xorist | 7ab5cc70f8b5777a3c55d6b9a84500d1796af80f3d558ba62516f21f384fbaa3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Size

167KB
MD5

e08d6963abd974a0dcc9bc86f67edf4e
SHA1

6b7f8c57d6f67540b4545bd1bd52a4818516ca59
SHA256

7ab5cc70f8b5777a3c55d6b9a84500d1796af80f3d558ba62516f21f384fbaa3
SHA512

8315191960b1e0f60d76c6c0c2539a85de05050d75731fdb5227edc6696a47545687a39921939d877e52fecad432536b5a12b6a086d94f3da7951b4b6f739689
SSDEEP

3072:4rI+ZEBpDEdMYsQj0pK/TYcIR2VYYYS2zUYYvYYUpo97:4X6u7e

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/2512-5708-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-5723-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-10525-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-11558-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-11875-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-11930-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-11935-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist
behavioral2/memory/2512-11936-0x0000000000400000-0x000000000045C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2489) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe"	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\cacls.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmetri.inf_amd64_50397e28bbcd6514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\InputSwitchToastHandler.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ras\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\RMActivate_ssp.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\perfmon.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\runas.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\secinit.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ProcessSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scmdisk.inf_amd64_d8f75a9c87c2f7c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\gpupdate.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\logman.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\rasphone.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\wlanext.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mobsync.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cmbatt.inf_amd64_554d46f6008bc631\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\regedt32.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AudioToastIcon.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_a0634dcf2da1127e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sk-SK\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dialer.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_a084e687a06b255f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\ComputerDefaults.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhayes.inf_amd64_055d85baabbda8f6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_911a60fb265ff111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_ext.inf_amd64_34d742f3550dabd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2512-0-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-5708-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-5723-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-10525-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-11558-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-11875-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-11930-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-11935-0x0000000000400000-0x000000000045C000-memory.dmp	upx
behavioral2/memory/2512-11936-0x0000000000400000-0x000000000045C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_altform-unplated_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-60_altform-unplated.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsSplashLogo.scale-100.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\reviews_sent.gif	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\SmallTile.scale-100.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateBroker.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square44x44Logo.scale-125.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\SmallLogo.scale-125_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-100.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-150.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-16.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-200.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-right.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\hand.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-48_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-200_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-unplated.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-colorize.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-96_altform-lightunplated.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-16_altform-unplated.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-150.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\Office16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-48.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-200_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons_ie8.gif	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-GoogleCloudCacheMini.scale-125.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-125_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Cliffhouse.jpg	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-100.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-80_altform-unplated_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Tongue.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptySearch.scale-150.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files\Windows Defender\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosSmallTile.contrast-black_scale-100.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\WideTile.scale-125.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-unplated_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailMediumTile.scale-125.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\text_2x.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.1_none_b5ee49ccbbfbfddb\ssh.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-printing-workflow_31bf3856ad364e35_10.0.19041.264_none_d8be6d6bfbf7314c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_00608074d7799e78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..os-snapin.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_473b9b6be135c43a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-admin_31bf3856ad364e35_10.0.19041.1_none_5b433b77212c7c85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-powershell-windows_31bf3856ad364e35_10.0.19041.1_none_72020756be715fb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\wide310x150logo.scale-150_contrast-black.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..owser-configuration_31bf3856ad364e35_10.0.19041.1266_none_3f9679e47be7c980\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..s-utildll.resources_31bf3856ad364e35_10.0.19041.1_es-es_f69f34e5597351c4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\Icon_MMXresume.contrast-white_scale-400.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\es-ES\assets\ErrorPages\DisableAboutFlag.htm	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-pointofservice-daf_31bf3856ad364e35_10.0.19041.746_none_429bc70d04debcdd\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.winhttp.resources_31bf3856ad364e35_6.0.19041.1_de-de_bcf3fbc5c4f3edaa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_e190f18a08ed1a44\FlashUtil_ActiveX.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_10.0.19041.1_none_b00bcb3b56b3d8e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.19041.117_none_7879d5035b0edfac\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ov2fahelper-library_31bf3856ad364e35_10.0.19041.746_none_8ec06c70b43ed5c7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-defrag-cmdline_31bf3856ad364e35_10.0.19041.84_none_bf1eecf3f472e3ce\r\Defrag.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-tlbref_dll_b03f5f7f11d50a3a_10.0.19041.1_none_da4cf143d06f24bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.19041.662_none_746c3bfaa509091f\dtdump.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-minstoreevents_31bf3856ad364e35_10.0.19041.1_none_da64afa015674e71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.KeyDistributionService.Cmdlets.Resources\v4.0_10.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..es-adam-core-client_31bf3856ad364e35_10.0.19041.1_none_7eb56c9472d14a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..otect-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_df3798086d6ff0fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ient-printuisupport_31bf3856ad364e35_10.0.19041.1288_none_e25c67c3a4510a11\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.0.19041.153_none_7021b9937a60f661\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..deploymentmgrclient_31bf3856ad364e35_10.0.19041.1202_none_c26e06f4b82585b5\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..agnostics.resources_31bf3856ad364e35_10.0.19041.1_de-de_3a17d4d6614ab9f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\n\MicrosoftFamily.scale-400.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.264_none_d6c18d8390c0cd44\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ilot-reset-credprov_31bf3856ad364e35_10.0.19041.746_none_ff649b791242653a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..n-cmdline.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_281147e45fdff648\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlangpui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_fe8509d71550a935\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-csrss.resources_31bf3856ad364e35_10.0.19041.1_it-it_27818c167f59d500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_ntprint.inf_31bf3856ad364e35_10.0.19041.264_none_c2ff528ca8752daf\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_msdv.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_62e1e4884f79b021\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.data.services.design.resources_b77a5c561934e089_4.0.15805.0_de-de_d78600275bb50790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.xml.linq.resources_b77a5c561934e089_4.0.15805.0_it-it_2b5c32eb6688242d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\WindowsMediaPlayerConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-graphicscapture_31bf3856ad364e35_10.0.19041.488_none_4c6be18809eafacf\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-256_altform-unplated_contrast-white.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-id-connecte..nt-provider-wlidsvc_31bf3856ad364e35_10.0.19041.423_none_7c5ae2b119dba4fa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_accessibility_b03f5f7f11d50a3a_10.0.19041.1_none_0e9378a323fcc886\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_10.0.19041.746_none_5b105a4c330e01bd\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.19041.1_none_f79dcf01d5a416bd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-refs.resources_31bf3856ad364e35_10.0.19041.1_en-us_68c01a3fbb588324\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-spectrum.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2dfb957904ed7b47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..-system-diagnostics_31bf3856ad364e35_10.0.19041.264_none_fc0e64de64f61543\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\Square310x310Logo.contrast-white_scale-400.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\BreadcrumbScrollLeft.png	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directory-services-sam_31bf3856ad364e35_10.0.19041.1_none_7234113374b2d6da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_10.0.19041.1202_none_23d8a7639a579c61\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..utilitylibrariesext_31bf3856ad364e35_10.0.19041.1023_none_e5db99b35c733927\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-holoshellruntime_31bf3856ad364e35_10.0.19041.746_none_8c279b675efbbe3b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..cs-client-extension_31bf3856ad364e35_10.0.19041.1_none_45a8f75685e72d38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-m..river-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_be226bd698e0a221\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_usbnet.inf_31bf3856ad364e35_10.0.19041.1_none_e06ef7d00215e3b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..i-pcshell.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b60ad588696bcdb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tional-chinese-dayi_31bf3856ad364e35_10.0.19041.1_none_166d1ef984f89a37\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_uiautomationclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_68f6ed066d1c8eb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ITRMMXILISAOBTR"	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\ = "CRYPTED!"	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe,0"	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ITRMMXILISAOBTR\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hSP6F4R7K4sd3y4.exe"	e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e08d6963abd974a0dcc9bc86f67edf4e_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
0dd635d973a0a167a37d48919d07f3de

SHA1
a3d7f75bafbaf939113e37e2533b71a7ee72d21e

SHA256
f6aeb62098ff5686a0ff4fcd57448197e39afdcaabf9f1d72d8d4cd275949012

SHA512
4ec8d011403b9bbd325b97610ef23021f4bd4ba574fbf99f999e35648d2740bd943833f10a1c9a0c8293930555893dc355115687d905f83667097f04bc56ac4d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
567399de4b73c3e7ca5ca1b1cd77b3ff

SHA1
b6300cbd78ce700ac05b6e22a23688d31cc5b7c0

SHA256
fa61df231f07c50c17f9e7583cba932ae80909745ecb3b92b617f170e3da4479

SHA512
45fa338227553021116a5af4ce17e0d5af886356bb45afecab8daa17a6c20db16b082f3c0f60adcb1ae76fc7cfdb0b8d929b70f509a36525d3641cb5303d7b5a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
3b5f6ac77abceebed94701c52cbfbbe4

SHA1
b81ce758596a2a82f9ded0fa74f8366f31e9a873

SHA256
586f419944a9785e71e62a8082ad8e23441ab9e7c8abdf481e703b903bbb4b3b

SHA512
01689bc2c06d2fbc77fc0151659ff95a601fb731762a7d62ac544396a5dc924c192938a08857056699b67de80c16109d29931fc8817d17bf5a7baaf69661abee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
257f964f27236b826e6acf6957488d2a

SHA1
9d677c76edd21e6b9630b4f6827f7c7648601534

SHA256
60d12c6b500c9163bb573c39a1489baf548d2e4219ec704bb6d84cfc5a695f6d

SHA512
86d479902b2c9cf436dc89322c7f674907dbc5bf98904b0b13346b3939286ba09a37fbc9dcb8d77f0f67765965d87c74e436508981890d604f5ccaed299c3df8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1a4c6ccc76bb6fef95164f836c5d089a

SHA1
55a409703a32f745f1ea01f196f7f8206757586a

SHA256
7597c60f96bd6a6e9ad2012820df8de24fc547f0e74fb408e63490811a92c34b

SHA512
275aa24bb9734a2d89deec25737d818131b2aa5a659b0b0450ca06f6d136da78f554bdffecb20cd40181228f0276f775cb45a5521b368b426656f6d7ddfee5ec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
f240b16ca1ccbb0c610335c1fb3e2ad9

SHA1
5698b6ad4448fa1077d31104e6546fa1b337a1d0

SHA256
1918e8ee02424475b21f1b30b403b2fde3c8ec56d589c46099f33d536c019053

SHA512
b616c921251ebd6cec73b56d387d77682ae04e5de916abb06a6e86fe10bfdb2ad5eaf8d52cd4fb296883e679f8a793201ef786454901dae841272f9cc856eb4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
7db7154cbb364bb8ede6f8ec773e5de1

SHA1
776a93364f9a3ecefc2afda05521c3ff2c17a80e

SHA256
e4493e94bb9dd79f8dd2c1cc7920292ee481e15d97e60e54c988e8f8d4c56bda

SHA512
58fb1e3cd6d816a9133d05c2544a73198ca4feaffafbbfee81435a0ad19f93a882b0950b3c294b4089582213527619324b2416a8ea1a250129180849117885e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
1e5a748422de290d433fe0a31b9c0525

SHA1
087396f779897c3fdbfd6321c6cf936136fb8c9b

SHA256
5a22d88cc096c3c31c41d4f9c2dd1081305b6def220511424c6029c8bec884ac

SHA512
2c3022c15d1183459b998de1c365884dc79d5cb055d72d7e2db76a526271c225ed9273e58fa3532eace54035409c938ad759542db41356347f72a0b583651a8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
78af19e53dbc6015792c5986848c6424

SHA1
140cb03c59950dfcb0d71808bc30b29eb56b169b

SHA256
84b10e5f4aad9ce2f22e680cb41952a56945be6ca4c1938b4607dafc4225a03e

SHA512
5e5ed9a62400a6c0e517c4583fbe07a4ac9159eeb56d98cb708f55cc48bccefc994b506d115de7e91e133126773a7d349755a2130da6f3df31ee5cd65257f23f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
6b0e7755c9af762145778600734a4790

SHA1
e00d9b34cc5858eb777c9bba627ef0c1e2c477d1

SHA256
0237e7c068fdff90ec6e383fc9125d428b395887b1b4b567638c11a4b4ae865c

SHA512
dec83c69086170f744a9094d8ecf7bce89b9c06a9b62d2dd948f10afdd9b3039424c74fb6d57ebaddf92d0a805e8ccf92e4eca06325612dd96615341dd52d092

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
76044cfa7e03b3f7cb4d33722b7653d7

SHA1
7c6bb26e6e86d35a54d9c9682838335a9d65af7a

SHA256
abaf9308d967b958305f85cbd3738b6326b78a2f4a569a277cd1d03f05bd98cc

SHA512
9312ba6c08cca4e0c1826d99c96c4330ac63c3d00caadeb86bfdeac194b98607df735a7ce2b674df2be435755f9c5a790b5a6421fc9ca6b6b867be73566aab8e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
c8805a51b3381c74af4b98f99783bd8e

SHA1
0161658b8bcbec93e050697f03d3454b4572f524

SHA256
a8bcce8177e20dfaa2be513e70c0d419fcae0998aedf0271f9dd4282d95abd10

SHA512
ca9f0e07f6e1e1b715d1194746ee90f719947f6a3b22fdcc3ff7304f3b79fe7bd45842c2652a5c730202565ef576065e6bd25d04b5c69a7bc6b3f0c5095ca518

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
e44ac70b92f28f678e0aa68ecf392356

SHA1
2077fbd53b70a7ed4480fee3734aa3f855d43fa7

SHA256
7925a00325365b35ec56661803d4f35272b1a4e862b1181b91bfd450e00799a0

SHA512
26c542af8f78053229a780d424868435fb11d794688fb6cae98ead617da1f0594d6607228cb86ecaa4cb7443d9fd054d57fd40ad46438e14a676d91b0d11a1e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
6ed6c49ad73273f4462bf1482d144c6b

SHA1
2b2cc3bb1e2b95a940f1e7c83e1c386ec4d27dad

SHA256
8abee5bb42afd5f6f7442bde38a85ff854e41c77f32b8cf95d9b58bc55ad0876

SHA512
3117efaff0318b67f55ea3a55123360fc0226ec96c69dd59be536deafc8e0142b41435b43413a2e2962c2e973a3190fc8313f53d0c773b92504012fbc341268e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
64ec854209ba3161206fde039e2502d2

SHA1
3d9067ca2ec8d0b4bbc239855273488fe4dd3fed

SHA256
42acd05aed6b19ab97e3580b87b823655e5ad1cd2c20430a23fb2adacfb864b5

SHA512
a0db166504cc3eeef58e81b7bf1aeef3c14457cd9985fe772297de0f39f09a37f1265b15add31fbcf3b34d7c7877aef7ab880c0b3e90f53e7b0310692783d951

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
431b518f4f8d23028ff95f34feec3def

SHA1
c7bcb7b169551e037c4b3dd91dca70561f6bf557

SHA256
285412f47218835d1d2f4215763197ba93a5aa6ecaac06f8d7b985df1e79baae

SHA512
816bb45d936491e5befb036ffbe11103b5501e31c681934d8881b48b1dbee7c94c4b44282a8f10b602b944d7c627f93b1b5880e62a9cf96bc3e927076e43cad9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
bb5ba163faf74e027ce796a243efd936

SHA1
47b8435f5e551f93319c6f9a1a4141698895980a

SHA256
27db85f2cbd14d9be12facc55028ec23b74e849ba726e337bcd595912ab52ce4

SHA512
5a887a398a7978fbe309dbd1dde2f10d8ddb1e2dd16760dd6de6861f68f913e8c79e770e43fc8cae4121911078c2a1ce1b1db7f20885cea8ab52b24cfeddbc03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
1d1a8784b84c72c57957f6289b418c64

SHA1
69f0ecd6684d22806d37ce3d46f779ecee7ae537

SHA256
b0e39d94337483fa0005b84d24aa54842859b7a21113b55f22f0ac02907f6008

SHA512
c6aa84c00bb5a09b53d03b27bee930aa4346ce51dd26885cde26c34049ac68c3fafae210e03fa4dffab032af98dee49cd6a71308d8caf1f9197e5120a4c775e4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
0df7d4c495397e3a0001a3e8f0d441cd

SHA1
1729a8e8d969308c456e07e1740c6f850ebd0beb

SHA256
5bc15b1355b8fe0904f91924d23995ec2bcaf870f51b6d8fa6eed88a39cfc8ed

SHA512
3789eccd6653337122902e16b91adc15667d6f8ccdd36301a0572cc96df00e3bc8ffe18d916691334ba4e42f7c0e38c1cf6e0c797fc21a3cbb2913645aa02ed6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
59ecaaf74dc6c0a2ee62ef074109c54a

SHA1
0bfd87f3edf3c9d8f9893b320e72136e0bef508f

SHA256
53132245c0f39684a452714c63d9bfab13f21cf049ec03cd7e84d2da42a150c6

SHA512
d02ae9e8ef61b0a67afead442af0ed1661a016320eea57d2445d73cabbee2195a4092c32e797867efc7ff75c96ff195dd2d519026cc595c51648a3d1a3526aee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
fb32f2cb726155a0c959500597b73fe5

SHA1
425e441f7eeb2f2e490f8fb5d4ac22e1d8e073c5

SHA256
89a783fd35db2f1ea05e7c7ba18c70918e16f0c1158e02697bc1028e4c00aa8b

SHA512
7278f2277a1cbd6ab3157c8d09b900c4b3fd128abf349cdbc6207c732ebc0ec4ba26b573437a8a6894bc6279499c9010ebe6269c77c64ac3475248247f931b9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
93d2b3960087b8b557f2d4593c18dfce

SHA1
0183dd9a4bf9f48bad8a280f561302a262a92724

SHA256
6ef3b6568faa919cc11ecd086337cb341db826df6a05f2d748e5477a0f3ab79b

SHA512
b21bf168de414ccbc6292b92ae082ca49278ef17089e05b95c590b93ed3dc73c87249897a6c9e5e921bbd6c1285e6bee0050a4fec9f13ef3157662ec17ff2e01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
59049f167d87902727f113c71867b858

SHA1
3da3f9c1593795fdda94839c97e08da5985cad4e

SHA256
53daad85fe0cf21429155797cad140ce980bb07656a37e698a92602cbd847b7f

SHA512
4a8982c991138b9fc709b350663ad7e794b86362b524c03b27bf9e422f6582af81e75ce0bb192617be1d4c058d29b453bd6a7aa264e42734211fdbfab0b38366

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
7843ef0d53cdf6c8f49f9c6a86caa7a3

SHA1
789b2a95afe01b53267944b9b3d487094aa0c4f4

SHA256
252a45cf7d02df93069e9903653c3ceb2ffdd36627fdb53c21629ff3398d16a5

SHA512
283d98c573f48f4e97e90ca6a42e690ef008429ea52cdba93d1c301bf7e437669975c9f90b7a96c78bf0f429ef0701de68144b9f925f0f435a1a1160e2e664d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
1232f5c2360e127491aba6a29552b671

SHA1
ffd31a0b2f5d85359f97a303e4659894db0a1bc9

SHA256
e3fea51a2cb5fa4600f2dba4fcdb23cde42241b146f72812b18d1de372d314a1

SHA512
1d6fa3872a14397937413855e074472cd421d7f5b23df31791d43d3c8fafdff1b4d05faead1ce692e505bd782105b2e80113da9de172e09ca7bc764e62cdad5e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
79ab355f99dea9b031ad9483a22cda5b

SHA1
6aad3d1788bdaee75ee6979adcca29901571f9c8

SHA256
e8c66170d41e9913def70f5e206ad4db1738e8c95d6dbc6211dee445245d62d9

SHA512
85bdf63a7e805470c1a8aff33c040b0a17163115ac29b689c5391c647465279937e0d37bceb625a435b9fcee2327b959043346ded96ce649a2a9b547541cc654

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
12311d0495e06e68724b690dbf6fa573

SHA1
a50d861d972099643183eb58a33b8a16b6cf7764

SHA256
4f2267ab753aff724be2a4a68258c066f41ab388227f05f280849a6640f740b4

SHA512
138e76b5cb6bf09c607a6dbc64632e12e3e19926d72fecefb2d4d02fd75ae5a4fc0786f9afe8aacc0c886c53b8faabd3e5c0094f9459c44c8266471e9905b324

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
5e5bda2f695ae9cfbce8d268fc37b6de

SHA1
ba1303eb6b205438a4ddd79d6148819f3839c0e1

SHA256
57591495a4d75e8a6865bbe0f4a466a544452de17b54b97c11608d77b84cb22d

SHA512
5e4c81b2d97df594e15ff1cfde5968eac55ab80ab7b2bd1cde9d30b43df8623fcde357aaf9be8093b1524580c385e6a1f963169bf4e91da3847683a83b5fa300

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
555391543e80c6c14ac5bef3ed3aadc3

SHA1
e303e7b5b7f7ac0ad169efd1e38eedf94c44d8e0

SHA256
ae760afbf0c6bb4e19c3aef431673137095793747c71c61c7392d44f63c8cd23

SHA512
d3a88b331d70a637fc501d975829e7c232021f48d27b96a8d8990848303cd187d44292d1175aaa9b4b3fdc3a4aeb5db87a77a1dfd7092a39e11399130e96f7d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
e71b2e08a3e69e600051fd7ea59bb800

SHA1
9963179276996316857f06f8ea7f768b82b9b626

SHA256
9090f08d7bfb49401283df9187eae2bd5bdd788f6d1dc211650ede6d13201871

SHA512
3305d73dad9ef7e9db126b386e6796ed97a460562adc2f5f01675e8e3b6fb3d9e38302eca2aa5d6e646b2a6d378bc2e75f324603d776541803d2d930eb6d954f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
5a1a407b4221d9e8c1dd1fdcb9ea7aa6

SHA1
1a6a2303460e98514a40a28bf840f1b5ae6a3bf0

SHA256
c9d700b0c29b3731c875412b401719da89897982bc22b0d53ec78bc06bee1ecd

SHA512
836691a0bf06cac330f2a69c103ad10759df901f896b6e62abe528c4decc28e1bd806e9bdb1a7e73c2e3a324f09e11082e73d67b979446e616f95b8dd5ff8be7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
20729950722d4a397dd80139b188cd12

SHA1
66cbded5f29c6d762cd192cfaa5970f104c73472

SHA256
6addcf73e9d7e5e28d7f5e76393e480d775f282c49f7836f3c5e2fa4840c8842

SHA512
4091cc78f2de968ec960228bde07f90eb27249f48d3ebd6c23d0c2421243b44066c06da9752042f265afd1f50fd5d433948d40a3e1e762a0369b91a233b8ff0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
c6b8943e5c0a83e219ea01a90bb71eb0

SHA1
d61bf149b196c0cbb4b449b867a3a58aebfd767d

SHA256
33f13aaa21c35fde035749fba59b507241b81df6fd6ef6598266420119ee0ad2

SHA512
fd73c4b8477e37d4a5285361ce8a11186c5431d3d02f14dbfe7c7d2eef78ea6dd1980a6b11e8c71cf2602601605d562023b43e5bf9c21c6f678c6af1a235efcf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
39bc9e52c9f19f27e4578798db360e6a

SHA1
a810d390cd235e2b0ffa60a50eb7533d0d3ada50

SHA256
90cf45fa54b5553044d67263ea1616e23fed394a9aefd6271c22e7051a3c5c97

SHA512
970ff16c6c967f1b14d9ac69d1287c14fb889c9825f164d530e50122130c0ac6bfb080804fc048d8e4e903d460387f39b66d121546810c9cd07da8205513f085

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
f3e2bcfa231e87e22dd994a89d36f68f

SHA1
18bc72004acfcc843af8ac41ab6ef2e22d3408b6

SHA256
b5119c560c8691f6c2946ceef87db5453ed7bba927555609b010345a92ae0027

SHA512
d032dc9e526a6891f3395de75e5f184ec602136fab5f13957de664856b606818e1c5ac3ac93ad8d3d2d274308aac7a9370ff7f77fe820aed268e37958be0efcd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
f9ab5d65a122cb10ea35dd73ac903540

SHA1
e34b1907f0f1e4915a7e7626dd13317657ed862e

SHA256
89135dbf7d60895b56fc85404a7ced1324205c7fb9cddb8c999e48afee502c8b

SHA512
039cfec1792ca8235bfe1ffbcbfdd599db8b6a60ffc115e4f89fa2d40daf498f523490d1061a3a966f94255d73454d0efe9dff0888278171ce4af9a4aba8fa69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
35b6e3c50418e5cf441890b07904fd61

SHA1
12fab69aa803dac482e48a8649a5a03ea7cdea70

SHA256
5a3d706861787b358cb06b8c661e53076f522cb1fed06d076eead826921d396f

SHA512
7b3b1f456a321c3ec696662b8d8f45b5a9c3222810c487b90e9a2f4a7b850a395c8cd2daa1b7c5bf892b1a08e5741656beb1f0cbfd3fa5032c722b68674e283f

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c90d840310aa3a7ad2396f1d7e904d19

SHA1
dedaeed41276126433c7520f62d58045fc94b147

SHA256
6a3a5a3411858daf25455623e0c31919764c875d20c0e94a7fb78e03a0ba2bb8

SHA512
7bc7280d09f3f8529dce476216072d474e4ae432748a798fbdabde6aa4b8346d41b6dfbd42fb56df4997e046283d265c07fd6bb3dab78d10bbe8d6b0bf19243f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
311B

MD5
edf3d4399582c7a1e8e1db50eb8f63ae

SHA1
2b7d5a0b8c2f0c6a1e233f0068046b0fd801b968

SHA256
9c5ee7821cfe0279ee6f64936c361a251b9f1f36dd2603051063230712017ec5

SHA512
16433b80fca0ede9110f2315ab0689a04ec2e490858fb19650986b7f46da7d317c0dd0519813f2ae67c4bae7bf00930ef4b6fb231ce6921b0e8f2ebfde114ddf

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
b2c878016f854f614eae23054c96467e

SHA1
8ce5f8f8c30b1e03dc405235a9194767a1008466

SHA256
d3980f752d066125e74dc259902022a3538a4ab1d91287aab8c2a39379e60474

SHA512
e3620dd338b6b31dbe092317b7c22b4e1944f719c99438d4c01265a20a47579be5f6caecab889522fec321d37c51c41571836e0a7700174c8e90480c78459715

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
48bb1ce2dacd7aae4926032388a89863

SHA1
0fc952a7f460e08165ade79d1651bd5d196b51eb

SHA256
238d5f49d02c8ebefbc2e1a0f2ec228160641ded468e698ea6d38913623deade

SHA512
7bc5434a50ad99fbe1d6399136f9feadbec524e518a5ffc9de7b95c9b6e4d80f95bde6411d2a041a503638bf9057e2f617349aab7ea164b0605e42f978bfade8

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
6e34fa929319ebd30ded0e2aaf64c03f

SHA1
87807bbd34a5333b490f47454652e7e5a5148603

SHA256
6402460c440a874862ab9755536e422256629276212ae1d97100666c7afc12cb

SHA512
0ebffea1a9d57e18d45f5206d20b0a104471b63f04d0af5de0e138e460d5fe4b6d0916738968178e1308e75dc9e09f43ed3854a7149936b18ca245caeaba19e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
bbca51f47703ec28549e7985c01ede2b

SHA1
4ae3d65739e6fbadb17f531adc789340bde8cffb

SHA256
df3604ae4bc281f58f928601d2d8031c7853b859f71fcdb4bdc80eab7a911bad

SHA512
c51cb131bd20e51d28aad59210bf90bfd11f54fc8df60afb65f3d3ec3d4829e116a79d01aa91947b1d778a572c5a663be5754df6f16a61887c8c36601d4f39db

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
92d4d0610ae82b3b81127bcf2152c45e

SHA1
c450c9fd1b49af056d4779f0af2652f2a0c60603

SHA256
feccdaf29ae4e5d203f4c70d2fec72367afc0e33be023821eb480dd85e135319

SHA512
55c96e2990979fa78e22d30ae6992d220df9e7d5ebec078a5e79e0f77cc85b323f6294d5374284baf2c957b7f09f3e21159149f7784506a08fd220142ce95ca4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
fc3588afe9d72e2f2486525f460120d9

SHA1
b7cfd82083d0967c35418e11b05a0c900f6fca4b

SHA256
f7acea10972fc604994452e083fc63b7ad08d62556c998848d935cab791a573c

SHA512
f8cb9d8f78e1cadf1627f1439054569d78bc2d36219ac6cef856b2add8f38ff6c8f59b411834b4b452bb294b773fe79886e1c1128bb58ed1e946710c4b7ddf70

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
165a0d24d1e3df93ee1707fac99423a1

SHA1
0c49c22d29d08c649e7422176f0699ddd917e696

SHA256
4fd37c528a47c248549e1caf4f534a2ff047e57a84f52defc6b5c4bb4eff56d8

SHA512
fa6950ef1060611dda9c4218f2de5c64932484eaa15bf42158c50bbf9daf907bd09ba4286dd83d5ddc2265bea570f018b31bcdbd69851a030171e7a0f46e8bb7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
9baf4f29f8a6137b613362d56e3cb44b

SHA1
86f548c7a7ef4b1418e1cd085bb1d94654aeabe6

SHA256
47dec8e024cd6253f3a6e95da5de2d51fe9cff4c58828d062dd15153b05c6dfd

SHA512
abbe088f21773531303fa4458c547cddb7f1727964b199a553c02e14fcf2b5e8d1f6dbd472105f9f2839cde1628c6e2e12439b5306504b9b7e615008fc366a76

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
6deae20cebff26e8eba882ef3299344c

SHA1
6de8acd27fbef2d7b77c1df08781c6611345b1a0

SHA256
63f887d85b10e871237aa417f4192247f27e793ee88a45f7bdac0dc96f8e803c

SHA512
ec33bc9a4380c52d30bc29e1f340bfc6948a5aa8781e822965df4f5ef6e5006fb589b35f38f229eb37250fbcb5206d8b0c0f513eb04a2faef4d0a26e048a29e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
8c3444286e03a23648690cdca1ef4093

SHA1
83fa048c02048ba335320f549fac2042a2a774dd

SHA256
9ca00227fc5519cd0ac176469649b3b6111faac19a5c33645e89875467efc207

SHA512
3992b29a8425b3fcb5f628f68ad40742ea761e67e6b3ca7f8f3030620dd5864dd30e3cedfd5fc4342b4b1733ac62ef1455bf36ef37036a1ee0c598bb056cc577

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
db54085d27da534215a17be1d87d4cf7

SHA1
2669fae1df62d1fd7836816952f7cc03193f8a70

SHA256
41d76dca989fa907862a37d84a6df2ae15c41198ebde60c0547659982eb5a956

SHA512
c2d7b96f7fd7458238df1797df00617f9340f99371d62e0611677910c1ba4a74a2a3887c44bfb726ac39e0c60b448143691ee57a695cdabdf3cb417bdaf3beed

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
79f1d8bb5b51db801e4b5b64ecf8cce4

SHA1
2516666eeddc61ef94a0f14335683901f7a923e4

SHA256
b175f17f91599e2cb0d08da0f8f2cc5b3ea61ca5d2aafef79472ed08aa9eceaf

SHA512
a6bde376dd555d286617bec38be087625127e94f8c69647f161c974798ec420002fe5ecff70b3281d461fe1f5aaac6419fff9f0c6cf1f4f0a3a9f410df48c36e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
3c489b18f1d24f9d1e9cef6fbd40ae1e

SHA1
3031ad044e1a48e1c83eb3d4709c42975da5ec82

SHA256
0b5e4e5a5257a21ecaae428f712781ab68aa3d5a1aedf1959c4fcb5df5b35331

SHA512
64fbad15e99a1320d0f3d9d4afb3e23f9d2d6e7132a58d1a6184191045ac1335b3a100fad349cf4c488a3b782a363c06e7aa2dccdfe13416268a5a308721555e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
40c57697c49b77dd09db14f84c3555b5

SHA1
77c4d1949757233c4a938a3de384c167fe20e9df

SHA256
6b9fe75d9590b15d4c51725f7924d4b7f0d2a0fa655c0f44a790fc90405afa2e

SHA512
9ae34f05a66fde7cf3852d6d61ffe853b0e147c5660677737ef7cb9b8e40a8dc96b4cff61eb81f57c4d9d595d4220ef7326ec4ed1d3e9f10c96ff1021ad5d4c1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
10db9286be80ab0e23ab290d34cd72ad

SHA1
c481a60e2f4395cfda45c2cfa2f96caf3fdba5a0

SHA256
9794a9153882f7281a5f2429db64a8b85b838356d5db69304ad0ff0442bc6876

SHA512
064887eb0614cf1d29fa22802f70ee13af84e2c33863d8175f08db1c3b777ee542147c62716a5daa50b211c254f81a596fad887861b3702cc8c0d78bbb75ecd9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
af487592501a908b0d32d6fa00540a1d

SHA1
1dacfee84f4a5e0857efe8ca93dbf3f50afb5529

SHA256
62d2a9e7ffb4b01193f32800e8c514e325833ae5213c3d7c4d1c378ee60dd020

SHA512
a2b76cb64a20979d0ae348bb2b9b3f998d439c24c8393b3aa7b34ad618e577296f768f09aae415ac2b975d5b9c611ac1438bdd6ed9b054fa1534ad24cdfd83ac

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
a93a33ff864ec46a54209d406ded6433

SHA1
8453c9b108ed44dce72932b5038df43978ea31b0

SHA256
2bf6a9efeb9a59f1233e831d237bef76d694a5600e8e4ab986d7cb3a2d3a68e4

SHA512
1a494f982dfbe101632541a9e82c106c1bbdc5074be644f9ad6df4ee510f989f85de0cdd806cd7813a1e640add018be21d50c1a1672651c4cf251c09f6eabbb7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
999e26cd2860cfda0fa11edce5fd951f

SHA1
11a6768f12dc73b1ce1889d1ce64d0fd4cddb19d

SHA256
4d411cff86cd2c19877948d240c9de4ef3172f6f74aec1cf36c2c1aa12f884af

SHA512
835b8c45df69b39d94a4d1c10cda295cb6fd87a169ee4e06985aa1553c4d1130210340562ac36db0fd74220b2e18307973a847da0dc7fcd017b0b2e847f5d2cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
53ce4c79c91214ed4b9f8cf0e368ee6a

SHA1
201b2e681c244ca68c231d75525c6ba230286a40

SHA256
31c985f1c1edc7447e657c945c5d412242b395e72d9514ef74abb6058bd3bff1

SHA512
802cec0c36cea1bf60d3dc32328f0a1288e5c88a99583ec73252adbbef8c1d1d559a5d27fe983be453ec5b56a7a6ab009ed6ec18182086d9e6b77add70aa573c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
66565b559ae6479abc4d8a483388e22e

SHA1
0f267482ad5e115056ad11dfc316e51bb06cb839

SHA256
ee1c40dd9ba42324f500955d446f46ea5137914bbd77a42b3181cffcfde51104

SHA512
619e089c7ae0e233fcea394010edee3c7a9f091eb0269768ddc9a7255501e90bcefa0756aa4177e872a236e4cf559d32ca8ef116cf3db8f355bfd68225775282

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
42aea989d7b8130e91846670414c9d96

SHA1
2ae6a55a35ed262940f3d56ac4b1f7bb6f053e37

SHA256
1d225537e0330cd7393b571e4fdd46f3a6f866b95af095bfdd03bae59a0b159e

SHA512
f5767dedac22db6779e89f36099a68ad1806b6905d03ba9f19d02a4add44b2003033d6e5dac294729e6487dcee52cb42a49c77d826c208b9e4f842d28b66492c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
0e7186e1fc8ee919fb9aa41263b3f74a

SHA1
089feb40bd45f5cca22078459c9520ce97fed035

SHA256
fb1296b13242192bd0e48a3b054ec925f625eaac6b4df4454e9dea57994e0e64

SHA512
ac98c73a435f65c51269dadeee80a1c2c027539bc8ea678fd36ea09265060ef83e6208762fe28341783ca46a4fcd325ba843917cebed14fddff8cd92c265385f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
e31ec8906266177bbcf7704d16103458

SHA1
b94ee617f084ebedaa1c69543fb5a6b23da0b3d9

SHA256
65e34c4f893c3916f7137b94cf90c5d5e7cc222a48ed56ac983fba17d9e84285

SHA512
679e34ee4bfffd5e96a0d9279dca34a1a97031c0ead5806e24216e478d6076c77c98d1cb44f3893475d1977fb7b41d6573a8b942ae94c8232e4150986402fb49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
1c35c1a05a500f9b613da53b7fef651c

SHA1
66d6546a77609e8236fd7302c2e02478b6e4dae9

SHA256
3dca10939dd199f467d6d3abee41a2c02ac51aae4fe11de84cd72baa071eaa36

SHA512
00dcb9171ca7790605dae5a96799b39cb8fad76bb92325ce64051ada587e6eba71a21b39edce7e1deaef026bb177cb091de26cc8e238075be4535907e6ba3f96

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
47e50b05c42be021c0955be14b5a36e4

SHA1
f3b14b668d2b90e1a7f97559e3a6e42e0c277e3f

SHA256
24cc4033c2dd3435f5ba36c290cad68a34c20927362e948a93dc265e553cdf32

SHA512
6937a8e9cf3ce26af579aa997398c1d27f64217a315a286e860ab0701150ed21a9a3976fecdbef428918fd793400527fea166d8c2b3bb7379cafe212d0a4b77f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
b2562887759cac5398ecd719c77bd1ca

SHA1
293001f80ecd45e93971a96ae77968d25e1183d8

SHA256
4903e95af0744573d16607e16120c48decd3efcdc1915d0265aed374b26fe64b

SHA512
d7dd3cf8891a10a67572b6e6ae84c7430e086dcf480cc0387184fa8a8501ec1ce07f17f0d3a1f126b3fae28fc5399d90764a24cbf904b33218db7478e6e36495

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
9b9d1ca49412ad8d681324bfc22d2186

SHA1
5d337fd671873e879a359816a5a52a8dfee6590f

SHA256
649d6b13cabbe67d20ef5125cdcbe96c38795041ef24d10b8b74ee755db4bc1a

SHA512
d7a4698bffcfbe8da16f4b86a7e7eec98e205251bb3ac769c6eb7ef2618845289af491fbc7009cd8ad5c58e252669aa47da52c79949e603354761d39a4fff30f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
e1947ad72a4872c0e2165d3b4315b155

SHA1
7f36a97a582d6db4ea7d5f747e5a0045d5cab7d6

SHA256
b3471d12d51c8117b5230f26f2735de3238cecdda769077bc48cfe0b0d50be2b

SHA512
04f7009580bf6faa52f590d9ee1367605e6c5377fd47b3b73558d8e72df7a1869155286778794275092e6bc69b7cf3be93df87c3b7ae7242b497b6409a16f94b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
ad2fcfbdb1790154cf1e93648b1b4edd

SHA1
93cdfc24388d3ff88fcbf2cc2e621ee17d043e63

SHA256
02d18f491f02f3f562278895b2abc795fa110bfb503ef81727fa37db43560edd

SHA512
62f3baf2fecfb41ed1480a00bce622ee692763299c4c652b1e0a83a48e30b7bb30a9b75d683a98a82c92a8fb673fedf96ebe54ae1cf53c3c076994a9629855a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
315f9a433f778a115ff253560973fece

SHA1
88b6dca73953e1888212661bb8b6d533825878ab

SHA256
a54b77781044fb0728afeeabc8fb370eb9b0b5b55a0d2ea50e868c27344cb635

SHA512
47cec53f9d10baf4eea9c3c95cdf90a6de757fe7e14fab77287019a68b888fa297da456d386a48317a9b7d064d808966df717384b7c4f35f58d99008a8d8d33c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
86a909163cfd2f6fe496da33a9256c3c

SHA1
676915551ab05017c4c602e7cd36a21a88cc6eca

SHA256
91ba0e212a21d877210e1ef9d22b52564a72b97211f73fdcde258842af592493

SHA512
1c0e1151cce037cefa98755ea63a4b971a33f581552548e6e5b0d36d79128ba5fbf76c9ca6cce7d4fca1d13ab03c2fa82e424b569692e83b151dfcf8de2b1fd9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
805bae2316c7dadb2cb16f19b8c16e2f

SHA1
e2218674c0b9e189afcaf149a16b0cbd13d40861

SHA256
7b95e814a5ec4c1d7472c94100202c43eb18b01d158d14a03d539d3c0ecc1220

SHA512
1d56d529b08b1007eb18bc1879f136318f1ffbf8cf353b0091316a2dddc5bea059373e2b82e34196d25b28a612789bac531075374d773afb28780f1aa7ce3d67

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
18c6fc1e3ab2cae4a142170dbe4e68e6

SHA1
7e9cedd34b0069dd990a7d83ad08b56fade083a6

SHA256
f4fe81ff0ce3afa5a7bd4a6ed03e7a149da7b0e28278a869c3e18a2afb266d18

SHA512
09112b7f98ebb0b8cd835a8fcd87d2e864901bdc59776710341b0b1bfae87b7743f6bc1a742bb81854ebe19dca7fa196c89cbd60ee6c893ee8c574ec6125069f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
12c74fac9c4c9cb42d1fc78bc49216ef

SHA1
c03b2187b0b6ae5cf4a62b5f52b9f37134b811c4

SHA256
e42941116c42838746408e94fbacc2dde1e7ad61f475519e989deffa1297de47

SHA512
862dfbfa47b6ec20cb8022446b4aa52bf73e37e0184088abac25ade90c101ec7609bba4bfe55b437be7af9b2fd6fca09eb1d979944572532801863e41c21d36c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
b86c6b25a054eb34afe24b6652777472

SHA1
3fc6d74149920a556000279eb0562abddfec3993

SHA256
dfc869ba0983da27e4d0b24bd8fabfe75fe92c05852764e08d16aad0f1ffd87f

SHA512
28f66e420482aad7cbbf8346f4c451a583dd69bb42a8c6f3aef7b329dd6fa9d12a5769eceb618dbe9d2dfd7e5089fd1a2f3720c6752790a1d38c80d1002711e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1911b57cdbce8b89d514bf8a523c1bd1

SHA1
6cc832f91689e82ebcc851aeb090ea0b2a8eb8be

SHA256
c90443a58d6a93e726255b68d9b43740e935d2538867853cbec9e6a74ac055df

SHA512
4ce963047896d091c098f842b919bb125ddd9a31e58c9f1c9db76e1fe9b27f58792e2c95ee802027a91a8daf4583707e8b5516056484d75f877290198b76250d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e644b3b2e5a92291aa130d3d5f41698f

SHA1
9ab066ce0f795b1d776f93425323be4a74bce2b1

SHA256
03d7ffa1725579b7ed806d3673952a6abd8c82bb97101e5da3309fcb341f211d

SHA512
83fa4a7027f6f464c161fd9730eab144368034905763e2dc0d8bc76b91f71b543e03ec8ec8cae7e13387714decab21d599b005e5bea4c247e81616b3e6218372

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ebee9cc7b54b1b125f04f85a72401a72

SHA1
6d67ff1ce06a4a57d5190e4dc68d5d3358ced890

SHA256
64cecfc0e78d6003ec20ac9124e9c1290b826a3655620c2fc78e395bc8566423

SHA512
c54f858eddd213bb07254d4190e94864962282abf00991f618cbeb30ecf390b818c30f28cd4b74fb1933025167277b53a8ffb4505a5091ef91e9b724d585787a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
92eb6bd3d4eceabbc27e395cf4aa8c92

SHA1
16d4d4783679cd2fddf04bbacae421927025fba9

SHA256
2fd29abbbcb38d434e7e333a726b3ad865c19c5da4b1abf2031dd252dfdd498f

SHA512
fede42e4ade12b88f23c09c577e4e24e63dbf20895ea3f25cc8f41f5dd213f4a35b1cc0813d093a5f301a069e6506662b761fed0e5df43d7eeeaced712142b1d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
c38cf88df655fd834c4cf06faed4acc3

SHA1
ccb263d3fac82848602396bb111d2ece54338aad

SHA256
403d40814574f73dd4781da28bd70fa9885823c621b2c100d7deddc5e82cad38

SHA512
af2dbce1255dd7ceaa6302970e24edb5ba3837ab4d19a2eb88d63e32efe4865b0170442e4c90691c65ab81adada00ad9d22a4174e278538cc58ed8558e48b354

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
cfe3f0bc5fb8eacf2ced179d33521836

SHA1
c613c26b92c71956bea9c4061c3e025280111d4e

SHA256
7112e53707f4406dbc8b1eb24f61354020b6900e8a206e7277b880337380190d

SHA512
3b7914dcabf91b35eefe9a08cd70950a88a0b67b76ccca45c1374c9f86614fe7e375ae698f00fc6fcb6b7c09961106c4933f5549b0a575295918e45cb5b587e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
d4a190fad3633162334068a7a09c8c4b

SHA1
33dcb292b7d7d10f744cc91a6367cb5e872987ad

SHA256
98127765063b5f687089588c30f7083ff48b1f9afb540841b706450c22f1ecb7

SHA512
d8f5ccacb175b4879d4589c7df812a73a1dcce026847f289c90c9274451071e4f16076296dba44707add86e34de8df0e57e9e7b09714129eab97a976f6017f0f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
fcee319e39d472ed6d760281a7e71053

SHA1
c940cceecfea239c9895be0f10367559488cabca

SHA256
d2f3a43fd7da30485c7a9b1a2dc55c9ce981e7f6b6dc09d95a62a2e04a62cb7b

SHA512
b11fbe7da6da07a2652986996783eafaa6ae04a2637a52243b3b494cac0bf60de2d7864198751f5dcfaca1d9847ea9b102cc9b67b83b19c3b09593de56306761

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
d18aa4d5feb1abcbabb59a3cace1d9ec

SHA1
94f48d35223468b7b8841fabcee9b79d24cfe6d0

SHA256
b05a21ad8893117841c8959bf15955141418d9e6330951fbe7efbb40e8914ddb

SHA512
691232e1aa2bbaa9170f5503cde1417de6f3ab71a70673cc58838e11245312a8218acf61fa45fce0c17d340970cbeb61cbf7f2cdcc076dcf3871be6d4f5dc0d1

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
70549947c6030fb5f84e829741ae54f4

SHA1
6d5bef8a540f90adaf213f786b2c788cf0513a4c

SHA256
7178f1126db1274bf6988c488a684129ddb6a30f36d893846eb182207b6b8343

SHA512
007141d44791b78cbca5101bb34aed6f217e96c6275ca3d611a530863af705d131cbfe808fd6d3e1c6156e283aea4cc2c9086318c5d5488daf6b3bbe9f968500

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656226049089.txt

Filesize
77KB

MD5
d6dfb5f93b59c82a87f4e54bffa802bf

SHA1
bddd6cf046863846738f176e27fdd5654bc814d1

SHA256
e047b6c86a6033c0496f757a7ba0d21df3241d9eab023d8209f130f268c9263a

SHA512
bf3c273886ea4c5f8614fbf472e9e60a1885363ebac79b6ac9ed7a1608f2d4717b7af35fce03fdf2b6346d239f7e6ac19201c807ed3f93be71fc453d52d27fbf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656623420834.txt

Filesize
47KB

MD5
b85b4b85ee7f6972ab9774ea68d3d789

SHA1
ea245897a5408b31afd02e106406bf74eee8e79c

SHA256
8a8f75cdd15c223b035dbd1d6f6c6b5709dc794b0ac0d449da045ce1001b356d

SHA512
a8271e84d99f54ebc3c7ab184410dea350345777a2b93181263a051e71c56eb26656983832b30a675c5a27bc9738b8a6049eb137958b39b2e4ccb7df4adf7a10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663536793873.txt

Filesize
63KB

MD5
de0d0f34568cb3031de7561099e7c697

SHA1
674036b9b3c46cde0501a09c253ab5a66b258e9e

SHA256
2579dcfd4c87e92c166593992a62776d590f93f7799eadbdc54a5c731d34c7b4

SHA512
95bfa58f3360da74ff22b0078084866562dc4f8cf827e0fc4c0c383b5c3674734e5b47758c53dd2e3df7c3a6eb80d7fb3148ea458400e6059b5ac618ed3c068c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727666235612999.txt

Filesize
74KB

MD5
73e105f0517c547fea2f883f9d67b814

SHA1
1bb1925cb1c28932a491bb553e456c0f1e5ebc94

SHA256
d7accb31c64a3a35f019dde17545046752452a7d7b82682caed9355eec8927ee

SHA512
309a9ac86bc3a1705b5d0afbb2787847bcca6eb1d3d15eebeb2ff8fe79071e744c814f0114ce73181d666bd6523a212dd940045352b225e49ddd3f408d91e3b7

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
97eadcd1e36cc5dc548fbae71c175b46

SHA1
4fa6c9e183fc227db94b5eb6ed554b1171cdff08

SHA256
71d8ae1bde88bbd0e2b9e139d5eb3eea0d4ba2d766cc89a7fa8a2c6131cd7555

SHA512
62b27d583488a292b9d7888ab87ad48faf7d15e8007460018a97e2ca300927d205f1270acbbaa5f72320c10a5543149d3122ae682b0612220d87f1af9387ff58

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
1d3325cc916e9d1d52a894345b1680cb

SHA1
702097874d63f72e031f9f0b06815213e52c23b6

SHA256
07c930ffc212d47a874b453e5bede5204fea0e61db01fd3f8b23d2b7ec31b4e8

SHA512
5744503015c3cd0a06b6365102af54ee4f8c07fa74280eca60554fa3d518964fea8b8d9ffd396d93f1984b042c5ff772fd288a58df90816e37e6af1e33c1d570

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
09e52e14cb4a7973628716800e4e14dc

SHA1
72eb0175c693955567c30b0d13dee45a5a49a5a9

SHA256
a4a20488be846ded77db824977e113a106e589452c54ef6c707070f9ac2a901e

SHA512
6767e9816b56bad32aea174894d9d65f86016f7bd1fce2356bbd9c7b611df29d06e24e98d9fbb9f6381030cacdb5e007b6ee91dbfede5389fd366e02087fd7fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
64a6a28010dfcefb70e322d964b2429c

SHA1
6d4e730eb27ec7583ec7838e8299edaea7c5a67e

SHA256
8bb51432779b211f141a44696688bda9a4b3c93ca807ae38afd81ded6fdf471b

SHA512
35d802b218b724438b1c730ff5126a661ac24dc96feb25959375f6c9603f529c0da0a204afb11faf81c8bcfc2d746e346e52a1f6e0786a814f09e6f670324a57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d98239746b9e6e4a4f77ef6cb7b69f5b

SHA1
113a01385c3428a1bc95673e0701e9cb399aec6c

SHA256
f269be75d765ac024a5ef1b52d0909cab313a10554875befa04d598c5681cfaa

SHA512
8ada09f4c4c24ce18a9a7161bcda4150500ab9dfdc6f4078b2258cbbb61753de3427df11dc617084e312b7121f684e472f04d8fc83655664057650aad239e878

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
37ae686587eaae24e532fe5160a3f845

SHA1
4957c177ae29c7dad8133f071ab88aa9a4b6df33

SHA256
691cde514dbc60b4571c6c65aeb101372a236bd17d4ac45ba88fed55434dbe01

SHA512
838d8b6aac7f61e14d968058aa82ddff26cc1790568fedbfd41027a305fa44fa4e253fb1b625c40bebe70931b5f6d43c1e95ef8ead924370618d8867c032a6e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
dcc8edabdf54ea28859dbf2b2a7044b2

SHA1
872031d1222df3925d65dee0073646ad706eed0a

SHA256
318f1541522bf21e82183ed64f739ea1bba2b0cee4ab071a4eed0e1e7e5e01be

SHA512
d93743ba14ef2f688ef70334cb79dec4ceb609f1f8d9e40962b04e2fe3c4e363225e5f055e8cb9db915bb05a7501ba38fa31da69c093e20336b6c16808bdcd37

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
fcb6ba66484314910d3db6cfe8eeca36

SHA1
7c0e4c4bd445b6e73144a272cd36e1324487f04f

SHA256
92dd7183705135e292170b9f3f5286b1a5e93f9ba80ebbef4f0847097a18534d

SHA512
bd0ec42fd544c68adb60919385df54a9dc008fbad22de3473458610f3ff1d9b80cbd472680dc133940e631c351f59a3ad0bdd6a18d6b1dea9efccb6115407bd5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
3fb15dafa06586e7dc33b6296bb0d888

SHA1
f15d1795db2c010970405f677003ebb65395b5d7

SHA256
4033aebe6bebbbdfe94beee155925c461165e51382ba75cdd93eb35732c213ef

SHA512
c91a4cae2fd45a0290a0ea7432fe8d2d4d605039b90a7f54368ffbeb5fdbd7aabf5ebe8d6a3042686e23d626890bb052224ad9d26fdc9c071c910f1de5bb08bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
c3abe78fd5837bf035798c7b816af5fb

SHA1
7f50450cc109d00fc8ba7fe490128afe466de0f7

SHA256
974fe6ba7a2e611e2befa57a2366c44c20520f7085a7ac00a64e535e8978ee59

SHA512
9b5c6d6ba0b91dd249e5a4c40027257595a4e79cde4bf2bafb1db0b3b1b4239ecff6c4757b9a5bea4b7d6a4880fb231efbc3d6bea97df5d5a91b82f0bd1ad8c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
91a0a7b8c2d9a111fc7c10acd975ab93

SHA1
fcb8cb2dbac67e2922dcb1de9d37741180ac2200

SHA256
c8b22def06ecab1bffb7c4bcb09b7150676c0707b135aa6362b3e32e9f30db73

SHA512
3bcdcef51c83925548c5179cdf52a2512ec8947560da85702d3b46fb9ed343b88371e2e8788e1b2326041081467e7636c7de1f01f0e782c77da0ff2288e21703

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
1a1d381e1d130f957a227e3402cdbc60

SHA1
3e5976991b97bdd481dd36957c54e41aa9dcd9dd

SHA256
79c82725ad7202fde2a12fd6ba414601cf211049cffa0215daecb68fb55b2f14

SHA512
585be953fb0f06dbd07d2a95253fa829dc1ca8611caa90d30c89d9f2ebdd21bdf146de1bc4fa6a05b519e5cca5265b9389068e148ae95b63baa78b785e8862a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
bec64a2f6ac55c7835d193be3c3ee9c6

SHA1
d77334e9329b5e3e7546be71f7a7e776b939e2e7

SHA256
4166d40220c459c03afb2f083c99278c75485bce0200c0ed18d33a04be78c450

SHA512
e4a5d87b4d1af90402678e5e393cd60619292190f03697d2bb1d98d05c5167feb5594da48a5f95db43b6590116ceeb220a49f4f989a4fe4137f1d027b8395edf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
5f3cb496aa9c4143b46d5b93990e2ea8

SHA1
6e757737cd0afdb78c43a582e6f7e3359c186e64

SHA256
989c57f1151285b622fef9429d8ba0437814a09fae56aab0d4cd11205e60f942

SHA512
fd3a0fe8d04771ff83f173de0a2ffe548bc33323f22b02a811a62dd2687fa3cf25f239ba3a9a6477f8f19aeb195b9042df67735b120d03fb3d8b7748e71c3dd9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
e32d9bf7adb2047bf292fa3aa0072c24

SHA1
2f24b2c5e9456c7b0b457bc32e84f77f8f88edcb

SHA256
68225918a62b508ad11c616be14cb888d39480a8bff0ab8c72e322ce10339ed7

SHA512
489cdc8a4f084c75c2883cf30ef74af6531e5552dddd3f5170ea07d967043aac120ab7687a635d92434a3646261d6c3d2fb9eee82da16306a9e33108b5798944

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c0cd80923a2a087599b7afc2f575332c

SHA1
473c3b183c393fb75d26bb7768d5e9f326313146

SHA256
d5ab7240b560e1e761a2473a115b14dedc6dcaff466c4dc1ac95364c85776bb5

SHA512
0d90cffa3d2b6e3ff41a3fe86f039f30343418825c2d83eb19e0d8a0d7da8a7b1d325b78ac66ece4fb1d68b83a4f4ee01c19a29e769bddf13a6850e76ffaf839

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
d6f0f6fc1ba217da1b0ffbf198e5ae72

SHA1
f1047aa675d7710f222d2f671157940e3b9923ea

SHA256
c11278970c8edee49cb821e26a8c161778ad07643e58ebad7b7b7074eae101f7

SHA512
840f102731258bbf12e931d9a15eea70b0f11a0d05de79eef56fe545febba495f2caf71427655b12038cd9f0cba51ccfc237935a1ff90a1a5a3dc2c43a9214bd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
99883e4ff825f96937d5ce41c63e4cb6

SHA1
447b5a9a39d0539acb038a62ba3a87af864ca8e4

SHA256
afc76e72295f02347e422bb6905e709ba37d651b70c65f83b865fa576a9cf654

SHA512
0d85a8b08d8a7b886549b5fa5b8d01e22ff55f2f5950b1952024771d4f4a6ae7a2ab5654636620d4a98373473eb6318cb721f864e2d38a9805ee36cf06080ae4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
428a2d59b920bf12563ffa39c58b6a98

SHA1
7d2dbf8487c7b04c2afddfa4af0f0f7a7e1d9daa

SHA256
8566f6e66975382ff313ca82bb83f52623a5de52b6c42f2fc078ae99aae3d0b0

SHA512
09f7b178f6793248a9597ca3831a530721aaac9e9681b5358fe31af7c277b03fa6e71771551927e36b993bc0ef06dd87d9cbceb2d63f9270098fa0b14966d072

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
a9a7602a94b1289896d5976ac77afc72

SHA1
af9aecb7d399722a0735760f9ab2d3ea1ed38933

SHA256
7c68407f107bcf206b4e2101f86f04b34e0c14df8319c771e6d3a08fe66e20d4

SHA512
cffede1e9727912035db5c66f90c010c717ff93a50dbc4230b88f660db906a5e0016c1a990bcdafb47be0b28f8e2787aa7aeab5efadce4bac0372c3871de850d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
0d718c0def2f2163475f0759b14d0484

SHA1
7c76908169780975a392548550b7e1b87aa44b78

SHA256
57acdb07130122056b09da925b254e12b80ca640e08460ff40de19d04bdff9a5

SHA512
eae4741d3660a3c7485326aa39da593945507fc9b7e7ce5fc2b4d71417edadd316611bc7e57216c3668ecef87285362c806c092659404c8bab2c4a0e0b853b15

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
fb1fc16fb6691647e700d16cc25a64a5

SHA1
9bb8bfc1bc8202175c9679ef17cb3b915d7779da

SHA256
bc8a225f9bad69badc1db203912d9819b1a4d334b3295d588c3739113e2768c0

SHA512
0875e17df74878aec20076c0455ed507dbcf25ca39932e74265d15840ac6fb9933bfba1893486127bdd91663c7277bb0edfb4b1e80b2e42de226befc1fb56aff

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
2fb408fa4e066829075e6dfb2619464f

SHA1
70c0f86d13275c907454c37bac1299f3034d7bd0

SHA256
18d2e0ca13e6b8d7ba690d203b3cd2fce231301b59388de6da59cf697c331450

SHA512
e95a3ba73a2a432e51364dd4dbac30f568ce8b39022c120012ae7fefb94e0a922a39897c8b7861b8cd5ebcb5274ddfaeb1d18ad9c67b7eed8721b28417388a04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
d806c4bd489a6134442dc7cfa1a10be7

SHA1
9aed0ac6b4241b715bc6ef50fec11e39d99ecb86

SHA256
6b01e332413532629d5b8309f206e68d95577a3c62c9a1c315e59995774f6844

SHA512
b1c12aef356abcdde68e0ce2decd467e36b956e2e5dbf4aabd232c720d58e9a1ae21bc47ca6bcca54134b9631e2f9980bbfcff61d4d10af0d576e020c7670f31

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
5312d5a9b75fdee0ebe1b943748865e1

SHA1
40afcb14310e0fc2538a9c80accf43f98cc4a4e9

SHA256
e8835900198bae348cbcbea4cdf4bb37081230097d920c6423f654f38b2a5694

SHA512
bc268ab4c360cd130b835890b59b818ffc655ae3a91bbe43d5e8549ef1141dfa01848e0796f81c25f3b35a0d89caf4ef714580ba45d5e2137a6198ead45eb91f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
370cd7f115345416ccf2df3ada6f0053

SHA1
6321eecf98f71ed5d048828b2973014dcf72b731

SHA256
2f54f63c407c3db4139fff4ed0010702849f7d6bc3ca01745b73c1c6ec6978d6

SHA512
2cf841b55e23deaaee13267694c4e0b77e77046c50403911d6ed0d88e567d428ada0f24e9318ab8a2c3948673d9c52dcd2dbb5fcb8763333fc93520eed22b5d2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
2d50d097a7fdaeea9c4d332f49ab9b74

SHA1
6f74f3d145919530c07ac171c768302506cf94b3

SHA256
54d9dc3cb5c419bcba12f5ef1a8bde05fa2ca63c0ff9d68a962b18a9aba999e3

SHA512
1cad44062b19533fbf826b046829595de186ec69ca2d1a65824e1d5023cbd812f8eed73aaeaed7469cb0f212235d7af7def1109509a51ed3987e1253ad06e832

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
a999474d3fbd76e11b38cebd2ba9ef91

SHA1
c200d20a1be885a681e73f1ebfa8fa181e9123a1

SHA256
eac3d7c8611dfa3c69df8c9503be4e6f3e60544df9f335b1a922454135bfb317

SHA512
5e0297d32b01f82820a43cc3f7744c649c80ada438fe556fc8a8c3b92a2d6e4c585639ce07d1b5db68310d1e68a340594b1a6f52077ef40fc03925981d81be96

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
08f03b3a45fa50969a9e0311912d0c2c

SHA1
d055c134ad7b59ad3fd88205f1e500a1f5a12b18

SHA256
2cc574cfed2b479ce1e20896108e0be0aee0aeba3ccc0cd9b195d706d28c9ab5

SHA512
56d4c36e0d23df7b2abda7c128ad3acbc2b0416d9f1bef05d8709405bf0a5874b55ef7f62243c177538b33cd60fcb65d5f93f66452bc72c1470d7d818a352b5b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
1be8cde32f194f5cd79fcc7a755d5fce

SHA1
cc8ee1b0d69c51357e61d1b4480b625cf49e63dc

SHA256
712ef61699b810c8ef039fc61855ee13733441855b3c5469fbeae323e6df2372

SHA512
f7d18cdd4965c5d5e115974683eb795ab0e8d164c94969e182ef50b627bcf414dbfe51af7b25cb153a508e521c737964b987eb2ab02454d44e1d5dfd611fe758

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
231de9ce388d70a420c96b29e0878934

SHA1
62d342a5f87a387ac0caf9e98408361872bbb4ef

SHA256
844d721495300a49fe819b7188a77d918c9e367215ae8af6dd419f066c1ce869

SHA512
d8ad2ec05589e58f1c7707973ecd40b3aa31d77594311aba9cbf533a4daaa14692b5b49adeaedd72d1afd1c7b3be512db28fd3f2726efceede728ad1d1cdbcc1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
7ccdeedaaf93729406ffb225d61ca585

SHA1
00c3787e9c5d37878f21b2538c4bfb515e13531c

SHA256
cbb974156bb83163db908b065cd5f9385a9bcf9599738667e8aa92a50f3f8d95

SHA512
aea292c3fd3a6c739114cf45b7223953b7d64667e8a23331c3ab0c850297f6964365e163238c488042a95119d897c2b1d41672be7f9b982d07fd14b10f678f80

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
127d77f5ee1f558be53811d94f5c89cf

SHA1
9adcafd1e573dd4e5b0890cd424511a90d681a14

SHA256
bcdfc660495db299984e66a22e236bed20b45c932d89f4daea2eda7c8d2f2d1d

SHA512
6ea5bafc6b6e55a6b328d140956fc3f287cca2a4d8de79a26904ddd8cfaf9553f2c4a5d9bf9680f1795dc358d81583d982c938ecaf6457aad93f5d2fc28d4a90

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
1d36e9802bb5c96a8e4ab59ddc684726

SHA1
0f4ce42040378f3f126d02996326817dc2a61d3d

SHA256
4f2baad327ac126cec983d1b7985661ceae3afdeb4e29f4f1637b63a2257ac98

SHA512
263f1bf791fcd0a7db710a81920b96d804281cfb2df4952f9e5d56218a250b546961f0097605dfbc17ed51b91bda1d085d7bbe451f4c68043f52fa4cd92b6920

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
95b497041d72e10d7a315f96ae8978d8

SHA1
371b52c6a2f15ffd72a6a6e72d1d83f8e4410c38

SHA256
cc992d5a9cd39626684969588568c99242f2efc40d7149e9396213acd6941f7b

SHA512
bfecf34175008eafe58039474fa1166409d74bb87cbcea5b6a85320858d68ab7ef9b97d7e69a8b4a3f269cf9a2b10db97e63b0d66f6bdc926d5bc63bcd300db5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
a05336880a286f1ac2a8d54aeb9112b7

SHA1
c594342ad103953a8879469159f7be8d4ef7e7dd

SHA256
056dbee8e06e2225f3e4587ef923364f790e9c07ecced5c78e1d9f84f18f9e54

SHA512
af67694961e141d67d7361e3e3c5b1cb86e5cafa05a96369ac72d2351324c49480d54697b534bf118b2e63a716b54144cdd4efe0f1b361f8bf6adbb3e8362c2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
d5e53faad5f9de9ba1c0c1f63546b471

SHA1
021ffbe7e2fc7b5640bc3dde3af8477baa11a9cf

SHA256
2d4fb9664ec99fd1ecdf7840d3493651e6e03332f568e74a4c8904bcf5544e60

SHA512
df1092a62896d3b7f7c7232d051c6e6f944c2ec09673190768c161299f2cc7b828a82e53140a2c3a7ac64f7b74cf5df3dd88b2a9c7ac63d7ae50fd0f7890e4e4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
212ffa57d1470ed520d2363f30017579

SHA1
0bd067d85d7ea7d425730d0d8ec1acc0772ebf07

SHA256
32d50704607520f699965f4db1495037ff4b120d3f024c78b0536f9d6d9a3e7c

SHA512
ea38996cd22cb6360e1de23a17c6f16f496cce28e52c85b16f66efdc3cbcacf0f0599821b32d4c4cc091eca8a837f84196f68e40c9214f5012c0e452aa974e3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
121611460814111c3daa62be1ac18f7d

SHA1
6fe4c98ea3abf3a8c3cb380cdd0801927de34277

SHA256
5694359e96a460b7736325a3a55e318d5a895e68657e640d3e745c9fc1765a50

SHA512
9ea1d646b061c18c75d4eb65ac87bb0838ce403bfa5321b38786c768320778cc27ca7ee1f80b48339b3bfcca36a49fede34478165559a6e41b5f5a3c19a4eb89

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
6e2357df64f862bd881b7a461d979ae3

SHA1
745222254e026e6497d8b7b51db478847b3757d8

SHA256
a08d3fa447d6accf1752977a472255c0ba8ad72ed8d8fee5839c0d49b2df0037

SHA512
082d21d9720544d5a4e13c165acaccb42d6194590a790f6b9e38f8c5de3686b862ecbd5f04576fc9bc63024d8ce44f27c41411d85b8cd03dd2d9c79a3f2db2f6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
268b9561b1babf36fbd9604947c8d4bb

SHA1
f2aaf2f0849d514913d3baa10c33106bc7e6cc72

SHA256
e5a457f11ad61598e69dd859fd71b477f18912fefe62545ec1afea8f1a0ea958

SHA512
e3c120408d8e5c3b359eae7f6ffbfb6769ae8446b8c05f7cb5c6d14ab2e12dc7c174a1c907beb6cadc41d83485220d8f1e60f9d67b2fa8f529d910d4e86e6c86

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
217a43d71f5751afc4fe38ae13b3c68d

SHA1
f2571a76e8236770119ca60f4c511282a995af5c

SHA256
c7d62d3dc02d51d56ee94eaf4c6022cfbf9915f6238c60bbb4ad03783972d5be

SHA512
583d9ac1a161c99cb3e69d13d3b66080745e39d6fef105cc94632de8d4171ddf04530fddeb77a6a550ff55dace93c768ff6a27b93a9b68d81d980d6ed6cfc83e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
c0395b706280f03d9b38dee348bb570f

SHA1
762132cd43da56e345a7fb53134c84ff3eb1ac98

SHA256
be485f1354d754391ba0079024d9acb525ac8bd0a12a2d3a356a6295f4332219

SHA512
b18dbd8072d6eafb6d29c70f114eacd119373f18be538a998afc0f3e727ca4e83ceefbe2d613035ca68267558cc827969d6723eed555c73b7022fa459f451fbc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
39cd7b2153a22cae96235cccf65d7742

SHA1
52bea99ff6f44d8f7f56791eefd92b7ccc325a21

SHA256
34abca21b334f09a3eb332f0bd36bd5a5a4a5591a88b4cb7661620127f27c63b

SHA512
0b5d05059a4aa44554874fb969e1e1d4fcfe01deb80273f089bc7028027b6f8aaea0d158ec0634d7c4c27f67714f73370961535995ac00a4feafb343dca949ef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
8854ea7ffda186ac8b9f738e90b5b079

SHA1
dce7255f1e9b11d7a7001abd776ffcab507a603a

SHA256
2846abdabd58b92857132ec02705e1809ce286406633b93373bada0a5cb0354e

SHA512
96c7c5343f1815f89056e653ce0a70fadb4c6a3c153fdf8a13ef7d549f978151e5abe714b0b6d2e398b1f909d40642cb57025580472603648b1e89c0db70d283

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
2f7474a3e286825264e8dca9ecd94639

SHA1
3481cf7d21a698b4ab2e425db7b723b8baa793d2

SHA256
ed0a70d5d547aad13d913629cd3276f97b4a8922f3454edb322f147953ea78cf

SHA512
e09862c0006b87e166f71db24f760d564d4771429ae8adcd071b1cacb8fd96aa5bed709ab17ff96993e2b7cdb0b75aa5c6b196797cdd2162f6d6bf1965468dc6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
29426bcccec9e6d6b08136b7599c5ba8

SHA1
c8e622606dc50450bed6b953615ada7c3547ffac

SHA256
8e99f48b4ced51cdda6609e09b7e42bd17f78f97257d905fe16e84e61aaab849

SHA512
e7544d1b3de6a0e31bd1e2559cbc62ef29b3435af677339c00c8c119fd446666e790f58ddfa8c6d3780cfbe5d2d0e6180e0688881498921e5deb262dd792b6cb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
ba49ec3238f17a1f3b08d07ac8688dc0

SHA1
533e2a527b16171379016b005bedce4343f7d304

SHA256
2b2c515578f7a1574f9f5d4ee157345931dce9cd778f2a88404dfb58bb15c985

SHA512
8154515678034e308f0e614083fe93bfbccbd22ed31321d7cc0585dcc782ea8cb6c2af7e30ee3a2b784bece71dd8dab6423b68b0589f6af96b7ecd32586666dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
443600dd6d775b1c808923a89b84876f

SHA1
9889bc897cb6642a79ef6a2da610b3a03aa4e5fa

SHA256
4049a57580ccfa5b55027a737dc5c16e2f7cc24e702a1b9c61f47278d4a4640e

SHA512
d570f061597f3dc9c946015028530efe4658700d071db53be3e8845038b265f3485c9a80cc3c188ca6882805160122fae347806a0f7c68fd7aa2863317babdbc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
a571d2edbca1a0c02e31d4645eda81ca

SHA1
730218ddfb76c06462838d34f9f72ea4c3cc605d

SHA256
0027490c3bdbb8d4957d00d7b408efdaa840dc2d129646dbaa8452c0251c3bf2

SHA512
d04ff487eb30a6e621fb1e3a3258fcc10a7cc02175cb3aea77bc4ac8833126f861aba765a0160a94e682c1e01996a1025e6189cd81bfd260de7be23c87f57621

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
ac4afbdb2961684c0027bf46c2160d80

SHA1
820221286591b960a3976d480e6c199e4243eb96

SHA256
98e7539f596d088c9d7cd0b940c1185a15215ff875e6a985d12b9fad2f349bd4

SHA512
88e54f8c375a122a2b6ca0d9eec7f652d0dc83d275763db9b7dd6282aa416fdb758d2526c43d3d9ce5c45b85a3c531eb6f3f6aeea1d01d3dfae92603bb9197c0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
aaf852f172ec565ce89dbeab1d30bd0e

SHA1
00d947cd08fd07a60845699338c8c73c0f7f1a22

SHA256
edd00583401aed41c14fa58fccf6ebc287f6e25cfb4f88efc434c6b6f49ed6a4

SHA512
a4fdffff4a6b9523d1731a3d1f6228b90031356a38e56da2e2f2404eed384aef0d3db90c0c2495769e3baaec6207e9b09ef902c7043c901e31330dd7dea2abfb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
de2ceec9c01a6fd69d80ea271d6fb296

SHA1
e1c7a74bb3f97423b76355da85e58f7e14d20212

SHA256
fc972baa9ff0c539f46a956ca0049006c982c79950bfdc225de09df575f7fe11

SHA512
02d6c084196a27479fb7ebbf471d28593e4e53f34336a38b2ab207b07d9a55e2f5435f747c27875bc5ac543a3f0ac643362a444651736742436a524d57f5f623

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
641dc1935144fca3f27f0a6dc7f4ef98

SHA1
8eeba0ba954d88fe47ad567c728dfd4c16697d23

SHA256
cb3c71b8bd51b338c609ec435aaaa42e775ddd3231f64613a679318981ea53e2

SHA512
7d3977edee0b30a5db378283f6cbe777052865c76a1d2ad22032d1fbbe9e72b1476af5e440e60dc0b891525413c5a23b2766c5d8db40b1d7eb5e3d32824d1584

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
e2d9fb3d750b1267d85d08d957f46274

SHA1
43ee1387d1a7055ea9a3d0a428c606493de637a8

SHA256
1c00483a06202d25e1f996504937a6741391d0e0db8d62cfa9d805200fdac8f7

SHA512
32e0f4beca3b2319337e69a7fe650662812e8f6596d59f797ef8f098f6d7e9283a359df713e10bea706a0b3412bbd3d617b067565e8816eaf81b390676d2b200

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
48aaf9d58c0f4b76507d8341c55413f8

SHA1
8ac4862a9b772216e5464941f40c0017d1d13654

SHA256
0c6eef2f467ec116ddebadde6a9e985748f4c9f6e9294af19d1e3b5d79cb1496

SHA512
ac148a56672c46f5b37547ae80ae3e78f33a97479a5e4bfe1b600c92a666c36d0371faa6dc6074959bb6715e87e5cc651f1265a454b823ef1be29374f7c62a05

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
db322dc41476f13e7598140892953edd

SHA1
b26e5f9e8e76e5f218deb6ae2e98da4d7223ccad

SHA256
f65eef7aa6366ad4bec6f327f0e5fd60df02432cef7559fd6e4950629509785d

SHA512
ca19ec57c2f9bfc075537617ddf7be174bdffffcac9182e3e83111c04ce9fd57dd9cb5e3b6fcb7eeb39572b83c84b4ca041a5deb939fe0412ee3071155dd1534

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
cc9eb59193afee210af4576bad014631

SHA1
424a8a896f8d2d3e13836ce208c1d0f0b9bebd8d

SHA256
96cec40559cbe97f8e0ed3b4bae7c16bea1534b8ed0fac402f38071f864f4280

SHA512
127f8738cf69e6ad98f2b22b249ef172afe439adcfe3428c66b200e1b75cfb591140bf9617a18deddd59ab84ccd0d15443f88bf407e323e4165c96c11117bf13

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
d40ba79398b1baf71e018c6df46c9c38

SHA1
304f442510d04d20b1f30a7fb9953c20de294154

SHA256
68602815a25c3009d5dbb7c486881c990ad75e2436d12637d0d5534261e3df3d

SHA512
1f29cebe4bcf2dd4dd5d0db9c58bbc1a8b68b5ae1bd855715602c7e5051d4c9671a37a7a118a4b96e442520656958c232ef14406cb332518f8a30be179afcdfa

Download Submit
memory/2512-10525-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-11558-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-5723-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-0-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-11875-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-11930-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-5708-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-11935-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2512-11936-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads