xorist | 9d5cbfa2da9a2a98b99a08a0b97d4136656871af15a40dd13dacbd01380448d1

Analysis

max time kernel
93s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Size

13KB
MD5

fea4dabc25315edf52a540b1a7faf348
SHA1

86c9e97b498264f8a6f2c3647126f912df2a7eab
SHA256

9d5cbfa2da9a2a98b99a08a0b97d4136656871af15a40dd13dacbd01380448d1
SHA512

0ec8a60abdd22e3a966e091579289f2e5d36ec5535fd2704020e845a8a04e6cd4b74a25f59405aa574e192149e572ab25279a569f557a2c847dcc249fae81eaf
SSDEEP

384:abeRWGOUNBkIcfwiHgPBH+PZioY6UXRB:EyPOUNKIcfwic+PZio0

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/4104-6436-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-6437-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-10658-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-10889-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-11204-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-11209-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist
behavioral2/memory/4104-11212-0x0000000000400000-0x0000000000513000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_avrcptransport.inf_amd64_6506aa4ac05430d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmboca.inf_amd64_c4ed3602d3c754f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\XPSViewer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzoom.inf_amd64_37bf8591584019e1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0404\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MailContactsCalendarSync\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmbtmdm.inf_amd64_9e5602638617558e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ufxsynopsys.inf_amd64_978099f98cc73ddf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vca.inf_amd64_6bbc643de0df118d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_hidclass.inf_amd64_b37df5bd0922aeef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mausbhost.inf_amd64_34c86c15777c913b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\storufs.inf_amd64_a7a5b507fa22251e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbus.inf_amd64_a192dbf28b4634a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmega.inf_amd64_f35131186d3026aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_a2dp_src.inf_amd64_0bdbb11733d87f9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\I386\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\volmgr.inf_amd64_b98e2b928f71a2b1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-US\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\ja\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\cs-CZ\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0012\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl003.inf_amd64_6b639ff361f628eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\mpbehhjmmpbbegjj.bmp"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4104-0-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-6436-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-6437-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-10658-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-10889-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-11204-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-11209-0x0000000000400000-0x0000000000513000-memory.dmp	upx
behavioral2/memory/4104-11212-0x0000000000400000-0x0000000000513000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\MediumTile.scale-125.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-125_contrast-white.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\auto-renew.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\SmallTile.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateX.PNG	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-30.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-400_contrast-white.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Dark.scale-200.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\SmallTile.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\FileAssociation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\WideTile.scale-200.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-80.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\Java\jre-1.8\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-250.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-200_contrast-black.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-2x.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\Background_Safety_Objects.jpg	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteReplayCrossHairIcon-2.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_altform-unplated_contrast-white.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Pyramid.Large.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_EyeLashEye.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-256_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-125.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7cb.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxBadge.scale-200.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.XLS	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-30_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Text\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-60.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\MarkAsReadToastQuickAction.scale-80.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-20_altform-unplated_contrast-high.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.targetsize-16.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-40_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-200.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarSplashLogo.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationSensorCalibrationFigure.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile44x44.scale-400.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSplashScreen.scale-150_contrast-white.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-data-pdf.resources_31bf3856ad364e35_10.0.19041.1_en-us_5dddad91e4809671\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\500.htm	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ldifde.resources_31bf3856ad364e35_10.0.19041.1_it-it_c85c9dfa29ac4eaf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..imeserver.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_23f0849185c7e239\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..structure.resources_31bf3856ad364e35_10.0.19041.1_de-de_abffb452e6fc74f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4-globalsansserifcf_b03f5f7f11d50a3a_4.0.15805.0_none_d6527901c8011d57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.19041.746_none_dc7caa836f08ad57\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.423_none_bfcb7b02f95b1e52\PeopleLogo.targetsize-30_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_multipoint-wmsmanager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_57769170302276bb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1_el-gr_2e177e1fb9d87907\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_10.0.19041.1202_none_6ecd2612b74330f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Extensions.Design.Resources\3.5.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ger-redir.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_c29db332ceaf1ae5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00004009_31bf3856ad364e35_10.0.19041.1_none_a0902a6701716ea5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_openssh-client-components-onecore_31bf3856ad364e35_10.0.19041.964_none_dddeea757b7fbba7\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-timedate-mui-callback_31bf3856ad364e35_10.0.19041.1_none_aa5f70ccd473fb32\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..d-library.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3f780c294a73ace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_10.0.19041.1_none_066ce525f9daa3d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-125.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..datautils.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fa23a5758d50d6a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..r-name-ui.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_a3b13a839f1bda22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_mscorlib_b77a5c561934e089_10.0.19200.110_none_e5fd5bf631610b7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_multiportserial.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_fb1d995f4ea9d4f2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..onmanager.resources_31bf3856ad364e35_10.0.19041.1_de-de_a9a24df6f5d795a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.19041.662_none_0070027dab4e4ffe\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.1_none_9d61200c734f61dd\SmallLogo.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPSplashScreen.scale-200_contrast-white.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_10.0.19041.1_none_9293f9be6d038b6e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\SplashScreen.scale-100.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_10.0.19041.746_none_e180169f2d62e633\wmpnss_color32.jpg	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-e..ardplugin.resources_31bf3856ad364e35_10.0.19041.1_es-es_0626546ca6fc7d5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_aspnet_regbrowsers.resources_b03f5f7f11d50a3a_10.0.19041.1_de-de_9c53231677524527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..ehost-api.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_fa1406cfeaefc88b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..anagement.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ea044b50870f4ab5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ucrt_31bf3856ad364e35_10.0.19041.1_none_6c06ed1ced3e31fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..5linqcomp.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_10a99f4627986559\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..astbannerexperience_31bf3856ad364e35_10.0.19041.1_none_84ceb874db035466\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..roxy-main.resources_31bf3856ad364e35_10.0.19041.1_de-de_8f22bf74c689e149\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-14.htm	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ie-iechooser_31bf3856ad364e35_11.0.19041.746_none_122a74c9827fe81a\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mssmbios.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_1352c9995183f8db\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-twinapi_31bf3856ad364e35_10.0.19041.264_none_993ed006c57fc816\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-clouddomainjoinaug_31bf3856ad364e35_10.0.19041.1_none_bcce1e8890098abd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cloudstore_31bf3856ad364e35_10.0.19041.153_none_9a7584eea3d02b53\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_es-es_41aebd9bf3b7264d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Net.resources\v4.0_4.0.0.0_es_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..t-console.resources_31bf3856ad364e35_10.0.19041.1_en-us_2588e04dc794a467\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-comctl32-v5.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_eb6c7e023a2919cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-60_altform-unplated.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemResources\Windows.SystemToast.Calling\Images\Answer.scale-200.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_prnms004.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_dedb7c1a24fea684\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_tape.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7b56c8e8d3b03f71\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-desk.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_3a8c2ab6460b85a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_en-us_1279c10c2d9636d4\401-5.htm	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\findResults.png	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-power-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_4dcb1c49ab30e280\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..toryservices-ntdsai_31bf3856ad364e35_10.0.19041.1288_none_658de8766e5280b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\pdferrorofflineaccessdenied.html	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-tzutil_31bf3856ad364e35_10.0.19041.1_none_ea34e25ca28496c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ntdll_31bf3856ad364e35_10.0.19041.1288_none_d7f32f1de5be2a2a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.264_fr-fr_e476c882e67d9457\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "FDMHTZNXCAMUKCC"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\ = "CRYPTED!"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6upleCBEeD12DgZ.exe,0"	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open\command	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FDMHTZNXCAMUKCC\shell\open	fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fea4dabc25315edf52a540b1a7faf348_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
336b769c466795e1ae41d760b103cdd2

SHA1
ba11fbf7cdca481f069741dccf613f1ceefbee85

SHA256
919da91972b3b0df9f17d9569339f64dddb5c6d5ad2f1dc2dabb1f4bfa42f936

SHA512
ed45ea739efadde2d32a8234aa59ba048b78927b42d0768053b52a2fd1c80ce0203b09022b9bc9acc3c2c2f8cacf9d27478a877400ac29efe77bda9538666ee1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
8ecd0519b8cca0dc768ade29e7261cba

SHA1
3614c13dfed6d4ab31b6e148262a2b9ee8294b1f

SHA256
0c815ac6c29526b9c3e65257bc931e6de08ab3fac5f697ed728c385224855028

SHA512
521574441bba96e788ef8a95f99fb78a671e217973ce0d88448fbb22ac8d8742732ba59bdcbbe14b0686711f0c20b06907587ce5591f458a72eb955cf63fdec4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
05d54ffc83d976b0c04057362e8ea373

SHA1
e598fd22d502f88fa0cd08b3bd5a9765b98bfdbd

SHA256
72419b51d876196244cac691572332dd4bc999dbe5d48cd289128a8847234dae

SHA512
2c962f928dcb8b5eface862f41e91eb43beaa2ada34ce83206b381c272d359ae32d5ffbca1d437387651ca9ee3a370ebb162ce3c797eccaeb8df0df6ed8c51f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
e83d0787d78c6173c3b5d57e5415170f

SHA1
e3dec12fa2d543bec6437fd17cb32924466cfd38

SHA256
be02e85719ff0568c55112e812b9d308d8630c59683fff27d01a9a49ceba0e8b

SHA512
e9f5aa3a8dd870dcb342570174adeb81681a75e3d2dd9258f46ff8b42d77a32d7576c1c10ef6fee067fcb956bcc84d07cd145f1d7234c3d6862fd30ff5e8420e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
5027f15f4c503dcaa85f6187a7951f04

SHA1
3d9b6d477f16bfa1585220e0adbaa7666513cee1

SHA256
70ddbfeb970dd947847a23bc595bf90bc0a43618d264a61aa7c27d1a8e03e2e0

SHA512
2d5b736a0d22c9c7cfd3de04970889584efc613fcdc4c5e706b30c8e63d921ca0147bae887fdf1a6fa01d260adb1ae086fd566619220cdc6affb53a5c07f5bc4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
810d08630703cb6a646524c176671726

SHA1
0f57e0f27d998b63b6cb60ec32ce6a1576f94113

SHA256
c7853f3a105d748d40c8f79b71d5a32b58269529090fd5c1ee8f10d61ed9b0ec

SHA512
0f87f939247303441468cc67ec8644288d25d611fec6a80e4b0ea47de64644c2bb310686582f928a64a4218653422d49cbfd50ce5dbd352516e0bfb7cfaa7348

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
07a65d3e9547813d847491eed5f54c4d

SHA1
01dfa01db6d739262c3f2c5d32aee91249051d5b

SHA256
1aa74381568d11e61a3f80a05d01e764646094430c4402bd38fe6877a6084899

SHA512
c824fad5bc783131d2a338050b8f52df7d3e43f2d9b69e60d256470d6671325e864d63da60df734ec10e3c1687fe26d73dda1ece08c0915fb85cda95756eb3bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
28ae990cb2f8b08755a30af451222b8e

SHA1
51271ab8ff03eb964c3379353c5474a881a4e920

SHA256
5fc8be687777e540d60e65b188d9d0521a658ec0abc08dd932489eb4a49e7e98

SHA512
8c2ee6cbe2d67243f3d738314e38b5253d812a674d69241e1b75753ab2b65e2bbb21e95c6bc58dbf598472a90a6aa2b7768949e6540b6e5e616734b399ad6c8a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
eee74971ab8c00a53f9d0da75eaf61e4

SHA1
8dbd1b235bf6abad11de8842425c684fc2cbbd0a

SHA256
57c64632cbb5da13af5e9b5397e3eee31a1aa4f9dad3fb8e83b8f32733e79ad7

SHA512
0b3f18c3aee731cc14e11dc23a631cc46c2a41a6b188b84141a58d30de92c8b756c500788e12a97f2910b61eeeafc25d54008c62084228d3229b65879b100bf0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
22aa9d83a40e41974644648f20440c86

SHA1
3a5e1461699b9c6ec83f73e0b74ba82b630f5b21

SHA256
ee87c3c6305578ba28ba8813735eb0b361d1e090440c96404e4a474527d0159e

SHA512
97b63941b2d79c44156842ac1810771a4c729d67efeb41036de8a672a8cb1574bbdf0ef4a7db92f20a87cb39024b680a21e71ccc5df6e4d4e3ed94d77d35599d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
86e72d89911a6835f9719fb944acc3e7

SHA1
49eaa6572acd87d7045e467d847d4acd70690879

SHA256
31ae9e97d1645ab7ece85b54c8c2026c060478eaa679835a3fb247a3b9e8bb4f

SHA512
ab8afc7fc2baa4cc19ce16cb1d662d587dc013da0026c77169285399c4fd194e8896af9e9980c7776f511188be6f5ca81a39d12717709dd92f81db035976e427

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
723c7f0f6954b503411681c2a94a5238

SHA1
4f1a664caa8483795b34fae89b87a3bbd6dfb5fc

SHA256
9219c55790a43bf0ff3624bfa248cd0a91969057567f2e2d482bb00c4580f440

SHA512
d2c8cde3bc94d6f606c225dd74a59d85da94b54ece66c9c71a5ed681bb47f36546683a2d1dc9317360b95c0a51a33276e1821b9b2d97ae52e38dd74fdcb50d3c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
d2c4bde7faca66cf5444b533d68cd79f

SHA1
b897893a8d11f8685026aa8d096f9628cbfdd6cc

SHA256
9f9dcf4c96e10021c6ac2238be9603c3a160dbad808f3ef04d5e72432daa9976

SHA512
950fe984d91efe39f2e096f7a293d64eaa30191c5ddfb4a73e6423529ff412df24e7cc046872e9736642e939e5b4d4f11ce7460b41a57b8ae671c6e234ebbea0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
425fbea95c30166479f365e19f874504

SHA1
c03dbce7a82db6e54410ceae0e27c62d24840939

SHA256
e6248391943bc999eb9cea870e5f7eb39d0d36891b57c9be8adf037b46122773

SHA512
3e9191e8f21f9b020dc39cb7692d513b53040ae1de7b33044edcbdb2eb9cd49ea7cfef439ddb7700a3e52d2f28dcf5440e64248f1b1fbc533df74f0c3ce1ea82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a50e2fd2325b0add64d6ea0148f5d716

SHA1
7079bb6abe501be01319b9d91a8e7051fb9f2aba

SHA256
107edc283aa065486e88a3dc59293f238584b4a2ae023bffffeeb4042c3c6498

SHA512
db3106c92d50c8b58f1544b8938815eab07912f1bf76666d1741aa2a4a6de6a6581c9920c647c01a04d9bf761327cab2965e807ea949487c3a34099fefd41e84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
56d77bcc54737b34e68c44da46028b79

SHA1
445f785d405c05e854d421b662dd52c9522ea66a

SHA256
04e3f8edfdb78c5d8bd70cfaeb9613230382764adfc6a4ddcef1461b3344bdd8

SHA512
9d0e49651c7603afe1dffc27be5cd04b2af64d631d5ca6e833c26766ea7734c20f7eb0c06f28adf56336a6ec63383b226ea8049e5891b3f4793d8d78ee3f1338

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
9e20919d46a0fa904f9df233d3e121bf

SHA1
93b46d338c4429d4e76f20fd547133b489f359cb

SHA256
d6b2dd5957da3af4f47b14841badefb8b20a87ebe9e6ea75365823887382ce79

SHA512
f8bf5f08312f2956ba40439d400eee9f90b0e04d254905dba81dcbe8b0704bef5d7e455ebf193940baab055e142b81b2b09d2a51806d0dbdaee8a16a863d64f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
85f6e76eb898a5933d150cd2d9f52366

SHA1
416906a1f24a484040bd9ae2ca56ea2a60d507ef

SHA256
6ad330c47427a6e61b7301fb043426e3ab4231c0010e3b11ab8fa91fbaf77d32

SHA512
a6dfd4996711cc0fe543169570f577ff06bcec331f0dc7360130a587dfd808e0ca3fc67a1059a3d1f5875de796bd3df3d0aec08cd220e8ff85e954a008af5460

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
59c4da9783372516e74ceae76c89b536

SHA1
a157fb1c39ec49dcd20f35d89d371ade9bd03748

SHA256
6616ee8abed1252d65ee760f26f0017727dc634b6835ebdbf9db006c79bd1ae2

SHA512
98a9cf398f41bda33ab5515a8764bd049cbdbf2d347314e05747ceb6357ae7d80fa07c71cf1c895e7525f72e4b9e2d9d6e65366ded6326c0b13223c0037f5812

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
07bec1ee384a587e09a0a4efec99d62a

SHA1
dc22058c80b7c46df3104d1a45d0eccbf3238af2

SHA256
3ee4e6b244659194c2e0997353db641d96f3e133e7defbd4f28262eaa6cff3d5

SHA512
dc04b3ef1edecc1947ac3a16566e93986716e8596d1e7bb64c85de3d998f8697bf2266d98be1e0ae1cc9cc7feabc5134606de1a97a974e7dd71649ed13074fdf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
f84beb780600c123d45340ab26b12cab

SHA1
c7bdea0d290d9f7c2b87b9afaf23ca2b09f802ac

SHA256
65639448784fe1d8d432e89e31c6b5f85d8ac75feb4d32b4e245164432d9dc3b

SHA512
bb2f457075a27ea86324ec203f41e09ff34b319063ec9e90b201846c66ed35166f9194452c35c0c8035d9478366fb967a5726b85e7a54a7f0d995b979dba7cbb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
f1561aac7acd1de2ab7e13d4ed3f5dd3

SHA1
21be6516826db36df63bfb95b6290530dd6c5370

SHA256
45a87c2ed2b0fcdc1c06c6e23b564f0c8b14eaedc6a271f3038cd2fc57b495ee

SHA512
8ccac58be30e7332a8916591342ef916237cb232b0ede6c79bb7283fea9971aa7a99ffe9b2319b2f7beedd46e7e8d2fdb500074c2988830b46f051e3f450c794

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
cdb5587cc592527b7036156b6e2ded2c

SHA1
b760fd99cc4a08659405321bde8a3156be8ad2e5

SHA256
514c9eb7ee42df4ddab8cf1ab28b81b6fdfa585152c64b5326d06e42ab7bc2b5

SHA512
849dd5b9db1ed9d7d19e695f88c82b156f49d3cbae29398d688388e0a635c700a70a7c0aa7d1b542b3e8854ba72c217334168985a100a1fcedb2c9dbeb136088

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
ae1eb58a1169fb5de7a4442f24f58cc2

SHA1
2e46a2d1436e2d50c713d946b3c1d51adf1ee7e3

SHA256
bc7c17df61d67969b7dcede25900c05606bf479c63cee2637970135e021f6045

SHA512
175483e60aae029e5d4f05b4c47a7a89b69553e3ed042b4c1fe6bb3cefc98e4ab518426f71faa58055458a39074f7e1ac531f29147031b31598102b079324b89

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
3fc08780c27c629b7822381f5f01c8bd

SHA1
58285fd6a06933683bb4e65f58a0dc843bbc9c4c

SHA256
8ff677bf0b95ae4bd7637d52fbc039c629242aa7317de385015fe33db572875a

SHA512
e137acee1ef742e191aa24bd6025d6bbb901b2a24667c09db4f64165b26aac8dd3c74c9399c4629e781be598d536513eb8dc36ce1ae6e5d26dbdb2b202ea8e08

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
eaf06c735c56ca389b87f6093194039f

SHA1
bbf4a928051a38b8e3455bf05635904b37c274de

SHA256
156a4f3dde790bf5fe49f705ada8cb15d249825ca7d869b769d45595d304e714

SHA512
e2a7f2dff3c57f8a1db431da300ce8debf4475f220811623855a714dd6e7d474000a1d8256cdb0a8ec1b5c79362a4aacffe0ffb883d6aeca2e343a34d59bec4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
65b469e8511429f64423df00b8ccaea5

SHA1
925e0ecbc35e83f7e9192f7decb62f79bb6e30ec

SHA256
11cffab944cafd0b5acba26d13e4aca4ee16fd324c1805d6099d92ee82f5a34c

SHA512
e46dbcabc415a056d7eb02f7a6ece3059d6de517b2c278c262ae335896acf8bc64b4a8dea57e12f75cfc688cf0dbfe05aab798f30704fc433f3b240e09c3c946

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
1dc5e4769361fe6c6f53be16ea6bac1c

SHA1
c21b62606f6b4551f0f51da92f2b9fba2ec3d90a

SHA256
08122b17e53fccf28a91cf91279253392664a1da35f036d945c78e0a02add0e1

SHA512
60bd0148659016c858039c2fd5db08c7b192c6b32cfeb664be5e46a5089145e677075490596c5541027a1a4623ff7d925cb21a24338de763fd864680b6c4dd34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
490ac5a2941661806143370b6269c57a

SHA1
fe4ca1e6b87e2b4193e9b4d5b5bc14f8b3f63411

SHA256
5cf8f7606e98892ecc2ddaec97923714f7183f1b49eb84f208874383b8ecdfd4

SHA512
faec70731919bb7615b11938273d90755cb353e725a324943aa93eb6338fd22ff9ef8dc4b9c9e7613ca263a0395f4762e60ff6fc78c1952bd51bfd5e7ef21e98

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
dd8844bb497e3f721b552f993463989c

SHA1
65a3723246b9a23de46bfcabe2381e9fe34929fa

SHA256
95a517854abd7da546fad5c9bfe0f00d13be7190478ffbb10ef5c39271fb5ecb

SHA512
081b6c6eb3b9cf5c24cf869e204cf1d691d913996d213aad4e033405a4f29913050760df4696cbe0f128935cca67171a3640a77d0f2973457d02196438c08a5c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
9a7d7642d896ec59c48c90cfb683bdea

SHA1
0586f04164da3cabfc75c5aedf8e7b0b4c2772e6

SHA256
389c87fdc5197c1f571e59f133d3ca262e201666ef9181e6cbb79df003caa142

SHA512
292e5d98c5a781e606867d8f605f826f77b6162398c41a9c9b2c2e360c183eee3eb64896c4f50773b4aaf99a4a8d55fe2b467c57d112187b095845e286e137c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
a6aba423397e1809656e541136dc05de

SHA1
03c67a4276c9164faed89b9d97709d2c4e167e78

SHA256
6587090c6efd206db05f7b1bc044ce1aa553392db3f6afbe231ba6b852b0e2e1

SHA512
1d13965d0e067d3dbe70c7826c10028b1b07ec2a1f0531eec51df127c5ce57a9fc2eef6b8818e4188ce2b1e9c7548e39758f055cf10a6cc693bb0441b96de649

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
f42896984d6a7907d0acf95ae0ad9e0d

SHA1
dcafd73755a7d53b918a0611534773b73f463b82

SHA256
c2307374bce49a1fc48406d23d7a5762956ab3b43f0b66e7293c29825b26634f

SHA512
f23e0032a417440a779045b88836d15c16d5c9d255dac95d7cebfa5bb5e65f92dc545062acb54852c8b309c5ffcab0eeb8e3cec8e7f7b3818d974c88708a0118

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
c937287cf4fcc264f0cafbd36796b30e

SHA1
bebbab0c656632f219037d3df387e33a689d5370

SHA256
1676016be679ca1fc1a07ea3c290495a0476c6566f69037d9c4c517e7e182513

SHA512
e3193a6bcf4dd18f8de6b3dfa6dc3db26cf6955637d5214ca85c27d864baa7b1c83e92f2323c7de9062a41ad5c361caf6788e00ee0b3f3f58aa3b2bc12416e21

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
eac49f76f5b9e36344e0e318bf1dd75a

SHA1
2e51cf38a8303da906a16c70dc2ed78b6d3c495c

SHA256
a81d0b085311ee82e3b05b9f9ea5e322d19acfca1d99b147e76b2a894ea10c49

SHA512
33c0d9239cd31ac210fc4e2081ead5b4379c23ab855f82ad05bdeecf7a34384c0a46a28a419cc21f22982247e2a955b76cebd392b9926da75c625863f9ee8b50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
d70840c925ef8150bb67e6d034638732

SHA1
1607246c91ed12a914a336d0e817b815b775cb43

SHA256
b0971ab77a530cc9886cabd12863e44f1dae0fc6eaa70c2543b77c74f484f536

SHA512
957d9c5b766ea3e56fd773fa3e1e6117960f1c8dfd8f0a27c1274dcf7feec31e468368e3ea0877654331590372ca0c5cf350cf48e3b66148e9c82d3320695104

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
db00bd264517c659341d04fdc085d60f

SHA1
9720bd5cbc1914a08b082d0a364d7efaac12f20f

SHA256
64567f0334e128ad7efe38cd342bac1813c74aaf0e10e79efe2abc78093551f5

SHA512
8b5f00d820e1c761eeb70971c4aa021b954270866c1ca5a3705f8f6e10c936e992b2be8dd72adc19543020b0728a56d6a38e89bd4e7c7882b8f6e954ea17a200

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
486532db5817e88f8dd7ba2071d7bccb

SHA1
cbbbaf5dd55d40d51b33ec162651f7b9e39970c6

SHA256
be202c8796b416286e263bcb692e856512596d0d91e13fabaac96b6405aa2575

SHA512
5dadaadfaf19a741d0aaf92de39d7b0e75271aaa155ef8b784e0cabb9f5892e971cacef3f926b9ab3ddfa8db5eafe5244b8ca122892267630f32714ca1c46c3f

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
290B

MD5
07f4907502245876a12a787726b39b58

SHA1
f962a9780137a022a30b222b0ea5a1e076cce079

SHA256
0d04e135b6277280162040bf054717c2c76b14f41607c5d8ea7d6a47cb9fc095

SHA512
3c91c0ef23153ad3e02b0be60a2534c3dbdf911c47ba8a07c961acf97a45e1fa391f558fd7f9baef299e542bf1b3db1b267bc21f9247c9ad6d87c4591adcc142

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
0fb9e127e4fd33454b635badae766765

SHA1
2febe922e97bc7f73018653df7a5f253be529380

SHA256
a6f86d8e6925dcc47d02605c0b4d722eda3897b5736ed9cdb7e65ecc00ec042b

SHA512
4f9db585c2abb4b8b3dbacbbfb630280a27e94a3bc2d14011087229da58833544fb474ec63a44f10bcc7be304e1dc4dd8b866566858d61f944a45c2cf7059f68

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
8c9d9e1f3f83ae57b64670417e473b99

SHA1
83a53aa7e368c80373811cde049edcc295747b44

SHA256
e6feabc6300579e54b1cb67b864c49d2cb2fa09329e1bcb6dd11d6664d556f17

SHA512
6acb544b9c9acf7c254ed812f4f6e2b03059c180ab0678d9e172389df441c9711a74b999725b58d01fea9298621ebd02077bed36ebc9738943b759e65442dfad

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
2c92d374c7cfde22716191adca221fb6

SHA1
b7c7da90e7dd021804b5cee28bf3e66d4321e199

SHA256
6ee39f1b5460b1d626a255d7191bf17668d12afd1b911be0b40fed28f4878942

SHA512
29284e2f8dbfd86b4b39ace20c009a8b1862e2b18ba48a7667988c5d92df548643970c836aceba2a04adb1652c4481da2dfdfd91fea6c33b33235f84cc422061

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
59829dcd56982bc3b4bc5e1d8728a2d4

SHA1
31495897b233d79d9807b1646157fea8357e8aee

SHA256
770f12f66d98b2f0b29df48516db1c55ec5b1ff4e1285f815dc8766f553eca92

SHA512
3fd2fff801b2ab454ec5b1e86b2348098502b23fdb623f23e71951f4a51d4826c391b13d97fda1c3ffdfec0a4c817da0375e0853403ff8d316bb54bb63b5e25f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
347d41c8c948ea4383fcb1ef0c9e59f3

SHA1
eb60b8cb3b08d1794a009a528cd50b10f574438b

SHA256
4d0526da7e9ae0bdef6afe79c084ddd69b2218f9427fd592d43e4c735a203ac4

SHA512
7210b005ad3be5bdd23b2226be4ffb7422d133769e70d40a263e94db58c1ac53dde92d81f3f6569d37fee671e5944aca4052e3c30bc668ea4f4242687e174472

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
7104091c171e32cd1fb2abb76478eac5

SHA1
a0c7035929cdade9394a9265f578b2e5238b173d

SHA256
1f98efeccdbed795b5a650f7814cec5776dcffedd8586b598e5abdde9e3a758d

SHA512
b469371609fcc4dbc7af78e80c4b56ed729e4d45683cad299637d849f59897ff14c945d9df1282dd1d29498870315b04bb6b9785361283f18b9129a1fe14b23c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
e94698a8133f82e2c8074f17f5b8db65

SHA1
508489a36a3bb9b9caafd252fe0e863d1594d29a

SHA256
95cfe74b4b136bd9d933e81a84f348b8dbfab6537308f038ed0fa8e6af766650

SHA512
04c7fba7830245a62a9d523225844e1eb52c5f53008454426318a76b3afd5a3ea50307fc0d838f7660c555748067f444fd7c90955623547b5861955de472fe99

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
fd9d159bc4a559640d402cf7abad6bc4

SHA1
536844b5c3b2034318b59fddaa4301d20abb95e3

SHA256
64b410eff66ad390feb18a6859a11fa0bd7e0e30f90d74a53db7c32404cebadb

SHA512
2b434d522e8392a37eb876a20a0c4ce4492e9d0a9a5f672d009d5c494e86963ef3a085ac680481f5fb3b8f2d4c68d650dc8da149a5296f0b0445c92e7137b9c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
a6e314413ea374945cf77cc35d9855be

SHA1
666cb5fedf8d5972ec64b1fa79a2eb1a8b85003a

SHA256
54c8bf99356610a8c8c767c9933b48da2e6657ecd0a5da032e49d43653abfddd

SHA512
260ddca247e10735117bbb824bc749085ccdf0289279b845a340e4359169bf6997a176e92c8cb308f310ae8cf5b6d42801b45eb82878e97ecb9418a557624c22

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
b7a527de3f3d104f16b2f257e4af1941

SHA1
3c6981c5bb254335e293d4bd7be62d5945b3662b

SHA256
28d0a4816a9f14c27977df12e06917c1560dbd4765154f0cf267cf88f922d2de

SHA512
cf51d3c0019c4b0db22947c7f60cd8062604af85ba8d7d0f0c001d2cc828efadf9f20d5fd74bbe9a9fe96f68c05e5f41f261731436ab04f95bc50f6accc34f8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
fa5c43df6750edf73285e10c054ac549

SHA1
ed7f725d228fa4007782a31b0c03c6c34aebbf77

SHA256
dbe9d890fb73b3a1cc22278db5bb3b9067d873a3e9c11a55f6a059632f5965fc

SHA512
d4cc7654729745aae27d5f1cd88c82a539e926bcd93511fba24d717445ddec8faf50d04b69f44d660365454983a0ddc15ddb1c591f36692920fb6c632ffc6706

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
078ef3c34a25f470d732ddb05dd0f6c6

SHA1
2dd7f79c1322bf0703320f87ca4e21c0f3d86511

SHA256
2f2304c3132f2d0268c58d69744ef26d5abc81084da1dfad0a346896458f9625

SHA512
1191dccc83e7de7f0d9af0acd64164c8ad594f265aa4490b7f9dada1428b56da3d16b24aa77dec24aa0c2fcaf7b03f914ceb500c735497b381e504c6a4b17767

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
95cfbe5ee327cd4f4b661d778c4fcd16

SHA1
edd728f1039f181271735b91fe7ada4fdd139e08

SHA256
4c5d803b4594018c2422d110dce1e8e76ba9cae33633ab43811e210540edecb1

SHA512
3a10e924132ed9d5bfcf84fdc30f8e4f84ef19eef639d11a44dbc70d0e67a9232834b8ad7e2659a4168813351d2b9002bb35f006a0932af61ef2ea895ef9b60d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
6219ef773d382b418c7d2d9b8f56ea7c

SHA1
c4ba5d4bfb1a46bc9c68903717b6422c06eec6af

SHA256
06ccd8d9a2320b78e8e0e65bc34224f8ad552eb2d7994a8bb1e9ae8857f007d4

SHA512
5fe057650d70e0c297c8fe2bd8433ae68066d4236fd6b4c7d2127343715cf4c7ec0f7eeb23318e482e2eff81a4f5cc163d5e4345b9c02a36506fff408618e41b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
f2115b93d85b0a6560d6720ea2b4cb80

SHA1
cb19eafa2832ade45c8e71f8da59aadd5f8f0576

SHA256
7c1c9520072ea8b18881ad235d9d0a2cc93320098c7c8419c0f7c3e34de1c32f

SHA512
5b35d70781f96547f6be30ba59d081146427020fe7149795dfe415362f66de8572fbb23425583eea8ae4c96f417b346ab3bceac2b272aac50e913adac236ac15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
67fba36a20a3862bc7b2b6bd805416fe

SHA1
316a70a9b0e42e439ad9e7a9dedc9dcc7d085e18

SHA256
46d0516d901cee96eaf433c8fd86270e497554a6098b1baa5d85ba42e955e0c8

SHA512
3cd3f4b46f39569b56a56a814af5c6bb0864a889f9b90c98eca14ca0db019eadd2330a3f92a6b49c6e8499c2346d3087dc1914b9e131b18c7bbfdf0dd5279306

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
21ff8fabd26b931640cc7e12bdc687cf

SHA1
9b6167b787e1e2b534df208aefba79604a5cbe31

SHA256
aeb72177758c55fbc118ea7eb0918ab772cab2ade5fb149ee7d20f2a5a1bb839

SHA512
300ab66f7e3bb9f32273acabaf2988d659bf40f6c88c5d94f2fb570683747f8f0b68ad782d4e28c2a3b64a53d2f3213d40462ca06662c65df69f6693611ac628

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
3e39323bdf85036622dbed1e094de1c2

SHA1
fcbf16f6e557ce36f867bd150050b46188e6d31e

SHA256
57a0be21f3037696ff70faa17752df4694f2e79189446ec8b9785300ece278d4

SHA512
693818ac5ce1b2d34e20bba5256f0152e01141f9032d8c7662e23a22bbf9191c476959ad21a03ee2397fe9b62fccf753830ecdd5046089209923fe8da40f1d7d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
4cf36fc858d4201a4d118d4ce770a523

SHA1
552fe86e57a704665fab37d21561ec4fa1d705f8

SHA256
d23db6f72a32c1eceecbe8a5c6c28d2a1b098ed900589ac61ccdaf6ba9d8765b

SHA512
fcc531d453bf04e63a158e856b153047eff4a5c8369ee461b183592ef24f71d2466ad59fe8912034f558e0e391000547c29b67a289570ba0d041a184587269a4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
6e788191c6a731301c84f7bf21cb636e

SHA1
6dffd3a49054c39be003bc66e9fd2a3c72d6acb4

SHA256
026ec3d3ee5f6af2c3a19b865c95a1df924dba6b84068ca12a96b24731682b88

SHA512
2d5efdf1c31d36f9085b930f1b3260b076079bae91633900828bb23ce35ce1d5286aa83ea57ae2e19867b99afe2731e03daa7aaec0e06e02fe378e71d5923e00

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
7e1cd0760120bb6d6419f40dbf71efed

SHA1
5769721aa1ed023770668b804963ae8e48a306d8

SHA256
6903befe99d2941c7ddb6a0fee37721acb0f97dae52d3f52d69e8a2192f848e6

SHA512
cae9d0a9059f64876d27915a80c948da17c9500a95437af6d0070f9d135655349d59f4c60980dd5163725e813b5fd8e1d0b0bf0c0b07b8f105564cd2ed17906d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
abf7deec35317a0df6caf395614684f0

SHA1
1ce085b28c10be55f3c47698bd125127bd3b14a4

SHA256
5379789ac6582c4df7e7eccfefcd708981e8338bb645b3626d3c943ea2415003

SHA512
69a477793ea53dca5ec41e63a32785de565267b78611be8a60686bef4b869f67813e9a527dfaea1516b5d371158e2aeee169eb7c6b5e9acc5e28b4b5df264f73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
64ae09ab2da9cfeab8045dab27b80627

SHA1
5a5d9d3308f662d8d2c7cf6cc2fe4b2e149db038

SHA256
446a098ee493cd3784e4c5a28bb429419a007ab63a24f412501212b31cd5df53

SHA512
dd8c9f8227c97aacca53482dad01f95eec52b0c876e44eb3c6dc3f32e27416765a114685c851daba209ba7ad76f735bef4eb6cc861b651b8ec3d8b34dd65cecb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
484232d3548594732bdfdbd8d13910a3

SHA1
fd50c2ded8ff8d5c83abf8b8c4ec90b6135886df

SHA256
6e8aedfa903f65c636169131702df747203f41082771fc81362fe63b4e42f210

SHA512
41bc79094ff2532dba2055ce2ca760cd1b646c93ed4650a215aba2b378f03eba2b94ede68fb4bba81887b3973023781762b205e41873cee11e776eb0c5b0bf16

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
51e593dc1a5868716846039bde5c4b54

SHA1
afc67a535d24d825bf5affbb69cfcac9d5cafd32

SHA256
9108cfb1b55c9a7c591ed59e60cc4c6b71f549de2f346b785febf477c2b22427

SHA512
39bad57f83d921361deed394a5cb6a25a8a6a509807cb69e74cd8dcf8f589e07c8df2eeaa1d6eaed085408ba1a5ee99c0018ac6dceae744dc11af3326a7a77d8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
f4fae228e9d18cb8a51a3df9c9225bcd

SHA1
3f8db0c3a65dfeebf8db4421246c27cbdd486ff2

SHA256
3941373f2e4f691013b610ab695e03f00fbf30ff031306f6f96f2200f97e5ed6

SHA512
7fb28857c4dea68264a1b2869e5c7c4540d5fc9691fc775b4262d2164d95e7d685f1cdb6b65e30bc26692e47b9e4a9e59cc5ff6bb226d4f1fc38131aeb2933fd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5c728006916bf758e3ab5c6eabf173c1

SHA1
6d7d73b1ff08d7c49c823e09b99ec40f521d5638

SHA256
61ed27835e3a629b0e6802046007d077dd86f40c8169135a0caeea43a2576eff

SHA512
436fed79ed22c3bcd352667224835494a14b96a3cb7dd02a37a0b45cab2facfb06b99b243a72569e494b3aff3b3e05f8c8a985d190048db9e716552506cfe665

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
d9921cc545f6a5465d99e6e2b6fd2f73

SHA1
acb4c278e980e1c75fc0b4d6f9ad9b9d13f054f4

SHA256
6f5c8bac5fa3974602a73bcb255767bcffb13b5386f8c55a01f60b69644cbec3

SHA512
1a082704c04324afc342dbb6d2457ac98f6119b1ddba7277874c7328bff21cb471f1d8ce36a3b4a3fc9270d8d21a9e3de71e0af86a6f905ed2821fef419a85cb

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
0ddf18ccc0334b02c117bae950673c81

SHA1
e9e9e781a23738ee8529a26463fcb6826e57fd3a

SHA256
fbe80131dd8dbd51bbf45dfdd0286b7f902c28f4e42cb515ac5885948c92beea

SHA512
621bbb4b4fa52f246b609d7423500179969686c43691fd483f6b93f4329a1989b531def5b25ca6234b67402088801e810132c4d53dbdf074c71becc9c1a43139

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
bbb02177f8bd1e43a06858b5bc3d1d00

SHA1
287b8b5e00ac9ec27b6379b89ae39a9b5b2fb7c1

SHA256
a94e4ea8de93542e9f41eb57e4d617675ddaf0ac6c991b8109c23859919a57fb

SHA512
b2ac822fc1f69c8073a7f84bd96e2874cc3263ad744d2333f78af797a69a5fb5a5be1c1a56767607bef8127e0c6f7d427fb734d806b6aa5bc5d0e2093c2ac093

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
b9cfd10273a3fc8652cee7e47e191b5e

SHA1
2a0595beaffae18514631bb54b6b7e2fd0042d7d

SHA256
f4a61ed289933764c2acf3ee2cc0844b4ed6feabf015f518b4f4971749802f76

SHA512
09ac865f11be12d131d5c1399d0ba796b5f24f23517218046298569deb02601333874865e2406518fa1dbfa766abe2abf38b439fe6caf70cf04b8cd211105b4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
8aa12680e631f4aa77613898b9a2712b

SHA1
24e5b44af725a0688611c9280fa50c60fd1f2822

SHA256
96822fd8cefd94d85aceb5fbabbc52ef98dcada896ed477168a7879c2f45ec8c

SHA512
20621cf66d29c5849d472ceb7a4e0c16e594c6d4ed48eaeb5c64a8b1c4b9c58757331f93c4b26eb38a0fd99f73dcf3f750725ae55699428ea3681ac7cab00bc2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
a49736acd69c8d9b358f04ffd26d114e

SHA1
fc1b4b2f00a6ccb3717b6595f891b998f958b4e4

SHA256
429323c73fe8862f60f7ca5654deeee41355042ca30ed0516dfa85b4f85304bb

SHA512
c7ed4208d5166a10dc6f55da98e5dbe688c54f03cb7394c8d54990c7d87d89b0161a344cda27fca6b1547f08536eb88b419b6ef6c95b3abb5d79a87f5bd6f122

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
cecbc4a2dfe96d6bc9b0d974aefa3533

SHA1
aff61e2e894145167d0fc142a9c90b737c31c9ea

SHA256
18c520a025efc46a7eb2f5d69d787bb158a1e944de7eb92cb9749ecb5d079bca

SHA512
05f4dd42e946d5232b29fee208207b1788bb97a8f76f62891e2726fcc29cafa9851876370d6a5583da7b333bd08564ff702ae7b4ca2c4e9a53ebf55183963b4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
e84a34b6c381d256462c7ca7ffb230e8

SHA1
c47a1a91af8cb62c81393628b32097313d0ccf30

SHA256
c4dccc2a6b5755626dcdf831be0fffb2b9e0d805aa4182e253804f03a0edc5fa

SHA512
c46cc667082f03204de6d39b6b6a411657a986e590e187ac40a5b350bd7bc295d6262ce7e80c015f0c91208483a436d9b4bede937bcc44f81df5783dcc744542

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
6e70cfc2659a11a7e66d66080ee51164

SHA1
3072c63a86b91c333922b4c518b1b273bcffe443

SHA256
266c1c346860a8ea71e4c172924b51df98dbb0410ad2ac0a24b679a5adabac36

SHA512
a5c1946af779c7bffc48b65532d1aee43c67f49a70fcad06a0e376b2cacc169802f2413588b1ce470025f87de3b095f95d29b97ab6afad78478edaf89938050c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e27d81ab1f8fce5a87a9cfe199d896ce

SHA1
cea9367e2cbb378dd5c34ac20d8a6736351354a9

SHA256
99c2ead41f3dcad3df4e9989c13a3aa420648a2baeb34c7350181d1e15f86432

SHA512
410fcf51ffa97c4d694b5066e671c9a9c08373f1658039a53339bb94e6200287af0443a1652017064460ebcca9d4bbbae9914191ff035e253bd8ecc79df62b6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
1fc5fdc6d3f8d613cc2492f3d63544ae

SHA1
696bcfd3e1cf62009c832516f1090bf88fd6997a

SHA256
7b78deb668705b7f9e37d17947b7f8823007ef48bcc2f57401c99da19d41538c

SHA512
125bc72304406d4bc7c070f83b031c0b307d0de72f416d26bf3977e46a843411f63cbf049148284c408f8c7dacae13238a605621ba9707b6caf0e5e3a9607df4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
8ac47c399e2fe13e4878d54a55956f72

SHA1
7d2b6e89091be770da18d5b629d8fc538707b412

SHA256
eaeed8e828f55b8e4919b0adde0e8b476e5944de5924a37586213c77f03780d6

SHA512
ce0d04b7c85307ad98dd9731748840309fdfbe385e413064a735e048390a51bd578cbc91626b66b6ec3e1224f51fb6a180689b4dfc72840a5569062620a8cc4f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
7d75bc98740a4751be40ae6b270ce1b2

SHA1
81de9cd285f80f59ba340c071a0a2aae7da61795

SHA256
23360e335d00c903a76ca95066428a6832b2e2175c2beb88f3130077cb954331

SHA512
cb1d56ceab439b78d0366a69f3513cadaebb17ef5693e09fc28c6112bfddc2ffe48199750bf6103c664fe2ea04580c68daa7239ad06d5f14453e54c224792339

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
1701dfead00b2cb3f3b1b995b25cdf84

SHA1
f181076a2f03080e6fa7b82723511cc219104f7c

SHA256
0f08ba1e6215178de05868782e9d9b0867487600af7835cc89b5d84d957716e1

SHA512
feea6e624159cb2239bfe4edd865998347a72fde60383b9f808ea8564ed295ef0865b2764de7422211ade9e6755b32dd05798cac93db95204b6554f57e00742e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
4cd87ce27792bc57f864cf677133721c

SHA1
d59adf679c33bdc30b7dff8dfd98640ca65175c5

SHA256
d56510ac8a293aa9d5731b76a57dfd2e3bef9a47e9bf62f037c6a106219c52dc

SHA512
dd6aa4c07b828f28cf23d03c26c28e10c4bbc91d02afa281fb47f83bb123dfc0191b9451a960bc57ba59f899e9c3bb843972426b0de688ae4701117a1c22e629

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
45d5efb947da69620c13b64478815f32

SHA1
607a3dc74665ab0bbb90228782ff9f2df3acda47

SHA256
8d7cc5235122327db535019bd52a57af81597b6108a09c3d8e9c2be960c9f717

SHA512
64633aefd2bfdf3c91d6db7b8a0c61588ae4ec0b908d3534e720e50aab7a17add243b183cac8fad7e73ab1192b0835c2f423298e1384c2ff0a2c793c874223c1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
1469d1daa233a518e0c2014b200ce79d

SHA1
d808de46d231b9c5f5806963f66efea01724c987

SHA256
e8e2dbde48f41bfd4f85532b608197aeb8da91a3e60d2a9ca34724fbff755b0b

SHA512
7ca44ef3b41cd982f9de2313e3a90f709695d9380c5206703053c5373008b48717f7fa08b8f31b0c715761f281a4d25531b54dbce9fd65944ef065ff2c5087a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656060295712.txt

Filesize
77KB

MD5
3b352d0d87c675ee7f231cafc4fb70a6

SHA1
25cd351eb4d2af7ba7fd26a00a136d2ecc22887f

SHA256
36c88a6ffbcf84f375259d41e8b3d511ea6b49c5579141d9070759df9222c759

SHA512
c6c35108ec69aaf4071d8f0d1dc14a9b67328392a2c4f917862106cceee999d574c2e797a5eb2f3c9dba86c5f36b4f88f11939ce86706d0afe20fcc1e3b7b244

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727656525478361.txt

Filesize
47KB

MD5
bfc4f3f656e57f7f3aa4197491ba0f6d

SHA1
393471d530674b7267a355351960dbe78a7006df

SHA256
f316530fe330d2d5061eafef14b38240a1da183b55d511e011ceece08dc34834

SHA512
a99b84dc3ad6ea039a2ba12e73698abb45c8c5b0498be9b8a855b01b317501e2afd22f4f8a3f6ee1da85e2605ba55bdcb6fd8def20fb2dc379b684dec480ee9e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663169040966.txt

Filesize
63KB

MD5
3e832ffdea7e9ab15def99b99ff08e55

SHA1
5ca942cb9569eb90e64ccef1f3373c32015da28f

SHA256
d8548e8f85d1f44b976422ab4edcb48407acb7db0b3f8b4aecbb8efcc33d5996

SHA512
78582e4e66662639791768ebe8e0edeae35c7bd9e6110a188e16ac7084e787a9ddcf091cb8695b28b5b0af47254d6649bef6407b84c95c4c9ab0950838a52ff3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727665885684530.txt

Filesize
74KB

MD5
9eab6c9954a65d3768310550fabd44f2

SHA1
776091756b7a345670848072eed29b47fd6ebeee

SHA256
22bc5a68369107b621a74f0cf7802190be2fb70be54426493df4134aa245b14e

SHA512
6cf1c6ba2829b991eb1f3f39c5f5177562cae844ef193701f12103e497996d718ab7718043b96c86e7c95468fdd5052ce6ea1dbe2b7d0a7842951326b8845082

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
7ae0a6d13d4024ea1ca8b8e5fadcb8a8

SHA1
2a603f970218c0bef526d8ed5f620c0c9cbbfd0a

SHA256
9b600242fcf4c57ffd0d0d8b3866e8f6f0c6f5c51d8c107ea49585e84221936f

SHA512
19b61d31274a4e904ce6f779b9f5036710da72931345fece15fd90b34161d86455a26a06dbe23e2c5f59073f7a958be1c1b55aef009a0f32f4a84a19cca28f0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
83aca83c3068a712167b2cf8a361f20f

SHA1
6d524d6d687d12d7558b15aba9b3af277bfb8fe6

SHA256
b09a8003e964bfc95b7ad2976ff39df2f1c5eab7d7139778e951e9890a0df67e

SHA512
39fc399eb4296dc9962271a4863752215a2b050797ef741455f1d1303d3237468577779d7bf1c95dff3e777769ac5e3ab713acba4b757657f9461c0421b6d337

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
4d092dc08a3331e45926653c5cb08af0

SHA1
777edaba89c4bdf540a6d2c58909a857553421cc

SHA256
1d275fe53ea6cdef397f671f91ce53f333549768ab06f44b224d047a727179e0

SHA512
c5b2af9f06f0278ccbd61038e9bbc08d1bd98769e2ce2533e94e8799da402bcf8bf5d04bfbefbb283eb2b5f65c59b42d4edf56d8ff8d97a46b4afef0495e32fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4d88fe3582672ac433daae5e540d3105

SHA1
da046db02e8bce0117900e9f353b0a83e8944a77

SHA256
ba8a525bb906879fbe693735a745d8dbbdfba11d8569fa44e3e1c389fb267008

SHA512
47be81a0b230527119b84b61d84c473399a701fb071568bd3677baad3243417d0dcca4eb0c575b79cea7925025847622e60d3e20420247755edb4736c145c40e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
c9944f03e526859576dac63006705be3

SHA1
eef54c0a81fd564c3543e7fe80149dd9aea4896d

SHA256
1764f6ec727f1c07953ec708fba65b4c3d10249cfc536e30e14a27239e34f0d2

SHA512
0d372d11728290c755875b6b10d2deb7cb997601ec8f9f223e1616ab59b243a02edb0b8ba4dd7ed7da6b875db92fdce41065070015e9070e46ef0f301933d280

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
69853d9cf29c76d8d5b51d20b425bbf1

SHA1
a3d238ea8dead7f9201d166f906fc177bf8801b4

SHA256
462e4bb55831395f2cbf8a9bed33e7660f2886614c9e8cc6a8e7438bffc881d3

SHA512
1611fca7f25398beef98566071c2f59accdb93a96a9c0fce664fb7342dfa9bf5227f768f948850eeb7e154b01e4aed127680c59f445ba92ab579a1250e1388a1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
10238e6cec736b9c254ad0d35188798a

SHA1
cb4945435f3af01821bbfdddffdf9b7034953b45

SHA256
5fcf065fc54a826c3fef789f94dff915dc230544ef440c53c54a4c746f17f001

SHA512
fffc3c0eebfc0bca3312490fde89335567353c531a6f53db35f8310aedc416acb11f9b0b9a6acc4b37bdbd196c778d4690328d2a080d37bf72763f5e165467ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
0b698f5de0e38d0b445aa98490f8a7b2

SHA1
5963777f6558448dbf6268032f804a4b079cdaec

SHA256
1017b9f68a9bc8edec3f3f789f3a9e5a737fcfd9c374a6950386dfaf06da058e

SHA512
9a44b670e2a136a26647f8b16cfd8d565fe2450434d60f5d58c7011377cf96b2debe7237b3ad09c502fafaa917c1b18d24cc656f374396d0d8a75e5dbc70d121

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
13fdbc11a635f54ce3c9e8411e55d64a

SHA1
2fa6a5f5a5bb31a8d63d0cafcca13d6f433b665f

SHA256
1f74b8cb7a23fcf4633be4156d1bb7407d4bc218b84dc0324592a12c929bbb28

SHA512
b92c54f323e4af02c5b48f74439785693bc7b4db6cae46080f8c53cf8c0ada619790967a3bf73909585404a560f1e186a06cbf4494c8a0b0b7f2f8ff5bc0e0b6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
4d6b64dad687ee475e5c3cdbf2607bfc

SHA1
9e5eefd52ac081ddb95ef6040d189c5798528da8

SHA256
89177d10c4c695ea9469af9862bd3d0b073ecc0d1c223fa350423f12519eef1c

SHA512
9da08b50ad77866e1e346e9b99ce552d28e43afb1423f93f7e1f42672f461f4781dedca414de3eb1b632942ae01cd2b6a8fb0521f61189d5095c82572b838a1a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
7228165942846583f309fabdc1e3147e

SHA1
f8f84d0fe46d66453d7debbf426d8157ee84378d

SHA256
ca6037c94a7103161a667ef7d64516f1f5cf5ccc0d05387a5ebb7ecf10fecfea

SHA512
7e7fd48103898129350ff438df3b7cfdc56babdea33d6a5c91693f89af51756a8db532713037657cbcca93000e7ad60ba92d6424c32c9cf6eb39cd72eb036b85

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
dc0894253abdfe41d9fedf6d37fbc835

SHA1
50c55e1316be91c1abcdd9cd7ca116672aadd0e5

SHA256
c643e0d6a79c6609d59c117418614a42af50308c04ee6a5d84814f5e93187539

SHA512
9ee84c304f5ac74215f1edbac6e9e9c0c41c09400f089ab41ec0f4fbd1a3fdd59bdd7f6e7e9b5b5d84a68dc17e12fce6a98725b52106e227e2706c6d13766b9b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
3a69f0c1d367cdcfae8724aaa9d22857

SHA1
1baf6a157d4a0882f0978f443f314ae18b435157

SHA256
887941fef0d0687bf9bf9d77869652bce9b56f70d46e595aeb30e7817f615028

SHA512
c4e1bceb372cfbf1702dbf29c042ff0f650a7eac63b0c1abfb341d7036e094c014bcd58c1b8b26534bf76c0567bcfc4e1a397b517ac3b1fe3b60b18ae5fb18dc

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
0c6394cf2e3b9f32c1c705206faf7fe7

SHA1
7bc9151a85ab5419a9546b31863f56d8a89ec9a5

SHA256
5cc75886c6113d0b7b016ca165ec4f284a090f34f3c2cd1905bed112815b78c9

SHA512
3e58a7bc2ed986a4a556e1103ecde5804acc57c03d3defceb092f24a045005e40da16ee97246348ead4d5aa14b187e542166060214363da87c3dd224963cefa3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
cdece8523bea453fe5fea23bf45e349f

SHA1
1528196e98ce330509d73d3717e3c153d89e21a8

SHA256
8c969b97a93c871ed46b1425b2559e20292bdcb7145d8c80e04dc99d7bb321b5

SHA512
bd1845a4eb670faa46646ed310f5505c84e10ad79a4b707f8ab7585dc79b0b1ffb87b4acccdbcf0b61abf46cdab805daf7b4edaaa8fbafb3c48616f62e5f8975

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
eecae00fec1351c3a331f35504f5d85c

SHA1
9c88104ae401a62e7400ca48a5ea58f090340e07

SHA256
6ddf282741e7d55d7d873dd39f0d26c15b2f481d7178dafd6076d88a44be358e

SHA512
9943eb3820c3144d2264edbc21568cf8dae2860a36bfefa935680ef061a531b224d873f8c12e38c889b4fbc2cc11cc9138481114503b8ca36bc08b15891278bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
6d5d079a9a1347bdb0e7354076776eac

SHA1
b9bace70a3a7b2018735c70adc627ee3c9678e56

SHA256
07473e71cd415c4f93ba29d65f9cf4078973f6970249ba71d4a632a0d12d4cff

SHA512
45d82acca0d0856f63489ac4ed5f3a67bf9be59e57cf134c2dcba8d6afb792d4d0c920d83586bf41851e9fd832ae6eeca54d2d570a64cbb8521b8771dd503dd7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
d4aaeba6d3d63c0fd227fe7b007bc41c

SHA1
db0430fcc67169ff6f73bb1ff7932a591875e2f4

SHA256
fbd9180d224d972d6b1c12eee6f5bff3765292ed546c957bf64b4d6aea0e4b5c

SHA512
590dc36b8a83c54de4e7c5538cc9149f2396287f58683a939f25608266d60629ebe78b9ea575f6bc8fe0d3dfe638231267eaf92ada17d62d80d779b2d5eb61ee

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
04d496c0740a4a1c8d1ba0e2042c8fc5

SHA1
8b34c8d2352a3f018ed62b337fa408008dedc9bf

SHA256
dcd5621ba84beb6ead9de29bd9924975c81a083d69ac83fef29bbeadaa30df0b

SHA512
6edc6a85419b78ad2ad71bdb6dc182b6f96d0494a2bead22604f61c1fcc37c4b364207bddec1f58612a6a02edaccf92da46b8e6d56f4cc0e819e8f7392a91b8c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
73c7325bdb89abf81a3fdce5774d7b36

SHA1
3a8cc7ea6557d64fb734f10275c9b95958a0b4f3

SHA256
bad0a8273d21de17fdcc629f793826c765ac2f54c0856631fedca42b252cf517

SHA512
decce0d486a8c55f6f5e488b3da0f9bc8163269bf08d90130e24ebf922841a13340285f030da4928a9eb2a01ae89e14ac38b061bedc31f85ebf010a0275ded08

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
142a42b6d6d9ffc303671d54326ade9e

SHA1
90463a3252ec2cbf64d55d2a08a1e61e2a2cd5b4

SHA256
bebe10b352f716e80b13efd71f4800512ba5eaf05a3bb1e6becee6ac3b8c223d

SHA512
3e8b1e29a447308d75e40aa7dce3182a94c7fcf07e0a1981141bef12d0fbadad98ba987befa6be5e5a3d2b621a0b1c7e4d83a8ce4e222d196fa9c17987095cf8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
176c1265ee258b7a7fbd96eacbee0fb8

SHA1
a20bf18906269a2a41f9b44f460d1ecbc2ffc2d7

SHA256
bfbad172c852486f43fd7ab813e10144cf7f8c5dda9e604b24d30705e5565245

SHA512
d1a806e85ebf44970ab7d6eadab5efc482b3ea8fa4ef65a5efcef5ce4989894728cefb1fe3fb9d6d9ecd49cded5949e5ad8d3af8f74629e8701cef173e1edc8e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
603cb5dfbdc659dce03415e98c545cf5

SHA1
5b24290ca85653e7554cd9e5f0605e6b94c4e51e

SHA256
6b2eebbdd953f76ee76c4100352a87471044ccf9e8884223eff7aa40b6ad3f08

SHA512
46b096a69073a02f9d1c1b70ffc207269c6f881a97485060c20dde760cd4ff22f06ad75fd14408bc48545aede31fda1c7e331a37a663673953de235eb015a853

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
51af1e1021ce90c2977da102874db2cf

SHA1
e3079cac2293c0a27eabc12952f5d5cc435a38ba

SHA256
5d83cd16efeb3258f7ec213bca9abf5221382bc188222d37c096e0e5378aaa5a

SHA512
1a809963e68f63fed5b371b1bbf008c09e2a9a21a4b6fbc98ca828ce49bbf6b242d59ed8a1dfbf2392c8426eb5e9bf6f6b8623b6bdae1fa20b4a3603bc2d3b7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
cf99ff53b38e87c8e9b19d53a25763b8

SHA1
86582b4c604e1c533cad8d8ec7aadb96d1ea2c91

SHA256
a72438f8cfa38b4303cef861f7056da22542317aa0db425aa0f0679eb3363c6b

SHA512
032917b147a4488bd1ad5341b5b124f7f420f349ab928d3a3b6b5788b3eec3a2e634c97ae93e15a586c60cfc8b97a09d512082571a12f3b1ace0e9277cc697b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
a80d27c2584c9250def746bca0729edf

SHA1
ff859a1c903780351f8b76ddd4d81395581c83d6

SHA256
328aa6e9114b4ddfa2e10cc0a0af79ad2b1332cce2bb57cf4fab19b770e8b215

SHA512
15e1244c315cf5705db50d03a05b62ed78ea0be648ff04d1e030d948fc9d03a81152d6e2a587d501b0e3f23c3975807eec84383e500354b0e46a1fb51332edef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
59f712b2c8625ca5fa69a95c45bae8c5

SHA1
e600ce5b771b23f921d82bfb615646eb9606e928

SHA256
ba2ba645b35d886ef24c661d185769c9988ee62662ea1f8296bcaa1d8451f29e

SHA512
5ee68428076384289ee97952670d041258b69f94a392dbaa0d80a1bf45ed045dbf847f2a236208463e20aa23ce2b55a5acc1d6b167def11e6b6df3ca88d1e1a0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
49299f59a9be12b5c5bcad9c53d29a34

SHA1
32b6d14ded3c69198de32a1afcb2a905253b9a90

SHA256
a06ff8a840ae64f204de8b68a64134a1b298e3741f9f8aed26ddd31fc1533598

SHA512
9cad6a30f14ffd5f87bc8fbd6eaadda819000e904d893f05f0dd7ac108cbd9e0fb5852642c0c1a8f9f15cae8270f6d8866e6622a77bd73573e6a04b1af1879de

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
d2bd722018946bc2ccedd676c7d1fc83

SHA1
8bdf2176641b75f58cde653c4bf167fd0856c8ee

SHA256
ec78620c85e92817194cb45c2bc6ae0ec2ec91bd1d7397bb9530d90fe2495048

SHA512
c16d609a1a47464e8da11e71b5bc08cdc7beeab8edc5cc0fa70f8fcdd1eaf24ec80bd29c60ff8bb9e07189e19aadc3f0a92d2471d772f54b76440ff3f1e70da5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
b4b5c3812bf762ac54f9758762745507

SHA1
2b91947a9fd35851231a1c0a758779fdb7ddf2fd

SHA256
e2e8389b14823f888169bdcec5822cec823a7b64fe546479bae87dc11f612a1c

SHA512
532473f918be7356b03500966dda5230f563b209c88e0abbb1d7fa3fbdd92075469df17100d469de0e9e118d6ad729e1e61af9df8799b66d230e8e36e583f179

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
333063df6e0c53a7f6eb49ece0c1e030

SHA1
15cf0aa86a11eb3823484b1ae76ae114a57a541e

SHA256
45a79c3ae803a54a6e6daf6ca6748379539ba373befc75656225abe3434cd6ce

SHA512
f72082407e6bc0b89282b229ef24dd95eac9ec7e349ec9771a9f9dc4511679ed335530721c7186f27e3e69747e1918ec740dc3bc0045a9da1e024fa04c978189

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
f9132881e342a267c2c2e44826897ebd

SHA1
3f9d0ada92138fff02e002a84830bd89e96c4413

SHA256
e11579d62592f3774213bb3b96069cd77fe8016e78b917bb0b4067903f2705ea

SHA512
f97041812550facd5ecfa524ca57cfb7aa329ecb86abf749764f3092dd4db23ab401e6f73f2ad08275e917a5fa1c0366cd4d152c27d2f26d5cb6507af8c6f068

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
1c3d95c17ae2fdf2cd3c7ee4c5d300e6

SHA1
5490016e626ba876d920435c7a5639f841b1d01b

SHA256
4fbfbb8caca3be5198c2063ebddfdaae9a75f66b9e6cb70841bad72975f87dba

SHA512
83e99f72c171cea2578135fa0180f4da5bd309fb396869be8c1fe6d6a99d4a470a15091c8b00d9b0cdf936fa246794b8f87d6a2e3aca1e14fdcaa05845f6a547

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
3c3255e647ebddce54b95a7b374bfc3e

SHA1
528b144518f2fc842222c2139bf51817ef5f555a

SHA256
f1efc09750d04615a6661017c61e49ac2c4988f98c483533419ead27054dc151

SHA512
a3c50e20f45a5f01b3b509b36b59b109485e5f66dbc026a81420076b5e1db3a97354c3dcc45700f09623613781cbed17ab5fae0b08ea5a3e8356c7c510530211

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
d4a21021f6dcc9d2442dbbaf8a3b66ac

SHA1
1bb4443be1e54f29debf28cdd7e54597b2b1906d

SHA256
6f5a4ed1793ed66024b220a5cf87fd3fc09ed34e6274e3c9671c0aa0baefbfbc

SHA512
76e71d431135437e71bd173532a9bde3bb64c99e342bd2deb6cbc79b9682b8df8204b5987f22283b8552a0371ea9ab99a10dda05e80f78d6a9655169d7a45143

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
6c39d3635ed54f9a9e0f0768b07b0372

SHA1
cd4e77bf8130391d51411af940ce55911eb3e258

SHA256
0ca17ba818d2b841c3e99d57f47373255205de77ebbbca7dfd9953f7ebfe6ef4

SHA512
7eb6169e2177cc254de7c42249137b799dc59c71f4b9596533d528b17ef6e013f649c3b9e8f5cc2d10c323eebfbb89840e07a33a09c70e19a5b235136b8d57c3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
a8d9df5e073bcdab2ac26561bae1238d

SHA1
baa2119a39c42e12ef1753276e7299a96eea75b8

SHA256
6b16c685229c28e1169db69455c6b3a2c77c0cd0d4fdd64f33781d872e64a013

SHA512
4c6c3a61f9fe0ba4c520aa8a7e11fcb9e52090e83a8a883fc27009fda2acf3a544ceb62c4e1ecdf7365f74fd3084f2c00cdd56b9e61b78082359cc35f5c3f834

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
b2e95c77cb09b38e3f4294d92ed60e77

SHA1
914f878fae35abd41433bc80888d16528d47185c

SHA256
7b0cc904e2cb7298ae693148921a1c5eb0837f7b827bb393057dfb16fd0070fe

SHA512
c3417d4524ce31b8cd47f82c0b5b9e2110ee585fe0d4eb495bf0a00685bd152cf90f76cc05f0b8425a98786bfa0bb86fc5973f8a101f484be7e9902ee9b474e8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
ffdd276d8baa5b1f91afd1114cdc38cf

SHA1
31c7ec0b0bb48a05c1b836a2d3ac619e6d704e74

SHA256
1b347836a0be2450b8b37311e5662299782a7f2ce376594f471e52cc3793c05d

SHA512
0d9d1841328a4eb1fb86344f936e9cfcce10e6dcc932d9c3e860d15f268a258a3df101ac266bf7ea934e7cf9b3601c0ce7d88d04334cfe7b3ae37deb12062c3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
6b58dae10442ca76578a606eef2d8f84

SHA1
efbb99a19c4e42b8c02d1cb7ce42315b5499f35b

SHA256
4abe76d191a57072b1c7f50813ad0338fecb18c9d0e99692fbcfc3c3b1c2355d

SHA512
be3423257d3c2317dd9df598cd8ad04aa52d002721b9dd11f90ed6ddda235fcd94edae0caa4e5665511cfc6e616febe0daa932f612e39b8401efa889d086f4ed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
73672d6abb2cc8a68f2131aea069ab6f

SHA1
127bc18c217493ecfec62c63e6d6ca847481df7b

SHA256
54c3292c04811b275575c4c9f3558301b7bf74f270bba94aed92b0c184ffd791

SHA512
68afe9013e28192fac18e347e0fa2d9681aa8775d4e156536ffb5afa78d7ed6041aa0a15eab7fb0e336551c633729940ded64df853d9074ad6ea0b46e3187e07

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
51e65bb172982c51c8a37b3741f1b817

SHA1
4e1fd3696ecf893aa1a30d32430f9a13bd93bb4d

SHA256
2a80e4675e36bb466739ab78bf851690de12fad33cb1f356828b4791d2ddb26d

SHA512
bedbb7562e057e9a9885731be1316863c0e2bbefc4639029808d6bf4b1400d94cba4332a6091834efe661bddec058bb1454c1aeeb4fa204edc63157a3c17a5ff

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
33f7aaa4e691077565fab751b9ef73aa

SHA1
9d083a93d135d84e58d0bf6b63091a70f8466c36

SHA256
bd00138f0caaf5cd7662353aa454a5f1f39182a82bd3e947343da9247dcbc4d1

SHA512
60db93b218a981dd0db75be92b2b1af9040b24b1eaeaf2c995d0ff5216a3a6e0040d26daf13ff61848b40970ff29117652fdcbb2fef2939bc15a9c176f84476c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
db264da3489e6e54cb16171b2b7f12a5

SHA1
0f3a73f998c712d580e354f6057e412e6bfc666c

SHA256
5ff8e190ece613b69676e1e56832ff5d5b6477bbaf912f0d56e41ff4c655b20c

SHA512
2864474ec4ad33f7a4f571047add974eb12ccfa5c0829829aaa122eff07c12e03d0395029c9bc4006ba93bc04aa99d90e48fdeb954a86ff607341bac953c80a9

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
2df2e4f7a4e5b1087ae8f35c9136e3f3

SHA1
d7e19e5c8ae57cc793995f58760b50e1a042d897

SHA256
140684b4a9f25de8427b0bb993f32ec04c161fcb6d8567bc414ad213644bb7f0

SHA512
bc69fe8f780d6e40a54bc6819140a0d1c2fcfa8b988cf7ef1e73d5e2862a68ec19b067fd34397c08cbffbec5d2bb76b2f7c3209b46c90e547fc549eb4ddb8f23

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
02b50d08f90946e74b01a29fa6149b8d

SHA1
182fcd87eeaf9d3acd2c8ae0bc6d89e5bf431909

SHA256
df46f56f77b7f8ae8621512806b24da6b024142ab938e070c95296a462046cde

SHA512
a2e9d16f14d48bc71a11a04131071450ff491f672ca181285af8182e4e9120bd206cddd6e324d45d8d6e4fc3a656da7e5870aaf653e1e5867613e60bbb36769e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f4f212cb5d73336f6f9bbd05c148fb31

SHA1
cec1334da6d07771cc3f4128b34cf0c7ef539def

SHA256
2a2f7f652071cdc255184fe90f69347ab6cded42822b3f3772639fca9250b94c

SHA512
49a9d8b6c0c7fd43b648f88f7428f0ab04d5674f6a9f50129a895bc43c90571c495398ce97c8df6ac5c3eb2944e5f2ef94e6b2c1038fc74d2db62d79d02c6814

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
7688e0921334a882e6001b3bf10e7470

SHA1
e9fbac60d155000c410bd2b8dba16c49ae92fe80

SHA256
70f2916c33e4eb4aa4650bafbb42850619be990cbc88a6adf224040cd42b32f7

SHA512
a25f0b16aac1f44f3c02b28c2052bf972c47128b7b9bb060d770cf6cb784beb764c3a0929ec8010bf7712bcc3c73c936cbbfe0642a858e8ef3b8bde0dfb9d826

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
cf2e87e03fa70bfc86c6e96c155723e4

SHA1
0c7561d2695bfc378667911dd3ed640dcbc567ae

SHA256
c65c5b3695ad6e517a28ce0877a4908f69b59d68f96869823a66501d83aa5a44

SHA512
d3623fefc44d723b73ff0353c694a8722fbbcfc37dfbcc5903251a0409e3ce1373d9082eb651eed8bdb1a505a1151899c70f5730adaf017efeb6a25333fde801

Download Submit
memory/4104-10658-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-10889-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-6437-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-11204-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-6436-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-11209-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/4104-11212-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads