b520fce

SHA512
37b947fc2eca0e1b7c277b885c96ece8d1c02a281bcfa04fcefb389a095fc4d6c0d14c776e11fb5e8c9feea1e7aefdeb0c37038c8f14f99b55659c95216d7616

Download Submit
C:\vcredist2010_x64.log.html

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\vcredist2010_x64.log.html.[[email protected]][MJ-TB6871253094].lambda

Filesize
86KB

MD5
62e48c7cf2889c3913ab77f5fa2e2bdf

SHA1
12467c7220bf66b30ec9990736c0cfed2c97b67d

SHA256
defe535f829a392d827ff30d48eada919db29d68e098702b0cd6b29d16baac60

SHA512
d83759d66b9273dbe85d18af64ec553ddd36c0ce41ab2daf5e40346933025e6323fb78f52d1f333e02658e39b8e013527459c94f34298e601c9273bc630ce69a

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt.[[email protected]][MJ-TB6871253094].lambda

Filesize
396KB

MD5
2e9517cf0322f63ad7e4a39d67f81c80

SHA1
62b5fea87f0b24c544b0dc77457b63f76ca896e5

SHA256
908dabd138ffd7f895eeb6f2f2f6e7a56844b0f6ede96ee546c8a3a226873fd8

SHA512
e5586ffac0428ce4df8e5aa903782c6356d0c7edef0a280ca093a51cf37d4f2d0fb54df47840439523c18d767f6d24b6104ed9cafa81d7a010187c054a7336f9

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.[[email protected]][MJ-TB6871253094].lambda

Filesize
195KB

MD5
466a3103d793aa8c684634ed9f2b8c9e

SHA1
1f0c23d7c5fa74c889cc9d3d8e445208ab3d5625

SHA256
7057ed0ca640cc9ca1fef152da7eb7229e04e1cb20ceae5e980fc6849604f864

SHA512
88deb715aaff2f992a8d59708dc7cc62d75bed103ee15c2843635303bd55988ec4bea9626f2e75f147c6969220f9f36495fc455a967fae9a66187aa0e7f91580

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log.[[email protected]][MJ-TB6871253094].lambda

Filesize
135KB

MD5
119f279b79ee9662c93d006bd552e4f7

SHA1
fc0d8114620ff4f0e60e3af10257743d3942991d

SHA256
4c4e985059749768598798c6be6bff35f0aebce8dc29352a723014fd6e299ec4

SHA512
cffa17d64242b5faa94224839bd7aedba7dc6bf55aee02118adddee2017720f0bf66110492d13a1970ff2acfc7317804720cefc2b14b5c59ac55612e14cf690d

Download Submit