xorist | 5103d7f1f440612cc2d47a6eb0623ba6e3ef972e0ed11b4414d447b39aeb9259

Analysis

max time kernel
141s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe
Size

1.2MB
MD5

95c9c8a661ecbf7a55c4b7c43cda7ff0
SHA1

aef02da80b9727848838ed2446a22ea86fec8c91
SHA256

5103d7f1f440612cc2d47a6eb0623ba6e3ef972e0ed11b4414d447b39aeb9259
SHA512

23d5ac67183f2971a5ddebf108be7132075531718457ef52e2c3e8b15aaa8eab05cb2b686ad4b7ebd641bb306394155092bc5df3834362be18d266e231aa70ef
SSDEEP

768:k7Dviojm1hAJFeolguCMBadnpGuP16GJtT:k/2U1lHb4ouN6GvT

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 9 IoCs

resource	yara_rule
behavioral2/memory/6112-5193-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-5608-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/5560-5612-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-10257-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-11195-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-11517-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-11537-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-11543-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/6112-11546-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2225) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1279544337-3716153908-718418795-1000\Control Panel\International\Geo\Nation	JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe

Executes dropped EXE 2 IoCs

pid	Process
6112	mog.exe
5560	dms4sut3ZNms53q.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dms4sut3ZNms53q.exe"	mog.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcrtix.inf_amd64_e3ded2b26d662526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msports.inf_amd64_f2e8231e8b60f214\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_guestinterface.inf_amd64_192114845ec44b66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\sl-SI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\oposdrv.inf_amd64_9090a824ce0d0e68\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdcameradriver.inf_amd64_43b67cb2258aaa60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PnpDevice\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\XPSViewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wceusbs.inf_amd64_1ba398d9da634d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\uk-UA\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\circlass.inf_amd64_9f3f831d13d3df1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mchgr.inf_amd64_399f04975a0af112\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc_vfpp.inf_amd64_9ce6f68c11eede58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscontinuousbackup.inf_amd64_4db9ca877f67dd36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwat.inf_amd64_3bb2e5702f25a518\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_9aa94bcf077169a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\fi-FI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mtconfig.inf_amd64_fe91941ed205cd9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpbus.inf_amd64_05ebd3b4422f62ba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\oobe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpep.inf_amd64_2e156c5dc4231642\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0008000000024268-5.dat	upx
behavioral2/memory/6112-8-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-5193-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-5608-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/5560-5612-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-10257-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-11195-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-11517-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-11537-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-11543-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/6112-11546-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageMedTile.scale-100_contrast-white.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker33.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d9.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\GRPHFLT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\WideTile.scale-125.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-16_altform-lightunplated.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-100_contrast-black.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-150_contrast-white.png	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Studio.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-16.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_altform-unplated_contrast-black.png	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-150_contrast-white.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.scale-100_contrast-white.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch.scale-125.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-100.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-125.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\3.jpg	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\es-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\MoviesAnywhereLogoWithTextLight.scale-125.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-colorize.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_StoreLogo.scale-100.png	mog.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated_contrast-white.png	mog.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\cloud_secured_lg.png	mog.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\189.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-48_altform-unplated_contrast-white.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-20_contrast-black.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-200.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-100.png	mog.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt	mog.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-125.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-32_altform-lightunplated.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png	mog.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\WideTile.scale-100.png	mog.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..r-desktop.resources_31bf3856ad364e35_10.0.19041.1_it-it_010f40593444a934\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe.resources_31bf3856ad364e35_10.0.19041.1_es-es_5e16a08da252a1f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_msgpiowin32.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_1de7daf91a0bb20d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ScheduledJob.Resources\v4.0_3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..repairbde.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5dd1459e7e748169\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..inalservices-drprov_31bf3856ad364e35_10.0.19041.546_none_abd20e7b78123e85\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_c_smrvolume.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_29c0c52cefd35efd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_dual_tpm.inf_31bf3856ad364e35_10.0.19041.746_none_fd59bfa5f23183d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_es-es_081e757aac173f6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.19041.844_none_ba2b07b5ed02761a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft.packagema..ce.common.resources_31bf3856ad364e35_10.0.19041.1_de-de_3a8fd696dcdebe22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_netrtwlane_13.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_d55a09140f9d761d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasrtutils_31bf3856ad364e35_10.0.19041.1266_none_8c3011e8d40ca7c1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-dtc-management-ui_31bf3856ad364e35_10.0.19041.746_none_7ad163652a58c9bb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..opactivitymoderator_31bf3856ad364e35_10.0.19041.1052_none_7ec56a9d21671e02\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..fessional.resources_31bf3856ad364e35_10.0.19041.1_es-es_550c9e7e751118c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ents-mdac-oledb-vbs_31bf3856ad364e35_10.0.19041.1_none_b08a6838971ee378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_hr-hr_b1d9e9e8a6b82de6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..rbridging.resources_31bf3856ad364e35_10.0.19041.1_it-it_80042450a8e5e6ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_9bfd8c1523aa38c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_intelpmax.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7bb5a0cd2e687cbf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.19041.84_none_dc38e61c21c1b710\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-peerdist-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_29276692d9012aa2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_netfx-_vc_assembly_linker_messages_b03f5f7f11d50a3a_10.0.19041.1_none_de6c3c3b21885865\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..zer-fr-fr-n-onecore_31bf3856ad364e35_10.0.19041.1_none_164d0f2906ae45f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ager-ghostextension_31bf3856ad364e35_10.0.19041.1_none_6420bfa818ce1255\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..uetype-javanesetext_31bf3856ad364e35_10.0.19041.1_none_b3574d6de9cf3152\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..vice-apis.resources_31bf3856ad364e35_10.0.19041.1_es-es_ee28babe6e379ec7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Graph\15.0.0.0__71e9bce111e9429c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gpio-class-extension_31bf3856ad364e35_10.0.19041.488_none_c9aaf1c2b334cfce\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square71x71Logo.contrast-white_scale-125.png	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..rvice-wmi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_43e46657ec5654df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-zipfldr_31bf3856ad364e35_10.0.19041.789_none_55d7563694358729\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..complus-runtime-qfe_31bf3856ad364e35_10.0.19041.746_none_495c794dd75e179e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\SendPhone.scale-100.png	mog.exe
File created	C:\Windows\WinSxS\amd64_wudfusbcciddriver.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_a703b926d6ce06a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler.resources\v4.0_4.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-explorerframe_31bf3856ad364e35_10.0.19041.1023_none_41a96a435d5614dd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\x86_netfx4-installcommon_sql_b03f5f7f11d50a3a_4.0.15805.0_none_37bb712718e5ea5e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\INF\MSDTC\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources\v4.0_3.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_disk.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_eb37f85c405648d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1202_none_5e2a05871a9a6485\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-syncproviders_31bf3856ad364e35_10.0.19041.746_none_833e536e8d7274c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_tsprint.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_4605db66e86a3467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-gdi32_31bf3856ad364e35_10.0.19041.1202_none_d893813832e8a501\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..astbannerexperience_31bf3856ad364e35_10.0.19041.1_none_84ceb874db035466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_10.0.19041.1_es-es_b97a6a4b5db1ae3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_qd3x64.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_db75423928d31aed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_wvms_pp.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5e9708fb60a0074e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecoreua..erservice.resources_31bf3856ad364e35_10.0.19041.1_en-us_c0ef441a832b6037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networktopology_31bf3856ad364e35_10.0.19041.746_none_af4f4201594cb014\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_product-onecore__c_sensor.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_b068d538e6bf66ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-npiv.resources_31bf3856ad364e35_10.0.19041.1_en-us_9d463f8925b4903e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ce-common.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f2d3fff04f317df1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-icacls.resources_31bf3856ad364e35_10.0.19041.1_es-es_ab888a9b26f970d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\@WindowsUpdateToastIcon.contrast-white.png	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..licymaker.resources_31bf3856ad364e35_10.0.19041.1_en-us_19b2d0629adc2875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.1_none_4721ab47285172c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..tymanager.resources_31bf3856ad364e35_10.0.19041.1_it-it_eb50ff4fbb34dea7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	mog.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mog.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dms4sut3ZNms53q.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP	mog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\shell\open	mog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	mog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\ = "CRYPTED!"	mog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\DefaultIcon	mog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dms4sut3ZNms53q.exe,0"	mog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\shell\open\command	mog.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\shell	mog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CFLABCYXEHTPLCP\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dms4sut3ZNms53q.exe"	mog.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CFLABCYXEHTPLCP"	mog.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5928 wrote to memory of 6112	5928	JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe	86
PID 5928 wrote to memory of 6112	5928	JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe	86
PID 5928 wrote to memory of 6112	5928	JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe	86
PID 2200 wrote to memory of 5560	2200	cmd.exe	89
PID 2200 wrote to memory of 5560	2200	cmd.exe	89
PID 2200 wrote to memory of 5560	2200	cmd.exe	89

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_95c9c8a661ecbf7a55c4b7c43cda7ff0.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5928
- C:\Users\Admin\AppData\Local\Temp\mog.exe
  "C:\Users\Admin\AppData\Local\Temp\mog.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:6112

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\dms4sut3ZNms53q.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\dms4sut3ZNms53q.exe
  C:\Users\Admin\AppData\Local\Temp\dms4sut3ZNms53q.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
941d802914e1986f1919685b449556c0

SHA1
0f93eb419fe8345fea7939362e4ead0e49bb525d

SHA256
65d7457cc605e1441542701c0b63e6cef56d2e8a1427766a5c495f2b590875fb

SHA512
ceb0fddc648332a7203a298dab95b45197a08f312b34af9e68e7ffce6e2cb486ccb97ce6c9bb629695f9d1bcd443c4462e69721eb738167686721254977bce1b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
6bed8c522ac0fde1599a98c5645a5856

SHA1
f2998ddbe753ad345c115088b5b2546e6d61f8cf

SHA256
6615129e3df12fa1a7c38570eb621c4b5788e05936a96f5953aaf8f3e6cc67a2

SHA512
e9e0c9a60cd23dc67aaef704f5eca8b8d6495733dc781268311a7c6bf29f4f8120d2f3c18168041cb09c650665a6cdc179e01f24022e90a42ad5a085dc13b7bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
ee7b3be136c54af95e203be7870e526d

SHA1
548eee6324cb054543c3f573b8a0079b92ff964d

SHA256
c1558c45e7ba760faac2fdf7a74787e43905c0c11710112f720d845b8a619577

SHA512
71c5a777e858979d0de10035eafd84d95c6ccdef8c1149a734b5fa0687eccbbfeaa310bddc986bb79db67dd8dd7009ff1af4427372c6aa38e4da8afa1445dfcc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
ba2d3697c05567d66ee7bf70e3150a3f

SHA1
cad231aeed0f9176632ce3baa3578ad6ec845c13

SHA256
6490ad52a3fe1ee3ee43bb176ae9834550c6c4e669cf3f2c239eb26f2b8341aa

SHA512
5b2094edeb903de751bda2ab3711a851011c20dbdae0c50a2a04378544db24dc8a850894db153143f87c346dd9bf98cd08101127e10d85470136f8f9d7754582

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
4554a75841b5f5778f002ee304d0ab9a

SHA1
422c7465a256b029f07787340b6f0ca77982d65c

SHA256
f428c7fad9725677ebf6265fc3176fa9cdb1526c0440716834926a884ac3c89f

SHA512
7ce5e4f628ce6e9130102c952b227e56e4d8c3ba845df28bdfacc5258dd9e50d20e00cdcc646e1d9e09e7babcb5863763a563367644b75c20cf2feeb2dcfaa59

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
4c8a19b7784acf3782fd68c2ff60541e

SHA1
97459b85d8facac661867ac827f518bef38e0651

SHA256
5ab9b0f3d17842f6bbc65a834b80839cb535eb5fb9e7e5e187cccf68e6f21f20

SHA512
103a6ad3830bce327a79e6a9efd65f8103934d765ca926407df0d52f46e961d7225b154510f208efa62835ca344ac26ff0bb401895e1ecc1f2101606917d8a73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
280809558aeb0b45d26d9d7339c41957

SHA1
7f89d96b2e6debf737bf623791445f92efbaab73

SHA256
eb6311fc8c1e24b029ef287d01e03154fe14d53c7ef0bd474576a4f2f600b0c2

SHA512
63ef4290d8698659bcf2b5ae18495ad0757adf52597114d819edd678326421a249c3330877f4d313cf6b56e29bd9b95434c15a870ca365186a2cbc8b388acf27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
4fb333e344480938501a89f9dfe5a051

SHA1
ad8eba7045bb538ebc1dd41a285d198e8b35de41

SHA256
b2f68db5a31e412ac8e458c51e27cc7ee6c13145a9af8efde86cf883e29c82fb

SHA512
c36f2dff3f8758c25fa6ded02fbba176648e2c8dbc9d8a223cecfc78d15cdd1af42066aba0a3110702417d09104028aaafe1120ea5b40757b30d32895059628f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f8e3ae142158c800135186c59fee9898

SHA1
01103fd3d8f7249049703914cb1a54c093d3b3ad

SHA256
76923ec03edefa69b17a2ae0052da4ea58ffdffc8049fe8f4a51ef2796dfc11a

SHA512
74d873952f0e094229a5d61c405b74fc7adf1e245ed4f6f2ff01a291a45307856baa1e098fd4a9c80ea30e14225b4248a5a6f32fa18c7bdac5cac07891069293

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
ddf61a27e5b58879fa056a00c48b0688

SHA1
7e6fea780c339d3333a59cb8aaf52dde989e82ca

SHA256
25fca0cca49a5be76a476ea1c27c93236f8aeb1e23f2ca56b56f8bc32993bb4e

SHA512
167d154fdb6babc916c38deadaf60d01b8f6e38cbb334c66839e2acf56ac1ca77032e6a1346bc88a7214ecf65c6ba0a9015b9408f94464f3424fc4b4f1851297

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
478e7d7d8f6ee16b2cfbc479210a11c9

SHA1
8bc4b927152e44824ff86cb354d452b01f2be2d6

SHA256
1df7cc0190d4d95af26e5620eaa7bf9ef460a79b35138395056860d79aceadb4

SHA512
04068ccadb703270a00f5982c2419e2197865881ebdc275612a2c5f57c841a9b30b64b0e64de176e22313c259c40925de90b0438255627e2a9cafbb7fa635c70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
5de3cf2830c08e40713004d06c90be1c

SHA1
770078f4c660baf62d0e7d69e651d8d86d74e22f

SHA256
f5b3718fe59b398418d7f74f0b488e741452522b94184fc22878117e5c0fe9fc

SHA512
1ba5794cfac76009e542d67100954a0911643358ac2584d0c6465ac3c8683cf6262b937cde317a399671a1a14dd2303553a90fec7951e8144b37bf46a23d53a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
ac75eb246b12b2adaf5398e4ea01d58e

SHA1
8c3b1f1381816947dc9a75357c3fcb423e3108a0

SHA256
53f426e440d5c9b5d321c74a6c829aac2bf6a232c20ac6c51c167b87bdfae2b6

SHA512
ab79daa33ef975f58c7b36a7f2e637bb733316f7deb8a4dcc77d455738feb18339d48e5920e79d2e1f837c145efc94d648b8c411dc290d406a6d03ce07585855

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
55e1b79ac0968bafeb7a2566797daf0c

SHA1
859c813d9f300e495fe71e8584b2ecad4bdc5a57

SHA256
03b863cb5b26d85464e231207764072aeae41fac6ab12d47e819f99a9a4bc0ef

SHA512
4c9793e979fc23c2489b1b2a2b7bf866c321a66578e8d2dea2393bd2a1087de5825017168f7410465fab9276e0c8ac0772deed80510e96c85f1efec1954a4e43

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
2d0eec7f0bda1804985ada51c59dbd28

SHA1
c338cb665ebc9d99b569272cc192dc87546ca23c

SHA256
14d454778c0ecb937d4e285bef6e8d77e1790d37f4a9e3619a4e8210726fa85b

SHA512
1c53cc071a4f9d3f29b4eba3f9be23f468a8ca8821fb8eb355889673641bebc934dfd12402bde4d4d8a92c9776b858208ba5ff9f45ed9c025ae9152f5888a4d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
9b7e7a877c5ae937c11dbf47423e769f

SHA1
b846fb7e63347a47dae2d751df12fce762654958

SHA256
b6dc7491c57385ab4609d65c0730b3d147a7583a7b14c3b08b68d3b3ce887c53

SHA512
8fb965bbcd5664dc3162829e9c7f322154fe6ddd0ce91d7800ffaba07679e463c95498024611442c4c7e09eafd73fca0c3ddcc32585d71888ea45b4ac59581eb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
392b4fd34434ca8d5f2cf55da2a2f0c0

SHA1
ba44072df3069e6f5fe6588a4b7182794b8f50df

SHA256
474230c01efc6b1affe1bbc814a0c413d1a4d9fb5344adb4883c9d1baeba8f98

SHA512
552e6bb48765e4ded01efab77efd5a2b4878c8fbb37b96c9c1c097f74d57c98e0019bd001dbbb136b2b76e5e0619d9788596d6286c402d7c619ecdbc425d7ebb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
18b2e6ad803c2a382850191bc65a1932

SHA1
435ab672271a6bb2e62e8237ecc0690c92c3b0a7

SHA256
1f5f8bc8410a329dba25a3c1ef6f9d30a982df4ab9adc369826db1b7682275da

SHA512
8180a9233e8b746ca72ebb3ecd2448b1ee3a126eeeeb0669f113e690e122359ed2d10ee77e40a2c0389b110d9ee521a787fe3132d5ccf4a3d80006cd9d7523c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
c983181f16e21caeb47a2277951f5d3c

SHA1
29a44aa5ece928ba5f36c110b0a281cc93f2882d

SHA256
c5659ec502ddc425fe00f64f6753bedae11ddd2c341b42a45eb2f5193ba32c8a

SHA512
cc7458257c46e17ca0074e5e3cef0b864f5c76f18d7104255e4421e8983da8de8184623d1949cdf67ee4d9a868deb73465b1f1e67314a04d9f54290775725e85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
3f2be98adf82943fb48c729229c487cc

SHA1
0214675e9baca99224ac604a4f41ea61d26bca16

SHA256
ff0b9b1828a792a5428e2add77b1376f89337ea616b566c7442036c8ce3e4bd1

SHA512
947f0e966ffce96d6225ad4743258e69465d754d8ddfd6253dc3edc13ab267b876101b1ec57470395400b9286dbf27e0c2cfbe529a078288a54728ba4e3d8bb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
bbda6775444420bdfa7604efa2fb84d6

SHA1
dc73dea8fcb64b8db875218c4b1a10c31a7c2714

SHA256
446eea2de249e30e733e849214c7f738ee978ee9a1e80f5b1a95a200ccec2542

SHA512
1d29dde53c3f4ef6e32d5d97bbb03b161d341f4368b9e80589e7e877c2ad034cf2246c1ed6f18afffb906decfbbd4dfc8a97ddf9369afdcdcf0490d7e4615f52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
794d7e2c377834cff062d1eb674a6918

SHA1
4a9ab556789a92c58470be4fae0b6bded85450b1

SHA256
04d9271b33972ce369e692d72aeb2c831678de5871de81a474ecb0b110146dd5

SHA512
ccb12b30d62333fd3e4ec17e92c7bac8a75e53e9245d0040d34fe8806b9c26ef296caf33abb984897e857aa17b5a49f4aaa5b2f11fd221bb1eb4348f10a30758

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
52d5e7d431b185159f39381d9e1df4fa

SHA1
06a0c20fba17522ded769e56d95bce8e7d7c5554

SHA256
24648619ad558702e2911c15f68cdeaf9fd58bc786ff44fa8c7e53f76ba04506

SHA512
356ff64242313a29af11bf901b0280b4b09355d50aa28be6869d9026fec125ead2aa15f33a75759de8a25de393262b93ec9dab49d32e17025208f9a032417b6f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
4321497dca626223c6b40b3a7b1936e3

SHA1
6cf7e350ca719f46f4f76229465949427bf62fe8

SHA256
d4a8de013f59f2a69546d3d35a27aafbc5401736cf4c0f46fd2fb37b2688e681

SHA512
3f8ae5dc28b06da689117ef0891930e790809503d8ff5e3b27fa641071400a673463a20f554d7e16e3dfaa6816b71264987fafdeecfb368b8bd10fc951cb47e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
6b027560718446bf6173aef66d2ef23d

SHA1
b452c116965b97518133aa090e65849464a16fff

SHA256
f8427fa1fce9a8736943789cf2615bb83cdcf07152155eaa9077bb07a5fd6fba

SHA512
eb40948299142fb05924307d8c1a65f3fce64301a6b7a472915b1ce4826b22ab56610147c0ee572d847315536cbde9d5b8e8d644eaeba822953ff4dcb4786027

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
07be559b861fcbb8f5fafc883ab81438

SHA1
68353a300238888df2325bd4c9a13227a1dd2c0f

SHA256
64daaa50250684c9b400e8adf37a06eea23680161d14f1d98704da286f72a516

SHA512
8d3c3a4189ff3a93cf4b63e1101e51e2b5cf56dcc116325be22910ff48e9017d1eb0f04d731321f29e905e8ec54836043d094e35469efb39b7e4590dac45b277

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
2a2b76a7c6733159c1d9a134c048ad03

SHA1
f55b1dde1051d50f5153ca31410eacfba259acd3

SHA256
c30660bfffc8ef1445e698ee668a7cebc651f3f9e5b6e16089315a48c39a5376

SHA512
4393264f865f7cd026479b233270bb934a8ffb41bdd0bc4a4d23e790131282194abc6cbf282a717aee84c24bb1a05da8ef1ff1e922ac820611f33afc7f7040cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
0922f83f74e11297cb3f12add7d6bbde

SHA1
ce5fa6304768b99b88bd94cc01921ceedd26f1e6

SHA256
d3b29409bb480a80608ab0a89239a13710697f2dbcbd220b2a0c940083b08db7

SHA512
61c9a4dc99927769e5c7b70414f644a3ff90f04e4d50e5aa417f64b557287dfc136002293abaf6c2cb23fff02b9f1a39d97b23ddf9622d6c8e3013c5c58797d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
8841e8fa70f51505a4cca8d340f1e814

SHA1
ba129a602c98845ff247dedd86b4127fc2e2bd41

SHA256
8542cd2fd5934805db836f43a10eda18129de322fc25cad79e914f9d891e3337

SHA512
b08be5f37de726a11c84d37c6bfeb270a40d196cba98bf4f89ba3fbfd199f5ce622374ea67c2207f8e3109b4e8a3f09849c97ac3f1b971a52d2bd0de266c6b12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b974d89b39a8cf8352b7c2423693686a

SHA1
66475521e5ef71565bfb069488dfe994066af109

SHA256
db008b93a05a614395964bd08e8b3e7adbc7903003c8a524aeb021a7a536b3cc

SHA512
27229f92ebfcf30bba6b9f59bf675ed523a22eee70be7461fd472c28453853ca2672d5bf3fd36d98b9a6a289121c227fa242beedd770058ba80cef09acc6d8bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
7ccd4c61c451e5fd6024879434ee6123

SHA1
1f957dcb138400b20ff57dc500796720fc8e1537

SHA256
069c42d80b7ca8c19556808956f2c13479b83f7b9570c98ab0162e28ce6b34cd

SHA512
37bfa0f9be9bd4d79beb7cef536254bc5a421ef01993a1fb1e412b0d665793a9cbc4fb20c6f09dd71a6ada0c7d4b961819130ea1a9cf131c6cff739ad48551b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
dcd5ed993d6f330eae8db28e053d15ad

SHA1
16377b009c88fe23e633e614e89b9931858aa63f

SHA256
0a4e90b9fceb22ccbaf52ee14d3574b59cf7438ec1b233fddc73f7471a20abc1

SHA512
62795f3122e5344c253b833b5be2a015a7c502e720a760e1a7f6756058e7d8edc30ba18ff2c6ac3e5c2a6e7717f093297b6567d04d68a1f6011958ebb1d82ec0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
45ddd5bacff3a28a5538cdc884b1624a

SHA1
165cdc37399e44967543a5598952e694cd341c93

SHA256
a5d220b7ebd30acc2c73230c95e05c98608b68b8f26d08a247ea23471d7af57b

SHA512
14e193128482ad288133458624e8cd99d4e03592d32744b365529ebbf4327d0cbe61849967990e2d4d32b6d8caf97c36443a56dc336250b1a1502061626643ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
2f5be2ea24d83e74d2fc7fbd9b753e42

SHA1
b4108ff58b194d910a7baf12590bbd5cb0a73515

SHA256
cf87d5c83db8d0ab2e5625e336210c115e1e14351444b7b91ed111e767e755a3

SHA512
eda480cf9039f32b577e31b20affbfae3f738fcb1ac7b5ee7bee21371c29caef807e6baf1533003f1833fe4219bd99052daaa5137a8c6ecf2dc1f3067a2d1e38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
00e6505b520b6e5c19db6720ec190137

SHA1
0ab8f840a80b42e4afc2c39072db6627d2f4cbb9

SHA256
e76417e46cceb7a1f772d75ad82da302d13f5641796b1f92f9a2f5df059e4aae

SHA512
ee8012fd7959e0f0a5096fdff7f25dca34f5d4eafdef7563e53f65d7e1163604ec0736cfedfd1ca10e4fa1bf2428887545821ef5c0ae329155a4f691e3273aa9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
7c730050d5a8b1fe760783ac5e108472

SHA1
99592f2fc21cbb860fb7ee7e864375dcdf895809

SHA256
3027ac00788a61446f0174057813ad9c05873a0642ac3445abbe58c4a4e1dba8

SHA512
07c1fe8b213f5e3da4b3d6d5b7a919e0b0bcc10768e7eab6877e5634607ff931c8c7851cce9ea088843ad3a4d7c3a502645707b91214666a5ba9b5e395dce9c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
e1557a1ca64f8839a98b8fcef00051ce

SHA1
1491dc92d36a2a7713e102a6de98b0c1d8c0b364

SHA256
e8ef772e2b393cc7f9fc96e4146924a520bca1f4219ba16699e317f7a33cf433

SHA512
e5b3983ded87db3c0bd90249856be2dda7ec21a94d98eb3166817cd5cfc67bc76dcca69c55eec10e41a92dd87c63e681a81e2231d280be5097ad72572658d3ca

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
b4bb2e27f5497b4042f4362dc83af3bb

SHA1
1ca61fed8683f85162248a67553cd76c5678ca65

SHA256
803b743f9ca5501993b9478923820e498c4b14237dac626288fb49cc503085ec

SHA512
22046beac1396acd04ca4086ae433ddbdcfd722befa1dcc3a57d7197ca1d3bbbb56f211d3d3aa70bd8d46200ba0e626bd888a7be033020ab1de3af961c49ca08

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
7213bc191203b23264f0f6496fc14ae7

SHA1
9ea532bbfc2cc7cd1e483a7d93663c8925d0e700

SHA256
9d4b6aaf7a70d54a847878c06a7c33aa147b2a277fcdd5c619192624f86856c0

SHA512
46cac91ec2c9d59d0dd54165ac6f769e1b1569f28413bf20ea0f4495b54d04e65d01ace2efb9d8e745fcbb3e328abb33ab87f58ccd59b08a3027adbc2488a7ce

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
34167c79fadeecce61a055e61bcb102b

SHA1
3d2ea1b8372837523b7072a3011ad518dd6ffa55

SHA256
8b682ab96f1404c83e35eb0a3086e441cf129f2e7e88d101ae14608b3d592671

SHA512
07b46e4a63c90b67343b9af3f1e1559a81bdb3d8c3f1c48fa647d53e8d1f1815f17489449202829090c8b2ae881557e4534a536d810fbad1f00178dad61e252b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
b66457b9fedab4095351275c8e25c3b2

SHA1
179509532634ef82da65d3c0ba8f0a3d4948e11f

SHA256
64352a4c552fcbe52b5aefd50d47cd1cabb6d6a0634207277a4219389d4bdd4f

SHA512
17f3978627c5a29d8b9a61e6d6d9aa792b8f11b223586491e1caa441747b68bc4cdf8fb5f6a9674659b73461650144f2957d5f3032bb571f10428a2105dcfedb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
08f93739780ee02942ccef7ff51e6beb

SHA1
612086becba5a8a00727318b4681ac3984d09e74

SHA256
7c5fec5d1c139489cc4e200a12362956fa1fe3d433a4714f1a6cd7359d339143

SHA512
2c3e368018e2dbd65823b4f4c84ba65f84f5a546890b1c90aa7d5a487cd0a6e96f8c263edaf6f06979a21b344b49a9053493dd8b235f46f54b3d6df10e189ab2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
27fc5a45f224a923991411c76a2f3a32

SHA1
0e6cf3160f52c3a9510b67627937c8abeab29672

SHA256
f666b72abb80c7b3ecaaf92aaac8d1b82127009cd1668e12b8d72eb23ad7126e

SHA512
0330eee9cdb982e6ca60408375d03ad32c4bf5152d6ec4eada693c6abd838b661e28c71acef4adc7400df85b1408fbbb47f0565357a4d7bd596ad3d3fede6fe5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
d6fa69de1729369213a2438f2d925c59

SHA1
2495d64456eb4c01f113de6676cfe231970ae50f

SHA256
6745f8fc9f2fb608fe0898be4c20a3dbf8fe4aa1fb8f97a93940fbd75c1afc30

SHA512
21b6bc2bf98f2540bdd39f5b8733abad7057412bdda3c45121ff5c2e230adfdd9d795dd25fb91b92ce1e8fbfe090cc51bd90bd3a55a0eabe2c92b1897fadbe47

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b24e453e1ba36922a800ab7f1badad63

SHA1
6a0f800ca9e72015a7176d798ee56202750cbf54

SHA256
8b0ec5f4caccf8d2cb80f679595541e386836f987ddfdbb6ed04b6c11544383c

SHA512
1a22497994f48ba2c69a98a054fc68bab2590d8719c89110e24d0162cd66a216192955e4e791972b88bfcdaec6e71c3d56a1ce20a90885b8017c9da2b779a8cb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
9c5cdfd5b3353b4d2d30b1b29ecdf1dd

SHA1
76a8f31f67a40a726aa791bb6c1b63bc5f1b304b

SHA256
e52e13db1123cb4982549206920000d0795cec55fd85b049a31335a4ccc3c004

SHA512
b27655f4b5b25a2b8dff184ee36d07b05e0a0d514823340250db7f1e8ad5423b9c0cbad288ceeb26556c6d827292e1544352d0bd1aec0b741d263099764a0eb2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
bfa35831183fca2ba33e098fadc5b3b5

SHA1
5568d19757fbf0e1916d35c5bd04a9406fcf9461

SHA256
a0b57893873c7898d79e244f232f80edfa479bb60999eeea9b8afcd7e54200aa

SHA512
37b90fedae61bf69cce45698f1193b590c3c9741b5c79529672a316ccf395f1bdd8801be18d410adc3a86467d55ee9b17cfec6d02ed26f70a32b7b7a54585699

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
260f951235274edd0151b416872383af

SHA1
891f7db97818169600ab4b63b954b14c0ae46bd9

SHA256
1c6d6533ee20c6170727a08b23344c94b55c1fd9d8e3d7bef90fe7551e5ef742

SHA512
55dd55b00b4e0a5622c249ce7bcc5302f310e79601b39be8b29ebf9d1e7024ec56c4316d438f6105519d23bf9496b48c354b2a193ee660325b8bd63f4354545a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
523520d4cc91d6d328e404db358ceca7

SHA1
94b5b7470039d428b97826fdc360c5e7ff983cbc

SHA256
5932b0e1b87d0caa167107b5acc649c96897cb8b9b3aadf8cf892618209620c5

SHA512
e9f19411b89fc2ba71bc00ee3f4bb5c06329da716a8853d2ab3aba138f401fd79bdbd6a603f3dd3cb1bc850fa53e42fe6c1a2421b652693664c31818b5788b82

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
083df4014095f2c1f2a489088a303835

SHA1
1526a706b30738ce625e301bcc71f48fc478b27e

SHA256
6c9b72b2254c02c88f6f62c80d3bc168533fbfacfdc7bf74d19cce826a422772

SHA512
76857d055e3395c0af6f5697c4c52a5d58aab84c66611f4c23b25e112918441b741b7d0909962b99befcc1bbeb61e5fc18027292c915521bd83fe2ea780f1f7e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
f294d86bfd7c0e98093bce652b6e529a

SHA1
c7a576cebd527f0d84a9d6521895b7e739d650f1

SHA256
5aa77e4fe168c4cc6c54cb8314d5194ce52d6fcb0709f3f19fa73c1798f8abf1

SHA512
9c08b2ad3541aa9b4109c95bbe09b345ec1aca39278214c8b2592a14578752eb7066c87a3f88aa67a6e7cce1dbc11797a1787d9269840cd61a1b8d23d7769426

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
51591484836bcb2fafd67aef9dfa58cf

SHA1
1564a7c286dbcd008c42792073043db03767d2df

SHA256
ac0e49fccf92a264efe9b16792a4cf5815985b66e944eb86cc17b13000fb475a

SHA512
e106f4f7299b11ad1519f08cea5aa04d95bcb0b4c39f537d5b7e45183dca5a3ebf523a98dd7b3b0b005cbd1d2389a9d15f29f3b9fd2692cf5d345796a48ed729

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
79af6fc7d3368bf688acc533482a63d4

SHA1
f29aff23186f40140dfedefba11b74f72fd42918

SHA256
93a8baf7e2d293e4eaa060b9c159b040302755f1f7a8ab39a4ca52a777cff2ba

SHA512
94f325e220be144d4d8fc36567ec87212b8e7588ad13c1a005ebc42089d0101730e879a4b52ab180d089ef976b2059ae5a4ca3424aa8cbd184d5cbab915bfc76

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
db30607d18fb2902717adf175d4a73ee

SHA1
619a9379510c8307b8caf623fb046542e3df81be

SHA256
0b4485e7ee52ccab9a08bb62e1f009b2caa826da3f1e44ed060a85fb95d595d8

SHA512
beee8522d03e85c2123b31098bdcfa1cb6e92529bf1982ab15e0922765e43492468f3f9750a8586d6c0657007eeb5da6a5be9d03e8784cec8ed10020ed1521d6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md.EnCiPhErEd

Filesize
3KB

MD5
c11b0e2617cf641e9399e83f0f49009f

SHA1
96485c654aa4ecd6a2744246909be827206e5b6e

SHA256
0b65ac24b415860427d0eff23335572dfbb0c61183579a1033b8e7dd0ad10276

SHA512
4753a804c9e07aa1973159ceb7d66c3a70ddc6b47a2efdfe87a89616623dd94a85fad928a07ac3618f1f022c8a4ddfe8fd392d03a0e3c9062eed1bb7721c0275

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
2872b6c54bdfe54c34a5bf83a830eea6

SHA1
c3ec329c7b0d1829b5be0146a3eb4a628e224386

SHA256
ff3d464ab8872a2fd7c6fa3304c01aec6c038d94a8883ad52ca0e284c153be8a

SHA512
26b07bb4a2d685b684171d24418043074c552b832411335b886be139d8dddbd8d21b017b13b44d8d2a31a37cec29e382f57d82d19e4e682b2c28b57526135c59

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3e3f7a05362e0355b48132e816477a8b

SHA1
9cd59a7ab5144c230bbc613b9e67014daea088b9

SHA256
76b3649e1d0c032f7ee2f9992daadf066e7616849ef4548a32752a828294bd78

SHA512
d1ff26bdb9fe407139cd45a1d2f01f283a320e5a7d9b92fbbc83e973df0e03d256b21937d487358624c21545ddc79d07643d7f31e7349e2c5938d89dd6fbd9fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
8755ea1fcdf67d748a0fdd3f55c25e4f

SHA1
7ec033fff8011b0361d2bb4d7e17e05744af0a07

SHA256
2415745cda5435719828cb5bb3c1bf894116ad56b7f41f9359ff84b7e86a64f0

SHA512
3d5a5984c872273ebc5b82590065b22f6574cd83fe4036d69e86113b0620b9c6f4960860e1342a1040c3810bf043bafc64acd94ac53aa5e00ebe145d85e1c217

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
d687c24b556a9e27fff8c706a03e89db

SHA1
e226e4dc82eb841ec8685174dfb5df3989506e84

SHA256
40ea3a8cdd64be2864c644b73dca3b3a081b6d20b676261c9d930b6407837b5d

SHA512
62bcdb55bcfa6280d810a515543b29ac80e5c65fd3f8cdf2e45515f73153032d13c1068d7264411d5efa89c5cd01a7b36200a4f693695be1f5276bbd0b36a8ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
2d962be1dbc601c7c3cb136ae7f63641

SHA1
0ec00c341d9546374437fb7d21165caa4e986cd1

SHA256
2333dca274fff71a54175b8df2ed9d645e04a0171317b187f1bd8deded9b2736

SHA512
8f2a2e19442d195871891bc427bc956049f18739fe8c62b85f919bcd463a39b885e4cb8562683b60b692ab96da7346ec2a1474c2535dc0a9ede847f776e6945c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
ec4e346e04d84c58fe6968885dce3523

SHA1
88eace6a413426e6231d7252749384c3c619db22

SHA256
c6828e4257d5310b08e8e6cbfb8e2d8bd804b6495443c91c5bad96d4d1d00b7b

SHA512
1ef9d1562ce5a2ef1295c2d08e4a32c153403df41f5307a891e10dc6592bdc1b925468ce1737c6bbeb5db9711fd56205a07d7ccad77154fc9a49a61e3f2ae9f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
152e5b6ae6a30f90b7f8ba83d8e1afe6

SHA1
614a8275f72692cff8b1aeebfbda7b33416254d1

SHA256
009c9c9245cfe865b4f2556fc6f81973bd29750a30781eddb997a00bfcc96302

SHA512
7304bcc652e947d0231a8dd1e7a2af512c2008ed4485cfaf06b7867f03db7841afbba3f2a94ecc1bb1845b72eb57a6b65033b95b9e108ebe9221ae436238d085

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
714c920fc9051e4fc3cb985957cbf375

SHA1
df8e53876d4b882b682555e5de99f20ec27f2068

SHA256
9f0f1cd293a0c59e807fcec715ba80014c151d180e3519e45a92bfc3412554da

SHA512
a7ca8c897dfb63db01800e0248dddd23a0658f190e66054b6f3bd14c9dbd2ac86166863353d9e28ed96c0efa322f7fb50db2f69bf091a492c937db970a1aa792

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
7ec04ca17757eb5ece6f43327da4c8cd

SHA1
577ac2b53b51fb2799e12257d5cd4a27235d0404

SHA256
1e655749955f7402723448aa3d55cb9f5b4b251a0c552c6a49c9906bcf8812c9

SHA512
fe97712812149a909da950142b45eef5fb8fe5caab6e417ff9e9caa111ee34e1c71ca6b6dcd33729ec82bd4b73c9bafbb75048667d43154c92cc4ad03066a41a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
e893bc7859cc30c9e5c5760df8e4498c

SHA1
8f82945dbefb1372a43d7f7b231268e4e2d67af1

SHA256
ec69873cb3478378f672aefd25b5e66102c604f221ed811247357f542b7aa887

SHA512
d7392904a02a00d27b9ef929959c09f769d8de3d112e7bd4a9a1cb42d5734163b30f1143d355f2c6ab53ec8e5a8516f497d7cdb88a91e198b911748784ea22fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
dfe9d929bc1555e6de7147009856b32c

SHA1
16c826df093995cdfe35b49fb1f5c2e41e8d8fe7

SHA256
fb2548cdfd8c922473e000659911e3de5d60a3d4f5d70cb454b840a937fab180

SHA512
42e2d0829172dfaba635735a3b4ec2d950980f7d484f4502655f34f241637d74bd017fc3550d1b558050587cb5f9814fd9629312a6cfa25b4879e0f03e7da81e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
cc6007d97b589f60245dceeb8e8d51e3

SHA1
0b191ee714bb36a81b7b7cd7e5fb4da8c9657c81

SHA256
56431730abfac544bd26528642914410cdb3c10f7560d501d3ae1b7959580af4

SHA512
41e2d95d23395629c2cfa2f2f501a3492d1f2e85f5ccf0610a48c523e8642f281926e906a506b8f1ec3e4e68eb93082bf554e380b4ea35f094b474c7f57144ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
fa11ee708320cfa6c6e8c3d519f857bd

SHA1
dcc54747c4285e8ab3013bd1aec1d80c40886663

SHA256
09ccdafe33fe270433363edea5db0b8f1030cde013ece217f1aec39e41804a50

SHA512
94c4dab143fec72d7f23d1c9b1eeda1a45b3be585b6816eb5efe8bf2f6ced5f31292857d4a4a038d564fa49dd1d4b7a596be13627fa74bfacf37b74a27bc48f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
a5023225ffff94665735a4322eb98213

SHA1
9dcfff34d12abd8f71926dc445d5a84ba506faa9

SHA256
50d19c7a3c385962c5ceddc32b2b4c6fbd8c75b85e3e74657945170069a131e4

SHA512
f657e65a7b527a31879fc6358c2c05032cb561d997047b6daef67657db6f59c6c19c7829b49e99cae3d35bba72dec79b3c46cd17baae9797d3f8ce6a8d0be85d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
6f5dc349491a890659b796597d1abf92

SHA1
02d244b53bb3fb8b61940f237fd1c899f2f41457

SHA256
e9854eec66c04c7eb8cbf1f8bb38399e689f166bf70b6d29070f394401a3b57d

SHA512
d44d0f44ab7a844a5dc5d240b355e5dcd40e5d26001da968e3aec4926efc4f8dfac4971e03488d8836bbd9f3cefea68f3468c08f1bc5d888672d8090aabfeba4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
0ea7411ea4b798b0bb819e06446e109f

SHA1
5edf80aa056c7a5b7f5a5b122af221b057738187

SHA256
e3e7b8760b30c3079a6bf1ac9b3fdafb468e95ae42c889962866b6cb22117ff7

SHA512
7692031872e17040cab433106a2e43bb105af0f2dbcfe12b76f0135e1db662eb9f81f643c5836f1bc71b62b8c3841c2835dc30bfb179faf670f3bf1a6abaa8fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
3a03017a469728149443108160ad8e70

SHA1
b75761ba4c72c4bb97c66f9d2fcb10c78236e839

SHA256
504b4e6ccfaf7e26640c06dc6ec09b9d891801ad9649c245ba7df20c89a2f463

SHA512
30f80d6b8216188edd9b84f474174ed09ee90064d3711b81696a96b5ea6a52c76a34fab7efadcc09898dbb039721f38a3a0dff1fedd81a466291e755bf432169

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
9bd65f0a96c6421cb473dc9d59dc1b23

SHA1
832a584b8014e4da9554fbf7cae1e12069c0de58

SHA256
ceccef88f380100be887406a8132ca70c1d6cc84b9fbdf437fb4c5f01639404d

SHA512
1df8e836407a2cb1b546b2d9717b2c6c5d8a0084105a35a1df686f275c31a1c8a8c5a3f50774212969bb21cccd6b31e8d7c02b79b8557fb058ff68993c2989fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
dcea549f7835140c236ec7f6e2edcced

SHA1
ce3fc0c79e543e43cbf243c0dc07445ccff4afbb

SHA256
926438d836263fe943132641c0987266316798a163a14cf4659680fe9628e3cb

SHA512
9bad6311f52f33006670f6ec9b33f45a2040489834c614e3ef4c96c47a2a51fb968b01d4d3fcc6155ba6e8aa6633e6d0317c8227e96b5ea118119172dbb46cf2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
10ce65e42f36ff994e6ee7260e38d65c

SHA1
04fec175ce7d3b4e568a58414a1f2bc6f994ba65

SHA256
13289bd05cb444ca99bb8b1e0913a3338c92f95d8cdc3a69b080002bbf9dbc55

SHA512
44ffe99cf79b28310506c6c3a3fa50e882f274ae04b7d41b66f83bbb5e0598b63f4224419afbfb9477f701ced74f6ed91383226e92de11e9f897e3d9d048918a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
679ac16589b703ee1cc2bb02f56703db

SHA1
e183675ee2b9fb1126b677173527b0402eccc628

SHA256
a3eb3e91cc70284cd44abfdd631c44ce2a11bc6160d790cf47cdb8b04f52c523

SHA512
3f48dba6af229b8bbacaaab452a0a5789c9c334dba6b50533d496e305b96daf382af82dd945c1428131f4100c33bfda58782bf550a9a59d119b0619cc1e99dc5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
1e0b7a3fdc19a924d90b2d2166bd486d

SHA1
f5082a5cd3e207bda1a408c3fa6cee23d1618745

SHA256
4ce94407c83c60e3d75be43cc569924f1b2c6352676dde461387bdaafc9e25c7

SHA512
a04a608af9c3be4e9d3cb3af0c2cff20ae21d40df80707be9443b81aebcc30abfdc82475b31dbc9b3135820e1cf8e3d457387041cf9f83bb62f4bebae2bbfeae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
167f411f63c14925e88234a79b6b3258

SHA1
a228607925bad1f544533b1346e537cac512abb1

SHA256
161fa71bbf2f99e1f88cf0553bd699be039613d933a089d05f9551c19775ca6c

SHA512
89438e48732b8cf9fe3702e7082a90bb8b7216df6603aaa406baff67ca023541b20ece61efaa1f5eccb0bff8999dcb9e3a290fbf7ce9d2742dc9d969c2b2547a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
e57f2a8a776d916cd1e5ad06a8631e5b

SHA1
3ae4927975bd7c92ddb94d97cb5f0e6ac44ec18f

SHA256
75a3452e6364d74b993e50924d402c56ba6bd69493dfd3a4badb6f976db94c67

SHA512
ec004d2f42737bf64497a1374485d8dfd155c65b6e108615fd3b4cd271349db9f71584f76792f9df6a4585799dbbc19c810a0fbf568bce25dd4f19b1d13a942f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
12b64a8027ea5a1ce2fdb84c5f160561

SHA1
21c211e80d2aeabfae0defafa418a6e770001f24

SHA256
92548936067d032a1245cf199e1ab189ddca5f69efb476ffc5591b7e4bdea5f2

SHA512
5d6ac6ecec400d330d63ab2c651f0389a4c962d35574ec38b5b7025a223d14df159d682396e6e0e9cfdc23a60baf3213db0e830e09b015d59b403e6171d6ed99

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
f1018b1cd7385ff6eb10c308759cbb0c

SHA1
c62aaa1b3ca3cf5f8c3728bbb53c9597ab2caea2

SHA256
d4b21006f3bc3bb9c27a15b4d2e244e57b26d964ae44b7f04642d103651b9082

SHA512
eee95e694cd65379f7dfd9e27b48e216aeafeb8e646b4b482eff01fb2f012faeec20b4b3c248390a3bcc0386efd2b179fc9cbf81bb486d5776ea11cc1c6056b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
c962576146a9b5f2146cb21b9456197d

SHA1
b8db21b1b46e857de3322b2a57fe54b2185d0c2d

SHA256
e1d25801b453fe7c2423b449e7f6cd08e131d16159ded8bcc6444560ab94b55b

SHA512
5974b9cfc7f6ed79491c2d817c2bb7ffd39f848a850575dae4bf88aa993de80782b3ab265e614875022115f54ae6abcb614d9e432ca3f24c5a9d6aa4505d12a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863512504988054.txt

Filesize
77KB

MD5
cfcda43738f92be9e7d57fec52319905

SHA1
7baca5124a395b74363093f1736d8799c31ee754

SHA256
b38f9d765a8cf54fca29221117c4d4bdf04221b10006e61cb5bb8988ff02f483

SHA512
d8d5d96e02f0b5f351451ee1dff2de8d6c2074131990072cccee2f58c58a89098ad14567011b7959b411a121763befc003363ef32655332765808bd70670f4c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863512881627915.txt

Filesize
47KB

MD5
cb1f734634705c7c4b8b8ff93ec7a020

SHA1
5ebd6030cc80e43b5bd0cec141f81a5d4ef4d3b7

SHA256
4e19b8b06134938896fb176af9c6bc61a77840c44ed701996e28a95a72442688

SHA512
77d66b20a127de4443018ee674dd7917e30c5a9490445c3eb8355504f2387eec27ce6a48f8923e0021241fa2fe217c4258c43870399c90061954a1c6c3014234

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863519575001436.txt

Filesize
63KB

MD5
665a737a1677bb4bd7232c99c8d36d3f

SHA1
1123d8980a7091bf088d2715b7ef4087bc4157ab

SHA256
8c1e6c9da6e48788a6f962b2f19c9c82af794a0d031c6cddd11a1ff69f8b51e7

SHA512
e5c35686f5fcff750c60dcb31e1205732b333578b52c5d40a1c6b3ccd5d1d44a80dcf4fe0384dd003cfee13ce8279471458ec837488a648ea09d8d4176408ace

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863521680896655.txt

Filesize
84KB

MD5
9dbc7244aced78efc178aa5a3bec2033

SHA1
bec445f4f2277269cbcbf8acd42777828dbfb424

SHA256
9d8ec7648e67f2c53800b47748f8f030b1187239cd1f3bf3bf243f5bd5ac487a

SHA512
a83ae2a4803bdf39fa933a1ddb0e663c948834bf83606c5fa633901135f564f7186ad450ee394ba2133033bb2b8c0f9b8e2691305b27989ac5f7750dd7c02820

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133863568530281625.txt.EnCiPhErEd

Filesize
86KB

MD5
eb26225d40dddca6f930e65a91eec86d

SHA1
43480258a33891a518c724318509854d6e670bb7

SHA256
02e27ff46707969b0bdc932c58382430d1f37701e092c0bb01cbf44964b5694b

SHA512
603ce6f23b48511e1b5d069e7147bce3a291d3d76360e0e0470957017fe0f851e2806a05a41163db6714bb643762eeb60b0c818daa206ee328ccf90abba507e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mog.exe

Filesize
7KB

MD5
7ca237df45877c5c2885b323bc311eb8

SHA1
2c09e1d0e5d7cb2eefc193bde8030ef4f978ec41

SHA256
1832ec5aa127ca1549892560088ff1177a872f83a253d4f9b508e6e40ff87c09

SHA512
59fcc6de1828cbe5f4869dca176a1a1edebe2390f9e47178e0f158eb13a7b340392457619d4552869c5c83a08283059dadf721e9144575f5615835fb549ca3c3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
81005e9409ff80ec9f7c3f1926d5d1ef

SHA1
f19c8b6af530a516906d0ed115a776ea447e35b4

SHA256
d889c518efacbc0c15de7227b3909382d74929b8961cfcbb9b12361b37297299

SHA512
bcb6e80161601ce92de2012085da15ac6468d0c5f9e4a586a1c675487cecd5dba880c2fa5fa8f3962797f7dd7d4c4e3c78c1a7fea39f9a5424c6c4a767206e61

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
4445c7cdca85d7d2dc3a0e23196bddbc

SHA1
986b80848f6c267eb0d1aded62d87a0a90ea068a

SHA256
3f948825553a62620840bddf9e2ef561fe27bc543d7869ba0057af9bead40e35

SHA512
134497802ee9b1174fcd709b1cc9f217d6f083d7180d3297eca45c7225e16802b0600a2d37aa71393126935621291fb0e773caaaa7fc74566e9541d1892b0760

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
c67045249c7d18a71efa6f4ede270a20

SHA1
4a1bfe7e124a56cfd41f75d0e036581825780f85

SHA256
6bcb3516e9ceaca2fd5a46fefbe33119579181c2fd99ada67c7c5b1900f87f9b

SHA512
b56104c78743a0ec35db435ef95af658190f7824da28b9a65e0d6f8c39445309404c4b20586db237d697e9cf3a5c927968041012613490777647a0d97f974fc6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
26132a20cdf2b406398a16c1e520afcf

SHA1
9670d94bce85810476a21a47aa800046a46505bd

SHA256
16c743b2c3de29cba451659b27632cfa3e2c1888b3eaff475eef65f24e44c4ff

SHA512
429684b4e3668ee03e4b45b12074b9ddc440591732cb6010c1164a83fed0c4fd22518488dc8e3154d6600fc4e3b67ed66a7be87d1d265894c860dd81641bd76b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bc60d114ab69b8788b87dbbafc5f6ebf

SHA1
4b567a2ea842cc00af56e4b1f429b0fff35d2c07

SHA256
7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738

SHA512
2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
3de1f7380e480193a82526260901967d

SHA1
78046c58d190f78e8f338a777e4afc4dfb3bd6d8

SHA256
9a28337a3f9cd2141e7655e1f27d83983703c418aa90ced9a9b58b0d8ecaa9cd

SHA512
2b69092ee448ae83580621fcbb591aadeb787892db1b10ac812ddeb2cf6e20bcff1b542ce045f6c1e7998be15e03f4dffa557d18d2f0c6ab59bd207984975a33

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
204e8db0d037a24abf4752942e95c06f

SHA1
30d2bc544c18b96217b00a32f016b29054b2e5a0

SHA256
453b1ff0aab5b82f096b8df5c770356da9f44d34f54bf96b6eba2b424261084e

SHA512
2805eea3b767bd7fab0ff47b920a37a49eac4535284c2a6c774374b72243c367bd6b52ef020d8aee306a17909cf7e5e1a66bbb9305fdf0314e0d84ad4a9c417c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
7524a38c82121080b2c336ecc8019b7a

SHA1
83be0a561687c17003eb8f702d3009b82fd884f0

SHA256
b0e49e0bb9055ea1bd204ba3ed561b21fad5a5cc491ffd8f2e96c0534bb9000f

SHA512
23de3c3ff39bc49bb41168fe0660912e9d0f384091dacf1f6756806c06170de8256a54a41b47342689b4c19ae57ecae0ec13ac9442cd505f82afa01ad0e33564

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
74ce574cc58fcefa9fa0efa942b74b18

SHA1
5ff49d78cad41fd75278419ffaa33acea1dbc640

SHA256
b18ef565aad0f7b192c13b3e2ee5d655cc3a349c9008d7f5b80010966c6a4830

SHA512
e98eafe36bfc133a168e8bcb16e0149fe79cb3c02443689dcbd115e9e7272d5fd99f26afc681ea396dc6b3e0e7849a681664c93672c0a91f9b19791d25ecea3c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1b6345d286568c4654fc75698db2c9a2

SHA1
611bdd40ab072d1a363b8a92e98242c275525ded

SHA256
938a519cd0a27e6612c7ab88c542ca83fa593ab66e926f898a5fb93fb17e6b25

SHA512
8b3995aaf0eb34b86d19c714cfac4ac233ee7f38ea7a6967a3c4b192094abf7510101d0c93b594bde20231faa9d31ba8e01a3f9634f4e99f3f5503f668adf3d6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f1d8929fedd24827e11e8851f798da5e

SHA1
c843d0b664cb9559d0b82abd4910e27db312c4e8

SHA256
0765ed2bdb01e143ce740406c889220ca570d2c7be92b6bec9ae55494418c163

SHA512
1e3480940ee1df0d7bd051ffbcf30c112809b1e876d708573cd3dfcb0e1183f4182c0116ce93cbdd080a89d5e3279a27adf72436582bd6b87bda69f625285366

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
743693c83a38b55ee24df0f350dea790

SHA1
7e8df727559718e88dc030f98f5c6fa8adb402d8

SHA256
ba3ae0e9aa98a9ab57bb0f683c3f1a87e28a23f2d5b25adc53fb3e122c0aad7a

SHA512
5d86ea75993235860917291b4f6b28d0b4bb7274ce279f71918ea97819297df3bb3d862432d010a300e4be79218cfd6f8b7a54e6d50dedb1ab76b1d7b9264797

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d0f17bdc7b58ef56d185e8ec3469feb0

SHA1
490e119031c25e11426f146a405e17512cd74c28

SHA256
50ccfd9925ae9a6f5fbc90fe783762f98d3a757b8e2c3512f1e70f92730bee57

SHA512
f557b19d767af172d0ef043f89bcd8f560fb7545791fe5373c8acb42654023a7514ecf712ca3e0b45bdf07f6c41a64e0ff3069ea0e07a266fa79682aaa47701e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
941b94a87f6302ed1726af7b54b008ca

SHA1
bcd232e57e73608929d7d7446d83d339de2b5ab3

SHA256
6174abc23a5d9476a60b596d9e97ec38cf7513e166190ac7393efa207eb7e092

SHA512
8389d2fb5ca57d5eae278be47ad71246c45b256179f51901a11ec03a57ddf3b6e42b9bcdc1dfcb7d0142f8395130e78d0b1ffdc180242fe094cd19de078efea6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
ead0bac0d45542c7829da37fe593c1b0

SHA1
04e076fd6bbc3b0f8273b6f85ec1b7ce18a8d3f2

SHA256
f698436db4c8d9350eabcf3b93ef9a89ac330d29e239d66739c806534d430581

SHA512
f53be0b3fa9406e22d10fc772bae688625b39540c95424a2c672b6f63d2b116523be213bac9408380f3cc0264ddf824cf3bf8b14bd81d6c9fcf296bf1c1914ba

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
3c0b0ed13dd424b3e9d4d8152be34d10

SHA1
22a0a8cd977cb998c0bc907db9bbe233f444ef07

SHA256
658121e348335d426a53cc2c4dc0c69a31a391bd8d91d0c850b923723cacc68c

SHA512
e61ddd9ad295f2651801dca0a378ca75f0ed93fbf5d7e5e6aa75be15f2401108348fe3634ca7849fc69a3c30c48f50edf7af9da1454b65f32fb4260a06da5bf8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
8e2a4ab93223e4dd4788d911f8b5c9aa

SHA1
3f0a6798a8008b05655436e93eb62b9e4dbbfde9

SHA256
cabe75f15dd1ef79df1dac6729bd47795faa88f36eb851b90768d66203c78820

SHA512
b78ec763cd02fa1c32af45b54392cdb33a1c2c9ea063b66dc6e0e14352b71f4510ac42f3ec97a6f50bd5e2787ceae59b0924fb213c20448e64b3417216e6c325

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
7c29ddb59588fd440b0d76ae6d0fdeb3

SHA1
af1a85356ca26ab7f55fe53e82f0a026afa21f42

SHA256
1fddbf6d293ef6f168852ee944c4925e78ddbac8b6179196e9f6c01c3ab620a7

SHA512
ef9cab0114ced7d0b3be126fd51449c1b31c3ce7334ec8961bb6f0f37c1c7953aaf8c65ce9bc51ff1cc620ca6fac0ac42cc1a1be73cfb71d1e615b92bc6bde9a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
de4ffe0dfd5526c02a586da2f58588d9

SHA1
5cb641411862e0f570467cc568d881668c103ae4

SHA256
ea7ae9d22e67cb915080c9e2b57ca3753cd7a4f91e95126ae5d53af0150b2c25

SHA512
5c66afa7976c4f0ae3d7a6d49ade48ed9e19ed4fc6c71eca6523bcc5614ba77a8b1b60b1f9697c777c69b7f34bcd6f1c2dd7bc48feb90fce4e1419178e354499

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1663c0a0a668cab43901917b42100a5a

SHA1
2c803d559757dfab2da05b1041eff2a3379e2ab2

SHA256
65803e74d4efe23ec9609db53d625d85a685a8b1a5e23ef3726123872ab3f810

SHA512
725eaf4015dfec06f313036079f6e11caf3890271e4294b77f582b2b23dd5e0284ede70ba57d00dd0a84204365493cc94b711d902a7c1868d2669a1fd420bd7f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
575420437e6dc19786ef5232973b14aa

SHA1
bc69b7ba26ba6966ee2ed945dd3c564dab0d6882

SHA256
d08a1a36fe14d4cda69e129e704fb13bc90368d7c5d493bb51d3f953ea9d8de2

SHA512
b3f780a9a47d2c9045b88c4f9cd18f47a0aad377fb57d46ea899397f7c51c9d413fcc80c3f2f9cf9ac31d792c217fc71a9c1223ac2413914708b8f38ace41bae

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
081f69ca0437500980297ac6f3fcd344

SHA1
06a16657c5055d624c5f89d37899e5a66bab6657

SHA256
d1c5f5280da200502fd8161c22f3d656b95360b9db7ea053353dbf2590954e6a

SHA512
3b265715ff6eec41a721510254c77721d91f08f21009f4123578f2e3fa075de5c479d4486a102b0baffae7619c208abc0972c6c7c2489d0f82f35e35d5ba09a8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
c2eb3802204151b3351c6e5485c5ecf5

SHA1
4171b9e9f6fdbb444d5dea17d2980a21bf5572ca

SHA256
3e85ac4439ee02f1c0b81792f413f421ffe9ca0239f34ca5d9540b68bc2e1d04

SHA512
f9cf40509ce2cb8a87d068675785dc12c7baf50baf008e5ca4789e3bb9b88fab6e2a74b8acc4a485da13afe6f58e13dc5173b6d73fa5437ce425ecbc6464fc23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e3920410d9fd351bdf947ec6ebe806ae

SHA1
15c4b67c70a7b31496399f93682262bbe2d04595

SHA256
2d4ede9a273782274fd6df92d177d9ea2080be9eeac3c1a1f4273f666c622d72

SHA512
ceb9793f85f5b60b1c56686698c9d1d9d0b35d16d2b2bdbc18826f2d983a885369dd680160261b99afb61fdbb4d1f9a443e53e4a79e33806d7036d09e00a75f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
e488dd369945036dcf52e0e8c210f372

SHA1
8df293778a893d403fe819ff393001be9869d3a5

SHA256
910ff12ffaf22acd5f88ca49c42267f57ac267c43749f25697ea75fcb6760090

SHA512
2a44bc6921953a493828117d9849adc6118af9b0c3e2cfa370f4a54eaf737f3a198abaedb26b2714f7c2d179212277b296d221c093a9c17a431bac9c2dafb11c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
170ad0b0116b7f17451a07a17bbcaa53

SHA1
a35cb41749b599fe463747fadfe69c9aab8f86bf

SHA256
ffa0e221927757d6a0108c97223ccacdc02b756777b615089cd76650d018c40c

SHA512
2fb20d156a4c648319ab0e00afa3f72aefa84bcafa5e48bc6bb1b4794b302bd6aef7925ad1969b619eff629e815dae45a04cd428adfbe3e7906d8a141198b627

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
46103ad9c47084f3f499ae4a3e606669

SHA1
1e704a1deeab00c413251b9a5041d7ef192b7d98

SHA256
2a270b231cf9434a3bd5c84f4c3dafb3e9409a9c905c107bd203a3aa111de8a5

SHA512
24ed8d0e817a1f32f3dc2bef2982022182b40b2ab4c6936dd474fef66e71ed5e091dfd7d9b45d69523be415f6fc3d18c3b491601cd87966eb90f5bf97a807420

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
994337ecb478b2686e12705eda5d7200

SHA1
e27bfa467528696fd4e55084e9c2e39cf447983c

SHA256
2eab74cf22b0e51e136f2ee4d5eeae2e761bcc6d30bd4b2dd1b292a3017680ca

SHA512
90646655f9274faccb5cb0839c4b5537f3eac129a73f4a0f9c6236182645bcd3b9b291705377aa7154ce713ed86ba6dac74fc2751f6f1e8e3066ab435de5abb5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
396b7d60a6410b2442d48129b5e6bb12

SHA1
8545d489d732d419bd3472227cd3a6e0d8fcbb37

SHA256
90c19d16ca8d22250746abe4c0bd793b3730b9d61ca5932cfb6688ad471f1bd5

SHA512
95d9f5868eff3bca103382aca7c6367462f178855409e27cd32c599653d4a79f701515c3cf83d5b44a73f9cf0c2d8e4974c372060db85c709e3e275e8172509b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
58fb806cd875960aee7d33097bbafdf5

SHA1
f8d613948a13d9cc7ab0f49698f0f98ac1b39694

SHA256
3e3b7e3216d34a8ebd2f93e05b8b52fed9470a1ce2a38d496e882745420253b3

SHA512
721acf26cbfc075dfa8ad09a7fe0504a6faf36522dc84aa75c89f8e65d6eca74d27971d2932b83fca7947fea4956a47a9695b769f0062ddc4a9bd4f3b5ea5365

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
eab1db9fd525c160021ffa0cc1c225a1

SHA1
244808ab6e4440629b5ac9382f7b6b89d3121476

SHA256
3bc4b754ccca2ea401d268aedfff6888b4b493b32e7c28c6a34e8f5d4b8ce58f

SHA512
fce6255ecf3a860135e079eb9c56db5788b90e3fe157b0641c1f5781659afb0231cf801e7c6d9ed806ede2fed51136c38e6c4bb15efa746b208773a8d2b52f23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
019e636106f9ce7e23ef6e7621fcabf6

SHA1
91ba54e327adac498536a556516bb6b0bdbd50cd

SHA256
4495399da77c3826169b7a766d5535f5775abb0c2de0a6aedb7bb98128b40e41

SHA512
3a76e1796e462c0b6e9ba058cf54e2f4b8a66a4411162ae0ed89b980e8b7cb4138425b75c0c800dde297d86dccda1f94e421931b750ef1c786247aa150375371

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
8ae56c52544180eaac985c4979c15662

SHA1
fe3ab6794db1196c8df94900c676f18386b060d1

SHA256
cc26a37f98465bb0f1d7a1a02e53f307b22d2d19bff19c01052578b4f7e24968

SHA512
07acf94569e681f03652cefb42bcadc4f97d37e38fae3b1606c9524971659407eda02db16bac4736959fb08e2b818d920878d9c6a9dc9c48f6998ca9986c3a5f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
70b20d524352aba36af2ec8d47a20211

SHA1
4706ec4abf23f85b71fc86824bef96f458be68cf

SHA256
d5b7a964cfff4cceaa3895c710895e365a527715253db613780c8d42902fc18e

SHA512
fd9603d3b8a8b80be0590254b2ddef257a1d64aa06a63d1bda34dd4e26aa1fc96d50a8a2ce62d69a4515523f1131f4e6aa22d08887bb31f8ecd8313aac6a8207

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
019071b98916ae92d9f09d521a1c39ba

SHA1
9074075f2681a60df5be11cb9d94544c6d2b2c60

SHA256
6df13d3b3ab17d9884a4fdc112983a1a24a54bb7709be6d89d46b00c850860d0

SHA512
d3b776ca711fe4f10b52e0ea098ea929186b38ef094f53bddac1c7a323b4e386db63a6ecd71357893ce344cb342812352f541acd7e5523e1ca56a0bfae46c0f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
79b419ab16e984b6fca5d66480efb52d

SHA1
33a93901d2268d52a16fc6bf46236c89ea9ffb85

SHA256
6972665cfb581b31de6fbd7777b46daac34a3d337a48f3a3aa92140be6a72203

SHA512
dca3be7bb3f7ba88c983f4d8478de50de4241707be7fb493037f0399d126c8ebf3e1c98fdfc4f77d8ed51a5b248b8c896932b22f5f4af7d816d4fb0893b3a37f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2a25ef1a5d8cec5a2c8b91885c6c8c2a

SHA1
a0dc79947f4c2760a31e7f753568fbd46eb1d5a2

SHA256
9a67d176b404538bd71a6a6c6cd8bbef7e48095f06206acbbaed482913f09388

SHA512
febdad0637e0f2d5659ec9e143352fdeefc6e21096454c050aaf53d20ac0462c662f85d30e769072305dd4854c2d5cb8abf153eeeff6c54d88a9db70c5a01f68

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
53e9d536319a03cb831f90dd372e9f22

SHA1
5e81e135d010c6db12a42fbe4b648c50a985459d

SHA256
4693c0c3574a0696e1419ba28772875fe871ee8400496d585a3e473677b1ae6e

SHA512
4835faa6da6e0bf028437eec8617142d1ca6272f7d76e084086dd1e2d80dd3c568e731f60ea2a84baef35db2a87d08bb828eb4b05ad8baf6ce85649b93f33ebd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
2538ad96af01abbf9469a8fe6fd237c8

SHA1
5ac93d6300b06133eb1219e1cd995cf4a5b4e687

SHA256
11adf8a27bce60e635c8f2ab74bc2c48b08da64f873df84f3503b7cd9b0a03d9

SHA512
57bb4d042b4b49fabf8676f9833d7dcca7b4afaf73fbdd65f721beee78dbd97446dbcbbb2e3f617fc4d0e5116c77c4460827e31ef9eeaee2aac6cd0d8c633a05

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f6c94383129709e97879c12d622458cf

SHA1
e96cc2e3a5e5c4ff5dd2466c7026bb54997f01c4

SHA256
e69aa5e35e5d22918908a27eef4501a0a332e7204e7b37048f0c072a424e342e

SHA512
6f6d71e60f3d00b73cf0ff31b24a661d2bf27f4be6eb32664127b36541ef71e3b8d11eb7e45403df2492100c67b3597a6e6b7fb5de95fcbcb380dce0c288fcd3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
1eafedff5d6b3ee91e53546d3792be4e

SHA1
70f83797d08f02f6b36a5a230edc61b5f09f6a54

SHA256
c242b9b0e48d8364440511f37a0793df14faff160e39c5aa3c3d2bba8e88a556

SHA512
d22c1a6377bfeb8d3faa2494ffc54427a9e9629811c2d604b18e17dfd43a27931b6953cd651c0148a42d4fde5021637b519ab1eb5e55b9e0bd379e1a32e67a3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
afcaef95b06bbc2b7ab1359005dcfb90

SHA1
43cc108287a008f36e9b90e3b6d65c91e3649a4e

SHA256
978bec59b926728d6dd7f2b2c2a75aa3dc895a427fd2316b4e4cbfad9ca4a1cd

SHA512
64abe4d4a764b630977708125e40f1731d9fcc5447d02d390560810c44a03001fab24cba29ba9ca0dc67b9b49bb1fb931ff0bd67c6b7684950f4f9698787cf3a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
3e945dc6601d44a08a120cb4a8e2d91b

SHA1
a471ff8e6097067f53f237f2bb1c11781268c443

SHA256
e8bfd6769cfd1111ecfaaf187c6d83e1c833f77ee306b29fc386ab132bb6f86e

SHA512
1cc3c026263adb73419852d7226193a9b1e8d74edd2ba57a5187b95a6e2bf5bfd1aa97a7bc4a9841bbdb412151141bcc0aaafd5b8412476ba5f028c4b69527bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
3744042983ebe576f93835a8bc01b87f

SHA1
a8ed0c94c59afa4c1edc3f660959f70992e363a7

SHA256
65dfbbca0351adb53862bccf80679b4cec37592ae54055dfb2f078e00eb6445e

SHA512
f656796fb4031a26c53b740834ed713ef403f78410d8a3a6b0ebc56f417038e5f2e5fc71c3146f2229484319d22d96fc7b97319e05de3cf7b5569fa069d2a047

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
641c64dbfdb7dc879fd55cc87bce8098

SHA1
ebcdec0667640515c6cefa257017026031e6c070

SHA256
1a474e73d337f688f999ceb9192f5e66ad90c50c8dc9d3bc5d394972a279e849

SHA512
f5e5550633ce6ebee0887f513796246f41265d6217225930dac71cc45098c57fedbe080f03e292da1f218323e664b80a13829ea2211073dd79fb79e477aa783f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
5911b6203a9e87ac02fe2171ae0d99a3

SHA1
84e323792453e16fea4455d6484e21debfa2a07d

SHA256
5374534f2edfeceb347cb651392f51bcd18e350dd9cba3a947003ae5f1ea5574

SHA512
01ba6c3ad618aa86efeee750b036ad977854f38e3b5436da6d78fdaa1e985cab9b0225a300996fc288f08542cfd8f71e77148b626f5a7209bb2780b87263e8b2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
17a5bb7e9facf0d5ce2e4efb93e69381

SHA1
d2af4164dc0cfc0e07be5eb1f57d74f1191c3655

SHA256
b2f7e267a46a9ac4a6bf0805bfc5ec2b7ba9bca4af8bc424c7ab4d1cab7c636b

SHA512
d20dc04fe1fa86083b55a740f46972ddc3a7ece7e4d75ef537bac7dbdeba226808dff1440c4d0ddf7d7b35d78b5b0ffea201f356c37846ea509940eed68acc82

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
bdd38d28797f8992535fcfc55313186f

SHA1
2bdc9fd86d2dd33a742f591d1e4014f2d156a5e1

SHA256
97ea160644955f2785cc0f3b81d3e383740cce58ee47056653b07ea31563eae6

SHA512
2ff11f00eebe82c5e182943622aafd3050625d5ef1e13c4e9f3b6a9dcc552dea7fd661640a234615d28ba2b88879bd6a15d8b7e6d5823e83f96cb99e15eba416

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
bc1491a9615dbc77afd531237aa4639f

SHA1
e80bfa780f0a98d2d06c4415b2a150eea513a1a2

SHA256
492d020df8678bebca8bc04e86fbf9e1196656c5d461e45e975c6a17ee5541ba

SHA512
84653cf4a7ba1b4f265529aa625bba2e3c39b08bee1e19ac5249d9a986f7aa40acf02b5d48358af847d76c9a1fe2a2a987713b95f529583d3441d9b91a06d63f

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
33ac1bead3dcff519a1c4860c0385c8c

SHA1
c052fd7fab8a61ef66fbd5858958abd7ea5527d7

SHA256
036a776de39cfdc54f9370403008c4bececd427df0b0e41b7ac1653276ee3d6a

SHA512
6f74aa4602578ac7ea29e74b9049ebf4fe918df0fcdbe53361f9c67a2bae48d8b6887a9cd103bfb0b0be3f353c674231d9b87debbb7dbaa46ea332e7080bdcc1

Download Submit
C:\fe11fc83a38900fcf766413d81eba9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
288B

MD5
520c33eb1996d5f944bf2c0c20d22990

SHA1
d0957414458c49b914801432034da925012f0b07

SHA256
414ac5be57488b7cb56b3e9ad509ee2eb73a510bdb3892973a9d42bfdae427e6

SHA512
c689a9b2fa329ac6c02f939ea011187322adc2fc20a9117f872a27ede4e366f8bab23b55145436bf49cc9b4161f49ce442affa31777e694d540dbd3106ba27d6

Download Submit
memory/5560-5612-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/5928-188-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/5928-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/6112-5193-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-5608-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-11195-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-10257-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-11517-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-11537-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-8-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-11543-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/6112-11546-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads