xorist | b8868d9b80874e8841ca97766a4dea8200553c1f86b57d143b092c22697945e2

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 04:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Size

39KB
MD5

994c8cd78ade26404561afe1bac27f5a
SHA1

9607890068a1efc39ea7d23a3747dea70ed79655
SHA256

b8868d9b80874e8841ca97766a4dea8200553c1f86b57d143b092c22697945e2
SHA512

d02f4525031951cbc9ed9e3d6010e3f7fd4b48dd542a51d4ae5465115dfa5e41b90cca6c210e05c5aa616d05d0262ba5cf88e88f642c0b612a3ea55bb125c0ed
SSDEEP

384:cebFNw4Pk1itKkpAjjalr2DydqYvjS3kDCgSkAMB:c0FmBkpKjQkY7fDC0V

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/1660-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1660-4430-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1660-11301-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2188) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe"	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\c_monitor.inf_amd64_f02375bf47a4adb2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sisraid2.inf_amd64_845e008c32615283\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ru-RU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpssi_i2c.inf_amd64_8e00e1aed7fbdf70\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmatm2k.inf_amd64_de71647ec29a6bc2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkConnectivityStatus\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis2u.inf_amd64_0c5757ecd1574b3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0416\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\3ware.inf_amd64_408ceed6ec8ab6cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcomp.inf_amd64_bf289615d063c627\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_683fd853c8b8a4db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_3ff016f4df6d2b8a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_8984d8483eef476c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1660-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1660-4430-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1660-11301-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\sr-latn-cs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-white.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-80_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-150.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-150_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-256_altform-lightunplated_devicefamily-colorfulunplated.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark2x.gif	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\Windows Media Player\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\DialRotation.mp4	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-100_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\LargeTile.scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32_altform-unplated.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\chrome-ext.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedSplash.scale-100_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-100_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\SearchEmail2x.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\pt-br\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\dictation\SpeechOn.wav	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-125.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\[email protected]	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_ie8.gif	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-60.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Yahoo-Dark.scale-400.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailMediumTile.scale-125.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud_retina.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-72_altform-lightunplated.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-96_altform-lightunplated.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-48_altform-unplated.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\warning.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_contrast-white.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-40_contrast-white.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\LargeTile.scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-200.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..h-windows.resources_31bf3856ad364e35_10.0.19041.1_de-de_bfff1e1167d31931\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1e441945d4cfed03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-fsrm-common_31bf3856ad364e35_10.0.19041.746_none_4b895af00741be77\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..-mdac-rds-shape-rll_31bf3856ad364e35_10.0.19041.1_none_30174582a020e7aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\emulation.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-twinapi_31bf3856ad364e35_10.0.19041.1202_none_3a72066050358976\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_a134d9037e24529b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networking.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fef9806182a9716f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-pku2u_31bf3856ad364e35_10.0.19041.1_none_3eb58c1c7236093e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx-culture_dll_b03f5f7f11d50a3a_10.0.19041.1_none_9b96711be13ca628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerWarningToast.scale-125_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-fms.resources_31bf3856ad364e35_10.0.19041.1_el-gr_b81b0338a64039a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n...appxmain.resources_31bf3856ad364e35_10.0.19041.1_es-es_26d1c138eee56dc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.windows.form..alization.resources_31bf3856ad364e35_4.0.15805.0_it-it_415ec60bada99632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dafwfdprovider_31bf3856ad364e35_10.0.19041.1_none_b058c457605b2980\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-usermodepowerservice_31bf3856ad364e35_10.0.19041.207_none_3c300852ab214f81\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_36dd868ab7490fdd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.security.securestring_b03f5f7f11d50a3a_4.0.15805.0_none_18c5b2c505c3da8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_10.0.19041.1_none_30950d642c114bd6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz..anagement.resources_31bf3856ad364e35_10.0.19041.1_de-de_cddc6263faea7577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..oragecontexthandler_31bf3856ad364e35_10.0.19041.1_none_86d88d8102fa1376\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_10.0.19041.1_none_1467e2a7a796dbd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..s-sessionenvservice_31bf3856ad364e35_10.0.19041.1_none_9f240d63bb655133\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..providers.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_330f2c7eea7a32c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..oryservices-dsparse_31bf3856ad364e35_10.0.19041.546_none_3865b81a15779bc8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directmanipulation_31bf3856ad364e35_10.0.19041.1_none_0d61cfb7754c66b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.19041.264_none_4a12028313046a9e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..mgmt-mdmdiagnostics_31bf3856ad364e35_10.0.19041.1052_none_5c29d3c6f976adc3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_pt-pt_6b4c1e72043e86d1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-provider.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a4b8d1c948d48fa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-oleacc_31bf3856ad364e35_10.0.19041.746_none_52d2b2ecb593c243\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core-svc.resources_31bf3856ad364e35_10.0.19041.1_de-de_a3fd29f71132e3b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..rtcards-phone-winrt_31bf3856ad364e35_10.0.19041.746_none_3ff76fb204ef6561\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.xml.resources_b77a5c561934e089_4.0.15805.0_ja-jp_b575bd7aa0e20326\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..alproviders-library_31bf3856ad364e35_10.0.19041.208_none_6a4181adbacaf779\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-dictapi_31bf3856ad364e35_10.0.19041.844_none_b4a737a0a8a3d36d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-accountaccessor_31bf3856ad364e35_10.0.19041.1_none_7d516ffd32896a00\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_2aa71f4e335f00a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..inproviders-sysprep_31bf3856ad364e35_10.0.19041.746_none_bea59e0931f7c640\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..anagement-dynamoapi_31bf3856ad364e35_10.0.19041.1_none_eb539835d47e03b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.Resources\v4.0_10.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filecryptfilter_31bf3856ad364e35_10.0.19041.1_none_6691405458642a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pnpibs.resources_31bf3856ad364e35_10.0.19041.1_es-es_b149b1243bf625df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_multipoint-wmssvc_31bf3856ad364e35_10.0.19041.746_none_9ebd3ef9f0c794b5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wceisvista.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_7f2d1afe34e27907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_en-us_b9049899d62a0e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_basicdisplay.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ef20656b7106b82c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_110072d23cfc00d3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mspaint.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a128055cf095a390\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-win32kbase.resources_31bf3856ad364e35_10.0.19041.1_it-it_635a71dbe36ecef6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\Search\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-narrator.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1ec98aece2c4557c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.153_none_65cd0f4146003466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..per-tcpip.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_47ef5b61fbb0202a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wstorvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_9ba7b1d3252d432c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-e..ckdownwmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bc040d895034d384\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_tsprint.inf_31bf3856ad364e35_10.0.19041.153_none_356ebfa943b1edf9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1237_none_a9b815907b71fe1a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.ink.resources_31bf3856ad364e35_10.0.19041.1_en-us_4bb69b6211a31d86\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.configuration.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_cf689897302e0b01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-isoburn.resources_31bf3856ad364e35_10.0.19041.1_de-de_ddee61ebe5bbcc6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square44x44Logo.contrast-white_scale-400.png	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\ = "CRYPTED!"	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "GKWFVSVTOVYMISB"	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe"	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\LVKrw1gGpie4Aim.exe,0"	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GKWFVSVTOVYMISB\shell\open\command	994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\994c8cd78ade26404561afe1bac27f5a_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
5dbebadc83264ef98d9a73f425475937

SHA1
7954afb18462b04fd726a9f5466bdfa2899385c1

SHA256
e151ff97bd3a6f3cce7a06d869d5ef061e4dd7794ae855eb5cfceb3dfe4d60e0

SHA512
ae71c0b6d939eb0c82cac99688f9c128a475cca9ba37414fe64b2b9ba7e5ee0267930e69fab48ac5d729ed660dca06d8f0a1bbe380f7e07ba7a867898ebda110

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
4a062e5a441b3864737e793994205ddd

SHA1
33d90fe6e5c33d281b7dfe2a5193c64cd468aefe

SHA256
5d097b09f247c7d6943dd7cb9630d80644ba8504d3014974e019445949e2f835

SHA512
db6ace16915ddbedb39d3e90fea4ae5ccac53f2bed0b1df3d1112035f0939613794617083506080e07655aac00cd1447409de0250a7a33ed648cbcd62f7ce75e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
e2a5cc77239387b1a4d617d2008e57c2

SHA1
a45c67d9f521800564a5da2a1e30cd8fbf55f9cc

SHA256
3404ae31ca071b2787e93f589b78427b1d98ecf58de8958baa545637b40f0a62

SHA512
6e6a8328e578c8bc545b6bcf75d72630aa003f6dc98be4b62520ac3c29c6751c82cdc1ab3c6f6275b277845179c325cc423c42fcd75a405a1ad64934664834ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
24779b133ad7d7f2a9438a08d09f6fc1

SHA1
00304c954247b3368ae411e3c75344ebfbc4c7eb

SHA256
2f19147d47ea5b44285fa42f2515ac8eac31ad1c8765c9a6f7914fddb4935fd0

SHA512
7987fd9a424aa83cf30177d07a0d926ecad0521775a9453f4c3933ff79f4e9713a911041bd03ffaf33782d5542cbab3dd7860ecabff00918e74f057498483fe3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
538639d43d4d14aa0469214b5c328a9d

SHA1
22cabd580ece32c369c5b28a2a830ccda1a216de

SHA256
75d53991780593bd6aec2db096f22e7e46e15c22d62f9532bf0ee9aa815d8b87

SHA512
bfa47e291cb74ea5462334a51d1568c712892e0495bd6ba90f874ae3cc83f2ceb134acc21417507bef7c56cbbc44321eadabdbf422ad1cf14adee8948a16ceb3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
f94064ae982eb883c125e06e228ae725

SHA1
019b50b77734df197fbf62f421a9d08fe31ca649

SHA256
5d1fb3454b2a17103b1353181a44ff227aa594b2730855139a41398286a906e5

SHA512
9d5b14eda1bcc3618b03ef1618e73b820be2f4a630a8785c10b6c2b80aad1ba33f51d3fa9b0e1c3961a4fffe7dac2acbdfd6cfbbf5a299c2123dd279e652afa6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
54ae78cf11c23e8c657ede0d676a5218

SHA1
0708a16d258bc15cb74ffb6faea88b58770da541

SHA256
f4397c3b92e493f37e6f30483c86abfe523f99f9a048c9f84ab261ac4d31db31

SHA512
75b02075e738952c5e7c69f33d5d4febc8a670e2365341b2fa39b783dd103c9e7841a5985b887aff535517266de0c6956bba763dd42d3e796504c714df1aaaf8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
38210c85b6a5501695102a80354be24d

SHA1
ed37c1b5c52b58141d4b0c2f5875760bf3f44708

SHA256
35b6326d3f03524b64063abdfaac6672b96675f8b6d16f5d13185c289335d38d

SHA512
abf98e9b741f2c9e0486ac6ac7664d7ecc0c204f670b52998e7108e5d1e0e2a7ffd76bab6cf23bda5de925b7025e6916f198b5361e7632e0e6d310b281475f2c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e27ed4d00191f02c1fe3e261fdafa1d8

SHA1
ef77e3ce118d893ab995d23fe0c53a6e27861d98

SHA256
8a1dafe5ec436aa2f5d0c1c9fbaaced146da89d43c32e4c546190be544e2ec91

SHA512
0a4512e56ccd931eb7e6e3898abb16f9af8e2adaa5f59b940dcb251180c47a04a87a90e20ee45a193dafc36d3d84dd1ecb5d8b5f26a50bae5573cfdd4bb4fcb7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
45e7abb65bffc198be76a26de580700e

SHA1
de45c667c339db7b85a04730bafe45c1aeb8b4c5

SHA256
85f7dd08ced7e58516f8008c83ece1f57b852c8f34388631cdd5c2e866445d2c

SHA512
d9c83e0bd81a02d600f45fb690316fbfcdf49815731e6f38494bb186262f47621b44b54ada4dbcb94e728c6ab9d11efb4a31ba8f2171487fe5f6814beb361b5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
575c7b57410b938874d3a5cb89f0e44d

SHA1
5ba8c3d89640c129a10e7f1719acf7a4f056e2a9

SHA256
1f5cf44985ea0840f790289791ac261daf7d2461767154efa56babf0bdba670b

SHA512
016a48b0c1d4a42f24abca649b360e34d364c6fd7f664b03f40ad3206f00e4d8cab066cfa17ce8ed34fd5840a0a09ccdd71bd14ca2fd419742ce78498ba73aeb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
0e50e53f05535c51d254536273de4753

SHA1
b9179d85e07e311b416fb34420bd05c5c1aedb8c

SHA256
6d8ffc9ea21f78843ec1d0e2cc7c18dcba346d93d341566c173c42157c27b793

SHA512
18009573215a804a7c6b541f0189523e6d773b3e86a463b401c8d3bf7638278977f9cf5d4c95c97dd4934a0edbbb9f06c654e6f17925f2b9a327c484651028f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
cf52bb40451526ff400ae19f666e0f22

SHA1
9475185aaf59142478fb47e298f6fa8523129539

SHA256
2062980781cbbd6ef793a2c0309ea4d3951679836d5e29fe4e6f1751703df1a5

SHA512
e06d7401ad312c7883287642fe2fae375c85282e07f4cb31269a02c64213bf531fe4c383170a32ba8f9ebaa70cf2372af6dd00622eca16d8c5794af276fe0eba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
ed9ca265074f365d5c15184e2d81b9e6

SHA1
5bb2eeca2e17adc6480f59ca48328b772b3661a5

SHA256
f50184f3fcd313f65accd15432b28635de8e176eac559da1ff51c3176054db77

SHA512
9e2ad0bceb5d370bf4250fe1a241a9e1c67e85042765931337150eadd44932907a5a86dd5969b8078a1a34fc417c581c8faeb77a3327721c9081215bb9916736

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
46bebcd250596f313b186843856910c0

SHA1
a1aed6410f3477ed1de1056f18a8e121f2b98547

SHA256
5897c3a9eae4291eedbd292873bffc72b4df1f781392586c84e6726b044430ed

SHA512
f46736a27ac45ea6d02d0f97225432e2a044e2074cb12d3285bb40f7248c77b9cc722bb9281b92e6262a73d85d1591471e1747c6a67a98ff53fd5e4fec387007

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
e0c5d94428b92fc70c2ace441b4bf73c

SHA1
6fc669505dab5e6b5a227132c0494eeb277d32e5

SHA256
ceca875523de3efbddb0c88e3aa32443c2a74248a3507661e48bfa7bf010c1ba

SHA512
83640471eaa1ecd808e34190ce959af88c9aa1eca2b5c1667207d45d90f4d2672443553185c54f7d721a7e92ba83beaf4bc94cd35f7ae11391866ed7ded5d20e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
b3942e57a651115b99793d378fde2198

SHA1
164f6eb5da9354c8efbd7a856a06a895ef90ed76

SHA256
623b323305628b46cd47b1334069c133a1100176162669f949b04012aa369057

SHA512
25e997b8d88c6452b3bf0b7b1e05007d51c4d925c329529fc533c2a05e381eca57a61c35efb4eff974f3dcdc3dbad610437c5335ec207e3daad06c97247eca09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
39052071aff7c2f734d00ec05b72806d

SHA1
5bae8e3d3192d91badb98417b24a0b854e091993

SHA256
97e7a0c2a3bfa7d717e7d78a6fa0e902d28d4a3612f4cd8c6b6419e25c8a392e

SHA512
83937076044aeac05aedcdff734706b73ee27d6380ae2a77c0d8b67c9a774d17d3147afce6742b6a6089cf8e1074c3dc4fb129ecfbf97a844f00affd58e1a307

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
a54e72a03e71dd3d7c1bb061960e5e50

SHA1
100e57f66bd01fdcf4703f0083528b5f352abe37

SHA256
15f0ff28f3fbc024083dbd47004807f41df5fd0c8b3d9682b7603834fb1a3c0f

SHA512
4fdbdbeb4504b8636a3ccec8ee2390435c8d82f9416f374556bc55d64b6392bfbe335b9bcc31b0a840d534c5c10ebfe5f2d976e940677264e20d23aad5d6a786

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
dc3f0095304068861975dbaecc0b8613

SHA1
12f67036456ec57d6d2d14f8dacac49f72551866

SHA256
183adc6e18f73f61aa45fffb71a52f26517df542612a02c103efafddf99916e6

SHA512
a491508b9441321c2516692deabe6530ad7a2140634966b674134637c8becab262fcc9c06a897cdff48e0404bbc554738831cb3b627ee4c0a3fd7baa367b1da8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
7296572dea62cc527011dd2e03b4681f

SHA1
81d51bdcac57a2d44006cc2cb4ce92b200d36101

SHA256
0ecbf532c08e492969bcefdc35c2f35813831f6f578ddbc6eea608e8147eea06

SHA512
80ae89800205174e3cc12b62942c95d0343eedccc7ee9a8169033ec1f75223b6a69bc7e28954f7d2db5eed56641006c2f8d9c22ce13b54730177a473df779706

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f06a409de58380b0d649c23b42f109ed

SHA1
9117106294afd419a4d5c066906430d87abd1cb2

SHA256
c32a088fc1f6e5b8d2b99fdf9f870103451165e148255955a0b96bfc6e2547b9

SHA512
ee1c7ec6a4b2216a6aa1ac147336cb2a1820cfadf46f72c6a19ab27244444bf9c5c85b531371465fee9b7d946cd46366fd538da2c4572a44d319ec3e3f5972f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a7b9f079d888feffb147753a7c295398

SHA1
b7e355bf96ea489f1710116bfcf18bf034bd2df6

SHA256
e372e13a639eb5003af84862ebae9b91e40e0562872fecc6fbc2da12fb0b1fbc

SHA512
a8692cb02082dde704ea46f483659669c1743e702b960744315ef1eb925ac6e347d609d565b1080eb23bdf61acadad802e17b5a9f9c218baf746574f69bb18c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
ca799ddac33e9b88b2a831f66fca80e7

SHA1
ee7a87e3bcec7fddb4bc0074754f0e8d7af7b161

SHA256
ecd289e1fcfc28e509f1b68ac7c7283625f651ef9bf01aeab98dd97849320f0b

SHA512
d63760979f8ebba0f839b2dfbc026cf72e7b89b1e6321cf151696152d5303f4c06a74147d4c29f16a4a26957b86d5c98b32b1a560a2d95c658d46d7bb006b389

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
fd6195c93b69eef2b5adf09d1075a362

SHA1
ba19780efd7483dfdf8c2794101f50bfca72fdc8

SHA256
baf16ae5a85ee77c0e38d6cd5a9ff27fcc9f187cfc79b78b00cbd1474e51f04f

SHA512
da1fde5fcf5601f627ffe1ae48d5e2b3fac41160fba816952f74e558c5b012b39072b8b3fd35190e5f053fcc2d8377812e8c245951bc525d8862325820b57386

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
6d49c53bf1598aa108288cda138e5649

SHA1
b74757a0401618ff0b9c7a2fdc2f48da1bf37c0c

SHA256
d1a16d72892ae82a04547abf3c9fe920b47b3f15c69eee487a058a9dc152e1fe

SHA512
97053062978c8da062483273e663b15b1af046e172ecf83f548868591bc428bba0392d71bc2448e6cfbc4f91940d95236d3f89bcb51cefbab5c007cbd40d59dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
62dd972b7cc8ef62585a19fe32d6bdae

SHA1
37e8dcdf276d63576b906b1cc3be498d1e164cbe

SHA256
98cf842250c1a4f2803ffda28c9deb8ed2b19b7bc472c767585737d5f5d881d5

SHA512
92e3fd109e06a1270b5c8b2dfe139aa16ae310e2b69aaeb68efc8c9fcda61d2a081fc638d63565cbfb19468872a1f0996aaf60d73bde03eddebf68c65755339e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
808a86e0ca9c24c9c40157f0320f1718

SHA1
25b0d5047505524899562e7afc9a62d0657d670f

SHA256
155e8c7731f65105386a86d7fabf532574a71c0958d4d89753c780b640da38c5

SHA512
d5dccf102fb86571b28c8b1c641b76b624d238d8b53eb055a9c679cf22fe416acf2c24e908a9c6e22d446dea7a1d707346a188a63b5625c383578d3108f1b609

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
81d1e7aaaa365bd0e6e7d7dd51c99f4c

SHA1
54a81a91010c80c5762a53993fd29261c899393f

SHA256
7bdf83af42d3b59d38cc468f0daa23a5f3ecea9054e09c66c8700f91ed68e538

SHA512
e722b8e296ee63cd4d917b8e431b16709afb46f3aa7e5e46991e03d1417d5046e06d24f8cf94379b0d397ebd7729e9485045e14393b12c80d884546b73942633

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
cb3650bb689079e482cf2ff8d3920cc4

SHA1
078917e2789964d3acb6f43a08782d3f7c89f142

SHA256
ff1d85aae4fb872fa23c68aebc06dd9be53c07a2e98b98477d9fbf8781d5c0c3

SHA512
8d48dd6576eb551dc4d0faf260ba75af9e0f9c6ec9579cab49eb95e587037c74d301ec52cd5b11c3c46db2d94043b8f53baa844c072efbf62e46cda0307a300e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
d31e75755bdd6e4fdb44cce4665b0995

SHA1
a2b09fb7e3a5e4d5ae4af4c8ae60b6fe6c3f5291

SHA256
a5f02dd92603d3da93d8e3d64df085aaf14c48f8dbbe83cbbadb0e2f4ffce943

SHA512
7cb7291c856f788c7fa956ad4b23f51978b1d014002e2a646c0cef9c4e4f5d91d5db2649f44bb5da061e500042c629a1cc298114014113e4777bc23b6f4e7833

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4978ddab3276f7993ab87b21728cf755

SHA1
cfb270e365ab4c12fbd60a16bd9065879b7eda5c

SHA256
b24083fd22cf274b7b3caf02cf35a80a805f9a1a550b1de090b3c498456c5da5

SHA512
6e19dba9df5a459e3d3db73f842d875299e3186cc063d4388786766f0ccd59f818c9f3af5e2b877f08830c703eeeabaf30e5e8500018d275678af78644ed2085

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
96083e3a36001e2d60f89e86bbf5a201

SHA1
fbd9a10c75e7a51a84e31338a62625942602e07b

SHA256
4c6b98b881a069faef8830b43d3aeea0120323c8865479768b56fe2bde6cbfe8

SHA512
ea732733596f4909726ce419166448759ca1fb0da623f829f1dd25038ad059ced33dc8a3af7d9d9b53b323dd0a1b0a23878c5b5d5dc20c7c168ac4b773289ffd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
182ce6220361d633e661f045a3b77306

SHA1
7ea8d0ba09f9b4a64d42ee018826523d68b703bf

SHA256
f1a4092b2be71b17beda22fca0e7fc4f9d8449203b36581ba94924ed9b9156b4

SHA512
55a4ccf8b93424da199cd5e4ace78307325de803e22c0e00cbdd35c6ed44002bfa3449d56e1170e23c071c5dd8bae563d0661c4f5384140390ae3b82188c7fb2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
f117da883a9086c805f61f84e3ee464d

SHA1
03c8f49cbb96909985061efa6c31304bf42047fd

SHA256
cb5479b0b85c93e5629b4c990012e46bc826bbc74586db8b72dfea97b5663929

SHA512
ab033bad4e5ab79abcb144d26504158bf386753e6cb97a578e6819750481bf4fb06822d5539d7d45a728786a0368db78f2eb186f62d53772a97323dad8232adf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
2e1befc98491333596ce859584d0232e

SHA1
cdf5c7df7418c4e527122c15f9e87521462786c1

SHA256
d9358d1eb84b6a8965ff7f466f6cc8e5fb61891d96dfe74ca01b8c4c1e5de5df

SHA512
4fb0ce5e6db2e10ff7f7f2594f785e26a66fb2df41083dda5e136102a70d35f72b0ee06060026d908420ce10c7a0df9b64d21b0cf32b9b39801eda26e352e337

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
7788cf655dbee135f46e68b1b9c55e91

SHA1
06f0c86fa3b808168ac7d06b45721ab7abf9f310

SHA256
317c373914a7ee54e9f998809eaf080316373ada72d93222953c9144916ffcbd

SHA512
1cc2e954d1cdc0ccc84fa49d35da7958dc25b88d8a0a5888591416f4ff19a7efce85c4deafdb4f2fae7d57f7860d3276c78193c830451bf3eb262268c19ee1f0

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
e1a173ef66a72312a34beaffd3705d04

SHA1
3329d261205f6385a99608c509cfac210b138fb5

SHA256
ba64dfa93a20ca438921e97397e40ef601c5d48352f8de8fe946d045166d7129

SHA512
85aee181a71b3efa842f57c8f3665cc3aeb6969aa69c72b3fa051eb2f4721bac4979bba3ea0baded0fc21c72162f58574b550d26c710db90468c7880724385f7

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
3c7e13a7a062b1e1953f38408688f6a1

SHA1
0d893144dd99a12cd7ee79b1ce0dcf4135c1fbb1

SHA256
f8e4751d4974dc881d7252698edbfc84cdb662fbeaca60eefe1ec1821414afe9

SHA512
63ed35f91787b1aeff93bb1160f71dc2c04bf0e7d4f019b1e020a67ec74d2810da8973f0715f2ecb663aa823a1f98216cc1af0d5837d02c6b7f75aa9cbe1c6f1

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
b0eb14fd3dbb1ab0964faa3777166680

SHA1
f9daf17b8c5739dfa43d5777b4aa56fb7100b548

SHA256
6fa26bbb7b1b2c54a507141f0af9e50afad123e4c49f161b37e692a5c1a07e4e

SHA512
80ff9273f1a2bc1759e2bebc1e334f580edd70a490f8af79dacc7a8098c1791659d3b7d6158800994a92a719186ca2b618d2017ab33172c61cb94c1ec990b04b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
73adaa0442b9b03241150242438ae3fc

SHA1
185e1fd19eadbde6f178f7e24b83f817a03d228b

SHA256
b5ac471bcb24491d9d127fa7b053705150779a0746f8ccb87da40236bf40458e

SHA512
19c4449cb55988f96edeab2186892bba4ffe39ad4878b086b6d630c2d40750875b66d92357f07412468b9c8b874a1077d23417fa74feba6320f504675c15a33d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
3b9a32cc104bc8cb76bddab3649e3ab1

SHA1
4e0696db4b847983fe39e79cfcabcbda750e653d

SHA256
a3c1a7537bafcb12faf85c1146074567c5489bdaaeab5ec9d6bb771c6f70b938

SHA512
3513687b9a6e56873ce7b8678ef0456781d99db13fc240474e07718d1bb85373886a26da4e2daafeba2e4e5493ba7b47d5fe236298ef8b986ca0d8682a7dceb4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
7a9f89f1b6fef1dbf58c70733af6930e

SHA1
e180a4a514edfd9006de7dbe3b3b406b709e3d0a

SHA256
2dfdb8971df0c091dd069be92f13faefb4baa64f6b559e88cde231e93c0c56f3

SHA512
dc233cd146607e09b5a296b9198d8d577c29c068658d2b08354f0e348b6497e7b36eea21ad093259472df927bcf660183dd78cb8a6876e78f6bd6d98754d64fe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
500f03f211db63f954703576a129a929

SHA1
98630c708ac972a7511c6f8692d496ccf14d7c88

SHA256
6afea27b848f6724b53bd4851e1d8d75d98843a1281810c58624ca35b4bcc54e

SHA512
6b2056c51ee6e66a091aaabe919e94be0a6852b818fb191d2e3f923360ca088cf41ed456065a622d8d6229e6ca5f9f9fc3403c0cea9a164083c48f573b697325

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
24aa539e0488290c96091adce03c1e76

SHA1
6eede4396f354568acfedf512ba2cbdf1fdff7d4

SHA256
ccf776bba82a1eb7ceba278ec2bcfb1ea00c499b75781c5f1ab66c83d0800ed7

SHA512
826312c8ef891adf86c96078468d89e245379eb7f2692d9dfa418c36416f80e0c5a16585c8455b0f951b8b80f61a06f188398e9b8f68e8b5bf1fa43f2a160f23

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
f055d158f1a9d6d563bc60450ff33711

SHA1
50f4c175dc9b71b3889c98a53e3d2d08730b48dc

SHA256
2d8d2d78eea14b7397a9147c5cdd82e8248cf56ed88146288800d2c1eed3f76f

SHA512
714e53cf2a3df1a0d248f6a72bd44915ffee5a1867e3f28b92aecd167b757c7763a45e90f0453211d5914b9c846b0ec54683fcf1de103e2c4fcfe9e1592aacf9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ac883b22f713d7448e44dbbe42ec1583

SHA1
e9a86f93ffc6e6d665e9162add241e7b0cb462d2

SHA256
a5174d47781d52531d4adbce9ab5d3146da708bcc963e2acfb8732a5914d06e7

SHA512
c2d9774ce470b848303cad29a74396d088f78e15a5c9d8b98d5a3c4bfdac421a714e2e24f2fc9e24338470c9726c006a53cb1b87c2fc789746e476a03dce4482

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
ecbdd8234550367a8e5906cc814f0c2c

SHA1
25dd780fac689ce621508d90646b8959b3f087dc

SHA256
efe39b4e56eeebd8fb06ed8a5409f7519afb30674b4258503a75540ddab7b9e9

SHA512
cbde6980e7e717c269510ad739ec02deb99186a709640123d4721643eb0c7730c8929e835446bbce6e94307da19ebc7c18c2524e8eb4b190550f615d03e14d98

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
1d2327dfab0bf785c7b0d9941aee8a21

SHA1
c9775825721eacdc8a30131f220eadb4fbc4d57a

SHA256
9e06b28978d2918b05728af473ced491dbf0db75633e09f5f83c88b35d94576d

SHA512
fdfd9c2119ccb6e0e80518760754a7a22970327648dd933a3ba6e9504668f74063dd8391a00c4aadab97a318dbf073614183f237721848ab07d3074b3b33cb51

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
41b63f9364a13efa88d4c2ff21589d73

SHA1
d040b27c0ffc35cb8180f5291d9dcb9d5ddfbfd8

SHA256
1c13e1a5c87369ef7e259b4a46408b8ea903c08bb9b26910e299213764d4e5d4

SHA512
fa35378f874a34366954d752d60acd2695fbc2ff061fbeb904fd5837020c0a91414c2cef383cb3c21266b81ff89754a9ce3743185094c0fdbd1d871eaa0360bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
6692f7c7f13f6b2c259c7169a53fd64b

SHA1
0d86cd6134439ef8e77adf560cac18fb2f676c7f

SHA256
b644064362faa96303e1a6b2425b8e3ebb6f2a03d9d8ea6116984a68bb6139b0

SHA512
c134dea43668b6272cd10c1ea6534f8dd4a2ffc02bfb80c2c93f0ce1ae5c3398b86c3b897c3c037b87731eb3151f7f5ddb5194c34065e8db2f8d86533029747d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
d1615059f3bd96ed62c029b7a714450e

SHA1
d9c7c35049b76b3cc86768e71331dc7a219e6b17

SHA256
d6e8f5881fb1c6008337e25796b5cee28244d8f43e4e78217b1f47900964fa59

SHA512
4c6021867bbe4429f47e81adc80e38e25d9e080aebc18d7d0f7ad6d69b4bd80d540dc109082800942fbc1124f04086ae94a44c4c53121839cc391db88bdc7e7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
78845318234aaa5677c30255299b6400

SHA1
63fbebeecd5e3ae9e19af00b56f67c308331b6e4

SHA256
4adebccbaa4c8e49bce3eab0e27019f8e00af577a59a583748f9b6bf3642302e

SHA512
59cfd861a39556a6136bcaa8a74f6043b04b56fc58186ffbc472a6748b9b0b78401572ae4b1d3fd109476b8bc839f250d754abe62abdaa45ea66c60c3d956951

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
9a20a02c78a27d934a6e58d255d1b087

SHA1
96cb0c0789d155fa5ec1440f86b761d00fa30c84

SHA256
1f6cc6ed162482d8794dc5a13fbaa61c05fa5870e50d725132dc999e95fe22bd

SHA512
7c9d57fe65c3bdd217b6cdf7e6e26080d6ec7395ecf65d71c6e60fae6fbe0e56473ea8b381546574849f70c78b087491dbf2237487ff897b37ba1eea4bbefe78

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
5daeb0f0495f01e32f11d397301abfa4

SHA1
5fbcf46d2eddc9a3d5ba594a93a0e0ba45532b9a

SHA256
befe5a435303cded367d8ffabfe297d790e161664888f6dcc34979fcb4103aa0

SHA512
aa95fcc2833d569b82ed0f4c8423c7ff7b86b0a779d4398a23af3ff8c59e761715223c9880f4c28c612a07189ff9b21275b5b1e1c8ac1e88876a72fe0fdd5666

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
aa8f69f55180cc01d27a0e30b2fc5c4e

SHA1
0e8fa5c7aaebb438d1a23b09d8ba2b16689a2161

SHA256
96fad76c6b5f87f5549e8d38a44fbc4c7243570fb1b41a991de3bfe6349e0f10

SHA512
7ea70c7e7ac7a582bbe1e07b799016b3bc213fadb57d52f926f7f18788d6f2c6c2e1be501841c29c6808fbdb26ca878b4ea59f69d0be7a2de9209bd238db4f85

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
f16692f7076a08eb2ceabc028578d903

SHA1
9a93f0e454db1aa33c03b850afbeff4351e308af

SHA256
6c2e03b7c59e6a92ad0bb233ab29a9c27fce0512cb2cbc70c32761f9224a0204

SHA512
758d488b20c452fdbf57b0815d0ebe0af6e3a6c0857a9919cdc66b96d830923f671ee05e605001ce534ac56d6fbb6a325209b2880a5053da8e426d8bf86c5115

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
4618849e9fa992f1f85bed97d12b7466

SHA1
b1a7eaf1b3ff9fc5f664db2aa81e547ede8d257e

SHA256
b27c9036c75eac962d52b397bdc5685f8513aee107bfe8815c78bd1f68e1179e

SHA512
76f7010b3ea4e4955131f47eb0c80f581d0a3b1dfc8099ac609a53c25d12070c56fa975be1e6cec920db120e9033b00164f0f3ca881960360cb435a7f6499e19

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
41252a0f1218d2b4492927c5579591ed

SHA1
af7c893c131193258a1b848044127ddcf01f67e8

SHA256
c3429a739ec87c834b7bfa4839d2c5dce87ab120fca9669cf619912c9a3261bd

SHA512
1a1e3ff8c9856998a7142578775b416f1f88e4d1a9d80d2401030c1fff9015908c222fae29b26355bbae040f0bf3c4a79236a23b8e30088dd5167bdf7d652a8f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8de86070a5cb470a0e0eb9b40e123215

SHA1
17426d30ad332940e7d07c67978679eb736191f7

SHA256
df009640433446ca4d7ac703453d1fe6547d7b67b3f7040e26683f2dd98065b6

SHA512
78ffba609f679b35a64959e34b070d9f0a1e033dae4b8e261ab3bd05cd093d1aa0b37f1cf15e3e4cd25e011969de87e4a3b2bc192214db9bdc3864454c2c1e04

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
be5ecb4d30e0ad9923f0b59272ff25dd

SHA1
cba1630ae74ab824275280684bce2da7bf0c1caa

SHA256
2c6f17d75f1e4359e01a2601fc39cdd031e43d3ded584c9344a09cd9e1dfc64f

SHA512
eb921da6ca3fa1c7b438df78d9c5e33311923ae43d6a37fe1293b255d2ceed41ed5dddcbfe123c3432ec361b264399919ffb1c02108d41a1c8816fe2254833d5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
77162ffa0c87117ac55588d741c9613f

SHA1
282e0606e5055f30a949b38bc17d33c1c437c0bd

SHA256
43844df0d4540ec5d3f7f6a218fabe9b6f2b6dcf7e136e5bc044c48cc2680609

SHA512
4e706103f92c7421ebe1844089fd0806e49d17ca73a7415d8a3f1652bfbd9e7e635e0d40e6945130632f4f5e0f6d58363b77231f0765d73fefd379584c4702e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
d05bee2392cdee20d65bc171bcb13910

SHA1
526600340448478988aa86bd81b0239a40372a22

SHA256
5ca73530e28ccb37b4f8ec4562a6d72a97799ecb8bbacd5062f4e6c4dc9681bf

SHA512
48577789463f58c3cf77333ab7a063ef3966f7098cac06faba480ebeb8c433bb5553a09531fedf07ec55d4285e2f2b59cd883762f40efa4fe22196f726ed277a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
15b56f269b75818a86647d94943dd096

SHA1
9952e770ae8f38843eb030d51f23338b116a57eb

SHA256
0fd1132f61b129d9743aa2394273cbb44be84eed8519975a0c92d61ecccc8943

SHA512
b0dd705ffdb5226dc36fc4a62d41cf57a64b9145351b07bf990000113eed6ecf1182341f9f20ab305d8791c7c3ce01e5925841993194718a5e171ea4ed5f3b93

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5d03c8f3b3754de1631d1bd9cd59da0a

SHA1
1449e73bc212ba24d6bb614811a945f85ec30b48

SHA256
d51f8b805f1256892f7914152cc3f641a9bb491ed7ba71aaf77e6d270ec59a27

SHA512
fcff2e2d075bf5f8927446c3d280422ec6ccc84a1e3f9c8f767297b9b68c87275c0e4d25a7879bf8bb66a1a41d7665433effd8043323786af4df9f51e51c7815

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e098dfda0998bb81ba2381a41272808d

SHA1
cdebaa37539ee9a492a58c97be29d099c6a319c8

SHA256
441478574666c9caed3a60c0a39286a16e80ada0517db5745d2cb9e968633c76

SHA512
cf18af414ce93e5670a32cf369698f41da4465a562f09b92314e86ed3aa824cb89f979fcd64014749a258518f85e6a96dfc14772a7cf3823ce33aa40de3b2729

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
aad8cebe75228555027475c54e102b48

SHA1
2e110736c01c007e96145d5e4d84650265202e92

SHA256
1494ec6811dbd6ce1035353b589e8953920d3ee6a408cdf7b9e22063230d323b

SHA512
c9086ae39fa0f81bdc4bbdec93795dfa181233f2f62cf2cf2559e5c177784d0e9d51c2afdd3fb4435f2f7a0c1cae52b86852f3baf4f67640f577b0bf91999552

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
82976d07c7829c4e903141e9cdd11068

SHA1
59b12c2612e075f4e1da71afab68af97c87a92aa

SHA256
8a56005f29a08ea14997beae4139568938ac91662ffddc8a87e385b6c356880b

SHA512
5942a8b466604a682ddc67d9604aea49c3ba3d3a0897432492c107c63d5815b4a9ce616744b2e54b5eb9ec08c5ddccfd7faa76c7b7bcca1f26f80b098321bf82

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
862edebac4d6099cfb68578df557965a

SHA1
658aababaa3c86c25418cfc1c52673e828cc3862

SHA256
3b4088725aa0174ae25491da3181de2f4c43bbb7ea3a7eeeef8c872e1af75417

SHA512
f762f4317c5d6b80632d8b0fadb8236942c66097a5491202725301cc67042620fab08af62f1dd7da37e28011ed46ddc7d99ed28f7950a1cd024351b0f81c428f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
513189ebd99cb73c08e4233649a01f7a

SHA1
ab7793a01308e04ef245369fedcb36e3347894ae

SHA256
5cb4660f51ed88a82aabb425e66d99787812a6c59203c9169398fd19189c111a

SHA512
d2fe7d85850d4ac4f0f09c653fc7532cfd26190f97238a1fe92d23f4cc63ffe6acdaf40f2c605161e9eb5f98f5cae9c683aecb8522b3e1c8473cee7480a0e976

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
61534fa4ce50bf1c5df5d985548f126c

SHA1
ba523b64f2890a29e23d36e4891e3573f63dff84

SHA256
8d972e92045d9a9519c7f9e106a76ddde2a9a9d96e18899fff4948ed1ce82264

SHA512
027d9e5714835fac9f78ad331a0db08e46299f7b2407624055c93c82ceceb4f9ccce8eb7f6e5edaf8a356399ef4099d370b45e1b683a4de0161c52626e7259b6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
10d59e8b8d6fb710fbee1dfde68d0aa6

SHA1
88a792d1386607ac43684c792eaffcb90e89858b

SHA256
f118a7f7518a0adc433c0270b4179284245cf21edd42b7755e5dce0a166e778c

SHA512
242ed738c6a5bbdd26adc07e98236daa24578c9d67c3e7445cf9351a37269b94159677480a850fc9dd5c69748db50c92797391747e7d4742d4cb2632424852b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
6a2aefc0af30bfacfec52c62dab1d360

SHA1
353d700a57547452d80d050eef76b95f0764eb66

SHA256
1773f87858525a5a78f0ff735100ef30a891583282f439ff3b98433d57595fc2

SHA512
7ce22fbd8e8dcee3f0a5494407490855e487ee2ecb108ed98019087e707e24f24685d9d11a945174cdcce9095a43471456fc85b49638a86b35869a36720c56f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
117502008b18ce0d16b5152564aadac0

SHA1
243b7707b083e96e03cd111e960c53701b0849b4

SHA256
f422362ea585b36a3a0c44b6103403a8da185aa8cb1c31d096a2d430ea02b40d

SHA512
1d6f0c6831e1f50fdb84331163eed9c5014e321ec3228a12b470cc61b0c0b8cedb6c27dcff87b47f55e17e04ecab1881aedf0365033417502cd61c819c2ca7ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
fb282a34e424fe5de106aea883bdbfa7

SHA1
f32847c2ae302f4569e6623ef1d6686baf2a4d66

SHA256
6074196412e06511dc9dd0b717867f3eb6bda300da45466d6c6d6eabc94e0b3a

SHA512
4bc2a85082508d314bcb8b2de3c633117e605367404af2405145b20463b235229e1c938d2b03d04f65337835a91a866fcb9f82e00c3decf71b56f15dd8661f0d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
d6b0b4560730ec324232ae41130d2853

SHA1
37677a04ac346e639bb43252af8937f08a816f4b

SHA256
0470a4edc272038dafda3353f8558201055eed3f9d92b2766b4547a82ffafd58

SHA512
119a941b38a2479f7d0a49afce61a36895da93f0ecd5788ac1c2c032cd21f60fd48d6b2a9d1da6781800af93f52a32080884a2fe29dd595fd614c717667cd353

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
f9bea0c45ca589dec07f306e34773604

SHA1
afac68d7af8774a276dba528b247578a8f0e8588

SHA256
989c55e5d2628152ff20714bc04806af0267c021caa1563b84017ad3022f41c2

SHA512
8a0d60b9e3e65cef1dca5ec1699b1c195fa7bcd0c144e86ef454369cddc74624e3f47569e3b9ab6929898a94273c9b1dc10b88e0f6ba1a4f8993c3c4f0b4ad3a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
88da13a7278d5dd1b31beb15720235c5

SHA1
d58f295ea99e63cf870add834d16d6bc694257b3

SHA256
d3a5c5761d4659d48e4ed7b235ec6565379c1f75a3234fbf8e639eca8e6ec917

SHA512
691dca17cc54f23bd283361dd7cff05f7b6d014ed2930605200645307192e27a06bc98f2aae9ab782997874eabf3d10dd4a32d5f03b89297fb4ddf836e361208

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c7c12f4a5fd89fd899309376edfeadec

SHA1
394c1fe6838da3a33d8fbbb8d67844478b552cfb

SHA256
f593f3b866400b4dd97c1d2de649b4857f08933247afcc9ae627c3b8cb6c9fc2

SHA512
41adf9da6c417cdb709f4c21f2caeff52961a5668f15975fa555ec5b5e62ac592c3e847506516885e78eee89ef87a1fe902aac8e355d3d657248799741426e5d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
445aed195be0541410018661967017ca

SHA1
29f173019e14ac9b56e3e892671779fc82fbd94a

SHA256
b3498a2a395e2707305fc5a0656d2575ed0b0eee8104d2419d15bd58bade3617

SHA512
6a47708ffdd31aba4f4f83ab430c2ab50b636a8f8c533397b578ffff55a4dcb49745c7954dad21f7bb8b914a67aa097b8e9bd48e7fc4697f64c00f3eede8c1d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
716cc19020493a9d24730b6073e7f089

SHA1
3071e2d09899aafe0b92d6d650a5028e73d595b6

SHA256
bf6a61de725df650b8d52799b8764f9349892aa66f5ece56534c68b8d6fdc39d

SHA512
62509dcb4fcc61ff9d758a597e9a9a6d94c6a92a7373963d8a628b4fa1c37696c3b3870e91bf6bc560bd39913989ff013f92aa87e5e0a04fe8e0d6a56c2f5155

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
3f21ed67635419592dd2009b8c76d572

SHA1
5ecd9eb595ad941c64a286eb07d42f8b9aaebb09

SHA256
a718da1eb8d1a2607dd6a367d66138e45abe623c1d6c0c15e9e6455b6499ddc7

SHA512
9657692d8b142558a4d18778da923c35f599bf492c2b3700bb0ac33dcae62d88b58b545b511ae6aed8e6e328b7b73321daf94060050816dd1042bbea2323b583

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727655840085328.txt

Filesize
77KB

MD5
2212fbadba298476556a1eeb73cff7ea

SHA1
36d0ed7d8d0b940a014e168042fe525eb4aa47e9

SHA256
8ac870a62ff7a38b505ed9e2ec944bff29245bbc6e7481411077df4ddc0eac4b

SHA512
999d4df64cc03117e557ca571d92c5fa1c779128518c452cc12ef1f977c33c8fa39c2152e884ea5000c69daf04e9b39a12b93b354742dc9a4337527a262fc7c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656363999749.txt

Filesize
47KB

MD5
f40ebd01791ee66996737736e0cc15da

SHA1
c4242ac91648aebc1e9ab532ad1ec4fd5623a61f

SHA256
19655fa5910c75ca45b7092209f94336c301de7a90f79daae2e5dcb759fcf820

SHA512
ca45d53f6d6887ddb9fadc3555e9f397987ae228ea0962af6eedc415d1e800f75c809a1f16959214835e6c021ca017f267c89336ddc4e44c14caf1415d669fec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662640605367.txt

Filesize
63KB

MD5
20cbe0957ecc42fa9256a49d11da27c7

SHA1
18d30a85a1b67575eee0f966b6e27911bc815c6c

SHA256
1ca417ac39691a51cbf174fc5062aed2a0b48da6c61d16cb9c7a46863f28594f

SHA512
6f9a472a4821ed08e2c686b47b05ca9c2687cb8459ec467fe752814655002160559ac830879485c1feefef71318bfe008eb1cdd4b419af62026285f02fb8ef5d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665714398674.txt

Filesize
74KB

MD5
72ff63316c6d0b3fa97206c79e8d427a

SHA1
873294d14098a815d15f437da4aca5589a760dab

SHA256
a980f51aa93c7ec2381f0ca6d0bc4b9f1e837f6420fde262c2e4609d68464f40

SHA512
205047283b28e7b9de8b532fe600bb9e8b5993923a7ec125a00ffc2f9522a81b5d4e00ee6303da596e4102ebb01535dc2ce504a6da12b20b6aabe95ecd1274d6

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
36a366b8127d233e11eab540e23c001d

SHA1
804fbbb70d55ec67963cc0cd4b148657175cd457

SHA256
a4198df9cd9448ca9420ed544998ad2b82763472e8fd4cd88d489f730d8354b2

SHA512
6739ace12e7d14af0ffe32755b6d087b01c729658cf967ecce4dcd30bbf3c3c381c679c0ed103ad2fbd946a08ff80a583613554e72aa991bbcd8087a1cc1db76

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
5708b378025b018d66a5b6df48c5c444

SHA1
4707cef2320695e5b5b23497bb32ac788f509c1f

SHA256
f28a036aea710acafead179e4a73aae0211977089670ed340dacf19bd2c31b7a

SHA512
d997ed59f519d0bbd856ee03badf6afbceaf82cd0b73cf00efd8085ca6ff85398575b393dcae14c38c040fe8ee47ce236dde608693f4f40ed802582ce6dbb154

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a19857b55ffd0067051d4cc3461af6fc

SHA1
5009d9afe38baaeebbe7f158718fbd0a48d1c22b

SHA256
84287044e9607710b187fb91d2c62e3348f6c4a9a9591b4d18e52814b96e5931

SHA512
f6552036d93b23cb3c80c2b9722d14b58df7979337b07ffa2e8d5e87950b92aff169da434d236287a8733b5a32e148d30931620f218fa0e72f46bfef95dbb3c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
51a391d22768e052c1464b1d3c9e1a3b

SHA1
08643f0bff684aaa6e1d76c7c472546b4c99993d

SHA256
c1cdb7f9978f323eafd058c54bb47eba433ec051c5bb24284d96b23458d31a2d

SHA512
4dcae1a56d9bbe503e62beac3077d1e5f9b53d3ffc53c739ebdaf99d5207293475e0e4463010136b5c9a0c6497d57ba77a0ee52a094c7e112770eaa36ece0b77

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
60ce37071d6b45436aa89f01fa7ad313

SHA1
758280f8f6c8ed7f885c7485d0edf582b2677d15

SHA256
46ae19a1c04a73fd18d74ae748a210171065b4f9ef96e1fa6fcbb9a3c638415d

SHA512
34285fd308fbe98e3def073b96556876469e7e49d78ab0e126e5fa97b70fb27fa5d00b806006aa1d5b5f4654c4b49de20d74de5fd3249f89d63b4185ae7363e4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8fbf9076132d3dcb3c0ccb02724e2ef8

SHA1
f5f0bcd6aa3aec4c07620f399ec48080627e2ca2

SHA256
d47834637eaccbe92a3894a8d8c050db03264bcd6c3bdf8a46ca1fd56a0f9033

SHA512
15562e3c17e686e1f4f245934839394961b085afa5979a6fcfc7d04d70db7bb94299a2570cf2573ebc02754e9f8daef5772b935ca95ed5ab61075b5713d7ec64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
21eddd02f49ef84246ddda6a71f5950b

SHA1
5a54dbc42e38dfc8bd7cb5630d36292dd04a365c

SHA256
b1bdd0829133a187cff27efaf842addab2649dbf24a0c34d1c04d59782b15d1e

SHA512
5f16d21eef3fdb25b60282a9f8b205b21fe9c59510703230089a951d59b7faa2bd1057db3186ca9912ebfa8527a5899e6c262644eb622a25501da27e7b2d92d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
0f8636dd8ade5d28781b9f5b21d279c6

SHA1
3a83fec25152806b1e56a81162bc0195a35e05bb

SHA256
bab17574b18e288c1ecfa5a024ea5a9fcdc0d2a4f7f155ed5ee653a504ab2509

SHA512
fd4c1e53d19a49ca16e4571d5b4ae381bddfb4f099182aea106a8b15faf987e936ef4b10ec924efe7c0e792e9c4fc0c7acf1403bc7a7e2eafc96e76ad6b376c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
823f4fa12008603fc4b961065b4f6a26

SHA1
fa3447472ea22212795548d53f8b5e120fedafd4

SHA256
29b2998cea681a0c9946f8849debd5060821ef064729a76ba7e54fb3e8310f69

SHA512
45bf7a7df25f44421a742d44fe9f0f0d5afefb73ab0b646701dd2a48cbc9c47acaeed1782d8828df5644eb35727c01ce7ee82b495544a855e163aa2a1cbdcbe9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
e8cfc9820d9f10b646e52d8e0b8e8a2c

SHA1
75006d292211b3ecaf57cf6f921038a7ada89c22

SHA256
262d79afe093776c8733fc1f2f67ba34adf2779748de77ca3beaa4d2a16166ea

SHA512
43af2f4706927e8e7e5756731c5e0306b64865f4a81ded7382eab6ac82e57d0e17301a095ae927050627b2c643f296110fbacab01d892bdf4e4df6bd92e6a79f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
d56360c0f635c04a91990682f4c3db04

SHA1
0b0665c20df39248542f8a81431c07fd31b3dc80

SHA256
bde1dff73c3a8615fceea7cbefb95a5c49eba553dc500081aeb1b217b82bf1f0

SHA512
76e927d326acb23f75cd2c4126ca8078e925b671a6092565b6be954fedf52102693a8fbbe3d89b280f0e8ef1e89e3fc78e2b55361778c4c6f42ca91048de82ab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c6687e7dfe2e687a16ca5b713a25adb5

SHA1
cc243193ddefbcd00e824a80878b37e4eb8fcc75

SHA256
5e54759105ea8258814ef857d936cbd0dae767192ef923ff9a36dfd7567eab99

SHA512
00dbd85709d5bce4e17542f3f7428fc007e53643a9b1864e87954a35b5615a69ff22421165b90b872744a2a8f80fec5880431b5a4f029c03ef65be6600cb9027

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
0f8ad33aba2df422b6d101a9f7c7dee8

SHA1
5d64aff79b855f5d02c1a1292787dfd58f21654e

SHA256
6fe51a010c0f08c69be3b84f114e7b4e79b8b42fe4d74eba24c36eed35babbfb

SHA512
2b981a22209e278c29bdef1e7f7bcf9542bcbc27cf21a414e8f04848b95abf9b8323197f0b0c464104a17ab4ce0443c06c62a2cc151ed063293f5ddd9f34e03a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
64235cb9f62848d6010d390bb07e4ffa

SHA1
da0082372d80393839e2c945227775fd6a7cfeaf

SHA256
c22cb1aee90bd1724d54500eccd8e2fa2f0db99213c6071278b207bfcf9eae9a

SHA512
132832c4a49104993b0bc672287f55260a38b9320a8722a26f50904abdb91fc8573b177f2b4e90441fcc7b8e5f142a139cd5ce9ee3ff85c9d3c8801fc42a1881

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
469a4bdb37c1f039f74f3c8c9e64ec11

SHA1
9a4d761bd4171906f66efda63fb9bb3a6b0834ba

SHA256
46034485cb23ff0bf77514c59ad02a36a95d4014f48a5243213523b8e7340006

SHA512
f351d595b2e1f235baa9465492ed33aa7b853ba21245a6cbea66ab71e48bd8af88248a4079865390624f353a17b9be82e60a678c13a4c967dfda2cd539e85d2e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
788d8d5a316209a85667e50a55cbbc09

SHA1
3be536276db7122ce26a76bf179e53944070b448

SHA256
c71ebb551ba49a67fd4d1d0fcda21d3f9b5e917a56342a442564cad3068e96d6

SHA512
96530fcf0c51a19e92a6360e6ef30e2f96466ab219985456a642274e25898e7be4c39e2eaeac49d1a8785d193d08e87f982fd1e53efaf4b5125a8ceac93305cc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
da079b623742e13545a75d4b7df78b37

SHA1
a9af1b2f5e6bc69079a6f5c10e4c1b2675f2abe2

SHA256
61158850c7d8fa06b41204ae1439b1d95d8b8146dd0c2d0c28ccb8a8b962ff71

SHA512
473a7c0340e7d04bd617da511821dc96e5cf50a499cdbfc7c3cf8762385114699cfbaf186258b0984af09d022dae5e23c6f25ef64ea924931367f84269745183

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
b79da84aa1269f522e0edb3a3498bd99

SHA1
388ab15589f4201cffd9227fc9bbe16e6a4ac504

SHA256
4cb6fc2eff576844d8928d5acc1015bac06cda9b45cb037a8b7cbbf756d70355

SHA512
490351b70e644d9b8625ffafc766a1af0ff8389c93d529d48d169e403628c3daaefca2195ecf0756e34f9caed61464b62b458f13528481c933febdc6c3de1c46

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e5d75f7234aee9164c86a69569645e34

SHA1
c1663ea6dd5fee4e6be65be73b6ff76b510327e0

SHA256
dc504efacc180a96d59ce5aaa9c5e646e888655dbcd35f7d342b6201b35031a7

SHA512
41c425394ec1d878b6879c793201aaea77fcfdfd16dc98f68c077084911fb924a901f9501589dd6abc476debd6b084900f3c5d518e283b9c140ff8a0a15fe57b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
45a5d4d266939775610f760c1ddb914e

SHA1
4c0ba64332fee104d6d17576d735b2bd90e95445

SHA256
db37e4b34f5de1a0becccc9ea888abb7f131a9eb395139d6477b57029c17aac8

SHA512
cf250a268bc5727542f5cac42ef81d2c049de64f1e6d0c996a7b61493ed0df90544bfe30639ddf5a40cd28c0e634ff2135225fe40bd2c2f8747d00808820c55b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
a397e827bd7f0a25111accc36c59f106

SHA1
7a97a925975c3c217936aebfe53f176cdd94c775

SHA256
9694bdcd446e587b4e63addda2dd5708d005ab61e9d90c4926d9431a10044f84

SHA512
92ad139a980bf9932fa2e672ac2224a304b92b72f08f95d131a80b1a86ab1096b74baa0946988d19483c2844bd81fa5003421906c8dd0af78325bfd4049213ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
b17070abea08b984c5e8f6f49c18959d

SHA1
0bce3e7c91110ae33abb91afc6ea20413753e2b5

SHA256
743f5c89773ca430be101007d3eb82747806f5a6e79f181cb79acff7b33f52d4

SHA512
5520e920640f28181ae3c5f1cdb5723be209c193b92f8dfd73c454475ed2f04dc9929d1c6d2b25d9aa577d0371227803823c85417421d85bcd018a2fdcc0d667

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
815fae8a221e8513337d36392d8b8ec9

SHA1
e95dd5082f9a1abbf9131018189e3c4bab00896b

SHA256
0c4e752c8feb815dc4533693839d12c7f4aca3cd5465b17823b3069f849845c9

SHA512
2b849767e6b2f3073f546a4e214dd3bdec42d2e8e3c970570cf983aa7b6e4d466e505280ceabbc3adeb5553f291b6427b1f4b56cb7fe5562940c8f5f8ad0f4d0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
6d1c9bb599a3b66ae3deddd1505dedf2

SHA1
4df9783c8153ec0ca796996e1cc304fb8dca7bb0

SHA256
27fe5e79d989e0f29b7b62a118ef31d4e58d2c15aa9237215fd8b9df0ce021d1

SHA512
7850e2ca7f456c6202f19b0893a732a9ccabd89f63ff84b571fd9aee9ae87a0764d733abec178bf9bca75f5fd81f22f480d259f72d083fc18536eb327f9373be

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
79ee3edf3ee7aa4eeb4f418be06cd1c8

SHA1
f69d0ef53dd902d9bef652f17b7513d24bc5d547

SHA256
7ab76b3ab165b067cc734ef14865a8391af305e5e6444b42277c9000518de8cc

SHA512
d38b0e15d308ddbb38e0f8a4c8f704acf623d4c978f3aeaeea1c698630f8357e50df0a40781f82eea0d5264a05c25dca73d2dbf100158329218565381b7f8d61

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
87b9c5cc4323aea7474811029f0a2393

SHA1
33fe0c76c75accb8f6a2767bb4f608b3edfca6b8

SHA256
b8f5471af80e3ed10452a345c5a6bcc3c40ed34b56506a274aea74e08651a747

SHA512
d370180b6c38a1a9c7ffe4b94a8054b56c1bd50eda190d7ffda58ab8a9163438188778633057e77850a0b182aab3e6b90b976bab6f6bca1d7959c8992233ef4d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
453c36e3230f04e20ba8418988802a3b

SHA1
23d1e4546dcc81fc1b98fb8283f82565536b1db6

SHA256
59a50e43a938248bd1ee8645f0a6c3b2df67fdf61c9a50939fe0ffdd68d32664

SHA512
5c8121cbf5f4dc39de08bb0f022f32970d401d8b96299fe4d8248d20fdae6e1141382930f9265b051a0b648b9417154a3b9b076186ca078fe316bedb0fcf1b97

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
b62030c11c3358ce89860a8d54b76633

SHA1
a8fb389baec8254fa01608ad4eed27aa70596234

SHA256
33fa71f652edef26c0ef5926dd675ea184547c9ef5449747bfe04a6059c37d2f

SHA512
26e646bbcb3aeda65e41205678890acaa781a0280d2cb1602ae2c8da3c1d44c4c3e38da1f6c2abc38f2233d024fb8961f3ba4b725d56fc74de4632a0e4759c6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
cff924e0057269e4bd251c5bb1662742

SHA1
4f6e8493c5fd48aeb49ffe329b8b566524a4593a

SHA256
71d8fc9c1a26c3cb61156fac0d159020a68fe166a52f9edb2a2b55bfe4ed804c

SHA512
769bb58d37e95d796a7699d774dc69fff3dd7153ed0e2bc693667d76deb120a29af2f13a78f41851a1cb9e649021c643c2c011c644291d52b9ea8c43f270b43e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
8d296b6e23970e6a2e54aff043893719

SHA1
7c6c1447a2ccb9526ed9e8e4da87f8942452fde2

SHA256
dbe4d593547d53b90a14ae3d915a01df52b7a8c547781ac7561d418858e60f13

SHA512
bf304095f1d71ec409b0aa882b93ddc998aabe3e12f67916bd1c548d7110aa7a6f654292c3a770edb2b4e0fb322570882201372b8cd099b2fe3a1a2fc6ed3bcc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
9f9c0fb5a7be2dfdb5cbdf99d95d11ab

SHA1
b1d7d27aaa38de3db6d4a4f038e9fad343a77d4c

SHA256
0fba5b286477f01306fab1dd99b0ca37bb2cf29891cde57549ec12fe1bc3b3e8

SHA512
6aae57b69a7a14546012adf61f12fbad215bba58797270af4ff37dd14d36cbac15d8d2e707b4384c07a7dba5054bd633162dc10265f27f8e2e75efd80a3b894e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
0b4ca5dad2d8a75ee71d2712853e182e

SHA1
f53f10a776fd11edbc2a685a57ff712af2c43cd8

SHA256
f97755d856863474b87063f0a72c4a7dd5e99e4bacd7b3a51469a71b6ecd9154

SHA512
404575548a43bbbf5455889260ba8e34446640febeadedf6cd7e53254bf236c4116644a02125aadaef28ef5cefd295b7e2167893af576be973bcbdd3e1c00951

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
70b715ff01c48b2839d62b14384c3d49

SHA1
f0c0a96378c7b48b341c7a06d6bb40ecc95239d3

SHA256
c1630f6aa132e3d179bafbd13516b28b6496d29c64451849a33cf0ad2c0eb639

SHA512
edd78a865be71bd88ddd838b5ec7272c2b0cb5b2325f9e79290dfcb35d23bc9fc98dc0908feecdefb2c61b5a7379cbc4d8b97640a668214a05ba44c04d1b4970

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
53ae79fb3bc8cd624ccaa6f14117e80c

SHA1
f98251d93d82af0b4a1b265c9e99e1fd606ff835

SHA256
986bed36dfcf6b72ba523d796f94af6419881458d8bc99e8fb4c125d26aa9b25

SHA512
77a43955587f6974767a431ab13c459541219c29d6140ce2d60cb34162132fea0fc43ed4ae87c577d5ac38d14fe902ec4e81af55aff16bc8e9ebd8d220f45b2f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
c82711d09383d88f2eabee68818802b5

SHA1
4bc372e4ad65429972e4cb9a7225f82227c4b379

SHA256
7b3b144d6aa181d5dd77673f459799cf4526b440d0bc764b9065f8cfac1004cf

SHA512
7d42ec20a11a3e2836aa280f1094623a899a7537325bea004c14ed4ca4391eccbdff0c348447c57ecbf2a121cc32ac72754f1943186217979e7465a04929aa44

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
5e7137ce066b1694c34f26b9f9a2617c

SHA1
9c32cd3230054a4c6464e3df4b49e340dac471a9

SHA256
a01cdea0a70283c77f999900c1ace5a7492036fcf9094cb35faf2ae040f779ba

SHA512
5ac18e34d69b8de74882294511c7fbb5e289ef1320955aac03d38e098fa3ecbf697c8aaafd987051c8f88c74d23250b640177cc14fee80fd8ae7ebf2deb5a866

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
e8144f2aa5b2827ec1a830f0e23303b9

SHA1
7cb98a6533605de101604a3f47ee3d5431130426

SHA256
11274f8b6b25590f628269bcfa8dd9a60b07e12fc4ade652b6b24bfc807ecd78

SHA512
20092000c207eda26f61e9dfdf04a866cbdaff16282ff4a0362fd6e8132ac3df2ca8184d6a0b14631239f5f3b1c6803491284d6f820d4e89e20fac3dac6a34f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
782434e59cd3da37d24b343cfecc2ebe

SHA1
2cd01e7544fdd70dc1eb27bfdf6420d4725165a3

SHA256
58793ff0be72171731b5b89980a2f6170a3c331a61985c4cd4b83116d195e09a

SHA512
adb0a81d9bfdf19585296662c8a7e96b907944722fbf62fecfb589488818ca5c3e6ef46e6dffd662aae408a71cef541a390266f8453db3f2de6ff1fa1e3aedb8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
5666cda9df7210543088874c1a63c6bc

SHA1
f30c13d4bbd0e8bcc76b19109a649dac6bd3e241

SHA256
8eeee23a408bae1a1ace4a9765cafbc503dcd5f690bc308026ac34e464b4fb4f

SHA512
a825dde2002557abe9eac826dc766354e84e9047936d3f7627dc9b40f7276756db19f1f8120327a5250dbdd56065d92c895b86745260d1c6a793b3a4ba9ce60c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
01d2ce404a71902d632e39753c3dd9ba

SHA1
c74a13a2a49155fb1291e431f5c2cab4898e22b3

SHA256
d8d1d591e4ce5f2a2083ee8f6489d8a44075d6a94eced35858780c600a00f5be

SHA512
5bfe8649fe22cdb2cd2648f112e62b5e778443f06d2ae32fb04d5e20e148ff07e9b2f159ed777686dfeefdec06becf23fcc69400ec076203a9ac70c54196c238

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
f9b06ea6734801c85c69015d9a752232

SHA1
de2573406900d4f497890689be4e0166992bdfbd

SHA256
45818637b599b3fc1ca3b8546e4a9018b81e9ff270f9a37e069a150c041198db

SHA512
3c700f1b4059c277edac88d8dabc3e80f8708bd67a6dbcbf89d885ef56eeab79020178230d6d8fac8ed7968e0d1da5fcd8e2a9197defdbd0a0f44933099a6231

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
70ed914e8f10f260a953095fe72bbede

SHA1
1e2f0c1b2925ec99700b8fc63aa453a70eb56fd8

SHA256
5720273ce27af42e0b38b48df72720e6fa6d16097d163b821adbc1726cc3bbdf

SHA512
89e832f661d20e2352274f0d88dd2b62d021cb3df17da7323388b9a6264c62df2ae5fe0fef347a5aeba7c8f79d839a46eb341de1aee673b3e0a53d90a5b5f9ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
d386f5c30265f879f4d37f1d5d3daf37

SHA1
9dcaf6a29cf08194bb1e2759e132b8d9568fe19e

SHA256
bec7b4911ad934f6a0dac97b452babab3c741cfdc945928caef4dd16e858110a

SHA512
ded9e024d5574bebd9537104af4d959ec711f2337eeed2b5b3988fc5201c14a61294df19542a279d2fdde176f2d565238b1a461f6aefd50645e0f95698bd0431

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
fa6e22acd2bd44ad45a5cbc3d0cf1c9c

SHA1
842e3f0bda6d7dd42c0adcda3e52ace7e5a0ee60

SHA256
77aa04c98d0856d7dad096d3b7e56c311d846e6211205e2062accf318987c4ea

SHA512
2e7d0ef97974e7bcb2104a266e006645e8455effacbbbd59b7994db1b0d5be0de3ca85d244d73c2070f8d9e682750e6c4e88185b070b0037798933e4edfac659

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
5c994e0cb0ad8f974108c0da6a284f75

SHA1
830ffc12bc79c62dad166e9b73330801a8c1d7d2

SHA256
dcc55bb61b56406b2ae9fa3a9abfab4457c0bc85b0022de3badb45ef62abb809

SHA512
7811d49fa0405eab687727a4e0a70d1e696fe9dda45503b1ef0db69df864de8a212120807ba887017428472c31dab4ca321691ab3eb2ef47c747a4dadaeecd3f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
baa38f77fe2234b53f7d05f977f51223

SHA1
a0b989189d06194c78e3d5ea123b9c818690188c

SHA256
1a94e8b735a0451e3e2ab0d96a0f5426b4f1b3060f9707c2020c72038b249281

SHA512
dd30185c348da7e127e5789bc1757e6e023830a2c0d3ebd74f8c75b077028630cc309f8118b4cd98868c223e6a0142e2f0cfb9ef57294076c490c03f3299b72d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
64914a49b92842238ea60c255a83bfdc

SHA1
36a11d48f5fa32ae5db1f21e743f40e56a6c357c

SHA256
a90ee04d6505024293b2bbcdb649f9c9d546d2de93815c68056f58ac887ce88a

SHA512
210d2862cc0e605b880549524b8a59b65a6ce519d3fbfd9afce72c5a9df06c2c86b0ba14e2a363b1c6143e26247c751823f8f0ff57e1894c9cdb09905a683a8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
d2670bdcb333c2cb7763673a1b0d5193

SHA1
a41665224a6052a1e862bcd5744edcb0e9a0ef65

SHA256
c8f3b048aa67f994b700eb15a29474046cf7b283efe55203d414fb903c76b6c3

SHA512
f0a37d9050ea1dbf20fbb7af8491113fa751a3c3fc431978b4dbd71f48abd34850207991f4d372ff22564a4990ee301a1beb608ae5b6d92b61584b105d3244b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
7242f8893fb7eac6008d4100a5ec8ae9

SHA1
caf736e36b748285974cb337107aec34d211afa6

SHA256
d2dceccf54d2d919126543355326dad726358f809aa13d12af8f7a626d4af855

SHA512
201ad5906c83740c852e663f8b457eff127e6077c6d486b3f7438a16f34b427fc84f2dd1c25eb1dfb5b5d611f0efb67ba00d188990ea4450b1da82cbf5db8d6d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
dbeaa18d3c253c586fc064a52f382d93

SHA1
029bbff4fcfecbc423f18b52ee62998c5bd99cde

SHA256
797ac8f6d61c48a865dfc45c729fe5c022ab139ffcf15e5bc0376b40317ab84a

SHA512
9794a2e1c8d8ff3b9678a43b0220a43dfaeae41966bacef6c05de745edc516d017b2d667c3f426d52f2b7a562229f733f11721475792e1c6b7d4b2acec5f4523

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
dd6bccfdcb0fca4eebcf495c493c9699

SHA1
ef1c2b10ee045f5d813060a87daf85e91f0af3a6

SHA256
8ce94876b525ce7bfc6b1a2c992b2872d7aae16d0b27bef259113589778cdbc4

SHA512
1d3fef527e44e359900f1b84e5c010d027e31adb465700a1d871862668249dd4a27618e9852af2efd66c2f3287bb5a235626734f6532a089f0b18e21196ec850

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d9675da4313ca3981721deb0c6d7ff23

SHA1
c314048c422e33d0eb8bb7fe5ed86e24cfd78cb2

SHA256
8e740c87b537d70c8d9767407901dfda132393b4c72991e6ebe67986d35c47a5

SHA512
611673845e98b442919b2bd2445ade354f0e877cc21b4bc9e03778e73b4dce478a028cfeb075640df3c3299f1a72307a5c01852b352b5fafd931d9fa055d73cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
1efee053d0c455948dcda5a127518acf

SHA1
10127ff97b1bdd86424278843b53e346f90958b4

SHA256
9855ff99e5f115621d623bef994f8faba93446d005cebe1867832495041aa91d

SHA512
cf1423731eceb28aa597a4a3653284134ab1dbba87fcec21b64ce109416c024b648dc2d96755a3cf089a2e2bfd7fd8f809a4fc7e54613b680bd5ab4fe6064bcc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
16f890afd1101d775a8a821d17f069d1

SHA1
0c3fac4aa60116e8aa749748ecd3d8a5612d3b47

SHA256
76b4a025e0ebb4ccf71262967675138f64fe035db6268a81f19dcbd7ce26f5dc

SHA512
d0fe2c114ad54a979a355626aea90616cc2ec5a17bfcccd8efd1e43bab473ebbf2689cdbfab4e4327802620b338ef1d693700714a36e897e49871f86257f92b2

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
e62ff99d6d1f400a6be175c7603a67ce

SHA1
64ca085a750612f8ca0aa1975cce2758786d45d2

SHA256
1634b186de83485aa0c26684cef51b190e346b5a76f280d3a3e3292f44787a10

SHA512
20cde19e1da8e6e439c92951cab7edbe85b230f5b453807e9e9302fbfebeafa0b6cfbbca325d47c9e704ae80e7a5c55c4c366762ac6cea65734f2f84e910de1a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
a1a8b4d54fd0194d910e036b47d32312

SHA1
ec2446330c777327ab9a64e95d28e01f60af548d

SHA256
83a9860d1e77481ea5a21303753c5455da65721b03cd8bf1f53288f083945c25

SHA512
5caa7726669633b876f8cb74ad14ed729d737060e27a8bd82e73ea79193e415fe386fc8e312798e69bb922cefc0a231d76b1e2157dbf40e7ee73cff0066fe776

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c340c67e8bd870b27709fd3cac522e3d

SHA1
0010400e4bcca4225a00073b0080e9c8dcdf4a77

SHA256
aae441ae1760bd0d2f861ea0cf44307c54a1636ed7bc56c61b20f10c9fc967b7

SHA512
16f88a4d01b546f187bcd419b0324da42806b6dbae2f275baa7a74ba8992b6bab3f6af9e1f64951c0eb9ab1bd1c8fb57c78e1da97a1ee1e0e86f8692bbf5a449

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
327f9e96e1d47f55065f78cf7eafd5df

SHA1
d1d518737e4b72f13d32e4bb18c6bd8a65603fad

SHA256
21aa999a607588afa1422aee15ded378a157c8cbbbe96091527bd56b7d319736

SHA512
1fcd7e9fcc203de17c5615e312cdbaa3736c4e5343c1e63854c2cf18ad757957e9a217c6ec1a28906fd7e08e41e07f74a2891c9aae9d50a6632de0dc0d215422

Download Submit
memory/1660-4430-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1660-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1660-11301-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads