xorist | fedaed2ba9d817383802e8cc19a64b9e08bcfc729cfb0dc710ec87f945589ef7

Analysis

max time kernel
93s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Size

7KB
MD5

fe6550da85f85e7c7eba13b67059c27c
SHA1

19ca7b595d47f254040551725a8d50bcca564cc1
SHA256

fedaed2ba9d817383802e8cc19a64b9e08bcfc729cfb0dc710ec87f945589ef7
SHA512

2b967097170aa5b3ae974ed8e2fdc67545adad4629c28e5cdce6e5f64ddfb9969dd875a41a749752b5abc1abdef7d5ecf08919c45522b679cde1d57b6f3d1c69
SSDEEP

96:l2Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExZO2HJSEbUZMUA:wzdrr1FG1WDCgmjPZZO2pXUZMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 8 IoCs

resource	yara_rule
behavioral2/memory/4808-6161-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-6174-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-10376-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-10997-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-11334-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-11335-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-11340-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4808-11341-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2189) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe"	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InputMethod\JPN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthoob.inf_amd64_c6923052f60677d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidinterrupt.inf_amd64_eeb986311b3a5b16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_bxt_p.inf_amd64_8be317e01b44bf5a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl004.inf_amd64_189d0189716edeb1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_cnl.inf_amd64_f668309b543472eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfcvsc.inf_amd64_dfe08f401a2eedbc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmotou.inf_amd64_8370fa408706074c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpp.inf_amd64_e196624c9ed43e83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvpci.inf_amd64_86afbe8940682d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-BR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_system.inf_amd64_184528953a6fb673\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms005.inf_amd64_add71423ba73e797\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Kds\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_fffc54d66d592d52\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_magneticstripereader.inf_amd64_86e291110e37418b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\002d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\LogFiles\WMI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0003\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\sr-Latn-RS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmhaeu.inf_amd64_e0c209c891e162a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_86cdf3e1f512cca1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\@AppHelpToast.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_display.inf_amd64_c7457a37d16eaadf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4808-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-6161-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-6174-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-10376-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-10997-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-11334-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-11335-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-11340-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4808-11341-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalMedTile.scale-100_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSplashLogo.scale-250.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-256_altform-unplated_contrast-white.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-100_contrast-white.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Bus Schedule.pdf	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48_altform-lightunplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36_altform-unplated_contrast-white.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_hover.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-150_contrast-white.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_TeethSmile.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-48_altform-unplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-48_altform-unplated_contrast-white.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-24.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerWideTile.contrast-black_scale-125.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44LogoExtensions.targetsize-256.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.targetsize-16.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_TestDrive.help.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\GroupSplit.avi	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-256_altform-unplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleSplashScreen.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-100_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-256.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionMedTile.scale-400.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2020.1906.55.0_neutral_~_8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarSplashLogo.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_RoomTracing_Tracing.jpg	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-30_altform-lightunplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Moustache.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\PeopleLargeTile.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ClippingTool.targetsize-32.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyShare-Dark.scale-125.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageWideTile.scale-400_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-250.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\LibrarySquare150x150Logo.scale-200_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40_altform-lightunplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\WideTile.scale-125.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-unplated_contrast-white_devicefamily-colorfulunplated.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-black_scale-200.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appid.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8e9e696a3f31534b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12app_31bf3856ad364e35_11.0.19041.746_none_9058677ca855be17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\TabSweepExplanation.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\StoreLogo.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..shandlers.resources_31bf3856ad364e35_10.0.19041.1_es-es_6d6f37f3cf287fa0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.19041.1023_none_374973298940e35c\SquareTile310x150.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-fms_31bf3856ad364e35_10.0.19041.1_none_fdc3c32153adba41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lsa-msprivs.resources_31bf3856ad364e35_10.0.19041.1_nl-nl_d65b2d5f215666d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mmcss_31bf3856ad364e35_10.0.19041.546_none_35917de94259772e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-machine_config_b03f5f7f11d50a3a_4.0.15805.0_none_8415fc268fb7cbd1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-cryptuiwizard-dll_31bf3856ad364e35_10.0.19041.804_none_a39946334bc3ad6f\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_auditpolicygpmanagedstubs.interop_31bf3856ad364e35_10.0.19041.1_none_7bc7a6195074370b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.19041.928_none_31fd477afc7b8278\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-winver.resources_31bf3856ad364e35_10.0.19041.1_es-es_d0ac42f327c78ede\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_uiautomationclient.resources_31bf3856ad364e35_4.0.15805.0_it-it_c61485c966b60f75\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-storage-compression-winrt_31bf3856ad364e35_10.0.19041.746_none_c03a28cec93dba5b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\INF\Windows Workflow Foundation 3.0.0.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.19041.1266_none_69f1a169b4d96a7c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.19041.1_none_905c6a851ca62951\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..qlserver-driver-rll_31bf3856ad364e35_10.0.19041.1_none_2b9fa2d1ce526f89\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.19041.1_none_202e011a312bab1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1023_hu-hu_11a814b6853ad606\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_10.0.19041.1288_none_09bb3dbe72898e4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlangpclient_31bf3856ad364e35_10.0.19041.488_none_96754d2c2f87291c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-fontext.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a3b17fe15dd5da16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..xperience.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9b91ba9dffb8dbdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..m-productenumerator_31bf3856ad364e35_10.0.19041.1151_none_7b059fe9b1fa607e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-appresolverux.appxmain_31bf3856ad364e35_10.0.19041.423_none_df344b9fe5390f25\SquareTile71x71.scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..-els-core.resources_31bf3856ad364e35_10.0.19041.1_es-es_b2ac2634369df78c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..rience-api-internal_31bf3856ad364e35_10.0.19041.746_none_dedc2b1c9e353fad\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-apis_31bf3856ad364e35_10.0.19041.488_none_adf7d867e27e5e41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-security-webauthn_31bf3856ad364e35_10.0.19041.1288_none_7e41d5cfd554dcfb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management.Resources\v4.0_3.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..rk-ctfmon.resources_31bf3856ad364e35_10.0.19041.1_it-it_d9156bd69facefdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.19041.746_none_d8baedf8d09aba05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mbb-classextension_31bf3856ad364e35_10.0.19041.1_none_b3817ba783485a02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scheduleui.resources_31bf3856ad364e35_10.0.19041.1_en-us_593f7a7ea2a28e1b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..k-transformers-core_31bf3856ad364e35_10.0.19041.262_none_edf49f767bf6c247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..asks-sync.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cc0a92463c7d6357\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_hal.inf_31bf3856ad364e35_10.0.19041.1_none_861ac56ef9c605d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\SmallLogo.Theme-Light_Scale-100.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.19041.1237_none_b40cbfe2afd2c015\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_sdstor.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_ec76d78ab1f9c6fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_miguicontrols_31bf3856ad364e35_10.0.19041.488_none_2ffa4308e32b9199\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..w-kernelsupportuser_31bf3856ad364e35_10.0.19041.1_none_25b7d5ade9946086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square150x150Logo.contrast-white_scale-150.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ndu.resources_31bf3856ad364e35_10.0.19041.1_de-de_1689973d99f5aaf6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..-base-vpn.resources_31bf3856ad364e35_10.0.19041.1266_en-us_d66d9cb12ec83a25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wcf-m_smsvchost_perf_c_h_31bf3856ad364e35_10.0.19041.1_none_f94ffc5df8d28afa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\tabclose.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-font-truetype-phagspa_31bf3856ad364e35_10.0.19041.1_none_28c07ecf98e12f9c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Routing.Resources\3.5.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..alization.resources_31bf3856ad364e35_10.0.19041.1_en-us_dedb4a4b06dfd99e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..shandlers.resources_31bf3856ad364e35_10.0.19041.1_it-it_a7b3239cb49d4eb9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..-charcodedictionary_31bf3856ad364e35_10.0.19041.1_none_e9a686b7cc731d0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_10.0.19041.546_none_7c1b5a91e56f46f6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..s-library.resources_31bf3856ad364e35_10.0.19041.1_de-de_9d64233be33ecd0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\WiFiNetworkManagerToast.scale-150.png	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a...appxmain.resources_31bf3856ad364e35_10.0.19041.1_en-us_d47fa2e3f7d680c1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3ui.resources_31bf3856ad364e35_10.0.19041.1_it-it_9c8e11039e6715e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe"	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\..buyAV-bomj\ = "TIAHKFPZBUJKCYW"	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\ = "CRYPTED!"	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\q1xSCFkG1R2Zkvd.exe,0"	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell\open\command	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TIAHKFPZBUJKCYW\shell	fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fe6550da85f85e7c7eba13b67059c27c_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
35c69605bb347c265ac3941f6ebd2d83

SHA1
973bcb658d2829ccb38ff5baaeb93fd0db7e662c

SHA256
3d26a44928cd1678d935316e346e28a82894d44bae34f08c01a69a7831ae1f53

SHA512
ae7b5f3de29e9e9e32ff42a8001e036f8db2879dfb081aae24ab9cef380a5b0c2555bd0b091be4869dd137049dd71ccaeea6288f697db6a7edf5a716f487eb9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
961896701b692fecca237587e6e1faf0

SHA1
47ae6bb89cce7e9b81b9bd2f70203c8396067e47

SHA256
a3cd727e58304c893625d1f1393587465394dea1ed1ac4c7a048b926ff4896f9

SHA512
6f6a4cb29003a3257f96ad5a9a5e4f4fbf1645b0f6e7b1dc2794b52f841038ae398b533f0f4896db7ac34774f639fbf66e39096103cb066531db640d311f7c21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
2b061bccdb8c0ed55f1bd012aeec4dd2

SHA1
9ee59b03976734a749a930cfd76a5c086572856f

SHA256
df7363e41319976ddd258b7ffff253c0315f6e5e273e6069a4c305f38c381ce8

SHA512
6f11e2af92ee4fe6d90dfff6d6aea059d437c9c4887906fc5fdbe48ce1387a8b80fd32022d24427053dcef420671545bbbb3b94e1b82cf657abdc5faf38211c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
1382e1c9f74b163a99565e3ecc79f0e9

SHA1
7d5448859e4657c9491d80e61bdd5f330a2575f0

SHA256
223991c5626180bee34ff808f7823da67470ce6a45b2b9a6a4693b8220da5a0e

SHA512
6f6f9815186b98c9dc751c383aa30f3ae5ceac80216ec23501f7f7a7c76b889e52a4a5ea78586b9fc0734d299ee0aa95c93f125cf6a9551fb6b8a42a26b57861

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
84f81b0db8472538022bff2cd0973d31

SHA1
709f1cd9b8898c6709b0712e06f689af6b9b4559

SHA256
0d591e3d9f2bd1c6a85d0c48585bf13b984c185fbddd77c716c3a16fd878127d

SHA512
9e1587a3097dbe97d313c33a5b99c27d39d7f93b40a536afea0869ef2690c9b50625af7a982891294bac28c968c228a35e66f0a9f91a9a116a97bec5f4b7e45b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
b924472a205910c32da3966c97538bdd

SHA1
702a0e6aebf4857ba93c4144a7975ce965cb43c0

SHA256
a8406ce728b921e350ced64bc1c2f14bf4ac0443a7fb343d33aeac3c563fdccb

SHA512
f70dcbe92d71c12b8a104ac941c4c971df70235ab6d7eee2dc424b7064b116bf275921d2b8ed8a719875ffb493205ddf2c3037e440664849d909e5c196313934

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
69c8189323a8e68e638d99db90ee6e0d

SHA1
ac635d24ec5084bcc9a2959cc9c5e1c54a38db35

SHA256
da0fa154f1759382e68ac7ee2fa9cb2892f60ebd711bf982d00e45ce73b4ff0a

SHA512
1bb2d0174aef5049678935edb7bb89955a6fadd7f061872abbbeb1f4e816548e58b401f41299a7075419e15f4cc56f51454a976870e22e52b2690a0c69b13db8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
cacff46f8e45f11609a64f3c82eaf599

SHA1
2a18ad646bdbdbc2da0983cc0e6c0de135131fa4

SHA256
c8279c9e97e3bd3a1ed4f124cfb88e537285963cee11ff845128b2b7ef4ab81d

SHA512
3de34aa14974ba83dbe32c901c6c61561dcd1d0667989f3c191c0c5c074400bb37a383a421d90d4092a71a25873fbb5295634ee6a27df583fd19c89c0dadee35

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
2c7c697cb4bb25daa5b4978ad9ca9b71

SHA1
22c2ad9050faf60e5f7822b84e997d71bafdb608

SHA256
fbb8f40f9a2ab8719c1e151301daaa749ba9ee398b4e0b1177647e2cb21beddf

SHA512
c4703d39999bfa57c4911d9b9b7a05b0a4e31e04cb06c797de53390003725ec6f7fc52ef8dbf434ad3af74e55d1901e3ccf674376ae9f07a2bfc091a42fab778

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
cb6e39413f72221f590691d2ef25904a

SHA1
d36ed7ce40fa84dfeab41a4900b8d7f8c6704b00

SHA256
118daced6321d659002458ccc5d8b0eed5b3d463f2de78d12d069c1615376bc8

SHA512
b813f81630a893b306ee78123110f154083db63e76465613d6d5361f0c1fcb96ef44e7f2aaab376235f28ba8c05f13e4e1a8c30c732e08b6e533b9d8ea34e175

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
ee0bba1673777dbb96b0329dae5f8b79

SHA1
c7a5c3746dc03dc53735deb7eb191064f6297e3c

SHA256
f1c211dd84f44c100d1cabc24574d49437dad8daa965ea1826ff3a4d4c8d55b2

SHA512
d59143f293724e1071eb978be522ae0b80085dda7de20294a0a0f49082c6961c44f54d6c3ef439a365e26bca846f7715d965066df8ab4eef56cc8f97c4fa9423

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
c5f81540d07cda425b068e52eea47c9b

SHA1
e31f58677bcf8b9b8c09666e5791a28776ebef7b

SHA256
45ac6da3e9ae1e0625c3e43a052fce820cab0fba941b9096afa0f8503ba55522

SHA512
52ebc9c87224370285e3824f9fd1bbcd8e74c09b49dac9b30588a607d5b07764699b5df0d204c7b82a67de021a976063b4a8ba8742271a4b387385fa7b799033

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
939c46017d5b5a5614ac801d4f5240a5

SHA1
12ea0c537774baf43198e84da2d35df052323cf9

SHA256
9a4b1c16fc7f3ca5bc85f35691827508fb4115fe13550bd255471ad6544e82f4

SHA512
da5541050888645624543ecfb479eee4ce495139bd1e82d9b5928b79f7b974e3d4f6b90bfebbfd83038ed0913a6e1aba3be7b6ff85d6c052a63d90009c92caea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
8c40e81b728ede86e7bc87f0d6d10b6d

SHA1
6050fd51380eb1e249b3d8cef1fa37380815f01d

SHA256
99d6d705d3e097553332e877460d9fca8f608edaeb05cf6ab742a25da64d1ccf

SHA512
e16b4e1305e2c3aa05de9a478179ded8f09d483d8ee9147c206e262b1c7f7f1d43db46557ee9e569229fc96d02c6245d72bed1ea444805f06e2e34a69bc39213

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
6500702029f70ea24976b5754fde4a09

SHA1
70ef30b59880cc175d6496742406d4246a0121bf

SHA256
2cb0157d91515916a8b88bd7ba7924f434f1abd6286264600f58f4b6961f2ce9

SHA512
d3a8f617fed95be73a945dc3b1b7fe1451034ce398d6446b2d3dcaf03ab060392aedcd8a4cead493be40d81de211f60d9b34e1c04d195c79921528dd3f32924d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
58365f8374440b14609491e535d1ce8d

SHA1
20b880b80155eee1dfe59814bfc9372c857daf11

SHA256
96edf0bfb850d148a1805271cae962ea88416e37c3a57e19f06760e5643e4824

SHA512
ecef4442319d2c0a3cc7bf16d4b9913696fe373714df4ea91b0ef0685a369ae71f36e61bdd54e0a0a5936a915212ade580a5adf448ce9ea3a5d53251e520a39a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
d7a57c71f4c1cd8be20509cde3883b78

SHA1
7c5dbfb73af9df0d4d3a270d641f25aab4f973e3

SHA256
f9ce3e94d70974e517bcf92ba462f65daa61400766db2cd7070d9f49555f3ee5

SHA512
5cb9e9545ddb3b58d7388ec6a25726daa2cef9b5ff49e1aebe18e275be5e3fdfa91caaab58c7c8bb02159a413d6ddd6ff1a95672a5c881bf1227b9a3721155c1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
498642ff28011f430b084618444f3ce8

SHA1
383d2c7d57d3dc4bdf053eb33c380b4dd29a22a0

SHA256
befeffdb6c8904c1b0866b917a1c4064347d466fed922b94441133e40ae4a0d4

SHA512
fa77997308eec5b7ac7fe93670f25fb552f30b771f50a66e1aa69f1cecfaed4b626add62cda3b2d0faf9124f646e206ca48c476f44806dedc923a8159bb30330

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
78108d8c9d5105f851b966488941fa44

SHA1
5379c996b9c9d8f14f9418bff16a301326c21ce7

SHA256
d8ebbb3242c3928ba7eb82194e43c3e23be1ab3bb61fd31094edb098e4f4768c

SHA512
e3ddb4448911e2233df7ce6c8bb4981338b51bca97a376b48dd245dcb99a799142b9db49c8a370f4091e07752ca1bbd1febf83cf9f451002745355c6054ac06e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
44b8cb37d3bfac1098e86708912de1b9

SHA1
fe3ebb5b51f770cd20952fe4b9ea0d485fcafd26

SHA256
2fce6fd18eed4555b0aa77e7bcd17b9061b523888b03ea52688e5a57af7f0abf

SHA512
656ed61d31b1e7255d3f7a6800b4d5c498d48a862c4c664dfe25db9e3dbcc45ad757926736e1948b46d29c10e02a3d2585a966852d0bdd4c9022f5fb9d24d23b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
6c8bfe7d7a3f7d8b1fd4f034da05c5fd

SHA1
4e507ef5c2745ebb364f3628c9939959fe6e7429

SHA256
77dd570b4dc6eaf6c96ffcf92dce0667605df07060a431d687ff42d75d074518

SHA512
67f03ea6810402f03a85472d95d22356a5af1a1f07cd0eab84ff019a14dd2d8bda2b78fe41d5eff6e15972106b5b9e8164ff8ef66400cee127625709f9e3c4ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1b0df3dba1b164c13a0f79b21685be00

SHA1
2153c85652c6601df31cfdd7eadb9eaa03a7b44e

SHA256
a419d61cf47be6744f159c74490b6351ec5d0f3798e45a8234ad81e85006633a

SHA512
96bb849fb2b78dd7486a4e23a30eb803d0ad93a97be7d692f479a6ba1f735b4aa8b77c804923a89098fd37ed845711f8f980159496054dcf167cf3d2993f61b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
a31a6d5bbc12f987d798094cab9c6854

SHA1
edd4686f74c161986e295472314ae307d59d746b

SHA256
70d6c57a03b7b82c02ac52ee80507a50797c606cb3dfbc4c4153512f4f52d94c

SHA512
a20b200691bca25bedbc918beeebcc3316e85688adf2486dee9806626c2274ae3df6b5bb317e584a8ac6e3f37c079c6782653a92c30a219d8249bd922051bd20

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
6ddd3367c8a8fa487aacdb96a7f9dad2

SHA1
0d2bd624b1972198cd0b696ee1dc45b150220092

SHA256
0cb6a684312408722cef5d8707fdac052280651c726b36795267994b07837bdf

SHA512
209784b481f9f58a1b1022472fa3d06fca340354c43e243c18c1663fd6c73898fd190546bc2e43770a4ae29dd5a47235ac8355912f6ad03a64eafdd9c61f59ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
840fa2cfd2603ed5ea8c3b125c65c023

SHA1
55f9576e8e73ee56bfbc65b8680065baf3577412

SHA256
500e1681afb38ca4424896a6a8126b3a51f536cdb84e6ab82704bf681bccb28e

SHA512
637129114798b15a735f910b00ca22b52aaf1a92cb4f8a1e1a002f24692bc6cc83f3e12ea6bee1ace78d2ed34520d036ada17e6bb8011157b14472c3c2fa4786

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
c6287327d4fe3f7bbf0ce040521d4629

SHA1
c87830fdbe8470dd093fa6260bac6d91669c67fd

SHA256
d2d411f60bbb3b410a35ac6327a25254edbfa401860c903101090aa398d361b8

SHA512
8e4e6752d3a56e3c9d346836718f7db9ea12e90095417ffad3a1070fef595ffc0259923776d055323a83b621bfb201ece003aa83f54ebfb3ec840e2a8ad5bf39

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
dc7540433b132eff0f2ec237ee222b3e

SHA1
62f0e546680d4f7241660be3f0c178fa828b2951

SHA256
cf3fbc90e6a381347d9b68f5aca05153dd0fbaa745a3b94d848f5c432025f3de

SHA512
71f24fbb6b76c4576b9f8220b18e238b68c75e7611c2444502f979cd0ba912018aec24137a97a0e1bbed96484313b33608f9bd9d933e2110976f5cb1b0b98bc4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
21ec5d6dba915c9db055db939cef14ce

SHA1
1651d651d124cfd38bf5a7f363bfddfb724cafd4

SHA256
e9e3c0f8ad38fba738de702a4888ddaba7794e4fbacbed4e85e9eb34c1f42478

SHA512
8513d225df020ccca3b251506ef66f9440e590eb806af78e6db1affc1152e754f7955f014c7b30f84eb7514d014a2edabb95b93d03a3c41247a705fd284ec02f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
d12c26e369cf65fe37fc552f1dc930e8

SHA1
fe0eac52d20a8bba23d03cd1f8e8867bd28d18b1

SHA256
9f37e93509f60c4fa7cd111c85799bab1d3a28fe9ce535577a2f1f89fdd2c4b8

SHA512
9155aa4f8e5fc82e2b22eb77f57a0c8855fd004a0d3ae0a6aa1dc89bb8676eaad13d90ced35a2d548bf0714d14e06c0abdce687c4d5992e5b987c427ea9720d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
4881254d9a603b71077c1c95078be001

SHA1
a63cb606a32fecc8c4a725d7e183b9364baa5eed

SHA256
47ec6eb9739486e2855d4b3d6a423d4e882c746e536c21a0ffc2e2063fe8cd73

SHA512
3a9eb689b63c590ef8641871847db7dfc61362375f1c8d67788f9c96f8bb468038381e4dbfd35630a488a3feebedb53f893bbe33be916ad068c98640fd4a0d73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
9faf65801ef2ecf91e461cefbe037dda

SHA1
c7069b00477447d8ad4e5b68550f2f6ca5145858

SHA256
6af3e1ee7d82a883a4065f4169cc3c6115e6be8c9d5a01ea8b988e24bd7f8372

SHA512
ab8d0ba7429797285eaea6f72599d9c7f2e31157b2430d18397a9e07dcc36cd26e680dd789e20f8dccc9e8ad0c407040a3d056edbd024105aaa109e4bda6ce10

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
aa137c9687d7bc53a6708cdaf2ef88b3

SHA1
e51477d48f5c580aaafdcc2bbec54df6c9dc5189

SHA256
849275baf4c61ddda6a00f0545ead6109658e95f0aec2570771640aeccf889e6

SHA512
909912852d1506536977525082c7e8b02e5cc41a2f53b97c5ce40d998976074a98fe0cdbaaa3f1a6fd5e2b695a1177879e474bb2b32e3c36de1664e7621e4744

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
96c9a31e581e4693ab830f692d3ae393

SHA1
e303d305d697f11f1a522da36d5d7f20eae01f2a

SHA256
6057e343e6cb9563221bc48f4ff73b95f80772f25a32aed3472ac3fa54cec41d

SHA512
243daaf2d54a307798349fd7a156cba0fa45e0e42652914882b54c33a7c938992c305f347ccbc420068597ff75966015a17cb1494f5af628642d4ee06fd36be5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
91def0ed903e3ae589a3ee4ccba51965

SHA1
83d1040b8aaa7afcf6459598d8cff6d29bbae52d

SHA256
581e953d7674d2866d5c83d7496fbf76f195ee93c66e89a794ea91e743cf598a

SHA512
2a5acd2e1c15b610ee6a8a1418a441af68baba1b8c1cc86d675b1c9a43061b9e2f267d377a2fef0946f2854824c4025ef7fc84300f84ae7f27657168b535433a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
f72ba174f7422a5ad9ef80a618d982e4

SHA1
e61e1c1860ab64f42f1a96289aa271045bf5f0d4

SHA256
32bddcb1579904c5b7b7a522bfbf5e1a91aa45486ffd7b07c5b9153ba906f66e

SHA512
b7461a9c3911258379cdf7b95fa5a2e80f589692f79bb9cc835113c437bef271558aa382465f1091f023b1a45020148a0a4bd8b17c3d0175f4b2255e8b9bcc3f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
edacfdd6a4c9daafab7787edf00b6ec3

SHA1
1f41e0c563bc98aaf065499fa1cc6a0276b3fb33

SHA256
24eaa7bb3d9ec2e0ea603ea49141282ed03ba18e852c6cd52124fc52ef4fcd6a

SHA512
e78adc86b161d79deeb46c9754917b15e3130ae2bf465a999efcec03e965b17b8e1f8c39e6f4d02bfbcc0d311d0a3ed0ad0c7a7f6b821daa5fe2b3361db5ef81

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
12eb3999ded868bc0918452590f0fb40

SHA1
8a6207fc827f1ff2421fab0e647d07bf77859e4d

SHA256
110649296e8f77d489ddd91e9fe113d5cdb0a985abc851ce5ccc09bbbc752d48

SHA512
4cda3c2387e06b8af84030d3d7d7518956bba28b214273069ab2a8532aa736fc799d5e258a03dda53d2b64f63a7d3aaee3608d909da33e003c16fcee95123aa8

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
6af465e71f1cb5028bae06ad47a1d138

SHA1
2a19824efb681a1bbae6258201c03131a0735b82

SHA256
b246e0c574a4fb171edb2c17140a47493a7a540fa6868f25d732383b4030056f

SHA512
b5d8bd78fb3b7193695a69418a638859731cf0f75341f9aae2f4af5bfab0884b049a715b3f0c1d509f56531de0e3cdb945d866aaffd2b88a9381b5ba15feddcf

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
b1835fda4764642da3b866b64b0c4901

SHA1
2204597ebc09f22ddac48e331a430424403f59e5

SHA256
0d4e1db72fb008b9390e5874f42ce8fb4686c507f8c34d1e3c95ecfaaa0a9370

SHA512
d326756a27fbdf20d4f60a8c179b20af73172dddb960c8dd359a4dccfe7da93d43c58629ecdb5dca7fff46b14bcfc4df82c90cd384bb5b2eb90bf608353fd04d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
9dc3b4ce1665b7fb27c6a5b38df1e558

SHA1
e4fd07535fba4dcf0f76b206e41b585daccd2332

SHA256
ea1c4e41b846a5d747c9a3d50f44b0c46708c5208f7e93bc974a426b33f9b63b

SHA512
c2b182dd8d96c33d67f99f79084dd90e91a96bb623935b5ab5265d901acffd76bbf903653ab712ceeacc36dc64c8a048cfe68fee89d7398efabba282f147b01f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
8b233c48182934f184279e3c23469f58

SHA1
0010de17aad9d83487312e3cefe5bb41b74c1de4

SHA256
bc573076ff545fb5b69dff94d86b4f0e22cc4e053d58a4d0980d5a5f917c6026

SHA512
526cf45b1264c43df7a1a1990a3f21b050f8bae936b35da271fd83e665b54adb878b371d525300f63ec13cbf74be91243dac2297bd16c4397c6d3c720ae02c59

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
bea989bdbeb310f2dac376a7f94273f0

SHA1
a36d1b46b2de43be1e378c2b0e873d40a0dbb99b

SHA256
8bdeb7fcf23d4b311e29233a05d6a553bb797f8e9da4bd0d886ca9bcb8cacd84

SHA512
68b6c92a39f5654cd9ecdc2ea5a2fd8796b9fa7f3fcdc0ae5c40c710ce58356a88b8981e1dfb56d6e86ad2f519745a4d46a3d6776d4b5eb2b0b423021dafe802

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
8670c2662f8d0d7116f54c6364027f52

SHA1
c058efac238dfe3e7506f98d1beff9ac37b89d65

SHA256
3fe34eff7b7bee9f2945a888dc3adfbde0c77de1d4d84461b49a6e7e60a48867

SHA512
504b472c6bae0b866fa7103a992f5b4e4c185807c1b3d5df1e1e6d5deee6053f1cfba157ff2068e50cc57c26b12ea8a5585d7d70a1675847dde7aca1b46caa21

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
6a16d4956e68be38ff142e8c2ebb1678

SHA1
60c9bb29247c700a017597e8c7d56bc860e5e2b5

SHA256
09ac2f265738dadaf1ec9e686aa8ba5fcce3038b851496d1e1f52f853e62ccc4

SHA512
6784544aeea3479a0c77173d7142551062a27eefe3afeadd96ed6df50fb4d7bc37f065e843f75192c741dac53ebaf577c5627c813e644f012866da7f9fe5fccc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
983a7e4cd666543fa02471a31c65590c

SHA1
8fc090466e35de1277bfc198a2cf4c1cb7483d76

SHA256
3e5c37e815e3f99752621748651a62e8688eac29cd07c1b9dc085bbc9ab148f3

SHA512
e1e333d934b76b7b9abf468e718072e15312e3c8db94fe20f38d4745bb362c3928a40f6b981bda2894960bfeed796297ab9d255a9e553743abefee1c643b727d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
edcd3d2835380a871c15be804ee5d50f

SHA1
21a2fc82cb61d78414e9b949991e6af6db97acb6

SHA256
9d2576f00e31bcd3128e3397d327c0532086c76e6e5aa98c7e0f6f3a8b59acf3

SHA512
872640deafaa8e21bd5a2a24bbc5e39b886c023a0adbf6c93675756a2082f6678bb4292795e99dcabe92926bfdbfd29def962b46966fffb41fe3911fba873f7f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
3b3f151ec7adf4d36ab120ac8d4f676e

SHA1
70fc3a170e4bba1baaa7265c10af554eff03e67a

SHA256
e26dfc2efb3b745caaf39db43f79cf781ec48df7f5df1f4a2c502d23e91806c3

SHA512
c99275102a2c5c3835bdc480aea8d5625886b3769177a1e52002c8e8024338bdb4e5bba823aece3c44e49de694a21c640c5588a6a7331c83572b08bff40854c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
899914688b2631bf71e21d4b95a94514

SHA1
0540d661f3c5cce48dbc43b32eecb42c770ffc48

SHA256
72ecf2bb962916692c45562f3e9770922011b9bab4f81802596a461082c34044

SHA512
736c754a6c8efe666dac40cf9aa30f8cc6618dc29ceac78dedee10323c6605e45c55af833ff399c82a3fe639f739fc502a858197b670f9932485391ea3392d70

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
0924f25f78ed2bf60aedb0d30598e22e

SHA1
97ca513ccf8314df29955529b8d50eb9d82ab5c1

SHA256
430ffc9e2ff88b42e18c875b036de589192e255b194ed58288f81d36df0b26f7

SHA512
0fc4e0239c896122ff78047fa130cc2d76c91dd3d2a4a3453b2942d656f8f4c94479f282bb85a7a8abb7a6dacd6efb2fe33eab683da09f0d6b9a4201a2308be8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
8d469b110194e7468b63f74d8683acc2

SHA1
961aa5b2199dc2ee045da47689469f90ae14fead

SHA256
70ef746ec057371ea3945abc570e9928a10ef3d0fe554d968aea9966cb8017dd

SHA512
77219ee41befe828a95d2912f232c3f89487ef34739c2182b96989ab10e6bfca20ee4977d304665ea142b03c1b7b85c45c7e10abda9d6bb1ba3dd4dc17d029b5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
b5b3291eaa49322fdc742f30e7f86add

SHA1
4a80bccfd03be0127235b4eb3bcd35aac20cadc8

SHA256
ec625423758a45019143658d6f11800c1182a11e2ee9809da3e30ef8509f7e6a

SHA512
be00268d697d3d3bc30bebb9e549e9281298c835b49b23685616f12c64a4e259b1d5f6e649a834d2e21c8c746cd4d4ab681b0ce2ba2b63baae30b45a828be6a8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
2151c799ef5270521eae542e2cb1e8d9

SHA1
616e2f93bf6518f9f7c19b1464fe210bac03f6da

SHA256
2b46f782b45c3264e0bbd858a7eb46540f9c9e934fa6a6468df5f111eb0e6388

SHA512
1a21571d77226337e33af4ee9f9e07b80f006117026a3d37fe7f8122f394859e8cb325a483969e57517db2f016b668bccc9c9b656a8f604cecd43a74fea080fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
14693c74fefc9028753865db5141983c

SHA1
ee228189661bceca11b9a161d6db3331ca195967

SHA256
9223a7f5a5f8cd1c2a1a1d2f229900cac1f6b983a6135bfa9edd377609c018c4

SHA512
4ac1c1354d76b2ffbaea9105d1c43de47e3abe99ca7a14abdef06575bfd5a7619f3d0d8cedbfd030a0c1d52ade9f3463e3ac51e9e87480dc001d6be7fed6d64c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
4683da2da5eadfe3b7f4654a04696162

SHA1
9fc7ee3acf2e6219b14456b2c831164b241b4f0c

SHA256
2d9b095f68faa56264df99f36976025d838ced2be77020abcddb24e8dc01531d

SHA512
eb237602311600b579b5f3c4812eecc1608fb0e0687462a01da3ea464045a021d7cb0675fbe87ea0c335e73a68427d3265ed2b82c158075c386834ef19b5a4c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
779486f24200fa4c6d6fe285fdb7e49c

SHA1
517a011c137806fa7a5e7d2981b0fb1caea68ea3

SHA256
ded9e98c32fa144f9f9121d6cf6a359d442c33d7b8bdc1fa78d0c8c351323eb4

SHA512
a441a87e09cde0b98a812c97f49beed8a2bf353673c41ce763f180f0fc859ffff1830d3f607e68ba7970f03e5c9ad552b7e2de2e40824d98cbf5b58e36bf6c4f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
0bdccfa0ccc6e19bf97029ef5e295ecc

SHA1
f92c7a7b27f6bb09e812f05f92a76609689ae8e9

SHA256
f199b6f16cca809ed6f9de4cccbfe0355376ede604f2809e6a249d4cafd8b88b

SHA512
76f8d1193252b90d17dbbba8d5b7a859c9fb031004c176cd6b17024c6f2ba0e1d451f08a3b233277a23d7014d4701c9cc5dfb5ddc50c0b57de90c46a40a22a6b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
f6a84c45b79012f598a992a71fcbf18b

SHA1
a3e1dde2bece81c6022dbe7228d43520840a71c5

SHA256
97a7a250e05f68983e43e0e94e694c85547d3b2123d4d396a74c184e2f05853b

SHA512
ded78610097c3556c84627ee650f3128cba6cb12f80e55ccd58aa5fc0230d1e8b8ff86c21775cc61e23230082ff02986b993a8c1514dc1cb2786d3657b178446

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
a21f97f0eac28313bae80aa4ef411e1c

SHA1
d4923ef7ad76ffc7b6cd874d548df9f86dd304e0

SHA256
4115d157573636466c3e9385c251785959703673e621718a94bc62b1db25ef5c

SHA512
57dc583f7984c356c173c7556b8c58c60bda160c65b1b801efbf030f57ab5e50148b846831999de63280fe7b13071ded10c50e21900df0af55712d1da77b9c2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
6bb373161b41b612d94f09bc2fff031f

SHA1
4c8c66e8a481e00bcfc9fd749259e36086cb8e11

SHA256
a92e5f2f64ae13efd9b2c04a8e5f76264573615f0200806c585c140f278ef5ec

SHA512
b525e22b4430053855ca1234e6067c2538e55d45cd4e656b12a866fad094c93a1569b446a477cfec7675966de5e6eccdb1e5b043a50e2c62ecfe9d5dc7477dc9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
97f01dc8d7e9094193e999c196214fdb

SHA1
185124ca686dc0ae4b4c2c1d1449f77eff5a0260

SHA256
b0bd2615c1d34119735cdbfa70c1ba5f82b334ad86af20e846788599cdaac020

SHA512
64a00b293a7dd2c4ab51535248d62a80bf1754d65554d9c762dc575f262cb10ce47223e4e89c78b965954a3c5b44d3bc88b2ab6ed155ceed8ad73f29fbe116c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
14278ba3f291e4e827aa9d2610a3ea79

SHA1
15c5bf4bcd7702b224ebba81e85dc5afa3a8871a

SHA256
a4a361643d157fa0deeb12249e73ab8e12ded9226b4cfc405b1b51372b88014a

SHA512
bb1df8d0dfa5090b120f60d647152fa465861bca0db7fabe0d0ad7ff91dcfe7979fadd78b0c92dcf1cbea06a3f74c13cc826541c0c573dd0591cedd65f617150

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
a432e3ac522c0bdcf4af904213b78abb

SHA1
b191c43c280d6bdf242df37caaa95316f928276f

SHA256
411bdfe8a401d7ae01591cda74562a380d27c1fe2ee4a41ed7c42f1094950e8f

SHA512
8576e640cdaaba0dce3bcf69bd1f68389baba3c9c972b95f4a4cb8be5b8196066efbb6b5550c2fa08979fa47f18c9d168424076ad0310efce6260612abc9a554

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
0a413e1b334de4b2b07a150ff32c7ec1

SHA1
b65b9947e63b7a20408386175ff0f2ac5eb5a6f1

SHA256
682e0aaf5e19fca448988a13de82e26db9e36a193193a5c149f5ef5e34fb5c25

SHA512
a4a8451577ea2d719db3228850984426e7a8d5594c0bbbe9f1943adcf4cfe2ca9c34b6b8d4f7022acb029342c225dfd3f860a85d22d929ab45c2982ed504ee53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
04af6daff1a433fa1b0cb1d6e7abdc5c

SHA1
cdcffb4940d044c9be5d33d88d228f792eab0170

SHA256
8c9722a7fbda1ce4dfc03441fa44641901b5ed84e4331e0fc27a5698d163cfe2

SHA512
7e76a5c5538955003979f90642de58354a588734c6d951545886c27349f80619016bed6db57778f72dfa8400e87c35f12a2fe19af73f4428715bb9a4329f3253

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
57bd5bb565ae50c60774d7184de05321

SHA1
65760fe39c9b03f3354f133d66094a6197c8e6d3

SHA256
34c4b65ffcd44dddadcc28cff8fcaa57b73559d43fa370c505f7ad2073cb24c4

SHA512
f13dd8fe1d799d3116a0545b0e9a373520caa04af66f128bb6ada590a26bc0080669e8cce386c14d0b5e85262359a646a29517ce268300c9b9ddb1d42ccfd810

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
08f2f3cdf8eafde6ba5361a24cb3a121

SHA1
25645863c1a7197b5d858dd6a724065b62e7a18f

SHA256
2cf941f423e8020b01c3f92f400bd9f2308297c2634322e643a3616bc1523a8f

SHA512
8d9aa87b5e9d5b3aed80410ca2c6dcc9e912722a1786b65a747b7fbf5e12b1ecf73d21adf655b7a85018d282eb15c916f4ec5efaea3bd4c2cb6851cec37aed72

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
3f3ddf0781e768d8392774ef7f8605e6

SHA1
0d07fd190d594c1f4a970d1908d210327b16b3c3

SHA256
8586c6f2d0953410627602b844738a5872b8c99f7fea73dc1518b672abb49e67

SHA512
70a046e65d5091a86cb587f090ab9e2b34e148e60c58e9289ec76c736421085029cc7c8b47a77975a6d92fa4dfa4a827319b182bbf929f31994fcc680bf93c53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
88f7ea98ec2c5a896ccf29e3318ce519

SHA1
ecf5ddd61a7d67f14c85354d97dfbab1d8a55449

SHA256
d133bf1b562479f5fa57c725b58cb0f23c04258c0e4aaaace01ad025e935aa5b

SHA512
075529916ed42d2bb2b045dcaa14418e812e59c9cf730105fd6647927d9bd803a1d9a54866374263581ad5d45f7f1417aa6baf843d5adb3581e8913efefa1bf2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
2743761dd7a18f3a6b99dcf0165d9daf

SHA1
4c52e28057e2a50b7b9847618d27f209d93d1aa3

SHA256
c00ea2bcb0d37c526fb994168e996a9ecbdc3b77a3822cafc1ec8e1571bc6d53

SHA512
f00b74d5a3d7ffc6cd86b9985ec8f76073aecddff476378c2527241550e658615219e72b41742e0151f39101e8dc46b292fdfdfce00e8e342d7b4deab7248afb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
0f6d8bae12ba27cacb7c182d46f1cdd2

SHA1
595944afa93554688295f6f9e527ec6d4e9ee967

SHA256
074b938e5337c166f2e8f64753fce560c34c348ffa7bbb88b5f2b32ed6a627ad

SHA512
12c15b51fc2572d90ce9a851ae8d8c58eb927b65a4b22166a0d1e0551574fce165ee6c4fe8483089a4678a74786a602e2891a48fab37ba50ec64af1ca8150730

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
cdad0046ba3b516045dade041285a163

SHA1
b7aa5a0c57cc94057139f13aabef9d162e89e2d4

SHA256
3ac2599c31e43f326d7ce30e04a9cbcae7e6f8a8f92fc94d21b4d8c7b4d21fa3

SHA512
107d621f06e3ef220773a99349e452afb90776fe353f530ae6e535609eafdda882c26fa2d4547c8a8a506f88b95395eb33c93c32c156d895445f765e7683fc7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
6cdb565859a3379a9bddd1dc4db76efd

SHA1
42edd581efdd5205072010952e85c4ab73aa1c82

SHA256
f5942d01396fe166a5f5ae6cd2ad1bba5e5272341084e63758a5a7741f556932

SHA512
9a05034b3ccabc434066cc9cd369e2edeb7ca4836cc95fb2b3b4174c3511f1af1e53b21482fdf15d84b93aefa00a0072a650b204fa9c86ad71b690d154c1d71d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
e1d6e115ed834d690b4c431cb922ede3

SHA1
17078de5ca210b3f15524a6f650620faff69a5ec

SHA256
30fb9baccae050496cf4e7feb1c66358dba3219b444f4da06241ba63f5829dca

SHA512
cf0e2c56b335f83958a68326acb2fa266cdb12fe09dbec9858b7579b380dec686a82b83c9c2dc7d658ab27ba2dd9c886cbc79417bd07d8f1dc78dc161466e395

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
1da6f043dde7717acf70f1f09373676e

SHA1
70b279f7e79bc9cbe6fbee96e5f607d768900e90

SHA256
9892060ae807be166844a2e5e3a55f146bc72cfb84eb0e997226787045e38d6d

SHA512
e3cfa27a640c8ad26e096644f097320e9e7c12c189bef98a8145126dc95f635d8fe94b793ca14b2d73c6925c6ae51a2ac3b034fda7cdac1970b38f87a702b5aa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
fcc4e3cb590a5e07f3ff40d3634013ef

SHA1
dadb025519413b72d542df0652eed39826347236

SHA256
79f979563eaa104798c9a0dc5e1fc0bbc1c6528a4f4f3595a53bfb7fe56c1cd5

SHA512
02789dddefba716a8187f617ed9f9ce7157e284ad9d4e78207e8f0bd8fe5ae17db1422a04d329be8515fb928bbff4cf6714f29d2104d1b3b60a0a7ce25ad51ff

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
08ba8d9777446c47b9d9f44e4abca61c

SHA1
f69b55bd54b646b369a5772028c779cc34e55525

SHA256
0684658ecf47344bbc442fc225615f8760fd94789221cd246de64a9f630e7a08

SHA512
b7fdb6ac08e0c530f0923c84274bd4990b09c2f56fa6aa03b1e7b8d49b38d9d77f9bc82693c9a83a5f1b8067259c76f66ec75c81ce40d0fc79050974d3c15367

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
d440af502cdc08fd2998fca0e33d11c6

SHA1
17dc3b75744542e74818468b01fed8165d6b8e6b

SHA256
c28f35a0730e66371d2cae6677dd37d06cc9ab8065085a5648ab173655fa83ed

SHA512
bf2442dd49edf51a77a57a8d943b1404470fdd43bd0940688c3df62ad715a25b25f0398432790f225555147347aec876d97447261a2b1fa05d29ef2b1c8f22e6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
97bc5f1358ccecfc83298cc31aa3dd40

SHA1
caac46036b514c991535803baefeab5dd2730b6e

SHA256
9ce04cb542ec9a0360891238d5a8b9aa9f4753fa4e5c3f019f9ac8a1ac672636

SHA512
828b06f718ee7c2a6f027e097e44c2460ad8390fa6e4fd9721595c6b24721a531f9d0463376eacc102a6b08ce81805a29f543f55e70ee43078f920fced9fe21a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
f3ad905c59b69fc9a09de1c7884fcaf8

SHA1
9dbd7da68e11282f6974d69005cb922d5a9c7812

SHA256
129a0ba58b0dda0efe5db47010c74399e534270d1a02bfa1116c6d5203c6c611

SHA512
3081131305331fc547a95ff1d5522ea9e2604eb65733cecedb83591fed53e4a600739264930ca2fc8054b10551d6a45288ecb17bb015126f11025bd69fd3589a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4b6203c5871554efbf1a52a778f2787d

SHA1
ca81ac36454fafe0a4d12ba4a2422c35d1b9a5b0

SHA256
eedc391cda42c29ef9b38fb1c4184991c81a8a70970148f09d1a4cfd7ed35439

SHA512
becdb3ac832ef48f9a0f7bf307adb0328eda8724f7078d43018650d1daef73f5849c333e20a8799ba9f07fa2e5dbe4ff0aa210ab60e37f7681674aa1fc89798f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
0e6aad8f1279492ef58b41233b9005bd

SHA1
e897dc624d72cbf8a1ab8000ee2b532ce300606c

SHA256
a1458816223af8a954f40008d5409c8a02498d5b420f39f81351a9f848839f1e

SHA512
b619e9019e0b3a7a6f456f8e23a9caf8ad4db3318f6ac3629483f7b62973aa5825a0af01fc0b3282df4fb7efdf76a189516744abb54c6c8fa6e4b76c4b7d61b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
6055aae3ccbded6006be615dcd9495f0

SHA1
3b2b608dee13fe1c1c7c1a4744b2d2f2fde6e2a3

SHA256
fede8f202ed2d80e29cf0ea198f7269aa2e7607976a68160aa6ac296755203dd

SHA512
db1d6f3a7a68420c111b60a313cb892d6aefe0642c2f37d574a9017b12610c9d2c439d5c53206658ec8021b596747fa39123027c930601931130c5a6f7ba8d35

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
50f8d380541c43704ce4c228e593b760

SHA1
738e49004438f45abb86983b55ded37f5446b9e0

SHA256
81872090a58b86ddf9ce9204e27887a61499ccec8bb4e80979c8503649ea8872

SHA512
18134588a226531a067eeda894909920829a60d1cd48766107546d6572d22444e16b040a7ddee667ce6a67c38a5e93c8f274f31e0e3e8782cefa048b80396c30

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

Filesize
77KB

MD5
f15a34dc6302168fb8ec2a9f75ec25f5

SHA1
3a43bc1ead5c3afbc145c13ad2a50c73c81cf2da

SHA256
3310b55815c1a6bea177258ff9efdcee0c17a91997a77e104037e43f35a369d2

SHA512
35fa73fcd814792138775dc42ae2a52499d01b9785f5df1e6bb678a109586a66fdb419f1d649d25717045a06f20f568d054f2746d787c256859ac4724e966e28

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

Filesize
48KB

MD5
057b08215759880e822c8c5cd5211c17

SHA1
52bbf83f7eb19e24c36fdd950c3a9f95ba634bcf

SHA256
4669170d746425c17a3c63bcb0eb1dca37844ef6e36b5d8991d3e3bafea27c70

SHA512
6c395db6044185808656cb75634ed093d0fcca5474ac25add67d949721ef4af8552f43c299d18fea3129db021eb584571ee5bd7d476c8225d91132c510161d97

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

Filesize
64KB

MD5
f4db5b9c03bca7837a160ed63c75ebee

SHA1
54847da7d18b3e953bb8bcbf1db672ac619a147e

SHA256
b7464a3dc6838373dd4b11f571f48802be4a5d0b2d57d75c5ff3ac6dddfd35cf

SHA512
134698e3ad835017bf3972a8d29aa62a59f28372336a65572213d6833b1299dcc117f7747586a8eefb095e6a98785423f34987656a36b59b1cc41939e5d7bbcd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

Filesize
75KB

MD5
ea32fb9fc68162ff95c4d4e86a1a8ec1

SHA1
24d39dfa1ae79c42be02de07928973e94573b332

SHA256
5741d3fb41a80bf00d38c10808f23714300fbfd69bc3c65eba32e30a01bebc69

SHA512
2571a389375c828e347daf36b8a1f842bcb31e7f8365a49461f045f0b4af7da867c90eb85e83d6a38ed82178d61f93a08bf64ae0bbc69d0bd2f42d39c09c7518

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
ace79c5312f805fbb460a72d12428569

SHA1
aa49ecebb9c7640a655be1f987aea502e43e8ddb

SHA256
460853d47dc2b5190207f386d8b40afb4e01014fe84becc6ccd26b55ac430025

SHA512
c19dea62b028b39b4dfa7564331cb5b1e15d47ef3b395d238ee1c5a8b4d94cb5821d953a9f025f20c2f4704582a92956c46b0a0b18dc27915a35a5e972de6a9f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
7ab26e28a90b3ef45ce1f2285000034e

SHA1
a9c96afc6d9e0e5aaf3613dbb769c865c2e422b4

SHA256
0bd902cafd24894f965f39d540dfbeb7705da3f208722035d8c55552dcba5212

SHA512
a7d831c773d1e740c47c483094ccebb54150f0b000409ea1e46c6e4ec3723945d9e14827bc73774455199f7bd3f5b7a471fa5fe306d6f798f3b14bb3aa29610c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ef8078f8801f99603eda915154e048a9

SHA1
cb60ee5ae8a91ad45fd31f4c00b88ee69347c9be

SHA256
ff1d2e8802be5c3fcfbd10ba52a8f5857ad992747ce1332fbdfae7e75882704a

SHA512
9fd2bb55b19b403919defbd6e5f78e30f8593d5bb4135f6963db8813c6de8d93dd8294a5f58e179c62e999f90f8ed6e814867fb5b119498c17a668fff5e372fb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3a326861bdc6348a0790115abfc7c145

SHA1
97222c67e0a895a12cbe1df4188742c1f7940784

SHA256
056b178d837b44190c53366f09b22397da15abc902586c6afb528f5ea40ed71a

SHA512
6f4c7c0139cbf04df849f67e163ad0352212c438b9885a9326d506799b3d0eed7e0be28015a5e58fdee66f283f6b49273e540c543183c8585e3f8870b4629b94

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
e2a203a53d7fbb31359c89ca818cf54f

SHA1
c3b7e4c0d9138709756649570f33836cde424e5c

SHA256
b61d1a90e5635eaf6bb76a1917cbd9de96947fe10c9178827d7551fdfcc41cc0

SHA512
696c4d03e4b71ef67e70389f7828ac890c2d9a64191942ce2fcdae09490733a99f7e848c82d594801df976731c193e5c7bdb7ef2c4a3c8411a9d873072da1731

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
4495721db694e9a03fa881f43f7d11da

SHA1
ebe4523325dbe977e5fe6c6893bf9319ffc4f872

SHA256
427ebd1d7bf0e6e819d4344455345bded465068a600402aa48f55fd8472f4604

SHA512
c65f968d783d50b41e5d66b1007469fe07120c35a6f3d9c85d32879f2be06aad887de05c87884b65f313fd480782d14e6664a2e024ce6640a52edc2358da3dad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
bc2a3e2fa619607e885e63ad7813e08d

SHA1
a2859ae1a344c97207903e5b1269cc207337ebad

SHA256
83e5e289674ef3a166dc469a69feea0127af01655a55fa78807ee5d8f8e08d20

SHA512
7a7ba035925e2174783f2fb505fe39bca51df70bb409cad4093b9365a0afd611e8cdeae1c72b3f6b001c5bf08ac1fd7f1474f3f6a31b951c4428fd75d00be084

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
4d977ecb995194297d88e9ba9a963033

SHA1
eff3a1904459edf747fb5d62ef07e0479b60d44f

SHA256
d735c5a9bea83163523960ee7f09c4a2d76c5197f657495e22ba2775ddd3069f

SHA512
0a7bbb4481c80988f7322093b504292b592e93c2047d1d3167ff202f404b9f69c9421b97cb4d2e6e19efedf8dbed367067168ac04ba8c42ec99e14f87c583d51

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
f317aafa59e480140ca2392302b53eb6

SHA1
a3413ed21f8dd4d2e128de37407b360c04d22d70

SHA256
ea113f6dbf152bf1fb5f159e2409c56770b9f9be77d633f51b473b6de1eb27ad

SHA512
8929ef2cd232cfd7c81491cba36e4b753b91cd5640cf3c912cb86698a3ff27ade27f752f44c7360c09c21ec436a3e8dad4da13e431d8e45efd6b0434a0a4b5b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
990278ba48f11b23dff1335f4416842b

SHA1
b4861e5cf1e3864043e57ec6b137c734a4b55c5f

SHA256
116f0cb6723c21f92bbf8331a6794f02b7e6f7ec7c05d5b6b1860401e9cdf196

SHA512
30044b9f69896cbe364b904ff85d2130aa6b0c231922767b64732af2a5819754b0289741da46102e30aa327244a513bb462acb791d2d084ec0f531b09a45a6a7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
f4ed5b952988ddb267f0b76042720559

SHA1
60ee3788329bd2b6ee5e4f96eeca3063f173a53e

SHA256
ef780b295a14a691023fb2314e1b8a466dbdd30952207fe55835586db6bbdd0c

SHA512
0419527675fc4d8f4e00777e3e5bc8ad9ec39d87f1e88b14007d3cadf03fc1ea0db64179aab60af38f2ea1ef0e8135a38790a6482974f3e2e1ff8ebc682b1e1c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
50bf655664fa7d0ca63b49197fa39d6b

SHA1
5213e4846f243e44877e6f3d1f922ff9038a65ed

SHA256
f1c28add1218e34d3d352a1831a80fcdcc7e0d0d6872d28350bb53831568ec14

SHA512
7a58e6b004b603332659092c34d94138eaeb70a1c0f4dec589e9719d9f08f4fdd38841d12095356c589eb9e4e9e50dd1289ddcce9c2c5204ec5b42d42af244fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
bea1e0d01f8e2b1ad84b2697d88adfaf

SHA1
5257a43f7f2abd1aafd13d8969cdd1ccf2e51f9d

SHA256
01b4c46bf468ebbaab379ceaad148a0344d9d1599809cdb5e2eec7736ababb5e

SHA512
acc637b75a7b0878d893470ba69b4edce5964e4fb68d6b0ab770f41f586e2207d3f6d35daa32f20fe6124606da756613987c5e35ab30c02b99ff0c75334d7500

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
0521e2ca0d247d96ca1589e3dfe027c6

SHA1
ea717e5a466a9a55671dd651584760e7cded264e

SHA256
4e2d8e636341cbff010428768c088a3cd8216eb4f69616363e9216e4b29ea7c3

SHA512
a5c355944d3e6380314548a707cac4e5b5e4cf7b0603daf24c0c9efe6cc28fad2c62d831f8c623eb5acb07b56c2cba5bb8e83bfb73e7a585f77e81081d7bbd0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
695b63d070195b5495caf4e1becdc32d

SHA1
3cc216e686c50a4a442373502923b58fa93427f5

SHA256
8d1177ed83c728937ef99a965f58036385c3286e61495821921103081fe3d3b3

SHA512
c246f037b0743afd1aba11c87ffd524fc996c45d181792112c8f9f88d9eee99b7bca14f2ff2fbd38dbcbdf323271a191ac4618f37d80453e4c5b7d1c6168144a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
1736a9dc2ee66ad881242af482e55877

SHA1
1fce168803c2a7a4e4f433733d2d426a82b23ab7

SHA256
cff2175f24705947aebc48462e3ef6982b4aabed32d12353349f6a58b06cb35a

SHA512
0c2f1f0c6deb2764a4dc5f1a14f70214eccd8853f78c052da369a5ed54c19b5a4c3556961e0153a3c5d0cbb63836434a5c01ec41d1265133498924c4586933b9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
1614c3728d9acda9c7fcde7018819ae0

SHA1
f9d0819648e98e660e7f5a7ec60bf02feb45d80e

SHA256
8bb0dcb4d3e8f2e78886a180fd29bdde794997b8574ccbdd7f2f8aa764180be8

SHA512
880e93c8e19948a4495bdd74aaa3d1511ba086bcf6334a50b9e62d01ce6cba37afe22bacc60dad3d7daba8fb35abcd914ce62224515dcd55fcba42d2072787a8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
f9bdc03e3e58d362e176de6c003fe3ff

SHA1
84700fc009fe36e79313c9f5e4f015931fe82b17

SHA256
2f653a5af856a1840609bd8f0e6a7ee5e467ec5a2868349be2211387988c4ce2

SHA512
38e6197a97164b2309571f14d4382ab2a6049ad9406bd3919c04042284a7fa0a46ba4b33367c31186dd4d8333901f6ebd7b17c55698c693e8dcab964aeafb106

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
ac240584cea18dacb9cbab8f6016d734

SHA1
22aa1ac9284fe1416a40e10b799c5e262fe425e9

SHA256
e1fccbc959d86cd6aeb555f41b538f61af8052dcb5406ac4b3c41c9f6227696e

SHA512
b66dbbde03edc6cd151840f609816503a2fb417d87e63030b73be0b8064e8902d97e08f4c5960a5df8c4e6bfba57e95147a91ed228e6878b3a710fc0c49a34b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
8e33d9bc321e4fd4aa959fb0f83b868d

SHA1
1d61c5c18a03d2ce3ae68c0dec4b2bfcfbd4760e

SHA256
789449fc6b321ac7cff5c9f10d3d9ade6effc2045d7c2ae4404fa2554885b432

SHA512
26cc211fbf7a077771c547f83167685c390252229e18b2e318e7d82e2202f6d2ba82d382e62ab85ddfe6b20b06cd951d0d2bc9824e00a96f1a2e2774b1ca8bcb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
9190b9ae51b8baad8253bdc618774c2d

SHA1
375a347ba6820447fd118e2364f8e4dc00ab87b5

SHA256
2767852ddae419918badb06231971ddc55baea2d83f35fddd4048d51ff819511

SHA512
5ed48e4513aa20cceb91841fef8b129ca879c71deed4ba0c619d6f8c7016d2bcf5e481e4644aa1d4564de2e4c8b79b32172803f2a26ff8d9e47bb436e6257c20

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
0dbe9ca040ef480b61d22fd948e8432d

SHA1
1365e941d294838d2886cebd9fd043ff1684ee6b

SHA256
b4f3696a92aaba70fda17c0847aa8f145167052e2a757ce3fffd14b7bdb41b33

SHA512
3091325d895bd1b49be4e7cecc7a0d60dedcce72fd4f9eeb18b10ee3e151515b26979b90cd2bf60e36417a2c0329d426d16f6cc08fb6328d2ec12da1a44911ea

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
a9f4dcd79e6ac09be82af284e56d1f51

SHA1
8de8b8fe4fb78063e3ee0f32831e023abe73be85

SHA256
515bbe794b749c67c115a97907940935a2a19614ad0457b2f1821fa836894f72

SHA512
c43089b5064d92b619a0d0cee5ca103b27d4c0a7a49898144cef8d36ff95e384c902ed16313d55104a450ede38db703b80213e393e22388260ab8cec027902bc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
0899ec6510e63f04a9a925f983219364

SHA1
ca60e5c9bc4e078f3195b1733d16988f510b3c69

SHA256
3d3d621606e69cdb7040f584006483e3dea7b48084ca1dc4ee2e7b88a8caae3f

SHA512
3b5ea067432f1c185ddf69ff518e2cfb80595de57f5559d554218412c5fa6377e2ed11bb05680ebc1dad0836f65acbf2e5a1adf6270624452cff5994e35583a8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
6b9a9eb9570f121529ddbced2d04ea85

SHA1
97016339f81618aca158151635d5e6e852bce0f3

SHA256
ebcdb4974ef0c3682ae1dae2fa43db19b0d0a555e997f21140a8dc2d4e0a9971

SHA512
37b2849b592ec6dc4a536cbfd88b030587ec734d8345396d414c02f996bff89c716f102a56482cab6cc6990109b9304381a3ad885d81e674a4129e1463e33056

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
fb18acc9c3d4359af9bec3e6f69128e5

SHA1
16fd21234c25554f4b383e117418853fd8965351

SHA256
8a81f1b46d50ab4e2d5c9eafa736d433a384f3cbed805445a7334f455726513a

SHA512
6361a91a37961101897840607099df2bc1cc3d3f8de28e40031f37995978a9103aa02684f940261116c44876d7bc9b80f8669ec25e2fa21e522ab09077faf5da

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
bc34d454f045630f925be334c911103d

SHA1
8374f15751982db1ed6ea7e3ba12738c0a02a178

SHA256
c1af59a61e22a925401570893d1bd991bcab039f61d107c323738f64b6289768

SHA512
2168d33407d1f91842bd63057dc96bbdc3df4770fbd98c64600bef5e68b904561397ef4e68060a202a5f0584708a7aa6f29c2384ea7a3283b10f165066bf30d8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
03b5180e49f59b71d1924a4df918ec08

SHA1
9f9d5ec2016438306f2434461bddf15a71e2d519

SHA256
a1ca2455b7af475fa03781eccbfe34e667aa66103825e2e1bb246ad84e47624f

SHA512
fbaaf817214c48129416685a2696c8808f1a61bd5eacd934f664e16e09fd7801825a2f20d96e9cacb70e27525fe24dc0c48794f643b88a5bcd610f35749e8278

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a40369d551984f613175ae00bc740109

SHA1
11730b855f3d46a63bd388242bc049bad1e20047

SHA256
e6a1c5714e7871528eb93b2798e1b424a2da44bc2fe2eb01acfeb960c47cf5ed

SHA512
df30ca78700d773db26727151c2c4ea324d82fbc9818120525fd265eff9664e7fba6ea42f0509d0434b26ba5060bb7bf856051017acd74e6f28e41b754eaece6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
0f8a6240cb266ad3751187cd54b27f48

SHA1
2debcc2f3d52928b066db8d9aebe50f75bfa0fa9

SHA256
17094f718785caa642f6e24e190e5dbb32536c1a11582563c9f7b246b0478526

SHA512
2be006d5f6e8d733ec0561a586435ee51d57326ca9e9f65bb16a8720c31b53de445b51a54d65c27e623b66d849aad04e9a254cdd354abae45f1042037632fbef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
796bfa20cb47b132b4ba91b04fb0b59c

SHA1
dadb598af05520335d843ef6c0aa9db54cfdd0ee

SHA256
948643e84c09e7a7f33de18a3fe40e654d2df47736bd9664ca19c30a50f6e01b

SHA512
e29a2ff79049af860ef34342050bc0aa4747f542334c74a3963421e6abbdae7db4a0bb82d2f043a445190e67efe368c9a3b24abdad84d1791cd23a17ad6780c6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
fd3514f2800e55503f0b619230fc72b2

SHA1
1a351f879b45913a37655afcc7ec230fa1114fcf

SHA256
467c306bbf0ebadbf62bbb915ae6d8d78747f3e2712f08f6eba6c43bec09ade3

SHA512
2dfe1f31b0c3dc54e9b3291abf1c6264cee224dd07b4e1d3c95b79d196656acdc8afd479cbe121d75d103da91315291868a0580b00b527b115dc57ea3e0cc37a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
5868c905460f03dfe8dd59b1affc2718

SHA1
377ca38a0e63b6c6500585fb2499a56df79398ed

SHA256
d5ad430a378f66aaa2ba5698bbfecd0b13da15eb38165db4c6ae139f4287f986

SHA512
dee79a3f049e719ea15469a21665b6892006479c181c10da3c79ce177b6bbe8155d2d063f06a5b27a2bc31f009a8111fc930d3acea2d19fddd1082a76c3ed3fc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
7ce63cba7bd4c29e006fb34f1614f4f1

SHA1
e966f7e8042d1da76a97aea3c6c94bb66a2cf475

SHA256
2002f6e3e974b43c5ecf98baa85477c4f76b805084332a4d355366fe40da2d3e

SHA512
8af050db712c453d34997c1904c6b95c0e73bbd02c31dc68b041e1e4143fe539c94764673277e6aea81f9fbb9d22a23ea91361cb9f33725901759544ab23e773

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
12db0a0ac636fc36b9fd78647fc7c372

SHA1
ea849ce0cbdc8380820a83d810416f0c3b465038

SHA256
1b3b67f2d6d60a29d6b221cbd4b1423e16c8f68098a8e73f03f20c2775a53c6c

SHA512
fd50422dc3359c601f510bf5f48883380d0a4944ce668231af01b2f3804add9f3d5d530599da4da27d4168d989fa74c9b3127582a848dc30e95f1c7e0a480914

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
f28a131374620f4a1a589b7bd907fe50

SHA1
894ead8537a556f24efd6184f756a51f4c11d521

SHA256
4ed6241d67a5f825b03683f9746342f8bffd0ddb46c16c22d3ea6b36b05a5ce4

SHA512
6d3f10793051662f366c8159e7546b61eff49cc212e44666ae3e420bdc4142494ab143f27537f4e2b95ae111e0fee4b8856dea4d7a0cbc2f79ee1d5305218f68

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
b6666d57805930b14bf2ba934be40c77

SHA1
32b77e0d7f911e5eae951b159976ac5cbb89a936

SHA256
03d4e6230b6ee55c3028bf8a963e7482654695e98b4438ca926ddf9b1195ac21

SHA512
a744afa2bbba55064a076eb4c53c16fab793ae9678ae9a74ce0c45e0a4b558d42a54f1ca743126f3b5d44a5475008aa4b9b2bc422035bcf5005c6a41441127b2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
641edd7d3ac196e63087bed0d394eccb

SHA1
d4b49f63a9a2d0d1b9c6a078183dc40a8e2a02b9

SHA256
8500ae10fb24d2b83e678a7239f7eae3223275cd5b0f3549c848c8483ff10fee

SHA512
46923cf7a51701b4a695fb60784293020ee16ff4e85bcc36e13de8b84e45e502d79966360aa2faadd16750d9f5de716edef4bb34f56709a20c35c36c53673226

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
e544fdb20d51f3626bb863424c3db37e

SHA1
282ba454b0c0fc278c9e3011c645b4a30559a5e6

SHA256
1259cf80bb2e7328e5eff24f1986fcc43c88b1fb785a1f4e668c17f3e3451981

SHA512
dcbb180ee476515f7e48d9c258cab8dd34a1c883f3b56e97f2202326394f2152534714e8a8f1737b8eed8a7a1b6cf0bbbc9873318d79b1df16dd2d50d518300f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
54b08110cba9017569e624db931a71cd

SHA1
b3ad43fad64a976b9292edb15ff7e78ddbbe33f5

SHA256
38402b00b36525f41fd11f739c5f6c6afd116f347fe99df4cb7e7dea762e885d

SHA512
12795c8b1399ead9a625f3e12644d615f2583219f555dc75160219ccbc0828d55a3ee766f027597a2c2dce4ce9c83b7731c3f263c8222c1b0e18b578eb168cfb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
4cfe1724c21ea3057aa81131a44acead

SHA1
1a2c183aa0ce8a0603b5e9261e99bec14d7a09e7

SHA256
897d4834a73c4552754b2f6a155a22a88a2db9c6fee5fe974170f881885d19e1

SHA512
f264295a870a235131ff72ad298c3c0d5404d8b08f01b4305f4fe44166e8ad236ed0f63dfe324dee9444edf7ce208d0ed76e94a3b30a40ab75a502f021aad8dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
6b67d72b74ad3b9eab5b1edcdb12abf3

SHA1
820aaa10900cba7a21aee79cca44464c286cd43c

SHA256
1c706ea0c35c549a0a27bcb1f7540e452c4e03408d74af7ef9aeed74ff0de4ef

SHA512
1a8625e66486262a9ebfdb5c32331c303010adca9c363d598f66f97441e43e66df74579bcec29d7b20a77d6e59bcdf4e2c6bc267ad2db08044f9ec0448035994

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
25a9ac27137d3697ee3714abb81a0ad2

SHA1
338c844eb36600d3fdf7c183ad89d2ac1aab32a7

SHA256
58f7a2fd6eefdec0191d804447d8c80ad7e33c2416e794649fdb472d4567afa9

SHA512
84b3f4b6eebf25113119596f3aa357ee0aada0feb68427f56a160e6a82cb4302356938b0c163f141cf8e70728b88b1d823551ff59ffc847267d220df5286ac96

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
73fcc09a0905925cccd42b7e075cd079

SHA1
160fbeb9b11ad77072c1a71e1b455c6646a6cedc

SHA256
f66d7e7b5dcb48a9a56e2f53ebd837045255650dbfe65da0a37949f0704169dc

SHA512
81ad8aac796228afec2859a2f1035692ec8bc7e63e0106ec0e3914c0625ca28c7b54ba32e7e3d4b3fd83a8557d9574f53713a48849254efccbf90b74238a0dc2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
fdb9095c9a7febeaac86fd3dba633858

SHA1
5253bd7d9b8bece8dea6d8741582efbf243ee998

SHA256
7fe9a1ca68f557a0728587e70e92d3a72fd8dde16cc43591fcd76f0a1e57db50

SHA512
b9da9708d2ea6ad9a17bf3cd7caf999e3c1906c34ac1430665dfe99c1064b184cb7f3c0998a06bd9796ea0375d2f1e10d623d037ad2d7349777366881599cd7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
6fd0ba1be7cb5b11c73f9f251931b181

SHA1
71ccde431e75adfe466d519bd0a6df27836f60f3

SHA256
23add1fd94fc9fcd21f0d85f7f3c4f843a306391a430c788df935d71163bcf39

SHA512
8d2ad43a2d8bb7414db4f775c90d4458332463a24f7897199d6d3a564f59dbc49f5a17e70616c44b55b4ef92ca8601ba05ad576bbbf6bc9f7dbcfa5285b44b0b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
1a2bbc2199ee42f75d6d88b2ea8b06cf

SHA1
85c707c453420736a4f9cf86917d7bf5551380a5

SHA256
1a6c6407d9020318064aa86626bb68510da2f93c60243312d87c525ac939c2a4

SHA512
73208e6f4e3fc845894f3d8c3ad435f972fc6f1af978ff25636df689d658a5255a7daec1796bee811a7f7bc7584d097995969be180d81afd046aba42f3ca29f8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
3f845e5932b7a1feb0224cc198427abc

SHA1
554c3058daaec13038209eb6f2806eb9f4a6cada

SHA256
12369a4aedba654fc14bc2db2e335a94529fe553a282545be4d6d94aad2c14f6

SHA512
e85c3daab2d07dfd19948043cffeaf2f7b2a86ab4d1c9ef2d09a8eb1145c5b3334c0193e892d1b6c419829337759fa28a7d4fbc4dffadaa79a4fcfcb95dcce78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
f013e06aa4ee34379f95fe539c02977f

SHA1
d16ab40e3f69a96b283a28290bcc2ef31631e37c

SHA256
6ae623532470a110f9c397c331c8921bb355bdfe2e6d783ac4ea0e7b94e592ef

SHA512
a9504b52695e9851fd79cbafd4d0527429df2640037441dfff855165d18584cb07691b8e030c343ea0008e9e30547576832d350d911db50efc9f7db93e04fbcb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
8d8df30043262acabf672a39166ec3a5

SHA1
4bbc4c46aa4d85069d8d7570798cdd93b79e9898

SHA256
42f0c342579d3b2acc674dec2a26d3700e57815f0ee50e2f261cc69d155d7417

SHA512
91fd921e7378ce54482c6371c6d92637bd07ee96fa5cdbe2c7011fb0d68d44af0242f7e6e5654061444284e54feaed7b91ee9d56559c9fda30c010a73de56b53

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
6330abc63bb11a64c69da436dfb72b32

SHA1
84168b90119a4f7ba2ae2b0b2474ea7b827d3788

SHA256
46212a3903d210aefe8c86780c6337aff34db5fe75c950220b6fcb63c5099649

SHA512
825e1471048fa10cdd05bfe7d7b429066f482566c06d5c316a1a009ef25472e5e0d31305958199e84914ccd64f759eae4fb5de7e4e0c8d1bfee0ef550515b23d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk..buyAV-bomj

Filesize
335B

MD5
774ee5a53068ccbccfe303cca1e72e98

SHA1
a52664b619f5f128596c17a864dd8b6b33703ab8

SHA256
c6ca47b86f20e48166cdb25e40e751eef9bbd34d4ede03cb339e2f338adc1fc6

SHA512
f1eb28d407df74596f3a75d10e44273ab40ac690a24a7b735b4861580b49f771d7725e69c7967eb3d34c89bdc58a130e3316e5f5b60eb9b447e2c7c3e7963134

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
7a1cf0a90b9880ca727997c673912834

SHA1
91e7f7d4617b984e0ef99fe4cb5808b2f593b60d

SHA256
c287ea09330d539c37be8a6a3f79cea889f17367974afc6892705a3b71b173ba

SHA512
4bfc6b914db31be12d74c98f5a4dcdf92ac48bc4052a3f14895a64c8bf9e5b43141f5e316708b53f25eceeda7a8f9fd474a8153c802a0f8aee9e7ee407ffe864

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
811fbda9fda397cd1ca68fd01727c3a2

SHA1
0f6e5b55c314dd624cd7011069415ddc418876e9

SHA256
6e84b69f6081f187cfc3094cabdb1eab5b5b4da5dfbbfedaf0075fce0a53a7cb

SHA512
c0bee9dc6bab9302f30178a17fb60f4b72e784ff6428db4368ca9d7078b50c16501c400c7070a835bd04fb7e96ef9e85189a9cbde7a3ff63fe5a7d95bfc9ff10

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
ad1e9ce5a922fb4232335b8449b4ecc7

SHA1
1a4a1262b0580bafd4fed433b39d1ca092909098

SHA256
3908c6852e6c0536443452d7ad54e6c00076db2fcb7aebecd1271a04a445f948

SHA512
d649a190150e04a7ad4f6bd4ad0e7b37caf0f5b5b2d4425047501af364e53a69de6efd09c89471f14ce247b10382a3590b3dcaf5d78893e3f2c5ba8eba3e0620

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
32d73fb771722ebb3813ac28e61f7b76

SHA1
1a274154c7989d997220c2aee752b53b2acb87c0

SHA256
a1cf43d6b2f2822368385e79fb4c3a05a9f60566e6e944a42e5d94cca626e5f9

SHA512
686a8e7d9221478632a5e9f8aec014af4c404f4cc23496d2864992895c0779d2e5f0cb27b690172d01eadb5e388174c78a869c4ef9fc2a120b4d161cddf02d7c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
68090e5ccaa04ec57911dac47c94daca

SHA1
2efaf5428def7e1a87a80779938847955bf3422f

SHA256
793a3b003e9605b37b31264d736e9e8026123dcade8ac7ae4435f568aaaf1b66

SHA512
1f55dacd9c5879f11bbcb654966ef133e59016aae273e998d89fbef7739493fcfae94673676d6887283a2274ca400126ffd348d284d5a5e4bd0e10f568a5d2c7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3c2814a0e337b388cafd8784e7cfd969

SHA1
29db144732a8875814dfe1bebb1bdec606b06c7e

SHA256
cbcbdf2ac871417c68ecd93758a19b9b1c17902c65633871fe27a8fc6b9e09d7

SHA512
53a00713be4e088ef0855557914a253efdc4b921706a49c99ceaf1145ae66bae9a282b83a47f5075409c0f9afffbb21cf6d04a24fd8058e2606c779046232741

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
595a77a571005fc84a641d29e0236387

SHA1
536f06b936c607af28086cdeb71043a941e0ea6e

SHA256
ba412616d982d60f3be516801b4f3f990871accda0a4a06304422e5acad9b357

SHA512
4cb08bda2872a2c44578bbdca8629a982522a0db0571edb0367bea4c8f86b5e82b4ffa2f2c12c2f9205255e706b48d6af9b16adb079b75fd50dfd5a7f556a2ec

Download Submit
memory/4808-10376-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-10997-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-6174-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-11334-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-11335-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-6161-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-11340-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4808-11341-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads