xorist | a2aaac413b7545df1f50f7e2defb0e337e8fd75877476d4e7145bbd45e27d61f

Analysis

max time kernel
136s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-10-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Size

39KB
MD5

6bdacf822ede3e544705fd537ddf1b00
SHA1

907df0dc2112b8d64a641e63f3c5bd3a3ac50890
SHA256

a2aaac413b7545df1f50f7e2defb0e337e8fd75877476d4e7145bbd45e27d61f
SHA512

7b78fdf8a2264faef6caeaa287cff151664a9bb1b5f4ace962c6f59113c6aec2efb8938fd3fbf4788a66389528e75f9c79f1933ed82303af40e3eb4749d46ba5
SSDEEP

384:2ebFNw4Pk1itKkpAjjalrkJQqYvjS3kDCgS6zNMB:20FmBkpKjZ7Y7fDCKS

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/4584-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4584-6066-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4584-11218-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gaoP0RsCEv8mTNc.exe"	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsquotamgmt.inf_amd64_5f092e2a496f61af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_memory.inf_amd64_6fa9664593233d6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcpv.inf_amd64_906547002cc7c58e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\icsxml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms008.inf_amd64_69b5e0c918eab9a6\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmvolume.inf_amd64_6957cfb7d6fea5c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbfn.inf_amd64_64da5751ebd2f2f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\chargearbitration.inf_amd64_a0097842bcc7e487\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\pkeyconfig\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wstorvsc.inf_amd64_50cb8ebb1c9584af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlasat.inf_amd64_36a71a022d8bb0bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ksfilter.inf_amd64_d5c8b2a031c7d5c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_05925c79fbad7433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvid.inf_amd64_7c50642b144b870d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Licenses\neutral\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_infrared.inf_amd64_3160910a003e1f11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarn.inf_amd64_947cdd3822225c16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4584-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4584-6066-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4584-11218-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-150_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\SplashScreen.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\WideTile.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-1.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\people_fre_motionAsset_p3.mp4	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-48_altform-lightunplated.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Dismiss.scale-64.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-400.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Dark.scale-300.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\SmallTile.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-125_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-30_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-150.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteMediumTile.scale-100.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-24_altform-unplated.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\LockScreenLogo.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\SmallTile.scale-100.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-16_altform-unplated.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppStoreLogo.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosWideTile.contrast-white_scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\id\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-100.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\HoloLens_HandTracking.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-150.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_retina.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-30_altform-unplated_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-400.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg4.jpg	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\LargeTile.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-64.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\warning.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\circle_2x.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\PREVIEW.GIF	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\WideTile.scale-100.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_10.0.19041.1_de-de_9b9bb1b46f8e2741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_10.0.19041.746_none_3c701ff067089a1c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_10.0.19041.1_none_c215464191a824f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filesys-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_ace537b49359797e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SquareLogo71x71.scale-100.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-runtime-mediaframe_31bf3856ad364e35_10.0.19041.746_none_55e6e4f539e422e8\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.546_none_3f9a019e45575878\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_61fd6579ad651b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers-pcdisplay_31bf3856ad364e35_10.0.19041.1081_none_471a0e8d26b13f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-netsh.resources_31bf3856ad364e35_10.0.19041.1_de-de_fe0a912f9b70b465\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsLargeCloudIcon.scale-200.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..aphostres.resources_31bf3856ad364e35_10.0.19041.1_ru-ru_731697768cb0b501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ntmanager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_21ce86839bea8f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-inventory-core_31bf3856ad364e35_10.0.19041.1202_none_dde8aacee2f6eac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-davsyncprovider_31bf3856ad364e35_10.0.19041.746_none_be8a5e79dc304d34\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bthoob.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b3eff789aa94694b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dfsui_31bf3856ad364e35_10.0.19041.746_none_37b94d735bd22150\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..daptercim.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e4c6f580e97e7029\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_usbcir.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fca8da98c8654773\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000420_31bf3856ad364e35_10.0.19041.1_none_a7162763383f30bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msvcrt_31bf3856ad364e35_10.0.19041.546_none_b9a3277332162a1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..henabledapplication_31bf3856ad364e35_10.0.19041.746_none_520f31c42da76349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..domainjoindatamodel_31bf3856ad364e35_10.0.19041.746_none_0415b3453e3fad8b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_it-it_9f248a35f7c12459\404-9.htm	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\foreground.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.GroupPolicy.Reporting.Resources\v4.0_2.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e30dc7b104453c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..orkstatus.resources_31bf3856ad364e35_10.0.19041.1_es-es_36eacb09bf93dc3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netwtw02.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_5d563b8f3a12fd32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidcfu.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7e2714fe3358fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.19041.1_it-it_d6aead550feae452\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_0478eb0ad16019e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..dlinetool.resources_31bf3856ad364e35_10.0.19041.1_es-es_bbb9bda315d26769\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_13d27420d5f67cf4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-workplace_31bf3856ad364e35_10.0.19041.844_none_46960391b09a52d9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.746_none_50bbaff9fead3fc2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..-wmpshell.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2c9b494d1183e4f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-xwizards_31bf3856ad364e35_10.0.19041.746_none_6075ff4ed207cf16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..lers-backgroundapps_31bf3856ad364e35_10.0.19041.1151_none_009cbc0005c0eb56\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1_none_58d4514435d84171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmms.resources_31bf3856ad364e35_10.0.19041.1_de-de_531be49b61c71bcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..estore-propertypage_31bf3856ad364e35_10.0.19041.84_none_82849c13aed3070a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Default.wav	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\Web\Screen\img104.jpg	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..y-secedit.resources_31bf3856ad364e35_10.0.19041.1_es-es_deb7f97b55b09a33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..clientsku.resources_31bf3856ad364e35_10.0.19041.1_it-it_d009d8df8c064120\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msctf.resources_31bf3856ad364e35_10.0.19041.1_es-es_5d21993458c9d5ac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_b762ee4d443865d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GraphicalHost.Resources\v4.0_3.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.0.19041.1_de-de_637c57bb03857b9b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfmp4srcsnk_31bf3856ad364e35_10.0.19041.207_none_e4d578480cc35f5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSquare150x150Logo.scale-100_contrast-black.png	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-sbresources.resources_31bf3856ad364e35_10.0.19041.1_es-es_a566fef1b37c0713\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rs-serverdefinition_31bf3856ad364e35_10.0.19041.867_none_f0e7a54d23e04a38\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_34fe2048c3e6edf7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\INF\RemoteAccess\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-onlinesetup-component_31bf3856ad364e35_10.0.19041.746_none_4b0a936d86cdd479\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speechcommonnoia64_31bf3856ad364e35_10.0.19041.1_none_b89a948362edb3e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..ndation-mftranscode_31bf3856ad364e35_10.0.19041.1_none_7f7e04bc66a9491a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inputswitch_31bf3856ad364e35_10.0.19041.1023_none_5ae4c111b6185af8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_10.0.19041.1_de-de_a379ccb3e6a3f692\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\v4.0_10.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0e462ce5bc7590ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gaoP0RsCEv8mTNc.exe"	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "WAMKPPFKNUIKTYD"	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\DefaultIcon	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\shell\open\command	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\shell	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\shell\open	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\ = "CRYPTED!"	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WAMKPPFKNUIKTYD\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\gaoP0RsCEv8mTNc.exe,0"	6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\6bdacf822ede3e544705fd537ddf1b00_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
db4cb402206e33bec68924594aab22ba

SHA1
40b9fd0aa157e88982734bf8aaff83f303b9cbd7

SHA256
b42cd4ced8d3cb483d177c3784d1bdd31152035d2964397d3367e9e1d5a10120

SHA512
ef997192e0ae8446e967ed0bf33060a4ce32cbc693b447af9efc56c66fcf604bbf95337b05bd477ca56624bbb7e2df3fe433c083dc8b1780f6defe9f35539bc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
90b62d5027534d0421f7583c310d35c5

SHA1
8752bf5a1893a4e7e0f4a867521463d62a874c95

SHA256
948b78300c081d2f33b3a186ae749df2b6e75e76b10c2ce438e95616cb73b22f

SHA512
b6d82ab210274811fc55c36ddc0b842ad0174c714ab59bf40196ba03228878912e40cd260be4f57369e17cc5eb136d69250b6e95184def600c126dcc238e4f79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
f54e9d2696e899d5fb5414c424fea54a

SHA1
8ef79231c91160f9094cb62f725680690b5c7dc6

SHA256
1357a0ce3c175842749c8b907b126db33c98f4e63eb11db7bae4c23d5d518e91

SHA512
11352f59db288559b1e09b8fc208e2f476dfcb994560e4683baa99daec8962c08f2f11bd912082c2c9771d69a012c0dd64f8e5ecbf99ae4e44d98a3a8d6c5fa8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
e1045f8833f3bc2db2b204fb9410f5b3

SHA1
5a4d8b915c5a0437005203f9bc6b09afa38842d3

SHA256
d4ecdb861302265b946c98693314df27d77295a7aa85f1ac20709da76d6071fd

SHA512
f0e70b4a1adf0dc7415740d563126bc746d99388e41340e8600e5997cc4effd37f3db6cbc6292d50a9266cb3c0a78c011168a429cad47e358964b499331ee578

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
00d5e65e564506404794d25c0ce003f5

SHA1
15302d81729e949508a17e634391acf499f504f9

SHA256
c3f1a6b0fa12adcca80158417e5e67183506d94b801026e1143ad2c47141e301

SHA512
13f4c5ed8604b462bfbfbc9b7d0994d5702f62043ae0b8f9063ae5e793652c59d67fea4cba4ad82d2cc18f100ef773409f512a1658c598278dcc595016ad4dfa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
615166d5b92b940ae8237a331fccfe69

SHA1
7e126a0caea37c40a33c9645bb6c774dc349c6df

SHA256
a7001997dab81bfc4f1896f21506e241528a7d38cd549d79379c9a10eff54ef2

SHA512
fa0b5c9dbd78b98582156e846821e5f93931c78bba5d9628bf2e0b0b88581401245848886faa331a346e08de3aefbb394882033f0d740935ac8f1dfab78303d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
49801feb1086062e695f57cf365ef54a

SHA1
a269c965cc563ece660f86505116793906dc0dbe

SHA256
6472c8a9c4e53e0d0671b85f9c83865caf427d262a3eca0e17beabe4d2aa7fb5

SHA512
e80c65bfd41a0a9e553d95ce7993446522483d4e47ac1641a5d2dc1f53a2295f1b6005ca8a2b4eff1ffb7341d469943120c7d6dddf563efee7c70eedbbb67036

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
951ff80a79ca875fbb1982079c9481b1

SHA1
52111604fa8eb9459cc56acbe7b6601337c111c3

SHA256
5c02fb69c0c74060471b2eacab219d7ce9a9e8785ce0955331c489c915651619

SHA512
bd6f8300c83720b67e7c9360001c3b0f033e98d0762381565f47ac8808db552cb9ddb88e9b27ed8a93de058a28a8bcbbf831a413e5c0115de7210a928db2f3c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
651c368ab72f5a416285ade58fe3b509

SHA1
eecf6f95e50a9c555e367a135d316f2f529cf85e

SHA256
c5444957b92c39332ea90d14df3e9b661dfad31583d6837696251a8e687132ce

SHA512
014fd7d6b00eb5217b5c1c396b08e25fe5b426bc6d62f73508b922badf0d6014f4fe9f1b8fea5867f4f276b9bc9da53f03a989bb220caeab1279f2a9c6e1b88c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
c418123881ee79034d979aa7788f2989

SHA1
f6347a62b4d14b71631a89422287ab23ef3665df

SHA256
4d0701b6fc4629eba010e18c1a3ffa33b415a29da9705fba93f9ac0185123863

SHA512
044254c7ec3d2aa960b3e868b1990b82a80aefbac57f58e7f917ab1186c48016eed9949f2bef5ec2309a60fa1e6c7bd24a67f754626acce5eb939a4ee3d5ac2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
228409b38c6517717b1ea3ec9e599b95

SHA1
9178561ec5b31e1cdf7867ede64e14951ea9b3c4

SHA256
943e07dc55aeecb0e20abcbc57ea6db84a43ca3e90eab6e8ab978ba46ae5aa0a

SHA512
21b18007465f757787969f6ff99af64606fd7c2256b3b4e2e34c84ca38ac3df5474c673f1f21acc8ec521a36da608a74419ba33c0e505aa75662291dfa20273c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
5ba4d48bcb7da88c17e6c375a67fceb6

SHA1
b78ce8017629791c02207ab71e61e94f2c806654

SHA256
91f45852930389e40d16e8d9ed0af86b09d13e72466eb652fbe98d92559909c0

SHA512
3714d1bc2cf4bababafb7259b36cd1217866ed4ab583029400ff3d3e75c0d7c87168d0987fd9c67ffbb4bdc3116f0b9cd01474d94401390c4c279fce6bc157a9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2709ea7666635964746609b492323fc7

SHA1
7bdfc6089e7cc54567a24d0223d2e74f5e93e80e

SHA256
83d75c055aa0bd758761402b69ca2a07bfb04c17ca688b322255a779f21e54d5

SHA512
a095bca17434d124a87917f7270fcaaf8f75f6ded31c781ca8a2e1c8314cc943ca6508ee83183e99266126bdc2d47ee27ab0751db0b6bbec10d97843ae062431

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
2fd11fb98c30c3c0d6f8f0b6a5c316b2

SHA1
bcf8f063c596ada766c48f753bde3192062b3d8c

SHA256
7101187a65f77d4b393a6d56a4cd31fd058360dd505d7201ec611519974cb593

SHA512
dd778b5247169355da2ac27f9bbd4c3773ac5701251cedd7563e374121e65b407a9d77df5b304f26b39caf0c462d6f96b1a07772ab8cdd4693e71bba7d203590

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
4d7750229d9a7e96d7404e2035c37089

SHA1
d9488184e4449a4e77d64766762bf49e285dec0b

SHA256
4cf4e425f44ffe9501fe0e2b272d2fdd7bdd6b1a3323997949f128d73452fe9f

SHA512
3896b65f043d97682ce0e5264f687304389db4f1e43992f4c19d757bcb2f003196e03c0c56d1065063615d5dfe2822a28d7d577c8afe4f95a0abbb2e26c0633a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
0c9fe015fae6c11e8679a0a9f1fa3d1e

SHA1
33a431a22c49e932de104c5c80db6a497f30401d

SHA256
ba4c4a8f882946e216a56dbdcf06739b0bf38bc6d171746994af865a0155f791

SHA512
92feb107743c2c5691a24a25e620961c67391bd9b3fb9b319f83f26793b49906e805dadaf6fead29af19d5530608e73a0cf26a983c97d60d7490f3801b5f8104

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
bdd63364d959f504d595574d5ba0cb79

SHA1
1642dec73a63c9d36c35e77fb2c5eae825864854

SHA256
7fa20bc04923118683b9f5cedd9c548cc30f9583b94520b21141a6f174c7513f

SHA512
57926445989b6df4b77be03211e0e8e719796a3ab62db76db9a7ea9ebded8798df91fc416740fe43bef08cbd60cdcb774da4f0e8d69727e35c63dacf408530ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
f2e9d31795502ad054dea55325942b17

SHA1
9885ae5bc40194f57be2af2e96ccf65fd147362f

SHA256
d5bce81b35104858fe6b1826ac12a609314c54304492df9c5e087b04726cd3a3

SHA512
d9729ad7340c69a49d0764c65b0eb177fed13b952e0b396d15500ba1d80ca40ef8c3decf31234e88ad63cd5d5b0920d662c2e316b36b326260dbf7be47a802e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
a7ca7ce8ca7338b636ce4173dbac6015

SHA1
1da05955b347ac3d3a33278e0bb8b3c45f631ab5

SHA256
7a3385aa0d8d751aae0cfdc31a2b1075ffbab9ecab0b1c49b34add2c47ac797a

SHA512
aa11b663103bffaae8b1cc19e70066fe40648b25ccbe0c85a2e922f305bbb59c6e9e69ed7bc50cd5e9c118188d5e0eb5f8ae0fc96981e7819868a1984365f670

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
b804739f5e440642c841e3524338c329

SHA1
f20f9da8305312f99683b5f71bc72e318ddf7a48

SHA256
5b60c2174ce3b94409ac661427eaf62282eb8042baa76268cfaf10b6a98dff4c

SHA512
2c396575be78a0219147113635e80a2f6f79e3a4dbc664e5cc5816be18e2032c0721d660ec33b594c0814fd0af058da877c3756c63c6ac0c1b53ba6941dcdcb8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
76f28c62e7507e505aafbfa7fd7c94fd

SHA1
48063cce0ee03eacf23751b128533dc8d636b6d8

SHA256
fab857ad9bd9f3d33154f1b8d914d05f068f1ccd97321fccb632351ca954c1d5

SHA512
db5affc891deee3c45d5db0244d173ee91bf5ee75a664b0ec77900a470bff7af9886a6aa80c96fb968e15af9e8faa5719ed0ad479ea9591d7ecad789cb87fd32

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4a94957359df40303a81d1e37e785d32

SHA1
3cacd8afb8a172857f0684c5e28d212355e3b064

SHA256
08e7b4f8006d5ccbfc063551c02056569ee5127bac05e85ec1e726ef6b6300f0

SHA512
d3bfb020bc5a2515d1bf939bc500404dc2b88ed6a4ba6e931b33b87e2cb62befe3dd28d9e47d924ef6e521c7531d79eca7c14682e7190507163e07be31244ecc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
3045aeeffb150cbe42a54782dce52aa9

SHA1
9428f830ec83dac13782987cfe8cdb4f9c4e9649

SHA256
6af312fcbc26a68fc3ef5d802687682fbf0d03faffac148d9f8fe077a62ca639

SHA512
a7f392ed2a30b92135ca8e026f309e141c3ea8fb0c53ead4a022be65d6e006aed86fa51f47bdf7fa86d3ee523853b66b15396db576c743efc0b3885684b7a2e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
c646774bcb517a38a3e39ab11b15b203

SHA1
4c8264a7fb87710b2b07f29d2ca8cc1504013b70

SHA256
1959e0843343f09f10c2a9bca2b0cab7ef9eecb325d4e1733ad57657c13fe424

SHA512
d95cadc691bf203104c00d72f31c186dccb838775d76f598df2b75981de6758c1d1ea339d3b683fb6626cc012dd04920fc77d03e373cc776330991c24eabfe2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
3f7dbfd672904eae9520ab0c495dc873

SHA1
3b910585129cbe380d161af7de180bcf2dace377

SHA256
738fdea34685556268bd13fa0edff55dab691d9fa5f73e74765cdfd019950629

SHA512
6478bf56528e2d3c47288321682e26012fc284bd50175aa0788f4ae963f73b8ffd2a3571903b34e41c57f18502abdbf2d6cf566ea9c675b997ae24aca2fc0340

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e3d9ca5958eb2825a069f98086a0ba8a

SHA1
2fda85027e8bbb65b72c9ea9f1a0ec2ba3a5f3ca

SHA256
97018b102d275ad06d027a66cb2c1e362936870858eae4417800a63e03204d01

SHA512
97bea91fb433f2dcb8697cf580892fe305bf3af37a1f6bd0f273fe4580835358287bcd87ab99f0f85ae143ea65f2209436e056475a6985ef52b220cad8a06874

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
90d45b55a66bcd82bdf40090ffbfca27

SHA1
ee294beb9ff70efafe662bd1c300794bbe07fd65

SHA256
8d4137b8bad5a952c4bbbd4eb9259a399772a58aa112528299f4b2261c77b4e1

SHA512
2727560f18ba75315a62e2f26f4d380b77ef705619adcf2f890cc22a975940bf2e77da306ce18de09970647cb2a8af0ff979ad088bed72b3f808ccb186818714

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
529b0917b751bd754a2f080bc20a3b40

SHA1
5f8bb870bb00f26db00e34f042d2ccfdd2542a3a

SHA256
bb9b307a7816b2d65903f653b22eec4e43ff63e7aca2200263274d733f760c8f

SHA512
57ffd4ba7a92e429cb66b583a0e54451fbf13511bbc14c2e602fc3c738bb583c0ed0da87896343e3cac43a6514b5b1a61a0a329ecb4859d25b848ffc0dfb5cc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
52cf32d1ce02033c756635e9e4df782e

SHA1
9f9d9f45ded05f1e65ddeaaec863389cc3839a67

SHA256
d877fe609bd36629c6e53e9a102c563f8770028e6634771b399feeac33c4ccf6

SHA512
063d55fe2be8509f6616b8382dd3bcbccfb684551ae7ed50c9e5bed5956066b7fd9cede5492968073a2220012180ded12eaf9c51739280f4a606c5ea02b0533a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
bd519f8eca6e1abf976ebb3c0860a4d6

SHA1
6bcc93b768f5c598b6c5b8df0164bf2e79111995

SHA256
fba3ee08474b7364a56e271c8a98be0e5a3fbe79490cb09ddb717f4459deefe4

SHA512
023ad30cff292e1011ed083e52962183bdfcf8f1933369681559350623367e54ed15e15fc89d23fa3b9bdc709713ee7d0454320e399aae75fe82b38934460640

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
6f5cad1f2be7b1f2b7c2354896703742

SHA1
bde3602f23fa2a5719ad0019ddd729c119268c97

SHA256
ef95bd1d9d48d45d6448c94b860aa45a111d905039001e34c8d8e111da1bab3d

SHA512
19d530e9781dfaf7d2982a6b5854733f4ab5e7eae883a6537b6c9bc876c2b50f0175022cb6e8127c8b630540309376ff57089902efe2c171329a632b7e2f3e83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
fa79d0b0b3a426e70193992d971ec10c

SHA1
b9bb3c72278297731506f78d48a53632b9efed98

SHA256
eb9773611af5e472bd49b36827ebb2631fcb5cd490b733e44ab6f72b1ab6bb8a

SHA512
17ee754183efa939e1877506ddf7450e9d838a1743839c5452a1a4fb0389ae812710f09e4204638c284c7cde0b7d6300bb79209655930b860001f35fb7f1b5a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
609358b0dec2e977e720598b2ef0d678

SHA1
ee6bf4b7194adacbaf848d072fb41376b6b9e7b8

SHA256
f9efa513d2d3ebd2459494fbb7e5c046906ce7fbc7cf893b501466635416e97c

SHA512
29396cc72bde4401a2ca90753da620865e82c2064abcee916403c96f208aec1ad67e3f917a218c4fd8d037cab8d328dc3935dbe5c66d226cdc3f51c3d6582ee5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
1e332d1f2a4624ea0005cdb6520f7f2b

SHA1
f841ef92c62345e6c0633b8a4e54f4bbb3d628c8

SHA256
4ef13f9996e5bdb3ee970436bc48cd84a236ac812f9f13b734c663e23993845d

SHA512
f8b844d03a64bf03dc2eea266c6e43e2f41d7fc908360595a282bfc668d1a0796851e98d3ecb5228ea6a68ec9c6cce592cbeeda87aaef41072a41565a66a7e04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
1366bc32fce2f520d02e05e38f181729

SHA1
2c3c20b5743ff4fe5fee7c6d86619c1fdd8b8dd3

SHA256
926a36f37357bf905526e89e6bca26fe38dcaa9405eccb24884f494ed71e0ba9

SHA512
0ec625dd660b776f046ac754291cde8ab4ce94c2cac453d741f58f0438bb77491ad1a9c40993eea1247939911d2bad6583a19c7d44cc90876b184802051b3351

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
f8bfd20e7517f3d636a0b585b43afbae

SHA1
19ad8bbfdcab8f69e2d5cd7777020d417c4ac162

SHA256
f13723f0cf0a40840074dc9dd24ab517aac6ccb515e3885b8b0dfcfd0f8f6229

SHA512
06a0ce913665662dc6f0c9226085bfa490401d984809a754b6ab954cd84b5f1bb580cd3e1975d2c879198302dc7607a707e1c88b41eca51140ecacb87fe51082

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
9f70dc2f8686865a2958efe008b79fea

SHA1
825561cc7d0badde852065f67105ece1285e315e

SHA256
437ab1869b08a5583590dc50b9d288592d241b40949cee651482214a9cf99d5a

SHA512
533bdb7993ff077c1cee669d5366febf6fdf3cf31e6c8722aa8e4684408e11c6870209339ff2d08809fec7b060b1afca9948ca441a3510346004d0c19f8de50b

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
58ea4a102df1dfcc23f318911208a800

SHA1
7fd0256880b9da0ba5a6c0ed00baf30346492413

SHA256
2f89ca645368d80ce06e548f563647845d43a006930b99e90c89f82da3715fd8

SHA512
ba23185ab63b7fec9ff5126756ac4037fbc0a79523d87f35691ca63726ebd1106367399659a86344fd475baa0139719f13bb8b0978882f9d28e81477f1b36f67

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
55a07fc284111c26784e0afd867fe9ba

SHA1
34d14603bdaea29321108060850d9848cf2588f3

SHA256
55c78d9597cbaa1a7acf53544f974d66e5962b94c99e8535a954af002477ccf5

SHA512
83c11f0c0ff5dca1223764b59b9a317f9c494de60e9d9503fd023cb2ebf68612782521cc29e8fc16e5174e80a9a8d0e7b758c955263b5cf7077c26ac1686440e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
42eec5c5e57abd873985c3672bce75ea

SHA1
6f680b7d10faa4b0ae09cd39c95c09494c1c2e67

SHA256
626eeb8cc9e62204c468ec2034815e2b1c453c7cfd90792d26573f35f8dda30b

SHA512
06d8fa4c565981bbb1ffd11b108fe20eee14e5611c1e0bc13e29234c26d07494ae7ca635a3d0e48ca9da1393b4dacaf6d0111e659ab752c7a847635fe6821082

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
f373ef1ab3e632150a307b97540712aa

SHA1
6aa28660668ac6694141d06e488a0a1e2bf2363c

SHA256
337ab2fcce1d13dbb0a74c2368de54dfd15bb4ca279caab44710176db7a64217

SHA512
8d8d8da0bb31a079796dc29d9c1373d507ad57dc0adfc87232074235d765d0482434d2537eb1f722eb5de529ee594f520ab319e8f7c947b8877b64887d241300

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
862d5ce9b1d1aa991b4749e5b793c7ce

SHA1
39cdfbd9c7413a1317b729ee3fb17262e680fde6

SHA256
10555ba22b7f401c7d3c7371d726fedc7b38135a72062e362091b4603921f656

SHA512
7dabd9e3fa0d91b472c4fb1389d2e9454f78b0505d94ca763da281adb4fb5a559c083270c2b0f1b4dfac8560ad251b5aa58a8b2b3035b9dd3cd62f834aa3b3a8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
1cab0aec3e6c79d18412805920e02fc2

SHA1
b69efd4619e331616cd740a262da7ae4d8973b88

SHA256
365e9d6de043188d1c6cd48ae7d2ed4dc5bc80836f95b781060ca83a5542e5ba

SHA512
ae517b8a58019914d911845873086953e1e4cdfd41e74e3126c293e0a39b0c47db5ab031e730cf9bbe060447bb55324579ad24b692daae398283effa267bb888

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
8430dc7ef1c64ef660fefdbfa73550f0

SHA1
74acfbbd1d4f5fb35cb415172074a2559bc87b39

SHA256
f3111928e2d0f5e3cf1dec870e386f9badf0a3c37c897fdd9909cd8f17f9d707

SHA512
31ba318de11c077b91569d3317dab5de8ddf8b6160837cb1d6eccf5e432b67f19e7a17d4f5e0775256ab1a6f70921a1d4171bdcba52b4edde93203c4cca5bdf3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
c83ace27ef198c3f67446862dfb23734

SHA1
181ed287589ae9138da6638415bd1dd96b5596b4

SHA256
1d07b2682ce77437a69280d06ff855354af8b5dc65d2d779b6f592733fe68894

SHA512
98748a2d2122c9e2f5aff6ea3dfc87bd1b5632f7bb407be9cba9d83f4cc240173d7d99abfb7c17398ba01b9a9359787fe62c2741c77a391da5f8193a00681f76

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
5e2ce77cec2558f57ce1a2a445e0d5eb

SHA1
31a2eebf5a36c1d613aa9cb5c35e5ff41861a73e

SHA256
07740dceec0e445da2b373d4a4e349e4b5ae302eb123a549ce9dd42ee181c672

SHA512
2532925f919478c7f1d53b00e9b7a2eb5a98b2120919e6668086c60d626e108806a95da630d6e99ff240926516ae31ee7562636d7f606f7121fc45c05935f9a8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
51f92f110d8f21748add44b94e32eb09

SHA1
4a1fede9c28229b62b251304e5772f6c73ad9f2c

SHA256
c2629c368a2a6af0298e5e1aa79271f8f4efdedee64d612598554741fb3a7ab3

SHA512
b06abf7df400f3a8a7e00a31c046c6463987fb1e0673843d3896514881e6f75af4f523b08bb440021cc037bfb5fcd5a036063ce151eed5e400418144ce4ed707

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
b875928413bba76cd723addb36d21f01

SHA1
a7e876798146a833c8c8f0bada27a8c8dff19cf0

SHA256
1bf05f6dc97bf13f539a58e53c7bfdcac0482862cb85b268c63f16cf3293f679

SHA512
1a2f9e897ab72d645e96996a5a3ded8344f60ac234c4f6244dae14b77c821542f59338b2652fec21bea189d464b84eab0496171eaeec62c3ae3f0f9f615dd1a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
c37bf405f1e71fc55ec3db73fae57e88

SHA1
3ca03fef22910bc8fba191becc1abbdf62a6e879

SHA256
d2cf3c2dc4092393de49076c882bff51144b1a992bfc7993bb6d81b6dda35e1d

SHA512
5b464c6d285f3c32d16673d57e8c202dabcc021cb0d5d76931c8e390ea1c93c918cfd4036408c6ca538ab0c3098d4378477ffa8d8a417e666359fd7ca4a1dc94

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
f5ad2b5531448a5be646fd9c3dbbd040

SHA1
c9b2b758253efadf9fc03f7738e3fb8ed0f858dc

SHA256
db7aae02fbaadf5a074d248428675a014fa651592035d322e1f975e186310963

SHA512
2de2e4ad6c0aa66257823920140b2f5f65676a70e9ea814fb3e7033dff1c81ae5206058315edd26d1508b5dc7b31e24fad0686a7153c856a1170f0999441fc82

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e0572b9473afa1c7aa7e7f41d35d9e92

SHA1
0703052c87a4568c08ea0976ca8f2c542471ad46

SHA256
f90425debf4c2abd2e13901bfe5bffa9d4730ea1b16ea1d6c43823f3192366db

SHA512
362f2c362f22fc2a0368e36b1e4d6f52f2defdd10a979dc5e5e24719de7bde4f72edc940c6733261261245e3b4b8b8a1d2877b0801f9c5b613c36c1a855044f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
55fafc9d6cb8e6b4e309f85ccb9b1368

SHA1
ed1e47e7e94977a1ea66724f3a31b9c0a32a9a3c

SHA256
f3d3fe952ddb96a5498738fad8d052ddef24789620d178e0c8479a762cf2c8de

SHA512
a2356d7742097d81cc8f30043a2cf1b756ad19b2108be86cd5a2bec48df37e0d8e48f734f56dbd9a0cb5da6b5986e2faf315c01faaed3e17fbbdb411227f64ab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
d1d04bb7a45d799da85c10c2311e3cda

SHA1
a01b3f1c67daad871c7ffc31a466d554eb4b6b85

SHA256
5789f5e9adb5f1165f3c0049ebcce3b27ebbece3d47e7d6e9c612ec4d70e2c8c

SHA512
afd1831e875c3fff343012f92376752f625ca063b64e2f101b5449db8685ea2b48a5a2c40dfa405ab7857211462acb18d3b195e949c551a067b3954f12d0121c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
617bd68168c535c67edfd0cc71fc0960

SHA1
2776da359aa9486710a8ff71862ff7cfe8ceb79b

SHA256
676510834b8f47e29be487afa33f42f73e3d71f506711c38247a6773e33e81b3

SHA512
56b0e1d441670334c8398585667acb9e2cd0fd971016980e541e1abfb301ea96e8efaf17b8db46cf3a5ea4844006694e6ec42ca9a522dc19eac91a8f1a7266ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
6de04e1feb160002ab4dda57cc1b201f

SHA1
057b6f1b0465763f7d08ba12b22a2b27ff8a0a8f

SHA256
78db4806f744c764a6a5c3856f614d48c4ee6f8ea40b3ccc4f2edadf8de85e5a

SHA512
0971ef548206c9c2b518e96bfb9a52e472342a84bcfe3a4604b74b13177ac70ab8a0c3e976ae0b21de31743f542bb2ccf0a96925707309906ae41c9fb49f437f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
5212eb2e4c8b78d52b25f9df2a015c4c

SHA1
8bd9b8ff62c3889bfa7420f4826d2945ffa45c0e

SHA256
207dc52fad0afbb0b976548ea7535fdb5c8cb24b7bbdbd9fc3ed00a1f6411e9d

SHA512
e244fd72bb58e677be8c846674a613c182354cfb3493841abbb0ad41c09bf7f2e7d3eac708a6a9f7bb3d9a2cb9f8be0bb1ce3312678972e0f9ae8a71de3d67c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
7533341764d11279ec91365e1e5c6d03

SHA1
62f629d9699dac73ea66132ea954cebb2e8c6c00

SHA256
fcdb9e6344b0c851680d23dbd87a0b96d1d48db38979cbb84da7ba1a44a0ba46

SHA512
9a4977795b681a1010cfbe01315b1a6a8155e73b71ef70c8703e0e88dd156666a2d1dfdad331a9785541b0841afdf57149da9b1fccae9fbfefd390d9521ad2a7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
f3eb36054712a69f3b72e3ecd461701c

SHA1
bbfcd130b5b5160d740d24a24ff115ab54726700

SHA256
3f2a31fcc192223a5dafa243fdd8f633e3cbe6fc88f32c638319419e9bad789e

SHA512
95e2d92c55759c13d0bc7297b35033cfb309245f3375d037a4f33e78eaf0883e942e56338a615d945912b92737e953cab8dba530cfdbfa95bb9dc2a3af557cf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
e301ce94dc0ccdb741eab59cbd3bfe84

SHA1
e8102f87a074efd06825eb62c42a05796dcea8ba

SHA256
8dd456251f802de4ebbd41bc3afb65f5467d73ca9509efb44a9c8bcda62fb1d4

SHA512
006d14f0e520df0507bcb213a46f6ea8495494ba0dd8894a0e8bcdf8c9f3f3632f293fc047830f4818348ffd65a03ef0cb09eee2fd96c5a6edbd460581528ec6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
4a808a2d14cba219df0c0d1dd53221cc

SHA1
6113e55a50e0f710e96d6e2641021c9ac091c30d

SHA256
c18f283fdf729942da7d9acf53b907db5bc3bdb1523f2b068e3626d8691751b7

SHA512
e86065464271865f616986a1cc1298993d565bf98e4503873a64622dcaa51ada6ff0d6acbbf89655374fe19e22e83665006a6a433716d80c233c7c989a51a1ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
5865b2b0a9325138fdaa3f5a93247c33

SHA1
7cc63bfec08815e0e060f585a543ee32fd0a5b69

SHA256
137e14bd062c82230936a6d08aecf85ddd1a8e6b0624dbbba7b2c06bb52364c7

SHA512
85f5f228d6eef844263acb80a53461fe4d5b255a72ee3bc5cf20d526333a7ec18bfb7702d0d860f6ac87939abf7c08aae7c46ad6ac32871b8f8245ee5c755dfe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
6e988152c1be5d4354e16e6aaf2fde6d

SHA1
d4ed42ef1c1b895c2794ef67f062d0fe6d543ca5

SHA256
2814e4c8f5d9128f75a8c67ac59f7ef948f32d5ae7a994f05f3806ef42587013

SHA512
d64b2b1f0fe702700b01eafc4817b706c725dd58ee8930a82a7fb44d1e0308b32c3ca6a878c0ca433934e6b16bf4a73df8f4b36bb931f9c214a219de8dc0ff66

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2386cc6df300a9d4fa51425ae2add347

SHA1
a8f3f02a96d96166259e7e680be03b86b5e6f55a

SHA256
e0bfef742c1fb41df18ede29daccacc8f6f2d20d284b216fe3b9b4d2777c0a89

SHA512
5343c06eda244f01423d3f547377d520203fc8fcc1c9e7b08723108164fc1dc2db665a7713256719b8bc8bcbd9d28ca7d4449f7e1f2153d99e5310c0d9339ebc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
3bc319d8bf162d26edfaf7ed6ca19cdd

SHA1
122fe3734db2fa9630e5748251ec101967d4bb3d

SHA256
489a56a576462460fc59006dee9b809370bfc1edda61c0c8790bc4cfee3f972e

SHA512
e44775b093fe71e6d65e7a9216e1dde1b1e24a6b3391840a0a39d1c73e9dc249498c1eb1620175c386865aefba975b9e07fbb8047ddbad2ee56ed12b0a186ef2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
0ddb31babd6fab22b97b8c2cedda8907

SHA1
e2c6042d1bf955f2c773efd981e56a2789cbe28a

SHA256
358936271c14b34b620050c74595b18d94c0b4d9b4cf7b8464323192fede87e4

SHA512
148fef18329cb4264264785ac7bbec1b5a63ed45b10eac83718e4fda602f2c55ff0ac3732058d269ad6a1301e801a0dc8448fe12be329e87f25ec385726d44bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
03d6d7a79c23d29228db9cfac6291131

SHA1
ddc5ca1ee97ea3face99adc2ed9dadf04168ac14

SHA256
d6131c21ff220dcf733c6bdfa2faea4f463fbaf6e8c23f3cd58ee52b230139f4

SHA512
c1bf51122135442e6e35f821c5d019837ce2b8cf2ad19d4f3d316962dc85094d422a0210b22f4ba4cc34e1eb66f35cd666d8c72cf7e7f22bd8a0de6e171148c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
5b5a4e0ee7568285ebe33d18dffd7830

SHA1
ec4a651dbbb5c8de2ab33f8a9c66de3bfce052ec

SHA256
2ea3f9b5994c320e30c09383eb87219ecd22318bcce927172874889851a4eefd

SHA512
ed38263e68851d6e474b8499ef982cb1c87e95446661c3b377a7accbd46e9ab46778ee9fcc01850b4edea0617937adb03b6b12c04619786512002da90fa45ca9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
68e1eedd6cfbf47195fe28e39ae840ea

SHA1
a061da87e82bdd1d259d607a4362d518e6a0a636

SHA256
0180dccf0d7e800e21fc0f01b098c4c31a7870f8e1aeeac034a98a7a920e00a2

SHA512
1d1a8eb06dbea7d7b1e7c45da40f6ef63698a0a06cb00f6f81881bf116435aaf3adf2207d801ec5fb091aeff51c3fb894deb83c4083198b5ac99346d8063f6bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
e222dd89cb0e19a0ba45f0fa5ad69767

SHA1
591bf2ff137389d79b68d637e0ee7dde8f622a98

SHA256
5ddb6c4fff9e064ceb0d3cca5a07b74c96f3459b78b11a8ba5851a247bda5d06

SHA512
0d2bdf9c1cef950112402ee9ac1bb0b1fb26524a78aff27cadd0f7e2593db64cea8885f12c7f6830d63a43e7cfb0890798f32c4940e4f156cb944e56a08be3bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
051acb2cee824d2a57e03835f140a508

SHA1
1bfd2f20c66697baa701c231ec33c5f01b69a5bb

SHA256
a5ab09892ad1810877e20b00f4938a96d8158b38a67b863369352dd9d1ffb5ff

SHA512
0a0947efcac2ceb140932314f8167cc1e6a049e7a1d804294a1f459ecd5fd47699a7ef45deefb0cf406ed84f4ee8e02be34c33bfee87f78d8975b346140f1341

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
f95018746a36209f6ef13c6aa17dc7b3

SHA1
b01266508fe609cb967a6e1bc1d4726bdf6648b9

SHA256
a481c275fca114c3e3cf0c277e0e18a3347261a427de7d30820a76a890d8fd6e

SHA512
ec9e08fe670f21195d9f3c3250d5af3341ae85a12a937b25ff7c7132ed168766ae2225b0f85c463a26cc4da5a337c9fb07756f1f2339cb4104abbf0d1592c711

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
e1171cd4dbdaecceaa5f61e5124748c8

SHA1
21762411e70d407db4c957cc63a226d2e8670409

SHA256
313b6295d3e07485a71e8359e0e1a8c2c864ee6cbf5c36e273f05009155c9703

SHA512
4c490ef148a1ff36be3229a7a0257ad21c5df18a4e25c58c668d8309472b81236ed3ec5b4a602e59bc3815d01d4856960bc4711b7a0d191682e27d9b69ca3b9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
42b55a03b3207e2c9000252ea489bd6a

SHA1
bae7301622492637347959acbeaa75c04a642790

SHA256
d60c262d4dea0339ae3c22781dfb344503f4e25aaaa249f3be0da1b9a3b8d0fd

SHA512
032e53208a0c81f2332cfda90bf33c41df4a6404321fbd0ff91958ca1930a846993a07253127a8944769df8dc79a7d79e61a08c654d5339d38926da01f7549ce

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
b97d5b2a0d0b15ee4e3a6a21677c02b6

SHA1
75890993575c23864dd9a7b1b57b29d00f47bdb8

SHA256
801ec621be8cae680b5956a360b0c5c6a59e22819cece27f5b10e8048d60ea15

SHA512
30884384de2cb7d005a832855d2a4e3fa363260d3048c4a01793d9adc88c3ef7372d8db92d72c1faf3716103c6c6141d42963c17a18fddc1712c45e9173a7635

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
76fb10cf3e52f8fe039cb444d4ac8592

SHA1
aa0c799fbd6edf4d82c13f5aba7dfa1db85dfdd1

SHA256
51d127a2abfd473dcfd2394c8bb9c17c8b50d915cfbdb31fbbd4c56a360680d5

SHA512
27b842667e48bd1fae812785b67859a3987fce68bd12ca929b76452decae2f7b9666c0056ce984d49a0b1b3bdddec610cefac7e550d196f52e2e2362d167f661

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
92adff3ab750949b54af4fafca26716c

SHA1
47cb9d09629c3606625dc67c1f033decf4a7a816

SHA256
1a8d63620276b052a4671dfcfaa50f13c708c581ad1edf08332f7c77fbdb21d8

SHA512
872bc03525aa387b0f302246ce00bbe3a093cebf2b92e84848cb6a905159df0ddc5c7841b91cd1c31e1fba50bacdc2fb9fa360ff36358575d59ce5e2e1fe65b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
00ec2c0de4efa88cae79ae9b39cdc5bd

SHA1
6ac6b9efa8e2a4ecdd5094a3b57d68a9abad239c

SHA256
92d4035351da857050cbd538e13c0758000472cd2b4de1526b67e2ee21ddc7ca

SHA512
d74d07945911da0aca67095e24dd70b444f8159a2ed7438a7b829d89862495ef275fc1eba13290ee9a92bb543080d189a974b35a36fe7c1880e042a62bc08820

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7fc628bea98edcc669f8e11ba1cde6e0

SHA1
0994486ef8fda2bfadbe66d4080afbd25ad3adc1

SHA256
e9531d34ac3ad782d0a82b4821ee32a4ac1ddd156ea13d234e729b1ae9ccaf3b

SHA512
1fc48db380754c2b9eab9ec47d2d7e5d0e0922292b44d73df6cd270065043839e0c0b90a170aef75ff55798d765946a791e6d9b2cd44c7eb5a8be8082e1f6e61

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
f19b20a9fad777b5ca63aa59a1c3bb54

SHA1
7742448efd93e9a372e4e23286df08ca191fd5de

SHA256
d2c841a2943a3c03929897335e162db0b5fccd245a1b3e0612243d00ba4b6707

SHA512
576025c064ff2d4a1807aeaa581d9d9cd0f90838804bfcc03ecf386cd4eb38042eaed0bad34a9bfeb3efe24a3317cbfd7d008ae168f5df1f645054c6d89d228b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
0d649a87dfb343edb03366f9f561c73a

SHA1
97c0b0a55e1098aca241aad2c8c0da880d3ec73b

SHA256
7b2246d3e1dcfcf830f76a4ef3a9c65d0552e9da5976afd120481ccec1105468

SHA512
6f9c8c3816dcf12ff7a18687d06005316377a29c1b612b61b72ab2038339cdb7f106162c2cc7d4db7d6aaaeffe5876c9490a0b9cab2575662260d2474d21a51b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
069d5e4856f3e3fa92aced1f407b77ea

SHA1
8ea62392613bf2b5e9839c77c41b22a790d6ac35

SHA256
53e2d83415b0c1f902f232725271b41e3533d4265848093201a202c0c0cb3527

SHA512
6e612344a183516b039837aab3319f34d91514cfa4a7404393721fb37b29524ab2c0eeeff0c0fef52227374d3bec615e906347e7d7039d6554d86aefa3bb0208

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
7e3bad27824d26e63e62cf3e7e8a2914

SHA1
826127dc8d0a1b8ab51964d88cfa9a1d741db97f

SHA256
bcc714915be4149c5cb0a2bdbdbded296c7a6a01d2ee0c89eb61c52b67755c91

SHA512
9ce1f5afd4a0d24d4e8272c976cba3c1e778589c77288b627183f5b0dc4e1c84f910cb66770f57ad612211d2d097a41edc7fe5d6418f5b9a79b98a20b510a00d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655977808114.txt

Filesize
77KB

MD5
62a4b031faa6e36062488e32004b96c2

SHA1
178ba4ed3b157c23164bb1496165214d4ad14d5c

SHA256
e764435b4a05a07bf317a260cb4d0a3fe87315297014f6ba692db3cf64c5955c

SHA512
686c68d145072984770d3b9b08d92c4ea355478da8652af263303a13fcd1580fe07e93d3d3d59192797c2fab07daeefc6ce7dbe23e59c1938acc812eaf2188c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656717558154.txt

Filesize
47KB

MD5
8d44d886a7e6eef6af0a775dcbd9d739

SHA1
be55d416860979730b196bf08b321e3b63c6e24a

SHA256
3c9c83b72d050dd51f419b8fc659025fab0ef1e78ec150ddb6b7435e7e78dff8

SHA512
dbb5f2e50dae74df26aa1dfe8a14283261948cda14e6534fbbb429a4e98892121f2e8fb78630763e325e404ee8ba7726187f6f504ee570b4d491072871db650b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663096253949.txt

Filesize
63KB

MD5
9a7ac05645dbf94b09ce366046bee268

SHA1
f86f4a9973de952117313230ed1939cb74f0cbb9

SHA256
1096cef226e879d898db2d866570d962ab4392d1cf2dabc70d943a4361697c8e

SHA512
4d03995317ba08237b32297fc0442b9d715687afd609e36996a4377e2e725ca29c4dfe7ce0f548093ba50f26e832685b61cebed25099e3ba80ead53283b4c71e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665766873969.txt

Filesize
74KB

MD5
ad5d56113784d17ac8d4e886796278c0

SHA1
66751e8b33ad63f710ea3d6a5c1c468dd904496f

SHA256
e21de3997c352a04b40d49ddb28a5e214b0975fc23f036ae5c58e1c5457f3a8a

SHA512
9ccf4fc3c5309cf1a2a5266a52da8270419a814f0679180e70cc5878e1a5c88c1c0f30d467eb599bc4b4f773c5c2182c3fd0d8491f9b7cd3f71547b1b369a4c2

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
da836dc7243daf3c4185dc54c80de8db

SHA1
b305b33edb40fde0cc8a5f1dacdba97dece2eaa6

SHA256
93e1298193c370f1e5044e790244ef036577b15c1ac9a4567a9543a0f808b51b

SHA512
959d82f4ec2492b42e687e519aa0faea4f0306a93560e5dd3322ca7f00c3503c17eeafda539a8355d7907f969c7d7d136248eec9a35ca17f73e004dc53809e18

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
87dd73e5290b33abd6818f792ba61204

SHA1
10ce100de192ba848d3aca716eb736ba2bbb73e7

SHA256
ed83b0a36d989a24c4077e862808199e62c33bdb9bf3f0f991648e764f8b7aee

SHA512
bd293adddb6e0ce7f4871de845514abfec881c7e47cbb7703dea7dbb24c663e52689b62f10bc3f3bc7b3b917505f33981e29c2c727a54a1973f4d61117668218

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
b583eeb54548ac03bdf28322a62b626b

SHA1
48ea1e2d0c1b6d333f2ebcf394b52a73a6952c7a

SHA256
4a090b7ab5a638822b07061866f484380620d20794065d8b7a1b1c1f91471f02

SHA512
9d5bcec87f84530f409840ea7bf03e168f4df537334d4e80afa06c1c54ab563e7ee2a1ae97e1affc80ff7b047d20683834b43dbfa67f72fc332d7322c0fe974d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
865bd4884f3a98fb66cc54d289aa9fd6

SHA1
3ec22f921216816f78c027ba8f459b445ec0b36a

SHA256
84c7aa32fca2b9019662c7caac3ec0dd6a4e59b1330d3a1dc9c1a406a119febe

SHA512
2ea11d79ab3ba94b46164b390c14794c639bedceb6852f79dae838bbd3f316559a875dc7511d8cbfc842a69b6195b030325279bca320d6704607c87f1def8535

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
2d1f7c8b5b41bc8dc96b5ca2edf8dc91

SHA1
df1aa284b816558f3e9f6076caea07dbf7a120a2

SHA256
50c804b7b8891527b13018041978d961dfb6ffbd26db4296026bf122b89a3d8d

SHA512
b1dab038b6255eeae352bb6b27c257bd84e4fca76fad58413a2a13d87a8cebe5333289b342d983052ffd7d24de7e9421a025a1d999fe48e9f17d808486b3cffd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
16f82380a3de58fa87084ed97b998726

SHA1
0a0f70e6c28f6d706ff2e6b1adaf2f2fc900f902

SHA256
5660e02d083d4bbfc987df76ce4cb853098a1a34d627392473600b8219b027af

SHA512
35adc7c01bf926d159c9a62d4aad45b531656b93357762fd171006e461a86aa9ee790549156d5b5807a93992050fc66316d4646c9f62219c015dbd653cfd7cda

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
d3f0d7a57e8ee41dec53e27928543134

SHA1
4e374b67d38b8b35429c4cd9788caf2558f262a8

SHA256
3b949321054a567a367c36d6d96c402c05c0de6fd33a391a8d31c9688bbb9bdd

SHA512
73bc46f1169ed5d373ac95f594b85f272fd5c594086fd447f019df9a092e7a0fc6ed160a14a26321cbfe3155262b1f4187232a9d521b9b2675e1f3ee40f563db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
1c239bf35f920cc564a7b70d5af9d60b

SHA1
5690efaa79ca089aac03e74aaa8a16f3f1c9411a

SHA256
1a625e194646d4d7c92e25f398860edf8ac32a0677d66b3365adf518fb6a0368

SHA512
7d91d0e6189b734c9f79e55593b2cbc21d91cdff1dadecfd5500f10c8452bb0f58dca92c38290bba595ce421d0918f9a269169c744b00a2f0554078f83e5c26e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
435a7d0a8ffb995138b68ae1b83b0103

SHA1
6d58d94d2588688f35c0eb74c4f5ba7efc50c091

SHA256
eb363739f1a3552750c219cce7c3412ab5f437ae1ed6cac3b53adf5b0620a232

SHA512
1921f0b80bbcc5019cfc4993072bc7878d9399e84cb20614f807e18f45221c7d44d21fdbee1e30df8cceb0d0f68f0091e49bf1865eebb575ed757d820326757d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
a4858bdfc6a8c2f77c7666b9cba76f0c

SHA1
3d6bc50e18d155c41261435546c028e9bfac5d9d

SHA256
524d28a45b8635deaef0e96cbeb656e30e3c2a3089519d3c0b87ebfe1960c4de

SHA512
92d56756f47453801b0645769a4590fcf2e03847f054f65d875c2c6e891c34b7b379719e8096a804a41bb5e9697fa19dd7e2af79ec1430430db5ae9214140b66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
5e011efc14bdeb736a28ae13e9fdf350

SHA1
de85502a5f7a30c74763228194dae8bcc97a52b1

SHA256
8565b88de568c3e264b6e59288fb0a67bdfeb16841f280b5bb2d62e690d49404

SHA512
fbf1ee82bc9f6d1a381ab85d1022f2861c194de75e5cf3ace58951e1979fdfbfc23ab8b7c3a3b0092d71202eff18a0689e6756c94c433a0dcb7ab2399fe5e95a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
1138b8719e713e1cebd18b97099eeeb3

SHA1
5e7c144132844942f54738c7f52e7b991bbd92a0

SHA256
b8f2f8263d676d7db6088e7f1b53f3c03c37d4e7c98a2204ecb3236e986ef958

SHA512
bcad040a29e209dd4d8a0cdad3fd55d8b1e6468d1ad9e81d5986268a2facf66b6b3199cc7b74ff09a8c68893e5e3249ab79f5b723c6a2fa17cc823a0a99cd7cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
65fc5af75e0b77b713311aa97a98dd57

SHA1
d437059008dfd58d46188a803abdf35921de6c63

SHA256
7f3f9ffc1069e28083527953861f4aed56054e08b0101be6ea757fbd5a3b33a6

SHA512
19b4f559070ba3c7ed22675d512a054bad5b214b156105342f92f084e8efa707d9f2387dc5629d2c8068c6348e3577b43210c9e20b6c2214c8828ce463d4c479

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
00a3c5dd4072b876e79cfe6637f61e63

SHA1
fa6f22f7ef1f745bccc6ba9dd6170ada1ecf5a65

SHA256
81b5391eabc3332422720b7eec2703bb2dc49965e342af9a4132d1dff23d5784

SHA512
19b7a3e67520a94454a3b9cf7c7a2d65df34bbed0b93dbfe6d02bc0b548048dfae17003c78c33c91f4d99aa961b2dbea9d44430fb33a1b26a7730c2d2ae86c09

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8c96819d84ea7e413c93a5f48c50d464

SHA1
632bf61e845b44dcdb068945d68dcdcc1a39961c

SHA256
8caace3fc6c1c37e00839d5a556972ed694a3f7ef6829b25e1745c2a8028388b

SHA512
45969312029e373e8a749f45d88595731c1f13008c0a2ff17aca10e13aa5eb3d43e2d3b8ed1dab03270d91ed64820ea21a8b7ac2591523a059243b7f028ba46b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
56674c93c00af4e3140810a540502778

SHA1
277064420910a3131340fd6a039bc226840d55e6

SHA256
668e4e22177a7efeb70ca916be6691be28f1bad42f5719fde9495fd6119d576b

SHA512
7dbdc999384bcebf0a74fdddd73ef8faf428a96952e87cbb450950f21cf5aa36fcfdb1f56ec151347c2fb2010b85029018684585e5b9d3c979df048f429ed67a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
d9ff7e3536b3ee044e354ed80c715910

SHA1
1bf9aed0bc5bc860c78facd11ff7c3ccc023edb5

SHA256
9121986f041767b5cd5615258a69b42a11af51ccc1c7f5163448a2a881881041

SHA512
0b223f5b23657f24554bd5505a32f0b9b639a58eabd34d545ceecf76de061c47349a64b746070b5c53ea17ee6ed0aca96f12db5216f0fac3ea787af5f0f8d6cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
3d97ba0bfa4f16b61d01e3bccbd4490b

SHA1
07ad07726ec15cbc1dd57f4b344e665adf22548b

SHA256
0595da3e066d44aa49628b8045246c21ad69caef4103ad1ea860bbd632fd7ad9

SHA512
e1600c1ac3f61107d49a92b79968847a230586b9b79895bf54374edebfcdf59c8db0a25b828acaeba39d9adb787eaea300c45a4e28c772d34799141f9d88b837

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
e923ec3410d92e9c57150294eda2b5fc

SHA1
7d243b1b34ffbcf52ba52cf7330f378badaabc54

SHA256
13053a14499dace5a946de6df4f9c49c3b25887f2857f4bb48ea363f7068c22c

SHA512
f97451c7881313690546c27eebdb2607892737a222608e04e51c21467eae98721321ce1a324fa47fe01187d53941d486acdd835d96d0c8610126307412f0bfbf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
6ae9e207b47996d86e46e49603627bfe

SHA1
0d671be36332c0b9afe27c05480fd9ef2bd46d71

SHA256
f5112bcb1e04500f7e514089d0713a93501bd15ab58147d0368a16e1c0eb5ea8

SHA512
4283a95035638b3dcae380db40dd6face356a137abb7b81dae1f1268b79fc92e252a015cb1217f5a6ff8066e27c57add4bfca94258c6c3361485b72a14ec785a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
412e3259a7ec2d67a22d5913606ee9de

SHA1
58616ec9d40c8cc90400648faa65dea35711c769

SHA256
661a5adee354a914f1cbf35c604a4550f450571fe90df398a7102ba1f5df8456

SHA512
123ad93500ee1bc0a744e48ee54a513601cc9998cb6c8e5986b19135ffc1a948210e1b6ed9bb55eb05b82e7d23b6a0b496a54481b06bd4dd33c9839d44aed044

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
fbea8fb52e6050e6f7e57d6ef4c07a04

SHA1
69df29f93da7f050b8b6d5c8b9d10d5c2fda1b93

SHA256
61a13a27c13a05667578044995c05c977cb417bd56e790cdcb14454d07a52828

SHA512
5fa4db04e7c144385d3d3dfdf52b18cd55fd31afe1b9adf3dbac3f7f8d395b1ac846139d718d5d64d5e6ea9ac51c4307ef0aa69cc8297355700efe971c8fa389

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
22383852d4b743f0269f893b28a60449

SHA1
83a5a35208f4b145d284d268e5aa8fa2cb2175b9

SHA256
71f749f8c9bd352d1103d157474f2b98b8b22cd038cd775bf71171affb2768ab

SHA512
d515a30585d76cebc40ffb3816a634037dda800c8c0fde5d81f87a3e5040ed513dd02cb1c026d0339d5a340daecd54e68b2290804ccecdc092a43b607dc06b77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
43f602e3a19ceefa89e8f8d0f1d0c4d7

SHA1
c26eed840bc5566468a7133d0392cf18b6d985e4

SHA256
bbd43c611ad39fff465f8c8e554f609a65f29e895182f24903bf3b03df49d248

SHA512
2a5c1ef75ab41fa07c86386853bcd59fd58972b999add58e5e6a3b2af26a93551a6b28f43bdbaef19f66b4bee68c70d927e4618bacb2e0f47b5ac69274466ee7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
d51c2819f6baaf1b7aacceca0197cdb8

SHA1
e8200209b70f803a5577d6057aa60c95b51aa5f6

SHA256
725069f5f7946ebacdaa48650c68c2ee6f1a0651dba206e7678f2043d6c1a124

SHA512
b7510d98fb81c32e79a902d842175eba6d1eaf15faeba4590658c071e09f289093e855c3ca51a74393f761f405182327b3d92f856c23bdd1aa7429df3a97a980

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
b9d538d3929c97267760619a4a97117c

SHA1
5e934387189611483872319369bdd5cafc1c3851

SHA256
7991e844aa723ef0592bc757aaec8c5cef90d9d966f5f988241380efaed60b2b

SHA512
833968d4580d644ad73f42aac14b277d4fc7c693392c5f39e2d379ad14d1e1fa94dd0dd9422a3160ac4517907e72cb03a7e87f90bad617137374eef0c1fd52c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
ebd9a1878c75e37c14c1c22cf4972fa4

SHA1
5272276a9ba5a721d828f24e8bb677b3f77377a1

SHA256
bd36eee0193ae59e6c17843132026c434e93f52c8714acfad85935b4a4d0d9cd

SHA512
9abdb25d59c7e08f47603959b4090f44f99ca6d005afb4c745cb75fc17f43526a72d4c2cba1bf3e20d71053c3c7e0ef017a3180bc8595a9edc1628c0fbf9d6eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
934bf7b41ade9c00281b73d9c71eb913

SHA1
cc2ac9409b663447c9194555adad918e3d87ac83

SHA256
b262a99268def4de11213e9d3c700efbd2090b3a3c573fdc99b68e71fd5ab68c

SHA512
ca272fa358270b3b5faa1b3d547e86dd41333853886b951e814a7217ed064f9a1de7afcca9b5e7ef59aa01edf719db5b05b0c13835319a32e73a8447aa648cb9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
fe883cc86f8942a71c7a5292bb951b00

SHA1
18426d185d24dc556edace38a13a83917c61362a

SHA256
1698013ccf3604c94fb2ceaaff5421eea944fdd2d0d541c941593c6be698522f

SHA512
b1f1dd8c31648bc85e56e65b3dd3ca1b1cc551138bef9ead8a345a18e31e6ba9f592b4d606cfb0774aba4e019f216252c60cfa6a359f5099173fac44e45994ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
c7ffee227a4ee6b07682af4410a6818d

SHA1
6e99ccffc92491fdd4d2c98a011f56d41cc2da0f

SHA256
c705dd4ae22aa952d37b7da18ad5d8d327c04dcfff4f1eb76094232dcede9ccd

SHA512
6449edc5ca656d275b364fec41aeeeaf1abe4c8fa0ae196cfe1bfce5fc2eaa74ddd0577267c261b930e97f8403ecfcffd6b5c0c4d00677993e6c1762fdb07839

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
c3ae64c90e66e1480daa4622c84f469b

SHA1
eb505bdec8bf6f5bce643a411c1d872b16cb909c

SHA256
ffb45f5dd5b1ff1e9ddc648369a54b97c024333d8bb6e544942ccf207f3b844b

SHA512
f73eff4bb2c8e3df5e6044ba029b77785d4d7da98bae54abee600368968b56e9a3ac0cc4481f74ba78dce16d65b04465c4d30ede7cac470b1f03fd28092c4893

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
d3a3e4bc8ff90b20ee92c4ec240c7a1f

SHA1
51206d8bacd647d06d7d8687e17ddbd7a7c523cc

SHA256
d461a516d699863285b595d2a2876547ae0874f656f1dc41af347de7dc9d027e

SHA512
ce77dc11fc1b0050a269bc9bdf519f04c1961e5a343769456a50b9e15d4000130b76772fa1c3f7a2246ddfce13bf75fb6a6ee51643d390c8310cc1f7b3832db3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
460a0c08f17a9679d7d7d1092ceb6d4b

SHA1
3c7fcd94a1ecbe21c186fbbdd0244ac43316092b

SHA256
8cc1a96a749136d4295e5d7ed0793871f922d9f7b1476120e05f9672c6a61163

SHA512
eedd269997fb40bc25a48d9848cd13de11edc9e1fa16756f5448072e3307668c81a9e849bec2b5b7842c94fe581e653212b8838e4b5062a44a6db4d86efae049

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
246adeb3c413eaa783cad5d094354978

SHA1
354687d0be345621e0d0014580132c482e5a1d3d

SHA256
6ca61d1f50a7b35f2ca2b19679093bc2185607223178732ed4b1afa70323386c

SHA512
916ddcf998e6afd14f5943ba5e8b6ae80c9a3c9daeeb86e52cf31ce2fe78cffab540bf80fa2d83c15f3354d0d70c18fff52df85ca4c41d8af085e41b96a2e716

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
651cc9b51b86d0dc8c5ee4cdd9038370

SHA1
5e027735ed2c00ed1c7987e4b9d412e605877e60

SHA256
dd5ae28db850a9776dc3130e1c3c480b3006b037481f448c33d9052f12cae1d0

SHA512
ed5dc273f177f4279749c49aeb535ad53c2cd7c8f4a3c889c727802c6e68d2a598b764afd886277936a0b2c41bc71a07e87a5e2d39e982804dae39a80ed01e3d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
7d8c98cb184599e92a1d3d4b837abf95

SHA1
ae62abd2af6cf34f2a5eb939a9dc65afaf8047aa

SHA256
49661b29dec0bcba0cc6f109c065e1a9db607a3834a7e6a3ba516b04697eef0f

SHA512
65ce3494f0c13e582ab20fd5e22408cb61594c81280e2e356f093cdae58d733214d25934f550351b49c23222839e3461efb12319728fed2d9e5a08b5bec46c16

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
965f769171930115c59a1880a7781ea4

SHA1
879f60f53632f4fb4cec9913bf952640d61f0031

SHA256
ab1e1bf22c251477521373b223314036f7e1689331054b2f0e1ff57de69af6a4

SHA512
1b9d2855abad78a517398fa7bc79b350945b4c009200ecd2d6731712abbe72e180e28f5497683a35695276d9f46f07d4fdc9b19341737062f88dabb77d9d6102

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
6c93926bd1e4825f39326b777cb31aeb

SHA1
0ab915c48059762d23ffa3cb8789faefe7371ab0

SHA256
687deaac0a3ae1a243fbf65f9dca544d0864afbef74d076f1b7a9406cc8213b6

SHA512
2ea87a4fb36823aeb50ae56e790a8d07bb59cbfc560aab7ce9e30e2933ca8ed76ab0d12d1829c91358a47fed4aa593ef2cb1b5ba181073d8b5eb97431367eaa3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
a1965374cc1120736e286a54aab8f478

SHA1
2cc03655831c741ddffd31114126f0328e0e5cdf

SHA256
cc2f74d98d7e04bf3011e8e57cf26520be3010b7ea195bc053799e3add2eb43a

SHA512
e62155935130759f0a0ca63fc64cac99f00403572216da701072dc3aef0f83c4c7b818e67d8f8297c5bbb9b698baef326506a76f5b57fd387a6d707fb5dc9270

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b9e431a9a45d9531cf42c76ba23bb657

SHA1
2e27a26ddbffc711d3a1808f88563ae35aa163f7

SHA256
f02bc14dfcb03f8617bf5d7da6976df066bd9ee780dccb3a5e0100586d9863d7

SHA512
f6157258358430c6abdf49973bf7d1a99402699cafa08b5a4630a713e415f4b2732551dcb093e4e66c278e490ee8ddd24c0d0d4144a84d8c5ce6dc0695cc627f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
86d5071e5648ff30d55eebd989262b2c

SHA1
53d1253aa230862dc4a911922db63716695183ab

SHA256
bc854ab5601a21fcec122eee1f88a25b96b80ef3a2c5462958e3c9748c8a0b25

SHA512
0dcfcd783500c5fefb5cd9f928e7b4ad942d718a008c5fc9ecaf9f341b047331ae0f49036af0d82b730fd8f12db4a2dd2bc7df2fc83e844f359fd8bd3db530c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
7e23568e3afc1a2457a5633915220049

SHA1
bf9aa6b897a7caf683ec3bee4742630976e6eb66

SHA256
ad8f0ef128bd5cfad3a2fae1f72f6dc33a17e671bde7452ec457785eb1079053

SHA512
38a8e27962359797569de59b4189ac2f1d4cdbafb8a3c2abe0a1b9920562cd32aa56b88c555e7754ca7fc1371013b8b4f81e2f3fa63fff60d4e8970c1137e735

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
bce6c8e0f619b63b9830603e64bced75

SHA1
687b38eb4ade498c01116425072ffa64d9e42d21

SHA256
31833ace10e779812864e41136f732d1106fae53e29115ae7dd067237cb7860d

SHA512
db23dac9fbc5963934dfc1422733515cbc37eb3d129902d65c37f2f2915b99ba6392c1d83241a686f83fb5048e20fa518875c29082678542af5508c90d55208e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
04cbf14ab2442de7355b85c6e74e06bc

SHA1
c67dffe8e5497d1fad95b2f410307c703ef4a37b

SHA256
ed8ce0d2a7849cab3c5804e88e01762bec68ba2a338c1229b44fd03916e7feba

SHA512
2f340a8445147a0b1041fa89723a5fe766e40b6fd1b15e4a792f5e4691c832eb7d70f04354e58accdaa723542786b4b2630cd2a4377d11f62c32052c8a2161b3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
2c4280de2c13c75aa2ff33f78da6d636

SHA1
323f03dbcc8fa70f5e8fc675a47c50e76ec842d4

SHA256
b4aea745a0261ee9fe2da8c5d3b0be8853b2be72a2aea2161cf3cb13f9848fdf

SHA512
a7ec3b7ae04bfd3a09b7d0579cccb03498d41bdf76dcbc258d4222707b41051cc0ba343b1b6bd87134b7b46bc6319e95e69ccee081a0cac4f87ff15c237c1d46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
aa3cca34f08edae41614fde9bc35d201

SHA1
72e4f20e8d84d43244f23dc8b1657b95b71a74db

SHA256
d39013219e0c4f94f471ca822ae7df3ca6496dab1969c1c68a31902bfa01b6b3

SHA512
d37336e3f1a6ff35d0634964c3e3facb14f6271d1d0dd32e6357ee1ed648764d6579b856fdb8fe92b3f86ecbe7841ef9fcacf36ff867203abc98f01cc8ac0bf4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ff8c2fc55f55f7e6d0c255e95dc8fd5f

SHA1
33c6a255a98b37e4ceb847150899999eb442bee8

SHA256
5aeb7238a56bf80cd32d9181cebdf802f2ebfb3324f8048bdfd8fbd1aac53e08

SHA512
f27d7ecd8c67ce7ed57731adaf5a5399532e8d5d9aec416cf0c8fe25c912a3c0ee4002784b4305ed849ffe9875dbe0881d7bd2b58ece396bba995b607210837a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
e2f97f7f6060c0ea006de08613f91d9c

SHA1
e94a77d3f9cf969b3a05382df67bbb788ac79500

SHA256
1a9b6238a7874ef5e5bf12260c081912d22f463d87d494806dacc4c1a67f6d81

SHA512
432fc9f5adf5176ad0ad4b99bdeca8af4e626023abdd5231ec55916b3dbbc71dceff2d5f36a23d28d1f46dacb7865afec928fc238b7fdfe0fec1c0d571f2e3a1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
cc8456dda01c72e90c4807b74cf29b85

SHA1
12841cdb64fa19064c82b82e77bc8da5c75b6481

SHA256
a0fe1fad26c4d4595fb31dd23fef12ee6b7b84a254577296ca86ea5a8306e709

SHA512
1c2e11b803a5df35969d72e41f34e3b7303e65b32004b64db616541c7e42066d8aff5298880058d928512d9510028c0d34a62f089c431d3791054da50af01311

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d83e431aa316bc3b1017e5c3ad2adeff

SHA1
eb5f72c69b6f9c26fd9d17a13a78993f5f9672ce

SHA256
93636c2a3ae70fd97464991c63548c3b37c77455e5277326b23a14664d7bde2a

SHA512
931538083ab8fe62ee4168fb16b4cda3186eedb2c9ce779c3cad09b71b02f2ff0bb681d406890d28cbdb6abcfc0c2fcc2ff44b89fec29453f671010661c85eff

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
be5de3703c73dd93a9a10c2ac941c87a

SHA1
9f294eec9f7e4bbcfd8e8b3051cad0d0e318d305

SHA256
6b27544ba97dfaf02d4c8b60d00c747f19571d2939057f513bd930f956e21a85

SHA512
ba792e9ea00c1bfa05776977262cc1a337b4ba06690cd6b8f3a8645e8c5aacd1e78eb96aea2595431feaaba374280649e847a8c2b741ff54e08b96bbe47e9f21

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d5225edb3f7efee4b094dcd1d1dab815

SHA1
800f1bc12c2fa167ff5a9c3ad5519f6a3b9935fc

SHA256
7d4ff5e80882ccf32bcbaae97c0a93380a570b96b91bc68ee70d09c9787c4640

SHA512
41454b2ed0bab954e759f916cbab61a68c6fa77f2a3132b2d2361f39ea7e90b137d94a1797e048f786220601e810539e5b76f9e90d7a02ee39099deab70e0086

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
1b617caa29c19b20ffcd6798d3c54041

SHA1
56b15558e6a372f8e50ecab221865bbd55efbcc1

SHA256
584ba2b539280d4ed621c02f3621e2da85972f2d6ac54249e590e2959a654b16

SHA512
6f2b0a40e39b8ab363f7a30963d2a9a7479acc9f0797d697caac12c1515c263b8a12cc4c014a379dc75c60f5db3def283a95659a9877c74981138442890bb8fe

Download Submit
memory/4584-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4584-6066-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4584-11218-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads