xorist | 0ea08c2387900bb5a3c5ae32b601c2a565b4615a42b935e43b1f31cc5f5c549d

Analysis

max time kernel
95s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Size

40KB
MD5

e24b89d0a3ea99f390d038182f6acfb1
SHA1

4fccbb38f64b9f735c4a789c9fe1110645e84005
SHA256

0ea08c2387900bb5a3c5ae32b601c2a565b4615a42b935e43b1f31cc5f5c549d
SHA512

9cc81c84703ee54d2b7a25e16a2c123b89a556ac6a6e370b097ef2387a09a93d0bc0fdf83a1d228343d3373ee2be45c9453833cb2b393b3c5aa5bb6dd0f0e110
SSDEEP

384:yebFNw4Pk1itKkpAjjalrzhOBqYvjSLkDCgSwYB3MB:y0FmBkpKjgY7zDCTE

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/212-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/212-5041-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/212-11329-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe"	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\spp\tokens\legacy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@VpnToastIcon.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0024\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_ucm.inf_amd64_c30468a947db0fa8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storfwupdate.inf_amd64_e57f4de14d125fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEJP\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_ce438b6e0c5b1af2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidscanner.inf_amd64_b4d877fbd7faf471\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl007.inf_amd64_41e31b5786c6884d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ServiceSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSScheduledJob\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bda.inf_amd64_d32fe6b1c2b7b2a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Recovery\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\heat.inf_amd64_b73306c081719f1f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\intelta.inf_amd64_ba962d801a22973c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnova.inf_amd64_4da8a5889bbd1a21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sslaccel.inf_amd64_ed6849ad81a24c48\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms014.inf_amd64_faec3fc366f8e1fa\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SecureBoot\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudio.inf_amd64_fe5b23ea7991a359\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/212-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/212-5041-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/212-11329-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20_altform-unplated_contrast-white.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-100.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\MedTile.scale-200.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\Windows NT\TableTextService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-unplated_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-16.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSmallTile.scale-400.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\LargeTile.scale-125.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_contrast-white.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.scale-100.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-400.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-100.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-lightunplated.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-30_contrast-white.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\LargeLogo.scale-100_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Moonlight.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-150.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIF	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-16.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCWhite.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-96_altform-unplated.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Bark.jpg	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Generic-Light.scale-150.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\NoProfilePicture.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-400.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Dark.scale-150.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-100_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageBadgeLogo.scale-150.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppList.scale-100.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-125.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\dark\logo_retina.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-125_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..do-backcompat-tlb60_31bf3856ad364e35_10.0.19041.1_none_a2ce562e904f5f95\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..irtualbus.resources_31bf3856ad364e35_10.0.19041.1_de-de_031a66841b9d46d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_hr-hr_62136920e50c8595\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-dsound_31bf3856ad364e35_10.0.19041.1_none_0e8ccbdbe140657b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..x-musupdatehandlers_31bf3856ad364e35_10.0.19041.153_none_c5deab4679e41c36\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_net1ic64.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_4337cc6f6a2d5abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-searchfolder-library_31bf3856ad364e35_10.0.19041.1_none_5019c54040f4e87e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-control_31bf3856ad364e35_10.0.19041.423_none_7777dd52093f9dd6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-qos-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b37043350e846f1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..ork-msutb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3e6a1faf2976af98\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx4-webengine4_dll_b03f5f7f11d50a3a_4.0.15805.0_none_21a607a7dfb96fc0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-networkprofile-cim_31bf3856ad364e35_10.0.19041.1_none_a02998821f8681c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrormfnotfound.html	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-24_altform-unplated.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\INF\BITS\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-qedit_31bf3856ad364e35_10.0.19041.746_none_38952779a6369c8c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.906_none_a6600355b5f69459\DropAccept.scale-125.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-xbox-auth..component.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0d6578785c22657d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-aadtb_31bf3856ad364e35_10.0.19041.1202_none_501d0e950953d841\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.contrast-black_scale-125.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square150x150Logo.scale-400.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\http_404.htm	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..iamanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e4ed5318fe15445\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_354185f777dd0e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz...settings.resources_31bf3856ad364e35_10.0.19041.1_es-es_426c545c2ec12645\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vmbusvdev.resources_31bf3856ad364e35_10.0.19041.1_en-us_ad5c577616200f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..predictionengine.en_31bf3856ad364e35_10.0.19041.1_none_ae8ad7796a27314e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.19041.1_none_f7adca24b5f66134\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_en-us_4a1b5785f361c947\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..brary-mof.resources_31bf3856ad364e35_10.0.19041.1_en-us_d7d59dc00bea6526\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoftwindowssys..ore-tasks.resources_31bf3856ad364e35_10.0.19041.1_en-us_b877e8e037ac122a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ckactions.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ff31983021fa3408\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ointofservice-winrt_31bf3856ad364e35_10.0.19041.264_none_462202d4c044712d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-secinit.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_618c4aa5f240b7a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.19041.1266_none_e8d910c7c702b558\OkDone_80.contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\CellularToast.scale-100_contrast-black.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-webio.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_57ed794ccb00befb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-atl_31bf3856ad364e35_10.0.19041.746_none_936e34e4ece273a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_stornvme.inf_31bf3856ad364e35_10.0.19041.1_none_4bbd7681e1ed685d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..i-asyncui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1b39210ec42869d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_he-il_22d62adc8b943f4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\WpcBlockFrame.htm	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-homegroup-listsvc_31bf3856ad364e35_10.0.19041.610_none_4cbb0d74d942a05c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_10.0.19041.1_de-de_f9108d361f842953\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..2provider.resources_31bf3856ad364e35_10.0.19041.1_de-de_1e454e80a5479517\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Activities\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-logon-library_31bf3856ad364e35_10.0.19041.264_none_5b3068aca7bf044e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appxsip_31bf3856ad364e35_10.0.19041.746_none_a75e727bd4d52ae2\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\404-4.htm	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_10.0.19041.1_it-it_b65d87bef006c786\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.applicati..framework.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_b6f79fd29cd91e63\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_10.0.19041.1_none_04542fa7bfc386e2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement.Resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvmbushid.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_6be3dce140cd4d29\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\DeviceCenter\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-com-runtimebroker_31bf3856ad364e35_10.0.19041.746_none_744cb37f06e446cc\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\WideTile.scale-150.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ewall-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5f92f8955f4897f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windowstrustedrtproxy.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_41094b77af4baa83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\diagnostics\system\BITS\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_7c197eeaa6d7861f\@AudioToastIcon.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1266_none_1833f07ce0c90b68\Splashscreen.scale-100.png	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.data.sqlxml.resources_b77a5c561934e089_4.0.15805.0_es-es_8d7e95f2627d5d6b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devicemanagement-iri_31bf3856ad364e35_10.0.19041.546_none_be7a56c8204dda0e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe,0"	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kn3VIGskr65mt7W.exe"	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "VTGETHGCCSZORMX"	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\ = "CRYPTED!"	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\DefaultIcon	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VTGETHGCCSZORMX\shell\open	e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e24b89d0a3ea99f390d038182f6acfb1_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
5e8e9d34cabd33b7e36be61bcd98eaa6

SHA1
21740c3b542f480fb954f0586a8b83b7a8a0f23f

SHA256
6f363899fd9a618f7b15a052747633f797ff0cb323920b1f68f6fddcb3cdf604

SHA512
dcb275b8011e7a6e5b042a090fe856390fd8bd2500da95314963a080b15b1f29abfee568653f9e17a98d0921cb66bf112e5c0d7c3d8b45519cab5d2c983f49a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
b3de02cd829f99b7fd54ed90d3e6afe1

SHA1
73675ff60a83e973a79e9ad26a2a9d20c956c115

SHA256
3cf13baad85f8bc776d9255e6b44c49c3d100c0f9fb8b6f7cead7effe521b470

SHA512
7d7bc9f5f55ac3482d83a75f4efc46a8ac070d47f1b09446e0ac5728b6c212350f43f8b947246a78d3713d876b2c1e13363850aa51f4f8fe031237a6d6a1e471

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
9ffd23c378d61647122fb67cd9ce8c35

SHA1
262d90b26560ad528c0e1ea903d3e6c8b53bde96

SHA256
e49784ba20db8bb86a9bd4b94f475f962fbaf561a329f13cd562ddc36d7f2d47

SHA512
3db294feee89af7d133f33999ad45e963b0dfd4b59482a57736e7e47feb6d1776cc6ab8ebcebf6376a81b37d4b86ca93583fff309560598c4f111e915f8f98de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
80839b3103428390ab8a0cb0ebe854f4

SHA1
7ccaee327b0a42694751ccc752225e3acf9fd5d8

SHA256
5c3b97790729f189048be17636dc870686c40120107083361d8d51079e61e1e0

SHA512
2fb841b31aec70352897597e68da35a918ca92c44bc670c0519c398a85292c617046860c668dbc528f372aa34d2ad8a742fb354ec92299b498a7a8318c7e4263

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
a85a2c01e3e5cea9171925e84e35ae40

SHA1
865211aeb31a9939dfa463e51554134d4922bd54

SHA256
4add386c1e6901f81817f1b8cad69892fcf6dfbc5abfc7e3a51c86b3b83e57ff

SHA512
dee4d10fa5f4960623e5bd2e763f72ebbedf0c1c99ca24da585cea5e425cf354e045ea20b0c419316d40e01df8408dc39acf082e815dd9dccb348d7989a10bbd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
39a58f758292fddcd0a35445c2f41d09

SHA1
e8fec5f0f1477b7e086ddb00d1bd0b9fe9fd64a0

SHA256
de183da316ea89f8f016724d5bbbcd1455cb381bfc9aa5c4c04e2974a708e18b

SHA512
6abb63a06741dcce60e86390d229f0d4858a0626b0f0794e776a3f6e8b37e6625533a5aa1580c3f8b86bf2227f439a7f4941fc43afe6647ec7dde4bd29949822

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
541460e193c543292f6fa5b710ad0427

SHA1
cb81ff3ec8adba07fb4a989ead54d882e089808e

SHA256
782a28743906f9aaaa98a0901f103b57a5ba26fad1e0e9f20825b02fe8351ee1

SHA512
6a5cffd803eea954fa1bafdd3e1f2805a260a1c61d632171c146415bf8c3d6812756828a90937c911b992edcd3bfaae0b0ce390a985392d3214c6276e1d8c82f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
1b923eaac26a65c9796dab957aab5ecd

SHA1
2db35d5ebfbd27be80c274568cd9989daf43a4dc

SHA256
6597415f9768d9f9b2230ec7eb58499eb9cece43aad1d9b4721ce570d3748073

SHA512
3e445083b15d55050f21bb2274737e364f87e6a9dd0033690d57e410fa34569125827ba43dc460f04d72d2a4f4f0dc0315921ac7ef8820c4e8a5f86ad1a4c67c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
b20819481beca99f32b1f7151ac58b8d

SHA1
4c8b21f8190229d0fafab8311c25c85c6b3f0c26

SHA256
8012901a7eb9287fe1dd51960b2ffbd8f082b2565672998cf13f71a7b5c60a81

SHA512
76c02d1af705cff0a9fa657ef0692abfd14d986e06ff6339044cb442bf028f955684b08ca7e580b1e03520be3dc2ec5aca50d553a394fa8774f4b07f729bcfe7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
d4312eebb49b647c0e0012fe7c65d66a

SHA1
10d2d0a8263c5125276a55a1c8f5cbe5ebcc7646

SHA256
675ce04363747a7d8ad8a499adcc4ad3c2f02a94953eb46c9e524dc2c08a22a1

SHA512
eb533968509a69e5d0d24c2d662bb84c34e5d8d02fd781979dd062f43d956cdb9b03754fb10655549bf60dc8e6d2e5c1501c85a58e638d785d57cdc06537727b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
6e156a3057455ef6faad6d12778c1231

SHA1
618b1519cedf10aa88ec312c20d45c613f59a41c

SHA256
97f5436288578f6ca43d58ae9237464b5346c7e1803f20cc1a9b195a8a60f024

SHA512
70bff7c2a22796b36fc913a7218f04f8b5edc182b875364433662026fb5d07eea15b135bd621011a504ca5eedf9be1f3fc390a32dc8a93f78d58e2b5cb4a2ab2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
b068661c030c39add7cf62fb926ab061

SHA1
43f23026c62b0db8bbe23b587054fe6eb7faa773

SHA256
b8c481045de92bd5f7f93cb09c13c790449aa694246eaeaca90a840e9cda32cf

SHA512
4ae6d6ba855492e49905071210321d4ac4dea952ed7480e885a65f6f65e67cdf884c78faf18cb5edd5a84a006ac8276e7eafba7758fd91c1afa8dccbac609adf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
6e53530555499d90243dee5f983c8ea1

SHA1
7a5dfc7f274fe16d38c461078492e1f83632d7ff

SHA256
98b111760b23a03126f85f5ab62512d67a86aa318a3fdd5cb965c086ee0cc3e0

SHA512
d02cbd9f6cbd4c337dfbf16a995b52af08925822bac79e52adcf1b8ea0143aa7d22a0098dffafb97da59f38d9e0ace98b416902fa1dcac7a127ced72729fa376

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
055d1d47482d92badde661de51f3c76f

SHA1
f5f0f721b8a320b2951cebca4d6baa65c0e11c4a

SHA256
a5648b8ff36a487b5cd4fc6ed673f26f79a069b4bd2987e8bc676e2e482b4f99

SHA512
ec27dc2a496ad836c46b5771547532bd1b126ec02205f49d02af22773693810b22df6110058903e895c37c5e208b4ba0e69fbc6964df43027579dfb8a1e9dff9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
fba0900465af594f2d53f73371b05f87

SHA1
5e738a838b3da34306082b60fb2b931ad316f82b

SHA256
cbcf6087e3c05e6f210e8de95c5b3199496ad791dd3cfa872b06442cb6e546a4

SHA512
094061e710f5ed86336749cbf0676590cd860c5083ab13174495fd6d53c3b76c27ae77e1e71d8f2d588498ab7c9e60bdc393fb305393a56c9ea95a64ec4459bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
cfbe145dbc6462ee1684bc99dcac494a

SHA1
c599510579844ff8f810bdf76fecb62d85ea8cbe

SHA256
50083bbc2ad660856396cd92c9abaf079e409bade6d0cf613646ed55e20ae6c8

SHA512
383b6f11310af001e20dca65b4daafebf7f4a48cccdebc1ba7b77fbba432b3986798af36d9d8d77d55ac429b2fc5c6547a6409d28d188cc4d1cfcde53198a4d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
e9822c1f33f3e100f40cf3a9305ea54e

SHA1
06b96f4d3f3a958eb7ef4c04d9fc5b7649e760fa

SHA256
e041aa76161e06d9e665dbc6ec28bf812c994ffac2072983efd8dd95eab47243

SHA512
d4abeac3d893a7cbd4f46b69ae69b0a37b265e3233fa026abe7d7be7130b272a0dd99a8c270df0627fda73b782057a9db8bd29454657f3333dade1c06e900695

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
a2804659875eec4fa423f1221dac7b77

SHA1
5d1c90333858a8ea095caa10efd3fcbf9caf8a97

SHA256
b98a114e2f884003464fbb132357f1b7cb813f9d97ae2c934c62a0f049e171c1

SHA512
1703c7856f842eeb5237b3ce1f44531a5fcbef85b681fa0c824cd78c5836dfcda7be77a15142fa1cd7ee6632ca5e57e8cd8f758a85310e3bc30555bd0fb71dd0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
0ed4163930f405260d3c772035e5930e

SHA1
d0ac1a6058a0249a9cc7bbc2e0235dcaebbb5968

SHA256
f98e9dc97e5d7d3ef48a156ea7c95dbb8e6a2a99e29f4da0d35a945ff4238a20

SHA512
eba2194bb550a08487ca9358fc6e57817d08d95f22313f27b644cd317c94ac78d210ff4e487608f5241ef900ca65db60412e09d59a627781b18613132d589e73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
f73aeb470728630fb1f4a0364d3d1641

SHA1
aec86cdec0b71dccf4d09f882a69dd4b83d57589

SHA256
0f2caea3ad4d68be3fb392a185aa88b56e274967d36076e5857037f20cba26d2

SHA512
46652893cc031513a706f9f44cc0cda3f4f9a9e437b6bdab9cab12f5752f1c966d487cb8f6b9aa092681fcc4bdcbee778445c8e032816bfe41421d70e29aee5f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
f37204ada52ea99fa83327195e63f5e5

SHA1
675c806aeb12302228290b1fa130bbc0d9160f78

SHA256
f4bfdca54ed85beda6885af13f955e15a58163d5ea7ea716aa9120db073dcc0c

SHA512
9c85ba5a2fde18d9c683c9d4150eb1ef4d54da147b9e1cb49ade4fe9b3d305bddf23540d903961336163723b43b6efcfa5714b9950f4f7ce5cdea3aa2a234209

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
802707144ac67f5257fc190af84e4108

SHA1
9e56bd8aa51c457dbd9f2d1e37a0ed4dd1ad8c95

SHA256
aebc581c4bf80aae2f723fb8af3f1935d62e37e03c88ddc8f940ef147254d27c

SHA512
b4729614404c22f0747dfda29a519cf03f1096a4a3f37e7a6c22122a0f532099965f5f6b7ca1b143e0eb3c46a5d4bc7461576863a77f3e3b510d03a3f708684b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
7e36d8b9c8ee6a5826059a353b2baffc

SHA1
7adf714e9e845a90320a38d8fd7610f2465ea30b

SHA256
a7f536e616193070b7788b7d4de01430ebd279a814fdab1cc97c0b617326d773

SHA512
ef102e7a33ac1a34c72974bbd1096aee0f83143be1e1fc1776695df4a037dc27ec4ae42ec1523b351ffe924dce252fea35c4aba8654dd7a130be98f282b9e6b2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
37843b166557228dda76bf201bc5c1c1

SHA1
5920ba27ee3a1ff1b4d56b84fcc41f6f8edae69f

SHA256
f681da367db6b7bf8d3d2b20e73dfb595d2ab934b9ac96ef1298534dfbd9b3d4

SHA512
1ff05b30a3090670ebb8a5ddd864f5135f0931a228c08bc856dcc25a30a82127dbe67262dbb32f75ef3dae0dd786210b4da5816c8a0bb291787caa2598fe2094

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
04bfd660deb73b3f12a9f7240d33e9ed

SHA1
9a859a9f1955b841106a95a97160d77993d9a474

SHA256
d32016438b84294ec89ada0d46b19a60f978dba153b69f22b01dbf0dc1c5a26d

SHA512
ad6ca6de2f4d77689fc27d99341759f0bf9561bd5f244e6c7db5eebb4d5ed8e2b58ba749ea5f8a74c804fc8cfaab448a3a3f620b07edfb36e4aa04ba555cfa07

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
1f44e099f74e792c25fc7bd8db36abea

SHA1
e4c9b003b0b30315c670f50fdd066f469614102d

SHA256
40f8978701e76841b19279da8d56536aa0258149486bfc9cd8994f7edf9a6da4

SHA512
a37ff86286b9f9e423fd8dd4759ee25e2ac710d36dabca3b06d4fa4bd89aaf600e402dea08e9d352e575b94de705d21eeae8837dea478df39ea6e74d403a5350

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
7da22d754cd59dc7c11da8def096b230

SHA1
f2ed8a7e375a1b489a72aa7b7f921d9ba0786b9e

SHA256
f2a62db63e6f9ab75f80c45d8720c03acfaffa42465f2409bbd3771961a832b4

SHA512
a7814284dc146cd9e1e4798bbf6151cda80cbeb8a04c64c9c3e1071c42d08f35c75eb3e94b3ca10e46c0b8d97da621eddd40f1b5d57e8d8d21d0b612927558a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
d73d3d56192589a44b09b802e417f609

SHA1
69558895441977a076df2511c47c590a0f72857c

SHA256
118424bb488b77ebb71633f6ec7165d73cfd1652510782eba3be02d6a61de375

SHA512
b8ebf337dc82e7cc52113e41bdc00eee95dbd4521554781b3ef76364d5056fd3416cd129ccd32c385febd45f81d364e4561a1560a0073ae9ae51f8d6fe0aa759

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
fa42a8bcf5cc3efc3797c9a9934de96d

SHA1
fb61b85f1de3941d1c126623d11f4b810a8df3c4

SHA256
e250938cc903be129bea21a01fc68259f8f6805e2d6dd82658427dc2f9d355a9

SHA512
d3fb3eb86f55617ce936097cef75623db86ed14ebc0322092de8da3855a70efc7f6e63f288e727c8bacfb32e5a5d6aae1421aa96f6bb3291db39526fc27fe9cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
1546b567a4aed543196bb065ba4674a9

SHA1
97d24e31dddfa0dba439fed50c01d5f9524c698a

SHA256
9b4ad595b062c5989c9143eb92aeeb7267b6a983c5f3ee0aa14063b885fae7e0

SHA512
77f6bd5a7abe13d287e69e476170738ca1a5ee11ce930230e604cba0c369a5217cc193958d4966347379e1f0a1dd0d5d224969b7a26f461bb783df4ab41d3c16

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
36a52bbc27187196d6698617a7a4bd91

SHA1
a979c6ed5357b7b21bf435a6300213d4a4ab84c1

SHA256
fcafff2e0bfb1428438b779628311381ec4011d50899fcbf2c836d0139f082d3

SHA512
469fcf62cb469da45358ad11daeb55fdb6220db940aadf456b6b9f61a0f40bcb098499a321efb5b8feea5453a55db39c26c0b131a121acd30c19f1eff13a4eee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
098b640e2374fd89d67d9479859082e6

SHA1
68de7fd4b4c344c46edefbcc97cfbf078fb6b9d0

SHA256
a46a02f32e73387535c64a6cd46456c6dbdc883570954c0a5d721ced7e861092

SHA512
d342abea35d7752bfb724423c67076b56a27b6565f373c2c6315a76e82f4d8d71fc8af9e1255a493df6036e7d232d1a4fe562859be1fdef517ec32aa2e03c0da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
855bb78f26734a15ec535f182775116c

SHA1
767d43d48079a2080da8c2602ff353e123aa6133

SHA256
d8e6b744d926d6e91b811a4768e4eba705855a05c9a149c14ee8244af6a1ae35

SHA512
b23ae7d0c4b564b986a9e9c3e322243398a6ed3ff53b10293602f7b003eb5d32f255005988eca24e16827f2587bc5c0a48775efe798fd4b0b124a6a1cae8efff

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
3d560760b658e389c733cda818abb926

SHA1
16758b975d689d377b2d101c9767c1c6bd3ba93f

SHA256
96c7016117984dca76faf1f9d92ba6b9218d3263a98507635f7db3ab73c005db

SHA512
70ac58dff5716eec4f8861b4dfa5fc48ae7900f4402a9a0a98899248c967ef8170641c349c8899832d47df58fd0fbb177ec8d1dab5b8276fd93d78d8fdd6a56a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
0f911030976c3e65044e5e240f2d2610

SHA1
c439f3464c6871c98ac7a16d82e221abc397bc91

SHA256
25e41bce7e5ccd1b2ea89fcef9e89160c686c11c9996de33aae87583696151ea

SHA512
24d894e5e9896bd07d3e9b314bb0871af01a50cf33f97a42fa4e93f95b0cfd084965fc264f30fd3b7b7dfa88691d00e4a53158371320d0f9f1db517e8185adc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
455a949538a119086fff3b3e80adffdd

SHA1
fc996a9a0873bb3a9764c15cfe8159397ef8721d

SHA256
f573c986d452fe31b2a1f49ce1a527128c9e86d712ed23b8e5436aef92d9d5e7

SHA512
04ed097bcd32aeaf65c9f08043f10da7d8c1b1f565aecf0eb3f8db92fbf5448c93f607ff6cfff98e90288b47f9de8285d6755255992fd21ad26038cbd373b769

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
f39b7da979f6f3a02406edd32e4627b8

SHA1
faa7a1bf5202178164e77ad1f1911680cb3f06c2

SHA256
0f730af4ea1ea653c83e6e3ffa1c9b8819759cc3405a6639966190708394dcbb

SHA512
00526f7b3bcc804d0202652024f37c3f5d0d3e7d84aade8fa1c2f8dd0e6f9e803ece8368f6d67657fb682088e20b934c385724c690f65de3b30191ae5c158982

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
a4a84705be204be96f16fc13f7fab990

SHA1
fe38772402651c13f8e7fecf6d938cb62b343848

SHA256
4386d3c1fc2a2a559677ddcf33a8c7b6102c9ef2cfdff02837c92fafa9b97a3d

SHA512
9bdce6e1bdc3736bfa09f1a8878a93f8c85433de16b56e9d8c262d53cfeb1d7fbdcaf6c9041522587ed7f4d83db1670f39bb86fc74af743a510fdf582c5008d5

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
643B

MD5
6f94726d7b1535e48d04e8a99b1e7c61

SHA1
22b1b0e3f1e37fa207b866714be0f7a68fb24088

SHA256
908c824ccf1067b9ad65502442b39f06bdb6e372eef63770ff7add1e54500757

SHA512
1eb78b47be1a3405b6af2152551f28985ff1d2bd073f9c9c9fc705bfee516b9a16505a873d3bbd81bf61d045e4815230ae86437c0d7d2c6151f1e547252f9c31

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
2274cf6f46026a2c8dc403d1758327dd

SHA1
20329de78424958b9cd15fea0e50efde8bbcab0f

SHA256
b86a28dae3cc01d475137fa38568e73a753fa58037a80e9e552f1a1644893bf3

SHA512
21178dfc56204548f06b0f918f82472e284a97822064b189be7c2760c0966377b37b279d5a663b799d6969e0ed6ae16d4a7e6fcbedf1ab419305294f3487b390

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
165e92612e4437af2c30d731bb409cdd

SHA1
9674f5ec88f5bd3267104d46ec0ff3daddb79acc

SHA256
14b9bbf5155ddb3542b1f656450ef507492381ed3a7e135c49cc1693ddfa4e32

SHA512
98aeb6a6f75ae5a8cb1dfdd93cc81ec74d311998cd8466be5629676578d7419befe2e5c9e974ca9c66c1426e9fa2f96b56d55e45a2df7ac94889fa5981dc04d3

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
945dcd38fdf679df20eb4409a33708a5

SHA1
fc09f967315bb027a9be4da8f853bd74759da1ff

SHA256
69fd745adc636efba796ea0c83490738bdc3f38c018d7599c2c4bc474a8b94a6

SHA512
b3b59cb26ccbfa74e0d80dc7112e5f2e654e0a7a0b04a8839f6080dc458992bef771cd7fa8f851cbdac47c89feaaf33fd7abe6aa64d42f462ccf52764a037a7e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
eabbe2640963a6487836cab8f2977c05

SHA1
9ae78663ef52b3eb05fd766d070b365428ceb173

SHA256
b8fb62542b0b3b6941b7174610c176d2833da7b25318323d634de20e27a4f0a7

SHA512
fdf3fd6ce202c8bb7b3b68a8f973c0588b5a7781b29ce64f12b3b617ab7fcfea6073a9af6459bab4ace9e07983ca77ec63763ea91369c6974f18145826763d54

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
1a6807de58e468622e2900a00e351c70

SHA1
e774cf3bfa4a0946e04eb17876afe91f6f462365

SHA256
c75fc918c3e81e0feb0457c249083d069996072312469b117aaef7fec25ce7bc

SHA512
5308c6215fcd23f19176618783bf8275c9c08d4ca4c631fbdab8c91eb3379f0d008df2f297b06f61575097cffe0a46893064d6c80b425a7c3cf82c519ad3b387

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a1653200438ad22564ef8213e26982aa

SHA1
ca53a9bfdb2df881121c177ede3962cd683e4627

SHA256
ceb33b318f85a5e64ba0c4879d2a1f661c63bac4bb7c8282f1a5918947b76ef7

SHA512
e2c5cf139104ef1b0c471fb836563b88d2245b57505e284f99a029f6b43e1a40d7b00a168a730b59fd1e2226659d2a4aaa5712ab8408ec8574644f9f5b48c5e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.EnCiPhErEd

Filesize
23KB

MD5
53b1c68d78b6d1e8c383a391f068b9e7

SHA1
d33100dcfec904133c4de98443df564d3d30fee8

SHA256
438c2a030bcd9e169266f9b35e3e7661d92a361fca70a72172864eb1a678b6b2

SHA512
d576390aea6aabe695c3852e1b0bab9225070953efcf7cdf4f8ea52c6de4f696913af814003bd890c444869b9f77b8b3976945eb004a8c0eed4d836ba749ef72

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
90115a97425a035cbdf58719a1e720e5

SHA1
e95cffe88dea5fda7ae087656d673fbef66d80cd

SHA256
f275dae4683083df7028f99de1e8ae8f27fdd30b416ffe4729034b011e8ef6bf

SHA512
1efdbb61f088a618339d84602452da9d9d5d4dc82a4e14a9facf57c9532379218adfa7434dab8b0aebe68d12e938041c1fb3469410d0a327a61e0064944baae1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
0f251405e76f2782e2bb0a9fb9ee2957

SHA1
be139be3b84de7fb832afbeeed0320f8db3e44e1

SHA256
87a83657d2573bb3feb183e64f27de0e031940c8e23b8f861fd538b058de3430

SHA512
21d69a39a017b5a5f3252f3d3f656d7ad97b10087630317beaccec8876c0139a00ea28e11541be04a5f5d357970315b1748f91a1c373cf2772def0d1c654dc44

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
052b978e3935b70668cbd4264abbbfa2

SHA1
633e0da9f2d324ff920ab23c1b22db22d483a163

SHA256
858f21a87bbecec1264ea09991de21da0d2265b6416f64ddf283f2c54c1cace3

SHA512
5a2c5b6845620912457fad6eb9f5059e3f67e1b592593a1143b5938a243ff13d0bc88f5600ce75b5fb6ed80d90cc253f7b7bd19334ece498b08ab487f98c4978

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
30e00d1b39a8ff180aaadfc79cf983f8

SHA1
bf0c58c0894f3edc46b2275a64ad7ba68ba972fe

SHA256
0d1e37544d591ea8f183059df00ce991c0c7c653d0f4a68936a07c0dfa33e795

SHA512
758ce1299208032c83d367cd485e1307c01c2047d7f7f6bc6a5cc10048239ff0e674bf32758ba13e02be8a56b6b672feff5ca129fd0f0fee2938054d5b22efe1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
bc7862f2fe7fc387fa9634cb3dce4bc3

SHA1
8befff8ebe2dc2142f4a48739b61855981010981

SHA256
a2274bbe15d6a300cda76d56b3ea91712bd0a8c1f36d7d94a17cc8e80b421609

SHA512
98e70955e2a254c733bcde5f2026cd28839a54db1690f0a2aa9779d5dc133be87ceb64c9c687bc0038a4f5aaf844c3dd2885ed8db8facd9a3467bdb0248d3ab2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e13065ccd9ec793682aef9ee53391b0d

SHA1
9871974918e5e5cdd309033993fb02d527a26095

SHA256
44096b69e910f28b8989d6641c80cb63553ae4ee0f473e8db2313cf22f80b652

SHA512
5d8293e465a5b69b704f3891f479f21eb13ee93a0bd5cfea9c4a8c5a0adcd3b7f552911ec792bfa6eea53f3548130dc08332b6d7e340724d1354d8ad16dcc7ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3fe02cc65cf92de15575cf464bf3d196

SHA1
9adb7079a99335bfc8cdb39e91fa48a8ef523a98

SHA256
422043ed60783b2800b184c86fa3f4e562d2746ffe19c9ffb6d2f2227e10e125

SHA512
d38a6152dbb222bd6f8ff73ba76b82092f3e5199d1957ec7b0812ff293687eb6c2afc9bba6e74d18d90691fba866477d73a1659aa6189f49d0f2243e4da7aec4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
0ce29bf87bd9528a4b01dd68003c2f98

SHA1
d97052ee910937b47a13cd998181d9579a2422b5

SHA256
ea73e452dcab282519fe1dffd7ec78e80060d8558fca70300438f5c86622cd03

SHA512
82c5ba1bb840b1ab1c76330fde3733bfc54e13964e5e5feac66b1416df8970716800981452960bb6478967153b752241c6319c3cd9571662941ad5f78756ec7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
2e41cb034938d5359ecc978189ccfd58

SHA1
b6693df8a11f507414c2a27a286074f79a33bafe

SHA256
bc06fbc60008a68433ebd0b3bfd291204078387de2f9346e943a4b27a889ab0e

SHA512
3c51b9ae979621694af5ae2f5efe3ed77614aefd1a103536b9df4b98937005ea0fc369f9aafc9dfbee00828439333b94f0f51a1f21ac654e63c1d5d4bc544486

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
350b5caf7bade4b3bd69d31aa4f03127

SHA1
af3491d56d7a9a1cdfe247d8b367b10e88e71429

SHA256
aa268eee2358ec7c4fa35d463813f6f91383719d46bade390cfab8b118a674ae

SHA512
7796aae8c3f73533a981828aa148f744e8d560a2fd379da7eebb0217772429e8fb6f58972fb09dc171688f538915cb995e34fd77f370d17b7acae65ab931a687

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
54285fcd45b913fe5ba3a716781c7530

SHA1
eaf1ec57ec81d9433987e66c8f3350d594787402

SHA256
ef531e749bd590483d04c7fbfed2194741184123b016c37cf757336e132ab631

SHA512
48b0c33f322761aebb3c889548cd8610e82a3ba1f7e7a3eed86fd05b0b644f034a766176ad7b2e09e6b3fc506d46ab522ffc8b1843ef5d8e2c12a239eebba9db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
08c3fa3a8616d0b19a1335c0256dfee8

SHA1
9458be6316b0d51a7e9d96a0b39f3b895d72c0c6

SHA256
d6bc8156d31e1d219b0fcc0f236ab2b075634f4de2b8402bb687c9a84c83fc9f

SHA512
0c6a62c4747fdf3266878cac7f02e35c585fb79c8550a527817caf00664788c3d2fff49534e891ee7e2663c10e7eba82c123fbc6a05227049cb2bbd090a214b2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
86c4d54f45fec7bf4be40ed0fbdca76c

SHA1
7430018156bfa486edd284736a907c3498b15c8a

SHA256
cd687a4b750483b279455ca565c4636a158ae86dadb772180fcea6d5c848b49d

SHA512
2c008a4812af492b61fd9ef63de7ce30bd9acd34c309e059573a8bb5b155a3b2603a4a2167acc6473cb2f17f9d248881bb0f310ca2bf4fef55f4d61f8eb9e9da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
1a417548d79056c0cacfa3a84a6d7ce4

SHA1
1b6c4b7b1c85e0518adedc019b468d2c92067a62

SHA256
b925fbea849e8b80664b4b26be6c9949ec52ccffe221fc6ae959cc357629111f

SHA512
97f2f1c3cdd422e4ec25b1fc30b931f28afbdf13813a715a0694d5a7b90c926cd80c31c630722df669ac67afe47434141878d41d81fb8e066cc71a7847da3cd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
54f2259622005379e66becbe435ab2a5

SHA1
185c1ca5ad5f93463139343cb8374cbede2055d9

SHA256
4e0075f61ddf49e30ab5291c0eeb7b2d873d5d7a67ac23ec321600119df5032b

SHA512
360aa8b9a3a93b43727ec4f21eb7f697cdcf75272b657c494f036f34d7f6af0398ea75ff0cc784908e907b0fbc593a809ee651775194a18b4babff09510f8cd2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
a9c00243c770f50e46ac3e369d8acb67

SHA1
d6a43195aa24caef242cb52b9cfce3cf97609a45

SHA256
830bafc0feeab4901f2c360e76fdb14cda7fa0dbd2f438eba5b67eb8055cfa8c

SHA512
4aabb0ee432174ec2c830c1b85018ab0880de3e244c72ce3da1f745ede641fdb3ee01c4d464428be63d6fdf24523953dfb4569c3625c10bddf12695886ac7ce3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
677ef9defad5f6072ede5aa16caaaac0

SHA1
16300ce9c7fc17deae155aab0bc259a61e97e41c

SHA256
f6ffc2f94b92ddfa3f24c46e72e4fcf8aa3000568763160158eb377bbdc7a711

SHA512
521c3bb27f1c1e2079d7b12f67b1ed7cddfb7c604bec4568b2205ebd9c67795b364b1bd754900508e4fe8806c26fd11b4ea129c7b970f7c1d2baf1abad815472

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.EnCiPhErEd

Filesize
2KB

MD5
50a2c592acc6b8b2aa2d9ca018f54536

SHA1
c281f7c34d720edf46bcc4d5b10f8ffa4e5759f9

SHA256
dbd24afa57720264ab3d3485b602d12f989ab87c9602e2d5a61b2fb1b0735eeb

SHA512
6a714837c2bc2dc22f70e12a56dcca6d997779d36709fb21c0e34c7ac81391c6c204703831a394158dea060ce6566a6adde949e4357ba8c2636a58b129d4e699

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
04819539e9e6879be83133fe2dcc4784

SHA1
088e581243f20f32f08d2aebcfd7e5c7660ff026

SHA256
802970d65063881766be7ade5077c692da9bf46ad86deb186dab7df1a95887a6

SHA512
d97d8fab0ea2fffa76cdd0aa941c9bbd986b59a351dc9f3482fccbb74a79c6e68d7653233d6c06cac8c5041cc88a7d027aa4a65b3aed7d34d4daef02c53440c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
2a021c83fbcccd7aae76ed7948b24376

SHA1
026870e43804521b29387babd8a66577b496a4cf

SHA256
f68cca24a824a8c804c6277235a1b9a8c1c62c8e8c2b99d8e7e592d7324ce4b7

SHA512
c8d09b2a2cba9f6f34f41edc54e8428bdac9fc2254d428bbe52f8650e2c7a548f58ca6027ab5344ebf78bcf8c53959ac44fec442976a214edef1f1d1a7618658

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
75482a429e9a297e39c708630d77b687

SHA1
3ac774daad32327f9d61058b9e1b919922a4557d

SHA256
287ce521540b0ec28cd38c5ff18d08898eb96aee93e61f2027b3721b84df6767

SHA512
50e0d1c32c86cd425ac3e9ecc7e8e5d859d809cec4f78d28f9df8a7ea79eeec4cdf34ea9b5f8df8ea42a2ca2345e6062fb984df3d359c524de493bbb06c5d0f4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
0a51f2cb5ad193d6daa3bc6d513f1f48

SHA1
13f087e4595a3523592661428cff43d96e1fafb5

SHA256
f4c72daa0c13a4bb131c3e8b7b0b082f2cf1494d4c308123dd1a518c0d100d19

SHA512
5e3233d10f4b7ace9637af588be7b54dbccf2d9b053ea0bf5bdde64500ac612c1aa3c334d5cefc84874cd5e1735c1262d846b97f9b70648945712e086960f8ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
6a1542150228240ed33084705547746d

SHA1
799f1e326b533673e6b355afff19aebf9af91c19

SHA256
46fcd9446cc4d009cf416bf3d8c6157687cfcca8ddf1b9769d42729a470d8dad

SHA512
6f470208e84fd7176712859991dec66598ee091b3b2d94aa968b98bdfcd0364f0a0a0c21f7c8e19ba02e2fdb16069431e28c18a7e38d9063b750ef27a2bd5185

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
6829ed5032ad98791c29e3cbf777c529

SHA1
abae3c220d30d11bc3fedd8919a2d23295dcb2c5

SHA256
84532bf357f96ec739dfb62bcfe80a3e858eb610d6c9eac145d232baf5513d25

SHA512
224392271eb8a97a3d56622bff1325b483288e435ceb9e1ea280ea0e6a238489f01bcc8ef287ac27520dd89f84353c8fc77b2eebd6be88bd8ba4930176194200

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
df80c39ba231adc82104be21b85cea26

SHA1
bc7f110fd2476a10174a0b1a65f62aceea759a2c

SHA256
8ebe8667407ac4f9d3841318c6e79696bcdec4872c25dd41338e92596d5e56a5

SHA512
458bd60dc0f5d7b1597ac5510d3a12419ae18f0f043ca0161b45e6d8696465765b9ac9746c4cfe9cfdb3f7a0a11af69ad2693dea941f17cd7cb223b65aafcc0c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
d432ed9f5e84218cddaad965df28e81f

SHA1
b214cf6a8b66d32e6cbd71793517bbdd3b4ae18c

SHA256
dfd9a86fe8d7df957e6abe049566338b5d067061f9660bf51e9fedd6df8fe2ad

SHA512
a11270a40cc2f5c853921c3740ff89a028328d3cabd0bf41db892e37312b1730b2e961421ef85c2c6bff99ced75259fe0e4c2115a566bc2c14bc3fde75f60b44

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
29fa076851b219098c81d7f49c090df4

SHA1
357a3c961f66c1cf72238e3f2c8719149df9bd0c

SHA256
69a2f387ca28f3b22c22fd16380f3a373977da977ef1c81b25f0ff36e387764d

SHA512
293e2f8c2b91d535f0d59660957774885372494f8494cd13f010d96ad9567d301359d7e3197ec8f7a536e228fde633ff7b48fe5b4ac8c616db0256358fee70f1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
0d64baab9777b3c10796efaa6c4b81c2

SHA1
14b5614137dc4b12c2310e5f2e2c08953ef7828c

SHA256
6098d5a30ea7e5b040c8dfe891498c4f095ce29c59ea749ca8fe13760f4c88e3

SHA512
010ac6de4ccc005561faaa322a0fa691af8a0b22e9242f662a51c833dae33f193c7443e3127870166f7290b2c36b84582bdb6cb250c304f01d8126f1642294b4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
0246e7d0c6d87fe6cc5bb384a222c13f

SHA1
0c5480d1b6706fecc63c08bb25e0d046ec349ab9

SHA256
a29c4997e6e01211614f9fd0e890cca566f94ab2b48b04facf8a4c52fc266d7d

SHA512
2159f36eaea1780e82c7c10bb1e07b90300e63315c78a3c656b030462df71c2852cb4bf40cb98f45a74de133bfdf867e61a080ae42e375919685bdacea020668

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
d98aaee528b73260b3105aafb9fe705f

SHA1
b30aba81f4c31c89ffce3fadff1ee41e1e289f64

SHA256
229b7f24b89f1a59cb4624a4230d2682a3c01cd4580c60a91e37ac1a85d7754e

SHA512
4ab58240906dba1aa30c1c59ff39e8ed9542552787f4c8e0cded11faaa0722a6ce4f50d5ead95a90d6f17be2b199059c1c97594b747f34f04aa53ed71be4ad3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
5c9e32556b28acb3d17f2dd7a148acb5

SHA1
258651c4a557bccec5be0c2f2d53706abb63a9b0

SHA256
3aa226740f2ae95d8a99ac0f29b96b2e4b1e5b4b24a579a0df2d4320cb52ce3b

SHA512
65b6faec6fd1868eef798369dd7d02307d5ba4fda92580679169e4b2c133c42dd2eea4d08ce6813eefd27b78bc29d942880a146f208871d6596aef0e3fe8d794

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
0098b835637e1b6743fd546532c4db9c

SHA1
0c6124edb9ca3c832fcf3cfdd941040bf2f6837d

SHA256
8fa82bbac1e3799e33d61e517d258b76b4433b417a0bdda6304629a322ae5604

SHA512
5cd3e67d5d9872d2dc7792ecf1295921c8285be0a4c2baaa485867b556cf9159d68aa4e8c6f440ee13e804bc188c71e92537fca400cca8a0f42722b7f5bf34ed

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
6da1933a1851fa5cf469b7571df7a5e7

SHA1
ab540489ffe42fbd8503d55c520d1c998552c5ed

SHA256
6d2050fa08492e6bd35235447db5360c2c3f8cf55fcb3be54a2736439f5775cf

SHA512
231e1bd86dc7a8c7e03c6a0f45e3c48189353e6f5cd6db5583103d7a9e68a47bdf81fef7abeed845a91b1b8478048a9916730d8fc78d98e16bedc9ab6b6595d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c1ee8c1eac598ef87e87f41a1e0f9f02

SHA1
dcba9ba91937dd874c9fa47988a71282bc2762c9

SHA256
c3770b5ca8e049ceee06002d085a93989b04a27a04dc4e3b0f490f0a6689c541

SHA512
39a6c1c3817ffcb25c8f85a075921bf5eff5e895f9855c8ab7e10a6a9b4733c8b2fba6f4c0bff49882aa7dd1220aa9333d65f9761820f80b89882cb368ca397d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
18c25bf308cc4902bd2a57bf7ea9bd5b

SHA1
fb8ccb4cefa3aa446b41ae679eaea1f1155f732d

SHA256
84bf1b31c709ece9569dea82af20e3580d6ef6aec9746df4560608007cccd578

SHA512
ff2a509d8caf5b60222038c1bf771a86ab9be93f2eb98fc1eb0a57527fe00a58a338bcdea3aea8db799e6df048d2fbb31ef294e12481f4d87d86250a3971e3b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a700723bfd4a3243c22f5477c2339d95

SHA1
f56d9b3a470771ffc69126a7129880b31e288a95

SHA256
957d2f1de97e446b91ccdde0f56ab3aa0c0593d81925353a5133d7716afb45a9

SHA512
cf8bf4d9c8463750d03a93ac74d3f5ee7478f54ff0035c6bf45f6d80e1c1ccdab1d71827985401e6671c316a0b68a600a216a6b257eff2e56316f11557026336

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
8c18b5b426b047cb939067a4ac402253

SHA1
73aa9f2fc83e22eef96dbecbb859c22ed7199f02

SHA256
74b8a0dff8e7f7fd92b7b05c08fdc9e35840c2894b8fe85a000d3634ceb8072b

SHA512
20c8cd6fc57ddd9e8f675b3c33be1e1cf41039149fc8121227b70729e5073f3bb7f652a6639a113cc654c40920bceb2355cce43274af5a9a07bd899ffe688e21

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
79bfbf97fc7450baa48121b772d862a7

SHA1
abfb32e7f2c689fe625250bd9f148b9e19a5cc4f

SHA256
c61907e679d0951bceb7790bd79f0fd4eec147032ff6e4fb5b5323bdccbeac07

SHA512
ee96a5ca0653c396d289733f1e1ae8a47be0983c8b905b27abe7415cadab6eb641bc9628355a2cba2131cbe7e7832e854aac11f02eec3599250e5a69f6e86de0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

Filesize
77KB

MD5
4579ddd5a0dd56a926b4c4c4ce59142d

SHA1
093ddc3ccea2b10d8109d955ab38727c0eebbcda

SHA256
1f892fa3ca4baba9b3223f0438e17ab2f916a03504504d6c2e4980cfe6ad65b9

SHA512
47e1eced7d2c3f005d8f0c11dc0a97448da5e6992e89c911a57aaf5ba6a27cfb60aeb59b46806da2ab63cee2e4e65039193279b8f9be02bf0e69e7bdbb728f14

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

Filesize
47KB

MD5
279ead2be3a5c1a080c07f218763a024

SHA1
142137c2ffbf52d05083fe953cd28a56a6854b85

SHA256
894229957ecf1c359de37c8cb25e46735d542da6af566c97ffa0a81155d2e478

SHA512
0e89423ef234a8c4724718ea2db670a27dd3cb489804874ce92e9195f882634fe1cfc16d271d291cb5442158706e997e679c02bf1941bb154e7ad17e9afa1899

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

Filesize
63KB

MD5
b65fcfaea11e21c79c9d9ff2525f5e67

SHA1
145cdb4b956d4bc294f1c1210bd138cc7e63a6ef

SHA256
24ac49e0493189878dace9a9dc55ce713819ea8a431f94eb70f3d231425f7fc1

SHA512
b9c63644fd1c7cdc5073677039c1a9b846961ae0b45a69eb55dfff6269dcc6817f11cd03ebdbdd8f7c432c355efae65ac115e374d8a770ae6e2d53ce008371ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

Filesize
74KB

MD5
b2ab6bc4e50cf4d133f55742867cccbb

SHA1
ac35834d9e827fd8e85a5397df59767c918d4c09

SHA256
5f5f68bebec27689896513ca242cd2104df99c68df284f19937aac02be0b7f42

SHA512
f658512646a6c8d0364628fce19c354951e9ebf01faeaac9c15c0281df3e5296838bb63d4f892fa53fc1c2974442681b91c8fbf5a1347b9ae35fca1f688abe9e

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
49530a63ccbc5698652bd1614b1212a0

SHA1
6d8664cf8112c38b0dcd28b3d98adad1996256c7

SHA256
3c2c813de55089397f411ae588972290496a73d0ee1ca870ff28f2ff8de8cd92

SHA512
b22f77231b7b5730bcd250fc3423a7992cdaf700a0b713a9d80fee2c1f535a987a61da551a936d96c268c5fe4d1bf84b935038839938bc32df4e6e0a5a0a0ae2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
b945ae34fea9cdf03eaf25ba43cafd28

SHA1
ed1ed430799a95c8c5092cdfb69055f2ce6fa031

SHA256
a0afb9d3406296336040c6abff95cf723eaeef61d9094ba843f9014efa18f7c3

SHA512
13093ef483cbb54474d0330c08b5080ec2bc7d740a4f5a1138cc029c31951ac3d5de3205db9f35cb608933586fa839d9ce8a715526b71f3377c18fb3d4a3acc1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
17606d156bb2eda1fc95b4bf77fada76

SHA1
2b176da8f0c833417d6e85aad5fd7346a0b945b6

SHA256
f6a0814312bfba2404746b27258531167ef488ac78f8f3d9aa5d8b821323dfe9

SHA512
aac53d08508236e513d63e1c624664d035055df9a2d26b0ab01bb9e4dbb00658842cd053e6525a47153da04309f978327e8f0f6d9904eccba375002d9ce568de

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
1282222e90ef6557864ff5e8cb00a7dd

SHA1
a4478b7a5d5baeb56afc2d234abf3e8fbfcb298b

SHA256
329e8f137110b6dd893132c3c11e6308df7d827c741cc76682325ed171b5d1bd

SHA512
55b892537e5184ad9ffe1d61454d7f0dcf32464355b2dfb050e07752529c40a0e61d837898ffc62874b777fc51a309e858484e2e651e98eda22f1f0ae8b1ab45

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
899816a010dee8faa8ecb7000c0ec2a9

SHA1
336e0a658172fd3b61a3585f39a9fb71499891eb

SHA256
13dbd7d018714a07334c0a07e842056d2794410c6ddc5b7a3bb2ce57df150774

SHA512
cc01130c3ef94955da144c8848c0a61c654cbdc07fc426a84e3420af4d38bc0715f5c3c3293d7766c7192a569d3ca9bb59aeed0d8d74856735869415a1fd760c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
10115085a08a04c1bc6414925c23490b

SHA1
768a8720c4ee22edfd8fc3a87d9bb0ff18791827

SHA256
46b647b95ffcb64b2ac355d0855252542fb0e2288f6285c1da50a18ec89ec65e

SHA512
cdf8a0df2b7298cf8db96e67075f1dc9b029806cdfb210bd1200d3994c599348ac0b053a985d546a443d8063a361d5397bded004e17a111e83e0006540f5a798

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
0de357892ae2216c4486d7bb7320c5df

SHA1
086b4daa1b8ba40eb9b4fbb8affc0a482e0684c9

SHA256
37af96250bcb92b01d736e9d1915ee11cb0e215993e6f36df2a3a6af8253171d

SHA512
74fe735a6bf94c46b09bc1b762e24e3a774da0f0e4e135608a1c083dd5f788311d6587d9364ebb2632d957251aab0854fca78814f4c8b6bf4e690c67c61f4768

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
9bb1b5133bac3fe0689b3d4101d741bf

SHA1
c50a786bd1af346287ea109a8501bdcd5d39cd34

SHA256
cde720379a80fca2a166442ad7bc8338b0154936dc93bc342e8193e5ec87d1c1

SHA512
08f842d3cdff12270f7c5a7ea486882ed377708b38abbd9743cfa30e187e208c10514d5fcf33c72d1bb293136325982f64bf110d07fee8e20e36a7d03532a2c9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
4ca2682bf28f7f68ba983e30f8133584

SHA1
9da8b61581690d5de9ab5fdcc137640824d272cc

SHA256
d48931c749786f7798a9049856cb2415fdbd57f0c322c06921b5edf2b082d271

SHA512
6aba2b13a3028110a9393876f10ad45e719314019317e9834d9dedda513203da677eb031d7999cdb8bafc5fb0a230d801e96e78269646569a06ab88171e4849f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
bdcb274534587c0ff3ae023b20b30498

SHA1
689252be76cf6792350c68db94ba3d711e4907fb

SHA256
8110861dfba176191433e1070344288c3451ae6f6e5ba3fc96c2a3f381b222c4

SHA512
6dd6d1ed51a189fc7a99ec5aff157d6da649837347a4dd0103250f232b4655d033f1e1d90fcb2b75317072d42dd62aa852bcebee04bd6094c79bc807e7748e86

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
d63c78054d67371ccae839804d659bd6

SHA1
84439cb69cea1c710536a5dceabdfcb3af4cde55

SHA256
ac0cfa0de54fd2f0f3dedd99d3bbfb52cb29f3977235646c199a3eb9c6b646e9

SHA512
2ff2e275ea31945b78c9eae3ac6490f0e63483a413b4bb81d849c41a0e8be56ab692ffdeda2d85438a60fb99ee11cb2620aecd55e4057cd50f8542d382149656

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
dc05ff1ca60f4c319bbfaff354ca8e5b

SHA1
2f1ad092e1a4cbd0fbbd71fbdd4482e905da27a3

SHA256
b15211a887bf32e570b06a6e078029bfc66e375d289bf43563c7d0a75f57bee4

SHA512
7e7122d21f4ed09868164fef46c4036c9f635eead412c487d6c87ac561978043d5423caf5aa299e65d32ed5eab424b29e0a055e53540bdb97bdf77d1badc752f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
360758951bfcda161f1f13890815a9ea

SHA1
71d8a6d63e599ee69c21753537cb6a828a11c309

SHA256
b1512a183504219ec7e63107a2f340e5e290edeeb1083ec40af34b048d434ebe

SHA512
26db6d66a249551b1ab19752368e091b8e17c7b0b755eaaa1dc15cfe3656be5ce6bfdec02326f75a4cd312a82cf49c2a18d76ff41ec99cc0787bfe8f6f069872

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
b6e28261670dbd02a82fb5846c4d027c

SHA1
2c8ff7d26321f78871a04324e959827628a49331

SHA256
7cc155940cd43c328fb79d9ed0fe1fa82577fe0aeacc914eef0516dbcd1f5266

SHA512
f3cd8ac3b2f2cd86530218b74b0368a17d48413bd6b5a550ecb7df1b4c3f7014538c6fb470389087bb17a294f0db74af0ac8cd2c8262a4c12989aaaeebcadc00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
a7811e78bd54c997cabac1e82fa745f9

SHA1
c5277e9dbf47f06aa635dc1d87cd2cd43f2c8205

SHA256
7a4eed3596efa58d269a00b93fd8d1d65a0bbad38b1e24454089c64c3161f103

SHA512
ee70c23c7d8caebf9e6b6c135a9799771f38330561e32f8f1505a28d8e27fa5cbd8e5a52f36a6b176af42ce62ab480147abf3e0089485e9fef583c9d6847fa8c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
9b66fa58717b9e191a60f39c49b846cd

SHA1
af8869b9879a6b65e245304de8f4619d290dedd8

SHA256
3309c484d2f69b90f0c903caff4d6bfc561d179d759f7805d1e7174403dba812

SHA512
eb439b39408cf82934310787aeb2c12ba8eb7484df079348a0a72c3c4afa2297976e4d9fcabd05424834626b967cc9090e65daa29d6f70e4a90874465038b193

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
75c44363fc9c6806aa36f47e80d506a9

SHA1
a1f770ed26f465fd891f7aad119dd9db70de98d4

SHA256
0b6e799639d0b5628830733d42bcb84bb69dbd5b19f18be892ea194a29e01ea4

SHA512
d9d3622007291f5a54ccdc40d1c23d5d143dc617ca027a302c255866a2fc26b06aab9b31203e9c114980c7e8fac7f827918d10a09902ea85a855d4cd79009acb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
8a2bf957192f208119ec2e00ecbedaca

SHA1
58dfd22806f4876a56a1415c28cd846e4bbf5854

SHA256
f0d3e3e3611504ed5fdeaa753f72cec5147001e658047f178e671e7c20bbdb2b

SHA512
b752ba4e067cff652e39819fc6f0ed6ef6fa0667e8f99032502a28cb8aa4d92034bb38c608bb214629f8eda05cdecf997e1cc6ee039422767b0347c4920a20b5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
c031ac76d2089c43c10c2e7ac9ffd02c

SHA1
133f873e4f1cac077286fb3a04325d1064b3136b

SHA256
858c73ec62760b639eab7d1a653787a8f6bb682a6a6ab548e282273c85f4a5de

SHA512
97686b00fa0f8680c5baf80db8dfcb500f192b691893a983457b2af61c9e943de15d09b6dd8aa14ec532ec1fc00af2e37fa37cc326578a621ab5383deb3bc19a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
5f96915e7e5da75ea84efc58df9a454b

SHA1
5be91368c1ad33badf24eb474915debf8ed552ab

SHA256
cccb6c6f7de37d1ebec7e1a3a74f1e4a5014e5e217326775ed26b5052dc81333

SHA512
7a08c3a0661266b8753caeb16c4625701cf107262f8ce2719322bb1453cfc589deccc148d6151cb04fd2f3f05053028d29440fc43d54467cf38707757dd67c3b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
0a176e39ceb2167c8f6820fd09a70235

SHA1
9fdc2cce0c6b7b9c34bbf043d32abbd80888fa9e

SHA256
631b881b2be2b5f0bb8be4c93d2049b46e39dc1ffe5c970cba8e9343ec69cb93

SHA512
09ecde6daf0bca47439d3414e6780e54ec7a4521cf66f9c45f38d3c4eac5a2fa81893c6d1aa9c56d68a4707ac83ff4315056dd455dc2a4427d0f9ed3f8f642ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
2ac1bd53ca8661910eb2ae84dfd77170

SHA1
a4118b455ab12a1448d5ebe75f2322d7b7d27e23

SHA256
b32e14964d122c398eee3139bd0dec33bb8aa3af92e14c0f7ac70d14caeea3a3

SHA512
6c95097e9f8f5722252cf766df76d8c718eedbacd854fd5a31be03e4093e74076bdc712b151e5eb75bd68a8fc5ba50ee102aaf1a804bd3bdaa39031d74a14499

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
64442c0fcb3d46fdc15690811451ddf5

SHA1
600598d05f5d7e3aac64a48bc1e6397d7d8aeae3

SHA256
744f270b8142e9413b3f7dd387b62d4ec1641698d32d34572f4abaf115514839

SHA512
a6d5460512c31ba12b5bf0948b893f34f2e725c4766882d4f5c0894a397aeb549c6577d2db61b55d93fe2baa2429cf26a973e36d2fd980aeb7bf30dceafb2a10

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
86aedaa95bf8097e39debcabeb70cdb3

SHA1
7156e0b10243003a80dcf4df8a94f34a7595f2fb

SHA256
5e6bec4cb2f5def405d2b6cac37d6efd12feb49d84201286b4fb909154c81a1c

SHA512
31d1d3c0f2941cb402efb27fd7570c0a3274581067aa59f8f9895266d966dd2ea69e3e4a9ce48af15b0e0f8f2970a3b062d7b0c0167bab0daa1fe05283e278d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
19e3cc2585b29c90d82fcf685e9233a1

SHA1
171cdc02d3a0d9395172f913cd0fd1cb60eba2d1

SHA256
fec0fbc8c1bfcf10cd206ee4a40af64218067df956f5a33a7e940a668441408d

SHA512
0b006a30b864a65f330cb624532e917971bfc2b2b75d86a954e511f13a5b8d486c4e0a696bb7a0e9bd8fba6dcc2ba4a4e697f2de8b7baa032b0fdac09f84acdb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
029d629d5d16f3d059e14a3cfc25e3b6

SHA1
6d5ae58300a835b1c145ee7df8c50af44c19f1b9

SHA256
3f2641cf782b4b4915f53684c0979591d03da7e3bae560b21ca969f18aeabe57

SHA512
a1ee4283a1749d0ee615536cc002001193d777c26ed8f70a0a3adcb0abbe2b3ef98bae950366371ff6dca9d8f697d5f3dba76f4dfa0ee9f037636e64c429b0dd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
162c81f73b70477e2b8ab40fae3c3ed6

SHA1
f571dca3705e2617ac3309299a44fcfc9fa647d9

SHA256
6b81bb8a8c466e8804d056e6f7758d693be28c8d9b435ec6b72a63ad833a7d99

SHA512
d88d631997de71ce4ab5c755c581c5145bdf09c62262383dba4a233a6ca853af3f103fe39d3b9534cda1d4463a14e5b6bd7e3c7d5d33be12f786647853ec85c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
9b592b5c3bb3224ce06906a7172fdb50

SHA1
ec1133545db45e0ccb31255165e9fcfa39a7ddda

SHA256
f9a614c6d121578b3c2ec34bcb427ad521041d7e9bdb4f4210a73324c14c4f6d

SHA512
a320670f437057caffef7d739abf6daaf9f36e4e949204536d0c10a416b7817cb5691e92fd71a28068993c9f3179281e1242d89dc260351498afdb771863343f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
e92b716b88b8f5b6a5f80cf58c043adc

SHA1
88185e7ff52e77c7bd45f4d01f3784131d7cd6a2

SHA256
ac8fd7724054388a619c1ccd95048996a8af29407309d7d0fd89aab6bf7dbee0

SHA512
41cd640e366fbe9181f0a1c2c15377dc0e1c7f25fa005e61646e2f2fb2c289b48c7f5ea4f1cdebe1d517d511d10a95f0f4d54f954bf52864420e255922920135

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
b6454c082a370e265dc62e072f711ff7

SHA1
575ae9d34c88827a93a0c49396fc270ff4e4587f

SHA256
5a185d86746027073332c417955ff2367df3cd467c0dd4a63371e2f2796f902e

SHA512
18c7f5f897382dc8456e60d4b443c6ba84f5148556dc31f818b71db3d2ca6642eced515a67984dfd68bf9e9d1a20915b39c2caf0c1dbe9a066d870464938dc22

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
3dc46162d70a7895da5f5a3e528e178d

SHA1
ba189e1a75c404d66b80c43b8f1ff8a7204f179c

SHA256
806c7c3e02cf1c50ef4ab01881a29a5a8680214d15c00ec4cea61fdd52c6cc12

SHA512
0ce6929d86710ad1029443a0966005f55d749c61a9156a56bf57ded3b6da3a0129b38f36860208983451252dedea79660e4a0ce99d3b25378468c11e5873f747

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
c0f8993af92275452e610a008f9e8c2a

SHA1
fe5c670f715db67e17b2c635c611475f8d805426

SHA256
788fd373274b79ad5f97b71dd710fda6b87fea84d77e7b913b792d18fc561303

SHA512
899a92961507dc3c730233d947ac21059c7df2b4c6e36f6843fa2d465ad58211e11220b98162fcf3ac30c2698dc9e826488cffc4a51752c0fb528f9206d46e8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
7b18261b56a5b9dcec8e8f6cf34f652b

SHA1
77fde52183421a57d7b7459613b8d4dd13b09c68

SHA256
93836abdc7ad0006a12bb7075ac7835beef3c0efa61a8db66a081544ce996f49

SHA512
04dcf5db6b65a234499a23435db58ebf8147ffcfa06f7b0c37a881e54f15a1714a5ba093fc198d4fb9256820f4cb5abfc8447efcaaabbc03856562f216be392c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
abbee0ef665faf1dd9599bbdc5f4abb1

SHA1
9477bb964e3bc647f8ef419b8ca3444991896117

SHA256
e368e1ebd4cdeb9c1173eaac78bf9e0c1d05aed1d3d4ea2ae368017ef27fb990

SHA512
1265f17c0b86182945da2ee1e3c8fa1f5038188332e7f0b259c8209b75ed0987448d0d9a0dcfe257a6968ddd2e4dd2196345b26ddae05889b771f73d6d365441

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
1a3dbda7f6c4e17d632a8e3b2e118ed0

SHA1
829403b9d6c406fcf0cde659b63006d27f1f8253

SHA256
5def19fe4391f243eef3b58d4ecef897f03f0585c2a9affa856b6606dfe39eb3

SHA512
fed37d5c38d6431ae4aeed48c4ba83d63ec23e96f04f2b7fa28928b880ec552a0f5896e7772b8b78baa4ebb522cb68def2eadf4e3dfb4003f37b7f92c1592855

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
4bcdc1ec968893c8b8439da6cfbdb404

SHA1
6784a87e164975b28658463b6854fb99b69737b9

SHA256
d7cd0cc4747a6cbf9b38a24167cacea9d5483ed4478e95f59dd3be7ff2d520c4

SHA512
3cbcb00afbe52c525a353309e4b4b9d86a5736515a5e88e4f563ef7a019578fd44ee5abb28e96201313d6e513295f916faddb44eab6186d738be7f718483f310

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
0fc8b4585d0efe6782e2d9a972ad28a4

SHA1
0e6dc9cd322338b7b2c8c8922a2fe6f2542dfe2b

SHA256
e54c1f273bc83e4995e261d8110b89200c2d33855a023355dd65f85dc77b72ae

SHA512
23e3c5af92308ad98446afc5b9f2b72d36b5f947c51b36ac8ff68396b98e215ff84dc60f27cb24c3f8e4dd6634fbb17a324d0f862c1399aa075b8239789962ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
fe085828d5cb68d64be00240040b0223

SHA1
c98faebca391949d06cdf6caec7f9c32e9148df1

SHA256
b707a70fdff680f006592ce89a6be448d4b0633b96c87efe63d3ad2044e7845b

SHA512
922211fc38d3c2682669c5fefc6461a27dba3012f448ee5988461dd63e8e1e79e091103d0448030316de9f6ee2b64b20ca7da08e7aa8c843a105f8c4e870c5e5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
62b919e86a1682e1c0c4997cdae67787

SHA1
e06f2bb6b3366bfcc11f64fdcbf5219b262358b5

SHA256
e353ea4368568c20a31a86b2597bb9841d1c476333dcae675cb890269c915491

SHA512
8d207646a0c9990c050af650b0b4afe36b0a28e3eb8a519f1818114a9f7d0e9c8b5bc98f95bcab555742727070a6e330631da6ec0d21cf06d2fe232fcff981e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
47eabc0aeee7281f06d83e5dd1d40604

SHA1
7fcf6ba87880acbd03a9590dddd04d620f38c0a0

SHA256
9998578fab43676301a8e863fe3c49b1bcba1d07698ffa41321d8a3eb11a1153

SHA512
29270a87866cfe79102c2b2251502b071287a456fa818536e5b47a32df6217b29f5ffce72384e71d7caf80ef341e676ee778642fb29f4bfec9200199d9401a56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
82e23bca5a00ca0407245c1a2fc66d4c

SHA1
3c1350b7751ca5dd3c3344c6403bf557b0b589e2

SHA256
2294eb8886135079705e15abe6521204eacfd1b30093e1f6bf13161ee96b2f9e

SHA512
672cff59d2202672c9f814078455e611a74ff998e96c1e3c16814cf9c65e11ff41862800db7b7b1811a153a6f76612c4cd6c887e2338b69cf9312c06bc284101

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
5a0b7d2c9d16f92f34de9f0d60d577be

SHA1
de6c485f9fd12eef67af94454b7612fa1f1b856e

SHA256
c5cc6628564d0268bb6b7f04b1aa7a1c1845a672a09caa8908981e374da41c16

SHA512
6e2e94dd3aee832f50a3ac14bec5d3f2b1172f726fdb3568e198e5e7751e13d109a425bbd01007ff0fc4f868ede450eca0c7dec3ed1c029a014dbe5aa11ffea5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
f79d7b83d49d02c01b3e038474e43b7e

SHA1
66df4ff4abfb90bdaaf3ab5ab12b326e95f953ae

SHA256
bb4eb09402df7031c4f4aa01b1e2fab0b375dd02b6daba2bab3e2b4ea6b2fd84

SHA512
39727708db26b1573fcbd34b8a325f0a0f2f4f55e3e16686d7b806c4e5ea4215340050f45ba2ca0f4f9b7fe2f266e72beb611cc985037d7130f3e0386f5ff424

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
c914708118f4cf3581fc326a495311c5

SHA1
3adfeb2c781cffa6b6c2bf6b1df874ee69c33679

SHA256
9558c1e1998e01b65aae7efa6204e85d82040d1705d0e3b945c39bf43c0e21ff

SHA512
9409c385de5d0373a430ceb28aa172a2b8477b18905d2fbb6e7751803c7ded757d364529b03fd598bb150f7542fbad30e3dc90abd238f8cfe87857d4d5b65e31

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
4e72c4e75732595f4dff85833815988d

SHA1
144a08adca15b167ae9b19d2773da526a1401815

SHA256
729dc9323e07eb7d77a0fa98f507ef6c6aa022f4b0a3e037718e1a5e3912ecfc

SHA512
958c983c7caf9a6ea84b736f9c2707fc9689ed34a7f0eb0b4fe148caefc6c00aeaf9965dc2875e145d589bf6f4479fbc303255460f6c4d4ab98464eabc306315

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
4e5936e3802f5a73662c4c1bacaae955

SHA1
0252c9dd978a283270f4db95afbbd3c6bc2cf366

SHA256
7dce0b7fed4bb376688d4ff556d99f245dbb0c7d840df2fd41af3cbc44b85c1b

SHA512
c80e1fa24806e5a1b6a114f31418d36143832a2c88c5530314647fcc6ddc7d634fdd7cfda33ee606a461604ae52d853d448bf7cccb6dfa370a0c09bbe298cbf4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
23289239bf062b34443339ad9a12164f

SHA1
fe5144f52776de58e25c8c2fa40507e9666959c0

SHA256
aa8aed2c3406a8e82add00627c43676a7548b02ddd71db993a60fc5f4fc0ee8d

SHA512
f0fc735ad7c6f9386384644f27f524247d33711650bf805775d8cffa90dda4db7764481cba60da4ca115f30ff30772160f85328828c2fd2ce6dc178a2a7d2249

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
1129772094105dcb7d73eeab001da6d0

SHA1
c5ac04c8e1dfa706ab8569f13afe9600c33acdbe

SHA256
763c4cde7f842377e2f31fd4d50ee4d4d185514c19bbc6e182cb06d04590cf16

SHA512
7609438ab269bf0cd637e9fa652d3186d3b2007be7335858e519c4f7e089643e378e2e831d5c75eb2e1be06314207443004cf09e6205ec639dcb7c67cca602f2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
7df84c00b428356ad0ff989185647ec3

SHA1
9934cfacbaebcefc493611b859e55fa802d489a5

SHA256
ad9f57102eeb353dd97da5e400c2808fdeb8b4f16d0d80fb2f0bf6c75f959890

SHA512
97ef979741d9ea9693506b45430059ad37024a75721cbda88b7766b40896cb81cd0407d626124155b2817bd4b87295624b73d6298500247fa6a124909361ee45

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
b1a009ba4e8c60088eecb06849d676ab

SHA1
886da79316ea8c8c7c3672433a1dbcc1da76ff5f

SHA256
f3c86d953a2b51062ab35b1879834e7a65039cbdbe85ba01f31d7dbafb79881b

SHA512
ca2a9610d49b9e3a9aff9ebd6d757e6a56d92a31304b5c5065d9424ce9b4c76d6db6457ba3719f0a247b2f10356d57cbb3dfe92c3f958a78aec9e1d965dfb252

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
adc1969bdd8ccb9d19ea07091aaa2875

SHA1
2e335b8efeb537dc8e34ad845dcae00bba022218

SHA256
51b5ef752834437a4f566acf4f8354c257f4b147b42ebcda3a159b34a7df0fdc

SHA512
05651c7e8e5d8a0374c28b3e59241b481fe0a897439893e6e48cabfad1811fc1ab438d734228024fc31a7aea3380f6375196a4df2fc08ce867decc76707904c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
207c26e0ab13db5eb83a08267dbe1e38

SHA1
e000ebadbd8d2dbd24d083641414ac137dabc5f2

SHA256
f5535e47f82199b5870790c61ba4fdbcbf5ff44f615b600ebb874792f5f468c8

SHA512
85c5155471dfd95b8292f2399f550d773921fc99b96666b0fc939100e5354fe2f01265734fc6a87f7f896f8358f1e764bf85278104b8b914e42358b0a1ae47cf

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
0319c5e8ab6fa7368d6c0389aa64beb3

SHA1
4b63e50e3d346d48d48a67d46797a86339db60df

SHA256
cec61ca5e677ce24eff1b1107e51303c856fc70961208459b4c76f49ab2ef4c6

SHA512
a99604ff0b88a94a5961de7b32b2c5c05a632dd1b835824053b0599c4cd7dddab28f4e506a1de3d9ce8880ebff0528f2c267b1439b7d686cfe8aa9e5da9e5a92

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
3490796a0ba4fdd3707145d7cf5ec7a4

SHA1
248f20e70f4a659ab27758318ccbc24cc9a4dcee

SHA256
df41bf37568eaef0dc88fbe90d05aec50be3f62ee60a97edb981e52a6e1d54a2

SHA512
a2dc2f1e39551da51cd1352bad200ecc05633641776db01ca2e58b9619554506715cbb8c1125bba2ec809f5c2552140a1ffec46f2178a1372de17306932dee89

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
dc33b974c46694d8cde0d879f3c841b2

SHA1
2b05b66e9a2b0cf1c0fcd4b156430c825e852b9e

SHA256
e073c8cf863d3c049bedf21116aaeff65f8e9e907874e7eb1efae7c97507e2f2

SHA512
c020b0113335c4d20a7073b778c68c0d05afaad291dd00551d6facb3b2be98a41c519dea5276526b904e82419282384df287ae09c852859ef92acb2ea870e4cc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
b159983455ba7e56dc0be82d5b835303

SHA1
fb09eef98129da0db0c4a751ea01b9fd47b32152

SHA256
65118c657f0ee7b80053b30c06173e3468504b2249efb6ac46cdd84abd571f04

SHA512
dd7e26886455dbd5ba3c90dd320bd31d95c46717eb073cd7ba8a26c61f4aeffdfff7a77f8a44a54ed5065153dc251b1a151de4f940dcb4f082e1927eb5b7184c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
799bd41f59ebd945b98a9eea2b8aa3b9

SHA1
76fec35c9553dc30e06bdce2e78c5adfb4cdf2fe

SHA256
7a326307a35b6dd90c8d3f35ba006693ca41a3f6f9c6e1605b9036a52a40c08e

SHA512
f72e363581fa05c0a36bc4b9961cc816e25c3b7bcd6668d6710dfccb0e8618112966e0bdbe66e8ca5071ff1c24991ae8795dd9c898bc67d2be724c060f003f7a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
667d306b3ca8e4c400c0aefbd54c9a64

SHA1
2fd90854140581ea0b4839d1c2b344ce0a6c5c64

SHA256
12522186de4b8d46ad5de14dd1c93f4b4600d8b9a71aee3879d9eda3b8d4cbec

SHA512
8da4c7e98043d53d5d445b6facc07ecac35a7b889100e7eff207125e43273b07a52081efb972ef6119464dc8cef6850b2d2b028687275631c288acff90a11592

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
03e4f56eb2cb90f807a5ca0d7c6ace6f

SHA1
b0265fb18afe7ede1d32c40679fe1068152599dd

SHA256
214ee6269911d0389e8205646622dc392bcba89e3d85f2a9a1befc93553b38be

SHA512
12421961a124a04677dbbf91ffd3efd060d03b222ca95406af79047fa3d376f3e2e036deb8493575da7cf322197a63ce08c120f81c2421e4b53d09b8f9ece6fb

Download Submit
memory/212-5041-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/212-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/212-11329-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads