xorist | 52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c

Analysis

max time kernel
130s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Size

39KB
MD5

1222ed64e9e26f248791d66485906363
SHA1

c65e557698063038ede9ac2c20fa08deb5a86fa3
SHA256

52770470fe58b193e9a25248cb257e4ffb898ebc281e1b34efdc42fbc0352d1c
SHA512

8a29c1bd848414c84b882c899c81fab6d4e02f36f7a3c17d5c5c189a1d1fa8187fd4a6751584af85ad04c7c7fe161b7aac4b1527c7248cfbb7b0066d8155724d
SSDEEP

384:1ebFNw4Pk1itKkpAjjalrhVl8MqYvjSo1OkDCgSrN1w+MB:10FmBkpKjWQPY7fDCbNin

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1652-5101-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1652-11520-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2208) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe"	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_media.inf_amd64_2dec3adbda5f7bb6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmadc.inf_amd64_7b6fc0e15997ce81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsactivitymonitor.inf_amd64_cccd1b2cb61d2440\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_a76330a2da8329a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbaudio2.inf_amd64_8d164ac6f7088f97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmod.inf_amd64_51d6c57c66e3de87\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_1aae998f86058cec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_53931f0ae21d6d2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdyna.inf_amd64_d89605b6b478d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_snk.inf_amd64_213eeba98cc6f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1652-5101-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1652-11520-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare310x310Logo.scale-200_contrast-white.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutImage.layoutdir-RTL.gif	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-400_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-200.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\index.html	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-80_altform-lightunplated.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Outlook.scale-200.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailLargeTile.scale-400.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Confirmation2x.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\163.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-96_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-200.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-60_altform-unplated.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\tool-search.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-125_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-64.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-400.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Defender\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyDrop32x32.gif	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSmallTile.scale-150.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated_contrast-white.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-140.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-125.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\core_icons_retina.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-white_scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\example_icons.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125_contrast-white.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40_altform-unplated.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-250.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-80.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-200.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\GREEK.TXT	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-20.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-16.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Transactions.resources\v4.0_4.0.0.0_es_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\InputApp\Assets\SquareLogo44x44.scale-400.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f442b8357ec30f3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-v..eocontrol.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a719207b0fc09922\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..riventextservice-yi_31bf3856ad364e35_10.0.19041.1_none_01c32b9392659611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.scale-150_contrast-white.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..layer-vis.resources_31bf3856ad364e35_10.0.19041.1_en-us_c0424fdbe862024b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_usbstor.inf_31bf3856ad364e35_10.0.19041.1288_none_b5925f0a61e2357f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..lprovider.resources_31bf3856ad364e35_10.0.19041.1_de-de_0788419675e336d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Generic.Theme-Light_Scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-runonce_31bf3856ad364e35_10.0.19041.1202_none_94cfabd8a89f0b96\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..questtool.resources_31bf3856ad364e35_10.0.19041.1_en-us_6a05254c1216c07c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.contrast-white_scale-100.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ucmucsiacpiclient.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_9a30e31aacf40228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_netfx4clientcorecomp.resources_31bf3856ad364e35_10.0.15805.0_ja-jp_afb5d1f043634aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-host-network-service_31bf3856ad364e35_10.0.19041.153_none_d8cfe40abf03de9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-srumon_31bf3856ad364e35_10.0.19041.207_none_d2f34b9daf9f252c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..-hologramcompositor_31bf3856ad364e35_10.0.19041.153_none_d49e841db09286b7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_tr-tr_65cac6c981f17921\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_4a0f1c0412754eed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..er.events.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_95e58db0b0215011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_addinprocess32_b77a5c561934e089_4.0.15805.0_none_faee98a3c711fae7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..spp-tools.resources_31bf3856ad364e35_10.0.19041.1_en-us_ded92ebe1e3999e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netwtw02.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_ea35a7d50416f912\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..rds-datacontrol-dll_31bf3856ad364e35_10.0.19041.1_none_84502f0a099119a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-netjoin_31bf3856ad364e35_10.0.19041.1_none_179fd72640855e5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands.Resources\v4.0_10.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationCore.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..emsettingsthreshold_31bf3856ad364e35_10.0.19041.1266_none_943a4986931bd930\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-updatepolicy.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_d7a5d647533b8c78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4d7019d48074bd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_10.0.19041.1_de-de_28ee2f2cf1346efc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..-wsdahost.resources_31bf3856ad364e35_10.0.19041.1_es-es_7481eec7f5aba928\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..ement-wmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2e4de7b00c0301ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-0000045a_31bf3856ad364e35_10.0.19041.1_none_bcd0c2d92a475b75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_9a152e76298cd801\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_c_camera.inf_31bf3856ad364e35_10.0.19041.1_none_fd311c892b114e5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cosa-desktop-client_31bf3856ad364e35_10.0.19041.173_none_baf9330961b41df8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare44x44Logo.targetsize-40_altform-unplated_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_tpm.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_0e03ea3429c2ad9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_el-gr_00935be9c1a7b00f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-profsvcext_31bf3856ad364e35_10.0.19041.1081_none_99079f18291a3688\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..k-msctfui.resources_31bf3856ad364e35_10.0.19041.1_es-es_6f178bce176704dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.dtc.power...non_msil.resources_31bf3856ad364e35_10.0.19041.1_en-us_a9c0cf80166e8336\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..mily-authentication_31bf3856ad364e35_10.0.19041.746_none_95b97070412eea01\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-idctrls_31bf3856ad364e35_10.0.19041.746_none_809411394bf77629\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-wmiprovider_31bf3856ad364e35_10.0.19041.964_none_c9134041dde28ac6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_10.0.19041.1266_none_8970b8bd7aecfac3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mlx4_bus.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_5f4202339c8624e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.19041.1_none_39d7f735c58f975e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..collector.resources_31bf3856ad364e35_10.0.19041.1_es-es_6ab40458c58298fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-nlsbuild.resources_31bf3856ad364e35_10.0.19041.1_es-es_2c4b75252d7f072d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\NewInprivateWindowIcon.scale-100_contrast-white.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon_31bf3856ad364e35_10.0.19041.746_none_be503db565daebfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-msmq-triggers-runtime_31bf3856ad364e35_10.0.19041.746_none_db0003deebbbdd7c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_tr-tr_05585ba695b466be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare150x150Logo.scale-200_contrast-black.png	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ng-common.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_239687ce4565e103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.84_none_88eaa5a4667d05e5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-thumbnailcache_31bf3856ad364e35_10.0.19041.1_none_ff603e32ece56f5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe"	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.Binwu\ = "GNWKXAYEWMCZSYC"	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\ = "CRYPTED!"	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EyB1f6FNc13b72W.exe,0"	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GNWKXAYEWMCZSYC\shell	1222ed64e9e26f248791d66485906363_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\1222ed64e9e26f248791d66485906363_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1222ed64e9e26f248791d66485906363_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4304,i,12198811467968044966,17227406646827438786,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:8
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
6a657f76d7a858720ae9ccb2a7880fe5

SHA1
2f2518289843b8f37a33308c4d9b3c5c64efc359

SHA256
ab2149e47f097d87c4cee8bc6c2bbc771f437c70ae848eb80d9c62d126b65151

SHA512
514ae51a8ef0481d7a74b56af01cba6b19e82d1f466740e203f54434e661515f59913b58cb3a18eb285023276074b23d708eee3627ad7c1cf4f0b89ff4de2d04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
fe94a3c3a14078ef27e5c4f0ae4e332f

SHA1
d66aa44c62fa9dd017005d04209f1fea3b5171b3

SHA256
2277107a677c18af8d4a4e0c63da8cfe2b89c56ad0cd1bd02625ffe6bf1c5972

SHA512
a1af6da33083514df2a6739ae091fc657cd110b1e273dc0aaaf00982b296cf897934b68fbce1e7a6c46ca1ed82f3ead26d2b20fa6defe076045a380ab0caac54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a9b2cddfde7aa412d19849ba4a961d64

SHA1
654932863b8449f8925d6303f07a99e70e1764a8

SHA256
b608de5b5561a09c86f4e6b447ba38c17aed198466f39e9f9db41aff246b10ce

SHA512
04762da726932ca6a4d296a112b4cfc2e4ec72c027f1b9a24cf856d355fbd886aca401be379d1c3593ebe335e2e8f583fc87f88896e1b3071bd2b09d1590a9b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
f97ee7ac5456f4d9a7c4517ace51eea5

SHA1
8157ffc7e641701ff017cbc1c82acf016ca5a022

SHA256
660363c20a2df89681d4109b4eeb80af26f5d0a31030d42b54be7db170029cc7

SHA512
45d44fcb492614f55f74aa9530c8afb17eec56cd5d27a9269f2be3d89f7eb26737331cfc2b931c898e4ad735b1fb653b51151baa11a7b5d916891adf51cbb37d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
7d76cda0a1e0cd0aac54783f27ae30d3

SHA1
ed7c972d72e3b8261a2fd0e83f3764112077cd35

SHA256
bcd271c0a43aad1ae520cff1fa0898be1b4c9edd1f9fc7a8af0913be31834677

SHA512
db5bcdfb629e8017c2a3879f4a870ebac10d642045aeccfcba3f72517b3502f249e25ba10aa51850366908bda1991a8ce93bfee815c32ad77eecc663688b791e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
8c75aae44d814d08eb36c6c12f2dc9dc

SHA1
b47d374af2b1516baf73266b7b5c1c059dc7996e

SHA256
392a63b507c9958e68c5ed159123870ded2ceb3742c7a662ca45b1fdc2100d14

SHA512
cdf33a1d534e6ea82aeabcf81432f652323d28349020c39a48bdd9c7e09fd6a32d6f5b83053b2a2b4cc61eeaf39b31367151a8880219a10aeb86684c28827b61

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
539476204abbdced910d6047c2742ebc

SHA1
c96e563db64e6cb4cfd3b4defb3daad06bee65c4

SHA256
8e44e1ee51326096a72a1bf324c76df2c0b8ecea6e4117c9794f47df68d0abc5

SHA512
6c609703320e23f9bda3df8459e552a8233cc81787b675e6d05b904ae4fe560a2e3a1d081b0d185652fd608c5851babf8b018e0a6ab1490c5f61478cb59650f7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
4c634c6293e8d675a4745f48ced01184

SHA1
9d2e9f97e34add7f7e41a3bbd2a25aeb96fedd74

SHA256
f68dd975645ea208f3a80f7a796c0130605666d94c17ed5a4f6658643773b5a8

SHA512
449a18dc1456f9e1b3ccf3f3aa86c501eaf0338e895606487cbaa91a9d0222de6645f3b4403e01d8c96f5826be2a3714f3fd499d2c1abe03508c71303552f453

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
1b925bd43997a316cfb3b503f328925e

SHA1
32ff0988e04991d05db245e704d91aac734674cf

SHA256
7f76be15ac17cd80f63690dd9c4ba5bec0e0524a47507dfa0378217a282faa00

SHA512
470c7797a993703436cd1d9273d9dccd2af77411692149f5947eceee5d469acd33b575122c98d081b2527ba6000a73630f131c8b581885feca0d83c27be02cc4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
f8effa6db93be715d4d2caeff7b9e6e9

SHA1
ba674f1182ff66562ecb1e35bb8250320545cf6b

SHA256
b23f336c5bf9b7baa46a2d51017c464a45c9eec0d0bd3269368ca85072001e14

SHA512
347e12ca045b81691fbbe5cbb8d86d74907c3db8f745a5360aaefbed7c64409d355657a15d3fe4a3c268f2b11bde60a5f85b284b90018f4ecb899195a0d3c359

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
a435b7dd38104281afa03fa750cd01ad

SHA1
6394190fcc451db1baba266ad2182693427549de

SHA256
776302b9f15c0f79c94c99a8312ebc190e47b1a672a12f81c1e65a1a21ee12bd

SHA512
3c87df44d519d02ecc93b1969d6b3f817d3409af7cd8205884e5ae37f83ccdf515e41ae06548e5ae951331f21d2c3ce20fc89a5008727c049bad0927c5fd9d70

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
e700f2fb8d36ac90e0e364a05cd8e78f

SHA1
c11691c4f2d5a57f1d5cde868ecae9ce931baadf

SHA256
908ca4cb5fe9cdda999308763f57f20ee135697b336324cbfb91c1c253372225

SHA512
94893d7c2e2a3efba80d8f445560efeee721dd3d31301fea3019b65d8d9330b2857e0cd3b987cf5362194f2aede44f68ca0cb3802426a48ffe700bafd7bd62ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2eb6cb811a948a629d45ef34707b19b6

SHA1
fa06234259920fe1bbe742f4545af7023011ca5c

SHA256
1c47b0e8f2e99ba3bcacd2533261906824855e724afac2c9962e6e6ac9291d2f

SHA512
7af04634f81dc54b2f75ab7e706d65100286351f44bc298c639fa9cea07840aaac81023adf0dac0e6c4701e1542adda9ad031ed944a951f848d8da632653c6b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
03a4972da91e69cc89390b296fd1164d

SHA1
6276fbddae709cb9fa3be4c8a5a444a01b35a497

SHA256
605c92b400e95f296325871cf80be88ee2b8d1bbe2396e8485f8a61f01170eb6

SHA512
483ccffb957c024c2e87216b1b84a40c2ca8e2c446539528ba08a2f4520e7c79446c0d9061a8d9ae15b4d91ea77dedd5ad00ca4bac5fd948da2eedff56ed8a66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
ca872688ab5ed8df84f4a39afa6ecd7a

SHA1
61d375286269fcfb286d90c17689e5074085294e

SHA256
b65afc4d615ae4c500bc51e9b0920800233996d1b8e4e696cbff6f927b746048

SHA512
ea3aa35862c2a097a8f246d0bb34006efd925f1d72ff1ac31a182bcb9f24f2ba4db649503cb222adae21a0e7df96bd7639c0e0655d6272d290ee070221e11acf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
f04a48a71b7fe09ec1a23b69557932ac

SHA1
2e490433a04e32b59fe043dad673db4ad36ac4cf

SHA256
2e1c0598cd092cbdeeadb2330efd56c8e0053d94887bdd0600f8a7d25286744d

SHA512
aaa51b3d0bcef1150c62cf0abf0ec90d9159e59d2ac7c4e1447b9b7e926aba41b254eb022d733c1b253e3ec8d83fbca06a5ca473b606763b5f8a44f04cf54367

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
738292bb14d59040a39c8121f8d0bf89

SHA1
6dfaf05ee71cb3c7595bdd64015ce26a2eade4c9

SHA256
58aa67e81cd48066561306f6538ebb3aeed8b4280186f9ae2d5c2b92729bc8f0

SHA512
1327b64f261d00c9710639d0718dda944a5fe045741750bd0716db46c8e5240d938523d09e12f50006030a98db5390e7613250354129471ba08e54a037ab4f12

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
836f3e788d9ed953148acd1f11224016

SHA1
ed72cca3be36eb5521251975c418ce86961f71f7

SHA256
b3e790a2bad4ad9299f148eb036027282242d31a1d90849961e3b60abf41695c

SHA512
071d70c9dfd0beb9bd67f5b16e8503fe709ace2884313f9947c3f55e8c8fbc7350cbf5ce36883cb0dcc83c523fbf66b60b8c47110e942bc66fb8fc5160819556

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
493a877cf9d5e753ddbe8ccba63d5e59

SHA1
95fd0d109005a55a75ff282cc10b4eb30165f764

SHA256
a7d85b602650f5cead5adfda64c0e6877f2435ebbf03a17b1045ef002c6c1878

SHA512
4b844c0f80fb208daafcbf639fa322404c70106991ebf48a338e7e89c2a81e39217ce062cc63f9e5e771c22975b496995c0b392c0ae3ccd8372fa2f692453c33

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
cd5ee4fa36d499a838f7de1fe3115d7a

SHA1
3d4c81fd997c4f16d343ee30ac1a2d12e61e3dd9

SHA256
a4db11b2b7114bd3b6e0122c0bad51b1a654976711d4704d3d17fc6ec46956d9

SHA512
1dc777f214c1f0dca74785198a88af19e008b0de2004e06abacccef32ca5354cdf7a1a0226a227130b2c0db68efd766edd1ed9ce4864c6edec9d82c8b2a874a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
e9c108918ae49a0eb65439b5ac483ed9

SHA1
71a308c859c662d7d47cd70dd4a5a36f85e6c090

SHA256
bc5bc6685952a2681568c434cc985fcc3f95c7b6fbf24ef864eda70eb15e4e39

SHA512
b65a5e879b1e24cf276bb0b3880490fd18319bb75443ab4c592c946259b298044210806f52ce6a4d3f01e4ddea537c26b18ca5a7a1aeed58f39dbb3663bde17d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1bfa3b878ce7b627eac74591d7892dd8

SHA1
f0a9bfcdecffbd64dc4ca2977b2fdc28cb9340c6

SHA256
dac8b7736e547fdd0e4a456d27b6c921aee16287a6443a3fab56daa5a69fb9bb

SHA512
2c44c2857ef245ceadce70c6a821bf50ad6eff0a67d96aecc50e153937c2dcb3ede794432664c5caba678de383bdeac945138e2a4e394f4867ece84f797aa48c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
e4ea25414faf0b6186146ab3a203c7d5

SHA1
436af5a8f10315ac46b78de3466f84dd6fa079d3

SHA256
66435a7c5333e93cf2b5e7023b0d893f9ef61289e48d7d197cc2359f1d3e27a4

SHA512
d927194b3de8804ba7ab2eefbd26d661173b54e6934f99c04220457a87e568fcbc751079de77f1af6ce6fb7d14c058eba4aec377aa7977c3b02a32e831fdf87e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
2a07632e426d381331b9beb5242cbcbc

SHA1
12cb8b73c2cf3b8484d134f5435f4d324c1c8fa6

SHA256
fd890fb2fcb21ecc614b0eed0dedcbdb376c1986a2c3b731bd07805a2ac145bb

SHA512
4fae0fdd3a87ba3070b5a2e46addb3c4257b4caf6afc0c656ba97e221c2da99b7aef877379fc88126ab26280906681e0160e6ff21da81135eb047525bd59c898

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
9a0e67e04ebf7c7ee0e6fbea934d513b

SHA1
f96900c4675814ba13d97ada1f100a3b3754249c

SHA256
7e6eaa279767f210bd6e68e13214c85359154a814b9c6b212a62dd8839a6bc16

SHA512
c450366676c6ad3d73c674d657d8c2d33a1b13211e45386d02584ca9116612052b91272b46eb7666e618fdb456671f589a48e29df28d9b25b3664d8c03cf3553

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e6f244a980e08041d0a4ced864223a21

SHA1
0dbed9e37887744e34306eb1c46659659651d821

SHA256
5126010c430b44fab2a6e3b5fc35a3963cb45bc691d8e056d146c91fba71e9b5

SHA512
5089a3c0d5fb111400c8d68ae22bd30578f2a9f9b5630f7d73338673f0dd6cf70c848350b389514684bc1442f2e6e75bc62bd422954ae847e0d79fec29db058e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
6492b3163010e4a06f7f2f82f5b780b4

SHA1
2e6314260127b40b067b7fbbf9ab0821efc04377

SHA256
5be15d0120648a732f9141f9aa780fb8897c14e5f67a604cf9a231cf837b78be

SHA512
3529f1199ad8b03ddcb5479738445524bf4f6fdb35ff0050319f58f0f68363e62cb872cfd043ff9923113e1526b4a48f51bd0f475928b27af2b598f0d54cbbd1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
845fd6d3441a30892a6987421ed462ea

SHA1
720216b475f4f685f8cc850754b064cc9a02a423

SHA256
4cabf0970c104e853e8aeb68099bedad32dacdef350ea0b969876e98fc4e7a0d

SHA512
8e9069125d3f8776d1f1c55d497b87fe2bde34c294cf06c0d1b3d605e5968a0381a27c6afb61d3f9a71f06dabff5e35a93efcdd78b6cdd2847226db894619346

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
7546efb1cd576cb8db077b507e1ceae4

SHA1
23670a46c0372e40b88aac84e8356eef6a1c4855

SHA256
063502e47837abb5f2d188cdd6d5efab406948622c3b056a173824421e88a5de

SHA512
6a37c7ee403a37c67182dc112f7561a30d2dba1ff3b4c46025cc8ca15d55b7feb261b1289bf1e639d563e5a847528b9c483ece5b3172a6a49898004b27ff6b37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
c9058f9c017b5e4d8c933ae175aaec4b

SHA1
216a07df39253ec112e64ea3ffdf92de0799da33

SHA256
c2497f77c0487a53c22f830fe17a76fb5bd7131593977019ad6ff36907565560

SHA512
edb548c5466acc17ad01f74620fe7c0fa1f412e8b89f025f3f6f70cad7e85a7772df500416eae9b01ffdd528744fdaf5f0b40636b2695984c6fbe1b6509e9e15

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
1bfc6f3bcc5a2ae8ff04c68e5ad43cce

SHA1
0b66879e101aec5d2b573cb98ffbdb5cd2343c33

SHA256
dcb960077b32aadd693c005b9eb828a23ea1aa459309f7eac3437d8859448c5a

SHA512
203d6fcf41709055232fd400936cd02139d698c46cf16748292bccd0f9fd302811ee8bec321153a17a1e0f13a9e1f21b982637b1cfd570239cabed2b3fecbe2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
35ce1de6aa57d9d94f0ed39aa027465c

SHA1
b27034a6e0eef992793fb2ca7900b29e48a7ae16

SHA256
de00b9824c03f4c66480308c82a981d8cfd33a7c80746f099424cfb79e8ccbe4

SHA512
e79f6c2c0eb8e3966b036b25346da5a6118e7577e67169c4d6fb1a8084c029e644e7f351ab99015c90783fc96f9f6c31295d5a557212760345dbbd5a20be6846

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
f8c377215ff4d743609a1999a0d10ebe

SHA1
cd8e6ffb06b6659c64896f6e497e8e63c2f5527c

SHA256
42e28965335a643aeba4da38ef9614a9e9da53bc69c6032627ec9b8315796a90

SHA512
583c8207a0bda686cdfbfc071930d75247e7645d9b78ba241930aa1da4ae7c00f9d8fd0f620deea9ada77afcd6bf0870f9393975349779fa2381963282704090

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
a44c45266c213e6b1ac46f527da704db

SHA1
3f3bc1d445ab55c7395575d6e1a0c7b190b87705

SHA256
2ede9889e0331c2baa1fafd9711055a674b7dce483072a4cfb1b518c98a791b8

SHA512
179a0a39f5d960c83d7be77dd7bb949ce1395b34984a503cd77728a1f357c5e29b9e60210539c6128f5cf4504c8aa669e5d325e6ed7e119bf40d2a797ecedc50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
86485c4c587155d6448843b11b93c81e

SHA1
720e7f137a2aa6fd0591a040328ed81a2eb46203

SHA256
c2d0e227b3732680bbb18b97ff14f87ec930ce3e5fc1b05e9450f809e52c41c0

SHA512
0ffa5f8a384ff74c25b5d3175c9965d65c6a5bacb549e238be2e8e3682c012b51fa45b99d9b0ca7b8a7c8e3efad2f640259b3c8b0072dd276886f64f2b0319d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
5086a1e4fa009df7e00e98b54db49450

SHA1
09bb65f1077f397493bd0e919ad42f0f913857ab

SHA256
467f04139a05a8493d1f2fdb9b896293f35bd04728944be668cccc6643b4193b

SHA512
500205c3e57191c2adc71eb5e0dcbbdfa7aa4732f4d9c8428a1913a0026e64adeff21b19d9a96db6706e91219d8f1aac76559adedde114a7e36261e4620e0bfd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
b10b3c1bff9fde1bfd1183c5a41d874d

SHA1
6e27427fe1696cf87bde01159530463c3526bbc9

SHA256
3cd479758d290bf86863bd5c1855ae9df1769d2f9e5f39a7e077ec2749066e9d

SHA512
596c2b6aed869d0f379ebc4c23a713c5f3960072bd372a75e4bd4cd9e148a0a70eb764d3b8dcc280a5b907a0811aaa27f9a870362d09ef51b52610f86bbdf548

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
435c6647b6c51ddc0c2ad42b74f19ea2

SHA1
8f0db05cb6259c72b91c8466843af73f4af07754

SHA256
ac5c7cfdec7983952f67baa31b14e8b69a9bff7f9b088698ad47bea464fc422c

SHA512
2099b18868649345ee24ba01d2da8f817d515c9eb9012ab9199cc31f27d1ff1259e4dccfe9c67d62bb9717c4027c62e5fb04d864f1da9c3ee8ecb859cd6617ff

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
286B

MD5
3f8c536ce623f82f49206d0e9a39f839

SHA1
52a97eb8ce4deb96d648b0080dd2b5c305cb5af1

SHA256
adf8343e686d7f8829c758facb4f14c703bd5e009eae121247a85d018bb71055

SHA512
785069185a0fd33e3c168cef58f54982976f621db4d3f66a7e91f778a94782349725900a1910d8d1607d0ec06b774536215604b005fd4a3658e3843c338b2721

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
176d5f85b9c69d42520d8761025ca156

SHA1
cf033f551398bbbb420ecc7b0fc72f13bca38f84

SHA256
fb0eff8033f2bc96573a1afbf9c2d0bfbd1106eadf67b6862397942d566d0399

SHA512
14cc7acf7f5cef9b226a9c8c9489a176e12feaaab0df736e3370e6e248c644000e79f9618d11f32ad97e06c7680d67400c7bfa0071904f10d7483d3d88da36c4

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
5b189a5ded3db35f882f0b231070c32a

SHA1
3b9449350a217132dac5150a0192b539a6b5376f

SHA256
b59f0731af9d14d8c849ac0e3a033ecdf90d13f944ca2af26568205e0b08e128

SHA512
f7ceb42c7e685ff404f72f93894b5020f6866b5a477c1c61bb77d39a9af6ac0a215981fc6bfb8ec00d64ef832a5bc9a6afff273287e91f304f77f76930385083

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
9e9de69e016ac97388db57a2cbcc0a39

SHA1
ca2bd9543ae9c2ba4d988527fd867cab90e1e07c

SHA256
35f5fb962a340c00e7b1d1ea26d49a7eb8209859ac451d6a9a0aca1ca57a9c0a

SHA512
c3fc6434ac3c097c3bba43e0636c565a729739a1cef196031df5477ad089e84451af827068aee03a49c1e4bd6df6cab03412f0c33af77c8e499926d6173cc8b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
808e1a74f4c633a2950d4fc4dce79a88

SHA1
72ec5ef1c51c109b8f02137dfe9d73a250baf60e

SHA256
16d25c7349fd10bd84c1decfc85279b49617938f917da6844ab5d206ca7ad8ac

SHA512
874157c288b199cac8ac57bfcc0781fb7aec8d0e6ef94702ab1690b9de1a2d5a107aeaea3e5cdfa77d58c3fd0321b90125d9ee42accfce7a3100c0df72da81f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
478ce87a495ad1e3157cc34af8c64275

SHA1
2952dcc18db067f996bfe25c47a0fc94334a55b5

SHA256
135334295d5ac06762b2b9d472642882847b3f995ad822e990ff5d558fdf1060

SHA512
d761971ca36b107bde2a8d613037ffc7dad18306863976c5135aa485fb9c6ffcbd64fa93c5864e5fb53bd09049c9b6317ebaf3fbea6047ba35375868115fa5ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2d97a466c748d8158795c4bc78e7aa6c

SHA1
5cb7400c2324bf90b954ae1c9bd85a22c5ec27cf

SHA256
1113bf14bb7c649efdde372fbc766d27e16520df3eeedd65a0b31b1e27b63e85

SHA512
d63f7c4a6a4297ca8067bde46bb3ff7b3d421ca9f75bd344648e7becb85c22519e70724ce2d2b08bf00624bd65a22af7b2a8714e86a1429077c4f572438193f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
aa943c708fa3a16f08196d2f78a584d4

SHA1
1165de0e7e74249edbde6553a6bd59be2cb61fd6

SHA256
1c441f9b52b1e4401d8133b2643f63ff83e4a0a9abb18d40a332d7697c10b776

SHA512
87f71b0f50055aa9552c0d73f10b5e95d7c4b06e51a86810d85504becc86c427f30e98b18cd3ea4d55a274b0d9bcae05738e3d81dc4bcf94d9556a607346c4f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
064fc6f23897bdb648aaeeaa7c776607

SHA1
d36dae329e3bae68e4ab793d9b8a2b79fd29b42b

SHA256
679f7397f0eba07f19063a7a55ae222c0be0c76f070d95158d5033f9bad6b8b7

SHA512
95296b709030ac26070a7207a366eeaf29a36ee5cd1f9ce710477cd9fda9a0b582e13828996f1d2ee1018cb6610da419849c1f556e20b339cad4791660fdb9e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
06deb7acda5905eabc69547af5f41517

SHA1
c5a711430cd3a335668e9050074fc3607e401270

SHA256
c95b6af58fe96fc2bd2cd0321f5a80941697f9c9e65378809ba34a11d3b62721

SHA512
2e4cf16947a1f8a2864f5933c391317a66016c839638b5fed13ee549d436466297951ddc5091baf128eae9154ebceba7a8cb70d646e4df2d4176b0bf8f98b17f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
8b294a33e05650f2a0ad050f38a23f03

SHA1
43bcb28109e9c18cad7d56766a9b696ea385b3a2

SHA256
ad979e724e6b4760333a79611531071ff7bb7979396db27e7f93bacbc4beed0e

SHA512
2154a430bfaa0970b11f34059207b8543bd754dfdec52c607638d9725481d4f48422162d7b54691504be62a7a1178a19acbcb9c522ad33ee2964ff7c960b0dff

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
8f25c41d544c2fcb27193463b230de69

SHA1
cd3732b4704c01ae74f284699b5e5f2dfc069eff

SHA256
6e37c017b253ba73952d0d1fd69c0186dd953aac5198e8a83e7b3ca6cec7388c

SHA512
f45a61936d72c74bfebfed35044211c3ccd65b9f4ab95b6ad39b7e34ac5c61bcf5b06e7b24e674c4edffd1a3fe358fa3ee009672a051f557e07f4c20d2f35a7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
bdfb30822b5232df43df303e97a45c0a

SHA1
6581262e705fd74e53e4f5fc9e021d4066b2f529

SHA256
d2f45ecf41d244acb22b14dca309f020049051e46731ac1afdbcbb790e49cb1d

SHA512
2436e100fce13f6a9ce58e025e5b51818600ee15c48230e4e2c5a79eabd6ed41b547570ad04711014d80eef2fa6e9eb2e159d5417774f37a19d18b5af73cb7fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
608d84452f009299123ca7fd93e3812f

SHA1
9df2ebb852d22bbf0e14649116db9db045ea5ca9

SHA256
0dea901eeb271d31a168107835ea68de1800224abb23feab355e2d066ff2d862

SHA512
b90e6659f7bc581f38d1c59c3cc672d06912ec73f88ae8cfdbe6fde7abc84fe28194797aa449cecdad0d555752cabc05c84b5015c0f9bb317ab985446263c18c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
c7120cbd340a6cf4d164bad40a517f5b

SHA1
f756947ec3bed68dd44d53c94651644536fa09ab

SHA256
105ffb2c1a10efad658cd214d7673bef513de089683624d177bb99120e3abdac

SHA512
386b18be426914cb887317af6f17312c15229a63fefcd779c590a3e258581d8902a16cc7d7887569f3a011195514683149e1aa39ee5e844c08b96d9d373c6620

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
b1f67a1b655f366c5d452d57dea26a9c

SHA1
1ce1c3a31d2d158c955bf785ea6da1568ff780ab

SHA256
bc46ec3c4e58b0e5f656deba46f41ab8544c4950388460cb0d3781f5a3a4cf99

SHA512
025968b933256bf8bcdad427abf7c3f6ba5debb291da31a65fbfe4d7987d390fdcc05c07559686d44fc809b635b36bee2d42de81742ed2aac55f635d7aeefe46

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
6511b8895e32ddfef355c05125add358

SHA1
c39c65d6ecf09c4933ecc9c2bed5f054ba0abf4a

SHA256
52fdb7e2511192b56c5521d5858048190213c827903a742b31df5f569a0d89a9

SHA512
82c157a06c9a8ae2486bda8d92d605924daca65b6a95a2d7af99027e8c9dbdab323aa4ea28d9d4593fe6105161eb6d0d64e55831426a1e056f23ff7ae29cdc4d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
f8f8d246261b347df134dfaf54224432

SHA1
a25342ff1dbcdc071fb15eaf867cd7e3d6a9ffcf

SHA256
5f3ae62071feaaf43f6cdabf3fd0d8784674fe03039a27b9537790a01fd59a09

SHA512
b3517d0dd6fa025a4c0112953d94d36887febc90bee5dc8a819d4c2e467a8c5a8a5a07083bb4b31e97ed32638fb613e7ce944ef3c0ac4953fcffc8d3aab68d7c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
9a4361367c2023f0a3bdca0eef6030c3

SHA1
8b671eaabf81be17408fc8ca8ecbd2f8516b6254

SHA256
6f28ea37c15a09d56aebe5c5c0982496df9dc76c611ef5fd8d40ae219be1677e

SHA512
0f2871a5ea20ae111a24ed7ddbcc536e43c16c11302ecd4e96255efc19552fc8d4ca544a8dbcfb247b6f46b03ad4119f310568f4bbc62e77cb694296215b7f7c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.Binwu

Filesize
1KB

MD5
4caabe068d12775a336067281d836548

SHA1
a82b8ac23f66d0a3b5c8031e244c99dacb3a9dbd

SHA256
2b10067319cb4d058f7ba71b16f97402d4d67f9c2c2cf04292f2db179f4b2f9b

SHA512
de3ab01cb46e8aa9a428fc32a99cfb17b89a73e43f4d87a5d00134f2f3886db9c9c9325fad2f1db5c4df58a997bb8c0bf8b1b50c8006541727208356907ff340

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
4d40405f83127a048762f25965bc8fd0

SHA1
ed859fde5708e2e403c359d9ad444a5faf29ff18

SHA256
46c738f31ca5c4a6b4d07fe9c2fd129457032cc51410cc88b1aff9421d6ab50c

SHA512
1a63b8d0e0868296497eda4938821226ea1e56057196e14a06ed01f61dcd7e94c99d6ca1f97e53f38e1e3811d3aa90cc5e08a665c51c1b49c9a13ebcdfa77063

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
64953e36c3947c3ddf790beb0381ede8

SHA1
5343cecba352dc8ae3b750071f1287081bea68ca

SHA256
1a5fdf48cf78180689525677bdc02190a9c6e882492f0e31819ebceb1a5eb4e0

SHA512
01f09e61d688fbbc430df97341804906646631bddcd7bce96033e8c81f5ba764387e7e59da89d43b29ab97ee623416310c9fa6572cbd36a0e5cd4c32b7fd5d5d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
323c7569b1d01e2bff41eedf07a99def

SHA1
7461c82d74abe7896927430e3dd137bc9ea77646

SHA256
99a6d8d3efbb7a7e2e031464e877c057c608bbf5e1f9e1b5605f5d3b6f7459ad

SHA512
446fa3c9935a4031932abebe594ed4150e88df3685b63de39a44b227b3023464f6bc5f3b3346cc38fc0f1501b0d45d68575e29c5d0cdd29fe619d06da23ec986

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
1b4dad2161a0c7cdd71700413630a529

SHA1
d6a6724887ae4388ee032e263695750a5c1e73f2

SHA256
61202e5567c3b21c6baba85bb2482a6b6462fee653f8dc0eac43a809e44727e3

SHA512
8339f5b9a026c7932ee21951ec1af35c2a16663851fa67216e9a9ec0254aca86f9310e613cbd8d5031fab33967f5850f2106cfdef0d6798f695c73f2c525e68c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
e3f2d458caac9e7a614aad110aa528b0

SHA1
7642a48ecef53c5fc3784aff1c7232ed9b5c954e

SHA256
08d66837e4817d5925895cc597d1b9fd323d4712ba878e791a59c5f8158f03f6

SHA512
96b85f9afebcbc21da34dd457ccd9ca49b0c7738ac595b36e250a41820ef6718b6bb20498a6ff0b6a75b50b14e3636a2a6636a2c0e9ea6a239f24491e538394c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
9df16d2f162bbfa6a99390cf18071437

SHA1
97ec29e09a2e3bb8769392a83366212a0e14261a

SHA256
30f00c22025a36695627728ea3f6f1ac67cfca42bf960dda8455b25fbf7c17a8

SHA512
6a658fbe4aac9e1978db958abda0fb89a4b9ea94790b72a39e12a2d8ad5d34170ed617feef4b1f3ac02abf167601af860936fbe5d199b79505ea7a6cecdca9ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
9a98fa4cd0bb5fdee5661193ff587a35

SHA1
4e1ed403b5c877118586fc12f7f0379f75ceb3ee

SHA256
8284d477a94d4e30ddca079e6170c1398ce78be1af8ebd2d9807596efd94374e

SHA512
5e4e1c934da319f6558696c409a6748863ffd855ab979117b4d97a49ad3d7d36d08f9cf9785f5325022bfca57da1a3195ccc8784302bf9265e86f6988e727ed2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
fcf985e308e8be946941aba41a64aab2

SHA1
cd333091959cf738922143d08a8327f3ade2b5ce

SHA256
a76361dce94291119937565c1c21658200836dc3f02c4bfa4c857a4833e0292b

SHA512
d40f3528ca8cd0c47175c09a062a8336eeb428559dd1cbce377b28a2137a911dbf0f695b5d9fe370d8332ec2adff3acaff872d3a69f6c39d661acd73d6b77a34

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
38577bd4917069ad9ef09633d6aaa00b

SHA1
20d3932726e2ee43f30a6c659be0dc17d5ee4f4d

SHA256
1acd909c960403d8f86cc9e6cacc89e10de865c416eb1ca95d21cbda342138d5

SHA512
bf928c858f9f025fceaaaf90b37c873a2283c419cc14f895f8465e1f0e6c5bc4059af221544dbfc402286733bdf0f5be9439c5becd283e8e8732115c75313ee7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
dba522a6d7d916fc6c714afe304bde4e

SHA1
a3a00379beadc68bb440ab805f299d2280b6bb5c

SHA256
321c8fbfdd6bc456e32002daf0e796b20007fd4834bb6d7fd713edb451dc073d

SHA512
ab4cd4971efe792b802792532d39613158cdbfa7cf58b00d57591902ed4dcbb58471ce67c33ca1d874d861e509fae14bcfccd0dfd93d9108088927b75562a34d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8a8e9d6a223041d04b5d6ac0271b398f

SHA1
20588cb05694c01e1a3fb0ee18cff76f674c36c6

SHA256
1d2dd7ad618efca15eec4fad935c3661126493bdbbd4302ec87d408bbbddcc96

SHA512
4657feb3c5ccdd64f6ff73dc0503842c50b03cec1c0f03f6a026239497b5160072bd987983dc8dbe08985ad17f6084df9f6b92419ea33f94a9391aeb6f9a67e4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
aee26211f62cf07de9d7f82b00a58b7c

SHA1
6531dd0f62ce0f3584480271bb86a6ae4ecc2103

SHA256
869aad0c2f428df95bb9fb189b210fb00c68d3590d33bc43be611a954e755cc0

SHA512
cb8cfed7eafdb205c391a1e1c3daf3225f6c57e5510a5e6fa3678f9e93e7dca5cb9cdc54adab621eaaab24c6bcaec19e9ca94755dd98cb6106c49ae8a67cf9a5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c9bb3d6298295b6771b76ec382102639

SHA1
12a9533ccea9c2d3a6f2eeb8ba3b03c66fa63042

SHA256
8b724e632daa50c0aaf4b4e648ec63eed059a19f2cfd1bf7ee28c05474840d8f

SHA512
d9ec0d39333f0039ca922689c08dc4b29ea5251655e4722de2f02aa5e150c5262791a263a141510bc9fb6832e060f7884c144abf0fe053d3d0edeb0979f50b6b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
400c0dac81de3cdb630ede595a5cc50a

SHA1
b2bebbe28b96a4d9342c56fe11cfc406328e932c

SHA256
4e9d208ae755c190e9be0a96280420af648c864c21eb996e94e42d158f1bf3a3

SHA512
ddd02bd0a98bea58487faa4e5e6caf38fe43312039e45466bf3a251bfd0d88e00a79e53ab71d38198c94f7c80e5a48a63f8b3eda00de27847c3533f27960c886

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
5ca9e8cebc36777fa5bbfbc6464e32f5

SHA1
8f46ffaa13bbaa9dd91d9914ecddf035c1dcb915

SHA256
57de46ea48746ea1ce779aa250a8ea5d4b24b6f4bc9012bb9248231f481ce593

SHA512
59429a049c4cd9fff6aa6cfb4ee4c628fa9f1a8edf4ef4ed29df7465002579ee864412d0bf294e9696e38f712b064f0655d294017742632ef53bc223ae250535

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
4169a97de1c8c82fe3caeb6faab92d4a

SHA1
17dbcbc5bd64370177fc4ff4b424823da845fedf

SHA256
f4b888cdd194516c5bc081892acc9d914d4a099685585574279fb06589cbdf44

SHA512
615e17cb9308cf068b5c5ce50b6be331472199037817e50f393df8e8779613792cd9769145f352d11b0aecb769806697aedb658612241c0b8cafc65ad1234089

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
e09a2ba9b4f0adfd8c52f08de89d08db

SHA1
38f0c0b2ed7b3481f50a91b0acbe8defbef8e338

SHA256
cb2559c864bdc4c5ccd79a4177bb8069db7c93c27e2a55d5877632c98daa8f40

SHA512
299f90650bb2814fc265eb72f81a589ceb4488348b6b606569b824b28b69b8c807351a6f0e239cd123863017a5f0c48767ff1c92c61aadc00448be1650ef878c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
da578e5f8b7460488e776e1d89e8e429

SHA1
873b17b8045c5def5661b4e74ee951dd709f7abb

SHA256
77a02ac12bad93811ea4c66e5ac0e12337d85c51b7adb4effe9b933cb830d982

SHA512
865cc44dabd65d64cf81c60fcdcfde0c3d1fb6047e53f70be51a15891fcffb007d15ac81964ca0dd125354166cf1acfab1c06d2fbdac370dd725a433329bae0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
e3b98814b2ff40efe038c0027d823430

SHA1
cb56cb223a673af5bbed6ae681009ac3e378577f

SHA256
e04aea7a4d2417252e2cd87179f3c0831e793dc7aa08396e7a18f9236998ec38

SHA512
e62c0cbd1f91cb53e0966444b5c0a9165c2835cdd813f56bfbd352f5a7c1334169c7f6d7abdc2bfc113e5fee7294b874e708f53398ac34a446de1f927b94cf2d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.Binwu

Filesize
1KB

MD5
9244fb0284e04f9ecb64c22b33154010

SHA1
b8f653af7d47153bad933e6a58ba06e206c0ed38

SHA256
ced75541bd8110b4923268b9318bfc01481a36a218a59e161f23efee6d94742d

SHA512
b94c8970357741015ab8181b43cc63b3a55c8c44f2487643a5a883a3ef57fc314f3d9733f45d70a986f6ef9d9c0b04e18cd56ec2bf2d54481081edf84b97af02

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
01672639b797b3058fe27a13eef5fb17

SHA1
8a8111f0be872d3b7df5a7e3ac2758ba778ad98b

SHA256
38e0064148308b57600762cd4c30fbd084241868b7506af9853b4722b5345602

SHA512
b9935f592c1d5da2ff0a6f8368490c15cba56e5847d59e9cfaf33d4c88a28bafe36b5e6b8429a4bd703e4a443fc9210b73a9b6d431d0c65be3d4fd8609d75733

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
de281c50b50488476653e4705c716e29

SHA1
131115c1ce0a1cccb326560e7c304539856ef757

SHA256
00788e64f26c7d4d417271f160d5698ff77f820f819d7cd9648612131fc51adb

SHA512
47519321cdcbe59915a017e226f155626d3282990588f9350087194027ec59b87a51407d8847eee99b5b7a293f4c79343356082f9dc7857889d80f30441100d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
2f4b1d3e18ed236e0967c33e2b16d144

SHA1
dd66cfeb29b9bcc0880ece25f012d9ef67b4cc16

SHA256
badf7bc3ba61634048f866e93d41f056cfe7965f35c37fbef03592507754bbf2

SHA512
16e11d164a2f86683ebafcf1269350b78e74fa9bad0ac15205b269f808dcbac89dc02c0aed6358cdd0d6f7c1b6fe584bca27cd929d1cb23d24022b7bb98245dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
0083bc69dc56c69f9d134307c05d0cab

SHA1
83e26bbf800c2faf8bfcab77b5b31645acabfefb

SHA256
1f3767af6b810345bf33ab8b8872c392a57ac2c10ec7d8b38769f9f79c3e4851

SHA512
05349c1d65829382c0d32f151c189d8bb3557f1428ecb54d4cb408438d832c965ff0c4118470af0f1c5fa911e75b0a3a11507d094bcc3f7b92374006835e66e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
4c5fdbcd40d7c7c29f3d1890a6c80f70

SHA1
6c85166c633b5c599a64c12333dcca7bef3a6cd5

SHA256
ceb023d88aa41f703627fefe7c831ba4949f822d4ce14f5f37e581757e58bd36

SHA512
ea7d4d87d1bc3e7024370dec050947e0b24c536000ab8c0ac8a1872d17d897f5a2ef66cb719cc6b4b8c333b7959b720080282482094fdfb89fca54fc47614ecc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754239318725.txt

Filesize
77KB

MD5
b6edeb42518fe7104899611bc28a098b

SHA1
20967d3e81453221fa16ce0c0b113ad99436342f

SHA256
b02d0770ee651078b9c380f49e4fa7ead448d69eef0d110ae21cd67c0e7effa6

SHA512
216da3ce93ef267a4df66ec8bfdccbba446895814c0400fbb122fb3ef3637f45e98e04912a9c36a3fea5de22784dbfa960472eef2d270e85d19f657f459fcd53

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754839716209.txt

Filesize
48KB

MD5
63d4a9623404b357e999bb13fde0dda4

SHA1
83ebe200ab278d8ead0710a3fdf999f8a0009b0a

SHA256
069ba6c30ad7a54cdffc53b1ff120e2e3c7552fd4c5d3c73bf25ed0420f201fc

SHA512
f7ca5a349f39ecbb0451914c74876a11cd69d84180987c79638e217d1e8aaecc1c7769f7fd717c4bd8e17497645e7edf65a546f1ea26cae7e4d621023a73e199

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670762722977757.txt

Filesize
64KB

MD5
7021eb045f1cac6c93234352896c4eca

SHA1
e89712f5786f28e286aab010693ea14df72a9f55

SHA256
4dee44e4e5bf03ce53dc19358e8e0a154118c6b1541878fc9c71be0fdab3dff4

SHA512
a251d02484ef897ed68399ebad110e2508059f3ab8b35166183f03d2a21a80f77288071fb784ab2c09cf6cc7875512cabf2f4434d86747be2a039990dcb3f60d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670765474574461.txt

Filesize
75KB

MD5
ecefb26c24d1eba9ccc5bc0ae41fb57b

SHA1
2fa0957156c16235166ab6660ac9fc320f987fd1

SHA256
c58864bf926099346cc86fa2fd9f7cbe4a9829b364e67c2d46604c7bc2672a1c

SHA512
9064fc5203284b8b4a2277a8c16d90645ba6ea5775a9f01465dc34485e20a823da8d0f7d06c46b581b7347b2e4981a75451951331283109f04414d04f9408079

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4852_769401416\CRX_INSTALL\128.png

Filesize
4KB

MD5
c6c29272b2d3d921556d46ae6124d0db

SHA1
d6de4ed70de0cbb93b2a4ff504ea5dc4a6f1837a

SHA256
0951aecb65a20b59ec5aa48a67ce736da398b04f272d732d6625f761f770697e

SHA512
269f5c63993edb50ca4d2f46dcd0af78ee25e88d4c4ba59fff2a327b9fa1af4d2bd5408095129e1172aaf8344ffe125f3c8548dfdae234ae32d7f5829c3fde92

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4852_769401416\CRX_INSTALL\offscreendocument.html

Filesize
97B

MD5
fb0533877b17deb21ff2b7a385ee3d99

SHA1
235f609bb00b818540af8d3b72706fb0c86f3860

SHA256
65e6f0880d105c08008983088f500e80bd447b559acd631e27ba9c914b20cdfc

SHA512
9067f13c9d8d43692606ac4c47d6bd92e9514fbc4bc700dbd24ac770ac1761157698fd80ef13df0aa2bc2866db46f671672628f1e857e4e4c92005ad8f9b01dd

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
174bfcbfec8fc9cc285d83ff65613474

SHA1
8ee50c4e4fa7e7cddf1b1e4c6e4b9b1d5f3b30b3

SHA256
7859c2c272cfc599f9f395b474272237bba7158953636184d83df6372e411809

SHA512
bfd5bf9d1feaf60916265daebb3e38cfc202932e751deb3bb7a2f3723f3c2f22151056423864a9f21f6fb76afc68fe70483438dd6373d1e7613e64cdb3f35121

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
f31bd3bec4e83b3cea140fd944cfb0f0

SHA1
6a337bac75573f09c773705dee6c4b3da9faed35

SHA256
b39855fab149e81bc269105fe1fcfb9e2b76d5ebe2b0f3796e03d192731e566c

SHA512
908dc6ed114f275c0e2631d04e160f484c6f28e03af49eaed49f1a3bba5307682e13de9f2c4ab6ba5f877453386be4c414c8880b58ca3b73d387ea47b1d6f364

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
190c50569c1675d75c001af746f23c8e

SHA1
1eaa9ed8590b2158e8cfc7596ca9b14a9db7aa8a

SHA256
8d9ca111202ed4dc262e0640d3476e73f5bfffa2c34c05861e26df655bb4b41a

SHA512
2bb0d5d4ca36f3fd536966592abf938f50cf6d9f30976cfa308e84116f7e8249163313a547a242967fb1dd7b699f6f69d7d863aa063b82fc2a60fbe6f2128032

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
6e181d76605f123bb90b49289ef7e0b0

SHA1
1d68d247957e318014232623f93e324d309f0771

SHA256
930b18746bc3e3a575e0b067e57476163ea1a7efa5e72a2defd7fbb451f6655a

SHA512
502dcb8f8b21f5d7ca8f40670ee041d66a92f5912462ab3171000548e54ebf6bfa8099e783c66b6392fbb44cf52f5b788836679c6098035ca46b0743694c6be2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
946fb25bc60fdff325bf1365a2425dea

SHA1
a5745be44154b558fe793b5204f85e87a003721b

SHA256
635704a65a56082d38d6c2d309f8516287d4173c4dc1f4ebd11ecc4955b3320e

SHA512
4b6e1f6a18541d1600c2239a8f492e0d033e378f7ccacfabf15bb951dc5e3e9440c24ec96d248e4ce0c6f8484e9b04fea74b08dfda222e16070cd0a06e3c1f71

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
76897bfba85f9f42f729503e8af324e2

SHA1
a3eb3069360cfc4cb48038f0b722765f95b525c0

SHA256
5d75631cb12a1acda1d8cd9dfff2006871fc02a3d92f6bb352db214ec9017102

SHA512
b02cdfd8b7db90e6ad2ff1773830785c70e7a1a1f0aac919d005bc1c40fefcba6811705ffd72cb4db6996ea2383406209af95b153c899872d3060a57d967b284

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
73751cbde54c32154589c2bf1ba05c4b

SHA1
3c98085c593f393757775658117ac4287158b1a4

SHA256
52e51059e85f4e0f7d43f013a3d2b0b6f2f73588553eb0c74e430688801bea44

SHA512
aaa8edd8b9a214392ff4cf6e33e39d45c248718c72a0290c0aeaca89049a3f7b8a39af8f041fe949659fc70a759997d446d1f0fcc066264c797dbac447d14150

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
69e340e1c8cb50056eeade264b8444f2

SHA1
f87ee8c362aaa06c226dde199d4ea46fd4d378d4

SHA256
dcac981d84d0cbfc32fda974d40968e59ef932825756daf43f5d25a93bac3592

SHA512
5548412d3dc5fd5f6b27912c0483a2fa9a5b4092c8a020085005270ae3a2943edde1a5958359f614c0e8dda1beaa88dfa8a9ec062767f8af5126aa27c86844a2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
0efe1112be7a869d755f3af0ee606cfa

SHA1
32eedaf97b0626140f1c0d1c284bff08473e582a

SHA256
1b29c2274b608d1468a453375202b426cfa53367b8fea357ddfaf0263cf82027

SHA512
ef93bec42a428b98bdb656a87448237031f82b953dc39d28310bddbd1edbefb34c5ea35b171321d56ea8b4d37c4c622500c2feafe64ba2d64538c6202fcf0d0e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1370ad9dd9b11f7b87d44c621e02c6e9

SHA1
d798a3951529bb39a8fd0b2a17c92848507ff609

SHA256
8e973061e855174d463f393cd8abf3137e89c1cf83524b4ec61a5beb477a48f8

SHA512
d0c696e180e48972367078405dea6d2411222375297ea96f99dc8a800c2cdbca77f0a84b55ded78c968dc4321b34bc778a74311df73b35f2d48f89aee90648f1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
27df5b551e5456e09f1cae41327fedcd

SHA1
5f88625a6583ecf6a03f0371f88187f62a4b9ac2

SHA256
f60d073397d8057a614df597497f723fd8a5637b5bb7d29dc7c6fb9cdf3ebba1

SHA512
d2ac12a35eb0a70a929b8c9e2954851465c608a7d82125bb2d819e19974785b91b741a1832f9501b3190379ac7a6435e745ab3a2a1708e9bd34d38d2144d1740

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5d21590742c2476bc05c94f0c89e16c3

SHA1
5b1f119802a546903d114a1cac68f4190f97e449

SHA256
75e63014b3bd8a91f89d150524fbcff4fcdcb069e0478f4c43f63da1a65339df

SHA512
76746ba34b45ac1e4e21d35a81b39c11bfc4f8a319ac3fc648d90ace1ced01327a63295edffef9eeecc6f50379a9441bd7391e9bed15247dd2aacd94c9ac4ec6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
7d766639b6336e9477f8eec2e715456c

SHA1
3445f66f3c441202ad8185998cd730ba8f77d7c1

SHA256
1a1ff0896e087103070bc78e48187f6a7c2ed7da2a96edfeb4a81721d97b07da

SHA512
b3caae50aa1da0dbefd8367361d81f5d5f213ca4ec90d4306eec525e73931ca912e7dddfc462960056c800a277fa84fceefc74ccaf0597d8ca3f5a4ef7c57031

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
34282eaa1eb773c6b2e47a2f1f277d0f

SHA1
2a87e94ed4ead66ec702b99cc0bd4daba3dd233d

SHA256
258bc91fe92b5650f91ca2413f31dcb66d6e7aa4006bb12365ee1f30e059dc62

SHA512
f0ecfcfcd27c45746b6ab951729badade1893ba8fd14730deafc1a098a5f94a63b1579bec8d00bda8525460446662c999c0e6dd1923c897ce3b35f10235b8e1b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e2e990b0c00aa032c6f4d5f6ec2061e5

SHA1
18114fe00f679c34589c37d46693fe70f539a959

SHA256
459a466836211c994b695fd20b825c5e4865c39df937785b46a2d1919f8edb68

SHA512
f255e299dac1cacdfc0a5e7e4c15308958d5d5af4dc578c1a6788eb2ec1359d0fae69d0b98b5ca2f1a4409b929a47a8c7c55df6e7cd96b2b1429b1921179a25f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
12e59171483f9656b9fa4661c266e321

SHA1
d2097ed73a624c2944887795ff50ff7689c0dc9b

SHA256
81c23a4a0c4b4dd89211d18454e3885785a6066b74a386e60fcbfe3bbf178d24

SHA512
3e1e986938964b76e285b1ae7626750eb908fa3244d1b412a4df7e604424fbcc12a2d6e2821b7b2c7d07869c5e6b9c2f772aeae4ddb2b4a10843ce17f3210d86

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
a25edfab6f2b8f3ab63379451c79f24e

SHA1
9076ceee65808392dc2d12452289f510d145c04a

SHA256
1342aac2074796e50bd82e4d4e0b090e2f69077d421dac0355d7e3ae421574aa

SHA512
c41db6febbb52eb4ed5ade0cbb35e97eef1dd7052866b3dd5582e154e2c1450766ae764d00d2e5f3e6cafc8b34b170ae430aeeeddf52ae9fc58c6b9932afe28a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
2667b616ec8c047253b9327532ae2fc1

SHA1
45ca399a4bb6328e1fd9345629a04ababa17c19c

SHA256
25858cdb6f77ba693dc2a7231cbd093394c1a117f602f02120b99c1efa5f4d53

SHA512
2d70c77c00f459af80f6b6b7bfdfa2c11abf235d422522c24c7eced7e1bba83c31be18db8a76ee4e47332960ed5cfa62a987aa56394d8efc56c428cf8e0c1a0c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
ae1b3d40dd08bb22fee268eeaa135446

SHA1
293923534c02e0fcd0f9d0851d7b52f8ba512634

SHA256
101009f3fd28de75d9cf8f3ac59ce91f2b6a5ee2189cbabfdb84a7ed443b4db1

SHA512
38dc7510ff7dd5a295a945b2e2af1a56adde5f5760dab89ceecc3dd23ec7f6a51c0cd4cb52d796561c743db6e7d7bc095dd583d9885c01383b8f7f82207125af

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
79f2f6a70c060739e95bf36e570ae03a

SHA1
6011025072eaabfb4f0f7d371f37292ba8ba8c5f

SHA256
59429c8721e1ac5b78222ab4eddd4964fa7a91e55ec3b228ed21ea1d91b5a74f

SHA512
e93c8eb1e5e777e33ad869075f6223b5736f2596a14849ce768119c6fec8295399e7feb5f98fe05d7ca169086a14203148f1ee59f4275db28b15003b0ea28a23

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
265494c0a9df5ca61ad1e63ab8f4b3b0

SHA1
efd7d68852859152f10bab885a2364370c90f787

SHA256
f124d984f07017c6f76fe0e2d1b2f9ed0dc85a779a27ac10e9b245b6849a76d1

SHA512
51f8c6b27a05d07d4aecaff4a6c3f2fdaef3bf57964d6d45a0d575bf72ff9a933ad70cc721e6fa1c37377ab826aed1d0b64569af77f0233fb1ec3c6504a5502c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
893562c6dcfb2561f1040a8702a5b838

SHA1
c8d0d4c2eb147619e672b7bc55fa9a4f62b3d84a

SHA256
469ee031bfd14e3da5ebb27f05233795d9bd4adc3274a2a440875dc85d449cbb

SHA512
1552c469676ce75a800fc71513abc9a3d7c4b6f82f60e834c0e8ce29acab34abfa39cbca327b4fdbb0e296e00ad471f29fa0972d058f4dd4252eebdd8983cbf4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
6d482bcbb70fbf368c1e849670d7821e

SHA1
36014a042d0165ef07f8b9beb68fede26c5ae112

SHA256
2405714f67bb65afa9241d863ef9d861eaf1cc2ab041612775df4df991a994d1

SHA512
551db328f40994b8e3060d23c4e134238c8ff716b6229fbfea2fe063b79a168b5551cb094eb8544739e8b5e99850e95f53a1e8abbb607d6d1db08c5de1b114d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
2986fb9e6caa23a85336efe8fd4118a3

SHA1
703393f7907635db9603f917e36bd06a5e416ebd

SHA256
b37bf92d69c52511c8b89dbe3bccd9f4751d8cf07c2204ada26254b52c19f6ff

SHA512
b8a0cf43c4e2db4857585d88318cb6592c549887e2bccf80bff797f86a944b77f1674afa2450c476d91ac052325a88ab78d7cd1682482d8c96e97c7e3cb16374

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
8d6c5b45556062990fb2f32aab7e50be

SHA1
c647a72386973076b11041fc4819f9c06894cf6a

SHA256
30109d0445cacf57430883ab5c4d019f92c5f0b44631fa8c3778f7fa1edc1b94

SHA512
ac2740fbdebfc52a550c37f520885644fa8b79cef1ab3f17cccd020c48993b6744f65ba08d5a19edf9122714a9f08bc7d32292263c28acd44b3b1e1bfcf13074

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
a8691ec19f3f22fa561ccae350761c06

SHA1
f772f67e834029374a8ac907d033a6bed9a90690

SHA256
45d9faedc0df757d036fa148b17094be1947ceeb01dcfdbbfdf912c63cf553f8

SHA512
23f0b3d25e14c479f5eb89a9f2b7fda47a1a056656c23419e0e05d62fce876e12226d963944e0a942293758ef9e4309b6ca840f186bbf4fbd3882cc2a3007bb5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
4f97ab7cf8fc5b0e3901038b781c64c9

SHA1
f76aff1567bb9c0f1e934e989bd7d441b0b75506

SHA256
4a35d529e07927ca83b8db049d8fe797124ab8a59a7b6abe0262158a60e9dc8e

SHA512
99daf7d0cdfe1acf7d823754f791e88a9cab6bb6b0b894d0364f874ece8723b7fc36c64e7f7a0642fd95817189a06203ae7ddf9ce6885a3992f305ee46e2169b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a6bb0fc76b1c374809389133fa40ec32

SHA1
cc0fff00c6d8673154fb6ee8efc796a99ff45d6c

SHA256
3773083cc1b53f7ac39186e58153db4e6d962b6e77cfae5772efd834b9a42122

SHA512
8dfc3fb316542461e3888dd722b19a2f3c691e0a5a12712121d1d0d013462aa8a3b94e2f1259185d4351a2c8f9c2c298b346bd35e5209c680c41fb2954aabb7a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
ce835ab30c36e4fb4bc2784384f74850

SHA1
68fa0b5481215965970c67efdc0ddf2d96690b98

SHA256
1878673a83204351812315c48ae4ed439ae4b4d5d991374d318fbbdd8c5b2b0f

SHA512
0b918ee06c67fe5701ed2cc1181092ca4e215c9e0432467931391189db01673be307d35c9c6a70f3e4408e03fa2bf7ee48bf0bed3c4a798ee578fd9780f89be1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
8080e4ae992c4f8226740200472266cc

SHA1
02a927485630380ca5186b513681dc8a397d1aa8

SHA256
ae76b8ac29e51b92d81925a94deda0be60a8b15133d1853c1874b661d8f67f7a

SHA512
9d9ee0c7530f47e05509a0d2d0e6ff6092b4796146182eef8f4f2be1d2585443f1128331e8633c0cb7e2ce3169d26f001d88ef4b4814c583380f72d94d8c15a4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
f21643d517bdea3990263b8128b02ea7

SHA1
3b3440a33b260d312daff53d9d4fe4f307eb44f7

SHA256
f8ebd999ccf94ef6e40551bd807358e1c7ef447aa3fc5671b34828ead15c3c50

SHA512
0745ba44a1bc17fe8210e811421a6e99047566534fc3a7c8ed8ade25345ef967e97ec3ef4868debe901bb01591dd0b6e6ee1709b00383b9ba732a64aeb7d743f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
1f6b32ef089d667579de7b15f148dc65

SHA1
e554daebb2f5a688b777d0e7ad17d602765a9b36

SHA256
0a281054572f86904239a6c693c25ae5159d5b68d1cb0b1c2279b27ee877c85d

SHA512
3127c67ed2127d215677f10bbd1cf863ebf807b96f8c91993e0e5322dc87558cbbd5de69bd55b89e2c6c797012ced15a325929584fceb1f408b2d9c81f3cba8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
156feb1541e2964860c6638116b4c2a9

SHA1
3f758d17c96683ca002e2c9efb0b32daf72755fd

SHA256
49b01d09a621899a4c5a3654c12097ada2c9fdb68492ee9caa5a10fce64dfa84

SHA512
495121e8e7cd4d4a944da85245d9a91fce18f5a2ab45992f7481c9203792a47e8cdd48231507f0e8f31df1adbc1f76c57627cf220da4527ddce5f2b4c4c56f1b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
d112f2cbcb86b28f528b3313f4901c9a

SHA1
bb6030e99e1498fe26f2030e3116f9cad1798256

SHA256
d24dd3100ce138768e763a6e1c19af5f940b82e587ec3ca1118bf05f541cf698

SHA512
f72833e284ad690425208370304f87ff95532c74ab8851489a14b4661712f0c5e3c0bb3e271e6e3e4b86d59acce83e6693c5d6e20c9e5000715d2435bb4f9f0d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
f61e76ce9a0b26c50be0a8804af05b9c

SHA1
17ff51bc5e701d7df4004333c789a06593ffcd53

SHA256
75ccef490f91c3b4559179d61d5d558aab047b3854fdb25a481d66f7848d1807

SHA512
cc39226a47ce19ac27e0363ad0f8b0def5dcdfdc1f17a2b1f5cc0b0356946d2c9cf5549318785d8d253b44dd2926d8295630491f3bb8f9f203ff7e616f3aa092

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
441fe2d97d1f5dcb44a6c3a9463555cf

SHA1
cc19d958340cdc5dc2e6354decbd99a6640be71d

SHA256
0c30684f4ba8801d293a9528a106774929e73b0a75d876cfe812582be49b927f

SHA512
1409f585bdf5f60f6c152638f8636de37be3ffb82b90753bcff8ec9ba17342e18c627114282203bd1a93ee238be7b07825619f2f9ad952e9d0530f708306536b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
64310f0de5f957ec79a2e96b5ac46710

SHA1
1dc7c358163cf15305afef5fcab4d0fe640f5881

SHA256
1299c6ddd27793573c74a326e905663cd18236d9c09706b89605d5b8cb920ca7

SHA512
d83b79904f19f98ab247d7f0db43aaa83ea80bc1940a11bfb27e995dbaa73125b74ca00ef9b5f9b859cf5d272fdf84a6222527e94a364ef2b6ddb293d2d9e8c1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
3aebaa61ad7ab89890a6b3a0a41ccb6c

SHA1
f40c8f2d3b24ac96e60a2d190ac80a63f0f1b101

SHA256
e6331ea5794c6d03d2b5c37856c21473b0301e906071158e13aa66aad454af6f

SHA512
c0bae180c74d279cf7759a8cf0e96106a4a8f8c7ebd1027fbe7724daa25c47d5e7294b6e5182ae177adaeb88203c18801e19d1b92bcc1807a3d6eead13e415fa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
f278125701c4755cf766baaf6bd36e3a

SHA1
d82e4bdf1fb4a55a00912700a156915e0166e12c

SHA256
7efb3460da65ef8793cbfe1d29f5502d31df976d7d5d5bd299bdcfc54afe049e

SHA512
565c239ed85dbc19c474f5c743142e9e9900043c7f73bb6253d858cb3713d3597bc160162dc1f3d782f7407f344d15d228e7b1548f5ca9f5880ee5f74ddb3b19

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
5bfd6d1804eb4cd2d25c07023e4a88a9

SHA1
fd2900bc30fbf1d14365d827e08cb4f14801f01d

SHA256
1c67506aa2e53324ba51e433438ef5282fb34bae966d3cb3d6ccf54d60f37513

SHA512
d6cde9df01c36545064afe22873b0f49a77bd69b2a17b95d41fd1c51d2e60f75005a3b2fd8d46af916de1394f74620cce3f7850607b4cc1cbd023953c5597a9a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
71c8a42222e20e88488747abc2bd9827

SHA1
4b94937c1075153764997723728fe621b0e440c4

SHA256
6faefe062cb104c7976f4de936fc3407580746ca22fe890c635b3bfc834ef4c9

SHA512
cae3f3d93c7972b36773854dee18310c5c3eb68f11bf8ce4bbdc5f226b18a5f2521ed34f9968b7367e27eb8987251990c3329dd99ef3e745378d9d1ac4694155

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
a9358b5dbe5c97e3b2d4f2c51ee8b415

SHA1
ea22eb4ad930cdc6baf7e2a8ac972efe72357389

SHA256
ff07308639574aec7e5704d91224ef178efea3703937ee9e16e7591fb5cff746

SHA512
acefeba8592111a506c64c6f6baf7533a1483a22cb25576067bf1f9a7564fa971a833e34a1bb6785b1f4a00ef009e707cb42ffa77c0376cb943bf6adcf3a2583

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
9ffa46a6d619e15b010e84f62acd4d44

SHA1
be93ca12ace7ece7e657681f5a866e90c4d00f73

SHA256
129790f4b0bcff4450a8be9ce83c3cf1f68204d6894dccaad4815aa6eb54a1dc

SHA512
ec0d17a451a0553b24c36ccdff24fefeb7927b674a79bbeafad36c1be13c6f39f1eeacffe07b413861a63761d2e0ded54a7ad4a7404e4c26fb4ee08f862796d3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8f756934dabcf069067390b39f20cf24

SHA1
54c23228ea981fb8767fb9dc165d6ced66448a6a

SHA256
2f7bbf2a88a521654c78087a0c833614015a362ed632f1a81dafdd736815a90a

SHA512
2db9ec1825fa675a2b1e22178af9d94181031392f6139dc1f9d991017970b2c60ea757fdb667fcdebb690a0b4c6cd1a3fe7520c80a79e3649872b40e04e9ad08

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b394c8649fb72d4e1db1c78f4b01adf9

SHA1
2e35f932bf0d5f0e21d7739a4e6e2aaf3e6c445e

SHA256
0f95dfa7d194822de2a80c511646a809509c9cc2ecb3dc2d3a9d20e0d558c725

SHA512
bae75dd959ae8eb1fe99d33ca7eb5c2279045e155340cea8d31c01d3edf9a1a78ecf054cd642f8ba2badf2b96ea08f7b737a2d1bcbb1fdb6efb5d7b7cfa0cc49

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
9d23f8838c8f1fedd97c7b0d9dd10188

SHA1
c0f07f37232e8950b53e61ad80887b81a433a539

SHA256
6c0668e179ab39c2f38bc46e58d0a34018fa73c45a9846a2c0f0c82fc3447109

SHA512
455231b3a3bacfa731259db3f42a15c451233c965c2701b8027e7c7be677691b258504e995602e07c97d3abcc6b94e45b8240118f79da0dd766600b2b8d43247

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
da5ffb624c2d1e0c20f2aaa7edc26807

SHA1
c61f83a94383eae6a49f8a71e4a2b57c2869ad50

SHA256
6192f2c6fc6e1dedb64052aa14388147875918bc760755d9301a0c667380c745

SHA512
8d532511925dfaadf39c084b1295f6d45e5f875fddfc6425bc793e2b61bf4853ae7ea79f2c280d5599e224d2397825defcb69b845cc562fb9fd08c8605c1387d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
bcd3ce176cf317b27a57db831badd6a3

SHA1
f1812421d0de73d94eaa5d3f740dbc18f96f4944

SHA256
9b2deb5dfe1973223a7c045732af83db466a9958f6c655368f5013cd12cda240

SHA512
6a389a82f2cbb75a500f7cd7f9e090e469f2fbfde6ecba3c9b800de548d1223f6a164e8834a59c49c5595d8818822d1eee7af6311510bf0d67bba5af3d0ffb6b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
0b9d149e094e2db05c8690cbc8b37287

SHA1
9926e409d09dfb3522bf3311e4a080b286a242fd

SHA256
68978f35ebc07ae65991babb31faebc068b12977f82f35dba10e03d469d5e1c2

SHA512
d02b46f29cfef8b35531b71608914c082a79895576ad63314264b7957ad023302f53bf53fe5619c3fee88c4ee0d39e4af3bfeb3d96615c59a03e5a1f668830a5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
7e9613e5195770a596237cf9851065fc

SHA1
57ebcbb12019077c88f7f0888f75f0ca05bef2b8

SHA256
a1b28de053bfbc5f3e474e79bb59f585d12785c8c88f8414c26ae699eaaf5215

SHA512
2702bc1727a7b3a4c27d51cce037dc3d9e23f7df1c7bdd1e0736a3f0768975e712ad93927a1e3163f87f01a80fe93120d345ab1e7cfad0f8555e99f03098aabf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
b4ec03fa06b1cb69cdad48508d367116

SHA1
ccbce895b4b06f92abaaa2e3ac765c0666057158

SHA256
0b1905bc0f58cc41960d8c4a5a60aeb5904c17bff44124e74cc1968b18d4600a

SHA512
d9ff16eb110bd12966a47906d58d633e72c9247835687b8b958360967f65b1db0cd9ff6815fe5a7555832d1c0e807834807bfd698ad7961d1b308dbe567deb8f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
07e3a938dd87d405558bc0c7db913b8c

SHA1
894ac476e94015f990fcc6e0ea4a3f2643a65bd9

SHA256
6da98228a371e01bc72751fcef08bff54ad20d2373cffe59eed84d992a6c4240

SHA512
2e6607afa7237600b7de18b73f1c7badc154743c98a8258475121fac5c24070c695554e87dfaaac9d3b7c7af04b63e0340e520215efe2faa56bbc51538a8e425

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
306c17897610a20faae1d756964ed8f0

SHA1
fdbc081cddfd4f2f8ea271bb869ccc27d68e7350

SHA256
11db5a70f0c4f54e9953235bda732ab451912a17658fcce15703687a87b21c0b

SHA512
9be2adfc964e921eee4991cc1a2ede6f2aeeeb4a71180ea72b772a73b35d4ff5413d6fd566f82182a5b3032c0d345be6f940940be99dd0adeb9c0a5d1265ab54

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a117ddb4bc75d58510c1408d55033544

SHA1
24959876ee7dc4a390723adeec104343dcf962ad

SHA256
1d78f6a2838f67f867233f345729abd7cb65e1196b9f7e702915d94ef8c98755

SHA512
08a1b32e1a376da2495e75bfbb0cc775a516674cb0a773d404105adcd6b1150e9b60067e2ef3eed7150ee3ea8be89da671f1b7b2200037ad81983c0be14118a6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
e34da561578de28e2420b9191e7facee

SHA1
c147a705b20cbdd34efd072089e775dd158ea768

SHA256
dc756a2075ed9e63596eeea34df4948d0fb307ebf190090b5f33e918d0735a92

SHA512
269c048e96bf263c5f2db6bc73f5f3573e82a0057bab9e4f3b6ba4e496b47d7277fb54bfbcfa737a094c6a62f22faa7b744bf6b86ea544eb2ad60c2680e028cc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
bfb5c6b70f4edc9c18c0d109ac4d300b

SHA1
79fddbacd5135e6a2a342e1f266adb7e269cefa1

SHA256
6218e1ddef6f7c8ca15d49df8541ada929dde05dbf6f22df7567d3456968a66f

SHA512
99e9e3a173429abc5a0b6b7ce329abc32be665592966c5618a658d5c350c9c2216c65a161587859e37fc7256bf4b6e4c9c04c06ddf619b68017cc04799bb8cd0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
59dd89bea5740f432ef391e8d2d95f89

SHA1
3ebbdce8bbf3cc909f9f08cdaa425b1361e80cbf

SHA256
ef95373588cc7fb9935a5048aa55c0385c6e0f2f537ffc79b47cdd0a8d919564

SHA512
2d66f3b197615877617f0494e6779ce27e0438376c9ffe785d664453d28fcf6a4b42e89744630d3714a33765b12bd10b521ccb7e5ee9ec7792badf15f7c4c7a9

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d6cb02f2b5ce3dd8e5f7af0901fb36f2

SHA1
932ca6ec0061648423db5eacdc72cab8f4002914

SHA256
d1fe755e42736367d26e03c32fe43b520a10c71dc128f65f5510e1356b7db6de

SHA512
733f9b73677606db3cfd457224c2dbe7039a58a5e7ae3e69e493ff88140b77fb2bb3801514e5562a09694bab80af5f22984d319f3af0ff9fa180678601ef85df

Download Submit
memory/1652-5101-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1652-11520-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads