asyncrat | c7bbae8717c7c7cc8bb665ae648f9043aa9dec077bea04859ebf6375b7786f40

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
04/03/2025, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GTA IV Crackeado.scr
Size

92KB
MD5

45fd5ec423b9249dadeb514183ab92ef
SHA1

970d4eae78bc6c930af937293e30624837cb1be7
SHA256

1fd9737a9a043e1286868cbd211bae4bf8d39e719232268624308da77e491b3e
SHA512

30bc9dd43f30d50fd8301113b721cf147f5e5e4c3466cefb26aa36ed0529dccdb9473adac5bdfcba33fde4d6b8a762fec3fd67c64dfc858c13af96f588930941
SSDEEP

1536:jvsBtJyPA+ITEtnnA0GX416ZW2I51wr7bepjyDAF80xVY5pp:jvsrYHI6npCQeWFLq6BCg80Ux

Score

10^/10

asyncrat xorist cloud1 discovery persistence ransomware rat spyware stealer upx

Malware Config

Extracted

Family

asyncrat

Botnet

CLOUD1

mst555-h63x-l-windows.sbs:8888

Attributes

delay
3
install
true
install_file
OfficeClickToGo.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Detected Xorist Ransomware 9 IoCs

resource	yara_rule
behavioral3/memory/2680-11-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-2828-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-5099-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-9939-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-9940-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-11057-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-11158-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-11169-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral3/memory/2680-11172-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral3/files/0x0009000000025e41-3.dat	family_asyncrat

Renames multiple (2015) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe

Executes dropped EXE 3 IoCs

pid	Process
6104	setup..exe
2680	setup_.exe
5044	OfficeClickToGo.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0qlI3J02O0NJBh4.exe"	setup_.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\@VpnToastIcon.png	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm6.inf_amd64_9e04b558f824ccda\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_35eb4f6b0a600ef7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_2ffda32b4e34c47a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_dd53841eb11b777d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_9969a93554339919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb4p2pnetadapter.inf_amd64_a9fd59ce64f17c8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_a3f9d7c24b3377b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\CimCmdlets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_printer.inf_amd64_32adf57db4d63f28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw10.inf_amd64_3b49c2812809f919\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_90263ecab0ef55c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance.png	setup_.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_1facf5c0b549e8ff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_31a73abccc49b200\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\monitor.inf_amd64_5653ba7de4b18c6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_2eaa07d02d0977a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_d2eb4023b530f3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_09c00d0d5724bdf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_abf4521eb250b2d1\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_8a3d09c4ce3bae33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_9889401ff950bb0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\IME\IMETC\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_80b56f8636e8a7d3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mtd.inf_amd64_126cefcd5b250225\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrgl.inf_amd64_bcc506d1a89ce475\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uicciso.inf_amd64_15e93601cb9cde54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_cc6edbde0940344f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_da23a49bbcab6181\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_1394.inf_amd64_ad7eef01fc615846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_1e173acb8f2f340f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_72f156a5ee3f59e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\System32\DriverStore\FileRepository\fdc.inf_amd64_18d4e25857c11e5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral3/files/0x001c00000002ae9b-6.dat	upx
behavioral3/memory/2680-11-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-2828-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-5099-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-9939-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-9940-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-11057-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-11158-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-11169-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral3/memory/2680-11172-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PaintLargeTile.scale-125.png	setup_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.PowerAutomateDesktop_1.0.65.0_neutral_split.scale-180_8wekyb3d8bbwe\Images\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\SplashScreen.scale-400.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.0.2.0_x64__8wekyb3d8bbwe\Assets\Icons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateWide310x150Logo.scale-125.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-100_contrast-white.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-lightunplated.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.targetsize-96.png	setup_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\SmallLogo.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-150.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-150.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.2103.1172.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\FeedbackHubSmallTile.scale-125.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\KeywordSpotters\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\NewsAppList.targetsize-48_contrast-white.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateSquare71x71Logo.scale-200.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-black.png	setup_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md	setup_.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2021.2104.2.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-300.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Theme_Photo_SpringDandelion_Thumbnail.jpg	setup_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\PowerAutomateSquare70x70Logo.scale-140.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SnipSketchAppList.targetsize-96_altform-lightunplated.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_contrast-white.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadSmallTile.scale-125.png	setup_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CYRILLIC.TXT	setup_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt	setup_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md	setup_.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_1.0.22.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-125_contrast-black.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\contrast-white\MicrosoftSolitaireBadgeLogo.scale-100_contrast-white.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.40831.0_x64__8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-250.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-150.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_x64__8wekyb3d8bbwe\Assets\Xbox_SplashScreen.scale-200_contrast-white.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.113.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-100.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MapsSplashScreen.scale-200.png	setup_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-left-pressed.gif	setup_.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-40.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-96.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-72_altform-unplated.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeSmallTile.scale-125.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Tentative.scale-150.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadAppList.targetsize-32_altform-lightunplated.png	setup_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailWideTile.scale-400.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\SplashScreen.scale-150_contrast-white.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreLogo.scale-200_contrast-black.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png	setup_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-300.png	setup_.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-driverquery.resources_31bf3856ad364e35_10.0.22000.1_en-us_5355e254c717629f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_netvf63a.inf.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_c3bd79d080db1cea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\msil_multipoint-wms.skuresources.resources_31bf3856ad364e35_10.0.22000.1_es-es_9c66ef0143dad9fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.22000.1_fr-ca_3c39b19f1ead4e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msvideodsp_31bf3856ad364e35_10.0.22000.1_none_25d3cc16a27818b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-l..em-ppipro.resources_31bf3856ad364e35_10.0.22000.493_nb-no_6449ddfcf22c12ee\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..lebrowser.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_8649336e8631cf02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.22000.176_none_fded9bd0d2f09976\f\helloEnrollment.html	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-setup_31bf3856ad364e35_10.0.22000.434_none_892a0eca332cc73b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_dual_sdstor.inf_31bf3856ad364e35_10.0.22000.348_none_36fa2aa26125b0c9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-host-network-service_31bf3856ad364e35_10.0.22000.282_none_f60ac93ce5861016\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22000.194_none_15db8cfb1c6a6b33\AppsRtl.png	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.318_none_82292a5c4e657627\webapps\guidedsetup\network\area-content\nn-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_presentationframework.royale_31bf3856ad364e35_4.0.15806.0_none_1d1e7c63edb12938\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-statemanager.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_1049280582f7dada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.22000.1_de-de_9b4cde3daa43cb7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..pc-mathinputcontrol_31bf3856ad364e35_10.0.22000.65_none_6ec65966fc729e14\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\INF\wsearchidxpi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.winhttp_31bf3856ad364e35_5.1.22000.1_none_9e1105ca4c207d1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..odbcloggingbinaries_31bf3856ad364e35_10.0.22000.282_none_20d04c340d8bf9ba\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\x86_netfx35linq-system.net_31bf3856ad364e35_10.0.22000.1_none_f5f9ae8b66db7bff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-dafprint.resources_31bf3856ad364e35_10.0.22000.1_de-de_d08f86ea8c482ce7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_system.web.services_b03f5f7f11d50a3a_4.0.15806.0_none_4dcc282d9d414157\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mscat32-dll_31bf3856ad364e35_10.0.22000.1_none_e17c5bef58af4491\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.22000.1_fi-fi_01cc2574f7da7b73\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\breakpointUnbound.png	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devices-midi_31bf3856ad364e35_10.0.22000.1_none_411dc108a0702331\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..filter-ux.resources_31bf3856ad364e35_10.0.22000.1_it-it_fc6be0b090802f9e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\core\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.22000.1_fr-fr_5e83a97842b52112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..c-service.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_29462fdfc7886760\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-certcredprovider-dll_31bf3856ad364e35_10.0.22000.1_none_0150cafa542ee466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_smdiagnostics.resources_b77a5c561934e089_4.0.15806.0_it-it_85b4ab34e5669352\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..i-appcore.resources_31bf3856ad364e35_10.0.22000.1_de-de_6ff617df1bf4ae00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_bthleenum.inf.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_015d2878a061a533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..pprovider.resources_31bf3856ad364e35_10.0.22000.1_it-it_6f12cdfc99ebdbf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netjoin.resources_31bf3856ad364e35_10.0.22000.1_de-de_24c74b86e79c9531\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aming-dll.resources_31bf3856ad364e35_10.0.22000.1_en-us_ca44e2499083949b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-radar-adm.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_f138f1db6579a385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_netfx35linq-linqwebconfig_31bf3856ad364e35_10.0.22000.1_none_ad50534eecd177c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-taskbar-dll.resources_31bf3856ad364e35_10.0.22000.184_lv-lv_970f296e21e02067\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mdm-adm.resources_31bf3856ad364e35_10.0.22000.1_es-es_6575fca1a8ecb9ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_10.0.22000.1_es-es_931c2b5344370ea0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_mpi3drvi.inf.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_02bffaefcb2db17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\msil_caspol.resources_b03f5f7f11d50a3a_10.0.22000.1_de-de_1daa70d386b8265d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_bc299ec16555a4d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\assembly\GAC_MSIL\sysglobl.Resources\2.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directx-dxilconv_31bf3856ad364e35_10.0.22000.1_none_911da73b49a50b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_6e3b5d76e92d5700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_554f241185facbd0\500-17.htm	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..le-server.resources_31bf3856ad364e35_10.0.22000.1_it-it_d17a11ba81bf8ccb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_netl260a.inf.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_d4a6d56e4abc4e8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File opened for modification	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleLogo.targetsize-96_altform-unplated.png	setup_.exe
File created	C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-taskbar-dll.resources_31bf3856ad364e35_10.0.22000.184_da-dk_7a1ffec88fceed05\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.22000.1_en-us_b68e6891c6b91c74\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..sisengine.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_4e6095866d9c8a78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-font-registrysettings_31bf3856ad364e35_10.0.22000.1_none_f6499b33ea467f6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_dual_msdri.inf_31bf3856ad364e35_10.0.22000.1_none_8146549fbbca0fd3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..gstack-onecore-uapi_31bf3856ad364e35_10.0.22000.469_none_4966ed53cf8da984\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..owershell.resources_31bf3856ad364e35_10.0.22000.1_ja-jp_70452b00785842e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\msil_presentationframework.resources_31bf3856ad364e35_10.0.22000.1_fr-fr_ff9e07f7000d6d10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe
File created	C:\Windows\WinSxS\x86_netfx4-dfdll_dll_b03f5f7f11d50a3a_4.0.15806.0_none_89cd0a1227817d1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	setup_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GTA IV Crackeado.scr
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup_.exe

Delays execution with timeout.exe 1 IoCs

defense_evasion

pid	Process
5720	timeout.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\DefaultIcon	setup_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\shell\open	setup_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0qlI3J02O0NJBh4.exe"	setup_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	setup_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ	setup_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\ = "CRYPTED!"	setup_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0qlI3J02O0NJBh4.exe,0"	setup_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\shell\open\command	setup_.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IWFMBHFBHLWXXEJ\shell	setup_.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IWFMBHFBHLWXXEJ"	setup_.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1208	schtasks.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe
6104	setup..exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	6104	setup..exe
Token: SeDebugPrivilege	5044	OfficeClickToGo.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3564 wrote to memory of 6104	3564	GTA IV Crackeado.scr	81
PID 3564 wrote to memory of 6104	3564	GTA IV Crackeado.scr	81
PID 3564 wrote to memory of 2680	3564	GTA IV Crackeado.scr	82
PID 3564 wrote to memory of 2680	3564	GTA IV Crackeado.scr	82
PID 3564 wrote to memory of 2680	3564	GTA IV Crackeado.scr	82
PID 6104 wrote to memory of 3516	6104	setup..exe	84
PID 6104 wrote to memory of 3516	6104	setup..exe	84
PID 6104 wrote to memory of 3840	6104	setup..exe	86
PID 6104 wrote to memory of 3840	6104	setup..exe	86
PID 3516 wrote to memory of 1208	3516	cmd.exe	88
PID 3516 wrote to memory of 1208	3516	cmd.exe	88
PID 3840 wrote to memory of 5720	3840	cmd.exe	89
PID 3840 wrote to memory of 5720	3840	cmd.exe	89
PID 3840 wrote to memory of 5044	3840	cmd.exe	90
PID 3840 wrote to memory of 5044	3840	cmd.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\GTA IV Crackeado.scr
"C:\Users\Admin\AppData\Local\Temp\GTA IV Crackeado.scr" /S
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3564
- C:\Users\Admin\AppData\Local\Temp\setup..exe
  "C:\Users\Admin\AppData\Local\Temp\setup..exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:6104
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "OfficeClickToGo" /tr '"C:\Users\Admin\AppData\Roaming\OfficeClickToGo.exe"' & exit
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Windows\system32\schtasks.exe
      schtasks /create /f /sc onlogon /rl highest /tn "OfficeClickToGo" /tr '"C:\Users\Admin\AppData\Roaming\OfficeClickToGo.exe"'
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:1208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpBB80.tmp.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3840
  - - C:\Windows\system32\timeout.exe
      timeout 3
      4⤵
      Delays execution with timeout.exe
      PID:5720
  - - C:\Users\Admin\AppData\Roaming\OfficeClickToGo.exe
      "C:\Users\Admin\AppData\Roaming\OfficeClickToGo.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:5044
- C:\Users\Admin\AppData\Local\Temp\setup_.exe
  "C:\Users\Admin\AppData\Local\Temp\setup_.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
f0f8fea17b76245a3f98ec7083894bb5

SHA1
e06822dc4e6531d53fdee4aae3473566e9795e58

SHA256
392d55de6f6cff782a024d97f01ef901ac04503d33e20a99c75ff0a21d66eb42

SHA512
41ec0d557dd75ff65e025c8386ca768d60a6ffc48f5c1e6e1099abd930d02730199bff1e51fc405250c04c0939bcecd2204a229dfa1c6300590349cd7c7cc48b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
0a405ca81082a9b0c3ced643bf573b3a

SHA1
1316dac385cac898a56e3281161f39e24103ce71

SHA256
d61f41a86d6381559618de7b08d74a7cdaf607bde2f78b63b33bec8cfc5f74f3

SHA512
4cfd350c952917fbe04aa1953e10dc772e096ef4697e60c2da70af142e9f9615170957adf3e0520fa4f8789cfcc0388e2319522d1a2a8e3b5068d96a57ea3b3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a5863fd3f628ad14438d31fd239349a9

SHA1
68d4542edaaa6ac8b2cbfc8970447eb2e4021fa8

SHA256
695a9ac0b9de0189acdef1435762ed3d980a64d87d0cfe80d274c12ef34502c4

SHA512
e5e8b5f1409fb2104d01d34e6f3fdb72318db469f309538af66a800dfe5595dd15b23d2aeebbe42b3e0f69e8a3d1bb5396fe050e259e468af99d3ce5e5397580

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
619c73a801fc5261a0051a32866af892

SHA1
cea13bbddf1d345cf5dde0888935fb4fbbfc4643

SHA256
1e17eb8110afa87f356740b74a9f0b03ac8acf596ece148f0a0ad4ff120edcc4

SHA512
a97cef37a152345eefed6916f56ee332e4a144862134ff6f0716476ce34c6af9ce8bf869253e5a1ecb10323d33682e132e460407ccbb071b40fe925d7baf3630

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
47d19783c47f8d88818fb7a98a094b88

SHA1
4954e2c5b95a73f765bca827041cf85a8df9c72a

SHA256
b4b426b4529fb7af041fe1f75411537de4cd2f6e2d9909ed76c81ba9852c5369

SHA512
eaf9dfc1060b16c7b97b0858047ac2bceb2df18e2817fd580770fa4eea70691d66e1206318df294934256ebc5a00b8e28620633a1c555f6f23c5ece294c0f692

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
0834f2eff21726c61221a22f110888eb

SHA1
9ec34efb1bb2c17553d4090e9ba4693e766ca591

SHA256
c9514ed631c88b21577864c79dfe09130ffa2c9389f81a344a06523200a07953

SHA512
96c621d01423d6f868831c0bbb0936d0d37819a95bd2df4b371ffb72bfc0569607f232d51b7342572af852f1615104e87d1c66aaa867c558aad56efc8fafa306

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
502f5cb1b24f7f3d2abb7d31757c0966

SHA1
2b4f25860204e8929b0f3171e37f8abd8c139d71

SHA256
81bd615a8f2c77f456433e1522164667141de362d30976b04f503a08ae0da289

SHA512
2147a77db246447a78dd9faaf685c562e4f88bc8a466b67f2150d85a13f83d8b5974787ab89ed2b188103813b90c55a65762fca13fec2d897b480fa4858498ae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
b593631a949446e69ea3a181791ffe5f

SHA1
f892477f2c046686ffc7732fc35e4e26d8e40a93

SHA256
582962b3045d32ce168ae1c3e0544e0f2c1ea66f9b05f9c1dbd2661d9313c103

SHA512
983a2fa6714cee532b4c96692e9a1141ac986b2ab50e4760b78575144a843c307544b3a06e0c6ddab1b769daf8c0341488d25603735062bb56d2531389127b3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
9b84afb7072fee8ba85d24e1a8ae7f47

SHA1
9f23ed59d17fb1b18c9f09e3c4ee4c945a63f9b9

SHA256
d29fdfe7080523a8a403c2b4a2cd9ab5179e5ce3fc5f73a162af0472b3247c91

SHA512
7df635c4ae1db56941dcfb9b2f7f0462ebfadabddc0aa88162106073d1671b1a27994a62dbb8a7b64b1f48148d66376fa03380b1fa68d3feb4793d578e1d4fdc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ae07dad2f2d6f5e290ebff3ef8b78a90

SHA1
aef59653ad2ea6db564ded78360b1412085c7d80

SHA256
ed743c34865e1c14b934e5ceb3b2984d03b6ae21b891c9d06833fa4d8fbd6cbb

SHA512
357c3deab53198842ce06866b6c6a7e340db05aec36c8ca629de54a14f168b85c687ee25678744eb33f9bd079204132d3f2fc966661907f3f1388079ccbdff36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
d2e56823eb3fdd14711c10025b52eb4a

SHA1
12381eb2f8951f6d1c5ecc5c1450d7ff5f024a06

SHA256
d1199b5b6b904e8f9f8f4742bb6b35902377a3d9cf271b8d460db93f46d843b7

SHA512
977e4e99d1167bbabbf675cc14d7d423092fb5b9a23a4e66d26ead8389af66e02bfd309979f19bb7e5ed827309c7f00abf48801f8fc732abafc2267c48951cec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
e86ed79cce0127c1aa0b59504bc73a8e

SHA1
2de0b5bace445d4b537f092be0b2b8f6a9ddde00

SHA256
7757b7827c054db419d14b257835214554b164c3cc98b9e2c9db447c5be97c2d

SHA512
4d4a7315bfe411fea4a3c2a1431e081a13126947ae4027ff96a2c62c8c4365a497a4e5fc9be32eb7960df66bb5a2066abd19a8c19570a161e7bcd818e27460d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
7c559983f81cb6da4d2025fa5241cb08

SHA1
6722e64bf46a1ad5e81e5f8f34f1544c252d40df

SHA256
ed7a2451b7283e61a8e1505109068f85c316e9781a2b8e112e03e8c5677663fe

SHA512
a2f3462bcb4c731b5b3201004b6362fb68bd273e3330cdbb9b5a97eee663fd6c0dafd2759282c09c8c56c6077a4f97edf554e01df640d5e01eca932ec81b4695

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
78f57bc5323cb9ac06a418c2cd7591af

SHA1
aba4ce552b5001dfe64b54194c5e4380a0b93b99

SHA256
ac9ea8181e189fcf48b31f9c477e4cab647fd6b206a25658a28be9b8bbea1663

SHA512
701198d21621ed20f446aa8a6d766bbd02ca224e3dcecb5fbb917e3e7aa6a4f7d41bdc886ddd932dc949fdee2f292067bc32fa13ac2be98d988d9e8216889194

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
f236e9b6834d6f757d1a1585959dff18

SHA1
80576f190deac5e19f98e5007264fdc3bc0c5d75

SHA256
1f97be361520389261eb20e70a65ff082f8288cbbca50013d4e6dc2953f904a9

SHA512
8ddeee4874d2708a852ccc7bd326ccbe68ab93d0bc2bcdc37635d7944e1863e48e1c1a8ba4f2405f294e812936c4df28c9e83d409bf1bbc3a4b4a53b6c5a6588

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
de27d0dc7a82268268776f5e7e69ccb6

SHA1
053cf5d9310ba963f942263e2b26a446b0b58f02

SHA256
b833fa5fc0c6c507175f4872905f169adcd4251ec12a5a0cb0985e5777ca23ee

SHA512
b10e4ccea1ef42240319ef356367c8de4b91657d971a858112cc8b30f141c80c6e94667af2ed63827421e24df817ba458f97b1ea07deec1f0f74209207801378

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
4126ab58284b415874d81fe0911d4ea5

SHA1
436934e8baa6a2fab1b04360a6be6a8db60a5b9e

SHA256
893c2ce5eaa932051dc06259038a1705dca6b1b3e1f91ccde706bedd072a693c

SHA512
788217cfed847f42fbfb328d1d08f16b2f05d9d0c1c312ec0f0c2767b5d62cc3a5136a3c2d63c608c028f77231e9d89cdd4080ff18a46d3d445718fdfa77e2d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
ab709a194043ff07ed0156b437e400b9

SHA1
4572c13f65453b219d080fba725c2f383a2c0d4b

SHA256
ef7ee1c48f5b7b7fa845919315a6c70871182c470d91943c409c2bbefc96540f

SHA512
07050e69d0c9fa50da9103bda1f9e28c25effb90071f677146a0d3227105ac31d77a230c8ab3dd3c96fabb84c559fdb987ae22d8531519a39f6e6b9fff9cb48b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
a3938267c1cc3cc9d226317a597535a3

SHA1
09be32918fc68c0d679923dc235dc90b5db9985e

SHA256
523d76a25b3c7a13db26b44bcbb7c6a33a89cc9d714ad34d39928a43067d53bb

SHA512
cb9550116f6fc4fcf3a34e79b59f1753fabdab07ff48a1f8298c1c3893ae8565790adbd89ec42468b2a108e8c8c16584f46a8d710e8e6126707b71302ba5bcf9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
ddb1b8e618cc2377bab25ff774f89743

SHA1
a157831d820055b9fade1747733f1a2df48f0ba4

SHA256
d183e026aef722a331a012d32cbe151c865dd0988c6bc6dd7608b44a8d871d88

SHA512
937968efec9b68a42f13fdeed632413a7bbfb342adfffce448371409a960b8f5e589e14e279a07a91c3cd4da453a9dfa119c3f408f8f7022cb88b9025a4950a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
f8385d956a95080414d0331e4bdfdb5e

SHA1
ccdcd7dbdc9b92756a6956bb66a494fb679fcb1c

SHA256
227b4f0e125276d83248cb186d80d838d778156680b7588824f1193fa4219b43

SHA512
87329c4c95f80ccee17bad2f29092dd26883bb80ee1bc943cfb298c1604e692562e4e68353a1668b6de599d805c5ad4a59d6b10aa87b6240ffd1ecdd14b253b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4ee9669386674818692be901932be241

SHA1
35148ad3f2f59434eb1740d2cc7c68664a618b8a

SHA256
b55d90594f1c9e57ae313dcfcdbab5e3d2f414b895c7bdcad1bab3406c794568

SHA512
eb7369233f1bef8ac3111a88b6db36b1288c13dbf77ebe658587d41848d7e195273f0705edd18acb03c8077395111435a398111cb5ae359f427a08873e2eca8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
aaecf240129f85ce0c5c50f074f362b1

SHA1
3990402de190a44aed34a08333abfc21164c6be8

SHA256
7da60f85b4d3228b88f87de0c4d1d8fc23288b527ee3ec8415baf098e39b56c6

SHA512
64254b2903969534493a9347ac797b090925282543d0fda5aa222030981bc608a1531db03ca400800c2ce0cce2809e80f795b5ff5a0db4a6678331fcf9f38bcf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
b51023aa75fad707469c5c2004d9d3db

SHA1
b9b7856a0227dd7c52c2839c664472882b1c6294

SHA256
aedff21f90dbcfe72e61765c5812d5d00d65fe235dac1e535ab9605e18f3c614

SHA512
618e3c5251658b18a6d670d54adb354fb03ec919a6d936d0d6ff1f4bc21805f70348f00857ce19f37036367be20329133db4330659360df7ccd2a4c0a313b2c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
4da414fb4c5448e5acc03b189646b4cf

SHA1
c9e9a077eada8903d5e004d9b0db9f03fd154e71

SHA256
f08fa98896179bcb5cacd3e65475aa873fc118f730f57e00805a7820e7a74d83

SHA512
a731be49400a1d300db13f7c69a6c7562dbce0877dfd547bba643fbf88832ac82e620740fc3445c6d75ea93b25ac25fd460ec8579ad19185ac55a988e589ea70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
f4d1f496fcdc454d78cf6e71141a681e

SHA1
8261c35bf91a5b5b11674307db37bb68d9307f3a

SHA256
b339fec5a1656ff2e7b0483927f8b1a7168efb53a7b45e5569a7ee630a068a29

SHA512
bf65b785b90b3ebb528276de8bfb0ad27a9919a461b73373f589e6518def5a2a348ea1d09494b714158f3c518cb151a570ebb53ccac8aaf530be127c13b00762

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e2ca299fca71ff496ec8829663fd57db

SHA1
67324fb36c1a95af56825a94df2dcb3c4d6bd15c

SHA256
f9a9f6764dc8cd9b1ad2e737a97b8c0c4610633d3862695e382017c6151d4284

SHA512
04b8b60a66160cc0ac129292e622bf4817bf65d1d84b062b1874d43e7f48006c89129d806ae123e5b8617cf19a97ffc0eeb6ebfd4a02f168d69d828351ae7cc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
5b371569e0536a63cb384c01e1326d7b

SHA1
694afd0ea5b7d9a0af79adc5c403d8c687c09778

SHA256
59324e2932bca44defe9644fa84916fa282f6d5f94ffe96956d8b6c815fdfe5f

SHA512
06bcc1c5833a1519acb7fbaf2eac0a1240a42215b4232672b67e2bd16cfcc3180ef6ed23a51e7fdc80e8f7adb149f1f857541c32148c69f52a37d650af9846ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
79831919d021efef3356c34f796d8e33

SHA1
ce5cb49969db15929bca303e33b6af7d98bc2687

SHA256
31b9048796d8ee5cec7227bf964f9110bb98d757663581a2d5a71d6a1786a8b7

SHA512
0bb9a270a59d7361ab1578830cc24e4858a2ce2e7c742feb176bab1919606207bf36cbe94626a72d739c9d11d5d85a9420b382763ff6ca3eb94b5a09f5d2f40f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
40a5dbe8d807b47ce32c100bbb33754b

SHA1
c1c918bf69df8dfdd31297aeab836ca8cdd136b0

SHA256
2f2ac59790ccef82dccb7527d2c097e2315e72afab5dddb894b98916b8a291fc

SHA512
bf2ce6c8e6df0f87d20d9b893c05c57ff70f2df7e4757e3304b9fc935ea4bdadea2a95cf5467ac24d31f48cd66acbc9c09ce05f5f45077cb3fc65ee1782e335e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
e8da55a07d53311030c3f5c0a37dde4c

SHA1
0c90893da4ce0664731556baf27f1eb00c86fba5

SHA256
d23115076b0df037eddb6d6b58e5b00c067846b2db0578845664ddf89e4dd957

SHA512
7a8e35e255ea9ccf05563c13ae8737f827a21ede0bf18b041ac85277ca358a36c046a28ba65b4d7df515e13514637c1574a0e2276d9deca2829bd2ba025b3d8d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
72a717d9f6b663876ece48fc4b798a59

SHA1
37ba6bf0bf5ed7208de5710bf31e5d192184795a

SHA256
d3b269dda553151328d6e998226545685fb86a5dd48255bec433b56e8ab991b6

SHA512
848b80dbe5aa32bd2adc49b43a562af03d92ef61915aa53d6badad07f168c365eee852b098945b2ef4da8acc3dc36370e57cdb2588e53c224eba1323564a03a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b754da828b640dbeb4bdbea41330aa3b

SHA1
eab040ab6c135d20249fe0bd053cc9dfb3630aee

SHA256
91c158b5eff101ba4b05015891a3c5434e68abe814334472569d97673f523877

SHA512
81af71f6b819546e07d9fbde2cbd60ff15a9b4184943e98d894d46e52a23e7399119620bd2a39220777e442e44a0e1bc1c6f5c0881a3401afb9566bfc933325e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
089a0d1bc6dde71fef0eabd287f2ac7a

SHA1
0870cccdaf3ba02f0e93bf561680c641952f316c

SHA256
80f0f60204efae1c46e61b012593f9403c27ffc68d8f0e213104ced2880d27a5

SHA512
2fad609466e0a10afa6f904a560445aa49c3a3c39135361ef854a5c1d36174c5fb2d84b6a4cbcedd2746115445376415d89024f0548083921df0ebfb3a859557

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
67d01bc4826d3848d356e1e2bc88aa25

SHA1
3937f7f0e157c580af71abaa1eaa94eddb4a9750

SHA256
ab0bc615ec4ffbc7d130e37786786db14f0ec812eb148627e94495a488c3e773

SHA512
e020e3f4cd34f3683f94b343a024e6c6d200fc20f18dda11cc5e1be63ec780dccebdf2d2282a0ff8b8a6d44d0a6b33cd9f27e4fc024d5c4752c9b1fad1956ab5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
37a8e6d4fda25c547aa6e848a65a862b

SHA1
c27c2ebe90df44fa2a92655ee8c8dc856d047bfb

SHA256
ac1f46825dd09545917e581a6b601050e60fcb87680c9e7ffc01d6426997fb43

SHA512
d04b602ebe65e4f99e3ea91857ab8cdf11bab11fe1cceb870c99966c4408b3ba88f00172a1db4fd43ccb94af7b8af8aaf0283e89a23da18f7b7d7135fd8b45d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
4e11664f789a0525a8b0ba1b8adeb8a9

SHA1
b9e73df1c2dc68a551631079e818027494c83d33

SHA256
fc16b182b377660299a3ea0ad75fd90f64f267a296251193bbc20cbe7ff3ec5c

SHA512
6a34cf448a6261902d4ceb791282522f2b11ca6999589aa6fa68cd3bcdcbb1b6338f1b38edce7b32f8caa379b0963779e7337af2415fd12140299c232d2d50c0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
8dd7255bb17461030bd8ebf3d5bf8c4d

SHA1
2369159fed68ece239d3eb46c8c1767aa11cc66d

SHA256
0132917e0e09036ff9976acab447b47a58c21bb15c61b66e696774a16df3ac3c

SHA512
7d0478a35a8b7ed5fe124ccc1a2957e0293489ac0ab7d9320b4ded944311b18b4a2a369c3f4e86f73d6ce39ab6c5e713898d873acca3978ffe7f26300055a282

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
0def80b73c1d03d9b00e26b438922e32

SHA1
9c1ecf8e30f6fdc491341c95d2ae4888d0c66f5c

SHA256
625a2348bc001ac08f26ab3ccc475091a572764cb1959015d89139686f735dd3

SHA512
8fd003d030dac003d269136e58bb5975994109c6d63c97c9336173e48a37ca40f3f9984b5ae26b03f0d6c0e99fab6ca9547f6a38fbf0a97d5e9cc1eb98d7e06e

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
256B

MD5
6c30082caf3e8e81e08653c5a2852138

SHA1
45947f4dcda2348b5909c282579214899167c221

SHA256
d2ccc750a7368abdbde1403192dcab667677a2505200d556b8ebce6d690c0a24

SHA512
bc7bcff4fd48d10bde47e44902882e0ece2e269bf6bf4d2196e0f9a12d50fda444063a919b072112188291226cff27bc8536662b41f1f85740a975607121fec3

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
0ababce582412c539faf64eb8352d29a

SHA1
3e6723f54b78f845f3fde735abec283bf69e5c1d

SHA256
ca2c3c30e0a2b2c76b0f1857db31a7d85a20c9c8f3b75486fc9132a2987cc38a

SHA512
49271195157f7bf39960a3ab16a79b37875bde70d3ceb8dd57270e25c406fc9d082d7388ab04b81a4950184b0fdbf5e3445908bd039f911d0da4c04fd8269689

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
6c06f92fd19eaf5873393a45aa39528d

SHA1
99a339ee999966dfd19209fde643d88831edc97f

SHA256
9f2b4f2c4883df9330653d93fb05a9780c8ea7528bd9cacaced9caedf87e8109

SHA512
036ca46172ec3ccd8a1bab8ed8b58e9804b82fb8d5564068eed5b0c4f8967926f12178159d78c276e507be68d4270f71f231c3fd5be1de140c766cbc6eaf7e80

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
36a9cb6eb987c1dd38deef9747fcf973

SHA1
5423d844fd9f0cbcdee1d83f08ed63ac9c2ff8a0

SHA256
066cc36329264c0343144b0b16b50fe2bf165e49ad4d0ee05bb38e750e259480

SHA512
726ab75adcb971da319731ee0f4363a3029a21717ed79349b15eb7cc0af8900e626584e546baec39b317ec42bb801a839c1559f7abb80287fab7b6e78da34df9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md.EnCiPhErEd

Filesize
1KB

MD5
2e5aa92dbb67282ea580f38918bdb591

SHA1
0ff956cb63bb1c989dead9b0077ececc5b484f81

SHA256
9d2d3ada077f806cd1d6f472e7001ce4bb14474c67aa6a4ee62cb36d5faf7c97

SHA512
cf52c7c9a0b5e2a8ab7d3defe2fe0839bce5e66f9c975e1e8920929c40ea823ec2159f383b5ca6b263b9930819d3a806a2bf2a41100cfd65b72f1aaf7a79c01c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
996a79ff9908aeeb283f0709fb6ddd18

SHA1
98395bdf01300da0e8937dd4cee1d3c1dd12189d

SHA256
eaa8f1e2e4ae744539c0a026453e97207c5b6098151b100ec1032593fc6245a7

SHA512
7a5ee2db860787cab78c83a8c7672f96d504f4888a06052c4e9a1234393334621cc48af8848b75202a1a8fdc4000e9e3ed3dcb515f5c3c599e6019fe164b080e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9521250874db131b9a3bc62822f121c9

SHA1
13c3af66ed65e30f03f3f51a5b355f9aa5bd9abb

SHA256
b5acdec4e03a3c7298e3f254ac587a40c3c2bbfaed75f5288adc966a3d28839f

SHA512
38a4587a479e8d282398414dbad36e0d3f3fecc92ddebb29236b9e579b069851df7907e0c1e426e3e21c19d4139ee6d1ef613e54011d737880a23c031d9cfdbe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
4a997d214fb2f68be16a97e4efeed472

SHA1
c9c348a74283dc5f41e635858806a1f24a4b3fb7

SHA256
67a2d4820c181e428e3e4c19f9cf695cb0cecb9302752e0bddbfcc82f98f7ec3

SHA512
4064dd229633e562d048ba325e85ca2b2ac3f0ec4aa54a30b90adacc6d760bd746e29e9ef59af044892707b995d0c026533fad9433c833f9a3decd2149c362ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
a611914ef512e3baf2fe4a2e66161d32

SHA1
ee52f8cd75b4928ef958c6ce454158998ba69019

SHA256
de0b46b6d87967cbd08808eaa846ffb6f0f0a00197c521865191f9a01c15be4b

SHA512
1d326a6508770b22fecf3226faa9c592ee65c58c80ae30417b613c5ef8809e757bce38c149c7f532119a5bed0308286e103a86c5b037a87c41de968ca3750c6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
8916729a7d0b95a6d515e08eca19c1c2

SHA1
2c1345aada1ba67db6b486fc751945d203d8d4da

SHA256
9cd5b4fbccbb48cb897805a8abae1ed4c57865eb33a75af81e861b781725ea16

SHA512
0056ace804283376b378f60ef919e01ec1a4d587d3d6bdc147d51058fb4bc73a1801f73bdbbe051392ffa88799acc95f101402b3b2c8f13d87b09448efdb10f6

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
9bec8e4f0cce661bc09f5aa0e73c63ab

SHA1
2e7ffe7127d273cb7371c8b8c50522ffa5a7283b

SHA256
30f6bad6a042d75f1dae3da9a81612db567298ff6897435184e55843796d0d78

SHA512
e569ab4c43d0696e6a5165f6196241ce4eccd94cab518e792e96ab8165b8fe98bfaa4fbf1bd77581ac138a9e5b49edfa6411935e2f4d21ff044350ee0505333b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
edddc4ece0c301c0f277ef104f913416

SHA1
dc023f7d46f660532f8879ac368a76ce2b0b2eef

SHA256
dc7d70e0480d881aa1251d7ad9c1a3e4d29316de0adbf82233d7b6bd611ef597

SHA512
60c701b4178aa49718777ca6de442d863513c2dd7cd46af8924b4b399970f3820e812c6b0f8d59ca0d993829949d33317636dfe2f8f68a7cd0e4a5efa8693d22

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
378ff5336faa5c6996970f0297843a6d

SHA1
91d5e416a25829b25b6bd840be90b4b7a7a557bc

SHA256
ec420a43279ed88c7cab0220ddd2f7a83b7bbbf794827cf2f4a5922236f9020d

SHA512
db07bd8effbb0904a962e2fdc6c26afd16a8b511bae3bd42bd9d517ddbd6008d4b11382fd6e218628a63eea455fd7e91bce9ad932a624234a30bf9a6c782591c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
46f045e36c9fd5ba383bd3dcadf3e0f0

SHA1
921f2640d48fe64fc2fc30d399227127989e09a8

SHA256
dafa637ac375e33cfbfafd7c942da343342e950a425480bb3297aaf1b9ee392a

SHA512
e2f1ea36ceec2d835aee6ef33352c8b6d0c088a9f255004ec43bd1feda6ede9eba6c69ba944e55bc4b759b892d54e126912ec6154469f78ed5498518cdb0f29a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
ac0e510c71fd32c780e6087a705e54c8

SHA1
be780f27eddd82aad9050661a01c1c112de48337

SHA256
fb4e754c60095b73c0b0db07f0474906535a3ed1596f642b45920e655b63053f

SHA512
cd6996d46b06f53ac594eab27c3946374e7597544914191116e81b1f200fcf517f44d65874a9bb6173eb33d0a7df83b0e126bed4e385ce673dd2ea9683aaa94f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
fa501756caa8395084a6f947051e6478

SHA1
70a082ba26dc420d830747c37894323e583262f9

SHA256
3a681f9d6988715daba2b6d56a9db85be0d81301afe59b0c69860805a25a7c5c

SHA512
27d6488b340204154c892fdf92d6dc0fac3a1c21ccaeea3a9ca7c484127a736c4ecbfb3c3ca7e12d8481e347ebbc4de850a56c9ba3d61c4f18714b1b60577f6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
cf919379a85db6424c870f571421dc7a

SHA1
6cb315e4975722c3ca1af6ff48a3283508ddba7d

SHA256
5a2fd814f5fde19b296ce225f8a02efa5aaf4de5363b8f555f9221df977063ee

SHA512
c946164a4028d85c0662d6af4d3f791dcff19de47ae9ef7e5212a587292e9799f694df4beff994ae839e6a9ea70851a240f4f75a099c8f53d4bbab7f0c94443f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
d1dc883f9126b3e3138fa8fa81e976f5

SHA1
a75209a132fc681644ef108b8274c219c15733c9

SHA256
36accc0d3dc6e413d42ffb6465a4ba98a85a779c88002318552c37ac687be3a7

SHA512
cf0476cbad9fae40839e50b804d8c35bea58cbb2f09d9415b1a65126a329d2dd9ecd87cf5168d92ce30f2ee6c1d96122f7a81edeaf815d731711ccd8969b2153

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
03e449d8ab1dbc9f03e226896d5e96b9

SHA1
09279355b885832debedee073e4e0eb332a5ad78

SHA256
e4228c287ecda79393cd6da10280e29dafb48f1d74dae9cd316e153ca371ea44

SHA512
695397aec724c6cf4c6556fe7335c7a455ba822e8c9488f43f00d8d2ba23661bf260e2c45fe5a3c8e3cddc5166f58b28c175816d4986b1d84cea4a6ae6624437

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
f00ea49e2063689aedc327652179abf5

SHA1
6931887a663d271321336b67d21b5b7d5b535883

SHA256
fb4bb47afdb21a0bdd6976673389cc4874e786aa7dceb51fc408d2d3391fc675

SHA512
a25548a1b4b47ff4395a228cc5cc76534a66751330525d50861705b13b49e9a8d8016fd3736fb641ee32c2d9fdbfa326ea828645530e955f532666bd3c9686d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
0747d420d36433c8636a17c2bb5b2c8d

SHA1
9ae398e04a360ce997db4c19347c9f758cb023f1

SHA256
b17ff2951f123e7ba5af75f7e19062cc57257a19821918fdbea63e073f50cfe4

SHA512
6b4382bc7884fbb1e793a703b4913b7381d7f9853f5c543c680be3ef2a4cabc69a094821bd8f1e52140bf8d8d74ebb29189ad6ef5d7803277d0daf7e18a37cfd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
fae969a4a810c0ef17b479c9701b887d

SHA1
31532c3cd5835fb321939c27b902bac01afe345a

SHA256
8974b9a009d71d0671ff56880b83ac18d4c541d8e6b3139a0178ce008fddebb9

SHA512
61eefc897e3e40f58d7c82a361b3f62a6bfb90eee2deb040fe0df748f75d4e080ce284c6c736794efeb06d3353227c82a641600dce10e538b61b106b44618f0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
935ff28fe3c7ab3f3522fc1687d67b98

SHA1
ef101657ad9d8ddd319660e76721e04eb3195d82

SHA256
5f7a59caf19b55065bf312e0b71f46d5ed79989a9301f4460552a245e2d333cd

SHA512
e722d0755debbe2b51e359810d4ac76765c680dac6d6713c1ae4cbe8874d90e76e44c7d9a80393efbe1feeca319624ceab766f95d9f5324579be211ea5e8037a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
08cc4789f5a026fe826401e1b15fe9b7

SHA1
7c35b8342aecd0c79b23a9fd8941610607e5c71d

SHA256
6a0c881f0e3015a83f1f9d68afd8aa83329c0348df1e293cbd2acfcbff7a4c64

SHA512
052b7aa0d23ee8e15d995be171e027a8527b22692fa1978c719fb307da88e86a752580aea6c97c56be7026c10471ff7f2750f13edc838f984110c636028b12fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
07b49aa38d133a3e7ce91cf5c4ca5cd2

SHA1
9b8f0cc1d81ebb7f10cb8b9732d5ab7fd4905dd9

SHA256
f0634b669cf7eee48264f72e86642192e5aeb559ce9fbd36fe4ac3f1e6afbde3

SHA512
66022b86d1d32038bf6ca93ca5cd5df0a43ab457593f39d2bc04dc275fc963fb9a5dba5f4e633aa56c6e40f870cdf382a3deae9a6f48b30be836fe814efc2b67

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
eec9d1593f67e175b483a41473c4aeb2

SHA1
3018804adc61d151a2618615bf5537a2ddea744f

SHA256
f9d4c58f93d82b976130a7bd3728f94eb73eb497085fc0f236503ce21fac5514

SHA512
aa771d139f665c6d5fdb5d29ded25dd9c979e93ba0ce4656377f15887ea1df4b0a0dd11d8af44aac1990f8cd233cfacaaa98a13f3ab6082d22ce13889bc3a29c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
6ce80d32885bd17b44bf3bb26d4907f0

SHA1
0d18d0b8684bddbed9e1e076d9e703a684486b34

SHA256
09c05fb4fe5a855c5f910aa21002eb0a5dd9800425b7eee4cc8b98c063e98738

SHA512
e064289648a6e7d6bf006e3104b4adc3e461be8001ab6e717e0be8f4c5c86c7424597dc9797f4f0cf02ab441c7d8bc2c023d7ff1bc12aea6375cc4429c362f5d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
86390d42a51af0f6ef123c6cabced4ec

SHA1
0d090f2ceeae1e165821e01873f6e94a13f2a3eb

SHA256
e118e9ceb530e6495221ead78feeb7ad3dac0f5180be92b705b7fdf3a2d8ddbc

SHA512
92ffce0fb1ae3d9fc9c6026429fc06456f2ed3765c872a09be425721bb674bde3596ab798a80d77e88334f9061c5110c46ef8c127f63ae1fd6b84fe9ffdab93e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
c7d81c7cbe7afa5f62facc55f8fb1da1

SHA1
bcc600353e2400d8393533a4d1b9e08895e97e1a

SHA256
6f46cbebd51ce01feaaa926b4772a63de349bbd77302513daa7640e785cb7bef

SHA512
8e7f4a56633860923ab6f5f064e152943f80a951c8bff3df151f403faafa82cf629ac26b71b10f290f7da194979191f678ca3b40f1322c88c39dd08002e0e203

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
858806a544b2e6baebe48271425ffcd9

SHA1
ece342f639b8a16b4ff32ebffbaca1c3208d82f4

SHA256
ee61e428bb68670a78e29763127a0cfd3258971f06c5b2d106ef25a4a72223dc

SHA512
82e4546aa7d3264442b7af5d9f08c52baf9e4ac03a5d4925b891f9c99e759b4efeebe02d514f016bd9f079ee66e8bc5a21ff23ce10a56cf64f0fdab62dd350f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
48a501b017c8f5443d431c93a39975fc

SHA1
76e24776adb4770679357b704fc7f40f005f2232

SHA256
6c5c10c29544780b3a349e990fc6a5af342e936111820b4e7d07f027b0ea70b1

SHA512
46d430964e09311db26e5639b105a59ab354f2ed0126c60da134b725533586986e7581ad571ae8ff5ac54ed4211790363b959a246a508b3f2dea2ef348e1f9fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
810e7412027472cb86a9174084cc3e19

SHA1
ab6c81111573e2cde429751f754772cbec6dde4d

SHA256
d801742ad731540b86e9fd972e0e4766966ae7363962504cef80a8939277c347

SHA512
860b31c0eab278c1b8ffba68f0f802f1e6a69616e59a759f5847beaa7aa4b10acfc29acac1e21f8059d4fcef3f711d43c194c4a786d456d803bdaf633c15de70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
42738e5a6c1100260303f4ec09a83a46

SHA1
7d298502fc73b2b2af623e673395216e9e0ad4bc

SHA256
052a80bb7ae0ee6ecad2dafd95982ad5f4578ebe740e09333dd613de77c7a04e

SHA512
12ba7972c7addc445806fb7212f92e88179ddda8e960bdc02b6b4194f9dc5271224086254cb2b57c2b153bec959b82ec65092516d3c1f7de7e3b6be603d912e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
e19e0c731a2046c56124b8653457b9a4

SHA1
f42790284d2f1ac3c1fac7b1ab1b8a9ae5d0307f

SHA256
77a1ce80cf6d3fb174ec111035d8c81e7b9c45450869b4272f73d11236db5d06

SHA512
2688249d05c265bf6f7afe0b9469d32d67ec9ebc87306b8129243b91343bd8703beec33e845bcc874e7ef582e70b88df2c507a268e8615d146a6d60e901a81ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
87180188184d9792fefad823cab4a71b

SHA1
a97001efa164d978e0cae5204952890d2097a3a0

SHA256
aad86bb99eb6b396a683285f41c790e1a5652fab14f70aea3f54a5df1f1f7fc7

SHA512
2e5bf287c2b244885d10157dd75eb373a77dd66ff00b7ddbcdfcb5c9f7accedc7d55f94bb7db2c19450bc05c6f241b2327dba023227a4e9b49e9af666f2cb562

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
3687616cf672f8bb38a834899cdbe4ce

SHA1
ecf8fbf18222636ae9853efc57274be37b848c9f

SHA256
12b68de2aca7963d79b50940d6c92696c8fdfa67ba9cf577f82e8e0f17f54791

SHA512
ead3a55eb1750716be8de1de0a54bd2a1a0df685e7b9fcb8d84ee910196e12d5b9ccae8b10b9d7e8c27e3b44f14a80766c0fcb353cb0896cbc82fc404b0c4eec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
3da8bc43aeb9ca1f0011c5d43291dd17

SHA1
925ac7d583d4862a4db74d4000f47b0365d86161

SHA256
6d7a70ce08e01de142c07caaf8596aa97bdf1474dbd78ae67bf6e80cdd4c1794

SHA512
7201a48b97c04359ea4e9dd0f3818f915deb6690d618ad797861bde0f6d7d7ffa1a75f0e10c4a7e3e25a587a66a967d75bf11c3952390581372f7418dfbca1ec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
89c7d43a5e252eb71e23e55936db8641

SHA1
7ac1d53806fa789c41653b9623503f3627f69daa

SHA256
844d8371c1bd7023647b3a4dd163b2982794dd7c27e0211b2970edbb3462e62f

SHA512
3937c001907fc5355d4fa98bc64c08efb2ee819ea5e9ebaa759ee0c7422325834eb7ec21936c60789791b7943d93b6bdc2a7cf998b45a0b50667f9a8e0e3fe04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
5a20b3109ba7365b1af01896c70acf32

SHA1
d7fecc4e8e3de66d44063ca08ba604a09831aa3f

SHA256
e0369dfcf3a949c69dd7f5b2a8d51e1a264544d865f84c425335954c616e39a3

SHA512
b165e6cba3280f20d7fa6bcef90f6a1884180db80a5beb840daf32417913199ed35ac90615ac7045942e12a72900c23c5caa62a284cb2a0b0922d564616219b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
fb8529b53e6dcd09721b7f99c7efcb35

SHA1
907255d7e7fa2c128f1eede50552514464c4f735

SHA256
cda274774044df74e9777add4deff829f2de51eb12c0c5bbee493363afd24edb

SHA512
3cbd647b6af3d7d3e8456765eaa6213453643dae75f99f8dfe2584b0c1e9aed6278ad234bb4eb78dce5204cf1ead8601bff021fac16a13adc5908a718700fdf8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
5019e6c0835b73f516bd084880327a55

SHA1
a7bd441e3983ae219c5935c57a0b097d968f65b8

SHA256
13c3aefa45c8cab59d01b0b9a4dd0168615027f145cd291c049f8d45f923de2f

SHA512
76f921c2deb3abfe38c06d0d4bc828c60098da9452be0d42afdea8522ad025372618bdc5a039176b7fe3618a69b2cf1831475d128cf2852d6b743ba3f297c9be

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
e56649f75277eafb9078d58985d09bef

SHA1
d3251fce850ba609689284a28a1a3fbb3999c4c4

SHA256
608611212d8a2eb250bb370342e859077de567c268cbdb7e52c6a4f923c6fc45

SHA512
eeb566efff8508336a30090bb1c23e1d2b7564ebf79f720b21fa61da473294cc96d080473f75bf1ad5584ca360ffc9c4dffe871e4fdacd113d54d1492af44be1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
7b6b6cddfb8ad0fe8a2028345becde60

SHA1
c088407917b95f6359f8f4d69e9df0450a4045c7

SHA256
b12d8501ca5a81215c745cc0f13a0a650136e242e6dd9a52f3b0bfc8e789647d

SHA512
0092bcfd75cfd18e32d016400b8e5d3d51e84a065c521f39fad7b0f2efc15cefc59fd01ce0e5f23542cacffc4265e025bb9b1fae71271c07ca3eccf71fcba6db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
1fb6c86967fc232e6f9a7e7c65ac06b1

SHA1
6f8fa85a56281e6031a3ce7d45240ab5628149d8

SHA256
5cb742c9e6f1ae8ff53c6fd0601a57ae779ce827903833596031293db06da855

SHA512
a44447eac1e6bcfab2818cf0d0f3b6cb336673c18a309f2ce2615165d82da80cd15df346b84b27031230489deebbadcedc1148297a069f81d4dd956b390ed665

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
8bec6ebc2164df6996ed6c894b80c78f

SHA1
26b2b752548b5bcf72a383351a7fbdafb98f548c

SHA256
afffb19999f698690181a24cec2ac34257e44cf7035ae2079341c937929bb454

SHA512
66ce0ed8090bdb0870b6d214c6c1ea465f94295dde01a1aa07e0bbc5ab176083489d57eaa9c3371dbb2da9267444eebe1237558a68ed618f62580f13e4f76b74

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup..exe

Filesize
63KB

MD5
bbe814c269e9e73a532018feb1c52bdc

SHA1
8e99ddd6f14336e786a335ace50c0a0d37f3111b

SHA256
07dc7d670351d2f230c5a2063b933810fcc13f059f66383833f1a66a003c70ea

SHA512
0f1f0bc9d1d8d7c33fce51117480626abdf9f0847eeace161a81ca321f5d434aee930bb4aae679f88fdc4ed28eb72c0c81a0359dc775969abb5896bd9bf2254d

Download Submit
C:\Users\Admin\AppData\Local\Temp\setup_.exe

Filesize
7KB

MD5
ac5d3ede68d0ee0054ff52d550fa23db

SHA1
d12af0bb41f7b152ee06ea96b856e28f743bad80

SHA256
6e76a936f44596d76184062c59de63bf6a761369ba30da86501eb074bcc1d8ef

SHA512
ea71f5ea1b0727b80a3342cffed24cb8face736667a33f7a4a360092d8c7fc9629b0e0677b0386ec40628dc60182fdeb18a07c310e5515a6ce9c002c749c3d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBB80.tmp.bat

Filesize
159B

MD5
2a0ce251804c0ec40f8e934c8e404671

SHA1
5b3a6ae772f09ded4873c2887a384a95c692ebf1

SHA256
04db4e0c76ecb900a9cabf4abfcf20b666fb61f99763abffc0e96499a2be2578

SHA512
6504fb498da4401b1b55b15f4587cee8649a049ffc923b14b42cde1b8539be427b3e10034ec4ff4f4d2a14050221e624b64b06f01c223cdefb0247e612b0e047

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk

Filesize
407B

MD5
cdb177b2010b46142839d54b7a5ae3f6

SHA1
a0ec6d57666abc06221a70e87934ef206c93282f

SHA256
b3082c847ec5f3fbb65ccc1c56b5944cec99bc6c3eaa3164e516b57ccfb4e17b

SHA512
a429d95e669b56bef1078640fdc3c682b7f17ebec2cf1949dcdb469011f97713f53a3097232da733e24eec99da6360b6828ea6734c6565e6af17d97c133159b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
ef542d5671f90398bd2c50bcb50e0b81

SHA1
52798f8c5f4336ba26eb0cb2c0ff6a5926a7fea6

SHA256
8e337e050ff67b836f097270c21ca7d0190c9197f34244556854d9728f353342

SHA512
a32879f137c5d5c0870279d8b7862c4ee3d9271cd4709d708aa8fbd61f8ca5653a36371c05b04a89df2c9723f48127f311d05f4168ee620cb5f0f2ceaa3a6178

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3fb342850a8740b7a541810faab211a7

SHA1
a1f895ff8444ae1d17d770a236683816412aea41

SHA256
8e871c921dad6b809f3a0ba0cada5a3900d2bfc7b9fd685d0f783a2aad086fb1

SHA512
c2da717b41856ddb464625f3d8d60979267736f51fb57e76bd98c0fdd6f4c8739d86351b6613d52db990d52e6f7cc34f4ebede2ba8ab44f5c9477d67c6aeb99f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
03575636a49614c04915049259f55361

SHA1
f30cf9ae0a23ad60a03f8327344c2b825a634232

SHA256
0972f94eced02c6759697c66200d25025b226b0e2e01c05df8f4001bb1f4d36a

SHA512
a6d10500d98e2225c4052756beaddfb3c78faf0b661efa3ba5128a0018456c46b8280e551ffe251a38b2c4f24646c4be1efc21ed9411ba4573f59299d6c8a0f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2269d8acba8ba36068567f02714064f5

SHA1
f546575dd93a89c1bef023846626c146b6aa0ea4

SHA256
407cc7f5d7ff65548ce0d9a1405d45bd94a0b8a59b066e0d45313e64a3d2bf8f

SHA512
e6f131d2210b9f84e406fe151aa04a036cdcfa8fe8ad57ceb1857bc8c066978729b5c0231009343894366d5a0a429b63b433cdedfc27099c5731ca812c025311

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
426bdec30b345a8a54ec9ce7216a877e

SHA1
98ce43b11751f1b4b2a2795a22786eee32305028

SHA256
23b7d772af470aeb3737fc07586254a53f8be069d6fcff2123a1501320b6fc83

SHA512
8f019affe06596db5bd4e883213e712891aff3c836bed56822bed2e913995a3c5134277807461e88b62aa52cd6a8b6279d31d4f7d6253dd59b535b2a0ca472e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
a61cb5fd4ff509c8ff628bbf145bdbce

SHA1
f6deeffb7e714d7e488ecdbe493b0741005c8578

SHA256
5621c821ff0254a0eb868815c9882cd2df9ded372c404ebf379cdc7adc0b2e7f

SHA512
5b342cb0cfde8d694b4221b9eb741352848accf8b6f1c704287189f0e2a5c75848bded8ad4e63973d984d0d9ce34937be37d3c978bcaf198f7e57cfdf38b9558

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
821740c7f7aa36fe2eaa9e17f79c1f1a

SHA1
d66ede41cb6fe1f48f758ebed16ef5a6120dac63

SHA256
be08755206c85cdf6d9a192b867e184da07c1df339410ed482fdc82658d7b37a

SHA512
fb78b862b2c1e8a6a62bfc00a9c1dc21fb51066439a3d2e035b96ff826949cf3b29db8356d147115cb92ba38d384f1b0cc2d128291ee1788233cf288ddec6759

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
cd7db8bf26d7ac81a92528d74a7a34bc

SHA1
012b1c34cff64626f96fb57f9e11e370ded72040

SHA256
8b821064447f5264395336b0197e25e3fb976288c8ddb8cb88b2ee48b81ec252

SHA512
13f38dc0d1c363a69b09a763badf43f87868f74dc04e6e7dfe8a113d8f3b95cd67c449e4cc31317b54daa2575c73436a30d2511eb7699d3c5f82fd2ba2266784

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
848e05c302ab8f7eccf844791252babd

SHA1
32254685e69cebb011c78556f897f304ec6322ce

SHA256
52194c34e8694df53204a7bdd40c47f5da3f94f5c95685479e3ae594b28ee2e3

SHA512
e9f3244e3c242fab45c2184e5addd6576994c009778ee1c2ea086995fed4e023bf73a29f13479f8d1af1645fd0e378224ba518f7db45a3af0c462d4a24377dda

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5e49c080a5dd341e478a39070ef89270

SHA1
6f552d6b3e47357aa43c5e80e9265c9cb8163d26

SHA256
0a32a7051e5316c0cbf075561632aa661032bd5b90b1a44961a401289f912ef1

SHA512
d9ad09f86512b5d5869ee73e5d3675b7b8bd1825d051712180364c62acb0adcf69c03fd864bc470ac7a2a3220d62549ca6deaab3292e4137cd7235b7606b1836

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
5d432b7dabd6d772842cef346472b4ed

SHA1
6b3a0d4d732336362c014fecf6d661248067e248

SHA256
b4f40ee69266e3c1c14ce72cf76ef4b7cbece64e0b9e8a7a333a28fee7e43966

SHA512
dcb24fab20b1046153da88c5fe8108439b28d70e6d33b347328e5b345f1c3717f1d0a48c5ca5f515c4a3b705959f4bdafa0b9ff5b454d11a3ad7943067db38cd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
9248c0180e2ba5688384db2762f3414d

SHA1
9850c63ae129f6c4a3366f3ab2055f0b6c686401

SHA256
06b4f0bf7f3bc455111e1e631f800a35bd145b5d580f87ac5918f208cff64496

SHA512
8811f06bf6613718c4abefba576a71a1a185d7d10065afd6517feb917a34513ab63ace24971eb914ab358c6c4861edfa0cdbe3eae4239042223d6561ab1c0b06

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
7e0ce88fb72714915330b899f700b736

SHA1
15c3056459a52b248e3a991803b8ae6f7c4a8be3

SHA256
0a59b8b575519772779acac4b154c54440fce6c9fc06d31d615cd7bea72ce664

SHA512
eb826c285ac3dd0f9d2fc13da976a93da1ef9945c45da9f2542189335470b3ab5d85c96d0315653614ec3745dc2067edbf257ad2499018ef0bc806cc18d8a0eb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
86ba53b4067762a5b7065879b8b31ee4

SHA1
ec0188191e7c4ee477f54d0fbc7ab0880ad93bf2

SHA256
3cdad78ce621a71abda05c2705fc7b5abd0c972e2a775a9cd553c5469a18887f

SHA512
52c141fa1fe5da0f90ff386d630b64951c0da3065b3c797ab3bf8b944825df0e72745703174ead8f18956f524e31429b7ee575bca93459301d9615d1ce90e6be

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f5cfe35632028c6f7d53e157fe9fb9ee

SHA1
1e054759def5bd769acecfa59116f9a8c81ecc4a

SHA256
dcc81c6e030f6cb97037c94687c3b404d6d573fad78402ab07d3a6a710089ac1

SHA512
e9e345f02cc2542786ce4d5ed1aec6febe264f4fea3d9639e76b6e74fba2a90e488238beea19b7e3d9c73927477b82cb79a2bccc45cd0a5b4e57fb50dc2c59ae

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
8f25b11024a6e2ea5a967d7dbd2c67b1

SHA1
bc26002e80b5c9f4862e2fe4345d261a644f09e2

SHA256
716f5281f3f2f24107c80a54fc03b6336a047bb54556afd378aa27c8a7a31c39

SHA512
03ca6d774b21920ecf333e08bed83b3a9c83232ed55f1a5162f670862fac45a087c4e0f99ec658d955d969c3f79e47f91e7277394a1867bc3067d21279a55c2b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
215d86fe353a5781b7936e35af276034

SHA1
51a00334244aee0909ca670c0816bced8b830ac7

SHA256
a325d60319d75f6a9dc4ec56248ce373136ede25a160a1d1ebca65665cf8a20c

SHA512
6ccbab2e1bb4d11a01d2b428ac2042bccc73b9545f8dbbfa115344c0f868dd48e61dda60a1277e103bf03e029f98b33eeb79cd955839c8bda13161387e1acc43

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b50422e5e729426e2414c526e480a6e2

SHA1
e4a2f4d60f15e845f81170787a9e96f710cb9559

SHA256
744e889bfa1ca941e6e1b164c9e66295b6f81cefb766c92163edb53920074cd3

SHA512
847237e00f2d588a25f33670163b47b68806f24db5574ffa4d3cd9b85a04cb7c0f2ed55df3c879343a94b5c3bb26af14f48053a1b2dfa5252633b6d4fcce86e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
a9e90784c944f6181b1e348ff1eea40a

SHA1
111154fa0af50171e159b68c6bd3de89fb6db634

SHA256
b4f279de7da4b2a7b1588833c752f994eaaf7b5e7c385b1883a7e6f851e70219

SHA512
e0899c4d1f21e2480ca4b5a206965c34732f7a8c387c3f77b74730bcab162afeab9503d6b17cdd7f664c1ebfc1c4b76cc86b630406ad1c71ef306a273647db4f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
37affd46d6de4f88de10dbe4dd6e73e6

SHA1
bc180d81ff99f389483e8e9878f50dd7524dce00

SHA256
e9634a6cbe97fedf24eb0a3c7f52322d66a671da4e92bee022c30b44481b8e24

SHA512
1cf16bf7644b5047e0407f6c1a18155e7deba229c3cee8a0bfa1b22df2674b7aa6a02cb07eb6b52cf27ab9c1fee69d243124396e4277661be7d5dbd568f699b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
924aee3b808c2eb4611722f1e0ed7a12

SHA1
2826530e992a34528984a83fcbf4fecf7de0d880

SHA256
f1810e403ac9584ff176cf23b76d4a9ad94a50f751e112d561b34fcdef13d464

SHA512
758c33c60917f9faa5ee170bedde8552e6d874c83b1f2caf29783816992112eacbf3b8874e2afc959f4fbacf169318e4104a91b19c6f5c6a20ea495f122ffcf9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
f53d571f25bc2e12aa8429fc90cf32d5

SHA1
58791ba9031d3d69afcb3cb3c84ad174116d758c

SHA256
2f25937d823a35edd01e7dbb9e016f3935690e71ef59ddd0886faffb5f006188

SHA512
22afac36d4887f5a100ac47fbac1135f17e4b324ded4fb392b6ce33af82444163ee889750305073387e4600fba997d36e180ac928041172a06eb428485127e76

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Windows Terminal.lnk

Filesize
1KB

MD5
8808074010c1f5b54dc7e33a0766a2db

SHA1
f4f29718c89c3fa36fc99cd9d37ae77581ef8ac3

SHA256
abde8ef9c793aed72ce6dad5229e33f20249b48c0aa1c8d260b3d741ee803ee5

SHA512
c6dc66d3251f905208c275f4d326dae8b076564729c83c40407514a202719f10276e86f0e630a601bfa66d5ea5e543abadfd1bfe9ddad7dcf30c253388deea81

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Windows Terminal.lnk

Filesize
1KB

MD5
ae13a0cad3d03a6ae1d7e93a03f9f84b

SHA1
266d4b86091a8c63172d36a7bcdfd97cbdc9ea09

SHA256
3b4d12f6853e4ee9ac80dcc7251da6c08fd2aa5ff487e2e621491e2406bb9f3a

SHA512
170f5f4af17cd4e0d4c337eef566482f492e9627feeb53a7ec0ae190e28377fa94a2ab980884a0dfd85f427324c32042e20e00801922ecef420e6e094bc3f2f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
11bd27838aa2ea54108532e4011a357a

SHA1
3189b58d0215485203b9816c73776e14afacd104

SHA256
dcbb4a59f26c2d8c76ac359dc5ad494fdf6500244ca1d501cde90419c31f25b5

SHA512
569f754c44218ee3deffc0f1a128230547b9843c415708138589946229d528193215c98942d2eeffe3b71fd4ffea0a5f017fa28edb69fe9193adf092d7de1fab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
ee81eddc0f53ad5f19063c47f9803f50

SHA1
037d69c28928072c270213f784f89bd7eaf50a99

SHA256
a19b6cd5931eb9d6d90434caa899459c77a9df89a06e9afe4cb93e4445164d71

SHA512
f12ad82f89f90fe24f351aca693cc1ea3b14d8b00ab4faf93dddb0db8e3caa4bf1cea137935b226a67cb38762db49adc0db8ededffdd03510ee51965a1b2d311

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
4efc5393f2a2811a065036c5a66312a9

SHA1
27e15e11499af41f9e7ed241b97fb62bfe04cba9

SHA256
95da27216791bb00428c49755b989af0e2fe93709e210a3189e5899eaa7abf9f

SHA512
3c99cda21e3de02fc774838846cd2d40c3e3bf84eea3cc4ea1bc56aae5f0d99dfa1c702b2d7d925fc74470504d21c66bdef58d62ae1549bdec2e4fb76a1d00a2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
52b0f491e8bd8e287e1565435fb84f10

SHA1
ca6d97735fb06767d5224f09ac126d5baea9b1de

SHA256
43f433497ea387bb58a05827253c3f9bf23761e65551b01b5b557119ec832245

SHA512
4c98ad4884c59df11911eabce893541f69c6b5c48de3810422973fdd08ed39336ccc8dc29e1dde73076cec9d076177ec2e514ec50d6d1ed016708f88d7df5777

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
799c4c6c0118f369f7dae8fafbbfaafb

SHA1
4bdfa1089f5dcefa9a96efa48ccbb77c3896265d

SHA256
3c1bc80abe9cf8dbd97914349049050427cb9df3492502db64dfe885e3d3b02c

SHA512
0a87d8d0c11771a7dfc034d7ceec4e2dad4aed1cdc4faae45dbe225fc77943beabd088106ad59c5f7f57c1a51c80ecff06d4daef5af247902db47deffa5355ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
a6f2622b8bda0032cb700995eedac3c6

SHA1
fc415a8e3baa33b3a0d20581fd4dd7f9c4739e6b

SHA256
2a1f516a38642ab0ac0899942b3fabebeb70fd4d15af63eb8c462e2706c7a514

SHA512
a956ac8444481dfa8fac23bd7003278861c06edc0006cad4668765d4c6eb0b1c6e27aa73cf4d71bdcf8e2060eaccf10bf7f0554a00780c91457db11b2082094c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
60606e7c98f663a076f3cdea2f07eb8f

SHA1
d2e2a49e8a2c11024e18dc390550c6c9b4b2d45d

SHA256
c165de38c0bffffab7928ae51408cbb9d8bcdda17a6e50e47871d4038995fcec

SHA512
cbc2919022e69869709e57783e8d14acdeb84e62702f3e2938ff7a2a9b3be67f1006bcf5af293aea28a5ad0eea745b9f0b5123632602719dc5ab6c9bfb1e8b8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
216dea6248cc4a7619febc603672c12b

SHA1
0cc94e63ed361e00a0df660f97d3c27e11a3c477

SHA256
1a003a333ab7ebcdbd419132e6942bd4165f913721fcdcf8a1340d593b5056a3

SHA512
d9de8893480ff11782709ca628dee2af6d6f7ddeaea88d855ae674a4d384a7d2cd15be0ff334d239e82ae858e8dcc1d5c6f3a2f5d9ab29921747033a2358bf61

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
7bdc54b92bd2ae2fe0f7e7900e9613e6

SHA1
ca41901dba39347c4b2c75781547f23ab0ee62a0

SHA256
ccb702df568fcc8be2c60d7ebbe882ad73aff806b0c4f3130b1bc1d527f81467

SHA512
5c6853c6f0724d7ca77242e01c7f302bb212b56b8bde2e345f4a11ac55424c263e3a88fc917b77efa1eaf5727e0fcb46bea4354b3d788de00a2cd7346e1e16e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
868475e95bc59c553f4d2d1997d8f2ad

SHA1
162e24f7aa56951d2accc40ca6711aac047516d7

SHA256
ebff93e05a70568564db92798a66243564232d7b242bf507a015b974b691335d

SHA512
1a8fd21cecda11fe89c69daa6d1e4988fe7e919e769b6c560bb327eaea20cfa1d037dc00e1451b0b704dbe854aebe46650e0adf1c6904206d6365d12a11cb580

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
942305573f90f4202948cee33598a339

SHA1
e255a3e885186ae08d37fc82505aeeb3a8f5885f

SHA256
9449582df4094bd90c85eded74e581ff30eaa0283c1c25afe01e9c51a983d3b3

SHA512
ac2c33807f71e525fa592826b1a53ae56b36d6755916640f1f245ecb417018bfc726a5ddb0e23146ffc02f42e7854e8bc08c61ede57726cc57d0318886aff465

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
60aa4ddac9c676783293fda55e43d8b8

SHA1
376199cd8e39ca80c90846dfc4e6c2c97aeaa60c

SHA256
30ab32f67fdda1da1391e3f9a14945b3a97665532624fad8342e30bd41d6f05a

SHA512
b5d27323bc6da828d0dfb372421eb440ee22c4d07cd9c78dbfee339fa8b6d36e59d89b033cbfc4d94306529a43355223a39d9c6e4e9353cd960d4d04452f1653

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
ac855e3486b7cc9172f90934d2bd6fb6

SHA1
9bb36c82b4b6cfa9668e838589fd17d2301405f1

SHA256
626414d17c0ad5a8080e5b2c72e5bad9600759c9679c9dc5bbcaf1fe5d20e748

SHA512
58af113117e939cc8500fec669011bf020a5f2075633e58cd115a97b28cb04f625aa3322a589705b2cace35a31c5119102f9ef22ebb7060c7e7efbf1747b55dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b11f40e3f746aa433f30313893f3ff7a

SHA1
df764e3a26c5068e97bf12b746a308ff3186d7ea

SHA256
87ac1ce711f2dea125a1a7ed2cbb83af3bc6b2a9246234e569004c54000caede

SHA512
cdf95e598716381076c0df9bc07f55149250e911eb82bfb7231a3f78540e2e2691620fd33e0f5460648bbab804fe048897f3e6184b6b998b36f1cf46877d22f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

Filesize
1KB

MD5
f547fe34d0724a99bab6ab3d92e11a34

SHA1
13c8563526630891abf6a9907ee480811b1505de

SHA256
a5094aafe799e28b8fb430d00b891001cb23c3db170b76aa9a0f044be020b7a0

SHA512
e2e41a7fd85b822e5f480fd8c674f13e033de570079cd2eb4912020d5c18d1969a100770e012f743e8f7788911b2b1717d4e02824f51ed450a060e46cbc75864

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
d8feaf827dc8f5269f681a1cf084a6ee

SHA1
33be21419c9b7ca0bcdd49d421c8be812b1dc50c

SHA256
a3150d773cf879c858e13f622778903eb9899252ef9e32211a14738f74b9d56e

SHA512
81c0042e090af238ee47f099fd019c4aab47509a04d06bfd8ca294597e6e3ebad8a981fde54490d6d7cfea74f9520d6684bce303d0ceca5a4fd10cdf63ea9dab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
cb6d7a97726058efdc488aaa51e8d240

SHA1
9017dfbeaba1d8db3f5b771d59bf26f863079eb1

SHA256
d94b19c3496fa1719b52016114775bca73ea2eae848da5866ea6814e0d5f6502

SHA512
5c1d2d3d2a95a7cdf8a4d1e981cf3c8aefd133e60bfbc3e3685c09283b5199f055e24ea329401046605e8203e96e5ce89e0cd37d0f0f50b9a303b0f1c1a669f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
e402741c33f64338cfa6abc4ba18d457

SHA1
0560c1a5db4d8a84f8089fa98c88004d256aa716

SHA256
4ee6df25cdfc47aea231612d4b814b1a36489f1f5485f09f215fd758c4fbcf47

SHA512
63acea1a5cfaaae456ab7bbd64f7d2003628943f534733ce684b5e5be7b36c80376df179a32c42e7a7505029060c459afbfca23f793760941a03403064b7dc75

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
b7a15b0f7fdb76d6461329bf8f2b7f2c

SHA1
b13e48c27400891440ac274a85aa0bf1a663ce92

SHA256
5687ad975aa2632c9c83e5d74f768a4562b08f8e6d0691978dd83da18c61b318

SHA512
eab0da8c9aedfbcf13236738a2bf4e6db16bd84cf39e5a9414a128c8f5a2f494b81d8d9288e1e5537ee2542f1c8b6766011b2a830ed882f290d495f39ffadba7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
1c72e85ed2a7ce862403017ae7bd9192

SHA1
5a3f3c8a93a40b3567b39f13a7afa4ef474411ff

SHA256
9effffc928bffe6ca8e7adf1328267b8e15e169116e2ef5e0e1649ac94b288da

SHA512
b5f05a2bc7b6e266d700e3ed2625f6f7bad57d6d95d59dc652bbb03ddd61f4fb9b18e4ea9a2b3a03bb6b2b3a400e8b6199b2301f9d8c6fc2c2c134498d151f8a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.22000.376_none_742ed331adb702b6\Fax Recipient.lnk

Filesize
1KB

MD5
4db60d455a6f5153a96849cb99f94e3d

SHA1
df6f03718f2bd7e74b92c57cb486e5b259d750ff

SHA256
f04cad1f98860674ec1aaebef2af9d8400ba0cba5bba788d080d8984ea81a7d4

SHA512
1c71b4ffd2251d5e3b1163d946e3ac1eaa1b6f7b4cedf618d09a6292bfe3d56b99965293f50d19058b7937ea58e474133724d623fb73a5d8c61d7517ae52467e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_10.0.22000.376_none_742ed331adb702b6\Windows Fax and Scan.lnk

Filesize
1KB

MD5
681a71ab1b0c55012d646f751d142154

SHA1
55b248221383b9d7fa23f2a4bad6677bff4cbd43

SHA256
7a0d9b6805a7acd59bec245ad97f45878e90f6d009d49b25eab18af827735180

SHA512
edd3910338aa850463962dc247c2486cc16fec0f2c426afe1e74215c644473d8fc6b52ee55cba885f5295c51e5e50d6d4888fd7642e0d91d9cd3ea2f894022fd

Download Submit
memory/2680-9939-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-11158-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-11172-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-11-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-11169-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-5099-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-2828-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-9940-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2680-11057-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6104-8-0x0000000000870000-0x0000000000886000-memory.dmp

Filesize
88KB

Download
memory/6104-2152-0x00007FF8B3330000-0x00007FF8B3DF2000-memory.dmp

Filesize
10.8MB

Download
memory/6104-2147-0x00007FF8B3330000-0x00007FF8B3DF2000-memory.dmp

Filesize
10.8MB

Download
memory/6104-2146-0x00007FF8B3330000-0x00007FF8B3DF2000-memory.dmp

Filesize
10.8MB

Download
memory/6104-12-0x00007FF8B3333000-0x00007FF8B3335000-memory.dmp

Filesize
8KB

Download