xorist | 82cad9aa8dea2b0cc0b23646c0abaed713a879b3d917e8d9b3cb64fdbd08915a

Analysis

max time kernel
94s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/12/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Size

39KB
MD5

eee8350b227cd738eaf16ef108a33320
SHA1

37730704943cd65aa3040df35ea8a1901357b0b4
SHA256

82cad9aa8dea2b0cc0b23646c0abaed713a879b3d917e8d9b3cb64fdbd08915a
SHA512

79937bce7616f65798b7bfd63fa71cc893af1e77ea1fcf6dec980fdbe31ccc627a0cd3a2b9215b3a1cf0d8282a4accf12a18daa1e93798380c353656eb8e6d8f
SSDEEP

384:PebFNw4Pk1itKkpAjjalrnkqYvjS3kDCgSf9MYIMB:P0FmBkpKjYY7/DCv2c

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/3452-0-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3452-4947-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3452-12214-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2652) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe"	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Keywords\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}2052.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pl-PL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpssi_gpio.inf_amd64_62ffa3c95446bcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\verclsid.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorshidclassdriver.inf_amd64_b5ae080ff669eab3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmct.inf_amd64_0f3268711a5b2622\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p0_NFA435_olpc.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\SearchProtocolHost.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\4356a2rtecdc.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl005.inf_amd64_d9886a7bbe9e55ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acxhdaudiop.inf_amd64_78faaf2062860ce8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\LE_CTL_ar6320_3p0_NFA344a_highTX_E.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_a19f675674962ae4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\Netplwiz.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\rrinstaller.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_extension.inf_amd64_7891c7d003f5e96b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_avc.inf_amd64_8ee511eb19322856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ScheduledTasks\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\dcomcnfg.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsphysicalquotamgmt.inf_amd64_796516c18b264f1e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p1_NFA425_olpc_A_TP203NA.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\getmac.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mmc.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\appidtel.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttte.inf_amd64_f017e7b18ec67a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_receiptprinter.inf_amd64_7952e4baaee88d58\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrk1.inf_amd64_050c7496eacdd103\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidvhf.inf_amd64_0a924aec7600dcde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_ar6320_3p0_NFA344a_highTX_LE_9.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\eeprom_qca9377_1p1_NFA425_olpc_SS_S.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\mavinject.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Nui\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\adp80xx.inf_amd64_efb36fdc260e8bc8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ipmidrv.inf_amd64_ddb154dfd1a1c33d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3452-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3452-4947-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3452-12214-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\THMBNAIL.PNG	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-36.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailBadge.scale-200.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-32_contrast-white.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_targetsize-40.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-80_contrast-white.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\LargeTile.scale-100.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\contrast-standard\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WideTile.scale-100_contrast-black.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-180.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\stop_collection_data.gif	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\8080_20x20x32.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Google.scale-125.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-16_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\aic_file_icons_retina_thumb_highContrast_bow.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubAppList.scale-200_contrast-high.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupWideTile.scale-100.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-80_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-150.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-125.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square71x71Logo.scale-400.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-48.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-300.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-100.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-24_altform-lightunplated.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-20.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_contrast-white.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-100_contrast-black.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-150_contrast-black.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\WideTile.scale-200.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-64.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\scan.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..ntservice.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_4eeeae54718b781f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..tworkmobilehandlers_31bf3856ad364e35_10.0.19041.1202_none_7071ca9643718427\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..cy-gptext.resources_31bf3856ad364e35_10.0.19041.1_it-it_0f7ef5581f375e16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.19041.1_none_46aa361bda445aec\PkgMgr.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.SettingsAdminFlowUIThreshold\SystemSettingsThresholdAdminFlowUI\Assets\Fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\itemCollapsedIcon.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.19041.1_none_11b2da2074e7d6e4\PasswordExpiry.contrast-black_scale-150.png	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..lientcore.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_92681c73960d2750\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.19041.1_none_fb337fa99fb8bc2f\BioIso.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-bcrypt-dll_31bf3856ad364e35_10.0.19041.1023_none_6db8f44cd8ead692\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\Globalization\ELS\SpellDictionaries\Fluency\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uevagent_31bf3856ad364e35_10.0.19041.1288_none_71734bf99a2a6955\UevAgentPolicyGenerator.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf_31bf3856ad364e35_10.0.19041.1023_none_6b2c797548d35011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..iguration.resources_31bf3856ad364e35_10.0.19041.1266_en-us_301baded6360969f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..up-prompt.resources_31bf3856ad364e35_10.0.19041.1_es-es_11b6dfc3955f6500\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netbc64.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6f0b396a7300736d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.19041.1110_none_0565d41cd46ec20a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\SendTo\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_wstorvsp.inf_31bf3856ad364e35_10.0.19041.985_none_9ec3d9e91b3d1b4c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..orization.resources_31bf3856ad364e35_10.0.19041.1_de-de_9454178569cddbc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..efetching.resources_31bf3856ad364e35_10.0.19041.1_de-de_2fb28991f1a8b961\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..erver-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_b5ed54b0fe7db897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_10.0.19041.1_it-it_0078af1908fc00de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_66835d3c174f7d3f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..-migregdb.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_237aa6e0e86c5765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..isc-tools.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3bbab7d5b38e57d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1266_none_e20a09e712bd275c\r\cleanmgr.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_en-gb_61455d639cf26591\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netwtw02.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_5d563b8f3a12fd32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_de-de_b4ecd798f5a28aac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershel..s.utility.resources_31bf3856ad364e35_1.0.0.0_es-es_255ec101005b0aff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..services-certca-dll_31bf3856ad364e35_10.0.19041.546_none_ec3c5fb37d3e1cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-mfc40.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ffca6f045d62df2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_sysglobl.resources_b03f5f7f11d50a3a_10.0.19041.1_fr-fr_51edc62c2d3d119d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfcore_31bf3856ad364e35_10.0.19041.1288_none_65a04cbf0c61548b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_10.0.19041.1266_none_1a0aa046bfbc05b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wcn-netsh-helper_31bf3856ad364e35_10.0.19041.746_none_c0134b70522fa0f5\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.build.tasks.v4.0.resources_b03f5f7f11d50a3a_4.0.15805.0_ja-jp_3fbb35371cdb32e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\speech\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-cdp-winrt_31bf3856ad364e35_10.0.19041.264_none_418e6cba5274383c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l..lperclass.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_2cd851330f8efb90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wmsstatustab.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bb1e99fd5defbd72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mfsrcsnk_31bf3856ad364e35_10.0.19041.264_none_d6c18d8390c0cd44\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..elmanifests-windows_31bf3856ad364e35_10.0.19041.789_none_7f2fef395b7423e9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ityuxhost.resources_31bf3856ad364e35_10.0.19041.1_it-it_01ac3dde909aa629\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.1_none_d1fafd8eeb2a2637\Speech Sleep.wav	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.applicati..ulewizard.resources_31bf3856ad364e35_10.0.19041.1_en-us_52a6881a1d366196\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_3062feae2a702d0a\cliconfg.exe	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\SystemResources\Windows.UI.Shell\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-media-cap..ternal-broadcastdvr_31bf3856ad364e35_10.0.19041.264_none_95569df974df5dab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ners-dynamic-device_31bf3856ad364e35_10.0.19041.1_none_b4a7fb8b678481c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.hostcompu..l.cmdlets.resources_31bf3856ad364e35_10.0.19041.1_it-it_ff9782c9a6b088d8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..shell-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_cbba47c77411d25d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_srpuxnativesnapin.resources_31bf3856ad364e35_10.0.19041.1_es-es_06822c1750491d6c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-scripting-jscript_31bf3856ad364e35_11.0.19041.1266_none_45b27a620a2b071a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_prnms005.inf_31bf3856ad364e35_10.0.19041.1_none_1eab1be1d38e5678\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ilot-reset-credprov_31bf3856ad364e35_10.0.19041.1_none_d75c5e3052d0a6f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-0000041d_31bf3856ad364e35_10.0.19041.1_none_b3d10930f50b408b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_faea152655bbcb78\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.GPowerShell\v4.0_3.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dsprop.resources_31bf3856ad364e35_10.0.19041.1_de-de_676c798e3fc23b3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-setupcl.resources_31bf3856ad364e35_10.0.19041.1_en-us_503feed586556aec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\ = "CRYPTED!"	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe,0"	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KXOQZUNHYUIPMRI\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\j7Clgm55Cj4uys4.exe"	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KXOQZUNHYUIPMRI"	eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\eee8350b227cd738eaf16ef108a33320_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4cdd1441971121571336b328614aa714

SHA1
a0f8082a1df37a64d8e320ee044cc83e9f8b3650

SHA256
eefabebad453aca2e68c8f2772d044b0507d348fa66d5524b27bcae4c8e8cfdd

SHA512
8088bf53f526b3a1e5da0e0554c929cfab54ea4274aaee3a82316a88e198f5d4fd7e4393d228b5cfaa78612edb6738a8aab65ac842e205074515f87c0cf5bb65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
e1abc289bb2ede3c734847a0beb284f2

SHA1
7d102d0dee9042eb5c0886964376e2c79c6856d3

SHA256
21bb7cd7b92d7c86df1e9278e961261426f1236231a373c26325a16209e48c06

SHA512
51b77df94ce19642ff8a8e6ae1f8815f1b5f829cb17272c5507aab2b889ad9e928cacf64ade78a0d95940a9ff6364b1a940de0df92cb252e19dbd464ab6594b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
85cca018fbe262cbcb2c309be6ae779b

SHA1
043d51c94e538f646d891302b26208eb03c8555f

SHA256
33cd95e9763c17cd35f95e05749cb42a560221b45ece5388fe3f7cfd74c7a703

SHA512
2a73895707ea002b440e523c792b7d8f550d337d0d3335b016ff4d718dc41f91fc9aaf1bc2ecb04f604c1b1bf561bab83f0e809fd354f1cefb3096c50f46c8a3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
9fe2bc1a24f779cb0ea5b1ffe0956c25

SHA1
97acdc1e938de78095bdbcdfc32e41976fa63179

SHA256
5abfba7de2fba3b17a991b11427b7ca7d503e43e91e07bb6f96007c119b40cba

SHA512
400d0148642897b21e6ba9146df3bdea26d4bc46e6bc8b235b5c28646c449d3d6f514c0cdc3a0fcf7861ef1661a8d2b1a7a6eb690cac3a6d3fbc12b01f7ccd29

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
1ab439564e19e3faa38c044704e1d972

SHA1
423791220b3d4fd7d5859ab46eabece6abbac076

SHA256
be6e1bd960fdedda66d1a7e2590d064779c25ae2ac6afd2208f0f69dc37ebea0

SHA512
980fe7a6b4e55a8fab45a0e6d89d77810211b3286409e869f891376b053159225e826cef4c0a3240ee953da3f753a108d42f0df9b34650b2850925f49efbc143

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
36130dfa46b3520819b71db8b212e19c

SHA1
d27932e10349195ce3d8ed6496dd1a3a330b2c26

SHA256
e57925fb4ec627a9ffe809a040c8590f1bc3cb2bce60a33d7aee87c45ede4593

SHA512
f18ac6efbb226083a1fbec3877a8c92e8153f9a6abd6ccbf64d034cd3d70e1face28c61961038163b5ee8f712ead1e367510254fe1f8e587ff109799e7454d3d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
8bcd4602f727327b50c37ade8f7a7230

SHA1
24deb46b41979f30f77616c5ea5921f89eb15206

SHA256
7af891671d37255517e34f98b4510f383d2b303cb2b2084de7b3f717419bc14e

SHA512
ad15b39515cd235d7a865ce2169b46b0e9cd57a738f90b8d2c00518b6f7c22820d0afdb89a5efeec2bfc2bbd772f8644cdaff01465cffc11318863b2399917dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
88b1e2bcca40fb3a331c88e6e16e7afb

SHA1
9706a9300bdadb85f6cf2c4def7e4c2e2502c8b6

SHA256
3f49a8c53b7aff305bddbd3e12bf7828533d77c84ba7c9def96fc4326b9198ed

SHA512
7ed08a119a95cc42b25b35afbd4adc6d9b5175bc152a98a90cc84838bb2e15845471ea79e7ea86ec22124a5a527aaef99b42784e0f5743b5d403069a5226e154

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5397c3b7a52698c96be4f411918e4d3b

SHA1
7872d04dd1aee03b67e648ed9f055a7051737087

SHA256
adf86bb386a433201ce27d800c8a10aba1624519dcaebb14c1df2b620815efdd

SHA512
caa5d4fe203de2c987b1109c87411d54a5b2f47e0b8f931c118dc33335fab690d42b58f1f4d9d77f63707fb22b849e30187bf950a97222e74b8cd015bebfc02d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
b29598a5f57ad19e010240a1514f77ab

SHA1
640cae5073788b1147f5de7984b136767b168b59

SHA256
bb20fc4877109f83a79ba9d89a56f229d7c0c5c113ca778bc4a9ea15680e21ff

SHA512
1f2dca9cb243077bd3be1ef47aeacff9e3609e5e1d60a367d0690804367c415f92090e1327f8c2f8119b17fa6726a6278b30cac0dd1283d9aa1c4e4d835c3899

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
2724909292924a9ce1c1eb1e025f9fa9

SHA1
5888186d13ac9223f5fea0a1e8ccce252f0b36df

SHA256
e466c612f7e5a993ca2b639d08afa882a4c64835d6e1178425b7426c451e2261

SHA512
a89978c57d8db297ee7fc846fb557ef4925b8f368cedaad228fe926ee14e664d9000198cb1fdb0b79ad4450b2e95902d96141b84cb799fb7ed50a72a89a26b0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
ba1e592da78d5716ac2fcafd483179de

SHA1
44ae30509ea331a1e362de85069fbe560cead040

SHA256
bb39cbdb9b4b2e32981942654b74dba28138f49b8ca571991ca18b21560939b8

SHA512
bd13c67027f7e91b7219cc5250f0f0a5d5eb9ec73a4d4c53293d4bb297a52561eca5be026f3f40207cff48e8f31ef6e1c0c884afa314463f0b62a8858dfcccfb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
6ac352972adca63977dccf8e2e8fd2b1

SHA1
c3cf0cc7de32d277a178a934cd65572369e35b09

SHA256
764121a3e0c28b7458779da1c47dc770058ce0ac14aa9b5c383fcf9be66d7b58

SHA512
fb1029413b9fc9ea5faf2606f0b8e8591b6724f0e5260ad3ea4bf3fbe39a30178a8e919d7ace3026787fba8b6db3b7b60fdf5f852c7b02f608eb70205d13e177

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
b9332da6bb983cfe50e1c642f4cc9740

SHA1
188d72d9450373b5db059bed18d8f0a75dad0573

SHA256
a435c1e491b3f1fd40a0df0047eb85723bbd9b616d53d3bf2cac9f5a2cd75fc8

SHA512
35118aaa15dea9f1042574fbb9958fe46d86782cfb240725c541a791967ae7731b8e979460dc4ad2b58c2e4fab4a0585ca0d752c322ae153efcb7ec24046dd6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
9a80aaa0692d5e1c5c374278500aad10

SHA1
ca12282e84b0dc2b84d664e92ca517a0f2ea87cc

SHA256
3fb72c31d444c6cb1dad5f839b69affc6245d383c802337bc7a4af13a78e705a

SHA512
4b591e03667b1e0cd8f0bcdcd22f470af1219d61f5943ca4adc1aec13708d6a715693676851ae16382261ad44077c8db9360f18d7ac18095aa5b1df066dd6033

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
5c6bb659894d56257044f803f5da958e

SHA1
660c4134b8ad3618f99d8b326f8e758a386fcde1

SHA256
382ba8dc34619fd961c735e43fb4a219064de8c261c4605082cfb1f7010abe24

SHA512
914c0da558619510315157ff3ccd71c8058935d822c9000f4af9a273e28d7e263129e05ffb43b416b26ffb0c226fc33038698b013ff66b0e1f25153e6600ae96

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
81cc0a0b27974e4ab502b2d7dc965349

SHA1
3f93cd007ec04d3aae4ac699f5b7bfe46a87fda1

SHA256
5d890123269b249b10e38b6c76ca1d9c90255240946b68bca6dd442be43848f5

SHA512
e18e9011c05ebc27b557d5078cc3fb0a4e3a4a54f215f819fa76995e2822ead3dbd997f2ff6269c6dd74422e013227a444ca1db89be648332d37504163bb5fc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
d0ab88703ec5cb3403b8f5888f91f9ee

SHA1
ebd3df56988eb2a665352780b32411ea22bacf86

SHA256
6587a3cfff57fe51dd4bbd35913cee10862c0c5254a28eb126dbf91511e3d1b5

SHA512
726722b5a65ff70abd737af4da04584f45af07fee938ffa976ab761f25f1b00a04cc185c8aae94d10896a49e301b122ad00db52e85ac4abd48f71e363002428c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
56a185468c0465c9b5d27cbde4641bd8

SHA1
398de6711241bc11750796ff3a3a55be4a0becf0

SHA256
51e8a57bc5c49bd62e887b0bf3d4038b584b25ce6b228b957a4ba90eb2e25294

SHA512
b351b92f8f6c1cd34122920044635cd2a70a6914f3bab21d9829e797a9e08f337731c6219d849410916ddd516b010c9ee16ef9c794106e56b00317b757c3dd35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
1a170b8281a07395ce2808ea98f9fd59

SHA1
4646f8b4daf8efba1082742b2758f34fbe13a412

SHA256
d88a6a26a47128b327378282ea6b8399c545d7eb7240e7473e2ededb891ce57f

SHA512
25115be64070ce2c45c1ca5c4d201779f4b93fd1093b7f706c5e8ee73e54f478610c0ab211ad321b1d0b245aa7171ab57ca4eaebbc510ee4580917d5eb7e6d22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png.EnCiPhErEd

Filesize
8KB

MD5
8296c39d875b83e7a3b0d2028b300c9a

SHA1
6487a9fdb00096796373aa654119ab3ae36a3fe7

SHA256
1ca3c4bd1835b9e627f18e7f1d91fc15781c449ec412e3bfb75c9e32138d375d

SHA512
198ff6bebf90c12210960c020427d74d706f0f227d207da60c6f3bb9ed402ee66477c5cf5cdb18510311379c304f8eac18499c6386f718361ea55797745f738a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
a12805071a81137075025c3e60ad6903

SHA1
edfe6e95777da76058a16885ffbed57cb3a276d4

SHA256
7a320bb87174f5bda03a5919ab92ea97a515dda09684069dc8b0d84e7c64f311

SHA512
573261cfb5265acb27631e07d60f53eab1bfac66e7d09e843323205db481d7871fca54a48b9476296ff13a1165bb2be60be9869dff7b7976bd675302324b8959

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
1e7e83f6af20535a182507c3462d30b4

SHA1
317f25ee6f53bdba56452f2f44a7639cde3958da

SHA256
b513e5005742742e6db9cce1894bc3f85cbfcc76501e2addfc9b1247718dfdab

SHA512
01790d95f6b902543cf720eea4e0a22ca8c77734b4990bc15a994c26d22ec23ddfde6f8195507d0dbb487e91fe32abb64e00d974c5303e7bc1e47dd1b96d66d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
4cf6411626f7b418bd3467171777fdba

SHA1
3aef3050ccaefa6b873a51cc145233572567d354

SHA256
143f3d01b805a032e457a504e448d005bb34d55258eb762e63815c8aef5f7ee4

SHA512
4fc2890b0720615e75c002ce4ed75c9d9aa2eca5624e2d859719d7e4fdaed2f56a0790531e49d81ee96699a109e91c598d780345784af7f49fe8473ed3e8d1e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
a5d8f340a4a6e45275d40dbe4b8cfe66

SHA1
5287d651d9583bd81a6ff995fca14e2518e38a22

SHA256
2e8bad10ccadc42e6044d459433bbc0df4a6b49cff16279167a87e02e3bc331f

SHA512
f80d8b1c10ee78500fe67171886a522506abcc950af589665c481c9c2f484b2937f41ef9e81f6413ee5c3da6b132e9987e43ea312c35b1a1b007cfc7dc133235

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
ffd82995c600b0bc71b75f5d1eefe3e7

SHA1
7b8424ca11bc5e5fbf9d317010e0a97e1eb59c4a

SHA256
8a825843328f3b9d11dbbf2deda635b8b4811a33d683eee3fbc1ac5170aea5ba

SHA512
df57e15852c7b5784b15e5fed460d7364a9f024046bd6a22675c54e29dd40c0b3aa66ece54b777c1b732307a72a0f8e5259b38eaa286de5fbb80a10b87c72419

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
bbef2aaa34af4053e70f1f654a44515d

SHA1
169ca9549551334628409449244514d4c3fb7c90

SHA256
60df195115ad8e505ba050302c11b7c0e3a22bc1c8d4f3f79bbe4c49f0c21c17

SHA512
3882aeca95361f0505e9fb7e5fa447727a0fa2727b0336473b070bf8caad4ea06fd6801b763ceae7028b7e6796c03bc194be3a60217a4ccc6f6f60f41612910d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
27b4f4384026683e7ac1cb85dbbf2b47

SHA1
ecd4e2f1f59c25e1f5795c0233c1bae7da26bfd4

SHA256
a18a0b25f236e2c57bde3f9f0d1b483a76f885c895d8b504d608392a0b0ded74

SHA512
f9b3501d99860579c971816e2f1fe997a2709f8534af72961cac4703fd87df7678299a40135d374c3d3da662b26fc41767099223f9efcc26524cf7580a581b72

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
beae494d68b90f8f4d8143560d0e843f

SHA1
70550f3e6690716afe9f804980479f1020369040

SHA256
1e112b83fe88cdfca8f32d4182fb4f529cc9ffc863ac5fb6cfe02a9d5a23328b

SHA512
71961e4d4ee15cc7ef6cef4d707d86c51f89602531fdb4019e99a94a7be1ee3dd40a15906982e5a3cbfa1551207fd3d6fc2e2e78c4fe8e8eaef86c8378878b5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
3da14b681b7d542ca0e51eef428cce54

SHA1
2ad2e264b504403f9b82814a506ac179a1f7d7bd

SHA256
3fb2c5ca730fe6d1d0d73d4c9a8da6cf59ce08455fb33ff97f01088131eebd11

SHA512
5f9404add7ac4cad1226687acbe8ba4207a02e722d2b00fa028f1d0d458eef602689d3f644e47114685529127b4d17e6bb76999f9a71463504da838fc5e1bfb1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
02ac3a03591a3c489ac7ae23ad9bdadd

SHA1
94dbf279a204b72b01187c7ebd83285108181477

SHA256
066c2248b87e2d465e86736c413aaf4d483f03afe81e425b9ef5a6c08e462261

SHA512
af45df637c5b6dad651951705a6c1192448ab56b1d303148ce654de667aaf80ff46a0395df871eed0579c4ede65853b175d3be48fdb9cea83a394ce6c1a3d23d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
12265c71ec5a26fc4d36834bd7df0830

SHA1
a2156068dc0d141ce9c97a40cc0ebe9d5e838642

SHA256
bf3ebb21c177e90aa7b77c7a1c7b05a8f035bbfb1580ce35b7fb786f8d92973e

SHA512
61eaf48e4ba8fcb9f08b7a569ecec32d8c8c45b5ccd5be9c6c10a1574e7367f1d5033d7c069333ee3188df680b5e4a49ea9d1d7908f431f40365866429631e3b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
338071034b2c59471e0d60d2749a7ac3

SHA1
cb3e0aa075096f2bbd48e4da9c904a324b9442ae

SHA256
c33fd965537b3fe41f883673bea9904c7f91769d3d1a56ce1400a6b4998d0b5d

SHA512
420693928150756ac9a83a3347cf10e15557dcf1ac94d4379fce77f2b55b0273e974a00fee0f49a61aa87cce1f57f14c81b22db3bd9209b696ce054fa1222cea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
999f734a72c69dba78db41afdd40e67a

SHA1
260d122999725de77fe28498cb4d168bc51fe332

SHA256
2c2c714db5cd87a1e6a7482931139c572c212d04ef8c7266bba1e541d58aa45d

SHA512
2a13778ec262277a280d604dab80856017d86f9efe20b0a9ba7ec5a1523d142377f7275df881c6fa643b36b10b32a8d1f1168c4d653efab94c562d490eb3251e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
d7767db8d6ae135c11d4ff48c96634f0

SHA1
b7076b393fed34d1a00505e6b17f41033cfb40d4

SHA256
d53db331c9a6ef670e155ecd70240330629e3cac794a856047c78e8963ab1b0d

SHA512
ede0f8390b2f413134c8d48e7b52f433884c531da9be717dcba670beaf5d7050851d3b90ab0b1d5516046aa4a2ec31dbfe4cd5cc5c628a6a7a3e0340629ab53f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3b4ad440b55cbd799aff933b84cd76b4

SHA1
a549b5cf55216340418793e20e55f9af3d2c2f0b

SHA256
641dcd87be40196f5621cf17a4e71f7b73f021aa753f9d6a77f27a83f0467e87

SHA512
5efa3d6b19ea2af630e7ea2125c40bbec29aafb2406ab722f03d3e19e2d00fc618722a633ac45fff326515dad7d1c7d7aaea879504c7e0e02a6092b08a4ee7fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
528a31cf3517bf162b8daaf2e7980aee

SHA1
2ffba2808c68c715cd756a6a0dfddb31676ed1d7

SHA256
97c4d9a1513de15e46166f13ac963f30d2ef0b951e2d38a91985b2e969842069

SHA512
de8ca113dcc181853bbf2e5fa66af457cdc7c0d7a3a38cfa40fdddc8cc942342edf8ea6d01e9c2f1640a29ba02c12ff64810ae2398221cf68db6c9ebcb6aa9d9

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
01cda515a9c7aa113945e3f9951a8859

SHA1
f876887322688944368f5c2b1f195400d1eac062

SHA256
eb7513c77bc37430e4be89e1a1ecb14bb3fc13f94caf41025764f6d4bf52b1cf

SHA512
ea2df0c979bbe0d53b3bd5da9f3f91d8910b41af971ca8a0c8f205aaae9707ea833b61136ff3ac30bd2869c98c5a676b1a93d11a5f5e5e268d21c69e6969b2f2

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
288B

MD5
8115bed31b7cee7b0b056d1196cabf40

SHA1
006eb04a3824dcef13fe4bdb22ebd33ebb72ddf6

SHA256
0d10d27819f45b102d532862a233eab90ff31812c0019143eb318b0fe16a2bf2

SHA512
af1f6b6bd9fffda2b7c10fab77843fd0f64b37ba5b2758eccb212725fe3c7b3e2eed68d48045d4506fb1020c34f379d5d5e87e056c42c0b2618fe490529c3c53

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
e370e31a55e64371774eeac4370901f1

SHA1
07d0d214711413340e4b0935246e7c19ad8be678

SHA256
2e3f10a92a08e4b0aa9676e659f75b2fe1e70eefd939ad8ca2221567f7c2065a

SHA512
6b0018bd4957cf15d9953bbc70ce049a23b5a5e31e5ddcf435bf84aa6cf1fa7dd50ac8d5e1f4bad8612f00ff51b13e571b13f2929f77b1e8dfd1666629225dac

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
4142ce83d85cf918be7b57a44c3a3cb0

SHA1
292017e77fd75c62389bd3e8b3f58d3e0ac89df4

SHA256
28078d3c0d9cfda50d986fc82dd9053537d32b0053b7052ff79fb6ff3462cc95

SHA512
cdb72b485536323f00155a085edc4f6fbcb21bf4c40217ac864a6e1aead2d8abbd77638b80f047974c1bbbdc4785040395e82c4a828ede5cdbc7f71622b69095

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
19bf91172deb28156edc4906eeb68ce0

SHA1
c5f556e64f92b066b5ba8a4cbf6887c3576aa1db

SHA256
947ff9b17563a8230eccdf05e38a1edbfb6453543cdf763ac7aff2cc1257fc0e

SHA512
6204876070e6c539ed74c33ae4bfe7cfa1d7be19baf61bf7218d781c7cbca7ff6f8dd17f246c9ad5ae0a8b04906cbd5dc4bef72074cdd92404e6bf10a0aeb7a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
3d0ec745b644f1b98e31d6e7fb308b0d

SHA1
005a774f1c25302b1a6c768fc897b448f414253c

SHA256
a7b41e7da0fa4c81b91d17f1cd2b93259db21188993e5de8f91adb0bb5a1d9df

SHA512
1ee1b8027da4f7c58ab9a49f7b4c9ebab7210d0e04eae95bf9acc421707d04e445f31b5609bc198afbace38c4cd74c3f655c564dccd9f5dcfa5c43d74dddebf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
fcecf6eeac39978f4a029fb8fcd461d4

SHA1
88ae1807e7f403270a8de4e12ec3388134872b0a

SHA256
88d39eb1d1eb087f37147b15f32a67d427d6df7fc1f08100d4587f4302fb8038

SHA512
c3ba307c251ed39dc8bb17b3ef12a1ab61783e04b0adbcacbed186202004175980ad6656c48f0b34c4269cf44331ec17d51a2eda9d6eac5af74659710fd53053

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
9c59d185900c27406681a5cedeefd524

SHA1
4a49687258f61e0df8e65c0c6197f05959812a0e

SHA256
c4c69ac80f9aaa1dce4576789604dfd3ae8702e73ab0b8d1c95eff70984b278d

SHA512
cd45d10e07fc1281f64dde258e22928f76a1c401f5812f48411f1c5e0be93048b170ecf2de3ad96508e83b0915511bd0cdc5cce07e93a1b5f6c579474141f151

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b918410ad66843ce511504ba8ed1b7a8

SHA1
7f65605bfd5da95809018ae419d432beddb09de5

SHA256
09bd888c3073c07f947f75542d59432175a3c9e41f565616d4accaa2c4c71df7

SHA512
12b87dd6bb23cc2965e49a453c52d6033f61c067146a7f8afa6d137221287763b775b0db8d887517cae7cd8d6b787eb22820336af2dd55bf03613665fc4315d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
13aa1590eb609a16e2db41c2681874c9

SHA1
0342c3aeba9704132869e9ec06137adc81edb996

SHA256
441fa0d1585c09833583c64aa2667fc8c235881edf0004103b20ed37d8ba36a0

SHA512
58e04627aa67e1592ae505046b4b83f32db4a6dc94fecb994755803cc2e8009ede1c29dd762f85129a481b49400fd7f9da66583519c4d02b06784b802be30769

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
41f241dd71afd9931b28e261ed8db3f2

SHA1
18e3dd4c249cd33b71ae7be42c30d5e339b1f5ed

SHA256
5541f4903cd8571b7bb7e2ce9fc13e596e19eece5a5f601628b3c3614a438000

SHA512
b7a8c40a26ff60a9b46771fa6dba726f1a6d0ff6499a0c738f028985c2559d488a4b7fff2fdaa43c3ecc0d476f6eac604269119b0527ab89505069be49f06cc9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
85f11928910966bc0c36fc6661e54554

SHA1
a77514e564c6b951536a6cd0d032b1cc2c7d62b9

SHA256
fa5a95809908498cbf803d9420653b8e95a5ea36884eaeeb96c9c77b276c464c

SHA512
af6fd91c80cde8e36d5a10c2f2d6d7ce778b45558354e9df61841eba8bc4a2d62ed9c17558bd52ae8edcb62c12e571c3a50d0b7d8f28317315c42c57b31bce0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
a800851424d75136fa4ae5f364d0982f

SHA1
2f4ca6717393875605fcc720b451ecc8ced68555

SHA256
63f9f558d9cb4b3751f24e8e97f83bc72c73e1845407d1f9ef08796dfcb0286f

SHA512
5a8650148b059b2137aa4d2ea1e953d5e0ca9a134bd0ace782036ea6b5353a8e1cf3c340e976bb1a554a111493802ea2124c062a30748c850cb0462b524cbaaf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
8b81faa78ce61e3a4658c6b0bd27a77c

SHA1
dc1487cd7c6ea620d0f6a2961b6ec0d721684a29

SHA256
bb56ef86bf5c0b7cc86ccced37b2a248627bb2835300415fbec571b83bece110

SHA512
0fbba1f14e16f98a1a6835b1f38ebe1ed303a7e9bf31cfae641278c222d3c519d20902e47503901f2d42e174d6744158473c99d8fef488218e9128095388e33d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
e33d64dd9334ba1c78636242848ab839

SHA1
4ae616eb31549e272a00cec9b3d89c5adae35f5d

SHA256
a5f02139c197d14aee3be1cee7fbee8d1289908368ee9e8b059c395d7321f579

SHA512
5d95f76ebe5ab050fa8c997a1dc3e2196e85513468ed785aba6964d362c3afd5972169c58a6b1da3207d8deb08919fd7bcb5de2c70d925e8741d93fd686eb069

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
3d9bf97f92879f653c36c40811389e7a

SHA1
b316ee9f55cc6d5f1c61341b385d49825cb4197c

SHA256
1fe868cb2fa2baf4358ba69efc6518cec635008e464207045d39607b9db6fe1b

SHA512
a40a91882a386449229837654e722313f63dad648541b7179e8d00857476e63fc136041f45c26ac7e071105e71d9c0e7a3d9537e9dda3017a8aac3461ce5c428

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
2058a28dcc0612eb0ee96a0b347907e7

SHA1
f35bbc52d91587b5e95549a3deea9b6ba679817d

SHA256
a5e26f92f30e02cca06a52dd09c25047808f8e17729b2aef0d8e4dc913616fb0

SHA512
9791b076d797aff9eb45920c62cc42b5fb1165eb6a6e95c38e31ec190a376b9fa78fcc94224ef6013cc8bae27be42e149d8d3af91f0ef23f1bee15c9a84341e7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
e0e7a784c8e935a6af1de092374d5094

SHA1
467eae58a19d7282026cdd642331216384065556

SHA256
6e3b0f04844e6cc433a3a2fdd5cb3c2c5aba09485d435f73a0a30a0ef6069ff0

SHA512
afb7e6710798e66e478f088c3ed4a52a1a4648398741ae6fcf820e81f5d7812f0fe768bb1e8a58a0e49d22e004827d7045e110d2fe54fb44d5ab37c9402e7c9c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
8af760ca96a3d3efe919292af3277727

SHA1
f6f52a9e4fc846bdf47e39ade83704901ee9ed02

SHA256
5c47de8fa1fde6db414651b7f6717f9ed3b032d5ebecdf1dc1a14f1ba8609f1d

SHA512
3691d1005d4c791d488d84a2ec5e6270ab4135ed72048fb343897ad74008551b4810ae6b539a91d7becc55fe437c8f78016dba64b5bb01063e68382b0b6d3bd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
f388b7975711aa40d45dcef67883f34b

SHA1
92c0b1a0eefec25e63091e9ccbb27a39cf5e8882

SHA256
9b9dde827aed282ab79a25083ee8ca576d704c6f989c1460487428eb720f7872

SHA512
e9752294e0eab8c88af39a4dd37752337e04049919c134ec971d9cedc1043d53d5670c78a1fba60e67f51dd4f55adacc18b91daf5758459799a5bd22b4e3c0ae

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
de8060ba19aaf723681d99b884af34cd

SHA1
206f9d8b84e75ee0a644bd6f195b5417833e5ecc

SHA256
a2036b11f2948331bbdb1eb8cc6ca7693b2b09c3464a742a7df61c1a03ed5486

SHA512
5fbc4c09edf5f15116b44718b2b749410c77c1625fbcbc64cfbe3384e76afc195bef09f9f4e208cb486dbe2864a6ca1d9bd1183e2e7371e25fdba56061e0589a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
4c18ba5badea958229c88258a19bade1

SHA1
9e8e83afc3b269c68496051d81cd15f7b64ed2fc

SHA256
eca7bfa6885f40949299c7c9466cf9afe1a76532e65a689fe6d8c6d371a1d7ff

SHA512
a586385b0a06688fde7effdcf78dbde8d76defe81d041835d4104390e9b80455edc77f55a250b578d4077b7a39505e57eae4540abb1b12fbe255aad6e830726f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
928742b6ebe09b01043f6d3858a0426d

SHA1
c804d52755815b7eb55cebc2f507bb9422d172e5

SHA256
4a098ef94d950ad03fde86221e281097457268b033b64c081c70845cc5c2304a

SHA512
a6e75f635a6e7b736e63b11eef8b0ba957d87bdf2d2039dc0436b2868d62785a0120b10b920c9140e76c41f19df01583133b08841ece94ab44778362de5352d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
bfc7a246e5200ce1a675cdc42231d972

SHA1
7af213fce67c5657aa53b7783b72473e66d7fdc0

SHA256
91b71f98eaa840f3cd8956593c75af22ee265e6289c0f5a12b06cdce5fc95b21

SHA512
86649d42b5b9b3e953e4fb407acd2d10d7b93143c8b0d1a10abf198392d4ca869418bb2bcdc9cb1c6940d8eb3f94841e0c81db12c76c8320fca9406f2916dda5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
103b23e30fa22a723cfdfa8f142a6701

SHA1
45936c0ca947b4ac927cd1d0471167a69fe046b6

SHA256
05224cb33844387157fdcb18738b785462f31ec99bdc96689ad586251c02bfc6

SHA512
0c01b54b020e4dc10436bcab680185d4e80222f60bcbde87a3034593518e86448ab364d6994c0df2b093d69f3458166ba7b78fedc381af3f8e520f7525db93db

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
89dbde2f29c0d28d904df147fb0c4f7a

SHA1
23f05406e0d685f19dc661d3620895f3acef3132

SHA256
c7a91538f059d83fb112f5d1811f4a5369d0931ab1168a80153b011983ac5ff8

SHA512
1cee4c47b8c0f148b8078621f36b8985292213548a30b68e9ca1e9ba1eb4ea1d87399ef9e022af033fe451c98584959a67b3ff47eed7e44a9a7ee4cf44cf255e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.EnCiPhErEd

Filesize
2KB

MD5
8985931da1bcd98c6a6d9a1c91a811b8

SHA1
10e10c9e40ac87f68c4eafd7c3654ec289f561ec

SHA256
c94f6098ca9078532221e828b6797415eba638896d19bf3ec1e821988f8a775e

SHA512
2fa9c62c1fc8121b11e96874737cbf5071b251aa1f8c228603951d58f7b337347e5edd2272f96f209c6bd8e9e2a467da40a356220e94ac1a42dfb92e17fcff78

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
9497fb30f2b5c0e5ac66affbe2281318

SHA1
cc41fd98538f4cc56836d8130e64413db405fc59

SHA256
dbfbf788a75d11692effc6f99fa0380d492ed659c01ae0c20e7e80707e479c3f

SHA512
c5d2eff76faf6419a4130fad8ca527c07880a7a971abca5e8a663c9a7b0d9bde63979f338e292e6fbce96fb55ad2ea02a719ba81587488e11c269fe58521ca83

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
e06a792d1a70515f7f95499beaad5897

SHA1
fe788227b6a47d3c5e4aacf9d80f5ddd0d62d223

SHA256
76f00e796aa17264b0b2be5c0c3ed2a3f111f1007ac880828ecc1b078a1b6197

SHA512
bc3a890dc46976f4b2d55672f96b1db94b3d2ffff25cb92730cf446efa2f1bc9ea6ad4002fddc0b37c7d6bc77f8cbe6eb835098c5651d481c227229503f72c4a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
f6ff9489fce274f5e94e39f6d3a45d18

SHA1
968d1d63c563a15ba15dfcdb49a3224c97bb507e

SHA256
f3138899ed93c787f8a74bd5cef6305d2253e5f240e7e422fc3a2e2ef88e4df9

SHA512
4b47721771500c197234dfb3f491893cdf2a303a3bfbc23b2f3703b23a37ea777244637aebb3212a30299d406d250724f5947e7e4ac2a2aba94cc2e70483c0e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
2a7b28e97fe0a85d1f8b6771b256ad90

SHA1
00448a8dcd6f62f96b4f4a8c51f32ed4331e6ff9

SHA256
11c14b30e439215e52c52d9714263f789dfb1e5f89b18dee2b129f82b541ada2

SHA512
9f9af8d4409c345b54d272a95d89d57c67f7bf9d628cdacc125bb5cb7b968cf6eedb4928ffec54dd0fce0a2c850cf5bf0ac2be850f19c226892aa2d9fcb79ad4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
0c0936b4b52fb9820dba765d5cd826d9

SHA1
684e53b45f55125d794733f65b73f2eba14c1a24

SHA256
922328200a839ee6d122bcdeb04e127ebaee0551a34c20e7047e7cb673d1cec3

SHA512
d6af0f622c579da3447d119a43d3fe12735d7614b54149f0ee736c183069d24eb1942b51bfec9728ca7e2caff7fde364bdd83312ffb95ae3ae96830b40423f90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
05626513573be52b628a7f62ca4088a0

SHA1
ac9c8a6c359b6038d237a0d1e0a66144413b8b6a

SHA256
9ef816bbad76228e82b5cbecc990b9f522cc3573fb8065ae8f4696f29aee04cd

SHA512
abc6ff1082fb354ed9ee41701748b85cc5c49cbde5e0ed3574695800858f33b48e10d89c0bd79b1e236ca423bd287e6b5eed5f34b23d8814189a63232ffd9e9b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
38876ed9684acb786436797007d8e276

SHA1
1d91a56f30f8c6e7d130940c190b1a23f5f1c49a

SHA256
42cd70d035a51b8add3000d631882f89200a82d39c797eccc8a23b819a06f4a0

SHA512
8b7c8cbff7f4489437621a8a8060444afd610b138c3b4d8321a053754720c26fc1c23b256b22d074ac27df7e48c5845d51d8490ab9f1a6cb61b5ddde3059378a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
d79f8346f0a316117f78e9864d9b7401

SHA1
2aa17b9f25de43ecc973a67e2af2eb72cb273bad

SHA256
f30b0991053c7136cc492454587be1b3fe4c630bec259510d96ff08030bf0298

SHA512
cb7d1d1ac0e779e186e5f15f42b4ffa2440d670f243853babd3e8c428ea4f9651cf05b145dce9d507915ff3090a6e963aadc9fe76764053b8de3b9dfec381ceb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.EnCiPhErEd

Filesize
2KB

MD5
72f4c7a8cd378b3437bf728d1027f3b9

SHA1
41f656e6d7201abe3840fb662f367bc8ad87eb24

SHA256
072655277cab6599a30c0bcefe9f02bc0a9a733b360bb9fb3b08c66828d1557e

SHA512
e0d07e103c9130ecee32e736320e94cf39f4f2c6d516c3a2cc1456341eed14a7dd37b0d630d36e81db0a83f31a6b2dae8864b57ea16946be4749eac30d412119

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
802b3c8332fe8a3a75a1124d7799df44

SHA1
f9c856b682d79785ab04a5cf8493ad83b08dd7f7

SHA256
106b3933ccb502d4474d394fe6b61386274b1592e598ea035dfd7ae007306f54

SHA512
043931761aa5fdaa684d879cb440883477da2b4954601cf4e93f77ba51408dbb250c0a67969d2ea2528746301f4ebf3304e285856590a7299a917c5d4483bc21

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
a2d6ef7f4fc279dce95e06dd19e4a9b0

SHA1
368dc0098341f8336ba9b3deaa920b5cbf7d4c25

SHA256
9af94fb4a13d45fc8891074355c27337d401e1ae4335dfb03f0c98ab087f4cc0

SHA512
2740bc0d070c447cbed316d28ca16b8736a460d6000456aa2ad6e47b0900bbf135f5b67a1e4270492f2e1b8166b785bfba1bee9185b60c1e3ae886616fb75bf3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
f93e64d450b722ed36cad4ddb8878811

SHA1
c320dfbf4c8c76a36fcd53ac3575f85afaac6148

SHA256
91f34d072bec18a64c921a2266d3d759c3e07e765e08e25e178260dbdff06868

SHA512
10913c7657f7985c9fdbccba0dda35f7fcea534b2eb179c760db5f3a665642bdad9716791823cb7b3ff603f5576e8acc78f1916ecd015b9decd0a8c1e9f29357

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
bac72071cb12ef4934fc55957c5b37ea

SHA1
b83a25cd00e8063c01e5794050ecaa1d9e4f740a

SHA256
4825c7544759bc8f0b61351fda8153925584f153fa400e0f1be1a5c0d1d86959

SHA512
c3ab92386d16e8e314313c4f4dd809c36623e70b1849e34a5e981c86dfad67604828b6d43fc6dce4d4868410c00df94dcc5748504fc29972237f3268ac30ff16

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
dc7193bdb94ce50e3a4bf12da60c49c7

SHA1
f2e5832addea8876e84305404b6016b2b4424365

SHA256
cc40a91912ff83a0960cb359db241ad240077a34c977ad33ea34f19496516f0c

SHA512
34c96a3f2023acf8a501035c7c58675d26789aa39c646c7cbeb25d3ef863c8448c421cdcc5ec4df5a55b35cedbf3af25a997c4ef0e992a9c408b9627f3eb0600

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
630409954913a6fa2e3e46bc756f6302

SHA1
6448a4e296d4601d54d413fd42c3449c495e34a8

SHA256
69ce388b0a3f59461871e8083929b0db025493c3eb1a2d45306c1f5e50e34e6c

SHA512
6aaf704913dc7a209bf1fdd5d07e27646a8f2ac564651e0bc56933cb7121b46c5798a82ed8a49e644ea231b209bd06b468175ea7034a62bd55f34e3fba801300

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
55a2c326895fa9150e88fe373fc6f56d

SHA1
de118a424b272064692401d1151c8ee3a891be1c

SHA256
14652fc41017e0b99863ae23c03c9a008b75c58106153938b8879fbb15192662

SHA512
7291fd65427194c89716cc4e52b3d34da44601d5d99baf74fafb6622e83073473b88f4bc617330cb2a5b59b423ab41cae6f46d827cc357136e8917776a6301d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
190ad1f00ce4080bc1839f3106ff0ec9

SHA1
a274e42a225fd8ea0e88064aae749c2b6cbbcebd

SHA256
602620792ff4e055a08b77d10a10dcabc693f723f73814314bef7d96386a0239

SHA512
b848f8bd23e396befba3d65d8c9072d4f6978f04214f30fa6b691fbf97a163678ce7fb89a4473b70881887e779505e445be516da465e0a6374a7d6eca4edce10

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
a693a3432864d27577cfd458a6fadf17

SHA1
beebc01c464353e0bf398526ba9d0f857be2cb97

SHA256
83441e4623e863451979c1654c3c0e2c24518b0cdd74e64365746ce07861b9d9

SHA512
855de4b6bdfc9c5141423286f252db168dd441388ffd9a1062e647f00a7a0146ef93ffeb731f83eef353271acfe3e00caadd9f1a04b63bb512adc544f8082e9d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
ccc8806575ce12cdcb03e541ddff4b56

SHA1
9db82e966119677ee057e4b6b6d6ed3fea2b6a54

SHA256
2cfd658ecd255b73f8ac3c3eb1f2229add9d5781db11ab696fa689a017ede7b0

SHA512
609274bafbe6e009f4a5425887b73f093c86c72f77dfd72e81f93a11be8f114b02e3bcf4541f08af2c747167f48a731d43eecb29c6d83bf1182115449d7f6567

Download Submit
C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe

Filesize
1014KB

MD5
906a0dabca9a3ffa76ab6010173ea557

SHA1
4c4d365ab6174bab1555fd0fa7a7631175d6eaa0

SHA256
e58498e5d8559ca5f3fa91f5506c2cfd98c5d14e9a120edd5eb686c5cdd2fd4e

SHA512
1d57d97b83b65cc60d2d5e9b86345b871e1793d7215cfc939bf3de8f1d9443ff91c86ac5de54763edbcb374f84479ef63ad09205f233339f86c83615103ad44c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727658720680492.txt.EnCiPhErEd

Filesize
77KB

MD5
30c7b90ccb112b8c5e0bb0d068b00d16

SHA1
d6d75d6980081cabb82e50c75a27bc969ad028e1

SHA256
9cfbce93e8f55bd9eef9a411a418d4c43983f81e1fa78b2167ddcfa5513fd2bc

SHA512
6f60151c0068c387c00e424a3d2ef652824e258366d636da6da8278700010b2f617f67f0349eb933049e9cf458e695a9858369f3a5880d88533f962b16fbce58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727659161166784.txt

Filesize
47KB

MD5
ee2ea508ec2e11fc438de977a7dbd413

SHA1
85d9e21d4657bc85cf21817e1f61d022821165bd

SHA256
b34d308e1c1c45e7aebd6e7d04e950c5773d9bd82abcee42086f919327bd2027

SHA512
f1e648492b9006130d5876b507fa21b87bff4fd743a036fd85816734dd12bbad831cc8b82909d35631979ea99c8bd1787f748b623a7ae25846600ced28234818

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665191668352.txt

Filesize
63KB

MD5
368df181f2c9c8cdcc9006e1f7729b38

SHA1
3227a105e114bb444cfbd086d0b688f12dad09b6

SHA256
c374afb75f47705663258f6a33d6470b586a71c87ff35633dce27c574c86ee11

SHA512
99084c525d7de2f2f73681b1deff8fe8563d000fafca73d1266c54f1e7127da5a4856ece635d090cfc44c394d4ed3d4ff5d3cf768572afd767f09ce0e3c7bf77

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667861810871.txt

Filesize
74KB

MD5
0c9869bc8d6ef6dd08932e5ad5e9eb5f

SHA1
f6a94e88b8da55230643383ce07c84cbe50cdd56

SHA256
87705630f4420c6d8a0e2d72e9795b6a88119447df4a299479e30f25841066f5

SHA512
040f514bd487ac4017b0a7b42ae369389cb4a928e6ddc17fc5753d0aae9a5206d95764618e7c6dddaccc6f7488aa8df486b4cdcec27a7fc3b5a4631927e84b6c

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
31c79e14044cf8c57e07d621e6d7f4a9

SHA1
089bca200b81fc914e160123209c81f79aa50614

SHA256
d4a85c854f61211ea1d19d64a9d3114b6c883c889ca58f9c9ff48d47cf9625ed

SHA512
2b2bf039c36054b24639b1d67a66474498cd332bc40a9477979bf55d41717e50cd833cc1302acdcefac8bdff2bba92f4f560df06f9ac957da7cc0235d8864d54

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
c025159d1cfa66bd0f263645310d1c40

SHA1
65812dd7d16e8b3580d9c9cbcb136a4d532fae1f

SHA256
1113235ccff58baf0ffeb80113747549cc6216ccf77ede66e268fdd9b8f6059c

SHA512
4d660b55158736649132e67eb5a327d86e694758fd76250026881506656ea1fc3e7659c014d72d4d4ad604410bca097c0bfaeb0cc5f5ecba4beb84b983546d72

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a59a6116b7e474b75e61178c7fa4d78c

SHA1
8e94b29be68a0dfbb0a2fddc519f2ffe6025a7de

SHA256
41590e4538b9e991c880a3345fb257ef7358a9428b8bbc66f468405b99c69620

SHA512
1e527ffc6c3b084640b3d37e69afac3061ed6a024cdf17a508d2f4a346b61b27e69ff8f5bac9ed72b297a8a7a92231a9c1627673439d46011770d530d56016ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4a25326f91aeb76a96414e533b7b2254

SHA1
ce040bb3f8f1cb07fd84fc7446bc3580cff99b69

SHA256
f0a2a5dcf80529b07ff1ed28e85f90fdf00dc3688fe43671dea0d80e9949a0af

SHA512
a55cdf79ff62fc6f0366aadb5ac00f39628181227ebf9b7f8082762bcc4bb4047f3c6907db19df38d8afddb748e63f6fc8ad8c202ef664caeefc1abd5fa4673e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e74e7718f15a99676157a315982b56e1

SHA1
f475cd45e6fb904856451d15108bcf78cabd1ca8

SHA256
4eced391273df13a0a0edb50c3838204ff7b7d15fc78c6f106e60026c9d3effc

SHA512
c56b1254105421af9576eacf311a32fd9619ed821ac335b8950796a695da97804f437772268fa0e87cced0a27eac1665a4739da17e1f8180c60b3b44a0f8d0e7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
60729829e97f2d6d2b65a924c525d146

SHA1
6ba98106b4ed9c5082995dc2e74d52612f670a30

SHA256
25fca30ab4dce66135e9e39b4230c8707a881779579d2ec7d286e4c4c5bf2b80

SHA512
1051ed12354282137af1dcf9c711b5a005003b36fd5290dd57a27dcaa68009a987134873d8ec4e260e2d211346ba582eb69ea4098467508783409e368a20e436

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
91296dcf8aeab10a563b2d26e98e2ec8

SHA1
88d4663cc67c6beea84708240e902c69370e3a7c

SHA256
f3da7e7103a62f4ca717c23583c01531cba9da6921bed634d247f26932a9c963

SHA512
4b324aa779f90c0fa1229cb14950c9e2896ce4ffbaa701e96a2effe6d5feee852bc9c30f244368eb1bb6e83cca5ea5ae34df122ce4449f2b9e734d0883b7bfdd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
72046d9ce2b319185af8e439624582f6

SHA1
46fbb2926f66469ae85f39082fb46dc868dbedfb

SHA256
fb5859c33f7084e9209e94206f2a1354c4c466e56b9c8bdca668229b2fc713dd

SHA512
17724e6706666ff62dbe233e05b299e52e96ee83685934702204a80c582df11fd18857adb2621f6933104c791450348d358b77150ce739cdd3010f0a4017585d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
39115c4684e104955e2e3d9ed885be5c

SHA1
1d4bd85d48df944581a3c7256698aed2ed4c67ad

SHA256
b553e63669ceea59fbbdb1256c124f529284b1134ea968429d6949592f61fb96

SHA512
2ce9db8665cd2de12af175bd348ab59fd2c84ae89fa692f2d18f1136a536634e92df1829a1a44b22d1088745fa80236a81c55a00e8074011cee96d6f5f25d4ca

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
c6362c12dc03de73a5e7831207ef2a75

SHA1
40f031f521979a778b5bae0806b9b92398fbf12a

SHA256
95131a02d47d9b29c209486729ca3cfcccf55de8fb0709f4b63f3a6ff42e9668

SHA512
7b6ed8767f3377941165ed08e92f7e447420581c847c6c2d39f2a8efaa6f8914feb972d3cc0d477c20877cfcc5d95b353861fb909f36631e5d8fb31788893955

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
48b4013d03cbbe31513ade194586a957

SHA1
2bf75507237532e7f55d1b18329790d582cb4e57

SHA256
20b15ff2a213d1593fd1dfb363a016f7e5ca3ccf64b376c2591f101fe7a6ae9e

SHA512
db2971d26ca6be8865ffad0389fdf3d2ba9448f5a7d6f966f8e51b2fba6bf39107365a5700200d33c1b093d9b5e34fd3ff3848ce8b5e24f9de12529fb9a4a10d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
c7b73603d36ddbcdfb53229659e2d26a

SHA1
5e35bd21b5b2a610c9d60b5888b3c9f100ca5e6a

SHA256
2b98c05f610a373ddeceb6d687da742aec2a76e8392c3ec86462df47b8395eaf

SHA512
36dcf09cb6674a028e5bcb9d73f460fbd9dd613030ed74694d81a6d9ef19f8c0d8ba11829b7555283bb6a27bfb1c01cb3d1ae596c0ba965eacbb020f56a281da

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
724ecd5a2b40a8d03504b9169ca55376

SHA1
064ce2b5e85080d9ef69ef2259d2f4116571e7cc

SHA256
4d9fa55ec08b59d844d26c9f68278d84b16f3c0d907ac65fcb845ea41bdd7809

SHA512
a51cda05158067c8daee54663227a22a3e67b7a7c1593592bc49a5b065b25720eab933fa7dd9729affdd5656d030cfe14880a99cec551c734a636392a28e64f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
ba1e382de783b1ed6fefd49fac0ccbb2

SHA1
f6b3d671ef49b8972f1a01cfa449a5ad0d4c3393

SHA256
5457db32e748aa2aebb901a2a9433babe3a365732b2a581fee8c364e4e5ac5f2

SHA512
472b8900e9b70523f894c09c95cad3ba8b68abaaeb166cdc54dfc3292620684e716b34da214ba8d5870f02946db34689b2fd415f4c5ee97f905d64c720a3b298

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
05f3baf319c5096c1864562fa0c8daa9

SHA1
25b7429faee2da9c00fc7607527539eddf79eb0f

SHA256
fb289108d5032a8c3ca7e08d6d137a8496c0f336ba642ab22b7a83899676d1ec

SHA512
312c38dbd6be1194048362699c31a3f88e09013d927ffad899f6162851da28184120e861669dba14cd83b5359ab0ef9c25b96e196ddde224f5df5e6a15ba548c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c2d5e96be90d8a85cd4c9a6995cc4a45

SHA1
2f6c59fc5c968a6b6b4250c4acaa76938ca52273

SHA256
87ec132f67ac61a59ddbf7aa6e4da52a6f79d23b34957ebcf08905a74ae8d801

SHA512
11cad8e9f3692c1f596fa9aa799a834a203f3d46c5205bcbaec84b929026599ee14ff86a4dab857933b2030a7c1ebf151f460a0d4ab0752171749f17d71fdb0e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
d2e13bbe4583242f4f96784094c49078

SHA1
b5f90588b2ff93fbe0130be85543a52f6b36574c

SHA256
7fd6dcb2a57077153feb1fc2d177787885f14ac2d16aad9404582e189bd4156a

SHA512
f6a7829e471e6df8d62b04eb7e0602eda52fe0c77062c5497a37e35293f91c13a5f7eeffbdfffe7c1d2e6f37a88d3f7bb0f14497602ea6498a3740477f5bd65e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
43b84a61e9ab844b536ad9eb94abf290

SHA1
f2876d609f58415bec216c04621d0834ae6044c8

SHA256
8dbdd4d92c10dad7d06201d31c2939378b5624f8f7f25af1c6e1e8702b668348

SHA512
67c41b8f6df85b1af6f5d2301b009ccb2080fe802c4d1d7c4b0e0dcb280c29b1b588479bc2a0f7098c33f46c80a6ac80f08758927bd998bac281343cc43c0b66

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
cd43f10f293437ed98b69feed71d30ef

SHA1
16c84001f49586daab1eb7042bf2c74755c77183

SHA256
9c41c70255e2eb65dd4f0f1d7452da3b621b856bd49aa56f6fe0b0a4ea80fe91

SHA512
fef0c266717c493c5132e97976d276b3b101000cc0e1a241045e833c5db1ae99fe4b03c3336873d28e18d378efe3c047c27b0d8ddbb9b536bf9725be4343d1e7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
0bb6bc70fefb5d6ef27e28664b39b1dd

SHA1
511f31e41e564f6220b8a332654010bc96c4d5eb

SHA256
d244035662ba0c12d001fbf619bdf30ec4569c264b99e9804e02339942a13ebf

SHA512
25362f4a6a0fd36aaaa4e779c8fee68b2c114c96e593f2cf2657531de39362d63730c43678582be05cf3d41b0e6901fe6bb23fce52735f66655f0b1c84ce02df

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e778d0c3b4fd9cf47a4225c6c227d47b

SHA1
0a7cb019b89a7b7fba8a916db72109c168787f06

SHA256
94729bed55f38dd182dd63cc8f13443e817c75bb9577db291b81a657cd69b218

SHA512
eeb9d6de4a863a8aed83e7fa02bfca0afa3b3047c29c00e4a5c5ebd07dd1cb2fb55a0357299a0ac115e0ee5bd755cbc5d437cac27984cfed96d1527efcb9318c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
65548af2a668a998d3df81f7d28ed7cc

SHA1
63f2a24da5f5a4dd1a52bf8ebe37c3db131a024d

SHA256
ec7e9ed2df92373af78bbd049e1b4c22c2ed6dd17c8008d9987f3af00fd4091a

SHA512
48de467bdbd889ebbdf43a63051a9d98bcc9ba2642abf52fe5f2a33008c2d42c1fd68315f770ab91983239457eebcf92f4e5344235a162faa8397ea7b3e21f9d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
2408eb55a2656ce103791eefaac9856a

SHA1
95b57992c3b2e8f5445875be01b6b7f65f30dde0

SHA256
6b685d8d8b7a044c2112d728555e1e562ec31433316f2b0ef6a6406db9b4ac30

SHA512
a6e00b4c162663b46f85b3d1ef0eb768fbaa0a6f534129f19a87edd2e2a1ba5f8927d4ae0d181b909b3b6a435ccc8a2623cfe44f6a8885ac9555156aa8739ca6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
cd0dc9376ac861adceb6fa8e85c85cf9

SHA1
7a736a0e6f964c1d9ea7c372a13b39d7dc2dc218

SHA256
1e836cf665360b33ca3eb8ed94b2fc166193292ab279d32082dafeaa143bd7bc

SHA512
099b4538d2a5f8470e955be25778525f144e4090ef70d8c77a95935b07d4c2c5eae412b2d4a077d4682a157d447899009177943bde109df29925fe0182c972bc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
bfe8b380e241e096e862501be63d6106

SHA1
92ed2e8e3e7cdf80c1754c66d968a81bd15c95f6

SHA256
8f3cc4371987aaeca9cd5993336081b7da8b1a3806b267e8f266b060e1179b09

SHA512
7e43881d2ef52d4086732ddde2ffc6f4a4c9170a179442773b443c796eb016ef24dd1abdf6f61b769ec8f5ad05313535dbe3239ae7f499333a20b160111287de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
6eb17b71fbdd1a6339f9b13390211ce3

SHA1
52e1df07864151f4e4623dd32fde3e0ee059b267

SHA256
7816b0c433b7991fb71ef2c5a7553604ae685be0b380fada5d156c8b614d4c66

SHA512
2155043d3fb72d88767d0881fbd70d5b0df57990bfb052aa7714c1d9d8c929baa8fb5891084585e4b9cf61296051d809bdaa6b119e6b58f720b160853a6d1ec8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
a23ed7746cdf553fb4b65364becfaa83

SHA1
c9d1d2f1b7f2604bf5253ca7267c5245cdf25003

SHA256
047ef84899c4e16e946585fe0a51feb0942618a810b284a0540ef4d067f60f60

SHA512
c0da2e52ec699fb0616b3afeedaf5d4a5744100fde459e706a7b476d28c516f4a1e449c3d5523148c04462024c2d5dc9edc8faa51c16e2e17b125a336ac0b7b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
fb45e34fcc8a86244d84eef790ba3d80

SHA1
bb1cf8c76d5677bb02db704853eef08ea7fb13f3

SHA256
08d3922153cc922b927f2e36197de45c6003f7292ef2446069d771258b920922

SHA512
eee70f81aae813f1b28fcf4b48d3acd29793bc00c7be51feb77e57d39eda59ba74c80d29fcfaaecf843d25a0af27ce51fc4ca5e3d62d0bfb3e107d5a2984db51

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
06366fbbcd34563f0fd172831bf0f15d

SHA1
cbdfc4fe172519f96edce0f9afb95484b19d0c50

SHA256
1a89be309b90492111afe6a999aec1e2a3eaa805746b7fe0145ae758e323bc8d

SHA512
67f55f7b2f173be988f5ebaeca2afa37eeb7c1893bd4d72246485060615d9ddd5acc66f767c3c78ac97e7d7cb79df05974a5b1332b12843364c614f0927cef73

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
a912596645ff5d3f213519f7fa5e4fcc

SHA1
bf9af662065f348a8bcfbe2cce81f414c4d060b0

SHA256
ebc763fca84f0ba0653b34214f3d2b298c15e3eb5170690fa1b15753a6d21575

SHA512
cda28a8fb5526991c0f476de3c5e1170106294dc9af11bb092860946ff56f89642a6710e05f224f97ec7a6113e4921dc04c504d5a711d86b021eb9af6051762d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
99fd2af4a5a30a6c76ef07d42cee4281

SHA1
a1d129285d467f337f6e12bfe678afdddace6272

SHA256
57021ef9482d205e996a40210384fe6fb02846dd70c80ed23374fe6d512dacec

SHA512
b88a5218ee8e513ec45638a29992dee30237cc9a5827363dc68e1fdbeac3e2c4524ed83e60f30b0e1d52439b8fb318998936c7e9b9ca49b53035a7ad0267bbb8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
af2c3525b2ad89ecd5d6d25372f4d258

SHA1
096705c5ed8362fa140cb6a0d8f8b064b03944cc

SHA256
3f831a7298f0dd96a5ae27a5b78f36ca4a16a085dd681d89a51b4e60cf6d5af3

SHA512
e2cfb781b91b05af642b00093bd73247de7d2cfdb5d3c8a2f67756ef65f3ee5019a5be859f12d63fdc425bc44cb07266dfe3aa789571c508235e2ce31e2d4e67

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
5c04b5c84e0691419cd14e3d3c8baad4

SHA1
5a59985b68b2db63cf60f9156db3b7c8ab2f50fa

SHA256
9ea41329fa15230741b207e51feae7346ec28fcae035241f294ae8906f75471f

SHA512
0949564e132d7fa5c8d953ee3a6cd4f9441e57b1446aab57f029c20ec6a604746f27698d1ddfdf9b0a45bbd34d026590a4b167a7cb91448d21ba328c5b2ebe10

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
97f13559a055283a5d9560b1618b6b4e

SHA1
be0c721971eb3a41560980738339049da8fe78b2

SHA256
fcd938e3f46098dd022d387b3d50f4c8817d854efa895e334dc1a275642920ca

SHA512
13fcb7b4d94e055a1f5169354200d4d18ba9868d24055e96b8779af6d1ad8626d29ab8e23de24fa2c909baed469e003e059dfb1ef531c521637201b6fc2b0d0d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
c0c29e03d50c31cb4e24796f4f97444c

SHA1
34520da6b7fa3cc4c22ac14e910097ef68ef1c96

SHA256
49ac18639d1847d17c78259814bc094b5d383a0fe29afff4fc390aa822ea5d70

SHA512
b55efa68dd3f49c4bae1066f829b0269d9280987abd7d36f5e8c786154638c4e08dc24f9ea8fa312e2a98df10e04f4ab29472f19127dd8be547f5a1dccb8c1b6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
ede654e04db4795f8526165bfe51bb2c

SHA1
758ac020fe0adca6bb75be9195a784664e0e239d

SHA256
1b9f55621bbfe9d8b4f5aaa93ca1db2a9c4307b9a40d05df364dec7efc615f79

SHA512
2cf57a9d06b3b845f8adaa22a13ace65fb910af1648a0753b08fcd347639694be41c48447113d97c3f12ec616317dd0696cf7cab8d2af6a669a146876afc1b5d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
64217f42afef7385bb9e3f087714ac15

SHA1
adcf5821886dd4cecfcdb963e1ecab733fdd6f29

SHA256
ffd65bf19c2d4db65aef4c16e425f10aba75e17f40720c54010cae2e004bccad

SHA512
c624e17c4293b6d18e466876966236e2b8b99f9b24d942204af9be5ec2ec6a10f6268bec30c5c88185b33a1c638c2bb6d456b4b969bc7388973c3ab9c5de28ac

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
b274b59f28e15a89904e5bee654e4f29

SHA1
c714d0df14bb41ff5079a0881d2fd0b52c0aec30

SHA256
329b54e5418f818dadcea419a32a246ab3f2c83bdb80a55497dd76d68983fa31

SHA512
2b24f2534846dbc972982208ab9295653302a44e3105424c3dbed1afe1489d97274181d71cbbe30db7b6bf8b1058fbb1be4938cd6cc8e4fa4a906d6702e0157a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
0986355530b94f8ad6bc74b64997b98d

SHA1
455602555fc92169a61ff1ff39b427101efcca79

SHA256
2f028e48e93f0c917163ffdd1c8069c3d838f5d4761e6494fe01c30c0319f372

SHA512
8120c2374e589010c84dd9a5e6fb080113e08a3b17fb480286143ed51b3a018c6889fa10ab26a59919688e882cced5f5a5d4e5990a48b58043f43ad9cb52f0e7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
176ddab956a31d8ea3883558183ce29b

SHA1
f6bfa2708aa5d569ce9a7a50fd4c5af2264e5e40

SHA256
b515693531ba710b793ea707182e809f87e046c90e26db48e9617473bb29467d

SHA512
a178951664d58dc5994cb4143ed750fc6e2a218fc29378f9f8aad603fc0475dcac4aee41ab15a06a0e775b904b7e8d6b59049e16696d2c348dc23f20a0daacb5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
90b1d7f5676e814907f8b9b89907584b

SHA1
ce1d04742e6d96f84f423e2a6fad79287f00bd5a

SHA256
668500d71158db65a247affe239e8396d3e3adaf6abd2a52b48e7cc8d6260e8a

SHA512
a7bfafae299040fbd938a1460b6284c4262ec2daf0b281ba64403b6064a4dbbed62befb55b0b94c040d8e0d2680a95c112121ed297687b66c7b8add62f92ca23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
42787149998384acbe2f4efe37dfe79c

SHA1
6c48c4db06ceb761b6009586010780ec882b2a50

SHA256
bacde24c03b402dbaf08fdbaef495293010dea3aea9144711d4c7668b43a0c89

SHA512
9e5962c799d2a69c17c1e2f93993788191ed65cfd7ecee407000c4f2e4ccb0e2075a5ea00a409d73f3f9f9065b54eae97788967229415ffac0a5692901ac1144

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
84dbb346dbf9c144fb2b74db00ddaf71

SHA1
b30c505090bc7ce4df607a9759e944d4cf316fec

SHA256
b64e1a564b54f371c6e59b32b72f74c758c6bb2381bf8dac3e7b28c61f35c9c8

SHA512
604a39c6421acf0137560d40bd5dd3d3ae0c989fdfc9cf9d246e507a37c642c03c8fa49d781bc910c41c7bae64da732b7006eccf5cdf8bcf37719b7900cacc3d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
5c8191e8293566ac276dd76931aeaf9b

SHA1
a454e9309c44b8899bb4b2b81fdaaef10ad254af

SHA256
034eb6a4cee79f8bbdc4a7d6ee4cbb975f1319ac455952bc1de58f328911f555

SHA512
cc640d9680588741eb9ae24f24bbf412a76550a8e525a7e8851f20ba52e25b212d594ec515461d50c4d33e898821fa5777abd47b5393a81185282c97854a4274

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
23dfe0e1e7cf4d07f1b3ee2bd0e18b61

SHA1
21364b907b505a6ed4f1031c11c6d4e337046949

SHA256
83f6a1c8f4ecfa018f2d0ab616fe7c60514ebb9ad4a41a5d86a6f926ac88abf5

SHA512
dc4bdc3c35b695ec6790b7e8a8921cebd2d772e91dac4a03bc084ab3f0fd138ea8436e7a74d16e2830d6ed1728fc0cdf1f981ba2f74e8d47a15366d06ec5de02

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ae37fded1261d93154d896edf9a30530

SHA1
6e310afa45c1c142a205f20864ef2dd738f83217

SHA256
3e820dd80fb823b3f7e9241e40f00ace3354ead568ef826667710492ff120938

SHA512
98879ae0d7d81b352747bfc733667e58911265e318de702f3599293052c6f094de7122c76b7a99333adba0392580123ef4edcb2948ea67b0aa4b4b561ed516ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
85954bd28cc2ed74d43e383375faae1d

SHA1
775fa8297ffb2cd47c1a9aebfcfaac430e96149b

SHA256
d4d3563d0f6f8573b517dc9ffde4baa972cb91aa1acd78dfffbd86b61fa279e4

SHA512
e2114e41c9766a77a6b62404eb43496d25c6d62fcc6b07b23864c5ba8a0c71a07e0f04ea89c758ebd59dd0819c324f422db270047c135a1cff3831884e1480bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
a627033b1807eaa4dc2f9dc026b53b45

SHA1
5a9d6b9a0a9af0cfecec7557f4c6326821b02218

SHA256
4be9fbeac1acf0315c72cc015321b7a6aa16df852120ee6034cc07e51bf3b33a

SHA512
3e09172e1e52c7ca5898d96659774168838be1ff444a62aa4cde30c6786565de8297c9c926921a7db5c000433bd3010173ec9f9d9eb3aef18db9eef12b3ffc2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
89c709e4294da4fd2e6fbc61da7e30b0

SHA1
2e5fc7aa4a847442ab99067a753257201f675071

SHA256
6d94909fcbefc6baecdb2a0e5378e5ba68460891bac90bfeea3e2ed8b18a7de0

SHA512
570c5daadaf650eab5ff9849857c810c19e1a05023293324854d8a1c16d23b41e11e46475989ae22a6ba1f08f7c0a2790ede1c4f54bceafc749a854f59f495da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
cf23c99fd18283b38a46d366918fc86c

SHA1
2c355372c73e1e0e27e5c63fcb772c603b6c9641

SHA256
a7f7c223b9d08e8552691e14c83ca0b48c97f9d0bfefa47f33c5d205ac7584f8

SHA512
b24e1e9f129b89c4a6e7f2ef745d6c7303662f9fa2175f7fb1b7f4aa065a35ac08c4c3719b03ac0e384b521b4fc8824cd6f333966c3156148adaf435f2d51bd0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
2e86df222ed0fc307d5918b617075357

SHA1
f0267f6664622ae1b1e264aa18e7654862c60bf4

SHA256
bd51d0aec097f06b2061997a35b29069d0ba072236d3d3a332a5d7b65188b6b5

SHA512
72839325af8f3e2001666f640fa327d56fca223736c1abdb8226f12eaae02e9475afec4b0c1f1bf425668ecd344a8da92af28dd9467c9e362539dff275a0b443

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
b2af3b21a3ccf66ec308df04fbadcf34

SHA1
53afedfb6952c3ebc5c32fce7a89683939c07f9e

SHA256
838e797dc5514aa0f596fb3a791c76e901fe96902e0711050dea03e02041b0c1

SHA512
5f1cfd862171ca1cc690973cc7424df754c1bdd6aa82fb47cc0be71b0e4601118a66308b2f7b32c129f70db0c45ea06ef1b07f44cd0f4d53a5dd9f1ad84d9395

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
4e7dda6a0308c69f9fb2cb2eeab858b0

SHA1
32daac43890fb3b069be8ad6d6bc1f73fed6011a

SHA256
8e86057a2dced1942525c3fc0815f9ab9393f875ac93929015ea32bc479a4515

SHA512
5fb6c5d609e7550e4d0041f5e5ab0bc96103fc02a9a65f1dec94f194bacd457884792f2d08a5d6c8ed6c3edc9bf003a45506c0e119809b4bae49dbc447e28b0b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
4116cfc98b62cda39115d4e09cd45c1e

SHA1
7921469749734f9a0dabb638eebae7252b2966f6

SHA256
79814379bba6d6d2e5b447a367af73262033d36fe853c263da8d41ecb514918a

SHA512
b433f31f72c028afb79826325947d22103236b26872b4dc82c3760c2029864567dd92c29e11b61e51ced62d0aadca76b8729b54a4fd235a105296e38234341cb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
2ef8ed8954b414f91290e0d379b02d80

SHA1
7813631ee6ba718b015ed34954e51ba63d54065a

SHA256
0acf9d5193fcc032f9bfae2ff3405c53ebd2566ee744d05a3aa1f053d45ea51f

SHA512
435d2ea9c101f2a404c87c53a10a3994b2895b2f74c2de193862f785c2735f071e528d6a2b97184ba72ce84ea12457e9a959db5073393aace273c1f875b7ab4b

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
e56e04d8cfc6e5da393164b02cabdeee

SHA1
2b5b18dd211e8dff7cb283046c18c229db01cba0

SHA256
2ac84a2df613d875c3db3f186b3300ca1eeda2c1d1387f43786b27563e06be52

SHA512
38decfb8e703039324feca24054ca2a8625028d1b59fbc0a4ce8fc7cc2864f39f09120c2d592099f76e0f8a1dc5ae19a3abf3e6c2499a7623df26f3bbd8a0fc2

Download Submit
memory/3452-4947-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3452-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3452-12214-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads