modiloader | 934981b509249b26ead3cea53770cc4cf062f8ddb3006cb8b52cbffe0a736f9e

Analysis

max time kernel
150s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
Size

201KB
MD5

0035656d78ae0d0157e48d811db274a8
SHA1

b7a111880537ae69776e76e245d66571445af5b6
SHA256

934981b509249b26ead3cea53770cc4cf062f8ddb3006cb8b52cbffe0a736f9e
SHA512

6bd149a14a6fd7f7007788a12246df60b2cb5604c584c128a535862f89e01b536b71cc352fb7e393dc10eb33d9bf5822c96141cdf1b139951540dc261dc92133
SSDEEP

3072:2VGPnyNZNUeumn0Vs1y7LCccgm3081pNpsM/WlqPzz90ijMVc+Scz9H:2V4yNZaeumn0VTcgmEopD3hE7PH

Score

10^/10

modiloader xorist credential_access defense_evasion discovery persistence ransomware spyware stealer trojan upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

resource	yara_rule
behavioral2/memory/2388-3318-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-5979-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-10471-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-11003-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-11337-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-11339-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/2388-11345-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist

ModiLoader Second Stage 1 IoCs

resource	yara_rule
behavioral2/memory/4428-4451-0x0000000000400000-0x0000000000471000-memory.dmp	modiloader_stage2

Renames multiple (2191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe

Executes dropped EXE 3 IoCs

pid	Process
2388	CFPRO1.exe
4428	CFPRO2.exe
2224	UFR3.exe

Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc	CFPRO2.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power	CFPRO2.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys	CFPRO2.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc	CFPRO2.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager	CFPRO2.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys	CFPRO2.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\BGPANNJCMCLMKAN = "C:\\Windows\\system32\\CFPRO1.exe"	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\FKDEJJFOHHPAGMJ = "C:\\Windows\\system32\\CFPRO2.exe"	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5wGUqvvU5wcWs0M.exe"	CFPRO1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\LAFOIGPPHMBBNKI = "C:\\Windows\\system32\\UFR3.exe"	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CFPRO2.exe = "C:\\Windows\\SysWOW64\\CFPRO2.exe"	CFPRO2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
17	whatismyip.akamai.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\F12\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0007\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SysWOW64\CFPRO1.exe	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wmiacpi.inf_amd64_4ab67656039b026b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmelsa.inf_amd64_f187fca538857daa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_a233292790c69f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_amd64_acb1691126c93472\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms011.inf_amd64_f83138380f5fb6ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SysWOW64\SecurityAndMaintenance_Error.png	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcom1.inf_amd64_cfd501781ae941c0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\miradisp.inf_amd64_14cd3615d012fdf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rdvgwddmdx11.inf_amd64_e8336336d081cc11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\it-IT\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\slmgr\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmneuhs.inf_amd64_eb59a40d88060ada\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.WSMan.Management\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PKI\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttd6.inf_amd64_28e2bee7229aaf9f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\zh-TW\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msclmd.inf_amd64_d677afecc5e43162\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_c531b5e68fd6f6bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\EventTracingManagement\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\whyperkbd.inf_amd64_6c54f73a58d5fb2c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hal.inf_amd64_fd0ae947345ac7bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.ODataUtils\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcommu.inf_amd64_9d8718c8b82a0aeb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_61883.inf_amd64_2c1769df23d261a5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sensorsalsdriver.inf_amd64_a6da30fe583368a4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\Speech\SpeechUX\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\ISE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_33a0db63c0afb351\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmcdp.inf_amd64_919b7beec2c70482\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\OEM\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\oobe\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\StorageBusCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\buttonconverter.inf_amd64_73b807c3bed63b18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000400000001e3f3-4.dat	upx
behavioral2/memory/2388-13-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/files/0x000700000002344d-14.dat	upx
behavioral2/memory/4428-66-0x0000000000400000-0x0000000000471000-memory.dmp	upx
behavioral2/memory/2388-3318-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4428-4451-0x0000000000400000-0x0000000000471000-memory.dmp	upx
behavioral2/memory/2388-5979-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2388-10471-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2388-11003-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2388-11337-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2388-11339-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/2388-11345-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\README_th_en_CA_v2.txt	CFPRO1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-32_altform-lightunplated.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.scale-100_contrast-black.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-200.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-36_altform-fullcolor.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-30_altform-unplated.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-60.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-30_altform-unplated_contrast-white.png	CFPRO1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png	CFPRO1.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENFR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\SmallTile.scale-125.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png	CFPRO1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\index.html	CFPRO1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\rhp_world_icon_hover.png	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\CompleteCheckmark2x.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubStoreLogo.scale-200_contrast-high.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-400.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarMediumTile.scale-400.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-125.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-300.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MotionController_Pair.jpg	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square44x44\PaintAppList.scale-150.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeLargeTile.scale-400.png	CFPRO1.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Program Files\VideoLAN\VLC\skins\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-125_contrast-white.png	CFPRO1.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalStoreLogo.scale-125_contrast-black.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-16_altform-lightunplated.png	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-40.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-32_altform-unplated.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-100_contrast-black.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\people\rachelVaughan.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\IC_WelcomeBanner.scale-200.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\Glyph_0xe805.png	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Wide.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionWideTile.scale-100.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-36_altform-unplated_contrast-white.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\Xbox360PurchaseHostPage.html	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-24_altform-fullcolor.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-400.png	CFPRO1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\forms_received.gif	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-32_altform-unplated.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailWideTile.scale-100.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailBadge.scale-150.png	CFPRO1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-400.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-20.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\snooze.contrast-black.png	CFPRO1.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\adobe_spinner_mini.gif	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-200.png	CFPRO1.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLargeTile.scale-200.png	CFPRO1.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_proxy\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_image.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ce735da5c081daf0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Speech.Resources\3.0.0.0_es_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\PrintDialog\Assets\splashscreen.png	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..mmability.resources_31bf3856ad364e35_10.0.19041.1_en-us_a36bffba99c36879\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-filecryptfilter_31bf3856ad364e35_10.0.19041.1_none_6691405458642a97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-n..orking-connectivity_31bf3856ad364e35_10.0.19041.746_none_1ac92c26b9949bd4\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ontroller.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_0b3b5017bea897e0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-chkwudrv.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ac20897107a5eed9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..lprovider.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_552d94e931fbc3fa\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SystemResources\Windows.ParentalControlsSettings\Images\MicrosoftFamily.scale-125_contrast-black.png	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..rdefaults.resources_31bf3856ad364e35_10.0.19041.1_de-de_be25527f0be51c76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-inputswitch_31bf3856ad364e35_10.0.19041.1023_none_5ae4c111b6185af8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rgrouping.resources_31bf3856ad364e35_10.0.19041.1_de-de_9b9bb1b46f8e2741\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wwanradiomanager_31bf3856ad364e35_10.0.19041.1_none_f5fcc955312efbb0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\msil_microsoft.build.con..sion.v3.5.resources_b03f5f7f11d50a3a_10.0.19041.1_ja-jp_f3cbc1af8b96beb4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\msil_windowsbase_31bf3856ad364e35_10.0.19200.101_none_66b855c43f686971\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_zh-cn_087844a564d298b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\assembly\GAC_MSIL\System.Data.Services.Resources\3.5.0.0_fr_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mfreadwrite_31bf3856ad364e35_10.0.19041.746_none_974f32d076d3b2e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..rtmonitor.resources_31bf3856ad364e35_10.0.19041.1_it-it_bd1eac7664d11f18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..2provider.resources_31bf3856ad364e35_10.0.19041.1_it-it_6538a1a47df5641b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..dmappsres.resources_31bf3856ad364e35_10.0.19041.1_en-us_d1955a02a25aa6e7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..rformancemonitoring_31bf3856ad364e35_10.0.19041.1_none_677a60dc537bd64a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dot3gpui.resources_31bf3856ad364e35_10.0.19041.1_it-it_68de78a1de9e2a41\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vid_31bf3856ad364e35_10.0.19041.546_none_58a869077fc6e2f7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-m..lnamespaceextension_31bf3856ad364e35_10.0.19041.1266_none_42492ae9d3482ca4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..dateagent.resources_31bf3856ad364e35_10.0.19041.1202_en-us_9e1dec63338af19a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\defaultbrowser.htm	CFPRO1.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Experiences\PreInstalledApps\DefaultSquareTileLogo1.contrast-black_scale-80.png	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_flpydisk.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_21047828b23da5e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_wcf-m_sm_cfg_ins_exe_31bf3856ad364e35_10.0.19041.1_none_b6126993bc8370e6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-appmanagement-uev-adm_31bf3856ad364e35_10.0.19041.1_none_2dd93e93d86f77df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-cxhprovisioning_31bf3856ad364e35_10.0.19041.746_none_376db11745bb8ab1\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..-core-cpl.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5683bc0e732ce0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..er-engine.resources_31bf3856ad364e35_10.0.19041.1_it-it_89bdc6bbc848dcfc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..d-experience-smsapi_31bf3856ad364e35_10.0.19041.264_none_d4f5b53485b70669\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_netl1e64.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_ae3a411481bf6ffb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mapcontrol_31bf3856ad364e35_10.0.19041.1202_none_9269f331f42a1765\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\TaskScheduler\v4.0_10.0.0.0__31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\fr-FR\assets\ErrorPages\pdferrorquitapplicationguard.html	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-detectionandsharingapi_31bf3856ad364e35_10.0.19041.746_none_179c61a73cfb1a51\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-kernel_31bf3856ad364e35_10.0.19041.1288_none_33d42a5f37165008\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ui-cred-library_31bf3856ad364e35_10.0.19041.746_none_9d489045f13678e0\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_system.xml.xpath_b03f5f7f11d50a3a_4.0.15805.0_none_89847a13b6603e6a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_8a8440f738abd1b9\DMR_48.jpg	CFPRO1.exe
File created	C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\ja-JP\assets\OfflineTabs\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SystemResources\Windows.UI.Shell\Images\TabletMode.scale-125.png	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..ouppolicy.resources_31bf3856ad364e35_10.0.19041.1_it-it_830b6bef78b36fe3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..onment-core-tcbboot_31bf3856ad364e35_10.0.19041.1288_none_75442af2fe19577c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-grpconv.resources_31bf3856ad364e35_10.0.19041.1_en-us_a34d2280ecca6e6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Assets\PeopleLogo.targetsize-96_altform-unplated_contrast-white.png	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ndowmanager-effects_31bf3856ad364e35_10.0.19041.546_none_cefcfcd89d8d8a93\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..l-keyboard-00020408_31bf3856ad364e35_10.0.19041.1_none_e68a6c22e6b89a28\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.19041.1_none_595f2a7acaf53bba\[email protected]	CFPRO1.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_sl-si_d4a70da91621027f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_10.0.19041.746_none_846982ad4cb57051\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-f..allconfig-installer_31bf3856ad364e35_10.0.19041.1_none_cd1a3bc29e2594be\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_5.82.19041.1_hr-hr_91b1079c55cc3459\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\INF\MSDTC Bridge 4.0.0.0\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_10.0.19041.264_none_f328f75868736919\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.19041.746_none_6275453e12708a76\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.19041.1_none_be46845142812e94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design.resources\v4.0_4.0.0.0_de_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m...appxmain.resources_31bf3856ad364e35_10.0.19041.1_it-it_8d98cd798b9b40cb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	CFPRO1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CFPRO2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UFR3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CFPRO1.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	UFR3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	UFR3.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	UFR3.exe

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\ = "CRYPTED!"	CFPRO1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\DefaultIcon	CFPRO1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5wGUqvvU5wcWs0M.exe,0"	CFPRO1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd	CFPRO1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.EnCiPhErEd\ = "NNJYPHLXAIFYGHH"	CFPRO1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\shell	CFPRO1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\shell\open	CFPRO1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5wGUqvvU5wcWs0M.exe"	CFPRO1.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{03B6B14C-C1C1-44ED-A61B-650F6775EA2A}	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH	CFPRO1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NNJYPHLXAIFYGHH\shell\open\command	CFPRO1.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	UFR3.exe
2224	UFR3.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
2224	UFR3.exe
2224	UFR3.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
2224	UFR3.exe
2224	UFR3.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe
4428	CFPRO2.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2500	explorer.exe
Token: SeCreatePagefilePrivilege	2500	explorer.exe
Token: SeShutdownPrivilege	2500	explorer.exe
Token: SeCreatePagefilePrivilege	2500	explorer.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 2388	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	82
PID 3276 wrote to memory of 2388	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	82
PID 3276 wrote to memory of 2388	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	82
PID 3276 wrote to memory of 4428	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	83
PID 3276 wrote to memory of 4428	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	83
PID 3276 wrote to memory of 4428	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	83
PID 3276 wrote to memory of 2224	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	84
PID 3276 wrote to memory of 2224	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	84
PID 3276 wrote to memory of 2224	3276	0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe	84

C:\Users\Admin\AppData\Local\Temp\0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0035656d78ae0d0157e48d811db274a8_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Windows\SysWOW64\CFPRO1.exe
  "C:\Windows\system32\CFPRO1.exe"
  2⤵
  - Drops file in Drivers directory
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2388
- C:\Windows\SysWOW64\CFPRO2.exe
  "C:\Windows\system32\CFPRO2.exe"
  2⤵
  - Executes dropped EXE
  - Impair Defenses: Safe Mode Boot
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Windows\SysWOW64\UFR3.exe
  "C:\Windows\system32\UFR3.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2224

C:\Windows\explorer.exe
explorer.exe
1⤵
- Boot or Logon Autostart Execution: Active Setup
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
f73a59b5d8c2fad76fa059c5e1c2c188

SHA1
3d620eeb969bb5cebca23b49b9a2f9935aed7fd0

SHA256
872c6d694c3df59028d896f8a6704c7d91339dde4d71b3726082226dd9bfa053

SHA512
01a731e6600ac203c3093a429196c32714a572f54ce7f59660f0c6dab333e087b6368d15ff4fbd9a173e64067ee41c0f54025868b0a54c9503be31b481c71235

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
7419ffeae19fb8441e14a544604e6795

SHA1
6fb331bf5ab57ff539954897bd701af9838081b8

SHA256
63875643b8ed84e7b9520cb8c8173395c026fde00c523b7331662c9aaf52e289

SHA512
8c6ae546aa000ad651f63e2fb36d8238c7bc82b6eae4a1401d70503d3df57a382542e812f2e267ee12f4e69147837cef5c74e41d9bb7cfb86c02397098615fe2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
59a0f0a326518c4bba53042b861e00ae

SHA1
2aa4b5dca6ece372550eb098e3cca93188e5eea2

SHA256
67cb11a4605a26a3c90f42e996413c7804b9879e96df56cedcf3926c4c473794

SHA512
681df9504078ace5408256c0f1a1b0c5c4a953d6924e98b6111c3c76b25a98f84cea6360d4cdd109413dd89745bd3cd99d1fa53cf11c136abe2c8bf89bdf3b38

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
bd404047f7c6d55eef7dc564610f1fc2

SHA1
5f894c2c16fa10b9d67874ff172e3bfd19ae3da0

SHA256
ad55ecc2d43914b1e5df0166e8021ee91fabe5548a2c087165c36e7e3866aeba

SHA512
e2b57e1b91aa9c6e8eba6b069b141986cc8b635756ad87b840d134ab7cd95426437b2e259c687f30fe5b8c79f88bba7639415695c95247bb7d2efc2064950a63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
298a2415862acfd9078e218e362aa306

SHA1
eaf4e5622b75c45ddb0316f0e67db8633433fb20

SHA256
36980311ac9c9e5c1db82f957ba91fafce9d6e99215c11004342f3d5de31aacd

SHA512
c8c95534a6cd78014e98a22d9420b4f16b4425be9bea8c122a962597eb125aa2ff59854057e8d465f9271483754db14d36b06248093f24221e88086def9895c2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png.EnCiPhErEd

Filesize
445B

MD5
8feff06bd5ede6fefdfa2744220a9394

SHA1
9f630d26426c2303ad230464b31efcfe63676dd6

SHA256
7f10aef5232acdc8ca9305c718ee9402c2d62ac9b2ba6fcd3d6aa2efb8bb72ce

SHA512
c2a00d4fd08e7fee6aba9a460464db3349532b105a6e6aa42788fa6afff0c5dc02a4476523c1fabcdf9f5784717de03f9a621bd8dcecce7b8f23cef88bed132e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
eda7f8573bb5fd3894c69d59f368c7fd

SHA1
a89560c32f1ed2cd0ab28d72e87d3e41e226110f

SHA256
85778d8f6537e6a55a316bcfd8b06874d703679218a8e3ea3161ae621d676b8c

SHA512
4da3dd2808aab890b034bf13db51deed54ae331b6168b928ca6fd7e52f728c6fea383cbf8d309aff1a5c8e9349329167d931f463caf8da91902479cf29e6fe22

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
8f3155000a286d60031362b70324ef9c

SHA1
cc3839ee0318a1f6894d989fae1c03f5e30694ac

SHA256
67fd73a368833175204677a7eedcbe91531654ce4974522ba20e9591d72c3bd7

SHA512
e15bc707c37319faedcacaf0beabc072197a7d7e005b304b327d7f7c9c41e0a3fdb9528e360a1f83dae32293522b732e8f32133b2058649d4521c29099accf46

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png.EnCiPhErEd

Filesize
552B

MD5
2003e1566139ef00bec76b5f88df3b58

SHA1
aaf828d771e6ad469d08278193fe62ee1995d4b2

SHA256
1930f53bba46bd0a6e1f56ed66f9a4a96f2f7da869e6998afc6ed2fbed1edbc5

SHA512
93045358ec225bc311f97b2abd31edcf356feaea1a818c95fc1fa4cd335b5097053cb32027aa3f6c81ee2ebb9da018e173389a994057b0b58d016066cc6b2e9a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
3f6310e1580aacab4ca6534334a7829d

SHA1
e558eb9d6eb8ac5ac8127bbb3c805a97ce46b142

SHA256
04dcbd9182c86b1b82a256eb6784a84676be1b6c6c03949131cfbdc3e2d3a768

SHA512
b700cd1e6c7ba3b9ca5e3c45220ba7f90b5e6140fad9d3e68822e10e79a7049330f86bcb3934ffe26d12595aab9f97b47526a8856e8d8327324afbe675b5fe69

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
a3b26bb90c6e8f9f1e0c6f87c34c6df3

SHA1
07211e7e294e8ab94934d1c61cd8f89955d86292

SHA256
f95b311c12073de548b74a7027266b2b0bb0d02f07278753f474c902c9d46a34

SHA512
aef2e11cce88befef433371c50c0b7766e40f8dfd363c9e88dcbbf38524bb541fe3ac6f0be11aa6eb673b08e2d7d962bdd1b92a93d5d92a873cccc61cbb0ca9d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
6010a6b08a2c391e95559c92068c2acd

SHA1
6f0053af601264f94a0e2e2c3539df6226bf99c7

SHA256
98d9461b55e1259db09429d15f2938fcc0577227c2487ba2370aa5756e874c62

SHA512
1513b81ae941d31ddd62bea8ffbd0e9babff3ae5423abca4ab67723878abb02c0b259171e433f576dedbfeb64dd442a214c103180d3a168132b2c15ffbe30eeb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5708f4b93172963b174add49b956ec6c

SHA1
574d9b180ddfc715a20ba901cab821aa30b36899

SHA256
596c176ed611bbbc9295f43ebbaa7aa05fddf34a07935c4b1bf0bd03eec8f435

SHA512
ec2af5a3864899678bca625f610ff0aaf3f1d19fdac67291b118bd477455186af071f07742a6f016116ff981b0d46a6a903cd2f14867e1216cc69fb663abdb92

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
57d6d970534e770ef37d741cb364e9df

SHA1
67febb236b0519ae1ed88dfd1b025d0111fd94e8

SHA256
355f2ff181284c826af3ec62948243a2cfdd86ca23ab10a304eef9b71a340a0d

SHA512
2711b3838965bb3e1f073e86a7a45fc606797f86b654fe83d944ef3e0e544933c657ffd9b345bcb42fd1d8c56a470e7c57c27fc331bee900fb2e8ca4d0ece3f6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
2d46bb678342c389b82eb4cb46f115ae

SHA1
a9a3cf8b7e853af8da3be9b847b54c44dedb53e6

SHA256
710f34a07b45b8746b758c6b5ea58ca1bc7bdde9fbfb4473a8c7030dffb3f298

SHA512
15c39b1028e5f6ecf9de8e3bc5c2a206c1c4fddc8c906dd38ea17a91c9d2ec0b2a128a78d420616f9f397f564a1ecb19bfcd20a2d169e3e05e275773b76111c3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
59c5b879263a4bd1321b320f505b3544

SHA1
38bf2b3012504f1d484ceef92a92edb1667bf881

SHA256
52560d2787311c69648e838fa24b7369b6c1a434df9cb736cf2506e731eaf35a

SHA512
2ae671003699b25f827dce0a565504e4cec915742c54ceabd788c2024a3b3810ce73e36d5af9b0e0332cee7bd64c6194aea913ba350b1786d45b57175d865b62

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
a5212aa100c6bae85e8b035dd1d47a45

SHA1
8ff658fce429e6c84c070b9fa9a3410077f54238

SHA256
07ed78ec2dc8081b82fa995c36b91d5e9cadd60d38642b946a0cc85e9b0328e8

SHA512
fc2d976659ce485cb1008f4e62b4e06b04a4f6e589258833f363664e0e5afc62321190083b66de9e7b8ab549c1c46e563e22c121286b0f15edd7e5ba2d1596d3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
9b7389728968d3fad11da8923731254f

SHA1
babf3e1897bf15bb13bc22a139f6305b85885e17

SHA256
ac2573c4d65e9d59b3dfc73f2e211062483d752cefdb853c66e88399c81c28ff

SHA512
9217cf8bd32a11d6dc4027236aabc6e66c6085a362e7d7379d166d8721b4145a309dc11d30035b207fc6af207dd03ace29683825cbe1440e58d0c906752657bf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
40f03f3c907263e65901dff15460d6b4

SHA1
f44d97718924401e5996f8dea2e246bdbdbb04fa

SHA256
13914a0ae15df72fcf70fc1bd45163c49e2c39b09c555c993b51163ed086a86f

SHA512
128fdb93711243ed655e7f9b0c54e89993e42fd415aa3ade9a8029b6567756f56b0ccf65dee2acd07de32997662bcea37e21da2a7b3dfeeccc3b7baa8993e7ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
0b2632494f3ae56c5c338c1c08d756ef

SHA1
b1cac9fbfd2a8d35ab527799bab74a35c1f0cdc2

SHA256
4cebe9511757500b7b0e7518c638f3d5d4968777cbd0b289c4f54c141d3136ad

SHA512
7565be857b4ab5662f3ea3ace89777be51e2437cb1e9dcaffd25cd134c0b9fecb0e91fb43a258da2cc117108cca785b9fe375a23fcda692644e799529e939fc1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
2b6cc86e39cca7658666c92552c46443

SHA1
7ca18cfaae38cd3ce38d811527efa3251c77ce88

SHA256
16b980327aa7076fbd66de545f83d943e30e48efe2329f316d72e731ac1b5f37

SHA512
6f1a41f5854a01abe67a12a9473df761161f8baea2520c1130406fb5d0a226e850adac72127f97f2cd0971fa4ddafbdd219abdc63a5288eaabc799566fa27e8b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
1ab3bc48510385b7ecf01b1ab99c19a3

SHA1
361d9ff110849acfc41f034fe1c7109d6db58de7

SHA256
3225a74a939e7d6d835333a79521c364489168678b1433027f2723336ccf9bb0

SHA512
788de676a7e3ce067d7192513a367ade07750dcec3871fad7dd996d4996408d0e0e0aa2fa6c7cb8bf21509dfa031b0b2c2839a5607ab67159d9f88cf795e8c34

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\progress.gif

Filesize
19KB

MD5
5e519e3bdde55c127b3d23f2dee4f7ab

SHA1
84cac10c62f81d9422ecb6950d039a2cebe56e5c

SHA256
df99e195903f233cb930e6d9e8e5a579d4c6b945c4a189d99acf7aa053004548

SHA512
62ea98e03ec0e5bf7d257789022ad34b26fca8712c0d1e3e591599165aab7c8482b6c2a5c06608ee7625dafa21b70a49deb11e0a4d3cc79a25d71d7c3077ed24

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
de137fba8621510d9dae9ef664264a65

SHA1
6a13bfa12739422a9c8492b6beee672a520e11d3

SHA256
76ee584d9bc8ec43ff7b52614462cbc1dbe19faaa2a6fe6c5566dfb84bcf64f9

SHA512
5e3a628716093362703966081da1800f38946545427214a0c7f829faea1abe5aa94fc1f32892a9bc93041f3167bc0de2ad1f19a199a8c1e8bbe83cc82589dda3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
518b1a0cc7d93b120074dd8bd06e82b0

SHA1
a16236629434df2abe1f66524cd937676ced731b

SHA256
d76772d880ea4dae7e69587082c8fa077b29506ffb11088689f0dde94cec0799

SHA512
1a2e19a418315dbd0e82434a659fac3d507f52c6e8268cb4f7f1755f5a4de6d73a5a0b133fe7f1815b3eb93b0e1a524d411956116fb5d5b787277dae2faca341

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
7c422c981d28229da640bd2fbe355fb2

SHA1
5434fb1b775333d8df07f2fff050d6400ea9db0e

SHA256
83e74ac9b49a1b3b1df7f8934e486e9b4414ac4dba7cbb7c5f7269d984806488

SHA512
9922060298fad81754ac1dc868fa18c60b70dc3b13c5c8b3007696352a342a43df0ea1ce2c90f7b5e99f66fcec482ca46d1b378d4d71a37be57fcb3e044ba534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
e666b2d988e6bfd1f8af6f70736ecc3f

SHA1
398d95d29421dab1bad4028a508b9fa74720f50f

SHA256
40b0f7ab332fbe0eb4c1ed887ad59f60068bfa1b48d7f3b09689930ef91e3438

SHA512
04d8b7c778cd3e9c038c0923ecef8d468fcc18d2b3e8146ed86aaff30f7b4b464a1046b7ff71e26d201acf21764764f248f85ee82eb7aa25c87db1ef18211495

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
164ed6e3fa34a88a8da534c974071462

SHA1
101f6b28d6377e8c60a9db65764fe0f1b81e3f79

SHA256
2bbf1f3fda8795d5e139dbb343ffe9c8d394b25f3aceea2c4932cceede81f016

SHA512
5b04dab344e535530017cf566bb1093b1bfb40b0c3e12a8b6c8441ed71cc9af772cf87cb91051a7e02a1bfb828d82083268f0408b519ee6d3b111736b8991276

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
deed2e2fe5ee37edb39bdfce3457b926

SHA1
3bf224bdcb8557eeaebcccad8ecfede356f46ec7

SHA256
f5eb75811e734f7d45e7e8a4c3d3921b207a536fc92b761f00ad1b86c4ddc015

SHA512
483988e110fd261395a4540e2e3a2742cd8eed5e9beebfd19da977686a4522555b2408fdafba757c0a76329c6828a43935bee547e10361c4ddac76b3395589da

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
bedd415568d0042b59dc4c6892c552cf

SHA1
dc53796895e07b88e4227fc53844e7902922d173

SHA256
e883fd87d648f61d5852f99dd84f689f037dc6fbf4f39753dea1f4380a371cf8

SHA512
0fc90db4b2e9c8b735b6c170475b956fcede121b74daabd73c9947209bfda95c4a7e29ebebb599002475dce4ecfc30e55839c7fde7d5fa66313a5922b40719e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
70de4d9de68326771a132fc2431c14a2

SHA1
309d8f8dbe5ba9362017129708c27e9a47361a8e

SHA256
820391e1e6be6735c71973f4767dacd5e7391694c67f24133f781f20431b2761

SHA512
3f6aa8857de6a283d40070e753a8f271d28063bd40bc5fe5b005ac3d678b0203a8f53bb67b0fe35e6292b11158ee927a59eca4323058949a9a39bb8c0d040463

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
5217536ff9d71b2291cc66299e802f0c

SHA1
152ecfc5feb0aa75c5bba5c7f33439b3adcc6425

SHA256
2e05198f5229d6a65cb6cd9014cdb01657348ce01aba81c59c2e7da548d60177

SHA512
7632f37ffbf61b775aa6a9cb3c94ffaa2e7549e451aa4512ae0244115a33d54005b14be77c8644e05f0b09f320127dc486f55cbc154c96612fcb8122a966fe9b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
00b07b7e12a2a880a7d088acaef006ce

SHA1
17c26a5e9e3ca206aa1ac56ae453ff7710650157

SHA256
9d4286a606761b35b480b974b65244d44d53125cb3bd65da42b483bc2713ea25

SHA512
2201e8d0eafa4b88c86bb239bc835bf7a79cb22b467be6ffeb7248da4d388f389b8c8a9d2bb472959d6430f190a7e909f1bc0db781a1da95b80b5d77d67765ee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
57483447a467eb9d9185b9afed894dd1

SHA1
5f3e7483f8b57fe7af8654986fd075290d107301

SHA256
8ccfe44da1f7fdf09038c5bd2ce36edc2867e14eb5807ba31a69179be8168d98

SHA512
b25423e66babfe2a83dd5f2fa4d8e7eb3549eb16d1a2573297d798c14c45bd717442a37d05e843cf29b4cbfcbf209283bda5cff1fe9e32db9a4b032e55f82afe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
cb5f76e62071103471c5a2e4d53cda8a

SHA1
263b6194c8e9738002c2593f1ca3a6319142acf1

SHA256
603e9fdbb578346cdcf1ffa9720c6386f86c7720838c466431e910484378351a

SHA512
20a035cdf13085ba5861d18ab7ce44108719a4066e9a056cd43f44b0c6b55502499c00ce50d569a1075f35cebac54913dd40efb0196e6c0afe5e06c06a6908db

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
7ec3b90bf979ac7f122d9fd08661c4f1

SHA1
15c9b005dea618b4e18b6a7c98f69750f7e00851

SHA256
44473ccc78cd0c5b5df20f3c5229b8cbd567e50172f72a937563db68d49f0818

SHA512
6f1be17190e1c56c70aaf1b0270246caf3f11d707332637b493a95b82933acacaf7bb01c4c8a5a316a170fa9e1f4c8ffcc44ae689c99b4adf4cf2dfacaa2ffdf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
86b0cdf0f29d9ea72ec58245a46b3e79

SHA1
2ff72aa72d8e79f1dac4e31720a48c2ff57a7ce4

SHA256
edbc6f6f95d16ad8a1ad37324fa0136d8f58fdb4f1a2c60fc5c2602c821f4fab

SHA512
a20950ad51c167eb039678b53d9ebd4aa9191f6cf6a77bc3abf752bb052511ff1e9c814faaedbd5769baf5e3f6f8d96df8fe3a10d3bd763f6061f591044fb38b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
1cc07c9c2d197d6eb3415878d6fc5c67

SHA1
877b6f9c2378e2c50e2003aa1da622358e348b6e

SHA256
339ae3f763bbff4b584e9ca1f94acff34fc335ec8fba9f6d2de934276888472f

SHA512
76394c4070bc8564aac4c58afff3592edb23e0ef1c0f4a92f40538148d797fc1e4d3de023dee636c2545fee6500bd51ac76ba3b6edb20d31be2aa71722508884

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
c4027eb51b3f0c0b7b03b7dbc052a045

SHA1
9ae007d3aff2e46d947f546728a5ee77016c0c1b

SHA256
44a656a7bbf853c91b540c56d3bbf5cc5bb9c99973bfece4f8b8f79e867b186f

SHA512
7a9129e81dc59a1b151382693c176ebe662efa2fbdcaa707801229c9c621b08e62fe22e72f5c6446fc6556d0a0a793ebcdea378c0ea402ddca9d420f063de924

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
235B

MD5
9feb1455340d290218f9648b4a66557c

SHA1
d1910d37f00b1ab39a81d37e7336c7e4f1e099d3

SHA256
fd03b7d7add2462565049b19c114b2c11c9c35cf7bd564dea4658473e37fb79b

SHA512
3ee3e79e6b949f8b45529947b496d1efa536f0cb45305a79c261cfad822cdaa861505d52ed1e7b496aefa2baf599650c507bf5efa983dc1ac51175a7ace77f48

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
8f306b7a12136570ed7769773b38ca80

SHA1
26b1a88536af7eb42f16d941f327ad33d2bf5c18

SHA256
31313d699fb77377ed622a54d0f9a44014a26f41e95d9464e64e39575936b764

SHA512
503692cdb634d6c45c357bd4487d57accff4bfb5b066682267d14750d1ee89a27bd575592ee3fe70dacbad384cb8496851ec54e3e08eb52b2135e692da766b31

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
6ca342fede4310cccde197b64473e159

SHA1
eff1a6d003f30588093b2f8ef1be35d2f211c702

SHA256
a12da2d1a2c84c05373b82da7605e9ff4a86f453ae9eba2d58603b59b7d99e20

SHA512
c8f94811b4b08d454177ac3f3822d13842211607e96fd188b4e52a05cb6499cc69cda18f579a937a28469fc7520450d0dc0316d66fc20f7891075f996f2334a3

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
b2f5df66aa6dc6c07afd2d15c84d1279

SHA1
fb3fba765dd4776df694c2bdd2d6b688116b57a2

SHA256
05701a1cbc19769091473fb4d034f05d821e78189099aa0c2ac658abe35786bb

SHA512
2a35877c1d2a50ce7066263ce469d1ae51def1fdd16122451e025f08c2e1f9ae4153636451dfe31bc2260a092c63f1b1e864cc5ef742b4f774983b378eb3f468

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
fd50657d7ac153a74c0d90a151d4cbcb

SHA1
84461c5465f5fd521bff095b1229993ee6343de7

SHA256
e17c6ccb2fe0f1c55e9ea0762d630bdbb15a5db0abdae065d4f8eaae355e0887

SHA512
3c2438ba229a7ee593d744b48c78d4d89b2acfba5486990eef0dd58b1bf53d6d8564f2272dc4a7114b08fd8e235db326a58db88111d9f0571e12a80f2d0754a3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
829ffbd85e9d06a38883a51d680532cd

SHA1
2fee75b395132e3eadccd2742c32556e20430572

SHA256
d539d9997ba85cc7628d33f599dad99609f54ac1548674848f8b94f8c5f8f29d

SHA512
b13f733817d13255cf1e50dc51bdc11d63a888e79b6de6a5d39f0f2859d27a2ae3f83ebbf6429009db078b48bb3f3a116d586c93c5129ee08b94a89b5190cdac

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
e5cd618a00449a826fe93e6042e781a2

SHA1
2236defe451f2dae6cd896b7e762826c16b53d2e

SHA256
186b4c82746c001992db7938474649dab541de78a60a8ceab9f57bc27493936a

SHA512
a62a44177879c9993a1f15f14026c7e5a3d6e834fcc7b13bda4217cb134561236c23089bf9792d0e6ce9ce386d0bb6ce99957c303a0805e67778c5ed5adb1092

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
9e5f1cdbee99a7b5e5d685f8b8efa78c

SHA1
86cec91279d22f42d5483505ea328b6a73542c99

SHA256
625d024841657f39fe36afef52d890d99f41f7dc02c2c0336a4210236446fa2f

SHA512
adea825f46a65a10d9f72d6a17d2f6ea38f28c98cf67c5e2d705b1e467a3f558d2be3a3681a8d84c4c680dee4855fce3b3f99796cbda321b833d219c0af036cd

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
b786cba40da0935f49faa776f2b5b5b5

SHA1
fe4efab6a58bf752411a4a4627d4d2d1f9f9f65b

SHA256
bde4c2f8fe56ab59102bd4e88dc5ce6d01f623de1cd66777e9e7112025587cbf

SHA512
569bd812368154f49fc858b4d15aa124b885b955a296aebbd0866e9c9572d45ae3faf2fe4b3261b8c27fbb27742d38f031fa5e3026841973ffa7ebb9c1a3098a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
b0fb1eb47a2c74b379eb2323265bfdae

SHA1
aa4263f86b28be7edbad438439fc09a2cecba6c9

SHA256
d88722fad14f3f5904b6b283b7f6ab26cb3423ab2298f1bbd12a116b7b312ac6

SHA512
0cfed14c687f400f52fc4b28eaa81775213caf46973e96d18d4098f44270a0cc5594870ead3b263bbca45d8fb913239bb61cddf41cf9b3ed148d465fa733d4a0

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
1e9bdaca5f5464878eeef2aaa6aa9f64

SHA1
cf783953db737354618f43e72af97f4adc923010

SHA256
bb68c758581497b4420007aa7c457a632f052851030939236076e471efc9644b

SHA512
ad54a5a9a08277e1a457c0c77f5d83ad70a05d6f0271ac01a9b8c42e10fed68cff6aa358a5a79b06608524cebfc0043aab82979e9f4cd6e4bc9f29ea5aae0894

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
5e4e663a36c280945004c3fa5271e14e

SHA1
cd9648f755c83e734774e90a17d227b635992670

SHA256
595dc88312d06f235faf671b86d61138a639c0185ed7e00d3958523dae6ff0d6

SHA512
4903d9082251179d72a13e413bff71cbb5862bbe0279e2c40993cb2ff798431201c7ca258e7d6e137a8417eafc852d00e5ca6012daa9a6504f01b78166f7170a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
6c8993bd3efd5adcb08c0d53cf407303

SHA1
88383d6ae33bd48bd7d215c227d860cb93d2b9a6

SHA256
42b68bea302c78c3d56393225f180de8211d33733cf55e8e7e8df137f487adfc

SHA512
de8564a59f19494710221d1f4aeb78c3efdfc8204ab22a8e593cd6912c9866fe8444b6de7d575a4a5c516b3c32851ba9880f59cbf2cb5dcb8dffeaf6ba851a9d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
fb1ef9be9d8104b4e70ecccee97d49b9

SHA1
4071af26d6ba937d651fbf508179272083560cb4

SHA256
dd5bc67c0b112e265fd59d3e02ff11c2952f2bf839027ce6774a155d673aeee3

SHA512
1817c776ca3b3ead044b133240038aecf2f80aa6191993eee95f2d72e10a49f42099329d1f9b6c61e2c0797b5aa7c0b8e6a060c59e9ed6e15169cf3d0c99d9a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
ad1cb8a75d777545b5a9cce303b45705

SHA1
eec7b72d2838cb5a18a19a5b33ca32f8b4fa947d

SHA256
e7e8d290fc49a4c3a88714ad9bec3c06deb59c7f9e41485cfad9f027a7b0374e

SHA512
32cd5dbe967d87521d6b6df7c788c597a463ece6897c98b7aa42abb80b8aef12763f87670cf428cd7f4426235bd473cc8e648bd3f14a849985359afc8c2f1e2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
aaf6ec207576be8690fc5192d5c8c059

SHA1
eab9525590d9e924979be08dce922978ae3181f7

SHA256
cb10d92046934f71070d96867b6e15c910b5cf4c92f7e2974a30175a3697c13d

SHA512
021a937ef13812360760afba40bf0d4352f0932e6a98fdb9c936445670d7e08daccd40f439d50b8742b99abec2aff9d805702a44bc0eec909509f3b02b102a7c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
2ac7e81ab6b3f90e98d09406645279f6

SHA1
bf1977357bcdcd42c163b636fd58915e08722c76

SHA256
04e966b5f000c83a3194cf1311adf544e85f442933c58352eafa5826f151d5b8

SHA512
107abe35b57b516f6259160424ee42b2d8e9eb1a914a9740bde41cc967b28f1203a2b7e7cff393ff536aeffb20c7a18108a4e15f035d1f6b124110af8474154e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
000d3b866a2a0b3383f138b232c08ff6

SHA1
0e539edb5133b3d42f3c6191a687607821551823

SHA256
bfb5a6352e15d8e0c02584ae7391c8e3dab88f7354f707b1dedaf65d82076a0f

SHA512
50bde026f1f86462466f7fc2dcbcac7eb770b63ce791d165887bccca86f7952a5aa59890ce83e6049711504f5655eb78133a8e607748606db7ab62f0494f6e90

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
05b84b393533fda13fa1134a99b67a9b

SHA1
d471341597a8b4c91bd3caf45c9a78c933d639f9

SHA256
57d6f4b2c52176be5ee9edec879b30f865925886adf2068683c8a720397bf607

SHA512
8fa2bc8c751a05b4711a1bf9edc4fd90e16e33d095879588312bc2088803f3cc59ac64b81cb866549e5c4c463e29bf006267562db28aea87fcbc4d64e06bda68

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
3c3f54507be17ee95fe25b3e42fb7da1

SHA1
c4022f0fae0f1549c6e4483aa6ab42c7613286dc

SHA256
64d3236fd04cf0719ce5f9dde7520dfcf1c3cce23113962bcb40d3862fb14fb9

SHA512
d4b86c88d3405371bee56836d2f5a99f9993e0f5cb659af64ce0defea5d71b97dbb63d9a262b05c684d73a02c3712fc3f5165949722852fc3b8ed4afa3db6769

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
ea181d8dbc670de8894120519be3d6af

SHA1
4bcd2ad505046f91588dff143c1e9ea8d4120996

SHA256
8c02e79214ec87908b08e109df64d832ceb12e399d4ee3918c6b75bd8557131c

SHA512
c52d0ca377fa6023931dbea8a6bcb449713d8140fa14c610138716671575323d9f287d25e30247baca44852a4085d181f6359487018b2ba26b1b91021dc916f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
34c4f9162cb3a8376f938cc4047b9bb6

SHA1
3b93330e3cde74ef40372d6eb6bd7b55a6d72695

SHA256
a5eeb8ea402e4fbfc690635d8bc6b3977fded017cd522b1b4eb91bfa35649dc5

SHA512
d10184c6033bc39f3a13281cd64ca10ac293bf0e2d72e0c18c78a7117598ef521328e1676f1b0a338bb285c7ecce598558aeed8954d58280f2ecf820f5798537

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
45e6b6b7af3236a4d0704868341ea67f

SHA1
b02049ce81058e6e9db88210c3fe0fa5986f0645

SHA256
73bd5c0be20e13172800621588604fc6600330cfafef791f3b5a3d8d154a182e

SHA512
8434a3204ebf07260fa737965e0ec495b878a2c7fd5f6204f96706e75dd718409bedeb3e4f88955037100aff492bbd94a448f6094978cd4ccd4e5652e8a4e597

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
9c082f274a081b5621d9220279402f8d

SHA1
dcc2ae143dd69e9be6eea82a956793a8654a2b49

SHA256
a789180e27d0480b15dc78b7021e1ad16462c3c9feb76eadcf096a38ffc9112b

SHA512
4c2d32430e010a2b06a0f63fd3ce23dab3009327fc0d8ec33e3c75075f882235a7dda5b3fb23c2a4d50320e08a25218aff83642ddbe7875a558af4170269c776

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
58388219827b332c55d9183424970ece

SHA1
4b2cc2831ac41c3439edf7ff10220123ab74feeb

SHA256
91f51c95cf3f00fb5a80c82cda9937398f690af11ccdf829ffc2cade33ee8131

SHA512
5996097fa0a4b85cc99d4ecf83d185d019426ce0f220a30c0c815618c4a7be3c1112c6d9940e50f5d9c68441792b82053f89d161755a6c37a7bbf998781f855b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
921b162f961e2f9030fd8ca823a6fb01

SHA1
29ebab884ac3b9eb554b072083fa6ccfcb242b70

SHA256
5d5020c3b4de6cf65ce7b125e1acc1c549ef30945ae92f4ce9cbbfa3a25ace5e

SHA512
84cf56ecbdac690de7e043d88eff234f3c119eb29274668c0ec589248908fee379130562035df7da9e42ff2b4d287f8ca4fe7503c9e5f044079d62e956b73790

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
e139fbb133312aa61ebe9dd0cdc72816

SHA1
3ee14d9a623c42050b1a7d6a0ea8d3e70a5e1c23

SHA256
9d1dcf2dc3f9bea0b9aad306c6c03793ea3a7da5af7768ef533a30b779961af8

SHA512
c72cce24db500647ea68829e5b240412b5f0c78f04ea5d0a0f078a7451517fdbe778df553a8e1d83563705dee278eb84d62becf76c8646f70ce0ce04d4ce7891

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
880b1cec6581223bb2c0b8c887b53c66

SHA1
d1c3221ae27227dab1a8671c9cdf5bda8a5d4896

SHA256
318b05a4e90d70c29af40b2be3cb59d219625ccd4a982f52aa0ddd6a1853134e

SHA512
2ee8dfc11daf918e80a36c56fcf3f534a2a124c80f73631ce7e0d83dbe25c4f459373a00293ad81b41c024a72dc1845222bad477aa69bbc3bff414599d16f6bf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
c95475dada8744fe5cf01785b7f0b257

SHA1
929959ff291232a582c148b60bcb92ea57e029b8

SHA256
627b73aec2bd6a1493f81a605f4756a9fab7b3831418ef0a027aa922044da272

SHA512
5d60f74fc73bd74f7a0a28c33772018e11598a97198d7ee4dd94969f1a664ba024aafce8f4c2f00c50a99ea6bb8a8e3138cb4f1cca310ae1f68690563a7b175d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
f0948af68a6397bd81f93073b983fe1b

SHA1
d4b98df86e77c8445effc3386a0851c7eddd7017

SHA256
69447adca01aacd3f59e62ae21afe082ee19e07fa862e6964f8971d9316eeb54

SHA512
9b52c79ceaccc04c1e22cc8dead082b3508fbed4c99e2fcf3232c970d4bc8bebe94eaea2fe295b62b6a2dd2523a7d2ff0164e0b11ce3df59a3b26f86d311d786

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
e4399f0505b82f001d71b9b161b80b2a

SHA1
2b2a0eb0b85d7808fc00a113051d23e2d60d965a

SHA256
a70ef1b4dba4c3b3f2e4b2c88d27a446c8a42f69d633f95a35f0bc67a1c8e350

SHA512
1ddec863a6ad5f694efc125dbb53464d6d0f98d311fe605d4cf1dc7ce55b23dd3d80bc9e976408db27ee2a891bbc3957d5b6a6b98f36f80ec3a7f16a8194891f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
b62b86e5150214afe6c33fe2f8db96ee

SHA1
37369802bcb7e08c786b3473a86fed0ae2f91d46

SHA256
3ef3f36c7095f339894d12d56ba7f436ffa5504890d500c4d213c15d34393fec

SHA512
bf9f07a348e22730d74fe168802021435f2a30be445fcd789766ede60efb2089fe49f5adb7e87b3d22ec3e5295b2d3d733c5293f35cc9ce7e906fe7ffe120f71

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
c211c624f93ca7b389a7b83d1a642305

SHA1
918c7e7cefc2e497a4c63f59ef5ade559b86411e

SHA256
3f1c1194e79dd30cb2b7a6c985eac5630439afe364f5eaef63f7a3b92718a1b2

SHA512
7ea9d35f317cf740c2e8d3a0901dc2e553bb4a6dbf334d828efd8407161a125f0bf3fb970565b11cf170a9710798f6e65b11edb31953b214265f96b4fbd7c80c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
72850e6675ff530059c67243bd20b9fc

SHA1
d9f68309bf4c000874d01384b8b3a9a40115494d

SHA256
0823585eb85ce538cfc0bd7f8f17f2cdefd954249597b2d131659565c69382e6

SHA512
69effe5a27b884ce83ab703b6e371815b8a14847bfdcb01d7d1d4e8cd82e5bcb4cfed01aa38abb49a1a33c272091d2a61ada12eed6ecd35984323a62cb6aabe6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
1f44d7494274c70af677956f4de6e9e3

SHA1
203b6712f27e34597fd7bb63437fc6abeeac3720

SHA256
489b10740df9677b2ab567b4ed5aa5536480f9f22e69633839272f68a8cc2be4

SHA512
7348aaceaa2e490a3b741b44dfb01fc85ea10ff25bb05f111c9cd07d1a6e37be3a415c82b8a323ebaac6f5665d82b240982ea755c607094f33d02b1621d8e792

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
06ce6455640100d8c1dc365d71bed821

SHA1
7ff2fc57fbf616422bd2c9e87a3d3e33f2587c59

SHA256
473bc32b65ad389e01776912804c5e99de5708d6178f2797c27cf7ba528663de

SHA512
a1e5da8016f50ad11e1bce6138415ad69ddc84c2012a7335d84b100602bce53a655bbae265b13df669c912aadb6d09b4700a688e3243c4ff765fc83fa6cb8548

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
346380eb5fbe32eed005070c0612fbf4

SHA1
4b94fea3f9dbdff112f07c02735fce75e458278d

SHA256
abdcd934d7295b71fc13a57c9b89e5331e1aea10c18ae0d2c750bdd858fa3646

SHA512
3e6857661a8236093faea1365d5d9b09030925d8f288fceaefd473bbccf177f5f5905dfb12e376539c481cd8d0e7e295ddc5f21f76d3636503e4c4e9eba8293e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
28c640c8f68d681ce8058b0da465a244

SHA1
c748c9fb04fb1bc76077d1dd3e43c38c40738cda

SHA256
728d82eec316c44b8d4de84701eb0aac980fd774e949009eeafaed5d6107d174

SHA512
14113734ce9f1cffbfe5b9caec0ecd653ffb8607581b00b374fcf0f51e4c49607a3d34e9c62719f8e24884f1a1d3d32d698cda52fabdda79fc46e40c48b64481

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
c3897bd2fcf72cce7f5ea997b421144b

SHA1
d2de9a17967f9aa6cc897d7230fc54d4d7ecf020

SHA256
fb7637c45c5995b64cc6bb105bd2dd2c9e1db7e8377c0b15254fb14d4d63d8bd

SHA512
e300124f02f8d1a0311861304a3795407ee568d0a32fb6d20f72bcc25f6b912612b8902413cfbab728bec7e742b914f6f123e8b89fb6a2ddf71449dde18270c6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
2233d675e7570b05fdc40b01ca7636f1

SHA1
7bcdd5fc7235653c34cfc4d5852323c1a9df10d4

SHA256
d8526b03bd3a1d7849c7d968f339899689cf670bf2af539d8dcae795c82587bb

SHA512
0e68816dd93b5369e8c89bfb9790fb2c1547b023e8b830de78325fcf9d4d74a7889934ff549b69c667d4b43f869db2a3a8da5465be69db96611de286208c2b61

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
579da166fa819148e418b05adfd3ae5b

SHA1
6cef75c04b369e6240234e4591d2f9a542d6d4b0

SHA256
d4671e33ebebefa052a6ea755369a8e1f7b8b49c711b60403e2aedb932f9bf87

SHA512
ad1a2434431370922893fef6d1f4a25b183b136c161ec405800927c145a014f688fff149319e352d0cd08a3a9cd3653e980d56430d4039d359bb4297a1a85ebc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c71eedba8ede06f04d3ff4fda6c725f4

SHA1
f8312385972f0594d9c99b4e56e28fa1806e8f8c

SHA256
fd17cbb4cd6854156467744fc01e7d4fb6fa04804bdfc1df281259eca599b304

SHA512
ae307877ee7ec4161a925efc6ed5062a2505e25d19fcd84465b5a439c338c2166ce2d6dc3cdef3f6b43e2d3dcf0c211771107153a52a43083fd47948f7c7482e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
9df3988c8c47f10aff4aba6304c134e7

SHA1
9399b06062d6b2d5638af0a9b83623530a6012b6

SHA256
0310190ea03c5495fdd75bdaddc1b847f9399e995f28438f11ca517418be1ce0

SHA512
00fde5c2f487a1a45890d9b82598f6500da7c048779c467a9e9201fa805e3aeb50883b4dcce01bc1dca5e5379d52ce7f3c492efd9863ba17f26787e8b87192af

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
9e0b3087cb33c64a199d29e9e26b13a4

SHA1
2a73cf18273dde0aeb29f1bf432259ace52e9d4d

SHA256
a632d5da24fdc1d65bf486f5a1dc5519c14d8cd289615547b13bc0290a3d736f

SHA512
b4c184f6e275c428cf005d8a1d5b8413ded379cdd52cf0455f575170843e0e0c2f653c9c102a75dad9ceef9dd290f1ecf7e8e67458774f3b2fa2bb9d1f1e0798

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
613930f3efb3609a8e138c45fe3068ad

SHA1
ed52ab96aaf59205bcc7ea30bd86f2e67c7cb5d8

SHA256
57d86def6e02e9c34038538968b2ee8c9f19f5e9bc4460cc0f6ff6fc423da7b7

SHA512
da6953e42360762834373d735277bf93f0105073feb9d58fad2e772bd903f1639c5550e6433544d8ec37a06dc2e50768d1f1d1484c18911bbf427f5777611567

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
45c3ee955a1ee918a905c8c0ee28c141

SHA1
a404457adaae37a0d28c4febf32c6613c81b739d

SHA256
34939a8ad31ff97229e90a460530098de0957e2a1506819aea87b6df115ad024

SHA512
b59a8180489031cd567c564c719ef30dfeddc3e8c262eb36a2dfb6940576b48f736a9d6042a01ad2f113b4d3dbb7e9103ea5e61c4a870c724b86838268189d71

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753844819229.txt

Filesize
77KB

MD5
247b5ddee87ee6e26008eb99f922407e

SHA1
0b451ebf2efedd03b513367471c6d19ad866d8bb

SHA256
661f1feb874e4872895917f9d2689fe1630df834a33cfd4ed551d76820a1df17

SHA512
c584fe02ad27ca8bac524eefe053eab26394d8748016f0a287e15d51ea6c11e7e9c38ed0030fa07c1da35a91f05e7838e77fe8432c64687b078305565b09239c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754404913880.txt

Filesize
47KB

MD5
3b8e8b7fa8c414fe145209ae22445a22

SHA1
f0b48ef66a9bbb02a52978934c3f246277819fb6

SHA256
0e7b9d8788b13f03271364ccdb519dd84710e3dbed087eeea846ffb80e64441f

SHA512
ff856ff7838fd670cd2eca5978c9c3e560f77a65091fc6a03e46e7c1774c25f1a13df36c2c78715bef106d982783f7cb0df5d1a06cb2a82504d9631ce4f318ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761474704088.txt

Filesize
63KB

MD5
52a042b4143d6249f581beef482591b5

SHA1
857e5b44ebfd0398e7fea70403a3d5867e1bb155

SHA256
781b25b458736373346bfa5f0b8712a344ff55bbb7eb786210bd53891e2133a8

SHA512
6b7886b6e894a114c03c698ae119824d1cbbc0d401f56ce39756d0304177b55b1461cba86a05f45af69e8412ce71dbb8b0ffe909a2d74a43ea808c0fe292fdf9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764101374726.txt

Filesize
74KB

MD5
2da31e9bb84b209707ce56dc28570edc

SHA1
8351f4c96b624695e536789b9f6664daf29c689a

SHA256
880128d5d2942f6dd4d24933a7bd7cf8e22bbffa60cb40ac56ce074243854256

SHA512
c0a6a0e787f2858f36828867a642a3ec25b7884a58be206cdc9153a112d27bafcec635da7f3be2c36e1283a5185adb693ff8929244be09ff0ba0d3766b28225b

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
c10e5e9667944c5493efe882834af4cf

SHA1
634ede8624bb2f07b278d714fcfe16b145f596c5

SHA256
e0dc53054c335431b2cf2b578889c4bd0c3dac32d7a8536d2ce47915acfe8aef

SHA512
af7bd0f503d4f2d5814ba1cb2e6ee1a94ff1b888a26b071e598666174d57f3dad631487cd89cdc4bb8170dd5d5900797fdd13d3c2f29a8c0bd3c062d61396bcf

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6f1cd2e0ed96f87768e66fb5c9ae2e2e

SHA1
429b8dd6696930fb78f18e0360d0ec6eac132a9c

SHA256
6b8d2bbd3237090f6fcf96144940773b832c211baf8b0f2461c24963dafbc226

SHA512
f681b555ce090ee198aaeca279e12ec4cf255f18d39f920a8c4a68f177168fb6b30354210c042670c74ac762059c7f5adabf156f51df1ed39b4cfde27c9d6f34

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a3d52731f4472e7bcb401914b8f3820b

SHA1
9da2a69641f7b65221002177beae0641d9307ee3

SHA256
8bd3b9eef858ee26b119c6eadc96146d8af5dcee9c32b8d2ccb28ea54d6cb94f

SHA512
33b07d68b2f8a8d8e69ca01e96164b2ae6243df17fbb2e8ad7be36d7ed281444911144e053add81c25d334407121bbabce5fd3c94b1f0dc88070dbc7409990db

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
054f68f4dd5a7b28ecdbebc8526c4a31

SHA1
f73c1141ee17e582bebf440c40e3f6f7dc05a14f

SHA256
b2e217292d7cc65f0a077df4bed3b8dc87b2fd8dde9035b27d0e6ea12b56d304

SHA512
84a4dad2bcbedd9b2ed4d5f6843eed5f15ea0d95f4823ecb6f26e60dcd0b6839d3809ca3d9e59e4f950df82f8388b16347bc46fb7c392537bed0296084d719d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
6cdc29699a0cb67372379806633a2ea2

SHA1
e46f98e2c56dcd7ed633d3e5145bb2d94359d3de

SHA256
3d41fd44bdbe9bc05c7ba04f9871913c294568301f73b14c5619aa88feb24be6

SHA512
0d52174a185eadf85b4c102f2302fa23c5c8faab1a8bafc0bfaf309f5df3cd6d21dd226f80669657564a1fbe974475f43ae531f6882ab7a97ee099a20fa5f271

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
8e6eb7c867fc48addaced594c28557d7

SHA1
f2f84a869fa8fb05490de874da2d5a50c385b625

SHA256
8e4104b37db7b63c123ec4b5155b27306ad4f7ba33dd207882bf3e89f49f5c9c

SHA512
ad99059f77879b2a3ebcfd884d3f3273d5a29eedc293fa4b6e792243d79c992c83ffff0be55f48d9234023498b1a37a4da25ab95d9768144eebc3deaccde9648

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
355268aef06aadc01743a56b14df1a6c

SHA1
15af0e57dd6f188d8cbd90b4c6de54813a5d0b5a

SHA256
891e82f8c50547ac0aee4ac662639a76d999aa21c616bc6a845d742e0bf9b0f4

SHA512
adcf8dc0035c85d9cc6032ffc3c06b1294606524ebce4e0ca01b3dae70bf51232c455104bcd107e7975d42e28f1f2116311aae8ca8f307a4a4364c0560011005

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
2be3424cd8e5a5106b00840d619244a9

SHA1
2e60e346b2ab9bf8168df86baa9ce2ff9b59216d

SHA256
afc230c0606e68e76ad7a0e8dffec31fd673b7d09f309bfbd0723f5eea40d18d

SHA512
459ce0b27b8e523870a96151ad55a0dd72d8cebac662e3b296cc2f94f670930f7cd2ced7271af2a6362021d138f124cba73c0efd9d7e65f7d7fcf489119b15ac

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
27beac51de6b36d8f4005306cd49517e

SHA1
48345c88b15d75c0713f90a422f4a25d52fc2a91

SHA256
d3f2e2a421de7ac0c35b966b62017c5ff3e5b0f50ca9d04ecac050eb07ae2baa

SHA512
5b641388fb34d20880dccf358e61e304495296a69be482b12d1e415aee56b7e8ab4ecb0213c5e4f6bb14b2b6f26fef09938897290c40411111671fb35e47a435

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
f0cb178dfe919b771be11e8b37d3682f

SHA1
e5c11ce7ca4b4781946168aa62a6c3057c6acdc3

SHA256
2c7ca510c8ef64b1fd1ca4ecdb2dd05c1090401f250f8404e63ffc0b575ad31b

SHA512
094ff3550acb4abb53f1051570f853b685d8abaeeecfa685cf59c114da7592c9610b81e2d3c136f5606e092bc4191907fd4c80d5db632c579f8302e1d1ccc2ee

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
5835f899991483b2663eb7fb9f9134b5

SHA1
dfd1a4cf6a69fe896fc64b4c16328d05130b1797

SHA256
3dcd4cfb69a3abb89f32641e161e0a92d19f1fd52b8f3ee5f67bd6f609e8d35c

SHA512
95c5ffc7af3a31a78cd0e49c8c07919dd21019a91dafb9acdf50bf32cbd20595864b06e58b6e9806dd5174993b2c883398ea4eaa8686e7506e414d7650f3493b

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
1cf3d9e679ec8f8421bfb75f069ed085

SHA1
53c95477da80683f34c24195d50b775f9f2e51b2

SHA256
815bf46fa92917ba88e0b66c81be103f45ac675498d3d800efc5f702fba40de6

SHA512
85e667a04e786860ba1a52d364a5e1af6e94d0db8d2a5a145c43541fc2bc5397d897e3362adc8a81e7b36fa76b2a131e3fe3d20329df92e74d3fa6ce8600ed5f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
575616379676bcd747d9fe6c38691d32

SHA1
07ed47a886565b52902fd507211a1590e294a815

SHA256
3098f5845ddd3b4fb7e66eda8fab24216c81d8d734805ca153546fc9fa326a2a

SHA512
5f0ece587d52d4ddeaedd548295ba8fc5ca1995ab8a2f7eec633524f02bc2674ae83d33b07bcd91342ba705532d14259812cdf9847a5d91f613adf490bcf915f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
f64497ba884f2e4e0266e508e7c84fda

SHA1
09b23c0c921ec0379f9d1bdf414c354c169dfb0b

SHA256
add48ca07f9bb5432d17a14c9b29015055c5cf5715a1d35aa017336aa770a1d7

SHA512
281c390ebed857fa4a1db9aae0aa4a725ff2f4ec03d5f26376cf3d839edeb87b04576b69e83a3497df49660c35e57504122b40c34119510c570353e22bf6747c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
c601b23ea12f7f22980f22d44748467e

SHA1
51fea9866460d3a3d8422ed04014982c1f6b64cf

SHA256
a442e65e32d33e210b1ec2bf0d00dfd10b320c4924615ba51823586afc6c16ec

SHA512
17d15ebbfe72a47d38d32b1fc93344fcf591cbbfe2db7192dbd96ca0e1f3fd32666fcfbeb3929858e71a89f02b1ee1aa5e73c5788c08b12fa1880502e527bf54

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
2a6269d95bcb7346be663619d1f190f7

SHA1
b7e604a54f1ca4ce90a45ad7b0678b2de36e5c80

SHA256
e854c2af8fcc3513798208547978cdb2ba5873a007988e97985f54de9e5eeb2f

SHA512
5d6760fbe2ab34db75dfbe863c97ca79f06d42a21e4fb4d5fc1bb2c288999c7c380e223ec97a4c13f22a3500ba1896b171f82e972ba4fc400e3aa8646e5cea69

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
56d2c96ffeb40a7555f8fc4df561db50

SHA1
94b06513a471808b8bc26462141f8c662df5e8e7

SHA256
ebb360b54b0975958974f842319c42cd7d11f423423d99efa07d6e1379602797

SHA512
18ca6a9378ef4dc28fd5012612f67317b701a9c46be709a2f469f2b539dbc2ebaabd2645d6dc15f820278a46cabcab561230bc89153868cea4a530534ca0b626

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
36692ed7a91a753704573d64891dab08

SHA1
4fb7fde050226b8e92df39454a2dc2044da85406

SHA256
d2939cc5fdf645a8df0bef3d8d98ee94116fe428d6a9de52dc16770f618ff7ea

SHA512
35a90663639abf0f021f699271114448feb63146d567dd997b8861b9d2d7c65cc9edd07c4610f41abba421d4c2c82cde0b0ccd8b9d170b19f0c3e9684e8ed361

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
4abe8d86be0d0e4f6acb234a99391170

SHA1
b6a127665783daba84ac5eeeb6a67d39e06b6c9a

SHA256
048ff7e762c660a7282dd1770a11f66e553041e485f2d840aaf8679d70ee263f

SHA512
9b4394db77ad2f5b9844318841b70f7fa4f65fb268556618bae878667e748c598f50893c85529a775c7c2b3980275e458749a7879ece05c06aadb63916c8e998

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
5905c52bcada4e7b79b1b23678a364b0

SHA1
411e84e0e8291a2245aba7eb5234b489991aa828

SHA256
1e1782a8ddf545cf719fdafa217048af002606637b94482f0866ed41cd2c3597

SHA512
3ef87d51f43e4f6d12e097fefb237c2d80bf88ecc839bdcaa6ab52183d831d4d1e6c1ee7945a7fcb13e300dcc4124bdfcbad94b45de3fb0878445f9ba79c0383

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
817c7dc86b94805fd9c5c70f54f55a9b

SHA1
16d5dfea31b696f31da35cf2549eca199687a394

SHA256
ddf469af2f83f30ca5eee43b39864217718e131d565657e3e07c149d977e3982

SHA512
47fc7fcfcb5d3fbf683a53cbace7b80f5063d7ab1d81fd2de6f0dd52c07afbfbf6306556b56d20a5a78814f09eff1e2d0670c954c154efca4aae9e6c9ce99e03

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
58927cbb3e58e605b227651cd8d07181

SHA1
825b893f7da64238530b942663cd85988d91d815

SHA256
9274b3058834e204bc3ccfbd9ced34e631b1582c2d14f62c5170586e26ab3ba1

SHA512
e28fd0fac0777e482d5d8377476869b04741f643f0bb4c08e7a58592a8784de27967c411c2723cfe2f2b5a04864c577778319caaa0810d13699e6a4830a6aea0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
23362fa0b35b83e39c2c777797b35cfd

SHA1
c993e4ec1f8b7a4768892c94910d928ecca48145

SHA256
49ff917b34a96d7ebb27af60f75595624f2f396b9528ce97c7e5e24dcef04285

SHA512
a2015576b4c58ebbeec5b52308b1946d7bd0d989aecaa9ad76f05ad604935c59ec00a1d029a078f9e6f4d54827f3cbde76cb4305f6143749cd7a218cb6f73f2e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
6fa0885def3699a935bbc9e7c56855ac

SHA1
b2189760c8b0328a939044df5527e3880fbf8bef

SHA256
7decc1424c1bff37acd835e778afbf713ebe574be0ac4fe895eccb4eb1c7e414

SHA512
395e3d31d1a7e4ff6b83a8684993f2197de6c7f0ab8d40be262f5cc07e3bee71d01ff8d89781b7093c9bacd27d59ad43c3197040e14662124cc3a873bea7f1e0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
837a830e609c0ede5ff345c49470184a

SHA1
d34275cbd5c1b9a9f329678cee17331060254087

SHA256
875e8872cfa2ac8981ecd65300336732ea40b498fc43bcc549ce11a07a7ca47a

SHA512
13f1cd4f38ad22ffa0e964a95763c50d5df2937242a60a1d55472da65f89e6e8bf96ca0f8672a8ccf217a98a5799403ef0c10875f8935f3a32c8f04938941f6c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
b8fc0dbc9c13bb7ad80bc4a0738b26b9

SHA1
18c2912cd1642f4d4463b6fc948374a6096a037b

SHA256
008f1636f41fe31a65629d78e997716bfa87fc7ff96f1342dd52019988bcaae5

SHA512
969d1720a21d5719f8aaa43328e70e2d1d35ab1b63fdaf30c52e580228ae913e29df4c69102bcb289cbf376eb9b677cb88c788c4d49578bf4c791774a86ca896

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
1f0a5908fecf18588edc534013422976

SHA1
034220a09ab0c0f60a7a6de35130ffca977bffde

SHA256
029b8229fe7c93c7cbc6df97f38b4fbe9aa2c86f0dd96e61e3d999ee46c519db

SHA512
b59f2fa5bd041c5e0da634e2bb67327e351061b2a5f7eefd67bbde4b8a40ed0999f4b9c31554233b890bfa7eb2d75ad53424ad447e369bcc6dbc53092f45c6f3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
268d50d4fd07d879408ad620b5c21602

SHA1
52436804ed654ccd5fe5f87b7117781d91fdd724

SHA256
84949181b628c21e75cc5251852620087d1e868f3a35160d681b2d85941d6e27

SHA512
b78edd8388b42d98d0af7921cad9cd25958d169c149c2486fac10fc77efd29865a2ce987672723f6a82acd24f3373a891f2a19fb949c636c1d6e3c3fff3a481f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
1f767e315929a6128a7cb751003c8046

SHA1
2de4528edfbe076ec4d95c3aa633c732c4fa2cab

SHA256
66bf5ab0302838b944bfc9576b0ce8b3ac65e6d61daa3433964e67c0cc98faaf

SHA512
e0b4a44652979abac9350e251bab1b6b68cb02e7b503efb52b91d298cc57d5ac32314517908781848ceb8d3696f21575b50cc236308aeb49b2f7ad1fbe67d27c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
fc0a6c059b13247734f0c5473ab98c2a

SHA1
5badf5335f642f816ff85f966d3ad9eb384f3644

SHA256
1ff270b921bea880c6ad89110a458d150b8b17726fc4822bd9a60fb3fe4aacd1

SHA512
d583d160ddccff52785928fca8b2100d62f49b295ceb6de0603d7d949b5b72f158bb24015a80017f5ba5fddc5ba36dac98e53a86a5271c967282cd46f3d4ce2f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
31cb3861145ad16d46f1375a16f04d88

SHA1
71dab910676134063537aaa810bbd4443ec85b41

SHA256
c458932a835f583de06edf0eb5b27e7e5aece8a37c3c5ee7ab46e9ddb2aee594

SHA512
a4bdd02b7138d645d000ee02b9227930b7801e29b04ff85e0ce46b829c6ee4add8cc44be803b60fe34d58f7f9d83e617b18bce2ea98107bda6b9f94615afda3e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
9cc192292d4bef01fb99669eaac8af34

SHA1
96395b6c078c300ee92476ab60de859828ab0c53

SHA256
7893bea0838b7635333770f5066f97871ef08285f987657a8b140302c37214f9

SHA512
08cbb856f4467a3b4476e44f79f3f4b65cd2f71ffb729d1fb89a5aa7c8047d9e329c45a5b057fd9bd8f0f6d2f004ee6170a6265d72ed32d260de0678fae15311

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
242ed73cbcc364cbe964bd8405b0b484

SHA1
c1a3cb63338ce4240089e0715bbf8d8294d6c3d4

SHA256
acc2351d69e7ce87c6e9131fbad0a0f367d84babd9617cf94f9a8e7eeac4fe51

SHA512
60ae45859dc3b29f33a0f30a9e9e8dc0dc8e3cca0d1bffb1083a6b67b7c7a21616c18f33c2675bba54da3deeb334e2a4feea54813b11556c58cb09c6b49d847c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
317525c86134f497cd00b346f911227e

SHA1
610f7532368ce356c716d96a9deff7ad3cb0a844

SHA256
7f95b855d4b64b30ecd2f9d0bba1e676e756d1ebdc07742dc9e8e7c523556cc1

SHA512
5d3cf7bd353c1b20dc78daf76d718f9fafae8caaafe4a0fa606f4760bd15299c92d279b4171401d5c9937baa470db80c7891212f52eef81bb3e9703b39820fb6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
2cb549e94085be4db8b70a88f15b42fc

SHA1
070f3b8e16b088d29d8360cbe90881fd22b38f4d

SHA256
f57f83ba358efbe57dbd3fdc641d7fecfa058f44317cbb745391eb4651b6c44a

SHA512
3d83acaa530ff227ee7fc9e7c3cfd5852e9e869fea60135a16470f1dc8bc5e03620a84751e0c8061700a63b909a46f1d43cac55b463d82594fba519455c93602

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
54bb0d7248a0fd60b55088c1d3710ff6

SHA1
2a8dd73913753cfae64f3893984bb6cd1bc8ca7a

SHA256
fea2018bcc8271f6fdb2a09123c76d24f2bd4ae9f5bde3d32d3926d641802673

SHA512
de5335de5906a2d141d887881daa5712eceb4e55c10a74428852bdd2173db5d5601e35e2647247e90188070d2848dffcb9d63c340d1adefab49bc5256ef17d88

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
f0203bc520206c9d26b9d5791024cf5b

SHA1
92e2be23fe6d7010a5348d1397e302bca1535dbe

SHA256
5ad0856e179db9cc0ce7592526c63549a7b233e81b109b4f55c18521890c75a3

SHA512
324615165cfd69d16c2205b9395fa537534bc27b0c1fcac71e88f53142daa13835df3101329e547ac88ed9fb73998c26588ffaf823a28a2d2075d6a6d76187f9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
403cbcbfbed48641116280613e10e041

SHA1
32bd9473a429a6d2604fd1b672aab70c981621c1

SHA256
9b6c5ef0c90358557b7b02ac4feb80ebcce8d781c5e16476808cd5e750141b58

SHA512
cb9101ddc992b84b3e961919153d6ae85e5136e3a78fd9445f3b3645a153622947b8f086fa571f1b507a50f4ba202bbaa8fb259281b7eaaf0d815520a1024908

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
0d2a41cc1684b4618a26952a40bbcdb0

SHA1
221daf2a5e2c471bf63a026a42ef9b7b093296c5

SHA256
250d846ef46304776c54a788fedd9ccb6d74b595ef62c6d66f1adc8e89a4efb9

SHA512
a5ab12939c37d741a10c906f7673af99ec55b73f9f3154415c2f269932013c1fc798e97a637497f707004c19ed514d94f46eea936c15cea068549d64dea45fb8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
f312f61639926cd21b84059703a51af4

SHA1
48d86b74c295697b7f862b2af7e79b3fb371c4f2

SHA256
996c67520011642e8c78857ebce80a5dbe9f4ebf011b58411343186f3e2de01e

SHA512
10b6f77854bcc32a4d8a31c9c4a8df7d133363ddb1eba91b39e2b91839e6827cf6e7d13b8ee19e57e3ba7813434f4ffb3b3ea7c67382ee9671ec345357a17976

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
ef0658d0dd504f71a115778de31f9ffe

SHA1
7a6ddd77b623af80ebc83952eca02578917aff70

SHA256
1310f33bba0fda72d0bb418924c7f645078dc8c0cee51f3983d686b971849547

SHA512
5956e398f27530f97281cb28c7ee98be67b25d29c8c7365a8cf908a8237f4fdc14bb0ddf3fd0cf8d5887fa7bd6d68b84e4dafdc611d812cfac34e7bb35982ef2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
471ffb52477e6b4fd6204e07481352c0

SHA1
1493d585a24be9081b30a27a7b9368fc5ebd8c5d

SHA256
01692388ec07a76e28cc1d26a2ddfd4b91ea3b918a2b28f2f987cd3e5c0bdddd

SHA512
25197b6881612be16e3f3893dc43ac24a49500b89c2ff27f0cf102be19fa10bff178b05ac2f328ff532ca155fc3449e07a9fb277839e931adac716df41b81a18

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
c9c716b3f5152dc3388c609b6b657a21

SHA1
c2035957e3e4efa61eaccd131c48b981f64cdd35

SHA256
042dff6a29cc2f8018aae90bf6154e95f0961332ef07cee69285caab3d634ee9

SHA512
d98469a191205692536f1b25da3701295531efbdd94095814ab931d35db48a1c2b102111f2e17038c407dc79ac70155d1fe418e5c4c6edb12aafb0d886dffb7e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
9836d6818bf7943d6739a5bd1b246e44

SHA1
0ddb0c98ad2de1f12485f1bc778f56ebbe8902d7

SHA256
cbe5c1715d6225f741fb630fac230b774a8ac06b494b1135388ad8914be6896c

SHA512
02584ed48d40e2cb4b2d4351c7a71e34c34c0a6a97ffe90de997d8e29ba79cf32ff04a5bb87a8e4e101c93f2eeff63840291031c4c72392dae8fe6e405ae9ba0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
f2aa550b7db7f54fb0e687b6f9120e51

SHA1
f906f1b02c29226b5b7122d9d9adc9f65a9bfd32

SHA256
bd53d1e3da534d3d1ee49286480a8671da2e6321538f89eb75e69488e856b635

SHA512
d786b7081f338a04b834590be7169972a0178765a123059d75bc5faee6ebda14f59a92363ef5c7694923baca6b0467a5a95f4707f58fb165b40a98d73b4557c7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
ab5bc743d2e6b0fa321c3a3946cc0167

SHA1
ae1e467253a5d160f6dad5bc8ea85827bde00644

SHA256
fcc14df022400172a20bb1503e5c7e402634fa5c924f95fbea397cd5bf8ed614

SHA512
d7be4bc757a089eb997c88e33ec521c8d57494d4e9f5b9f004a3defd07a8d3f8d7c0497de729e157fbec7a2fd46a237b8780c471af3e8361ffd336398bd0e4d4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
e07b706c8ebc6ccf4e55c118b0a84cdd

SHA1
4a1e36f22d835aae12c496cda665306e9b3e7eff

SHA256
0f659b86835b73c7bb61c245bd4034e103cd42ed61c87460d976fa0df0493514

SHA512
de3b08760c00f35ea05923f4a84e7c74537cc7487d695d8368ba32eda6b5e25e1c2effabd3499eda48c5190c51b9967956f3c84c7605d14135fecf60c24d90b4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
b0e1ee2e29e3083c35a72a11d9803e21

SHA1
822ff7b80f66bd405231fed62b29521af324cfc6

SHA256
3939efd8f8b1d31c9340d5dc4c230bff5a5a268ced7826f70176f18c48083101

SHA512
873aff3e50cfe9d913187d222d85c2515c0cc502b5a7049c894d7936333f9654f3800b7a49068a4f33c3e7dcb612ab9d6f16fa98725e7ce12e8ae4191370690e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
adab0beb8a7539521ac19db04c1b291c

SHA1
89dff59167798545aaa212878dd91bc4cefe17ed

SHA256
24819732913df51b5e872027a714011fe39f709f2449c9b74e5ffca582043459

SHA512
722162f2f2c08a97e4827f4b5b2e567113b4fb16c0fc760c3450d1c4655611d6623e78619580f9c8a3846981816db2a38e7a3e912da4d1ee297af62752172862

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
7980533bb201167c616e605e77d7c31b

SHA1
4a0a66bd3d5621723d47e0b5864760fc89224728

SHA256
547e220cfc454ff8e13cf242669f74312ae1de7114a6ef9959a39c942716cd85

SHA512
b913e8b650e0a03dc7c308509bc2a2784220245785d598a77e85bedd5a7ce157b79c169b711d1ebf3e0f972e5638e84d83508dd31304da3dd3e56107d9cd1e1e

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
7db3654539381565255cf463f5305544

SHA1
463cfbe348277c82b979fca6245154211ce22359

SHA256
c11dec2db2304b3643649474cc89c55444b24749d8e8afead5795d5c1d02626c

SHA512
348e3a2cc7ddcd45b20ba2a377da92be8d4ec072f05adc735117691113488b0c49474463387268285df541a271d67ad3942dfd9c544fc7b8c5ec7ce4799fb1e1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
a7abf16353f417e78cce9c473899a786

SHA1
4e43975d97b4b0c7b2d4886fd4c556a15331b049

SHA256
244c5e9e679b9c09b7968171c1600456f7d308bef90f18c83cccca0deef9b10a

SHA512
7d0b8c705a03808b54a8ec31f15a30f341afe5855f96db3a9519f8a052476cc20fa14f87b4cac5bb8fa4ef035e6a8f03cc39a55029c5629ff8d9396dafc55075

Download Submit
C:\Windows\SysWOW64\CFPRO1.exe

Filesize
7KB

MD5
f16e3a9001c9e20cb6bbc6fc042d07c5

SHA1
f0da0a26c79fa8bab5b5ef637b7c6737671062b0

SHA256
20dd63de91eec9e5d4ee07549e9aea6aa0a7e82ecc00b3fb8f99d625f2e87988

SHA512
c384b5d8a22c4c9e530890370ef2bfc8a56b11449bab459a000a5a1e95b473217692bc7fad99bd48ee6c15417e5c9b31fc05dbcb6422536c9ef451040f40f61b

Download Submit
C:\Windows\SysWOW64\CFPRO2.exe

Filesize
161KB

MD5
535e1eb6f60850d6a2bda91d6bda5240

SHA1
8ce104f7e272b8a836f755ddf2e681d99f9ccf5b

SHA256
e1129ef159b8cd0483d565f1440afff4e4f797ea46d2faaebe915922b15e8c6b

SHA512
62a7831644e12b4ec7574d00ecfd56612c0821a7c804ca63c0ed55f1f3a78213a9b4d94d5dccda23751c1168074f8e11f59d5e79cb0019abc5fe8886e9f56e51

Download Submit
C:\Windows\SysWOW64\UFR3.exe

Filesize
25KB

MD5
91e80c8868c8671bbc5558555aa05ce3

SHA1
6ba47cef62753f4b3798e61e7120faf5f3d6690f

SHA256
44d172da6573e5d7b92ffb4f9b0bf17a83ad08bf157c7034be593810ce09a4a2

SHA512
901eb981accccd48af90f1db06b41899b60c997e12e9c14e8641a70467fcd5cd3d975c518cbd1a3b6fa7afb51647bbee8df6f49f9006ef0b24ba41adb250082c

Download Submit
C:\Windows\SysWOW64\ufr_reports\NO_PWDS_report_30-09-2024_07-41-06-04C2429FF7C7657FC0C1B96D318D29AC-CFKF.bin

Filesize
1KB

MD5
842777338bf2702c2936a383aaa1b276

SHA1
53e1065d1132f67a638aa2ff8ce1eb3b401129ab

SHA256
3e0c6705ca9c1cfdec059f396c35b4a190c213d983d95b76fd9a34c3ea6b8a5c

SHA512
bba3ef9f6d5870d77f6c65a4bd74bca5ec4bd2aeb9b8df1f5dd1296690c9004ecef5473d5c17d01aee49bad900c9388797f3d428d4dad00aa530381f7d78cf78

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.19041.1_none_233543e4fce957ae\Disk Cleanup.lnk

Filesize
1KB

MD5
d9b9296fc92ebbecbecb20f318cd5678

SHA1
bf4893070b78d4625e026ef8473c3274cc77e4b9

SHA256
fd8dbef5fd3ab379d88985fa6be79851fc056cb9348ffdde0ea132333a30012e

SHA512
f896e200624543abe3d6a788ada7ffffad59cb5c904fb2df2dc9d983c6595a4c1f58964e227dcd99b7c5ac4362839932bfafd5ff1ac2503634d82905870f7bbb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.19041.1_none_61cd745a990bcfb3\System Information.lnk

Filesize
1KB

MD5
3ef5604a2477e1c628ac6b0826a8bf07

SHA1
24c9a369a5da56a19c3de90a40cd35fc312327f7

SHA256
2dbb9820a6dd5eb33694b267dc2faa15fd05a6f70edca76396df1e2108ce97c0

SHA512
8f312cdc0726b1acc48bf347a4bc2f936cbb4001f0bdf559e76d831b429b7fed0a17ad9e760aa76cb451fc8f08bca44d6fef3e4d6e7014cb657bdfe81aafd5f1

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
145c3dc99de4531d3fd90e2177ae19f9

SHA1
0c43325d28702ae5ebfd8ee535741afcd87a1fac

SHA256
b7f5da142ad70599aace7cadbabf3fbb9d0eb1f8820c56faf1acc1dc40fee0ea

SHA512
fc987114c5eb38d7c9d9f380eae1cda9056db507e13081f055cee40a00aa10bb06e476e616f5795c759ddad6d02f021d75a9f81077446e7f8d2ac40704695ea7

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
9913cd74513e80ad7fdd85de0aba543b

SHA1
86f59561b54c74d52eac15e016dee9b10925ab12

SHA256
6a1026a8ebb0d1d99621b2af1ebf735bd13b832a23f20637b754d3d4f5611e37

SHA512
001b1a0404c20043ce79a6ce274d18cc217cfc9f89ba783fb820aef944cc60a266b96a561d00abecf37c472e2961ffd4d6de50ddc8e412f678872b03c19006cd

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\squaretile-sdk.png

Filesize
501B

MD5
7c0fd2a29d435d9f06b077cab89190db

SHA1
9387df3279902c1e27f5ca68dea289b6dfc48d0d

SHA256
bad70b7310e31902376dcbc4cd618a383a25503347aa09a9c8c794900d19b2ee

SHA512
26e10b0d8523dddd539339fec3bcb00978d527c70027fca7423bc301452fed9315c5453e24c0ea04f5970f64f2a84df245be92f983599723acad67862a68b778

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
55c082e5c753a3be7704ddf066d0e895

SHA1
ced13c44a19f82b143b033378d601f93b1de3388

SHA256
e45f697a81e1cbd46046a50597ba9af08e1d8311647d62a17402cc418b0f63e8

SHA512
8a7dff042cf53601adb5212f9bc6a21e48de61faf38096def0a733188e22b57d0141a7b2885ab426f76c40c73ed92fb0ef80abf0e469c83a7c14166a6830a0eb

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
c4be1ce9dc39fb83fd5a2d617c2a4837

SHA1
eca34cd429eaf350804bce704d19ea61c74fd54a

SHA256
403a36ada7f7579d09670f9b98e7dafec1c2e1beecc5fd26ee6b5fd0b4f2505c

SHA512
3e736e36954c970143a82baa806fa88a36db812d09c08a6ab4d19a78e6d0fd2c42c6b8e59b62f7f4c3fc7806f5b1d9f30e934b404de6465e9280300b034fd64e

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\squaretile-sdk.png

Filesize
501B

MD5
cc732d0bd874a5559714f32366affe1a

SHA1
b1b7b5585059d53f44d8e0dbfc260472ab658c71

SHA256
a836ae986ad1fdf66b57b8f55eac652b146a474835c2c0ee3a6afc945bd60bed

SHA512
3d9324b6ff7f7db2248f609f2364c515e39985e7db154df70926194ea141cc67a8283b8ec91b0c0f71b97476755cd272ab6af1d5b44c37f1b5821c91d18d4890

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.19041.1_none_03cd5b18c0751679\Remote Desktop Connection.lnk

Filesize
1KB

MD5
894416dbd9a61b034fc6063648aea93b

SHA1
8cfbab4be7a17e79677b165cd8ab46be6a1e8eb5

SHA256
a0805887d8fa07d8d3f2c173b873f06e4691f05815594a9f4984eb81db2b5b83

SHA512
a8171c8420bca4c8b6e338e61c15db298e8cec6e13b948274f8d26587edec09749a1cdefd3e6592c04c96995ce35ae1b5b5b918a39875976fdeee02158ccb341

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
bc11258183a560fe12e8255cde1db697

SHA1
70649ceaf853e92caffd30fee18259d57bbace79

SHA256
f666bc64dab1bf3b9692f1d138d9cf1f5f707b78a693a7f0bcb829ff418b67be

SHA512
8c7350be0eaecdb06fc6082797d6ef894c4e6b0139be6e1fd0452c0adab55fc20c032e4936dbc7545b883a75118c8c61e9b6e2f1b2d146e40992ffc39566aa63

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
14d345356a5ce96d32f1f0bd6379c6e0

SHA1
57cf32cb651c3b593d3b5c688ba15ce2577d10f4

SHA256
2d09d24c13b28cce81f7d41b4f40bfd306d0f9a991d0d4bd6a57d355f6455b86

SHA512
17c2610e7d84006b96c1a6026838bb634b116f786b04250412336c86b3c1ee087fe97654418c70c50e1a04f75c811fb917dc2f37954ac7281abfaa978658268d

Download Submit
memory/2224-5325-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2224-135-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2224-10908-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2388-11003-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-3318-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-10471-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-13-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-11337-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-11339-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-5979-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2388-11345-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4428-232-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4428-4451-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/4428-66-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download