Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

80f45f70d6...93.exe

windows7-x64

10

80f45f70d6...93.exe

windows10-2004-x64

10

Resubmissions

26/02/2025, 07:01

250226-htjbasxjv8 10

25/02/2025, 04:05

250225-enxd7atjy7 3

25/02/2025, 04:00

250225-ekttwssqy6 10

25/02/2025, 03:40

250225-d79cessjs5 10

25/02/2025, 03:10

250225-dpfmdszpw9 10

25/02/2025, 02:49

250225-dazrqaym19 10

25/02/2025, 02:42

250225-c61hfsyj15 10

Analysis

  • max time kernel
    23s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2025, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80f45f70d66652a814a2784f3e3da3d304a2e3466bda889791a5de0117862593.exe

  • Size

    767KB

  • MD5

    d7b952b18e2fba388e8ae076488af9e2

  • SHA1

    20a1a5c98e93b87d58d8c6ddbe2450f657e59113

  • SHA256

    80f45f70d66652a814a2784f3e3da3d304a2e3466bda889791a5de0117862593

  • SHA512

    5777c6ff439a89d1571b3104b3fc9b43e5392cecdcd2c8100019582bfb383328648ef86735dbda8e15270f0853bff3ea9864f26a7f9c40d016269e417aa2f04f

  • SSDEEP

    12288:7GqN/XdctpVtkMtsyDqBQ0tA3nyF0Fh0zJmViYV5yvQX05oWI:lNcBtkUqBQ0tknx5yIXgoWI

Score
10/10
jigsawbootkitdefense_evasiondiscoverypersistenceransomware

Malware Config

Signatures

  • Jigsaw Ransomware

    Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.

    ransomwarejigsaw
  • Jigsaw family
    jigsaw
  • Renames multiple (178) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    defense_evasion
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Sets desktop wallpaper using registry 2 TTPs 20 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80f45f70d66652a814a2784f3e3da3d304a2e3466bda889791a5de0117862593.exe
    "C:\Users\Admin\AppData\Local\Temp\80f45f70d66652a814a2784f3e3da3d304a2e3466bda889791a5de0117862593.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Roaming\mtrmbr.exe
      "C:\Users\Admin\AppData\Roaming\mtrmbr.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mtr.exe
        "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mtr.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:3244
        • C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
          "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\ProgramData\Microsoft\Windows\Start?Menu\Programs\StartUp\mtr.exe
          4⤵
          • Executes dropped EXE
          • Drops file in Program Files directory
          PID:1816
      • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mbr.exe
        "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mbr.exe"
        3⤵
        • Executes dropped EXE
        • Writes to the Master Boot Record (MBR)
        • System Location Discovery: System Language Discovery
        PID:2072
    • C:\Users\Admin\AppData\Roaming\dt.exe
      "C:\Users\Admin\AppData\Roaming\dt.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4092
      • C:\Users\Admin\AppData\Local\Temp\dt.exe
        "C:\Users\Admin\AppData\Local\Temp\dt.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2160
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\C91C.tmp\disable_taskmgr.bat""
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4976
          • C:\Windows\SysWOW64\reg.exe
            REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies registry key
            PID:680
    • C:\Users\Admin\AppData\Roaming\bg.exe
      "C:\Users\Admin\AppData\Roaming\bg.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:776
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\run.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4448
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
          4⤵
          • System Location Discovery: System Language Discovery
          PID:676
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
            5⤵
            • Sets desktop wallpaper using registry
            • System Location Discovery: System Language Discovery
            PID:1620
          • C:\Windows\SysWOW64\rundll32.exe
            RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
            5⤵
            • System Location Discovery: System Language Discovery
            PID:2060
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
          4⤵
          • System Location Discovery: System Language Discovery
          PID:1548
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
            5⤵
            • Sets desktop wallpaper using registry
            • System Location Discovery: System Language Discovery
            PID:468
          • C:\Windows\SysWOW64\rundll32.exe
            RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
            5⤵
              PID:4264
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2672
            • C:\Windows\SysWOW64\reg.exe
              reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
              5⤵
              • Sets desktop wallpaper using registry
              • System Location Discovery: System Language Discovery
              PID:4432
            • C:\Windows\SysWOW64\rundll32.exe
              RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1340
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
            4⤵
            • System Location Discovery: System Language Discovery
            PID:3192
            • C:\Windows\SysWOW64\reg.exe
              reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
              5⤵
              • Sets desktop wallpaper using registry
              • System Location Discovery: System Language Discovery
              PID:3684
            • C:\Windows\SysWOW64\rundll32.exe
              RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
              5⤵
              • System Location Discovery: System Language Discovery
              PID:3888
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
            4⤵
              PID:3472
              • C:\Windows\SysWOW64\reg.exe
                reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                5⤵
                • Sets desktop wallpaper using registry
                • System Location Discovery: System Language Discovery
                PID:4664
              • C:\Windows\SysWOW64\rundll32.exe
                RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                5⤵
                • System Location Discovery: System Language Discovery
                PID:2352
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
              4⤵
                PID:972
                • C:\Windows\SysWOW64\reg.exe
                  reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                  5⤵
                  • Sets desktop wallpaper using registry
                  • System Location Discovery: System Language Discovery
                  PID:1872
                • C:\Windows\SysWOW64\rundll32.exe
                  RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                  5⤵
                    PID:3064
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                  4⤵
                  • System Location Discovery: System Language Discovery
                  PID:3268
                  • C:\Windows\SysWOW64\reg.exe
                    reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                    5⤵
                    • Sets desktop wallpaper using registry
                    • System Location Discovery: System Language Discovery
                    PID:4604
                  • C:\Windows\SysWOW64\rundll32.exe
                    RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                    5⤵
                    • System Location Discovery: System Language Discovery
                    PID:3236
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                  4⤵
                    PID:3140
                    • C:\Windows\SysWOW64\reg.exe
                      reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                      5⤵
                      • Sets desktop wallpaper using registry
                      • System Location Discovery: System Language Discovery
                      PID:2304
                    • C:\Windows\SysWOW64\rundll32.exe
                      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:3436
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                    4⤵
                    • System Location Discovery: System Language Discovery
                    PID:4652
                    • C:\Windows\SysWOW64\reg.exe
                      reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                      5⤵
                      • Sets desktop wallpaper using registry
                      • System Location Discovery: System Language Discovery
                      PID:4092
                    • C:\Windows\SysWOW64\rundll32.exe
                      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                      5⤵
                      • System Location Discovery: System Language Discovery
                      PID:656
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                    4⤵
                      PID:2984
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:3432
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:3044
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:2056
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:2236
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:1708
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:2376
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:2784
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:1716
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:3784
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:4800
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:5008
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:5004
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:3180
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                        • System Location Discovery: System Language Discovery
                        PID:4472
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                      4⤵
                      • System Location Discovery: System Language Discovery
                      PID:3264
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                        5⤵
                        • Sets desktop wallpaper using registry
                        • System Location Discovery: System Language Discovery
                        PID:5112
                      • C:\Windows\SysWOW64\rundll32.exe
                        RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                        5⤵
                          PID:4124
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:3600
                        • C:\Windows\SysWOW64\reg.exe
                          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                          5⤵
                          • Sets desktop wallpaper using registry
                          • System Location Discovery: System Language Discovery
                          PID:884
                        • C:\Windows\SysWOW64\rundll32.exe
                          RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:680
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:3592
                        • C:\Windows\SysWOW64\reg.exe
                          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                          5⤵
                          • Sets desktop wallpaper using registry
                          • System Location Discovery: System Language Discovery
                          PID:2828
                        • C:\Windows\SysWOW64\rundll32.exe
                          RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:2160
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:2424
                        • C:\Windows\SysWOW64\reg.exe
                          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                          5⤵
                          • Sets desktop wallpaper using registry
                          • System Location Discovery: System Language Discovery
                          PID:3616
                        • C:\Windows\SysWOW64\rundll32.exe
                          RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:1480
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:3692
                        • C:\Windows\SysWOW64\reg.exe
                          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                          5⤵
                          • Sets desktop wallpaper using registry
                          • System Location Discovery: System Language Discovery
                          PID:4020
                        • C:\Windows\SysWOW64\rundll32.exe
                          RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:640
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp/bg.bat
                        4⤵
                        • System Location Discovery: System Language Discovery
                        PID:3968
                        • C:\Windows\SysWOW64\reg.exe
                          reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp/bg.bmp /f
                          5⤵
                          • Sets desktop wallpaper using registry
                          • System Location Discovery: System Language Discovery
                          PID:396
                        • C:\Windows\SysWOW64\rundll32.exe
                          RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
                          5⤵
                          • System Location Discovery: System Language Discovery
                          PID:1336
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\restart.bat" "
                    2⤵
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of WriteProcessMemory
                    PID:5012
                    • C:\Windows\SysWOW64\shutdown.exe
                      shutdown /f /r /t 1200
                      3⤵
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of AdjustPrivilegeToken
                      PID:3228
                • C:\Windows\System32\WaaSMedicAgent.exe
                  C:\Windows\System32\WaaSMedicAgent.exe ae9d233e492c0cdd94dbbdaff4a07152 cYBRObfwVUGnO87Thk5TuA.0.1.0.0.0
                  1⤵
                    PID:396

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.rubly
                    Filesize

                    720B

                    MD5

                    75a585c1b60bd6c75d496d3b042738d5

                    SHA1

                    02c310d7bf79b32a43acd367d031b6a88c7e95ed

                    SHA256

                    5ebbfc6df60e21044486a5df3cb47ccdcd7a4d5f197804555715ffd9bf6c5834

                    SHA512

                    663a302e651b9167f4c4e6ae30028307b4d8da0dda3a0e5fd414104951d50419862fc9396c5b39fe5c4b696efd3efbf0b575688983b1d341f3ef38becf500505

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons.png.rubly
                    Filesize

                    7KB

                    MD5

                    72269cd78515bde3812a44fa4c1c028c

                    SHA1

                    87cada599a01acf0a43692f07a58f62f5d90d22c

                    SHA256

                    7c78b3da50c1135a9e1ecace9aea4ea7ac8622d2a87b952fc917c81010c953f7

                    SHA512

                    3834b7a8866e8656bbdbf711fc400956e9b7a14e192758f26ccf31d8f6ab8e34f7b1983c1845dc84e45ff70555e423d54a475f6a668511d3bcbdd1d460eeb4b0

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_ie8.gif.rubly
                    Filesize

                    7KB

                    MD5

                    eda4add7a17cc3d53920dd85d5987a5f

                    SHA1

                    863dcc28a16e16f66f607790807299b4578e6319

                    SHA256

                    97f6348eaa48800e603d11fa22c62e10682ad919e7af2b2e59d6bd53937618f2

                    SHA512

                    d59fa9648dc7cb76a5163014f91b6d65d33aaa86fc9d9c73bf147943a3254b4c4f77f06b2e95bb8f94246a982ea466eb33dac9573dd62f40953fd23de1c1b498

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png.rubly
                    Filesize

                    15KB

                    MD5

                    7dbb12df8a1a7faae12a7df93b48a7aa

                    SHA1

                    07800ce598bee0825598ad6f5513e2ba60d56645

                    SHA256

                    aecde4eb94a19095495d76ef3189a9abd45bcfd41acbed7705d22b4c7d00aa77

                    SHA512

                    96e454ebb4c96573e8edc6822290c22d425f4c7f7adbab35e6dc4b3ce04a5916ae9254c2c312c98299835ecbf3c5aa95da2939b8408ac25fbae44ba87a3795dc

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons.png.rubly
                    Filesize

                    8KB

                    MD5

                    82a2e835674d50f1a9388aaf1b935002

                    SHA1

                    e09d0577da42a15ec1b71a887ff3e48cfbfeff1a

                    SHA256

                    904372666ca3c40f92b20317d92ca531678958affbc34591401e338146fe0ecb

                    SHA512

                    b10a8e384d0bd088443a5085f5c22a296f6f4d295a053d4526690ba65846e887daec47d01cf18fdf1160db98061a8b7c4040de56e6e604451a821fadccf32698

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.rubly
                    Filesize

                    17KB

                    MD5

                    150c9a9ed69b12d54ada958fcdbb1d8a

                    SHA1

                    804c540a51a8d14c6019d3886ece68f32f1631d5

                    SHA256

                    2dee41184747742fbdc527b2023d67fecec1ccdfdf258439a06cd75d4fd33f43

                    SHA512

                    70193ee6f0919eb14311f43b5a5da041deacb568db55fc43290ee76e17af902ac468435b37a150630ea3b7871c724073915ae5dcba3c301ac42f2d68dd598e2f

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.rubly
                    Filesize

                    448B

                    MD5

                    880833ad1399589728c877f0ebf9dce0

                    SHA1

                    0a98c8a78b48c4b1b4165a2c6b612084d9d26dce

                    SHA256

                    7a27d891097df183fbf0031e3894bdac0ce77aef15d666ddd9f6a04e9836fb27

                    SHA512

                    0ddf247892a72a390437390d535debf6e41d12e51b31eb4f0353b710ec380c5fbc531a48e76935088063a41aca843287d3def9c1cd46be05b8dcb69f5017a464

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.rubly
                    Filesize

                    624B

                    MD5

                    409a8070b50ad164eda5691adf5a2345

                    SHA1

                    e84e10471f3775d5d706a3b7e361100c9fbfaf74

                    SHA256

                    a91790b778026db625c9dedfe1c6d94b884818b33d7977e86b2f9c2f3c500796

                    SHA512

                    767a75edd37d29b3433040ce21cda849cd11ba549f27581f7edc6416c433ba7047c56908d40956422393ab0f35ede61617d4bd2aad0bde3d1ebd276584c858c7

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.rubly
                    Filesize

                    400B

                    MD5

                    2884524604c89632ebbf595e1d905df9

                    SHA1

                    b6053c85110b0364766e18daab579ac048b36545

                    SHA256

                    ae2facd997527426fc4def82e0db68be29b44499bfff86a28c36f7c31b177d4f

                    SHA512

                    0b506397627823a1768796129c6b37d146821471b89338b5f2d0fd3aea707fd46a8e197ee0e298ddfb3b50eef0a0b064946006346b060f733ef19cbd5d24fc90

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.rubly
                    Filesize

                    560B

                    MD5

                    e092d14d26938d98728ce4698ee49bc3

                    SHA1

                    9f8ee037664b4871ec02ed6bba11a5317b9e784a

                    SHA256

                    5e8ec278a273be22199884d519a79f748801baa3a45b76e57569fdfffe96e7fb

                    SHA512

                    b2fcb5d46339cdf6b5a954f2a083cf913779e57cb6e8699bc5da1fba1c370c41117b7ddefb50075622067eb7b02a20268bc047171bd883bcda4a497c2ec64ea4

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.rubly
                    Filesize

                    400B

                    MD5

                    0c680b0b1e428ebc7bff87da2553d512

                    SHA1

                    f801dedfc3796d7ec52ee8ba85f26f24bbd2627c

                    SHA256

                    9433084e61062d2b709c1390e298ddaf3fb0226656662c04c0b7026a44dee750

                    SHA512

                    2d1399a6bf225b048d2b12656e941ad912636acae2dec387f92f33ac80629a1e504bca63580ba73a8ed073788f697274d5eb76ea1b089f0555fd397a8f5cbbff

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.rubly
                    Filesize

                    560B

                    MD5

                    be26a499465cfbb09a281f34012eada0

                    SHA1

                    b8544b9f569724a863e85209f81cd952acdea561

                    SHA256

                    9095e9b4759e823e96984981af41b7a9915a5ecaa6be769f89c13484cef9e0f5

                    SHA512

                    28196e5de9670e9f63adcf648368bd3ea5926a03e28a13adc2fb69c567fba2f84e4f162637c487acb64eda2e30993f849806f2313820ba693c7e70303542d04f

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.rubly
                    Filesize

                    400B

                    MD5

                    2de4e157bf747db92c978efce8754951

                    SHA1

                    c8d31effbb9621aefac55cf3d4ecf8db5e77f53d

                    SHA256

                    341976b4fe312824d02512d74770a6df9e1c37123781655532bd9cd97ea65fa9

                    SHA512

                    3042a742c38434ae3ee4fe10f7137462cdebad5cae0f9a85fb61063d15a30e1b54ac878b1af65f699c6ca1a9d2c3e58d245e54bdebfadc460cbd060836734e11

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.rubly
                    Filesize

                    560B

                    MD5

                    ad091690b979144c795c59933373ea3f

                    SHA1

                    5d9e481bc96e6f53b6ff148b0da8417f63962ada

                    SHA256

                    7805ac9d0e05d560023e5aabed960d842e4f3ec2aa3db45a9cfb541688e2edb1

                    SHA512

                    23b4c799a7b25f70962e8dd0ec7286ba7150053cab7c88f5fb1efc1095c2987bd6f3572e7fb3ee4b2238958e52a763de2c84a74615df7a6d3a19a034584fd687

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons.png.rubly
                    Filesize

                    688B

                    MD5

                    65368c6dd915332ad36d061e55d02d6f

                    SHA1

                    fb4bc0862b192ad322fcb8215a33bd06c4077c6b

                    SHA256

                    6f9c7ebec5a707de439e3fd2e278fdfa07a39465d56157b70b24f091509bf76f

                    SHA512

                    8bb9a7690aeb3c0b9e14e1a6ebc5741536d354cf2324fd74ee0c3e4ef511718f7795039a94c8d2df94b6e6d0fb1762191cb649089d1def12abdf34003f0cdd0f

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\example_icons2x.png.rubly
                    Filesize

                    1KB

                    MD5

                    0d35b2591dc256d3575b38c748338021

                    SHA1

                    313f42a267f483e16e9dd223202c6679f243f02d

                    SHA256

                    1ca0cfc2df0354c8d886285ae5e743d9c7cc030e1afd68ac113c0f2ce43ad5fa

                    SHA512

                    f6c58c27bbde7508a866bd0e7fabadb13a4f020378cd8b8cfc0c9fa23f645d811d6cdea04b81afdf30c064c6248152e74b3e6a78ec7a3d1d19037a0db8897d7e

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_pattern_RHP.png.rubly
                    Filesize

                    192B

                    MD5

                    b8454390c3402747f7c5e46c69bea782

                    SHA1

                    e922c30891ff05939441d839bfe8e71ad9805ec0

                    SHA256

                    76f8ed1dd50e50c7d62b804a0d6901a93e5534787d7b38467933d4c12ce98a0d

                    SHA512

                    22b26c62473e80d17c1f78df14757ccfb6c7175faa541705edc153c02baa7ab0982b5daabe8dd2c8c9efb92af81f55ccaeeecffe8ed9a0b3c26e89135ca50923

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\bg_patterns_header.png.rubly
                    Filesize

                    704B

                    MD5

                    6e333be79ea4454e2ae4a0649edc420d

                    SHA1

                    95a545127e10daea20fd38b29dcc66029bd3b8bc

                    SHA256

                    112f72ef2bc57de697b82b731775fba3f518d1ae072120cd11b732bf4a782e36

                    SHA512

                    bed5906c7373814acc8a54c1631428a17f0aa69282920447a1575d8db826afd5dab262301dc6da610ff8bb81d24ec6babd3d9fb99fd6945f1aca9cb9c76ec2c9

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations.png.rubly
                    Filesize

                    8KB

                    MD5

                    3ae8789eb89621255cfd5708f5658dea

                    SHA1

                    6c3b530412474f62b91fd4393b636012c29217df

                    SHA256

                    7c5b1d8469e232a58359ccbcb89e619c81c20e6d2c7579e4292eb9a19849bc5a

                    SHA512

                    f6998dbae1a2fa56f962045261a11a50b8e03573d9d4cf39083da3be341cc104e0ecf5908076f03961bcdb1356d05a7450d69940ec3aaab73623a6fe180e7051

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.rubly
                    Filesize

                    19KB

                    MD5

                    b7c62677ce78fbd3fb9c047665223fea

                    SHA1

                    3218c7b6fd8be5e0a8b67d3953d37d5dbd0c71d8

                    SHA256

                    aa638be6e1107ed1f14e8430abedd6f6d0a837a31b1b63e6a7741d6d417eddc2

                    SHA512

                    9e0cc29835845f2a0260a6989c1b362bac22a8e0c2825bc18f1dde812ce7868503881d2deaf951429a80b5017b6ce31e785ff524883e08d730aa38b36a2fb074

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.rubly
                    Filesize

                    832B

                    MD5

                    117d6f863b5406cd4f2ac4ceaa4ba2c6

                    SHA1

                    5cac25f217399ea050182d28b08301fd819f2b2e

                    SHA256

                    73acdc730d8a9ec8f340c724b4db96fc222bb1eaf836cec69dfe3fab8d6ac362

                    SHA512

                    e10883029c1e0fbc64bec9aac0a6957a8499af255e1790843717212077926474e02b2870c5dd04b057c956b97ad4bb1747fe73e731ea61b891f4b38dd80494d7

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.rubly
                    Filesize

                    1KB

                    MD5

                    433755fcc2552446eb1345dd28c924eb

                    SHA1

                    23863f5257bdc268015f31ab22434728e5982019

                    SHA256

                    d6c290e942ee665d71e288229423a1f1866842988eac01f886910b0ec383aa9b

                    SHA512

                    de83b580ce27012a7677e1da867c91e2a42dbc6b5872dcf756ace51c2862801814665ecca997171f2e550e8b9a3de19994d2516a4e5d4d57e16c7b4b823236c0

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.rubly
                    Filesize

                    1KB

                    MD5

                    781ed8cdd7186821383d43d770d2e357

                    SHA1

                    99638b49b4cfec881688b025467df9f6f15371e8

                    SHA256

                    a955039cd9e53674395f4b758218e4d59c89e99a0c4d2a909e49f6008b8f5dd4

                    SHA512

                    87cb9c4288586df232200f7bbacee3dee04f31c9444902dd369ad5c392d71e9837ebf8b3bb0fcb4a5db8a879cf757e97ce248939e3316c6bf3a3fe7cbe579534

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.rubly
                    Filesize

                    2KB

                    MD5

                    51da980061401d9a49494b58225b2753

                    SHA1

                    3445ffbf33f012ff638c1435f0834db9858f16d3

                    SHA256

                    3fb25ddd378ab756ec9faa56f16b76691cf6d9c7405bb9a09ce542a6f5b94e44

                    SHA512

                    ecc5eb2a045ce2508d461b999f16caba6cce55aa0c00b34bd73a33e0458795f93a77caff5026212912684164057be016f51dc57ec83821c2a1f2e27417c47b2c

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.rubly
                    Filesize

                    2KB

                    MD5

                    2863e8df6fbbe35b81b590817dd42a04

                    SHA1

                    562824deb05e2bfe1b57cd0abd3fc7fbec141b7c

                    SHA256

                    7f1238332901b740cde70db622abcfb533fc02f71e93101340073552f4820dad

                    SHA512

                    7b2d95465ea66951ea05c341549535a0a939d26dbde365b212e3983e4047fa6912c37d737cb8054c41bb1a7d92586d968a0154c666572a70ebc59a4776897f38

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.rubly
                    Filesize

                    4KB

                    MD5

                    79f6f006c95a4eb4141d6cedc7b2ebeb

                    SHA1

                    012ca3de08fb304f022f4ea9565ae465f53ab9e8

                    SHA256

                    e9847d0839d3cf1039bebdc49820ee7813d70941347ce420990592e5e3bd998e

                    SHA512

                    c143a4cf1ccfa98039b73214978722408188535ee4aa3dac08a34760b94bdf6d36ad0ff0de893da5b17fd69c96a6dfb25098ab7fec219fad1a77532113d0353e

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.rubly
                    Filesize

                    304B

                    MD5

                    b88e3983f77632fa21f1d11ac7e27a64

                    SHA1

                    03a2b008cc3fe914910b0250ed4d49bd6b021393

                    SHA256

                    8469b8a64e80d662eec71c50513f6d295ef4a3a9992763dbcac9d81253cef9d5

                    SHA512

                    5bf93d4f4250ca96169f3d27d4e648cc5d6e00b7558a3ef32e07edcbae36dadb8008d7ba5f83ac3ed812b72c9d52730e866191b4de7a339df57b5697e00df50d

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.rubly
                    Filesize

                    400B

                    MD5

                    f77086a1d20bca6ba75b8f2fef2f0247

                    SHA1

                    db7c58faaecd10e4b3473b74c1277603a75d6624

                    SHA256

                    cf10d2a22b638cf0978cf30ecaf39ecb5bb0e3ad78cd920afa433ad60cc1290d

                    SHA512

                    a77a897c0b41f4052cb9546d4cfd6e0856b288b6b8583a86d6c7e79059a05b19cc2593599251581e79107235e9d5cd589c392bf490452be04ff57e944cd19df3

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.rubly
                    Filesize

                    1008B

                    MD5

                    e03c9cd255f1d8d6c03b52fee7273894

                    SHA1

                    d0e9a9e6efd1746bc9ccb4eb8e7701c1cd707e2e

                    SHA256

                    22a34c8321384fc7682102e40d082e7812232a9109e4d4e8fa2152fda3f260f6

                    SHA512

                    d4bd002197b725316e1f1f2dd0a70ee44a82a53ac0dafa8c6b1166343adc406e147d0c4cca30d65a32aa545f1b327c6b69c0ec1d15330af48a6faa234dc4b5ac

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.rubly
                    Filesize

                    1KB

                    MD5

                    62b1443d82968878c773a1414de23c82

                    SHA1

                    192bbf788c31bc7e6fe840c0ea113992a8d8621c

                    SHA256

                    4e96529c023168df8dde241a9acdbf4788ea65bc35605e18febff2b2071f1e24

                    SHA512

                    75c8604ea65e0cdd9ea74b4802930444dd16a945da1e7f0af4a9a3762259ee9eb41ea96973555d06f4814ee2f6b73ab662c6b314b97876e9628fa5d4536e771c

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.rubly
                    Filesize

                    2KB

                    MD5

                    bca915870ae4ad0d86fcaba08a10f1fa

                    SHA1

                    7531259f5edae780e684a25635292bf4b2bb1aac

                    SHA256

                    d153ed6c5ea8c2c2f1839f8dadcc730f61bd8cd86ad732bab002a258dea1d037

                    SHA512

                    03f23de6b0ae10e63c41e73308b3844d49379c55d2df75fa1dc00771b26253d832c21081d8289f04260369df996e31273b7c0788cf3b5c78a27ec909f14a283a

                    Download Submit

                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.rubly
                    Filesize

                    848B

                    MD5

                    14145467d1e7bd96f1ffe21e0ae79199

                    SHA1

                    5db5fbd88779a088fd1c4319ff26beb284ad0ff3

                    SHA256

                    7a75b8ec8809c460301f30e1960b13c518680792e5c743ce7e9a7f691cfafc38

                    SHA512

                    762d499c54c5a25aba4357a50bb4e6b47451babeda84fa62cfbd649f8350bca55204ad002883b9147e78dda3dbabaae8da1dc94b716204226bb53326030772b7

                    Download Submit

                  • C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.rubly
                    Filesize

                    32KB

                    MD5

                    829165ca0fd145de3c2c8051b321734f

                    SHA1

                    f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

                    SHA256

                    a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

                    SHA512

                    7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

                    Download Submit

                  • C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.rubly
                    Filesize

                    160B

                    MD5

                    580ee0344b7da2786da6a433a1e84893

                    SHA1

                    60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

                    SHA256

                    98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

                    SHA512

                    356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

                    Download Submit

                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mbr.exe
                    Filesize

                    47KB

                    MD5

                    e5717d5aa01c544162c615e3f2c41453

                    SHA1

                    e6179b61da625f17ee0f3aa24e89180812118893

                    SHA256

                    a1daae6000b449a8a5364dd281cd5c1bc91f31feb7ec6879eff510707eda7e67

                    SHA512

                    9c104f6f0624088e82475a215a62445bedf4b8440a3e56965714297642f4fccf9ce5d5e6d43e389d050de47cd32597783c2e0690ff7ce80c8c604ead21b7b806

                    Download Submit

                  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\mtr.exe
                    Filesize

                    105KB

                    MD5

                    d124bb6a1419c81a887317e08745147c

                    SHA1

                    f23ed76aa5abae4216d9eb1b09ba7adc1e5f5a24

                    SHA256

                    8ee82ce37b327e425d74018dc6451ea2a3a52df86559e3f45ac7b8bbaf552326

                    SHA512

                    c1a1ba64836e356959f27c1e82aa142b29aece359c6a4125a049c17edd5d73b5221bc6a2db8f9e4115da58b0e647e54e08d2b01da393b8aedc91602f53aeabe0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.rubly
                    Filesize

                    8KB

                    MD5

                    f22599af9343cac74a6c5412104d748c

                    SHA1

                    e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

                    SHA256

                    36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

                    SHA512

                    5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842783397839122.txt.rubly
                    Filesize

                    56KB

                    MD5

                    288d46cec0c9aef295eb9e1f80d1b0ba

                    SHA1

                    79b31a2dd36c7682ab03d552eadaeae1414b67e0

                    SHA256

                    d7633ad61dd9598d0d9f6f02b0fa4504423770b51248a385fcbb92a20c458b52

                    SHA512

                    028f923344761e5d624bb7340284cd6788bbb8e0ace3bc4d65aa8c58f274e935954999a9afd66513d1fe223738ad45b552de94364aa5068a27684b4aad69912d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133842792298483991.txt.rubly
                    Filesize

                    65KB

                    MD5

                    acc485aa2d9723dc77be779c4a616fb5

                    SHA1

                    7103926eb2dad1e1599cfefb9e2d5fbf7483f7ac

                    SHA256

                    6071c556c677bc8113a81c7f6750ed330c06ad3f793823392d5f545d4bbd78de

                    SHA512

                    707246042d523d627d9e37e8a6fa38fd334bbbd017fa22783112364175ce2f6ee9a1b1415189b9b824bd5ee0e8ff9b942400b7c0e3b0ba00cb08c0daf514e2e7

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133849250088634636.txt.rubly
                    Filesize

                    75KB

                    MD5

                    67b8d96efcbc65c0fd931855c2d46a62

                    SHA1

                    02844ada085cd0841f394e2ebbf5494e7aa9ab64

                    SHA256

                    c3d7fd1534b5fda23e774252ea3106295f904b986ac54dfdd537086733ea56ec

                    SHA512

                    decdf0ac32caa1476d03d570d1c578fc24906c78471ab6169c10926608cb9be2ef01f30d17acacde258881e07ab2cfc391e50f35a806613c417af68fe5e12d42

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\C91C.tmp\disable_taskmgr.bat
                    Filesize

                    109B

                    MD5

                    3fc537b642d3756646715325299c6367

                    SHA1

                    0a6b4d2012d44fe631dd8bf56da001bfd04b99bb

                    SHA256

                    708511c356493e41ca103db51b8df3fb57898ddb2bb7cf4f11560facde9425ed

                    SHA512

                    7a290cd5a44ac4ba51d5b8ab6ea7bd2f2c392a1237c8b923267d524b2ab92e532e3c27dd21d96c3e89c5b84060f0e8ee2a4d9e59e21cfc8c3e15322c5334d064

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\bg.bat
                    Filesize

                    147B

                    MD5

                    308060ff726cb2be6ee2023c1b2a401d

                    SHA1

                    e616761e6026cd0de0111c0fa1da49c248138182

                    SHA256

                    0c0760682d75388a03cc7ba621d338871fc66e17f6d82c8b5147371cb7ce9a47

                    SHA512

                    382b42ea9d652c02adf879145a897fab94d729c85b491c6099a5cd91b8bf3249ff9d5c536033263f5d78881f42776a1a5c28dd17285b830b577aaadc813355ad

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\bg.bmp
                    Filesize

                    37KB

                    MD5

                    889074311bf2b2985e461c4aa4971ed2

                    SHA1

                    3d89a7b1a7fd4aced01d840102bbbb6877a0702e

                    SHA256

                    1dd0f0c3dc81a7a202ab34b00fb1581d76d10d514859e9efee7701de1e5824f8

                    SHA512

                    2340fd94bedb01af0550dbc5e98bf60357c13b097d91a41f52d0ffdb5da40c21f579aad28faddbd6746846cc8a87604823411afded0cd45c7d8e7f5dc7859855

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\dt.exe
                    Filesize

                    25KB

                    MD5

                    5e46ffab95250291c5410237340b9439

                    SHA1

                    dc2afa42285590e315bac889fdcf3e2236fe9ea5

                    SHA256

                    08373ea2c1bca3f832667dd9fa6ba51af4c5ddabbb1492b5ba887c36850ac5ee

                    SHA512

                    2a5debc880692ba90a1abbfd79faa57bdf7e2bbb11881ec677c07702cb9e34775f1516616bee3140a596d272b2e218ecda9858812a64c498033811d03b91005b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\run.bat
                    Filesize

                    418B

                    MD5

                    be7966cbf9d04a6300febebc0802fd36

                    SHA1

                    53d3b879f6213dc614fe777e6f91e4e944b81948

                    SHA256

                    f7bdf62e1e46336cbe0f25681a5ac643d59e6fb4cd69bf55c0b2d5da746ca59a

                    SHA512

                    2d28d835c11c46a725576371d698b96101e6be9f3a5f41ec0e88800745c5b790106e2e30fb4bfae00e24d53bdad4c9ccd70b0fcc9480ee23c3ed2d5fc1d93841

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\{919476DF-D807-4CC2-99A9-8E13FF4B564A} - OProcSessId.dat.rubly
                    Filesize

                    16B

                    MD5

                    8ebcc5ca5ac09a09376801ecdd6f3792

                    SHA1

                    81187142b138e0245d5d0bc511f7c46c30df3e14

                    SHA256

                    619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

                    SHA512

                    cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\bg.exe
                    Filesize

                    343KB

                    MD5

                    19ed87e5bf49f790025490e8368b1ec5

                    SHA1

                    1936200fcbd3c6f9b27a5c58c5e95b76b5c46371

                    SHA256

                    372d505837d53fdf76d62aa6e1adbf2c9a30bab0efa9e2ae6248bb3bcc1f4ff9

                    SHA512

                    edfce1b54104687f00bbdb2691f3808c83d0cc5c2d9e48ef2c5931404b06094c4554b10857ea55f9dd0d6e2826713fe42aa66ed4cf363b4f688b8831883f8662

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\dt.exe
                    Filesize

                    328KB

                    MD5

                    79466f9bb9e981220a43897d33e57d1e

                    SHA1

                    159af42edf25c9b1ce42a8aac06571ad4a46cc9e

                    SHA256

                    77fe524e36d99865c5c1e12ed9d8f128f3366a6772c2fdf2533821079b5422fb

                    SHA512

                    b039d46aa7e777b715d673b7d69a41dd56d16aceddcb3d0c2b9c9e81ab48fb6923517f668becedbcbf90cde1f32320994bc7051f86579f6c486c68de2d8b2d16

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\mtrmbr.exe
                    Filesize

                    410KB

                    MD5

                    2aeb6b2b282f21a87b38989750c5271b

                    SHA1

                    2482c160b146a5a5710135497ec2218e728c4fc0

                    SHA256

                    6474f5643f4ce5e6d58daf25c90ccd3ce0149a335fc1a1e0490afb3d458478a1

                    SHA512

                    1883e705fff13fdade6bf3bfa77bb126bdf94af84c8299d18b6d7077a954a01aabd5907fa9aa02150fc46d25a90dc87a8115e812d30af375ec2b7612aa8a74d0

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\restart.bat
                    Filesize

                    24B

                    MD5

                    b1e5726bd11a59cf5ab2f3a655108569

                    SHA1

                    1e2499ead1ff24d61363cdfe9d19707bfdc01f83

                    SHA256

                    77a9c6aa0dc9979f56ddaac475e1ef31462edc559b542763cf94e658be9de8ac

                    SHA512

                    4b67b8c7efa5a47a59ebbaf0cf9e8c14c6ecccd4d7cd4f6e7e9f748b89927a6cc0b739064adb29bf43131e6b2e0784f8b01c5ff894a4f598f51f6208309c7072

                    Download Submit

                  • memory/1816-94-0x0000000001930000-0x0000000001938000-memory.dmp

                    Filesize

                    32KB

                    Download

                  • memory/2072-58-0x0000000000400000-0x0000000000412000-memory.dmp

                    Filesize

                    72KB

                    Download

                  • memory/2160-69-0x0000000000400000-0x0000000000410000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2160-83-0x0000000000400000-0x0000000000410000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/3244-71-0x000000001B450000-0x000000001B91E000-memory.dmp

                    Filesize

                    4.8MB

                    Download

                  • memory/3244-73-0x000000001B9C0000-0x000000001BA5C000-memory.dmp

                    Filesize

                    624KB

                    Download