xorist | 8bba419144d0b59e342a7f339f9880f76706bbe564d3dbb72f8188c87663b7c3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Size

7KB
MD5

0b7fa305b57066885d7d70c96d51aae0
SHA1

95deb2721b418f05a0b6a4cb4fa94c8c52f2fb73
SHA256

8bba419144d0b59e342a7f339f9880f76706bbe564d3dbb72f8188c87663b7c3
SHA512

c3dd52b3765fa4d286b73b4f21e782986bd950e3d47bc5289e8a59ab6526288288e2b1df1efa9a9b3f4cbf8ea7850fdf361da50b4fa814f4bb1a4772382ec8ea
SSDEEP

96:1hZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExqahzNWINBXlqPTlMUA:bzdrr1FG1WDCgmjPZvVNVlmlMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/4900-6366-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-6365-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-10681-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-10832-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-11109-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-11114-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4900-11115-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4HLS0rLX0ig1ci3.exe"	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid4.inf_amd64_65ab84e9830f6f4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whvcrash.inf_amd64_1173082afb4becfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock3.inf_amd64_9977beff54a96490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\arcsas.inf_amd64_b3d75f82c617ac6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcxhv6.inf_amd64_f1a7a2fbd6554d60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ports.inf_amd64_181d494584779290\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmc26a.inf_amd64_dd85a83bc442ed33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\el-GR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multiportserial.inf_amd64_e92b6921fca885d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kscaptur.inf_amd64_b95d9f4691816045\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsonyu.inf_amd64_0e77868deff0b0cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Licenses\neutral\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_glk.inf_amd64_dad1e0a2b185e32b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_amd64_3acec385f5d67bdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_4c83ce3a06d0048e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdofmodels.inf_amd64_acff50a7960b7d19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdpidd.inf_amd64_ce12c614d182f4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4900-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-6366-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-6365-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-10681-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-10832-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-11109-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-11114-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4900-11115-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\A12_Spinner_int.gif	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-125_contrast-black.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\MedTile.scale-125.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-125.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-48_altform-unplated.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-40_altform-unplated.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleImportNoResults.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Preview.scale-100_layoutdir-RTL.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-32_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubAppList.scale-100.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-black.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_altform-unplated_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-lightunplated.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\RunningLate.scale-80.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_contrast-black.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-200_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\fre\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_retina.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-150_contrast-black.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeTile.scale-125_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\GlowInTheDark.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FetchingMail.scale-100.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-36_altform-unplated.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlFrontIndicatorHover.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\[email protected]	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square150x150Logo.scale-125.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\assets\[email protected]	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-60.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-300.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-100_contrast-black.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_CatEye.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSmallTile.scale-200.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-125.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-100_contrast-white.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-200.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyCalendarSearch-Dark.scale-400.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\icons.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tcpip-driver_31bf3856ad364e35_10.0.19041.264_none_b5da2694160ff24d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_de-de_19a25dc8ae4ffeea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..lter-html.resources_31bf3856ad364e35_7.0.19041.1_es-es_5706e3c68cd4008d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.906_he-il_0be8f8db96d74140\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-twinapi_31bf3856ad364e35_10.0.19041.1202_none_301d5c0e1bd4c77b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2bd3f83975569193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1202_none_105c5fa821f6b5c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_bg-bg_2a5b0f5860be5318\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..opinstallcomponents_31bf3856ad364e35_10.0.19041.1_none_a8bea44d075fad04\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.173_none_4f258a6fc1228741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..llauncher.resources_31bf3856ad364e35_10.0.19041.844_en-us_51152e9ecb43dfea\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12platform_31bf3856ad364e35_11.0.19041.746_none_71f233c42dec4aed\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecoreuap-deviceaccess_31bf3856ad364e35_10.0.19041.264_none_d64e0686f90d801d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..-binaries.resources_31bf3856ad364e35_10.0.19041.1_es-mx_b0ff32074d74c45f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-srh.resources_31bf3856ad364e35_10.0.19041.1_es-es_2b651c99aab77e60\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_638e961dd6edabb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_10.0.19041.1_none_1467e2a7a796dbd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.packagema..agesource.resources_31bf3856ad364e35_10.0.19041.1_it-it_a530122996a3bba7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-client-li..m-service.resources_31bf3856ad364e35_10.0.19041.1_en-us_f840d1e088d281f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_10.0.19041.844_none_ba9a38592c771431\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-xaml-phone_31bf3856ad364e35_10.0.19041.153_none_ae91d3770ee04a43\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_es-es_69d08230123db221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mup-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_352d4363ee2c8284\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..es-interface-router_31bf3856ad364e35_10.0.19041.1_none_0de7142c1de6b3c2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..in.assets.searchapp_31bf3856ad364e35_10.0.19041.1_none_501fda1ac26a3cf4\StoreLogo.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fscopyprotection.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_c1ff315577a910c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.19041.264_none_b435e08254cda322\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directx-xaudio2_9_31bf3856ad364e35_10.0.19041.1288_none_bb4ae491f259a357\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-efs-util-library_31bf3856ad364e35_10.0.19041.1_none_fd0a6eeb422c1af6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..tcpmondll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7785f0821c788dc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershell.security.resources_31bf3856ad364e35_1.0.0.0_fr-fr_cb563c0e7954de2f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Text.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netwtw02.inf_31bf3856ad364e35_10.0.19041.1_none_7e1c59b5a1acb666\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-installer-handler_31bf3856ad364e35_10.0.19041.1_none_9f2040f21f8dd5fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_10.0.19041.1202_none_86f1a64ecc40a477\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-help-adm_31bf3856ad364e35_10.0.19041.1_none_e339acaa2adf14a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mobilepc-location-api_31bf3856ad364e35_10.0.19041.746_none_f93585ef038ccb12\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.19041.423_none_d93ee361fbbc8f0a\SquareTile71x71.scale-100.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_sisraid2.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_cc594a55ee3101da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..sprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_545f26ab49084ce3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..t-snapins.resources_31bf3856ad364e35_10.0.19041.1_it-it_1b7c994db28c2a1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidir.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_45b8a294e3568029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-display_31bf3856ad364e35_10.0.19041.746_none_3641a7f54183dc3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..airingdll.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aef39ec6022d7b57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-guest-network-service_31bf3856ad364e35_10.0.19041.964_none_4b77111169c26d4a\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_396ebdea411b7aa6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkprovisioning_31bf3856ad364e35_10.0.19041.1_none_83430eaf599ea3ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Exchange.Theme-Light_Scale-150.png	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-jet-ji32.resources_31bf3856ad364e35_10.0.19041.1_it-it_3b118c05d2958197\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmemulatednic.resources_31bf3856ad364e35_10.0.19041.1_de-de_203ca664578377b7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..recognitionadapters_31bf3856ad364e35_10.0.19041.1110_none_716fb22d165a336a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..indetails.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e3685f97b198e2df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.19041.153_none_c45ee1c66749682c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webservices.resources_31bf3856ad364e35_10.0.19041.1_de-de_1bb7572d26bf68bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.numerics_b77a5c561934e089_4.0.15805.0_none_c12291133a07feb8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\INF\.NET Data Provider for Oracle\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.117_none_e0d32848ac56114e\oobelocalaccount-main.html	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rsaenh-dll_31bf3856ad364e35_10.0.19041.1052_none_d4a1ddfb66661740\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlan-dialog_31bf3856ad364e35_10.0.19041.746_none_eda7bfe24c7430da\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-ui_31bf3856ad364e35_10.0.19041.1_none_2e593063a15ee620\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\PCW\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\http_501.htm	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "DOWJKNRQHXDVACM"	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4HLS0rLX0ig1ci3.exe,0"	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4HLS0rLX0ig1ci3.exe"	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\ = "CRYPTED!"	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\DefaultIcon	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\shell\open\command	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\shell	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DOWJKNRQHXDVACM\shell\open	0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0b7fa305b57066885d7d70c96d51aae0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
1cffa176041bee68ebc0b0da3b4530a4

SHA1
2b59e049927a93f99fcfc518fdd8f714eb236188

SHA256
51ee5be1208674cad6decc509fc1fc6b96771df909face218142852ebe1afc8a

SHA512
c9e4947ad3a7e550161d8e0ca1629ecf978c860e35634ef60673b44f3427133e6c70413a2e3fb808d563222b2ad3a08c421a1f1cc39b7716df58e5ebcb230a30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
be7f1ab4aa5903a82ee8441abc72438a

SHA1
e757d7bfd32a08072afe174e952cc4d6d8414009

SHA256
c26dd39622a368881b8759418aecca6d32dae8b33ce7e562eebae842392662f7

SHA512
47ab299dbf02e3955dbb243119df6f7dd8bf6b02f9aea9e2da29e522c7ac5587b7054d7d9b5ee29988357042c70611d7cfaee168092e435305f28d36ed0d2669

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
1072951805d29a857fd794e953ceece9

SHA1
7db066142d0ea70b324df719bef6a82efecc1d19

SHA256
19c3f7b432b56e1d8c92dca0276e7aec64c9055b4db19f4d08f7cf49a19ba868

SHA512
0908c77c7ad55adc453d33b3299aa07d4873cb07d8ab2281a759417816fa5bac4c51ce4eeafeca374ecbd753e7fdb97788cf53997bff0b7e86da4720675e4fc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
69cb0596ddfede07190150c28095b7d8

SHA1
d8a28f5601737d2c8e21f94e7b9f1c266189f6c9

SHA256
6a4a8b0509836b94328f72db84b6155803e15bfcf5f86cc83af73dfa171c25c1

SHA512
e46c949678955a775afa5fdf70518be6c06b85e65353c455a83933e7253e0c87b0a2ec3cf3d8d32e4d2b663e38b80e00f308b874dcb996f61732e7245337f221

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
a6a79db54e7c81ec74b5fd8cb064f6b4

SHA1
dbbe3b240bad8310705cdd9c96781923aabe1789

SHA256
3e4ce6169a9c4671f3f52fee20fba20da0457970a9f66854819b6be3470fdbd9

SHA512
328b30692f8387d2e5aaea75222967bd649facdd8fac837aa8a7e1c6956100c304eea199c8279041d3710de1e4840adcfe7af2abfba1e10192844290d2d7477a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
e79a952431e40fe49e8b7eed0a425429

SHA1
7c38ef155eb6b601053743d09e219c7d543daf69

SHA256
6befb9a35b384b482f73d21dca385b8c82b105943a24ce090e69f19d105e4356

SHA512
1840b46779b5edf0eff09e72ffeb7291e990ec97ec0eb5c523c11fcef5f97bc5ab74b5ae6cddfcf8290d766ba27f07ad8c11154ced8643200a72ec3e93f92438

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
a52684cd14978561adf99fb8c837ee08

SHA1
ba76fcbb90345bc520f75fc2a9b62a435e0e767a

SHA256
140fd92dc1b832f97f3dcf65546d90fcc43d25d623bc3e3623908591ec0b2652

SHA512
0bd6d63e5675a3e7f6356a01ef43607ec2a34dbea2d8ecf8945e1451d6c3cb46e29feb2608ab1d5890c3d774a29a7782f62c646c5f8b3f51b6dffb5874bd0087

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
f94e1da7f383df10e281bb1d70eaf913

SHA1
3058f2ab4490c73d20548f72d320dfcda7f33ae0

SHA256
f0f2eea11bbec5f93b04ea81f31ecd2b604121d3f02e9cc19d8b4030811f8086

SHA512
eb1a168cf24b829d8b6f91c93356a038a8b8eac5a83b30a1bbb212b19d0a9f7fd02fef77a5a728326bba8017b5bb606fdb56920b013d655fb66f99b348e76fac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
1f66cf3b6ea50078aecfd074c92f6381

SHA1
61c0e0b03450bfb193c85de9765e9e093a503733

SHA256
6955812fb135335ed40c2a4fc64d9962bce7ea08d6aa9d876390290fbc93ad1b

SHA512
85d7ac12add66d430cb9cf3ab70f6aff0697a6b6ede287cf74691b2480da66882d5d8a568db2756171c0b4baa6ed778917c3fe5b00e39949e284a4a7e3004152

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
fdc5e48112b39860ca44178d13248b06

SHA1
38fbe9382f462460848e951313e94ee83f6ca416

SHA256
14f79667f3f4083ed65330eceeca35886b25208a7141684b6fbdb5b98dc162fa

SHA512
7d05f3a040c13e469174b813766b1e13b55a635881652270443eed863b77ab073c952e253eabb9727df1dcbad851f16a2ef1cbcb8c0b4d9f889754b251d0827e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
26b41fa4ab07a4641095d38254795ba1

SHA1
c42fcf8d31e1f5e797f442602a5d51b52e906c61

SHA256
084203b795916208cf45ef589af07b15a0accc7a2cdad64095acb5f2d068a34f

SHA512
9cd646a37459469e2d59844077138018601a84c39143580b374fa5140e8bc7ce288d3e341cdc01d4b69f67a8bd18fe419a50e0f7976c3be9bfbffd8b87ed8e0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
fb435c986457a6e4566ba91c58658595

SHA1
28bc6fd063c89ee1e2620cb81e80059c26881f48

SHA256
fef9c3d57c3b05c1bc676324f8839bd78bbebc70e88b2db837939d4ad440ecf5

SHA512
8f8282c879d82f7b28f8f87f718fa0849cff8de588552fb688cb7b02c82113f5233905cc8e783f66bb501ccaca29e9ba1280ab174e86ad2928b158e2d9d79e78

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
4584416455709cafecd7ff710b35b7e0

SHA1
c35a7fa627921f96a03e3b2d01606d5ef47d1be7

SHA256
757ca095eef3ea9afe970ba8b427536d16ff78823f52dd2b28d614d17476b200

SHA512
806868dc85127f3914077901d9b1567764466e1b090fd49a3f236c7c001a574dff6ec028c606882d3ba31e1a27458680320338ceb101fd1edeca06fe7bfd8e8c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
84b93e833ac4f6f89f5b7b1e2ebcf784

SHA1
ee68466a9db3585b4f6e65944acefb768e476087

SHA256
16d1573d74dc18c8e97a55880fda57306b52c85eb6ce08b1dbf1e8f07ce2236b

SHA512
c983a0c139178462888e11bb10f811ddb7c202f27d2b9106b07ce5d4a698d44b1da86169df5536485093d824495995d8c2d3091e45dc721dc975eed9505c98e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
eeb348cf886975eb2c8b01c691fda98e

SHA1
7dc3f57ed3a651ef2406f29ec6b206f5ca9af4e2

SHA256
4354c7b11b2dc8fcf5cd85ffa48e29a2f4495f6d301941d51ff9828b834671ec

SHA512
4e9d2d3f5e8226efbc3416f95fb531abe4de1f6dbbf04452822c9302b32adf01f23b00873fe7e9c90a9e46aa29245a1e646800b9902f3e476717392400a08e39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
faa0fd4da91693ba52bb34307cb3e549

SHA1
7bec68d2a5025c9b5b7dd02d41e70adcce376eeb

SHA256
1675ece189f1681690edc4ccb93f332a2444b9bcb8a13a188e281e3fa577789b

SHA512
f569a59ca61738cbf2bfc8e5286d1f53fcfbdadc0b40273e94f89caad7a30442ad247781b12b5e12e5b556171607033121c3e236ab1716628acd42d4f99f4869

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
123b01e213bebb82aa11fe8eb6d4ffa0

SHA1
625f273f537717a3dfaac8c82721d7bd8dad7a77

SHA256
02851626d1c176c96176857c6b154396ba2b2562eb8157b13ea1c49822fbcc6e

SHA512
598beb9167aec494d2bad415e631f1001079c13227b08083b66ddcb6eddbf6360d2d7a790ed1252299bd9a587a95599ffc6665474e00f87bd2775ac8ad26b45b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
52a66df517f88fca83dabb3c7fbad60c

SHA1
8e875555e8c0c79fa25f3efcba165b07eb777caa

SHA256
ccf72ddfcb25b1f6699600704b139fb5ff1ebdfc0c170da250b43a15999a6688

SHA512
46c834f4f1efeb6311cd907ea51a28993c29fb3124b1f5aaa8c3ee49a4b77f5f136dce522595046c5435b2dbb84fc8f566f68f5e8327ef8b19201a466de99ebd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
6fddc8658e9ad0f8489e21c3183c0073

SHA1
606c96a2e1a712225580290a462ce03d0855c956

SHA256
c3997d466d9e892c52bf3912958de8ca9b374fa28becdc80d6d234d0f46c4671

SHA512
2e3bdc04966ecf5eea7f72b8f55d70b9335d1cc348dbb25cc47b40f54339a6f811dd0f3e606f1744d1350b08bfe52e9ceb49d5527bea24ad2e8da5bba147e403

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
fa4216ad59630c8f6404b69d6533484f

SHA1
d5ffd0269dda886af099daba40f4be602e0d7a59

SHA256
f1e27196699f574106a94f67f865a56add2b621927408e62d61b6fd6e4f49da9

SHA512
01d02bc1f93e2d7ceb9ed5582c8354adb4f8d2c74b2056ad2d22152a8301818790f9246c4caf9263f3ee42fc2b9c22530cc4b13f20587ecdf44b2a2b7a16c358

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
5114f0683ecf7b34c0ebc62ded9fa4a5

SHA1
39003b14ed1e91240cc5805ac7adb8a892e271fc

SHA256
b7cfea8a5bb1f788a6d4b01ff2c95ba09a9fb75d58e1945c7768667fc1e78389

SHA512
f6fac8dceb789e3368e5c8fa7db218414bd2a5abc1993474165dea96fbf4689c62d8ad1cacd9822e144d90a3c630af77905fc1f62e85f9da7685c69fce5124c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f5b4ef1c3d12139fe37940eca041bec2

SHA1
e217496d8fe9d3d9af938fc045c6c88057d7eeb3

SHA256
533838c98d413217f51f510865a3a6d4791b4f5d0fb74eee032209014522b4b1

SHA512
87651452d7f3dc4d8aa56942a79352d707f6df8e6dc6ae93a697e5eb5afa9b1e38a1ab68ae20fecd9ac9ddd7732404408516e1a836ddaff88b9930cabba4c934

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
19c37e0e5ebc1500a51dff87fcd8023c

SHA1
80a4a7aa93ff692f0be172ce1bdfbf9d6c9656f2

SHA256
8613519223c2dbedd326633d38fd7afe95f687253571e932421cdf0f84d00307

SHA512
d574f59c569c8d7bb529aaab5c6f8e24da8f2c6be2ef5f06a43516a0083fbeb8dc343bb6a3bf6ead565a6a10ae387592cabb8b181999f25ea3d94e778ff6e737

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
5dd994eda657bc9e84be2c30d0046f0c

SHA1
960941155c8fd68138308936be020591102271bc

SHA256
9def707da2d09a998be57a59027112075b07032d8cf5d3be3871d389555f3a3e

SHA512
2fe85e032cee969e8102116124a9cc271511149778a8b4dd9c7ae4524bbca8a590c0f6d861995bdcd2a9adfaa0430c72ed46b86d2a33855f9bfc3943c4ce1049

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
1358dfc520b02a4fe1c1a84b8c955dd7

SHA1
10a9ad427576fbee42038aa1990c456b45397a93

SHA256
e4fda6a2c23a506f354a666559ea60f9e8d9a8c4b3abb24dac351906253979cb

SHA512
a338aa6fca94bf5ada6ebc74e2f211eea92a58519a55f15f4c64fd269d5f393cc9b4897f1767078033f4d13827b208026cf9ceeee7caba1e218decb597c1fb34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
adecab5fa5164ff9e714768aad279d84

SHA1
fcded60a438a99b7b21666f213d899b61178c3a8

SHA256
5b7f7244b2e4d2a08968761a049f426322e1f0d867fbbde297805618a45d7996

SHA512
b1f2767d5769eafbb9ee53e19c967d12ca5450585063194665846c95aefe106e668dfc0175e1bd98687c1e0b3070964101091d5d792882d5a8065358df119340

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
6c4bd32d54a15d77efc248bbbb5fc4a4

SHA1
75ccaa92a9d4dadcc1224f490a82c93e46d382dc

SHA256
7852f63b479a6f0abb77d71f56b52dae4cf31bd7afd2f4897c81e12e473ce509

SHA512
b9688ac8e17787b004d2e78cd0a5942673f19397ed31a3d870d40304b85d53b8833519ee0d55c94998fbab89354d2d1259217751ed19976faad4a3895e6e9be4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
41b23d01c0ad933a22d95555c32c4c01

SHA1
70b6742d49b01417acc0e1741738e3584d6e072e

SHA256
6c0d1a3283a1a226370e8521ed4a4afe81f442fea3bdedd9d906440c7cf29cfe

SHA512
3db5510ca4222458e5b1b618fb4283f8204bfad9c5e5bd9379c4e71d98fd19d2261539f70a377f435001b0082163d78ebdc86f7a56f211f942e24c4599695f05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
9a5a41eddbf561d15b12f1f76b09cd6b

SHA1
6ce791831b455ef321536c8d4dab905d66248f51

SHA256
aa4797e099eaecf38d2a3d59b399e5f2d331bb2d81af316ca2df5d1553a24a8f

SHA512
5d5e11f97371e500b5a89bb1ff9df6d4466da0c00120dc92479bb720d9eac8acb9f603381c156c17101ca53735506af685f06dc63683e30993f2892e025bc997

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
e9040f3f28b5d2ebfa276b2f5daa1b39

SHA1
2166dbfe29650195a6b3a9dc2210be7608809cf0

SHA256
1265fca234ebad76c6db8b8b678e8b339654fce03e56e5dc859ab6f7545099d5

SHA512
9e2821c14c9571fb1bfeb7687e7afb16982a20fada09c51aa273e0febc9f1a052405d1d0de90741c5e7cb3de0dca31fadd586de7c309691bf150df9c2e5484e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
82fe0d631875330aaa4d359a81b22944

SHA1
fbab67d1ff8d37dac5b7c9677078b0fcb3e8d38d

SHA256
7d55d235863b360aefe6a74eee2ff9ec992d28ee0bebe11adc091adaca14d1c3

SHA512
ea574971c8b85ef426429c60588113b07db348c385c456697afbb891faaa9bcb6758d59c89517d3e96a9e57fba322e43bc928bdbf7e15f2a22c57b275ecf4076

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
9f29134820aafa2a86c9362c85dfc4e4

SHA1
5e9406bf46c943f758d9b511e29434d425846e02

SHA256
4033d2662e1f8d068796cab627d98f478f1a454725ac096c8f488865bd17914c

SHA512
673332b492bf6eea666ed76540e3e6529daaa489f7e09d3240a17af3e76028cddecb31c828b4f8d4e992f8205eb990aedcb837e4554db7d82e1e6889a8ede1ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e175b6aa0aa360206f277873d70e958a

SHA1
4ab0348805fd39428b43eb6df4ff26295a39ed46

SHA256
767e5873b159c3ce4b16333052fc60ec85879b983fa9b77b235ab1a8b65a5877

SHA512
c2f0a4c8a80dbd9c9c4159038d21f1874dfce7fc5cc106dc4f3a60eb1e424d40f6a0452c58ca40a82e9162c980b33a1edab6d214ce484d3c7bfab4263a5681ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
a63becb1d3f3f3a20bd8bae5ddf898f7

SHA1
9c1faa4e05f77091d2c2b43de9112546c38fe631

SHA256
1e7e7539466d69787049edaf3c68d34045a3197e526fb8339d8465d257eb7b5d

SHA512
5510ff40804051bc16388b40bc1baec186cdfe8919c16e7186f0206bacd2d96eea88ab88bd2e3df94c23deea1d0f62a80283c3e20968a117d93a10ac92712546

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
2c2b6ac43a34ae523591a18bb6e83cf0

SHA1
6ec54b783a0cd5ef15e1a61df04b2d8f12e5d4cc

SHA256
094c2971f303f884b89f4fe3adf38043111b238f477fdb96bfd0d915570157b3

SHA512
5d99a57ad93913be3094c07dbeff8b347054458132d172295cb1e151b535b565a21a154fe0f50a6e8c960876878df12cad5a014b3f417000d6d098d18e3f784b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
1351a16309846361e7df2e9ddabbe68c

SHA1
76a2b1e1b4e7582241edddebbd95d2bd8c846873

SHA256
b56a4435e360a6a233adadf70aa05f1d617b62552deb7cd40461804dafb07861

SHA512
cb2431fe7eb935a5535f507811099cb399cb4a170e45905e03d63c3e4ccc24caee49219d971544f430a33d942d977029f07cc119b1a8973228a193af9886b4ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
2de26ba198ae95fddc0784126d01383c

SHA1
e11f41e2ede180e124e608938abfd3957f730229

SHA256
9b00940476c9a27e22e6687203b6fa6ba5ccbbd5a2da0b46777da8f23b0d3bb5

SHA512
f0d04d3b11345371454c5fd3663df5199d79dad8da263d53e762fadabab65fc6f8d058c1fc7e9b34e430e4addfce9508f2e1a9f329a255fc8aee7a68ee315561

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
690f19b9b809ab6b2118fcc8b092f754

SHA1
32e131d24829bd7e44150b2e4cf5e4cda31ed914

SHA256
da3b8ea8682063f98fdbece4a16c7ae614528331d5eecf53a52546db15fb7fc0

SHA512
e80c746fb809e8c97918cb1017ac06b44481784dd91a60ac2f92877de97c47ea281aaa297f42a4deb2a3d68d01efafcc2b19658196f43d0de766e2b3444df0a0

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
295B

MD5
8eaabc9bb342fe08225621bc22402ea2

SHA1
245258b3a82f2364e4ae1384e21caded9392dfad

SHA256
48547410b1b9c9fe9cb6bde9833c394fb861581b820034c9a3646a28c0377a73

SHA512
fab6c8329db029886da9c3d3c898131f5426ab7b3e15150b017f0f01d108a44f1414fa03527e8db2aba139f73fce320ab79463def1eca19f1df6d220b008e37f

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
791b2b2fec523edc1800226477564dfe

SHA1
f250e532206be9ba19410b9b738f24f5eb23f776

SHA256
ab90d689e4adeb28ba9c57eff1d92378266ded600f520fca4e02f0d840e2898c

SHA512
8a6051eb6660ebdc0e2312d9fbdfa9fc06740b53610a8e177598cd0d8d8e40bfe724ec9ba818955b0f28db5b5bc220d8992c63b82612f504b217b7d3ed37cceb

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
02cbab169efd1df074a0c448a7e98451

SHA1
8747bde4d4170564a5f379fa868b1ac935617507

SHA256
d2bbab4f1a3fb4920fb43b26c3797ae6c4d10f295c5348865299db723ff30e39

SHA512
8097a75d0bc9f335a01f073e243136ab60bba50ea2ac11a6d1a680c77f6314477465407dec12fb3139ce8951942a38952d3d4d5dcaf6018ed692d5f4b5824dbe

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
2ee7711e6f91b47887bdc2eae1de8f22

SHA1
ef569bfad19d02a44404573c41166354c9c98063

SHA256
f1ac69457387d6519b86f72e34895f722d157e7abbb3003da7b76bc03ed12726

SHA512
46fc41b5eec2a90a472121823f71927ce661ef3838f70c4a0f9587586d6325d78c0318926b988dc5f6b815daa75dfda69cd054da2d488d2df0fe7a87e0d74952

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
43b67ce7f1727aa17d1ff7a9a1b2482b

SHA1
7ce8069d9bb938b352656ea2db3e8a805ced2c6a

SHA256
aa5e112ad542c096d90356467302d18a98fa55f6ce8ef0d5cd265c5ed27172ec

SHA512
711663bfc22e8da591776fe697434a648da78bb61fb3a064cb920b3a63d176b4e576f414690a4c703bc0be95bd7cec39b59ddcbd1aea1be5daa68873b311f829

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
e7067385490443c08708916cc8d19bd8

SHA1
b49d86a4253e76f1f5ba23c9ca41faeb619de6fa

SHA256
0920e356ca0dd58e6f1397e4e0f614c638d5e91cd6b2480eccd6b370bb5a5cd4

SHA512
3ede0dd8e8bfa514c6af012efcce8787d4a2f804c370d87c16460d3cab33bf8f39fb2dbcf952364a5811a8598336425e61083b667ad214c6d0cae8b71ff2a1e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
c787a2c31e02590b16a5daeb0dd161a9

SHA1
fc0e3dd1047b16449500b59bc44fbe6cc36e14b0

SHA256
acae5de4e0ba2156655537a2273d87dc8855d2fa2b54b41a99a24ae89f261518

SHA512
6188a53d5db0c3b23519db6038ffe76398e2e980c309248f58d95266229b7c4cca7a69e7c7ad9942e73f391c30b6f692c5ef953c4c7e2977e64841fa994d50a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
57e401f15985b4a3fe2315774458309e

SHA1
c1b3e9c54b6da724f6df633ffc074d2d57de1196

SHA256
7f8ae0aa2222782fedddefa619086b5d662bce243f6575fd9281921134883efe

SHA512
3f36630d0b8cc80c9cfc04c20d79eac82d932ef2133bc8d07ca654832464d0d7bf2b10325c5bd4bcd220023a860c0b9d80e3ce44b46e1456ec89c298cfcb9d15

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
764e268a21a0631bed41b26b916831e6

SHA1
615141d27b06bb9ce62d23947d3897cf3b6d1d34

SHA256
f096ca623d0e50f0f0997090909f081a9f0686d34ffa604dd2a7947b0be45119

SHA512
1e0364a51f90bc620b01c4f96cb23c677f0203cf4ab1128c5d54de97666710f3435005812e894b9010ed397f8569fa86d813572ec183ab57f731a225311c4a40

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
d0e4799464d40fcfee68c929bf11ce03

SHA1
48a22166670d05de2793d66a0aa99e4551e391f4

SHA256
fe6a45df401b8ea7899284b8375079ff6f7bcdc1a0b8c049d194e4930f13a76e

SHA512
5d14078469f9d6c8d8dcdb33383ba82760b08e237d6ea9f4f22c1d1dc67ad5e970611f5196dadc26a13dd27a856eac8d6491e1a903a51f9a44f7ef5c6090d474

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
85b998ef85bdfd005600be23b3ce5067

SHA1
91ad246d02b5c46534d33bcedd3e21f4d0fa8587

SHA256
bfe42c7573a7523dcc58f7cfd40df1db64f4c1449d76cfcdb649e0574c8fcd2c

SHA512
f027e289a9d71da5de3e31a52a88a0b262ab334134bc7a2084f05244fdfac314f404c6c6f0e32b0acc9b837e017e5d1f1c92fd3ea2a230471b12ef6303244756

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
890d849d836c38737fd03234619f431d

SHA1
b7d0a2c90270cf34060b7d3d43569824a0fd18df

SHA256
17dcb65b09567b7a22191955d8d8e50feed19e623d126921c2d2da6cb6960cbe

SHA512
ca929bd55289e8ef82e621225aded9bd8ae9fd851053ea1c3b77bcf4cbfe7f5790ed51c35af374f6395c30c8a77ff2a86f2669c49579727c9389fa0a88ee83c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
3bbbc5f37fc289b9283063d4adee9a9f

SHA1
d77981a767839f85a20598805b7a1f9fd73d1b00

SHA256
4a40667d154e3b94849c3bae03d5e32d1a82f466652fc762a3c0caeb87a03c15

SHA512
aefc2b4e078ad2714acb74001b46d92e3bd3e175796d03b9bc95633e168882088b641cf739bf7fc7fa35b0091bde5265dcdcc4e8906e6cb2ee28309077508d71

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
4fd924e869dc6583bf738595cedf0d53

SHA1
963314c9c7e485cd2086ba4d3590d5297fad56d1

SHA256
d0fa49c5d2efd46bcf643da339d5e6fb6f237d0ec317d44cddde4863e47342cd

SHA512
59c64cb69f3734feaf247d6ffa2c444f2beffa1c3cfd40f9b992279e53abdc106561fdc39b28e37d17f723d8446fec9a5aa11b1d07a1e90213ab6c7058b2499a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
1c705444616a07ddb727af65aaf559fd

SHA1
cee21b1d96c940fa920963d556124ad718126307

SHA256
fdf1ba7cd3074e17ee02105529eda021381a56b452da1d807750313783755091

SHA512
68cf82d564888cbdaa80b0c7d6cbf9a79134ab857500efe84f566272149bb5ce37ebcd181f9ba445311bb49eb8d6be9b21a59564ccb11672e00462e14a41dafd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
495f88090884606a181d50779a8b4ccc

SHA1
79b82d1bb3e9334d2c0257588cc5aad90b0e15c0

SHA256
d32e99d2d351f45b7560f50d17a7de8278d240f07a27d2f8162c63b3f265328b

SHA512
ac7da09a14a33f8276efb32644d3a89d68eaaba95f1547162857f9b27c6156b25a7887bc07aa5f34d43dd91ef43bed3469e0c7ed5a951ad27e4e04c8d745d5af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
3f2efb23653d5ac33ffa6a4adc5e8758

SHA1
d6667a7a10d494d7f190ce100539015febf5c666

SHA256
897f79fa3253e337ef6618d2dd1d5392b3f26f23271ed8e375d98ffe912c2163

SHA512
c1acc42bf89ca11833b4249a13c26b1569147e3e436cc51a8e057551e03cf61e7858910ca4378330c885fb71fb9f2457ded7d25fdbc7255b67fe80a92ef11960

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
e9faff428e9cac3e6b08e808b8942860

SHA1
7b59438c50434fcd5dc62b195cbed9b13ab15a04

SHA256
d4dc581274f9036cbc1c4deb74a0a9c94400be2b482f78893b7956e1a117b0f6

SHA512
ebec87f383653d2c9b238f612af15979237a98613d3b22529c7122de5c3f8b19fa3e6b2e3e87c95999200ed3e7dc4f2df93c1fb9171b2b7859cc30afee3f6ae9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
4bca4739db79383c42eac60416dee575

SHA1
0643739dd5522cdc8f9f6b07fe2dce085c03166f

SHA256
abaf14d48a8ac93a92d15e69b69b91f085fa884a82d01c3bebfcc238bc56ae1c

SHA512
de1b113c6de14ce66a0f8a31f948a702a92f6eec9065ccc9b4656eb2936d77c52c329f02cfea7dbb0965e5b433652b84d017610eeed4a9cd6e7c216276616c3f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
29d63f49ecd6da2f2152a5c1f6b68c3d

SHA1
713efe228e8a8a58a0444f569378cae3560e09ab

SHA256
7ae075444a98089a2b8c2a645885ea6e81369f5381b1d21189d293c2c19206e5

SHA512
589ab32007b04b8f7e4928027b184ca9b9a72f8f290040b5b90a1226d34b484bad82b909195133e6889ef9c2af3bdb225aa7999beb94f01f5d09af1895739909

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
01dfd0d32fea1567ed1383370807ba34

SHA1
c02bf12b0fe09fcfccff62c0e8b93f435e21e069

SHA256
ee7294aa74c9390ecb1b1001bcf578350889fa1dd3f5fb2deafaa82bcbd0693d

SHA512
e2a31dbd3b1a132c6b1113406b7a3a66c5de1cd57ae873a672155a7b2d360ba38ed5b3e6c469048ae050a5d17b942f35504b9edcaa5a8bc1ddd175e7b969ca5f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
80bb5eb6c4c3aa6f6a964d7220d085d2

SHA1
249df22d3f039bb38b26f373ee8a97a00773d138

SHA256
7f5f0b971180c18407fc8665a661883571d5d18b004f21c7b41dcc2494058a42

SHA512
473b2448e7d116c978b303777479900b1dcb5a490fb4641baf571dd6c512516e0cb1ce58d3335112f5ce499a59cf5fe048284b89c31a216b43532831d57be2c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
a952c9d5b5f132c85637cbe9e1d2198a

SHA1
2cb0c64d19b52d22c1d5a0600aa6d06fa4549336

SHA256
02a7b4eaf8e0b9de35b9fe272609273787d8065a27158485f993288415edcc91

SHA512
127a6b7ed58de1856464a4caf36b1d693052c761624dc322b497e92909c9ff73773bb95b97833d5fa05438289b430e0cefcb56f5c95671a784a06f2e9f24f905

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
7b73e34320326ec402b85b4c42cd783a

SHA1
ff12f6b332e7a5c6a92e3327379db7a00acbcf46

SHA256
e9c6d7eddd09e18ddd37480d0ea803eb15dd47232efbd56ec2c046c94c8caaba

SHA512
adceff3d4104eb91bdd5a4901aac0d37848f4598cdc14b7e61efd4edb198f7c01b8b5d38eef4572fdb13cd5a3d6b0a99199ff2a9904755766936d5178ca7e7c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
94781d6f940a31d31d990081c08572a4

SHA1
7d6c22a8b57d743ed8e616ca8dffd116c95ed869

SHA256
bde2000b560bef1afd0ecfaa9d8b97e6e56bd4a95d296d169e0aa1b651f95178

SHA512
27cec0f3a4080abba73dc5b6f26442f397070d3f83f1a043c661fb4fc67377dce98d1cf3ae6c2af0525d1f845347cc7c04bdc6ec4692c8172c94e66ef92ea141

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
107b61e9a84752d59f87bb38e84d0981

SHA1
f12fd73ff85599e538b379a33d0fc0a8cd46b656

SHA256
02a861cf7a595a87569eff277835e84e90f08b92fded96e1f1cfd967750b49d6

SHA512
372dce90c948063e3e7dfc187c6bdd728241785971999574c8e1342c2f8a3734869d4dee9868f319acf383b2be21de4d7680a25f1c0e7b9808473c71cda6f24b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
886c983fe99d40c7a44ba2b5e7558bb5

SHA1
3ad7a4bff3a96351c11c91f6f15ef7d6966bae28

SHA256
864553317a6033e03f8cea330f1e3d4e823871687bd974c2a513c3e9c0a44a99

SHA512
b2c296b84f6ad26b75b83761db87f15c9fceb784f20b8085fd0aa0286feed1c32715c099ecdcb3650546abf65cf01e78ade2394299a9b5006930ae177b3fd63a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
4564c694e5700b6c14942bf06209f504

SHA1
a253c2fe0d0a6e50be60a774cc00d88b8cd7620a

SHA256
e9e8bd64c9218192f32736f0ac7e71b6253dbeaae04d7e92fa339265371de590

SHA512
505c042465d1c840f4fe768708f83cfea770cdfdc5c5949be9c67ba79781b398c873b2c22c02a22cf3b492b78f28628a3837bea472a0b6418e28afc844d26e9f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
93734cbc3d94d159d52920eda938a44e

SHA1
cb5f768c4d2d6d20f07a1480514dd36a0a6f5874

SHA256
a40537c20b7afdbdcfd76514e5eadfc4386c9013cf576a9a5bbefbda62fccc3c

SHA512
60e9511ae4b452d1dbb565bc7e7177bc37345a2b73f0e35e624c2a0b7bc15ef04b83342e6b4f20a4321acef3948810c740c47c58daf6ca1aab62e7ccff2c189b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ef41979b48d6e972d74dce76b5028461

SHA1
60580e7d54498063d3c59a15d2546241d0eb950e

SHA256
4cd260100ec54c2ece382d77579dff16f5958e3708e411a478d64c30f99def3c

SHA512
27eb50a6892c8b501e8b9dd034706443ff298080409ba5040a16acf27c83470afd7c6e5958b00364024c064447aaeda52d06eda0a8f8e07e42988151d8f0a769

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
76b29d094862057c44060dc951eff875

SHA1
e8cfb43c7f0f6be9487decc3a96e5f6c26378d5a

SHA256
4c2eca674ba2f805b80a9083c10a0725b0538b0d20b4b25e95991e0bab4e2934

SHA512
a2cf7e21e21d0d954ffef69d913f49ef7127f5be33b1eaf482eb5b00041550e6f49f81682788a3053be161c90ff1467740df3e2c1e42ba6248091afa1a64c72a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
5b56c04de6082d2c39d0f5aa140ce35c

SHA1
944a4e06e6ab358b97bc6429ae9807cacdaf750a

SHA256
6b4b99cbaea0628210f175c52a9c2a906eb190aa7bbf3f7bccff4e28eaee4628

SHA512
5e15182d2b09132b42bc1cf2406846777e8ae3a4af70ed9fac6635c83818d292a0265465cd2e5ca0bb0c00e38508c64800dbb38908b7bdfaac8f2f48cbdeddf0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4be8de26f111a686ed3689da96daec4e

SHA1
77a4dcc1cce8b0e611446084375bf6f2565f92dc

SHA256
e5e99f6e381d0b519e3a410a216d44b7620a92c93ca840404b8e28c55d7fc8d3

SHA512
3950821fb41986faaacb975d23fcde734ce2aee9e3c00f6b1771139225c3fa956e5ad8773a00794b611e0cfc373a1bdef9a8853d4ca4a90e48889b075ee362eb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
8b65d234e6ae7349e0ad738136bb1cff

SHA1
e0da0a220f1a5b0b6c6e1589c934b629182a394c

SHA256
7b5bf38fd43b1b5a68399bc4056e86e16c3ead2eefaa860c85c6ec6bf6b7f327

SHA512
521c2ce22d10318a407b8091d277d0afe64824c1a4ae0a2bf497faf4234e6f47fb06b2d88777eea18eb0aab0afbb25e983c0f96192c3efdac87c14ab6d3bae92

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
e8c06b0ee92baede1523dd89e9c0a507

SHA1
8861fcacab8bc8bb0f2a9c525c65803011f2c261

SHA256
2b8cb404fc2e6cebed685572794df560e0638015006428ed90ed630123dfdc1d

SHA512
f7ee3ba36e1fab8e6fc749591b9e097377fe83831cce71b0eb19d56c459e8abbe28d219e1bb242ca16027d03aec401811d37c75ca62cf00ed14a24cbb37bab7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
754a8c5da17a726d043bed98588b9a45

SHA1
2324fefa7009b92cb0a42f259f92d09cc526b8f0

SHA256
fd6e3bbd643d9bdd99ce81c55b7ba4213eca4ab2d6b320dfcd0be07ca7f37370

SHA512
e0f74255aca184a67b18e870066129da916b41bcb318d95aacc9a084176c87961b9368b8116583f97b1e8ee474d324176bc1ec00b8dc752ab1bba88c89858e09

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a8976acfefc279a535467b243e2c50c7

SHA1
c86c68c614044b6d5cb2bc6ca0a5f6f3f0a4294c

SHA256
276de7cd5e3b8015945d206ca29e6f9e5f6abbeae47e651eac6f8550d76b00b5

SHA512
9354cf9da00841061eb258ce134cdf9e2a6b88aa1142934ced06c9c7b42872336766dc924198ba23975a96aaaaa96f79f215067682179e3adc7b1918107f2eee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
fbafd9d71c94ac3916e1652176f3025f

SHA1
604240264603378c2efc0c2ab4c4f1fc3b27d79b

SHA256
d6e6ea0d7ada7fe2ce26c6a3ff67a09bad22eec2c990f86672c40542e52dc7d5

SHA512
7392dcfdcba22c146a117410d5879ec0ebab7314919b89e4be4f0cbbd252d28bb63f1d3e46f072c93d5fe81c08f4ac66df53c68cb7c9082e5f7e3d92cb8fa073

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
65a711268782f761c61173e30fdb30b5

SHA1
961ff3d0e951daf79b9e1ce83baaebd089108853

SHA256
820d360ac778be4418becb213b59271357be36787acea93e15bba61b2506086b

SHA512
5b0b84442b62038174af349a406063f6745d7a11ea9a5180c337da0fd57659d6536f0c02a7aff51fce284eeee41d7588a80dc5ab3a4d874fa027ad27fe89afd0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
45ea898fbed67a6a9072d18e1b330970

SHA1
a81f984394b2f7b8b7622e7ef35a255425b19df9

SHA256
2d6701ad2928c02a0254040e0983578f3218a608a73f1c4407cb16dea7345288

SHA512
0983393e9d562957719cb549a250df7bd7320c79cd280f3147c0658a33227d0673d56735d84312fc73a636618f5107b5b10a2f1de0f795b97341522e27e50d4d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
4ef6048b346d52635a793834d3cbc6c6

SHA1
a048155bb239863f2d57282ffb883fea4db5b746

SHA256
13f0f0d599731d46d7b9cbbf4961df67171a12086d5105f09b06f7ecb564d7e5

SHA512
d5eaae76f50c42779aa511b8df49206b72fd25e07157e22e8cf20fd96a27a54f00126cbf54de1a581d393a293fcdd73493afdd090915229aead7cbb51ef2ee1f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
2886334597cb818648b5395c8df28387

SHA1
fa48a04fa7ee2a76dfb772d526d7b5a10628bca1

SHA256
5aa7e28d6d55fdd09e34ee6909f79b9eaeba8213ddc7a8ef3e5e1c83743f552b

SHA512
6822f9133bd337ccaba2ea5faa17e88c73f518365813a19eb450013842755d5e2d19089202210584efbc0a1637cee8f7b012d96a0493b866ff277e0b5fa77c09

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
ca153229895ac0480176cb7801155821

SHA1
2cb30fbbc05478baac110f639ef6d0a728ed8de7

SHA256
0701d861b073e083847e0d41b538a09d0ca47d9a8cdfd326bf08b1d5bf79e722

SHA512
e4bb4e0fb16432b330480e287ea154622a0c0e0a6e6dc4a5a03c68439aae0b60710f426cbe91fd405e26cc7a4349e5f7d73aca646cbcafb3b144943a02d436c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
fb7099794cbcdd7822807773d2d35554

SHA1
d54bcff0fb75037fcd4c89dd587e6d9e214f68b1

SHA256
7894e7d4add6ceeb7120b8ffd116f87f5301c5d2b32be389a3db3162ae046130

SHA512
9f9743570a86dc8a34614bf8d367955fa0bb985450b12440901a558d899914e42b9b0bbeb5144a88683f7cef1a5859c4096974eab04b2a633552ce1250693a0b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
082c0eaec9c6a8b2f909ef8aa235fb16

SHA1
62d85cf4952a51e9f7701f35e176141504736407

SHA256
f802a660b741348d36a302ac6fc88be4e2249c87ad004be1d20f0988c2c423b0

SHA512
f79a957e2ae7ced2e5982aed8256abbe284e623525d21f73311cd408e311f0a98771b071cb13e987355dff8b2fa9d6ff5b11e5e6b6feb290abfdc6b6c771947b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753841454061.txt

Filesize
77KB

MD5
09fc3874c5b44576119bee655455a5dc

SHA1
92084b2d64ad8b0b233e1e097147585495a2b8ba

SHA256
44e36735a0a74f4807a69348e2b789c08e38278c48b3f8dfa1596fe21a21f7e6

SHA512
766ed9b7a5d611f1def84ed986e793fce034b1a2c914cd0754722c87b8188d1cb5fc46b97b189b7fb934233388c1808c3199338325ec0e8b68aeace1a0e280ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670760323212545.txt

Filesize
48KB

MD5
7785d9f1fbd03b9784ea722ad30eb349

SHA1
7e041f4e718024412ed80f99037b16e70523c481

SHA256
eaf8e48990a2d142265bb471f73c5fec40d7b3a386057a33f4326aeaf78faec9

SHA512
b9be71cf4205d1f58d61d5080a70428d7209b7e9247d0852b09472b0a18f53e101dc82ab6ea19110039299c02800da5e0a0e9af89a1d77156f73abc9f15b329a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761649104293.txt

Filesize
63KB

MD5
89e21c2f2abc597b1689b70adf5e1004

SHA1
7b247bca0da14869da01d1a517c5672a29756ec5

SHA256
a09a1021b542e544f6f29224dc5f2a8557c88bc480edf897f27f90253ca84eeb

SHA512
49861a3bedf435906f534039abb9b8357b7d2b29f8827f566fcdb6d57595899ba57a87e77bb5a6c81e261e4df0dc1b6c879304915d336c2e144f01cc96fa8ccd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764222358945.txt

Filesize
74KB

MD5
046f0c1b04699192cd4dc3839bd003c5

SHA1
68e4c41f28d4fdd7e5e121825361981e7f1b5dc8

SHA256
f24afe4bd8a6e0bdc9566b189a6641b74d93baf0056a8a4adff753dff6adde88

SHA512
d1b19d36d0f25dd5f55b9694bb52772b96dfc94e7efb3c0fb98437da6308f11aff4244f060ef08d4109ef142d4b79987a14566bfac32a89a7d385e106945bdb4

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
6facdea1a9a770aae1123514c39e5497

SHA1
1f5ea717ed08b9b2d28ede4a5457121ee8f35475

SHA256
32e19a770d771f76872f9fc96b3b34633fa13066cc47018b8c2b4b220ee813b0

SHA512
8afdf59463e3d23318b74d68294f4bce0f91f45a4ffc54e615a572a0662f20de55ced9f901607e89bbca2c0a5de7b2d3ec967e6855be53941b938d648e099419

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
868c5c65c252d75d03abea5e0f18c788

SHA1
3986e615ef9c872da19432accc5d06d59603ecc9

SHA256
e0081b757cdae2f14fe5563bac88bdd3bdb3489e50a3a196cc0041eaa7ac1e17

SHA512
c4e9001f6790ddab04b811db384e65c871238476d110a0b8dbaf41a44dd33305ec55559ecc4417f5db07ba16eedbd4ea3d65537d065b8c2cf3a132eddfa02274

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3606ea9c73475bab71a00392731b1797

SHA1
b6974ae6183cdc2448ae667c637bcde1c4349eb6

SHA256
f760241dd6808cb41562dee627c35741e42553577ec708e11fd8a70bb17f9285

SHA512
1a04a48e24cf58a91ff79acf406dafb8a8dc71f6026ac4ffb39ef3b682c8981413756709600911fafa9705889847646cd28d29ff942ae43b683292f6c097bc72

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
e925f869a5a98befa63d709f04e91d44

SHA1
9f0e4ad234eb9b046dc4618fe918a9230a83896f

SHA256
851d8e2b118a1170bf22af6e42b8f611c6eecabb846bba33cc1f69c989915501

SHA512
899746507a7c06fd17160066c6899b1dd1533acb0ce8afce62ea33c01e9471c70c6e9b24968290a9fa81d281ed7bc0269fde404a621515cf6399365a69bdcd49

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
1d05be427ae345acccfb1f8715dcbdd4

SHA1
d35eac92981aa9042ea4b11b6ccf294b4ede942f

SHA256
55805fbde22fa3df7ed0ba1f77f1c37b684963bd355acd5d5d29fc4aa2c22cf0

SHA512
708295255cf3de4bbaccdcb7147e0ed2ff1f81b5424e5613819170aa64f49712aea6233815929767938bbc7f05dd965426768093064c1c581f6bdfb1f837c561

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
a73feaa4264602778fa5729073d70809

SHA1
c1530e975386c56aa7baf59002ab1bd7a587f189

SHA256
d06be6b21c8b19189581a71f9c5ce51ce8e2748ff820bd295bca93e581f0596b

SHA512
4723895a20f356605ae51971806e085c190620bc2f3cd70ba642038380d15bfdac6e2861a4ee381305cefd1c7c2a4ef6d3eaa3f11045054169c9d6be449ca30b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
db2e5d4fb8a9363d8e00c1e4ba434f1c

SHA1
e49bcb1e2adc78508e3f71afb891c8c74bb37f5c

SHA256
1a7539e830eefa5de03584a726444e1dd4113fc96abcc91e57799a161c62dbb5

SHA512
184073cdb85f21dba8982ea19dd7c3b0b398ea932c565c7b1c7d8da4e90f2f8c0dbdb65101900755966e7843d96ced022b99aa46f22cd972a6b75bababfd0e90

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
894b4bf36e4c06c5add0121eba5511f6

SHA1
b86457313b7c1f7ab314c4eb2338f1c35741d069

SHA256
b0982b49318d4032afe56c1c95071adc6c447cbb851f6dd365bd4c8a1baca067

SHA512
bfa9a40a96d8310be37697e0d800b1f6f8441ddbff8071dca81bcae897b14c4c9807cd1a63f41d863b9d66502a982c8d337436d27776c13c30ab56c73e76d991

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
29f2df090e146426fb3218710e166a75

SHA1
e2c3839b47dc0f763428e24ab1a115a517d21afe

SHA256
9e6441ec514845b27ab6dea1f9f0b3c8131b6ad25e62af2dfaaad2b52b7b6dac

SHA512
b5c2a97744b861de6e78b28d38505e202eb88e9289c43b9338f478e26896eb4e3a8507eff2fffa0d4b3e9f970e81085a830621705db55d6024b8b3820b8ae49d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
12a6e1c95b8adabb96d06996d355c006

SHA1
741f94aba7369298a9bc0957e163779c6dbf8ac5

SHA256
6472fcd7eb175c93fb6d85da4eab82cafcc62c4416f83f643799bdca0e36ea9a

SHA512
efd95ead29c73cbbc660b6c09bf7c3a3a6dbd3630c615dd4aafbc1166ccddf2a49cfdb85c9b8bdea15847e17763d63c07c1ac283c2ff90665a879fbbf69ca155

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
4e5c35248f0fae7d6acc063ab2c4bf82

SHA1
28962a2a254488485fe14375678cf73308c087cb

SHA256
effd790ea02f3735fcbd7c2b0f8aa8f84ae17a0d700869a0e2b025bef11a59dd

SHA512
c20a949d8e4b726167b27a46f730ded64814afc3bb5286f73d03f99b76c63200fc5f27347b4416e5b6bd99ff583c85ee73e66db6ecc936ad21668649ad75bbdb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
595b42a1fbf886b83e26d6d4e5213252

SHA1
2e11abf56776e788ea49c45e895a13acaf4d6d84

SHA256
4d012597c9712ff5372c650529ccba02dfa3459ceb55cecec20e393f8a5de01a

SHA512
70bb08d28cad63086064fda506bbe609359d33172c6f354487b58f9a5fc2cfbd5c80d49418acb084d66e02949a651f984ce187c9f0ab0cc6cf32bf73796e931f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
202627ff171d3fa3d6dc398fade709ac

SHA1
60b14fdc1eb46f4d9da3bcfcdd3a33dffc0e3b34

SHA256
088b7a18f154d7ba58a3e712f8537e5cadbc5a1df50175a4ea881fc8cf57cf11

SHA512
bf0b7b52bb06d1d17be99ef4a4ff363bb666237cc39d1c89fc8778d2ef2ee8c7011e170b5c43de6174b56b50ded0cad353faca6690b6d6d348291432aed9fc54

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
0ffd3cb6ea3b36f7179119f81e0b2ee3

SHA1
6571023e9815190e99ff6c25a6ccfbffcff01e83

SHA256
3b535fe2f330154483dab7abbada5eb8f015afc772070c8c588e0ab74912aa8c

SHA512
f518284ed0fd48cee7aab0ff727e06fc183cc8d4d13c5a9f68b93c333df2096e5fb0fd93ffac6e7ad0fca335e955cc637fc1e57b7d24556a415d642caf7c00b1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3ab182cbab8372dd4b9c8a4b732e9e97

SHA1
85c7aa86e47f9889fa2bcd10bd2c04102c460f3e

SHA256
bb90a783ce6eb805685bc7d66085eb07873e25e66343e35588be2f0f966ac40d

SHA512
f7c9e189af7bb842b08d51ce596a30cfe8cc6383e30af0eca822bbd78977a5c96c08b3aa5802f06afccd5141aa7a82a30f639ad91cdefe2c9e87f6a2b60f8c27

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
eb1eb4c560b2eeafd9a766c4f9804a93

SHA1
283085dd2c43cf94978eb8c614e912fad1cdf3be

SHA256
f2b53d64fbfce7fa761bd4895c5be1704250f42e3121911a823fe39778275158

SHA512
c34061bfca16724379903bec50be3544595b49664fd783e9b4e4d52fae623e852c95f0c88ef030d297104e97728151304cb69ad21fff6e2fca3ec53052dcb5a7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
5f4073a36fb5dce5553e06f64e6492c1

SHA1
a2909c036ba29b8001d8e9cabe230bd29f463024

SHA256
0255b59940ee03d696d964c316f6b1f27b9270fe3fdd484915611c3642320f7e

SHA512
b978af573981744f97b0fd21488f8a3c6e4bfd355ced83af62dd5dd0ee52b5d7f55bc29aaa2b488a3769e497e7a8b40455c5aac2c30f88cefe145711c1576158

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
f4af5cfd86634151571d121cad11fd6c

SHA1
1a393f2efdc4e06f946a972abc5b4eba6c3503ba

SHA256
4d6160ad6afd4fe0c5869203ec359ed2f2a4ecd5101e46741953a7b05a05490a

SHA512
d3a2040b09cc41248390e7fde3f8b6e8ef183b6e4aeff837f56057b04e4c8b1aba1f2f690a61194a978750b09697de45fc93b1bed0e8c0b7eb4e3f6b150f1448

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
7ad9d47d186bc7b32a5be58bc07b702f

SHA1
2301cc87701e8b3890aca793f6449a710e89100e

SHA256
db978c4d68b3c75f19d14bf4525cbeb5641de44d159a43ec389991b627bebb0c

SHA512
35ec6961d0823f57ba6d8572b4fd4b69e391f3e362118a870b7abfb2548d0b358c0ca84345279707d6e2e3c117c4393c4129fa91acffef725901d1d97c762146

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
71e26d9c8da38301928f390fee2d044a

SHA1
6f652bd39bf4d763aadd94b57b67982f2f5e9883

SHA256
90305302db86712765e121338bc9ae10ec07b9af77322997bba251cf1531a53d

SHA512
dd38504e7152f5d488f0ebfbf2aaf9abdd943e8e6c4aa2fcc32ae77f3d8dd24cebec49abb44bf0e2ba20a434619836749d3e0046ac794e33691d87417b73ce47

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
466293bccc03725ad2bbf283d1d168c3

SHA1
eb8931e6c6d783ad41075106e3a34892690bdf5c

SHA256
949fcb11ca8f52776a3d5edaf43c5250c0b879bc6d2a84dcd9b0dcfc836eb511

SHA512
2c0f536820787eb4d928258dce4a241b141f560c0786f55d6c216ca006301d4815b3f56cf232340b0da346c3f36099bfc4581f2de69d89d40786d2cae5b415d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
a032867ebb73aa76d16223c5c2742c0e

SHA1
332f59cc6a7b3d181f26b39ce07c4502b0e95741

SHA256
4b204bed9895c106680b27606526e84832c9915f794aa358846222afcd31aa58

SHA512
a39e7ff6951ebde4d464168de074b5edd3e825fed64bf598dd48ad26f297a1348bb81276c0f37bd0b13054661bcf3b46ad8d230fe1da616b1d0446f98c79a026

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
a57517d0e64acdcc19503513d12a5316

SHA1
06c067562e95741bef342a95130ae4efcf4f947b

SHA256
922c9417bdbed2330c7544998d9686beb2bac8914c124b1c1a09fb95b255d93a

SHA512
668b78c714221264037aa563401ecab30ee13d528ad2e757c32d870a0c04ac43cfb494539c7f5af8fd0e165420c37d2959f69e11fb94f2bf04a02c5da459fa85

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
fa076b6a087932d468f890b82a93573c

SHA1
7c2db1b7a715c13b2ca9fa90fec5318cc5b19fc1

SHA256
204b220c1756f19ed4c04b083372f02806bec8d65af74c22cef5d18038f7e825

SHA512
28b447fe7921a6949c767c4b7883524173ab3120667d0c029c92fa13dd3bc65669c0c77a3bf9392e785183c0809472595a42b33d545e7c3d549cd1690efca58e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
a288dfde6d3fafd88c77c0611e097bfe

SHA1
4c16eb95585c947b8d90bc9f3b896ab107d61d0e

SHA256
df12cf1361e3c375246c8bcc0e6d29b09b09ae8f734c3be4e7a7f36f46862e95

SHA512
851a12ca4921591544ff394dc23093ab89f6c4ae5c3a3b053f85847f3e9ac0235c83b61f34df6dbd9008f1c8709560de21e04b48debf1836d63b1fc527751ff5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
6ca50c114e5b5f6a0c31e5f177f99aca

SHA1
e34b8ada3808d064317d8dd528001f172a6f080c

SHA256
8d55afa135ff3550f96398647075b0b65e4a5e48f4c028f51f3e0f9fa0a1fb0d

SHA512
ed3ad22f616ef07526176c6857f6760bf7648b6a61cbd0bba1571fba0928bab46e8a8f525c4d84290d7898ef6ce8e351b938f22bc7b7e41e4faa44e2f09495c3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
658e25f4b621dfb64c11354208d42d66

SHA1
d99cec96d072b878111296c97b57a94dcb05e3f0

SHA256
3b1dc2483ba62e7883ad0c667aaf3d18e715edca22e0307243da81d469877ade

SHA512
f43b34de255811122ccef11089665804248cee712c239be2b8e9cc0387d02e55723aea2f6de28cf1388592d4daf0fc7da5d66ce992f2c2d5391c4d46c86b8d1e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
0577d57360089bae8116112c2d94525e

SHA1
9e5c109519081365464e8e11433b7c0fe9c18741

SHA256
e48121e64ff8b52235ad83085bdff0ba7ca5a443848a5d558ad7271e6d9ce350

SHA512
711052a6a6bd61360d67d5406189aba944ce6be411d7688838588c0fc14e8dab140cab1b10a14218fa15ec1ea0c96c6d0524570b405c9d755075cc43caa2d6f0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
fc61808027f94a531dcb75b5bd546061

SHA1
ad69a8b7f05255289beb28be6461b79d3efbc5ba

SHA256
1f805eda00e044bc5553551ca79d016fcae93a562e81fd10e9c3ed5c67c0af58

SHA512
058ab0d9deeaaf551e6399d50631364fc4b4b74f5d2e8994245d0b623b9ce11618c63c399e451901a6d52a26f6a3980482af54f4833fd163788fd2c3d68079f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
9321abee32bdeea67c8ae862278a0a90

SHA1
da8aebb53bdfe3210b542079af238b8b2fdfa91a

SHA256
6ab5179272062b0accf1cfa123b575b3c56aff6ceba2f865ce8fc7b5ed4c81ca

SHA512
545a3277e31fa42d78d0d905998105024c21b573a2c19fc35a21d3d4f3e93a3d3a52b5c8f0a0222afa01734ec81f4b53b5a55700a72fa790e5ddd60e89e22698

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
facf2adca7ac948a78332f0f953bfcc9

SHA1
1e17abd788a9bbaef3ca6e9392173138f20f8cf8

SHA256
f1538fbab1fd35b6cf47046a84b85f24d8f350a112c31b09dd85f34c6a7a8b6a

SHA512
6cfaed09bf87ea6918da08baf36979a258203d2c8040ff06985c91ffb4ea8cf02baa7f360155ba49d219d5a01024365613b1258b071c709cfe766b374e9f30bf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
76925a92547799b6bfaf04910140d7e6

SHA1
3116cf16778edc5a50ae04e6ca9f8dbcdeb5eb87

SHA256
bf22089bf1e8690a1f4eac70f9868adceb0e95174b7a7f87d8a557b8532076fd

SHA512
6939ec8ba788141463a55691ae2ed4c9b96ec9564cec31476922f1c4448c181cbbafe0bb90510db682b1252408e6b67ff283f290b1631c892cfe5d31d866702d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
b2b749b87d7f6755a800284a4aa76bb8

SHA1
103dbc90acfcc1659cd7a74cae25dc69266b63f9

SHA256
502ec63704ea2b9a7aad2b8d5992487614d95e80418a0163ac8bd397b2d0020c

SHA512
2a10c88e4e7355a8f5cde5a779dc16d5595aa02335493ff5184920748e13196ad429cf151bc68a9d552d66822e16782092a579e06572fe79f6540b1a100d0e8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk.EnCiPhErEd

Filesize
1KB

MD5
d88642495314a38c0d4a621b3aabd9cc

SHA1
63dd65fed65f8cfb8cdbb4b8c45a760fbadce901

SHA256
308c58aed2ebda354263ed53e1eafa7d276c4e2852bcd5561098fda90ec82c88

SHA512
1979db9db8a2ede9c58102bbc2132a4fbd39c1705afe8ae18716340f6228759b9cdf510e2d6199280fa423866c47d781f21c7b1c06cbff603c01f409f5674067

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
fa1698babcb41d00b7eba095199dfed6

SHA1
517c067406e28ceae9b79d39c919eecf534bfeda

SHA256
5e19569288cf4cc3c2e807d1c4699f64aa92991ccc2405652a0cffdebdc1b15f

SHA512
c107d49a09e6d4c6d154a48434101d1281d2898c6346a421b53237287286f022b79476d8f39b4c7d3c42abfbfe5d06c0f0d2d9a20a33094240ac34ebbeaf4ec2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
b3745c8ba92af7face976890fae2d17d

SHA1
943b963daa9da6599b7aba76a2cfb886d0173108

SHA256
901793796765c7557dd241f23179740fdbd000c9af69b6ad49a6dadaa67cedc1

SHA512
4ec8ac0fa84601685f22929c6aaabf11993d01808d01beb62670e5f1c83c3bf59df3992927dd0cf86e455c2a106376b9db5a5ed117c3b8f1f1776b5a57ca7492

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
c11da1b17eae4496a47a9a82a33316d3

SHA1
0b46eeb96c66457d556588e2202acb2c1b50170a

SHA256
39a7a468c21754726ed09c7dc91d817db73638aff1838bc98d4b892deb1d44c7

SHA512
9b53176c90391b381c7316c18b3268330cc5c50b4fff5cbf1f35e87ad7c19339b63de5fed5db8f408433bb4b047d6098a2899b5c6073e066eb18e873a086f4dd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
82aa4787163244066c6351a68f0aaff5

SHA1
f98ea6fb4c7a6293a1887c0817ce11bb298fa1c6

SHA256
490e16d843dd23d4f81f5657f5e01468954ab8e391d4611a5fd4ad9deb67265d

SHA512
50c051391b58cf09474632721ce2f493016ad24f57de842aab9a28a34f5e9156c0287f97f5187f830d110f523bc8a190ec50f5f50d4269fc03af48cb2a9b1333

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
2ff9e51663b0cf207a4e5a1ada94e6e3

SHA1
895f3c531f0f17d1755d4851d91994b11509f641

SHA256
2c1fc708fa4c2223bf2261cc7bb5a3170a4be7e11693bd190e69bf9972cc01a7

SHA512
2a68c0f01386bc7b9e163d0a3827acdabfa8ab8880626225d13b7899f9ef17ac482aa13690eb70f4a6ae491bc1ff896324f8fe55738baa2c77dfbc9652cf34f7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk.EnCiPhErEd

Filesize
1KB

MD5
da9d89ac84f65ece8bc18234f42c0310

SHA1
7b2a0ba189b9235dea4a4c1acfd33a7d58879adf

SHA256
387e1474220f5ab6d97c39b518a303b224168039f8cca3a3b2604204ce8860bd

SHA512
85fa8926e18956fb4bec0fb958888fafec7bebd3461cec4a9605800cf2cc5f152811239d8171417dee5a494874ee33c5a28e7a2dd5249e002d288ab587193242

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
785fb0075ae62a872b884d33441727cf

SHA1
f2db8dd50962996e5a2467a3545fc77eabbe05fc

SHA256
29bf04dd34133cafba2215813183ded2ce07ac1ad3441c2041b7f82058eae6a2

SHA512
51365c0e1b5c68857320144f217fdbfd53435f92cebfcefffd2738fa3c91a23058994c4404b31831f05951871108a2dc2089813aad6a89fe3f1afbc5a776eb62

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
a6daf09133213cd81e02097855c72d5a

SHA1
4e449c203aab7ee0cac705d24db9e7b602955e4b

SHA256
21d5fe06b1463bfb3de94ef2a7d7d2ac61585798d3826a5ad3e0b0b909d8f66b

SHA512
d5a9c2255b7b81cf55a96657a8ab51e85be573d4e07590404bfcbbcdecee357f4c34f319014e108933affc349ebadf3c29ef1ff7936377e5302276fd37ac74e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
fe2cb2119dfae8a03bf9a5ab106bab8f

SHA1
eab1c7e74d0595b98aa792773f1ac99cb6898021

SHA256
5c1ce17f451151cb98462a99339207f086ebb08eeea2c7e7f10736c5dc7034b3

SHA512
8c8fd27a26631ce74ff9e2e511e4521f40ef4af1f4a7c7cf9254af5c792f67028b5a43265025e567fdde24e248a266c4f677e6df2e11e15ce7cc4bcd5b4a70c4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
c5b12721803f0579da552018116b6c69

SHA1
1458366e241b35821f27bcfbf216756e4067889c

SHA256
8a6fe5ba10d645f2db72246c6ab55ab10732de5e833eef7f17432d4e51d8649f

SHA512
8a1c4004c019db9df18804e528374fa610b8101ad70eba9547dc5237fcf73923829701a8910308854b096b12f3b762f8fad0f81866715e0dbe56e472bbf05f99

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
710bb43bbf9673c68c8da9fbefdfcb0a

SHA1
b2a0482dcc489469453de27c4eeac5c0ca468597

SHA256
8c7a1b87cc0c6e47f9f8f266aca51775145b85626c5b10ac4f7a3ba7f4a3e837

SHA512
34da9dda4aed04056802bc0185d3378ae379b3318de893d6bcb1e6bbc021acd033ea5678c486bbffcb358f492675e632d1e44f603614bff5910691224b88739f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
a5ef9f51c9d726f190b1355d9392ba63

SHA1
b6632edfe0e719efec171e4cc9e1e16856b580ac

SHA256
f8f7597725730bb490fad32b9df742cfd656e9d1ee9bd0d91ad1034008a4a75c

SHA512
31a6646d25655092a0c652a355e75c725e691081a154382ecf6f45134e8f5136ac66ecc572e7bedb9bc6a55e612758234a2b0a14eee63b846aea023519558e4e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
261bcb61d00d51833102d31398ab039d

SHA1
ec18859ca3f76751bd842532c241af09f17921bb

SHA256
c40c6d25668cbd4ae5f817d7c6934674c3a4b09eaee3dd090da229c5e06dafc4

SHA512
403dbd95d4be6e8be4cdd28c9cd97257c6d05a13995030304c9f0daf97722dee3b60f6bb315727222649f630f0b931548813da6a52256fc273e2fa0b9ee7fec1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
637c8ddad0ebc3d79ceffde2e43de1a9

SHA1
24b34968678d553d0e8d294321719ba784ffd8a6

SHA256
5cbe2f5bb3b358389d3487402d363c18a043a66a3c0f7a71ea6409ae2c8b54c2

SHA512
888494499d0a31bf58215cdbf38fc6429cc38f63a466fcb84cbb83e6280911dfb684f488ef63ac0a0c058da433a124bdb11eb1456d8b6a3f53b8843af817a692

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f5cc82b40aba18b0766ae954b632bfeb

SHA1
db7def51b88e3d7f0c7561519f15aca1f34f3bbe

SHA256
803ce06f576ed2f51c601b9f6ae1ceb821cc102a041dec90b82020bda2d5d9fa

SHA512
5e388daa83a53670f3abc599c5836ee3930466692cab97a1d276f7f89654e408ec8ecf44cbe2b3da368c458c50dd7130f8e506b1e222095054b6415f3d0ee6f7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
aa66e84cb67d0b8edfcae593ad394b9b

SHA1
1b702dda7af957bbb5c53435372ad0b8eccefc86

SHA256
ba2e0d09468f14174d85002a19bf0e14e3a14817fcd92012b3acfe4a708ddac4

SHA512
f353b36a0a4a670ea21546fa32968d0d79ab0ad087d088dda7a2d9fce0affb517c452af8c22036fd03417008f7ed589d2497b7232f3150a2841000217208b2fb

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
3b1f49872bd87492e8c1b4a80d013788

SHA1
ed3fe1cb19fb07ee2f476810c143535828e4d3f6

SHA256
e2521e1e246bfe4abd7e349da9d9768e67b398ee8b9efbb45943a915c54956a4

SHA512
0aeaae952480da0bc9e26e02b1d892bd87dbc78407ab512b66ad7efb115619433cc0724546ee49ffb249d6c81c6f29e70701ae12293954198b078dd7e51994b3

Download Submit
memory/4900-10832-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-10681-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-6366-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-6365-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-11109-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-11114-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4900-11115-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads