xorist | 5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647

Analysis

max time kernel
95s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Size

7KB
MD5

026c928e0e950ff8918429b70da11216
SHA1

4f1c38dc42dc65a35428df7ebe90ad94f5daa2bb
SHA256

5f8cbaafe10f4a87a10044b42fbeca780cd901b09a0fa7f2909c2f2276586647
SHA512

c3bbac4cffbf65e5e885b65457f13f71dc4d5bd04fddb0be05648709914b4858e929b9d3a174ee706411347e328b093c2b2a23d7d5e23d6f520d17d683d85cbe
SSDEEP

96:lhZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExJxjDXV6TLIQi9z+LRMB:rzdrr1FG1WDCgmjPZbDF6Tlgz2RMUA

Score

10^/10

xorist discovery ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3884-6050-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-6051-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-10515-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-10769-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-11080-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-11085-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/3884-11086-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_b6cb67052996a0bf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wvmbushid.inf_amd64_fd2fe159a9daf508\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\0014\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_multifunction.inf_amd64_8bf0fd2423b20b97\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmtron.inf_amd64_0b075e1cb11005f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\International\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmmcom.inf_amd64_9179c145f01530e4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xusb22.inf_amd64_d0f2fd4c931f4672\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ja-JP\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de-DE\Licenses\Volume\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_floppydisk.inf_amd64_bc7bd9dca28933ec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\megasas.inf_amd64_289e18fb610dd883\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\Licenses\_Default\Professional\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthmtpenum.inf_amd64_3abc48e730d08fde\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmgcs.inf_amd64_e47e06e16f2aad12\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_707d3849370b9d23\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\remoteposdrv.inf_amd64_0f0da968c1cfce06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pt-PT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\displayoverride.inf_amd64_c7a5777273c98ebf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmvdot.inf_amd64_04863374c9db2052\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_b616bed30e8928ca\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WindowsOptionalFeature\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0411\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volume.inf_amd64_a2da2b286ed77704\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RegistryResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpsion.inf_amd64_28542b9aafacda15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Engines\SR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAll\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\disk.inf_amd64_cc4dba2066ccf53c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnge001.inf_amd64_1daeee8f3aa30fcb\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\amdsata.inf_amd64_ea60132f1a9a7a62\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_bf051ca3546a5bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ServiceResource\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmusrf.inf_amd64_ddaa09c6103bc6ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_c5ee07feb8dae038\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fscfsmetadataserver.inf_amd64_ef3485e85c5c1b11\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_aa57df1ffa9aace0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3884-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-6050-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-6051-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-10515-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-10769-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-11080-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-11085-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/3884-11086-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewer\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-100.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-100.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\RotateY.PNG	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_contrast-high.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-200_contrast-white.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10_RTL.mp4	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-32_contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionWideTile.scale-125.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-black_scale-200.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_altform-unplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-100_contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-48_altform-unplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-64_altform-unplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_altform-unplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-16_altform-unplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\130\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\19.jpg	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-48_altform-lightunplated_devicefamily-colorfulunplated.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-48_altform-unplated_contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\Doughboy.scale-400.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\sk-sk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\THMBNAIL.PNG	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageLargeTile.scale-125.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosStoreLogo.contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-40.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons2x.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-400_contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailLargeTile.scale-150.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\osf\agavedefaulticon96x96.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-32.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-20.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\uz-Latn-UZ\View3d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-black.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-125.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\10px.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\6px.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..usmanager.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_55d47b3c8f374aec\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.19041.1_none_d0af17ec366548f3\TinyTile.contrast-white_scale-400.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.19041.1_none_7fd47726c3f6f6dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_reachframework.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b0581265be40a7b0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-l2gpstore.resources_31bf3856ad364e35_10.0.19041.1_en-us_eb93c336e57d00b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\v4.0_10.0.0.0_de_b03f5f7f11d50a3a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..-security.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_32f71f9ba1370d27\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wdma_usb.inf.resources_31bf3856ad364e35_10.0.19041.1_it-it_ec7073e3bb141a39\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_eventviewer.resources_31bf3856ad364e35_10.0.19041.1_es-es_23ca30549cf7cdad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-workplace_31bf3856ad364e35_10.0.19041.844_none_46960391b09a52d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmpnss-api_31bf3856ad364e35_10.0.19041.746_none_ca3779867d8caaa7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-setup.resources_31bf3856ad364e35_11.0.19041.1_en-us_def1981d223d17ef\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fscfsmetadataserver.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_fbd0c4f2ee1cc60e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\n\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ctoryservices-setup_31bf3856ad364e35_10.0.19041.1_none_cfd96e2c1ae46eea\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..container.resources_31bf3856ad364e35_10.0.19041.1_de-de_623045783a33401e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.746_none_0b4ed891dd9ccbc8\square44x44logo.scale-400.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_10.0.19041.546_none_b72b37b884665d49\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\pdferrorrenewrentallicense.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..l-keyboard-00010439_31bf3856ad364e35_10.0.19041.1_none_4e321542283f9054\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.19041.746_none_d27ff5d28ffba55c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.19041.746_none_49d38afb2289b178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ure-ws232.resources_31bf3856ad364e35_10.0.19041.1081_en-us_82ed62af3a17bf8d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.data.linq_b77a5c561934e089_10.0.19041.1_none_0d592d2363b8466a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-profapi-onecore_31bf3856ad364e35_10.0.19041.844_none_ee6879440a206942\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..engineres.resources_31bf3856ad364e35_10.0.19041.1_it-it_c6a854b1b4d7e07f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shellcommon-core_31bf3856ad364e35_10.0.19041.1_none_91b1f58702057373\WiFiNetworkManagerToast.scale-125_contrast-white.png	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx-aspnet_config_b03f5f7f11d50a3a_10.0.19041.1_none_4a22873cf8deb209\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_10.0.19041.546_none_93b8eb238c554662\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fsencryption.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_69d3b8c4c7d28367\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..andprompt.resources_31bf3856ad364e35_10.0.19041.1_en-us_3572ebbc3147b987\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\needie.html	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..ltdel-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_4c845e7a8653a401\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rasgetconnectedwizard_31bf3856ad364e35_10.0.19041.867_none_17f88bb52b16a93d\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_netfx4clientcorecomp.resources_31bf3856ad364e35_10.0.15805.0_es-es_765c3c4b51e37b49\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_netnvma.inf_31bf3856ad364e35_10.0.19041.1_none_b64f60875fd50b80\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..providers.resources_31bf3856ad364e35_10.0.19041.1_en-us_0442b3275403c57f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-internal-shell-broker_31bf3856ad364e35_10.0.19041.264_none_68d6c779f9c5c92c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_en-us_a323edc73bd86475\WpcBlockFrame.htm	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-applicationmodel_31bf3856ad364e35_10.0.19041.746_none_fffeecbbfdaa9c1b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-client.resources_31bf3856ad364e35_10.0.19041.1_es-es_652efda831888001\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-xwizards_31bf3856ad364e35_10.0.19041.1_none_2e1917b3de354ed1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..t-resources-mrmcore_31bf3856ad364e35_10.0.19041.264_none_d3b4f56ff52704f4\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..japanese-prediction_31bf3856ad364e35_10.0.19041.844_none_67ae6f79d96aa66c\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\Boot\EFI\ko-KR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..chxreadingstringime_31bf3856ad364e35_10.0.19041.1_none_c5a65d4e904f355e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_cd8e4e754349d46e\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_usbser.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_f71c5a6fc324bee0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_wvkrnlintvsp.inf.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_0b7109dfef2ecb85\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-esdsip_31bf3856ad364e35_10.0.19041.1_none_84a134d7af5da5da\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..-platform.resources_31bf3856ad364e35_11.0.19041.1_it-it_4c775ab7a368ad07\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-quickassist.resources_31bf3856ad364e35_10.0.19041.1_it-it_4f3dfceb6758f834\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..termanagementsnapin_31bf3856ad364e35_10.0.19041.746_none_290f6af7d5263efa\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..languages.resources_31bf3856ad364e35_10.0.19041.1_fi-fi_07b47a128d5bfd25\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..mnotificationbroker_31bf3856ad364e35_10.0.19041.746_none_a5ade2e84580e250\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..xthandler.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_34654cad8cd18e50\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..haringapi.resources_31bf3856ad364e35_10.0.19041.1_de-de_1b7913bea6ce3be3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.management.instrumentation_b77a5c561934e089_4.0.15805.0_none_a6e30278d049aa99\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_smrdisk.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_354185f777dd0e79\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-d..ne-dsmgmt.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_ebb345b44423bb94\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_microsoft.web.administration.resources_31bf3856ad364e35_10.0.19041.1_it-it_830446ede76ee07f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.123\ = "KHHZTHIQEAGIUWJ"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe,0"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\ = "CRYPTED!"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\DefaultIcon	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\aFXN0DIM6rU85R6.exe"	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.123	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KHHZTHIQEAGIUWJ	026c928e0e950ff8918429b70da11216_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\026c928e0e950ff8918429b70da11216_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\026c928e0e950ff8918429b70da11216_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
2487ec4f8b5c56d23ae5f39635eba9ed

SHA1
a4d772a1cda15edb73cebcbaddb98945e350791a

SHA256
ee764691c09436f1da7cbb88cbee99178e363606ace4e445665b95d0d990f284

SHA512
c14420b6648a0461f8ac0e9d44d34b1fec2ab0318e340d5ee731233430846c912469c3ce7d7d12b09c870afc7569dd25499d4ecbfc68b67ab553daa181b2af82

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
0a378c39fbcc44fd3d8ad2ef714619dd

SHA1
d121f05d5b0bc36b9eb590eef060778c21db325a

SHA256
e0964042049aa761590f376912acca792b0cbffaf834638061b465a336713f93

SHA512
c02cc4b50b9756e0ad6f4bbf637a62883183de71cb546885ebd554ae0b8dcc23b432a4091c638675d2a371a5bd65deee16a60d12356505e21bb362d2e77cb62b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
fd8ea63caa042b7ec779ca40e9d634ea

SHA1
5c146b921eb8412f150e41795e81bbfec380cf96

SHA256
261faaeeb8d81fdb108e87a94a594f40bd4f3d61f9b444a3f6d81e1962c6c93c

SHA512
eede28b8c925242f22138af915e6214599e17255bb0600305c299f64ed0691099b11ba7ae28375876a7f5200a3a57e1f086c93f20b59a9007a4d8c416b51a164

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
efa6cbb50a318e4a0e6a6aff0a965cfb

SHA1
3079790296a3ccba6269194592b8df9eba47a60e

SHA256
08ee35f94c5d32636c266794c371499df96cb3adaaa0efd5fa9cc47b37ebe388

SHA512
07887ebb9830659f914aedffc7cd27959bc0b4683eb4882a73b9996b24bdfac4fe44ceb8cc6f8250fddb20a1b42463bbc99f4918f43c48ae5ca8bd0f3d408c86

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
e67d05a6961ac56aa14ddbae7c9f89da

SHA1
2297022b27e7bcb0b96c8d38fc3394ed369ff35d

SHA256
21dfb914c878c2c833f517a19c343795679e6e91eb7d28a30b3ebfdbc6079b95

SHA512
cb2836bf1c6e7c4ad71a1a9e525ddcfd4d54a872f5bf748375b6bb929f86b626cf6d37ad23bff998fdbb3212b16092d8d42d4445e901fe3ed2251d345da574d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
6e4e15d43df2219317b3a37db53cf853

SHA1
43a04f08c03a3b8a30eaa1d970a8b9ad35823d22

SHA256
9d5059fb0a4102088ab083ad9f3295a07925b751b22ceef381cda34c41877864

SHA512
6c111f88dc17c9311448c2c839a88d00372d36442e5d1ec7ff951697896a5204a2393add3218d47aa20994b7806a1a0df65d950b89ef705b7e7bb1826d33f4d1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
ab3066d6d63b5d48d17363480e8bfd4e

SHA1
0bc762b83fe7d9a528b9fb05c40bb723b6c0616b

SHA256
bc31a8a54090b7a7d831909466cf63bc8f3b5d87803bb4303146edb072078875

SHA512
8a6bfbfde4cc7b9a78d022051b1dc68f2d80b6422781585321f0ef4924d1eabdc9e063aedb866775355396183a0e8cd7ccd0b547525d24cb63027e352744db79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
1b9731eb8efbda26b3a54352f0053aa7

SHA1
4b3908bfa0daa3b6d1633593399e1bbf8a3a3ee3

SHA256
44b76ebfe70ff0ae13f2cb4c63333a1bd1875cc995f8d7936cb2d026272b5782

SHA512
29d9729a9f294e60f253ded6fb32e10810ca06753880c6ac09cd4e51435489eb06ddd0daedc6471d38cebe2a6297115fa71fde067dc2e4f3060a2b43f9eaadda

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
bed951e89eb8d5e64c46a6287f55b20a

SHA1
b824799300a99af1feaf45f757bd8685c86bb7c1

SHA256
deaf81012b0ec46e70eac8b8df796fdbd8adc5bb56348263fbc1a9b069ab7db0

SHA512
164bd0602c6707ac12f52b01a3ea1393abf57b1cb4e54a3718e9a2549959be9b6d649979fbf9ce5bda1fd58365ebe916b4344528e89fdf6809c9340aebf17b65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
49f1b8dd98ca1946d15f41362392d233

SHA1
79a3a43e0d25d39b11c7899e23d72d50fd88b9db

SHA256
be812aa8c0b44f8064e2272a79499e68c1d6e128bda25da65b32429e166075ce

SHA512
0a71323e27f68c538351809f86204e971fc8a39776add59c6202cd87a89959e96cfdc2a9cbf27dfcc7b9d4f0547c8058e5560005deef9219de6a4df6966554b1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
b94f8d74933e126ba60885cc3189511a

SHA1
bf82612976ea409c8defe98e415637693761040c

SHA256
a639c0bfa2d77b1bc0af5330eb7cd8829f8ab6b43c3135d826e9dac7fd888a87

SHA512
b6a3882ad59b23f2e7f9814f9ed12ec009b5454b15fac0a9692e0cea34ac5cecc3a4d3c459dd3ddc83cab3da28a06915d410cff1b032b69c15347550aa57999c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
6a08a66f11d43beb561a731f0e9b0746

SHA1
0023ac8702751ac7e6e1a6b353fd563ea6fc8d74

SHA256
a0d08ebd24bea4139ab08999e49d5f115f35fb419054af174d7a5bac5d761967

SHA512
89a8339359f44e0b0069ca7ad890ae6a5fd7b93721217fd14f1ad360c2dba9574f97e2289314c953009f3f5605db1c08ec368f14558961b4d743cb927d20a110

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
5b304e3bacf97395f1a9da05b8371ba5

SHA1
fb57fb335a19de86df07cada0551c5c53862f517

SHA256
0fff64fd80d07e8e1f44ac57fb8d31c5e7577bdf5f9f9e113ed6f387dfaaae2c

SHA512
15c6f688e19ed79dba1e210d13786a6b707b9de3ea494980645660ee4fed08395a7594f51b4e365c7a08a1416bea02d4a3a1feb1d50522cdd07aee7576550cbe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
bea66aa41e2b80a6ef4a4fe3b33fb1cd

SHA1
e2bee90628beb131b3fe25db0e9b894e608d347b

SHA256
1fc0c394f24c5855f7a6135288ef0d6cd2b4cdcf772583d2eee1238bc3e03010

SHA512
2ab9b1be9209c35953e9f5b5435baa9a45020ce36fc68dcfabe6fa1e279afa4d50a4130b477751f83ed6ad5ca5805660a2fc340ba39d55a9e9631fd082d02251

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
4811bcaa969029ae65237b42fbaaed49

SHA1
91c59188e54adc70a09cb65a190cc3374a85b558

SHA256
7113b65a9140ac1399d927df3e5d950ba89b5ad67764f5a2344ae07c789bdc2c

SHA512
58a68821102ae12e55983eb4087a01f101b750c633051b26ca6a41d25262ccc1ccdcc97844778973a106edf450617bf737d6379640dbde7fc38e5f112024af54

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
5b2b683901d68687f098d62e18948e41

SHA1
5a14c765389a2e121a7a31326dca52c374af484c

SHA256
bee393ddfd2d6c3ec8e3048a646c2e722e5116411e4c961d6ab57feaa4685f56

SHA512
914066085dc1451614daffad28f2a1c58ab77d5ddb9049a885e9ef4f7a3d754be856664e08452bebb45c49a0280bf9f9297f6cb568cd122b7a01e6f96d4c4c60

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
334828e6b3e0b490fb2b5d4888165f4d

SHA1
5022322ba677412455f7ebf4369649754b14cfb5

SHA256
82410a57645e91948c8bdc044d7cb9d81d77b4185a5c301fcf0989fdf94e55bc

SHA512
b00e9352674d126636f5c61e6b0c76a3eebafa3c88dbba62af4ae088fb85cab83fe546a3a22ad1a1b76e465e1cf857a9d6e1a4ef2c726661b30bc9ed00f0538b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
530a1199d342d29225c93b9ed3540fb6

SHA1
260238a83ffdf41ed7d2608ae808ddfe765d5485

SHA256
1e7412b3c561fbf7878834168209f82caf31c84a5f4ea8ee79050ca225ee3a90

SHA512
12c165e58189e04471022fc5aec140e21154d28d0787aa8ee2c2d7525e21e499db20cd31d24a28a61e0b2d8f723f22a62445ac4da518cf5d090465751a39e338

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
36d2648a39c88c792920064673843330

SHA1
f16b67c02bcb786bbacc08c95790f64119fab730

SHA256
089c1bc0ea178717cb529a0c7260cb634ee1ce1b244d2c340c0c7d7dd6c99191

SHA512
8afe2c4d14e338b1219c7e8178125d0ddb5a38165cef97538cfea4a37335806928eb0943c5211b3c673b7e371a3175b4e5c05dcdf9bd7d186c3ef2251a5cfba6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
f00aace58de43a9b48f30aeef3917967

SHA1
f527d339446fab10f708922e50bc19fccc03037b

SHA256
634d4c764725cf74a8a38c00a88457ca1484784f9f75b7ffd44d3d18f16de42c

SHA512
110e92282ae89862011b4518e09848102b9298c6bbb05af3b21727c17f52c5fae64c96721bca9f9ca63ddf2066e62078bf995f8aa69db843016a8b61c332fd7c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
830a4a8bb44dc7e6fe486d276b15461f

SHA1
a4356d551384123745c5e99f40cb4ba39ee7acc9

SHA256
0058076a2621452db85879a2a8c66351c8191bc098222675e8bc1e04b31007eb

SHA512
d9bfc601579d04d99f4602d92c64a8e023634d9ea7fd6b787a25edf51a673054a998ac239073659eded3fac6485812c8903c220660835ba7bfa6be243c8182e1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
5f4748cd6297caf83024af3318a39b30

SHA1
32ec4f4a4e9f7dc906896ec045a7589b15f06906

SHA256
b0c347b6afe6fd48939c8a478c7c6931fdfd1b70b7eedd5c43e3d91d3984cdfe

SHA512
3588c6d78ca1107264f1dc58ffc681b3528f168a427de1db5b13f1d0c41f5d925b90c1c07a2316aa5146a0e9d1eee8e5a6f11155e19cf40176e51ccc6016aa42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
dde92a50f2ac587146de9dbf8215e165

SHA1
84e2c46f77be0e47bc241d6df1fe376510202c4f

SHA256
483954a2fd308b7ee7c317c526b76f57c42f2efbc5960bf144481eaf4700d3c0

SHA512
04bf0b4ecc3ce5e7464500df09fadb560c47628433705be0bbf5ac109918026b472df8dd6beee32cc72fc86ca23959b85aa4468caf7b6de4786c096e7730e93e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
31865ae68897e2b4b1648b165941f1b1

SHA1
fffaf92d6288b2126d581fcbd2e4ac1559a7883a

SHA256
0d6cbd8918a8d10d5638e9caaf8d4511b25aadb0b69cb2fdf1fc87b0cad70ddc

SHA512
b01ce58d4794963ddd0116532156f6c1c6945bf39cbb312589ba10d90a347efa186e1cebe7fc0931043fbb2f3479de26ee87bf9a1a490db64c2625d047e86497

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
2b40f55a0a822cbad9c5e7cbaa551f6a

SHA1
9baf28add94b6aae19a9535362b9c15d751e521a

SHA256
a0443c4823a25d395230adb19416ba94edde633f7a5481c6947ee542167a44e9

SHA512
c470bff6e041933ab1727ed7eb11a2c297419ce90db1894cad77201aff7829c99fa386b611cc1528795fce1081300c02a7d5263fe9cc18f5f40af668a32200fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
4681f5675e4e651be52012c35603b2b4

SHA1
cb5749f90d529a7e012c7c8c404528e22ad24b30

SHA256
db03b88da054182193b8931259d760d2b64f8ccc75c35ef2e2950fac37b96641

SHA512
76768a111b5cb959013ae7d307b0c8cf3b3482f9937b93e4aa285c2139418770ba30100af782b282d055fd4145de3191ba0e85fc1e002d7c7fd3cf40d4b6d095

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
322bb311da084016bc65f4286e3cef11

SHA1
7518e1892a69c2e5d6421f3b586d8fb9aca8c6a2

SHA256
d54e0d4ef2c796e4d3eee733e970d33d40af306015223f1d0f215bf3511ea11c

SHA512
1cbeb4840eed998a5abc24e6127f5af86df892e65f7721343ef5009922f35c3a23411fad976a83b29dabc1f3e737c454427474a58acdf0a3c206d9d9942d3d85

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
35448f658709051505ef4fe58fdeab10

SHA1
96b4b07aa592110406a4a2938a9a46a820a948f4

SHA256
a2fa521190c3f46085670467ac4bd663ca541585e7192de463a59a16cc5cfabf

SHA512
741a24940515ba8da6e2cd843701c50bf58f21885df1abfd1010df78accf89e9109e25aa04c5d2c8cd6e045f59be6e0bbb1e2aa5a294d9d0eb04ce6709e9fb79

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
c8f9997559263d624911f131b3a9af5f

SHA1
4460c8605ca7ee58f88c9f3e67ee43c32d672819

SHA256
881f7ee2505d1e5be16b8313cfadb2f926b06dfc5d2beeaca81835ac907066c2

SHA512
fc02b956652c53e386e5da397291878fdc6429972d631149d5c8f749d517cdf76de7668011f53c65446aca3f5e740e6d9e6221485c437bfd29331a60b63b842f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
b5c03800e3aafc5321697215293f5a84

SHA1
692d220ecbbfccee45687e8202dd8fef9b3e6f3a

SHA256
3b877699d64116105c6924ce9c3a74acfef1715b60a24a1c98a217b0db55877d

SHA512
6e7409ad2ddf54b823d52c3b561b9f9156dfc3a59b4e5eeb4453f4f7c30e92e715e55e79cc4ef830002c77bed1e0d2b3061ab268e7fc577e1fc10101e115b20d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
c7ea2e920633ac0f2c133e0097d2711f

SHA1
d1282b13d3692aa1c97df786a84f054833b692d3

SHA256
7777fa16e0b6403110b5af69f99efa18f527356e89059dc674be1fd85de6729d

SHA512
ac1609fcefc990efa8fa39ec768f67b174090c60e78b92f088b15e93d3820e97ac8b6f1047f40d0e510a00524e0167882d6fb7cf49788abcacbbbe2fba0ac2b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
4b877b960f0a5e549e9daf8c2e1e5b49

SHA1
9098b8f4fcd1cd2b2d3a43198ab0afb39fd9bdb3

SHA256
da220b544f39b14a459a6368f930170513a4abab460e3b1255f98d3d7c43f660

SHA512
369c2d71b2cb048a025810f632d0d5f39e7ba4668ead0ac5c9b7e6275b3bb40aba68fc9b93dd4b97aa103f973effc4e4f70e6d350c489b281f99381414ce39ef

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
f43c240d46ab2ef97e19cc297a66b1df

SHA1
de9ff8b4ea70ed7182cdbd6f05f6ad2c0fad1470

SHA256
1635dd134c9dfafdc6b224c131234fbb4c87eed6fce5a7b49824b62116da1bd2

SHA512
988e0ce3c030137a670ed5c695ebba200140fef9258d3aa7ccbd6726b7e8873483f5403a7df89dec2756b8fa2eabc0fe77392484ff6cc657e52f78751400f49a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
09c2fb5820cd90698835dfd3e7f6c918

SHA1
fb9f4261c13f0910a2c10dc2d02453362b80b87c

SHA256
abca9a589e5f96eccd2f0a9cd25c68b14191b2d397f48c2c66ad252d9c0f0f63

SHA512
7defea51e87c27cae8d378555a832b09b257efe38b1fe04e62085fe7a943f43763e98d816f7e7c89e56ab0765afa5c25fd2a62354bacf74667b57c630e58d902

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
39c91a70193d12367923a208b43b7679

SHA1
85c8b0972664d4ddb92faa2ada4642bb9153b9cc

SHA256
7562354384bc4e57a154769668ec0ee84b5f293ec0757cc3481ea363e31f7d36

SHA512
1a6baa91f0aa192e2ba3341865fc4acbb11ff9d0c7014655ddc66a775d4ad61f95dc2d674e14b779cfb7e25dedd47a3bad191469763a4a84e165ec49bfe8421b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
7095e918d413c3db3d238035ad7dd9c2

SHA1
2bc507649efa4c96d41f2a2acec2e2e41bb31498

SHA256
c037061777f7522804ff6e5883f4d570107d6eebc182888636ae591c1b1095d5

SHA512
e8ddefa27e591deaa988d32c499a63884543085eb75c1f5d83ea397d33685d25a24da2c959d808be759b8bc6a8cd3a528ee1af319cbf8db5c6f3e9e104f51c41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
a155b14e52017ead41d2ff1dea88f98b

SHA1
3b7711d9ea8e3a72440bc6266bed590174d7cc91

SHA256
01dd55abdedf64f1757994e0bd723371a4fedb398e9ce25ac6c6b8924b26e0c5

SHA512
1ae561184b04aac5b677e55b3733823c777473a15c8ffc09954563f015a2b9cf3da4589e2a721c34ac3f4e1d1feada29ba9a406f4a3120216089a2a866a155b5

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
5e740122fd183e49c73d784f19a572b2

SHA1
b18d7323ec5c4572c214d06e795dc5ab923f431e

SHA256
4e0ea672e625df218ba41b9c998b68721412ef8e79d608280f460776e0cb4391

SHA512
d0fd32023a8ad5a254f302bea4aceb4cee76a5137d0b7b13ff7b714ae210b67eea9980049263a1e47558208c208f5d81afaec501eb4063ba19e10e698da21b0a

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
282B

MD5
69a98ef655778f1cb3764a923acbae80

SHA1
22683321e95c9a631039d15fc49ac5d3e639ac54

SHA256
2ff127d5bc4c7333c8f522aa4b456684eca97c06d452bf7d00b6a99b49b11b0e

SHA512
610fc09f40124e1a74ff303ddd95ad5809679be9e0c381e5d367ecf8e1e137c3da188142de7a2c5fe2b1225e12482245f2b5c417d43d73618108bfb1c32a5ed2

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
2bbef98ad89d5860409a24d460f9db87

SHA1
3f77719b39dbf5b91ab339955c502567593a71ea

SHA256
2a6d4a398a57020f924e7f5b269dffb5d57cc6512441544f409c710794ee68ea

SHA512
936749ab42dc445618341e9d7fc1a1e02efed0b11dffd5e6a0a22d2f081a322d835688c6880830dbb583ad63fa5c91ee5f93f120b642c351e03ba08ce482e8bc

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
a9ab9499caa5485b66f1de11b9692409

SHA1
7fd1b9b1c2a97fa15f6244c1c654bf50f78584f1

SHA256
b02ed3e166be90f1a2d1a1edac63a77ffe05b0021b13c99980d7309f1378811a

SHA512
9b9a70a3e6e253e0b67c17b981a70e805d7cdc8fb1ab85b087cf113a3effff228a4f15aab9fbe1d5318dae13cb7f4f19a5728867bcc7adccf96e6c7e0b553474

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
1b499ced2c5ec15d623d197e47ff3fac

SHA1
844bdbedd5e64d11e81ca4bb8dcf505cd19f4efb

SHA256
68c62d0c90a5b73fb4bedce4c0c6a0e150b60b5794cf2756e4105077ca4529c9

SHA512
2b555ceb1ee3cc3e73cafa8b3e7de2dddb93a40370d635aef4cd3069503ce11f045e5bd00b644b0f21fa04b8aa07922485246d708457d3c07dbafc0379e8a356

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
8b7f5a06dbfb11a4a20756be822e9f73

SHA1
d643987c22f4148bf113212326d491bbf910c051

SHA256
1b404911a4ae418b422b10bfa60e0481fd033aed4419fffc599968d93d7e187b

SHA512
4432fa2c621bf31cf7172c47783a0be56cf6d4aee94ae426b46616bae60a9e9dd3920d935d42b80388e5fee5ddc05c053c65efc1e719c39b022f939f653885d1

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
9a4c85e40565c5567d44171abfcf8e02

SHA1
a49ca60864647a6bec8a8cdc967049e47b21bb3f

SHA256
49dd23b643a893d53bd504ccef86e247457f6a01a582480d7ab92278ab9a82cb

SHA512
bb2e961838252d7c95a3f5f8b46b5d2a8f26a86bc128b1e0aa9cfea78a8f8c291b6e43cf1f93cbbfdbd5fd08845d55a9908c0389746129583477c85b3d3e41c9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
736ee735a462efd8c2b5b42fd9db2681

SHA1
3304aca5c8996e2d7974bde0bee3d3ec564faac9

SHA256
d4cfa1cbb1f924c9829f586441011d7c5b3eb457f65c45fc7c6b20f0aedfdd5b

SHA512
014b53a82a0b36e013a56b3f58538eb6edb7f3a25c37bdb484207ee4f337ab2dd42f63ada6f8015116a3fa54679e97bbb2b4dfd5b28c11e8c95c5fbe1ba133b5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
bf2dd743c616584cdedbc7034a277a89

SHA1
1c8737c569c763a8d4d0b6d0f32c3782713742fa

SHA256
809f33df26059e62cb3391a7e00efecf0a5b93fbec999fc5fedc6a50c50a96f8

SHA512
cef27089f3fd6ec666e1bfaf927a92d50a127dd0fb58e7203ae1eb089a26b81deee09e4ca9188338355b1a9c8dc3373cd64ac5c688639af773880edabfd9efda

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
4d7193549ee54658ad6e75c7f431b2f2

SHA1
8394e8d855f135684b18796b99a78bec110f4451

SHA256
a98adabb22f3aa33563ef4766402e4c427bdcc9be2b1dc06b44f038b2b7bc045

SHA512
b42de79364e6d10bb416a3962637768617f5df892c795feffbd63b79c7f1a5fd46c4eb98acdae8716193de1f890bfd13d937bc86e24b7641675156f81c1b60ca

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
ab2bc40d09ff7aa81391ad40008ec3cb

SHA1
1fbedc749f02cb591a90fa87af89d889859d8398

SHA256
e10786e1d79af1e35aeb43617cdf635e54aaaa90f5902f958bd28e6c6baecb3b

SHA512
ae92f092f7b0b228bd25b9a16f620f5556793565c19d59ff201c47644dfc4de94ffd45aba79d2caff5ac213b1cf8b983a68f8b8ab84f537b4812fbcff031e3b9

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
c1d65924f106b2e88fb865f164bc3925

SHA1
5e0698955c5c13a1af2fca1aa6102c9954c4abb8

SHA256
5186308af6ab272cf7f8e576e3a19f7be8fcbe453477fb0b1a1be14bc703070e

SHA512
467a90842bd279f285d7279529592114811a732938b69a986c4170965abfb9d42d88b5d8c2e5eda2102e36ba73d57c1b8cc086832cc94fe5ef835a5aabdc7073

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
9385412947bc8309516012afd9c2d2dc

SHA1
18daca3c50b5a956e344cdeccdaab9a6254fb0b5

SHA256
927941ceb7629173d6fac147ce154562d8c9ac94f19c4a99901a3ab8a952d422

SHA512
dcfb5d2e25db6f8804c71cf59f30e8f2536e5d1caa1999ff3ce1851cebc97a9378063069ec67f86669afc45473f96fe38f4e65389cf24403299d919c3420f73a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
a43eaaae18ec67c326e70df96dd9bf83

SHA1
38a2d33591351aeb7c2e351137d8631007a5915e

SHA256
6ba51a9253645de8f9b0f8c2e8523be7da832d5b36981d0601cf2a2c376237c0

SHA512
c5c5a66b49bfa5d8cc4fa2fcad278a0fa2aef8c917c0aff983c41c9f47cb89baa3f42b90b0161f6ddd116d608c6bfca9f152bdf2ce5c46c24f61aadca1e5ed63

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
6dff740fd49fac6e34cf2367554a8cb4

SHA1
b6cc4ed9cc5a4496e90906dbfd6f3c2e589f47f2

SHA256
54165f82a0448fc08a6f5283fc772059bc87ae6e1ad96f4b6a375620c982f2fc

SHA512
01aa6747a605844559bd74daa58b0540ad0755368e8c019376848d7eb5e42237080e3fac867ef7c23defec219cb14228e964b9d979b7f786a3aa79b256fb427b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
bec5e4a6e792f3fdb809d26b0e9cba88

SHA1
0a571862475cc6dd6b35b7adbf7fa946dec2a7ad

SHA256
7368d998a6bd19da241e4ecbbd51c619ae35d19b1b86fa0af0659d42f97a4dbd

SHA512
33a06788d75c4ab864fba121b81a6b1864ba8251db80e5cf70f305725762859bf475c570efd5a6c17c93eac281a4889fb767711fb429a04090bd6a8edbffb9c2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
2424b56276972cb11ece8417f1b5b0df

SHA1
ba4403a7837b04c79f013b72c80987a85a434056

SHA256
1075c196ea92d2a2d0f5459321d9114742899cb86c346873e68b7fb166952d18

SHA512
fc49c855d2db1ef944cb5882799cdd0095a44127de8e67636d342510966fc79778f2101961a94e911a7570ef95ccafcc721973bc02949aa5c95a40680e3a0c8c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
fb2b520969fef618b0489373230624af

SHA1
258d78ea6ccedd13e7d9a98c4c907f455225c70b

SHA256
6dcb60afe096c39a356f42274c566969a8d52ca83cfde63d9a1007c638971b02

SHA512
5835fd23013cf59c5f97d38211e249aedc02dbf07d13a2d26c097fcb851f9dddc3a89f574c97ec86fc3f8d6c41e6b31516a719ff3207c47809c44a1f2d01579b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
47720dff46bd163b98ba6796ca06a4f0

SHA1
428aff467f7d1816552a6877694d789c1ef9aaa7

SHA256
d4e9cdaf7540e2322618e5e8023e98d11839ec8be552962658e3ec88cb724125

SHA512
d3997986be5b30fbeef0b68cc734170c9a6e80bb6aed63eef7fa26a432b7704fd4971731580eb156f9af7dbf979cbf7636b9c8fbf569d174e2deadfc95c636d4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
1cb9d5b71f5c9c31ee53f0bb455a3b48

SHA1
601848222fb08252c5afedaa35098baa101b0e39

SHA256
5ad90b68b7fa410476702a3bc43985fc836e829ad5314eec125fd97898acc428

SHA512
ebadc7c59e17dcbd0e9950e0d76a3b28523c09b7a661509d7eaf0d9a99c0b1490100e0cd21c663195d6e0048cd4a79df8722652b9bb41247554b10cd87c94784

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
e323330a82cb5bf75ddb490780db5dc9

SHA1
8ff461105e235eb7feb4a5768f8790a2419e1fac

SHA256
5aed81a08ae227d0ef4982c0c691e52e503ee242ff8e2cb638770917680ba792

SHA512
3bdd6602444324464d0020b126aabfb65071d593effcd9f5ffef14739d02e65c54d6b0072c0bfc0be9e71d3f72c8b5703b8959890187cb55b2a68acfb2d5dc6e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
ce69e78159ffa118940b3a858b62c5fc

SHA1
5c2ffc1055ae5b864d0c37740c700a5b17937f08

SHA256
600c538b1530b1b28367eb3790b603ee4cef5df67c3d138958cfbe097325b502

SHA512
5ee9f456ef835ac7cafe68ab23eaf76c96d99ec7ed2561bf386d9de2b4dffa3e0959696c382f031adca36fb7fe6cb93001ded8ee7ccb5f5e65793903f0ee222b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
3840ba61ca80ed85d8550a7796d35e74

SHA1
be54f60d6d14c9af42c3dee074876e60160b9898

SHA256
279ea6f0dca7cbfa2f5bf82cdf43ac04a463c96a8d4f47543383b79f08975f9c

SHA512
00c72a9400f82fc16fc2db12802a9725ecbe9deda81933df7274d9d1ac9cbd3eb02083eded44927d6817879dbc9b9e55546a38bc7a23dd84be7150b446ae2064

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
6845554b847bf5f137ef5b669fe03839

SHA1
7a3e7728ee1f3c4008e559f9670b3d04a7d9cfc4

SHA256
d7e09f64d593abb177a37fe6ea13cbed6c7c3c0983da204d3fe3df8ec16d854b

SHA512
4915615a95664752c035bb1d7123533ed9345aea8dc069ba829e29afd190fc418ba0b69fdb1dbe045267609d5c0e04686e9af87e07cc8916f4ca78fe19994243

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
6bfda944aec23fc74d76880549abb50b

SHA1
42f88e3291b8fa82d21e0961d1135ddaf58fafcf

SHA256
93e0b50e86157b730f64f32602a05fb6795b9a05d5428fb29f5baac0424689c1

SHA512
0a7dfb16e9fdc9dad52ba755d3b78a775b55cc9fe911d48a47971bd175ed7c1b403cbaf0255977951ee802e36b1f118a6e34152f2a924a4ac791b8b1495b76bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
b33f82c3d737147bf8cc4513e8890197

SHA1
d4dfff7714894355b862c656917557ab01e21372

SHA256
8ffe07134092e8d1edf90781c3775102cd644bc060a92ecda7eaf5694b72511e

SHA512
835f6cc4506d0c315bbca57c9db4a6d4ce21e94409c0bdea14b62404671af220be67c2033e9d5a418dc3e9e32e3b426134ab7dc40d048cec28d6ee3c7ac561e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
d526dae332b52b911492b3c75224a2b9

SHA1
b1732699cb7392cb8663d85d7011c14cccba4879

SHA256
ccf665fd512f782d0770bd62d108581a1c5ab3f45ba54c062a08dca8645d3efc

SHA512
bf98f261c7e96fbb8b470442b1167beb0976ace8bef2e80b08042ccafed1405215ff815378da587129c52e10b5ef6e2c3a82c87626f16117b9b769fe0a0713f0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
e478b36723ce820afbb7f6fe98481a22

SHA1
a1e3fc3c8e5e9c59ee2da6531cefea95c605a553

SHA256
dfeb3a11919ab5b222ca0b4f11c7cb3a8c6085438b1fc3a1e4509601caa4521c

SHA512
dd4c72ee506d34e273b765cb2c5e150e511c15436d1a10b8c05b4bd97a7f47806fe9e84d950b0989a3303ff9875758e6a2119648aedfd5b2edc5c3aad9ac74bc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
5a88f961c42fdbf48cee2e08be09269f

SHA1
24bf97db091ed983361d688cf0f60b8fd507440b

SHA256
4c93cde93712984ed9484164a38a9a67dfa723039a001bde68ea3eb762f3e4aa

SHA512
1ed891db9254510bf31a254c9e51534fdf3e653fb8898517695cce095f04df5a659a9935fceb23bade4f685b21204d87d85bb4a1b4b1ee89e36265984cf800fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
ca396439a64aeacba5cac8d77163e124

SHA1
447851cdfb34a26ff6f4cbf0afffa2a759f228f3

SHA256
993217063c7707aac01495a406955738ba00958ba0a294f2e96fdc9634d8cb83

SHA512
aa03b9fe56ecc907eb0cd513b0d8abed76a6f9fb3a68691f7f8bdd2159dc936dd27e21ec5da96305dc2749d724c21dfbd74008328f7152ef08dc4a9670110637

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
d7ba9d6f4f59d5d61ef49dc7297d7313

SHA1
560c03d254286920eea57cd5b0fc347453bc8952

SHA256
2b7dc07ea627a609970bc33c7780805281f4af29378c10a9ed923ee6b525441a

SHA512
3a720a41c247f5182805af344530ff34237b8b6778ab6871d147ebaaa9613b6a46d435de8346786029eaa11dd5760869025397f427d253da5e26f99cdb793366

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
c27393c9820274491a7180f12e550bee

SHA1
cb9689fecb8f7d4a0873b1100ca6761873dbba26

SHA256
4310b94f1888c08f95163109109aa69171cf6061643f8e086917df7563404096

SHA512
d6f0acb74d06fb5208d0b68972990078d3f2e2fa58b6ee9cd7a72bb8bc3f175ac239c23fa26ef14dc981f7a025f5eadf943a04c303070f3d45f949e348b1b4e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
8db781a6de01c26c1fa05ddb0b55bc23

SHA1
429f95c8325461fe286664cf722bb1491a92514d

SHA256
71ee96b3623a8951d7cc2c8168ecd0820fbecfe24894192326619c70036941d3

SHA512
2c345fa8ce418cdfdd17d76e3885c62693ea51c0116d7c48183743a5974676d1339e186c03ef204f48a17bbc4c313d8d6fb5c34be84c13dcb7af6d5b6b47f5ad

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
93bf62f5eeb98e3687b4e1329617b038

SHA1
9686e7909ac64ca0c64ee36f584f9873d4a20df6

SHA256
085cdd114c187390c3e5cbc0d165341e9ae4f98d8f7f4bd1fcdf2a0fdc84d71f

SHA512
18fbccf328cae197dd322125113357c8b870b15f6f5d2c8d85fdfc8536cc5ed21611a98b97d9d50064298afab405743b366c460b357e98f45656b291d64a7408

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
425ca1517d66d8c3fe70cc8092b3a95e

SHA1
1d4d9e93ec86a35caf55376a8c2a9118583ac6df

SHA256
8927d8acef7310c024dbe119508ab7c070d2546e37997afe28b4ea3d019831d6

SHA512
ab29be7e700e7d8ca4e1b634eb216244a2d9120fd3072bdb15bd2261e66cbac4556637b59b5f95acfa68fbb1c2a037e0308da18db44d1e47eabcd51fa12c24cc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
bbe81e06c69c365721f987686d875729

SHA1
e250d3080f136010d527785086a1075d6a38f99b

SHA256
650ca55bbf7cf4cc59aa3ac89b64e17d763e251af404b0f65c936603f6271184

SHA512
e730006e76bed1b077054ed4403bd51c93cb6ce4d88ebfa571815b467ec832cec638e70821593eeaed890feff10e35f3c1bdd60411119ad6d7bc253394c2f802

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
d158c16b5d7215710571b46793f1184d

SHA1
f7f449024ff6ecab77fce4adc73310019dc7ae7a

SHA256
19d97cda8befbef84f7e55910aa8c2c3800286430ddd0e356b60e19133b494aa

SHA512
9da848f4b121a81ed0101f83e92bc8c30997614df122dbc78d8f76424b2d71686dd10fa7bdaa3afab24c6d194ace717f41ce312f5bcff6211daddb2d7442c752

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
55d98fc00edeef58bece2292730fe044

SHA1
0dc4a322d194cd3b222f56efef2e96567d64f88b

SHA256
efcd4d6cd5ec28f9c209f3c0eb5fe4860b916c2f150d5a0d8735dae6bacea6a5

SHA512
ee433979502d8be4408b53ebb643f29c23a50ef4fa866fa6fc75835db16d263c35731571c02ca3297154494beb96119b5b3b066181d44504a6ece75f7c346325

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
557a8f29ce551b0ed8adfc76310dae02

SHA1
3b012fceea7d20a228ccd7662359eedfa581c543

SHA256
056accadb018c95056ef21ca9302c15d1750ff063bc16a5eea3acf39d75a9974

SHA512
92c0e34be7e92bd5fa2244600e655e228286f21168c899da73637454b9981bc234b8351bdbda077a9514b8432deb1cfb81e460195cf29b5184e039e865cd36f3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
a63543c85a60c838f5d3a49868b5cbab

SHA1
870852a1bdcfa34449e9552e640eb4320f6ed1fe

SHA256
3d145892688f1f80515a9de24b875d6b5ff3838ac7c19bd6188a111029849cf5

SHA512
24e6ad3b1c2726cc08dc765ed2fc84c734fbf1868ad622147dbaf166c53985f209a69c35b05ff47fe86377dafe2ecfb599de9fdbdc5c2623c9bce3568fecd196

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
8ac919b3f5d6dbb797d201cd6de91435

SHA1
4739e738b222a51fc846e73076fe37d4631fa6bd

SHA256
c668f4f7194a007f1aafcce0fb03392df777a32aeb8e310429c33dbae133cb7d

SHA512
e031aa9b56626215ef08d98844f5f05eb57f0b4bd48b46468bd85017a5db994fa36f3f235bbaf57536db246df7afb64f86021d05ccc6f59cf80c17af7611d4f8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
b849474461566c9e33699df9e8ba80c8

SHA1
fcf7f40382e36aa75ab925cbb153ce602c41e455

SHA256
cf1af7f4a6c2c7a338da7f1542aaa7d365d226ad5e426353e43bd3275256a48d

SHA512
bd47cb4e5d63c43b80be7bc4322ca8dcacbd44e3bca9aa8f96ae0ddec4b0cf0fdcb84f1eedeac575af7a62dad2ca2fa75f09484e7eddd878b57e93b7829fd100

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
171fc23c550b3db4848eaba62c58b835

SHA1
d50b9ca673187a0bdc8104e5b7b3fb74cf4dc4af

SHA256
4bbabf7ee880f87d1a107529daf05dbb949b3c0612c957173a1371ef7ca903f5

SHA512
0e85c4d066af9a9807c249c7ba7cb3b9f3794d89236a0b9552a7ca906daf84004c361314a69f82683e2770edc7c403026e5e2deeb9e8863d65b8455930c15e5b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
dedcc0eb012dd7e5881f048c251b8edd

SHA1
ec5b4d88cfeaa5e1bf62c8207f018f5a9610601f

SHA256
adf8f23e3953990492f21b43224af8f34bfc757a9df27c587a4e82c16a332746

SHA512
ffeded62c3f4477ea78ad8e1f03b88025945583ffd4669041f554f55db7c00cc9e1b594ed1e428ed54dcd6b7d59c045d5d93c63108638076cf80c298c8cc2653

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
62c5f60543f6cdb3e43d5303d7cb512f

SHA1
2710fc272b7c9884fdf4f15c5c063897bc00145c

SHA256
8d0a9cdc384642d5dd8054b6704734f59fca4ce02116539b73eda1457369ba7f

SHA512
9062e44095054a1f46a75f18017bfa7811d993acdec1a3b39db7b098dcafade9577d5f7c147d5eb20c6add4c57ab0308a53ebc5a9d0db45dbd90ce438147215d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
2ab10ff7bb86f2333453e27b2e6b2823

SHA1
c6a6d99f2865240b2d532e0d17ecaf4c1722390a

SHA256
bacff583abe1477eea96264dd5b2d4621865c189872b2c0f7b049f7fa6386de3

SHA512
5c1e1aad2b15b624fa454fa0e2b1a60b5448ff80cded1dab2d1a5906d16680101f49704983ec9b061c8ac47560aee934bc20210a5e2f7df9a3e4797d85854fe6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753988092688.txt

Filesize
77KB

MD5
ed2c9b1571e92797f60e1879031e6574

SHA1
b2d05ad97e373a7f74ff18e3d5a0dbafc9bd5596

SHA256
1f7be60e95fdb98958683270052417f85582008a465a72386c825ea0065cf276

SHA512
5000606f26a2a90dc90bfa0af3cf932a484879fd18438dc7277a87a60580c6b25e784c24da4d0bdd789b97d50c005e9b16c7ca7aedaf237149857355d4f65826

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670754513600213.txt

Filesize
48KB

MD5
517eca5994b65bbc3e5895c979e5151e

SHA1
30dca966fcaae682f00ca93851e74aa6219f9e3e

SHA256
e836da93ba611a95cb80cc3a1bf6fe02931011e5a2c9dd0d6b40d5c5b5ce0965

SHA512
fdf61af4bc0802e06c7c1dc0d76040b1c5d537867e37ca63291d9d849a27ee69ef1bc842192049a8c9c351526707bf1a3cc547a2fcaca0a996a21de760164d2a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761155176116.txt

Filesize
63KB

MD5
e562764a18811b52b0d198b15e27120e

SHA1
cd7857b1e2225c967df3720bd0f71cf099dbd539

SHA256
a1830d27e95c4619a4646fbfecef1c3ea9437297cd2a210f93517b1ccf2ee224

SHA512
52163c341dd439c7a7c8ecbff6492644142abf2bd67106fc15c1733a961d8d5140c884f9f5261c2e31da4f3e707899b268e39fb172ed5ac577818b7efd0888fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670763712487382.txt

Filesize
74KB

MD5
2141bb7c6490b6c5bf6473281ad4d01b

SHA1
a73e1697bbd3abaddcc0cdcabefc032954fd8229

SHA256
ae5a1576dee822907e46fd4936d2fc786d46ffefdbcf835feba907eafb85d2ef

SHA512
12033110b46a703dbabe74457640d689260e9e9646561e124b8e25e5f418f9d58ccceac1973cece12b584b0ef14077e15fbf96202ecf0e1a60e2872b67be9fc2

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
f319b41f448f4c6c540fee30d7b3958f

SHA1
44b20e14474c956b6a12771d11ecda7f45ef73e2

SHA256
5bbae7b1e34cb79080f834b3d16ac964a727c4791c8fa6382329276de6c1b433

SHA512
8a0c16eac2791fbcca2e7be02e94a29701108b76fe0678332e8644886f5e596fd5dcd3f917b4a740e12d2185409cc6f29e7e741e483f1faa2bf2a213cd90adda

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
479e268e856d49608cd64b96b1d75083

SHA1
17e1dc2811a60b27da139cc95fe37b3aae5e571e

SHA256
24cd62ed09519ebb2fc7b98024c75759a8fca10957823ff24fe7dee1dbd44afd

SHA512
3f7f757b9fc1d305705a56e41dc8f2b278cbff2a00b85d83846f101ef56e82095418acf897c72548de8784ad6cfd5c201e929e8b2ff7d866a4c656506f9e1e15

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a8e9f3f24de59f96db21b07b72a2590b

SHA1
89084a9997ffd06dcc2a3527ced2730e528d3f1b

SHA256
81e91f4373c634cccb5ab993ecb660c8bb228fbf315f427fba86aa0ca9317960

SHA512
cb447c4c26de25188ce1062e74dc28ee030e55ca978ed21b3dde8da572a4076608153ee5664bd087758c8cbf49fc649f3f0796c377460062266053a80ddad73c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
c88fea2da8b926923c7bf2437ba90445

SHA1
b2ba67f325eb40acc48e0972b641b005d8d9657a

SHA256
6d1bd75fcebedcac314c72aa628429ced554b7b15674a709e4c5ad7ddbca023e

SHA512
3cb432c99639458955d33e4dca7191d98ef990b492ed3fa3d1ec3f7a128bc5db2f9835d7fb4328471ceb7287b25b00959f2f0d78bf91cf49f161f0a69c2163f2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
b52226c6552de65b4c796df5b4ac4217

SHA1
c539d1eabd814b2299e65c65882cc496431597bf

SHA256
8228afb4409854f2c25df3df610da7d5f1c4dc66b01ef9d62110d8ddc11033eb

SHA512
6681a4fd3308713b788bf9329ef0b60a01fa1eb888c4b46bb1e789fa7f1b25ce1221802c724f836652ab9910ae71a36e63bb5e3c0b4c2e2effe9b70ef6b1b1ef

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
88fbc082b9384f748a6024576d4c0370

SHA1
99251778a98ba67e099372810bad7d0c184e9558

SHA256
4272cef6b75a0879558fb93873df8a2d3d5aa7beb9f254f3d62bff2bc3f2ee6b

SHA512
a6f96b9b4ec3ed00deb79b5009804fa6e474699b7ef949e0f065c214916d0a71849337d49733f88dfdeef76ad98e8cd065020174245bcd277b691299ca439462

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
51c3261c8c8e4b7efe5f208795f1c746

SHA1
db94157f501a72a37ff7fc111437ddb5521aef38

SHA256
4f73d683a8f4f9eaa39b1c686a8a7944812534ed3b25244ce685060e408b8887

SHA512
582bd1d395422ad6a0392584aa24f5600d42d08764e6b8af1ffdbe7344a279bcae33ffc1e724dee5b49c96bdc10fe49fe5201698519ee25286906c211f1a9da8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
b2177fea092e56d6033a4201994f508f

SHA1
f50ef476cefba307ffc55b88c2fac4aa47f836c5

SHA256
0c354388ae80b010772e708ab612517dca2bd6d03d073cf36499397a9643af92

SHA512
fc743341b5b4125d97841000763ef755344ee26e1c7071cc24d05dd700763dc540cc52b609102761c0dd7edc3ca2360ff70b769a5b79785bf1c1b26cd3b461e0

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
79a63b611afe4d9f70d305e530585421

SHA1
379c1604973be50884ee040749df87c3978c47f7

SHA256
610f5e7a59d3a3044a06f20049d499790c3b1bd2d358abac5542002884c188fd

SHA512
6b4e94c1eaeb0f510e9c0bd2dbca993e4658097b7c0684a63ac791d49e32c7bb18dbcf62ee311e9e3ea85bb403621df2a99a1ecffeb33eb00a6a5a58e51fa1d3

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
52bbe62ea7e2c3d412ef98bd844d4c4d

SHA1
9264595f15db7d73e6669c4b380dab2caf975278

SHA256
a5d806a1d318d15f137d8ffbbb19a108eaaacf7b274d5f473052fafb981073e2

SHA512
715d651f71e817d0c3bd0228708f824bac3f1af8cfc1ff8ee2bb1aa83f8cd17a44bf279be7a08dd6b71c0ce0b9894c157220f2473e88abf2ffb0085eeccba30a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
51c96f5acf81d3c5b336e08d1f713cb1

SHA1
5d8a482ae9c8fb13536085d62138ee1428fe0696

SHA256
aa6bc8fe8ea6a6df3ee879059bfb8787cc96cd8a2ca32de0a7e60043c5f98848

SHA512
2ed890e8fac67acf4fbebc61736eda6fbc2a82c85e7025cb8689de9863bf1b6d72b2a9880d1cbbae96ea73356025afead0085f8497a17a3695b94ed04dd3a5b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
d02b7220ce90d7c8e3ae38ae149598a4

SHA1
df318bf256425ce3bda38b10def747d53191efca

SHA256
6cb21335331e38eec2b27103ac334247dfec496ef6558453ba3e0369aafa8781

SHA512
7f6240b48497867909c118770621739c30ebc4f0d55b644c42e4d92816516ca0821abaa727adb5b183fda05bbc3ed71201f049970016ffb1763083f072a85e4c

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
bf2786131cb3f3cd4cf1c68ff912b0c3

SHA1
0096656a94c6eb20f4a9123c6f4b4060719f7056

SHA256
bdd074a88d9966926e52a8904dc22a33e876640caee193202a1c80b611537548

SHA512
09947ce7f2d7d198de965d44e5022d6d608622c775acd84edc5a6cc4ba011b24260a33ffbe7b061aeef5f3c340cff9ade8e1d90c758e7dfe768a01e60966dd7a

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
02fbb0eedb9cbf2306b3c479956d9207

SHA1
a86c25a3e2b7b6743c9fadfb5a9c64d7dbbdc127

SHA256
231b6a7a15c1162e252dddaa04d673fb6ba7e9647bdba01d0399ed3673da1e88

SHA512
2cfd25bb78cd18d3a9fb29e9bdd2f62f775eae676f1d278964084e37c8a75a617deeae98feea824def9cde40147b8d9aaceb007cf0c282535d9ae59b9969719f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
39c374927a04a3cffee2e354b51badcb

SHA1
dc6812e54b8ab3fda44cfc0d33cab97e5a8778df

SHA256
267ae10899905c28cf6ac33bf6d268449c735c08e87e21d827c2049aded310e6

SHA512
91aff1ea7863c0e65c2d62bd62387e0d38e670d465300e24648cefe9e06cd175bf927671d8c7c104d34e84f501ea4a15fb477139779454b7c2e9458a1d03dbd1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
0d005deeb4240400939519e15a8dbdf1

SHA1
e777b1b395dfdc76ac4e947f174685692bc8c168

SHA256
47aab3d86f9f8081caf9244700d0315c36345cf8ca0a890eee10839b4a632260

SHA512
4323307488866de232c0b984d4b35ce26a145baa1aba5913d3f2413494497cf6f4b1521cf90b6654a7ed5fe16d18224983fd7cef4973325d2458efd7271a1196

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
ba9eaee1c250f00b032c057ef77cb272

SHA1
9d52711d41737d568434abda255c4f5197f38357

SHA256
d415978dee871ae9362a4471c58cff6765d77c3d369cc7a6d48b2fdfb1162415

SHA512
fa636b77d972c7df11e0b2ae33bba92219dd5455f36ef652f1a876b19306a288a5bbe9362b1ab07506a3f90e503856f008057406a5b23bc6a0780fe7ad3be465

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
42337547da1a972e4b4646e0314958cc

SHA1
7303753f43662525ac65c0817b9078b4693489af

SHA256
33202364c2f3074be7800aee715070a7f9a26e4358b45166ff1a8b178ba70077

SHA512
bd44575b33c132932ab6a822c1b66ec253b4908a348c0496c5bd433ca64f14e02b3acc927a360279e71eeaff8303ec235196c7b7a266a31d6d913d8946ec6570

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
edcb904cde172784f2be9716fdd53f4a

SHA1
9e6a3e228be36e873f844dbe4d1777fa6c8e0640

SHA256
fc9d9df68c50759122c4c12e2a8427b640cbecdfd4f41e2e22a356c5ed71b749

SHA512
abdaef7339e24df7b201d1fde79d28e629130143fb2367c9474b2549555be910ccfcfdce4737ff30899528076568ba3d7c928838a39799316bf731d2262f9280

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
6762f9739df8343f9f90e58551ecb651

SHA1
ff51119e36770a8e14a31325a6eae7ea8809c8db

SHA256
bb8d2c31f7aaeb6512edd641c4d8c5cf14f3a2ffc16922a7a3aaedd1564ca0a7

SHA512
34f202db78f19a012b0fb52abd54732ae752d4a618ae02e9d4355fbbbdadcb8e07c121ee7fc2f323b1c1e05ddd3ff7b5df41c4c43ac61b76ed8946587c06fae5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
ac21f9f317659c368cf63a39c67ce0aa

SHA1
089372f78867831a35f4a5c9e473873a73ebaca5

SHA256
b97de1a0636f1b727f1fa3952e9da564e2710ab3abac0657b673a97e7a3a2052

SHA512
925c16a5f84a09623fe25ba8376d827a74dda0c73fcd4fda6035e48e37e31135f2e05e9fa524470bea9c59b375448dbd426c55716b1e0cb0a6aaf324131d8737

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
ca40cc97093b903e8aa4c1abdd9cafc9

SHA1
f08b07828f30128af2eaf31fd282d1653bebd1c2

SHA256
c441438ba6c766083048200d34498171d27c0a1acbf0f55ed94eabb836274f98

SHA512
751ba21332b013de9e34db6087cc84e3f3ff5edd495b87721522673143cbf9ad39ab29bd2126593bf07c75a3ca75f74ba65a8b30d6fd99ea7b6858f9c4c8cf23

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
4db1c9e2f4956dc9255da0a11b2eb491

SHA1
342be2ad6538a8aeffdb5ce91633d2ddb9f13bba

SHA256
134556a48897054989dd60bd505c32f4a261dad5df532846a6287bf7401534e4

SHA512
a4ab55862a7b7530cf0ce52a22b6068cc5f53697a6e5eb3522cc3113a5e74428967d4624601678513b49f31e40587e408dc3f599a89a57861ccd8afc47a97fe2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
57712b5b5eeaba2c14ee4ea5a45fc6c2

SHA1
226329249108bb81860d29effb8444215fde26d6

SHA256
6cb1033a4956803bf365dd2921c7594896d4a5705d55b77be81abae95cfd8c58

SHA512
fe4373287e7b73ac25a31929ca10a0a8a68ea31a1a15feb6def95efe8c5b3843eb054f217392fc7ca78c3b470d048a830aad55f7643657bc480c76848b0be6cd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
d6459ed1c23c78abe6844a17a3e58c8c

SHA1
7a0c5c37cd531d103c1100183b40c79332ed53a1

SHA256
d9717b06d2915ff4d5eeacb25e4174f201122a95dc9ef357dc9e6f70c54f6727

SHA512
3ec6677ba8ba06e7b068fbfd5e99c916438e98871e5c5a600d1d4dd936cf6e66245ef4b5ff8cba12af5f2033405a7dde6d836fa396b9e05c2152a8d0e5277ffa

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
1ffb550271cd1c8f27855a143a00e47c

SHA1
5af0d9bfdc35107741495478c13c747563d15461

SHA256
a768b753dcda70e8a2631aba2b86f4ddd2b7a88ddc150075704bbc58197ad5d4

SHA512
dfbdbc0e7f9e7202902f6eadbcc5c14fd915d5b387dc19d66416f6228f2c3aae5d8866ef3158ca0a090ba94fcd82f7e1c542c8c06b29635f305160c0c2ea18a3

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
e3415899ebb84e30a0a64ff964edb6a2

SHA1
f0616e3c5551301b78835c269edfe9fc86c68930

SHA256
f2c71226fe66d2e508ae297f64366df725df32d8fdce8ee4f7582cb0c9e70c57

SHA512
a86338900c84c39074b35ec2e19061940acd418fc6af6b0091d50576be64df7745f57bfff40776dc6397e0d23542a400242a2bc3a7963c53c2d85b315122fc78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
555775983a7aa5bd49eca2d2b22df0b3

SHA1
610f9e30ec5c0e292b4471b03f35b1b83f7ddf31

SHA256
707ade724cb58808033bf9cd1b77ca8f88fe6b5f09efc8621f818900c9a20a0f

SHA512
cc6baff3288c4a1d603dd69325a42583cafff5d70e88d64b304ce584bdb398bd762f459a292c0122410c6cf8ab5ce5ba4df43f917340e8aba5a134b051337978

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
0126e1e239f121fc751775cc522e7f85

SHA1
2f66ca3e510b68bbee6823e1dcd4fbd61210fed1

SHA256
70e21b808860487766726bd74f369f8165efe7723c51e6d1190d09ab8e99ab1f

SHA512
ef9e1b962883f50c3d666d9944ad5ef54e5925ac55ca825583b4eb26f74debee166c3df8b1e0ff084046be478fdc0afbff66474e4d4d397addf914e0c49b1677

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
ce4b1aef594078128b73f89c1750a3eb

SHA1
a94578b56c0969ce805668beefb05c3fd41016bc

SHA256
e617601baff5be0cca04f24a29284a7378688bf99d6ca7230a75f58ce9aa0d71

SHA512
3be4cbdc32198b963c9ed0c0a831fe5f9fb441ba8d2bfbd022bcb0954a3bff56beea313d259376c811eca0f080e8936cbf8ba2ab067e76b03316602133c59684

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
11f210f8b0becb3cfaa6be388d706bda

SHA1
4eed731abf28f0b5c0a855b16e8c4e59cec5da6a

SHA256
97bddcc01454cec517b2a5c74a81c1ed514656f54a55709bc05d615e7ccc431c

SHA512
b8cfd1fb1491f1db258cf62f42a168ba04ee89db987a73423f03e480cb6a91b604488cec778ef403f0d64a45e25bbbbfa09839273416a6a5bf21b0cd0cfbe2d5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
50c4ce422a70489d9ed4d2bf0aa3f494

SHA1
c5662832291475759a4273f5c23bf35fd14d1735

SHA256
e711af35866d812e72685131e4d947186d90bcbc5887b9f2c84cd4431b8d8813

SHA512
79dc71b566c3c5a241993c7893f2fcd11b02d01c04542ebbaa36817ffe6d9283277432dbeffc595ed7976de83b37070808d6bdab499e03629bb83cfa937d9ca0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
19641179526c5d468b15744c34efb662

SHA1
90a3bf98ff3e060e52ee545088dd0604f2373b00

SHA256
12e629d75646a2edc6e9f480c20d8147437f586e73e4486874db1b2ccfca08d9

SHA512
7f85e256541aec6e631c81b07cfbe64c57dad32b3414c7f6517c1bb4b3d8f81f009b17ec1c95564ca6d36dd118c49a508ba8975019621701de036f7396b9dfd9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
4d1906cefeac20f2e6ec8a234eac663c

SHA1
feb90d2a6878282ee1680eb483dddcb82b49945b

SHA256
232bfeea3b1e0241f204d081ebf63dd4180802e13ef1c70316c2e23913c3e4cb

SHA512
c5d1f1ad9c3f746ac2b11078d5a16142b734b2f7f3ceddf09c21ebdf2a33e5a66ecb38704f5643466c68809ffa503c94b45b13909fe21d63424324fed0dffa19

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
4b5c638cf2ad44a9e472a0c812d77774

SHA1
9a86fb572d4670e75bb0c3b8677d08e13b64aea3

SHA256
70b8c569aff1ad3ac5de5b7bb0142e45e15dca1c2f30fbba5e0ed0ce14368c84

SHA512
71839417a454330adc851ebf3f6f8a0bb400deb73ba94a960de9b9a1ebba676ca2f3dadc6ff35226b81707f84e0357aa2a759ee26a7964adc1ea1ab5e6794ad0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
828d8934b8065092c96693fc0e02e5b3

SHA1
10b7b2139602c84df70f77e021ae791feed929fe

SHA256
ec4a1429309b6e1e1196d171b1b4f625934d6f48179691c9a4b61be1f80f46a3

SHA512
cd54cfe356c7e6d6cc265d01630e4f892dc74f48ec57fc8b31dbefae4f001935d6bae98b821029aa954b4a033aa679b076f945c3239d32303266053cd26af3ab

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
b12567ae7d04b465c2f79394467f6f95

SHA1
0eeadaeccf66110885af8fbf8641b7ea3ad27456

SHA256
55c5e993c46ed17ec60b7bd2e487db2ff1b8c7d75606891ec066ae98502d88b5

SHA512
16e3d2335003ca67312531799e147cbdaf692ee28bb8c45dadb457d0bcf67159d5f3375c57b17a88703293d9031653c998e647dd0d0f4ce613b1431c29c69121

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
508bdaa105ca6250e5e347f178cdaa6b

SHA1
bdbcca589a8ab6bb41316008149addc47adc7899

SHA256
286558234b42c322356097a5a364c4af254f2b87bc53ac703a0c361ed677715c

SHA512
8e6da03f8f06c6e673e8298a6179df8e15cb8d0225dc245410f50d32518055a6113f6a56f2abf3a04e9b7de31877f1b85617fccea9eeb523a8da7ef89d257fad

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
227be72f055b1beb29383856eaefe5a3

SHA1
8212ae9b7e725a7f434ea70817759a1d8d313ec4

SHA256
1926106496618e8b3513ac1a58d75e9db03c7d4f3ee32ac19c651e0fcc1634d9

SHA512
5ac05e7ca97b69dc032a17e0fec4e3a61cfa30ce566aa8aa6682ce0a707f2d92d610bdff10941e95b142e73e1218242d4b001c610b17f910b0af39fb50383248

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
e70e4e772830e3aa78f96c87be7d7f4f

SHA1
cd91c6739352eeddbd2ef2918a647f7e1445b22b

SHA256
2400bcd068e141c36030190d56e64e84d2aa7b923bb9f8c83acb783f5840f060

SHA512
d1bb2b338a0d6e9ab66cfd856abac076030bb22d25d20237615371070b87ddf7d5cd84ee383b07b672a4130f6b0e821c00bd0e81e4f4a014eeaad291bbeedce0

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
8085f65821dc152e052a02ef45dbaf9f

SHA1
9981245f41abd181b8ecd1d56e3baec5b7d811ff

SHA256
8114541883dceb20c640ede3c3f39d1c6a06637709dcbb5cc374eb4db21136a8

SHA512
02f25707049928572d5b826889d8bf4649bd2ed93a59d4f957c547db249bd7c38782937ffde0494eb4e251ba1c510a58ce8049e3fcd03682db28a80ca357c2b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
5918f19680b402f7ad4b02d7d64dcd06

SHA1
7977076ff2423d303b7bcb4bc17e4e681a5d1efc

SHA256
b79bc7ec778133c0700f64dd7904c8fa3af058fc5d6e4e310c9eae5aea7a0944

SHA512
6a49fa69c0b66e5c72c5f2cd52062f34e776bd4d077eaeef7918e4a500989641cc9b5bb65130be095061e5a432b538ed4871bbc27d1b48afc964515940b3fb26

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
461f149e645944affec72b8dad6e3693

SHA1
b2b5c93bd3fcb1ca4ba711c9f8bc5dec2c5a2535

SHA256
0d88362c5665a5499b44ef21441bded270169375bbc8480c7bcc8bc1e547b3c0

SHA512
8c755c2a936851cda1047443b53f9c937db62fb5c7023d3fac9d79ea6a35734e106e6c2ac5f7673ab4b7c4d492735ee58fbf10cc80e6b42bf8238b3fd98250ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
bfc7483b758c8f42b352affa5a58fea6

SHA1
e7f140e28e8da216fdea8289348626e8111e4e8a

SHA256
dc79354c6f54aed36cdccc121df15cbf544f3e2d85e8deb1cccae1baac95e90e

SHA512
eb062e5198f619cff996775b9c79089b241b59e6b2b0dbc54d64121c3118046ef1ee8bc8edee3de744953203718acf9f29b1d131e7981bb2aced395beb2993a9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
ba13e0ed2491e6917f4b12833a69c4e8

SHA1
938512c2cb3d4dca6e7c998e8ccd257a678c227f

SHA256
6eaca5850a65381f9fc77bcd4c6415fdf8e67a5edbec4a0900e5ca72db4048a3

SHA512
70dfbcbc7ae94f35d64ee2d1c08ad6c02ba0d197cfba772c9f7202f2de3f13f2390be4ce9be2984291935dda33d07f3171f1aeb4a8c8eadfbf5902ce692104b6

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
81609f9d84e6cbe9431ff3f92b5116fb

SHA1
475272f44c4e78305267fbde2dfd721315b8f1e0

SHA256
461a85309997a6514afd9ce44e68579c38b85dab2daf8179a9e0746ddc39a77c

SHA512
a11ddf85029ea194ae437a2bc5a92e499f442f7505341b45e0157e1df25129865bc2516bb41ec97dafa104bba9349181c4b33dd69fb4efd9e3353d4e1f4f454a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
6821d58fbae3933c4bb0a7502e30baf6

SHA1
12cebda288e2cd38a2a557f7b9aff932377a9bcd

SHA256
0f65d4ded4b6fd9fc26edb8f85f2c175fac7d9ecc836559e588107d6a3606d69

SHA512
1b8e19904f70f9ff1eb9821b423620518661e5ebe459d054fc660380f76a0d47eb2982d277282293d5572f025387c170a0fb62c3a34239f8be3df364c1929dbc

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
3793c9ffd5a81852786a03bbb8fc56e8

SHA1
fe5551e28345be48a21d6c026776ec7f219d2905

SHA256
5bad8a9d30acfb232dcf633d4d8a12dc73e1cfb15ab3a055b6de03b1900990b9

SHA512
1375ed545cfb573812e4b4221b2f838590d58542001d25ae6c41f6d7827d94f8de06bab2ede3a74d8d8eec7eac81239b7c9f213a03540a816c6744c4d245e61c

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
36a4182fca677581eb50b27dd0f7b163

SHA1
b0309d9f89b8a7d4343f5f43e9c8066a7b52e11d

SHA256
44364769b96567a5819cd74d31a04dbcd83323f5cb18f6cf7c1c97d087c2ca67

SHA512
254850bfb591aab8ce288155af88d2a44aca13f31ac09d3f67f1718962893608edafa99960cc260ca4b8ea49ffb50cdd492965bdaa17cbda861e7412874ba1bf

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
740b573012aa2592a6b570cfc45a1111

SHA1
ef672bace3161895be2e1e798fbc3b42e08d3e5a

SHA256
a53d23bcec8331e48de46291db7f7b4c9545fdee74c2052b844ede3f2e5f66ca

SHA512
82075599d0a48537f0df5121b28f454aaa704afa0e7da5556e4356c5c983c9df319464451d72648705689f198643a3da197cc17186f30b0737452f6d130628f7

Download Submit
memory/3884-10515-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-10769-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-6051-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-11080-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-6050-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-11085-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/3884-11086-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download