xorist | 46e084c0aa41bde6122bc181754da29c52dbef8e3a3164f01ec3387b959cfb9c

Analysis

max time kernel
94s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 14:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Size

455KB
MD5

bdbbd93c60160000acf078611fc847d0
SHA1

8dc08bcb2540e9f3e75ca8d0d3934d145e15df04
SHA256

46e084c0aa41bde6122bc181754da29c52dbef8e3a3164f01ec3387b959cfb9c
SHA512

9a3bec14b4e05f05e3b88ff35e993472750bbee30cdcc1cd97c31ad3b1f8c8c40df8e9523c7f801e06f9c05871e01bf3a3c9a6caa5f35a88cf119c241860d40d
SSDEEP

12288:CuLJEVTLKZorUNufUgsT5HNUZWhaaLacQWFE+U1Q:EBWZorSufUgEND4C+WFE+7

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/1284-6843-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-6834-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-10780-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-10921-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-11208-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-11213-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist
behavioral2/memory/1284-11216-0x0000000000400000-0x0000000000482000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtualdisplayadapter.inf_amd64_bcc7550a6e285f92\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\networklist\icons\StockIcons\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpn1.inf_amd64_7e6108426fdce03a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netclient.inf_amd64_b7f9bb71730aaf1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\hr-HR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetEventPacketCapture\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelpmax.inf_amd64_2ddee95f7a5d85db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlans.inf_amd64_97cd1a72c2a7829c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_0e2452f597790e95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4nulx64.inf_amd64_641bf08bee8ac46d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_tapedrive.inf_amd64_a3a36e8f2c921ed7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termmou.inf_amd64_c4c8f901e3534194\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DeliveryOptimization\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMETC\applets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_28c103304ddff3c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_wpd.inf_amd64_0245a364d71cf6b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Host\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsuprv.inf_amd64_696bb57f8e3bab65\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_8e8496aa33c0a7f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmolic.inf_amd64_7f84203a67c210e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0015\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\knppcfhhkmmpcceh.bmp"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1284-0-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-6843-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-6834-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-10780-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-10921-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-11208-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-11213-0x0000000000400000-0x0000000000482000-memory.dmp	upx
behavioral2/memory/1284-11216-0x0000000000400000-0x0000000000482000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryRight.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-100.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PaySquare150x150Logo.scale-200.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-250.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-72.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jsaddins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-200.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-40_altform-unplated.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-100_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-40.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-150.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\EmptyStoryCover.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailMediumTile.scale-150.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-64.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-48_altform-unplated_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-96.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-100.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-40_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-unplated_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-400.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsMedTile.contrast-black_scale-200.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-150.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleOnboardingCard.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-200.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\SmallTile.scale-100.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-100.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-200_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\MilitaryLeft.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-100.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200_contrast-high.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-150_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-24_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-60_altform-unplated_contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12platform2_31bf3856ad364e35_11.0.19041.746_none_e96d63dc613210e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-24_altform-unplated_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_da-dk_8855bb50c8ecbbdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\contrast-white\SmallTile.scale-400.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ksfilter.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d32012875723e943\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-bits-client-core_31bf3856ad364e35_10.0.19041.153_none_04304b75e9b1037f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wsdprint.inf_31bf3856ad364e35_10.0.19041.1_none_79f1ac404875c784\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_clearCache.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setnetworklocation_31bf3856ad364e35_10.0.19041.746_none_ed1556d332a211c4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ui-xaml-controls_31bf3856ad364e35_10.0.19041.1023_none_95090027c7abbbb9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing.resources\v4.0_4.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1266_none_777e4c5802d14c18\common-header-template.html	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-getconnectedwizards_31bf3856ad364e35_10.0.19041.746_none_4307d8b3f589be78\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore-client_31bf3856ad364e35_10.0.19041.1023_none_48dc45a54052906d\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wpd-legacywmdmapi_31bf3856ad364e35_10.0.19041.746_none_41f8866202da94ee\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..istration.resources_31bf3856ad364e35_10.0.19041.1_en-us_9f803ef667071665\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\splashscreen.contrast-white.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-36_altform-unplated_contrast-black.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\23\dom\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.workflow.runtime_31bf3856ad364e35_10.0.19200.101_none_a7b891aecf21b19d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_windows-system-launcher_31bf3856ad364e35_10.0.19041.1151_none_58a7e1ebcc7dcd02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..yphanimator-library_31bf3856ad364e35_10.0.19041.1_none_d29eaf2ca019e195\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.19041.746_none_6c16d1714d60fddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.virtualiz..ent.rdpclientaxhost_31bf3856ad364e35_10.0.19041.1288_none_1c08636f2ac890f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..r-wlidres.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_084f42a441c6b791\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000446_31bf3856ad364e35_10.0.19041.1_none_a9bf24e736897f27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3a8c2ab6460b85a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.19041.1_es-es_3737c198592b5b94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..erclasses.resources_31bf3856ad364e35_10.0.19041.1_es-es_624b9348e5b71382\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-slidetoshutdown_31bf3856ad364e35_10.0.19041.1_none_4a1699e73b1ad297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.19041.746_none_476e348ff3b593af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-w..extension.resources_31bf3856ad364e35_10.0.19041.1_it-it_53a869f07c00626c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\LocationIcon.scale-125.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..pdate-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_13ff087b621f75d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_10.0.19041.1_none_b977d9566df127e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..tformkeystorage-dll_31bf3856ad364e35_10.0.19041.1237_none_3aea6e005e0f18b4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..gement-ui.resources_31bf3856ad364e35_10.0.19041.207_en-us_034a758b1fbf3096\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-deployment_31bf3856ad364e35_10.0.19041.746_none_e43cebe9807e08e3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Abstractions.Resources\3.5.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs.resources_31bf3856ad364e35_11.0.19041.1_es-es_3227d3dbe294b2cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mp43decd_31bf3856ad364e35_10.0.19041.1_none_6a243910908ea471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\it-IT\assets\ErrorPages\needhvsi.html	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ork-setup.resources_31bf3856ad364e35_10.0.19041.1_it-it_1f80b1dcbd216209\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_msbuild.resources_b03f5f7f11d50a3a_4.0.15805.0_fr-fr_dff09797cd0fbd69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-bluetooth-bthserv_31bf3856ad364e35_10.0.19041.1_none_6ecca0810842a5a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_eventviewersettings.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f9fa7d305a9bafe8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-h..trolpanel.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9853b0c46d765cbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\UIAutomationTypes.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-quiethours.resources_31bf3856ad364e35_10.0.19041.1_en-us_202bc40ad8846aaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wsdprint.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_84d410ff30a35b88\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9d8e5e65320ca92e49017f3043701e5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..duler-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_93fbe3f6a1699f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_volmgr.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_b05ef7ffd5572308\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\Speech\Common\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..p-raschap.resources_31bf3856ad364e35_10.0.19041.1_es-es_c759a6ba4911f001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.packagemanagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_5ed18ca98eb96204\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-installer-engine_31bf3856ad364e35_10.0.19041.264_none_ebb0c96046c6d932\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..k-transformers-core_31bf3856ad364e35_10.0.19041.1220_none_e0f5f5b98aa564fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-vssadmin.resources_31bf3856ad364e35_10.0.19041.1_es-es_677e7e6edd733462\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Assets\LeftClick.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.1_none_484e61e96e69ac70\StoreLogo.png	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.channels.resources_31bf3856ad364e35_4.0.15805.0_ja-jp_1dfae691294f35f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\ = "CRYPTED!"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "JYGLMMUTCQQBZQW"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\JYGLMMUTCQQBZQW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\m8m0ECBq5Amw3n7.exe,0"	bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bdbbd93c60160000acf078611fc847d0_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
411a1e246e98a662f77538a43191748f

SHA1
f80cceabc2c325efca994fcce0272d672c42d4fe

SHA256
e41bf539d5f9771825d49b7d4d346ff3fd7e52381dc344cd1d2d39beffa4282f

SHA512
a3d2c23dbcd7aea83ca4722f177188627a95b9f222ed49ae2ab75077226179dc0613111af5de0b6068ecc6d7d41fabe0118602dd50d117bd69ec8eba8e60341d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
9ac217982d706d3ca52bb30795f3dee8

SHA1
21c0b66f49b3dfa8d6189ead32ff9b219a8c27b8

SHA256
589d18eb3011aef029fe3c4ecfbdb99edfdacea192bb7c5da5e632bf2ce65813

SHA512
1da44eb083b5d902969be2380956f0edff60a28f53e5268af2769f70c2174ec7ac9332a8f7932547d5f19932ec8b7db8095c29d5bdf5793499f70f87a2fd3df4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
aa2753f0a7c4345b79d8bbc5e2bbfafb

SHA1
0b9f77747a4deca6d7c1636a1fd76d1c5e0822f9

SHA256
ecb221f5fe34fab19dc2eeeddbb3e5ce27682578efef1e8cf4893bccd7455c24

SHA512
79686f0f510375fa254a7df568224ed83039b693af25c446ebabb779bc147e8469a522e04f4d308565b6eba457140cff6c5668c7a36bb1967f71a13e45dbc3ce

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
0d3a68c427072a714dd29d398bf4dc26

SHA1
9f8b9d154452738a6c88c2dccb54d467af75a1ac

SHA256
3c936cba05e0027b759f59014980b9d68938c65621f7099307ec12b6bfbcdabd

SHA512
351e972247ad82e9b58eb9bf0af1fe3f25be93c88cf601ea7abffac472223f6d308f843083dcc68af972e2295f4e3681dd7a6b08444269ccb51a3433296606d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
fca194a894936334f76a1d244998aa1f

SHA1
088c24b40a702ed0c266ee5f88d046595c1990e4

SHA256
be7131ec980725803b31a9f58cedb9308b591c312a75b8ea20e63cf4ed4d9d89

SHA512
54fe8bd12f09fbb0caf4a77ddd1d891e25baf4ad588bf80cad73366c420c3d0c9242c181f4850302bd028c519fbb7d90d596e9a11a842a87d95c6e2686cee72e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
a759f58de5e4f3685b6ecd3786d2f28f

SHA1
0868bac6b762a0c9b110e0909c1ecfa3ec6831a0

SHA256
fd6ef79ddb037d51f2737e95b2a3fc2cd08e16b67222c9d25dbb44b43bc45ccd

SHA512
36933d048baa3546e0df1f232de5ebfd67ba1f945ae86d5c328778753204aab5bc064a0271ef804b024ccc027c6c3ec1a3667fedcf7b31b1deaf7fbd648a0f67

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
cfb0f19c35591992c5e5d7788a2e5a17

SHA1
fdd5ce8e2c20e82259ac5928619b9d655f88b92d

SHA256
dc8b84bfaed2db2ce878af2e9e40783b93e59cf618299f11f3d4e67c8e29c229

SHA512
35e2e4f31446ee850e66a49d2a901b6636e6189d3a548cc194a80d16c331450a9214d5812ece7e240627b70d25770964cedfe8261d5d38bba3f88fc56556d910

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
faa0e38729adcdff80699c66f0ea6bc3

SHA1
1d86d775009f005f1300df91851800eab407d5f7

SHA256
5d177210cde31467857d5b254a0ff79aeed36210f7549df38c3759b76b5e8aa1

SHA512
f1c9e33747eb2e90256b71cbda0d832f3116d664c4c228d8fef1c36cba2645122d40ab3752447dd58946d69bfa9ad695039de606a777c6918e545accd1e7f450

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
4496566100ddcab7cd3aedca918e4091

SHA1
5d848bc4e73f22403a71c3232d0e045d9db9c630

SHA256
10d93b355ef855a085b120462992d0bbd65e4c653ada61f7de7f85e82deb01ad

SHA512
24e8d7f7c39f86b6ce3918de644afb86901ab62e275054dca27fe23e3d7cc11528f0e99a24c9fa1d86b193b6b240db4f76e5408b6d60812edf004ad2b26b7ef2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
2d5f0ae993aa0617943a9674144929ea

SHA1
05b42cab67e758a6514c3a870108cf4344d29c18

SHA256
6b4f82a5e46529135cc163e52450e3b91fdf6ecb62734e5eae34d7992981108b

SHA512
6cfabbb617151cf934d432d9221ed72097d38997daaf07c0bfb70cca648dae246f91782782a26c7fe349b4a5a4e856c7e856c777375d736e8f54d7dafc19231f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
f2b5609444db6002117caba66e4e438a

SHA1
0ed8f1efe9a8521d0a818fbc8f41042aa97e9290

SHA256
e4e8bed0d5f80556304e00259942e6fe213e98e35bf570a626b71da1714333fc

SHA512
3290dde09cc1be0271ff973ff00d92c9b95da6f91138c3c50e824ce1f361b89a64168a129310352e7a57565190c65d91c94ce596190b33a658e517b8ca66b14f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
324ea3509f4bd0fc89cb40666ea3964b

SHA1
b3db732e79e1889c2cdd92cc633f953cc7505c6e

SHA256
5e42f0fd3f1b347e0b63110ac916f2b3194f9050f7ad7cf08ceafc6e022bd10a

SHA512
23aee39a42b0e02ead6b596941b43017d129935f2a09c4cacb185bfdc337672596b06936617704e8aec82bd0163629d4d7ea7464f905e9f43da3d83d9716583d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
412c3f8cab79993f221a3995be683c69

SHA1
b7f8bd29389f6950be58faa8dc6f5c9b4857f665

SHA256
5bfb216bf29273e87b03263d7beb09af1c97385cfaf093cd956b37134706b8c5

SHA512
4d32c9e376d79cf4b3aeb2c33fd807e507be5d0acd58c745c0eea317d287bf645c37549db9591250312394a5e3acde49b72f505cc52d1f278d479b9e1421a56e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
3064e700e7a6b4704e7fe758145fc833

SHA1
feb62497769645e9a305e3d883bc07a18e1932b9

SHA256
f35ab4b46e2a2b8457295d08ead5aaa97631c2acdc26d227c16e352726f8faf4

SHA512
5201ce17718f4ea125cbd675ca2b2aa775d4ddbf7325998ea8039978c2c74223f18579b96077cd97cffb6965714e4338ba532c84d91cdaa3f40d39374688fa58

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
5ceb3c2c954422657f22fb3512889a81

SHA1
1f8795fbd13ba59aba413343fbf0f4a743aa9f51

SHA256
1658865667ec7646cf29c8b4820b6f6b7d72bcc4e3414ac94d28f0bed501b914

SHA512
631f6eb793d3011f8227de4400fce259a2af9d643d12503d49539ef2c1d99fecc139e1ce9501b837a11457b2288505098ffe93637974fa76760ccab513f404f8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
71a808f6ce0e8de5c4b6d523124efa12

SHA1
5584f5f7fb10c8a522744ba1e2e9c3d4e33ba117

SHA256
d76fe7daf2533a01a152923c0e8cc9f3f917aaf815d8064ea9bb33f2f364845b

SHA512
92ebd8ed1009ab34e8215a3eb3f1d38ab523c46cc6b6be80c6a62fe96fd9b2cfbf0c8f8643274cdc5f33e60bce85c22fc0b211eb2f85a23fb3a4f83f0d8b4d84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
19737cb758ed94642a6b4c8a899161ea

SHA1
08ef4867b5ec9df0292e6948d73d53deeff1c549

SHA256
90cda8ad501ed9562b9241ea490cdb05c3b729d5e725e011a484a8639b1c4f63

SHA512
72987eb2d9626756114904d6aee9c1e7af63c47bb887d4aea4e62e50be0381fd0b247c5968c73d3d277f0cdd18ec5bf8e9e7beb457f44e8f4a010c46f177e80b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
7a94f498ad79048544abff893544aeaa

SHA1
a1384c08958477f25d1eea14edbd0d5090067a3a

SHA256
141d2f5c9d4210ca896735e6e1fca715d4647f2c6106e791b92cf4f025126134

SHA512
b2f27f836873f86171915f2db77bbc594c7c526a4801f4ac31bc0b96fe023e5b85e283e4f9c28780016feec9f781a36c2e3a6c0524995511077d336895b7f493

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
83851c12eac5a338c9f68e1e63cd480a

SHA1
c49c5559878c1aca75b082f69f178a2ebfef6154

SHA256
a460188dfd968c6ed1ea54ada1d2d8c441c8a3588fc1179fc1b2d4e9b9236693

SHA512
1754ef18c995b86df88a4f391442419595cde3d9d20c39b405431db68af8ef3446437b9594e4f98209dc709d581d075f6a2068dfdca677050064cd725d39f050

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
9a3d982d40deed8842ede6c07d5c1d9b

SHA1
539f1d3e0a0308eb9af1f90da309252b9634db6e

SHA256
b1501cceb956d619e3032fdfe2ec14a9ad237c1880947aec7b8e387ab9e09115

SHA512
5610fedd36fad9bdf29e6bb8f7f2659a0018f2a6c99ce108af9dca601f4876e22af18e7323c24b284e4b29dcdc381b449a7e8a23cae3daa8f2988574e6269db4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
d4a3de7acb020bd46dcee56b0d69ef10

SHA1
70a1d9d93b0c05a1d83f9437dc98a0f9bd1d779d

SHA256
59cd72859bd5823307e9381f02c57dfa83946ece809a4c218ca184ce14023621

SHA512
7dc7117600672961391760b4c95346891ecb77739f7b82c1ea8a712aa80c7c05bb42a3909812f9361b50cb0e4fb3567a32985a55f1fd78808c284e6ad8d03152

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
12c048d56060d87b14b8f387e644603d

SHA1
7b0f355515f356e2a724f478991a19f99a575474

SHA256
21eca2f5ed3ed182fbe5d7d2c84ec552d18304bcd7d7a064d46a1f5b693e8497

SHA512
e9027f7482440209a7bd5c8c0f6feec24c414280559a1f4147a6eb5306289c685dbc1d5b03dad0042b6d13b4aacb278a8f1d71294ef17f427ffdf717003ead83

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
82e4579b8dd15611a32e2813d45a91d3

SHA1
60cc57d807f480280ac8f4d865ebe379ee8dc9cc

SHA256
79d5a1b600d8fce112531079aaafa59481efa29586a778f02e91664e4c43f7bc

SHA512
73a744c709c14c002517e1280a1c6f959011090d4cd41e338c5e2ce88db1d0be7d95acb7b3661b45566846549c4a4fa4ea6dba3891a9d7538d061b4b6ec7bf81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
5f829f2dc4b20d3b330a264225034974

SHA1
177fa95b5d56d65fbcff6f1825bb9eca6f1e8f1e

SHA256
602f97b32e53701f0de66839cb8d68b695da85f9f64f93be06198167d6c9e41d

SHA512
5e5ee19a5d38dc3cea0a5816ca2d99b1e1ef68b9859fc547d2168eb0299308af26f39b90ce45a21d78789c54f9673b81233299c9bc355de11eda579fa53343dd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
0b0461cbec554ee8a7382d4df0a64dbb

SHA1
8af771ff2328ba3ce5a369f7c0025bf9ada6dff2

SHA256
1df2bc792ebb7f3123a7480f8c7e95efefdc6ff5ae0f95cd6e6e389168e3ce78

SHA512
cfacfa484be9015ab9f894460276ae6e3c818890ff7d4753d9ed5305c14e14417e3b84d84fd461ae9a1871c03a26d6415b0910a96ee519138e612d3bef26c8a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e0b39aebd3b48ffb5d7334918139093a

SHA1
2785b5d98dfaf0590e94de7d4db8011c8c90a73f

SHA256
bba5e75ffe3bcb7b9ee04072d7f333591d141adf1c40f848c337c34838a575ea

SHA512
a64d2562994d819689ec5397df416d216c70d77f9f33fb8395a23022aeff94173c9b58842907059c6b48c496ee840d92772481d1084e72d0753e0c2a8d72b1b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
e1ea1fa99295014e7167b23d2df871fe

SHA1
dccb6b54f8ba77ae56483fe55dba6bfa67253375

SHA256
399d828e516f79c0a8d8a853ecf5a900a5899a10c13b738245555c0e2f816fd9

SHA512
264382e9210e81a58753d35006157ddf657df49731c093f941c2519ab164c1925476fcd8c8fd14f6ae6fc93de94bd291239b1d6c101aa27db3500f3ae7ed9d31

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
083776dc325ac605cb5b7038b243c175

SHA1
3fd8b7f5be0d8566a59fe14bf230f6cc4d2d53a8

SHA256
938e8cb7fbc64cda4cdd479e8cf0b1532650090b14416d6e2bb3e6bbd5ec2591

SHA512
891a3cee5d6617986591cf3beca6560639d83b006fd7ffa60653a6198374042f2f30fb1b1031f5054e893aee1e805ced4e5cf797d50bfca01b8ed6078144268c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
a3b99277c3175be875f6c919c98d8d99

SHA1
4b776a11ae4b91444d27a54b383d26cd7bae2bd7

SHA256
2b5f74141a03b769d9e7429839178d74c32ef7273e4f4861bb2507135bd0576d

SHA512
ef426e1d4c1aa959261635b29e30cd59e658fb729d1822b16ca495b0a9b07e08adc2f951f0431f7293165efa2396d3d99efe27a5bb9f6329e08e906db5685476

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1b1ba4893d24a8929243be051b7c7506

SHA1
5f394b8634670a6890114bb515488d72994a47e1

SHA256
3756fca439011d6e3b4db90e8f485e69cb0b4f5e70bd25db567109733c55fd0a

SHA512
747437e02fde090b5276d98934dcd797c77707bf8de0d6fc304bafe3ca60ce9d997b45e1a681b6c50517f5c366c3b9f8ff3055845a9aaafe3901d57ff414b5b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
06c22894fbdcb936cc403607f7d79cfb

SHA1
f2d22d7fcab5cbe8f4f83aeddf812f5dac0e7022

SHA256
1bfaf9105c49d2fadc70c260d6e9817f47654d7d47df895785e1079d7ff9b4cd

SHA512
7a04b546bdbc87c0f4a38a891dcedd5bd4769695bb1500051694445fef1fccf21cba12a6b4fd950d9edf3c718885077a19a70aa572d9c2e2d19954ee4c5e915a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
e21a73f142764cad69884844a05b4d91

SHA1
6eb96d353ab89094b056388f408ac8e9030e0ce3

SHA256
c6a98ba19cc854a5dc43c07d78230fc87a1a36edbdb9b20e1c7020668ad245a3

SHA512
c1e614e07840a43a63b84e032a22483193a51242dd9a900119a6a73aa433dd04b28155fbe7d8429cc6e91fbf5f6791276cb4eac3b261e942fbb4785a78cb4bc9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
a97b096ed5c209af40b922cd5520b34c

SHA1
e6938229582aa6046a1bd38b9ecae177d1f0dcaa

SHA256
090b118736abf95275f49d8efdf9c605d0d73bef673cbd4683b73d70e63a8cb7

SHA512
d510ac7dc2961b3e779c0fae8bcb43d9e7c78625adc8c6cf9dfcbeeae25dc0ebd435adb6d31523fd474285463a4510276948d4bd7aa34364cd8a5abdf44d549d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
4da75eb2436ec0fce14a7803e154cbbc

SHA1
a7cbc6f80fbbe83e0c73d33211572cd81da7cc99

SHA256
23107cac2c35032ea82590979067c4759d289747e5f1f7d715e7ba5acbdba6ee

SHA512
ef6742be977ef7d4d979a5f34aa8da78c0ec8858a51b2d009fdf326108a4268328880d999b6d8eef228bfd29473fa5361f155d3a6077ff1ac8e3ad59a59a1a2a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d9447edee421bde55ea394d12284cb19

SHA1
4e728baeff78ed27020fcfda897dac869f8045e2

SHA256
ba319b40c086e110101daa3a19ae72cb021671c7f26be9bedb215d8c3dbc9fe3

SHA512
9f2a9fc6e1f63d3b3f6f465c9e83d3941d10f0a1ed47ace395c23f74c034259ad515b3394fb1c0b4fae1a95e52dca0bd1e9d7bd13e06aafd635eebee97b468b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
0aad3f8888ea40b928a38438718abc4b

SHA1
4385278032e7b942f5ebf0fb70d4009220a0cbfb

SHA256
8d8722fc22f2c4bfb6c1f03e08cf965293d612d8419f12cdf7e3a35475b9c85b

SHA512
021adddd75f4c56a9180cf3187220d025c46c0e1e04bae4a926acc4207e8d7d715da73e0c512eccaffafbd4f5261e2e84c28c07178d5d54986adda5c08780131

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
af17938ec62e37a3c41bcebb4a4a9e92

SHA1
63a05890923538afa8c43c34b0c75656342d9c0e

SHA256
81db171e3161d6a97067882177b58ebfa670c68604b998888adda4e351c77a58

SHA512
4924a27df8f3e150fe55a1b7b934a55b4b199c1ccc200c506024f1e5dee9d76aadb04facf628eb9971f03148f6471ecb4cd32aa22972638ce9c56cce7e8e0d2a

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c030364ebdfb58d12241bf4eab0a42cc

SHA1
571a15482620eb17e4b44a465dc5ea49a764aaf1

SHA256
cf50159a31eb2e45d04b15a6e80af820421136e42cf8bab624c08a2a09bdaf0b

SHA512
aee081eca4383f82fd6b44614755c2fb6dda2f545181b4c3579c3d0ff48a05714efd888711526427e19103440af8368a882eabaeae8f67d3eb3c7dbc0a83284b

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
395B

MD5
4758c66db1e43a0b8f5a2e591308a651

SHA1
c8787918309d6c7324399694119e795857550a10

SHA256
159143bdbc43c5a72693a8ce37cf29532828dd18f7684044910671e8cb78dc1a

SHA512
ffd5ae7ccff4161778680e4092ec7ec1ade7633bfb6e2b7b992ec4adaa3b8baa2bd166499721fe9475812338229232aa58ccc56103e37d67471143df30a9809d

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
8f8dd244e15e04dba90c852355a5a748

SHA1
fc3f2cbc0c614b2479b3b9da243cbd39ba7163b4

SHA256
59e870b32b1a124aa1c408a402a5a7767ee08e29128016ce83cef2673da88040

SHA512
95770e0a7e0c898189f0ef604e34783f4f6abb812f4d9b3165ea2440fb05f4620bd712b85401d317ff25a31d347cb3b7e66126a37278fb969f4674c985075e23

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
45ca04fc219142c9258a1a3deba6bb70

SHA1
cbe496dd76862b75eb1877aea83352eb8cee051a

SHA256
bb8c594a7d69ce8066f46938b467bf28c884b3faf44b9f730a7970415667496c

SHA512
804c360f933f7ee822f96c87c57c61668396912550b08093066438d7259cd87336395d5fbebf1c0d4908220804a9bc356245666526dde18627c9fefb4132f50e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
4887ccff8a065b3f1381552c8034b581

SHA1
27bbe3ab63b2610c215a5a31a0a0e900b022eeb1

SHA256
2b505b750b874df38d4224cbf808523c9a19249b24b41b70bf65d8b169ffd341

SHA512
e3a5f558691ab53c1f734295caf71612dfc9f1582df1671fd5410629945fb4753d2fbe4d5939287f1fdb8b7ad76ab8a046514912f933c1f00e1258699435036b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
765d14d7a14f3502e53259c8d750b60f

SHA1
cde810eb38ec9335da4c9deb3e54236592d81ee4

SHA256
1f5648c8b6407f76e4eb764d9d640da02b97e6e38463e6085448433bc51fa0ab

SHA512
f5fcdf401fec74873374ce57799df4ab5b0edd1ee27c97d8a0192a2e5726e62c5405232c14395b52cdd95c3fdc1a045a1c8b3c39283c35f9420489901426df02

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
38b455fe99b7acb4af67ec42026c9a69

SHA1
fa39f0c18a2ba87b77b486e59980e25d44b75800

SHA256
d47354e0562153be9a47ff8aba0acc7397e7cdab3d99e9613731907471b1651a

SHA512
bb8218190d92c27e43940e8a8ae961b59534ba6adcbdc173ab2e780e2549048d05a623eee7efe3da325883fdfc1f3faf186fc4bcb9477fb6547b88a7086786ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
2a6ccde417738cddfcab24d9d3df1002

SHA1
9a20dfadb4e8d2703b9aa19a22df6dfd0b2b5b9e

SHA256
72d5b160ebebbcaac7a37f9665214b7d54b4739beb8d9b68d1b19424b5b6aa63

SHA512
8c668f5e6baf87311683e3a71232954aac058de0de3e87fcc165dc993fd1815e1fc8c396fa3e14655aecd4876b9fed44d3b8922a5627c74551342aa581742dae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
ec9c1f9b1190b9e4e110b882c33ba09b

SHA1
2d8326b385b79d550717653dc30495edc09d86b3

SHA256
afdce479cbdb624db23948e40405d022b5eb40dd812552236e1ed03b09515f43

SHA512
6df18434f7681a194d4e8eb5654c89b27a2fa7068a59a2380dd3c7224a7108fe32e183ccb7e3550fba00fd00d8cb4cc18be539fe40b0b5ec4a91debe04203520

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
cb77798eb6f2c32eda8b53e1f2987058

SHA1
558ec288a929bf4aea97bc179d4a382eea7bcc02

SHA256
5db5ace23bce7e1753373fd330dd80e65844b44d89eb57a798611e5a92f5a5f9

SHA512
de103a1b28c3695456b026e872b2a7603d14d562ce7e1aebb9ff6415f1ec0086112aef91cf120f435ea71ce58242fc9e64fc82575f76fd931347002a714f1078

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
b184e6e96748ab553a84f1c84c4aed21

SHA1
c6a1a047f9273bfcca2d74c10bd14a403ecbff40

SHA256
da538de38cdc078dcbe9a7efd7b2112b59b20af7f0b0eb61b465aa61499f1dfb

SHA512
bfeef008f90b76c9c67aa8d83a4522c329864de7dd9a851dd65aa1110409cf92bf71240356ee090acea74c9c0fa7c3b3b3d415ab1a9d0aa763b44a628986b01c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
42fe3015a179bdd9c7d20a09b5964a10

SHA1
4c701f120cd799cf48dff8f6b88a390494f2e24f

SHA256
56fbb21a6e92cdf74789ea51060ae2c756989b2bfeb6d269abba603e4d0bc292

SHA512
c49e52917c50ae3afed45df987d06c192f644108df7083ad6c9b2b2880354d6070c7ec9c70a52f524733e7745b3676ac25cdc95d4ca29f8f87d8d9e82633658a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5b169f00f357e4ef1486c7e4ab5a45ef

SHA1
0ed0215ae24170a3dd1d11c54627d14a4303a0d3

SHA256
65ad5e05f41145cd45b7ed9875c9759a4b0236231ab44036a3c5eccbad0f3700

SHA512
bf7399a4f9173e7a77fa47806f316c73812b3a475ddd95f0af0023b77dfc8f6c28999e787e2de5747116c58ba05704dc58bcf90036e6b4b420be78818c3c2571

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
960d9447d274c63d8d62eae4c993714a

SHA1
99bc4692d448b2eb2990938342972be5e65f6e8e

SHA256
8c44210fcf9e9e55e72ff04564cdd97276039c7d28cc706cd11050668781b890

SHA512
08d509ac0f9358ad3d249675009e35ca02cf2ffe69c7d8fdeeb61ca41d420f20c0ebb81b86cf893e3dfbae3262189ae18bd28c16b8a6d66b0faab5e800cebc6b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
ea202f50c36b4d706db7d4aa9503d88c

SHA1
1eafb70ace16090eae906a1bf8a88f1e7306ee51

SHA256
6e8e871b4b43edefbbf698d7b36110cd4db488f8abbdd252b6e2e93706b7a9e4

SHA512
46ffb831ec1191721044e286031360388db876e4706802671a8a44cf75ccf31dacc5799a3c323fb0189ca3515ff51e12f769028410ef7d8b45b9c6de14f190a8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
b2099d1ca938a55f5aec615100c952a1

SHA1
034a5583ee094cc4a75bb37078a775fb69aaf5ad

SHA256
878472003318bf64beeb1fbdbbe1c6f8af194507349de901cb1356bdfbe6b016

SHA512
d6fa1987fc2509f11302e62989ca69421c57c5b36e24ae977e76613bc49e1ba08b720975273823ee42e275abf8ee5c975c700db1124bfeb3ebc210526fcaf4a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
382a62aeeb6af20450e33b5c9fa1c68e

SHA1
95e5336f2824065fbdd8b5592115f8db813000d4

SHA256
fc81aaac1bcf93d3f66ff4a37161e0d6ef6bcceb7795cb0ebdc89e9d8125992e

SHA512
5340e22f265feb29af1758f9123d0a28f65cdbb4656e5a8d86716a86094357d1218afdbdc8457887ca9f9fd9d5eaa749c68cdb01215942196e1a4032dc9785f9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
c589f4872e7d9c341d1d9907d038f09d

SHA1
38f75cb8ea185e2583472bbee2b1072088e5a036

SHA256
b66382ce4e51c88f2ee82ff14de6f9c21f9fcfd6619deab73f3ae2e0138b11b9

SHA512
2e44a22f7bd4d3fd070f205b655e4ae85b28f895f1c448a62946a6a8f417e20093183798f19d3003bb9e591e7921b0ab1df4d8618c944149844445276c78cba6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
2b0a83f0494346e4f1f6d18f81ac955c

SHA1
1d2594c47e9486ebbdad36e3b43129c27fc3409c

SHA256
cdf7f28afeca61574fd55bc273f2e095dd3d08aa7a92db5ab6c1129c956817de

SHA512
afa01b8744447205459f371d10cbad68d5bf2f5f2e81cda57e8084d78e586139821f213ebef58d96f4f210a6cb068fcb2188914951f7370550e16e5c81985ef6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
eb16bad4a5ee2bf0fce97d09ef17fc0d

SHA1
fd66b41cb210586870c37e0cea4e560273e7c435

SHA256
230fc5b0089d757faed94156af1d7eaaaa79f72673cf897753ddb22afd204cb1

SHA512
c7363bd95bb8abe7e91552b5f39fc2c43b2ceec7e95b7dd6e4b310fed6883fb15d61a54e8171d28ae562556f3d05966f1bb94ce49ce5280ffda4a5dffbf97f8a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
8b263b0b32485c137b1e936fac298b7b

SHA1
ced5a66147f7c1876a4aaf7ca3adb784aaadf1d1

SHA256
996938e0d8ce8050edcdf4fe14606ea511aae029faf664507370e8f3fbac12b9

SHA512
eb3bf51d4f3a07157417b5bdcf97569cf184f5fda601b19f59368cca52444870b0d282abb2b973e40590de504a498413c9eba758284f427d95880d28638415bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
d2e72748db2fd89446bac63eac63e97f

SHA1
bb136186c832830cbe7e4fbf6e5acadf4307aa16

SHA256
99b08f0096ac98e8d4839a07172374896ea231f446ef55b2c57e3459b9e158ba

SHA512
1e65900607d04a17a7a60d1146a96bcde8eee3707ded2581b52fe16784d8c0617b17fb60b8997e43e18330e666d59e120de78afb4c0ec1f2bb8ca104293680a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
40cfe3acff9269c646ddf924d48aff6f

SHA1
1998d9f89943beee126adc20fc49cea32b790923

SHA256
e7ed3ba5950bc0573d5c99bd773b89e8116ceade20446ef1b8f0d746b65e8def

SHA512
4a9423014ece182cb43264189872427560bf3a40a7996ca65e9ff630eda859b975137a3af8f9705e9c287b3da78200e2adb0350510cac647dff010f47cc147c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
f1aa709c459a5e0eea4d6e1487c4a3d8

SHA1
af3e42db0afdbf40d0852bc9324b510ed0d31e1e

SHA256
635f7ed7fde28b57d791c24dc5e21a4a937b1911e7c151db2bf8e1d429d213e8

SHA512
dfbcce3926d38782e6fdf32e55f7e9266bc49a980a5e43ab28d6d2b36527a60763e6762af32a6df43f1df43db74cf3ecb62e2938fd6bc671e079918ce0b66c9a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
b86b8f39e71190c26877ee3a5c15376d

SHA1
699dd1704e7c20560057897b30504813c1f369d8

SHA256
a41457b565516b6936cc947f674f60f767471745b52dc410f7a359af56d8fded

SHA512
c4694f399061293cd97577650530805355e9dcc25e95ad8f11bd595c9a0a0a3a802e15489d0e9ff8ca28856cb073e060549ac0d2a4a41f39e425a4eef41721c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
95be721770058c85f52e4eb6dc6dd4fc

SHA1
7a68f488b884182d6ebb5bb86e1977db5ae1ffc5

SHA256
e2ace039991861824654c88726fd5abda953e26654b1c65beab1a8cc9358658b

SHA512
313503fbaa8441104c99551915038bb9fbb1c6c7b8e74c56af274a53ab5143a4a0b4a9fcfaa90e6253343f574b17a475b8b2403177d879bfb63ab558438e1ec1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
0872f3271d23eab6b5c01dc127a8ae93

SHA1
a8cfb52fa3d980e96fb2e6214d38c06540fc2417

SHA256
eed475824591e95c9195c628a3ff0899f24490b8a3534b0ba9a787464075c8b2

SHA512
e4b9cb962f4c9cd68da2d452c0c70c8694d5349529723e7ab3a52c0fc343d7539015f9170361c44f01c6f0a44216319da713f7bd344730069e37200e1fc89c83

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
ddaad38c0d3e34ad6e6c1330f283a8e7

SHA1
50f8c755d882b813dfb4629a9547e41f56825950

SHA256
82efaea10eeaf427c1a14f8432bedc2234c4e08d34aecd4c95a4babc7deb868a

SHA512
a68edf7e476d988237645243a40125817103996bee7a8bece9295f2c9f384b72f667f7332cf065ad31296f5b8058c4e1e7033f62a5fe0a8edc081b4b2071d8d2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
22ef4934cbafe037bcf3b9e9c1a9e52a

SHA1
a4e05c67c8ffb8a792829121f0a3829e93ebb634

SHA256
8624534d944b851eb48c871d6908f3ed41ee2542a1d6056164768ac903bec37f

SHA512
036daada7ca3373b3dcf4c8ae493ba9e0d0f51e71f4f600da9e690db094e478db4094f03538ab70edb51dcd04c790f18d6b685ce9bb1b841461db2dceeb3ff7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
a25c6d1d94bb58df26b6d2f73e3b64a7

SHA1
ce6aaa76941e7e62ad309ae3a366e57dd1bd2c72

SHA256
f2a44b1aec443bbb9ba89015c63f8c46ef4c2923be0a3973534c15fd9fcd29ae

SHA512
a4504dd8074b1979827a5fece5c95be978f61b29d05f8b3436a44822db5bbb4a9dc9da714e0baa0ff16ada64c22c3ef5810612959a33dda155b8b620022d11fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
dde45b31cea8b56ce6a688ce2c503056

SHA1
7cfcfb0bd74de5229a0b9fd95183b0215063b7c0

SHA256
9db29c33d1b0c4c5b2df2b06187bd003edb0bbad4c56da8624f789b8f9720859

SHA512
51a5c63378fecf38fba5ad8a925afb780a154b3ea757003084ab607f12eddbc43d78000ee8a712c3a3e943951e988730e5dc539243573fd6b24a3687bd5f8ac9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
3079142c35f02dba4500579ea784f1bd

SHA1
564b6d4121c8db36265efad1d786cad7dc5ba3c9

SHA256
06a0555ff6df315f22740403312242ce6431dec56d17dbcf954e12c618660f5d

SHA512
211bd188a05faac90855e02c10482cf40641f332936d76cb5095fd6d275eca29a0200e8c049023124449e524af7bd2a31ef97e71853cf81f627b4514f7d8b59f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
261d33d82da53b1971bf21786d0a2dcc

SHA1
c2d65b254c5328f7c416638bad14feb4c633558d

SHA256
9d83796c748dfd28ff7874cea770ef6777cd4de398bf915cfbb926cfaed617c5

SHA512
d48ffe75919f7cfe6456df2f3f7c57cea03604ed8bd0827eb473ace174583fad9d729ba22567e01b8a58f7275358b9b22d6bf38d7a6b61ef5cb2bc7ad46bd686

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
21b3b4e0e9ea800c9e9c487dd6f728a9

SHA1
280cb72cb79625f298307aa88ee1012389abdee9

SHA256
0cd6f889ca0a76c84dd29303983d4216dbadf0cac972e5da87537fad41a593d9

SHA512
583030078831b57ded8321e3aaf9a726d7460a07069de0c727dbc3fbc6da85fce0db81487c6ed59f977f54da3c6c3e0a2e7dc28eaacb2dfbc232bd26d1abcd55

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
31b98c3d048ef07aa32e4fd052b7964f

SHA1
afd07e004637638a1a4e127b7d8d6b09ccc42b6b

SHA256
49220d3bc0d05098b8bf816197adc310f1a03ddf0c4dc447a423345b56ca8e1e

SHA512
a7ea28a18094c025d7483ca816de23cd0b327ae7363133ac955ec80ca347f9f133582807e207974cc340b7ca3d3edcbfa72a1ea2f47553c966c7b97851d54741

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
c936bc39eb2d786f6ada8a4bc326a51a

SHA1
0a9fcfd14d9258bf01aabaa9406bae279e5f6132

SHA256
dd2d174f7810f41b3ae75cfa9d26b41f2a3f243af1b2b4ab42f79d840b8014c9

SHA512
e3f3404a0ecc4bc7c2003eb17918584b6a9205d4d3a62c1e1d4b32afbb4fece2580e8f785e0c2530fd178c683e2cd5c91fac0c82030e45b0124f04ddf71ee416

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
263432cd075ac4aa578de70cd09f86d8

SHA1
800ee5e82f41e61180c8b8197ff34ae296ef6458

SHA256
ae16f95178b903faf5a8820a133dfa4e08b09cf486becc9da88bf6994114397a

SHA512
b3195b286adf2a3c68982ef78f64a5905687cf75856c546bb8ef83a7b8c1d86d11e1f5b99f5d1cc1e059d2911c36e25c4452ab5bcd3d4737366aa16deb6e31e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
df6b9480022d44ca4ef90aa59ba07027

SHA1
9fb8c4c4d14f970c5d605145351f4da370c76e82

SHA256
8426530a0dc44c798856e17c23c9eec604a3d6796808503be216c7a0ec24eebb

SHA512
0efc75e589b03afd5f5073ed1b95355da93cf44c81501270050f3b47c244e7eec2782805298aebf5995a62f08db9ee8974af3ca6de85ec4ea71239c56900fa75

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
d8b432a01db4bdfc41ed64ecca7e2b7d

SHA1
ba6f4877c674b2a83472729d6328014eb6b5f685

SHA256
c888015a5d2ccc849c577f15d073423ae2933945c37e6ae247584b179b79ea6b

SHA512
644868a017ef748b886a032c20fe27f4c2e5516da4aa7e0b9e473884014df904e377d6edcb1fe45d2b6f90659d05d5de48493b396f9cf854e84b0cec4dee6570

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
be819246d423bdc4e8b58d0f120ebd92

SHA1
6ab34355493b22b81fe8032775a5f11742330948

SHA256
1eb8929a875037a2d082253b170e78b4d3a44cca6bca91e269802a672e045a5c

SHA512
f833131eb88320d338be75055d7c741919bcb70ee28cae6795598de12ffa45b95d9cd2f4ea960a544999c22e9e4dbf52204ba246f79943fdf03c965a4ca5c767

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
096601d4ad6c8161851dbe9aa4b0f73e

SHA1
2647d94fd1133c60467ca4638d2dadc140cb54cc

SHA256
3aec3a61d96b3452e949953ae84ffb608e2a894c05faba11aca12592f4c64c29

SHA512
44147c543671f6f765f56c023992fde77fcee863a4c9a1ec1565df7c71b86c8a39cead6de031a2945e945f44b4cf94d11499cec4db8bacf3974e4fd219305dde

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7dd47b6df4258d961f8414fcc572a56c

SHA1
7c91ab26cbcae9ec79842deb740a871063ce5339

SHA256
ef9d3dcd49948e6974cd62b205657f344f5c5fbc40ab16149bf5b0d38227950a

SHA512
1ad2f2d63e2d32442b90912529a2b3b7084065fe8626fc9c5963cbf8f6e4157151f63e2ec9736a83640c190672783181b48da64c4658da6ee91f52f6425cf663

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c55036a419b184b163de9a896a273ccd

SHA1
10231c0f02c351cca5d2af2e96077a8b6d69a015

SHA256
bf4cea4f0c66c88473ca65a811ae64cd20c4cd7510f4c8f7ec84787e01123976

SHA512
be6570cbe290dfd3a6502795b55dc975335e28054e81c1b68f0d83861714e03408be7b1feafbdea005f5b805db3157212e345c765100b5bddd2557c911948dcc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
f71907c898a8cc2ce42b576f43175247

SHA1
056eae5d07945250db9e45cc1ef9b3b666340b71

SHA256
e037ae26ed8d490f1864858d7a3d0b52592007418d33478fc211b0d00c267b67

SHA512
e93257c8cb3be00b981e48edafe7520929ac30a941906bf64be651f6799085f9a3dda9abb3fef13de84ca4ec64281412dc6ea907b42e9e352ccd4d785c82519f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
92ec38176c41cf23c039c968f5460b17

SHA1
8062938f3a07ba4454d9376942a9ecd4b4d07afa

SHA256
75c30db8ad6aee71949e3269380053a1a21177c2a41a2f07eb2f005fb2334bd3

SHA512
48db6ee333957f0bad45be3b770b41f3f5fa10c2285d0055ac5515f10c4043066d4c9efb551a27171609b5cf1e420f4ac7b54523b77be31164c94a5286291b91

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
723f45a0d8cfc0f00a858fb830a37344

SHA1
d445bebe62661665a4c7251c19eaf47ced86f5f3

SHA256
072b53b30667cb8fe271305f8a37139fffadcc229041ddbc24e83f1ed477930c

SHA512
81eed045c32df6e674af5729e9ee10d26800a2854baee5cb94011870e2ed6685ca814d7ac868264063c9ab793055e7bbf69d83e1345f358edceaf650935e2f9b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

Filesize
77KB

MD5
3ecf45f0f64525dbef0dc809e737e619

SHA1
08c2d261eeeb4c95975b4f87de2fa02305231ac1

SHA256
a1e67a074651156cca0d30929c8bca0f2b27603a6ff699e147e60bc077bd3f0f

SHA512
da2e42802932bcf1c57934f587600bd5e0221cc28c86fd1a8e593c28e2f6c8bb71aaa495d71f923430359c4f9f20d881a9aab9a7ac1c557f706cfb31be441c87

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

Filesize
47KB

MD5
0e766879395f61e7ca8fa8cab053ca31

SHA1
e2fcdecbd8059d1c0ff5121127220b84d42e534e

SHA256
4e99232f5f891ed746873b9509c06d4c0f08c3251d5a6f5039532d61fcd7824c

SHA512
c1901eb56e93b837b708d17d2fa303a6294b56a3a6b494cd31655b18631f87cd047ab41ceb8737bd175ddeab56c2f02726ea9bfc942baee6a89190122f50424f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

Filesize
63KB

MD5
d67ba1cdb64bd7f68653b95b616d9d9a

SHA1
3c4ea2fde7670e20302741d21d65d54f9fb16dbf

SHA256
396b18cf02d7dfd50e7c52765593586c8b9393fb704582952f942a1d7315de83

SHA512
20122ba3c0d3023eecfad8e19b3df4bbcece1dfba3dcc818630e53a50ec7d852c059510bf9340895dfa0145deb2551dda277c05f5922ae340e1026be7580d053

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

Filesize
74KB

MD5
c14dbe86a9d3f1de92010799dfb3d205

SHA1
dd90104b7ade640610ae631091454b4f9b30cf06

SHA256
f76114c8fd809dfd58bf8e6fe3ee94b6507a9bb0430c1bf78edacc1e51685845

SHA512
8df5fc45da09731c4fb44bff1b4fa4792b0ee5b2485411d22ff5991a33aa4371b8b6687696dfac454270f4c40e7506198c57fa9bc80fbdd969697f6a3d3f8df4

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
66faff0ff13c768fb202950ae369aae0

SHA1
fa54c11626265cd2e4a141b60abc6d1d91264af4

SHA256
471146a86d6c402b4941a458f298470174c1d20ad02a2b8d1f96bbed8b850034

SHA512
73021981dbd1c26e8cf282872ce316e304686f427abc304516fea7a14c4d6f41abb50e275c48476e5ce5171e62393253468b56ec3b3700a884e2021bb4f936d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
c27157c076fad4f598ff08af617e7e27

SHA1
0978d169defdb4dfc8e8b2a90f8dd4e6b9962feb

SHA256
448d029a49331fbaeb0b47ed59f7d43273a8e5a983a8f0a5eb3f227813088521

SHA512
e2e9406e484a3d871d65a53e6d1a44ee239da0774fdf91b1eac8d3875a656cfd2a26d1d8ea5710caf6c87dbbd438bc80ed286277040795df7fb4d8044c32be84

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
9f1f7a113e1a26e2b0c260b8b93d5ec6

SHA1
e4204683b07559e905e15f5d72098fed21814239

SHA256
107c32615812ec213b81864f97e957656c8e62107673e112ef4e0666482bd2c5

SHA512
b4fe1fa5a1bc6a8a408a12647bbdb38516e95944ab7b4b92cb9e297172991dc93c048c2c48d48d27b0ab8e448eb5b0650e72e18f770e6e20c0cc646f548c53a3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
fb613ffeec3caaf381851b5ef2e33089

SHA1
2f55718cf2b1eb5176d450f7233135e562c74611

SHA256
dbc21acad79e02bc27d5bd53924df78aee6bc8f4cf6bc180d49f70d61c7ca1d7

SHA512
f38cba15d78cf40f9ec449c56e2fad086edef1d713299df80e7706a11b777e3a16cbd19a8dea22b9e99f27d414b7e6086236d8225ae21752d046ce830c1c2201

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bb99e8573bf8bfd4704486c1e08d1bdd

SHA1
76a5f9763ebc88b144b097f65a2e9536f685a1da

SHA256
b8a91743d9fac5c128284bd2b134ce51070e51ab6db665dbb5ec7633e0493921

SHA512
b6ab88f06282c648963105f8b37edab5d28def0a3c40b0d3c01673ca8364256bd660a57877f55eb70144a24af4eda09ced775de4e2f22ad852ec9ec9b150099f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
abdd757d76e61a197968a5827276169a

SHA1
c4f8235e80883653a8e54252275a3bb02b34a974

SHA256
21ef75e9447676c57b8877156e6a9ea2d38f5f6d8eb01513190749f9d166f223

SHA512
2aa7b93a5524aeda98dc90956b15b8be1c8934fdfca608b87e4a3ca500bfaa854be2ecd6cd07df9b770def5d1c661b9e63e28ff462bb5fc8a28403c9e00d807f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
5c69998fda6b523c33499a31a29cd547

SHA1
1db1efdfb57bbac9aa7d908bdf3391fcba13f375

SHA256
4d9352a21ffd990a902afab024c3c4936e70551f19b3e5d1171919bb4af119da

SHA512
d81cc8f4d63f5ce275d5a3c9efe888a27a9bf753e8a5a475cbae185d1c0cd37ec64c3431aa591237d40dff980de16f460a4cdb18d2d1d09a64b09d3c65fc38b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
b2e2478cb580a806cde29dbc5f4d7e37

SHA1
9004d83bfb9a0dc56d0132ab9c5d57fda935d6bb

SHA256
a6a2811761d4895a17e11c6123db54cbf1686e45c65cebdc2f2b3e4fb36bb862

SHA512
ff9c81c828095d856e2deabb1cba6013645bc137cb38869b9b4e3678b1c34860331f66f8dcadca92f5b6b323162f5185b287546d3ae5da6e8d08b6b1b1ff1f05

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
ffe1d46b0e65c48be85a088b926c41f5

SHA1
e1ab7ce45bd4a2b1c7ff4705dc4d10b76f7c683a

SHA256
cd65e806538d56820affad0d29753846cb16c7957d7a9504475dd60a0ded62ce

SHA512
ca7e164c8af1934d95e0568c1d11194bca0daf573b306c78478a88808e1a5dd9e58145b611930adf88777f4d03cc600e997993f1cba6c42ed08caed6e7ebe497

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
00897d91a19a71caa1d560ff6aebeea9

SHA1
6eb3e74291a95e057f9a95fcf8e5f9631d013ac5

SHA256
b9688d0895ca07de8afefa3017fd8e6e35bd42baff4b9516716597b7127e27fd

SHA512
2c390d361375ed8e8f5f53d6ee9d2b75b34701070d2095d11722836f64c722064eaef84803b40ad729bb634353edb3e82643a21f90aeccab320233f13c750a9b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
df2911d50ac88b24ff26384ea46a9fff

SHA1
f846ed88dfbc29f4421b0b06f6b3718b173f7b6f

SHA256
229be2b7199025ddbe6e12d4d5889268170afc8e7e19389d15769a031f688054

SHA512
c2db0ea199ef9781defc4031174e2d1ffc097fe19b338fa8e53e65507842d04a735f3774bb81457db1cc0d1feaa3aed442389fd65c79da47b71f001d7ad92844

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
c32276c1a4e63ee3c826afabfa9b6a77

SHA1
61680c23f302cb3b4fd667f833851bc3e584b6b5

SHA256
febbb935306679a813820fd2166773436716ae6536814a9a45bb3d49765edffb

SHA512
c2e49142771da689f628724b5d320046a670575126e6dd77beedd0dfa8633b4851dd4c184c330b5897542b2aeb2e67709ac6f51faed0f298ced2379125ee0cc7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
e8d365c4a275febefd83b9209ac9aa5b

SHA1
0455761f661b4ef938b4427421af16678c2a0ef7

SHA256
6d499e97ccf0ec8f4bc4800e6ff068d4cbef4273877405c424cd1ecc945895b4

SHA512
bc3bdb6e70b41dccf0c3a3319396624a619294f9effab5ae8379fa8ff1534fba0b6b6b6713b5a011fbc3e57d453a077dabaae2efcdc1bc96f2c6b5f6a2dbb147

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e937b2f25d3373aab7af9ce4de580c45

SHA1
f69ea6278acad958871a08e458597d1498030e87

SHA256
0619dbff6191717e67f3219c21a4a2ce49c125953214ff20c5a41505fc651d61

SHA512
478edf9467a6bf075d8af01963931abb771b957b3f1bf7ae8207e9aeca54fef2beeb5938ce967ed7f80b23c109c97a6fbbdbf695f1e5d488a84c1cae539fb192

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
6ed95d525ae028eee1e04834192f0a10

SHA1
b14305bad5017b68697872d4a49cddb91183874b

SHA256
ac6f2bb6f9798bc26e2e854f03b75b2c162d57fae6682ddc4ddd4570c3d934f0

SHA512
3c725eb39bc487918d904ed7c5428f891b97aeef84eaf774198a22b281d062873b742930b4328b3d8b4ded9b81c8f082a610aa79353d2f4fa6db80a6f86e9a09

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
ea9ca66e3442907d66700c90d59dd243

SHA1
1138c376f9c6caa4a64191f4af861e8b90356bd6

SHA256
def5276b7008fa9c93deb38f4d8754616f955ccd4f8f5c4a3bd16bed78abfa30

SHA512
842de4d5e750d3a7992ea11f226802196a38ebcc4aa3bcd4545422b74ca786dbb889eb17a467c7c353ab19c3864caa196c9100e62089283617055b5bfefb6394

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ab7c64db760829bf25f310c79df5ef4d

SHA1
d2ee5af0f12426b7d196b071b2138c72e917957c

SHA256
ada23268dadda732579f0127fb03cb760c71a885da72d6460e5ed61d4ba80a8f

SHA512
24889f6a0b80c70a92c7e381a6e96e024e2e2eb7a6c49092f25ce2a1d3d684db4488042d43b31d0c952d2b400c8e9a1cb3b2c06eb47b18126d1c47175644daeb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
63beb618928d011f8516b82dec1279a4

SHA1
1c5a019d7c65074954d2be77367dd59a9de6b21e

SHA256
e54cb75d18ad1f59503ee222b9d69e6e3d2c82d6deb17274191735c1962e3cdc

SHA512
d20cd12516742e6ac82aa8a9d4f2c077e929450b957fc1051de25a13c5cdaf7c5234138bb843574461f58c399f42b873e2f4623f8163d395e356e9364436131a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
70c339ab7d80eeedcea8c3f25c06daa5

SHA1
7a82ac6efa95cbb8541af9abe7a1ad5c7b1b9ad2

SHA256
88da70753f4b41219657386c371dbe8bf39fd9db06014108460fef747811f102

SHA512
5f5a6751605d6e3bf63c4f00028c0995d1eb9e48db883f1dac18c7545907b4b55b2af4600b319a87226484213e73a2f29f02182f21fd1ea5c6b8a481346b8a61

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
7d20e79c4b76b5ee048776a6bb70e890

SHA1
413aea8f5702a520216da6a21a395437c4807022

SHA256
a85bdee71eedd111e61385232e06dc44fcfa0a97b441dab6bb8cd4b3e7e0e761

SHA512
09b4829ad8462b8713b9af73da53a908e68f2e06a1b67fca2ee9526e30527ca6eb3b4aed8e707d57e8f4181bebe6bf38b9cfcdfd7f42249dc8351c794c902520

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
b91c273c0c923e0e29471f15d57c9fc1

SHA1
0ce331accac6059e3f3d1996baf7aebd72e74acc

SHA256
c2d1a8653a7fb0775793816408d66ec19b6fe8e9c536084bb56beef1d1621894

SHA512
4148358d704b50874ff698a76c48c34abfc084f5f263307dac0be0a04e83b47b9f55451b64e9978960f2ad024212a4e01ff95153d30eb1e9b6aaebae2dc8a092

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
2776c2dd1fa9acadaf4dd474edafbce1

SHA1
3f02607079288fb408a4d313563c65eb8ae7b82a

SHA256
b969d642b6e0be58b0a1ea20168126757007e94430ee8a5a79e9920b628c55d1

SHA512
72ec07078f32a628ad37a987a6e8099fc6f12f460bd49e0dc2573ad3dacbb11ca60036923f71fda266ff9a6b3d82617238d0544cd9ecf6a80bd317dc66f55337

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
7eacfa2cba7c7ceaf53e4ddca847837d

SHA1
04891b4b6ec666fde506b977563a845a8e98fc53

SHA256
e11cc871c790e7104363c4dda69dd282a3873676ad60e1af531547923b1d5f3f

SHA512
c1189a3e9b7428c565f4529986bd6040669395d049abd51e6428fc575ebf43e686bbabeb11cdb38f22e352ea358f9cb58f48088d15c059c82f9ae1e5941a89bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
51e9f4e7a803d7e7d1faab6c32a47a12

SHA1
3cdc7032cb9c98ae9ed201d253e7bae052faabe7

SHA256
2c8d1887e689a1965a47179e5623f3b459702477033d304c03cde9e15b52644b

SHA512
d1a1d496a91d8a7edee893b4f3e50fc2bf8471e8e2be1022003fc58d38052e3cda9089af3c0c95f211ef060be3c4fb1bac625949fc01a3c1666f2e4319d2770e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
b634b815b87475b86951dfa29f784195

SHA1
9c8d941cdbb35c6692731059152d6a6773862f8d

SHA256
5e894da96891c42a9080cff37572d475704e311e3860720758c6b408d209dc25

SHA512
31e018bdbeb94f6ab7f367eeb11918bed0c5ec908a205f16ed7822f507e361d73518ae45e6095788ae52be357df4ecc7b6fcc646cef1966b30113e5998075607

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
6dff0fd97e7a51078e929cce6b6db62b

SHA1
c65828cbe38cec5dfeb2cca4b0ade2f90c73b64f

SHA256
991cff537a1055787f16d1b2bdac852eb59226b99d3dd3c3f7bd2c7587040d40

SHA512
7f870fd82c140eecbc4aefb8f59fb707d4191bf0bd87982808a81fb0a60834e9bcdd2d473ad91f43366c1ede205aed77a34ae70cf1f580260fe37bcc94159bd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
27b60514730b6ff4ba4601a12a034da8

SHA1
d52709085b642f2c4c99f5c30a293817fb6e6f71

SHA256
353545d854c03cb158faed461769c44d061f4768d2f4aa464fc3ab7036598cb1

SHA512
5b98f550b61f2b0b5bec3c453ee63accc9b40b1f1dbd9a55ef208ee6279f092d84db43bca6178f4e774c1277daee1ca7d054e30712d524ce737ce93e1c9edd29

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
0b26c6af5aea4cfd1b14d67239fbe34c

SHA1
d4da954cc1d12f4a1fa887e0f576bdce4c87fb58

SHA256
6a75a682a205bc28c41e5082547b21b9c5ff7081b8f600637eeda861ba2c3947

SHA512
6c5885dd33fc07b15844ca90ad6d910945456076a049e171f27b4e16f5ea2a4162f9eba18b4e5dfca90dcc2ce97ad88f14fb1e403ea8287c03c5aabb317e17f9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
4e67fce2b55972e55d592b127747ec4b

SHA1
6d1a43cb84b24ed71b5de7df0d494fde9dc6d4ee

SHA256
046edf75a4a0e1f10cfd68414c65e8091c679e336a075408ca39e97c22f3288e

SHA512
c9bfaec0fdf4b095e09d24a53bc6480fe676ab1c1ba055698787d8034c275df607590dc0d542419142c355177c98dc6babc2c191d1f44d7d40f0e1697d53ab37

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
409036199dda3899dd12f6f2a455b2c0

SHA1
bb21916d1dd35592624c85d465ccdc62e26ec016

SHA256
acd52934e7057ced199c7b25063174c4a48fbc4f9210e2457b2ea49b2fe75f24

SHA512
f3084c681009a8db790832ea0de4a42ab2f33c612362813d98cf4f449364c041a94becf02c04f4a177980e3f276f3529b4cf5b2f8ed80a255d89c14e964cfade

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
769c2c1d554bd8fd34afa6b2914c22cd

SHA1
f1f33de38ddc33d87e67a85ea5bf7bd77d0b46f1

SHA256
2c9e9d449ddef167c430ffa009764f592acd0c7750a2ed51ba45a8a088f4abb8

SHA512
1935fbe14c3f5fc5d360334d775f2c758d97c7ea3ac6a9ea22b8a9ad6e30b2ac517970e03f8617da70d3f01424af6ed1ffbb3693192c04b40c7999e1066eccab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
f7850b057798691abb1e57d68b57833c

SHA1
d250df1f2fb5a5b28e65595d6cc3fff39edc7af5

SHA256
a234ec4e91d4343aa47393a00b5e5d8230e43a8b5e1d25e1991c68bddd86f176

SHA512
e6759c9eb1e3d9985191bffc5981fb6eab2464d04e122430bc5a56eb9b627475a6dbf7efe5a395031a6fe11a6cd6f66cbe644d1c0d37de5b0a8e499c1d3e6c13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
8371c7d02e6eb3b780ab63ecda8b66de

SHA1
7a1c94770dc821ad4ebfe5e89888221f8dbbdcdc

SHA256
9a156babd12fdd301b9ec29ed793cfd3d9066f0936321cdadc16acb1b59a6434

SHA512
f7ebe4017126001846f08ed355eb74f7efd7f65e84e75f9f9c968050caa1b741ad03e0820283204d32be5c24cabd0c3aef4e7e8e6473504d4159afbd396522df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
e43af6dde7d999cfd7adf3497a0ea85c

SHA1
4cf028c4e0cb220732ccc1e6cf0a40c02daab35a

SHA256
540fb9c8b8d3e90a3462db96c9765cfedbfd358311235e673228121a956bde9a

SHA512
d3b32899f45a10f1c68c2523cc040d54b855c7c246212c0ba776b5a99839c7cb4aa495dcf1607d1e7570596ed9f7f565b55ab531d44e993e9815763a5d5181ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
5cc2c7955e90bbac70bcd0bfa00abca9

SHA1
f291f7575318ce48778a578bdd9f00794017a255

SHA256
f6b4115450ed03a94189a932af3c828a6bdc03451fcb655a3e0bf7c8f7907a35

SHA512
03f3d2d32bf0660a09dc3ae849d7db0524032062f0862fcef9da51af9ac6d38c5c70ef12b2bec19d8c5d651bd13c9f3e68cbff3eca5022f2f3ac5a6bfe5c7eac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
18aacbba031ace7eebf9a64548aa4dbe

SHA1
4ed04448ba49adf9dae5487c76eadeea9816427a

SHA256
b7f565dc6553294975df11c739752bab854df9ec83a4f18ae7dc246751ae9a1f

SHA512
aa629723b04497dcd04a500e99294e45064842d7b9f90428d934e119a8e3b721e62ec108024619ae87b7a07f241ab1c8becf73b4b0ef4daafb2cf3396a766d4e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
4a14f692e9e6ca311bea9c328d30e55e

SHA1
853d69b098450b4acb6b7c1b080799deecbe6a7e

SHA256
641dbe99b0ac25670da7e65c4b0844d2006f12aebd6eae369271190d9b869890

SHA512
f12d69b58865cd12603169d076b3960e409b44322252f564ba78d12d3bf73124b02dcd150c0e73b707964d9dc780c57af0f7b7533ed9b7653ead698cb2d631d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
61a6851a03e681a1f3db482d91cd1ddc

SHA1
855721ccec1ea69a7fc3e1e4689faeeefad6982a

SHA256
ed5d35b43e2769334b247913d31604e8d4697f2521fde8c33ca101b513592ff3

SHA512
83674057503405f8a89e7a47c44b038cca2b94f53faadeddd7577e0b5aabbb9bbb9c91099f5c13067fa8e6a9921db3d94d5559bfed6fced5b6dee2437ba178d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
7c61e0d30bef72c092c8ecb7afcc0151

SHA1
46649e819888b87f7a787f17d4eb28e97d4c7136

SHA256
f31b0289239d7a4adb4264be0ebe1778492ac917525f2af764e4d886a944f6ea

SHA512
4c6d22fc48c9285c52f78b28b502f1ec446c8292ee7f90fc599d96e1e617b0ff867e7b207bbcada706f2358bafe2a868d3778b4ca9702d6044703856110cb963

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
032ca26222ecbef48ed209e77ab3a3e7

SHA1
a768f3799063f7d147824981daf69dae46cf44b9

SHA256
1f1218cbcb418c1bcd524ba716c47fe7f057aee534e5cdd47680cdc26eccdc0d

SHA512
b39647c338c16b5b9b0e1925ecdf4f45243b6e663226cd8d05679b27d769a824fb79248714a90563a8e5463904df481a15d022c32b5d07c54e4e43b5244af2b8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ca58157752e1c66088e531c91ed26cb0

SHA1
d46cf9a420b9baf6d73e0fa8ef222f984ac6ade1

SHA256
5a6022275239c79ed236e5db1ec84041e49567d6b645f1c583b3f314bbc2ba8e

SHA512
f9bd9cd806c2b2f303017bc2aecfb1c7edfdb028db5b8b56312663d8a39b411f46c881abe5c0f766ba29ca91bc40cba26135f25efe595c260efb811977f119d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
f1287f4e59481a6af4e6729c2a69cf90

SHA1
59d35e64130aadc8729cfe72c78fb32c3435f66f

SHA256
3068311bf45f0436d7a5f78c4301f1d55d66adf438f5ee9658cfbb36db538def

SHA512
015b362f1360e6e7ca35202ca0c7fc9eb768ea84d68e573ec032c86caeb7b98913fa028e2485bd9a1d852d5135f39978a87ae0abe7028b863bd44ec1a4b412b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
dc3c57f32134ab9735ecfde0480610ee

SHA1
24dcdf0df48bb54927d9b13eaaddc04aa23475f2

SHA256
8c6b360dd1d2e6fad4a3341bd11b56fc51b934a9bcb1bb6e51e87cc37f37bb69

SHA512
7c425e849ad8f0584dd151bb2882029bf40beac834194923ba927d41350e41daeba8694de5ec99eb9e59fce2a9f8de62bb43d27dd55d6bb216b5abde60b481ba

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
d9d3998ed63cb5f67f4ea4a3572478a9

SHA1
a7ba9255e4108bb1c7352c9d512c9b30abff5397

SHA256
f495974d78a29eb98dbd6468d5fae276ebaf11238c54ee7e3cc7de25db2aa445

SHA512
8a23b53cf88dc3070b3f4ffde8b54f8831ad721ac6a4618ae36f9b11300f7f85e4eb2ad0d18f97358c0d0d5902704c13688280924d41c9ada656f125f7210f92

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
d0f034619c9fe1c310426bf7f77b0268

SHA1
bea5c8f18e2a7933486c53eaffab0e21998e074f

SHA256
12a28093687eb53c08d9046f1f2282b196b20e3dd2863ed8519270984d3e2d12

SHA512
98c7918317346430106fa704b7ea86bdf857200b208258f5bf68e2fc5b522f018d253c8cbf74f4b0f1781d68d3ff3abaa23c2c044a17e78f8d2aa7f39708914e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
56c328cfac51cf600adfc5b6b82b2bd3

SHA1
9d64fc2871312361bc9283a04c6cacd38b069a0f

SHA256
13ede2481f08afc58f94827052b1ab33efa95f415d24a3173f4e8e0f3f97d783

SHA512
a85b087b1bee41dd4743c80f3013ca33f5308415df37bc047bf1cecccd8cbdaf7024bc5bd703740ec7e9eb824a0276e18d7c5dcbcd63128144106a9774cddfb3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
fd198e4ac2acf632feed8c64b2644497

SHA1
0b4835fe850053c76c6d26442deaab3ae009dfca

SHA256
db51d01c4ad67344d3306d0dca71905de92e9959dbf0983576dfe37cc617020a

SHA512
d69bfc559a453cfd37a244e8133cea2234e1b765b9c395643b211e76a315cf0fd3762a7fbfe937d841bec94a75eac62f0b450a324a872eb3bdb7e7ec597ae7ac

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
bf896d1ec104481b868bb5b6cf818ba5

SHA1
543d443aabde169afad1d007e24523c756d4bd01

SHA256
5b326185ecf2d8bf89607680dc3d91b8fa6f54cc080496c1578ef53384d48a4b

SHA512
ee1fdf2ce0f62890fadee06dca75cdb0435b1f84d7e74bde7998f89ba3be3f8f0fdd3339e57e86b1531d2bdd070c4b441cb7b802f2408e7bff3a8ad37811f288

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
29927d1624add97969652a6eecb69826

SHA1
8e3f9ab8574c98a578739b558cfb3dd6ff27f8af

SHA256
89e79d8dc1a87280099f7d773aa554b9472cbfc9a87deb434cb589f71c96cac2

SHA512
779f1d3acb23e3a3184eff22fa100be169ab77abae64f3995169594a8b261fe6de4422142dbb6c443340d7daf922cbd45748313bf42b1468dc223790038ddf1b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6482abe49f622e696a71c5640bb22027

SHA1
8408b558f7840c4a121e6437e3c16696a09c3c48

SHA256
cef1fde924dd86f2a3d741c3083b854e1ad04099176f6128d838f62b636e3b1f

SHA512
f6ab597e0dba4a53e83e3ce86f57a353afed51ab3c9a36bcf1d0603b077590b89ed2a8b4e3391741a12dc0fe71ac0747ddeaf1578a851f44f32a565ac9a06709

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
6c6abbbb6665b27baa8d363789acc5e8

SHA1
bac631f5bd80b83fa06e07556cb8c648800d196d

SHA256
1a6194bdc213a5ddeb81585c9ed6060534037d9bb84bb007295b08ff96a84980

SHA512
d93f39e9aa7cb25572dd650d4600e833214e4b44f29f6d3aa1d83cf26a767faa23eabe3fb746282cddcaf80adc63459b6dcf92c5217b810e054d88a30cce69fa

Download Submit
memory/1284-10780-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-10921-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-6843-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-0-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-6834-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-11208-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-11213-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download
memory/1284-11216-0x0000000000400000-0x0000000000482000-memory.dmp

Filesize
520KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads