xorist | 63d887d8e0404ccc73aa5e77c21ab9379d779d8da1faf8debf4b8d34100ae9dc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Size

8KB
MD5

060e10b04227a593886c4cd0928a3bf2
SHA1

054f9db834e37459f10b83f56691a5d6e7f28334
SHA256

63d887d8e0404ccc73aa5e77c21ab9379d779d8da1faf8debf4b8d34100ae9dc
SHA512

dfaffc84c27b4cbfcd42e614a1f28088e3302b65212008aceea30c4f9803ae31f88a00d1b3de17e5b4f42bcbbe096f7a8eee4f431746b9751b999b6c161bd5e1
SSDEEP

192:Dzdrr1FG1WDCgmjPZpintNGXqpze5rXoUA:Dprr1gkDCgSan/GXqI5rXoB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/4412-6052-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-6050-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-9882-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-10840-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-11179-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-11180-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4412-11185-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Xorist family
xorist
Renames multiple (2183) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe"	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\audioendpoint.inf_amd64_4fc4a632c1490033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscontentscreener.inf_amd64_bd1517e25f3e419f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgen.inf_amd64_977aa23dfab87f15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnis3t.inf_amd64_9f214efed426c12a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdlsbuscbs.inf_amd64_0eb96a1741539c14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DirectAccessClientComponents\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidirkbd.inf_amd64_20ad4886826af1d2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_d5fc5f7282c9bafb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\es-ES\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_legacydriver.inf_amd64_c07aa9c633b5271e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtkr.inf_amd64_a8a4ecec7082e1aa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmlucnt.inf_amd64_f4769cb994ece833\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msgpiowin32.inf_amd64_46634fa071d1db0d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scsidev.inf_amd64_55176c1890d480fe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\Bthprops\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mcx.inf_amd64_fcbcc3807cbf63ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_swcomponent.inf_amd64_f378d70fa39d3577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpin.inf_amd64_be5d923b5e701b62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\MUI\0409\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas2i.inf_amd64_ed501deb0beeb5cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ArchiveResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmoto1.inf_amd64_5b5f11128afa2611\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uiccspb.inf_amd64_18454ae612999870\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\Speech\Engines\TTS\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\zh-CN\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl009.inf_amd64_3bab34655afeb7e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_1183fd0f13045f2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\SysWOW64\MailContactsCalendarSync\LiveDomainList.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\windowstrustedrtproxy.inf_amd64_db5be14d5e02560f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_gpio2_skl.inf_amd64_b68199ad84607c21\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgl002.inf_amd64_9076ffc34f080cc1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetSecurity\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4412-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-6052-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-6050-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-9882-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-10840-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-11179-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-11180-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4412-11185-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\en-us\2.jpg	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\Yelp7.scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_CatEye.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-60_altform-unplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es.gif	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-256_altform-unplated_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView.scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-100_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\core_icons_retina.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LAYERS\PREVIEW.GIF	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeWideTile.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-400.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-150.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-36.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\new_icons.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1258.TXT	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-200_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\AppPowerPoint32x32.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-200_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-150_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-20_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72_altform-unplated_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-100_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\OrientationControlMiddleCircle.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200_altform-lightunplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square150x150Logo.scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailSmallTile.scale-100.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-80.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\WideTile.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedWideTile.scale-100_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-80.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-100_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-36_altform-unplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\LibrarySquare150x150Logo.scale-200_contrast-white.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\core_icons.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubMedTile.scale-200_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-24.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreWideTile.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\6.jpg	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-32_altform-unplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web.resources\v4.0_4.0.0.0_fr_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.173_none_6486f23c2831aaf3\InputApp\InputApp\Assets\StoreLogo.scale-150.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-g..tallation.resources_31bf3856ad364e35_10.0.19041.1_it-it_ed1e91a4c0ad5ca9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..iprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_395425f164c5ea1d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..rkprofile.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_8d403f952842c714\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.173_none_44d0e01d8cc1c546\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..linetools.resources_31bf3856ad364e35_10.0.19041.906_en-us_723764f005113fa1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-t..honyinteractiveuser_31bf3856ad364e35_10.0.19041.264_none_a61d15efb6291d40\Answer.scale-150.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\WideLogo310x150.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_10.0.19041.1_de-de_8b1692ee6b5e9037\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\x86_netfx35linq-system.data.entity_31bf3856ad364e35_10.0.19041.1_none_8ce6a8cec293b8f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iorate.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_467a44050cfbffe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-30_altform-unplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-40_altform-unplated.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_oposdrv.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_a92e7ab35a946fc4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing.resources\v4.0_4.0.0.0_ja_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.19041.1_en-us_d314f4eb3925c8b5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.19041.546_none_476476bb5c3a0bbc\SquareTile44x44.scale-200.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..haringapi.resources_31bf3856ad364e35_10.0.19041.1_en-us_cebe9409ca0d09a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_windows-id-connecte..t-provider-wlidprov_31bf3856ad364e35_10.0.19041.746_none_27cfe93015f60c72\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\App_Data\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_wvkrnlintvsc.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_8549e610ab74fa2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-languagesdb-onecore_31bf3856ad364e35_10.0.19041.1_none_2b8dc1972c980dff\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-a..sourcepolicy-server_31bf3856ad364e35_10.0.19041.746_none_84327978dbc2e422\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..oldertool.resources_31bf3856ad364e35_10.0.19041.1_es-es_c90cc0cd39e23013\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dot3helperclass_31bf3856ad364e35_10.0.19041.746_none_5d14b8f5a54a1e81\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-lddmcore_31bf3856ad364e35_10.0.19041.207_none_89ee19e7423ac211\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.1_none_4a388618f6365227\NarratorUWPSquare44x44Logo.targetsize-60_altform-unplated_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-timeout.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_1bae586b38b795d6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-u..latform-facilitator_31bf3856ad364e35_10.0.19041.572_none_703d07b8bfd6f277\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devices-usb-winrt_31bf3856ad364e35_10.0.19041.264_none_514d35729ec87a07\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-gdi32full_31bf3856ad364e35_10.0.19041.1110_none_cab79e1fdc701903\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare44x44.targetsize-256_altform-unplated_contrast-black.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\RibbonToast.scale-125.png	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-m..replication-objects_31bf3856ad364e35_10.0.19041.746_none_688d2fc938c1c8ec\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-usercpl-usermgrbroker_31bf3856ad364e35_10.0.19041.746_none_fefa067e67e7af8b\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-fsrm-common_31bf3856ad364e35_10.0.19041.746_none_4b895af00741be77\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\diagnostics\system\IESecurity\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..epository.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8151c908b27951fb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-fde.resources_31bf3856ad364e35_10.0.19041.1_it-it_d12352816254f1b8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_35d67bec96605710\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\console.html	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ation-mof.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_af3debd6fda69e85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-thumbnailcache_31bf3856ad364e35_10.0.19041.1151_none_be3f45bf02b1899b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge.Dtc.resources\v4.0_4.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chsime-binaries_31bf3856ad364e35_10.0.19041.844_none_597d6f0d274c18c3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-dssetupcli_31bf3856ad364e35_10.0.19041.546_none_d7336849176fde95\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-management-api_31bf3856ad364e35_10.0.19041.746_none_38f75a4bf73a1c90\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershell.archive.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_5e7dd9332bb785f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_10.0.19041.1_none_518d40420c1de4a9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-advapi32res_31bf3856ad364e35_10.0.19041.1_none_a7eca47ac0021603\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..sableshellproxystub_31bf3856ad364e35_10.0.19041.1_none_70cd4f2a8ebfb774\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.19041.1_none_0e98e5367a9d834f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..ceservice.resources_31bf3856ad364e35_10.0.19041.1_es-es_5bc950d37711c076\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\Speech_OneCore\Engines\TTS\fr-FR\NUSData\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\msil_microsoft.powershell.security.resources_31bf3856ad364e35_1.0.0.0_it-it_53832158d332e121\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-msftedit.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b25e9f14e177c4f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\PhishSiteEdge.htm	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-internetmail_31bf3856ad364e35_10.0.19041.746_none_257e6b63fa13f476\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ecounters.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0a55aae933ed00c8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\msil_microsoft.web.manag..ftpclient.resources_31bf3856ad364e35_10.0.19041.1_es-es_3d78152e3cf4dd6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d2d_31bf3856ad364e35_10.0.19041.546_none_8fead816ef2105a4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.19041.746_none_48b2bd808a742e25\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe,0"	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "IPWVJIOIHLCVWET"	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\ = "CRYPTED!"	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Y7bUP6J6Vbfa945.exe"	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IPWVJIOIHLCVWET\shell\open\command	JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_060e10b04227a593886c4cd0928a3bf2.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
b8c37ae9df17b0d9eb11e8d6bcb1d14b

SHA1
28465b54df83585313bb6f6aba08d3ef5306ee08

SHA256
9626a3de89a11222836d00599767d9fe112ad57bf6734aab1d1b0788d1d37867

SHA512
6e42cdccd71c88d1920c4145f3c78025cb57cf66bb21aca22f903e06b984617b47bee68ef6c8f58e6789a3291bae20c4f19216a3f342013630be0225f20aa0e6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
2a342ddcbcbd04db6b0a8c5e2546f055

SHA1
db95d473645be00e45ce3e94b012a283f3ead558

SHA256
6e9e576997664b2d7a6fc06e1c4b01ad73f5eeae3c204927ef980f55f4774fb6

SHA512
e2c45e2e7acb8ac5dea985236be015cd67d6f7e6df6cfff5eac638a65e158fa5e81088d41d15bb377b6e6f8affb60213d6be09f73b8dcf66c1320d6c5c5dce7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
81a2186b6d72b335b3df57612b611b9b

SHA1
b3888451f6e98fc75067de41fbe815c4a4923e6e

SHA256
7851c773545e5b0f3113fa303e58392a4fd36406f5c6f1cae84cfdcd491e2c7a

SHA512
99549b423acc9a28782810897e91ffce3a138c17532975f75335287e210fb6623fcce0ba7dd659443875fbe7eae2daa528832b29982ea41ac3d0320a87652f0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
ea40b73502a55f01865d9bc1a00becc7

SHA1
dfaaa558400760c80fe0261c4139382e4a4df9e5

SHA256
069612f063a92a76e7bed58d81a463f18d4be3d326315cfba58c016d6fc6eec5

SHA512
07cd0cdb9e8ccddd54db06c53c7056246dd0853d55322428e5c67e875c2559133c54a89b7849b2cc87ff87c3b3b95eb1d48381255afe51ae6b4e78be3443cc94

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
417dd1c4202f27491d151c9a19669f15

SHA1
44ee3642e2177cce792b1dbac3e3f42a51fb450f

SHA256
18246dfe8add218790deafeb590b7e97b2e3fa5712f878feb90b533be52e118e

SHA512
a7596674fbbb119c8c1e7de0a496efce08a0010acfb740d3af1ac262c4bf96c037dcefc8a17d57915922e8a3936076c66aaf690406ae9e1c182251bbb8ca0758

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
91b3f597d2a30b24901b1ea921f44587

SHA1
4bcfef445c74760d04e6920113cd4f945e49d17c

SHA256
43a1eaec0c5a846aabaaac73376ca503450389a040d8c298202956f2b31ec783

SHA512
6f785ffe94683b72e0d040cf3d54b5dd02bc8068d6bf470cdc4af93bc3964e06f0153f7a42bd7d7ed683e726c49cc69ed5fc30e538ea91d3f04be26c7bc07b25

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
5db4fe0291701ee39a3f4d7f64d26de6

SHA1
7ff9ad50535e5171d4187cfa561a7421fe7edc5d

SHA256
8c62e0928e005fe0188511dd0ca9f4ef603ffd55b5c6735c146409d026b854a6

SHA512
ca58ba66c98ae44e104464d67f92544103e9fc1d7ae7eb3f23bead6093642b626cdad773750c0bca623b67324a819cf429786e474e021ee478e816389dfb4410

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
a93a72c4fb8fb9a43915f94e05d3ba5c

SHA1
c11a697e44f5cbc68e0970c69be67df4edf8361f

SHA256
3e63e8e90dd0ad2f6e9f1f336b7b8deaf6f8a7e56fe4a920d3d62551f9021731

SHA512
8932ed307ce26d06323268773b81fff71bb90ea5b34aec24f6ef2124ec3234ab48e2d20f60bd54c38c1eeca7944a6f7e6e68c25361e99c9b24fcaf0c429da4a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f4602057fdf597a937eceea066e076a3

SHA1
06fc6cb99ed183b695139a334818667046d81722

SHA256
387dcd5e4d2ebabd0a7c692f13fb46f481d06d70e7e15e9ce9682696d66c0e4a

SHA512
aa0f85f3feb021a216c7554e555b7a611ba665bf1a3f9d880fb961521183c3acd6210f148823fe47f858e6fb2ea79e7502b30d06b600568920052175d8ce9d73

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
65e9210f5547847513dfa7093bbee743

SHA1
387a28462fb10fae62274943f59d3c1727082571

SHA256
51d5255a46d94005104278f3240e8b9a04616865b14047b311d52e8c6c59c925

SHA512
9ca67a2a0de1345faa615c3c1752dbd125e1bd197ca0b0475a7de1874f68114c31a6c39d1821d287943e22f25fb9387efc484857e3f223aca7f2796466891b18

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
447e1715fd116d0601f29f8d3cac7310

SHA1
c955171d274fd3bec14462c50903b46f2cc39f47

SHA256
8235edc20d97c957eeb2078d7b046e6f0cebd672e83a94ed27b1194ba3127ae6

SHA512
8e9fde75382ad87102a6ac47ff2efbdb295973221b4f65424f81e1fa8c1a810d3c7ee56bdf9b96253f5075d3bdecda8e711fd3eec640a740e0e3cc4db821112a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
083a2e1fac8d651745616830371c3ef2

SHA1
b3818381cd3a8c7ba1e5ad14712c1c9d931c973a

SHA256
bdd436a7ba7fd01a181d598ff1c31b56e12eaeac1936b39e43828c2dba1dfef6

SHA512
49d6cdef4a2ac7c70207c8012a99d025004cc90921126135160d9f19ebdf55a8c63a3332e12abcd27b6b18084e5344f0cd848286b7f02eca6d92334bd5898c01

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
f27c370ee8b608fc851f5d83486e77c8

SHA1
02696ef592e4904f9db2d2df62b4a7adcfc739f0

SHA256
c34f6079e17e57bfcc7faa59464a70af45865a6bf0e0bb446b982051d36b5a93

SHA512
68ad11131fc9b2680556f5791fd657e7d1d91936c7dfa6ac553a0a657d338ccda8e339896ff27803eb62ea2f948e34a400b2b73254bb3e136de0c061df6297c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
e5cf3a9e3c77f49a6fbba9d3e4a87048

SHA1
fb8934586cd456d99c3155ebea3209bd5be83b5f

SHA256
aa1639965fa7c8fecfc416af94ef72e57c3c631262cd8ee2e1616a02ef2bcda4

SHA512
d2320cb61be57b329f7c2f2f479e42570e583cf790fae90a8520f2343075c5bc251cdf7be99c883446b385d0714ef0a855336df7f10b7f3f719ba4adb31919ea

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
5bbaa8711afcffed9fa835b2d9835e70

SHA1
391a676afb97d7ec13bbd07750dcd9c79f1bb057

SHA256
74ea174fb0bd048db3b38227414f077ce9648b93b26ca92d8a1f544e141fee35

SHA512
66d5624a54484236327f13950c8203a6db2e8253cd290851258f9ca0fd1b39468a2113cb1648d895d6c19581f6d866d2825e8546a49ea996098c1e42887bb9a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
3bf17f292464c97e7ac49b0f73315edb

SHA1
e68956dcd689ae3d2459ecd39ef14e5701f210e4

SHA256
b5994daccd577b6ac3eb1eba66e1e17d4c7ff571367a1b0d12fea1178e685b16

SHA512
95107f1306d6c0ab4b35eabd704112ab104a60a569c33e4dbc8710a6ffc8308ff1b9f0cdbd984f455849f2923ddcdb0328cd6fb530781af0bd92ca83234d3f98

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
c08707ad2eed883dc25f7a77dd62a6d0

SHA1
038564ff8dfe3a9f2258c158f9b8b219cbfdef89

SHA256
e668fe309df01716efd98e11bddf442427327b63165106f39b44e7dc72634176

SHA512
e644ccc57100f5f987e6b7b2dc3f4fbb34e4eefaf38d730d37e70f6be3661a8b17058a6fb6c8c5a6836aa73d5420fbf185ae84406929a7151c95022195505ed2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
371756ab3f3994cf8b77bb62aee85838

SHA1
bb48e2097a94d8bfbf6c111562729834773db78c

SHA256
351cd6f86e976f4b751e26c74b276211deae14e2dc0c381cc2802551087f84b1

SHA512
9cc9c74c584dfb343d1e597dc67f74961553344ad308cd218c66b28979a1a0d6874aa771a11ab1945f56a8069049215f2052b6061ea4c2a2edda0c2bf6788ce4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
ff402c0e8468d73c4f4a39a659c31d8f

SHA1
c012a3059b3bb9f330b7ef3d68897868c5e1906a

SHA256
2e3e3c55b02d9d19df00a853fc7b8bf99e26c8902977c40498693543875f376b

SHA512
2aaabb87aff2bdf3477cf80d3d43633c5dec6d9b8d3000d41cef2ddf2bdbf68cb0e312aa8ad0753fd274e62aa50c32373a378b33d9725f780a980d499243b0bd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
8aa834a46301e48f6ce9dd2d1bfdfc17

SHA1
857536be2729db340078cec5b83658992ae4808f

SHA256
b9d22ca5aaed53bb90f650565e3cdfb2cf59d9699e667bf5303cd417e27dc389

SHA512
2258c427b8a962b9741505c3a06272864af9afe7bbe8f290d4ee88e3030ad318ed5fb94b1f2936bc8445bd184801da64cddc6c6f93dddb92d24acc089b68648f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
49b29e7a501f96928d5659ab4438faaf

SHA1
780193feb573b19c45af4666dd59a8cf10161fa0

SHA256
1e4d2737b506f28d69935b3861ebf6f8f73c5df115f76a026feef031b1dd6345

SHA512
c517033bbdd5adec15a6764057c8bc5df4273fc9340cccf1566f5075a20cb330663cb23502f204e57ad6ef89ec5a9e7936d44b8ebe6f7289b328424f28d6c5d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
e9a3e31f6362c27c7c84eece0998cace

SHA1
a42bceb21dadfe34ea6752eb2eafb34b05b9a87e

SHA256
236c54fac5a5ff8ce6a79fb1310c3e2eaab8b2fb0a11586fd95918c7949fecd3

SHA512
133a9cc3f999301323547e6ca4b29e478cfe807b389df4cd2daf87503b11955641d5153d0b789f60b49ba83e54eb92290f0599bde48ad5f6bb9f2d8b0947d9da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
db5b15ffc47a6c093636fb25b7f98925

SHA1
adc8ad1077814df51f08f17923ad843249b51481

SHA256
fcd5f4ba3b850f8d6a5417c69b705605997151df849226d0fc06e725e5fa7b29

SHA512
6f98f3af0cebb8b2a37580b07942e70518499434cf3aa4830a6d868b21932f9038cc773724e039a4afa24e79bc2f7d9f7b998becef91d87d4d5fbc43846c7cb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png.EnCiPhErEd

Filesize
2KB

MD5
e13190fd18ecf879436c286dcdd43374

SHA1
1b37d71388311157777a2cdd8f33762335d9848f

SHA256
238929a68af9acc529acb58e8657e96a3fd04228abe1e048591851cf7bf6f4f9

SHA512
5822826f81e30b81ab1e8183e10eb0dd3864aa2421ebbecce22c3cbc0f0455f0286f3bcc3d15555157eb51122d14bd60f76fdf5ce57124e720bdab997b0b8645

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c542083f2848fb09262d5ddf707aa5e6

SHA1
7afd832e8569d77dd45da13b59398a09172786ce

SHA256
e2d085c2c0dcd58882d6bba882abf92ac40745ba20cd53149524e4c584e2ae09

SHA512
41790f5d16b09653b1bd99c8b5bfa0fbcce16784f7d5a017d5b31e7b26fab2c77b40bb66f0635d77fe9c8059d4d23d06f14ea025781a90cdbafbf109fdd28494

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
f1f192871acb1dee9bbf76a39794db01

SHA1
16f3d1e9e2018acabd908c188c8feb91255702cd

SHA256
9bead5c56dd8ad976a6bf1acf34cf6b0e7739b1182d47c10ce30791535202f33

SHA512
76b232582c79d254be396a3938331075842b8a351b8deb9d247968bb31e40df72d9dbc3244721be3888e6d09005bc85938b846b9f3e0380f44e3d2a17e22b047

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
f59a4e42c5fcb51976d9b0f2ec8de052

SHA1
a4b139a6c884afcf2f24fe15ed4b5da031ab43fb

SHA256
3c4124cb1f7916b27357482cc835375de42015917a18599976beb7281a469a78

SHA512
eaaedce309705b9d40a036e1fa7df82078ed67a1064d88b086d2cb399b4674ebfc4bc7ae6793c3ce739251228d171baca4056562116c951f429427beab548aaf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
c1d1b7918da31cc8c05c708c2c1a544e

SHA1
da346de66c0c1e334b6beedc3cd33c21471dc8fb

SHA256
bfe0e5e15ff741fbdeb512920e082f4b2054d114a0baa0acafa972b70932e6e0

SHA512
a4a1d1e56d008b6f1c158a47f7ec9808380fa2178307d0689147dfd274965d9cfd20e38b8d7f76755e0f98fc8fc5e1acbbb2f0cf8af0ba53780058491584a11e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
34371d8c08a494c3a5bf3522d443a091

SHA1
c72cb4301bb614b8f995127e5b04b869e654dadb

SHA256
9dbc5eaa1fff5dc9031b67f1a61f0ad99ef8cc9a0f78e382e59cc589fa452df9

SHA512
1d29516f171b45801c9dac7339a180f6c37327cc6cfe1cbe022b0937e0f607ba84430ff17191104126639157cb9ece54f7087f21dbac7fce58c3e6acd5711dd3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
7e4131064731e112e2900106223d7a8b

SHA1
086b0495ca6e5dd7c66d98c9090fd5546e0c8516

SHA256
cfd8179c26fef01a9ee868fa312f01e2965fadcd62cca3a48977ba9792f57182

SHA512
d97da32370912858ccf90ccf381c55a795ef377dbbd847ff49577b980b02c0f4de9d2c36340672fe4f82889ba3b298fafb6e49a026570c5e77b3386238660fe6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
f7ce86df94f10319d3b39d7638b4ae06

SHA1
c5d155ed29b5283bb2137573f9e3d1a5ba619e9a

SHA256
0a5d88d6c708373f4efdd332f9677abe1f2cc02bf54b81fea244578c159dccff

SHA512
47631bfe8176ccfcfd7de1d6fbb1a27b16994502890a2ec16337f88724b939fefb7ee7eff0c8b52de5c76151a92861286c6f2e027d10102d49fa2ed44bd48d0d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
50c952c0c74bc6e2dbb9b0ad0cf2fba3

SHA1
89a287f32c783d45b5fed3875f5b273a6fcf4305

SHA256
319e05ff360076d47e081c8d23df34609743abfc475432ad73d7570b3a9339b3

SHA512
d7affa75868a6b7cb89d035ad6354e0e26cea25ba01b99cc7d6a34a4ccd69fe736439846d7e6673c298027928f8860d9633913e6d57d76f4f67256db09e6ddc3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
6237a0f3c90aaebb63c12b2e6f912ade

SHA1
e9b6baa68d8798625e7fb9526b6f3b727ab07c0e

SHA256
53483e0cabca73f37c4eec28f9a29b81d1a098ffabda909d078bcc9749ebdbfa

SHA512
858c60b25f9ee3ee8d57c75a5f805a1ad548820509e820fa46316bd1fa501dcba878c9761f8e17238ec8ca263d87302665d5e92b64522bcc82c0f0529f4b503d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
fe7bc433f72dccc8da2899b11ff88a91

SHA1
344cd66fed07e1e6da6b03787cbe09958d6fc657

SHA256
9067a63109664574b969a5446d7831ad78c72d605791413a5888c3ee0e6496f4

SHA512
6e6197f74b3c73be12563e98eec27017a893268d705b194aad753528d190cc160a943f79139b9083f21ea3f1181cf750ee2c4353bf632f2d1ae56e9c3f7ddff8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
5a34580ab316a63ea92587ef9bf7ab98

SHA1
6e4b3cd49c31e1893dad0e723515fc634b76eda8

SHA256
929a9ee27c3665100be6557fa6b85574477bcdef49d66ccaa6abb0f3b3f658e4

SHA512
181c7ef525aee923d1da8baafa7033a86b3f083b088e3f6e996398e6a978b38e9f38502fbab1ce6cff9006778dfad785e2d1b79b5f5e1f8d123b315305e50ab0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
76067dfa7576f75e124c52b22e7c26fa

SHA1
1ba164b21f478299bc27fdcbd2cf9267de609ab6

SHA256
ae2c664af3f0af23115b0efba1f2101660306af957456e3bd99cd20b51c15d4c

SHA512
3d00fa296a433016b62dc5bd5f6f010afe7a1847da2c9f8467211e797bab31a5c926776f3154d3daecc7f8eb50cba28c4f286e9bc632c1f9a5974e031dd294ac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
f339a6e54030d966f76b0c078b003cf3

SHA1
856126839c7748a96102ad6f34c2e5befaee1d7a

SHA256
67b763e6ea3e61ed5a49d8351a5b2b54fa45729b0e527ea6293ad1ba50ee5f3f

SHA512
5cfae09af8dec0811704736a0575ca0deec4de51aa1c3e3f3a10ecf2e7495c3b63e445e3cccbe327d92319ae37ff8493e70ddf7153642f8e3fe6eee7331c1b72

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
217ad183503533f36f79759a3348da4c

SHA1
a352f4fb23915e9a926d32a9e0adcec66e2c8759

SHA256
d873afe5adbc45788a5fddd1e87d94368d9590a510af328b951ffa18bf60f943

SHA512
ae029937b5280fdbd89d1230e0ab38a591b78f104cc2333ce12d79a4835c68bb6d8e6f592d001d917d935f53cc216a47ca3e4f34761966a792ac7e92c727e7de

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
20128b48c80b7fb904ef375645c19ef0

SHA1
4af7ed6a6537f3cc8d8dd728e07c08b66f57b983

SHA256
c944e323c410b56b1289bb69bc5e579632dc34ec2d40f73f10cdcdb19a5fbca8

SHA512
b7cbee89b87e64fc48cb3494c42133878eeab3d3fbfb1d02004f07119b5cf2bf517a57ee2f4d0d0a547f79a3972b8401c430523801af6e8d6a78cb70c420730b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
deb781311b3e71ba92e75ec1f36378b7

SHA1
49784a5fabb9fc1137e89bda7f66b6472064a1bd

SHA256
b377f78f1e815483ff136b157a3ac7a0b9c0ef9d7685267d81a605c60ec9e281

SHA512
ddca20f204557467be9f7ba442bc3141f6ada9d1e5dd0bf00c1028f76f30492a9ed7accd44a6c9add8e834c1e3ce4dabb8a5d41c331e54aba44d127fc1b7639d

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
8ff346dc8b181dd38d7e07336d470695

SHA1
c85a4ae01763d01371bd127a3ce249707c4fb6a1

SHA256
2ea382bd5c15bd799771acaf13143ef6e5f92f76c01b8b97eab02e617b6845a3

SHA512
598139b5861016a025d89803045b0c6dc195b2374f0607bfeb50bd2b31b0fd95afd930b5e42f1e58132be75ca090849ad424b4a1c445225faff91691a71e1025

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
2c17493740a1c65351b91f90098e186a

SHA1
3d07b5fe0b70d10ffc54f5cd4d08eaecf98d91ee

SHA256
6b4ca99f19f3d5089170356c2a720d546707bf64ea9355c8679d43b2a78a3c2f

SHA512
d43bc1961ec18bad33305d1e58351e80bf8203b25a38a6330849fa306cb9b973e8b278d1f7bd3d2d82752dda14466e89e2cfdabf3234b0b8a653b4a05868a809

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
22e55d3abc8163c05a270c9de5ef4920

SHA1
1e4696c4b91d07f63ce64e66132dbc0451e5827c

SHA256
0029a8fb6ad0e6466f9a73a9f8cd033908771ad78f292333b837d0018864b72d

SHA512
db2eb7035ecde071c87830d6235936bb7d88eeb9b98b3f6a8783c81332c0bfab04fc461ab9d1bb26e395efc927fad74b8351a9a95d159bcaefd6eac098359da8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
97c8c7585462ecf8ee93d073309471e1

SHA1
f6462bfe645e9faf71ea19e8d08dd576049b45cb

SHA256
549915e603bd079cc611c5013f1fc6c7f685bd22fcced199263fe3e09e6ce507

SHA512
39172383c0ed451a3df17ccdb7433810c33c4267fca1c49cdbfdbcd366a4604a448d33824b22d38ae00485a5c70220b86afe46f2c85a8288317a9a340e7609b7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
f29e43a8e3571fb2f176fed6f30f4764

SHA1
d45f0e7d126fcda244135fc5ee537d3ba646b550

SHA256
3b194c3d92b21b5a9853082fa8e952556571065f411b95628d9e2aa30cabe203

SHA512
225d1d230d67321186dcd6c1c5e4751aa71eac36015f975c8baabe85c3df02413a25c988c4bfc3d15308b8426318c0346e826bdfdcaf6e2b540b03635e9e0c4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
c4b99f740e70a5f80711dd508a5a6ed5

SHA1
ac568b86601248275d5a7b59f36830858d34e9dc

SHA256
1a9b57a392be98bfec7de79dc92f8fbdfe749bf23b4cd2aa80b214c12187a294

SHA512
d1a25455a07f815704f5ba7da9421095aa524c5ff51de3cf7bd4a877bc44ccb57b20faa73ce493e9943a28808d4e7a74056984788794943b93f302d8dc002d69

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
d8cbf42a59e28dc004ff30616da0c22c

SHA1
71981bf32dce9bbdf3772a7133f76defbe2dbac7

SHA256
87cccc1145290262895f9968278f9d63002b1ae7836142b6d3e94ca62f7491b5

SHA512
247ec1d9575c0cba5fb993dc7353771802c34328b9b5b2783cfe44579f887fe548d4798ca1568275d839ed5f0c9057677fbbf90648c85cd04282bf6a39765332

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
17adf36b5fc913def9661e1711822dea

SHA1
77204832b8879ea66c27941b1ee0ccda49eb6c1e

SHA256
41c3e107af2f64ca44ce08afd9d88fa37a99abec772f6fe3f6a450ff0dc54222

SHA512
8d4df473ff6d03c17c9276d0cdfbf38fa872bde5ae7723dba8c29df4ae1c78d4327c3021e53026312d60c337c065f374408d9a23008cf4c0eddaf8fe1dc6ebde

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
22d76240d5fdd7fe92505d54ddee1058

SHA1
2071f9275a0fda64626bb48acdadc1e1efbd46d8

SHA256
17caf0f01723891b6cec1124dd70502015511f82f57d9b03ee536b7216813267

SHA512
74dfb1f30ad71052004ab470afd94c1c55d0cfee500088bb8e28bb24ccb61a1b5919a8ae864854d28cb4a8d6a8e7e6914a7e472033606cc4bea247a60b1522ea

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
ff13f738d049409881501393728031da

SHA1
1661b872c5a1b4691a4ab415d2ca11088b6ece7f

SHA256
7f329bda4a3dc83c49ddc999e614992e8b5fe7f8c5da41923c833c3c0bbb93df

SHA512
7883e3759cde8bfe1b46d968c2fecce3391d6938613f01752846f8993bba9453ed54bfcdbd244ab412794ba2d3ec624a0b2b17aeb854e051925d6455db009bb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
deb9981264634f0c4d5974c448eea69e

SHA1
f677829a045ff03d94a4a5a7f734824de2c5b818

SHA256
84ec0ac80e1068d29e6c2094427945c10a68ba8c4666ab7f94e61888f2b9d4c3

SHA512
485ebf693bdb58b252174cecc6a77f9237d6ad07204f3a15c4e0ba3e37011b44eebff4d56711ecc04ee425bebb799cd637689dc1d7c7ee7c8d6153f1f06b47cb

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
de8899c87b3007db4bc884c7026d825f

SHA1
cb82a77635dc5a572d8dca8940a98637cd1b1323

SHA256
b7f3adf5cc0db2a42388a4c52bcd6936c72ae1abb20b20de7f0790d0dff461e6

SHA512
59c53f2fab483cd94dc01fa3657801dc5a7526f2b607e61123a0ceb8e6c45407fa79a1df1bc205a1d7ab0b1607c6616e3ad9237966d8c817296719591f8cb61c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
eb4af32a0df753a945015cc9d660d551

SHA1
147322943e0a8e6ecea570f767291bc2f669aa90

SHA256
55a9287aa511733111bcf6f45e991c8980f09eb0d0137efe2861d9e0ffc3962c

SHA512
5e0611698788e95e4d2b71fea7bf68ef4e495808b543b4c25e8392985a012ad47e7fa879948af65de84897c95651f33c15c4da59ca079166aded061fbc096c90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
10d506454fa1f5be8b011bacf4624d1c

SHA1
f318b72784eb1d83b0ee611b116e86d8ed486970

SHA256
efe82589216b17f034ad574ecb79ce08e1f66fce9f8b36b789a33eed21b3e934

SHA512
eb4dd36e37b24b84657435efcf7bd9c0e920ccf181b03a2c79db39e3ef31e8a26673a724f7ce8292421c6589c9640870936851ea383daec177843c936d75fa72

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
8643abdc357d2260e6c4dec73a7c59c3

SHA1
0ba39f36a99bcbac04563958a3cebfee71f191d1

SHA256
bb3376677664c51a693cb0935179fb60fe50ba3f358f11e0e31237cb2d6dc7c0

SHA512
2398ae42a1e7373b4d6a0bc15dd427364f309428b1b25b05edd64f5af0850883211396ff485e621807c7e8950859b3da4e28b19e94fcbb800f4d81cdfea54e58

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
f196dfd4ba9388243ed707581532894e

SHA1
8b939bfb278671dcb9268ddea4b3e0df22cd32b3

SHA256
1afdd2681a4a3b2ce9a0923162cc2655425d289026d5c48dc9b4d8f35bc67444

SHA512
06c21ab246a77348042086556058dc9b8d37af0f8370a90323d10c4354941d1c584dfbd014086e40e11889e147f7b21d90819df4a873c80073ba2b0878f10cc2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
da7724f28f319dcbda3d1cdf3b3a3051

SHA1
0586a9e3fce921c285f8686a936fe3cd6d1c4053

SHA256
ee4935128fe4a89305424f5a3a0717de227e7b56bdce0fe0d8f45ddd83a34108

SHA512
3e7aa0d3940f53016c859fdc627a3f4fca823967895ec72beceaf822d8bd97b91173771f824952d1c9f800d71b251bfb89a768627e62bfa6cf48990e085c0d42

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
7d46797d2aa9029b2c158198f29d104e

SHA1
aea22f45419906120bbc339586c1af10f170922e

SHA256
227f3566b3f4a1a1df3142b9dce9b927e4402b0693d3dc845398286d6baf8213

SHA512
3692cd17c3e93688ff8c1393023ba614229fab4da4cb912cde84dbf2d6bc6c6fb603c16c7c9401e403a7564ef13af84d829a4b412971062edb3d4ed5e2b827d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
b9de533cdbf392653ed08f93a9f522e8

SHA1
4fa97ac954a33e4ee00ac2a9ea3f9f580ee73ec4

SHA256
2180dd04ae273af2e6cf82201945bbd8dd97e38f1f3f331f7a50991ed92f0a25

SHA512
551c6077353799615b558581f4649d8b7d3481acd4ac26c43e38f018c98215d51ff1c2ae266ceec3ff594ab58d12cc95249a2763e9864e6c66f643b5dfde474d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
2046065ba9a85af82c4ee383e4921cb0

SHA1
4261f23b13f399c251b978d84e4d294d7d04368b

SHA256
f099849e40dcba5fbf97d145769696b6908d4b2483b1113c26f310ba198082bd

SHA512
8240490783953a809e630dbbc7d7a515d5e74e2a144777a73348c894621d2caa6015be9b679e3c8dd6c0adca515a39b8aa71317145df2eb3345e54026af5e79a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
159fb825c09da28e392231cf6e5b1857

SHA1
08f0e920d8eb40271f3299440182d8813e8ef7c2

SHA256
7a164f3b675489f353e2db44e6f08e759edc2e524abfffcffa09f0d9982fef04

SHA512
bcf900293a8880781ce1912ae4f4bf978f1a35bd5b2f13834ef2bb554cd884a21565a345bd3f17e0e12949690290e56537f7020beec64a4bba016f7fc68b019a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
57f47d4ee93f7570013d651f2304007b

SHA1
64465d1230ecd8175e77e50ed8035e71933c19c4

SHA256
3b2a4164de9aa183e31f454f4d61cef305428da584db8228ddfb8249cbdb4fa9

SHA512
52aec6e7c5462f6def35f96eb47b8f3655a9cc550a336d3a36c5710a46175d0c2695009de66cd563428c4d29acb11d2af95eca632305212788cc46cbe16cd19c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
b3b77027a5df3661c19ada6b3fd7596e

SHA1
2b0a85832d05e209f9fa3b465f57bf1c56978506

SHA256
1947fe710b773793547d90f37737bf2f73d5df377b54d9415d9e58ff517aef68

SHA512
b565803f59850c7dad634ad308c66e5a59cedbe45ad92e660fd5678f10fd9cd0aff7a726e0d7f99c6afc43033d1a6c3234bc5e53b52bb99f72a3f84731b20247

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
8bec27eacc65f4c213019618553758f5

SHA1
b67e7499b54192eb59b1db2dd93bf7d15d4c4eca

SHA256
da29a9dce25245edd9cbddf83676eaa55769c27f57f972e9bbe11bc8f8d14167

SHA512
4be3bcc57e505b36652f87fc7052b033e322c32469d20098de03ecb180529a2e818aaf1f100f992335094e88b13561f7ae641c5bd273f0d6c9842137f59a8516

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5c898cbfeaca4953a7fb89dbdb290f05

SHA1
d179c980f8e1713a6d531ecbdc88386e039ef80d

SHA256
2621421e0a9ec8d90dc3c961cd22ba89f86cfa6aee90eb727a777291ac67fd83

SHA512
12f1ef292137ea5873e5e3c709f3739afb165a777d90e06f0d69b5d7bf5474a5879b16f10724b7b98432127597897c13268974331c59f5b59aff0cc58aa4649e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
2eb59c4c8ab5998a54bfaf391b37eac3

SHA1
c4ad705ce9195b415707a6577567ba37533c2da8

SHA256
38a36e60e86f59018c9c1f28cb1d8e99a464171b15c5e6860b8d79c8d926e038

SHA512
1359717151d3f1800eda5c705fc6ab07b5607e8a7bed750510c8ce060817a76e42f47eff256671ca7c8ffc00dd9900f2b5117d4be17b6305e5a0e46002379716

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
22450c814f4b326a21eff7fb363a1d4d

SHA1
3e1af71cebb74090b32cfcbf68ea5a4b49b0f8d1

SHA256
3fcd5620b50326952691c5956320cddd2cf33cc78c8002478773644c1488759f

SHA512
e3eba881596f24be1b06199534d74bc010960a26fdad83177079079111586e543dbfef05b7af02ecc78d6410bde58d7c892ba90744a63295eb0a43b8781e1043

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
1c0f77086dbf273e07dd4eb88309747b

SHA1
af7dd361ecbf8ea17b39ac33a248454aae8a2cce

SHA256
75ab002c7c10b8591743df97d89240117bf2313e5d69cb0adefd9524c46557a2

SHA512
798b8468e61f798a05f456423b138441f3fc885f5270c29c04015ad3f31aefce5a0aadc1de3bdde8a2cb1799fee0059678e2e736afadd1eaa9b117a4296b897f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
f6c34142a9c9269f6a91816c91f27773

SHA1
f6669d023d998e83f51b7002d3e938789b6abdac

SHA256
6395f1b9a57565df4ae963e001ac6ec3cc6851ef02a4d9f916ed5d6affd10ea6

SHA512
b927a4d024d4f14cfcdb9898264264d8782f6eb7ee1002d73e77591de235e5d67d65ba8c56bf908161247f2e8b5c8bdce09d0192aa19d560ff17fb5a7d626238

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
efcc3958eadb7f85fe99909cd78301ec

SHA1
e3502dfe5b7b5aaa38e6011b416cfdf6178e76c2

SHA256
21a403b5e130df11c77c5b2217a06d8e5fdf1fb48e9777daa6f0bd3287107df4

SHA512
05fb1bd60eeda295bca246e84435f8bdd9c282bf061326b7c15dcb2d1796a74e552d11367423f63e224470f07935b9cfe6d17404270fd8a98a64af5c7175dc56

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
13e798cdb91b5674136cffb824ff8531

SHA1
6068d59aa597647c8a978803fd2f28802732960d

SHA256
cf4d0f98fc9e6cb020ec6adb26eb77058cb22ebac66b1cecec75f13d6bc712c6

SHA512
3bb0e14d012c4f1117f8b73aea5b93f16a9942f3c0cfe9b43bf90c328ffc23248a299cbb95e738eaf7326e4b0d6b18f3d7f4ec021665c186c72a45cb1a93559d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
b97b560ac4dcc905bebd770a5ccae083

SHA1
ad5ac2957a5006c00fcf3ea8393cc59d7c237aaa

SHA256
1def625a2adcae18064b301ec2bbc8a80a6d3ce82048badfacca8acc9c106cd5

SHA512
ac03d0cfc3025409b6c1f37550d056d02d1eb1c3533c28cfe486d974b285264e2c626aaa91e72b975f5a29c877542ef352f0ad20c5b7894c6fe0542063e19cda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
6c8f56c4b5e58afab0926e6cf49ba16e

SHA1
2c5664b7be2104616623b2e0025553d1627c1c47

SHA256
4a2a052b1d00e5a9418e624d008f2b250968808347c44fd97d27731fef219425

SHA512
7ef099c6d5d35ab1b31b6aa403331762bfdfc0e36970742509bbc5892dfa021ee3cb0d4103432ee4805e212faac60e997d2e0bdb00d2cfccde9519c148eb3dde

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
4d31370c5fb35ea536b1f2a79eabac4f

SHA1
bc9ae33ec6eba6474812c7d41d7a252c6f05a2a0

SHA256
abfd5113423d885194260d01d5c74240cedf95f8555dc7a855bfb00681a2ee91

SHA512
40305e933a956d800c8136113bba1eb6a672f0a34dbabc5df8222db577106c286fbfe707abd164987d9003ad743920db0bc9df6d5a880eca24d252c2cae01bb0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
e8c06f2b313a9cd31c841c243147b67a

SHA1
aedf0159a4df8739c7b2ade6868313be2bb49e65

SHA256
69807fbb4f141927fc8f5c4fb3556413457f0934cf66b47677721d6dfc8c7fd3

SHA512
8dfa922813440e01f06a91e290a0a8d8caf19822617414b3f9eae62a6b1e0d9eaeb260faf83a35dbe6e1718b98c4b99e526eaffa65e18bf1fbd7578c7ea222e8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
749aaeacc141aa26eab13e20f1ec856c

SHA1
38680dace771c3be1be8e76e373536678c2f1164

SHA256
5f6f1b487b5368614ac5d3285fb8a93423d0a2cc0aaa996381991248f118a5c0

SHA512
ab65712d4fcf457ba088b22ee234d4a7f77c51f43d3346193a16949fa7030440e26c79b4da00ca4f87b525bdfce2819a57bfdec9b5465363fe8427c5db15f9c8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
16a52d99eedb4c6b4b97b6b78e3d55e4

SHA1
c1d88fa723d5798cadc57df34eed93e65e4fac86

SHA256
4d7247a853798abe227ae75fc92890427a3bb2b6fd32b651741bb71725f7a8ae

SHA512
6ccf93ce801fc2c410e89d971f8eb9304bc1a40eaded8410cddb3fc0bcd143aec823f185927cb65d1a99508d4a94aa5dbff17b924aedc9aad0252808a38aa203

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
feb56bb72b40e2a65c934f40fdac0397

SHA1
9a585f181dcfbb49360c33d6d35972a16db8790f

SHA256
4ea215c28df563d51224adc24b7fb6812e6bda71771c39db505418c2fccdeb49

SHA512
e09c2bf70953f9b0ad57330428784df6f4e5add0fe3f06832e18beb680fd1f0ec410d205dc902949fa756ca66e30f3ddf12ea2870369af1619dca45c4a7705b8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
80bdc13ec6060719cd1294bf9d652be8

SHA1
40b1b7b4020e0aa89bcc77254355ea2a9a734220

SHA256
758eefc620bbe4c1026fe65020a3194546422efc872bc63ce28e6beedb53ce30

SHA512
fedb8dec17218a995ce310c1921721012d87a4b401ab73b8d51e004f79ff89ad66a937768c6c191c74f71314c14ffebe4e71d281cf925a2733ebaec53cee66cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
100e14abe7296168b5cc782e4e2bddab

SHA1
b857a9b8e7febc2629845e2ea775bd11eb5f22ff

SHA256
703c8f7683467d133ea3b3fb78909d7b285d66b8395e3016dff83c84d6aa0ba6

SHA512
8e9c76c433cb5a4678fbb2879586a91b5aeba1c5da601d124f12182f6ca74b380b69c6de07a76b3063e34d3c3049387c64ad557b1bce0dd0101dbae62aa40756

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
c81c539b74aefd8bfdcbb4583b075e30

SHA1
63373f845d1587f9e206e6b15cd500119473793f

SHA256
33e1f7cf60bc75e676ea4d8c184847566387e70c8197bf81968dff3676d7bf01

SHA512
ea2ba17ed70b863da5d9ac2d636b4012c4a6d643f46a1de4c3e70fe479c14e87b9018d7ce2b041f63fe75bb1e0fdd4c069e210ecea8a483b90f9e2790e83ecf0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
b841013f189fc65c5eb7a1d7c1a69d73

SHA1
c0310179cdf14df53d417702f212069238e90673

SHA256
07abfce72ea0a5e33870fcbdcaef987616aaa43497b3c4ee950b6e09072d1877

SHA512
36d27de665a03da4279504929a190bf74e8a0d0eb81b7b27faad650e4c4da381be6e380125a1a398171a0440b06c17db99f854a8870092980466abb889bce92b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662610078916.txt

Filesize
77KB

MD5
a96f0d105e4bda930dc9a49be88742d3

SHA1
e362de32daa094567c22e4622efda3a41938d997

SHA256
1c15861494d555d0f82bebd47c7456736490a8b44130c98ba2a197d943c96fc4

SHA512
e432d7526b4390445cd11f1fa07762dcc7271b37096422ceca1ae21b4db36c7d8d95557aed8e823ca41005d24b74df6836087847b1e5172121ba143a38e22404

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663116015387.txt

Filesize
48KB

MD5
6ef69a1a0874c89a30ab5070e97989ca

SHA1
dd55ad6ea03954dc350941e24645d792ca1a414b

SHA256
39aa709d986ae62c9f28d37f60112258eccdce4b7820905e79abe621aab31493

SHA512
d9cde5d771df459a9621be462c64b2b5d6b6244e121a9813e5cc155fc1f9ee65491cc4bb3f062ed4034fdaf024f459cd8e5cc6777b53168c7774dd53053dd629

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669820222616.txt

Filesize
64KB

MD5
3e4acc4131501abe626978ba6272092a

SHA1
0fa5119ed5cf50cf55536f4948fc95b0aeb63f4f

SHA256
175efd5debf59c7b122928209e3ffdfcef747c3fcda8ee624c3720d0a7939b0e

SHA512
cccc7633b1ee01dab0e0f228c150b0ae8f23521053097a25d2a20a73d1bf74f2c9dc7c8396b6e694f6df037595c427deec586c10c356233149666a0afd8f54f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727672589120253.txt

Filesize
75KB

MD5
3faba5f1691913ab3fe253924aa420c5

SHA1
95c41e894ab139cd4720b006d84bcfd8cddd4b89

SHA256
9efff2af0862dbb832107313f0b73099a1e630fd4afe29349c56755c180c3c5c

SHA512
ae1b521b5c9e36a28aaccbfac20b921f3048ef7a7cc80147f245d661ee6f7edf69dd3a27b1dc42929ea6b5c1963eb9f622c2c9bdd8ecf1b646fc2ec4ca4eeaf5

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
298f45046e4abdc650952039ef3e35d1

SHA1
4ba0ba3708d3e8397a0dbd745e908eaa5f679b2c

SHA256
c0dc33ec01aa6eca8e72e359d85a60babd45f71376bd7dbd0ae4e412e179e599

SHA512
fc7854f5aa598a867024cad621e0d6eff39ee7d7ae82a20766e56586e45c461a4c899e8d8b7214f4b54ebaa6a2047d4e45688a48317f603e9199322a767c177b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
e43b3bdd228fbb62003002b421273a76

SHA1
e6553c45f804714b35a0c51edecd81b33441c4e3

SHA256
500c6e62793dbb2d33fcdf2476a081b0069225b08975263bfcdb28862a8a9282

SHA512
ddb9736ae7ba2e1a8923703289f1fb69990857593b140957ec7d0d289d62dcaf4c708675e6428e4061ec1b3f18b95870d82e985ad39d3f99020b2956129072a5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
ba826622aab68b6885fd8d9a734069c2

SHA1
21716b5f39c35d2c5c720a278bdeca1991425ce8

SHA256
0cdf4395658c424ec20d7026c52a4e2412590b894e890d94b4a06619f77d1bc2

SHA512
8e87acb0892555796fa68b09bf6876702c777c6c55eb084af2da0ef64c2f2289467a7228300117bf9e478ff5caa78cf6ec43cbad7cc102dda4f0ee18b239dc40

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
4e210e77165cff0d657d97106d39d176

SHA1
82eaa0d7bd47ebfde1e491f144f5ced3870cd807

SHA256
b411b056c3fd7681e1bf5889bb7312b50078016156caf85e61e87cdd18b63576

SHA512
c98f8ff153ce68a36cca20576375787dbc9a45fcdbf7fc89bf61ffc6a026f7286b50267db8eea9bb2e0974031fbbcb0d7e9d08e32112694d77a5b459158b5248

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
bc60d114ab69b8788b87dbbafc5f6ebf

SHA1
4b567a2ea842cc00af56e4b1f429b0fff35d2c07

SHA256
7bd64e2c1dff6019282bca56a03456ac11d508fe2d32b7fd8d624d40a90ee738

SHA512
2fd55da2a543702cdd05375b78f6585610bfa15af00e87a69348cd602128f8a095184d5224fdc64452348bc4ac03b483c69457176e0a1f6710496d46ae9e7fcc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
29613b0a4a221440c8d314c4bb5a3a5d

SHA1
48889f06ed6d6b9f18cdf92384a9e50b5caa6dd3

SHA256
fcaa8974ddb5ef419bd6c8dbafafde74dc9e81d79110813f9a735b8473db3350

SHA512
217430fb51f2536e432192ed28cc7772a0e7bb9ab1d8acbed59983739cf86b02e9cf9f76d5d0bccbc47ecedc812591f599df5cb09cf9881b17e6b3117b62a68c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
7b81dd0ae180dab5d2b4b58cda07eb10

SHA1
9170bc75219f5b02d83fcf9975a499b4d5b46369

SHA256
9045af7f6ccadf7ec51c55cce778fe021cda8ef9212f4e4f74eb258394562721

SHA512
394bc468efef721d791a15df5c13be11c0631455865b9590ce5acac445b3bb2320d8f81050f382e2a27ac6515536edeceae6088cbf79fec9bd49875f978191f5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
a310e80d3d91cc5a5f21eb385f531dc5

SHA1
8ff8d9c3ccdaf604b9917dde9ff6f774168d0c62

SHA256
0a9e0bf4f25141637215c00ca62986cda34e38c5cf234fe944c8dfe4c9b95b3d

SHA512
f5f4286ae14c911c086478b0092a63710118782d5be7c9645b2eb1ac2eac7ba41075c55b11782e3faa4daf6d1199867dbbb8b38b1272c0f1587b71e388c63a01

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
ea1be1362f7dca878e1120f6e661f9fd

SHA1
7ef0567f2c96bf15ac3b8b0cab35e5baa5305a18

SHA256
17851ac7e35e204b366f987d787596c8645ed81932b33ab2221876500ceaa675

SHA512
a529f7e1c0c56a77113256c288f0b31190c90808a3baf2847340e5fd6eb0d380f9d2f8ed6e07a0d494a5e34881c46804bf7cc213f35a7dd9f6cd4024c00e4838

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
8a1839024d8d2c576c0c99ec568cb842

SHA1
4dc527740f42d64829bb96b4f91be336d578865c

SHA256
ca0559126bccf501240f2aa36944c21cf3f23820b7610e1606fead901978e32f

SHA512
a5425b8745948df9dd27c09fb66b56535e7df50ad2c4a74fa83ed089da9df09f3b4d1a9e4f89f4682b713a7d553906e0df74efa551285213ef49148482c3ab66

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f96e78ca550f3aff07b909d4191889c7

SHA1
7e526ea91d8be7829353a16eac9b895dcf8a681d

SHA256
6dc6fa3917e9f35bebbc804526f9a801f4575697f6952ccdb02d32313b46e1ee

SHA512
f6cc9cb3e5b26ab925be63b1b56f424fe133a1d05943545c8db62e5a95c4403374dfc652477c2e693cabd44b80123ba60d777f2aa26391e23a74ee84a909d9ab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
8d22209fea2e1e61912bfe9a76fe299b

SHA1
1fd26ed72db8fb7ab17f4e4fe122ea5408033302

SHA256
15b360c12f48c9a9dcb81c7960d8eb13d7081c737804cb7cb50f8f6367a05f67

SHA512
82ca1474631715c40f625624addf1dad8c319532b4d9f8c79a964cf3ba89acfa42ed40996071d6dab4c4d9f0e2a8c9e57f88937ee3048662f296ccb0a42115a8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
ee86ce6f5f520e6e986e2e0e705c9f8c

SHA1
4511a5d08ce55cfcca3f1255d45ac4a193900694

SHA256
9785659155358d5dccc3841835322418dfc8380a0230984f6701f92849bfa0db

SHA512
9079ab622962a145c60e33ccffd2d12a62c4d048820a9cecfb19c75f0150bd164a8b6606eb884770d80859d30da638fb2862210653b37e5ad446f052d69fe135

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
7b2bacf9e2a9cb324f60c3bb796b80ce

SHA1
011903b08060a4685370b5e8c125d456e5e5a7aa

SHA256
5b95026d577b84c32828b57bb93723edb884969740e04ee6e19984c987371a9c

SHA512
7d8b30dbbf64404f5aa960478481199211f6079bf4538d1ef3533b5befd5471061941d583631b2f5e2b62f79efd514b8a003d8640fd4965366506ab0d7c99526

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
7aac66b87e52ef41c62a144a61511e6c

SHA1
ccd8055d082a636e91facd708556a41c1da4eb6a

SHA256
47a65a7a61c0895acd801ba4c1d0a74649f18d276fe363effc944c61f0d02e60

SHA512
d97e1f4fefab0211797dcfed286432f65c39c15a88bd22d810de3cd4119c35486bfcd1bad34d140609ba8c993b6b7b5881ee029419dee7e0b4469c4f158cf78e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
7a0ea07d58a4d11cba27b81673b04bcb

SHA1
2c4802a122b03168a52e21157bc2b478accb0ede

SHA256
718d0e56470642e50a37aec8ade73dd9853dcbd9fd57617429d8f5727dd33fa0

SHA512
96a08350b1aa5ec2c0d69d06631753c4f960b7a6533560dc89e35ef4adf9b0819c52912b3007b0f10dd1040134907fc498de452b364a52c0e9d78e5540c7ee75

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
1efda10189025d19dadde5df962a7afb

SHA1
59026c5b0e4fe67afad79611b1f7a13912a8af49

SHA256
aaeb994c46166e9347703e5d5eb2ba7c491a54c4caf65acba624397ab3ba7a11

SHA512
9a666f0b1e71fbf464070732db542ec3ee136e3ab6e9b20d0abf5032d062f590ff197a22260215c94a6f6ba55f4d9b56a4ff85f90e3e33ac30c9a7dd376fb198

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
71065b3335b9ec3d973990fbe141e8c2

SHA1
8d1150c9d09c5240c253ebdcd59628c6386e3871

SHA256
64e925db2cea5a229749a0f7d3e3f0034c9d65cef0e410dff2ec2b36c60a34eb

SHA512
ad98334debf5a4f7dc0eb93ab41402f270c8eea07c246f8feb9829377e7f8d5c451a2c98ed48b0e433df8c2c934d78861d6a22ad444013dc543489e54aa3c285

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
00da69d3d1405ce7ae13ff9469e674c8

SHA1
78d84b89b749bc83640e6ee28f612af8887aa171

SHA256
577b1e02d99f6246da8a37a40d7050d3a3e1d84ffa0385e6c891dfa9ab53cd7f

SHA512
e1b16f616a689eabdf6c01c04650cc20dc1608e67b8c14be5f49565f49d51ea086398e360d845a9dcfc18e1b509b153c8302154cb42583e42065c9f636407fa2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
21ea1fb9004a8eb7932904cb5f931558

SHA1
594139ef756bb18e89ed3900fc18d80385bddec1

SHA256
1bdadde64e8684075e6c4ccb980405c9781ee75d7caa3d97e9100c09f0c1c97a

SHA512
376e11b34d0f9d568b0695e0063e3048ed11bf09a13b86f75862964efde1cd36d6f11f8efa815d1b697206d23c4aa6c7fabebf03a5c014a544da615a06a41f34

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1d1fb97a3e27c0aeb4abf807691c447f

SHA1
aa2da07184acda0e93416d27ae6dd9e665f63c34

SHA256
f78b8e7841231ef75fab47bea37929328e656e1fb0920a7feecd074e338d3a91

SHA512
1b70616378f6abc3097e79686f0096e541dac4a2b12d354ea24f6cffb5bc1fcbbe86ad7cc766b60f2ab2bf087d15d3fb5c6e340438d8c2fca3fb99868a9dd8d9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
d337c6cf00e2e13c43e198a03eb61e88

SHA1
512ffd9148fa450233342e71a36722e856470f9d

SHA256
5d2cef2d918efd73c41994692f4c4a9cc1139aa57ca14b21b3ca516a57a96b97

SHA512
8c1d68bd1875b71503e2c7f59d6cd2c851769cbe70df12e8123aabe672cf594db8b6e19ffef9a01223c705af1fa718a84f7b68def8b8f12f2a7e50877be141c1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
74a7901cc68e6c51d698c3f07544c26c

SHA1
322a439bbcac09275590399418e556be2c1ea4c3

SHA256
35164b3b9ddc23fbe11fed2d31d157e3033ea3a5dd43fb499203b9daced219c0

SHA512
34ed1c6556beac1ef9da4a248c3577058a406adaf79ba0429c586f942d7af3db043f958a8214b18f35950c6efdbdaa9f0295ce60d36818bdec2291dea5d3253f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
ee7dd5cf993ea28cb41c217cd0858afc

SHA1
be3565befdb2d123dfab223feaa828fac767cc3e

SHA256
3fb30581574d55914c3a5ad926755ab5005088083871ff1900b5207e39a3704f

SHA512
255de402ca5f16846062132689abccc123eb387025a9bb986cae3fb31ed97a1ba220bbda362076ed2dcbe0f637b0f3b693d4bd566fbe9dcc40b71394428dca70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
5fdd69621eb8b286bd203117e790b707

SHA1
eae8feae5a36e9f8616ecf1c62cac95344c2eedb

SHA256
3d6b46484f5ebb9c1b5adc6ce5172f68e43067c01baa10e98a1e11a38c091109

SHA512
c0b2d583652f5a8747e07d347e0d3d690dc1ea0f89b8a59a8d21de67e1498fa91b89915cbe30286445f9e210ff5b536306bfb4d1d19f91521e645e95d9fcbf13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
1978dcd167f2a834f6379b70c6e31bfd

SHA1
d36acbe4bbc8cff5bd55ba6486926df3594ea640

SHA256
b18c69010d8ea8b4561d548088eaae75c2bbc7213e1921f1579db3ac71dbee5c

SHA512
b0f85c5ec7680d0768890d338f6a345b06c7c7af1f4901dee9649445cfbcf24dc5dccfa24c1c94676a1d6bf58508656d256cbe316f4cd7e98c0ebfdd16cfcefa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
305b1f1ffd5a3cc84d0c49307242afa4

SHA1
4d9997c0a423fb9f059dc6f6323b8bfb12a6c3fb

SHA256
0b6d966a39a896fde2f8f2354cfd1a682fe4cb431b0905985c002987525557b7

SHA512
86e851be897085afbb114af818aeb6d42f5a82751841cf72a4627b7b7ca644879bc1c9b0ea1f476398672ff874038b3d96d62fd0a543650f39318ad323aeb7d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
dbf83f4994c27737e316f5feaf3f0c9b

SHA1
66cbe06f3caef7b483146a1c9b7d234c08055f6b

SHA256
2c66600cdce9a2389ce65a6d4f3222d219691b77178e9f516fa256a1036f675a

SHA512
1db97a810873626a67a6b5d1d66cceca54fdc10994d48d15e01f24f05a8d1338f1fd9538631a24e02aed605378da958be86cca4c42b772e546b067287b612a6c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
ecc8ea92941aa63ec8a55113f267a990

SHA1
51787e51de2ece2df72ec5e33ffc9e49f5585a0b

SHA256
adcab5904972c442f84728478d512437a5983ddb45104972c42b8e4baa5c4ee6

SHA512
f19b541b2f3d7a12f9d850a81347ec939d880945e04e2da4687adf9cb79b81c767456f5e44712c03f1443d56abe0a179c673b5d3c9df665a099dc5e273db2e44

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
552107444a964912e71b7974b8d968c0

SHA1
42ed44f5731a00d494ede1d3b0d17144eb81421e

SHA256
6c49f2b1da32eb8e538b11fac4e641e61b657e4c0cacb6b86dece63fc5279523

SHA512
49b039f188c58c5f5646d3babd1fd81ebeb00f0ddc541ecf49663dad51e37c84d9e9a020a95b4d092966b9e1002c6501d1eb73a8e769f25da6cd3f10212eff14

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
ebb28524a129c253f7b4f36db4956121

SHA1
421ada75bc91300fb900fe6aafc3d201addc5eaf

SHA256
12bd96ddbab30e7a0ae9066069bda9a22008e2e7af3f3e4f63634dd2c0b964f1

SHA512
cb7cef449119c6ff8e4a0ee2f9f3dc234906b88ca576c9251a25ca47415f605667137e116ae92bd729e5975abcf60b598dad3ffd1795a3499733a4ea4f773e13

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
2a0098d2fcc8f52e06c865118e910344

SHA1
bc98b9a08e34820bfcd3b6ebb54cc7419c48b532

SHA256
7ebbefcaf64108614a67ac0ac8b9a0d8eb657f47fda93b48c7e919b806596133

SHA512
9ad61093c549e6b5be54292928daf4541881f402f56887ec7c07d661dc3694d851ba9d202e6627dd994f2b1a59de839cfe9ed5bd3950fb20f885acd2eb003047

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
cf652fe9c11caee09d8de740a775a781

SHA1
99d2b523d8c2f54cee23b7d2e0489291dca3019d

SHA256
87927ab6700822e6b5d6829de83f1f5b427ce4bfae50aa2d862da2bb65925d1e

SHA512
a9450d627b514ce40f890b6d0bd198a17878ec82e1f14bbedd5f5ebc92ac81caba30494d59a1f2d4dc4c65654042f6a216f282769c2bae32e0c7aecf79dc28f1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
93a7e4a509f3208a264ff674bd0e54c4

SHA1
7bb7aedf2a13e991e1af653343c1fbca1c21e672

SHA256
3e3b3fdc7694013a8f4a69d388c557ef1be3475912f337176b47e526ddb476b9

SHA512
6f85d2e54a635835dc751b4a9cd7cb10511f608128d1914ccb658e37a74c303b77aacd172c96fccdb212f23bb3142b33efd66d276f230df366a757ad7f0ec825

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
0b7208ead1591fb6ccde133b034f9c7d

SHA1
a65c248f01ceb8b8d5c1e21109e2979d401affef

SHA256
2611826edb02f17957d2b14678298dadef918f35d70d215099c7807ef06314db

SHA512
1ae9029676941891ce875b520224b10abd3b2852378220982cfdebdc7950f86cc7eff7a54329eceb04cb0a873383ca36b00a3dbef80c63b1dc16d4276b9fd93f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
e26422ef58b40aafd9fd639957bda8a9

SHA1
e1091d0a0b39d50d925b84ccbbabe8e05eb2d540

SHA256
12514c813273724474a1f80adadeb40e09195ad31d69350975aab4ec2c872639

SHA512
4a715d76f53e423f18d96d496c12c88706cb128109c1eff5ab80bdc7a91a9a8f943cbd777de325ada5a3821ef78dc9cedc21e7e868cec0605d4769a1d5a0b8f2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
4d7ef2b886c96c0b34a921c24591337a

SHA1
726f8c24e13c9c0a01c4cef2e93d3fd13824fe5a

SHA256
f69616bca2821aa1bd23dc9e5d3b549fe1990215af5f6c7fa50ea69519d69f65

SHA512
e5961ca1046740c57dd64137411ec9c1a13fa0ee13525255e3c149067e0577d676797a2e89e840b82baa8896edc2ae963ca4496b6f33ddea120189f973a7d139

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b74a352b03676f5896f97b27fa96667f

SHA1
201fcc38dfe636995db73e270845732218b4fa72

SHA256
53d12ad275161a7b698ff7d57aeea5c36ce2af4c97525fa435be890cddab05ac

SHA512
b6f83899f0bb1864b1e74afc552a2301601b324ccfbe6fb690b36778d9540404aa67017aa3bc9d35b2d17416c32db392bd1ce4960acb87108193adab8abad94f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
b322793b60a81da477a3752f1eff745f

SHA1
16d25423ce3c20455cc3952719ca4175df1c5760

SHA256
cd607284addbf3a472f26938ac3272e61c9733d8f68f940a3281c52e153b748d

SHA512
d210a4fc3b3d95ff81d34daba133c39b3d0a72c06ea7319a39c272339ad768543341ff0e25b6ed823dd50be17b30d5cf77656081b46d25a44a421f3469931c2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
4485ced94602924a1b2506a11ed1884a

SHA1
7f61081f93885493e7aa91e9641b0f22cd5c9ec0

SHA256
903caafeb1aa471482e6b28545fad73a7ec33d6b1c64a7642f23f551cb6ee7f7

SHA512
77228dd3c8981ab498fbd8cb7f70a6a4e2ec4f1be193dd0aa8cd898bd9526cd0cf9cd742c9ba830265d06639534752432a606724916d10316ae2b2c905f4c650

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
bb0b1dac9776d865c5cd51753b7c1cfb

SHA1
856551284f25a5c47e21aa8e6f25bccdca4f25d4

SHA256
4a835312464688f4f765999523f395d8632cc7cd959d240e9c5862629c132b02

SHA512
be5c9b0f4cb5e1d525dd318f4ed277bce96d32f80b0cbce95911a84eebe6f39afb99b88629e5998fb034d62989d59de0c07206906de823940c666ebc1109fb99

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
2c62907e206664d2eaae785b8e65d417

SHA1
325fcc4c8b3cc956d410109bf5e043730feb34ef

SHA256
22aa6a48d6cde5b4f6d1bde9e3497a91038a0f267e495370557836b55d44ae02

SHA512
b6bf0dff364326841941535d9311f2bbde1761745d3900d42b4be23191ff008058218491b40a55e2c70b540e80866e8ec931ea3bda96f73b10da89484f89b344

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
e467ac0b0b4f100f57e91599206586ef

SHA1
ee9a4351eb2dc4f8f09d59ebfeec28f96350383a

SHA256
d4e0577f901788b9dc22f23d487e6c50426512d257c0ebc64fac44de103a399a

SHA512
ff5151cfaccf3c1b79cfa3d3ee3ddc3a93c176e576efba25106a4004f001b5b1d50f5211e17402fde45c8ff148d3e5315f768dce45b11f16c108d1322f879427

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
ee26a386ffb7447e4de4f2ecd2d3432e

SHA1
87d94412a996526b3ecb729539c049182af9c0c7

SHA256
43acb7d09534d336713827007bde3cc19c725dfa906ee4bcef172664b13dc3b9

SHA512
6381547b7618092669f80875842142853eb4a5054f1213232c3b422b473519779d96b253fc70cfe45e48c8d01a1aae613df5d6cd4c0d62a689b9763709a9f97d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
8fd820ce7e74b6b521c952eab6a4c5e3

SHA1
aed039b6b880f91f37e3b25f9e499819061711e9

SHA256
187cf18e81275e90c2f2d01834f30681e19c4da30e704e1051e66307df76f86a

SHA512
bf2961281bac635161dff8069742406283d01f005ec775b81150f7a5c1387880dffd5bbd6e2a13ebde4a365ddf104588c2e3fb486e94c20e8d643b06a0ef6b1e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
24e8451e6947b9d27e087c96f1a668c8

SHA1
3a3d96187f0f5bcd2f5ca1f1ea8eac0f3597e457

SHA256
1225df4375f2a9cd4186e7f8463f3e35c3bacb7d04d659502ec73f453322ac11

SHA512
9ff50b153fbe9f957a4adee1581c50b5aeb2560a24942e335f35cccab72b5373d8438dc14d6bf92b07b7efd96f3951db518c78017f1dd14828bf5436d90aad8c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
c0b25d9a5746290d3bd002babc05cc53

SHA1
8fed2ef2065d4759f5c0fcc9d9a38622b15ea447

SHA256
08192f89b34eaebab55f7a78a42eab3605fa4e3bbc1d63e29558ad387f476845

SHA512
b4e8cf4414ef9e1d4bf87be2cd48e27191fb5a3c02db1f77d444825a8b9448a9b202f7833802c5a327bc696031a053c9760878665a27de2297db5ff8d86ae42d

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
dd7f1a3cb20d29c8ec517b0f31642d2b

SHA1
a90e93b7326b875998820a661e8fbb0cc91a9672

SHA256
9ce46ef25b1a99baf53c916db51de6d543e300878853305686f10a0f3952b963

SHA512
bf480bba21be527c8a3a89b95d2aee96d47f0af0d0ebb2987a9e57e82babc708c5863604a2bc8cd4ff24a5250df8c931a4b60e925333a686241fad45acbad936

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
844285cd459e57d1921b6ba690459cea

SHA1
60185f6474d2b1949d04830a66122afd8d0b884a

SHA256
afc45d325b282f3d8165e346673690491936213a8a6cc51edba7bd4ec376fade

SHA512
390e1260b3bf92e67dd3dc054cc942298483a8f2bee56cb4c7da9c565669b4c04be6bbbad52e4870dc11a24b42c597d209690f74f90c20d3f600e8775a6b64b8

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
b9d3a5a3328a943a62a9357c16514a7a

SHA1
ad0765967157f21b763744262473a79790a9a454

SHA256
30f6b3fe56dc7abc13618a99b691090e859523f023080b6164c392c07adf7085

SHA512
51cbb5b8bb1c1f094338c785b5802c565f5ccaf4760e8f66977eb8d2dfcd8538ded35f44d57a4a53e7203b72cef7bb731f5977c8a9c9de06f5e0380fc9b52665

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
716c29c48fba201b1b0655d478dd0d23

SHA1
75bff6ec2edbd84de1225c4fab11d18ee4566aca

SHA256
575c30d7fe0acfc8360b730ec89c6eb36b2fb2d7ea43b241577eac75d10427dc

SHA512
9858e449e1b12b225ab54728024c3530c39d46cc54031c4149d3642422adc34e07beec2677e09095760299331dc6bcad4edf08b5dab0066c6de9426a54473e4f

Download Submit
memory/4412-6052-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-10840-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-9882-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-6050-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-11179-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-11180-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4412-11185-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads