xorist | 0e37bed0e9e55676ac240e7af67921175505f24cb2b56f13cb6dfd82c1d868b4

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Size

7KB
MD5

fca2d02c8af8a1084513c1b0f7078700
SHA1

0fe92bb1476edf9c64b725711ecf9d6c6cb086c4
SHA256

0e37bed0e9e55676ac240e7af67921175505f24cb2b56f13cb6dfd82c1d868b4
SHA512

7106f795430cb92c55d00d0aebd600319c31b29730e061307d67594de661cdea950f5daad0187b21d20197e8c15454ccc22d847bd1334a473d78d2b297e1da92
SSDEEP

96:liZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExriyFqzyfs/+GeZUeGMB:Uzdrr1FG1WDCgmjPZRYOE/5eRGMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/4444-6417-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-6415-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-10509-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-10902-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-11231-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-11232-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4444-11237-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe"	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_scsiadapter.inf_amd64_efffb8c026d3abc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic_timesync.inf_amd64_aa4bfe1897922114\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_d2736f1d9bc815e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scmbus.inf_amd64_c78fd781987c1675\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbthle.inf_amd64_bfb3ee8e5a97c3be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmairte.inf_amd64_a99a7ecb03853141\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\CimCmdlets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmosi.inf_amd64_fce30a36dbc4596c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsUpdate\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_camera.inf_amd64_7b52a9607d24ece6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_modem.inf_amd64_8cddb75e34142905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxel.inf_amd64_1edcf626fd489056\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdkj2.inf_amd64_46dd0342577f43cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\default.help.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbcciddriver.inf_amd64_400a61104320a399\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fshsm.inf_amd64_48c6ccb73844d3bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidi2c.inf_amd64_aad0f43cb9f97e75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis5t.inf_amd64_c6e181de81a59b54\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_bcfa5f586783921d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmfn2.inf_amd64_5ebadf201c5b5845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iagpio.inf_amd64_07b64df61e783bfe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4444-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-6417-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-6415-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-10509-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-10902-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-11231-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-11232-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4444-11237-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageLargeTile.scale-100.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_smallest.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockMedTile.contrast-black_scale-200.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-72_altform-unplated.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupLargeTile.scale-100.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_altform-unplated_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\[email protected]	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ar\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\29.jpg	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-64_altform-unplated_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-16_altform-unplated_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupMedTile.scale-400.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-200.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\vscroll-thumb.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-400.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-30.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSmallTile.contrast-black_scale-100.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-100.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-24_altform-unplated_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-36_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\AttachmentPlaceholder-Light.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-72_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_100_eeeeee_1x100.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-lightunplated.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\Images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-200_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-16.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SmallTile.scale-100_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-125.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-400.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-256.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-16_altform-unplated.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_distributed.gif	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-200_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-125.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\LayersControl\ThumbAerial.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlMiddleCircleHover.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-onecoreuap-raschap_31bf3856ad364e35_10.0.19041.1_none_7b3688d0ecb5a942\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winrsplugins.resources_31bf3856ad364e35_10.0.19041.1_es-es_6f5abe875fe9e45a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-bcp47languages_31bf3856ad364e35_10.0.19041.1266_none_1984cb98c065cb99\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-a..rface-ldap-provider_31bf3856ad364e35_10.0.19041.1081_none_9b600c8ee4691d4e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ime-korean-tools_31bf3856ad364e35_10.0.19041.1_none_c441290c517bec2a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5d5cb1681e94f0f1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nslookup.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5e9345edd18cb667\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-grpconv.resources_31bf3856ad364e35_10.0.19041.1_es-es_a3187f64ecf16014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tpm-coreprovisioning_31bf3856ad364e35_10.0.19041.84_none_2f07bfb2a46a8594\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..rsist-rll.resources_31bf3856ad364e35_10.0.19041.1_es-es_1c0e31166986b4a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-networking-hostname_31bf3856ad364e35_10.0.19041.746_none_cfe6c8f530a665ae\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Wide310x150Logo.contrast-black_scale-200.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..quota-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_243bef71ac3b39e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hidspi_km.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6a061045b6e0b13f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1202_none_8f7e37524c3e1a13\TileSmall.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\Media\Windows Battery Critical.wav	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-cdosys.resources_31bf3856ad364e35_10.0.19041.1_en-us_ba1d3ceba8f01e49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..c-results.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_35083939143b1ccf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.windowsau..nprotocols.commands_31bf3856ad364e35_10.0.19041.84_none_a2b3c63b6e011244\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_e4de0ae6c4380f7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..andlers-useraccount_31bf3856ad364e35_10.0.19041.746_none_22dcd6389a056bb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-30_altform-unplated_contrast-black.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-photo-image-codec_31bf3856ad364e35_10.0.19041.867_none_7d1e5b59a49d699e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-5.htm	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-miracast-receiver-api_31bf3856ad364e35_10.0.19041.746_none_e69b9d57778c9a12\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-resourcemanager-client_31bf3856ad364e35_10.0.19041.746_none_52757f882a9ca688\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.xaml.hosting.resources_31bf3856ad364e35_4.0.15805.0_de-de_29e92bad9c47a5fc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ers-storage-library_31bf3856ad364e35_10.0.19041.1_none_8d596e9983ef9e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-host-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_07dc2f32ba97dfa5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.data.enti..ild.tasks.resources_b03f5f7f11d50a3a_4.0.15805.0_it-it_7bd8d04fed7b4f82\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-advpack.resources_31bf3856ad364e35_11.0.19041.1_fr-fr_cde1d2b63a2e0a69\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-devices-wifidirect_31bf3856ad364e35_10.0.19041.746_none_7f74465c5404002e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-containerdiagnosticstool_31bf3856ad364e35_10.0.19041.1_none_3d521dedd6c76700\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.84_none_a689f818199cbaf8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.746_none_2b9acc2d69574796\RequestedDownloadsCloudIcon.scale-200.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sysinfo_31bf3856ad364e35_10.0.19041.1_none_a545be9e97ec5400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_10.0.19041.1_de-de_1debcb9341bf079d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\headerclose.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\SoftwareDistribution\SLS\8B24B027-1DEE-BABB-9A95-3517DFB9C552\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-branding-engine_31bf3856ad364e35_10.0.19041.1_none_9f5ae62104c19365\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\Square71x71Logo.contrast-white_scale-400.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..nts-netsh.resources_31bf3856ad364e35_10.0.19041.1_de-de_578f73edac9edc09\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mshdc.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_b10e350e76ef7c7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-gaming-xbox..age-winrt-component_31bf3856ad364e35_10.0.19041.746_none_1b0ae3080b6962fa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\DiagTrack\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ionengine.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a47c03ff81f89dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.1_none_b1e502c19c2a358b\SplashScreen.scale-150.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\i_chartzoom_in.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_10.0.19041.964_none_d1ce1ea46e50a943\n\MicrosoftFamily.scale-125_contrast-white.png	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediapolicy_31bf3856ad364e35_10.0.19041.746_none_20fd7dc0637d60d3\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..orkhelper.resources_31bf3856ad364e35_10.0.19041.1_en-us_f5c6b6b460718fba\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft.visualbas..activities.compiler_b03f5f7f11d50a3a_4.0.15805.0_none_d62f2cf9c7a5154f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security.Resources\v4.0_3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dskquota_31bf3856ad364e35_10.0.19041.1_none_34047f8253bab333\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-sxs.resources_31bf3856ad364e35_10.0.19041.1_de-de_a2b2c9fe7df04d15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fshsm.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_898f6c63b2897458\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-browseui_31bf3856ad364e35_10.0.19041.1_none_f1289988ba141592\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..lient-wmi.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d5554ba26393e7e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_state_exe_b03f5f7f11d50a3a_10.0.19041.1_none_fa5853083f6020df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_e8440c09eef3f557\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tapi3.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a29e2e25fc1712b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-system.drawing_b03f5f7f11d50a3a_10.0.19041.1_none_f1836c99c2fd2732\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "KQTFNKNDNDOSNQU"	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\ = "CRYPTED!"	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe,0"	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KQTFNKNDNDOSNQU\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9PI2vy374Yx6j6S.exe"	fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fca2d02c8af8a1084513c1b0f7078700_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4e067b7a59da1c162e91c5f8a8317a3e

SHA1
f7a47bce304792620e2c153cf306bc3218f01bd2

SHA256
fec66876f23da78eef8501fff66beff2a2158c4dbf702ff3ff1e4e110d73ca66

SHA512
743677d982aac291a5798edceccef8b16e6ca44269597c2686743c9d1eade4ec9b78ea50651fb2fdaa90469d40eab8abe6add549474c486cce61617ef9f0e192

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
7376eaa875a962de0d6ed939ba93e371

SHA1
b963fe98785f65493db0f1ad73dceb6decb14ce9

SHA256
7bb3e05fcc2e326c74d9d8d6b84e0d795366b0d7ac0c361bbc21d0f183b0958a

SHA512
5f645cde7c16efda09cbaf71efe05467a87e1064e373e0f888362857909968ed6784e10b3715d06f90ce4fc1f6b1ff19f986e165f36f91fc19a389bf82d65170

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
c8dfc96f9cf38ceba8edaf6e48d9cb46

SHA1
24efdc9e48e5ac8df6830cae55031288701ab852

SHA256
70cd029af5c606678c5f3e371fce3d9a8e8e4d6355fb6bb5cdf4637af22d73b6

SHA512
005620e50e250637ca8cd9f79076fe784fb331586ee1f6de9b7d6bbf95b03bd38bd621ecebe4c3efa098b79b8de8de8fa00c0c98442388d2d0d26d1913ce185f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
ffa4eb64f14fab27f5fa43e77938c0e1

SHA1
2c6c0d24efed3219948efbe39499a571463c2a94

SHA256
5af10aaffea787058491aa05b2814b921235899884f10f5048cb1ea4d5c222ce

SHA512
697759c651a4c1f629cc47057645b9ddc5becf92d810e32ba1a562ff9afea0beb5b235b8392e294e46b8c026eeb1b56e9dae7315fd9b14b89ef644474ffceae5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
5e1786b6742f29aa63bcfb05b0663ec5

SHA1
404df5278d6302cf413b8d3e5804271ed41a8d7e

SHA256
4fa065f8b04c54c5432a9e43f6793608dbef685db052ab7ba7d88aa9a56b447f

SHA512
f79474476ade697e73be9cfeae550ccdb28afc2c6c3e7e2a6f4da6f393343d734f6473c3d2dfb2ed0068fb246fdbf3e5653bd511ee234349a9f8258280f78ff2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
96f05581345ceeab785415039e0e5148

SHA1
1002653e8b5ef18bc2481699566cfb47ea2ada0d

SHA256
2e358a27603093280299194eb2d1e81c7cd46b84960c05c4fbe16095c6af811d

SHA512
231ede6b6fadf8498ce43add1ca6e8496e44acd83b031809d9484869467b0f9323e2817abca76d8282e9aa50c543f8301c0ccc120d50acd709f294875bcda272

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
1deea9c99afaf3586f24e3b1c5e9ec70

SHA1
7a548f8f9f1e3fb84cebbdbe3e4bb10b5c571620

SHA256
efce53421117569c55576b9070efda9d779ef58cc08f02b98c0a843f0fb585da

SHA512
adfcc2e72881df8b9de5e24242bd6c3207b9ba787c87a230e4ab37efffa82c05d8c7f6816ac031ac3a4f7a4290b3ed2a33031ee8b55e3283769952ab9c0197b7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
1985be7bb9130d94d831a6f2f12cdf90

SHA1
457df652bc18a177aeb9744de6e4d7fc4effcad6

SHA256
e1ed23a09bc8df4b163ed7146b3917289731a4ef4616eec13b6c08ec6c5e2463

SHA512
663837c9e38670503048cf06ec70429a7bd3297e45c8924fd30954be7c387b6ad67b30b23da0f739f7c179ae611b202cc9d2e8564a042f890a4fa25632941adc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5be2c51e841c51d2a7ae9db970746ab0

SHA1
a8d9ec3af3af79f20affb470374a8573c67ea707

SHA256
4b5cbc7c2a13939e72a30222224883731fb1a6d4c95b5100791b0ce03d230f5f

SHA512
4b3aca97086b1418d917ebccc8e8bf7655149019b0cf0b390bc3a398d7be2ae9928fd4d331959ffb19ee2a08472a202ac13c63375df799648b3f3d1d89f2b7ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
210dcc97a565d2bd815d50c841d189bb

SHA1
349b0faba5510e54d62390a1db47a4f3d52638eb

SHA256
aaaa630886a8a2b200c937f393410ecdf47388c7a1d2c047afbd011d73e05cc8

SHA512
b5f48f7dc4b1d4044ee55f983bcf057242f38fa1349be2f58b005aed5b6699897f51384c793ec2d6b727f9544de5bae7d9d2bdc055f01c856f545c21cae86db2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
1ffeab528c1dfb21b2e5852f14f8dcfa

SHA1
6611acc3d693877984f2b0a5911e28aa3db0c3e0

SHA256
e1c391f0d95dde14453d4247d8173926c4acd28ce65b79e3c973c533186c42ca

SHA512
81b8e62dd8223a22ba02842bb0b4cda8f3a8da2a362ddd6da631b073dfa37c38f4d4e6c6a2e613817c714b22fa960d4c78521bfe99c4e38135cac5aac0d1a895

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
0347c9c26ff7ba3f33b2ff9fdafab2c5

SHA1
12764efd02ac33d52e5b01ca62a1ffe6bdf07ff1

SHA256
c706396264169e72d0eedccaaea052260a528cac01a2ee07f70f173ae73704c0

SHA512
9ab96f032213db180625f814ecdad58c5c6e7ab080472300a94592d0994d18c666e2d7a373a1228ed437914ea1f5251ec096d87dc4278231e73e4570b5a825dc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
3e29bcd72eb97a4731ae69a78a9c56e8

SHA1
2fce4980e52f3053fafb4a7ddf80c6abca8d60d9

SHA256
81f1618eb3d71eb222eeaa592d55582ce952c1cffc94083073f74e2cea6314d2

SHA512
ecc5462da1e1a72c4b9793ac2c4186f86ac63c700ab6f762ebc8100391a4c711466b14f0fa50612ab99a155d590b4720265db0a2835e1ef10e6dea0fe3f4b060

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
d111ff883a471aa22df511d24239b099

SHA1
b162409714dbf2d4d6021324b341400ffef7d2c5

SHA256
b9cafb1a6d464fe01b1ebc494f954caa3b4afabe588842fcad8bf76e3d44c883

SHA512
9736a26b7294a1a20cb4549a4cf40c431b061de09e8ab58e1f5fc1a6aca874129ba09cbf7cb1bbcd283f406826397920255d2d2410d9b91c779077f588e17912

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
64260394eb2e72aff3a8eddc9eec3647

SHA1
e09a559761b8b0ea3a559f0ae2300f7f5f54ddf7

SHA256
812fabace4c5fad4520e398fbaed7596749c5cfa1a9cf9197fc745766c829b7e

SHA512
a741e3472d58f06750ee024448d43beacf143c8e7028d5cacfe238814ca50eed87b68cf0959281f6f6857dd9e6a618a629144a70de71cc5e9ac8d79890ecd89d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
947400df9436ab6a42dc4282a36f55cb

SHA1
6ce552c8dbd4eec9a5a620b6176e6ea2d6a3ab29

SHA256
76b2ce21e9806083eeaef6f4d05473bab1b0dba1043dff0393acdd8690c0c85b

SHA512
80dfff38e6c80ab18152c0838fa70c4a5fd0c348d9b29b9663a30c1c1406fc03f7938d402f49e4c6c1f4b39b575096c50fd14098830c049270e95be264d568de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
331cdd7851cc6878572374bb2d9d37a8

SHA1
4bd07681572d21097ab3b43b38d006f28a3a6cd0

SHA256
2e5a228961cd0a3e94c12cc5b067eb5a7e5c694ddba525c9035072e59b19d065

SHA512
574a329cce0b1a1a0a249a8ef50fed8174ee3f64d10dfec68350e83142d7f8842cd8c8e572d2fa28570b536b99ccf9a997f313c275b10147f4b70311e5ee99b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
f3c91b5d82fd980e6d310166d4aec66d

SHA1
8b67628946e097cf4ff53852d56788481ad5de6e

SHA256
fdc06873e9936b3258090f4f71e3a9345d7d0177f7da49185417e7aa399979f4

SHA512
aa4a73ed47faeca23872a6e3853064d4b0e864e17665047d762e354691ca868e273bf83027d6dd2f234178e981de75d9a312a59a8bf20e9aa413608998f08fda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
57859bf81ae2ae908ca63363d5fe78ca

SHA1
41a9e71d335299ebc001c8f9d10439a530093e89

SHA256
fe0a03d9c3e956522a6f5e8949c722c551f53321f2060995c4775283381e8b62

SHA512
953f4945d27968c11aace597973ab83cc97b3116b2da8d34f08d930127115a030c52a4117c7dfbb3afb417b9c1a7f9d594a1c6777dac400921df7973749d8432

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
978e49440b82e6f41036ce7452c28674

SHA1
03797b3e3a64442b9b187cd12d19456802b0934e

SHA256
bdfe93c3693778a66d001413194f4845dddfe1e17c324f519f9eaec64712dffd

SHA512
3b5b2d6152885002b52201622430a72e0aaec9188e10bee63cde6834b48c9383ce2804f31592a30822194fb6a928dca05e83a3bbc2e2da06a647c2ec3428493e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
f72336f99ce3951a88014af31a521a84

SHA1
314f9206230c0f7d3a55ff1ba63f6fe68ee203d2

SHA256
5570372b5bdb52fe44522e0b61d7537c5d11c48ed2de5f203753b011bef8f53d

SHA512
6c0f24163c74a417a5f05fc0e71be389cf5ac4244db59ea23e3b75c1cee5df0ab3b23bc711623830690debec587d4c75414671c9a21050dc0337f628c2b974c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
3638a39ab3dc607b80aea035ae0f2e60

SHA1
0176f3469bc99a6262e7529d1b4771678427d430

SHA256
9261f2e95925c4178d4e5d87f4f34f57bbbf6ca5add71465bcbb1e87ea348153

SHA512
55eb2111a0da17697b2d227f46d3efff28835e76bfc4ee8b256e40c8c128d25ed6891dae34c5cf2504c36fc000eb9fa74b9d71c4cddaf4d7dbc01f0c93ac9335

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a611f93cde4a3ffa89c1ca01acd6e95d

SHA1
b49d31d0e5719e4a9891a960e4cc91a523c192e4

SHA256
52e2f2d9d25f64bdeb0bb946b7681aa380160018b2a4cd3f567bc4941515a60a

SHA512
c6be82593e60a7ec8b04a2c7cc259067b3d44cc8366b85efbbbbb03d8be80bc51d4e54693f5ed1b3da5bc2f5ebd8113bc87c9c98fbcb64203ec19def7e105a9a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
6ce313819f05a3365a00ff7200725c5b

SHA1
f4cdd6c36fe16e6e5820d11f102d58c2d5208a59

SHA256
cd8f3f6fbe043bcbb0773e55f9e56fd6cb0c837ce4ebbca79f57cca2efd7920d

SHA512
2d3c0fd7e8a2fa5369b20d76fbe9f43fbbc551e72f2e9a779d99555147d145259a426a2e300b92bc7a6f543704474bd0c1328345bd162d85377a843d5d28c76e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
f7267caeabeaded8c64b93e4e3e1d5b3

SHA1
9c261e035b1c8cd1455248a9675b2efe83f4997a

SHA256
4364243c3687a46256deaa07f18420dab889a308cf4f56f8611fba75ae7192c4

SHA512
562e306743830070a7029ab5a422fc45e77251f9e41faabdc74a03ff696b73a5b9718d0a90b8d79d6c259652e450df086eb4f6f0c61e635b222ca06ea64ff295

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
be13ad5c60c73f62208359bf80db6225

SHA1
720efdc388bdeb23af84ded63a532404fb819d41

SHA256
099a640a2aa1d6cf8021caa5b898c438a072f2829763aef184beea37d8f894d2

SHA512
a79ac177f3c19068e61457b00eed6dedeef9005cf03cffa8a9cf1b56505897364d00911a3ed96acfe100fe8999c02701c8215a478a12e0eb98491deff2adff01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
95af49facd5ef3e9c4950bead7dae157

SHA1
8156ebc4dad9e99949354cb8055ca33b74e13a3d

SHA256
3ac7766f2fa430698e96b5fa54062039f7fe26e32d78ce9e9c6c5f4188cb2e7f

SHA512
3a83ed127e0ae08bb0c8c9f18db3f1a7d505ae1cd4cf6ae02a0a853e65df20016b01ebdb856d5a6b1f9c154e3c90a31eba17dcb1f9cff9c10939232213ba82f5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
0df53a1591c70496ea2c9c09069d6eeb

SHA1
6b000f70c6864374583f195101d0ec2b53ee20d5

SHA256
a71766856132b0962863ea027f9b5a45c1e1471c3d82e25b329a75f3b3afe472

SHA512
5eb2d7463292ea4a901b0eaab15776117c669e276040e31771750a28948753b6299033351b814d16c69667e8f605d7c18da7704c5532f75ea932cde97a4e1671

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
6f2aae859222b256dee9cdf51aca3bd9

SHA1
6ed29a0e90d11c121ae1bf6c2d26349cbd5601bb

SHA256
d270a954facd3c17f46ed4b925da4cff60bacded463c3edac148a9e08a4a171b

SHA512
fa09b69622fb2a17dbb1553dbcfb8933e75b8ab9f3ecae7cec24bf0f026180849c64c8f75a8e9e8d2b774ae53345af43bbd59dd42d1fde54362bdc8bd8f5877c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
297f652ae9846dce0489ab94e5286725

SHA1
693f087651527090274c810385da311e09005435

SHA256
73c8114c09bf82cf2e361bfda399ad856ed476d8deca6598cd1a40cd2f122ce8

SHA512
8d3b2dbd5ec3b00c5f89634ff3db3f5d92477924ab8dd3f336dce9ec79cad01d2186254edccaeec3958d0412a7f2b9e912fa53fa4ab54b818ad4f1018c35784a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
c3d09588014c821567cd24f0dca4ef6f

SHA1
e55a2a704699908caa90659c97cc2ecbac79ac7a

SHA256
4aa4a610856c736db1f2f9a3bdd0a5d88a79ab132115bbbf035d62fc2a5f86d3

SHA512
0ffa0c1a8e5a717d2569a3d7e1599d048b97d7230d0b177d2825318989a5a9cc93f0b117eb98c6342296bbf4ecaecfa76828bc2143b787e0d9f388238cde0bec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
3aa545af672c2b79492ba649d15937a5

SHA1
0dd8e6c95768029bb07ff43920b85cbc0d5deeab

SHA256
5321889262b29951207b0cc26130ab24499729496f1d0c35a13904e44e566efb

SHA512
9c9f4db4325dde1013f5491e97458e562823c0ac52b4a057c85711775141ff92a2924bacb3c7940f49bb59446255a3acd1eb88c83c3558b9c85b97b3f8b91245

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
38ef4571ae99cf366ae5aee1c23b6529

SHA1
973a6c013c5f2d7ce2e0b33a1f66a9f8127453a6

SHA256
a1fe8a32de3290ddf5631aec5bded40d7aaba4c73b181c54c26bf42c65de2f3c

SHA512
d05c2d36d0491d6e70dc6c77ecac8c24619e5ba6c5f8f2d12fea0658b3166ebd399eb8fc5caef04325d5d9f830095fb58d3b14a0ee357d4adf2dc63f531840cd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
cd7cdca706dabd5890b288fa6dbc57c6

SHA1
1a203d0c2b949842315b9b3badd1d5a86a5b7305

SHA256
3e89744c103964a7ec3a65b73c232fc8df9fdaf8b7b603d5eabdce8215e75ae0

SHA512
499c7932cc0581e000dbe7618a4fb9b2bb42888a0c458b976d66d32bbcd217974fc68ad9cd6eecdc1fa143d0a904372b2ac259c9257077416ebad857376188fd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
87edbffa4ce17e8ff23700437bbff814

SHA1
753be6fb7d68bc9c883fedc3ab44edd64256cc03

SHA256
d284096ea63c690f90ea10b783e99d1e5dafae6a9f8718e9370abc6e8a16a705

SHA512
27c68cadfdeec53cb9ef277e74c3c7b64c76d37bc31b59aa6f968d6e60e4d77f2009ad2acc78d2c149cfcc7aaf876d6b95195d8a7c2d515586e29d6f09f2c3d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
d24519dedce36e56be6d31a1caeeb494

SHA1
cdf01e89c36781709b4b4061997de4e8fc093fd8

SHA256
d61a76fe2c9010eccfeb876430c5c7329bcd65d561963c1dab6401f9a2ed533f

SHA512
70d104482e8f166e69bc157f6d5c27b1357f8b805525ed96b7470a05bfd0a3b88ba022a85268b35e73fda777af5798cd98f90c0afdb39905074b5bbac9749244

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
4283b4af24740e70a39bf153171fffb0

SHA1
b89f4820ae616eac32e249702eafb837fa9017c2

SHA256
8c7c6934af919bc58c5a974f90c6cef82902cce519271ff37d28125f115bba4f

SHA512
72d84489fe5b58327e9e5d5e1bd3da016d4c320873c9a95dc9f2bef5e282276db3da1715e6b0e09d5f9b705222169b9824ca146674ac87b2ac531a0bf4cd4c24

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
b4a39331b1bc28cae26e57561c1e9633

SHA1
9b9ab915c92ab90082123fd3da32ae9a4f9b8a4f

SHA256
eaa11292e132d36d59d4fec583dc6b4f427a8a9891f461cc07964efb4f160692

SHA512
93449c194b382c682ca7a57d54addeeb8851688ef57af55037f6dd7d3ae0e946e8b89a2a2b863bf0014a8934f9d4a0235fda450b0e819735cf47406de1b506c0

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
58221d3d113f68db73dd3ef8be50c89b

SHA1
d176d2d980455b0f3979887c367e46aece3ac630

SHA256
6bc78001ed96e327800c88dacac9c2ba1bd0656963339ed0b05d3ee79237a141

SHA512
478b7d3fbe7e99991c7fea9c9a39e30f6fd06816c1b53b33504dffc276ccee6c18478ec113807f88bdd920546a4fcfb22f91ea1b6d70283d6157fd4dc6bbeafd

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
ba3f80f7c23b66950dfbe5ea59ab0f22

SHA1
1064ff531cc54854b78608fc6264d61a86e801c9

SHA256
0c9bfe4b4646ffde7ca02a0fe65c5be642110288ccd606f29b1a320e1e7bd6b7

SHA512
bf04c6175ed4a6d03b185d05fe112bb692624a601b5e2a314619a8e1e028d78146d9a2af6feafb2717b812cd7086dede8460fda5128a01b636c9c62114573f3e

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
d15cea1cfed312ba54cdf829a43f6e66

SHA1
f4907e570d21967104c2c84a4f7029cf07946506

SHA256
9c142fbc847787bc95e78afac667bb72211e36144cb93a29500de33a19b79114

SHA512
e1ec50b2df3d9c068f1600acbba3b6fc9616f258b35137e1585fcd118908b4ddb311971bdef98a2a58d33319dc5eeabf566807e4141d562f4e89d146934b77d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e1f0604e1573a0f5cf88c61631d3cc14

SHA1
17d68253f8441638fbf7a6a6faa49f95f8b533fe

SHA256
93dda3852cdb85bb54326ee13889136415a2ecf0cffeee6c3a99d97e8161fb79

SHA512
eed1d62e6873ab0a43429d8ebd5286421ee616c6e33a5113a7b8c04ed5efd331c46c365b0d43d6c7a33f5c16249fe9a6ae920dd5eb7a0ac64e2c396e9590b81d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
23117f649d028815d479923191014646

SHA1
4a47c58694b60ed08fd5d3aa3544d19e1896da0d

SHA256
cce8d22e0c853a5df66273326580115ec47dbbb92c96c91354af0631021c03ae

SHA512
2e297171c456a2e665856830c98b528619dbcfe0d3ab6546a115200885e6993e248bc8969fb91154a66441c6f0054ed2bedad35474ad808d4a882b12ae716c7b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
6328e78834b56c790e45f013c75c4f7c

SHA1
32c2fee614c4248ad0655ee5ccf3ddc98a254eae

SHA256
46db7db91078993b65d1efe82ddf759ce31f59b773dd8f68564035af586fad39

SHA512
0132ee4d4e649f1d3ab2a9258bdbf10674ee00f1b18c6e863df7878550c6de7b5bc75c6aecafc48b70f91dc8f83e6e910b36744d35dd53c22066398ef84aa7e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
2f2fee9aa71c1084ea10d431b63bd910

SHA1
a888a76a564691ed6d2e234827be642299b55aca

SHA256
1995869b211049f8aad20238dd101e0af0468c3dd70c53b0dd350f67b9b737f3

SHA512
a150dbba7d8f20910e922d5b079e4dcc8ade7bb95561dcfff18c152ee9e5616120131a2f5ba8db3723decf57a770aebe9669c2fea34ec80dd95f30ae49e2ca3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
7a648e92cd9c688e75c3bf9af7062559

SHA1
b97b4e1a6397dc248bca855364c3662da2094723

SHA256
9c0a234637c75c659f34714d8942b04bfc5623a3d6f51e1626d45f689bcd4f81

SHA512
924fe2f56ba075e59f58a3dd1c562a3a62b61a7a7cc9cc1b99c3b540bac00d568986c1b93f29aa904494b9040157c7d4955b230f12142f922f96fcbd2da0b22e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
df3e435c1a7bca083419797ef277be58

SHA1
766e36de2565b5daeea2ce8cd21806ff4c91f268

SHA256
1b19a49d45d19cfc5c3c15a0345b3f715e249c0cc5548681f138b5365b6310e1

SHA512
4ae2328e51f28e7ef64d36ee5f0efc8dbd8d2c0533723b0172327c948fcb4929bef7e2a4bcbb0a8f69b55de76804a9b074a26ee41d0c7bd64242886b2e005338

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
956bd33d2352dc6fd0bedd3d02ba18b4

SHA1
8d98962085186905cd35933615b38ff430567a18

SHA256
b1fafdb6f1b3061b31b286253a3df000328020edcec5c8c7043f91ad4f45cd3d

SHA512
4929dfcd6a8f9d3107cfe0ccb0723fda087919b4c0b897a2d7a53403688e382b47582b79c7e389fada5f1071e82592ab502e7f4c37a6434f84271e3bcc618371

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
1736aaa940d4ecd0422c4096535a1019

SHA1
94e006b520bb7b5f6c9a278757fae7dc6ac055d6

SHA256
24d86efc289b88c19bcf3a3b754bf85be7e9fc7ba7b3399d3275a2d2faf87035

SHA512
1596bec9dd86b7c3f6bcb183f349cd6037b91f13d71d13afb3bcade296c23f620612b7d5def7cc20239d4bb12049f7c9feaf5162671144e5ab9e8679e2d47cb4

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
7bf3a3f8b2ac6ab0f21c0142de1bbe59

SHA1
f263be3cf739451b8fcd95a625e5e6fbfbb1929b

SHA256
6daf46af292a0fc5d5f13d9b1aeebed40773e54127faf410a75af4cafe870d1b

SHA512
d6eb2dfeab79b64ef131712897b79ba1eab3f23b3cf33e8e81d0127f2ea1143c07d20f3ab4b866b55debf530c9c48f5c918748fd7f419b4136dbb3864aa8c6e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
2659d0965dbee55cbf1016fba5b4a7f0

SHA1
c21dd329cb25e78e039ebcb5b107e01860819be6

SHA256
371e2b36e05396a925d06886cb83117fa2ad904c6ecbb3f3657e7e972fcfac5f

SHA512
e060048cfad122df92d1f28951470439cac43b3e39f30182a23e6df023c3afb94c18f00be22936fddfb31d79b7fef958da4dca391ff9c69bf8ee988780eaed64

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
8f60aca315909a979b00f03e27c4dbf6

SHA1
4d9001ef61165f650cf9255c55dc77ae68ed0af4

SHA256
26299c2318557774df9c1c32d4ac0d08a76d1f17f8a5ff5223df374d6649d552

SHA512
255a1e192bc62e7cfa00e59cb6c956cbbd0b49219a1ce7c20ecc16bf6983b98b4c0d7fc8bc177e8df13a347ddc8e3b01005220c8b798099fcf604dcddb623eb8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
4622a4b682b9c9c05d22ff3836554f6b

SHA1
70e67311c3a55ea415428bc1f1e393b7a1b7affd

SHA256
fedc445f95beda2569038658a00af4033f5cdf0350edfe31a96ac63eb7aa62de

SHA512
6687ee0627833f7385d4c52b452cbd9ce55a481b9a252b877cc261ed4b906408f0a9c6f760121a8a34728bdfde6b2848d77be5cbc6217ae3f30e18586c589ff0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
df61914a7cc41501b38250b1849dd3f3

SHA1
bae176ba35606d5160a50387f2e00f5d9f08e985

SHA256
12b489e54cc47d059f686b40e9b39a16562e98930440ff1a2dcbd5b59187c028

SHA512
eb67bd6fecb553f43f346c1bf15b55352a2be73e2314e348cb704ee32d899e8baf393050b9909d49f910bbb78b5d623e00663e82aba11f5f7cc1ff46fb7ecf95

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
089d6b1f0f68001f2e6b1eaa9703ca0f

SHA1
be7b69571581b0ccf945ad10f219dd766bd34827

SHA256
778fa42bf56e451891b381212a0dba7ef9c16cd40a963b8b8b6bc16004692b8f

SHA512
1254dc2721608545ddff0094c893dd1f78e49a688898c2991e8b4ab1042a65eca02df030e491315855c8f4b3973482daebcd6e7e979b31f417ce3a1489dd821c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
b8552a7a39891d7bd9db6b0785d84ed7

SHA1
2055b8019400d503655e2d49c0167a94f8225946

SHA256
047d6f7aee911023060a2e4fde551d2c55ef39ffee022441d009847ad8955946

SHA512
da148a2b3fb914727bffd471be42d2b7bd01eaced2dc09239505a911fbac24f24aef37740c8e201bb8f942bc759fb3fa63a76d8f159f033d4998ece4bbfae70c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
41a9246307746d942132514c83546804

SHA1
19991750c6c2e70f0ffdac03ade5aa354d75e067

SHA256
f215af58478c9c819a8eeaae436f492c9b46d5bbfbc242cca767f9761ad2aa51

SHA512
c81ed365480e4b0eb7086955f946cb273f064983a54350cf0077914a0ed7ed28e8cf589095b4f3de74b2e3b9f59c802366321c0a7686905b893b2b4f103a66ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
722f71ac26a3d3780dda3d6854aad6a3

SHA1
4075c1d848d648d94a36a6c880f1cb14d84aa150

SHA256
6ba141f7b0c9410493fa091e31263e8a21aa30748dc38f1b6171aa330cf6db2d

SHA512
5bf6c14ba3f72e84fa71188dd0ba32a29fefefb0e28f23cca6f09d6c50ffdd370c31a6c9ecc42475ba1eeff568fd51b19a81ed7a1acf4e345f61d80df8397d2b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
69599f7c3b9e9d13ec42a36b1b4e1af9

SHA1
fd57942d34671f939c0d931aad6214a6237d9e6f

SHA256
1959cd233b29d2db99510785aa5684e8573f2667eb136ce7a9c244b1f4fe89ba

SHA512
bbd34d1522f365cc2ccdccf9aba1b8f5a9b433968e10e9094f9f1a0dc32de58695a5327323c82021fefa53c7f68088885b81bf6b2294a6f2b91cdbf8f3c7e20f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
a76286d67e32f27a9a3db23d566c3916

SHA1
37622362c5c365545c310d914ad7bdf518b01b22

SHA256
5c3e61112c618e92f139928886d1e2a06f991ccecc7a74fd53c5a2975856fd44

SHA512
20e11c99d451749d7aac8c459e559d3e720bc41aae6c1b9b5a8aa9d56b97baf5c94d4136fc29206ed6b8f24eba8abdf5a7eff6a2e21e7ac2cf7869742abc9095

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
5ab82a454ba7a05090c92bc5e873f6ae

SHA1
5b9030989f8561cb80f90301e42156666176de22

SHA256
99bbaa627b9d775b7e23e816ba5bb23fb31a8ce21af97e2506e613df6b7b7ea0

SHA512
e2858c73072233e13a1753e36d2a75ec52eb88b8666caa7d7d0ab9622c940d306103c666d56a734734552a718b9b7b02a4601b9717bd80a5809b76b39a14b519

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
0704762388d63276b608cfe75c5e6ffb

SHA1
f5ea4460e8e54b87b5c910ec2154bc06e529a13c

SHA256
2d94ed766fa0de3f208005324537a8ea2149f88ef80ace71c94ca4a0d1799092

SHA512
68e7eece3891984ea249a8fd05315ac36d0cd33a40d0acba98751bdeeb9960eabdec05d1d29e98a43ec54bfc8714ae004ee6d38e88097bef45fa3953f4aada8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
7e1c06930ee582d17af1b08d4b7fb853

SHA1
3ae66870b7578fd77bc108d8f89b62c5b832c03f

SHA256
27116d88d6ca5b65e7335a12ec285020b2eef7124db3f857a2c5abda38794aa5

SHA512
822ae2bcd68afa26e77f5f457723a846041da4f7be29995c0579d869148714c65c99605cbf85bd94d8601b02b3c25b932c6bb46fac06a790c0f5ad6a16f4ec01

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
51a594a488d7084fc590a078d2fd5f40

SHA1
be489b0123dc3f0dc6174e2f13832d12a6969590

SHA256
912f4b717a93b6778ce91d47bb0fa830149a1a7705ffa51cdce9820427977cb1

SHA512
30bf6cf9344318f3157203268eb4e829a75017f587ab677182cd0046ffa9c12d042c450cbccc0268bb395d638eaa063ea34039917236a1e9e5a85e73c98c9d60

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
ccd5eda61262d2eed9a8779109cfc1c7

SHA1
6858a6e944c8b3a34f76c3ecc68a052552f73157

SHA256
0480752c2cb29d7ee52c35c191a1dbbac081ae043e101849fa03696c26997f34

SHA512
7064442ace681e8a46275fa8c1a3af45d5d591c4394e89bcbe72a17a76ad9b52e1ed607e79cdca120494c71cdeb320cde6b6d99d9ef00147afcd4a35622d9d73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
533123006c95c44e9659d044338682ed

SHA1
d0629ad115fb8576a9f16b338efe48d8df605543

SHA256
f9ce1434bea370025574a6232844c1ef10ff54e132d30c02c2d68a2d93da5eb5

SHA512
9c997c7293a89c26edf71642c5e468e81119cb6d2f5fc0a73acd065f72e21d35fc9f8c2d3a7d31f1548a174d8dd05ddbaf17554097b112eaf0ddb39fc136c76a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
88ab1240130aac065c163f63dd40cc2b

SHA1
8cf011af764085cb1cf83ba686d76c16ba445c0f

SHA256
2b3cd5b18bdaac3a47d33154aebc84de119c7a6901691840bbbfaf90a88d2f96

SHA512
a3e89e564fc2dfe40e12b7713e1039610052687c30cb9b42630a0dbe438b9d87c37ab66924b0a8924426c627acdc1b175ea53d50eea58b76787d07bd51d704e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
766a96290c1e2af85302b8a9cd15cc7d

SHA1
e1254d1d0b5c23db24577663b21227fd1f7f8d7a

SHA256
5dd6957869fb5d9cf99213cc6f68d49868cb99fbf6bfc62973b5b833dff972b4

SHA512
31bc9cd49dea8c972883311036f33858f2e0c13cfb8edea1bcb257ee6128905c0e3669e92d53316368debb8fdf34c9c61577963c97909014d8b5f94b0ff4b833

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
4082cc27797626addc25a0409a9c9a26

SHA1
930f7ff5ee5d9531be11a31da04cd1a9d56adb49

SHA256
778ee88f0348c2923aa4c887a7519e20f7afa19c35a60f4ce7368daefe561099

SHA512
bf7058eabb4ace02c7c7dafbf2b666a4aaae469cb7cc972151078af5ab2d81514824ebd42222e39f4a863c238ea868df499630516b64c5a7bc1874f68e31b5cf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
ba16486f2e81abf0538fd882ab41f25d

SHA1
2b35677bfc982bff7536cd39e4ececba450e75db

SHA256
d4885c0e4bb9e60375297c955cdd704fbe0bba331bae3b4d8a3877683a22c79a

SHA512
537db4f2c2d3cf257cc82e0fe3a39aea59014d0426f4f0301429cde9c425363a02d33d72799ed40a4ab62b1d9fc75553307af57a72b6e46ecc1cc4934093d7e9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
2cbf59cfffcba4c87d029d7145c33f76

SHA1
f25ca0d73a82d6b87076e12d334ff95f715011d3

SHA256
9cb8242f95bc4177f9dbd01e3d50e37e80c5440457a8aed0a452894fde52eb3d

SHA512
91f559775e086441777440ee4e881cb2876e8cc344600d61b4b2154d3bc09f13ccafe03d8f77d6fc665e1683b8bcd57f4fd72bb704ee3b796df1d7487f81320b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
29042642abc226857fbc7a04400e6d2b

SHA1
aa642c3828f8039359a84227d562f735f089970a

SHA256
c435c7a17658daf73b49f3b8c751ead70d3bbea006521c6ff07854eb85f8c958

SHA512
29e592087245dfea8c94c7a8d9754b0fe3e1b169a82b730e579f3f98ad62544ff8281f07f009148834f011509c7e0f25e62b3a85e8a92ada0407c81e49092f6c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
c1e349762d44801d7872528b532a6148

SHA1
497158a56e36f81503a0d6a58ec7334cd73ed87d

SHA256
7d4dbdc594ad2d1fbf2621024300ecbe3a30f0d6708ae065439d67d65bf76ab7

SHA512
ac497a49bf9511b13352c2630368b268f2a685791dae24adc4ace9b0a0b5d30a0b5d086342855295a4574fb2c2fcc5ab0a2dd2982898e885f7aa1bf48c9fd75d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
5cd75bacf793eacd6843c9767768b468

SHA1
7e4648a784edb382a07bfc85eb6b577feeed0d5b

SHA256
9cab701ea2eecf898fd580e360867b70aa6295df1500cba8a596f6d6d37ef0fa

SHA512
a821c5386084c765491f92f89c74fac906c647c4fb205ebc2ef350447233e613c11844935c425d32ec6d21f730f13d65891133805556250a12ce8689283caf00

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
bc1649c03267b9fa8a0a7009a4d715e5

SHA1
eeda3c828e0e23e9e64a9350aaaf7b0485a2e4f7

SHA256
ce8bd8a8c416008cdce04ddf43b0469b4f281098b904c615c454233a8423dfeb

SHA512
d15b5fd3cb2740fa06f1b0b341ba7b6c5f98069d215a705a6491db2789006e9d23668427e81bc488ccda89b5a0e3f2994f78b3f047b32623bbb1423ebc55cb70

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
ebf8e1d9bf92bf43eaa6ea5cd5f0d833

SHA1
c1adb6b00fb30ee7bc603967294a39794e54208e

SHA256
3fd45e1b05f27ffa32fb1f5da846c108a8c4436ef681be27cd7ca7971d0f3478

SHA512
2b8557bab14ea027055d8159a97e79dce1328e43516bc3dd3605fa6ff3c595fb57d14ff598b436d50057f13bf9645fe395f56fcf859845212783f33e190143c3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
b53b58928cf530dfc6b50026f84c7575

SHA1
a87c309332c316f509e332c965b9a9a1e0cd91cc

SHA256
bd22d1ce520ca6d42d372a90b5562a41ffa5d7f7b434beb007b228b6dab5fa75

SHA512
53d821696a3ce99b4379909b40eb6295c073dd75489c8930842b4efd8dbfc29fa90c48be462a7b02f17f7d6b914eeaff29852e9200e32652f2600cf038c381ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
ebb34a42d837f87d5eeb9888a5a6395e

SHA1
ba6de136a75c5fa1e7c1327ef2ae8e179ff0cd5a

SHA256
5f18ea6d9f18cdcd37ad956007b3e7200ca62cce002ac90cc411a78336127ac3

SHA512
c33e1b5891716d38c141f2a60924d232f4402e8d36f987d5de28faabbb855931d2759aa869fafc7660352006beddccac89a564db849c99739bb3f2377b0c89ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
384f62b65b53afa05fbc6a2b4abfbae6

SHA1
6e5a4407326015fb80962c0f09d436d14b63d67c

SHA256
f73dec0237df1c56719f672b754c9e0efaccde4c211e1064661a91c374b96f8a

SHA512
8b441d2d0cfacc1a24638eae1cd80c98c0376fbfd5d9537a7c25bc3f3d6bd0dfeda8642b0ef9386ea126fa6e225fdf4419fb5c340793afed6ad11f56ed5ccc20

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
37ab2f311f59a07e5156b38eae93faf2

SHA1
82244fd83850509c5653661a8dae646bb2d02ddc

SHA256
98c058139f90b4cf0318ca6a23fa08732e226a52380f16ae15f6b7b5779b3487

SHA512
91e54f42888d01818315ee09877134a2fcac2eb4e0f6b6734ee158f7110cb09b4507596ac1a3887a97b37ba6ec458f8d8c12d6396cac6845bcbb1f0f0fdf478e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
ac853d70aaf5b8afa5c0d422ea682767

SHA1
e7e83dc879abe91dd19db8bf8db8905abf375d4e

SHA256
15d3fc457045915564829e225df7cc98d05fd458691f8a9a407d56be60253715

SHA512
fd68dde4ab72361ebbd9627389f266989bbb6830bc95f45aa7e3c2ca60b5ca98d163b9299ed057587db2a7e608056eea97a9d9b98afca33345cd78431436427c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6c815fb8c37379cf5e178cd2538bc8ee

SHA1
6ba1200f6c471224e24d2d3152ede77bc1723589

SHA256
a1636a6ae560c28a646ccdf57d1b332d3dc36a2c7bccc9c6e6fa9e7829f7bf70

SHA512
3ef952b60c8cf19d3ea01bdf906431a9601b7432e4504dc29e90c7a8ad4852a5eec896e89d1feb74d25c0028a9bd9aa555d26a554607213a1c92153d23f25ca1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

Filesize
77KB

MD5
3c3837079221f0992e1d1014ba765caf

SHA1
50e52d491c63930b4840c2d80e1a3080e94329f7

SHA256
bba915e37fd7132a9d8ce040fe7a720a58def446c407e1841f2999b6fda88b7e

SHA512
0850d32f3c8120d699bb6b9eb8a155807729e2c2c9287343c394a94efe6e2cbeb960250240bad72d85efb4b353a4fd42e4831b808a2cb48b8fe02e8d659416cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

Filesize
47KB

MD5
1e2cbc73fccd6ccbe3141ebe4056feb0

SHA1
883c148ba2aeea83364d199e4da7c298a9a60d13

SHA256
0e45da2f51011ca85f922a61b9aa2d0f059fd60cea46ed9d0e1284d0c46ef6fa

SHA512
5cf4feafd00dde0cc8f0993265ccfb04854a74f84d920d075b46dd884fa0751c329263aef2a909b285a4ef11ee8014958402f6dad14fb407116853e90bcfe3aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

Filesize
63KB

MD5
a9eb492f3572d3e63af11a6c34ef55be

SHA1
c5884da30fa132c37be19041d1da1795a46a65e5

SHA256
216f160ee963304f0bc1410e3e8d77dbfcf26f60b6a5833a0d6829c26c10b210

SHA512
41ce2923c653e1e3655c3064ff58ea8e51f687c5ba169dc8c8791bff2d8bb7071aa0f591a40574ea6d30a5d12dcc31256efc51d0cd8c1211b2a9b95dc7b7d945

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

Filesize
74KB

MD5
159b56c20755d0275d5102e51a27f33b

SHA1
9d4acdd3db9cb0321463aa5736c823e0559eb00b

SHA256
82cf55314975c6c0e769eaca4c77b0f4073166ac288a8498414dc446214f3ffb

SHA512
797325c788ae4faf6fa93dd8ae47d56095e747f6ae295615a8693adf0b993b2f225bd2d60a3d9451bb46360590d63e6d70bcbe61ca806fb854a4dfa9250cd866

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
c97acaa29c88a1acdc5b4029332c455a

SHA1
739ff0bb295d8732834e110b299432a6fae7bc94

SHA256
ea57fbbfce709064a4e8dcbbe056bf424d46a0ab59ead729936b40bc6b6b4bde

SHA512
8ae2ad7ff4d219754f7a6a65acc9dd9eb0322039b5034263e65047a985064ca6de4381a1f2020b224167e517660f41bf1e899e88f87e783721b4be7776fa3ab0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
16948287696bd83c728117bc9d368d88

SHA1
13d7d587257495dbe88f4cde05bbd4eb4f4307cd

SHA256
c22382209c6180de8e8142d77550393248c6ea3c04e36293fc833dacf096b258

SHA512
f19e35c5ce6c74269e6891e83aaf7dacf9645ad8e841c932596b51f1cfd6406aa69f3800018602c7f88c32f5546b9d7609be7abea9a37e297ea13078e5a2a299

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
1121a016fa828fdb1e7b3c5b35dc1554

SHA1
d61c65ddfb56e73c1e0566d0e5d7c95061726cd7

SHA256
9dc8e3285906cf3d8a9795bf3089b2a8d5e40fdd3228a32650ac3bcc55dfcdcb

SHA512
f129ed57151f9920486054ec2729748ae6b7423094a2fbf72f3c8c984cb7145d296240a859f8b0f25104e4dc07507538b0c96149859933128a7b6670a397f7a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3b43d41fcab5736f10e26735f6bbf494

SHA1
f03a6d7c69d87468f3102c992b4e341bde6fc6bd

SHA256
2cd80b9ba3be52f66ea6b2a071bb37012be2fc2a5d3cb2aae3ffbb6272c2fdad

SHA512
5e75b0454d71ab6216bb3e2ad27e04d329cf364885fc7c50f85fb6240a3d833d0630eb2f244e485cd095928b38fe22ea60cc7864bc2ced6d4fe9d779c28f3950

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
4d1185abd85958c143819e0c25b67952

SHA1
ff2b136e06f09e3436545a12fe4224e8ad6a4a40

SHA256
476dc7d58c2d2ead5293364a44ef9e07637139b78249014b464c1f4dcde39f5b

SHA512
cdfc859ecb57a96327f702294e9d475371bd606c23a5327d159f2a7555ee73624378ded36d5a8260e2d798d3196c9a327e3ee9f019c867c1c475c88b19b616d5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
e0e517055c8b9ba9ebd2e75fad8cfc32

SHA1
f77fa5d377867ecff2e029128c21b4a9f16a5c06

SHA256
164c574f5c638087059537fed1a5dc48200a0998ccfae58cdd13763d00d4c707

SHA512
a97294b5cc5af95206f736fec2817b5b847d15591c831e5a1e7f84b8c245ee95c5e9face75c559fff8e6c6c33dc82f59dd33b85422c9c196536ae8b9aabf16c6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
93d2c229a6e4cbde2c5ac89661ca6bf8

SHA1
941d8ab81652912d895ac35221b1849afd438732

SHA256
204626a0d8a123848f2dc552d3172669b3879ab1ffffa1a32cc69507c92cc33c

SHA512
9886a7367719856ab2ba979dc6b4c222f7df1219048e196bf1c931a03b68c198dc8ae4485cca692f3f5365d9a0226e553d13180f2afd684e5e33a221973a32e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
c6c7ae36428ac2115da58029311ad0c0

SHA1
eaebd7e709f1654a8b3b63af0c8d13dc3d08a61f

SHA256
ca378e95e30046cf7bce84ede0bf19137dea8d70ffb3463881805b298b2d520c

SHA512
a1268e9c04e1eea1bf1c0fb4414e7b8e4d53b63ba71dca8c5d936f3198e8a1ca4150a690b5d2b41a5a2d02bfe49a3ff63d2bbe1f4ed7c241d3e8db88e0bea963

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
1fdcff365a3d380aa5cde4fdb62652c0

SHA1
d6a68c67ef185e2cb90f7c65386bb97405fb2ac6

SHA256
5c056ff618bc35b5a6a074502107958ba2229120679c79e6e4c453b84acc207a

SHA512
34308f479f279114e684f26d88f5f5e17b47fc605a83e30d8c17ed52fcbde43013058f6e6f405fad942650f38402f88e0c6ea873fd45123a228bd4725f4ed6e1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
587d81874565f88e90514a8072c47813

SHA1
e4e0a9ceee3de48c588afd14643d0c05c3e72111

SHA256
65eab9bd7f513c62e751b6d984a7be18442d7d58623bf01fafc03407971e2b68

SHA512
1c887a6f61aa3bca28766bc045ca1671023a10be4d6e024bc782be64c2d42fab1b56789d70dd6722401c55f56a7ee98ef9caba794dc23e699bb37f39037d1922

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
2636f672a35f63e77073dc4d3a6c985a

SHA1
690e5e320fcb6b476a7c66dc527988b1e546991d

SHA256
9835832f637f8533ef4db7f49d0ae881e86f69e134106a9bf48a4f7f9d935eb5

SHA512
68276265ff09eb63a53acdaa25edbb6a15e07e76993f6393a0c677d1125d3254dd158aff7d0e43d924a5d5692c9f166e4461b86be540885de997f06850b17cbd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
c3756582932bb16157b4910d4fcdb7aa

SHA1
01f94ab557b643f3fb79db10cdbefebae4d5eca2

SHA256
c596ee9cd91b557602ade0f537d091918e87192fecb1871b9fb860191556f604

SHA512
23491db7e6644199db800a2274615584a6171edda73e9d18480c335c3208a5ba8a3c2dc20f748a7e21972a41661d359d7e400414f56257fcfa2fa1b85be3a1cf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
09af5e19ce3e054d23b4a22dab0333c0

SHA1
62be0cb08d48e8c1f547fc1b5c6f01c30a2c6ab5

SHA256
016d9b76cb5dd977f8bce8e990ca281179ab4452b239e07ab1fd09e76c78ce38

SHA512
079000655fc98d28cea3ca47ee4f2c78f0bd46c584199b9b4a469555c822d4068e5dc98c7f4eeac3229c243669e7de1153bba67a772a07b0eba9377c64b96c79

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
491e120b7e3d43f0490ded73c3595cf7

SHA1
54f717fb3ead5234999d5012055a280c4b67564f

SHA256
b4c6283dac0c0748867d89ef54fa543d6063b0deaa1c1760d2d15fc39f206a2a

SHA512
ea295a69acf3b90a87f8b2a67a5c4b5e900cee87c672135d1aaeaee5898dd10cbfab6cc8cedccf60a325f6eeea6322694a7952508aabae6abcefd5de688d1e66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
8b6e92f319c58ff46663c9fafb275423

SHA1
2714ac844cbc7e7229acfe34f9693c2dd5206696

SHA256
7afacc8582f3bf2cf6186e8aa7bfa29c147047b4c1f3677d9dc10b67707aaa4d

SHA512
d31f9eddf61ebd4c21fc934c34810676bfc79bd33d624ef7cd2afb0046e7b00b0fada38209747bc2ec3c656d74aae0020291a1797abde557fd77d11fc608fb2d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
80a60f1abcc95946b6a1c9ff7b9b19f9

SHA1
e60ef8d370a0c9cdc97b801bec3cbc6fcac66066

SHA256
3940e340ce8b21ef912cdcb5b63b358e5901aac1cd9ba25a191869f982f96bf8

SHA512
7969368486c7bde6d81903b264827e462c06b8894d14636b2e0ce38ed55e0d89ef1a43200855c879f2d06fee5a7f8494517e11a3cc9a497fe9405a0a7a1c67a9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
bb433ab049483e4dfd3597be7b8fbc26

SHA1
b896f521c41b9dc9b0c7df85f46b30e86f03c4df

SHA256
a96d33a6daa105c759a0053a4da20e993aaad7d8942bfa4ea16f97fd1f2ad29d

SHA512
005b34b39c55ec5880b6edc3243acb9f058715130ae344550ab0019d027acb1c6950587937ec13dd7bcf67c2bef401a8b537b7833becdf6c79d9b316d0ea6db1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
acb635df96a84ff22785a9fe4030fc8d

SHA1
cef89dd63272c25a55759dbeaac0e80299c018ba

SHA256
b099ff737322c26a850d566eb47f1200297c8f4c4e1bf9b8d1116291ec5526c0

SHA512
07fe94b237a4a865067503156de05b6b6513e0626d4cad7e976a75839a42045c2a80d52938ff8041d1ead1296bb31d7da24f2c35fd725dff0af2d424e6a92054

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
ea1b667392cc8f2d0d7927489973fb42

SHA1
dec5468e5ee5b1422ec4cc92d72f689c52ec19d5

SHA256
028537712153c7e60058012d6f950e101ac7592988b8c59586066395a036b5d7

SHA512
421adbcdd3606eb68d30d5587582e0c9fd4471aa012b7b8bbc67a7e7a293359ad32eebee95c6448652ba9a3aea21ca72429d5abe194bd6697f75283e2ee20624

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
c3d9785a3b222b73bfcaaed0e587ef07

SHA1
6983fab8812abf39950bd8f3fcbff9fb463cfce1

SHA256
4e00a7717a318dbeeb7be9442ce03dd50d19bc52db8fe56e0d2dd70e8520636b

SHA512
1547479e1f15b07f6c00a848d2a6c9e9b97e51b9bddfed485dc755405837cd9c47048a392109048ef6e019d73aae096cec9ebefddf6f6a107373e7c6efce1eb9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
606021b96d062679749afe29fe81b09d

SHA1
ce2b2291ef46f4f74090e1445e4d6236e0737b2a

SHA256
f88fe3388e260d77a96b1f5a168f1091962dec4cf88bf3709abc219b42df8684

SHA512
a531fa426baaccfb994e20e79a672142c8f56c1fa40ec849e351b1b047f86ef627dc54df4d81aa7fb1e4e715a333da6c7512bfbac00822853e4484a02a8d530f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
208da73a73c73a11c76f87cd487c3ff5

SHA1
a6a57df223c83cf1c245b2e089a953204d49ddec

SHA256
75dde9743245840495147065e03e62a0b505d14edef676926994616dd72b11cb

SHA512
49a017b7cf0b36ad4f27bf80ccd6fcd1690764eb3d16ee0a2bafe03b043845bf3714340e1d5dedb91e0289a80f001d45e98dd3e4a488e1c550bc3094469a24e8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
83d19e3616867bf2708419a409b2d465

SHA1
5229ca5088bc31afba45827f8e260c4c485fe848

SHA256
1d7987a4233cf145f0d5e86dc7869eccad70dbc15f219ec6c9f9907347eedeef

SHA512
cb5a4054db36c3fdb33397e199c41e458111b2cd150af97f6f2883e0ad6df245a863d88b48c488e05c172f6113f1a49fdbd6de9d14a6733661eb530b36a6cee4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
9c84d2e68d71a683884207dffd9837ba

SHA1
bd9644facb2113bb3f0d94ed660f2a57f47a8a66

SHA256
69b7dc44e9ef673b56d8f0d2d23c6e9007776979186c2ff8f87ce11cd53b9b1f

SHA512
76d12ca382d491c5faf440430dc37c3d86c84510dab9be1edcfba0d3d58eea392fa58935d4afb37146a3386f28c9c108e7904cc4affd97277ad23cc25a6633a6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
06fa7547f4e3ab6bc1a6e940847d9650

SHA1
d58e324760bdbf4e0686162be81496166f933e25

SHA256
2e2fd792d5f81ed130cde4215d0e30de85325b074b85a4258463c205904f19d0

SHA512
598fa2f226d42b6c689d83ebac94e4fa0e4327cc5d94a87b724a504558c4553b5cdfafd3ae5b5c55f4cf6858b63b65130ba179c732ad693cfbde021387d47b9d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
0041f73d580c1e2798f33ab03cb6e435

SHA1
e73516abbeaf6f6580cf256d3da51054ac889806

SHA256
80426e8d97e3e628c409c6fefe950cd85000cbe626452a874686831194e86b75

SHA512
06ddcec1e7bb2ba0a5b7bf40cbe4b6293aa71b50696638905d5a82eecdd982d5c875c21b128e8ddeffbcacbc7b4fccba9328d93703b7910bf5c2677835abdf48

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
c67b4eef5782edf5caea4262ce82e743

SHA1
a2eec0700ab7d47d1ce6d9d55b3b362776cb0a72

SHA256
6450d3445e30e39833e31873252cec961c9e8c135a074078566167b005fd21ff

SHA512
49b260682d2e32dddd5bc09754429095d352ea94df454526681602d1c10264c63eb75c681542a7ea2114df903eaf3f3a4af0cff41524f9a7570b314026e0f96d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
9755fa3f03281ac03996139a8772eab7

SHA1
8e91fcb4e4aa409f4b4fab386e3201c09dede429

SHA256
7b585dfc7fce3e1812da8e66094ebd940a63f5de9ab90dd7e52a6b9887e21ce3

SHA512
c9e785c4c79efac7dd178c515d88576258a63f34581efc889a055c8b026753dee062aba2d66796377eeb8b204988e99a47368cb81e5c4aa9199037c06c2ed74d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
6f1d91c316b532ed25d04472a1a04f32

SHA1
b3f9de5fc3d0f0126999e2baa99785d2a0f8cdb6

SHA256
9cbda5d2187619992274eeb7c5f53fbe8e1c8f793aaa7239875a2290ad35c888

SHA512
fcf727badfc9fb6aee1534638a24d435d67ae34c62ff6848b286c8eb0d0cddd9a01003cf61889c7960dd24f0d43c1aa7e8adecfddbc4be961ba61e1089e079cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
fa9362790dc230fc1f45c97821a68c5d

SHA1
c8b00e1c1a8c9c91ea644ccb481d76ad624d44ff

SHA256
578ff4415796097f6f068f898c8595a3ee50d18b7d93491458eafa0e0fbc6fe7

SHA512
acbbd5cd451d10d2479f995f78ac492f054960cf62958ae9757dcb6311c4754491dfb9b74999b2cebfb8e59190631b50404663c706a57d5b0f53979a5c065036

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
a9e8104ad8ff11b449654a75498ed95c

SHA1
5f4893ba0c356f546d429226fd0e1b396ce277a2

SHA256
c481b66c6815e23967efb65a39f6be2d91e942cc660842f6dfd8555b5758b25c

SHA512
4322e77dc8558dd4eb62c539cecbb3e6d36ffd2840c687efcd1f6ef0942090659aa88c43808ac80d0be2bc328da18e6f7e0e4a2006e40d66204fb179226b9465

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
927d0bf37bea49b73d55f18d0fdd22da

SHA1
fe4c28ecd10ce451e411ee47b26e88aff469b3aa

SHA256
0cca4d7dfc44e941ccc93e6cb5c7b01aa3d76915245d24aa428496fc6bd99450

SHA512
b00e3029b532561786b2804be6e52b6238ff911923cdf95dd863550fd0a72663a04f90f2cd4934763309789866a8813653437f8b9de0299fc4045fc4ac1fcff0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
a22256662349c3623127297363cf4fbc

SHA1
327600f36bc4b80dfc1e10023f38012877fcde58

SHA256
5ea97d03a1b08639e00171a31ce09ad9a7fff370583f0f34161bd3c250c7aa50

SHA512
89876bdfaf130dc45f77bd7ea4287b539cbaa0d9543d9f332e4c8556fb2aded12340b8a373a8af430a042181a4426e0dddefd56a2793d48a98c43e048bb85cc7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
ff421d3537c2586eff6970ea851dd7db

SHA1
5fb38dae1acbc08dee0c6f7144a7534f86af46ed

SHA256
58661e6d2d5b3dc33c897a5889b3b7d584d5ed4f098842cd64dea2b644393536

SHA512
6d99d2259e543eb8495ac5e04eb1eb0c9ce3d84d3829a7df3aa077c0153b2ec3a246affbc43dbd1b33114303c8b14de947172a36115bcdff0d75c8cdb58f4574

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
f5ca80a7d39afee40ce33e52c017f535

SHA1
a4a5223e2055c881c1e1b76c2531b0dd03191b34

SHA256
bbd83e4e0617a4be7c2b6327b97b05a6c486b92af3fda4797d5c65ae4ab008ac

SHA512
2998718fd45e980e4354974fd471c96a9690e334b01f9ead1f24b7e27320b7dc8e3bd27f593885eafc1137aca3bae6711aa63d235a10ea597a7dbcfb5a77d42c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
c0a3debdf359747e132c422054131b4c

SHA1
b2f23adb3b619b9dd705b3512d068cff85e6dff2

SHA256
1c79ae1a93e47e126d61c59e52a2e27ce1be85c1644b3c480955bead6fe3158a

SHA512
d700b50026fc73551fd8d7de6634e72d40568c89066febdb81b50b8f2071a414bf57b6c7c8773008d5d7ddde9e595476d4cd56b59fbdae25c06e9522bfec52c2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
05ee5d1aae8e8d9853a03b2f34c286d6

SHA1
22df091a9c63249ce0d5390b38203dcf7832abc9

SHA256
a14f3092048a2bb635ef9f262aa14b99aada7f231c802191f005dc2229199939

SHA512
427f0c68180e47d0c4bd6b0d21315d98a61d39728891c3f5bdda63f81c450bdba12c5e2fa6986d54bcf07f8f710983b7397b1d9d4595eab9cbea35445b40ecf5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
2f7d2ccc6a44ab76f08cd85bdbd9af98

SHA1
4a00f444a3d7bb3ae6eddecbc1d4831d230f7cb8

SHA256
6b902fe40bb1fcedbd6787634b77ecd86c040b8b84241f9eb22c7f22430ad1ff

SHA512
5daff3e1687a7404e3ce2276b334641b7cf9e1de9703c6b03668ae52f14e50ee48a98488578839f7d2b21f3941a264609cb0df272ec28bccf1cb2d14006d94de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
455c856f8721a3c2b422e48d1b315b16

SHA1
0d7fdd51080499b867b36a467da69392a33ee578

SHA256
bb91e7c1cbf2aea0e97db4020a28b385ce5a9afaf6c1d23bacb21ff038fe5d4c

SHA512
62989cf0d1bdeffac9cc6ebd93476bf79aae3a3fcd0cfb02c02bd05af7943366a5cf7fc368a2d02e48c1c637ff31c8f3acec6f559cbfda7c89cee5c3fde40b3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
eab78e4b6fe5726b771b5f31ac85b9eb

SHA1
ec95d17831be0087ed16109d3ed978418f9ed6dd

SHA256
c0110aa3df192d411dfa1cf97c9057d24129d186ec51cb87780015b7819b3c75

SHA512
e63f58d8051413f70027af2feaa2291d155e4d05d4f6e59b468532c78c9cc2ba4e6ee5aabd9f0a6bcd50d690c851bc002642e994b6645dec41854563dcaffbe6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
fcd9f25b4b2006b747938d779d3ddc76

SHA1
b856415489c4913d12d6d5e884db81b2c6c5ded9

SHA256
d3f35bd27287f0936cf55516300b3f2a3a81e98b8f06f7acbb58d2d6a919082d

SHA512
c8de147f591df0bdce17d5ba65ff578a72c1a40d236d6bf661dd6168f086d0ee5ec69da87822a2628b920a10ba444ff6c6bd972948bdf794be4804b03d9bbfc1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
8a3c909830ccbf751594e12d6798a6aa

SHA1
0f72c7797e14ae322f0751e0f8bb83ac8489eeb8

SHA256
1f8004441e3323814260327c9843280db698f22cfe6d59ac3da301dda539f8fc

SHA512
33d7a8d129c7929f687da8ee2b13c66cd9954a7361d71cb99d6de4ce1a20318c63f4cdfd274fc3538f9f17daf1605707c68de55b9ea42aa1fa91407d93e787c0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
0f036bacd5de93b771151636409bd076

SHA1
50a3b932c9d6a4b5e75af0d51fa615a553f441e4

SHA256
3632ccffe7d33d6f294d3fb3863d3dddfcdd3fc30822e6cb4d3cd964d37ca7f9

SHA512
62f7fc4df51800a6d4e9705d2e5889a217cd69a305302dd9e86164980622b038f733b048518b8265bf586653733c0644a0e945b80b9bac0b4c5de397e2b1c46c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
9819afb1de9b21544054650a0ab8842c

SHA1
5ea60027bf56e191856d1e422908e5c094b53a5c

SHA256
fb06dc6182421daeaa0fd2d33f7de1bef3afb63dc9b9e4c066ec45092f4cd4fb

SHA512
a4d4fb88fcde2807e2e3626d8d0e72c48789c3714e5a032064f656ee9f183a16e335b2e981c16ebaa965e34fcb55f8193946ac8e08215b18441a1640e1431876

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
85568ac308ccd832b42720e1e62e2ab6

SHA1
d824905f9ffd3fae432574b069ee995f57f5a47d

SHA256
d86bba8af09be486951eeeb9d06ce9fe7b3e8b05261bc1a528f83dd797d07385

SHA512
72f158c61ce5d08eb45867291afd68481a54c685c852df1f6806aac7e1ae3bcd72944ab022a849ebcba5c8e9f7e5d923052f73f1f8595496454e0292f8fe9620

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
92e710f0089612af1903711059de8fec

SHA1
52cbe863b3d7a45be1c23df2bdf8355a4befdf25

SHA256
da3eeb0fd5e547071a0303d9f132e89a038d671bd73029912ec013ee1fe62371

SHA512
032c4b8e49d856dc0991816b28e3274478cd4e22e02b1cf4c9ff5e7c45da3c98c17e758091b4de973b70e122eecd49e361260b3a822cb71507a264656ba022b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
6ce8551fe9c21a331b28c4029305d393

SHA1
62d739115a841bb447470b702f36f20b8c410ee9

SHA256
c254f7c9b842ed9d18b548309d48d574148fde66e19ca97980cd71fda79b5ce8

SHA512
cbe4d8ab691d8862c198914d7de0de2c8cc75de39384d8071ca214004e807b5dd09f90e2d4ca4611ae45dfdb11c2737a31e44ebdaaf5f6249283c15cb989390e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
d24b290a278a6b56741b2daa9286a816

SHA1
08550cc2ec93bb32a3c455ce482c6f0bcbd81684

SHA256
d14f7778a578e5a3a872ed910f68a34164240a2afc225b08da83419448fe0e22

SHA512
a831af9e40ef6681203cd6cd1b49b24533023c72771977dbd05e8b4b267a008f5f276af79e87a249155feb90c681776496864aa1bbf08e46e492179999fe5057

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
ad4fe32d9ba9c48c091c93c6290a76bc

SHA1
662c188a5f86afd9e253c3990343b88b5020d6ee

SHA256
da4094cdd4bf1e35ed95d67182077c4e6af50448270b7490372885090d799cd2

SHA512
2f4e67faaac368a95bf2d001ad27901112f46f2bcf93429864168781d2bbec44ede69fe56bf16429e2332e607ffb185a551ab642b7009e9327827e078fd58158

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
a78fc0fd0712b54c7941ef1ed9958a1b

SHA1
10d8d6f7f42b645d10bd7df9288d796437eb7107

SHA256
849112d4befd9e26d44c73023db2a62ad01e0c8317dbaf2e5e7f7025b3140ba8

SHA512
c56820e142f54f80a15147f83b38540313dbe081fbb447aa7ae86e9dd91c3cdb453337c77e2b2359ae2b251b20ec75665fd7ac5cfba4e0d56f80caddc19ac31b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
fcf939a6c52fb6c44a92437895b8c03b

SHA1
3542b1d1caef06e671c9add8141b53f6cb8e78c9

SHA256
c62afa6021b374c41d7b56cbb866ad66ce1083e6fafe2167961038b2c9a00e0f

SHA512
494b932f929c88915803331606455a47280b9e7dddf7ff9b1f2e0a821ff663f9d49f7507495a35bdbe06423c9199a0861452b73da3008cd0f14f94343feb34cb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6e46bfa4deef0c6d4d4c6827ea6b8a26

SHA1
98ab4c96b03d371393275257c1eda9c5923a8e7c

SHA256
723f1a63a920d1998250cd1a1d9876e30e5039be9a4c4b17051cd556a11adbec

SHA512
e002d46ef4859578404d44428a94ebb825b37eb4a18103327c04a5ca41d47dfca1676c829446a83dd631ab1f3d3ac866780c6e26ae9658a1c4bf58d6829ac18a

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
7872073d1f142b43d9f93e3ede1b0a71

SHA1
1c1729960a08275586942587ec9396717738309e

SHA256
b57110a81162c0fa1269c53aae71746fac7c35122a90be93c6c3110a4beeb953

SHA512
a8c469e9278dc62b2a5af70a4348a20df7b1835b9cffc309966251f8cf67cf28657d6bdff7d8140e86736fc89a017d81819aeb8f008922c74045b56cd7e8bf89

Download Submit
memory/4444-10509-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-10902-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-6415-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-6417-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-11231-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-11232-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4444-11237-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads