xorist | edb8cfc935436689c16d3471b10bd5d0f8094fdb0d75dbfb659ec40497e4defe

Analysis

max time kernel
94s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Size

7KB
MD5

fed774bd34f2f29d0617099a280e9961
SHA1

d2e73b672d3f80398a2621c87ae202119bb5fc07
SHA256

edb8cfc935436689c16d3471b10bd5d0f8094fdb0d75dbfb659ec40497e4defe
SHA512

ae224c67e36b72d9025ada85d25db4d8f689ed94a83102e4800e00a49b09a6e35ac9b4582fbbbb4ab5becc81d0333fa7a1f27ea99c480e18b9d482a76718e2b1
SSDEEP

192:Tzdrr1FG1WDCgmjPZBgtbLLzdtPB5Nj6MUA:Tprr1gkDCgSUtTTDNGMB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/1364-6368-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-6372-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-10746-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-10911-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-11238-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-11243-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/1364-11244-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2192) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2lHuhG9B6quvrxM.exe"	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sensor.inf_amd64_b8789b63cc1d26b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSwitchTeam\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Com\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmiodat.inf_amd64_95e01117eb9c1bd2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_3d2bbc45931b8232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl010.inf_amd64_b4f4b670a266fda5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4sx64.inf_amd64_3a69b9b79f49eb50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lsi_sss.inf_amd64_503a2398f4c86893\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Diagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_usbdevice.inf_amd64_815550fc328ea85b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Schemas\PSMaml\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ws3cap.inf_amd64_6cf8ea2249844b50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\th-TH\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtdk.inf_amd64_9e49da794995b361\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa5.inf_amd64_8416dd97e1ecb6dc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_aa2738d63955f632\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_glk.inf_amd64_7b6c08738ca8a856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smrdisk.inf_amd64_bbef253cecafbb1a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmhzel.inf_amd64_e90a0a4c8e15815d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\modemcsa.inf_amd64_a76330a2da8329a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_pcmcia.inf_amd64_92be188847324ddb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsantivirus.inf_amd64_632d2ac0d68cf3ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_keyboard.inf_amd64_56ea9763e933f7c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp.inf_amd64_527c415254a7e378\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas2i.inf_amd64_a7f5d94e6751c911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\IME\IMEKR\APPLETS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl008.inf_amd64_c0d977e565fdc839\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\termkbd.inf_amd64_a0634dcf2da1127e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_6066bc96a5f28b44\amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock5.inf_amd64_e485f7ac03009434\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1364-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-6368-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-6372-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-10746-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-10911-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-11238-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-11243-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/1364-11244-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-unplated_contrast-black.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.scale-200.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-125.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-addtotable.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-64_altform-unplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-150.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.scale-200.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraLargeTile.scale-125.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\iheart-radio.scale-125_contrast-black.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Logo.scale-125_contrast-white.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer10Sec.targetsize-16.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsStoreLogo.contrast-black_scale-100.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSmallTile.scale-100.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-96_contrast-white.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\pages\wefgalleryonenoteinsertwinrt.htm	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-unplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-48_altform-unplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\BadgeLogo.scale-200_contrast-black.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-32.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\remixCTA_welcome.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7d3.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteMedTile.scale-100.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\SmallTile.scale-100.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe7e3.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\dd_arrow_small.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\id-ID\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Opacity.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Dark.scale-125.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Google.scale-300.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-lightunplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrome.7z	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Integration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\LISTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-64_altform-unplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-400.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Web\Screen\img104.jpg	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.workflow.runtime.resources_31bf3856ad364e35_4.0.15805.0_it-it_f6b11292ecd2c6e9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..riseresourcemanager_31bf3856ad364e35_10.0.19041.423_none_1836bdb9226aa8ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Images\BadgeLogo.scale-100.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ilter-rtf.resources_31bf3856ad364e35_7.0.19041.1_it-it_4d828f383e1d2ad2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\BreadcrumbScrollLeft.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.19041.746_none_6e8480c2c3f34574\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msauddecmft_31bf3856ad364e35_10.0.19041.1_none_1662b4195593474b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\servicing\Version\10.0.19041.1220\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_de-de_fa3317ce4cfa58b0\unknownprotocol.htm	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ktopology.resources_31bf3856ad364e35_10.0.19041.1_de-de_71fe24065d35ada0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wmpnss-api_31bf3856ad364e35_10.0.19041.746_none_bfe2cf34492be8ac\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_10.0.19041.1_none_9e2de8c17c395f6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-twinapi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ca2243db8553227c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Resources\2.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..logbroker.resources_31bf3856ad364e35_10.0.19041.1_de-de_976bb1eaa54658a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..mmandline.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_46ebb241a240f93b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlangpclient.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2fb6df0ff1c1f14b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_acpidev.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_2dc158f3ea3b5e1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_d38e81565538dedf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..estatechangehandler_31bf3856ad364e35_10.0.19041.746_none_bf798d9f2a61bf86\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c2wtsres.resources_31bf3856ad364e35_10.0.19041.1_de-de_e8fd48549aaa6489\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netevbda.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d70f748b0b85cf11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_systemresource-wind..-ui-accountscontrol_31bf3856ad364e35_10.0.19041.1_none_8805ef3af31f4b8c\Advanced.Theme-Dark_Scale-250.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wcmapi_31bf3856ad364e35_10.0.19041.546_none_27ee6a429550ef0f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ialpss2i_i2c_cnl.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_9cb669d76a02ffe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..workspace.resources_31bf3856ad364e35_10.0.19041.1_en-us_c6dca18c309d1362\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_networking-mpssvc-powershell-core_31bf3856ad364e35_10.0.19041.1_none_612c3a64b8567227\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-usp_31bf3856ad364e35_10.0.19041.546_none_95486a60ebac6ca0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_disk.inf_31bf3856ad364e35_10.0.19041.1_none_6347219c642e0432\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..extension.resources_31bf3856ad364e35_10.0.19041.1_en-us_6db0f78132fb1780\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dlna-mdeserver_31bf3856ad364e35_10.0.19041.746_none_b4017de081b11e02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-httpproxyhelper_31bf3856ad364e35_10.0.19041.1_none_c2b8a8d826eca989\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-themecpl_31bf3856ad364e35_10.0.19041.423_none_df2de3fb99974588\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_10.0.19041.1_pt-br_7af0724079a50d79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.19041.264_none_87b4b95ab967b582\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..levance-queryclient_31bf3856ad364e35_10.0.19041.1_none_6ca9c19f281f40e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..-comm-dll.resources_31bf3856ad364e35_10.0.19041.1_it-it_0aa06b66bff46593\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mf.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_768dc96721890720\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.windows.form..alization.resources_31bf3856ad364e35_4.0.15805.0_fr-fr_b931e0c153cb9340\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-syncsettings_31bf3856ad364e35_10.0.19041.264_none_73a74696bd81bcbb\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_mediatransportcontrols-model_31bf3856ad364e35_10.0.19041.264_none_d7f6b51c8f091baa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.1_et-ee_9a72643313783d8b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.19041.84_none_d062347205e52d46\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershell.archive.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5e7dd9332bb785f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\Square44x44Logo.targetsize-60_altform-lightunplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-pcshell.resources_31bf3856ad364e35_10.0.19041.1_de-de_63edfe56e3f3b603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Web.Entity.Design.Resources\3.5.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ttiledata.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5562dc78c83a44c7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..ficiencywizard-task_31bf3856ad364e35_10.0.19041.1_none_2fe1fda1ae0bdd6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_cd2d1cde69f392b4\PhishSiteEdge.htm	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_eedd818099eec00b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Assets\Square44x44Logo.targetsize-96_altform-unplated.png	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..container.resources_31bf3856ad364e35_10.0.19041.1_en-us_7e04a925c1703735\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sysprep.resources_31bf3856ad364e35_10.0.19041.1_de-de_1e758e291e01a88f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_qd3x64.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7e2cb8381ba5314f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_1214973364835641\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-onecore-a..ore-other.resources_31bf3856ad364e35_10.0.19041.488_en-us_dc133ade7c360ba6\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-syncsettings_31bf3856ad364e35_10.0.19041.264_none_73a74696bd81bcbb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ngsupport.resources_31bf3856ad364e35_11.0.19041.1_es-es_207147938614757f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..-coreinkrecognition_31bf3856ad364e35_10.0.19041.746_none_cb918c7159c1f7d9\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_netfx35linq-microso..uild.utilities.v3.5_31bf3856ad364e35_10.0.19041.1_none_d9377eac1a538bd0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "ZIZQHIWULZLKEOJ"	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\ = "CRYPTED!"	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\shell	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\shell\open	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2lHuhG9B6quvrxM.exe"	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\DefaultIcon	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2lHuhG9B6quvrxM.exe,0"	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ZIZQHIWULZLKEOJ\shell\open\command	fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fed774bd34f2f29d0617099a280e9961_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
07a9e001847ba4538dadd860f1e9412c

SHA1
a529e162c4fd3ccea096aceccb580e57fce771e6

SHA256
46ef7ac3861a7935e1674080855142362f304c1dab6c5cf179478ad1577edb9a

SHA512
6d043ffb101a02f0223edac23027c58d75a57fa70796bde7017ced9a82d5d6ea1f771d59b86fd2ff25ad86b69cf5919c7e719fe8fa204d9aacf88b427ab76364

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
f9a18c5639146eb821472793fed4fe1b

SHA1
bc2fa932c920b3ea6d66612cad656df93c7b88f5

SHA256
dda1ce567d02d3ff8956011f727e22aaf77556079057b11b65b171bbd6554b1d

SHA512
72caa8acb0ffba18cffdbfc7f50eec2d44eac044524c39f4bfb9244db201cae3e60a9c6530322083e5bb01664157e0ec81cef1afa473c47ba1249149bffd82d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
28e4855ba4f705fd4796a3ba8abefc9f

SHA1
39c8d8fb0200b3f2d0ce36fce000be937856b3cc

SHA256
01edafab684ebb68bf783054ac6c97e05e79212567c7152b40a31f72df9ca615

SHA512
3377741f2abe547691b909bc2914944c633b1641f44991de7a95c43cd53f7236eec1e3b4624ee0cf808e485798dde1d90947a7ea5eaf107c280b6e806c3c488f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
be4331a00eac80fd2a73e20aae38d98c

SHA1
21f1dfb4feb0fa0370f1af77afe557123a6cbbc6

SHA256
77a15e033e52341971be0bfe390b033cd6151927b6608f5b40d620bc62a0a4e1

SHA512
faf4ede07e6ea9d3b3944354d224453b20618c9a96009c5a8a6d16a0a84ffe6153e420156f5b63a97521ecd77658a071264af74ae3a2d5dd505fe33943ab8be1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
7099f2b9a3fa5926ea186d7b35c178be

SHA1
356b4d9666a4ee53258e5e2f942a64bb51717086

SHA256
01ffd569f1ec6d3c0c09c2163048418b01b32d34aa86ae376a5d528165936017

SHA512
5de1d00b9b6265ffe15967ef84a25c94751df05c8700e17457b8407c6d57e66a3ce3c29274553aa1bb0e09cde51b85a863eb02d6a495060fed37317763df9d6a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
31d96e5a7fd61e796bd4bc1f0f19a261

SHA1
b6b00c56d44fef656132f7c21ba714b20954b0cf

SHA256
46d2ab2e1536877a95bf10d6b667b0e23eee64fdfdd2f99804ee07850dcc0fac

SHA512
74b3fbec9722b25aaeb3a5ee0d2dd50a13d78d426af938056e88143ac0f52f215bcf0a877ce20dedb7ba2e38c29b82a5cee4f7bc3adf6e4009420b83dc51f1f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
782d6840c044b08e1951b75501e8a90d

SHA1
ac7b4309654fbf765586fbf3928270107dfab019

SHA256
15b9ff33329318985324eeb266b061705b98c3bf58b163de71d0f3bef6c3167b

SHA512
20c3db7331b376bd85c8737849d2d13d0d9411796539042160dc01b37ddfcc62d66b832c49a081f9ce81e25c01fef1ef45ecb65c3f92859b5fdf0f7b8a215c76

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
7a5f02d6840923321e26d7cbe5c96f2d

SHA1
a8721196e276603c440b38fb7e4a24fb078d582c

SHA256
61f9d97fac17258ecf92229bb8497f8e02f36f18611aa6edae8a6e775ea1a865

SHA512
5a2e2aff02531b7a72e2e3f7a891b197a5b78d126488988555d8b89fa08c908e30f21fce1844f248de79f01c9e1a2fc84e9fe72dcd40b53ba9bd41c153a2600c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
fc86c7b2ad70b987b70ac0445500e3e2

SHA1
bd01752177f0077b5f6bb1eb4a3f3ffa6ce993f1

SHA256
0cc1c0d21aed5d62438601eadd34af6750e37c4ccd130ad2040015c5c7973e7c

SHA512
ef20b560714851b70ff406d3137e73b1e210da244831bb5a493715553e888a270d41e5e484ddfed66fe077930b6f3fffac37990daa6e290a41ad073077848525

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
79a06f6125e3000b3003c3185ca89ed0

SHA1
49859b73804bae708d60e522081d87a16cf561bd

SHA256
60e987c4f68d2986c3e8d46696a873e7c74419a64ef9b34bd739e24463212f20

SHA512
74faec784f9944dd52bc8785dcaa9013ce6782bee3134497815cefec2b389e039b8a5845b0e561782c75f351434670c9d649519c0d696844bf82934eeac88124

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
1c5184e7d1c864944198d13f71665396

SHA1
8ac2bd68b51b8f1dc8b583a89ce66fa85dbae74c

SHA256
1d1a5b5fe6106a1ce97473e574ba41881fc008cc6dffb1c8954eae27b63b5618

SHA512
671ac5e7da3f09ffd3946ebdff71964481dc080e7966f91aab3804c06b028b16b916542ec7e9a93dc9511ceec169c501301cc7e8668010c8c490c75d6b22ae48

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
0fa9f6aad1507121c1ff0f2ffaeafaa2

SHA1
a4a4ba677e8be1eef20bc63f952aeded43510adb

SHA256
6364f3e353d1de834fb95d0aae9d4b72808adedf54b065a9192fd73bd45cd6bc

SHA512
f23a9b277012a7f031222d4d9c91c13481b993e5ab9ac22b281b469826075efedbad1727471000b8f1a05e68c5fafad87dab3e2b0aacee1fc9acc5d13b53ca09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
8382b189855bba92482febb6e84d69ff

SHA1
6eff2f85ee0ebea10b703719e88b93b8d575da37

SHA256
8f027d15af19e1df2907ae458cbecfd4c8fe86f7c7a0eea7adeedd9dcdea8277

SHA512
849168ad2415107614887c5064d88ac6c8c666b51075f8fcf0743060be1dcace9c8781c60d17e24b7c2fe5f64b9d920499314b483fae9f9e858dee83c22b5ee5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
83de1a69a7dc5d97f8bf02e89a42dc9f

SHA1
5cb72a75d882f4f2a0cf184daed4082db649591c

SHA256
6ba4173c338f4ae50a2dbcc67a0a569fdf0179bb113bb218ff42249600568dab

SHA512
6312eabeb78a6590b96476f717dac48a7fe229e63faa80cb26f8fca0b741e722559e3da5931ac9756aefd4bc45bf2be6093b0726f89c6d81e95d638e40576976

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
f383b65c5156dac2363ec2e2579eebf4

SHA1
b45ca4b41d62e88f48df725983ccdbf71fa31ddf

SHA256
e3b9b3688daa715338153b608ebe754941e237a7fd1770dd511bbe680e57d984

SHA512
533a176dc77b01d9dd8d8e58af286bdcd4a5c5e61d64d9c6a1977d63f256e3fcbbf7d94776a7ae29dc306b2b7ab12cfa7ef9330d460b44c6ff57c4659a739d09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
edaafe7bd7f4f0ba24e4fabc031f90f6

SHA1
d8677c951fd29d8f9c9b4a54feaa6858fd7147a9

SHA256
2300eb1bf1ff19554a564bc5db686db143f8a889c14244cba175513392960fd5

SHA512
a960f9d23c6fa09a9ee0d2db67a04123e2faac24eef78add0a9158993aa5ea7c1d377b0b332f9bfcd14b63bd43b972eb8600eb7668b206ba88906c3ae5dda3de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
c29a0ffb96d2b927c1e51f0019d25227

SHA1
81ab6878ef3ddb5579a660b93d285caceeb5aa3a

SHA256
bde57afd67325c29a329e64068694a8d52b6f7146c6323c2b2bf44cf3a8e19de

SHA512
018fde85b437b685305ac70e3f84afb767b0f0fe5d6511a48bdd62bf0c7b96d480968fdd8904c7fa4a55acf4d96bfa93456550f6e4636955e8340f1fa9ee9bb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
26f95432430c7405ec84521536f9c628

SHA1
b5009975d7200ecea5117ea493441ae2630c0a3f

SHA256
48bd4457c50f5b127289e187f20cb1dd681fffeaa5d192fc53869fe8cd4aba9e

SHA512
bab472537976b705aa7cabf4fdf51609f7fb86f31ffa7da757eb08dad6c0f42de8b7ebec06ecea9025855f37a1d7d486744fad45a5e3000567dfd2d78bb6bba5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
af790f90c3552bf55b3312e088b1ad09

SHA1
c9ae0581f5789dd3d6999988f868cad8a34f19a5

SHA256
3a4a308f977df93308422837b66558d5ca4a238aa63ffb14fc8bb3f721750ca9

SHA512
7e97ac6dece8c3b7462b162bc4bf73ca13001c7c0468426a46c6ab6c7ec3e4c2edfc0f642b2c2dc033efdbee8e6dbee980ebd5adfde19b78ec38a263243fa62e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
7d002e07716be7772ed16dee4a42a110

SHA1
7dad6a01d3af5cbf529d918390be17d99672a427

SHA256
1fa16bee60f7b7238899c900e0442ce3c7a444a8978c0577bc6470dd24513832

SHA512
5196bba1996c8029812b0ad913ebe0dbfffdbac0332dc68320771b59bc205860c72abdaae679a6bb3135ac6365c6e09d261d9ab60cab7ecd19bdb95724cbbd6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
7acbc7638660166fae572b1f29a6ec8f

SHA1
d86f52e652b54163b3d9eec160cc4cb29c1f4a61

SHA256
a9e9fbf9cf6194cc6eb09871a9f4a2e370fc693fba071bc5504c3fba8c5cb176

SHA512
0e7859a978141907be833b0541a7cf16feab93b6e23c07b74e3cef90e53bfdf315566c458f323b4f32eed1a2735620d6e215a62b38dd69ee82e5b38290ee1aec

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
2acfaf451d38a5df0e91f642aae0c93a

SHA1
ff30d28a1222970dd300e465ce47452ee659a577

SHA256
74e406b85c897141bef24720c2138b01d732ed5fe5577e36514dcbc6e191d756

SHA512
a56030d73dc08c405750ea276b1d5b4dfa59f686c3efa35e193c028ceadb9085aa873b2d1fff882600175f0d5667d70a696a0adbb79ef56f2647c5939fd6fd0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
29383e61eaa342a0abcf99eb2792d05e

SHA1
8c8d6a72d7157fca05816d114a95a13d79166364

SHA256
619128f395fe31273e34c5eceb83ba663ffcd547d7fc44352603e539fd099d85

SHA512
c65c674e7121317f1c8e1cb41cf0c244751dca13eb195b40b25f85f6b57a750bcf8e7e2250db959943bebe89732930abd89ec2987159cf22208ef8853f3528fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
90dea32ea5cf4ad4a7bd99604d9e2847

SHA1
320ec304d4aa38d6f794b776b2295ac2fe342d22

SHA256
875715e546008eeee000a4448ce85995090b5163613b1f244a5d74a090746b9d

SHA512
1dee6bc5bff3ad799b7fa8a5137763a08b5e2d4940e4937f4d4f7afa35852d6df288920579c566eab489f1b2209110e541b7749cd8ea30955686acaf0d1a6beb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2c8761efc20212a5c7de09f07a047ac5

SHA1
2cb0636cd46d236f507c1f51db64d8c09862fb05

SHA256
76c5ac880e93d4521ca986568e950541aa8586dfbe81dba511dc3a9c8e928987

SHA512
f950ec0cc1dbe238fbb6350ac0bc2388dc0c6445e741edc56e4147c580c07572b6f0c9be6bb1ca9fb58f5196e02d39036b9d9a86d86169ba77f8189612da312c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
c6e81a73626d928bd8c3bcfe12a15a34

SHA1
43ef5191b3775bde080c958ba8156750e637fb33

SHA256
100d2a47b78b17f49528695b98a3f34f24fcd29e7b62333bdf18deeaf778bf6e

SHA512
4f66ba5846640322bc38c2907f5db29216eaa0ec3eeb7da8643a7ab1843c4dcc237a654f096d45e1fa8f2163c0be997f2c49fbeaf5ab37b11c96bb6c5d384aa4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
4bf6fba3514e85e75e6f989321bbafcb

SHA1
e8e17c1f2a47eda3cd42e5680d08b0ab0b89ac49

SHA256
4a27a2ccd917da653597b54739896740c8cb306f50d302972377913b7940d639

SHA512
41116070486fa729fbc4255db8273742ea4a3a97a9a0218d428134f51fd58c5faef04cd9d1f709ab259a22cbc0b820187ddf5a1d7767e04fad009b5081de09bb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
380e3ab5ea0116af5225e44eb95b98ea

SHA1
1606ce696dc4ff9cddd6182c1d3713174da7c757

SHA256
0a41c6a6d9cf6bcb1008055c0dc7461ab0868b5f7612fe598428cf3fdc465ee2

SHA512
cc5ce79e9db213fd5b2cd3d5d23c38ed5e7fcb54fb351778b12d212ec66bb05bdfb48de95094a23be45e5043d51ce8dcc3dea1aac543086d22a1ec2ccdebcf64

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
9ce8cf77cb4c0bde0cf7d3919efda4df

SHA1
5150c9c6f223fe6f80ab47dc2449731f33a356e8

SHA256
ffeffc5c4f6ad8c4cec35f9c6b154afbc83597161dabd2cf6bc491743506d0e3

SHA512
583e35d3b8c15217568bb9f3bfed5bb0f938a0126f8839b0bdb2c5301e65e76491275ddb244a3da1da9b73ca8dfe77b68f5a0a26061b79e2fb324bc78b15eac0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
cb552d49d1eafeb90778f504f33caca1

SHA1
d33ec735df855c578c3b827b46fda15180baaa15

SHA256
7e07b5a5595beb4b9085d21de2ea74dbb597c4545925863507366eb1fc8bb202

SHA512
78bf02c388fcf4a701e113a142b0177c9f4b95eee9e67b06ac22a955b06b2c4effbda490f4e42dcf5fee36a2042b8817ec014e1d27ec76d199e6de61549819b0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
b33c3ac13297d0efb8a2709d1745b0db

SHA1
88aed86c8a6cffb3c608966bad253fb3c45288bb

SHA256
43057eccdb12cc9cf495f151547065914e9b75ba9b5f029206fc672addebb352

SHA512
d9a62a8497e08f4e878e73ec74d452dbbba91cc04f42a8c69c6eb59d636047b7511c319192e56589744977eb67408111a2d9951d6234b8b96ff43f8947f62d4b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
f776267fc129b8a20d3e70b6d4454332

SHA1
c60704f1666096d2845a09cfa3cb3e33f62439f0

SHA256
0759738f4f2ed0377793853e7f157890f1f513cc8bad20450b14020b7d8ec680

SHA512
76002e60e0dbf3f85deec59a6e2b9efb758a46623ea94bcebe7c5e9b1e18c9307204845b4732cdfc83db3e85c3ca66740de8b8faeaebd31a4bfb3ae1ed6806a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
9fcbfe7dca85876014b59c3abfbf959c

SHA1
34689c06775eeed79ea38e8556c065aa98b7fe0d

SHA256
8482b37a1928a555310e9fffb3ef196a7847ba2a1a74571a7312dea86357b36c

SHA512
ff8586e22eacf5e6cd2cee5f906f5fa8f2493961dec1dd927046a0836c30484a64f72050f7d790dc2817c2291d8c67b78f4cb8caa9686f49ac5c07dfa11dcdef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
b401768e582030353ed73964024c6842

SHA1
d6fd4d053958e648a21b83943a23f1c31a7b6109

SHA256
31b0bd0b45db5f2f643424f2a8b667677b9ae7cdf477ede56212abdca4699141

SHA512
49b1093cc3d045c49aec0d84876d2bca465265e61cb2cd497075695df8caae26ec5e6a6eb442df67a960b45a63d5f74a339863a0f13bca87eecd60328201d81f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
a71707621f47c204d6923441baaeae8e

SHA1
d4a68c07d9cd6aa680fe6c443e6a7bfe7b511e2f

SHA256
a314d5b2ce2a3e52d51ae19ac901c5a4cf643180e8ce1b8e8da5ebaaa145ae6f

SHA512
3702246d613320ddce8acb75713af41d89d0a12e79f875c1504c8918a51dad6aed9a8fbab1c9dac1a308088c0c548c855d549b0cef5adfa45de81aef6a2c374b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
64c63a097b8c022f70a39707e1c0c0b9

SHA1
b46ce1276ed2656fa35a1b32aaf3ec8471c5e94f

SHA256
0963e07ef6c462fc2a32b2db9224e2c3ddcbfd2008b78f77413635a058f41bdb

SHA512
8cad87076d999b99026e7bf239be606960d5f352fea09412ebce81c4f2c9e82287c3fb2f8e21a308885697174b943e9bb987d91ac99c9461109053ebfe215e36

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
70eba7c6239b25023a6e533c2176a24f

SHA1
ae9534dc1f87a2f0b933ad8724fdf2def2a87f16

SHA256
8243eef2a2ca37ec4a7495500e9757e8531ba15a08c2a59e689f4161e059ceb8

SHA512
1502de70c851ccaa3f5c4d99f06e628e7032ed1139b767aa99fc15d8d408421527d187dc36399af59ffdb5f1daf3e89b594dc4fc9c88cad56de6791904d29068

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
87c8f97f853aef42d090b78823972297

SHA1
2dfb53bb7a41f1483e952830173dfa525152b0ad

SHA256
d9ec141cc7a2d8bbeca92efda4106cd99b992ba14a681df0bff124c1c48a08e1

SHA512
2c97c429957a7c57211986bb48dce1767b36c29e24c2a60ea9b03de6070b9c0b3e68aa2a57e4b902ccf27dd1fc7daa98f24ab5f7b6f640a792a83fba9e514464

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
355B

MD5
281312225c1ceae6b600791ed4953741

SHA1
55df258ec9dcdaeca68f3871c72eeb6203bf1713

SHA256
44923ce57d4dbead89464d37471ebc805eb275418bdad873bce6be9cd1c69e89

SHA512
acf5760790f49dcb978419a381c7ca798dffe0fbe61625de625be896d895d3a423fb28a5cceee675cdca529aca20b704ffa4fa0bf92c8806e04c9979251f9c72

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
b39c0f00406acbff91088f7be2793743

SHA1
4a6764c49d32ef2225a60ae07484a1a988573db4

SHA256
2370c86e8d41574d1e428d5ca21455def08c374f657ad1f80f511b732d539e72

SHA512
7f26f866b119b6e999807f85c5e2ab1336fc0505e89a9c2dbdab63b50971572ea979cda876267ed64c4d7789417709c335292c740f34b5a16070d14202a4008b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
22631c8ef03a24efb4b62510dd9beee6

SHA1
90ccde79df6d3f8efa096d713e891e5cb65fed21

SHA256
f3e446390de69c7f15eb38be7fc51572d9859e7c91aec84bcd2e1ea41d81c0ac

SHA512
4d38d2276c86f4c9ba897cdb796d5c6e8234d9fcb9a0ba0903fe2fc45f8e51a6d9ac7d545b5e62d6685f065925ba913235c7098cc9486990053285e2eabd7583

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
81f7f0a4872bb46a4962cb1597cc85e9

SHA1
1cfa19c70fb3cd5bc2f66a7cfd3384396f9b1315

SHA256
5a75e920607a6ad8a99c0ea15dc2005123ba91ec0e330b09382291582a9871a9

SHA512
9d534ba9057e8780127d6aad75d95eab957a524462c0bda819dbabd9cbef0e855daf1fa02f2b2b4708d533590e42af3023b607ba61c5430ca57bbd346ad8583c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
6b43df523e5a8e545c09245f8a4d9ab7

SHA1
30e77551a35a907efeff8854a1c6361a4c77717e

SHA256
76c1d569ddf130084ae61b31cf54829acc796db6bd615816778d9cacb3ec587d

SHA512
45a35110ceddc34b76f70c0c8445722dca04d2203029b4b245cd1d3cd41d7b4c1c03cbb05ab06b72c7a666371a9dd274a0399e6567169b0f3c700ef41daad00b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
d36e6743fc7316353e01d187742d8c4c

SHA1
5b059db6d7421dd26f5494eec7bc8c4c8436e861

SHA256
11eb5f9367512038a883269220e727c2bf08251a8c9d0f684522399fdaaab52f

SHA512
2db20b14f67986a51b22474a0e7d545dfbdff589978f95d9b08366ad0295c67832f62eaa4c10b8e5d83a6c15b1a1dcc1fb4915ae422d194b73c5f4025f000cb9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
4b48e3eee97b137962d59aa0fadfbc78

SHA1
f1e553be9ad1a8552d6efeab442b85ab8c487e6d

SHA256
022b1afe3a77297abf0d7f1b57efe172acc6b0bde5b5cc61819b4a3a17540152

SHA512
221338402e9f8f27319e50a3b049833e2039ccecaa5b7427fb2453beb958e50af29233b26540ea7cfa814d8b5501db7822a068f7966c5707d5946f2033501b36

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
b18aecdacd154443b952ef291ff1e969

SHA1
dd205584db7489dc65ab877fafa171897638b626

SHA256
10cbc2aa4ea6cda329e48ab5f4eb3e0d57f70dcb145a75ddd85839438ca72978

SHA512
c1f9df5fffa7c2390f1d61074b86232b008fee06573d8664686f10c11850564ba6aa1c0df7a522131197927712911c619fdd18dc1e24882ec128f74e6cfce670

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
499f23a9dd982ad6d3216a2088bf3faf

SHA1
5682efb1f963483af56c6d61aead36418da0d3a3

SHA256
11332df1112f6d154e8bef0b535a0e0047c0949a3fe7678a64c905b687d3a81e

SHA512
b203ff0eb27aafc105335b0ed3ec8e46a24283a5d6b39827302cf1e10e7de938edf26b20e58c9ef494e82cef9f19283c046a0c7e14643c17ea0bd8a4fb2dc135

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
7f8bdee184a4961e9bfe419b07a5444e

SHA1
36305f641ce24ef530818e69ecfb4e57e38f1303

SHA256
75c93569790bd599c39485b6f98f5d42c66060381fa5fcb7e0bb80c70f0b0f5d

SHA512
5d7a29d09645085712c50c6a055da1f5e504b0733c5d4b4da094a3ca05291db9ff979e984a7c4cf32634f4de356e36009ce40c7150604201a5e53de425bf99db

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
fdfe542238442b9d17f28cae899081fc

SHA1
e5f0251c7c85afcbde716031d44e0283e1a7e20c

SHA256
2684a3dcbb3d608cedd9ac390b846e4e4b8a8a99e392c1c565a2ff5610df0e57

SHA512
0388d92aa2dbeca8a38f0338907d0bf741e6da02b3d967a332ddda35b9056caf3a5951b5f91861ad4b61275b43c8f58d3166aa3fa922c4f8816b93adecf1d4bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
7eff3fffdd21b582ea90218ae1e47df7

SHA1
41fe4e88fc385c784848bd45f6c243c6c4b8f77c

SHA256
795c10fb1ad5caad338ad3993fbeaf82b3a2f970b1421c600e686ece2d2873ca

SHA512
4725cb3abef6a22abf79f73f10b092ca81b43f67f0165d3c5b32e57cc19059ba74a20f59c96245d2346ac41e106f31e5953be6a551b01d4e4f98867900c35713

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
fa7729b03677e7a2f5a3b29147926b6b

SHA1
4d66b39ce0ff7123aa734d22cd1ec9ba07dcf89d

SHA256
fd87e315f35afafbba899d32308b07fb2e401a0c22e540ee713b631909c10ac1

SHA512
88ce887bd86d8daa9f934d05ad06089f56f5c93ff0eb9473459f160137857c0d4402c1bd986aea8477dad237aafe9114beff757eb372c6c62c9fca1907646391

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
1978bf2b334302d471b167ec99ecd4c6

SHA1
e5d0037019e48de5d74f5e25af2daa0dc5f4669d

SHA256
e79f0a89ca9f2738739ed12f07996d5f5b8485272323a7e466f3020b64e44348

SHA512
cc59c1696da185d8c1a3ec9a3a36fc9a38fbe382d7a818003c40a9f9b3ef4f0c90c7c8fcda59677ff560cbcc9d0be55aee84d42ff4bba3a269e057255e96dcbc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
dd595cd4a451c5af23b335944561f856

SHA1
0d8840ac233b71b9c02ea05b8afd2a22a4a0d35e

SHA256
b82f7f97551453d4aa985af84fcb55c49d6e50c7e6b92ba655b673c970c3fec2

SHA512
532d039ad21223a5705a09a2df7032cc167629aad6f01d99af5a63be7267bd1c11e3e5f61d197b847219111ae134574e026497841ec5fafe0711e0a50e6aa797

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
d302d8c78196563908f16cde76851588

SHA1
6b59df5a3152d453e3c8450addb0d49acfb6556b

SHA256
40be0ea5395a98823d14d43b7fbd4f96459ca596c0afe8c7e9cd4441c188b617

SHA512
685312bce090e93ef89f869657856c5dd753aaa5aa09778549f135da6c1830e878429e36847f6f3267da82253a9886bce531bd717e418fc75ce0d226286d02b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
fadab15ac7ff40d9641d821ed12775ed

SHA1
f22caa0536b44add9516a58936dcd3090ddf9fe0

SHA256
90a2bd7e685e9d1dcb88f261a11890a0721eafd3789e995c83dd91cfcdd7964f

SHA512
982606e1ca6bbef07af08e1646b4a7d5818ca19ae35bab1d7f3b4174fd57ac8950f3da031737650472987ca462846a40a3e5412001e4b0323237550ed02cca73

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
a22994a8bb757a4f8ac9cf976465fab8

SHA1
72b5c6f8b281ac294c7580cd5f9413941b3ff635

SHA256
41129f0d66b969f82a2694ac61a7de7a983a5f26f69c78bb4f08f17c245642f0

SHA512
0f4557161d9f88ebee60ffc88f6b180eb9fe7966265c22b6ab3143a0b18e4c01f21d244a4d7d1f8eb0f261c21e30601a516209d00e6ec3bc4f521935f4a6e9ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
2f5ad11caa6cd5da1913c104858eb887

SHA1
18d499eca5e7bc107f897a34c31e369df871bef0

SHA256
3c5e9fae912fc31c4777e5bfe4ec9534815f4a1ede1f54146fd506158ae57159

SHA512
e56e57870200e4a1e51e0b509d6f56721633239645835060407355650a74e3e6418b76d6009b767cb58d9a68e1224c156c09e744da69ed4993786a99884b3e53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
0208ad2a8e16816c65813480093d1e87

SHA1
cf2223cf50b7f62d5823b09a5b24dc670758bfed

SHA256
05cc856292c025018fa8cb7c12f85f52d70f05e07cf4c66a8f4f8e0c7836153b

SHA512
09b268890837619d14d3692c857529224a8fed34da3aa30cbb3b547c7561da2b98ecad2c4a49f66efe5cf06d780536317cab87b212d3b5774aac7d7ea6b84c29

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
1b5aa3e5227c5884c0d0fa144bee1c7c

SHA1
9d6479d4a1240ec778d2a6e477b36a62c69ec07e

SHA256
61206e23f76a5066bd4b6ca88491190a96716098e20310fc51d60881af8e0a55

SHA512
45435e40c17981396214c23b6a0559da3524f1271908f0ca6203b9ae83f1a74dc2a11cb23386f1715f4192769d06fbd68afec898fb856c904aa0b9408c305495

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
0f8f1805de211ff4417485cc47e925c0

SHA1
3756ccb2ccf2fa8ff270112caf536ac81df90233

SHA256
8e7d180ca3024a472d02f5443b5d2adff221634c81cb40e10218bef15f817de8

SHA512
f4835e9057d73cb02a46086e9ad4d5a23a224abaad2331d419748aa54beb8b7e43a0029e68bbda04cc762e8f33705688affbc53a68136b270582e07ff18cc61d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
724d5b6b32166f1441d490d55c9c8ece

SHA1
6283fb3ff35be81606d8b949c53e9a222b6af383

SHA256
c9618a0ebb6a674d1132a5fdbcac427a54386ff0b03df29bb450647eb1421eb1

SHA512
4e4f13750dfd9dc9592f1219b06ed87d99d4122cd328798e1596218fce9426e118d463a1ddae9b1180a631675de9bf192ca084902e7d3980c658bd0c066b2032

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
79c504a88a227fd3872742c5d4863301

SHA1
e3e41e062dd19d45baf5d59c36adb9387bf4cfb7

SHA256
229db7f3c5ad46aa1aef0a22bebbaa14218caf689964e7ef7dd3afd67dca90a6

SHA512
b3e8d8b5098f497478ffb7670278aa22c974e3f526f8328fdfe52e43b139ffd5ae0f098685db91145a486025420a03dca242801d32f58ab8a4b5c2ed54d43a0e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
15418fcd343f33cf9e08f220b959d521

SHA1
20ace4fce82f9efa48ebd1fa1ae901dac602429f

SHA256
52ffa36110c22ed5720f4b46296c13ceba0d926b085a406abebfd8863d04f5f1

SHA512
ad605293e03f55a462f662dae16609f7a5eb7a470f8e9573ceb17ebaba7629777b0f5ee2d6d212825c96e2a2d0bb4634d7a47bc811b4feea64998dad2302b6b0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
39d056eb61d74777b82ffff3a3ba9595

SHA1
8b1285776770c7ced4bfb5b4d9493f8946386f2d

SHA256
efa87a0608693e9df6e604de57efc60b7847ede3ce6ffa9896f13b1e8aadb83a

SHA512
ab555d3fa1c2d1c89f9f5a8af6541d734cc3f07a7f412528ba7ee809cf09d86a16222936d3eae532acb45e5aca6676db1336760fc2ecc798379faa9d076b9437

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
f22af43ebc05c9208014bd84a8f0f239

SHA1
3c93e480b34ab26265807d765076196f3cfd6391

SHA256
8ff536b262d0b50c811917bf38a99a57f450c039edfe46bb1126dda950182e25

SHA512
8b731481a3cdd52f6edbbea3897a8e7a47a4cc23e06f9a2cfb449ba59fd8c0192edfb15e967404728d9c0641713fa39057a3a03b68b32cac9bd31e5dd52bd23a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
b0e533f83110353c4ab0e1202588a189

SHA1
f1c726545c08f4b8aad00f175e12303b668f3308

SHA256
51cd9895eb06e0ca3c486119d502f1d7d17fb8c2ccaf436e896f1536470b015f

SHA512
bbcb9a72f4327c28e67aaaa1df4c76371a57e64c50b53ba560c5ff01c323a2e1271f712a713cf18ead9387a39b1d33f93303767c00bbd83185f61dfa2f45845b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8dc020be465227f1874a183f6e21a7ca

SHA1
66fc73ed1241efebf8db8993e27dfd1b42a189a6

SHA256
ff8347badd6f25eaf48423e109c5909e7f6eafb2d845043c682aa83fda763a7e

SHA512
e0ad23a0fd617dcbc5c46d1ecda393e89a30f31d6a62b63d3a5d04fef90b3473139ab57a37dd07d711c63283afa9f8356c69a5c3ee172ad011692e9f231655ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
85ab29d9b7887a837c02aad794fcf3e4

SHA1
3823e504d939b5539744a6ec212e3cbfacff7216

SHA256
9ccc776326366f6d10ead224b1b6738ea054d94e3b021ad0870b0bbb77f0c71c

SHA512
dc1b966ccd92a062455c2c61f600f6de76b684fbb31f84182674ab60ef2c4c5c55177cf0e674146a43a4d57ae29b5595df26ee2efbab9f8e59196cd724c00277

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
1b9820401a2f2f6ff13485d5e89c8080

SHA1
a6c3dd7b1d7b1665eb5687e1ba1a94cd147d407a

SHA256
a5e63eb8a9e3a0af5feec2ece638fb1311429ad5210f3c9c5f155545c228d0a2

SHA512
33af6f459af617a6a53781e2a97ea810e686b2c385ad0a59daac0aae5b3079807aafca8bbd4870321d326636ad33d65dd053dc1f8d09cca8f8d4dce326bdb6c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
e64e48c577ac71259d281650115956aa

SHA1
8767d2fbb16b6507e99aff8018de3d72137d636c

SHA256
8e5c23f6bcd38bb73e5a2c7143ceb8c602ce13a6ae43a58b45c3d38df29c7156

SHA512
61f7b9fe5be60d0a0eadacf1108574fcdec2a56defaaf73f4620bdc732de0ae48115754ebe28acdad3368afc72cb3e47367ea3fcec48a812be5e2e08606db1b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
9ebe4f48c91f33855a3fef6c55c12856

SHA1
64e9fa0e728fb7352205f787a64f6799c247da10

SHA256
06212acd9238e29e0e6611f6bf9598c91387ac441fc70cdbf4c25a99ff060c93

SHA512
de546c4c4b8625ed55c222b80526f257fb4fb2d4e4935ef6e62642482f0cfc29c31c44a7fa537968f2374e309e0530c78d57c5461ec3be0bb35d8adf3f305370

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
42c1e3d37f038f09f55dd34810ee0880

SHA1
af6afe957a97681c4d2360b961d7fd33489d090c

SHA256
06c56536ede2389ec9749de8ec8b6b6b1000685ab275dfcfd4536408dff7d214

SHA512
abe3bdb65ef9b943ecb18c888ce6c49fdc798123fbe9f783f68882330d369c3bd1c14e76e04394ef25bec254fe4def89b33ba43d6bd2ac5f3050016171ab7bcf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
4289546a52c0e1dc4e01119da2e7dcf8

SHA1
42611bbb44226e08dd617ea1fd21b59bfc47db31

SHA256
85e20585729211e5d4f0c723186220df3756b60af9653522e973223af639b3e0

SHA512
0d7c7dd658aa8bc66723ca0aa8cfb9d8bf95cd092ba4fd3a105b2fe8d6f7c57bde3fae5d5305e95ed72d27135c97eca234d86f40aa22dc965b424d582b091580

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
2b6f82912c656ed079a50597b835b1c2

SHA1
13fb7e56308099e8e603cd95fe2cdaf51739b31d

SHA256
89fec6eb84073804dcc74f64d8c9130f32d8fdd8d2ed58d3e0988adb5fa08ec4

SHA512
4c5b21c2a5d377c0c5df5ca2a326120aa8fe49086452e116164c09ad266202c58d7b20d3565cdd87be62855c9a30b69230ec39e1fdfe001adaea1c7815047e1a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
918c7cfad86e00813486b75e99211ff2

SHA1
96720d192d37cbbda7f07c320348b37d4503653e

SHA256
7b6e7b39145da3c837a07ca2681b9481412559b89f8f8bbceb29c2cb4fabffe6

SHA512
7c3edc054427bfb596403949d7a4382f14524ff4806c550475b8119fc7dab3b413ecc7d2843547ba65334af87feff2d1ec40c85e40caaf6e4fc8113d6e6d01c4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
2e959c085c444c79cce8430828e1bca0

SHA1
b27ec2d49ad15ea92d0757a99ead9aa5e22a02c4

SHA256
43d7438f6fc9965ae660e6f8b2c7808622b671f45a6281d861cbccb8cbdf0b73

SHA512
61423b73103e3155d948e2076b6caaa8c8c85a0900dc8881e2486786220b1a108c025706c3129490adfd79102c32120c77ec5593cb883377b419d8cc2a604625

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
9d9e223c3b2c9c0d18196c7ffcf617a6

SHA1
681617d20ff629e68b64d81b91e46f1484b7dd2f

SHA256
c0a6f28c00844403dd5d3b789b76f547689c5e6dfd86a31f8d11e3a1836b132d

SHA512
1ffc5e2afee1f432862e4ff55fc320ad1b865eb093a8e97e2a8c192fc00cb286f496ac40619cb7d38cf83d6fb3a4d705610802931502cd49c80afae77e209360

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
14528ce3fbd725d54d7fdaf5bd6608e3

SHA1
b13b12ca5fb8ecfee75ed86f27879dce9a796898

SHA256
dd949a36dfa85c444ca249f1a2cf2486ea4b5700bf611e5c54a2caf9f1921c9d

SHA512
5f9dd33b4e94672087d40c68f60054f5b9e0eebdbcb8ca36c6095880f99a314bfede1f2ffd8617158b73b8aa91fba4b2f2a77054ab1a3285cfa324d0fe20dc3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
f2b6f32689706a0b03c9f46d6d039054

SHA1
d4610fee9245cc98f7f9cef3c93bea395e352aa3

SHA256
1ac71469e44a716eddbe0450c9023a6252516e73e31a58fdb06fe7694af90cd4

SHA512
6353eb371401a8d0031d2e0e49ab3d70d094f007624c06799e7f989b7a79d59aff033b51aebef8dce03277ae5783c4cd0277cfee1e9b59004aac75b55bbc9ebd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
a03c919999ffcd2d2c2be450c5eaa622

SHA1
3d5a15a997fb8685f08676a4f748206d879854e9

SHA256
bb50e93b67a115f956da8e174efde49cac05b6394ceee4143fee5a13edaad76b

SHA512
99735a4ad62d8c8a0b54c6ca539f7b4bd3dbf69eddab38030e2198372b6078cb4799ca6c554c39c0de25ddc82b26ddf4aa8110f6b1d9488caebce8267b4960e0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
cb59a4e347aa869bf983eb2e1e223845

SHA1
f941f9399c04ca63d327de8852dfe8caa0dd5d91

SHA256
2b12310575b51c69ebd6dc48c18c72bdfb6870a1a0fd4676386389e1ed77580f

SHA512
dcb20d580780ec9d028388e87ac2b8a19f2db0f22cbc49de19313af05a653a3e1f143bd5f09b6587d6fbcd4a49944266409c372b7fbfe6cb7e523fa3ce21c4dd

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cf16bf48e1d5d7a5fceebc8cdeed8287

SHA1
fd67503d1f4ffc47ef3c85078468dd56f624175f

SHA256
d8f45cca26a491d90481d92bbbd7de2c69e59455794145571ff90ae74ee3830e

SHA512
ddfc5cca60ed760430fe81690c6d27e7f8486b143493660df92372d52d8fee383d964d557d5ad0aa633508fba5f4e491a1ff8a1fc396ecc53bcd16213dfd24c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
986ee3e1082ab5c081cd6b4126410837

SHA1
a6c73fa209f91b59de553dd6a592bb0b4792dcba

SHA256
daca5f9da08101fe9c8e76a1fab31c58559bddd77422b63b17c479a9d6b463dc

SHA512
3ef069aeb6131413635ab4282ec5fbcde78450fe000aa688ebd3cc7158dbf3cc4e3f731e46af0210226b528eec873e249e4da4757606e706db8c6c820ffd0001

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt.EnCiPhErEd

Filesize
77KB

MD5
41580d4406fdd425c9fc3a75233a6384

SHA1
3b83396880ba947e56873012883496fd6f1528df

SHA256
abac4b460548f772966d1470207ec4a81db6406659126fe6959b9c27da4802c4

SHA512
bc8bcd153be6c6925bb64bbf569f13473025d0262944114da070621f9d9c1cec5f9d4cfe69ae61d2db2d2cb351ad26b8f9f7b7570b5c86c37e58f3fba5a562c9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

Filesize
47KB

MD5
5d1a18b61636a5510502a30906254c25

SHA1
7347042c616a6d5265ac59408ca8c0426012a638

SHA256
6a5ecb2baf944e6a8bc0c34cafb10d86c19d698db8ecd0209207b20584f638ef

SHA512
f8cda6f29276b403ba95cd7365124113a4c17a3e741dedf65f839d6348feb99ad40f7675efd449a54a0310b035bc5ccce9a5591977481250de703bddfaf29668

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667421591788.txt.EnCiPhErEd

Filesize
53KB

MD5
8f4a52d73a23c0f220dcd1f5dbe7a669

SHA1
f14fc7fc51392f0b2622c8c253a614877508abb6

SHA256
ec17d6026686ca50c984ac6827cab9413a2e55d027418d01c5132ba5a308124b

SHA512
f0c642af4ad4a222c8590413111feb863d7144aea293581126eba16b00ac0ddedbaa9e7175b4702f4fe1eae3459ce1f77e8971d6d849f330c43bf5352d19cc07

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

Filesize
74KB

MD5
49e4070342e082a8838b91a1c7bfae42

SHA1
7c6dee732d5af51b5bf7825da7c58ab98b322db2

SHA256
913f8527ebd49777b0918ec3150a044df5fa5d28c4af23a30be99518e85efbd4

SHA512
025607d79b8114e156ae3eb4a914f7c8c85336e13527ea39323748e21e366b19613fea908193d306f792b38e46ec372cea844e7aa60607c248e859cd0e612b81

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
5a239934be0b675a14f92496403297d0

SHA1
7e838c3ef2e8300185d2ca89b045b2e214d0440d

SHA256
0f2dfe02ae24774994d8c6931f40b9451d2ec0a2c5c15a9c0a5d0d2b5126e45b

SHA512
84bee9c1533855ef19956551e8ce5bd64bbc924a459b40837ffafc01a6ece1dc0602519d10cf9c1aa69911bee229b40ec633ad5cfb28647e253f36c85f6fdfc8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
49a36c571b9e723199ec2b574db53580

SHA1
f59ff0d593b880287fc270a5ab7650cd38d15e62

SHA256
94aeca44073b4310b295c557d87170a1fe8729a4ed2c93220d038f29623b4d4a

SHA512
35c78136bf9cb0357be4887285d4f52b1a01c708a7591144242d9b2f15ccd566460edc1eb1b0d1cae31db2ae2ead3cef4d250aa583db6f7b4ef793ab6a086750

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
03a61a64f2bc20b9f02aa665a52909b1

SHA1
836214e7faee9239c4178e22d8214efa8bff059c

SHA256
a68490871acf88bd72a76921077254d7da4ffef8dec20f4026f4d77501360a42

SHA512
6506c03814f527e193e00d78968a15e7b9a03bcf4e63c5e7ade2f8f299e221e707b9ba8c29477747cb57a10b684ad31bdc8b727624841abbdcadeccc0cf973c5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d26ec30f97d58a3621a59651338ed134

SHA1
565956571ccbd5cdb49e32b1c144b002e0250975

SHA256
5100f44f01a1b61311c086f26e0d6e21dc4927052cd2862ef4a5637bf35df958

SHA512
d9862b3c5092d156627e4a8b2c25326412fd7952753bb95fa5ed7b6c89415991d108b2bb3a812fbc3a0c47d9d46825c3c8d31cf72a40fceb8e707180f22ee467

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
d139ea48f48fe64eabf895d2d518b557

SHA1
ee9ea1ca35178dc5936f0be0854b5d02748e7342

SHA256
dc5ecf20133ef576c710f27d1c4cdd6c1fd66c47b1db0a8d115d5be84246f2fb

SHA512
070fe9cf4af2b01213687186d13539184d79e4e48bbd2c6e8fb1139e7dee8bce221e1ee4963554091dbdba9445e3dac6b05ce98a64f634680c199d958caeb4f7

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
80413241871ba43398c68c3716b1bd44

SHA1
1049f8158b717d548b8635088a815489dec2e56c

SHA256
2e9f62bc389ccb8533286d159d0ace1775fdd597b4562a63300b69357c5b6590

SHA512
81a64bfe02d02652494e131b7bf77943cb04f0ee256c379de59719089ffa899d099dfadd547195365ef843a6b6c454adad4b214531236d1ab63c130f8ec959b8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg.EnCiPhErEd

Filesize
8KB

MD5
4c1bc3f61c2eba27447f07730491405b

SHA1
8265b3d0a5173853a014ee2def3f1db99228213b

SHA256
200e545dacf036c919fada9746ab45635e0389f8b8f3594f0f726bd1bb96e79f

SHA512
0968c2d5274e12c36f636a85b2ebfc30f79f207d174d0a64639621d481fa990962c27815b7b58d29905e3da3a76555d452c48710e94a794355ac058eeef57569

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
9a85dbed17a799fcd6e8661344c5baf3

SHA1
fba133a526218423ecb0de4cca500d1c88cf1cfb

SHA256
5c4513c7529104451ac3a9874ba60c3d03a59649cdde073a9e6ba044ca13cec0

SHA512
d02ea730f781ecd6adcd5441f9736b72c2d04ad7960e5dd3d41f7c1e358e197350186fb27c40a3a354506e4051ffeacefe135e2e91f6a1057c4071d60b27d04c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
b1ff1916b28fe3b5fce231bef22bbc5e

SHA1
34d382895812ef9805050ac5312d32f91b435fdc

SHA256
b71766c8af8555b22e7533622b75909cdce25c6717a5897ebba67cd857a6f556

SHA512
558608ff11a6c411cc6d9655072321308f418f4e0542a370ed10afbdb55e713eb5485c90bfc5b18711e62dfce77780e6bb749142c33cda97737b6a3fe06b504f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
c79fc3ba289df3c0d9a54ec2114e4bf5

SHA1
dcab6539b8a02c69a996c077563d4c6a407809c5

SHA256
5d481fc86328ce8c46e4adbb1d1187a8c4344673fe7443b18dd8f7123965d9f6

SHA512
e29730e9dcead9955d2e86a6774e4a6e436548c5349ebd25b5d3c6f01748b79c7c793ce6349161ce1828fb1bf2b207f58f85694678816fa2d948b5ab524fbce2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
3f0ea126d842b5f8481a276da6fc277e

SHA1
2b7a2e95afa83b2efdedf0f0b5adcaab09acd9c3

SHA256
7ff80b06ce325802f054e9b78301347d4b0681df0ec7dff479393580a32d1984

SHA512
516fb606ceea8fa596952d64858baba9f8383f3382b9f19f8e90f58abe1a9545047dd0549a16dff6ea73d0c0dbe7106f97f54cdaf0e68d7e8d6da51ce6b96cdb

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
7fe6627895be9384bc31e47d082fcadf

SHA1
2869bc8214a5991f3d653d9147c32b3ae924d5d4

SHA256
bdcf8449a87b58809f4ef22ab0244afb668ab2291ac107168b1b80c25abca77c

SHA512
515233ececbba6663db44ab9b0be5e055224c3ee07f7deefbca444003643e5c562135a328f3bc08911fe241703b4ac6bd0721ea2c03b68c96bcde48457b7e1d2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
b54aef8493e067839ddaa3bc5f066a9e

SHA1
7b0fca184ec3cbf76bd729a52bb00dd541868ec6

SHA256
bf32f8afbb884828ae4ea25dec1064e841714dfde59ea45425651eb3c2631d5e

SHA512
29ccae24d0bb16ae44b7eb570c2c0df41a8f423b2f404f3c8aca7b88e476249d7d5e515dd9724748fdfdbb311ced026753d35a7618cf927d2f190661d83d6d26

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
8186fdcefc514e5fe84c7138479bc0b3

SHA1
939900ebeee753dda0089ab8c88b34fa9d8eb69a

SHA256
a30693f5bffdc95c1f8ffab195b1a26e639226afd1706f837df4b0fc0adffc91

SHA512
b2feafdc21211e4d7718f20c891510ab177b93d8aec70b7fde25748b728f16b00a3f0461ca18fb7c08df763548a02c90b3b5158b015df4a0662b044f0c3741fd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2ae8ce56076dbdda11f6b7801e5241b5

SHA1
26fcd2c4353067eed8bc0ce67257bd99c9f69fc3

SHA256
d5790fe1719427a4d199b0e74e665b5299392b922e961ff340a0fe4ad3261518

SHA512
0b5232a237eb3ff78013e464b5259d4ef98398a2bd938af22801371e93767d1bf3ca605f19dee8549b64a8500eeeaeda65b40e497019ebb1a6631d201a2f0ae9

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
25ea9c6dc4348825bc8d36719301c559

SHA1
54bd19257a4d36ef1ecebe31f66a285e1716508d

SHA256
f3b647ee1a760b63f929119261076444a49d32265deb60624851f750f4e8b998

SHA512
73ad10dcafb55979d79c063ce4c07f286804162b04d009ba39c49c2dbb63d302ed72285fcc089605359621e35583193fb72c8ab89498ce63ad10f70c8809d672

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7dff36943564982ae11109358dc0d8f9

SHA1
dddb0c4d8bce152e9b1ae14e211f21775cbf63a7

SHA256
fbdf1e7f3d9682035caad4065aac676d7cbff22814c45fa63aa8db51226b92ed

SHA512
7e7b4a0037870f7bbe11d048584d12466508571a70b807f0e590285f2d8805174c0dce9ed0e52913d4fa5f5910434bd8618b957c5e74bcf6ded402a68de260e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
8ac58b74624f30d130f6e6896f412504

SHA1
84e7084570c679f59f93441e09c8720926bd8460

SHA256
1c49776d16edd7f418e329a4319d254d516c50de285c13a68123403baa33d589

SHA512
e6502a45ae66b2ae039a7d59119a270294e0fe16d8e6918a58c38d543fa9c1bf488a04d39a4f49ea6eafa2fe62b124c1fb9d689e474858c7ec68ad7037c46948

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
9bb8ad39e8f6ccc3a0fc9d925fee6d97

SHA1
d6c2813af9e12da4efb45ca9b297688bfc175e2c

SHA256
bba791e2f65ac087ca50cf750f2bee5d30e66e8cd6f1676f1b6de1229e3ac57a

SHA512
7aec765dc2346ae16a7cf1cdfb398f36a00fa710e1595ca895b9e1eae54d27fa51748ebcbb02fd3f101adab4bf1d33e534bcc5025d876052e0114359b6df947a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
54a728aec65eac5ae1512c74c06fc8d9

SHA1
34bafc4d1762aad838b4c1bdbe15a0e2284d4009

SHA256
c7b2bee4291de0071a7012178fc0594cee65771849bc9fca2a916b252f1c8c1e

SHA512
4d4cd53ea855e96cbc3e411c9a997b616b987f45f84c0e4938220d88ba471ca32214f0e745f0843ffd908c80afc94169c8b7fb3c8f2723a24ace86667c052ea1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
bb13b14e7f96163bdc250390d06c1234

SHA1
02a2dc28dfb87bfd230ab1cf1a824c3a45802ee3

SHA256
316ce167712944e08d721266f97b2412a791e1bc0e636c68870ccfc6d3dd29ea

SHA512
f1417b6c5b427722e3aac9ddb7efd6cd2a621768104485a35d2a9fc99ce4c40ca17c16eaedf71f78a78facd4c7e50015c347444d219adda3faed9c7eadaafaf2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
cf22cdb865ea0256b594b34368a5af03

SHA1
d350f9450a0395e85c8b29e354ff16d558c3beaf

SHA256
24e2156a58679fcbee0b330110722813c0af8686d3b0f08320deff6b0b60d140

SHA512
d720e828ab24ccc4dd4ff14132c97d53e0a9699a8503f66139015c061ad4d62030704ff83d8b4697bd03e407ec1f746633260b389b946cbbdc7621297504584f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
eaaca48e0267a57a432826c8cf61b0f0

SHA1
9caa4d56f2542791bf752241ee39aa57889e0b0d

SHA256
a4f92e8135a125c2c44a544160c4d116870e38e7377c2c363cb40f5e033fdc98

SHA512
c438fd7a4a8546b03174939ac57d0fef67c539eba65b58b99b745c7f39e98511d00488bdc2e051e2988f2e0f8d5ae1e38b8adc361ab71bdd288ae4014d197fed

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
da704df4d60a94b31284846b21cc04cf

SHA1
dfeaa32fa8f6c5e63cbc847328344632aa327a9a

SHA256
fc6b3529f4cc9c3c69a0ee9936e3ddd6fc3bba32d1f52d42b49f7dafc5fdd3ba

SHA512
f6b0583f84396136470a8b92a678cf7503f0220bfb6363ca68a43b448e4018b35fb110d2b1c6e2e8aeb1081aa44278e84cdd84a2f33d378297d5fcc46fe90589

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
92af37e027fe633c78a22ff67e3fe7b5

SHA1
562eb96e5e2d3d06ad6d84b4cc5a6001b954f98c

SHA256
58813537a1b3278dddee1e53e4fa02d3d456b31d0c1a45ccab24b050816ca889

SHA512
0b680a90e3888dacabfd2544ad18ca15d4a6a1e238678ffe4d609e80c608ea5e2f546ae2873863597879ea003241bbfe3e6dd282c9d01978d535e7db3cd75468

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
fa513cd47926c829cc91081faafaac14

SHA1
7528eed1981b6c35a303f9fe3dc46eda55f84b57

SHA256
46a640861937f734f6fcbbecb38ecd6229de729662b9da12aa9e915168598588

SHA512
dd59d7665379958d6362c2e07ae4e53618a43be3f375e46e4bb01b090103ab26e4546cebe833c55b2b586d51fbf7f567c5999f5f93f75c10f3d8a2125e030236

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
46a0d444bcfb44e277c047d07a3755d6

SHA1
e6f08b19d74ea895b5d9f7ff43959778f53bdbe1

SHA256
af139e617c15c625b40924571a8ac8ef44868e041dc35d0e90210d0e9303d1d5

SHA512
496a50eca5909e94d3026c14f28ea320dd50ba3b2e8eded89c73b335e7f2f9713650e32334df6956fce77432ea111e01016db56bce70aed0e190bd619f74fe1f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
b9ac8d51e0897504b93a1ef01b84bad4

SHA1
409f1823c984eca4a12509941d288ab04d6b47e6

SHA256
2497e969a7385fc19baa3908984b61275e30af9387baff8d689afa467fa457d1

SHA512
253f4a6726b6c60088963a21e03da4786a2dc890204a2ed745c6f896df536db4e4c440cb717477b71fb6cf8ee08f0d928536c5f497d0d4e2968580f20d417d5d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
43ab0a02733bd1f5ed0e7cae73cb8558

SHA1
d7c4e7eb7d0621a3fcc2212e7e15da557a91e756

SHA256
f7859d3d0850c19c359185ae4f9dc526efec2332079ee509f41f4daef5a55944

SHA512
9a13e0090fb52c64b80d14aff0b3583b3f6e57860fdf2b78a007f7532c9ea2c244875c77e95237e30890b400951b399f13e744e4b6a9d35564d37cfb3bd3b4ef

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
ea673caf0925013dadddd017f071f95c

SHA1
dbb97e48c9a4ee3debbfcd43cb8d01c000dfe0a5

SHA256
5a30c07e61b74cb39c55b59a2adcbcc90a040784185f0b7cbb4936d0d050493b

SHA512
a85911f5dc58c8f307c2be5cf3dad1ffb7a32ee22dead1be767c19323bb91532c94c9f5d16fe2b7ea4de980542b764ffe1a5a78dbc05954fd6d3e886c5b9910d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
827a71e2b8927f1ec90834d017a2329f

SHA1
21370b3fc51ce47e1de6098ff7b9b270d6a1a12d

SHA256
920067d5b91c378019b55dd308144317a9adcf91c2fb0a97575752b88e58099e

SHA512
6e936379e5dd0ff3b4cc8bac106c08f6190c54dfa7a9c71e14ab19a8c53cae877b8ece474f3d67331b3da35fc84dc964a00187b349af649aa1cb1632f2cfba87

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
4bb26ee566b821ddcbc6fe611440dbf0

SHA1
d32a64b7f29e4c2444a5cbd99b93ff9532c872eb

SHA256
cde1de74afc66aed97b5d55e2f45f278277999063550b38d43f2b41dce3cc904

SHA512
ad2976a47de14d8f82f7ff1f789f9d48a0acb954ad51a69b327ede3bacf6a793a036e5c9f4a793ea431173e79cdbbd46dd273010f44d49cdeace95b7ff354d17

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
5a18d5c517c05fe74a42aa1c9ce6fa2f

SHA1
bc65ca4acceb03579bc6b390dca5203485d9193b

SHA256
fa78dd9e94281fccdd820cd8693a53895b32c13ee56fe639495d5e8e0d75814c

SHA512
3e502f89e7477e438289cd9b198be8cd57b32b09eec5e0c010fb6a88505b38f1f6f9a6672d04a2f5ab3396c2f5eb6af2387af534a945052121828d2324a6be98

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
9abdb8609874945a0cae5d82a1af1223

SHA1
4e252039646cbfea8b44d90403f79c184a9c8c5f

SHA256
3ccd541369666ac12817bc304321ff3b9f1814822c538c6b351a750000a2bdfe

SHA512
e931b28152954ee155abd174c4d71918529a565b863c52fa1478793277ccfa2afb8d48b1376fc280eac5f581ec695d88b573a2c270813d6f5e37e358f094d847

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
f50daba0c8ed3a96f952d8ffd2c9c96f

SHA1
93f8c73595aaff35acc0888ae75358f6f3d57dd5

SHA256
7d2ba3683ecfe7653444dd8b31dfc4f77e5912d197a95a14e9923f97af601b5e

SHA512
d33398799ac22c1dc8190fb701964226439898c6d867aaf900180706a9d785f961835ea9756003e1be751d31ff510b834473d8893516e6c06a9163a140c4edd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
852efd86ddb24a38733f82c3ffc124ef

SHA1
c04b6e48588ca2d8ce18d34dea2754891fd7ced6

SHA256
117beb20a4d314248f4dabe8eb179eff80225f3716e30615fc18f44bc25a9e6e

SHA512
0fa508e9450e27c509da2312f5b256472f633f3456703eadc2af1c06d2e090b91eaca2292cda9ed5f175112afe2025cf95020427208544208b95f60c47382bc6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
3908873d053c14ef39d4d7c7f907c16a

SHA1
93bfcd16407b9b773a144d3f99e1b75b05e75aad

SHA256
3150b8809f4003985a27271eeca37b506f4f6b77e47f0a1b9524e6476119a0a6

SHA512
209655a2b0a8ee1b3d566dc22b83746bee5f7c64d4802aba62b161ba725820eda9391dd2274dff775abae27848c08521cad818c974ddcca5e9f0e7d21b17e926

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk.EnCiPhErEd

Filesize
334B

MD5
a5af63d1c25aaec49dabf508e9d8c4bc

SHA1
917349d77f293ac5e0cc5b5c2a693965cd1e1623

SHA256
fe91f0b919c9e1e325f46484a4ddc1052dbfd85d0d9f309f1ec9351a6da86d08

SHA512
1ea984f4af9b74dafbd9c965f4d229e2c078441c73379cfd8fda15531598fdc28216b275b5ee885872bd222a24e9659c7b74e2929e0dd380aa2ac3d1a8fd080f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
e95ad4bf2f78b8041e46676338c3517e

SHA1
1f8b84fe6ddd5f82050865283644d90821b2b57f

SHA256
c58ab461ecb1a474cacaef1b192ad7579274c194a4723a70948c757b59dadbd3

SHA512
83610510a42acfe5368dc9365e7760cc8e17d8b5750350d6c19e167c41921911b054ac36a3c2db244c4132655da435f8e87cfc68c422421af77cbd3ef8a5dd1c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
6017c89f9bbb3a6c851ad23d01128188

SHA1
ff09e3e1b8a4b71e4d53a154c85e0d523d98bcd2

SHA256
ac9ee8baed711caeb06d2c964cf309a4a3db956d9263a4a91c69f66c004b0431

SHA512
76bc46b445779d6e658298bcf2c3273cca24b15663741822fdc70f852658db4860c3091999ea628bc6ce36fa406065181461fb25386adfc4d84a7a4ce14863ba

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
7057a5908a9e510d54049fa4af7bdbed

SHA1
9f67f1b2d73f087676069b7495c2bf242dbdde93

SHA256
572f25404be6ab01319dbf06685300f60ce06f4365e20996d8d5437989b08976

SHA512
03a0aec554aa5eff6f8ef6d88667329759925d44f31a6ac8aa371b0c18fe5691276c962e4ac27623a0559e30003d49a2efbf64e086b8965bef190adb0d1df55a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
5e6918290ded49e33c9edd0bedec7aea

SHA1
f8b811aa8d734bf186669ebf078c0142d2119c4c

SHA256
a2a251a8c693f9418beadcef44ea8097239ee6abe9bfe804e96c2d6d33d86910

SHA512
88e2cfa550b42e2e7bbe9cb60cb209f60103e8b54768b0886a87cf64bed50e9dd7777872ca29f16fbd78b6b31ccfe27fccb9cdea80edb7abb4f041bd80b5aa15

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
3c961ccda3704c9682d70702344c780b

SHA1
b27b37b1ee2abf1bc7f8ce1dc113da9762ee44de

SHA256
d765d38d2f17c91962adf40625c3b045d52ec2479870d90f91851d06ded797f2

SHA512
a80ca236178eaeb761dcbc8cf104bee3075d028ac67ab2c0c54079f11e450a020fa9367965d2d501bf4173e5cbbb06306920c83b13eff735b4722398e5941bb1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
ffb5f0a1c878219d832f5648533bf86c

SHA1
b448510bc74407a88de5426e9bfda8cc8d1f7107

SHA256
769ce004e4183ee5694d1010a7f3843d5a458028c690e4e987075794c9d69f46

SHA512
b01b1e5e88b60ef070365b396a76fc1bdcd17aa8903286d9cfa8a1602564cdad70768c4421702029b7321995b03aea5745775c03b83bc289de856546c90b28fb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
d5c74e98b30e0b0232e375710d99d4b7

SHA1
3338ff5369397d5c509c63d39500c0443af5ceac

SHA256
94a8854c7336b8b66ab195389b8052c0f603ae6697542ccba1990ad6a6e1cb9c

SHA512
8a8ded1b5f71f2278977688d6e6fba01c013143dfcd38a4fa7951cd4c0a03be26f70b525e9625c6475f1c201449d8101800fb971b17fb90c9179ef73dcd9b607

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
597baf139ffdfa4e540bda2c766e0973

SHA1
3e8af5e5137a29776a7d2b422c4a51a18a4ab707

SHA256
770c21a137464ad95060a9512d787625fd747d8844139eadb389cc297713495b

SHA512
16812f0968456f3cbbb4a7aa07cdc066a25e4186a9487bb39eb09c46386b601e6af83f24328aae0241fe67c533e7662c09b3757c3598f932bf045ceeaf84cf28

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
dd6d0d5e04feb310fd9818e73167a5ac

SHA1
85e8d61743dbda7f9d32270d087e5d7cd662ea2c

SHA256
891f9d3bfada8e4b88a09a458db33d70a53005273a796f9777ee55d5cf778c94

SHA512
9186a42a128742de0971ac247bcdf864cfdd1d222399609fcf924d955b9ea5add10b042458c035e3f02d47fea8fd9649ac13270764d480cad845d4ff70f591b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
e08c4e075178bce2e68c379678934099

SHA1
1eae1710f05fbc60ecbf0ba57247dba19f22ccf2

SHA256
36f5c762521465c79dfcd3416d94269b7845795ebe0c36b3d212f13e16c7ce6e

SHA512
1449a553a50ed428da1d951aa271bfe97c919edbaab97feb0573785d7601f1980c99e82ea656cced6a17a646db151be02aa79f3161ceaf695c18ec0266c089ea

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
903a5b8e258bc66d4fbc8437c129e776

SHA1
ad152f8a5951b6b4470943c75904dc58a64e4486

SHA256
18da78d1c7bbb71d49fc648c388e4c644abae15c884a64ee7b5ee06033e6cfe6

SHA512
3116c1f9049f592962759ddd63b10a24a76f123710142e296d6ed5fa1dd442a8194757a94c0c03f679dbc9fba542a08569aec1a64eadf78a57cdcc0d0154725d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
11a22f5f9a6eb7674d4822b46cfc9c86

SHA1
bfbd2a96fa0ddee36251dee23d8b996c1b0a1145

SHA256
1203d1005f65840c7c5ede4e311618055936101f5089dbe43667a22319cc0ec6

SHA512
1da6ef06f601a32ab7510625cf25a810e4c7f3b8f67b0c286c9fa5ca11216f886a0621ada555938f0329d51d37ef3cf08da5561fbb7968a6e8ab7274d66a8e5b

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
edec1b191ac2ddd04c5ea761c6107007

SHA1
7965cbc85dbffacd04719c288e98370a7f6e9703

SHA256
52e1e320530477d0c5fe83d572e356e6a44ef0592ee29640a035dff310fc8d6d

SHA512
5da6e50c86672f6d74ad7bbbab00072f4d415be8f7b2a70fb315d17cfd189d55d56083f1a95d52e31da9954af0fd759fbe34aa589fcaa3c9e59c548ef79bdec3

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
d79795da5a9eaa2177d02ebfcced57cf

SHA1
04468897d1e314a80cf1a44db018cc35dde14dad

SHA256
5e725e3e9b292219cd2667b2b6fd8014d3627bbfb6f5e077f9ffd7715ad52a9f

SHA512
02af18821b03dd19bfdb027302c58edfa5e1d64bef8295ddf5bd3acceef228f8ed7dd9eeb565a01dd3c88dea64e27d444c9f23fc75bcf04748ccdba8ca35b2fc

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
26fbd96f3ec76a73923a5a4760592571

SHA1
e6c56f23d9bac5235d9e6a6725c0d5da626745c2

SHA256
0bce64450b0a09e08e7ca8e9125e0369facdba2a0cd80166c0c684e0ecfe9f54

SHA512
dcb4d7f2e9178083e8a7d0f5723d2edfded7d325e8282cf1ae9b7ffd5f21ce0c6ab5280881e16115f27477ee6f5d411f021d5d5b30777ff3670682e91da63acf

Download Submit
memory/1364-10746-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-10911-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-6372-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-11238-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-6368-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-11243-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1364-11244-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads