xorist | 9ff94eabf0e668e21f1a4640859caf3fc0dced31f266d4292e55ac9923fff8e5

Analysis

max time kernel
137s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2024 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Size

7KB
MD5

8bc4598159d8684738de50dcb3d6628f
SHA1

2f862cab6eb034ce702a4e44509ad27a319917af
SHA256

9ff94eabf0e668e21f1a4640859caf3fc0dced31f266d4292e55ac9923fff8e5
SHA512

fdcc981fe2c7410c91bb380f564dab456c845eb5a1a1efcc7839bc72f8b25111204893c2907074dca937a1b8e55bc9493708e155ff9f3f347676ce0812b156e5
SSDEEP

96:F9Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExr26QhgwCERjhx7+MUA:rzdrr1FG1WDCgmjPZrZI1Rdx7+MUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4408-3865-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-3866-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-8742-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-10921-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-11036-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-11341-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-11342-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4408-11347-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Storage\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_605a5cafbbd86f6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetLbfo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmminij.inf_amd64_a85c8e1fe15a9532\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddmdx11.inf_amd64_e8336336d081cc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsservicedriver.inf_amd64_4761deffedf4e12e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_biometric.inf_amd64_edc558d403ab30c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsCodecsRaw.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_bxt_p.inf_amd64_190858fd8e931883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vstxraid.inf_amd64_300cb04282659e6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsbs.inf_amd64_e2a1e49127fb17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_proximity.inf_amd64_e42355875c34e406\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_diskdrive.inf_amd64_1debcd2bd95e9c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\itsas35i.inf_amd64_4f5850c71046b0cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmfj2.inf_amd64_167948d0c94abc27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_283a44fe508f0682\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fdc.inf_amd64_fe3599e7eac09e7f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\image.inf_amd64_d2006c0517ddc60c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MSDRM\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnokia.inf_amd64_9be5ff0f15b15eb7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_b8b0fe7bbc76405b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrsp.inf_amd64_4c83ce3a06d0048e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4408-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-3865-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-3866-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-8742-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-10921-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-11036-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-11341-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-11342-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4408-11347-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-lightunplated.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxMediumTile.scale-400.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\dd_arrow_small.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-150.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Exchange.scale-300.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CANYON\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-150.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-72_altform-unplated.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-80.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-80.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-40.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyShare.scale-100.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\LICENSE.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-256_altform-unplated.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-96_altform-unplated.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-100.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarBadge.scale-125.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-256.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WideTile.scale-125.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\203.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-100_contrast-white.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-100.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\example_icons2x.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_MouseNose.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-32.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-125_contrast-white.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WideTile.scale-125_contrast-black.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-16.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleWideTile.scale-200.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-125.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\CompleteCheckmark.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare71x71Logo.scale-125_contrast-black.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.scale-200.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Rainbow.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-256_altform-unplated.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\SwipeTeachingCalloutArchiveImage.layoutdir-RTL.gif	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated_contrast-white.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-deskadp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_bf15e938e78752d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.19041.84_none_42927ae06bc1dce9\wpcatltoast.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.19041.264_none_876d2c71ceefefbb\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-endpointmapper_31bf3856ad364e35_10.0.19041.1_none_00838c0981f40351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e2ad42c891025776\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ngc-tasks.resources_31bf3856ad364e35_10.0.19041.1_de-de_7bba1588ca7cc4c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..cing-management-api_31bf3856ad364e35_10.0.19041.746_none_8f0fcd7ff27c2943\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-x..ocess-mui.resources_31bf3856ad364e35_10.0.19041.1_es-es_121f8b9e55353574\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1023_uk-ua_a58c0decc0c52e37\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..nsentverifier-winrt_31bf3856ad364e35_10.0.19041.264_none_c96d00df7bfccaa1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_image.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2bbbe7a6cdafc48e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-snmp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fcaaaf28261949ea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tunnel.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5b76bae3c56e0846\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.19041.1_none_9830e2872fd0279a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square150x150Logo.contrast-black_scale-400.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_cb128bc2cef0d746\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_de-de_4bcdd96dbc4171a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.net.webheadercollection_b03f5f7f11d50a3a_4.0.15805.0_none_264965bbd42306f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.routing.resources_31bf3856ad364e35_4.0.15805.0_it-it_5e385f4fb37f751a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wwf-system.workflow.componentmodel_31bf3856ad364e35_10.0.19041.1_none_41d526fcad732f45\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-onecoreua..uetooth-userservice_31bf3856ad364e35_10.0.19041.153_none_e669b22d011fc6b2\RemoteSystemToastIcon.contrast-white.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..acementmanifests-ds_31bf3856ad364e35_10.0.19041.746_none_0538f2a34494964e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_10.0.19041.1_es-es_1fb9b17ec579a5e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-unbcl_31bf3856ad364e35_10.0.19041.450_none_4452451a3f8747da\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wwanapi_31bf3856ad364e35_10.0.19041.1_none_644bfd51f12e83c9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\WinX\Group3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bubbles.resources_31bf3856ad364e35_10.0.19041.1_it-it_0ef4564f06affc10\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..riseresourcemanager_31bf3856ad364e35_10.0.19041.153_none_0dc19df0ee22434f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmsynthstor_31bf3856ad364e35_10.0.19041.153_none_93179d83c79f443c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b64a50542afd543e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-compat-compattelrunner_31bf3856ad364e35_10.0.19041.1_none_7519a674b0a74929\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile310x150.scale-200.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..aml-phone.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_42dd145d1f4ad385\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_10.0.19041.1_none_1e240d67c55a5719\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_10.0.19041.1_none_27cbad9cdea88ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\Web\4K\Wallpaper\Windows\img0_1200x1920.jpg	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-quiethours_31bf3856ad364e35_10.0.19041.153_none_86d74de194c9a7a4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mc-sitesandservices_31bf3856ad364e35_10.0.19041.746_none_7d35d325c812757b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.runtime.caching_b03f5f7f11d50a3a_4.0.15805.0_none_549e3d16ec67fb93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.configuration.install_b03f5f7f11d50a3a_10.0.19041.1_none_4ca9f49909a66cbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..iamanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ee45f5d7236a66e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dnshelperclass_31bf3856ad364e35_10.0.19041.1_none_2e30ad1b2fe26490\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_e95269d53f91dc1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-installer-dll_31bf3856ad364e35_10.0.19041.1_none_4d70bc4a28f3092b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_10.0.19041.746_none_04e0c3143681ee85\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wpcip.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_690f7acf80356570\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.19041.1202_none_3594628932065f23\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00000401_31bf3856ad364e35_10.0.19041.1_none_9d3331cf03954005\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-msmq.resources_31bf3856ad364e35_10.0.19041.1_de-de_73a7a137cf9e074b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..tryspecific-license_31bf3856ad364e35_10.0.19041.1266_none_caff3ce2871d8077\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..utils-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_69f198896adc8877\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wms.eventlogmsg.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8411353d1139c1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_urschipidea.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_13e8f19b89bbd6f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_4.0.15805.0_es-es_63518bf6efd017fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_uk-ua_51bdf0a2dbfd2d22\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ackground.resources_31bf3856ad364e35_10.0.19041.1_es-es_ca405fc214792f43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..lperclass.resources_31bf3856ad364e35_10.0.19041.1_es-es_174a5ebb2ef1b0d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ecapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_b30156e32b833fb0\IndirectMask.png	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..icate-policy-engine_31bf3856ad364e35_10.0.19041.610_none_438b584092caa8f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..sframework-msctfime_31bf3856ad364e35_10.0.19041.1_none_8b851347689b23bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.workflow.activities_31bf3856ad364e35_10.0.19041.1_none_827401873a6acf58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\enterpriseNgcEnrollment\views\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-imapiv2-base-mof_31bf3856ad364e35_10.0.19041.1_none_0981e25f801b452c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open\command	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ORLHEBYHIPTLWZM"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\ = "CRYPTED!"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\DefaultIcon	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\cOZ9sj1I8T0Jy43.exe,0"	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM\shell\open	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ORLHEBYHIPTLWZM	8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8bc4598159d8684738de50dcb3d6628f_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
805f1cbc8914db6e217c1506045a7d3c

SHA1
91f4a0b845168ce06a820ebcc63a7fca16e612b2

SHA256
77b6fc3f586eba021cc1d52996be6231eaf7e1dd2b71d78624eafbc56f106086

SHA512
2165dd2ad0b0d32153c9714991a6d8c7e0da2c5a438d027fcd64ba7379b459b274adfd8f119b170c14006d2f14d9398175637595f351f3d866ecd40d9eaeacb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
669df99cc0ae91792792e6ed1bcee715

SHA1
290d6868107cc699aee4935b25002f84a2020066

SHA256
d18cfe54cde557d7b5c29a5017d2c513559df14e77477cd2cf84b700d309dd39

SHA512
69fd1df4cbe0c136be9495fcce13269f2888af664348f2ffffb048df5327935d4a60dfec95b0f8fb7b719e61a390d54946215ff958e920e6db3b435cf351265a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
d57f4151aae37057648982a1928e2ace

SHA1
f220de96fdd7e19bf660a206cace7fc1c74b7d1e

SHA256
60b33b8c96504881f7d914b1c5b2362e3b0a0d92296f5604b42a7acbf5212ac6

SHA512
aef1e5518e2a5175b681c5b52d3db8f053d1092895ea7c402587314b323833a619a4e8458d9d56afb64447d427532e14d0918e1e7ab49908ddf814e590dad083

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
65f652b4024adf3e71e6e1104e9f1194

SHA1
8ac8da319b7c042114d5c936e22003df6c733616

SHA256
9d3e6974d6f43e9e0732efe34d48e363a28930e2ed6250272ee62fc7bc3d92dd

SHA512
a6c4a4940e751f66ffef242ec2fd4703e3033d84a516e4d8d12ebf1d2d254b0440df944a42f92c3251a6767685cf6574c4145372e67215944dade02d68a7cbf0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
0cd7f581f6cc3f496bd3ff443b8a17b6

SHA1
fed2f6cc04b42cd9a59546d5db47bd93da64bbc2

SHA256
c9de078cea58995eef3f54d92f487b7c144b2921642ed8c0499903379a10fbd3

SHA512
dac2434fc0be4a442c3170d637764b20563b9887b0ad1d0e47767b001d86dd88729de0f8e753c69926a0199d0261b9f7729c2b0f3e853db78b172af47e7a9c36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
abc8a396b60f566a200f94e4655c2dad

SHA1
61b9581e12793109dc0b252aa5af1995406df308

SHA256
b99b4fa57f25a0f582c6a6d7df5aa7da7283f15b29942746344052992cd058ba

SHA512
a2781fbe9846570a59d2a1ae56adbc83d548249e7cbc4d034fe5736ea4260592d3c1dd95ec494c74b89e83aa3829da9839962425ab07c35ca92c960ebb192717

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
6798969c9a2897aea68c3e6f99457fbc

SHA1
e14af2dd6e41a42be4778ace1751b9c44d321c37

SHA256
1f8cdedb6da75751095c3b40611127d9b67f99bc60cbc800a6586df490ce813e

SHA512
2929e199c529aa9571a3e4e9debe87021a9af0ba10311bbc0f5022394d152f17da9f857f483dac743fa574ad84acc94b55e540a32a4cc300d61fedeacb7ea57f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
2441f996e2f3bc60895de07d01aec6de

SHA1
56fbd9d109c8a63cd317d284ec3329a66052d8a0

SHA256
f774f72d3f4a16bcf7a307a0132f56770645451a7eeac3d7d9917be4e645f79f

SHA512
e3f749814470a036115981e5c7cecb94e265f6fe1287b96e3d1cb087e818b533a23df3266e9fcf563f041b6e4108d8867342d77bf4d21d920234c457e06fd0b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
bad2a279c7f57989a22c09ba73bb54b0

SHA1
cb2165aaba81f88b23fa00ce10aa07cc7a0aeb93

SHA256
ba2d6b2fe0b21743319f829644e544dbc869ed5a2bee55000c987929907b19bd

SHA512
bc955026e3206954548b0245740e84a9ab7e7daf39317e307d192bb4b478d02581d59209d444a4a472f6734eae97046dd2971f10233327d7fd1d4214da1d14fe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
0891bf1fba06ec1f9f2ac3c21812331c

SHA1
90542facc5eaadf6bd7809e9d65de7aaff031b44

SHA256
25ba6f6ab8700195d52aa8b4f39b996dc947c08559dbe685bdd467877bfab55c

SHA512
a12bfa780092bd8576840531573d049e8aeec50ad48f1297784c51857699537c04670da4ebf1d0b8b0a3ef3bd0b98b44e2954abd7d6b00e0f0ff45eb50691934

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
6f7db8e5fa8a281d21b6e4190b4d9fba

SHA1
f6dedc6058317d92baf30af98b77b2aed8951c08

SHA256
bc627e1eafb583fa349ee03204f26512e9007845e01368833898bb04e00f8a2e

SHA512
82239c870868e6adbd343297ae2999181eacd0e74631b026ae758e82ff33a7f7d3536846accefa8001663a4cf94e5e554cfba01bddceb4c79de578a41eef8b84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ba008d901096c743f8bd4e207781b321

SHA1
d5527111d57a169758813db94d501972a8693a4d

SHA256
63d52d6abc7c0c73dfc244fda0edb9db4ea66fd1bca569b3c3741957e069a6e0

SHA512
6f972366253c8dd2a78b342dffddd0f9cbfd7dda4f65eb38c0e12b477f8691a2038726b9399efb158851c591799b26d28f9c666f8669165afb52ea374455f689

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
c07ccd733e93db3807beec28dbbd183e

SHA1
a562e9f76fe023580490484f768a175cfa032da8

SHA256
77278c30425beacd3051c61866b737cb5e2d309cb6cb520be6739241f3ee2369

SHA512
47328b5af922659f81d2c437c4f50ba4e1691d30f3d73127e97ebdc47c03323967e117b3fc2d22f27c483f85229c9ef832def653862c821365b21c175c10096f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
5d33f6c1fb223aed1f0be0e5ec6b3838

SHA1
8738895f9e28f06d70bbe61822f89c7669afd826

SHA256
939b24749deb9984c9c34d8d739c409d88c56502188e066fa2f2d5944c25951a

SHA512
d52ea5e432ac4e252e760cd9b3fa29c4876f18fbd7258c4b941483d37ed5e59d0a7b361134bfcd28bd931d1ad583cf2ead664e2706d94b4d45ae2b7a6a62ab9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
d8cd196da016dc59dd32b9537b3bedc2

SHA1
cd17d6fc4f2db634c246ee8d5b90a7ebfe042eec

SHA256
64017d0f34228eea34073bbffa5efed4c3fa252c9e74fe3ee89882443b6e43f6

SHA512
976db6c86104a1c131e656a407c1af12cf2502a0019168a236cd9228c16bbfdf326ad8e5710001bb702cb7cddb6e07134a4968fbddf9510065de531a394d8cc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
0334afa3743b815fe878152c8834d75c

SHA1
c0c461cd8b5ac1330295e2bbf897052ff0d82c03

SHA256
d7a1159b2fa1e4fcdd6f5d0a4b0b5a52495b3f82b8316bbf1e62ff75b8670133

SHA512
d425db1245e66d30580d942e2a134655528b5a820d62ce3b11479c6b295f0f47f61abcf7b99960fad3830e06848b096afb833dc7f7490756b0bbfce03b07a3e7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
3e32d75d1448d25474100e2ea01c1a19

SHA1
4a3408fb3093e80db8f6bee92dd1cefc7dc8f329

SHA256
eaae0c053847fd15be81d70a9c224f8f605cb3a5bb033327e6db3be3c0d5946c

SHA512
3d0f55fa68f35a4c467ecf6c3c901d3a0e4dab4fa6e2c67f743872b09dd75e34ea74ca0a5ea5b298e0af5712f38b3dc225cb4f5cd72caf2818e13444a0fa88b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
d0dd5d370563ad4f351ebeec7dbaadb3

SHA1
1c9c18550b2ec72e4372486aff1ea41a07d16ada

SHA256
710f6bf0aa4a8816ad52af60317dcf8c4becdf1e12330b9beab17184e61443a7

SHA512
5067c48f254eb61eab6afaee11d37e9257a94885461cec21968586aed2868bf5d4353343fb6bfee2bcf3505ac6de83cb66d043696c16e204d0570a27f4a24260

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
eec40703f424f4d8838024103fe79063

SHA1
1fc2d402ce51128d577432a19d48a1cc3f2ac861

SHA256
5d340e9015bd939920059bebf59c598900979eaf949225bb74a889342c2735dd

SHA512
3bdd8752df1e251fa4cd9765c0cd4cdbcac8ffe67a5a85c49ca0b0189fc1c10da53df0a21b3871fa494ec938dcb550b2f57607e0975ccfc93809f0032352a8e8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
6b5ef1f772e03cf1cd27297049f11162

SHA1
ad12438b3a0aa3e4386bf8859ddfd1a5586f4baf

SHA256
9d9691bc4cfd664231e57f92ab062bb0b59964c91dc246734ad107b017f9ae31

SHA512
8542359d23dcbd2be931d64912cd7ca4666b309d65fea087d7b29cdd17b201e970f7d63c499d9c2368e7dadac186f0c7efb7c9e1fede15a30e42de28cedb8a8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a6330197ea9d80bd475e959c2141f4b4

SHA1
39e0757efd9b1630a7d5514e62e7b881b42619a3

SHA256
dd861d67aa4d113cbec954b3a8d34068fde3f36e9d35faee12e051f416abb3cf

SHA512
dced5077f58e67584dc6b0e6f207027ca746fc0565b4e859c212d3033a29a2d07be6afaf85ec46e1f4a6627641097a20ef6101e62bac662fe17f4688721e3717

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
3ed7251a94fda9a03980ec98297e3f47

SHA1
12a8191ac432cb0e8d1d65c3a413961329bf2349

SHA256
c343f62f07b57cab6e1dad5e7d8bdcd1dc0abf6fd50bceafe9a38ad75c78d4c5

SHA512
d5b888aab953d8203bbd5739261156bd21371945e01dd48e2768be1911b8c56b53258afe92e269fa4467de9d38ae3384b02902e1de531d11dc8da8add88ed329

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
d0233c3759ca310a65cb1ea5fe1657d5

SHA1
e8c041c48f18aa8d8b2bf64924424c5f053e5d5a

SHA256
9b78bc036ea31289781e7dd902cd4652bd7a4ffcc6e8269697805eb0c6c440b7

SHA512
4c6ca59b69bdb091a8ad4b3eb31f3bc0891a82c8f8f3a36c8ce930703e05f0bbd1f48c77ef53572ee233ace5efef6a7065348ebf32677a42fce86b4dc019c019

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
1cbbb805acfc29d066e35f0784906808

SHA1
88d998cc56c53312f97b6f3e714bceb4cccf6084

SHA256
8d879bdbd866d953a0c3e1a1b1adf15af5d2e826c012c81c778a4001499497e3

SHA512
4c54b2b7dec0ac0627b76ffa1e3fabafe0d1841c7ec5174dee87d97a7c6d05af202589c600c3317138b29b490bd310a2d8c8650faaa9750752e9e49a64fd57c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
7d98658b8d32a3703030e945439adacc

SHA1
5a1c5df5eefe9be226b00dad5d15ffa662e28962

SHA256
80f109afaa34f9bcd86d0a589620ad22b73abb74a44514b34d614791f42e45b1

SHA512
e311713949b999a6c944bdb688f74af69c7273865b0f72a2a3c18422b25de90dc9325ae41eb718ce628b907d61cf6ae3306055fd599b39ed697cef29c92d1afc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
bc0bd8145132f15a79dc197efd41d309

SHA1
ebae9afc269a0ba7a79468bba104514c144180ec

SHA256
b8b3c84bdf5bc2c6fe3c445f3dd6043c013b5c3506e8d8f251469359f2658d18

SHA512
7b80bbd90b7e2fdb8b7c655600a3d88930a30587d90c8e7f3a49235deb77f541ffc8cd774b8027ba6faabbd4290e8271ff430bd79c59885a6871fce9b5d5228d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
a31d29113d46095537550180b0bf9f20

SHA1
7b4c8feebd258b2bd1f492d9bef6dc27c7e10f90

SHA256
b978b4684d4436843cfdf9773562b9ce97b25ecde10189563a4acc870674388e

SHA512
3a252bc9d25dc10814d6e3e0fe47d580d8bb7fb7a028475382eca4bb1b3b77958dfdd044dbe7dfc2c582611af2df5bc78ab159dc3b0782322ca0f57402dab00c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
70b27440e032efacea7d59b80815f53b

SHA1
76ede644c63dd9a9056ffaffa1f87e4c4ed2ebfd

SHA256
d538318142d50d860797b6d3064b8c1ca976455412a57d20bcf08ccc3b7c22a1

SHA512
4d34132ca64d14bc6a63d4efe2ed11dab63c80d8fd4ef3870b86ab5d4bbd509c1b0f185fe8736a82ccac5bb7812a8d3add634d44d7e636606ab561948d298d84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
d9bb9a30f155b0da033d4d32aa9181f1

SHA1
285773db05bf8f743893967958e25630f6836225

SHA256
6fe03e6396c1fb547f531a818446bba13740aba7d963e826a312fe7b501281a2

SHA512
a74911c3315be5974894247833df186f240e0a5fbae84885b769ba8d2350bb30495f94124aa97b5a1777ec70a729134429cd4ba26c0d259e187646b9bf5e5fd9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
5db8d56a5e0325945bb7491b31e02b22

SHA1
09a3b0d5f7248a2c96cae9e68e1a4d9a9c4da12c

SHA256
83097ef18dcec713757f54909d96e8fa7805ef27f07b64c341039b9899a53c19

SHA512
b84bddd2a581aa994cf9c11bb87f8ecc91d47c583457be00ee302d48425b91ae01acc2bf0d489ca56256c5c2f49d2be2e6be5f1d679083f93f80989fae9c7f29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
49fa94b52479722161bc7e3c18801031

SHA1
ae8880cb69db73b7af4df3398d75384ab7190a6e

SHA256
bbaaaa32bd1edf62d80b715aa42a9d9585ddaa2a3101fa2a5e0c87226dda054a

SHA512
ae90fc38f6470a695582469ee3d60cae2c067f12d8e1d0a523f3366a4827346d042cd3799d6fc07553a2918b39045bbf9d1aa5fe7f2137a4f13b90b9f7678cea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
b7bcb84abc14734fd4391cf5711ec917

SHA1
2b6bc82a18e3402d9181206a6395a4c97ddc3d94

SHA256
96af6c07fcc029abc6f3ac534a62c9a95e7fdebca52f6a0cc8ac9a43f4235219

SHA512
8675aa46e37c9ead7f8d19392e344773f84f3bf87929c0bc36a218521dba6accbc1e0eb2b4988a9a7de5e84ff66998c580f9c21dabb6c1f480a5e2c3cea70bdc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
e6d04197ac2e66c3346776b0b5cdb539

SHA1
f8ff5ae72656e6adcedea0757981fc193c643dc6

SHA256
82db443e91d2c1973284667f8df5563521d7cba865794ee8228099a338878f85

SHA512
14edc2c199f3a6533f1bd86aa9aeca42b843c216beb0515ffe94c8e070137496736706b4985ccdb7d9f02bc9a9e660c4baba2a31de79a7f17d67a228b8ba34b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
679cfe564d728ba78138de6b4a153f21

SHA1
bdd08e5296271cc4bcea26938d54d1f2f74902f2

SHA256
aab0d78c53f4e1b573d6a6e93e6eb48ede66e5b7728b54b20acbb5b28159fe50

SHA512
0eeeac9d60caba1a0b48d83beb72288bfda92c651f7d8742c09cda2715e39e29cb8a5bd0732e5629301d8f17ff6980c8e30d9f7b988d69aa6298b7c1dbceb16f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
2b89217a01446addfb959b0b48925ea2

SHA1
3789ccd0bd0112629928c78c082f5af23ddd6c45

SHA256
174f41decdcaf8ba0af7b6f6d528e43506a77ae43def1d824da146ca2aa39fa3

SHA512
9a412f035d852de609002df68daf6507158f0cf8df2c28315c86ff00dd2af5cef442d7875c323d618ae7bf4752f4289c400a4281509013904adeb538f3a3a29d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
feb35bc7b56b349158240852a52f6250

SHA1
5def405451d8ff13d4beb5f505d05d8bb5727bda

SHA256
285bc1d84cd50ce5fa17f04c1e35fd710de84ed3e663753d6abb0a12a6f55317

SHA512
f13b69a95756e099728ed764f8adff6915154df4a6cc6c7015004e12d58c77a626310ad4c73415cd4479c8e11fcbf3c305093b6bbbe1bfb6b6476d23f41d7030

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
9e442cd242afaceeb003c6935172c94b

SHA1
e813e41d94081b1d6759a7ce48daac3f89c89331

SHA256
f3f37ec8758a71ef3b128a390e3a8f385b6ada28b8ec8c3e82e21887859df526

SHA512
0e6b111a49b48c82636d054eea437579d40dab4550c04a4deff8f49439f28628c15784ac6de644a97e1f9c8cfe6ef23698c30ae753bcbff8a0595ca6ee2e56be

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
cf3b7ed36fcd1d77cb700c1afa3e05e9

SHA1
4a3c2f92f41421ecfc87a20849c2215d2bb0c9f0

SHA256
0ceeac762005fe08fdeef1ceb30207e62e3be5aa665adb8125bc721f93818870

SHA512
40a3c6922ffb33f55e96ce7dba7420ac198dfc716f14f969c58beb1393240cbbf819c611aa4bcc250c0301d883d52b36ad751eb1dd5a1d6c5c00f7ae4aa3d880

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
292B

MD5
c5927282e3e38f6c4347957efaa85eda

SHA1
a02de0c0c4144ac608c8ff25c3a881dddd35fd48

SHA256
41a696cea8b9c948ef833eb32e352ae37911876dbf8e14808f8012edf1b3b7fe

SHA512
90d9cc9a07e412b3e94bad257c1e82286c9e57d49398a4b830ddf7ea98faf079056d8c201e7318f948b7412c02cf52a182b461ea4446ec07654381eea17b5e6c

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.EnCiPhErEd

Filesize
153B

MD5
fc762b94f4d1dbd8adfbb8bc82393c61

SHA1
6e28bbd189efc8f9a57773043be6229ce9988d41

SHA256
1fca296636db71e3af4aa640ca8c42910bdc72ec04052ce88713de533ee60c44

SHA512
e8e21c284aec04b071d4fd8f8987ae31419c28402de81501558f181b0e000896d333bae7487a390c9da50933f0c5f0c8621f4117ded96b9c26887d1a783f6362

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
e5be6066395dd254e4822e0d28926679

SHA1
0c1d5b1591e80473009551f6aebd4ca3d838e210

SHA256
c770f61bbf545660734ea8e34fc8c04fee8fef9360319632745c3f390b16d3b8

SHA512
363eefb1672ef9177dbea0365bae27a5ca942ec6187dc2b8c9aa1df31ab8d65fd59b80b8f6efee1e33200f0c59644ba927e75592f0607f8b0c132ce5f253cc95

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
509a0b11246ef6b9e3ac4e777363e0e9

SHA1
3e2992f21739d0c461e009897b9dac6f87bcc54c

SHA256
fed5f75b8d5f4c9e0d29e204af9754c953701d74146e7f2b98a927685b9d3b83

SHA512
87b54eb9d28a0146052d2bb4908a4ba6e63372fc59675ea64031b49e4ed2e8c10ff777ace5908369ef42cbe6fc709c775fbd0d5cd8a6bf5a1304b015479ea2d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
ea66bbe830142c183dcac31da7db2e31

SHA1
c93568595af39c2ffde17e8c2a71c01ff28e2e04

SHA256
afd71247882b06f8eb2d6e027a0a4f1b1dc0a83fed946c6d69aed70653ecf2a3

SHA512
fe8de22a5a76a5453c7fb1082cdaf22c168d6be7dd1fb37d9fc39d0a3cec536c4b7b446d0c463689ccb2ff770dd3297c5dae27e334ae57a086d8b82bd08aced9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
3336c5c3a40e2a072e26e07d25c59638

SHA1
ba14fd0b08d81b7eb0e0cd7e1c8876b80d78a3f0

SHA256
69241125291dbdbf404f1aca3f47653d94da198cf4c24a16e54ead1cde1a854c

SHA512
b23c04cf8cd5b3744a17dce2a1a34a1c9441121cb33acf671c519f3353097420edb346684f07fb29c5b5abea582aded20a3fdd2bd074ce42f5516657c4f97c83

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9d324e531c97f3c79067fb4a89f37dda

SHA1
a168754b298a2a07e40140fde00eda49700b2b48

SHA256
b3d78fd3fae98e47cff6e33c862b75319011adf7a1833af68d9b0517af5b6558

SHA512
4f7ce569ec7881b3621b645701d0ae59798593a947dda42f4e2396599d3e26d4279cbb5291e61ffc857fe04ab5a077dcff07e8e80f4484491461a54283810a84

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
3ce53b7bf0b87e730e542a1fc8a1b5e2

SHA1
5efe8629e6862b69f4aaaa164aced79f76be47e3

SHA256
0110ae5dc9bd0aaea80fa6a5535583e3736b8b4d1f576557aa9cbae1f03a6c6c

SHA512
0cdafa059b2d1fbe2e5d10daeb74bb3d6ca1bfaf393afdc5048b31a441eb5313a9d64600c71ae2b812b93f5eb27ddfe14027b6c1537368bb41bb6b2dce58d1c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
cfaa833d2f2d5bc122ffb317c47625f8

SHA1
68f1631221f882cadd51677b56044ba141116fcf

SHA256
f2c9e1c602ede76566dbf76aaba16da1c32de2be7685ec7da97844db71748367

SHA512
910f3e495449977b48ce8869e9af81abea2f22ae636e2b1157f9c54e7e9a9717a3dae7a63b0bceca80c86797638b58de750f8b0747772fe68ebd35f8c6682dd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
8bb44b92ade5efa5e3abb3b652e8d4eb

SHA1
9e382edda88967b77b25304b3f8cf40337882fe0

SHA256
b31d8fb9025f5c05a5fa0b0a7fe5dd26a56eae1d43390e76fcb33b531c7cf00d

SHA512
d72dc75de32e527e73c80d74e9bb8fea2c5319272c07fd6247e25a95dd6c0e0f247ff4eecad871cc97a1d4ab0036b9ac1c6f4d34761d81a9956bb1b9b2deb206

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
21e3e49dfff7c751c969ecbd6e64fe4b

SHA1
1874f4e87413b85ad51fec8e40c390e3a2c4995f

SHA256
c3cded5dc5edd4bed0ecb1c31c0447095f00e691b5cafad811ec0976f7bb3700

SHA512
32b4119a38fe0c0909fd675ed2532f9e9ecd751a4a73fb180116df6b4a47243d30dab38342fd36d9d0117f2b0220aff35c16197c5cbefb41b098fdc12fb96bb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
36fa4e50c6e9ece00264e8e166a694c5

SHA1
5dddd2c92a36be774270054ff913d5276e1981bc

SHA256
9d985f5cd4d7c26ebf1d5b1c5369e8b980fcf2a239aae07f20e77701fdb06833

SHA512
b7795ad14b9c2fc17871b895733eb1937bf2ec6bf82747b0f6a54b585d98d91c63cdf128bbdc9c1ceaa6caffc31e7321aff67c179982d5270d71973cf1959e03

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b992fd9050e1a8a4ad1317f0741a14ae

SHA1
d76e1c249be01681f985756bff56cfec713a3a98

SHA256
3b22eaa0eeb368b45e68abc8727c78dab1e051eb4304e6fb599bda790750b3a6

SHA512
1e29001ae668be5df47f9f9a3e5cafdc5bab5c6afdbb0d5dd85921fce5b0c9803df08906696008675e3cf521cb10e564b88fa0f83b50e173d291db07ffd81851

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
35af30618c60cd214ef3716d475b15b1

SHA1
d83e2675181e89b8ee6c859e19bcddec5f5e6d58

SHA256
1039396ab6e1b72751cfc6c5cf170621862d3bfbea1438ddfdda542c7fadc46d

SHA512
2e6dd294458884f46c3e3c3118c14df53767ef9f5d8f7da28a6f55fa146d030d228c08210bbd4532bacef4efa1a1c23f401040df55665d6cfb24a5ebd43f08d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
f391f517a1483d9200eeac225202c895

SHA1
9c7c9ff5c7cd41031d9fc1ef0e11374e784faac8

SHA256
31a183af11951fa41c3aa83d19cf0b22bcf35bac9b2d4ec2de7ba6970e8ba056

SHA512
e96acec813cd00a69c91c583c937f6c3cd6ca52ba6a24cb3e16fe9d8756ef7d2624d45906dc225bd1605edd56f383db509bb1168ef15f0d0552927e3a52d3e78

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
b8a953508df7f151258b3f9f2f9fbf76

SHA1
2a7426cf5bde55673f08f302eda0156dbfd32bbe

SHA256
f03f8f664d2aac1fc9eb92759b1e3ffda3762415ec66f12add5ce1d635976717

SHA512
54d358551bc4537ff62ee67defe0a6af6adc7e41d287b91b4210df6550827e0426693d605357a1f8f8be862bc3ea01a01bc64074cceedcd6c47ffc2cc3be975e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
fa9cf3ae49e1a2a5bf9edb08ed769d2c

SHA1
4c79fc03c4079b2d3d056f21e3f99b5f302cf908

SHA256
3186012e7d22e246310dd88e08edaa8d5b34437bd8a52a395a474167a2d2e65b

SHA512
2a9defcd6f5a6aafe8ac40b5ef75d254a71cd0257caf583fb47a3ec3a3ff61dfc53906a8b3f0937b6712c32bfe9893475fa44ffcdcdea8a685d9620ead7fee11

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
61b9c08eecb3b845969badcc0ab9a15e

SHA1
4a3e09b35a56082873672ac2ce400a860121986e

SHA256
148a40b30a42ce2008cd2697ba2f083abe5be4c852d61cf16ed1dab720b4781c

SHA512
cc22b959bc6e187e4a6653ae40d7f38efc02b6c4a2315d8ded243e4cf30d7e5de3951b4293527468aa86778a1f21c7279280018570aa55c745f4579a2023f61b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
5efe7dae79b21bc1587b8cd1b79da884

SHA1
11d65b2b046c0ca912260fd1ae530d0bf812ef11

SHA256
076b09c03a3a280ce7a428e6be223ee8d91164b93c3d697f883870465c5a6a72

SHA512
da86f75b8278af9b193ede116413b600b1c7334e63a1d2de09bf56c6a8fa57d72a1d9264845a23e93ea7dd1dd2f5fbfa0e72c53d8055738b236a335aa8228cab

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
cb5a5f6c63aacc6c341c9f9b13ab9330

SHA1
7810d464170d4cd61abced451d6d9f58f0f7306e

SHA256
7e7c5ae60cbb1084300f1dd2cd732838989a60d2036c80a375a26968a4288370

SHA512
808aa89cd2e61d1f204f3cfdb768d6ea450adef89d6296de80d5bc1bc95b066be81576e95c0df1d21ff51beb770b1bf58480377dd6c7b772f03a42a469a274f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
5943767ca24fac0e636ad67811599288

SHA1
55912c9f1a06a0c13807b867aa35860feee4b0b6

SHA256
a64367c3bc0b78d5075111804ec926bc93f8f6e4b9e41e96770b921eb41bf11f

SHA512
29ea727fe691d32bd606aebc6f2eefeef975caf679216e96c2fd23cd0b45bba13a9e5567a521aac97e728751f0d58c21e282c141a25b1099b44b0a14b8313eec

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
7bd6357d9cab1a02c64a5c0725bbcbe7

SHA1
a825f71317bcb7180ecb419060b3d54376a39ffc

SHA256
5057befbee704f35cc31c776cf5077360527c05ff55ba7c8f83043cf460a576f

SHA512
a90a817c2c2c94bcf9b77fcf5a11dcd69d102b085bdb202e9a3863c071b31da3de7a1d5a57689b62467b0dc3e5f5eb31f53c02ea2a980cf7d70850db4ddd529e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
83b4ed6fe409da28436bf4ae899bfa92

SHA1
cc5e09bf66fd166e2c6ff24f9e7193a857696caf

SHA256
17cff305dafd2a65eb65ecc5f13daa34bc0a3f74aeebf61f093624e85518150b

SHA512
4cc18234106d9a66b7c0adf1229a8ef28f56a18837efd0129e9f7a937455cd6d74c9f57d64ed01b529f5768e35572e4ff850b6ca3fd653f8f7f841a0a7485ad3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
bed3c92bff66334d17f4227388110490

SHA1
59fe285ba7f74893dd4dcd64126f214807c96ef4

SHA256
0e44977c38d0348d69c7a508831dc52822c888f5fa008fb20458062b45fafa14

SHA512
b04e40a8f1e6bedb1110ae8ae41eb07a987121ef87872aa158f5c219c93fc64f4ad3a033c9f13e497c45e95368c3137d4fde745aa7250ee488d36479c0eecfa5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
9a1643a974785919716bc282ffb56b65

SHA1
f36440165e6fc1a70922bae54ba5ec00d8a5a643

SHA256
652cf6c7c1c9c6e0e538ced04205ecc89304836671398bceee9fdf471a443ef8

SHA512
ed56d1b8a8ff5f2a964c144e5f589dea2e76a2dc79a986e0b221ffee67beeba38159782de10fb45b38ab722aef67db524145da700db25643e8dfa92b885c9c58

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
f072d299ce0f8a9e87a9070ae4df618a

SHA1
fbcfee9be9bbd2abd118c128f1168aed80f9a9b4

SHA256
40b5604f6fda7145fdbe5dcfde01cac72057cfade5067240edcae88dcaf3351c

SHA512
be0cce466066cdf8ffae96a91ae244bceb8f6e6dcd062480a26c8d8b668236b14c14946dbb7dbbb99b903f1da16c2b5bbdb00b3266081251e6b5bdf5fd01b11d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
1a1e94498a9c205e6bb8667aaa9f4982

SHA1
621118f966f8f69556d5577baaf6e314752e71c4

SHA256
8b51b8a4241f9a33e1fefa10da166b5c3d11e74203b95a2beba1d5b5327d8e7c

SHA512
420389e51373c10f239fd1a17139c327f7efda831842a811bb60584e02f90afac2cd89f814a247881e654cfb1485e59b816211c4fc94fd2a50f580fed5f20015

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
fd0c3fd8845f818822026982feb67f71

SHA1
a46102fc60585a9ef84c87c48efb57bd959e7291

SHA256
ae99ce38961f792e00133a12fe14a1c46e92bd003e105ca6af9547721508b142

SHA512
6441941859037a40643f49e92b8a58992236300c5083540dda0bfded2070970d2b7c99a473df931a587f96a4f95698b8db73706b10552e1df2b8144914bb2a91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
127df10efba7bd50a1ebe3adeb9b8cd4

SHA1
623fb9f6fe3afdd04a0cf501093f73fc561d5215

SHA256
cd9aa24eac8a4445c1dd54ddb40634d267b8e8c0300e3a555827f8301ffb01bd

SHA512
fefe440e5c88841ba80d166c0927eb0539eda5400664044f33df528cc79156ac2461cc203b15a323200a8d04a92be97aa8e9ceb45223d4071ec530ab572d1c0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
180abb4c2d94dfdb118e45dbc4174666

SHA1
4f1f081bf9d8e96d325fb3741f463ca99d336c9a

SHA256
dec127a60bd66106fcd5c2729525d4f0cba1bacae99aaf4e018364b3a35a0550

SHA512
3ab82b4709996a5e80f8ed342ef25de10268eb11eb5ff69a0c877e3a6a0b0e03d6f32810a0a551ec45b7c6aef964c7a125610a0f5a0a813334ac73483e121908

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
8a59be7809a27ef09922a61f8fb8970e

SHA1
e1ec5d6b4eed0f3999013d22a4b55eb8a774f74d

SHA256
a6c58a07509f8bc6537dd76ca81b711a95e30d07a49babfbebed7af44d2aca52

SHA512
1a5e9588ba374e676b4ef9eb4d2db53575be0def062c7368baa3766bd5ca9c40959013c09fbf02a5899891a00f291891496ba33567ce2ef8ed8558bd7d3e081c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
83d6ff6064ca051049fe544ed965a427

SHA1
94b92f89e429c0560f8d727645fec5c501cb9526

SHA256
8c88d87dc7273763ec646b4566c800692ba4bae388da95ad21c8eccb37965933

SHA512
20533c642d47bfe551bd4ca77142a38c417be94e91750a7968e96449ff550d080b777e9618a7920c3762c601a65b0aedbc9c9541810abdb947bd0e80bf2988f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
8989d8af2d48dc2f194ceff513aa8820

SHA1
2357844989ff38c6c562e291b068f5cdaf526ba9

SHA256
53d155b2b901927ac3da14aa1559bfcf808d9caa0d7d053baf9ba28ac01420fc

SHA512
753921bb456732440afb1145baacac9549fa36531af70c574c21ee70c95ab2e93cb78626a7eb70baf832bd9b9e56b1ea4506ba904e5fbbfac3dfda123b2203f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
cdf01cc78c21623464d168ae65ffad35

SHA1
22fce4b6264da4f114a9a3c7188a64b8aff5fe18

SHA256
d48943788ad64da13499617a3b19b0558c6a69a0b6f329c08a518017b3f3b903

SHA512
cb17ed455350ebfba8e58f22d1fabc99228cde6901e48b07a95aa00eed4d84e274c6c74a8a4d802df23fe6cdbd43c2fb5c3452354906d6fe9e0580625f571682

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
a524c004af37ab4c72783ea141e24f92

SHA1
1101b0d80c836f28a46cc2577e01f40c47fd0213

SHA256
350c46d4374bad528f0b3cabaec4e5ebc0c8f8aa266f12c0d356bdc63cc0a45f

SHA512
851e9f63a5d88755ff1bceb2f50752ef4405433dcc90a8fa2ba59da6ff631965876301360d9448df35992980443ebe0d18237adde3f8b7da8441132c4624b460

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
b22e1af298d12a4bf416a3919cfe3bd9

SHA1
c31033a8b3628d6cc1d48d30ad86184094e8c01d

SHA256
8eadae89ae412735f62916c13ac3860038bfbf379fa428aa13dc50c36e77fbe5

SHA512
3a53d2518b61ff75a2f58dce099decb85e48909652831f94d11b86c3c15b11d6dbf1454b608c6af9b616530ff032d880bf331d7fd124c62156d2f2961a0aa757

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a6772009815146f6a9393ac821d8a0e5

SHA1
a89f5cac8fc5cd9ddc281a3fef515a463f49ea14

SHA256
6709f4beccccae243accb2eca2e2bdda01e6b0dd14e5ddc916eecfda8fba75dc

SHA512
d81cf2cd74a1272ece43abc441e0f6b5158f7a77929b843c2f4079309b1388cc944d60aef38847218b0de10341535872bbb953eac43ab0fb9cb968698f268d79

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
40578d3b7e371b03fdf21945853064df

SHA1
6438f909098075c65212a2f320d584105547e703

SHA256
1a2225b734fb0e43982c92a402b7fed4657dce3dfc9b4b4f11c6b6aa679034b3

SHA512
c165ebfd442541e57506d056f435a50c987327a31a23ec912ddfa417c13808e0315d7347cb644f4713c682e1f53188eeff93caf3a767594faf14e47405a8a55d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
18876260e0b443644ca9e0a28ac746cc

SHA1
e2642604317cb439461f2fdda402b7ed2c13265e

SHA256
fd1ea1dd7abb0498df504a9ac5a6e50d58113bda55f3572db4586c722a84fa67

SHA512
c10ed89cfa14b96a2380d45af89b133352258a55b61b9af336256538cde747bda860dd34252fa8e60ffe3f00b38da3ee0cfc95474d7c0256e924ac7658f4b71f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
03dc74f51165f5529d6bd2c5701df5e2

SHA1
ecac04a7e79be2a0038786dd6be3f5e5229b2458

SHA256
47f085f647e326e23f00354279613cd37e6f37ce90feb4b82d51d345e7a621a9

SHA512
c1a6d03571ee8b4e55bb9fa1d61929e9b9adde1b8b2b52e213dae57906124dc0288e8ca9450e6fb35adaec6d312b2de7266c229c5ede11c755cb3ef810f14ed7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
283d01e736cff4c230be786b7da6201f

SHA1
bd3c096fe9d4a69536d81c7efb35ff1454fb9966

SHA256
abff8462f15dc15ed9bc588f8ddcaf90a00cf3badeee281e8a021d0532646609

SHA512
cf27cd3a5aefc37fcad311ed50da92998f9448b4641c2fbb27d6d1addee41bb463c18bcb3c0c6ac649a3f577c5cb61032ae30575d331413dd68aa826a274e9dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
e56dee35d6487050141fce6f1e70f6f0

SHA1
2825a4557d96af9c78a4baeb4386e2219c309848

SHA256
3ee8a0ad3e20b873458bad32263df75c86932b3ad5fc83307d33cd514de1715b

SHA512
027e3148d8eb0ca69cb5c757a3c39f9749f6a1b98383debc4505a5aa67d56cd3808c306cd19ebaa4342e45f801577fb4c9c1fe08675e0f6b52d35e54d2ca8cbf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.EnCiPhErEd

Filesize
11KB

MD5
e0a3a8534b338d9b54a916a3391cff80

SHA1
f62781f3aaf574f4b5f322cf72c9788df1df3f8d

SHA256
86d9617250c7d7f8994593fcb669b63c6be5d07f4133e77e2a95bbcf9b002d8b

SHA512
b91d121e3be0c78491f2dfecc56eb215bf2e3079e69152c7e8495c4a4e1f4c47c4a52907aed5f08e462d2735398de9eb2f2d4bbfa61ba3b116ff9e72d62b9a2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
dfa875b1aa40eb130fb75ad005ceee6c

SHA1
e5c15bad73e1b3cf370108cde30c7e83222b9486

SHA256
64469fae34c82a5993adb3c23dfba0eefc6bfef01a7f590052f1e4610eaae9d3

SHA512
4f91996d709a60484ce88f15aebf80addb747bb048460f2b4a67a3ed511a5fe78921e54b3f2eb31f6ae8b0d10ca769bc246106326b363f30d4aaac25846646a1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6d507ec5bcf543d1b258e9cb4d1504c1

SHA1
5bf9e442ae7f8b20bffdde32d4b8f9ef0bae02fb

SHA256
c9b32f6b25993e6a9b22b977f22ba7675084c1c522c060944e6b66a536a6b1d0

SHA512
851f90e4ea26b1ba494e755442e83405b3a968f5bd3db4141e4817114347c81c0f56dff1703209ef3bdf8a7ce07f8888e1074690bfff9ace0b9f66dd296acdc8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

Filesize
77KB

MD5
45d7e7fb5b7fa98d043f0d9c41429c38

SHA1
b3e28362def4676fc94aeadf2baea7fc6c43d2f8

SHA256
b4c66617c51649424049c64b58ef3e398c5aa36da3b09f4dc70ed67dcf937c02

SHA512
4f1f8c666e2d69aa840b15b7030de26340767001c14b7ec6e00614819bdcbad181ce4f114acb1e498dbe46fe4df37303de101a291c06a08db7afafb4208fc2fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

Filesize
47KB

MD5
d6a0add557515d2fdc1b183b2d1741f4

SHA1
e83e120931d6828db56360d7990fa4947114961c

SHA256
9fc7733f7d3c3bc8e4aad3e64e3995bf233dfca1922797e4412837c971af70d2

SHA512
1725e52a6f5c8a31e2c01dc1d51cb82f99ef35c85e967456bf3d8ba575e26b5731fe8314cf0b9712665e6668399f37b43d54863813ecb4e0e05881340ec836a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

Filesize
63KB

MD5
0550d59e50620740a021c92d93cceb43

SHA1
2bdf6e1e214e98582f2d58ec9c512e34efe3b465

SHA256
a8c63784c9821f1651f735e0f58d0989f67476a9289d8148d33f76e340d13ada

SHA512
8a99abdcd7239bec0bc0285ba63d32f83718d22f95cbed0ff2b0fcd94d07f61319981b4e9398f93405bed4fa9cb70db3e1ba5695c54287d068b9e8923fa8e298

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

Filesize
74KB

MD5
94843fc93e02771233efc2b6c66186e5

SHA1
c127cfca6d4f0efaef80cc33891e54274a57c0cf

SHA256
c251cc14ea1bc8e6e8e4ae4ea8767dffc6d242ca2e22aeb5cf8e7bfe81fb714f

SHA512
76d622ea26f679380477b0f0cb55803b29907841732f5d5841d87a5c7f67fff463693d285e5ba80e3f63489293b915e0beb0c1b467fc18d1190c14d85b5fe8b3

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
46a93d36aff063dfdb6ea963eb600e7a

SHA1
75e8eb72d1a86a7673b39dacf24587d1cbe858e2

SHA256
cd35a8d0f79f769b247b375aa58e5e831dfb840717448169358dc5169de63edd

SHA512
489fdd610a4c5220e0c522bf2cb10ec1035b86bc84da2eb6fcb157d48125e345bcea3b6df74c028ebe351e60a8fe6312c133261b0856c4253a84169f7acc6fba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1f34e081d41fe26b8796d8070edf592c

SHA1
ef9853736c4cb12171b8f078e191a19b6d39e424

SHA256
6858cbccc61a6ee681555fefa99c2f389297e32494c8bb88d7015f0309c6de9d

SHA512
7730af7feea46d37b24d4ce0e6c5befd4e40bce5158b76db301256ce4105588176656bc546f698a75d28dbffb57abfcfa6dbfdeb5116bc612c5e6a490ea2acd7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
fb31add2ec1bc8b5a1b4a17a0095cee5

SHA1
752401162484e3d88f656d06ebdd983444ea7275

SHA256
deb284e3f73f9df70b8e4e0d2a31ebc40b6cc71308c3de5eecb7280f15526d6f

SHA512
73f26fe9227726061ec69fc8f4bee62240649f63e5d49d8c6ed225cbed65df20cd87f006c360cc7218f7bcd06e7b530e0a2b3c8414bfbb8cfa73d04b9ba878c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
1c4a8aba0d62fedc79cbb08edd6dca8e

SHA1
bae0d1136bf0532f2f6821b4d954ff303d5332b0

SHA256
e8408eaf37235f518ea6fabc0abb277496e2e5ea09e737c81aa6461c2155f51d

SHA512
8573abdccab6a00113654e3aadd0e72430fa8aa2e6df6c358120fd74f1d495817201ada86cbac0824dbe5df87740395c1e8ff4e89b7618fb27674f356a6961c3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
79c96009b0d3c4162d95e206c6468982

SHA1
a91069b1a081cb2009e3d836b1019ff5e16b845f

SHA256
e34e7902383e4aef27531edc38e653322d14dad35885080ca44133f8ba597419

SHA512
64cc40c8b03d563b55b14e95ab0a0a538d6a444bceaf38a41ed71e706be6baca4b34a0a4dabc2b6de9f6830c03f8d7a434fcdf5fb26d7a379c199b5d810561c1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
fe7c8fed9db2d3edaad37c0bc401e4b0

SHA1
be2e5cac9d60a4412a6444757ef6405c5e7b33ca

SHA256
1e1457ec1de8dd6bd60d5114a65685c8b78e23e76492d0df48604b636894efee

SHA512
79f6b450238dcde71b2a121f5c09dc7562f8ce6bb7bf0b0c60c3b02b04cd9a84492327fd022df57f6f54fcaacf7617fb48a7b4c40788155d72e0dc6f863681f8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
ff121f8a9f14d75fa735d8e25b576656

SHA1
57909b9f4b97bf89e506381f98be8b2ae3014e91

SHA256
360b9b280c447e4d3caa012f71c6dbc20c9e030449b43d57ba5048c0a0613b0a

SHA512
26ea5fbc26516a54352a5b212badb651d94f169c284245d49ad45c610fc093cb8522a3ec8f6ee31cdae242921462545f4157435fe5597971a456e774020c0556

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
99b8fb45912fce92a1a0e4ffc82d07f2

SHA1
1790d3420ec9c77033688b02d637db307d7d5ea3

SHA256
bbe3929f814485edfa668952d732b2b60a5f3bbe36d7e222fcdd254a4f903db3

SHA512
461112d58017750e7b0c02b9233f06d7a7119a1caf1e9133e1a2dfc7ab7e1951312421bd6c7e9a58fa5cd0506db03ddd340563ce4100f6eca6a5004bace6ae51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
029424b18267dcfb455c4e15e67b3cc5

SHA1
0547dc93f7d4c227b4da6c1f6acca159d4453f50

SHA256
853e606a0de674ee833daa5de80ddbdcfffd498685795fcd969467678ce97430

SHA512
53c202c3dbb58e866c2af5849ce661a241d06d05f0e339b545087bbfe70eca9f6aa8da4889a094455db02fc071bcde259d1e1f8833bc2d9ef9791c827d4ffbf5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
fb70917790bdd2ad9d91fdfc475e7ce0

SHA1
f6b7abf07612bfdfe1fa098097d9b258d88cfec2

SHA256
da85c65bf738a9e9b6752b864b3feafd63fa25332f2294edb0668cb150bce49d

SHA512
b1b281d7fcc6fc47b4c7631ba0b68e7468687362c4b56d4c0f7681bb9dae27c1b931b9655e821a995d50e8c093efbda8a91a160e11c311c8c6cc832cbada3422

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
1e471acc5fa3f54b7108e04bfd54135f

SHA1
10d88e095a192f3dd877da9ef6bbc99a710fe9c3

SHA256
bf49c459d776d9b8739b06d6059e2d546e385e49f9e0526ca3602d7aa81739f1

SHA512
1ac5e50c1fa22fb15ffcb7116589510596defc3eae1cfc93075c9a556e3a49a86a8522a2e7d1ec0f1afef792127e05cb5547dca541cf147a08438d4ae735c5c7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
a46d9f60765f684cadbd4c68a2a83d00

SHA1
9fc7fa609358226423730e861bb631278c138c3e

SHA256
48610737797929e82698d5bd3243f2d49937cc39c3b35974b0b828a36bd42003

SHA512
893b6311fbb8b642e0868a6b28104a680a9fac4554405a4ee1850ce5257eddcc52a1daf0a980dd15ea9a9707dff185f004bde8f750aa7c326cd9ff32b1e519bc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
920550f1dcffb0eb1afa8adf30720a45

SHA1
08c41e9cde0d0a1f7e3f48a53ade65225d2dfcf7

SHA256
abbc06a8e909191b5226be0ecb84b321fce702fe6b03f710ee37bb73ae1c372f

SHA512
db787348c05135face446dfb1037083a07c064e288e1368d2f35f4cd25740ff613dff6cb0d085dbbd2408df123c5deb595fae7e5ad6a65c1492dfb2a67751794

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
044eed9337187ff27554b075ba1e415b

SHA1
19e5b25a60e2334b9048319218162392ea3a0bfd

SHA256
05dea4091281218a42d688985dee3d0e47c9ee98009d00f0a162f9430f664e3d

SHA512
c09d269ae46259364fcf4ed5dbbed8f2b3a6773134d31028b619d428ed11e2c4aeb69ee26a153cb48f8537ab5538ab1a9f9274e9019de84b1acae673f6f1de79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
c9206de6160bada3ddb6109a0a08a0b3

SHA1
d29c949ec0ead16771867d7fbf17ce6c60e7e1f3

SHA256
f15285d8fe4cf6109c3188afaa474c8ee799388a157529684f153d491d43a2b7

SHA512
769e649084ebdd031f9975fe455243a25142ae08bbf835f791838c0efa11584f63d9d2f88eb864d021b525ec3deabf28dafbc62f9dfefbb92dcd329f3c9e9da3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2eca37984988b3b60ab64794cf379704

SHA1
1c5d395c8708f426db6a641dcec61a4b8eadef64

SHA256
d5a379a6202e654f1a239125b09edb1f25fa864d7b788310c71922c4e5c3367a

SHA512
fa63509b059ad83508d4de5070edd1c51b79bd54cae65bf545ee142a198e0041de873fe4d084a708718d5db912aebd276884dc33e9a7d11e143f281fca62c319

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
56ea64bcf289c7a8353b9192bf29c694

SHA1
36545e62fcbe71498e4035d8d2691df0ace52541

SHA256
ef75f1dc2d07701d3cd86aa569ad41e31e81ccd0cc342d9341077dfb296b2f25

SHA512
9a64d448dfe7cb8983e9349348100c39e4ed3e4608592e1157331180cbf0bac2f7a4ff5f1182ed44279bbc1eb2b2cc23fb485574fe766fb413d28a4266e9794f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
d784d8464a8e160a5334ec9ae516c44a

SHA1
17f607ea21c7483f66e63b52dcf16ccaac78624a

SHA256
6591406b37d56cbd00ebb84dcbced9741de380c8e2f8a95f3d0c53d321a5e0a5

SHA512
8d993cf178e52ed2aaf8de62cfe054d0e9617d359539bac553df288c5df37d29c3bc812cd289b65dd9708c4fe5884fa7ef698c422dd7702c1543f5cb6070327c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
f1858d255b149dcccbd35cecb3530b1d

SHA1
eb42d57525c56bb7e6f49ce1a340642a39f1ff4d

SHA256
86e0e2cab6f7bceaf15088836c4d99bf8f48818f5256c15dfe1c5d1b41b762e9

SHA512
ee27a014184da34d3740cb499d3ca77ae790128b1ef4bf2ea45dfeebd028385f65e1a8ffa6cc35f8ddda773678822979c5932966ea3925199e1c2ca806361f64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
b85d55a8a5fe27b6c1df4197d14a6dda

SHA1
2ee73774e92bd9d9e745fe256b96948f78035a48

SHA256
c89f4fb08b770546c6ff7590905e18e08897ec62104315f5bd02c69c4f30fca0

SHA512
d6498943493774c2aeaadf43866557e79d9ab7b7a764fa2bf5871d8bf0cd3b2f5bd281b56b03e52b838f0e341117697d9d0b12906d58566cf938a31b0dfdaea8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
ace78e10923548fa251e4f46679ceffe

SHA1
e8533a01373f867405e907e4b13ffdea720b4a94

SHA256
0f16860ff08a665e7403870fb840750fec45fbc4de89edeac66606e5cb604662

SHA512
83a331f0beb883458e3aec29079b49a01392b3902cf57e1a2133832c47891514271d50e22b6f6bc7f78665f53505c7ae5be4b2eeb4bdf0e122a921c4af1f6eab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
e3149a5cb67445edf519d14ffed90587

SHA1
53bd75fc039334afe395e68125d8f140aa150a98

SHA256
5c2aedf6bbd39e9835047593a61432771eda686b8d3a30a9a0a2facb669d02bd

SHA512
6b482f7050907c15233d2be492615945a32391efdaee99ce5b7ccc55c4a37e0c1d1d89a22baff5319ecd9a0919e73207b1c5a5fc0728fb60099f1ec76bbce984

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
88d0ec7a81de904d20620c44b34d326c

SHA1
bfd8ebf6889cabf9aca07eb41139984344756002

SHA256
21b841e5449276dc8dfeaf1c26e5ca234825359b96cf08760ffa6641fa39a648

SHA512
31cfd70a1d741bd0703fd42f33c68a13b1a33f5957d8a1752d174c6590e9d7d7c9c664797099a47971d7246ca7c31ae668b1b81fcca3125e95676e9e628157f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
b342372f973153c2986d1cf723450035

SHA1
65be9e53d1f249cf7ea8ac9edb3f0089cf8bfbc3

SHA256
ef14a187fa9f464a99b1e2276e04604c0f9d1abaa8fef0d63bab144be65089b0

SHA512
e13ff101804942223507b006e787c370708fe3b25def369f5d5df423548ef30d82bdc6ae3d458d134c320d9eb23270c7f34fb5d013dcc70bf857791cadfe896d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
2c8bc38facd08e878944a48f27fa8b03

SHA1
5e7307e1c582ed5f71486e17ebbe94ad7da9bc27

SHA256
80bba4222f7fd04d56607f050c73f37ce8418846be5894a7fc329745210b1320

SHA512
6c0542a5d8a09af1047f36ec10ed36cb981825bc85d9994ddd4d5491f66bfa1a7c780b6676161ae6833e5b718ee5cf21e3051e39d1cc0e815bb256c30181c1ac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
204ea9a8291b901d9a4bf18ac690fc2e

SHA1
f29c418a1b75126e0054ca711e92d7de4a846daa

SHA256
6b81c96faf13cca2c881b6c7a8968b0ea29d30b0a3c3ddb15d20209a5e024c34

SHA512
54acafc0b4d4f15ff60c8f2ae32a9f2a7f9772324393dc0c85ca69fce4be3bb1930d1edc3ca5db3364a03270973492d40c7f732e341316386203aa4a5379dcd5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
e84fda920d1a12ada1ddc043e9144e94

SHA1
fe0b23eb0b0d9d8e50b0afa478d36e1b869a2a58

SHA256
54a6a7919f74af57ed0838c5aa7f486bc40564ef75c9032e31558b74f842bfbf

SHA512
09d133d1825bdf4a1c592a660793b4f9e583053fc35f7714076e4434b6d02241c69ce52899d6cd0b2770e054d1992a38b8fb95d7a49708cb5bcb661515bb9399

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1f221763fcb6ddf45c0fe61651f82dde

SHA1
62dca72aed4fffa1e36087f8edfb5bf8620ed7ca

SHA256
d5b604e2787c75819556fd5e07ecd5d8f7a14b38b29cf79270f9075352a360a8

SHA512
285375f80cfead82874ae64e982fc740705cb0290a44d0645dda35b55b69fe5122219dd42cce9e95061f96c88b20eab49c2131760783e63789eeb0b3a4c87b46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
0dbebc77cb0cfd8af647cb694bed18dc

SHA1
4d372905c5e89cfea63cb9ed5e7748b1eb626657

SHA256
58c7a3735a4a4540cc76fe00d1e8d26b50ecde626ae14ae389883324da61450f

SHA512
56774ba5f1cca5743839d9b0d76f0d046cba8547fbe5077c4834834b35323399f2b6e700c9374b3a897c159fa96520af252e5cb4aa81229d0bc9d0e18d3246d3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
e9637dcd9d95dd6f6c8eedd220e199d3

SHA1
93e69c26b8d840ce4ae03deaa8f6647505bcb4f1

SHA256
e07c4625bfa075883b586ff330aeea3d8564281f593910f3348736f6f398ec07

SHA512
ff270c5eb045c994183a32bd71a625fa2e47c400c1738d7bf4ad24d24109ca92a9175c2c36a6d0e674b860e8de57ebb25ebac5110bc214692790568efc31aee8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
78a29dcd17454633db7b7e2fd4eaff11

SHA1
e41a51ea3243a717b8e052f919cbc5ff77dbacab

SHA256
d516c7a82d9c945fde847965c299b1d606a476c026be01cc52e7d6043a923452

SHA512
d53677dd049b88d08696b8dab41b343880f7acc2b43041e947f557bc2b1f92b26e0963eac8210b0ab86e23b19437f7d0ebecac3fac8f67401b92c1eb12ec2f19

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
44424fbbb39204ef019b96201b47e139

SHA1
4fdcc198ffd0249e5daab64b09cb7a39ff631acb

SHA256
166601df199606235f614b1e23ffee5f81fa94798fb5f95630e1d57d26e0fde4

SHA512
8fff07268b9806e20483bb55218e685a4b04fad61a046b35e8ff7e331f2f349bbd58e1b2e9e3a4ad4128cef7a902583703752a3b1dae811d4f04c244e5ae73d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
24991bb4f53f4829db814e4253671e93

SHA1
a855263d30fe169cf08cf59fb41db8bdbe9b9c7f

SHA256
67d0bc409972dd7baf93c4cca5f665b21be1e937731f50d598aca2bf04e997c5

SHA512
695897ff4d03675e5871ca685048d03b2e5c71b02dd7ad19dad07f240bcd42c215df4abf2a1d67c1aa48a28ea3d465f4551bfcd8bba0f5f1ba95a8ca760e925a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
7d0c151828a0a67b66ea03a381746c09

SHA1
6e109fe9e9fc079e840901ed368ed29e479bc9f4

SHA256
ac15001ef08350bbabdd9902812070bd3dc51d06c1d18588cc7def0c0cb00cbb

SHA512
5ca607a1949a5e32dcda32ff2e9e7fc958f15157f96b75f5235f782935c9b83ea5e4830a427c6f1c71d03b6466d398759119021b8678ce05e9efb05ca101fe5d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
f08be0e9e6657fb129840cdf6cc53a39

SHA1
9f9e2260d9b7da573fc8202303416c602ae5c4fa

SHA256
9c295dbfddd8d12d069569f5d925c072bfedf49df63c0f29ec213947a677a435

SHA512
58ba60c9f891f3a4518ec0b1e3916b01e4b1c36a5a5606826285c6c45d81663bceed2f8496c2f64ca996f17da03b671f63cede0de9bec0af02ce05a85aa2c2b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
bbf70c608d368b5ecf54a91cd89fe92c

SHA1
f01c654b74e82d62e957e47b2e5c64d5cd0e6423

SHA256
4db31462d87a10ffe12a8f8a187258e2b668fb553b55943b1c52538eb663f672

SHA512
cafe0ae1032b082e6fa5d671dbf74693177f188c7c00f03e5d961aa5c0fcfc0944ba2be70d97923891e1c9ebed84d3ff42f869e3228aa3cd8addb9a5f8610171

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
37f0cfaa0ff2037b101d460fff50b1d9

SHA1
1efd5b96ca88dc8eb87727a89514914675a67f1e

SHA256
2b8c7140a9dfed886b6e9432f81e7a580a4615908c1dc2202df1a024bf5fbda6

SHA512
6d8ed7bab8c932c5b4f16c9cf0e64b71a04c1d291ad3ec4d41cc0099fcdc5fb1d639d4ea21f68d8e11c2a8e024a682d94323025f53cbc87e96ae5dc058a756d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
25fd5ad17b11bd76b3f258d47c1c51e9

SHA1
a2c9d88bd6f93bc654f915fc422ba501c53f3084

SHA256
31afaf6aedee4ae22e3c9f04bbc426ed5035eca6745e6437e373010377da67c7

SHA512
4c514b960c085764547f573a0cb96cd3701e1415abcbe15ce41cf5971aaf0a80caade74a17467f00ddcdcd5537eb41829ceaceeb4d3486203b9d6c656ce1ceeb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b9539d27aac804ce57c23f5cc26ee3ee

SHA1
2358ad041174726eed62c145885c8f669540532a

SHA256
fc5950b2dec25f82e5b73042f8a50e0c69de992b888a0c927a6376df6bce505b

SHA512
d16a44b56596050b1ace38253764c6d51eb8836677b4a47bb50276f922db7cd456e2337ba5328e1fec039e0a7f087498afb7041b8d3d35af26b7ee5614b57f04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
536c114f0b28c9ae421a24a64a6bc70e

SHA1
9a33b77a32427cda360bc761051e6645940009ab

SHA256
fc89d0e94f4d99f0c2c8569e6a97ab55e1a182618dadac6fabb868a8abe92421

SHA512
ae421a808b2fb1c2e8b33e0d3250ad833a185433ff1544722a1dfb220710b7ab26588d9b9cfa1e45caf5f97ae21b4213a61a5368335f31aa749f43a3efa3d51b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
d10189c38a1ed6560a9bde510f930203

SHA1
a9442cca779495352a187e29cc0699af9c694082

SHA256
b963e81a6f5cb3f25ffbce834607d3a3db797650eab0a0e21d420bc081da9bfa

SHA512
4a2d7a68a0c1d11c5b654005429e320b5e60b4b7e9c61f0086a3053c90bb0fdc04dcb444a928a818e7e071079dfe1b2144c660cc1cdb6b088e08b58aafdacb50

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
576d700bc25f28b4a65dd69486b03fcd

SHA1
a15bcdf75b46639b8652ce9a5b82998b7af01858

SHA256
0247864920be7472c50365f85820e998af4d44bc96f00ea577f64a7f32778711

SHA512
ba350c589874024e2141bc820c59c87a8b11c3a32d80ed8aa0a590f51bc747e42e648217f12de6c3e41eca5fb1a7d5a8c41b4bced3f3461b152540c20d0bdcb2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
18369f2372c3c642144240972967b07f

SHA1
d43118088f0432931f732b13821192af9bef7755

SHA256
13ec62f8c9c7b0d0638562a0d7eb658ad06dd0074bb4f2012c448ce3456eb4e7

SHA512
0e175bec689357d0349b4e6f87ef45aa397e850c283ca3a2f660baae7886f3310eaec017005455474b6793f1d2ca3d3b94e9d6793fa9aaee7c5d827ba917207e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
df189b77168db9a7d8e894483a507e9d

SHA1
f7139b7ee359c7855de6314cbdf0b414d0d00ed2

SHA256
b401c63009e29442502abff1b5dd7759506a83c888e2bbf5f76eadf4fd7dfc9f

SHA512
6248f98b7ba57ff10059e9d14e9b4778886917da3416371e5c47ef4a019fd89db1bb2f38c60d660da8626d4d0d0d154ac12c956b8a6461a4f485464f547b76cf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2cd5052f5b53cbe345c70107923b9d2e

SHA1
4e747f6dd04c90120d49efa04de66dc818f6488c

SHA256
bd7b3d6bf981783ab4f28c99466033fe3ad334fd693e09c9e2f1060d4fb60652

SHA512
ae2784062633660c768465e54754b6353af64f5e95c54ff8aec1908632fe5c71623d576cf76337fb8489f13fcd869d04e54755f19f0b99842003f1e2ade77fbf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
0433012bb6e58c5d3ef76dd0e867f7b4

SHA1
3c0a2b9078cbe67aa844491c4580b02236f63435

SHA256
3bd50de166067e1f3d7b1de35a41c7f068f25d2821cd99c61d19f61aaeed78d4

SHA512
54cc158fcc1fbb9dd6e518004bc780c3eafb63d314cdb47da24f0b5fb1a66f58515dde441d2861ed81fc1702d2333c9bdcd9a884a919bc7ce2d4b894f2a3d5d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
de1b580ff1d75741fa43593b6fa8d7a8

SHA1
b4311dba2e0c19876468d94e870957a3dbc7d1fb

SHA256
83649ae579329aa3b773cec863082c7ba94202bebd68cc1afe771856de4ec7f5

SHA512
ed8b0d5eadd5ec9aa8cb8ae2a80a390396e1e7bb4d9044ef1020d86ba13d42e51ac0ef080f6bc731882cd3124986b0361493a1a520f920fa40ba37c7690fae77

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
3be869b1d06d59a1383151802ae392a4

SHA1
eafbf853e1116b5d1e82d7b642c1570b998403d1

SHA256
f57e6c9393790f940c381f7e57b290ecb6fe5bd0273002ff79511ab74f4164bf

SHA512
e67a06c44325ed466f02ea6aedb66e98ecde51bd91c4f4e7b532ac83afa2b7293bcffd8baae32555490fae88630f9c46fd6b967808b0226124d8ca209746c0f5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
2db1274834202f2c987a1ab480bc9ab2

SHA1
de358ae7ba8efdc65d0d28483e30d0c223815de6

SHA256
e91a809ae3aa01739bf1ff583f1132fc7e1d465f7f15e6d16279d19fe184aadc

SHA512
2de74034033a1c34381fb05f3a0f3a393124dc998aa3092eeff210144c724c040e7c5e835898317f3d619ab9dbae0612c507c4050cd4abb4b65241e38f79563d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
ebd15a5e819bcbdbf0b1255262c11428

SHA1
ee67f76838dbf8e2fddd70adddb5b6407041dcc0

SHA256
9000c1712f51cb8f20b910d075a9c22e82b987e96933e68fa8eaa24e7c0c1520

SHA512
d304a1b274350c9fd58254a13a6195e0b398d0d4f28f1c00f2969b69e05c40a01a1d703d79a3822158e329abf583002469d871e288273f1c4e5bb3a94608f00a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
192c05e8e0158b5670dba039977876c0

SHA1
6a5a53a5e55674ddbe565f4cf5369e7eefcea5ce

SHA256
ef2aa05c477977edb6dbea1d87e3297f3c9b49ad1d1c87a311d09baaa9f708fd

SHA512
0ea25266bb2bde7fcfbea70abc7176cea31117bd49cf1105981d32f55458925b4649103deac201420c22e4d695589427f589e0e5163d088fb5e2df755ad585d7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
63d06ddb85992cd3cc6a64530fcd90ee

SHA1
dfaa890992ba5159487d45f4da9fc6b8fc23eaba

SHA256
9f1bab4e24167f76c63f12a2ce7c4782aba37c11d9a4c4dc7843d881af076041

SHA512
6021d5885e3461820a89cd389b1fd5dab42838af7b777a8c49eb19a869befbcb6a7d953d201755054b38e74ffcd74a7a1c034caaee5545c8586a64f59bf215b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
f9776a7215dcb996653ba327cfec9004

SHA1
67f3ac69fc146617ed4d8bee14311010c8415039

SHA256
5d29586b57505d409847920885da0c90a350791b759d6708acc85456495e5607

SHA512
b65fcce19639000d8bf1161a48583dde4fe63efc9b77eec5c91816900914b1b8ae216cf3492f373cf1d0cd660f648f5a3fd1795eeb24de8637faa2aab2b88345

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f5a08a81e2dc9792a211c048dc100c61

SHA1
60718c7ad40bfa857ddd80b1c412e35d8b9415cf

SHA256
4108ba8394f31dce9962e4b7d544fd27b6a704f115699684b3a8d127a39db5a1

SHA512
e5ad9464673dc67a820a2671132320eca0f615e14b4eeb17b19dff32eb6c3a8c26627cfa6593a24bcc8ff5256acbee59f92e18be41f762d1b81ad3adad23cd85

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
832c45fd980d907983451150b2aa696a

SHA1
b693ac8c06085c168124f61ba5109e5432ec0498

SHA256
ae12897cd8045f578b94a4a8900dcefad81768a547bc18389c8dba000219ef1b

SHA512
ad7ef289b95eea7306c7fc81e909d5ebefe968cbc761bf7865f5ea85c09c03cd1b52cf5fe98c8e57cb0f0ffae7be7ab13971bfb8482f4171328501596dc7272d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a5699c291add12d96ea0f7cf0e961f22

SHA1
3dec7ca9aa8b89ea24570be35f92452105ea5067

SHA256
477f6dbb961b776827c6136963e444d51a9b83ef6b0904bedbd7204a81001289

SHA512
6082527cf8e61e657a4c99514c1bec11a9f34e81fb0ba45a13bc3b1488ca930d3d50b8068ddb2aa06ff9827412f2aebe6b9a89bd013dee10145da5bc1118d3fd

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6c88dd8e6cdbbdf85c16dc3d844b1ed2

SHA1
b827c366b17d46b5ef0b74ca34b154e2c9dae216

SHA256
b42350a1ceeae9e4514f93203638b04efdd3611acbefa8f0b667dfd15c36e734

SHA512
2875a1038e1f4e91d249bb710827f432819c3a4aac354fed09c29e30deaec8cc7be4017f29133630da651a1b62749ffda7cb77f6d0f1f2377e8284578474e5e0

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
734eff442ad78441f4c802a48d0f49f9

SHA1
b0c7816985aba4dfa5a676233299e8d17bfeeb10

SHA256
aeab2454e515870ce18860f8f81e4f5abf87820c31b6d5d39245e32243630bd9

SHA512
89dbdea3119ddb26c1802370c34e65489fcaafc5a491baabf4e987c3f1efd73ec6af06106e337c8b06757baa6ea3b9b64bf8b4871c643e0dbe89eb1780e9020f

Download Submit
memory/4408-3866-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-11036-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-10921-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-8742-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-3865-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-11341-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-11342-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4408-11347-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads