Analysis
-
max time kernel
52s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
06-03-2023 12:10
Static task
static1
Behavioral task
behavioral1
Sample
cmd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cmd.exe
Resource
win10v2004-20230220-en
General
-
Target
cmd.exe
-
Size
55KB
-
MD5
c80fa6946b999e10575655b52972e294
-
SHA1
4b2b7d490c1f84bc210a2aa3bdb02929e2dbae1c
-
SHA256
9fe80b59926a0d8fa97ce49a1ee7564a8a2464283d3df047a9af7eea2356d3f5
-
SHA512
e80e94e3cb2518cb5b534fa4b6e7eec8e751343f41b5536faf788f607d53562c42879219117021a1b0df9f0f3f15a7a39890b5ed96e27b5c70841b7ec3594576
-
SSDEEP
1536:EkcgYgbig9EhjWNMSTdwp++la/oPK5fOm3N:Ej8ijWNw++ldo
Malware Config
Signatures
-
Phobos
Phobos ransomware appeared at the beginning of 2019.
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
Processes:
bcdedit.exebcdedit.exepid process 988 bcdedit.exe 2108 bcdedit.exe -
Processes:
wbadmin.exepid process 892 wbadmin.exe -
Modifies Windows Firewall 1 TTPs 2 IoCs
-
Drops startup file 1 IoCs
Processes:
cmd.exedescription ioc process File created \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\cmd.exe cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
cmd.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmd = "C:\\Users\\Admin\\AppData\\Local\\cmd.exe" cmd.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmd = "C:\\Users\\Admin\\AppData\\Local\\cmd.exe" cmd.exe -
Drops desktop.ini file(s) 2 IoCs
Processes:
cmd.exedescription ioc process File opened for modification C:\$Recycle.Bin\S-1-5-21-1013461898-3711306144-4198452673-1000\desktop.ini cmd.exe File opened for modification C:\Program Files\desktop.ini cmd.exe -
Drops file in Program Files directory 64 IoCs
Processes:
cmd.exedescription ioc process File created C:\Program Files\7-Zip\Lang\pt-br.txt.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\DebugRedo.ADT.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jre1.8.0_66\bin\jaas_nt.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\msvcr100.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\lib\net.properties.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\local_policy.jar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Common Files\System\Ole DB\msdatl3.dll cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar cmd.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_it.properties.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\7-Zip\Lang\gl.txt.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar cmd.exe File opened for modification C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\lcms.dll cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\jre\bin\net.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-compat.xml cmd.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe cmd.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\ExpandRename.wma cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar cmd.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll cmd.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\bin\server\classes.jsa cmd.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_ja.properties cmd.exe File created C:\Program Files\Java\jre1.8.0_66\bin\JavaAccessBridge-64.dll.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\fonts\LucidaBrightDemiItalic.ttf cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.id[425C42CF-2726].[[email protected]].dewar cmd.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.id[425C42CF-2726].[[email protected]].dewar cmd.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml cmd.exe -
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
vds.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 vds.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName vds.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 vds.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName vds.exe -
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
Processes:
vssadmin.exepid process 2232 vssadmin.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
cmd.exepid process 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe 832 cmd.exe -
Suspicious use of AdjustPrivilegeToken 49 IoCs
Processes:
cmd.exevssvc.exeWMIC.exewbengine.exedescription pid process Token: SeDebugPrivilege 832 cmd.exe Token: SeBackupPrivilege 3632 vssvc.exe Token: SeRestorePrivilege 3632 vssvc.exe Token: SeAuditPrivilege 3632 vssvc.exe Token: SeIncreaseQuotaPrivilege 3904 WMIC.exe Token: SeSecurityPrivilege 3904 WMIC.exe Token: SeTakeOwnershipPrivilege 3904 WMIC.exe Token: SeLoadDriverPrivilege 3904 WMIC.exe Token: SeSystemProfilePrivilege 3904 WMIC.exe Token: SeSystemtimePrivilege 3904 WMIC.exe Token: SeProfSingleProcessPrivilege 3904 WMIC.exe Token: SeIncBasePriorityPrivilege 3904 WMIC.exe Token: SeCreatePagefilePrivilege 3904 WMIC.exe Token: SeBackupPrivilege 3904 WMIC.exe Token: SeRestorePrivilege 3904 WMIC.exe Token: SeShutdownPrivilege 3904 WMIC.exe Token: SeDebugPrivilege 3904 WMIC.exe Token: SeSystemEnvironmentPrivilege 3904 WMIC.exe Token: SeRemoteShutdownPrivilege 3904 WMIC.exe Token: SeUndockPrivilege 3904 WMIC.exe Token: SeManageVolumePrivilege 3904 WMIC.exe Token: 33 3904 WMIC.exe Token: 34 3904 WMIC.exe Token: 35 3904 WMIC.exe Token: 36 3904 WMIC.exe Token: SeIncreaseQuotaPrivilege 3904 WMIC.exe Token: SeSecurityPrivilege 3904 WMIC.exe Token: SeTakeOwnershipPrivilege 3904 WMIC.exe Token: SeLoadDriverPrivilege 3904 WMIC.exe Token: SeSystemProfilePrivilege 3904 WMIC.exe Token: SeSystemtimePrivilege 3904 WMIC.exe Token: SeProfSingleProcessPrivilege 3904 WMIC.exe Token: SeIncBasePriorityPrivilege 3904 WMIC.exe Token: SeCreatePagefilePrivilege 3904 WMIC.exe Token: SeBackupPrivilege 3904 WMIC.exe Token: SeRestorePrivilege 3904 WMIC.exe Token: SeShutdownPrivilege 3904 WMIC.exe Token: SeDebugPrivilege 3904 WMIC.exe Token: SeSystemEnvironmentPrivilege 3904 WMIC.exe Token: SeRemoteShutdownPrivilege 3904 WMIC.exe Token: SeUndockPrivilege 3904 WMIC.exe Token: SeManageVolumePrivilege 3904 WMIC.exe Token: 33 3904 WMIC.exe Token: 34 3904 WMIC.exe Token: 35 3904 WMIC.exe Token: 36 3904 WMIC.exe Token: SeBackupPrivilege 756 wbengine.exe Token: SeRestorePrivilege 756 wbengine.exe Token: SeSecurityPrivilege 756 wbengine.exe -
Suspicious use of WriteProcessMemory 18 IoCs
Processes:
cmd.execmd.execmd.exedescription pid process target process PID 832 wrote to memory of 1440 832 cmd.exe cmd.exe PID 832 wrote to memory of 1440 832 cmd.exe cmd.exe PID 832 wrote to memory of 5044 832 cmd.exe cmd.exe PID 832 wrote to memory of 5044 832 cmd.exe cmd.exe PID 1440 wrote to memory of 2232 1440 cmd.exe vssadmin.exe PID 1440 wrote to memory of 2232 1440 cmd.exe vssadmin.exe PID 5044 wrote to memory of 3232 5044 cmd.exe netsh.exe PID 5044 wrote to memory of 3232 5044 cmd.exe netsh.exe PID 5044 wrote to memory of 4672 5044 cmd.exe netsh.exe PID 5044 wrote to memory of 4672 5044 cmd.exe netsh.exe PID 1440 wrote to memory of 3904 1440 cmd.exe WMIC.exe PID 1440 wrote to memory of 3904 1440 cmd.exe WMIC.exe PID 1440 wrote to memory of 988 1440 cmd.exe bcdedit.exe PID 1440 wrote to memory of 988 1440 cmd.exe bcdedit.exe PID 1440 wrote to memory of 2108 1440 cmd.exe bcdedit.exe PID 1440 wrote to memory of 2108 1440 cmd.exe bcdedit.exe PID 1440 wrote to memory of 892 1440 cmd.exe wbadmin.exe PID 1440 wrote to memory of 892 1440 cmd.exe wbadmin.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\cmd.exe"C:\Users\Admin\AppData\Local\Temp\cmd.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Users\Admin\AppData\Local\Temp\cmd.exe"C:\Users\Admin\AppData\Local\Temp\cmd.exe"2⤵PID:1152
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:2232
-
-
C:\Windows\System32\Wbem\WMIC.exewmic shadowcopy delete3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3904
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} bootstatuspolicy ignoreallfailures3⤵
- Modifies boot configuration data using bcdedit
PID:988
-
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} recoveryenabled no3⤵
- Modifies boot configuration data using bcdedit
PID:2108
-
-
C:\Windows\system32\wbadmin.exewbadmin delete catalog -quiet3⤵
- Deletes backup catalog
PID:892
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Windows\system32\netsh.exenetsh advfirewall set currentprofile state off3⤵
- Modifies Windows Firewall
PID:3232
-
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode=disable3⤵
- Modifies Windows Firewall
PID:4672
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:756
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵PID:272
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
PID:4460
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD52f244a56091c9705794e92e6bcc38058
SHA13f2b518be764f29c66ba8564d1be8f4309cce747
SHA256e322feefa8d4c76d8749f88c9b877e3e119418c4ac0b18a8cfb7260638cc588d
SHA5123ee3835abfec9c2db4ba1f33b5e59db2400e712d5dd7cde82a12889ea1beab8ac85b923ec0447e81b3d2ce3ebd14922882653f5bcdcc81a29f225acfa4872572
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf
Filesize57B
MD5ab9d8ef2ffa9145d6c325cefa41d5d4e
SHA10f2bf6d5e1a0209d19f8f6e7d08b3e2d9cf4c5ab
SHA25665a16cb7861335d5ace3c60718b5052e44660726da4cd13bb745381b235a1785
SHA512904f1892ec5c43c557199325fda79cacaee2e8f1b4a1d41b85c893d967c3209f0c58081c0c9a6083f85fd4866611dfeb490c11f3163c12f4f0579adda2c68100
-
C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png
Filesize138B
MD5a2bb242dc046bacdc58e7fbbe03cce85
SHA1052ab788f1646b958e0ea2c0ef47d00141fc1004
SHA256486a8212c0d6860840d883981ca52daaad3bf3b2ab5be56cdc47ed9b42daba22
SHA512d9bb4c0658f79fbcf22697c24bc32f4ef27ddf934e8f41cf73a2990d18cdb38379f6b61e50edef8ebdf5a2f59a0f8fa40e000b24f1c55a06cfa161db658326ad
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml
Filesize431B
MD52c16868331f82ff43059dcb0ea178af3
SHA1983589535e05c495ffeae4b0b31ddcfafe92a763
SHA256be9ceb4464b22203feffd3700c5570b7d6d44c5d0d357148e1e6d5be5e694376
SHA512184653d3e40df84cd0052e5d9477201f276ce0e8cbb5e4b7bfac86fc7da325eef476982910be24c20725a6db6617fffd88998d6053c1b694718bc7ab0bde9ea1
-
Filesize
411B
MD5f7c78514872f9cb5585f8d69532cd2d0
SHA1ff9dfbb62a3b48c85b6434ee831fb33a8dba9526
SHA2565f7bcd85900e62abb00ce739eaad53d80170a4a6152d951b6825110d2fc17965
SHA51250ee6ae916ea0e806b73c2e5bb727f6ee4837a696c5bd8559ede78148b40a5d5cdd135e28c8b5153a8fef568fd21ef0708ca198ace89e7120ffb84fd9bc91c01
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml
Filesize429B
MD5d7d2fed9b7c55fe72a6cda66725cb7e8
SHA12cb154a1c4a0553658801a088edf87b5816cbbd2
SHA256a6df5cb2b51fa56609c7daf08d28f0e41801b96f9514a9d179992a63afd516b5
SHA5120ba4d570d624cc5aa6af629260668ad805285fcedd61002999734fe04cae47016cf52022c327cf22935ded99b30c52d9f041ead60a3425365116bf1bf4cbcf5e
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml
Filesize400B
MD5a75d7d422fd00bf31208b013e74d8394
SHA13d59f8de55a42cc13fb2ebda6de3a5193f2ee561
SHA2567a12e561363385e9dfeeab326368731c030ed4b374e7f5897ac819159d2884c5
SHA512af3a1e15594a0bf08ae34a5948037ef492e71ee33d5d4ac9f24b18adf99a34563ab40ba8f47f2adff5d928f18d8a8cd60fc78e654e4d6cf962292d2f606def66
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml
Filesize437B
MD5ceb1e6764a28b208d51a7801052118d7
SHA12719eea8bde44ff35dd7b274df167c103483b895
SHA25699d48b66d590c07b14f4cd68adac79e92616afcf00503a846b6bf4599bfeabc0
SHA512f4a2df6229bca6c6ef9ef9f432847683238715eddcb1f89c291da5f5900c9a3461204d8495c3450c8bae1c1a661424089554d316468ba1b039a2c50d6e69bf29
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml
Filesize463B
MD548e296d8287ae11c252e4277ee885161
SHA18a75b573549c2791d38acb3a4d215fa2153b37eb
SHA256c94a9a55369ccc4b41a71b9c18b04e1778a0913447ca6b5a630135f7a7ac0c1b
SHA512b17a5a8a6009bfde681829bd7be3b550d8b8bf6bfee19bdd55567163890550980ac0633fd956f117006892638f408c63449d4520b0716e6866ab0858cc3f743b
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml
Filesize473B
MD5437687da72730cf42ce36bd093b78b3e
SHA1693e31dc362426bc4d7a6b2954f7c80267476d66
SHA256d0d0b1face19fe4a88c6b51f6ced55ae0e00ac548b75809d88089ad431da5d3a
SHA5127d05e270926dcb452ce405dac9dab6e9e1a0dd247bc93f0940826eb4abecf827acb6f42ef32d3b6f6ac4b46b28d522e0b25f6b8b679affb9a198db8ba4fe2daa
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml
Filesize417B
MD59f89b49e6e4b81eb9a3ef6a5d8924461
SHA117ee8eae11a1fb327f3344cc549bef305de408c5
SHA256d739aa103e35aa5efd0fe49dd14d9360b5a83261b164d6d3277a24fed97ff8fc
SHA512ef2f26b00ee4dccdb28fc1bb6c960cab9ae6f72f126bee21104b865b8e7833b35a64abf464b71cc34e954a8ccdb805544729368caee2a84b8ab97914c30fa761
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml
Filesize405B
MD5bb95a9de280c528c32806d0d5231de6d
SHA1bbffb8596f1bc68df5603a10a3672a02ebd3ea8b
SHA256a7ca0125b93e1a5681d5a9c294ec3a4e5680cc58e44fd223d2dac04232b7367c
SHA512ac4cad4f24495aa6b0d5ed8aa439554f479cc2fdba4d5dd256f1983fa43a4121c8fdf79ad7ec9d9a396a73fd480bf2f5141ab5303d50c8b6d2ce47d158010a80
-
C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml
Filesize407B
MD50188bed9647ab3c0f81dc3e4b5589baa
SHA105493cad7050ee0cba5255847941736898503dd3
SHA256f5d3f822a8435f91f7a5d54b720aa637f8b8f8102c7670d1b52d98f2d0123beb
SHA51220e40619e02c24acd461fe07a7d7e448bdd03f423221ecde05ec206eb7b520d3d500e3b5988122b97a8752fe2cc7b305417692ec73d4568dcf49b2c3c4fb8d0b
-
Filesize
153B
MD5d13b5ffdeb538f15ee1d30f2788601d5
SHA18dc4da8e4efca07472b08b618bc059dcbfd03efa
SHA256f1663cceeb67ba35c5a5cbf58b56050ddbe5ec5680ea9e55837b57524f29b876
SHA51258e6b66d1e6a9858e3b2ff1c90333d804d80a98dad358bb666b0332013c0c0c7444d9cb7297eff3aeee7de66d01b3b180629f1b5258af19165abd5e013574b46
-
Filesize
527B
MD5ff9a2d3be0b1b401f5bbae30ab62a24d
SHA129d8cda271ced9cf1d430029fa4ab0d6ba5948c0
SHA256fd13695474bc8227057e56cb7013cea630c9ad3a2a134b7b412293f850c1df43
SHA5120dd906600b44350136079b23488fd72b0f1a8a4eed594b26a692a725a62a741707b2811005dc11a389e5da89ebfd7040519342813035047bbee906a20beff2e1
-
C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml
Filesize1KB
MD50b783b2c6d8aa254f3e90187725263aa
SHA1df2e49e32c8e1d25b17d410addf35badc22ef90f
SHA256590de671f8b144c3ec28a4e953a91685bb6c2a97c7c25c08d44003445bc2fe3e
SHA512ef532a7213505f49d95b05cf27d64e1b45ef9ded6b057ba0501fb0b62631784f21f235a0842c58b2b27522e06bb383afefd3220c85064b729b45131692fa2461
-
Filesize
744B
MD5809457c05fe696f5d34ac5ac8768cdd4
SHA1a2c3e4966415100c7d24f7f3dc7e27d2a60d20c9
SHA2561b66520d471367f736d50c070a2e2bba8ad88ac58743394a764b888e9cb6f6be
SHA512cf38e01d3e174ff4b8070fb88ead7e787143ce7cf60b91365fafd01cacc1420337654083a14dfb2caa900141a578717f5d24fa3cadd17c1a992d09280fd8dc44
-
Filesize
24B
MD51681ffc6e046c7af98c9e6c232a3fe0a
SHA1d3399b7262fb56cb9ed053d68db9291c410839c4
SHA2569d908ecfb6b256def8b49a7c504e6c889c4b0e41fe6ce3e01863dd7b61a20aa0
SHA51211bb994b5d2eab48b18667c7d8943e82c9011cb1d974304b8f2b6247a7e6b7f55ca2f7c62893644c3728d17dafd74ae3ba46271cf6287bb9e751c779a26fefc5