xorist | 5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Size

7KB
MD5

31b39332874eca4bca19319073c479e2
SHA1

2038839be53dc9ef2d3981d2ddbfb8ff5cfb2eaf
SHA256

5777ba5324a693756b82284f7388e8b57a8ee3f014cf09b9127c9db06269604a
SHA512

8347c8b63d03d1248e1b505ca171837a0a73237183b14ab2044336013c06cc0cc8f651baf33b5009b4411ad40000e89e423463f3f7192e5a69e5ed388b13c301
SSDEEP

96:FHZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExs3aWOjj7jRmW+1xSqMB:9zdrr1FG1WDCgmjPZs3TgXMlSqMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/1096-6622-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-6619-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-10883-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-11034-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-11311-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-11316-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1096-11317-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2202) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe"	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_biometric.inf_amd64_edc558d403ab30c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasno.inf_amd64_61370f3a47f08ebd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidir.inf_amd64_7bf4a320e4ec8b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mstape.inf_amd64_3e2c4fa2d4cbb487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcodex.inf_amd64_f5594a2af66d11ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationheadset.inf_amd64_47c7e539c0156424\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdbus.inf_amd64_55c0c78952233d0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmts.inf_amd64_bc07e137c52c529a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrg.inf_amd64_bb7c44c7bb3664d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Provisioning\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1096-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-6622-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-6619-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-10883-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-11034-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-11311-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-11316-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1096-11317-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-100.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-400.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-64.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-40_altform-unplated_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-400_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\ImportFromDevice.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20_altform-unplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\LargeTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\155.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\SuccessDot.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_EyeLashEye.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookWideTile.scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-150_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-200_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-125.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-200_contrast-white.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Undo.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg4.jpg	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarLargeTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-32.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\SmallTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\JOURNAL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsWideTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Light.pdf	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\6.jpg	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-48_altform-lightunplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-colorize.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-200.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16_altform-unplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-30_altform-unplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-150.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\optimize_poster.jpg	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_contrast-white.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dnssd-dafprovider_31bf3856ad364e35_10.0.19041.1_none_49efc64ffa55d768\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_414a0942eadc3634\404-8.htm	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-autoplay.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f82d70485c9d9c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-256_altform-lightunplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_10.0.19041.1_it-it_fbfe2a4406cad76d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\OfflineTabs.html	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-xwizards_31bf3856ad364e35_10.0.19041.746_none_562154fc9da70d1b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.19041.746_none_98f5b8d3db68981e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_27f9f931a79d1cbe\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-ftpsvc.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_4c361f22f6290673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-ducsps_31bf3856ad364e35_10.0.19041.1_none_8282d0cbdcbb60cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000040c_31bf3856ad364e35_10.0.19041.1_none_b35f98caf5542263\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mapcontrol.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d62491bd80e0aa8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..izard-dll.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e981971e387b1781\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_11.0.19041.1_it-it_b419c49c2927b83b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-network-qos-csp_31bf3856ad364e35_10.0.19041.546_none_362a5598c3e142b8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.19041.746_none_38c6194376a6b88c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wmssystemtab.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_db68e7b0a71be5f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-spfileq_31bf3856ad364e35_10.0.19041.1_none_352c8e03937c933e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.19041.1_none_be7f82b3c03af8b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744CAF070E41400\15.7.20033\SYMBOL.TXT	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netrndis.inf_31bf3856ad364e35_10.0.19041.488_none_559eb4c6233414d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..geservice.resources_31bf3856ad364e35_10.0.19041.1_it-it_b281bba039a7e747\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_10.0.19041.1_none_6fa7e5bbaa15a17d\deselectedTab_1x1.gif	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\Square44x44Logo.targetsize-32.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..icy-policymaker-mof_31bf3856ad364e35_10.0.19041.1_none_703e42c91c4f0ed0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wpt-addins-perfnt_31bf3856ad364e35_10.0.19041.746_none_101eb3611cbe97d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netnvma.inf_31bf3856ad364e35_10.0.19041.1_none_b64f60875fd50b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..vider-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_6d48508caa1f00c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_a8b00e462593ccd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-system-diag..formtelemetryclient_31bf3856ad364e35_10.0.19041.746_none_fc0f264fcf6d2332\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..band-experience-api_31bf3856ad364e35_10.0.19041.264_none_e1c9ae689bcae321\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-winrt-extensions_31bf3856ad364e35_10.0.19041.1_none_19128b81645481c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..evicehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_65d5d9e3a4814875\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntconsole.resources_31bf3856ad364e35_10.0.19041.1_en-us_455ebe4bc501c4c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ls-ksetup.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_9d7efd7160aba0fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbba47c77411d25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..umservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_50ec65893e509426\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvmic_guestinterface.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_7db1ed00c7e9895c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fax-common_31bf3856ad364e35_10.0.19041.1_none_cc4a66bf245ed011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\defaultbrowser.htm	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-i..atedusermode-kernel_31bf3856ad364e35_10.0.19041.207_none_c5e1b9def3522696\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_36b7cc29a529c0d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-help-datalayer_31bf3856ad364e35_10.0.19041.746_none_ad089cdcb186eff9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\291910c52afc6a4c83bd042f709c7e57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..extension.resources_31bf3856ad364e35_10.0.19041.1_es-es_94e96ef496bba8da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_vmconnect6.2.resources_31bf3856ad364e35_10.0.19041.1_de-de_91a684f878ac73f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.19041.746_none_e7acb2599054dc72\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..seraccountshandlers_31bf3856ad364e35_10.0.19041.746_none_71518e1c3be7c131\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.AccountsControl\Images\Generic.Theme-Dark_Scale-100.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..onal-keyboard-kbdbr_31bf3856ad364e35_10.0.19041.1_none_2c40f135b952ab85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.19041.1081_none_e3f87355251e8c43\Notepad.lnk	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..pbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_c2430a66245f7885\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.19041.546_none_ffd303094ff1fe66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-id-connecte..-provider-tokenprov_31bf3856ad364e35_10.0.19041.746_none_b7e2d6ca0f3abd89\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Splashscreen.scale-400_contrast-white.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wininit_31bf3856ad364e35_10.0.19041.1202_none_a5b2e5b8b986fe3d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_10.0.19041.1_de-de_d9e35635662e64cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.1266_none_d50c6ce1bd959a1e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nsentverifier-winrt_31bf3856ad364e35_10.0.19041.1202_none_604b8ce6d251ca06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44.png	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.4500	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.4500\ = "DKWJUSNRKPYSAQA"	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\ = "CRYPTED!"	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe,0"	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DKWJUSNRKPYSAQA\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0g81EtiCH2QMn87.exe"	31b39332874eca4bca19319073c479e2_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\31b39332874eca4bca19319073c479e2_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
d433c0f4da69e2bf59b99b94db0d79d5

SHA1
901533ee8a0b29721fca22c14bda97bf78f7a421

SHA256
da4472b81421011bd2076c0460651f706a1f8e1d6ebda91c0a66a8cd7a8ae9af

SHA512
c7c1b2a1917049baa876ae565b7ee2ae485e6d1e6697cd676f4af9730ff2a4b25666f54be302278b662d1eea51492a3e18520871aef420e726fc4e11f5c3f971

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
c8351866198d2db170660df21179c678

SHA1
8e3c787a50f7ed44692934d63e49f92335d84821

SHA256
709c8938ffa09eb73365bd62898726a9d2a187e94e9761b9c0c73f6479c18014

SHA512
1f9bc52c0ec81ecc6b18d9e0599b71577500942417b0d942074a4459d8429f38f26bc60519ce7adda59f5b660c1218ef81f4e60a2b2034e78fb484b9cc3455d9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
eed3023623eae7eed5e1e11206b27582

SHA1
4c88958c9ca7d713b820b8943906526c41f2c1a3

SHA256
bf4dd136a82b810429976f3dab5179b269a18f81113857e700d4a183fd31439d

SHA512
45aafc55f1968b759846828ec664a590d8990e95db555c844ed725279fbad123d3cc0cb9026beb4b4f5a0c1dee63314df848c269e6726c714c0156b22ced48fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
fec14147bb486a3bcde71b38992b472d

SHA1
bed258a9396f2ba8b74080923fe260e4b4cb1105

SHA256
fa42d5c18152d9f59306cc746a403a5616cc8a0bbad898548cfd21162cac6a8d

SHA512
73024f75c4dbb84d23fe1131583ab8c75efb7e3315c25a61a915271683590297a9563c491e3328a931c9d5222b2db7f82132f4603ba7fbc91c27973cfa47c30f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
8d2ee6e4ae456880dbf11b681d08104f

SHA1
9c14e920a521e6784032f72696f08bab1c613dff

SHA256
d375bb07f80af5b60d90c06e9c24aaa2b38de088847a35e9a51c6367a384bea3

SHA512
516513fa9c7596180cae10448801aef6cbe216f9be09e95e8c1919509bc6bedba77249efab39fd0295da8171abd7dfd95167b049bb543081538fc80bdc3a1590

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
e9ff4b938ef87dcf9d9e60bec78b653e

SHA1
9d15266e09a34d5ea594eb7ad68aa5057ef69c12

SHA256
4596e248947a074e8c526f4f19a45a3fa04e61573d5d98847c9f6b0978b82f3c

SHA512
b69a1fae7892eaa9dad1df46c76472a50700226cf08d4bd5d8d35bc9ac3ec98e2dd2d5f1982cc049aa568803b1d8efcca52c58d6080f049e382c5451703276ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
21e509f3a03c177be3982951e99d4af7

SHA1
e2924d01cd28ed73aec44127134996f1f31dd958

SHA256
c4e2bcc6e983f9522a110f2c890cbbf54c74efe1f550fd9c40af3df76f358587

SHA512
e1a822aa0442de4beccd80e8c27e89d67aa1394ba4ecff0c21e70587aed3d9c85ba2436f7e0ed90085ff44645f33cfb471c996320a7b4de7ea9c3396a1572147

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
890837a2cfe368ad19bbf458e0d282da

SHA1
c82b5aecc1def64ab45f99b2e524e2d30a292c77

SHA256
dcdbb2fd2132a519262f362f6c5a5319dc0bf2cb8a572d25ae4c8e3f435ff26f

SHA512
1003483963089c872f537d528d87c59d57eb660e887b8c03709b582c0db0d45ba1123f8f2e4f3c532763dad05d763b73b23c9103e95cef1c029f78690b811aca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e4de75ad049365e95684fc92dfce28a3

SHA1
bd92e14f3a6d222774d75168dd73369c22c9bfe0

SHA256
58c42a142165814b3d1cff6c8783003e25235c0833e30efd63714dd981284b04

SHA512
1c34eb2387e7a07ab712fbc49152c0cabca823b686750a42bd6dbd2faf1d559deb5802ac3481a1c141c7f04531b657775366f417c336d27e04599c4477828ce6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
860272a42573044b44df925c6a76cd3e

SHA1
14bf3db15fd375abc4b2642749f465c86ac5e4ab

SHA256
83e22ae83f848fbf26c612e074a92ddc8043b5715fc511f39036fc697e04d017

SHA512
157120ff580d7a469fe5add5592e3781fc811c02165ad5ceba76a1196429876a489976d509504ffc003aa7ab41050ac9c061931d04d1bb7d71256fdb7869528d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
a6fc10bae79b7397d6c6655d11b6d5d3

SHA1
de6558f67af0912dfebb8b5731a2cef5ddbd5ba0

SHA256
93d984e5e322893881bed2acfd2c26909e730c884dba9e81033310c5d34b09a7

SHA512
89e004b8ec9dfd5a0dad8fb0ee7aa044e162da9d09db4744b03ecc9dcd8c0e3a9bc6f9f4616a9abe18f8db968d89341536e4a912e6451f1a7aa3b8dba3f567fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b064df11ab4b0dd9723902401067829a

SHA1
e21c0eabcb90a9412a0a87960033bff5ecc3061c

SHA256
6f8df8c8b5c0d271208dd88fefd5a85c8c376f7ee83ac4efd15384ff52cc5510

SHA512
2635c6f22108ba02776dd0143583f86160783363096ebb1b8e72ef8bc93811b3e621d2f1aa8126df02afc11cfa6ce422c5a050e316d59a508259fcf0c519f2b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
d69aa70ed743553ada727f4407599e97

SHA1
fbd484b243206f8a3b174839119d63bb9f50a9e3

SHA256
f14184bb073a927fe00e853be9c5b9411feffaa939cea9dd0ec428cdc97594ae

SHA512
8ce261eb4dab4cdec47c338240caa549b216ce7d67f48e491cda76a079f2884641c2e984c08888e7ae687de1b29e7cd811ecea802840b991abff4dd63c12fb0e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
f4c38665d4e199875091c14f48a19a5e

SHA1
e1f49a26722b8e92be55b7864091ee3f1374cf3d

SHA256
77e1621aafca6ce0b537ba4ca609e5e1d0eb083d90b5b2508844bafa1881c196

SHA512
4e1aa91b5d556f0a870a057ece07c62a269ae9b635e095fc345b9a33c10ae0249eeb3d917e01478f4357c02d9ed5786e9354bc9663000337e13ae3d9d73daf05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
c161f9d93be2a0fdb6f0add88cb7759d

SHA1
70d2c5e6243f1142769ad6bafba95e782897c97b

SHA256
cf27686e3a1b16cb14a7b68cecd332f961f1d4b42baba4430d6743383f9a8af9

SHA512
0d949f1e80ac7dd3d54f54ac0d30714a1132a0d3ccc091838deb54869971c139708506d4d95882896f0f6178595a1636156cecac38baea1293d16fdec01042d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
b31dabce8c7b1e93cb08c3d044406ddb

SHA1
61965396f6a2e8b330078341bd1db23990e0bf4e

SHA256
17b839c27e4919a0139697dddb99a81fe80a80a1364001e7aa1b750bd7285d06

SHA512
ca794a317c91634c3391342f1da6feaaecffe21b83010ed0ee1d9d9351fe4f1a3214541287f1d3c75eb1ce5d7f04ea53d985145397dcf467baa7e21f1c0d7f2d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
bb03594c8ba16da7978cdb5fbeffa143

SHA1
ae3562d03cd1362ff12d0e1fe1efb97cc57275dc

SHA256
7f3218f54bd0c9f07150e6eeac923da14216b9fe2bd6aa9cf68680501b91238f

SHA512
5093036357a5a0734745e3b4acbddda1baa10eda59870b3c7f11d42a6f5a7efb3768ed63d8341f01a8c80b129c3a01f1b78b72e96a97ce63742acb9b5dc1de40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
474f5292693b593441bf50eba5ee81d4

SHA1
7996fc0b041ba028982dfbc19242181e522bfc3c

SHA256
7c234cec89365a41457e496927a4284e9c1e03ba964b712c92e9eeead33702e7

SHA512
053a82511fcd2e1dc7ac9b5f5bcc353b0f7c13607ab813ec00d0f7f2ff9b576851237bc0bb6b6acea6868878dc2ec5f365dbcb2ceaeabf78c979c7aa794f0fa2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
dcc17719c128d975e89aba0fea263bfb

SHA1
89f8edb03d7a1b01e2835d588111fea46674f90b

SHA256
32cbbc2f655a05bf0ad9264479ea9727f536df586a3cf2bcab172a0d59d149e1

SHA512
18674aaced64b039c4b69156c584f92924b78ecc248755e06d727b1e91b4d595e7671971803605e2e5882e5c860c73f457f2c0f99d881cb5d68d9135b5a7814e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b7ace76c72aab213c4df49dabe62ed4e

SHA1
62840ed8bf0b0a9de46ee8775cc010354cc97d8c

SHA256
9acc299deebe8a66a7bf42c490c51881859f6473b4d7d297ffa26a27373774de

SHA512
8eaaa04e3a23ffb115456d619c4c2627263486a49975659e4c5eb3e25b6fcd5d0ba989eb9b23ed0b33033aa817defc124e53881419478efd79af1768eaccdfb0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
9f0d5ed2864f07664a6d48e7270110eb

SHA1
f11f9ad3f38b3075ac04c76ee4f9b4fc65c3f290

SHA256
d5ab6f7a315f51aa06227ead43f9ee81b706de2c9394142b443b015b19234361

SHA512
104a04431bd0b0f8d673fa2dc1ca09e0e6e3211769b146e3aedd46ca6b2e6f2ee8731b15f0779216a01294a0b90189dd77bc618853c121077d3cee034e66f463

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
7119093f85c9b35efc9bbe801c217c79

SHA1
6be7e4b91e9077cad3a1b1af689bc142d805040e

SHA256
32a0c541e4a2d09cfc98fca3bef96e1fd8101dbebeb40ef3f0f60cb3efc588cf

SHA512
a43eee37f27856d816a75d5c1139c1b87a100972c84815fb18a5c4c5eb55e99ff1dc044c985b1c2235838dc17ef65640789b18ba4319c55b749b6833ef8646ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
b885700365859fabda4643b8550e72bb

SHA1
781cd3cf7b0a1b71f442cc7500cffe896d917167

SHA256
80e09a01ed386b55e5c3b5c6d5bae9776cfa52379eff9d7b50addaa235661e22

SHA512
2a416eaa110fab4c52c8feb8666f282d325b6c82b2f8a8ea22fda8e059388bb3e0f4188c8e14135d83867fc8f2adb42c3ed9a3b56ad83b7c2a43f08aecd8d739

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a776538d7f1e5c4947bdd026cd6309d4

SHA1
08498e864173b1143ece11c706f14ff3afb749e2

SHA256
a562b3da59ea4bea1f074ae3c4602b8541ce3fdd101b70fca235da1e46fa190e

SHA512
e6e0a776edf3902167e5079240879746edf925a92b7e4e8f7e280632b6cf246abaa35dac48203ce98e1ddfe0d5fa3f6e83e3b9511432f770f7a46300367af7cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
7f10a7d5266db5f99fc52769ed287951

SHA1
649b419ee8362eb8c39e73512eee224755ac6339

SHA256
f6850a789239b9c92639b23bdf87bbbb289a4f8ae89d08f447b774fa4cc91325

SHA512
8d85a93357d5d098f91040c79a4d81ac02363a32a3dcfed2c12ee88f4ac7875632644b736cfb89c916900d6470af4dcdbf25a7058f84bd325156fea86fe13805

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
216462fa3ccdcab37c880304b482bbbc

SHA1
e03588f339f6eea07a6cd1e146c929753ac39a65

SHA256
b0c476bcf5d22a0a621801ca28aab5d84fdae26602b8e86b4921ca314caddac0

SHA512
b55ba5ac52d462acde5b2b3e9c235805747ced7233299e3a8d75467576759133a82a97a328be5b6da2ebdf053ef1a351ca2bdbeffbdb253930b7e5d034004716

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
cb3c622d06a080855b1b96437f982608

SHA1
7c1967bc01ba4a4c161be25d7d6615ed7e1e58d7

SHA256
675797cf75ac2c20a8e1241f511656d9e1b652b9ead8a1ef50be87ee4befe138

SHA512
e6a63bdd9a555d8d251e6afdafe6655628c7d61991a1adbded3e9dcd44f1653730d8b6743d52e5cb1772ee012fe7c9625e3ad55b6dfca0e913320d254af1643e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
71daf7863a3235eb4f23eed5803ffb96

SHA1
1b8435b8287f9db521552579e588ff61948b814f

SHA256
2086cb9e10d72c79c140d31dc452dc380cb2fabd602cbc6a1354ccd4d6f6a521

SHA512
235c985feb9be498bd7caf894a2685132e687ec52b36eb2acf0e401c56aa9139644e7b4440e03aa0e5276fba9a9b837692533ea0821a4627ef4cf51a143a7db6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b686a9eb50dc8ed3658a3097231c0eb5

SHA1
9bd534829b77bafe2b6055d404a39b4ba7b8c249

SHA256
c87f73d8c5a2040f9bdbdcea617cb22b217c9132df777286324dd748e04c2164

SHA512
0782bb4d2508e4638c63ec700f00a5da265442b9b1ae30d22971e3b7f3bbc8d4853467ebf05bd3f6185d591404715b67ccb2b733f135e2e9a64ab884c43a3ce8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
5c43ca1fec3ffdf40daacf28556c48d1

SHA1
842692e576689c881947cb53e744d7f3f76661d0

SHA256
2133c53ae4c08ba06e5888f929d91dbdf4e2384f66e4b0fc379a5410e6250c78

SHA512
88d6c729a593bb9b547a8fda6c5c0909f6ff94e2efd3824d3f5eb1fb36ba8cdeee08f3e7bb1ba8eda16a17e6d577c25f2c2a5c56f96ca0bc5e41626c6fa95d2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
496e6e1cf07d82e25b5179b422105d8d

SHA1
2de823fd1a862c8f285237f235d411932868b738

SHA256
e0e97dbb3a7328352bb3ec5aedb00db94d71d5403a2a62dcad453bbd548b9bc4

SHA512
b07a062c5b6ec4e4e198dce0d0101ce5e156a90664fb6511eee656330bb914fb8c94190ce81456921fa30eb0e123cda2950cdc3f008e9d367cee8689fccc3e32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
8dd72428c3749d2842da8aa8aad465fd

SHA1
eed9463e9ee1d13f383da98489bd519f3057c535

SHA256
7edb87f06f978552b686bc3867afe0fe33f784d59963a0f351bf209b7e92d941

SHA512
c3aae1a7703710e0c39b159c60f769b0554b074456316d7a4e8d0fbadb19c798189595909d283e03da9064b3ea33b24ceed4ad2da548c3aa9b7b1609c7752813

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
57176a80663e098bac12870b379f2100

SHA1
149e4a8cfa71f6e34004088b0f99587b950dcb1f

SHA256
df68b33d2d8b9dac8413a4f3730e5870fe892cebb1110de15938cadad996f763

SHA512
0d09db4411a118472474b1b3b88e7b27bb4d0d41ea4a712af5c3ed46ef21bd48e787ee5819db81bf6bffab561997fbf6fc72f74be86e2116af5eef1c6d119f38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
81c63b30a0eef8923e8387b14829a7a2

SHA1
160ab3c3f9a9c72ca378c1afb52e440823f8b9e7

SHA256
ae8863c091dbebb07d39e9dfd2f09d3ff8108132d2402f053eaec614bb18c0f7

SHA512
b92a7d450ef96055f096df3f7ad847744ce80f70c9e6f248607c0f99dd9635f62e2e2034b4db2d333e70acf1b21b133fb81b4dd88a0d966529bb99d89dbd550e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
bc9955cc1756f93e957d26b929aea219

SHA1
540d6df4be668062698f4e71a2bac34c9b30de33

SHA256
c349f6e8faec032987ad2f1c463d08323a6471394cf156722b9c61a4b5c37189

SHA512
dd154ad1aa487b8abdd5a1198d0f6deef2600ee6f6084ec02b07bd56b1ec0a97dbd334602d613597edd5a5041f17692cb5a109c1f5964993c75a6972e5778b3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
0e79ebf2416e814e10d09262d125111e

SHA1
c69be2327233121337eb94b9d36944a5e4db6bbd

SHA256
bf28f712384aa0c6e6288a2d1395a787b7b512d8f87ae57bb5491b4cd82fe755

SHA512
1414a63819ce4d4df945e3299f08e42cac2f436d543f501020e662d5f99ffa886a2b9bce5225e8c5c965e1024fd3351b8f51db05f4d78f6d342a5fe9a2673ade

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
396af7ea9d1dd32358dcddc5202c5208

SHA1
43017317a87a0bba19221ae8312c50f4c02a783a

SHA256
7fd3b455508513ab14d5caf5a2c5c2ca45b5c7ade2ab8fec086db780dd88602f

SHA512
b333b431ac671e546bf2cb18a84fdef5903d3a0b93811fe08f1d6c5c65b8549c38c89f99e6626ded5b31f3557ac92bb2d58d2bab1f774772779540f55ee8723f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
9d447cf887c822626ba8436a57d685dd

SHA1
45ecafebd5ebde6e5c1626bff91cf2e8d0387065

SHA256
bd1bd08a38bc141743739ffc5eb8de0280502f745fa7d27e6deec8557601e76a

SHA512
9a808b37084358cf1e6d901c3df2eab148b8d0839ebcb9bebf90b6d1746e8fca6135bc63a225e154c8e5fa63e63509de6ae6e8470ec4cb8e8732b0a3396cc290

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
8366f17859faba7796ff5ea7d1b9c094

SHA1
7fe1a86859ca295435b0e4a18a25f42a52ed83c9

SHA256
5aaea7008379f0a0e5140f1970bfce6023d92d0daf743ef0ba9cb2bcf6aa818f

SHA512
c0116215d166d3f471e278d1a49b229187eb178a05b8e55b8631251e4f56f497c3d9d5abe174f8982d8db15c838b54e0000af881ecec8302a4a19494aa306f73

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
313B

MD5
cdb3798b506c83415f1ecac9ed49fadf

SHA1
ee0bb0481ecff660fa164ad01a86965a427394e9

SHA256
1a87b80d731c0823b0c4366d87f87a6a392193d257cf24aa4f3e37f31270a73d

SHA512
002541e5d21f8484563bd180b01897f9403b320040d86d7a247a691191826c0ea227e8285f4a3919de05cbcf4c967e7f55d214cc19461f412156646572c91f88

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
e48401273ef54baed1f1e7d6d0ed4302

SHA1
ec304bd66560571618de33d43c2c80bca71bcf34

SHA256
2c98db9ab8c99eaf638934d63eb6b6ae4101c4bc73f2dacd07604451252d8dd4

SHA512
e7de74d0381c6004ad67568ffa9c631493e2ee462ab0390625b3c88eecf45d773b002332228c661904572dde13460240f4eefb7e9e61651a8b330a2cb092e42d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
3c59ac700086df03bd78542a8af61a6d

SHA1
1bfd36fd829023de5acbfd100b71d9dfa03ae5ce

SHA256
8642ed225b91e26c54ea8fea6417e53b7d06b54ef081581308322801c67154c8

SHA512
49224bdcb48c5cefbf18101138b00294bb9acf4bbe4b95f090e6e4abbca7e14e1447facc1fccd725e782c2b61ec2f26449fe2d1236eedb0c1a26583e6b427e12

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
b4cdb977ea93ab7bcd439ab958a3a634

SHA1
c06682eb0ed10c8b54f5156913c8312bf3664c02

SHA256
c223d64012567ff32bfe6c46bd037cb3b5652987a13ebc7c516e2b5b089e6c87

SHA512
c123d85b970d3a09c01fa6e1fec0459c094204fbb3868fc58652a5a8a3ae05ca373cd4c33145e94a7311e61aac7f1b1e2e214f85406012e782afa2627241b164

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
c308e7fb96be603ae4f0db577dbb569e

SHA1
c35c5f1a3c49e445e8d9ed291b41a03c152a08b3

SHA256
e86004412e391160c181a87e540a5f3f8d09adae28fde2b0ab07e3088af9d958

SHA512
9ab864797801a8b732f773571d438a263aa1118520258d66db70fa35789d39d76f2ec4b8ac0ac6442185c6fb7d6b119fe8b84dcf4912463b1634acc9e46f9043

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
282cce34f910c2aece3247d668a8fcd8

SHA1
f5cdf38ab5dd0df3ab650db263a87c240e7b9cc1

SHA256
24543cfdb42b0fd64641ded85ff3ecf583ac736b1b8fbae93711e5373e68cd55

SHA512
edb878209daab203daec403fe41f85f1745e971329a6cab38f0d8b52ea950c292d90e3932bfeb2b2092a39a2aad687c9ca86b6e424c8b00b5fd1572f1c9da825

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
f3cd52422cff5a4cf2ebde0180b55ece

SHA1
8a46a3e36e900d28f5df253f86b65e599bde722b

SHA256
b0521e536493c021bf9d2b43b9e26e9e9c0277e5c032accb7f76fdcde31e1230

SHA512
2b01d0ac3c4d3a0e9051b87752a7cf2eb7e4223bca30e61f3e72778c6968d9fbc01c8042a2936557a998005b5858b9498f0e8c7e5f877fc3f94163734a1b8975

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
e7638732bda63d701e5135e0913a3a33

SHA1
039a5028908b6a2e9ec9ff85c0a2c69f35675ff5

SHA256
219dfa3b108e97a3d9643f2cb2aecc99550b6517d9549cbc18547d767a646b77

SHA512
4ff4dd562cfcbf336571ea02e72adba077b769d5170e45769e4e6e65b90f4abcbe3c323fe5dcc0f6586de21604f26145e62566eec08e8ffe3b14b02e0ab9a35a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
12f2741cbb942e5dd6caf98b82c8ad87

SHA1
fdfadd71968f9836d4dfb15a7beec624d9c7d773

SHA256
49239349007b4ed0600ff573ba53f11b2ac65976f405e809fe78bff5d19d3b2e

SHA512
ca1ad19fda4836904767a935fa309810b3da0e8d6097b128591bd1204975ebd670c5fc68cd69746aa426d44ac535a16db674b4d407688fe3541780190b9ecce3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
678c8b845bbc67d759c59efe5006af02

SHA1
1a5096fac53c07264766fd7bb7bb49cf78752eee

SHA256
0fdd78a9e07bd177ac77b63d7ca4c2c5da30f581c23651eaf0d6a0c9956ea1f2

SHA512
ec9698c1bd6fdff69cd659a7c547bf89426d5f01645f0a98623684065cfa33a385dc80fc42f3cf677d86062819e5a777f59ce6d501f8e40f16c612ad7ec85bc0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
c827a5b484e5f4b656262515eb5d1cd2

SHA1
bbad3ffe0832acb8d79661758f9a78c33683fbaf

SHA256
171937c662e20a85f483ca8969b042810e5dd5468cdfc30b2a81b19fc939b994

SHA512
49c80d2fb8b9ddbb84c6ca54c331d725d904985990fc2dc972ad090457a9e94d0404c004e9b731d9a9a07c52fbddd8bfac31b97f931322d7615a1bf16a4fc59b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
061778419bc6ea0b06504c47c6cb7be9

SHA1
ec518e4508017a27d571273e103db0fbee988a9d

SHA256
e1491fca5667c45a32e65a41a92f38861e13f6a7b5eb36e2e2e1c9e7dbc7362e

SHA512
1849ac428e593ee43e3e49c191cfbfb76941a05ad8233fce32c2c06518f4fbf0620cd3d7d8f69566d118173211ee52a4c8a4f094556235c0a1a684dc90620183

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
6f25af28e073f9dbd8f8008691334fc4

SHA1
efdcc46bf3380df6f4497d01fffd298e09c46074

SHA256
9e54e283bd89044a590e1ddebdafc0258438daeed438980d652d9fd097c492bb

SHA512
556dc6e5e0235840dad8c4e34e71598f19dbdbc02e95e214b9f635e00e5b74d871c1d5e4026a5609d7ca2f07e174d156bdc359d5b549b3d504184e474aae6cd9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
1975ee73d3691b2347ae984d051100e3

SHA1
a2af41c9170b013015b7223769c6fe09b3c8018f

SHA256
1eb62dff16c2ba24f77a552b9902e7fd19ec0b2c43c41a2eda62eab11b0629b2

SHA512
797779791c632279d9421ba8a52def72f9d04452cf75916f757c0b0c9491259c4be22005bbbe4f0e2e2f02a6f05bd4116656a956c0ace640d838452660fe1f41

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
17cba9b1c5af6da3eba405a1c74c3e07

SHA1
240eec869f7002a174474fd46ba1ed4d28c5ccef

SHA256
34bab1aefffd890653ce630b6d0ab4862e7af25320eec19ac551dcb643b37526

SHA512
3feeb4287e1ec4b9214ddd081e2fefe2bec3af46aeef9d82cb0954faa495efc08887d27a635881474f4db5a8fca363443de4c67cfcdf8248e623ebdc01dc8c86

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
cd72972f0ac3c4d90852a6bdaa4c4728

SHA1
8e326a3e12b654d506061ab29bdeed46eecc0d37

SHA256
6dcb0c23e460018347cea800e4066c82d8eec51af96bf3902a62935f996e2406

SHA512
94e6d56d8794f40bf8fc1cc856ea2389897e4c2276e8c2dc7a1b73611e455a062409422224bb3f39a9b88403c0bedc7b5d8d59a60df67cfa1f482533bd422fa9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
3fe5f696da18507cf36c5347c3c096a2

SHA1
5c5aeb7532c3525f2c64d399b6410ebfef16b262

SHA256
73db93f30d9ac14d8f79e7212863672a0b8ea37f3654491c338787fe44ca47a8

SHA512
362913a96040c4fa5a22b94c461d07f040b326647eb4aaa48e18f9e24aab360d6fc87bc986baece2733613c06968d57c8b4db4b643180a974ae2bd99a9d3f2af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
20e9b9b5100221cd3e1e82ba9c7bbd34

SHA1
3dba63962538b60d549e2db9bc9f883f4843ae14

SHA256
d7cbe2f1c4eb51f985847dbefe6cfcd2d42eae126567cd535dad3443a3ac5971

SHA512
ee122602da7471224f7095472df7b801f5d0d469111ab1bf29ca74611e131566cd4215b560ec3105e246f90aafed51c4a5217417e208ea01a7b99bc56b5d2766

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
a0bd31fd8eb20f3850c6437f7a55f25b

SHA1
f74164e5b70c0bcd75d701c12637dfec36fc97fc

SHA256
a55be06192dafd93f518aaa4917a6b10895500133ff201f0afa372d700aebbbf

SHA512
849c3694094350e56eca6d0debcb4f0a92c6a050ddc8e805d756b806c0284f9b75c2876c8c6f2a36c6687476cb4b819ad225a07cec123283b585d67e8074b8bb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
e95e271f285788aebc20068e09fe5a62

SHA1
25355e65696cd422d5120e708ff2a5c36bfc94ef

SHA256
d663cb714576b9e91c84bf295d1487b61ffe4548103a85760b40faa37818372b

SHA512
00b3ffc281dad1dad73714e31399b25245756f0ff6235c6bf32e991e930351f771015fa69e3d2119f1069733418e12aa171f9937508b1b744c8326c5af129b39

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
0402bdcd42db00a81056065f30a02966

SHA1
9dcc0409cd8564358c75f5e8ada4826ddf7e3669

SHA256
4b3af122ac1c75624254868b09212f5f28890ba0e9b2403eb6d9b40305f9e932

SHA512
f87203b6efbde44f0b1cf57f70d4f6104bb8f8eeb73744be352f29da631141aff48f286073074899130f9785576d5a300867d1e3c54525708fdb1514685d55b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
fdd5b409db54b7d1dd3f0003a2427e38

SHA1
642ed30b9a7dbb52da18ddcd438c19b8af255bb3

SHA256
5ee25722e53fa63a3107872ffda1c12e7b9e0f9457a99750c8d501bfc973b47b

SHA512
d13726c0122f1b92902afb9a86c427f08e05c781160c39bf5c00c1c97daf89db23f43da82b5ade46b333ff74dbe7b0628e7efd3e5085b9c38612dd9e30aaa67b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
5948e8e2b581c7e9c2315005b786a70e

SHA1
48ba7697b4a69a308f33bd28694ae736b3b0c331

SHA256
a928b7da52b4ca0ea30535de83d53918117b29b06c4da0285c200cb96babd00f

SHA512
d865506bc8d427e8f864bde97ea736df059f411fc3238e34fb7c27d3da70e596bcb060bd3f6947d64df01f3d002cca8083ee30740abfd85f68c6cd053e1a252f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
0ef8e0371349336abe0d474e5f028962

SHA1
54bee4650cd3388232a8bb631c7ccd0cdd0b0beb

SHA256
d3d501f2442922cc0a12afac04568c3345b7c1bcd35f3f9efda1130e7ed00dfc

SHA512
4e9314b7d2c29f3dc4b8ff92101319b036068f596e705a9e416c75289560c236b61bbe7b32ff6a09c68dc028865179140a4a640f5d21bf7381a62dfe25210d8c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
b9d39b1526d0cfdad77d4ae5b1c7c102

SHA1
f39c4469c280c0457cf23356b5ffadcd62a933f2

SHA256
10b733493c95ebd9a4065a043de4d41032bde984f78aad30bce8efbc3204d038

SHA512
c1dae0b2ccda97bc9728b19074d6d2b2be0899f1ad234cafee3217e5e94d3bc686305af19b88735f0d32d7aefaaf8bc8bb216f04b9bf2d6fa644f5b180b61470

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2fa8c9682c822767581a9e9b6920a352

SHA1
2807f8cd6ee45f763d9f1cc69729c0decf0b4407

SHA256
895cbcdfa0c49df26f3a3dad6ceb8b10e7e7ec6c6b7edb9e74bfa216f7e441d5

SHA512
5216ae0f65e7d1098b5876030b8fe8522ffb3609fc688e6c27dc5166db7f1ae1e67e4d708ed9c150f206216c0d108b8fd51bad1813f26687e9b5f92c357ab040

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
40573e0ac7fb7af3459ee8068adae240

SHA1
77aa7d178e5d4bbceddb3da33d4ca0ab48b4ab6f

SHA256
8f22a6c9ce2c0e30aa0ac56d7923de7a33b04457e9dfcadc03545435104c1d78

SHA512
841c7e481e3c6e4ef9951927642fe2767ce9028209b64d7b05c969daf01bfcc62797bfb3f860ab6da53911a132bf90d60855352285a1f25a6ed1594169ef90ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
df357b9b8ad2102340d274fbc9e12861

SHA1
f66ee3080495057085934870a1f2736e96b26204

SHA256
c5ebd2902f1f4a649318ff35efd26081aefcd6114966e0a0c1c206b210607fdc

SHA512
c1c6716d711b7882caf40e7904d00723f26e8832f371dcac5ccef715721ba4fcbe729fab2f6b76fc22ad33f93ffd57ef99bce5a96fe9e9727f0fc90d29dff597

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8cd3c5b1a87e6292e899fada1273b2b5

SHA1
3736a46b7b8038226adec608b8432ae948e6db64

SHA256
0baccd61d3d380ff6099f7a16a93d03a06ec098aa0701ef06948e8645d4c3659

SHA512
18ac89f9c6768fa1468d61404dca7d90aae6e1271cecab24ec33b384a0839de560aa503a8c8ea8c2a34eb5a224d4b99f3c13910f529d86ea01aa9d88de5f33ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
15623fd94c356df36e4aab42cbbad085

SHA1
8f75fa5acaa5b72080c9d3f1cd2ff31c2f052256

SHA256
6480fcc1c02a31f905640af3d498fa6aab27ccf26d4c42fa623b49aba86f6d9a

SHA512
787454f87e407083e9c5a2071cf10d59f391378f59a1eba4f7a2a72a8c6bc990f6f418b132661dc13a9fb322b99555213949dff24a64cdbebce124791b0df02e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
b60f68aed7249a153eab6d3d89b7631e

SHA1
5ecfa8493ecdcd4d70133567cd33ffd08c7df562

SHA256
8caad585e9a0ff4415741afe454c233c06d6c6be4a8ec9a995e4655f08487683

SHA512
c2f8b482acd72e427f3975e0ccf89b37fa664424ae34f74951fd0ac75d96bc861367787c35c58276a037b067b45491161a0c4540c8dd3db7722d2a34e2ba8d5a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
76337780ee6bd6f2980f3069b0b3ee7f

SHA1
bbcbfbe5fbe4012561235127c8b62257000005c5

SHA256
f5f404f3e4eff0af274f82ea68ac5d8417425047d64fbe8f5e37252f124ea475

SHA512
df05d34cd44618c7bf8bd178401846598cda2df9d207ed32bd76a7e0d1721c495de60e68428f0341b83d01273a51a0f24f10914f0b918e95e501ea23d7a615a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
d1f60b1d1afc2a785e289bfbaa077403

SHA1
ccdb224edf79c728cd1f064ba70a30aa8ec6b099

SHA256
026ee92242ccf7a0546103176462abb0bd9235be82f622a36cac9813ba55913b

SHA512
01a940be5d986600619e6dd2950d7ae64bb4ab444e23d9ac6aeb499675269798b57ade5bce9e86216655f922b230bf428e6e4ba5c614cd5e85a335b85e36ec22

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
fe05822e8d254ec7f612a2960eb1f30d

SHA1
80cde2132f3227bf2e22d243ffa76fa5dda12633

SHA256
80c5ca195269fae5395f8f5439ff28ff0c56883bf0d8e8fd5140137f884ca52c

SHA512
683eec4dde91a8999e1022c053a56d465ae5e3134313cf7b1fb11479c13b683f4e7e2013912a04a5fe4f484ed9b5bc15aed2c1cbed9072c68932f183375b76f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
321439802fda606c6bafaff712e2411d

SHA1
671f9598785b0d38d6a9adb1c571408691ffedd8

SHA256
e92179eeb998b5ea22c34f178dd519686e5c87a27ff8338680df067e40d39ea7

SHA512
f95ee1eb3d03fe8d3084b709febbc259aa45cac53a1e116fa5caf8760786c8a167c515bedc19c604fef897d5d5e51b6401934729b42695a459922fc97ec21651

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
6b00d31946c391c3e013d71abb1be096

SHA1
5dd84b609fcc06ba42931853b6648786d2933090

SHA256
d676c283e03b5912a949076f15c8afd2dee02695f6cfaf158687147adfd8162d

SHA512
77393ccaae05868de28627a85971a9aeb7d2cd414a9b2ac57e77a368d2074d76b1c32ba37166cf50d7b95da6c79324e400b46ca33f3761af912a5cc80cf1e280

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
8beee71596555a14e7c72da3c10388f3

SHA1
721f9b172a5b5da8ac7fdd06599f04f5a6b5522e

SHA256
00b1973d4406cec13dac771c1eb6b6348f3efc6d830f0bce9cb1aeed851469ae

SHA512
599689e5d0eba367a80d5e3ca33126870e1f08f0bfc7bf6db87ce5f47e0216507d3b12af3066760c90a5b242ce3a366055d6a1ecdabcde6a31b3167b0de206fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
0d151e2697cf7c8fd7b259b4a8ae16ac

SHA1
ea47f31f7d740aff2eb5f603f64de209c63531ee

SHA256
ab6f68dcd461381b89e4f824a96a17c48a3c352c5e99ebcea0f83b3d2c186337

SHA512
afe9a80f22ac001c89dc75df0025232cadf489e046a01a1087efdc56e5209a7f547603d2744bd7f4474669fe5dde0ed73dc5d6215924cb2228628f466dc8d5b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
1048033e829d7d631fb0ae785328cb43

SHA1
5b7248e609d04ebf255bac637c965898a3f23457

SHA256
279b1cc02b98d24961e48ad7ad9576b0ca8520152e9627b7f3079bde250b8e42

SHA512
34ad444c441f5d8acaa02003cf42d040b88d7358994079b51f0d0a5c1dfbef9e25657b9eaa031aa7dbccb8334d0cea1e05227d8d735706798b41d5973f7279b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
aa58f77a0368c43a4f31b7d751eb3c5c

SHA1
cee23bb090ce941dd51f0aac597023e0cbbe60b4

SHA256
122ef096f4d1a04cd1f07836be480133d7775802aa0bb9f68f7e5ea6e635f01a

SHA512
23187603e1bfec77874d03aade18ed225ac2a3a7d51fdc7c68544be46e17239fe75a72bb8962dc30535b07910f9c831facb2c726226773381f803ab126f6d5a8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
f2360738989f3a41a5497d452ec4e853

SHA1
bbb2658e2d23c8e9ef59b920163c461064c3cfad

SHA256
6f1cdad31dd606ff1dfb1c4fb67157b7654bc47f048a5e551ddcf8d130265694

SHA512
7058f19fcf6513de0bd64176646779ddf0714b8040ef16877f90115f21a5f6d4a9eff2820a9e87dafda37981ffffdef6a73ff350f35d53048202de70aba69b51

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
82dbdeec7311051b75ad9da3e070a206

SHA1
0234837c09a7aed68560a29bd1e3452c8cbd4ce5

SHA256
e2c9ad8d270e11bb3d1e9a9d36c44a6066a02e822aaf6bca5bd28030d60b4b20

SHA512
7b9bcf39975962f4c6c323727f0f5611901ee06425269f1dcbeab0b8aaa2c8f7b86dbda69f3a16be35f96e09678d2cd12d250716443d5571d5baa0f69bb0e169

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
186ec7671b171c0b63999de80b988793

SHA1
3f1413e300db69d2f7c7e49b1a5bcca0d96835e6

SHA256
6885f2be9cb0fe7e9b92c3e3e84538af578f838b3f97027321eb18644443e13b

SHA512
da099b779aebccf0613ff118c26f80491a0e048d071d093b40516b70a0389493d40789305c12b14cf36fdac3700756243efb9718bf82e594244c40c5c56f8c6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
dcfb381011b3f43c5f9eadd321cac68f

SHA1
d71b52a1e98f26566399c168f9b93cd38d40b6f5

SHA256
d982944bf1ad26eb6b8005bb17700b593732064388df068088e82eb3d72c9032

SHA512
36aaffbbe504ab7ff688b0e37588fc9ce0db5e8914dffe445a6d2dd83dda730785262f614a129afccbbbec478660f0242e977ab3de7e6b1554c9dfbf173b2016

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6cdbe883ac113203bee5373d3a3734e3

SHA1
d2d56dfde6b269267fa597beec3a0a6c2d5adf8e

SHA256
e3a73299ce48682b0b0557f0e0c2bfaa4e0db72575d2cfb18f203f3191240742

SHA512
8cc1b8b3bdbcf05ec9991caa5278bc491fa9ad4a46771aef694a28043dff67bcfae731d11bc6109a7f2c871c3ea26c4aaff7d83eae5ddc7d9b28a0ad1a302f80

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.4500

Filesize
77KB

MD5
78ce7ca86cc57fb18ac18a4decbb93b7

SHA1
32890edfce0913b76efb6525c8cfd53b93ea549b

SHA256
353dcb1e8ad95db7f9e308bfd7fa2b11b1e617d50d55d91370197623184627eb

SHA512
bf0c341901f718ccfc9a7ebc4ce87a38749a5958ed57e3a2f2270330eb38cda67655ef2744528dab7ced21a1a95bb7dd3c398164eb62360af0f3f6343f259f87

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
9c4dc530647efb1991d2b5b19738b9c4

SHA1
e55d70c02767e5acdea574475b6dd038a2e34451

SHA256
6a4ca9340b76571f957ca1e24ea9ca2678f351f3a487fe1eefbd0ac19a9a3c4b

SHA512
f3ee7836a554b024a507f7b730709e9873106ca1693491dd9a71ff61b62caf57acbdccaa200bc544733863b1b164457743eaecd2035411883fc3135e5b3e1a4a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
7f7aa0decff839a94b9c8578074b6f6f

SHA1
7198c7625cce08dd2f6131399fad02c1b13a5db8

SHA256
36e9cb9f41d805f5e39ca2f36caa05dc145ae5bf1dd0a3ad853b5b9a39c9e3af

SHA512
9ecffd2d8a56795749eab94a08f97c6fea4685eeb746773d1a7bbeebb70acd441d9926d9a88201a73ac6e92ef04a167fafb07d5dff48f89af325a9e16b183758

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
ec48febcd989eaa8db999159394c6a39

SHA1
a87db104a802f0249fa60e9606531004e6d44c76

SHA256
da0c8b16be8a3734423e67ac111444b77f386121f66170b536dbd74276b302d0

SHA512
07dc4cfd0f7af4cf31093aff9a80da486966fb1cd5d88eb96ff88b5e8a236b9f1b66fa53f8d52dce35e2e4d7a33d769b5e381c1706cd5d4d6fd2766739ed60ae

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
5e162f5c91e9fba8533f050545598652

SHA1
0cc642e168e07d09507aa22650edce9562b3f23a

SHA256
55b1f5a30b638f3fd6e70c2052ea913f279d6c66b15cc5f8668ab55635280c9a

SHA512
fbfb0ff5d845794551535d704f8382c6029b83a079c11612b95b7622a55d6bdbf43baf19e0b2422a64eb09bd54cc8f161ca852d6a36dfc8b2a95a4fa4df9b0bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
81d6cc18693db984003e2704d5323050

SHA1
e0c0dd0de8cba10f5218c47d86496de29f8c3fb0

SHA256
450be8d2c6750120e778ef2d8982da3babc797a49f41dba4b4f054c378e13d4d

SHA512
5c97e693393807303df235c79ed67c9338e371640554de35dec6f17cb4426949e01016a0821ba611cd31ec9e3d5c7572f084f1c27d9b0a628466578402e1605e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
04b5b5d091583c4c5d542bb943b98ba4

SHA1
d7eb9cd716d722ae9646ef64030abf76d9d8f107

SHA256
a98e0d1208a21c621d82a583bfdca89bd16341ccbf7acd055d7d5b9381cf82b5

SHA512
fa1fda8d42409506bc4bcdb8b2219ef476b5944b5286ecfd41c43a29891e962051799f5328e4272443078c1f242913ffe744acc67c0776ff5a1ffb08d000a2ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
ca3918862831390670018c6038af556a

SHA1
2f41c44030f9b551c064ab5d9f4674a17420a873

SHA256
036532f3a96082d78d443bdb6394fe91d70744740e4e2002d3102f5baedf76f2

SHA512
5c6ce2571060e0c73ae4306473bd4b246c746d7738601fbf743e5b38a668aeb1c418b2ef161dd29d9eef524b0a948dae7470f0152122998f8ebc3b2bd38a74dc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
68586e30ab4f2a14b27ebde82c27923d

SHA1
5ceb92403a35fcd1016e031b5fe590678d16121e

SHA256
1318b3a84bb6ece0943379d7f0e47df59af3a010b68f0c1291cd1638fd5b35b2

SHA512
3af5d0e8503f91b39450562eef18e2027ec01bb6a86c6461f39b1e7de3584e658422fa4bfa9cd9dbf860cd4675d7e75fa97d37f343639756c26f4cc870bde4e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
c8d0f8960811b84a70df86b18d1165ca

SHA1
d80744a0571c86f26b1329506614b7231f806d55

SHA256
05e760e9938d1306261d816f7e8842f82e531a588a5221c85609674de55f8610

SHA512
9f2b308bc6a24928513a83fcbf61077b4d98d9faa551c951a179c7c95ac0582e4d70de3898b23c91003e2a4cc698d1c6a7c6d4acbaaf1d8f8152601f2d2aed50

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c602b008cf0cea02d172617193b144a5

SHA1
429957764692241cfc27710b412e68f230ee16e0

SHA256
7e4cbbdd4019d8fd88d807285012cd36b88cc0a25d420d5cc4e5175a4df420a7

SHA512
751865eb6f580f4ebf2ce3abe1fe0ed2f01dd9826c6420f8ac9b6b0530482e83be1583b9e7878c5efa86aca008300342c261f184cd3ab0849a031c10a754c729

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
d98f69cc3718085028986f6b3f3fc88e

SHA1
818c53512506c4724dfe44d51f8dc88788c218fc

SHA256
5d529f176114d4094be3546ef758eb92b5d98275354818849d8d21bc28136bbc

SHA512
51432f8c92984496ed4418bacd5aa158719df4da7bd3a29d6700b6336791d6e4261b15b3bb9170879dfaf327eb205b631f76593de0ce75ee33285b5489f00a88

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
9c8d59f0ac687a3f71c762b21d3a72f0

SHA1
1feeb44f8ed1c6f551513d654286aa54274e2dde

SHA256
6cce29d3029f4a24f8854181ec6c663a267592888845c147d5d56093b9115c2f

SHA512
ec6020c57c9f9a5d6112fe40b782a582144291836e8dbfe531c7890fcb508fbb53660c69caef454c9b90967d7368d035c6d54fb27654f04ca222948d9a94fc7e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
96ca5dc5ede2eaa76abcf34da5f4ff72

SHA1
affabf5593c0af2690ea111528b42a0bf271cd54

SHA256
07edb46dc45797a5463aa497b6967c199e096cde91419fc17918d959d46272ac

SHA512
e1266fcb8382ae1bb7942f6a0368331de383a5fd83b24c8ee612532affa1c2198c3b98189c26da7cf6014564a8e1950728b29f807746fb7bbe84927747f636ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c27f989ea98f0c027152aa2e95c2480f

SHA1
5a0fb8d86cd496e8becf5fd3904cee6be9c580ba

SHA256
6f24eae745f1e8941a1d68331d863816074f54b339c066d1a805d33c74ca47a1

SHA512
9d8ff83b0df09b371c7aef47eb13cf032c0680956c0bac553211d471ea73001b8d1b9a084d5ebd5b8a9b7044e03f1ae971ea1c95435de4cae352449d2fb3e4f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
4cde7229aa5577478e558b44d057c66c

SHA1
5cef15c2c4a1287ea7bf98ba8fb2312916c27ed8

SHA256
3ee4d7c5deb0a487606d4580efcccd7cf4ec261582f174dadf923278cb52904e

SHA512
fea568d70b7f32e4ffcb77db6ef6593ec92e5c4c676a76932fa2213d10f24e356d4d9c6620026dc4123ac8ab23120eceeb54afb64a31ad728fefcc5760ab4d77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
acf7b0a8202f3530298104e2a909dfae

SHA1
346a660c4a08cd1b511e46687877f482591e0e86

SHA256
4a2be5435b166fa4323e443586c4b314af1f68ac241107d2f01b08e429e8b053

SHA512
47451cb7dffa9014ee0887fa100e94334bba4838801712875261d1f44f40a2172aca4b014059df340a26234ad031f7b320086154026cb0f3b6a2d436711e2f70

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
59a5c7e8b7c3093d430982f5d2d5130b

SHA1
e5f572c8d6dfca760e1a171f6d4796ab127ea29c

SHA256
4f65d3b24add4d30dc965a1c31bfbced75fd96b12603929dee189bef4174db23

SHA512
c6db53c9c94576079929e5851c2c0cea525203d2637c5e152776c20ce523c4318630c29ff8686d176e58164215074fc450f273173ba6059cd51e00d92dfab7f3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
49dd79e87f03cb58d863949894d6be7c

SHA1
58e0c8b1f9516258ed564a7525b86b6c1125594e

SHA256
fd9a86a4cb039843d29dd4343fe543b4d4f9a60397c6690723e796cdb3c88080

SHA512
22fa49b40ab093222844e6469264656681cd69d82f2a44cbfb8059eba4e2849f9643d157c4210d8bad92ec45dbcfd479adc8d766b9b374b607d6e769c5c807c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f2d04e907eccce4ab0acc00faacd41a9

SHA1
e46c7a26904da78389380327e8cd02c50eaf518b

SHA256
6b447e25db4d0268976b60aee585706b6414c29f3390a59e0fae4e0cc860a88e

SHA512
0fcb7f89ea83b32ac06a82cf1e333eec238b94e448fbbaee5019ec5201d38a4cb720b74773786761654d8d2ddf73cb1448c4cebcc2057256cabe1284943efea8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
1ec519989b57c12c2dfddb2bd5634440

SHA1
e4ba60ffa43f577f11c46be7b77c897c038aca10

SHA256
47466f9b39d0d9edb5685361daa35e91f883d0710e7b8f8ada7ead808b132357

SHA512
d7d300c1e538d8b1f2123edd015382082d69cd6225846f8ba4e6067a70a25dc22aa1a827e7ac7b98aa922b96ad50084e39990cd800bac81ea917be574f8ed4ef

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
e5283021f9cbc45b64b75491ed9b561f

SHA1
9b351f806f385a4755757053a8412af1aece3768

SHA256
ddd4ea63e625e59fac5015e8f645c532701564879316a1789390f64200bd0859

SHA512
9bdae0d2843b39f491a5e3f84e666d0fe0a13b73e3f0d6dbcc76d3b71209595edf036c709ba28b08f390984d07af04d9f24ea08cf50da839f34dec55bcbba140

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
2640e90457652bf7221252cc08ea2c7a

SHA1
4975ae9665e65b2c2a71ef8434eb2680bc602285

SHA256
0a1b53d8f04ccbb7f06b2fa441221312da2ed5c0d78450d4ad8df3c269913776

SHA512
f962a079b97aad4ea22a7d6a9bbfedc09e0e9b56bca9c5761cfc1ffe0bfac54b59940109a5dd287ceee6a8ac7892015964604105ea77710422a1c0c923d34e98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
0ae2edf3b338ec8dc9a7199c04de9def

SHA1
51b0fa90d0c6044cccb5faf6a285123573d58009

SHA256
ac22f760a43237884eec150dc4f41dad9be81ff32ec1693d2c2b40a2d58e33ab

SHA512
98ec4aec05f5e9c6b474b5e019dbcf1f7e8f63a97b76915066d008b53320f60677ef4478c41e4699e5978f2eccce3098e6d2ec30f07e4c49c8384831ae54cfef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
10bc9752639ecc6eb877d67442663baa

SHA1
bd92c9f464826f58ba853ec5fd10d1bc4d0dbcad

SHA256
1f8428b839e499a0f6282932cd1efd30c04a8341da40be0e4bdc58278228261e

SHA512
4eb01b59a161716616972c05ee848fa3e58be5331eb9a65655ef668ef913415addaf667afd0c2086a4d9cd120a71408b25c7c9353da42b129f68ad4b69c4360b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
094e9a24820e4f6285380aaf1dee0630

SHA1
7c5aa2a99116cfcd4c2843f4c972d5af5404c92e

SHA256
4cece02188b0baf3906a026bdb14bb79de1efb7f0e72f51fef50259b453646de

SHA512
6662224d16d5a39dfa991961d3055b390525703c21e8c9874b578d2854a03d8bd62b29fefce473940bb99a10618252ac05002c064470c1f696d1440bb7a2b1cc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
b3f0556afb5f4ee96dc4c5b27b64d627

SHA1
3233121d173e00eaf556c83094493ea7776e5e58

SHA256
c518407f018d811f925a6bbbfdce3cc629981f0687aa291e2340bb26df77cdf4

SHA512
a580d60d13e6f4ddb9e8b9530a4fe78756ca433966b1560ecdef4f4614394ac91c8ad180239d10fb3e490d32be93413a398925ed8bdf29980d7e96e67355cb7c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
a5e82607e4a4e1fc8ebcc641b073ed0d

SHA1
01cc776e69cc0c48daee71a3ec34e1d4fc657077

SHA256
a095fe661f00d56d644914f7cf9d20be78515b159b524335f49d4de0e830be4d

SHA512
16c946d03204fc4c1a379806089f5a9097e7406125b0aceef8df5d74623032dc17a19bc711bb46d8d2b538850d9ae2752272bf8c1a0af664a973391d239c2b61

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
3b42d663a5d42a504c99f1c655729224

SHA1
07b8f51cd9c6002b50e0a0b2fb6a77054b0cccba

SHA256
12eb63d3aa99633306db2d996bb185a3ebe424dc474e56ad2097b768fec1f710

SHA512
2698878a37150534cf8fc59d06150ce12c8f93b424fa55e96262e816b2cf4c479152075e58254ff616b75d185ca34a7a7107e2d87ac3bac7004aea805a1e58ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
4b48cabf8e15ea176fe7c80cde07da55

SHA1
e2ff83d0933eb7e9bf06e97b8491c6652c44baf7

SHA256
5ee6df5ae30e76e213591e3d84a3470e116b382e1f2ca80ccbca2f5a4886f436

SHA512
08eaa2a8ef53fc397c4da83d83862cae61dec1e46480c997a0fb0b3a07dc014f44a2d6b804c7e5d86a35a0e3f810d20010a67e42d31f68513941bae06cf06f2d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6a9153d02ae72fef8a73bcd186570c4c

SHA1
7d197be6e9b0b9d5ad831dfe65ea192fe9b1eef5

SHA256
ac1c5d77168c82a3598882db2855a37637d2f426bb1e1233d82fb831cdb797de

SHA512
417170f5b073124323934be4e6c5d06e22e0ff2598c9b2c06000c01e2bb298781d34479381d93c80207c55a26bb34a4878521066aaf352b603f1134aff59f957

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
303e63052132b4f6bb10a81a7381c200

SHA1
5617dc31fde4399c3fd836d30d2a97e3a600feb0

SHA256
8d389b8b83302c2eeb9b23ba801a2db3e124af76a79ee19acc8a8dc88c90bde8

SHA512
3bcbddf94be37200adba8492d8e7584f50f597eabd493010dea317d8f3cf4dcf6bfeb778b635740c5476a0ec77f23b3d7275ecad684653e9ea019f6df59eb848

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
e228c7bf0395c115c35df308f0e56978

SHA1
9d0e5dc525f46303bb6e05e2e82e654bea30f1ff

SHA256
797caf7a4ee79b4ec6799bd44d9c0b6e1faf2e6095e87d2087336722d9bd0e09

SHA512
31976c5d37ff71e15f38b5fb2ade5dee6ed0cdd8b0c11d12c80f108be89a5abf1b995937598657a7e844dcd0454ce08c2c25e23b8d73ac2b4bd92db8d16380b9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
f6cee857b663c98c35a765d7d8f03629

SHA1
116b43ae0478baff850f01bf34487cab2a0f313f

SHA256
543192c5ba17f63d0239533293b1b831ee1823066d3c1ef7b62a27de7179f7a2

SHA512
21bd0a53c730846cad5e6c11ea5962425d2f59d0ebe70e4d1bbf9dd2c77ba555aa3fce65b8a60bc8a04ce18e7912e5e49043d60de13ab941c09a2c64d7a33ce7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
9bedaa25dbe4d635e12b02a0b2162b26

SHA1
51d9d412238346b00c6e649027ac8c482546ba6c

SHA256
1c872ab602334a3864f543483ea129dfb420144ce25bb747c149f77afcd1acaa

SHA512
250dfa9abab9d1ee2f3f6abda3cd27feef77d6bebef1261a1784064b98e77023035b6c5e8ecac8ed58d9b5e48a486ed6abe1af152bcd3e35e99781bdc3492086

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
710239d0414f5f5e473b2d9200bb58b1

SHA1
0919ec46e50a786cbcdafbd78975352e40579697

SHA256
a286eaee0f01a73fb16b5281ab67fccd494cbdb5be39657035c126bd0ec980d8

SHA512
55ddd26b38fdefd58ee5f7185b131b3caf40dca2e1104e8b004d4c2bbbc07222550ae6ae33d7dc8301bf9764078ec0e743aac0de1561df2560e552616f5dcdb2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
07d13c97d1ddf15e1b297cb47b59addd

SHA1
d2dd521a684256dfe0077294ab889194718cb624

SHA256
0cd0a268d5b546fb6fffa1435c1267a6951c9d6fff320f59282c4674539a0484

SHA512
559ce6a83cbe7dd0b0a2260d5ac82625d177e24db66f1e6ed35821be7aed8101cb12539700d1c5d8c79f0b11bb3742b5a1c8a4fa0069652ab07e943b9e9c0093

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
e8286637b49c873af5bc79a54425d0fa

SHA1
cf1b063778a6d76e918016a650094e1e3df676dd

SHA256
1990071267804c463544db3241c8b60947417abdc11cad9aed2f5355445512b7

SHA512
7c4d5a335766bd173d3c815c4d37956cd978ad7f43957e438199a97babdd9e688ddbe9f9091fee54fef0dd05db0592982609653d509bc4adcf264fdd2e4ec33f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
81c5920bc71cc03111d942f4a03606a6

SHA1
daae625c3f091f1deb84d43b04710c2380fc7ca9

SHA256
2e7b5a4ca0788b0cbefb853894044711379daaa9fa72a79cb6797cfdc27f28f6

SHA512
9693bb193f39e9a8496b6ee4b60b4647de8221459afac3f2b420b81cba6fc195a3a8271f719239ccf05dcaca9217d77f5eb663d302a3577fa370bb55705d1b46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
a74b58189d9ed9d9721f748c69f51dec

SHA1
19a1c6d95524f733d1e323aad340909e7d3e3cb7

SHA256
66d5e4042627c4c129abe1506bb9cceb3c31643af732182d8acec9299e16e21a

SHA512
d6e9a94a8acdb73f552580a22965d217fa6ffcba7892f44d84637c4e9e83c7f478e0ad1cd7832dc348c37dbed35cb41456c620107e63f1bf4082992ba1cbe948

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
f72e972bb7f05bb3235af2543bf36637

SHA1
457e5e1f612b119d7ca1d53ada199f6dace60029

SHA256
5c3569859496f1e19166ea53137ae9a4011dc48c329b4e3db06778952dab3c21

SHA512
01db4de0f82c5d09a67b2563869bfe635be8875a01e8f1daa61f957ef7169cb591061fc00143e55fc014cb4cd8f1d17a0cd09f24fc2276da0ccc593025820155

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
ee703017f4ebcefec8e6d98cba4493b6

SHA1
10967b3668e82aee1a2378f56ac54fdb8d4bb204

SHA256
d3578103dc66f84a639e90dfed7169727f384d8c735dff864d875924a4edf5d3

SHA512
7a2deeeb819dd6dfb94ca5be1b6c52b36779c99e77c67e7068538254353863e4da9745fbf391d1e4ddbd05fd01b3256584c32a573bbafd1f59713a3ae86f041a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
bfd36a7ff564b9c74a9c7ae400c8625c

SHA1
2a0a8ffbd88e4d0e8165579664b8f7260b0d1c4b

SHA256
33c31753305a22f94465706bd4e27140ad34eb49d700c2875ecf0bbcf75dbe00

SHA512
548dcdd3d599e600af64683bf407020c1f68a7523c85af2f24438b5f44c71f2fb90431e92c85b9f761aa160e59bf3eccdfaec090a2fd455c12a5a72b486cddf6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
84722e2ed9b0e874a3366988769f3dba

SHA1
c44fa75031c38b24f922b2f2263dbdc19f4a5ded

SHA256
27a928fc27b0de99b50b75df4e09d6af067b1af35cd127d7ee955a323b147327

SHA512
57d131a91b9956c34138eefee1917a063416d256416213f7662684fd0a440fb6f11b62c88f8841a4cd88b8b3fdd679edc653c4dde5c47e01fdf0967b1ecb5762

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
bd75af9049617ddffc550ef18dee0c16

SHA1
bc5069ba699170846a36deeead52409321113bbb

SHA256
b10d77fd48b6783a774308641247cbf286931c8b1543f636d174344a0fbdc20e

SHA512
961dae6a06491370c70d5c8ebe40a962b20c1ed23477c7935b04e2cbafe517454afdccfe56a65d6f1afcf5529fbb126e190accf8f5013052be2ea07da09ef993

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
5604bc4ea2fe4b9b6323f9b479a74420

SHA1
96d828fdd0960abf96143de222e26dd204beb73f

SHA256
2f944b4aa2d4979faac26b2f7fc27da300d38385d17a5fbb86d4961660044d8c

SHA512
f518f1f25f3695ed9503dab77dc09cf08527dcc19c0f66ee4abe3d8210d7e6a49d5563d204a5b4b0c403d10f081ab2d4c26664088f19f27a31730d39ad46eaff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
d8e956a224aba94dfc2925fe66ece168

SHA1
8d2cd7ad9e696069d9cec97818b5fbeb5e025ec0

SHA256
ff5de520e35a133e9b8579b6aa13f569e2b791a664836eeedee9ce0987732758

SHA512
0df9d09e0ce60f892a3b2d0e000e9b20e07f94bd88dede8cf28a99abed741b9b9c1bd681294aea49f45b4d589f19e77711503b1230def90c0bb3349a7a933063

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
2b7e67233f4abe10e09e84c699fbb3c4

SHA1
9cdb969cccaf25a4cd00a793cf067eac6b66258f

SHA256
b407505bfe6fca5e3a24b6d93a7fd4eb79a871b7637fadded4e6e1164e1da1bb

SHA512
819e8baf3e3eb1c0f9c97c382daf96bb0656fa2e6a4b7a47c176e801580a66772ef7ea092a108392e93c4be44dee3c329bf576faa09bab825a0f43f2f0af5c9d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
1785a6b094233d213d93028f64573afb

SHA1
ff681f211d118f6fd2d911f19176d2fe8ec15005

SHA256
489be4ec5f89f45df6f7f8fbf43736ac1a46e8a99bd847081ec9a5019d9e72b8

SHA512
c48501e725b114cb0ea796ab8e7696d546b4ad59fb38dd3da6da4acf8866922a536810e8c719f79a21c1bdc45d378139c8bfb57b24f5c7beeab9d4188152c0de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
b4d0289ff965b8b97ad495a92c47eb38

SHA1
e30a4b87d34927e55717d13a7f4d186a07cf2dcd

SHA256
2e3244a7d0996c037b7740a3bf7d079d4732e0ce88b4669eb59473566d3bedef

SHA512
c9bd7ac74bc2e5b5df9d6316e7aacb743d942fcf35cea4922702e9222a6bcf91ce32295cba6bb9171c899f0ae98195eeb87a770cf5a92da6f0d156cee14590de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
325398022dca994ba60d4bc525cfc857

SHA1
674e72838a28d44577ceb7005d51c3a6add46e28

SHA256
4a6790acf5167e38c1a5e508d10b276ed0f6c8769600b18973a886b7efeb2f44

SHA512
119403111b15abea8d851e497ba20da02e708666f71979ec0ad9bd8d4e98d977aeefd4e35bc5f99eabb6ae16478181c466a19c97c3d8e66f89d5fc8aa343cd58

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
7d71d69d6372acb15039ab3c766e7f7f

SHA1
f8ad7291089c07ff96f07b8f8619ba00ab6980a9

SHA256
b77d13c56dd709adef5decaaf894195ceb94b11c54ba5e26549d3b12242bf414

SHA512
e21aae55e927d9395cef94d1ec5ac128922b608e0ff0fc28dfd2a444b15fe09f929b430360bc465547b9e5ac4cd8aa002ef7ddb3e652a8805bb044eaa59d3536

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
f3598762fa7b8e44f3a71f06886ec43c

SHA1
1d9dae9009925d7267be38b77359ad66bbcc4eba

SHA256
c62c0f06d29485c059f470f47b8f08fa9395994058d9d39f04a97b0ce3af4120

SHA512
2f334d2138249de201c3a9e2cb6a023c2d93ae9254081105269443d43af77654d7f21eec9b90196da57d6784d0814627d2395665e72387098e726f96b5b69ee5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
d492827b8b14132b9a6704a1e6fb7588

SHA1
caf5db817e1f3f91b912794c4b37ba21f346e6a0

SHA256
1a12345416ad2579ecde88ed07acf4eda1ef794751787f873dc2623f748e3a16

SHA512
b8c5c65328ae9d649802a9385d1b3514fc67fd2790b34589b1ea2f60a7deb847653d3083d8ea7a52aaaa96cf8e121b9de74e05bde6306e9f1761b7f120672695

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_b3f1d9ff0e206c99\Quick Assist.lnk

Filesize
1KB

MD5
a6b7739c36491365f8732830ffc1a1c1

SHA1
d07a14d5c02da4dfa85af355c4a0602901fe9df7

SHA256
dff1e00cbac6a142ad0c0b760f68b7e5e92f3bb603d80507d058f680efd90ba8

SHA512
b292373831544eb750521c26a0b33b3c42e5580a6b31d40cb7523fdd0195ad516238f08563b654c01af8728acd87b726736f5547e41e8c9e4694e326d373662a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
93836db06befb3639ff4946c1545ddc3

SHA1
0e705c199f5b4d2d5b3af3647cc07471744e3dee

SHA256
55b75433a2d686103e6f4c134de36fda376f11765556c51069788cbb05f15047

SHA512
c92316507a0bf277c6ee69abf55b18fed11f37c56c37982f9ca782211197435a94f0365edbaa72611ebaef2faa05312bc2e7b831a6d180ce63028666010dfc66

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
64c88bde84c3039f3fd92113e9b8c161

SHA1
85410f3df0b7472c9e4eca1ae8e668aa4945e001

SHA256
a57b9e9e713197b9d4708004e7b41746de5e43ae5175acfc8a8e01f45ad87c2a

SHA512
950ea945ed820431ee6e52bf010cba1f17dc8eefb0c0c43e4b4e967d37e3dab212b227bb7c50bf9d9af7040917bea4aca8d421c91934470bcd0e27da0886bef1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
71025c0cae1ff40b1a20555cbc698f8c

SHA1
6dfbdbf394d5d99e4c6f9c713b5c17524831cafd

SHA256
f12df2bb64b5dbfcd7a5a1a833c29d1f50d4c0bae1211a37da077957c42d67b6

SHA512
400c705d87635386bcd7b263aa01854961638ce380b181f9040f3c2cfaf1e835fff9d654f0ca40929b7a3a2dca7c530536a233d5e921340b2b2f3af30f1bb244

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
b2ec565d9ba093da1876207c3acee32e

SHA1
129a9032e1c7cd7b9d9995eaa4360b22aecca96f

SHA256
935df829ac3ab8f9a07395be2410e95f531cbf96b73930e81a654d4653c04115

SHA512
62c6b56a929777cdfe7beee7e3588234756b7890c8b8d0c88a5f09d1b5b675d0b750f1067407a01a819d9f65383fc4c87779469cd0e22de6e02eb584d09b8378

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
8c195285d5c9b1b6e24dbc6302b38993

SHA1
0300b6e16cf9556e5d7699954bc7b25f18c14662

SHA256
5ecd1a0140add2daa41b421c55a5b5692e5b67e46215563c8c8436bc39f810d9

SHA512
d2fdd684e4e5d49070a0980dcfc8336eb13b0da8dd1a89d688b324a7f9e16a1a8bf3f98f17d7426c11b06d8d82a33699d9614430e69bc12726fe7834728126bf

Download Submit
memory/1096-11034-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-6619-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-10883-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-11311-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-6622-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-11316-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1096-11317-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads