xorist | 653127bdb00397483a3499db51337471a19f4b272b14c924a0bd7596d0a78302

Analysis

max time kernel
96s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Size

48KB
MD5

36ae7ab4c205b2a13ac7b8da908d4390
SHA1

f2319b4e446ed2eccb27f6126bd83701238bdf90
SHA256

653127bdb00397483a3499db51337471a19f4b272b14c924a0bd7596d0a78302
SHA512

527475409452e3032f98f3eca8bb58fcb7b08d0bb6d391ed2060f3915449dde2b6ef5be251368c8675d44284c3a91bbdeb6d647ed6b4cbe160087d740651a5d7
SSDEEP

384:TebFNw4Pk1itKkpAjjGF5rmDpwqYvjSDkDCgSLWbgo1aDRBxc9z/qB:T0FmBkpKjGaD9Y7LDCbSw3yg

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 3 IoCs

resource	yara_rule
behavioral2/memory/2400-0-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2400-6309-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist
behavioral2/memory/2400-11290-0x0000000000400000-0x000000000040E000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe"	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgsm.inf_amd64_d7b1959484ec8228\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\MsDtc\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\PerceptionSimulation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\percsas3i.inf_amd64_c17a63dada1eaa02\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smartsamd.inf_amd64_2238284d493e89f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsundelete.inf_amd64_741f159cc6ce7814\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdminfot.inf_amd64_564561a23e05c7ee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthprint.inf_amd64_d3a88fe647d71206\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cpu.inf_amd64_0abeab1ee6572232\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidbth.inf_amd64_76fb27776958e530\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetworkTransition\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0011\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCClassResources\WindowsPackageCab\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcard.inf_amd64_bf5afc5892966e30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\eaphost.inf_amd64_d37080dfb66d830b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidcfu.inf_amd64_409fe85a7af72672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ScriptResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcm28.inf_amd64_4b833c2630a2a287\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\microsoft_bluetooth_hfp.inf_amd64_9effd93a75bc489e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xinputhid.inf_amd64_b01c6ccf7f1e23b6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetTCPIP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd2.inf_amd64_76ccb77f33c66c43\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun2.inf_amd64_de323a35134348a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_cashdrawer.inf_amd64_a648ee708660440c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_3daa9a904daf9501\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\idtsec.inf_amd64_9321d33f1997dbfd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_dde7255b040ac897\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mvumis.inf_amd64_f0f4d0c799bb854a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_ae02676ac3e3c474\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmrock.inf_amd64_9b13bcc1f320d1ad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtexas.inf_amd64_ed0ab85128ed7a01\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms010.inf_amd64_9e410195c3b236c9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmntt1.inf_amd64_263b3076d78209be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms007.inf_amd64_8bbf44975c626ac5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Common\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2400-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2400-6309-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2400-11290-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-24_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\Utilities\Styling\css\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-32_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GameBar_AppList.scale-100.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Exchange.scale-300.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-48.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-150.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_altform-unplated_contrast-black.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pl-pl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fil-PH\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons_retina.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookLargeTile.scale-400.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreAppList.targetsize-16.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\THMBNAIL.PNG	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-150.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-60_altform-unplated_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-200_contrast-black.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-20.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-100.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubLargeTile.scale-125.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-36_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-400.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-16_altform-unplated_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-200.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-64_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorWideTile.contrast-black_scale-200.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-336.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Excluded.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\PREVIEW.GIF	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashScreen.scale-125.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\SmallTile.scale-125.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-36.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-32_altform-unplated_contrast-black.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_47bfa59272ed1911\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\selectAllBreakpoints.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.19041.264_none_9b436d497f039d6d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershel..nprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a91f60f846bc1081\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.visualbas..atibility.resources_b03f5f7f11d50a3a_10.0.19041.1_it-it_2ba5d847f7ce4398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..ardbackgroundpolicy_31bf3856ad364e35_10.0.19041.746_none_08d146b3a00cb6b6\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sechost_31bf3856ad364e35_10.0.19041.906_none_65e76b262ba5060e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-black_scale-100.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..band-experience-api_31bf3856ad364e35_10.0.19041.1081_none_6e71490dbda799c0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.dsc.dsctimer.resources_31bf3856ad364e35_10.0.19041.1_es-es_e0f8e013c8e90d0a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..tance-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_5b0c07c46c3f38da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-retaildemo-retailinfo_31bf3856ad364e35_10.0.19041.264_none_c0a6e35b15bb449a\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_intelpep.inf_31bf3856ad364e35_10.0.19041.1266_none_323b1cade61f29e6\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-charmap.resources_31bf3856ad364e35_10.0.19041.1_es-es_9cfb5ed19751d38d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..nager-api.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d383ab70e06443d4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Management.Automation.Resources\1.0.0.0_en_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..namespace.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_84a20dc938b5b453\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\xhrBreakpointDisabled.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.19041.1_zh-tw_9fb6581b96beecdb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..gging-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_caf564a6d9e76647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ucmhelperclass_31bf3856ad364e35_10.0.19041.746_none_a8b00e462593ccd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-com-legacyole-olecli32_31bf3856ad364e35_10.0.19041.1_none_c13b9bea1e9e7acc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hdaudio.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3a12e886be6ee94f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_transfercable.inf.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_03dd0ed7851afe9a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_10.0.19041.746_none_fa033ad7aa9be481\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..r-manager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_f03f03b8f63e557e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eapteap_31bf3856ad364e35_10.0.19041.84_none_195697e687ba0694\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_10.0.19041.1_none_f1842539350f99e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\AppListIcon.targetsize-32_altform-unplated.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\Assets\SquareTile150x150.scale-100.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appx-deployment-client_31bf3856ad364e35_10.0.19041.1288_none_2aa975f68f862bfc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..tx-dxgiadaptercache_31bf3856ad364e35_10.0.19041.928_none_85ac1b118ff2a924\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_10.0.19041.746_none_0a27ebbb92d57ff6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..confg-rll.resources_31bf3856ad364e35_10.0.19041.1_de-de_11e9088c3cbddd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.1_none_75cd350cc8b5dbcf\i_usermark.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_45a6c0aa2ed16c7c\http_410.htm	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ppvclient.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_8c24ac10d2337291\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.h..s.payload.resources_31bf3856ad364e35_10.0.19041.1_de-de_a040da1cab96e7dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00000453_31bf3856ad364e35_10.0.19041.1_none_a86a789537648b33\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-kernelbase_31bf3856ad364e35_10.0.19041.1288_none_a61ec92f9e248eae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-d..scannerpreview-host_31bf3856ad364e35_10.0.19041.546_none_70569b662ddb706c\Digimarc-Logo.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..untimeapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_9d3eb67950964dc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_nb-no_63be8058058cb0d0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netbrdg.inf_31bf3856ad364e35_10.0.19041.1_none_a775377b740f7257\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ncdautosetup.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_7d1828dd9edec1de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.19041.1266_none_fb76f6fb7e78a373\InputApp\InputApp\Assets\BadgeLogo.scale-200.png	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..emotepage.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0f8b767fc41bdbe7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.virtualiz...settings.resources_31bf3856ad364e35_10.0.19041.1_es-es_415fa22300793054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-setup-cleanup_31bf3856ad364e35_10.0.19041.1266_none_d8b09b7510dbb514\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-convert_31bf3856ad364e35_10.0.19041.1_none_52c6583f47afba7a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.powershell.ovf_31bf3856ad364e35_10.0.19041.1_none_9b15a85ee89056f8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_10.0.19041.1_none_468c75481260dea0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ca397b41f1481bc5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-configmanager2_31bf3856ad364e35_10.0.19041.1_none_c8bf3d944451a9c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ment-dmiso8601utils_31bf3856ad364e35_10.0.19041.546_none_4ac1b0d8ac60bd3b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-pcw.resources_31bf3856ad364e35_10.0.19041.1_en-us_4c5aae9da6f5b804\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-installer-sip_31bf3856ad364e35_10.0.19041.1288_none_b24c19d701d4cbf3\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\INF\SMSvcHost 3.0.0.0\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hyperv-vp9fs_31bf3856ad364e35_10.0.19041.1202_none_7331c53ec95f186d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_10.0.19041.1_none_19940ac523d47fe0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.1_none_d76ee614d28656b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w...appxmain.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_2320fd6af5859163\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe,0"	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sgMDim889MuwdnC.exe"	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "PBTSQNNJTWCTJMW"	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\DefaultIcon	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\ = "CRYPTED!"	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW\shell\open\command	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PBTSQNNJTWCTJMW	36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\36ae7ab4c205b2a13ac7b8da908d4390_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
4a0e6195272273118290045d816f38e9

SHA1
eb213566397589b8837799c8a3139a42f272cede

SHA256
1ad442b9a28446fa90ba0858b424d9412c25baecc8eac0ba3509850486ddbea0

SHA512
b7061ff7868ebde52ee9d6c84da99026768a2fa2481f6a1f398144b63d07ceff4e66d000ed42f72a55624fa290706f9516ca686a9fae6fca366ccc7d6b827b03

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
07c9aa0eec6ef16cf459de8d66f46f28

SHA1
d0a7b3be50084b38e83dbdebb33110e65d755965

SHA256
eb2920eee5c3238cf6451a18f11bdaff7e606d480860bcb71b7f6ad8945f6cc8

SHA512
8d4ceef581db09a37d8e6f5cd89ecafe8db3b3769fdfa8d039e212b6d6a7e19d9be52b20a71ac70a04781b036d6c8bba5e263a40b5cc5751a86eed00ff38392a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
d09ea0c82c993bfa26833c56e9ff3f31

SHA1
c592cd434aa79c67ece0fb2d43fd9c2763190593

SHA256
3c783c07fe15f905e5f62a483834b24c2f9f74e46698ae053114ae5cece92e70

SHA512
5549facddf0543c7561ae192d3e1ae1df9035d9e96d4017c97250d6b2a12d1c675ddfb8310499918e5dc916a9e3961bbea4b574777c2bf0bb1ded6dca6c4c28b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
7cd3ba6a156a272c8e6a97d106b1929e

SHA1
26efa701aececfbe9de507288862dd576c19a5a6

SHA256
3d44e457aa320554188358b3efa7eb6933e2c73b16b2746fec0d86acf1b163ce

SHA512
7d803a5bf656c1f5e2d5ec88dafb7f10bd54654e8dd0ec7e3c00d1c1401ec222bd1803deaa3f18fe15df75edc29f0b534132a342fb1127b643878fbf220ecda8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
c70f132b9c39ec556951a952c4062900

SHA1
82df9ea55b8c6a0d398bb2f743ad79d7bf2e6397

SHA256
49d968166bc966e0306fe276d45f606171f3f6076a3804cf76449f8f53b4bde0

SHA512
b0f9a5deab4f6f05d53bd675bf092a3ec355174d81905b89c94aa0427e3fb29396e669f087efa6b480e77cba4cd80b63fa9afb6c99310ef998b219c3dad564aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
567fc37ea5415474ac304305e677f980

SHA1
9ccb4f952e00d9978ccd9f74d7242edde8b46a61

SHA256
88d493e70acc6b506af3a2fab7599eea2d86baf012677b99859c639b1052748a

SHA512
ed633d01daafaa1d165dcf294c6c40fcb59aa83621388041b86e85754e7c1e6c1adc051b21974e091348e8d26edc91dbf7b7a2dea471ce877a5561d1f2479561

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
84973881cb5b91613bbb59f484e0e1ff

SHA1
0e227ce5a3b5f8d254a1f38f7b52377ca45df406

SHA256
478faa697cf066a06ab32ee48e3f8bccf639d40b54675f49b21f748a7d02fa59

SHA512
ba7a04a0dc11c6707cadecb2c66c2ebd001181630a9e5446eef31c3070432d6510bf710c57a16730b4180e2f5ced3b571e14ab245910cd39d0468bcb9c91db4f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
30bc0db5de64e64b9d1eecb7f232b658

SHA1
ac3ad8c77748df202cdb12c89132deb2f3c337bb

SHA256
c6f3901fe9384c13fdc37206fb691ee628c296282b0826505689ef6ebff68159

SHA512
9ac17b2ef8d23bd69cded02fd765c6c1990da09cb76d15a613766d68a2eb16be8493a6360744fb47ef8042c908c17623d1103e6e8380e03c46e9a2f547c55cd9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
aba7866a46b53199207d92ecf7c4adb8

SHA1
06555056c56bd4d7d33cb2b21770473ba0d1a8c9

SHA256
e595970fa8442a7c562a940e8cf5454a274303bdca933dc10970fc4ae7a5eb78

SHA512
332f91f789146dd27e04f412e64049ee0b5b8754d91f541afd57a190c33ef29c3aa1bc70c36f8865661f96b1aec228feb841a5ce510fb49f36e8c726da42eb6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
2a294c960c22411eef69a45715b624b9

SHA1
eef433112159bd1882455f5d7f62fcf03e50b5c8

SHA256
907b93bef9cd4ea0c49f81f6e3832733fbac7f273c545d94b39a74e457d69785

SHA512
5cd1569b7e96b94f3dfb4729e9e5fd33240bc622fe8e5f792b499112a3760b5c4edc3711d700d4aba28f00e406d219a38dc6e522ce0906fcbdaf6623bc5795d2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
3a298aeea5eff9507560cc4237396cc1

SHA1
8e7ad1f6780c30c27c99a80bb9d69b706e007203

SHA256
1c4574835c1f609c5b433eeb4b218dfb1a45e51a78e42f96f7232c175e7c6d3f

SHA512
78c2ddfffee630024d31f0e1b6522900886c67a74a61f96f42e134233ba1afc90d88d8e37bbcc86217b46aefc4f1feb8f6330e61d3ff9a095fa92d67fe132601

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
93120c2cff7046d019e3231f0b0fdb56

SHA1
013c6c87d2755fff9b67ec258e8718bc1e6762f7

SHA256
b8ecef0110c8154b61f48516f41adb3070b38b49cce052efda4d38ff9f466cc2

SHA512
31d651afbaac7074f3bf6ed9f00218e0c89920f48c4b9edfb80297f30cba03da17dd3caf6a786b7ba7549dfe257069f3a59a7c7bb76a0618a2bbc52a43bc60a6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
865abb4398a4223c85526dbda45d3b9c

SHA1
fbb476473f70b0aedd7c50bbe79f225752dc4571

SHA256
b0c4b85dccb692bca8eb74a740b5b9cb7829c99f744f3cdc11b6ee318772faaa

SHA512
33f865ae82f947cdcbb50c4e58c7115da9aec7b45ced588a28c804a59b7bcc079da3f4c80b22c2c2ec6baed8bdb4544a0444665020d17e6c2b2729a27ff1d597

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
46b500671094c9e11dc1cc0c029585cb

SHA1
640b2bfdad8e0900ca3ddc27447fc3ce765b5807

SHA256
76f0c66fa0fa8d42ebaac0ebd854ba8bff4dc1ea07d19f0d6517621780ba4c7e

SHA512
6f64b939107f054dcd7b9995886ce264b538f68a5d4113f2f6d05bc42e4bef8adf9423e1fb6e6cfb39949f81d83a95f4cb32385453fecb43cd9c8edda9f64a1c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
a6186c126bf122185f08801036de25fa

SHA1
1b6aa55779b9e08a8d44edcf1bc2c7df99e940a6

SHA256
db2329e43d4f83c6ef0a7fc978f98686710f55e09003931f26df30c017882013

SHA512
c469717057d36015943645550d5e853bb38d517dcf91f6ae4cefef726ea4d095cc3aed8f3a29b4cde3f54d771b5877ac25f4c13c2ec6f390e25988d07455d281

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
471d098d6c51b68a300203c9d08be276

SHA1
fc518ce37f56c5919950112821d528ef2b48c74c

SHA256
0b98d64ee5c8d038bc6f4c384c87d129a32cc2f6c8e42f1b8a3e64887bc7a6c9

SHA512
7110fb8d688cb48a60c0423e96025baa0e6b37a30c77b71bfe61fb303d797ad6d64b2c32753bbc357bf81d962975ae4ca5bfdabe6a5708786f411459b01007be

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
992eb5ad790597c18ebe67f7cb68fcd5

SHA1
a0938ff12193af774ef598b914347da07ad4ad4c

SHA256
8625822b0fc9c1da04387b02fe87f5c410f2567bbd0416d56f4da3be3afb4cbc

SHA512
07116e2ae6ab8e45d2c5fcd91a06a3bee9e698c8973cf97566a56bdae4c37bcb9fbac14d879da47e8aff3bc3ead87145f25ff757b263af365e856e8bc6315a67

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
a4bdad6c1513449a572ce027c2f90716

SHA1
1385f40b61947a0f7066ed20a435d903b03327a0

SHA256
9700acbf02c24f046240c0ebc616e78b3aeeeb7a4d6f747b576414123ed37896

SHA512
8f3cebf49fe6ce21f9d67c1d5557b97e2d68a177a3d724b3d710e7a6582998ec775e06eb685deb3eb4d0bbcd04eec6bfefc351fb86cd3f3985df9575888f323d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
cba02829439eec1ddb62ed8923bfd8bc

SHA1
99dbe3c629a388c92813cd96b219651ed1232b1f

SHA256
1be899c4cc1e3f35d7a3253741ca32eaadb8c44e2c5d98f93c26d8d0e8d8e5dd

SHA512
c79e0d1512f3ad8b2c704b678beef947f7c3f921ae155de57f2f678b34d10cf9068766697bdd5fe18c6771e2ea49d9a0f99b83e8b727aa70c87d647c835bba24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
55fde0d01bef61d16845d59eff3547f9

SHA1
e4acda81f553f26380bc7a64007e4b2c4e9f75af

SHA256
b7ed010e6c82f73b38ddd6099bb10a51e30b468404fe9f1b39e94e09e3bee864

SHA512
d7d749a7324b674cbd798fb9a1a23561ca8f907f4712e683eab5634373f8d2a44eb692c28e8433b0c4dfaaa17a802c19f79d6ee587c2d51221c9309e87d70852

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
22e46af58d01c5790241871b38fc9c33

SHA1
3131494483e3588227ae1063f5b222d539cfd0f8

SHA256
5c886167aef62f1608c3948c7d98193a0af12aa319bbe4d63ca36f6ed5624d6a

SHA512
c5b7128c445bde195cb90822c39e248e9633f977323d18bf8fb6007aa23de7f7f2174fbc038c77d385f54a693c990e02b161ca683e9622bac64a6064cc07f40d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
4bf7048b0e8f1742d8c312dcc0390b44

SHA1
be6c152a60e9fd44cd8a84808110f3b2df29616d

SHA256
d08ccc7e9d5f771b9059d83c198618be294d551c6099c98094b2061d783c322d

SHA512
6a08f3b6c5336737a663e2a2f615f5409e846917464b0fcbf88df0ddd5960d9f42b1f7f077194ab8f53c67e3081e854a0cd9e41d737f385d64af5bc22e614226

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
0d32e4f01fe51fb1c629471338808d31

SHA1
ba4490bd622bd469dc31f43e031e66d681b35bef

SHA256
5e80ce6675ab0c2ebf6a3d56d64ef82ed180bf3d5d7b52f1f1e832ee1a9db508

SHA512
eca6abc60c761af105028109a1d4bc0e47ffe3d51649c79441751bb57bf6db3836bd9f42822e9927057d3a06012cac7905b9a52d38b8b679d64831d60c2f7be2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
4553d0052d307301263c9feb8e65bfd5

SHA1
10f794e0ca343a350d60805f860d5a92bc133dc8

SHA256
04d9509b1e95ee66f12b62f3aea047239303d47f34c2ad9c0045063981819549

SHA512
0c1b609712141e2bfb7385c5a1ce48bf27fe78586d4609f183be37fa25dffb2fbc36461f59f9b4b2bb0590dc9d6146aa7432c62edb5ebf059f1f3f6b290014ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
8e377bac713177cf3d6cc36e3c54caba

SHA1
5ae2c7dd2c927614f914f9dd8f3cee8428d27014

SHA256
614dc8ca642e0459c51f6105fd550ece36b7ccad79df15ded828f9e84396537a

SHA512
4a2dc6e65052bc56684d7f176c4439409b4e0d251bf1ad0b6c04005fc760e1b01322cbe6e261aa55197a0ca5b55a8d4b8080d84647c11e9f36597e2eb1b0502a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
ce3480d7952560615ac6bd51e0e11284

SHA1
8f2901c02e0b75388de51f8111f0101deaeffd66

SHA256
61b2ee8f1a9a020025f6002f45fc69bd6a7733ce4ca4df7e6cfbc67bd5adc4ca

SHA512
f4bc5bf6c5f26612f5fb46fa68979ef0c5e5f6307c8125cbeee2437656287bb9767e15686461c33eec3b882755ad3373a9b0186eada987030629643f225719ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
39f9bdbedd935d1c82663d3ae19510dc

SHA1
2ef0c329fd22e9bafddce43470f9e59d08d998c9

SHA256
2db3c06b25e9670d6a4759bbc0eb9f6363ce2a94f3bd98d836be3630a03ed2b9

SHA512
edaf0c7cea5b8ef09693df7841230c5657421cd9fbcaae8f9241cf118954513d6da22b23db20882df9abb126373428125799ebc1319e2605fad4938a8c290b52

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
dfab3a708e3e6b3aa8b926cabe46923d

SHA1
577dd8561b55cc9c7257f60a79ba5a27e5c89dc2

SHA256
92c5a239e692c6e240d5c72d71d2a489f9f07afeff57dcc9683a6edea25b806f

SHA512
b0a305df17ef5963008b62c1cc374ffbec368347534b1ff2f695108dc944228e97e16792000e8949fd0277e65a1f7018eaca4d93e6b2a1aef07436fcce0954a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
63d712a7ab1dec21fbda137573064135

SHA1
c237cdf98f6589171d7f7b5bac83d8527b37c9d6

SHA256
8a47c8d3a21217723f6980eb8826a8c0d4b1c608d4418f448026805ae2ac0d86

SHA512
1bf61beaadf78106a93083f439115d1d164261c35c1a5b9d669b4a2123180cab7d76fa6f209e8c15d47345bd3b2c28cdb98ab7c07077f5175ee90cba03cf355b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
2ee3698f659fd7552dcc9aea4fcf6b60

SHA1
077478b90d05cd82413caf87a46f666d7f2c9ee0

SHA256
cefd4bbad56d3dc34a63de4e07688fbfdb374fd7bf5f1d05eb23f68f754d9e00

SHA512
6bae6aa4c13bbbef0510de8401d786ec947b702d3ad7a5756b3eb7ce644ea571acdc031641471910b324f7c3b6251032b3dd5b974f5c28525a2b3e0cb19d41b5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
fed16b27a3b4e4903478e7a5eed9210c

SHA1
271e5dc931331293de6e1db822dc028b364d7927

SHA256
d4fe14573ddff3248aac9098867d59d2e8defdb16d69f5184462f8c1352cc6fd

SHA512
3cc9c9145c534cf1ea49e68ce4a129ce9e35fa2fa5f789caf10ea724c96b644ec7894583daff0cde1d7bab4225d24d18dd9e8613f1f40185127b9f5f878b9adb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
0c8af3d4297a603811b97dabf190ab41

SHA1
f1390637a7bb98b065fee300843ce4c63ff30b25

SHA256
c7cdd1952671e01b0778c99f2aa54491af550e55d1aa5b0090974e2ec11d25c6

SHA512
076642fa0e1689a1f04013b9d329c77deed20e7c0346dde1f0417e7a5fffb822da6ac4c633d080711c8c25bf853390a178c95db15338b9dc83bee7cdfe97b839

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
823166b789e20d23d898e4a5a50c39a1

SHA1
10348d1c5afbbd0d2f18b6a5c0f175cfaf2b37ba

SHA256
5ac007259561dc6eaad975e45e2f42712935082a49835c84f3e8eac93041868c

SHA512
5b04300ecb4e3af896b7548572ca10e3a5392bd11f4f789012daa41c44dcd0e3642f9b2015d2984cf81d91516b04698c0f48110a674b0cdea6434991ed2d2ad6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
4b90c4062a3cf4dd15277867aaa51161

SHA1
9e94fe7756f0e1edbe915f67f526afbff4a075a0

SHA256
76ee2645e8ac908df55dbfa31f8b5b242e71d6236d977600bec1fc16b9bb7510

SHA512
acfb0a07edd80d0a60c7e0e09ed3a471638a56047f601889c598bff5529d9b83ffbe64755893871151729db2b719f692604a7885528d9e2cc73dedfa81a865c7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
47e41a9935b8d3144c3a474845090b76

SHA1
cf00a84f8b5e63c4b2776a5b3da36812eb75a8c5

SHA256
5d34d9d92a3658508c506451ec2bb468124aac519f059e62a978409988987e58

SHA512
465ae61eb98d20e17f2e3ce9f7e4ef893348912cf325dd127633d21a3648b23848a55569ebc67cf7e09a408b5408811c06bf2fb9421ad8baf0d72d38a3b581f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
8efc58ea1bbcc933b5fd06cc5fca3d65

SHA1
894d47f3ef08dcf525de8cbb7e36b22d9d8511c9

SHA256
6f6fb383da4f78c177f9fe85145d3c59cd2bce08be82a0032f1feadf2a32cba0

SHA512
4c953d72e76f5b74c33ff1416fb67b1029dc4c83e3818c5dc2baaa6524b60847a873bc195f385b083557ee2c574e83c6a996ed5ea0dd7d497fb52fb1e1af42f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
8d179c5e7f03414990c12669e144f639

SHA1
726971d06a2616b5bc49744abc6b14934012a339

SHA256
d630bf2643faaf7c8aecc667e0f81924fed0da618dec944871b4b8b3e804eb1f

SHA512
3660fda3b81f2f959d65b2543a94ce241ecf94e0c27a9f0b79b83f5fcdc67b441fee0798df375e8daa65338a170e87aa3358037556016ac4f15c22891f45d15d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
a1cfde7fdbfc8a9449b6c4ff81304a28

SHA1
96603113c4555081712bdbb788e21bacff015ded

SHA256
afb8b1b7eeb628dbc2b51491ae6e897884ad230bfce53ed6508ea593ae7dfbd2

SHA512
8aaad375f8b767a2bbb5377fcf8918cc1229417718bd1839ab0bef93fd7ece5d5dcf47f936e6b64454a434ca97f5b0b0497b1ece980b91df231ef514e06bd737

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
88a6579f68402468846b6caba5acab54

SHA1
d0cb48032c0b5301eef6b957c117b6a5a9a4f350

SHA256
f2bfde71cda0c0accb9dd4e743e84e554487bd3fa6bfcc072b1e53f51a13b14f

SHA512
add48a8fd181594ec678e8c1c4274a623c21004d63daad319e36bba9f000a3ff3efb6d8d288c272f4eb3966d9985170b4f0eb69affd23990bf76a79055208717

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
545B

MD5
a3b599ed8cc9ae80160f587d6eb64bfe

SHA1
e5351a1f356c39da53ca4cf9d759d3a72ad5370c

SHA256
18fe7a615dcb6222591095b5e9a71f5f49c20c012a84f7b353ea752312cb0b80

SHA512
a966fe7012a492e2cfe8b00a697ebafeffc526cfc1e0a552e183cabbf5bb63a7bc3edc56a1d689f5e80616fdd715c61a4f20a030938240fa0e3fec440f3dcb8e

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
4ee7944d570ac8c2db87430243ca4fee

SHA1
b8fa42771abaf229542689ebf5ec250b3770679b

SHA256
99ac3246cf0830629aeff8bbd9728e5cc09bb909e865ddfd5667d977bbc7c946

SHA512
659d4161830beb4e4d0aff70bcba92b3d9b7e781a514ef5ef767eb325470c7409fdd5a0702728b36ced30c3447ebbdd83e2b8970c1b15a42ff57830b9bf194f9

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
53c6cb52b15ab0a44b00e8e38728adb9

SHA1
20c73c3dd524854f314ff6d0b7538f2c680e789a

SHA256
0f3198ad099805124143ac4a7ddaefc400ec1245dc88fd0fe17d710e37dbd8b9

SHA512
ccb05c40ee5200fdaa913dbe1089c157b198fc60cd886586d6624deb5355d71c302401414a2008a9cfff3aa057044ba53c530786d8c2a5d7a912b711cc37918f

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
38d9ec3da4d6a7d41bde7d1f2427aa78

SHA1
83c0840ed504ce204f2088c3c543627e698321bc

SHA256
7a7d63016349e1b46da58b3fadb2a8d37a1e4167ee97096678277033f1c37995

SHA512
ac92243337e26061b6ed5e9ce0fe0824af688db12f6db09107e1dec8023a2964bae0d6cb4c75726d6016955f28bcf91dfb26548d948563872d70cfcf81fd5a6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
e2b5c4a3b1df1104a2140adfbac59d4e

SHA1
6b55d6d2d0f70c53a4d47aaccb6f6b41608346d1

SHA256
265cd5ed4712b1ce866f92c94087934c37fc247db0d00383ab42942eb6de5f2a

SHA512
2fb93bbd07e780e8061743d8e03ec57b60ba8f7dc638a221cdbe0387ddeb20981664dc68a9e31110015698244777c2146dc5a4f2171246f3d0adfd3b45c1dbdc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
4d467291507f5a91b58e6edf89dedb1f

SHA1
6f8f345a01e1caedbea3655b8464b488bbdae14d

SHA256
0700e2f504823d0eaa23f8e6e7db724d953e50277094d83c3c01af352b039d98

SHA512
d7e6ac366d676b976172133f3180efe49e53a009a6398c47c74a6115afbd505fe85d820e1811b52ed5a9fb907c5bf80392057fc18db649b426adb1828476ae5a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
a4b84333346133798650c672b389ada5

SHA1
60740f2fb1280e152c600dace6e9f9bbd38e268b

SHA256
81ae7c0731fe9dc65fe752b27d280b07f924248732a1b23ee6289cededc9dbbc

SHA512
12d97b706a64c10df2d7889abe67bb7fa8c9003e81ead2a3ff6d34abe52dff1e769ade071b971088296df2ac6687eb768def61bd0660d3cd1cd3a009a0dbe685

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
ac9df5a848fb3f1e217713bb3f6a898e

SHA1
0c50e8d1933895311fc3c6f793dcec83bcae9783

SHA256
130903bc63577c0eedeabd33c743ad0f85e5519cc933afe96600bcb4992ecf70

SHA512
9eebc29e93d864f17dedf03a805c28aa37efa017ad6b4900f4e7b0af098d888dbea250f27f24c1b91e51ccc6f5f06e458524257e7112ef6868fed7a16e5e3bd8

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
00b977564c9cf87d18519f58f1f66f10

SHA1
d009b26c612a5f2e0faaaa64df5fe247104658dd

SHA256
67146b91213e6c37cc7e4eebe9ffa9d26fae21a816a9529c7b51ee97e90c2c9a

SHA512
21773fd7dae74b26df22c2ec6b691135323e3eab6904b958f9e3fa102fb57bc5bbd7cdee0dfb37ecc54dd32ee9fccee0ce1e98f88c4a955fb30e66eed5074b08

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
cd66e5909592039025a4774d433dbc78

SHA1
52e6fc15f7d4a9362e7a9ad18c6cf9fac11d41d5

SHA256
6b0fb3dfc5a1c4290bdc94cd7d9a3acbff3391cf24ad787ea35fc00ce26f5538

SHA512
f6641649394beaf58550efbace911ec1d92e57d06b40fc470f095b436fef3da0b046ea03455d0b57c37c98c68f6cadf2661a0e4dcc24ffb0b9917974482eb760

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
96629060001779b50e32f526815f2803

SHA1
bc3a0995d82af175031964046e817771ec3e4854

SHA256
69d9b3d604a0c42b74bf2f1c8642056055502661765d58dce76bdcd59b8e4ef3

SHA512
8fbdbd4d3ae4697f6f18e5464771c555472bcbb297eb08034fce1921b2b4e024675bda50671bed9c89e6ab243ee3e71a4764efe80df2fbd6ac8a248dad39f267

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
619c42a08489768f2a541a3aa741b958

SHA1
ec04b0374364e260185f214293089752905ae2f3

SHA256
b0c598ecd67dcc84f101764be782b6cf42ec2534e6797f5bfcccc125e9c40301

SHA512
e9aadbe8f5bc1a4239dd6cf9fba97cfc951016f33d66808406d49fd0c560d14894686ace4e80537a1334568d473c472df0213ebbdb525b98fbbd9e456aae0072

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
d6b073c049dce22021c23c8472d411a8

SHA1
f5822d7b865d19b7413e3ac54183d4d1ad12e502

SHA256
062c4c0aee93e7fab02b8d5cebf1fd97de9eacfb7a41e4ba1ddee6d0df72be05

SHA512
20d81ddeeb73a7239cfb763fb5a4dd8b328feb424674a1fef639e2a4ed7073c1b284ff42eef91976d4b684b1827b3bb2261df1c4f334bb960bf4b087f78ba390

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
6be13d6131e0b06b6aab03645b79f98d

SHA1
d88d20a42451394a754e141ddc944c9bd303f718

SHA256
a7afe6dd9ac0a4ab7269fc99ec80b8746c7bbfd43160d6a56083346777e70963

SHA512
d3823003e7ad84a1f3019260e8ad1273ced9531d591047eb0484b88616d6a8eb21f96f9526b8570c3c196e94ef46b9853efb1a130ede9290bd8bf48d462f714e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
c81bea9db03340bedd8bfee47b17f4bf

SHA1
2c0a0271eb68b4335ef3f0df0a2ba4cad9ea26ed

SHA256
0cef376eaa19a2a2f7893072173f2a7264e60d035192eba8313638e808d6c3e5

SHA512
0019e009c92b5cc7b83ff8165485ee8e08d077ed5091fc5a7e58852ca45703109113e4d3319f95c41fe03329df3b3cde237dfad1df75bc702ce4807dad2a8e13

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
ed2060595c437c984bec444f714530a6

SHA1
efbf7066a8072ebd40bbd6aebe54a75aa4497c06

SHA256
e71e7dec17fd69e806637e899d1513f9a355a08d1cbefb91e94377e6e72fbae3

SHA512
c948a6c2d8259a974f9737f68953ed4120c43a13294f98b89bb615f364c97cdb0ad535d6492ba8e750f8d640798aade6ba0a6d573dbeb2706742fabf67976257

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
f83b6b53021281cf4a36e93a38e869c6

SHA1
a7656d448f9977a1a41bd5a19d52a17df7f7d7d5

SHA256
39ea4bd113c5053c29312dd706499389249df4cbf083ba3e7f81185bd3aa5f18

SHA512
3d3905dad2e13b8c9009149b850d92b0f0ccb91cc6931b30f8987b34d0ef4f69764de84947b2d7c90c7ba9208b0cccfbc0d8459b60c11d7342068e691d207b69

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
b1f7966f14a2a42450eef689a3dd6a5a

SHA1
9bedc9df2d877cd24bd72a34bdfa722c435516b1

SHA256
1d16be441a724a69308fff9ca1bbc1bc2558596265394dcecf2a26bf1a22acb9

SHA512
66772ae696022c702fbf382a1b8238f1c66983f954367adcdfd0b7c87072043f2c9c4fe227f6e5af3df6def2b112112393cf94ceda46ca96f431026654cbb055

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
b726de2f817ea15042dd837456e67ede

SHA1
62d6f9d765596e0962045bdeb1925a37a3b053be

SHA256
145e9531fd2610f4f5415c3a312d14ceb6b2895944407ced41f9cf5efb68209b

SHA512
84afa2c8fc1c97fc1685f63045bc5f455ff3509366a97d62d912e428e2164e218f9a858ac8dfc8dbd808ce187167587635fe07c4093e94f0f080c4b89d32b99d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
f6d69dd0dd01b3a8a2dd3718ba04a4b3

SHA1
e321dbefbf3bda8d439a4e8b9a317cf53746f540

SHA256
02a6159af9e914ec138bb466a9a05429f27ac3530a04121f00623fa7a1929e4d

SHA512
663265e50febc778b8b2f05a4e1d93928e42237f530b76704087cbfbb1cf7afdceceef8488da9c26f61bb8cea72343d99f4f5cc21a0c5e3c166f140b5a9306f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
51be709c47878307e8c8cc77f8ae49a9

SHA1
49ad3744fe64b4e05119e6b2498f96621a955405

SHA256
003c9dffbe22fca53037e0e030dd103b7984305f016ef90948a0e4ca5a7c50d9

SHA512
34109ea38d5b9c959abb87b336612734aa584c6d740d1064117222f5e0ee1d8057967396a205201cbde822228afbde66571e8003974504894894f5b910922b3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
c97e51f31532639551056e9a186035fd

SHA1
75909d22bd774b46e5725b18b99e8b0b95a984a4

SHA256
b58b932f444fe3ef725dbd5d9aeaa2cd2bc9d91884b65b3047998fd9a239aa81

SHA512
d8062ccc27f9d8504e34a15c30950f154a929293dd7bfc3b1aa7a50e2c4dc62da6b342970888613243344c75d0ad34aaf2a45660a4a1f6f1377a76c2832555c0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
b1dafe81442d3e301c024e3750e90322

SHA1
d8d9849dfa1e170f9e3e006eb463332c7c16ec7b

SHA256
b4cec2ab442dc539418687f91a23aaaf6ac5f9dfe77ad17a4547bb48a9ab0993

SHA512
cd6f98ae2d639bedf27c8058542fc05c2ee19b475cd964d00cfe1b578f3b789edb81f78ce25a1a71a08d9c4d54811b2a196cb1d44e9adbea0ba37f33e9cb8011

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
f2076d1aa20617f28a9d52768430b73b

SHA1
1c1682f55acd946ea395b6fc27d1420a4564a4be

SHA256
1b0cc8372101b2015fa82b75766c6351c1fd6f0652728c3c699a5f0cb69bce31

SHA512
6ec387f293de931a15ee9a2aed350abf1aff20a525ff5d8e8fa0e6775847a0c9e0395a2f97c49f482ca7cc71a4a3923075a9370b7fa07723d868be7f5353fb1d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
5bc10897ef71676c48e09706c39ccded

SHA1
1b80091bc2a68a49d20e81b4a251b2d798543b96

SHA256
1af635d0b14419caf2ff7da03b509811d9d63578bafe7712e7c7e0415a4bb47a

SHA512
f7c8c26227d23470c8c0979aabbe9c27eacc00281603f19f62e4e9214cb137c3b91d3c70049b53653b88ea260804d08ef808f54653a8528ba6284bc80f633a5a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2d05619aedee3517cb5c870d856a8d8d

SHA1
2b87df83df65cde01ec585b220ba2a65868013c4

SHA256
8bd7616526fcf722de86cbbc273ca4381e8e8f1ed2856fadb6813412d1f78db3

SHA512
227907d7d65350fc8f90acb5793147181c980479226f12f4b9ffd8f113c0b6ff9d5820a10da21716ec272a55485ed213c01a745bb91093304c7056ca3283c855

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
dad0ccc3ceabad8019a72d8e01de79d4

SHA1
8e62c35bb109d5b3cb367ff32dceeaf0efce98c9

SHA256
adaf73669707fe45f79997743da2f6ccf7567c1fa2c40f3e5411aac8f4d30cb5

SHA512
78a25deb750f887a899b5ac58a417652e68ebbe6675d4b7f412f6f84280920034cd55e6638b5f7bec79874e3f24d277938e6ce192aad40f835ad79fbca4fc24b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
54c7c703ddb00a4bb848b179d39dd1f0

SHA1
902b7c5e9505338ac1933c1f5009fe111103ff60

SHA256
c8f9019a33760e675239c457dbc3b44c9cdc425e662a7063ccc33c21355ee62c

SHA512
5cf54cdbddf1e7c6535e5d359490e3c4469d9a9dbeab20c0c15872dd5c664ed7998d3aad50af88cc97de55618521f9b55a41014022900915b57039ae46c9f624

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
8437da3dae5889bdc11a804639812168

SHA1
e18a7dc71b8c821b79db253c16c52456f275ba62

SHA256
14d5bab94c3e2193eda9d9aabbbec90beef7f35ac741b5923352dbaf74454dfc

SHA512
ee96388f58fbb47a065b53529ff4399187cdc72e60c138146e358d9ebdb364b57850546b569fd6a8575d2d46a71cbc4d8769edc57ebeed13c9d4ff5046d7b185

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
af256a5bcc092f187f52d896bc88d9dd

SHA1
a3bec797ccdcb3e3e2eaadc3bd88db594c2a11bc

SHA256
7243235700ceb38a6f32b2c4b2c9856cca56e94adc2ce310cf101e5e45cda2e8

SHA512
9e947d1358a7a5b2c8ddbf4704b240307bfcbe9e62192bf7c0dc78be65db378c3ea2ad8e8870a3767324fb4980c26df520c8fd3bbaa43f792982308f417d5a01

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
90212c9b7d6f1bedd2d9c4ef54a18d45

SHA1
2b3ecebd5639f6e21d2b2426531633f0bc81b6ad

SHA256
2329b3358e7aaaea30df854411be53e04d2729c928af70e470f491a81d7cb526

SHA512
8fd9d53f8e464a0a683a210eb6d4358347efc6a48e22dbd47a4244bcfeff90d87067651636d70dc6c40fa8fa93092322d3c37da19fad4f9ea8092420d210df9e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
515d37168795fdddbc5c8efc27fc02e9

SHA1
785886e9ff2453549a7db51052f43e48581277b4

SHA256
51bafce2377a088247c8b5fdfe59455b8b4575b9eaf052564d94051069c0a2d1

SHA512
f5eeb0050fedd9924acf95c94b1aec0dd6a1c736bae394a1015409d9c4b84797f00557c52e2ef9291a881b0e34ee2340d18c6127e9c52c889d26e20603355273

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
4c6a41862bb6a53875489f817c3f8533

SHA1
8de3010a251721a5faf1c3d291a1188d26c6ee5f

SHA256
e6b01a44d1435f3b84c62f32054818cbb9dd296997cf179b10e81b38c1a6386a

SHA512
3945cc2c0d4f18e88b345e826e4ee0e3cafb5b8ee1ada83c0512842b937808e88e3262f103382d5b451d4f773c73b70b35f0eb154748da5abbd19e8ed1b4eb10

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
b3ca0faf1fd25284646cb95317e92d19

SHA1
0b5ee8d1d75687fabd7abc0ba7d7a0d4d7e4c86c

SHA256
63c28f8d55de0a4a7a0266bb6af0d1555698a927fa1aaaf8b107b9ecb99c7688

SHA512
25dc70d4fd9d2d5acca9848149543078443efc61ccf582d977bec835e30fb3d788b06dba7efd703af903ba6580390b96e57019fa198f635e5f17509b7dc968fa

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
209cce4ba1b2927b9009f218e821deb0

SHA1
f13c94b95583bba884263a6247bfbd838f620976

SHA256
97d692a79447dc82932e9022e95a2e0ae3efd1b1d55c77356adad8dc705f202b

SHA512
92ac902a63f59dbfd5c5e190f4ed9a0ae943f512c80dbd303c734df7be9feb393e810caa951f4ebfb8a03655143ca4900122c2739368f59db7a202813c85df53

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
a9a7631baf7095e3f3eee70ce1c26ecb

SHA1
563ac7b39bb805d5f548ca682a598dd8e7df20c0

SHA256
d93c37f5a13eba767ba9690bfd60f08d3356c795ae889afca55d12a03b02d1ca

SHA512
828915783735d6d250cd5e0fbe44e17ce402ebd05cb637fe5dc0d8c7be42159367b1dd90770e6e97d07c58dab25518f16743a14815735f118dc2f1f5347732e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
0e56c11a8435193a539d54d17e51933a

SHA1
2fb8462e3586578672c76f47f207f7fd1f4b77bc

SHA256
a8d4e1cda2173fdebe4023265f64a810eba2eda0d6aedf4e028f0297a9a3bb84

SHA512
758145f76463e4005f01a22eb843074e5e0c3ea2838de9e9b32c57d7246664d2f4103469aded434b1a7ecd46923f0502d5549e3831536624625b4bcf55b0379c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1f00d1de1a5d0c7500db9ccbb89a39d3

SHA1
639a73807db6c01c45e935689420fb3b51158c46

SHA256
bed603d02bc9de192a2194cda75efdc649f3237f9fa99ecd62163ad2e5ae9cb1

SHA512
53b472272a1b535297f311dcb204a18a4428a2a2e14c79d4fcedcf9214ddbbb97015cf0a2999a6c29fade5367237dfbcb8154b5d4a7b908bee950bfa920c108a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
564bc53afdb3ee893ac904a668bd78ce

SHA1
8ca829273bb273d5a0e2349765cd9ab113b0a417

SHA256
8c81a5857ed8bc1b99c226cb39c672d37467c87ab8fb988f73902dfe28764a71

SHA512
5388f838f2de455df09142d4266c8cd95fdf89df52d0bdb5fc49b78040760d108d3a6be44f2b4126f299f3e19fdd48d8f5e333c1bb8e6883cae4839012a58550

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
813df6e7a2c7cd74508d0e8e76d86e64

SHA1
16909bc0b089e7760f11ca91c194ad011597e651

SHA256
f5b701f14e0edef9899dc4e49dfef450b61ea141eb18792177a10ff67966445d

SHA512
8816ed8128a44f2b6e7b444791d639523a4027bf158fd8c4eced4392085fad9f0300fd93dedf978033c58f0ce9e1ae73de67f1d8753b6deadf8aa2d8963c21da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
74551aa1790a3cad1895f9aa5c62bc43

SHA1
0864d1d646da4c2b81dcc62eccfae55821c68c10

SHA256
d69e4c3998a7bbd10701c99687e2a908b8537ab03c502e1c41909d84f85db2d6

SHA512
8722d07bda619309018fc6833a0149e5ca9588413d8f75cd7be9e6a33149fa058f58f31543f19d393f2c75593741acc0554023d4d7c06480ec1734824fe54bf0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
aef3f8859d5a2011720379dffb5bae10

SHA1
9f9ea99915191c7e8d077df840c0e23dd7f877a1

SHA256
57a5c91d9ee03c83f3ad371da28aab7a8da2af198a124fda33588165555e7ef4

SHA512
b2cde9f071a67538431859ebd6b923f4ae4d6c2bb0cafb6241751a8ceb1faf37eb8a95889c6fe7bdffd4b41e9639edfadcaa5b9c855d82d6711b0ca1384f0487

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
fd29e2ed7a5768c1005a7560cbcfcb9f

SHA1
196d83239bbaaba86d6da87701fa21b8d21bccb2

SHA256
1b2775c17673a93dfc737e7885b515d867007654c3b21f759e433ed7238e0812

SHA512
d0f09cb32a7c5640b3630b9f7d891e3c8908bd7419d8633048f45fee376643cd8fd44c8f45be7bf02e891401e09c50cf48865c99fe03d241ca2d604f80f15051

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
5a09486161a44797426f7b6f8b66803c

SHA1
0f3f253f78812be6d6ccf9531e8bec21d379bc34

SHA256
a045ac195d7699488d3524646ec4d010cd46d62424d979306493e5b08a1895ed

SHA512
56ea03508ca24380e723c742dd1a72899640a71e00822dd1e73aba46b683a2473b0d52b0cff9c02d34e542b606951c72be6f53d2ed79f136c7d4509682d2c5d9

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
31055750d88192ee57f316e159b5534e

SHA1
5205f69bc264e23685500a97f35ff3362aff9296

SHA256
4ace63813f4d7eb1cdab3f40bb316a39834f2cfe8c880cf2bce5c71bbedc7b98

SHA512
2ea6ceba2370104a2aae479a202bd20708e55878198710481a31ef292be93bd557070e54e533d59db13ec66aeb854b643f4fbace0551bfc728af0c1e67f8f947

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
aac7827b97683ac652923cd645012724

SHA1
da8bfc88f50790431271cf9b281ff64a7c9bf163

SHA256
027b554ff8ba598a093d3fc14c7352d7ee9863af2db88eff0a8dfff2fa5802a9

SHA512
df040f662d9628d3e06ebee3c8f7a5a5576fa1924ce8fbf98d2fad68996dd2f6c890e620ddffaa9a46c4efb87b7a188e48666640740fdde60eaf0f94b9b287b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662527520250.txt

Filesize
77KB

MD5
3228f9f386f1ffe81f3de0c2b4102d58

SHA1
a3f08429b1ce64865e9da8341508315c1d380e85

SHA256
de0cbbc2e99dfaa01f3424ad16d0c53aac2b83480d0a9ea90bbd9d15d679153e

SHA512
ff8c13ef24739d4ec0b9b9ad240b16364e44a4df2895e67cc63e09f8c969e16623cb350e21d59b7207e3bb65c416839d1b3412786f61ae6cd905d5e5deee9ac0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727663115600892.txt

Filesize
47KB

MD5
f1580427b436d1c5ba7f050a17e1fc8a

SHA1
28e600ef3c68d8ad38a5f19133619e7b4ac97a09

SHA256
0ee29d765b7e7d4e083ded568544d9425f1170ea600820a3f18a4b2519492743

SHA512
c57f0c897e23e271391f2c6cf0e002e79a01423f4f2076e0c7ffc3c32995c19650cc27e4d27fe51f6c790b489e4d83a06264e11a031d6a12f90b25c4f47522f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727669117479246.txt

Filesize
63KB

MD5
e2b4b0e58e10927ce829db2b52847c4a

SHA1
1ad83ac784224a2ce08b2b3906c3a4f99024a06b

SHA256
9a3889d6b8587c2a3b94d925c0fd1f96a4fad7ccb07229833c8de7a689906d27

SHA512
4433baffcee41e31288ebe987d63e489f647cfae2f7cd6bccab6d12905a10ce1f9f50bc97de5283a6cd7b4f92dd0660195ac880c9cb9d241783a86dbb8d3e339

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727671764608349.txt

Filesize
74KB

MD5
948018c42cf40507ea82519f5e1fea63

SHA1
3f1880b1b69028b62317cdfea55b766e3c00fd01

SHA256
3db1e4567a392d768aa84e05c368044292d9ae8ff0b8e4d8dfdc6563ca7b214c

SHA512
ccbc3023701da22a20e893d286f2d82649292abd4a77e3c970e67f2bd17672f069dde8314b211ac27fbf1860377833c53afb231056914e0d4c244051ac252f75

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
73dd10bef1610d63b7ec7b6c9bf349ae

SHA1
85639aa4d492b9e511aecf31517c4df59f654d2a

SHA256
6aca06b0c3b09509fb63c020b39c1f36cf0915d9d64d21afafa6e447dcae24a8

SHA512
10134e0d4dda8d1403ed9ad4d35b4af5f23468d426c63fef91395c1b453e847939b60bdde325973196ad63cd65a82579765d777a1eb920ee935b98a2c9a65192

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
fade8673033dc04b45b2fc5dea6d5797

SHA1
e090fff81b2009e6968c8b5580b0c77bf3ab7cbb

SHA256
c9f4b37417fa647d10f8ced0cfcf1f035609a3dc4c81c2ca7d9df902a20c96e9

SHA512
409e65c9d1b13b4c683618bc1303eca40a6ff0545b72cca19e26b5ccbe4ac3f9bfe1c9b63c46b08becabef8472ec1e3c46353da4c4d3924755b4ece6509d093e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
3eaf29344f277551c28da02893381d10

SHA1
8483c1d86688a2e306e998d783a0287dfb59104f

SHA256
13a907b36b04ad1f32ee61da9912888f79ff7ff2ce907422284f48a3fdd124c2

SHA512
bee0736809a751422d754ec823d3f310d074afd352dd73730a4254e105ffeb61bf11a0fc5ca0cb9e9c1f332e441a5bd4f5216b9a0f7b1864219facbeb3e90b1e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
d97d7de2fc49de121997b011b4c1a296

SHA1
b205371614809ba4f192aba26bbfed324fdbc1fa

SHA256
adecf4f6fb58702a6d4633016ed952de8b97aae557d94476387d0128c2325fa0

SHA512
f3b1bb359c962f807ee91d2905a9d0f9de7b74652d1637348427e03fb68437a3b4dcf154787930db3e6a3df478e188ae223920978dabab8687b5178e301b40fe

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
3f7f12ff5a6ba335874fc248b994b33c

SHA1
601b92790295f710de92bbe25a251f72c489806b

SHA256
de74292bcc5f513d8ea84c8ea990f0fd526fb2b32e6c76925ed1410bbe2fa889

SHA512
8540dd0c2245732a622b5f04eb8cab3d612094da3c9f4491a81c9d6f06d2ea58f2d9423c726ec11b9dc6a88404587b42d301eee8cb2b9952547288c3e4353c0b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
c0257b310f2d7aa15f6d4e551fad529f

SHA1
b65025ca0addb4bb9f43b304fd13d248ab743071

SHA256
7d135dfc2c31ccbb2fda8965f9099149c24400871fb1ec8857e1414275329333

SHA512
c75b21ba198038ef0a33af1c3c7ac2cc654b46495ef41e5122c8bb6025f5820665e96f96f212fe8e627d7889f39ea4ee8f09c0245f4f7286c562028b963fb7aa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
c4d05c70a01544dcad644a4faac23ca1

SHA1
a62854599bda3664e9e835d703c3a4e4d6c4449a

SHA256
1ae0eb4167d563d313d1061bff4bba77bbb04ebc6a410a03e0856ebb56544b27

SHA512
b50c9abb3dfc9e033a532f03882adf6de6b64eb7c8c1f0009ef028218b4134cf569819a7e588be5c0fa587cbc29fc89df16aab3e96ec9bad54a2805b06f26742

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
17c84087682be8597575aa123089054c

SHA1
cdf47ade57b607e0333f4f31be7d69ff2492d237

SHA256
82207176ec4395cb525aca2cee53dcda5d6438d9afeecfd0100ad4bb8359b5e5

SHA512
5c6d4514a68debda19b968338d46882916a1ccf6ed6c619cc01c9d2f660ff31321b878bb4596a6020a32d19ff56ef00c59d0107ba35cf715e2fa4db2432d05fa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
b40aab03d97d6d3bec2c8e8d2b0e8092

SHA1
e4f053c2c615e750d81ef03d2289513add7f3e89

SHA256
89cb288bdfa492ce657c95bf9f146dc284fac2798305b41f107a0670c11c99ec

SHA512
0e1e14a90bc4165610d7d26aa67e697f39a2629ce2ca909e90e4086ed6710178092882749da3ff0676f30f956e95a1c99d4d4384341de6076bec3842f7c019e3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
decfea146dac5f5ceedc2f5727bef53b

SHA1
070ce7d4d2ed54a4e787ee08f89005a87cee7f8e

SHA256
ca227c79742aa8cb24254ab2a641f045f72d06875fa60a86b918a7af45c23617

SHA512
d6c918e18e28d1f07093d600ad895c3805c4f27487aa19d92e2dcc49cf3f0a1261b149e6d7e7c20e4d9207f4e9312a3bc620018164759184f1a244986919d2df

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
51b72bd852c4d427baf792a30f6e761e

SHA1
f463e459a84aa4ffddb58ba0937f684cdf5b3f10

SHA256
6e525ff03f992a5bfd6746b67f6267998e64c7ac241c4bb45f93ea5f51059638

SHA512
210d820dfc0493fb8690520324f18b2566ea4e91249734900654c3826113c0ef2494db0c188cf77181b4fd0ee939cb463d8bcd5e167f1ca6bacb03c14b18edfd

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
884bac37e35e6da1d7bbf9534f6b038e

SHA1
51ce8c44eb9969b114915f82eeeae38298893a37

SHA256
5952d3dda762603531d5bbbb1814ff4cd2ae9f4087cff21a1cc3c1dab7b2386a

SHA512
0583702db6089ed3254dc380902cab64f0297587f0afcb5249d6662376874875446411e316e8966882d4d7b38b1961fa89f5d733829b225ab7c8cd59bb42973e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
3d6bca262bfda7ed56fe6c1ab48ceef4

SHA1
b6fb983f43b60fe250cebf192f8433892e13ef96

SHA256
44cf251ed17e37ff6daacbf051c5a56b16eb0f6f84fafb0dc78f2b928388751f

SHA512
a91689684dffcfac1743b128e3be10e379d74d5869c825a2ea201d16f29299693dafea3b5a0105679386df92bd880263e9591cdad3fd16d980e036d25f069c9c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f0cd7070a3a1dc18068f93e3a241ccaa

SHA1
84b93ec5e9965f522b2a95c80ba148b0e4c9b680

SHA256
5baa59e8872320185014825ea27c1f53fc82b0203d28f8bf5ba0b19c6c308851

SHA512
27f7b91ec0d8a4e7d111844516b68cad9e045089339a77585e9fb658aed15dd15175a13b438833835cdb41a8baaa590227a367014af2f54825109173827425ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
c516a35599c5600749bebcf038e1bf4b

SHA1
98796eab9c3a794aa1447ed41d1438c8725e0426

SHA256
6c2f1ed3d308f1216ac996b8028a25357e065020133fb791917c99e3a0cf0271

SHA512
1e7b9e817c09580646e27eed643ea235f2011260a861a2cf49bdace4a0031a4a3f12f4cc628048d166ec222f38de9b7535a3ca7bf116e8ad39cad32c2669071b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
43e0679f014498d05ae83d540d081e89

SHA1
afcc9ffaf7d7595a7adf2e53e360085324426d7a

SHA256
b1c2f5a1b28111c1764abc9be9f4ead82277b11ed996eb827d48bffa28a3dffa

SHA512
c478c8ddf8ce507f89c8cc1c5ea20fbb96aea06f55fcd8b9bb639c8d54255c4ba63a9468517f80fbdeea11168d28e149fae23c3291c656415263baefa0223553

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cf9ab52cb3414473bcfa92b44594ba3a

SHA1
365c67e890135e09232c306b4a0e31add43ba4f9

SHA256
e00f088b0c4eebf0a21290b2a4e9837d01c45d26a14618982c92771142869af4

SHA512
36f935141d068faa24774f02bfe709a7a2c987b97f6003351ef4bb66e7d678bbc8bf19dae3b88a5d965fa7cd9d83a107c5b3e30af7d19efc24d74a69c6289a7c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
f086bbb037c8ffab39ad285085237f11

SHA1
10b474fa9ab4f5cadea1681f92707584abf2a022

SHA256
38be0d46bbdba83904810c7a936bdb6d765406b14695a34c560a0062bfde0203

SHA512
a4e7fa87d72bd885c4a75c0c3134bfb4b2d65ef021ae4bb9fc4507cc55a7ff5a6161eda613878b2d1f47e4db7cc4d07cf169810872a098031b26fba41a0043da

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
c77728bf68337a765152c9a55f1d7c5f

SHA1
26aabae4ce6a7e9652884367d7d8050bd1ae7719

SHA256
8d783cef26214a749b11cb23537913c0399b4690196a8d185a0a27c7d7196312

SHA512
4b6ad64d0eccde2b47ed43e274b4f2716634e0627894fba7efb7e9d95ae937bef1b9e13279eb0db8a67fb38eade4e76cd278711494b73d034a70315743988de5

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
a87812b8bdfdb3f3701c778c7431238c

SHA1
fe89d3bff35a8e147de86ad52d9967f8d7deeefe

SHA256
c4215bddcb1d131dd290d285605b51ba2069616bb59a3abaf577129d9efbc38a

SHA512
4abb707c577d0c59e7b0b77b9ad33116ee267efecc0502c23e00b558d1d1e0eea24b3ba29e0c02dc29bbd3b441feee7e2b6599e7126afa1dbd894268b4a5fa81

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
59573eedfc4048dc30fb2dd5c72c054c

SHA1
bd0bbd5285533e0a25393cb5d1a847bdc7ce53eb

SHA256
d3518e83b0311eb6e03400baec33663e153dfdb49867922472e95732ac150f69

SHA512
66913e8f3a35e1709aace5a61c0dc5e902a481e65f8d71d595059218c78a4b739d89a0c0d4489e113722ddc61bcf19724fc20b58ddcd849795c73b243ea1f162

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
e170d60ee145ea3bbeef1f7691bd2901

SHA1
401abb4fe5b7c409e25071f9af6484a6699823c6

SHA256
c47c54964f13674c429c55df38c4a850ed8a127ed4281e768a4554c1deae3cc5

SHA512
aeaaf6ffdfbce4aec151a77a35d59ce8cb380b57f7c0e3cb5075eb9992a67f0a4dc69dad7665f27a83296f40a7002c031ec37b21308549a5973c8f0e5df13eb7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
e044625ff09fc6a2c70bce0f8ab527b6

SHA1
15e2857a9a2d90a01710f262349ef2b865a31f8c

SHA256
98ccadfe6046be439589ae5a9ed21611f69428061bb9c939a1f5954400ed6a38

SHA512
e04a56f638a2cadef9e339798382dd64080f1a8ef021957840b53dda77dfe10a3074fc4f53e24a4612fe28c6ca5c6f93d6db9b84acaed7f0ac809890f2586c5c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
51be7f6494914eb0e2de6dbf8fd1a489

SHA1
ad2332c0aec2a5a0981167229b0c370a9c2bb089

SHA256
64a667fc6eb6727b7c15a52706777d2c254df8cc1370a838bd246e2c20644f83

SHA512
27640b5403e7b9a3e77c6ca96495db61a391a00b5aa95ad329cf7384dc9e9de8b953d69093170852e1399317712370156fc6e10c60a69c662cf3d6f7cfba735f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
db9c0dc8b410a1d2b36f691c2b1f886e

SHA1
457773c876bd04c4cc78a75503db2cec31421944

SHA256
af447fb5c73043ebf61a112c9514bf845d72acb92bda164208f32008684b19d6

SHA512
f47c6da640043225bbcf8496b73085cde7a755b1f14fe4d869a2b2a794c417b735601e27441aec8f831723f6e606cc486e6296457312293a001e4a87ec2cec58

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
bbaec2852e575ea5ca0ba9655b68eb9b

SHA1
1e9ee1b6623d62e9c644beb705b73a446988f986

SHA256
eebe3897f89d6df1c031fbf48d49cfb844a11d5a5fcc10362f7e42a7b1e51209

SHA512
69188cf21198bf9311d691a69fcdad3b29991bd9c3f0c75e80846af02ae35a692d65c81dd2021e459c84bc2496be636e3c938efcec014b56c3d960fa4de3258b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
a161f846cb644e606a2cd10c6973fead

SHA1
f699d2ff95350d72694f84a2b53e03a046fb6e17

SHA256
28db4e0f2d97d3b8f3dbbf8c29736c920e79e072dad3ab0f2f520e8eac40e011

SHA512
fa3de0242216af583a0e34f7490b7681b962e5b0b7c59be450fb247dd1047dacb249e4fa12dc76b55ce02ceffdc7abbc16f5eceba74b2f13a78d1c155938f335

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
c453a4f6d608010a125c9fae5057157a

SHA1
69b9a9bf221c5f11d85c417ddc263edb3de5d800

SHA256
263e58caa05415e7299e2ab81cb38a5dd2c8692d79491e1b250c703a64a4075d

SHA512
431dd155667ccef6d4d609cb16c76f42ba32bc23616aa05a820eecf0374ed9cd97b0150b69f8268894634b05c790c8a8b1f3cd91f5167d817bcf64416b13a657

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
dec063456b9688706d64e56e1a022d59

SHA1
635e5afa9a0adc88b4b90ed862393aa14f8a6330

SHA256
dc9b85d641c57938237f50872705460c5c0a4cd4cdd514ad6420ad9b52855cdd

SHA512
6d1bdaeb6ede5ea9dd79c963e5725603f8394285ce41ae62800791884d5d85d91a80e5b8e0083daf6924f05d71e05d90af4d753185249b7f9d1a5b03928cef43

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
1c54b8c4adb33d83e681309e5b6c3b35

SHA1
dfea6d912b2f0109331b9cfbe385f0224ef916b8

SHA256
e8050603e858b9f98e64b0ced9187b7ec4cf3b41aff99dc402454001f0141a38

SHA512
4819c3929bdb4dfc3d56d8d6873e4539880385a19581eadb5060ac10b3be86689b89218df7543555aad893b2348221aa9ec94fbc9c0c472ea63e2bdbd9e115ad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
d3b26ec1b890419ad71871392d90aa5c

SHA1
0837597ca33c4b31e8608413d0f01b7e727714f4

SHA256
035df2fb4ed38e8b228b59ef67293e1b79ebfd691f68e307ce9e12d856b88851

SHA512
68b392b46c6ea514580c92cbf2ecee926c24d97431e715e84d802dc8a356efa2b18439c2bf24b338a24f54c36598193f97637725bae25eaf855df954326c467a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
6edad9a0e9b5a88a2bf80cb22bed4bab

SHA1
98e238666839f450f788e0bb28ea6e6857bf51c0

SHA256
0d258c25d9996609cef3883e3f5a224bac1055f7fbeaecd773fe6b82ea22992f

SHA512
f10878b9e8b5f1374be6fa032b0be48748e259516c9ef2c3e1ed160d533399c3a8443733569b84bed3c7fee645392498a2303bd20e503244fba031020312931b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
3276017d652cbe7c896146f3f2672d4e

SHA1
73855fb47055dd479648ea880389bb0ea7ddbf1f

SHA256
4e48187ae23a7b10a4296079483762cee813fdfff11532d28cb584529e1d70a1

SHA512
a2daf2c9537bc23631f5dfa3cb5049e339d1f58c1b4f295f8d470c630792649f5bcf56cbc98e4fefc7853b04d5fce9e8066333695e4d436fc3acef475cd7546f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
8bc6532bd2f0e6defee38514783eafb9

SHA1
d8ef0f81897eb94d24450bc2e8a14925adfa786c

SHA256
ba87b31efa40bbbd8d2780f443fa30be1ab0890a467bfce1fc8a1477bc553e8f

SHA512
c031e86b35d72e6b3f998492cb839dc90c4e585b6c07c86011cd628ec3d16899b50cd0872b2b9b5e547db61ac6d18ebc43ac5ec4a4162d890d962cb9cd1e08db

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
19ef0b574b87bd08de2ad00f8ed3d969

SHA1
1774d893e8962c96a04577719384937e4e1f9c99

SHA256
45e7767260f51549533793294e28ac019e4bd27275375a4187f4f28c884e0f45

SHA512
638193ea3774f56ec6dd90a3a82680e0cc2db484fcfa458379bec4dc39a37c89c222e5b649f4d28b46b413161d2fc367b1b66ca1368f17a15afb88e2602e07b0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
a6357cf3d6d741af9d82321d08369fdb

SHA1
d095dbd87f8368c71efc463224ca514263f60da4

SHA256
3572d1673cc2212b5723e7c0adb8a9e48040aa5ea838b99ba9ebe34f2af06992

SHA512
d7d1225a2ceef159b2c2bba6e0c41baf814acb7ea8f507d854c907067fa7371d47588bf6bd72c5c593f087e9eeed955d1dadeb93b95059eb75d75a1c55666867

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
aed2e93df19170da6e74921160e506f6

SHA1
48af2920cf694982940e9fda8e5bd0041ad901a1

SHA256
58da2c0d19edb6213cd957749ea9849c57ea6a91e7527ba1e5d6b503b230ffa6

SHA512
b4745910026da10de8617a3145fdceca0f2704ea23cd41812bf85ab86e0d742de7aab3967976f2e934efc5623cfa971f6208c1327d65aeb1a20736e40bc765e4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
d71a54099351992e1e343ad15a722fe0

SHA1
c7c1da29955646768f3683e1b9f48ebf93996394

SHA256
9fb7db61414c5f4e7252063922ee1ded0b0c65d30600d8131d4d9febd845e3ca

SHA512
cb64322d0a617353174d58741dd81e7cdacbf2d2d86765765aaeb62a1ec8d0d334402339c47911694cb3084acd6701659796949e382474eee30b3cd47beb8c97

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
ee46b5e20ffbfe7712089cd3ec392871

SHA1
3a7c28b440567edd137be1ed37623d7fee4e8982

SHA256
12be04f00c5cfe5645225ba43e8fb98adf092817c1b8e49a088c4e22cf42f15d

SHA512
01959033634976bc9cf10807af55f68ea17ee57fcbd85111d1c0725e85627ffc60dc5d752e2f07be57cbf3b5d57ab4991e2b5f95455bbbe95d7b0b3279bd10ce

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
808e0130065688116880c79464a42c23

SHA1
98bf089733f2a0d4a6a5cc84dcfe5e58202c324d

SHA256
f292c1b48cbef72398311840cf42ce6947d4acbfeccc948d3e39377aa0754c8c

SHA512
93be80de0e6dce8e3c4c97f3864575bc9ef1e3131be65eed6b33589a53b3361d5c4d2d2f4afcaefa4e65b750ce9f73ffdc9563787efc41c46926aa38147aca28

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
0e2cf1c159475e13f49e30f87bc6c2b7

SHA1
2cebf117f55a0f8998c516e3814c9bcacdf11de6

SHA256
95cd08ddc007c7b0decdf4deb6545489b967e87c24eda2e3920f1d26f2c7a28b

SHA512
f3df895cb42280353a60ee28566e699a5c96c3a8f49d4411efeeebe15ffd6e267b52c8eb4f3b940cc289a806de0a2b01c1db5ce120fc1456afcf8dfcb7828983

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
d0704adf79b251c5310fa1bda9cf0774

SHA1
4a90e7776ea0a53258e58e81b6eefe49ae063e56

SHA256
9daf55fefdfa80ba83af7565ad38ea9ce1aa4e4c3aee7f9f400b7a77a4f9ffbd

SHA512
466a35fe15ba1a587247e5f3bf95b5fa6ff5357bed10ad167d79b12ea0fe8da2b79930a00f57423b448ad5c06a1dc6c00db1dd7063bea5f53989104bd5ec1878

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
46f3badf96b493f2ef3540736fa86d3b

SHA1
4e841b1c859bd6ee591e656e551cbe6963c78409

SHA256
ef7ccd3c0a68e4cafa354260661c830bc77e19a4b05394091df2d7c029bb4f0f

SHA512
48acb287bb1c2bfe40ea9267db345b137cf45c8e76dc4638c8543117f6873aaf837a229a8a7456dc4ef2a230f12afcb762de18f4125a5a7354f777c33ccc44ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
6bfd3136260996b4be1fcadedf7ba956

SHA1
8e3579a3146bd6a998d57da9862ac733b449ef49

SHA256
147a6805a680a3c704230d529bdbee7e2b9ef946067890c76839fd57ee251093

SHA512
47c019a53554170d13991dfdc308d728f3f3c8780dfdb7a5baf805096985a0d2261bdd7d2455d13268f5d067b146b0ac34717939ae95952a3b3538d6cb22460c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
2b4e185ca74b6b9e9c183da8cebeb629

SHA1
b2be70a405d5d5c0e07c9a01dd4244af24428794

SHA256
ef29bb5605106083e8aa91aaa2c7107bbb7c0ff860a411b01e51facba1da42c6

SHA512
dbfeee012c43144cc6215b61ba6c8babc068452458032711c88b6bdcad3c43ff7c2c72152e38218813fe1a328acfba1da2f9bb08cadaab74664561d6bf78c9cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
747e13ea6fb089a3ba2914b45b28c4be

SHA1
4532d14b90ce828e1db39e5e1b87f6546ad9fa70

SHA256
4801cb610d05685f0b7a77a87fb986efccdb58d818500008de9f56145bd28c0f

SHA512
aa5e3c21651bfde088ae6193d80e29cf43db978ae8c3316614a4d6d3ef94ae3656bedffc4c1679353010a5279e24a036ddaa57c65f6c06bb50c832a90dfd0ce6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
1fd3e4255bf3d516a1fb0d4303a85b6a

SHA1
e1476dbc9940b98d529dde736920ed7c605a0d93

SHA256
3ef3ebb1047db2a2343bcbdf01c6c7cd87ee67116c844af4322881874adb3aeb

SHA512
5f6a84ad64ec281362da2d510e11ad9b2ccbf520acbe1c91767a65a8fc2a7e4f43a721b25abca870e0092c802e6e6772da76a71afe9bf67e69b5a8a3d41e97fa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
9a64b05e1beb88d25405351d36f82888

SHA1
12f76a73fadd0fe46ca4091083a5dd8c52f65cfa

SHA256
feec721ad6046ae87239f79c582d184112e101c2c03f92a1f10e8f2aeb15829a

SHA512
06813d0a6f8b2f34e1bc92bfb6726db1eebf417b92630e030d5ca65f357cd622edbea40ee7cb084f699d95a2385aeea45c04278325dae25b559611a1026296eb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
0344c635eb4f8f0a444f96fb732ec11a

SHA1
68195816f4794243fe40e214c2089490394d147f

SHA256
d2b8cf90d91a900bb39e65eef12f40742cf0a581c99109adf84f7eb72b524f39

SHA512
9088bf61991c25fb4cef58343502fdb3fb112b363093827b071001701935a3aaa73843db5b1cc9dd4968a604d584670a5d46f06e9e9d7697a4b3f2ad13a2dd30

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
0831f74af9477118f802af1f42dd9606

SHA1
be7a5a5cf145c4d1a74efe27b491f507193d9e54

SHA256
8a5f9f181457d2ab9067cb594c3bdc2e74a86ec77accae884ae0d6b852632c8c

SHA512
02f2f639f79448a21bfe265bcb2b28cc175ee069af989bda74231430781d380e56872392d49bb2c676342b6df021f6983a5e7ef8f4041e7ef00ec2da32a6fb8a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
ec18ec34d2775de5035a1a547ce1b7c0

SHA1
9b388126876b36589c92e94b772027fc0587181f

SHA256
2e6d05c21579ad90e669a43ec5b0ce9f97537990a159315bfbd79d78d4163e65

SHA512
224c4b1ade43254dd4745ad07ec3bafb59f09d76f5f1048a658bcd1377f30ad38bcc050a4b9fc01346ff79db00cb371096e8ea7931e5976e8e376613df3f1dd4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
104dba903479be2a4d294b55c5983cef

SHA1
68736d4c89c824413c006389304b61243281c393

SHA256
0664bf2380e95e178003a712e37b43d8a3657b12ecf1173626ef9b486a211e1c

SHA512
5e043f34eea147292371f705a1e6e90c2b71eab9c87ba7dc468a7518681230446accce1f9f427b9d60a38ebfabfdbb40d63d2861338488daf2e2e0500d79f51f

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

Filesize
1KB

MD5
a5dca365dacaee1fad7bf71616f1b002

SHA1
945e130554c72f66e7c35eefacdfcdbd906b0750

SHA256
d1ebf5cd38d9d01318991369e48ee0a7e8fd8d556ec43cc43c1746eddb94f17f

SHA512
dd049ed36843d596d390cf64da2a9cd62d57ee7d3dae4411ac55e43520eedb208b5a0e1a04d6a74db8e613ddaa23a222c82175b530bb047314d3173678f98a0e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
987387aba359122cdccec1d558c0124c

SHA1
8bb356687c121cbfe088c6b0a4e1a87bcf1e6be1

SHA256
4be404b06f7ca1375b468be7fd550c354ccc427388a948088b04791b22adbd36

SHA512
a9ed61bcb2f52e408af81e5fd974239bddaba0c4d111885efc64f4eb0bbceb57b95aca938ba3bc228f1427a8ec820a2e02818e4db739b7d6a5e56fb22f988672

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
fff940636f0614b9839a45b2f5a0f823

SHA1
a4cd6fe78215a22ef00181618b7681b8734469ab

SHA256
e27974840e9288408f9ea6f420e35a7c928934df23212f60bb6b7cdf958fc52f

SHA512
722499af140130d6ad970d9cb7ee1d158625f24dd7b409433d3c4f6ab26e9cccbd45de42d64b72e6a575c130c2b5bef5c95bbbc179a1cd549ae96cf616787f00

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
71521eaff49473105ad1479804f77afd

SHA1
ee614d2737d7f30ae18696f94419773c31245683

SHA256
18321d24132f57d63592ff94ad0318e76e2fa906fbe7e9a85403ce9031ac7f39

SHA512
d2583ae0dd345c1d932097d4c327df215acca8fd6ca3118a3247754dfeb2977cecdf1c3694ba08d07eb885658e93465f1cdc971dbafcf5bfd2e1ef944ca46be1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
cb4c4517f3116b63ed0936ddd8db58d6

SHA1
2f5d749fbab2eb2bb4d2547adace72180a3a1424

SHA256
d3e21d34f66f125016107dc24d9540b9f5d26ba969a36e89018d4dbe1a44f048

SHA512
d828621605f5c80767dab2cddd11300d1e9c5e5aa04d4d5d295fb252765b1723e89e4924d99639b8fd46ed35e5a9b324f9957e683de7aacb381ce7a91cbccff4

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
52eaf2d1658a94f0b55d47b743e78b6e

SHA1
e6ae7237fef14a3361c771d3255f0dbbbd126bce

SHA256
e1346ef655a5d9bbf8a0898b79c1aed34c1c369c066010da30514130575176af

SHA512
87452bc5880182dfe2010ee3e344f9ab6734e0e3458e0b64ffc646aa39879791cd715e81deca0b6a33ba1c01cddd99b9ce76cee4c310eeb2d6a3a4d71dce6916

Download Submit
memory/2400-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2400-6309-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2400-11290-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads