xorist | e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923

Analysis

max time kernel
98s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Size

7KB
MD5

06ef31e62e5b10e2bacae0493e98e836
SHA1

0d8bb8222f1a324e048fb293011db5621ea8299c
SHA256

e5f67a8f1c6042110fe98d4943c04c5a2eabca922719354cf68b9e9cb849b923
SHA512

5fecd97757798110269f68db72882e62ec8266f2c7f68e1828b836f8e390fb630636942b7e967d22259377d57e122bf2d6102ec5f86be3804ff8f2271c4c25de
SSDEEP

96:lUZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExXWVLIgKc2qerbBZxuPP:Kzdrr1FG1WDCgmjPZXWV0ckrbBaGMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/1292-6675-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-6670-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-10702-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-10815-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-11130-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-11135-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1292-11136-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe"	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsinfrastructure.inf_amd64_1ef682cfd6fc7d1c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtdisk.inf_amd64_9a7f42b85c7def50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_4c83ce3a06d0048e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PrintManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms006.inf_amd64_c3bdcb6fc975b614\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0009\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\Scm\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ks.inf_amd64_9fac168e1cbea90c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\spaceport.inf_amd64_6383331cfa0a32be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_9977beff54a96490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_heartbeat.inf_amd64_ad33c2d1c7a3023e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MMAgent\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hu-HU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1292-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-6675-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-6670-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-10702-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-10815-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-11130-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-11135-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1292-11136-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.Support.SDK\Assets\VALoading.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-lightunplated.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-20.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\ffjcext.zip	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\bg_pattern_RHP.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\selection-actions.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\changelog.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSplashScreen.scale-125_contrast-white.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-150.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsSmallTile.scale-200.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_EyeLashEye.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\jsaddins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\skype-to-phones-small.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-125.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\GameBar_AppList.targetsize-24_altform-unplated.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-200.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.scale-400.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\StopwatchMedTile.contrast-black_scale-100.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-60_contrast-black.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsMedTile.scale-100.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\WideTile.scale-200.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\core_icons_retina.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\javafx-src.zip	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-40_altform-unplated.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\sat_logo_2x.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\SplashScreen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_contrast-black.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\WideTile.scale-100.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-2.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreMedTile.scale-200.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\REFINED\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-fullcolor.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\DMR_120.jpg	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\System\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-125_contrast-white.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare71x71Logo.scale-125_contrast-white.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe81b.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\LargeTile.scale-200.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\info.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-125.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-250.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..iedwritefilter-mgmt_31bf3856ad364e35_10.0.19041.1266_none_41843efc8f66bc7c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.19041.546_none_f827f008f8832bd5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a241ef24a47bcf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_59f3392933473388\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..publicapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_82d656b6c3cfbcbd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.546_none_60324d60a5ae9b6f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\rescache\_merged\899128513\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-xbox..component.resources_31bf3856ad364e35_10.0.19041.1_es-es_d411e62e6e257a2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_jsc.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_33b566d71f6b7812\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-stobject.resources_31bf3856ad364e35_10.0.19041.1_en-us_5592515b1e58e42f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ion-winrt.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a1f74f660e2d2e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_i2c_bxt_p.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_cfe4d4051caa6131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..onmanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_b41cd326ea03d7cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-defender-management-onecore_31bf3856ad364e35_10.0.19041.1_none_8a24f1b7383cf619\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_fdssdp_31bf3856ad364e35_10.0.19041.84_none_32810fcfa25bcb13\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-commonlog_31bf3856ad364e35_10.0.19041.264_none_5c643b8f866d5e2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-stobject.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f815243e1151ec36\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_pl-pl_6c22b0c49894068b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_printqueue.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4742b2de15557af3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-sfc_31bf3856ad364e35_10.0.19041.546_none_8f83b49eef61b1ea\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-wpfcorecomp.resources_31bf3856ad364e35_10.0.19041.1_it-it_9891333a417b36ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_sv-se_0a628080059d3e4d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.kpscore.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a974336521e05afe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.1_none_67e29e9a2faf41a8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Resources\3.5.0.0_it_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxsetup_31bf3856ad364e35_10.0.19041.1_none_b69476ac0b81dec5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..c-ctnrsvc.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_28772d1341117ae8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..rectinput.resources_31bf3856ad364e35_10.0.19041.1_de-de_ba44a55f60b0e5ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-wmiclnt_31bf3856ad364e35_10.0.19041.546_none_de43a648232c78de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ndisuio.resources_31bf3856ad364e35_10.0.19041.1_de-de_a95325c7eff2b9fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-storagemanagementwmi_31bf3856ad364e35_10.0.19041.964_none_2ecdb1dda972d026\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..r-wlidsvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_4ebb7ce78e6ab037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-e..llment-winrt-client_31bf3856ad364e35_10.0.19041.264_none_42b477d7017ae946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msxml60_31bf3856ad364e35_10.0.19041.264_none_70a447772a188950\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-japanese-dictapi_31bf3856ad364e35_10.0.19041.844_none_aa528d4e74431172\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-spp-ux-dlg_31bf3856ad364e35_10.0.19041.746_none_7c508e4438cec899\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.web.manag..nt.aspnet.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2edd4aa4736f9469\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..orage-dll.resources_31bf3856ad364e35_10.0.19041.1_es-es_7acab914fa30a2f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-datastore.resources_31bf3856ad364e35_10.0.19041.1_es-es_8689bfd4750f35bc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_fr-ca_74e170a951cb0ec1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..gevolumewmiprovider_31bf3856ad364e35_10.0.19041.1_none_cdc4d38aa94a3684\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..y-spp-plugin-common_31bf3856ad364e35_10.0.19041.264_none_a0f2741fe53eb880\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvkrnlintvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_f86a79cae170fe4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-srumon_31bf3856ad364e35_10.0.19041.746_none_d2c71521afc06d5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bthleenum.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_bee5194947db0663\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a47c03ff81f89dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..reensaver.resources_31bf3856ad364e35_10.0.19041.1_de-de_1dd74ace80c5b5f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..anagerdll.resources_31bf3856ad364e35_10.0.19041.1_en-us_85e70428546f9d65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.19041.746_none_0119299746221375\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_10.0.19041.804_en-us_49c5c715e4f46bfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runtc259d85b#\dc7f8f85008d65427e8e7bdea3086027\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..sing-platform-winrt_31bf3856ad364e35_10.0.19041.789_none_5f8bb3cb3ae1cbf3\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..overy-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f50a1c2059b5589f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_comsvcconfig.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_835d3ebe385afa54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsLargeCloudIcon.contrast-black_scale-400.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ty-client.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6ef547d665e6961a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-application..haringsvc.resources_31bf3856ad364e35_10.0.19041.1_it-it_75089cbee9925e38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_10.0.19041.1_none_f78eecc91cba3c58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..neservice.resources_31bf3856ad364e35_10.0.19041.1_es-es_4ee2acec43ab6fb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-internal-taskbar_31bf3856ad364e35_10.0.19041.117_none_bef628d45a8a1615\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\disconnectIcon.png	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "CWAFIPTICWNLKOE"	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe,0"	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\ = "CRYPTED!"	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CWAFIPTICWNLKOE\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\14Fc59lHJ6Lr98g.exe"	06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\06ef31e62e5b10e2bacae0493e98e836_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
2b24baadd637b7ce6e356f9227280b31

SHA1
b3f7ac65d50162cc1c1db1143db5a5f21dfc789b

SHA256
a4261ab86e7df89ee68d632ac461a844216e155ca41c0d2cdb090fdb26a8305c

SHA512
fa78affd728f10820426d7006eb9e6b68d797d17070fb296923e6b16b9009660976b2e47408b4c439404179ff0a0360222e78f30b0bde37da3548caec46bb575

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
65b4222fa5bbd08c31185f583bcf134a

SHA1
e2e83d637ed9a37d5864b409e849dc9f83f7fd4d

SHA256
5f00daf4299b94d9d1b2588e5aa089824af6972f16704b2c7fecc0bc66d0b49d

SHA512
a1b9f5fb47d9ccc7e4e37bd2aec7ac632a868d7142613e6d633c85a73393f4619b3381a4329e2c76b74088208708f7621ffd09580522776ba92e0d05e986a6d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
4f81bce235e8d802e300a8261f2c3120

SHA1
8ae6609717886e24a124b2c2267cf3b0c992ab43

SHA256
fb42f01c155b05a60d3e96786f0152b46a4ecb204b6b417113d23409a1eb70ac

SHA512
4c3b7c66b7046ccf2a9e30c55341d8b94fa32f620bf6342e5dcbbd86745a3aa8aaddd28581d55bd4f56e4effb4ac425b15f2335bb21b733d2950a35fa7d6be40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
ee8f5e5ba51255fd4780b02e8a71f974

SHA1
481f5d61adbbd9a24a3a60894113fea0e32fa2a7

SHA256
5c07051b1eed9155ed5b8f41f8c31a50baedb5c7e69f15392d177cb606a21c69

SHA512
6336759f87bad47c3be239a782d93e013328f8462e01c7e576bd0234adc5fd9ff152103e593c4f465296274521404515825c04882d13e52540be91b38370efae

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1e85ad172d51c4ee042dabebc3644761

SHA1
3d7319d5225554b9e4223da0e117eed0e6a94bad

SHA256
cd6ba510066c72140f61b03d815e613d6e2fe9184541e33189c053c42c5c22ca

SHA512
43d7c971a1147957aa9323a2aca22a8ce29bb2c27d5f9c66d66689dd7a7929db488f0108474acdfa6acaa8d5830aafe40a421e207480b5ee23965a5b2f769a65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
b94540b40313bb64ba7438d2cf412e55

SHA1
3ad1f3048227a95316684c57b6d458e76b1c586b

SHA256
4dcb6d694e2a66b5bd8ff4f92debc7b5f8285141f5fb1b8e84421698b0df4ac7

SHA512
b54d87dcf28897fa8c740c55b05e785e75e1da0f67e5ff635f114c57ad02a46995c7773fcc389ee01a462cfc615f8a54c33647664cbf74afc9e0552817a32b12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
21ea674eb16d2fae2d7612c5501d9b81

SHA1
1ae7e79ffaf2597fa91f54e64909e306079ad105

SHA256
ccbdaefecbcba451d0bf82ab3dffd5dcb3cdb7fed55e80f873acba0d925a2db8

SHA512
513c43e0e8c6393439e2512ca51ade54d925e815d2f4e09d28d62fa9cf048e6138db81659e0f6546df5b1a81e0c7b74b5195f0ab0dc45103151eda21f0cd7def

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
334e79d15943247ec68ed8fe0348afa9

SHA1
9d026f516adbdcb78483bad5095b967bcd1ff099

SHA256
4686709d87a84bccbce17f986522c06fe20b43c58a9fd3bca998f51908e3c994

SHA512
36f91dcefdc604080b3b87425b2db8e3999d58e75361c9a2d05773031ae90c5e91dcd207fffa45f22325604da29f4ade33e5d759d3c1a16dfbdddb9f65cbd83b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
8eec2cb5384d08b0f9cab05eea5af1e3

SHA1
5c9a0369b9fda3a4334745b2807dd60c20a8e4a6

SHA256
c4fda52c10002c33fd02624e094e1413bdd45166308add070f2034ac6c2f8fbb

SHA512
459feccd0ca6eb540fa11ea8fb92d85df5a43530b54b5f89517c9df54c7ad34c2615972d8d78b3bf81aadee167fb1b581b7339bf05a0bc437ac49f3560a0fb2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
67558337b15b7710b61336a79d41cb04

SHA1
07a7f3860329b5020f3461775710b9bc515275e1

SHA256
5c56e61f63ba4f6fd38ec0537c959d96828e4fad7b2633197ebbd476e2d91f25

SHA512
eef3f2e0a5596b68c9d9d083616861f1d02f7c43572648750916d862da2c115687e1d0ba6a0f413a930907125c6ebc71eb153518a6266182cc3ea249e19adbff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
199bc36024edfa786d9d8680dbd8a7d8

SHA1
5a294593a6455b7ab1a0c8dbaa4907ff361b409e

SHA256
3c9beedbfba1b76e27dffb376da6b668ea78ea9e7d4d96dddc58ad111bcf9039

SHA512
84ac2931f63f64ffa0c4758e363e1ea20e2ab56929b90ecbe534e30bc001008824d407fd331747b6117d331b6f3679d231c575266eccc31ac30690f02f297669

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
e843d029543946e9a16f9d9d04bc0e92

SHA1
b5b91697da151611e2487eaf806c67a9885aaf03

SHA256
930b09870df4b31d7945c256ba17a8efde34e86801fb26656f3fc257d215a9dd

SHA512
caaa0d5655fa1906b913f387de6ec6cc431819facca52981065ecc4b3d57876a43cdd975a956a79817f3c64048c7145902074a2244aba77f244ecc5ddd885b7e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
1ff283f41576202420b16dceb69e2dd3

SHA1
c19558644d082ecc2660f1efc276d23828d59a8b

SHA256
53bd9614ac1b8160737ce5d691c3aa007fd7bc4827a076c112e0564ef226a9f3

SHA512
0d7ab430a4b972c773e9a7c9ad3526695e200fad78d24abfdbd75575397002b41fc543418f04713324b79837c78d4c5baa56a94810d9f4b21bed27332c009eff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
756f5dad53a54d413908f697369cd3cc

SHA1
f1707f7b373a71dcf4084040ab973edc7d3a3f92

SHA256
d07d0ada4fde43255ee56654bfea2d954c999484035d83ff3dfb308f55638333

SHA512
fc2887e26a323785f0706968e254684bd4cf84309e92c2e576abad165173f5beec439c27f2f4f983c4806ae16433cbae4e9689c06b581b7d1c405ff6554daff6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
ff4c85531c6ca92b1191f7c68d868375

SHA1
1e50951635beb9a287a975b29243df4b281c0002

SHA256
e3ce0d89edd43d748dd3ac4076bc42325291d35573a9797778386c9430ecd6c8

SHA512
15ab2ee8eb0c0b0f8f0bbc27a40851dc8bb2edaac29f72b73730830276259f64dac0af0532e798c424f682e67f08b36a8ba56323151aae0bdac78272943f0e51

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
612f3f99fddc5cddab44a4d3df0204e0

SHA1
abc80500fb62074316ad28913a29a82c62439c3e

SHA256
c52fd804a8fe52275132442047dcba48cf64ffa71e870ab396ea3bbff2cbff8f

SHA512
ab8f8d9d18b022a1e873fd7ab53beef04f5ee34b6443289f38999a056fd5b93f1efb87d3542b279af3512d3a6d128ec6d23e13986570232d10a82ee6ed90c8f1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
ad65ac3804804bb038e30bde7bc94545

SHA1
e987154a81b0fd3780445035fc898627fef1c55e

SHA256
8ce728deb57174084d0be9d8f1baa5d4c8a03660f0deafbba00df5d2aa814f3e

SHA512
d3cd94d86c689897b8673650da79ed26f7ba9162a50644e756f6afc95115ad69f86311527f43e9686bba24db8b8c97476b20af1ca98b6582796ee661a2023fd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
7558393b015eec55e2525973abe82ac6

SHA1
f3a421bbd029949d2cea94b05ad3af441e197d58

SHA256
9a4fd5d777b475821e0a1d3a02337c223c6aa1546dda77d0184f733f27a60b7d

SHA512
be6831240b5b7b25cb9939df8a5b26ad4e57dcae3ce4c829a85164dc241ae1dcd113f485408e74f975e8e9943815a1aa767743c5400a165ff43d1f27f3783091

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
7553cee1e2302123629bfdedb2707ac8

SHA1
9ef15a431aadb8664184a946140c9ac19788715d

SHA256
3565ec6c374159fa1e10c78130743721bfa1f9911d00e2fb4fc6f14ea1515239

SHA512
588a816ef8e4b8f33cfb98750517051617af93d9197f5facad2f64d8028bbd6b9434773234b20c30561b0d39561828ac8e581280986efc827fb6b7629f02f886

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
f5372b31e750d9fc10851b0c93f5839d

SHA1
74a68a57cbbdfce00d5a48e4187e1324676675ed

SHA256
966dfaecbb9dfcac7f7ec28073b37d86973d221017075fba4224c7a605bcc546

SHA512
9c6c4ed569372ebbc37d7a7ef84cffacd0c56e3530867e85053e0af21482f02ec22fe9c6dcb9089ec1b41ccd64b8a31f491b0654d76458d3705309d4c13603da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
0728c3df976ebf46671fd28f63860dd7

SHA1
26153b27e15c04dcf0e40145d06055889dddb24a

SHA256
c5f388bebc69028c6cb0f0ef3784d122c114daf41a841471e322a3f3dc78e01f

SHA512
25afc2ed1a2a0f144a53760adb250c7e59d175a5f9b5ba43982e63ee25597e2b84aa89e41d476b3bf6ed613500b2d0fc8f912686a40697988a385b80c2e82a52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
37c4788a12148164051d8cfb31431634

SHA1
c2a067d4e76e7dc577fa20b0222eda98499f4c47

SHA256
99606ae4d454d0a763a9811d5a151ffb398727df1ef8bd59fff40ac08d13e801

SHA512
2ce93fe2eb0299f7be6ade4a5890c016038fc9631e97eb55cce7b8b8166de904ea45dfed03fc1732349dff2e1110b8d9708ccce0330753cc91df5fa7ae57bab1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
da18975e79e474018dd448b01a5bb35c

SHA1
fe1c9971cba751ea5bb9bf81b8716205eb5e1195

SHA256
9c4cfe35e46be0a1b024ce78f3bd359ac0746b05b658cce326d63e33fa9ad382

SHA512
53d5615afb26a80aee21f5ee52ba1df9e109e3471271b7be00bcfe25db499f7b662998e675069c8cb55f1b14436020d54ec66496225442dd685e2d35f7387db9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
9e85d38824fe19b044f483bdb396ec03

SHA1
d7b7238456d4c5b80493759b8b7b62a2412a9b70

SHA256
2b677fff6bac7b2d0e9678cf9ace8717cf32e82da6ca3bba953577510c1bf679

SHA512
b4543530a71d20e3092d95d28c7837b60b0cb8aa25bfbbefbe691a59931f06179590c2a75c49a681fe7c816bd350af389345b1084d8e498360b7c8190f0dd7ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
41823363f9f072322f63d8a709c24469

SHA1
ba3c19bc2842fe3a7875ed834087fd901b39d8ad

SHA256
cf26e55d791f7dec35ec10d70d80903e2c3bb6aa021339be69609949d748139c

SHA512
afed763e4ad6f05a7a496a92e2b27e99a8fa5615c050db68a213384cc409ece2ccfa143b8fab279a77d2f42722d994e3c99139fac4ce9590b10db333f92fd619

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
a5325e81388ccebbf6ed5aaf6ca4bb65

SHA1
111435e3f7711988c9046190f1b584ec142a4750

SHA256
93942b39de0ee91ec59a1e8b17d52607e1a2a27fee4ed0d7c402e057f51b95ca

SHA512
7c68973c3f58531a0daa11fe5dfd4c5dae872c24949f751e47e8c09a57500dacd873f569c8398737a1784d7c8a25151205ef3555464e30552739d8011db77ea6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
bd16009b3a8a141624a6f06fb9c7f610

SHA1
2f50c394f5fe013e99883e87162a38429829b450

SHA256
e8def794b9eae3e174b8e4dbe7dd3cb821ea32e50d7416556cfcc9140e264e53

SHA512
3ea0351b2521da698703c42643037dbf7a8ca9acb9d7a5a770f633096de7b80cda1924833a13d1ba2e8c18dc3e9a75aef601ef55f66a5d2eeaf2b0d6d2892834

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
d1768a15ab0917297c3cd729fcb33456

SHA1
aed74711dcd4e7c1bb75ac045658e6ed72e157b2

SHA256
410aeb250eb4988fac5906e6b18c3972a1f5c4afd08f2a480775f1a6beca8d87

SHA512
0956e6e0b9caf3fef023aa730ef5a84988ecbbcef7634323cf080c0f05cc6c6f15a416ff81a4363f884e0d38c9fd872621bc231a1675a4468ffe1362b5d67bd8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
0013f84a39ae5e7cb79206e0ad250099

SHA1
9b99d33a81b89899fbef8ece6fef859696d28842

SHA256
04b1e3f9008851735136ebaf9e102835e05cd4955d2b6c3f60039a68aba18ed5

SHA512
8836951626e32ab28758dfbf480ff8fa34fc4565e967923925f4f39d5073e8d2cd0426c860cdbe50ad853a169cdb66a7f4770a8fd8af1125b045873627233f8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
01d5c948aac06982b7875c172ff07cfc

SHA1
3ecd9b003bf15ff4d9a0d957ff9c5ea4e6c8524b

SHA256
74d6c8bbeee0db53b358542ad023d5e85addddaad1c38801c6a124d9c536e9e2

SHA512
89f2797ab14d64cb29c39a717124fa7f609e6f23124a9118e08756719ec30300042df94d36c698327150ece99b1e672b8e7d975e64f6372ab1b4925f47b72153

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
04140b5b67db728a26c1bbfd4e0a3cbd

SHA1
2b832497f43ec501f93fce2f0e30b090cd506b92

SHA256
6e6e78feb006faea7920dcb35963cb72e0ec9a9b8ad47be4b11df9982ed609ce

SHA512
8b453ce3d93c7af87758422f256717cf8576857379105ad459ca57f23389696e3e2d499e355ead8a47d9fc482402132124be5035b930c08e3ad269a162c0960e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4a5c1a5fa10e07831f66ffd2e0068a6d

SHA1
53c0c88fbc1af8bde71b46fa29b57e8f88a28807

SHA256
a632d365cb3634a2aa1c66af7123c3808af195282d26b652c206e2559e2e2d5d

SHA512
0a21ff7c8cd09a6d59a22c59e8adf9e64066d5ebef9ee72565adaa9b3a43cc882fbd383fbe7abbef600571930b6838a262d5db04f2c3cfe9ced354479fc16b00

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
db9cf02aa0eb948cb3facaa445c52461

SHA1
0b280013652dbbe39685748259d28cc16be07af7

SHA256
807a0184e16e26a1ec9c781d2b6d41e3f10469e30b44c3eb3c02f675f49df426

SHA512
97b28e05ba5cc3d20d1552e68a563452d912d4fee614c4b64779607ac4a906c577b1bd8a98e4273a99cd6b02a340b0a446a1ec6a64acdcb1c5ea39ac2b3fd7d4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
794ccff1b9f996e0414567cc7ad3d158

SHA1
9a24ecef024523ea3fae63f3594d9f48ac434f7f

SHA256
9dbb992ef4e5b34138bf05170ef3948ab71ef42a69376bd62d360a1bd7e0bc50

SHA512
ee74ff087db44e5c487f2a1ccd5497f1bfd02d4bb6ffa60e7dfa97ac7bf9ce8c3d93ba06f98bc82d3613542beb41e6900b715be892dec45521715131d056411b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
9bf7cf02dae0558f7373f2d4a4a17137

SHA1
0fb6c4dff9693529df06a6b017e595000440f17a

SHA256
ce45bed0c91aab031aaa7af204c32a4ac19705646098bce9629bf7e3f80e581b

SHA512
74fc04b471a9ac6c7b1cae2ecd26b4f6a8ae4d1b6f7f892bd10676f7b3f2a1004add0816c50837bd698922b3aea0c4741e6ca08bc90a4e49d6409db8f93d227a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
22ff8148e138a0c71904808efbdd82d7

SHA1
85d5e02b82e4b3fc4bd2e2f4520c4287cfc883c3

SHA256
b2cc055d6f9f1b51495ba87c3684db787f694a825aa63e1219b6a039654b27fe

SHA512
eea0d516d7d870b6a2dc8800438b5028589e08c0eeebdfa29e254792905db5e42a5ffb8711194318edfc883d5cbceffcd97850ec61d40aa382c0a0e30b1a4930

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
d69e554a42ab3fe510c0cc434c5f0b10

SHA1
36d813d690463a53366df4c58490d2a328adcac7

SHA256
fa2200c3dd957ef3fe97e4b9ee6276dcdc44947e17a454f52d4731d500793fb7

SHA512
4054c893689a77cbf3eb129c25902fa020e9c8e282dede8dfc8c95c1890bfd72a6c426e5c6a5b20b1c83729eac300e48b685da6ce0b7d8a6348b50ab056684cb

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
f842d0e96ca2c81c8646859655808d09

SHA1
3089b9ccead919dcb1c62c25e38b323be35d50db

SHA256
928d796f3d3e411baf99822126aa2b7cb8cd593c3a9ca6f21ecab0e972bffb6a

SHA512
22db2f88c9d4118ec9ece57f5ab5f619102f17ae844e48b4073b7a62acbb9261d9f3e2c459d50926fcf32aa0fc037420f8c91e384d77ec9f95ec0d3e366ebc3a

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
22480294551e1474eac981a038b6b18c

SHA1
03940c9abdc65db6bebd67f26a8db598ff33227a

SHA256
669c538a737b0888f999663e2f35bbda5d6bde11870287bc5d67351ad20d7389

SHA512
5f2c4c644bd43ac3c0e99630133e227e34b92f20feccca01bc493b44bea581511602a6b2ad245a4ac2492c3eba61237dd18d63a2b3b66d0107c360ee87c30f10

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
072a059891494a2cddfbd7b26ffb479e

SHA1
8a9cdaa422075dfe90aa9ffea3a7c8eb072ebc33

SHA256
724c82aab53996a54e4c93af7c8a067a7f7b1fa81dcd12955576efc3509580cd

SHA512
0919c94c68ca502c913e748f71136441907fd51ed14fe72fd97b8cb56f554327d929ea8ae436d93df52267a598998959dbd64f470d66c5e4d82f46dc501c97d5

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
a1edd924e1b9e301e061e610e20372a7

SHA1
226062b4a29ef68d1b4b7147220eb342b634e789

SHA256
690a62b0bcca18e99260983fe33c72e5599d895ad2dcef8b79cab3870b1b6ecf

SHA512
a9fafbd6bf3b4599b17b95157c7968164c5941c9d815c9b67098fde09c8c1a1674c38f0e802e4aae910b99f6f4a07ed19804743344de92cd3819ab8595e6395b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
079bb9dc01d4e101601b39f2333c995d

SHA1
87e354400b0921cfcd868d99ac59398e9501d256

SHA256
e1168917447b2e685eaac868b5b395564447c5c2304a1c14f02db6b657a8343b

SHA512
d5489e4830f655ed68944a5f4c3c78da59093a7618f25bd6316a2bc54846e1686440cf7e33ba24fb06e6daaa8f8c9b65d18bd7acc7ba3f6e5bf55c2dbb4b6af7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
ab5e3afac2edc5c1cc416fbd788a3536

SHA1
8a91159af370494e905a0a1af3cfab7f681c9e98

SHA256
2b11dc85ee8ca3b952ec84e5e0fbb756e3912a0b37571a7bdd2e90acf832d01b

SHA512
d50e1953175dba60d2ece045aeca37e74c8272f542422778a7b2376c2a23bf0ca7a4b1a08e3a59c3cc20a72a20a6a5ec7c55edf4776396ef5a8d872bcbcd5f54

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
4f51a485b19aad808f6b4ccae652c24f

SHA1
aefffb2c58ac8db21d615af2ef0d64ae87b8e930

SHA256
9499512a6f03565c0432e7179f7984be313db93abf795ec29514da99f272afb9

SHA512
41bdd4fd3ff78f3e43130fae2bd0ad93682924efd1c80e7dd3e0e2940aad070c7052427c83fbe2908bd329bef43ae73c0e39ba3cf4aa80f9085aa33ec7b107d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
ad889827ff9f7e7d64029163bed914dd

SHA1
e1a425d7f541ff78fe3f7e3a2b6d83b08f929d4e

SHA256
4dc9da706219ccc35bca97e32f98e6877f3884e02436b0cf912ab73f76be5f82

SHA512
2bfe6155ebc115af5fdc7fd46352508fc55a202813e3e39d6745b3d74f5a0beb83d3a5e9d3395db606ccb93fe47f9fe9e068e6b49b553bbfae4e594239e627c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
528b756e85b3051495216cc4293f7177

SHA1
4d2e358b3408dd2cbfb10d5fcca532ac00fc234b

SHA256
64d7efb258c88bd6025f5acbe4126c1491a4474403dcc22ca40d1b6d395ad642

SHA512
feb66b664b148f2004107185fbb5cbef6821882ff46803549bd8b9b753c6a08d979ae0c9670a4c5ff961c0d6b485dbfd987c85ce30095b20b29e86ff4034e66d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
020516579c0ee0cd3431a2fa02eb9c8a

SHA1
f6d3d2fbaed14904aa1eb299fc25e8eb2fdc5eb5

SHA256
fe0a151b4907e56ac4d1110445b121637fe38294726a2318baadbc0fc57da78c

SHA512
c7a2e17c1d72ca36230f8944a4b6f5defa5a2b261154639947eca39d913b68e7f7576aedc1e34b7346e12eb1864d9ef23ec3d452ac93fe9296e2ae633bec1af9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
5c4b197d020c9327fb39e818d39d0ad7

SHA1
d9aa33d0bd46e65d037e4fb0b63355b0bddf09ed

SHA256
463b6992784777ca12d69bd7b44085910abac7817f869c17b89afcd15766ae4c

SHA512
659a6e9bdf2f7567ad83b3bc63fcac005de5f701dc68fc60920d4de2bef2b8d58e050963ac574aeaec725d069316f2a096ed0df9a0bdacda3e549a4dac1ec6ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
3171441da1b74c4b092c4ceb1323b976

SHA1
048ec3ae3de6e5769e0c1ab19374f1b48f6380a6

SHA256
2ef673537f3b0d0c3def745f8e5fad991ed20c041e8a536b0576492873c9ee9b

SHA512
893e4e2ed02a616b247177382e0dc53a6c89d742919381593b7fb54f2cf5f14e29f3bfaad4e0668ebae41404d2fc50dd3b95cd91b01e1de998e92466b6989e61

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
b6fc63209729af3f1642d2acd2ed9f75

SHA1
cdeb69ad712cb9f7b89aeb948a4a74c9c5e7a72b

SHA256
99e9f6731247986d1554560c4dc2a62268fb788df3fa2c687ce385d0e844204c

SHA512
4b0ec57410051414834b77586938e5e884c90fe0b449341fad3ac504351b4cecb7c05a31b8bb345d63edf7ac42c449406f2c97e0c40a0a7f04d6227e0584b4d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
c5b0d24b56afca34458b4edd80596796

SHA1
eefeb86262f42df559be03483bd145756292a059

SHA256
59d1eb2816123a51ad3aca0621ff67fa1100264ae9450477a47d287df12c50fb

SHA512
7849007fdfa762f2cb44ac9ed190ec4e17df2eaf817fcdc3dc2890989ed3679f014bdba8e8e1d3ac1137788562992ea9b4be07b04878cd71c00ac13d23c2c2e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
c17921058560bc0f2e1f8819398bb9db

SHA1
658cbf98390f3109000c5dbd42132b25dd22a14b

SHA256
70cd77adbdd52931e88d58c0ee46849618653db150dc9ce76b9b33c180a5f930

SHA512
7aac6ff79f7b6df3e4abe1c66dec9d13db177b3a36b27b53ed34a1e2c968dae3f3259f62580c69efd2ddb2e5b99de364fe30e6f74daa2148307ecd720a1a53b0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
e09457f47c46d29d873bdd805a8eca7d

SHA1
dab3ab4b5d737692f13ec6b401a3ee7d3bd91e5e

SHA256
422a9501ff43ec5761b71e3272bef490291c880fc3b553740a2ee3843cb791c2

SHA512
8f2a402f4e052b1f67bdf6ecd83e12e87848cfd697c8c9645efdf588706cba9fe8199312d0e8a1a0ffcb3eb6ddb29780ccc54badc4f576e25d892043e1774589

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
ce6b0a41cd14af5f6e2cfd02dc14215f

SHA1
bdfbe9a104dffb21c7478a0e71b136569d7510c1

SHA256
71e6f673ab037c711f44d137ee2c615fad201ccaa79a1a695b16673d9d34f61a

SHA512
b2aa6384f3a761a38f9a6ec411edc7b7b724a8b50a9b3b035d1a6823ca786dcc889904ee4fceebdf411afa64d125a30c0c25a7eb26fcd20b6750d821a1f94e0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
a0b3209d75182351d64d2120ebd706b3

SHA1
696ce035ac9812c06c0d994739cfbf9f97fef737

SHA256
de076b0ab377ebad0c349c35c35b4fd455cf095fb5a68106d84994f6ce41c493

SHA512
00f50dc0f8694ff4aa7d4036ffa27225cc0130ba17688f21b9999ef561a480f6723e757c12c153d0e2035f1d1ea4d333f0401e35d996512e1134b02ee728be94

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
d3ff41544f2a44047586d9a78e138255

SHA1
2a2970eb66aa812c2382f6e2b0a4114d28b87730

SHA256
5088d249e30a20187ac817d777b79eef4235e3a0bfdaf277274091ed997378b7

SHA512
a22f0c39fe90afb6b2680364e03e53dd5201bb48f875bcc689565ec6daddea835fb2f553ccb05cc7159b3fae64588dcb44a21a793eb5f2e9b45baa4f08ea55c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
135f41057181d9db379f127a3af77caa

SHA1
ffd4ebbf7d5806fe5c0ed081cc4a0f0507cbbf06

SHA256
121ee90ed13adb86f0eed70e74c24918e66ddc43e1eeb55559071f49009802dd

SHA512
816e925fab948885a6cccf101b0fde1581c7e584f2b39a678457cf80c62e9608f7ad5f7c79b6125a17b9fbbb57f67d87483edc4b89c599fef010d5a06bfc34ef

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
c06bf465226f7322d5d82c0350565d9f

SHA1
9c5696422f0d0347494f3e6c56a363bffa22f10c

SHA256
15643dc13e12f7623c5668c391954c29a73263e6104391f228dbb5549866241c

SHA512
412f067c1513fa83b1edda3f55176335d8f25c5173a0418aa026201239c4e90e24029a6cdb5aae54571771dbccde5e9215a2d012f8e19d131552f009e88f5084

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
7da3b2962cb56df319915fb545446c87

SHA1
a866131392240b1d0b52bd21bb3301536c072263

SHA256
0b14b5a8dbd92644ac25b36921d015d6af31b66fd26a1a1d6413cef9335e1b10

SHA512
120fe5a0b3773ee7a139d8c6562222ea7a89042f8c668380185599ca7af075d3536fea703638f45f8c6790bb9ac62366aa11daca429bf20fde4f5fb26ee24935

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
5494fc0a48aacc982184c98c27ea9f60

SHA1
5de161c7573254cd10d58d6b6c7bc8a8340dface

SHA256
8c93b3309048a6fe6bae3efae7eee8e7600bfd4b322cb3fc8be09aa769362dc8

SHA512
fdc05330bfcba248f791b31670b7a01bebc5b4b2a380391fa976ebd7b1b3e7acc73e39b3405a4e1d9b56e979f825f6517d6071a0f8296966e03600a77880b9eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
a77b05096d3381bfa69a02050ff819ec

SHA1
da5b6f3e945232d4b9c13f541fb841b9d361cb58

SHA256
483cbff47fce4d3c2de96a8aa3d72051d5c0e392f5fa14b4fb6fc1ab9d20e801

SHA512
7b89b1ef9b6544e6356892d473374723a9c929e8ec7cc2e5db33d9ed616b9d81ce0de6bb0f52dce22a92a512c260525936f6c5dd510ae8edb1597d17e2f58550

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
b7c5090f758b800ae7027a1761ae2bb3

SHA1
243fb73f994363459dd2fca478d044f66fd255c2

SHA256
c6e6c46e1b89da7d821c26507642b044a17be305ebc807aaa835dfaf5c04e2b7

SHA512
b008a25b9f6475cf8e54d81c0bf9d5d58354b4123f914632af8c713fcb76d54a8a9d40f2f88690029b93641e238ea598e22a6f8bcdb026b454594a990c222139

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
865f66e7b31611df5351d4901b18e415

SHA1
f78d4235309a0c6b02cdd94a992cca354c06b9ba

SHA256
5031adbf94b09d4128e8c57af65834938e241bb1ea81975663280a5eabdc406e

SHA512
4355b8975025d2b109bcb2566829a900d4ca961ce0f1af2fdb8fc6f5eec98d21d73df9cca3faff3d494a07c064c10902cdc986b57a05c4060aa099cff354e69f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
60eb4d5e0d01c64e4138f7ffecaaf5bf

SHA1
336d5cc5c7462ac7bc0bbd1fc9f19b511ce12bf4

SHA256
e5e9d9fd18beb029643194f8450851b9eefb1d9f74953f33a3b23f06eba72159

SHA512
fbb15f4763b81e37de35b55c0e68673be21e43ce2ee1bf67f113e16d81e9d025aff6ccc28fefd52f10e5a2915a328e69f94371d52131a46324f83c0b7e966560

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b5550a64e4b172ad7857d88ad01bcb93

SHA1
94ac2b231094b7b26e60b21ef5309380e1abefd6

SHA256
63efd320b2868e8027722587c815530a6d5290d2609e19a256ef52e7fa8e63c0

SHA512
bbe9d3835294b3d13725863869dc107d2e2fa2cb08083397cece3914c0c5818ffd3bae7644db0d719a0bd9d0df07c20560e22b281a10f0f3609eb9be0522e0b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
58eb1df42f690ccb5be4dbd89408076c

SHA1
1524efb16f0c15d32fbb6bca8039775fca36abd4

SHA256
7d6c643e1de4a86d0487d37ed904d2ec75bf5e760681d9a5482e5bed0cd65bf8

SHA512
9906cc143c32fdc5c3284a7ec1fcc842062754b351f5a3b8d5da0b5024c5a9d8cd6cd27d90501c2881128feb5b4ff3fba11a6ec901fe7d277343f08bcb4d172a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
3a923c8808aee9cb05b00710f9c5ccfb

SHA1
b01e5d9a57ae4f1db272f587d53232e69adfbc40

SHA256
dd1c048b9ae395c93561f26bf13a39657487b87b06cf3c8d579d0fff8f105dd4

SHA512
886c85b99992c9c8a65ceb311fdbc9097a457779fdc900737122cca80751d2ac46ef9dcd98160bff06fe8a0d84c1bd5d9421fff3282886b9f5a5a96901291e05

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
3f11b31f212928eb2a2d1f2e4ff6699b

SHA1
c1e2d5be14ce411a5ee6d36e5bb0e72641581684

SHA256
73f3eba3ac4b82eff3b327d828dab8713727fce6acfc19c3df12dcfa3079d36f

SHA512
d32b7bb8068f7c9394f6ad570b0a1a30c393dd39f38dbcfff26974e7c890d844216aad5e8b330433c4b7a07d86b5a7ba45e7d9c5d8615a9bb3abb85533e447d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
b3a3bf5e8544cca0633bc375b77f2d22

SHA1
619ad6b5f3c8310c8baecc466151d1401ccca809

SHA256
f33f15d85217336aa90b13e8f4b0d7bae7ebdf8ba166e3e049a1ca82eea57fcf

SHA512
c815665523c3334022eb1af5d4180513c39a87ade0e424377463224a4d0b0550ebbec5296280d81200730fa67e7ed67af3d6ff77e0d64b98a33fdb8401862a6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
9ab8a31c2c8bcca72da1149b8eff49b3

SHA1
75c8a8e592bd431406082eb1e0c143ba3ee0dabe

SHA256
558a082a94d4c182554ac9bbe91b0a0cb8db90f91a9b1b5a68d399fdda91c368

SHA512
66fd4aa6075d0e766a6e681d680ecc3a9c1951dc715c19848cc5c38491e76f80b44852428f207445513819d8f8d76c530e3cdbf70381ed1576d5987112c7a0f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
625407f61e3c0330bb5038ba95f263f3

SHA1
c03638e1b6da180c631af7d69f649d2476c026ad

SHA256
6bb6f46388a3a8b3a4bc32611ccb67f1a16b7060aa87e615d09403f5e73c27d2

SHA512
aa4fa725466ebd1f2fe13fbe927e75039c480a87535f29c92ab434927fecd1ac6cd2f2e413addb9f0f62d84aec9d697c86655208ed442f30bc959ad73688a93f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
882c1b36f055ad60e427ee6e423df6df

SHA1
461d8f0d823595b223697c9f88560b47f323317a

SHA256
fba7fcbdc168cd237bdc27a2f384dd92663ef21eafa8a8b09c8436c660d87cbe

SHA512
9c9d7ef1b0480e29d16818cef00831b04c448933ac90405dc7c40e85125765ed58e8d74e7d168ce13dd3e73418ce975afc00f7a1b0ff60f34f60facaa7fcbf6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
3c6fbbee9ad751a6085167ed739da677

SHA1
6bf837792a157a786fa6691dd93584062fc2b5ba

SHA256
3ca9a4053941935d32c2c0529011ec4894b6f36fa2f7cb8b053f488b24fb57a8

SHA512
b9398ade8feb81d6c2bfcd858f7199f1b4fabdebd3e415596a9f336d462df1c0bc4c235ade024753e55015d929e5b7d952ae218f3a48c1810b324190f71bcf6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
f7fe0bd3bcc0c9a01896e0c995db171f

SHA1
0751403ca809a52375246b2e472ad0573a87198f

SHA256
7df88d37a3b42b730c830a6857414713f17d7f7585ac5a0aa97a7986ca04fe34

SHA512
1129afa58612d77f736f5211f50cf49a193419ea4e4694642c7be81ac020bd6e221ab1b6ec9470c698169e91aec21f8e7477342b4b6985a2667a9f1c2b4f2bd0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e40aa1ecb1da37dcb7f278db3e97bf67

SHA1
4db152dcbf47101b5377001117e528e9cf4eb51f

SHA256
c923968e11b0667b2197753257c24ad17998710975fa28e838b11f0c0080f444

SHA512
a5acf8333fee1fa4201d558d758ac6c4e13d5cc13de3b1456f9950f0d97a12a41b732d2af76ab99cadc100de7c5e96a712b96124cb72e358d820da563f1ddbda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
9ffb0ec7a4bdbe24cfd47c7c59eda462

SHA1
b3492141fa82429b1897edc72bfae0364556e192

SHA256
5b8d1056b6bb148fc20cfbb99a460e743d4a0bd85ef54f44cd857409d9dd141c

SHA512
80d5d1ad7a3afb5b5a19147b47835f99254cf5c411fa5da04469c9fa08724b82afece584c511270b7aeb81b7f3b79f21d2c2d5f1ec939c3a39046811f302cf74

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e5009fa2ef30bd6dd9e6748298981ec9

SHA1
b04aa3b0e99d205623517b13d7e760b87b61d025

SHA256
f00c147c973523a3406232e0032c5bc75be63fde3d93c48fbdb64ed9b84fa9a8

SHA512
80c2a9fe5cd856f157f89c093733ac29bee5dbee59baecfea4d3913f5bd2a038c2dae8f26ba115f181ca1ed0f0fc55429f23d6c8366102fde63d94945e03ef62

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
243223e1b6c47107897339add58fc011

SHA1
b59a9200f5594a86b4fe7d2146c031d14c99b8cd

SHA256
268c7b63bc7d02af3e8680e075987f0e1617dc8f8ab6affaa2b5e391d76cf291

SHA512
bff3d9b92b8b0ce65ca8f57e65cdb0151ab554910b0bb0400dbe10aed6d9cf2c9560a4202720e4d6711a0ce353448bda1522d42179863cd26f613eee0ffd1051

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
d382540e44244b9e9184c55f1d2adabc

SHA1
4f412cf2092e7ffe4124e9059c1afb33ffd9a552

SHA256
53298b4ea6fc07c5ead485843901bcad5c8194616258c60b27f5c427bf6e7838

SHA512
75049864bdc8b98bef8e75e2c197838e9369bed3f7095a0690f1c1330ae938845a841e141276ecd9cf5ade4166ddda25f321f9294de658220a801069bb25e393

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
1386bc553a42a540349ababdc678ef8f

SHA1
ca9c253e4abaf10b4a5dd3a78ec8393eb118a9df

SHA256
e4b091fd154d18c6dbd596bfb3c7c6d524769db52ae889b47d69a8aaa5e71b27

SHA512
0f446233141f9a167bf2e84835575b788fd6730a5cc0fffb450754abb99c9df522ad2217382c321225685f1e403a6c3321d108614ae07321600fb7a259fda8b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
7a9861084f507ed1e7a2f5f17bc65edf

SHA1
c76e69903f3750d97b472c22fc29cfa7fc4e636e

SHA256
210d13db30953926f002aeff10f95d81de4dc27ae7b476f012ac80f1884fc78d

SHA512
f0dd7e9f9f0af942bc84b55b07f000175a3a5897caa4d3649cbe1333a7b49cabd1f1932b4fb1142ea8d03c90a5cba5acae9f8ece5a5697e7c039eaa76b2a012d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
9440688ea3683814793eb49d2f37b59a

SHA1
a7c55dc012b8be5c6c3901337e49720ef9a40013

SHA256
cb1183a4ec4c60bcba0b996a10318841f5d659ef428c2b3704f37f909f5ad527

SHA512
1b67b9532127caf1148b5185c0db1ae4a2b48981ac580846f31d92b4594ab80683a62105882aaac615254a04b9307f135620f9f06152701238efda0e85c6095f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
4119d40e4fb65172a5843b7e4dec011f

SHA1
a0b867d31eb0d13ebef1c9b7dd49fb570a865caf

SHA256
b8de6b4604cbeaa21f22eb141e5d99c0e8b6a52ae8eef43e0218890ae059413b

SHA512
8fc2c88e0e454c85b6412291b00dcde938ea34273d753ba5ad030ef628c6385c4b56b963810999a4ec91a4988356abae612102dd285022a0926c8cb77576c02b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753875133298.txt

Filesize
77KB

MD5
19ec824eafe46940110c6eefe92760de

SHA1
2389ea3a924e92a6be9961f3fc236a2971ddf16c

SHA256
7821ef2e42499efc2cc5336541cd263e580bff45c6c75820d615f2e5b48e3541

SHA512
b8e32274c60c7dc6c7fc966f97d5d17c19b320229403833661e92965b606c6dd79ac6a953a836fbcb67cdf2f304da9c89edfdb223961a5d7918491593a5b474c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754411894742.txt

Filesize
47KB

MD5
ba662d6bc7ab1202678920ec9e6c0437

SHA1
a43ffab41985647cd5a0364da014dadd54f29a27

SHA256
500041e135a19f76b715c7427f51d724eb49344a0b0c6ca7ac9f4f0daf03ccf9

SHA512
1e2262dc45a761ba47faa5f71348e7bd279a26bf9e827e128683ea436f6973309df4e7400352ea3c8310d7d8fd167956a12e7b48406498394125b7c6663e1fd6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762145921862.txt

Filesize
63KB

MD5
7fc4c69c2f8250243d6a64431cd1b6c7

SHA1
1a0943a5bdc1ca246398aa6d886c1ef5f9dc48f6

SHA256
d5c9588f02bdf73d6f3afb0fd2a59faba23cd7f4c2ba50f0dd135d718282f3d8

SHA512
5a14fef28366dd4de67e7c65b4e13a3f83eb3b6dda1c3a2fe3bf23fd01b491ac70957314b5bafcfc1e8374815c3eda0345437475706b9482544e7ecd521828c8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764005960936.txt.EnCiPhErEd

Filesize
74KB

MD5
df1105b87e1fc7278af97106445ff9b3

SHA1
07e265d3f639589ec2eec7bffbf108ec98b199ba

SHA256
c1faa4dfc8f3631ad3fdbc7fa040555ebea59d93e2cc10b623ca3e1ec9848114

SHA512
bc705f4e151829b27a19473a1e3aae215ea5bd03b4097e21635232af29b737b7b5f1d2b61e3c014b0af49844b5a6c947aa64900be31fa54a64ff0e2bb592305f

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
342b86a591781c8e3d76ebc81092063f

SHA1
bfcb0036b7694cc0bd6a44b4eaef06310c257dde

SHA256
e81ba3ce8dbe827d59bf38baaf2cdf2cab1e0b3819c34b9e1ffc10c3d19fea86

SHA512
4bb6f1181974c636f760aa17f408a0e764bcb002df955a64439b78ebba1bb5cd88ef4f72ffa015547f1646bc861f666b434f1a4ec65748b641547379ac9f5901

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
85c2130223dd13db719f8b23dc6667e9

SHA1
c6516ff47f961af9e391b28ab22dbd5bc9c8fbb8

SHA256
40153fc539679b08b7a7e97f4dfc2673572a349ec6402b318d945e05b8a06434

SHA512
8e1d8724e5e54707bf218bbbd92a2dc22b92bdeb355fdad9e05e578b8c8358cfaa5c89def2e6b113392f9aa44d0445713c39071b8dba3f3c936d9467164f92af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ae777b8acb1d7708cb7149f7ee532dcd

SHA1
5823df4b6b6bc8819952c411b9fdfffc65d321a6

SHA256
9cf00910bdf92c3a40f637c4e487d3b27a2ee0c1e2ca89f7b02b953df51e212f

SHA512
5a316fe02ae991d44c11be98e33f8a9f4501552d6a51820ae7e58bdc8d662fb5b88cf0b1b0b40d66898fe1b9f5009df148496bd6fc35ab02d92de4b675a23935

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
a9ddf09cc9cb4a2bc9179d33dcb8d4c9

SHA1
26aee15a3b54664904fb5b10607f84f1d3ce7bdc

SHA256
7e14012601249e0f20d8bbda88ba9930e0773e2add3e9b06c64dfbd32ca8d817

SHA512
eb1ef0f161c52a13285bdfb898d1349d27a964d0961b2448e7c0f1ae730d0064b4441500e7d4b331ecaaaa263781ef6f1b82190399a8448455e9584bd51718d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif.EnCiPhErEd

Filesize
1KB

MD5
2ee38650c39a7924f47f9cb87e525bf2

SHA1
7c1bdd55fc1af76f463904d8380229a3dbc3ad89

SHA256
dae9b5a4847d307a1d90258f03e8af674b8afd4d7e038891f9a6291cf360c0c3

SHA512
8e763d4926bfcaaa0610790066cf843074e4ec15e5ffd8189b68071e16ad16132b2f75905129d5893b6bb719f7d51fd7a8909d604c8b13fced33b7dc12038aa8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
464deb68905a11a7b0585f91dc2976bf

SHA1
8ea22697e8f89431f2d47347b47dd9046184428a

SHA256
4a07c2dbd68f007374a74cc6f25be44a6850f9c11af1c381e4bf2313cf87e28e

SHA512
679c0aa24a2bbba0ad66a6fc44ff76d81e2f3d07fac06e1855b76946d0e0edc23b448760a4c279ef77eb6a5f73e1f28b6a361f921d21f79e1a6c2bbb386d4002

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f5daa88d38fcc93986b11cd73bd18d6d

SHA1
7707d17c84978ea68c8ddaf05bb99ce485809632

SHA256
fe2ec12d06b015dca8e59dbb6d7cc16ef3dedf46dcfe6b76a70fcd87cce023a5

SHA512
8f724819317318d7eeb491908fb6535d4a662cd9231765fbd1b96bf2ab4243a515cd22e6c29d5b9d764ed0e482f0495c55662dfb82e9da3686f3d9b1006e40b3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
3fdc14e7f353ea54aac8cd2b393d4cf5

SHA1
506c80f10b18115f9cbf4432bbe78fe889c5fe83

SHA256
efb6d659d11ad032fd1cf3966bb8daebdcbcd7fac3873e38aa4c1a35d8836b5a

SHA512
627f5e17fd7475763cba743fe8265bb25171760f9590ff14cf86a67c4cdad1c4048ea0318719ecad3cd2b70f36ccc2b86649096c65bbdf50346f84c139ea2fee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
94d88d9b2703a3b88c13ae17f84eff88

SHA1
c3aa24080f5361ffadb236f524d838013a646d2d

SHA256
87b50d8b33f893e2fa332a0b2c4afc5c3fb580eca428c6c04d1c80a9509703e4

SHA512
4c5a1e5a3358ba337138df2a9faeff357bc396f5e8177e0aa6ecfae2fe929061069bd700ae4f68549d12e1c2f814f7ecc55198034d3983f3baaab28761d2dc63

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
43bd185c34229e4ac9855975de133fc4

SHA1
75bdcb5a5bdaed4fd95f916062b0b7056174f625

SHA256
9654e63814b5f4586c67c5a579983f26898a4339b158f67c46f4095f60452ae6

SHA512
41745146d9fd1e265660d86f9529e0bfb85c2bf3c69d17bd1494c92395fee878dbc78b825acee4b3cfc1ca9c615f7bd77f7d5a382d5909aafdcf124197de6555

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
01ae71c75821a7541ace4a0b3a392594

SHA1
945926566c3e257a758e40877c5cfa65ebcd2bfc

SHA256
72269cbc8433ce5b5a305214c241c7d3ae20519b5fc690e31f94d7b7e7e18fa4

SHA512
cf0d82fddcc94e827102c759254448938d26e813e5cffc1641009f367458af811d4d714aa85e7f410407a0321acef419dede589ff6f863421bacb5f88e3d28bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
022e62158add48a4e616d04d1a082095

SHA1
5ef2018b3fafa9908c59d838d0f8296a01dc7ef7

SHA256
6eb3b0ae248355d46a6bf79973383cc405ede862b5e27e772eecf9034ca2168b

SHA512
e527912699b6cd77a9918f976f149ad316cc1e209777522dbf8cf6c037eb5671f1bb628b435ceb4c129238051f9bdc5f5ba2a54578a324dacad0d797cff6df7d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
2841e71ac4c2b2edb3a13ec2c49a1fbc

SHA1
18d2c6fea5b047519a11e3e7612c35367edaef1c

SHA256
ccd0da7112a4b35b9b5c5a1641ca56eea2b646ec31ca17acedb84c8ccdf7d6c3

SHA512
ff7f52eed479a486bf9ca6da5077991d75b056824a6a111c4fd392fd73935836c39c6d476b67bc25d0e11bcf96ef4a417cae58f5c0ce9b23a1ce9aada822dea2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
fd5a3faaa14fdbc0210964f808fc4d75

SHA1
64c07e9a386f05e693a6111f5391637106cf0b5a

SHA256
98bc0c0aed56b76f72cdd6945900a50798c20cf45c15a1a882cdbbbd10bd2f41

SHA512
741d1517a150fa5e5b281b119ee3955a9557dbfce998641a1556502decd45ad0926f8e3b11d8b309cd11704aa57132d7a0e3b57ccf3a2ad9d6852ac083960087

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
2e0ea2f9bfd1816ec421d09ce1e3512d

SHA1
6b5e0f967be65316695fa2cafa949fc0762470f9

SHA256
50290b946416ecd63d1c51f7f11d830aa5a91ba58cdf6c821d2f27286d68513a

SHA512
9ef3f7c44480fe27f6dbd5db5a09e81f1bf98806496d2e666a0d23752b27d8b86e2a4b305e231363c75bac591ee0dcaf537f47d00d3be46c7126e09a2583b410

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
0bb95019adab79737c715b8b535bd9c6

SHA1
d162453050aceef6172b6aaefa9a616f697f6a10

SHA256
10519ea7f75ef98f6aa902db4653b23969a9cdc3040437b838d5766b439e7519

SHA512
e2136e281026d61473fdf0fbe871ed4c6288bbf06a688582d0c27d85b6deb8d712ee59c9f9b9503d0a4bf84ea98ec1b711833bdd4725399d07a9ac90ea5f46c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
4326e8d2fa6a51f163bfc8ea4e522f37

SHA1
639558d3895685b08b3a9e5fac5672fb74d2a956

SHA256
921941cdc8e248f6b804e321a3fcf23cf0b50d629100eb2080880c8f9e0d8279

SHA512
81fc53aef38c0681d7601ae2adc777804fe9f8a7ad64c586b5d8e0f5ba98e4fe710c7c1c12ebada7ee6f58df7f118f9265f217f13de8bf5a30bd5bf1ab0fdb44

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
b6e39c599f6fb527abff1f747bc2a8a5

SHA1
6704e7448e84f849bf7be6b114e9150cfa586d09

SHA256
3a8ad3c92ba53dcb280d6d6f92e24face94a5e6732b149aa8318bedd20961501

SHA512
f62979126eeebcb02425ff6deea0bb1740d205b2b9fde4631d4e191ff4123f428acefaa5cb7fed5f127c3d98ef2f4fdca788b90605fed1942e10ab57ce581bd1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
4405984bbe297ad9cfb7175419752d55

SHA1
557d682fea2c1a49725f1d48f427048376ed94f9

SHA256
10d8d8ef4a9bfa4c031d0574508bd503d9940f6d2d55ac68de36a0623de6c7c6

SHA512
60cce5b6ebb1a4b370ea7c94ecfa99f3254468742b0f0aaca210956db6ac0fe99bb0e46fd158b3d9eccd0f888b1b0a5e35b4e61e06c13058094fb169cf487801

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
ae38cce13e08cb5a1b275306172371f0

SHA1
5164e31e6d27c5865973fe0bbe720fe0873ce06c

SHA256
80755e43654c47caeeabfa704015895ebe6faab4bb1ac1f3b8f7ec1e376793ce

SHA512
ad7b0730f90ebce217501aaa23a67b19941f039f6b3879a6565b28a405d58bc45fc602b40828d9b7d25cecc155a957d35caa3cc79f52018a96c8fb06baae5dd8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
d431d74d238d844d7649a14b76af9afb

SHA1
ed74beda53e154a23061ac2285f940ce51eddbea

SHA256
7c343eaccea5ca03682847509079c341d4a513fd7433826de68feea26be0a3f9

SHA512
7142ad410d83364355f833809b1e45fd9350043d87d2f22a47ebdd8ce1b7aab0a91df4acfe7cc2ef2c50e678d23597b9783213542382584e568f6276c6095ed8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
cec563129f3fa116ac9596da7ebc5e5d

SHA1
b8e1f1ceef346480bf5b2f2becaf0c44f8262208

SHA256
7daaa8f7bda659ca1c33da33641d7b15d2332756a23d9e5a3ebd2392e3f67a2d

SHA512
c1ee452524aca163d0e557128e4b57996d805d5a01902be0a23d35211901928051e69f3531c12aa832abd4af52ffbb71256ec9d1df6549a3a835777f5f7dee68

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
b37e914f4b8e8dbadd4460b8d658b89d

SHA1
cd9dd08717b784178b16de2309c5407b111fd817

SHA256
58da78a90b507fcecc1e5095c297af0e372dc3de375c6421c8ec8ab4e85f01ef

SHA512
f735c9e658adb2af06be0bebf092ea737484c87929167c0f4fa0c575020f833884258be3e847ed55b7488f231ca9df2147d90210be56a637d60370aaea458b6e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
55fa55a86836cd7426e6c314a39b7ada

SHA1
5efe6a51c9e5cd5a07baec14788f3f11b99cee71

SHA256
77695323e4e6c5f093638f5766263c5bf980a57f8fb8edbc9e635651f763faf6

SHA512
fb38a23ff8f9734fe239cd627a4a4ec30f47171b6318ce47db2a42418b66934ee947fcc103c0eaffb839ee01711bc2533d9f1329a387a9721769782abbfa6195

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
43cc7121000811f5b1131709328e2c3b

SHA1
1cd7ad776d499616570cd59bdcd02efbe5b9a819

SHA256
799bff9366dc82f979e9f201e1298d8e03ee5785143e09de3cfa150e4fbc548e

SHA512
2135bda1e173bc5806f0aa2a8f632dde71a270e4024c699b2acbf97b8293900c4cb82953ec98e916f3ccedcf75330ad4f755d7295f031dc834ec2ef4b95737eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
f996a10bb6d8a07a209487c132fdd0df

SHA1
439d151eab979e95ec9eb2360668a261067e044c

SHA256
564c8b4e8fe6770c6e173953a14b6145105cf1c9d25556198fdaf7daa624c2e8

SHA512
6fb40ab9695e8f3d67d3db740932670481f1a4e5003f38a6f78101f6f48623c6c3fdb34a5bdf9b0d5e4b561615c6dcb48da591f1b1ea4387cbf0a80420599825

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
754a8e5e984c03f6cf0b751d949a8323

SHA1
3b1f9aea681ee62ff4b8e120c1aedcd3bf4481e3

SHA256
26effc91dcd743ef0eba94024ab55b4b089f2f5685f1e8cbe1119d62919fd5bb

SHA512
a7abfe880ca19bb8d85b4b868543bb56aabb2587aed6986264ab873424507c1f05962911af7d9f38c8033f40877f21e225d89ed6f058fbe7e845a732ac62821d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
d2aa3b8c9807aff04712799a273305eb

SHA1
910138d6b083c71538ea2b7c9d14c5332bbdbd83

SHA256
fac65a8ed4a5e85aa98129f084af700fc07759413949a1328e906a3df0c1802a

SHA512
3b917ef3aa10ccecd62a8fab4925d0da65b76e8d74b5fecd038f353ffcc0e3b9f7c42aca68e57152890200adff5ad591034a63744b66c2e163fdf15658c15dda

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
3f234c361b57a84dbba9d58de42d6528

SHA1
4e3d7e9ac7fe7ecf7510b263a1b2f2d5f1c5fca3

SHA256
f9780e5916e3ccd5634d4022b8c94c43b4a207eb6260a5478cd4d2b66833297d

SHA512
ce3efe3e5155894819fd690686c4f3f85a1bfdb66e81fa81c4eaa510b7f528aa9450dee7ca1f5ea3230fefe424f20dbe5ca93f094bb9fe4ba8d793eb5f4f51b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
7324b8d8c0b12fdadab7bb0f61c47cd9

SHA1
f736e89feb0b950c4fa770cf5556c2dca8fa788e

SHA256
a5ae4fa591bc3d676d83e3aac249ffdbdfdeab39c1dfabe3932722af1a42c594

SHA512
b239e87606ad97f63bae417c103fe127b23ae43af424c692a67bd3449fb116b6c011ee5785963a0d4133cb0cb1247f0d7e4e99bb9ce4bafb186a3f89ee7c8d50

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
b9fbe3bbfde4530989fa48dac51c9cd8

SHA1
64428ebeded433e45a8f73b5efeb0e346d56e20e

SHA256
ec9eb17af6a0bbe696b98331dc9a3b4188830b01fb5691876831c6fe4ab35936

SHA512
040cfc17d3dd390ca0f38260c876d8f0031e128943b9bbac096ab5be4db95916a00686af200679e43f74fe423fe31618b7b8bef1dfbb4c2b3ffab1ef1550a7ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
7c2e160bf839189f68bc223ba777ead5

SHA1
9e86268ef3daf25d09478a511552b8fae05e6ab3

SHA256
dd19a604b7de20fc94316af866a1a30a39b59e53145c619f8d970c094f038cc4

SHA512
cb6e586f174c97e9b4f22b986c43049d26817f981693333fe47074ccc37c256d68ee5c9467595e2a7cc2907ac747b1964ed11e63ecb169e03e97560898c0cedf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
ef13952a9a860c6268d802efad684634

SHA1
a02cc9ea2d3502ef58a010c7ff1743da2faac9e4

SHA256
deda571ae5cda900c5c38517bbda5c9016bf766f64dc8e3df66e1ff053f37771

SHA512
ec51778eb71a446ff2d0a0f3b5f98adef998558792d794f2d9a4430989e26f2ea8745854e5bd58a3a4d5b91ba3a4729a0a051063db01460f21d0f680c4cbc9b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
0422da721a1362bc647ff025133b35c5

SHA1
bf2bb25a23cb283b54b3c3ab4f15795fe370ad5d

SHA256
6f826cf52a1815e70482a768bd8180962c5ba6dcbf19bd5a5aaae2c0b9181cd1

SHA512
001988ce814c35616f0a6693b8c132ca29274a4dafa1c49c2b57c52e50c0741a007e6ffb26e4eacb8c2b59f92b7efdf620873d4f44eb3cb09d17c79c2d2ebd72

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
ac894314e9ba6ddbd25ed8ba222fd5d1

SHA1
93c70b41987b62419335c7b25af0a05f31abf909

SHA256
c02287bdc1b4191e767297cc99e72c26e5b780dfa59e74b6fb2c75f0c3ab5d6b

SHA512
e1cd89aaa337bf7929158916bb43dc5f0fa3577089e9479031912a30d07edca2c1d704fb923ae3aa3df942ceebb776db8a3d2410b442d87438fb0587967cdd77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
17e04affe30c4621d2eff7d9391b8f54

SHA1
34715eb1afed795773c311a4718204139606daa6

SHA256
c354a246ceec15b7980a0cbaa3b66ec009eae3afaff7aba55482b4613e5ceae9

SHA512
096ff04d5f01efc1ff95c8f73f1fb4a5c7a1a77fdbff59b91ea363416474a1e31f141671ce0dc7070f022fe514d79da39b604f8001c7a21470732b06770b8e9a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
10dc566a228658b8b999d28db25e538e

SHA1
39485cae961636c60bcec526d8a75f763c618d9b

SHA256
ed9bae8119728724d38b25f76bae6143a37b084141257846bb6e68fa20e610c5

SHA512
42814df319cd52ae8c97eb1dad85d433fd27623ac1ae21ac9e34af5f01a1f0805d264fa94ab7d4d891283f00c2a9cf5677e12c46395680f98e6da92c4d42b3ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
93e8cc1a07f018941639fe149359a824

SHA1
25778117760957bd7c9fef7e053280c83fb3c4b5

SHA256
f16e653b56a1b2446067f3feaf1b98a0b8130aa701b53593a5c8ca4ded50b1ff

SHA512
8d19829ce33d001d22ec6383699b5fe2c39f1febe9e353326f5416a50a238e33e4ba0c6c0412408ab54113bc6b21dd853167feb7454ae4ca4a5ea6227275b8c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f05058e4caf591a5c76fefdf38f4c9ac

SHA1
2df7c3fbca27be204416d17f9a51c2783ced26bd

SHA256
efa17cda5889b19c9f5e27a3dd61fdbb94b16fc8d541650c26cafa23df354a3c

SHA512
d868cef9b0b0d2e7e99559313721f1153ee1ad825ee2ec33bb8b7495c36b01f7b5e88d1e7e80eadac0a5ceb56894a20d92d912e9351ca2b83ebf1bd362c355e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
b56a8cc1ca2fb215130ce9eef8528888

SHA1
567175b1c659ac71cebe876a3efadce19eebd5cb

SHA256
0b2bce668f966dc0ce26d95e01cbfb58fd51f50df7c54e0134e3a340bf072ca9

SHA512
4bb8c85a5c18515165ed52d7ed762565954644613e5ff42b4a3a16063a6073e43583da5ff2a88eb95daa661632a538809f8b688addd6b44554ea364f3da8c3f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
54e5629f23e41416919fdf5f9e358e67

SHA1
8ecb3e6a7793a6ec2787bfa8ba5967255aa36dc9

SHA256
e0f3d5d99cfbe3bd7026fd3a75fb9e1e9d4e00596100e4d40abbf61f68f8b977

SHA512
3b6fc498c6e67fc10d87070d483f05187fbc0a969c3f09e17cc18ac3bfbf53b1a223045fbd1fa2d897900191db6f33d9a63fbaedee11e767778aed245813bab5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
dffd5b5617753bfc8593b587d434c168

SHA1
bc323d691e2ab98d6883dd3fd5bc13beb6104cd6

SHA256
b24fbc868154d17a2273e1877364c11e2dbd334439fd436cfcad5c52d2f03094

SHA512
92016b91cedf58f11868c78d91af888d4ef589343c64fafda208dee386364dd7edae8151878b6d3d3f943dbcefaa071c067048156398fd7a45f1ddd7f37f1b5f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
894ee18eb5fc6541618f694f9076a319

SHA1
083a1e1501774186e49001a8ef122647dce953ef

SHA256
0c763c91c3a638e2337d534cf268e1a03cb48bf4856ac9f0e7a7dd3c9c20e3be

SHA512
2cd273d26fbfb0ef85281cd6aa976eabdf4621cdd476c8b4e618ca77d5b8c2790442ec53aa9b2d40ca57bf47de3228e1742e6e196d529d2e90737408903b7026

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
4358f0c1182876221c16a85ee749405b

SHA1
c858e77d7bb6b7e1b374f66cf1488780df68f284

SHA256
c1a90d9387c7e11c2ff72c002d98b11c4d5f2091b3781a85254fccafc969a5e0

SHA512
680ba75b190fa21ca36bf98411a3d24be930376d8216a823c145d546bb0045ff19a787827f89f266a11a8a7eab64db1c18f29e15729ceaea3554eaf24c224aed

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a0547fc49b3151c2ecf66660b34397a3

SHA1
43e70db05a31e9de0ceb6be4004257039729cd19

SHA256
4d896b768ba975d966e2cf83facbff63cde18570745f0069c72f847a04a42428

SHA512
9804bc0f9722b7a8d0c6cfb3438cafdbb361ced61fbd6041f750313fe394c3538573bce4cbaa47746097cf136fc81e411ccc707e0fdf0812cc79f941ff98e013

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
29608bffb2a49194fb853174355c7226

SHA1
1945edd250697370e5b0b1c6d5fb05b2abc70f0f

SHA256
478a0b08e8ef71111bfd1910d72d3dddc924e3970e2b45ae3d5fa053e37240b1

SHA512
3c8981149464369be369014e3d443a3d694f6d5d4e66c77623efa839e7435f51c45b8fcbb8b03a35eaed0c362b029710497dc851dc8d0297ba6f81c462bd0cbf

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
7e19fdf585f8c33a5c42b290ceb3f2f9

SHA1
dcec14e220059df10486c265bbee1cca6e1bc44b

SHA256
1a2ba09ee365236e859c7f8b07a07d424ed3b85df19da6022cca6c9b98a0377e

SHA512
62be8148c34ed54dfcd8dc87259058191cceeb6b4cb1b6a8aab68b57daa7234358b96cb4bfa49015c5c0f40a43252b79a3608fc906454a03d5f1fe02843f7b5a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
2687ba5ea7052d1ba9e054a508aaa9fa

SHA1
9d4db339dbbabc3c8804145904dbdc2ded3d174c

SHA256
f80a7dd65a91473dfc442739b53057516e90b27b80581e3e32c1fd12a7202e3e

SHA512
fb4a4caf40c41ebd95792eada576ace58fb674cdffde09f143085748e3f5f08366e4509def4a982223ffbdddfe42dbf0bff43de02b153a25177b4ad33bf41ba2

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
7be6b953a6f88e9cb5e513a335fc4d4d

SHA1
d03152e3ba174d4ec0aeaf97651ca05e9ce1abc6

SHA256
0be76fd9661c34b541b02c9e0cb1b3e5ff3f01f7e4d96a1d6aad056a9c1f9ba8

SHA512
0908ff07e46e6a62489a935ec1a1700be0095899155663352e9c9e24577687e9763f9cc648fde90e8759cc805d0065ba1b3955f4e528ff6d67fdce4d23247eec

Download Submit
memory/1292-10702-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-10815-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-6670-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-6675-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-11130-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-11135-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1292-11136-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads