xorist | c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Size

7KB
MD5

0fe9aea31913d392769cc6bf40d2af61
SHA1

6caf7328e9abb5ce35dc7a4b3eb39726165f9877
SHA256

c63f9786d11b2dfa7d35f79dfe5001990d64ac9ba78a661048c8823eeb2635a5
SHA512

c6c617c069696ffb1e0d8c1381de90deac18ad6551e8ad864a32747d5e065e6054d2bcdf96769bb33c1728402b760abfb70a414ff4ee52aa4aea8182556aa65d
SSDEEP

96:V4Zhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihEx5ZWznr1x+V4peJSpNMB:Ozdrr1FG1WDCgmjPZ+zn5criNMUA

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4852-6149-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-6146-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-10487-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-10939-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-11272-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-11273-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4852-11278-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_2be0e52237040d42\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\xboxgip.inf_amd64_90ed6b3fdc759a5b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\slmgr\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Speech\Engines\SR\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\WindowsOptionalFeatureSet\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_mediumchanger.inf_amd64_69ea0d8614286224\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms002.inf_amd64_2176cc45624119a9\Amd64\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\tr-TR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AssignedAccess\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_volsnap.inf_amd64_47e3741bbf4d6b06\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Keywords\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\ro-RO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForSome\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmnttp2.inf_amd64_8c1e04ee38482578\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\he-IL\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmagm64.inf_amd64_7f60bc7ff484a292\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\smrvolume.inf_amd64_9a3d52a168ca8fee\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_a7412a554c9bc1fd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Dism\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppLocker\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\btampm.inf_amd64_445ffdc4132cbc59\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms001.inf_amd64_8bc1bda6cf47380c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\de\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_linedisplay.inf_amd64_a720ddb820f10790\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en-GB\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\001a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\cht4vx64.inf_amd64_b03448ba0b72ec47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_firmware.inf_amd64_36e4e17f210128ab\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\F12\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmarch.inf_amd64_1ae6ea0bf54c0f5c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmzyp.inf_amd64_19eb30e94285f2a6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms013.inf_amd64_2b1aa5c0f193f278\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_computeaccelerator.inf_amd64_9d34992b3634b396\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hidspi_km.inf_amd64_7e53b3972dc4df20\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmdcm5.inf_amd64_a432be022b5f8139\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4852-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-6149-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-6146-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-10487-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-10939-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-11272-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-11273-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4852-11278-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\LargeTile.scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-40_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-60_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\zh-tw\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-125.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorSplashScreen.contrast-white_scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\dash.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Common Files\DESIGNER\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Square150x150Logo.scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\example_icons2x.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-256_contrast-black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-200.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteSmallTile.scale-200.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageSmallTile.scale-100_contrast-black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-96_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-200.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\PREVIEW.GIF	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerLargeTile.contrast-white_scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\MarkAsReadToastQuickAction.scale-80.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\aic_file_icons_retina_thumb.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Default.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-30_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-20_altform-unplated_contrast-black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40_altform-unplated_contrast-white.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\MedTile.scale-200.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\CardUIBkg.scale-100.HCWhite.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsLargeTile.contrast-black_scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-16.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\bg_patterns_header.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200_contrast-white.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageWideTile.scale-200.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\foreca.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\3.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireSmallTile.scale-100.jpg	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-256_contrast-white.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-48_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-r..k-handler.resources_31bf3856ad364e35_10.0.19041.1_en-us_135d52afc6e0a585\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation.Resources\v4.0_3.0.0.0_de_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\core\js\appLaunchers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_usbser.inf_31bf3856ad364e35_10.0.19041.1202_none_11c19bf5388cd12f\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.19041.1081_none_e4e5027bf1e82209\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-openrpc_31bf3856ad364e35_10.0.19041.1165_none_588ab2a300318034\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a2a3fd470eeae4d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.resources_31bf3856ad364e35_10.0.19041.1_es-es_a2ef4aab3bff561a\needie.html	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus.systemcopy_31bf3856ad364e35_10.0.19041.264_none_c4bc376754eedc34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.servicemodel.routing_31bf3856ad364e35_4.0.15805.0_none_e9fa01729e2e6fac\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-media-mixedrealitycapture_31bf3856ad364e35_10.0.19041.746_none_92c059efb71fb076\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\INF\.NET Data Provider for Oracle\0C0A\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_swdevice.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_8361b9de288cfd83\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..pulations.resources_31bf3856ad364e35_10.0.19041.1_de-de_3755ca93688c4417\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_es-es_cb2c89e67352017e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..vdsupport.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_a97cc568bddd7160\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.19041.423_none_9de80b9d881a1ebd\debuggerNextTab.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-s..ast-white.searchapp_31bf3856ad364e35_10.0.19041.1_none_2f147508fcb33106\WideTile.scale-400.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-l..languageoverlayutil_31bf3856ad364e35_10.0.19041.546_none_a647e86c9b1725c8\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-o..lfeatures.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_176325486e058bf3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-d..anagement.resources_31bf3856ad364e35_10.0.19041.1_en-us_86b1c3fcac37cef5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ncdprop.resources_31bf3856ad364e35_10.0.19041.1_it-it_d434cae435511b0e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-rasbase_31bf3856ad364e35_10.0.19041.746_none_f62e5d000d9f4bd9\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-directui.resources_31bf3856ad364e35_10.0.19041.1023_he-il_c9a69fc2746f48c5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-credprov.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_3927a01ee2b6bd0b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\microsoft.system.package.metadata\Autogen\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..itefilter.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_94979fc7c7dd8755\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..l-library.resources_31bf3856ad364e35_10.0.19041.1_it-it_cede4f01a8b4a96e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..geacquisition-winrt_31bf3856ad364e35_10.0.19041.746_none_ea849e84d25e5633\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_ndisimplatformmp.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_fb052ec0f53a4f03\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-w..cationcompatibility_31bf3856ad364e35_10.0.19041.1_none_2e6fe582b240734d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_fscontinuousbackup.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_7f233f52b2f06fed\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft.certifica..s.pkiclient.cmdlets_31bf3856ad364e35_10.0.19041.746_none_7a49d3709e6d98a7\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-e..-unifiedwritefilter_31bf3856ad364e35_10.0.19041.1266_none_1b551d24715cc2ce\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-s..k-transformers-core_31bf3856ad364e35_10.0.19041.1220_none_84d75a35d247f3c6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-securestartup-core_31bf3856ad364e35_10.0.19041.1237_none_a99d61c8a7531c97\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1202_en-us_bcda61367fb1fc47\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_c_scsiadapter.inf_31bf3856ad364e35_10.0.19041.1_none_b43972c99580cfd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-a..ncredentialprovider_31bf3856ad364e35_10.0.19041.1202_none_dfbb9429d8183336\@windows-hello-V4.1.gif	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..structure.resources_31bf3856ad364e35_10.0.19041.1_it-it_3ac41f540029466c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\Logo.scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-network-qos-pacer_31bf3856ad364e35_10.0.19041.546_none_cb01ee53d6697641\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-authext.resources_31bf3856ad364e35_10.0.19041.1_en-us_5be624a7096c72eb\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Wide310x150Logo.contrast-white_scale-100.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..y-biometrics-client_31bf3856ad364e35_10.0.19041.1_none_725e78755886a3f4\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.19041.264_none_2649f3f85f3b49b1\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-foundation-..stics-tracing-winrt_31bf3856ad364e35_10.0.19041.746_none_590d0ffb03306178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.19041.264_none_13222f28beaa00a7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-eudcedit.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fc3b67ef0534403a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-netlogon-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_0a1f32948035b09a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.19041.1_none_97b0a47239f6db64\PeopleLogo.targetsize-72_altform-unplated.png	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping.resources_31bf3856ad364e35_10.0.19041.1_es-es_6309bbebaeb778b9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\oobeactivitysyncconsent-main.html	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wifidisplay.resources_31bf3856ad364e35_10.0.19041.1_it-it_53a89e03e90d1400\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_reachframework.resources_31bf3856ad364e35_4.0.15805.0_es-es_bc9d4ec1c802b960\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..orkclient.resources_31bf3856ad364e35_10.0.19041.1_it-it_fc28ea2a20389c93\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..fyiconexe.resources_31bf3856ad364e35_10.0.19041.1_de-de_6151a66cdd0f0572\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wininitext_31bf3856ad364e35_10.0.19041.1_none_58d4514435d84171\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_edmgen.resources_b77a5c561934e089_4.0.15805.0_es-es_58dff7bf78b9f6dd\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l...appxmain.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_b4d3eb876680b415\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..demanager.resources_31bf3856ad364e35_10.0.19041.1_en-us_bf493abe1176addc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\ = "CRYPTED!"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.157953	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.157953\ = "BUJYFGNMEYMSLBG"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tLYREYsMCZjJ007.exe,0"	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BUJYFGNMEYMSLBG\shell\open\command	0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0fe9aea31913d392769cc6bf40d2af61_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
e73fe9a8c69d30afdfe455cb51e2d000

SHA1
00f56109f610bd9f3b317e5b1cae7e0974291d21

SHA256
65ddd5976670de07a4c44bc7cdd606ab54ac32a029368ce76c677f9863bc936c

SHA512
805fd3fd0de3b64f462f7b751221e1a4f72ee689da926bbf06a4cede0b794a64e8932a91658b9563914c4a605eba6593fb11d86273af5c22184a19ddf53a1154

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
f064ed0ed903162d8e25022391693718

SHA1
620a78ef786d2fd7354775c3176619b83e5ab329

SHA256
6e93b620ec55f6593c9e5c67cdc003c878cec43886208296fd948b6f8236c967

SHA512
7e912f19ddd0b8ca930e075f107287c3842eecb66cec99451febca0b8ecab34d8cf4ad314c4b3f4bdeed03e25592ec0a1069545ae079c291a9f890976c908806

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
a94c5be3ae7981804c250093049b7cab

SHA1
c80170f9aff54d5a7d658380d4e311785ec51ef9

SHA256
282652d34b7d03d14e0c9ecdef618582526416a7d94e6580052486364a763bf9

SHA512
94f8c232710aa30cae178240a02cf35274aa406d718aea0264bc94d1b1f1efb8e9714f39a2f2ca5ac6f063cae3d420a7e5e2675af7e5842a278b109ce6da4932

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
115e267cbd959dd70cd9a35de6623b44

SHA1
5fb9e39d392284792a8644535f9e0ea5579c3528

SHA256
bc0fb80b4158bb592b3f5c5e85be064738ba96f04f69b9d89c2234a2de320526

SHA512
e34a8ac3e62fc903c742a463123534eeb731667e56dc0315129ef91589540a1fb3b400986c03f7eae417be608b5355f20ed348a0cd99e81d79669a5e6e4afa28

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
ec9b7d60032e6a92ba0ebf0217a8d912

SHA1
dc876f3c158774c834ebad8fdd1d23e48ccb0528

SHA256
9002047b8313bc33883871f11c0b7328e73c5a993fdaeb202de6aa9e793e98b9

SHA512
5597af80c2715e0630bac6231af489bb367e1341f718532d48710ef8353259ba45e2b7c9a5cb3d0dac85ae0cf23ec70be695a6b788da518a26676b9281c5f57a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
cc825548be256e1c69e732d3d47b4e9a

SHA1
5a3be5e332171436ef528bbd5cd063a200d51a3a

SHA256
b1ebbee814bb4efde5ca4a45814190d4424b29f58d4aad9d6299df93d80dcb87

SHA512
6c2023ed292673d4c7cbbbaaf9273d0a737c4023605ebabca94b06f5422ec222f8156778e1795b57b9171d4da65e20426723faf30a04948a552f1c5f381db0d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
e3615fdde7900c649ae7ce2396564b6e

SHA1
12329b153e268bbb2c9628c1588e50b2c0f2a05f

SHA256
967e312063074161203218f5672a886155bbed0da26bbae1bc6ded37d199fd4c

SHA512
dc97130ddb358bde931dc5987b3e11b105a49a04bf11375ae3d7844e7eca62f791345390790da83bca68de98e94e0f66ef724ebf1fca11789144aa3ed7b2341e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
82728222bcfcf4c85551e429020b7c50

SHA1
e115f9700a4f78a1508957fe015bdd97d747889c

SHA256
5fe55892010a19af66b34e9ad7d05e74ec33bc23f78078052af988a615dd4131

SHA512
37218dbee230e112f09b61ac1c77d3fcc3229e68e2df2e2593315e7f2edd002d824628ef30822d571500ad1afe61593d781c644e4ceeed81d8b87241f3ddfe4e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
fe1a261f24ba5ace607782b66cdb60fb

SHA1
fe7234684542c07854fb032a039f0387aac06522

SHA256
d969c7ba6ba967707dacaff00aaa920732cd999d6f427f1021742818bcfb0e7c

SHA512
81260bcd371a5db162736fabe38535273cef8c02dfb0b18e3694f9dfe3577cdcdbc5fa9241db113d2216556d72c281bfe5d37021ed21228556636d2845dbc4fb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
89630112bc02bcc73a85e9a83cc604e9

SHA1
c1198791476a9f75c9f072fe1104c1a7a29ffb9b

SHA256
77f5ae0f8a7b400f829d1fd31f5349b8bcbdddb7cf1864ae46d94d95ca6a9441

SHA512
71a396af3fd5fbbefd43fbf3303f589859110419d2a3fdb429d78e0a563d19680295a92eda2b1034f74c19213dc1cb768dcb7682d50aac7243de8a58d31911a2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
9d7a26985624cee44de0cda40b662230

SHA1
9bffdd36e54c8dee44ff2c3136fbab0520d0cf2c

SHA256
0fb87eb7ce829bcdb59fe80183e59efc18d39a808e9f5436371ce66af5422479

SHA512
e169687fed758fd4ca756daa97f1dd631bfc568302c7f746bd8d3e3d7a1bf8c6610390a8b347c68e686eaffb6f90ea1bb6c98a224509d0412c559a623377d249

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
462c2316687cdd8c47d3a442e70fac3d

SHA1
4a3d78d53f50718037a4b191d22aaf7d4fd7348c

SHA256
5d029f0752606270a960d154631ac16f6c1e4029ab1e0002c2d30441ab554735

SHA512
b6db90c006faa3cc078c8328c00448e7222d85650e90c6bbac9d4262dac0671e9a589b07f3de32259039d03057933abed304b0c84a0b05f2e3f8fd0736c2f9b6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
6523708174fd125bf820e34b8e4d0f4d

SHA1
620a1fc2389851bc41fb2251b829ffdbff281cc5

SHA256
899f241a68b7a0984efc016e51d2edcfb8179791285f7715f91077df7e38fa17

SHA512
65a9fdc892d1532197507d58612409ced4f5b4ebf4b91f5569e7050fd7cbf4c227581367c86a5e1c6b92a3db2e94c69323a7eea6cf9ce094752768dce76ee160

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
0ebe36a0e6dc9dc7dcb47e0fd5f88373

SHA1
6652463fc41770509b096ad660a6260245de0a62

SHA256
16a82d166f63dfa729081d493e2c0212a72b4f894cb85e3b1537e3498f1f9bb3

SHA512
bee9728ae32a6a4349559aa90fbf5092de1d25268e86afa53c4f68584e1f73e77834d22fc2bf7ed83e3139db0dc9b0ce8e36b613bd681e50f0ca1a45f199d551

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
b7adc68352ba50471668ab2b65651771

SHA1
6aab1267299a2043b26da164f2ce73fbf912ccf6

SHA256
54595392703cd330173e8d38dfecabfd931f21eba9c250a78559459f8deb42e6

SHA512
785fab4b2b062b2ac40d25580603c6bbc983ceadf2b4ca5b2f4802f4aebb2de90c63fc493aa80ca5875265b59907d3425f8d010f583d63e4e26c1541d491c128

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
cda087a3ca8522f92e102c4937d62efc

SHA1
30f5bcd5ab9273a2ece39b14b5bc1df0b7c5a584

SHA256
24327d5a9f911e44791c6e4d0a53b995f92641352c67a6f0a13672c834e10360

SHA512
307e41c98713add8e5f2f664efd2c91cb6f5ce1ca688fc0be4bebc931676d672e964bd63b720bdf7e1018f87ec674cc4daff6f3789819d141cc282b15145073a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
de8b0f622c5ee12ea9c4b240b1c5f37c

SHA1
5b5c38f2ffae8c6e2f66610a84b343d8a06ff908

SHA256
05de118c3310b5dac96fabaab376165458d4d3aeb5567864b42886cd9e5607ad

SHA512
e9896d2cc306c365af752a4957648924c018c0b6e214c2538169fdb5d2dc4ca1020606f061ae7ce5bd6b37c77c2b854e741db75489dc51e04f9821ab408a6646

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
43448700b1318072bd277fad6a8ca200

SHA1
d03dd91b84fe669cf28323709fc5cae06953d3e8

SHA256
edfbbb82951aaa6d4c656627f88db235ea3b7dca5bda9c0c8a0ac140b6bc67e7

SHA512
f3117ce4f9145fc0d1a5aa1677c1b161f4b225922c749985a219888c70e77b305345ac5c4faa1adad3f69873f2de42d22c0106bdd5e0bef256611beadcca86af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
59fc00aae174f77c84e81b1b1de08540

SHA1
a018d2dd08694668f97cf8a39247f1b0bc273a41

SHA256
dd4ad9da4648afdb1884d32a9f6bdf2984633618ac141f8830c8b3a2924b0b8f

SHA512
04934605af88fbf0af87e73442ba3c2de00bedddeb30194eaf2ff3d01c88fcd084666094cc9c06c3caff5a4634c5263fb03cb99a3f4c39e1dec4cc6820cfd02f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
0ee8f44609ccb5fce9c5a420c54697ec

SHA1
4453faed013a6a11a555acbe4fcc32bb92439edf

SHA256
d9d868f6cbf580751c6d4d48e82a1c963283ffc75b0df78bf609d7aa55a413a9

SHA512
2a1525e6581f104f6c0ffea34aba4d98c4e84973092c0262d09d4dd4f91286df28ad123587d19629e38849898ec6aa6a55ab9ccd707a11efa868f01f98943f88

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a0f1aeef607795ab4d62a5abc1332db7

SHA1
b81c88f0f66842e1e59dd709ada68880f4a7fd38

SHA256
448b955f08a1de164829c890788d0a7d94c91c5073532b778772b1d259fe8d4e

SHA512
d8cea97fd7a4caf1c7900c89a9a5b3e5c6cda7fb81a283d662526f0f34abcb0f4910f50f441966314638299eb3f8dc2a677e68a915f0e302e05a755b8b6f0893

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
3a7ae5618ec57c874b6f8ac25cfce41b

SHA1
bf42f4ba23dec74d4f3a9b12b10669423dcc3a7b

SHA256
c8db18a5516ddd23315de2e584f0fb565cbd418807d5662ff2dad6bb77b06de9

SHA512
097773b1164952b405ff98ddd19dc2e09a68b13cd5f836386d0fcf5b40728bf7d88b111041df1d98c67f0213b7fc5147fbeb1f58ec1783a9026f59a0340e7179

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
fabcf47cb01aad8432e89fb01a833279

SHA1
827256409deef4a5bcc9020081cb7a4a34f9d28a

SHA256
1750cc6d4a7b9c27510cb3a64ffe780008722691a7db63b4fd8bf041e0da5c58

SHA512
f5e977221f79762c363a2d7d05996ce261e9bf5d565ed0cd8bbf61d56cf16762df329c714b0e458f371aa09e93e308683d5c05df75e9fca98b5ddf65e535d353

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
b716cd650df6dceb5e5a4c8ffd2f8938

SHA1
8e2472e42cf572834c7adbd02d924f00c59eea35

SHA256
7cd7af384106b93a8f0b0b1d542425f205edf87282fbc2645b1f9b56751840b1

SHA512
2278b1a351e7aa18fe830ec4eba8756e294c95e0977eb7722e45899828cf36adbc0368c79be96597b15e319aacde32b6ae8eb22796294089340eb64c859e6843

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
13ac75fd2a2c8581c9e470e97f869114

SHA1
d55700fc0ad89875ecf5e9293ffb8b00f30d57b2

SHA256
f9aa8587d933a99c5dd6ffdcca6625a5bf7e77556681d2882083894eeedfe881

SHA512
fe14c158a10077bdcd8f3e13a2a8afb071a537ef5fbcb5f988857043aa791e4a4e02a0824e48c7f9ed2f7d2218f486f504517df1c5509ab97c3b333319c1796e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
a327fd06a51b247f05b99f878aa3f6a9

SHA1
4fa7242f6930aa6c485a68dcbdeb94adde79d40c

SHA256
1a8ed908b7c17a9fe153ad38724bb79213a62c2e5eefc171f8702bca19edb3fc

SHA512
8a556a0c40b18aec1b90f761f5e8f31b7d70dc44d015fe86b37c42043014a4e586cd76636cbfda0959ecdca3562fead22b07293360f4baa211816b8d63a7d042

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
400f1cd15043c1b6eae361bb8cdafa6b

SHA1
30d737198fb6a68e6c2c5d8ff5c1ad4c323399a1

SHA256
8c8e84c6fc51abf8f4ac3bc8cc9f7dc2fe2b48b9c0851368d83c826c6e0fc1a2

SHA512
f29421883162dc7428141e16c8423e68154b6e2578e46701cb232037a1b79d80d7e293cd9f4b90b3340bce7567d32551a6b924f2d38e29cc13a04d37e29f2f0a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
b6eb8fa8a5cb9c81754ddfa8bfacb9ce

SHA1
aeda4cd603a7bd054a5c2f84b81ae7d17a051e00

SHA256
fcf37dc7cfc2cc493578a34f6fe15411887bd41a15aa6fb776503f9b672190f2

SHA512
cebe893e9d7e9be8eaba511c4af27d026f82b1f539dd47a102f778719c7db3b4a3be91440353136d2a227d4750a447562812dad8d97dbfc8e0c286ed90f7c5b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
e0a08887bae5b40e9078dff008cf9be3

SHA1
f12e91d7e90f8fba451a3fa13af1a95709c69563

SHA256
a8b159ce4ef7743aa39c0daf01010a18190b53d5147fa3a2136875b54f8ef2a2

SHA512
c7753960d71c24f65619363c1456a5c5c50617e1b3e19c6cbf09454bb7c873ba279f64b60b2ffc86e56bf73f7414da7c7316fee0bd7837f7382eef0385ddb8c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
2652569b1898d44c91fce71ff17d92fc

SHA1
340bc0f488e223d1b644be4d02d9f566e55f1edb

SHA256
aa3dcb3b6f81427de1e7f1f283fac0cbcdb52ea65634df968a2a3b00b041f4d6

SHA512
e5e87f3228cce686b643843bb2178e84bd913fb62e034ff343ed59dea5a0ef4a7c8895c203e042954546b901c819f8932b75562e5557e8a053411432c6cce2ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
099329c56a234ffdbcfbcd610a3f1f89

SHA1
6352329cd3601e4dbf28bc3c0d9a53e254f47523

SHA256
cf5045e6d1b7aa0a7d7759260a2f46a6dd8eb30a33980dccbeaa59317654f4eb

SHA512
63aff947cc4a820d051a77b791259e5e2daa8544313208e467c8b96601e5d66e0b4d3c7a6ddc314f17a3b886b9f67aab256b9688d83b03eb319ea050395bcebe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
2da32ec4cb4d730f5c5668fc94679b3f

SHA1
51c3bcfe88181ef2bcda87fa893d4a01b113a4ba

SHA256
2312adc88bc91260756d9f39219379482ff25196187b9a573b8e54d1248bdf0f

SHA512
a7a9eb31724aa4d11252e6c54dc88c39341ecc9fc8165d37e779251385289c175599e8d31b71cb0612da3af540634294863d0637a4d855401f287179430fabc8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
a5d0b02338bff32f5be67dd630666b29

SHA1
14d9a132c85c07b19b12f9f06607fe4b3a40ab91

SHA256
9c521c43da18ae25173b8c1b00af2681c354f4d87693022bb664918801d3fae5

SHA512
9cc6a4386a1097518464a82939bdde2d72a60cfd9548852440ec2a2aa3d60880bac7ae37a067074767919e936c7e4dda38379f32d52bbc90e78dfbc5d2bd97a5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
1db68b8de6e3e56369081687593e6fd4

SHA1
7482a754ed28a3cba95a42b693ccd5b1a6120e8a

SHA256
08d96753c6c25d2cb948da4e93e3db5c0a2a98041be052966159c042b05bb9be

SHA512
24735d2ae3629fd6876e34aedf40707e3ac1ff5ff0040d80f2e229f59e4a8ab0f11b395d5b70ee96d122ae478ddb2a6d986242574c9659c08702f5ce3f2eb8e9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
43f9299950981d066d36d0c3a19aee2b

SHA1
3bf222f83025d58fe19ddb9ea6d0298ba315eb47

SHA256
fdfbe719caee4aa476fd6ef984a3189b0101eabf5a4badfe9168e7433ad3d19a

SHA512
8ffedffcf629a62ad22be9935d980e704f8704fc91968e88a04ccf0fa1cb36272ed49f88966c175e3e1099f95165c19ce334f132f4414adb6c085d283f565f9f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
3a992942d1b4b517b4ff0c6da0818ad7

SHA1
52bdf532557d09cff834a1e9dca5fa0840db7f77

SHA256
95f032fb1d371e133d8f23c9ae5b79f5922cce281a4359441d1758ac69639004

SHA512
5e9f577fe54ac216aa0c105bfa3400df46e9df7e561812b9bf83e1507cfc98d9b4efa3114fc33e7100b341861f96e33972b2875b8263f677a627ff57e2a5c14e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
c140b5be8cb3539cf85d8ea05ccdc6ef

SHA1
acb88b6fa3208964f92e0aeb25381a7047ad8823

SHA256
c98d752a3fda97813f813d27eef6d2c96de1e23cec1eb60356d8d5e0c3c59d24

SHA512
01f8e0e6f57eea928691bb91927abda49049f8023466eba740dc159041c70ae1f1f943bfe084bcc97fcf6845c4c66508fa58364e03c59951011d2df6a70250ec

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
8c263853413c802f19552e486c7f0f55

SHA1
87c535bbc13bf5bb824df2c2fe967dc5838fe131

SHA256
7943bf66399e0aae83ab551d5a381bed43a5f0292d1c2f841e57a147903be1ff

SHA512
607622edf0f87e08016225fe61402e7f0eb8d603ab49714648cf315754e0a1e5d9c30711625e0ac52c3f8e8c624e63d484a1422c73754cf3f4a5b9b32354f7c8

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
334B

MD5
f7b1a7c2747732fdbe4f31406c7ff809

SHA1
c3d9ba99199fd3b6e357699ca59f3f359729a075

SHA256
2958ba7b084b4097bccfb53bc6141c9e73c3ac67b9eea400ecd63528d69e5ec1

SHA512
105b8c363eed685fae1ac9e53320c143044116b8d8ab23844a2c6ef08ca3c81add491ef3d9f09a64e0b5712007073c66141e7b23f5d59686cf554c41892fa67a

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif

Filesize
153B

MD5
3bee9abcfbc086b08b06be9ab32a7d64

SHA1
390a6169f6619246a4c86c057e85a21e26df13a0

SHA256
854f8e80ad90f10c9dbd09d675e456aed38928e48aa5c1150e7ecaea7de5c6c3

SHA512
dec95f807d1230d0be24a1c4299f6bb0d09b600a84a5cc7f6177ae0ff13db0e6705dc08a3aba2df347c832dec987e84630200540cb01c0fbdc1f560dd0e5efda

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
0d46228aa9ef2d093ba8c16cdc3341a6

SHA1
2b948d251451378ec593ed05b906b55912848731

SHA256
82806c31122c3372d3d4795e4491a4a722cf98448e049c080e94af40fa49fef4

SHA512
b5b84bf6ea573c0f3c20246f53a783377813dc0c1dc3fb27f3bea8722b024c1619b42efbac407e49ab1ff46bb209d27ed800ca1be12d7cedd8ca15355a5e25da

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
3ba0e3dd6bd9c3cf77f1ad018cb64f70

SHA1
0d359ff087eaa2b25d2ceea8c12d7464ca45d66f

SHA256
d22e78adb03a1508bd81956bb67e21730553b0a60264bdd0dea6d2ec0526c751

SHA512
3760ad0b2367d03fb2b301ceb0006cbf4fc27f345d95971d3b149cfc0aa27a2e59db6af7d697785359f59db14f06071ad6ea294e5f16ac81d92bc32153131582

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
5d23d3efd0dd0fe0a6f0482f0b04ea3e

SHA1
f3caf024f56f33fcc3d82f66eacdb3876875e1c8

SHA256
0f3574f147732bd9b1d80dfe7151949802a8ef66320470c55b4b1375fe2184cc

SHA512
cdfac1d8fd45da409dda2937a4be769d9a76abe78915a1ac503155317784b30116da8231ed55ac1c32b91310965c62bb957530ae512ddcc659c26d87c0c85c57

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
16410e5799a3eeccdbf0e76703de76db

SHA1
abc1612a4cee5c20f8f5aee47d97927d9dcaa129

SHA256
ba97b59869ceedb2a94bf3b7948782f9e968a0a652e640da87158ddb4643ac7a

SHA512
3249d926b5416b86c48401ee0eaa8de2fcdc0769780a10144b2a2d9c519e53e1017fb4e1875014e1b1a06f74a8506456f3ebf8687bbd8f7a08df4b1b952aac3e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
cadad57a12c29995d3bec46326d0b733

SHA1
65e9f4389e10abcdb9863904aee283afb1061d38

SHA256
924f3b16d39587492d2657b10aa8ce9a53a04335347bb6b5517ca229964555ef

SHA512
a16db083e2018f7e546be203e74b1a6faec6f702f7c3b2f80a45de0b5ef15420e2c8e6dea1047b5954563b08ad065eac99e0abd99c38f780401de81572923442

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
66093839a614900fcc2900fecf3ea3f0

SHA1
35e8208e2a8406600ae3c81aeb54b802791b95de

SHA256
3f5bb43bf319e37c12ebfaeb9c8585bde45d9c42bbc7f48b487f9ea6d50d3606

SHA512
e91edcc1009ec9391cd61d3a7ca54c2c64fc21405d8d8e847b36b3614b95f9a860148449fbe8cd5950a2efe94c976f90809cdc5e55b445eaf474072d9f11d5c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
3062453028d244b0260ba2d9d26b424d

SHA1
14aaa189885b94daa205d1d4326953c2e02fe435

SHA256
e3ac495dd895d7b50ed86a153e0b6a5e5b84ba402cb9a7b954235efb61cd79c5

SHA512
9abf9f93d88ed4e268344b46cf784282b0909ea8e7b4f55f3d98f900ed39cadee214ed6a91c7f08d9c643681074e7c613aa546952262f272eafc450b985f679b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
65fe3822de71213ab9e0cd5676c1bff1

SHA1
c6b9b1b5bc702bb5fab7772feb8855a5c029938b

SHA256
d082f052dba59611210d392362543a8707138c538e5ed25301fe44b6429009cb

SHA512
b32975f581743d55b338ee4cfe64fca6b47dc0e2c02e8942e7f6127494dbe35553c57c9fbe15da3c04c27a65b1c75057ab95d6c3ce6b2c5000456d94519acab5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
cf0d5b67f95e10a471289d7f3260aa88

SHA1
d5bb850d3f0df0caf9bc278fa490b5d0d65e7f4f

SHA256
c9f92c1551b2ed0c323dd9508df928fca5704f68661cf536a99493b8ccf2e68f

SHA512
0bdb95dd57f1c22c97f0df77767a2edf990ba2df20691b365bf1dcd2e538eb4bd9a936f181dbf2b148f81d637ad9919993a54519d766409014fe074d2976692a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
ffe811ff4f2faa76c5cb546ca6b9c863

SHA1
4af3f22d0224a12e2d3ba1b502f1dba596715e01

SHA256
9a85ae497f0d2a8daf89b1f7c73b50b227cf8e007af33ba1c692cf1667502581

SHA512
a420126ff7449d1b4cb918a36d17e34592c08603446a0683849e534345ecf6464213f5198afe169e81c0c15809f9cb2f31049ed2524ed91a3bb880efb6979b13

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b96e961ebbc79880fcf91edfa0211cb0

SHA1
f36300458edded3bc5adefe495a27ce1fbf817f3

SHA256
f7284249e80bbef0d82ed9b49777ab12df4450e9d40ce382f7058c512f5f359e

SHA512
15427d870f1c5479a53c39f8a7be3bdfe0fecbf6d193a0f4bdf299028f321b0f97acd6ecade3278e36b8b969930ea2a43b531779e8ef2a91a8830d5122101dd5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
125198efd002b0c1bf0cb98b92d8fe36

SHA1
947a251d1b01ead4aa3d48e8ed0de801920cf87f

SHA256
a0531af53bb19e8785e857ede5d5eadd8552d7b6ea172d8ed0ac630ba699bf80

SHA512
94ff666acde8ab7e4a620c2021ebb4d8e3672aa8f29ab94db79d98380dd2a6b5872efde5b6f83ea453dfe8bd6b407774819a5578a9861ab30072baada8c4c537

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
1f5c2110faf6cad6d7ee42f16e4c83b4

SHA1
daa28841cc12c566bbe0c522a0ccca7ae107f535

SHA256
e9acefd77ada43b825d264ed70947c8ebd1c5f1fae05408c8b7eac8939209358

SHA512
2a4bbb46de743276be33fbb10d28fbedf9f198471211accac7f851ffcc90b86ec1369c67a620f18090a2b166d3e7ff805936c500810e30ad2c29e5545b8e4ded

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
670843f27624ac672381cd69a7fbd7d1

SHA1
a3b7b27db5b2f9450b373bcf420196c896bfcd1b

SHA256
c76c7e9ad94f490bb418f132c5d1cd03e25f0f163f4dc20590391b3d6917b21e

SHA512
76b7cc11c7aa69da91e5095ab1aaaf78b9c6b2370fde66525ef44c8712da637f5d6cd4beaaaf7d0253f832214c9628843d9195a7b993fb72ff524125e67c6454

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
e553b6ede5e12d2401f1beae52b4ea38

SHA1
4ebf55d41358e24d996134f078c43ce7ab731112

SHA256
2db80f4f6a8ac85aa1b5de0405de8a71be7a617ff4c1529389c45ab7c564f723

SHA512
71301a676cfed1f423a71f3ce55fcc395699aee86968162e4a1ee3bb955504542c013fe76b947425d7d9e4d24a4103e161f71d95e167e8f555d8ddd517ff09ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
90d4bfed5a42abdf5121d8cddb007209

SHA1
993211a8ef0cd79c410a8f43578fcab54292d001

SHA256
ccad4a216bc8f47631bfbe779a7f96a2a68b89b1ef6e1f3938e38b77ecb11edd

SHA512
673356580fc139170ac39e9ae339edaef2dd50c6ff8ceac90a1c6ab750459adcae3243bc25395ca792ca4318f03ae2bbdc326ee319adcae31369fca88acaad8b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
7a6483b010c1a2bdeb9fefc613d55961

SHA1
7f44474a70704cd65f625f8e43fcf496dcaee724

SHA256
b4aebfad9837c4182197b0ba740e6415e70a601c06cdfad6651fd2e8462cb0f6

SHA512
b005300bccce203189bda0382c5d6fd8b9ad8950a5e050c1834e58d08856068750c48068128b04b04b48515610d111d01035ddd5198269782d7b29b8201a3ca5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
6c456eeaa42cfd62dfda8175ca4f5d97

SHA1
2d8323cb46c9889a4d4d2ace6d824a492afce0ff

SHA256
61ae8481750fb88692e04f21125b2a6d0ed0d40ea66e08ca403b95bc305d68f6

SHA512
4960b0014dd60222d6a5380915b302e9deae3e9034f8638adb6944831f1491a05d0dee841fa43c786bede1582312d57e2175bae80839ec65274b12a2ec971d72

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
e9d54e6f273c9fc697df95b6d0752296

SHA1
50af7b9a36cc8492cde21ff99e2f30d26c256d93

SHA256
3017dea15065e7ae4ff0fdec89d8ed40e9c8efb02439c7ddcd25ab93938e778e

SHA512
fbbaad81330204b55d145e2cdf2406d22005fd3d5b7d300dde9316c3b71b8cc8974a1350d94df8b99d18967232adb7e4ebc93199f5f89cb3047a3228aa0286da

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
6bf67fd22c5cceb4b5754354aada9bee

SHA1
c5a73b86a115c4c219581d2e43b365fbabe4dcdb

SHA256
6b92ee14142f0284b76c51182fec86bdd5d4ac164ea8461d06167ee57811ce79

SHA512
e529909e885818e233558f25d38b024f85009622884fda8bd51fb1cc3a775885a5dc8f545c984305c0da3993d37f0864a8740ee07a4fbbcbdf74cf57fe681574

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
8199354da004faa26d44561ff4b54e05

SHA1
aa4b83c86144926424f0e53bfa5944c9529c5b95

SHA256
ced4fa17fbd19c3f986c9ff1d38186b940c5d86fa4018baf7b6907b3d96b95e2

SHA512
88b8828d63e840131c72e88f7258856ae493c00f39327f73c908d3e5f814fbc2c93daeeb61fa92dd6cfa80daec82f663fb8f5880bbd249f9ff7f2c372b9576be

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
6fbd7c1f836972a5756e22bbedcb9ab5

SHA1
7f5f1b4c99dbeb896cf51dca9a7687eb2dcb897d

SHA256
822341a6b7d2dc89e60ab8ed2036b7bf6b9b1273c21d507a4b62cd6172069b87

SHA512
c97a49b77802da92923f69ef9a8f90a3eb25bd467741d527884ae103bfc718abcfcfceec5aeeeeead6c0b828e78deb394ec0a742a258966d0bfd0c275ecf96e1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
839e34c847c1b16ad2ba204fe3a438ca

SHA1
c6281367d0a22c3263d84d309861245fb8ed261f

SHA256
b4c51a38e0d2e5d6efa6ae15671153fae8991ce3cbe009d8b73d31f758ff20b0

SHA512
ef384d34a854b825eeb1bec567d29629a5f74027d738503d178b55448ce7f2f6ff3652860fb20862314b897096046242f4024e0787071cf2a7f2e2cc3d27ca5e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
6badade3228ba854bebb7c50905c84bb

SHA1
93d48d0e6fd52b0458822d71ae3b3edc6de7f134

SHA256
753a0f125dd22ae85f5794be9cdb802b400567f61c3fd399934c3dcdb81b3fed

SHA512
328c0a640c2518d0542e486846ee651b6e5125a406240c7d8ab55676ddb5399570071b2b8271978e79f4ceb12bf3e4b5b4299122ba2f9a9d1fa208ee58412a72

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
894dfa10322c469f1eb94812f1ba5127

SHA1
10f66746a503c998a86085d24ab39f622f2ca1cf

SHA256
4a6a65a528599d452eb43b0c08c2b217e37adf4a41ac393076332c42afd9ee98

SHA512
89363114afe02ba4dd4eeecd2ab785d4db747f775237d7e438aefb55f9ab846534d3cfe3fb84aa89198f29708c1b611753760a887976054691e7c1d372e3c9ba

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
744f013a14fa5729fc19b72ff9c84ff7

SHA1
559b2973609e167eabbf6fb6653ee6a5b3beb4bc

SHA256
3c6ef85f8b239c51859ab69b40c68d90cdad5b9627825fa9da8872246b1840fd

SHA512
459995f2537297684f1ca4e721f703b95cb2c0b98a4926a9a9ba8cc5f88a9088f181175c0733c230e46589c4ae09d09f6316d96fa91058b67a1e1a6b83e3d153

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
7aeaa7cbe841dbd8eeaf22e11d5f61ad

SHA1
50c60467068b7efca0e14723bb8e679f8669fe5a

SHA256
1dd2159fd40ddbf5a2a25768f8197c36e66aa634d4f6f22fd9b142a7b24e9a44

SHA512
70f22a58c0efb905d151acf50f81d66dfa6a30e2b2ebb453327e927ed95014d0ee7c950c6dd29b5456af6ad66d84492b5f514d1e12ceb3dd0b90a0f9f2f41603

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
2e85f5f2d246de99e7be96cd9ac218f2

SHA1
2441ca7f37e107e1b113233c647cbf4070f74b31

SHA256
9a8b0ee25cd464f5d211ba36d7ec25d2241717b9063967a2fee4dbddfcbee959

SHA512
21b47f6174a05954959642e8fcdf184a65bb69536a15222b32931841927971f0d090a1e1be34f83e33ada1ef0afd2cf01a69bce9ecdcb35f1cb2a32c47fde532

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
2c0e6a5ae1e86d90aa06338dec165889

SHA1
3af42540fcd2651c7e45d051024b9a1f4c3cf7d0

SHA256
326f8565f79615befd956ed0590466cc89f7411babfa615e197de7422341c76f

SHA512
80af6e947676098ebfba25abe5e6c2bb63f47c40a7c9182a0cd03884ae802a59c5e9f231a0ea464e4cb226c4f107f9b5774d67eb5eb27f69ed5c851dd9bbaeda

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
408cf57f002604ade04a17efd3bcc2bc

SHA1
8743541f63a3205ba6a09a04112a629b60b80d10

SHA256
62f03cfd6b7d891249ed537e6f6e60f4a94c3215c9bb68c880a935a32dc47416

SHA512
443b78f4cce8231d16c5dfe3ac1f5f1a945db3907dd9908852ec9c35c76f2517ac3e1bf1586793acdd4d5db10aa55beb7348c2b91158ad2df1ef490cd6a2c3d3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
68371ed940e5f5368e6884cdc0156217

SHA1
f1b7b9eb122f97ed84dc598f7e61ea838ffcfb01

SHA256
85f5c7a945ebe05939f50bfb0bd21ae6e86f990732b2e3d176911235e1750bc7

SHA512
64f9297e04ecbcce0e0348f7f21ec2008be3e9a9c4fc5e95ce7ddd41841f73608094ebf80b0e9c43c40a38c1c6c2442868e46ff4c3b7f01d320c0aa47e093eb0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
274161e127dbc2219012184f43c77e93

SHA1
421649e7dd4fb5cde69a465996226b7d10949bcc

SHA256
af5e86fd8b90dbcf2f49bd3097b1ba7573d7a7a990c28f52b4334fbec1640ec5

SHA512
8f9bc472166888c11598e1b615d4ce63640d1e73ee89127c3f395f6abb355cffb9f1f683aae2589d8d9991e50fd480202315cd286bbbf9bf211ee05f4b8999d0

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
16d4357c2ffac251d30c96ba1b2c77e7

SHA1
eadbef3974da6b40ae7ec8636975e35a42e5a6a4

SHA256
0188182db9dd374ee3101cb37e880d2a858f3f984f4d0ca0b10e6fdc7a08a626

SHA512
bb145fa56b95a045872f686e5643bd19e4a7a24e18b1a6cabf2f5882078f88f4b71cdc6f10295311687330950a0611e75a166f3ef981724c9123a38b2f8ea28e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
56bdc3e0c10475b86f1868581d205953

SHA1
7691a9962b1e29f0c975058f90e5f3a24f931462

SHA256
0d7cf5ab649f422315a51af42c76a2f1b7ac1c37e17a58742aec3cca1945896c

SHA512
13eba0b4b779a0d9e28476b5ed9e67908469fe887dce623f4e3327010b0f7d8aabe43e844af1bdd1cfffdf0191e2781a62f599286fcca3adf8602821b9ef0120

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
5a84031300c29677ffa99011142a574e

SHA1
363ef7a7ac1f6454184121f5d3caece1ef867949

SHA256
0fafba4bf0b792faaa7242d189062bf0ab579781d4b4b1ecdfcbf33eaf6fa4cf

SHA512
93633d6724a15d0bc78bcfcd56b56833d472a5791014ff734dd5a630ab627f1065b693fd04951e40f0e76c5313ba78ba2003158a92f8e3c523085c8b0b7b3e81

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
68177c12f67a62e8cbc08d47c4b2d7bb

SHA1
2409850ba74f8c35bbc2fbb2f7ce50d5e28b2500

SHA256
32f1f84396363b105e5fd41ca85ad967854841368519fc9100f827c33f95a109

SHA512
ceead1bff528b4025473d41018505f8fcd87cee1c04ee305384a4f7ed06b0bba93b69505b28058b7053db54dce253c33465d57c6ad8a9a855a1203fc5f572638

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
8bd96dbe6ab1151d1a15c9c5074bcf32

SHA1
52c44161125ef8336f9c7c5369e79d80709968bb

SHA256
1664d5ca45ed897d239174161db1001359d5c8f5fafd96686e86e57bca7672b0

SHA512
c27dd4308c7e6e53e0830717346942c06b1abb3265e556781222c383307bd128e3d2a912cbf146b6cabaf07e0e8f0f8ffddfee539fef4ed97aa71eedd1a9ed6f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
bffcaf0d4dee65ecfdec5221efcd1114

SHA1
d197a67d7b6c0046a75fdb489c6d99a41808d6a0

SHA256
ea0284d390454d42ff7538d6aa0a379593b36945347b824cb260a30de40664a3

SHA512
9210d2e88e996674411792c9155dfa29d042cb4a5af5155267aeb6ebf2e790cc45a12eec3667910ba3eb021e182b73c19252f37b34362e94599787f31833d980

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
c09724e6ce7dd64e3aae2817506d0e7e

SHA1
43f2e1cd494c45ca0a210b6015a2a7fd279307bf

SHA256
9e8ed41334f6247b568d34bdd70f4943b701b5e42c90674d9c533a8e872ba80b

SHA512
448ec63c65d8166e666cd1043bc05d8d4ebc8613071ec750775090f0fdc383da9566511eb9ee3612842a39e28821c3bd8910fc886c695108829e566ce503d5a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
c73ccb650e675965ee1723c3482219da

SHA1
7ed05d57fb91a2c543496c288d502e229cbb3743

SHA256
565ab6a296b964797eaeda459c13136cac80ce07f06effa4902881f00a9c8110

SHA512
d45079fa6be5d97ed9d9c008eb704d12ee39af386cbdb82088ab5a17cd4a13bdf89224fecd74632f60c6ed3d8d22d5acc1c98501e90f6995ba5556c4f0633fd6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
60c112091de70b2e8567f5c1bcc4980b

SHA1
8e1d4064756569c6f7d32c001c2912e8aa25459a

SHA256
7130539c50d146b5f5044e884fda847cb5f909d328ecc31a2ddcd5c5c9660b22

SHA512
4b2d3a137824152972763b21aebdd88e56cf295c1e7a3d19d81191c3e2891cf1dadf60cdac42b7594645ee75d600cfa01ab76ec8d315673eabaa8f819de987ef

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
349cca6681351a335042880bd8886003

SHA1
abc99b668fdbc35712d9e709209b17d8bf04974b

SHA256
44a1e57ef633f2480f07d860797deb7b9931914da780416ca4a93beb8dcc5409

SHA512
0d2ae7d3ce3600fb2d5ac552ceb4a9c0a27341c79226e3f8c691d38e9ab4dbaaf2cc97afeb8009addebf6e1795560bec625e5660ea06fdbbd1cca48d9202d154

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
d5713addc6a14c164077b512afa7913c

SHA1
0acd5224d1b04715e736e0244b4b32f204b48576

SHA256
8bc20f9df8defdff71c0f4f94aec33bb84e5761ca6a290d3956af5761053e605

SHA512
10edabf6f374a9dd2e244b8ec8f1043782483ff3313d3620d71de3c2ce456783351323c7939cb2940d43c89f6b12eb272e85aadf2fb261f37b48ac20f0dba316

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\ClientSub2019_eula.txt

Filesize
42B

MD5
1a3a0250e7e6b9c78a11c68bfa1444cd

SHA1
1b170188b969acd319344ceec603ce8880a302e5

SHA256
c239a9edbbd35480d18c1c2f92f97d0368c4630a1a4e71eab84ae481a0a009de

SHA512
d5dc668af12d27b628824106ada453e1986d8a957d4761cc8fa316feae6181c18c22f95ef580b1185a749851fda823d5ef7c7967c822a38c2fde68d0575e84a7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670753841454061.txt

Filesize
77KB

MD5
4e003ac2bcde595fd9170799b364f981

SHA1
f39bfb7750b030a738796a33db8680f56e7216ea

SHA256
93f0d75cf764b6830a80dafa6062fe4fccb8ae01289335b3ba4af2f2ea4f7aa3

SHA512
c7095e03d4b10a52949901977c03a0fdd42f971fc80d510dfa964d53439e4ff60c117c71aeb18598bf9b4a67c52666275f0ec0be9543202ab71d0680663117f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670760323212545.txt

Filesize
48KB

MD5
091c7b7b27a098dece6e68d1c7d73099

SHA1
3e9a006ee0dc902a563d1fef913e7395a9967f99

SHA256
74941b0b4f9ddf2746442463f48f6d48ef01b97b13d7efb6bd5ad3ac7fa94be7

SHA512
bf79bb3cf8837b73df5b1d50e98d0fa1191aa1fdba76f6e9c96b2264f67f2ee3d27b8b8967628436eb779734e697bc445e337fc9e314733bf65879bc56b5cd7b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670761649104293.txt

Filesize
63KB

MD5
b58d8c8b793193000ba1c88f3b5eae57

SHA1
6e06de90e288419164f90397723c4b3772df688f

SHA256
f7255e85f53dcaf1e2432a775ad515f51e1e1cf38f27a483ba6a0ba45077b489

SHA512
972d2fce393056a62f7cfb2f1bcfe02f17498ec7f12b0092ce932172a8a1b8419d7a75bd4df12136d152dbb16998ba9d4a99e46ed359afa6f296f164e7f35403

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133670764222358945.txt

Filesize
74KB

MD5
e135b230677830f5cac4122d67fa3a46

SHA1
ddbc1cdac63966dcc65c02f9685fe5004fe6f97c

SHA256
c97a47fa4bcc0e6060bac1340c880f689930ca86f6700ba2f334e8d3719f5d25

SHA512
2a6ca91e9457e266796537ea2b4dcc3cf517c0b3659c83133b36f01258ecfe3abd576cedc00becff2d0427232f3a735ee89b592b5afc1833e9928f91be6fe924

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
ba2d5a0550790090965cf79cebf7d7f6

SHA1
3913ceda5f1acc7e2f5a532be012efc73c61e09f

SHA256
55059ef891ce49e56fda9553f07e6aa75c11fd4d227c4d7dc4798c635ac1a470

SHA512
1ac3df040e892e226407f0f9280d8601e51d7921cdececc988bef42f0d570ebf44edf7a399a481540fc571acc0e626913574135a318de9b84bf4b51a2fc28874

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
e2a3b4c469de7b31f2afd5ec343aab40

SHA1
ae287329d77835206cd125b3eeff1c811bece13b

SHA256
d6defb1e9976b21f0627dc813ca1d63a60fec5b1a8ca380333ebfe45795311e7

SHA512
e6b433f98d255e954cbeb25e1ed1eb0ba956eae5faa005847914bcb644b15167da02c2ce79fa08272938de17234f163170b09b8c7706f34df87a33328d6037ec

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
a3f49753ac61ba319dd065a0cac18a28

SHA1
a2ff784e2952ba5d4e4265a0312699373e6a9b9a

SHA256
5a1bfab86e5862c8044f4dfa6fd824e79e641819b0407afd366878ad47b7f701

SHA512
afc793091d6f050473497b123ee92d22df1ff0792089cd18834ba3647634bb1de1ca4477103164b31e8f2f7974c4242e527448abb3d1e95f18e792ad0f51c93e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
326513f77872e1497c65df6eee1c9d1d

SHA1
42fd9d9b0695eaa67ce05bf4fcff54b9a0678c43

SHA256
100fe1337a8d59627c53a94f0d410dc4b057dfff6e56cd0006cac05327d69a36

SHA512
12453f675e58723d2236315b3d0f40c97f927b3df38251427996cb4b7408f2b980ad9778cd84edaee33562d0b6fd6d962f84efe7520dd63b3db361c298fd7198

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
67fd7a5d45498d57f0639c6ae30c7002

SHA1
408a0e0a6b9c04928b0d64a8b49e79135cf8d79d

SHA256
604e6f118f81143572c7f3e080e8b54b23b0fd9e23ba12cf8859b3bc59726ec1

SHA512
3c446d0b0a6cc5720a05ac855ba331529a90bedf307cad0e28573af3b5525ebc9de655482b89e44d4c9c828cff5322444e22e4781cc9dd68035232a780ba0ffa

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
51f8a4351625259b8feea4df81ee27a5

SHA1
8171dd9e1e442f7ffd1709240f7eb8b23e252520

SHA256
0dd28ea5b4246652b8054ae6e51fcb8af15f232f002a1935526a8213c4c069de

SHA512
45ed8c6581e10e67ae5bc43644c345611ac2a61d048b463e44179f8760c703370ec513c2be66b7ea280cd79ace09a51aa7b961c78bf5a925c9d7689ee7a66f99

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
54211f15cc83bc8ef54cb62dce92d0b1

SHA1
c40a9843ed992710098298fb8e1d4315725ee986

SHA256
9d035ffd80b755c7834dd0b7a19a017b7a558c6efe07a44a6a275fb897a7f9a2

SHA512
98cc373fdb9ebb050d9154ec88a3e8fe9e95c42183db9ef6fba51cd61c49f688d65a09fe3852acc8c2c8d87b1b0d9816521ea8404254c928808cb9b4a94232ce

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\deselectedTab_1x1.gif

Filesize
61B

MD5
c07314e5eaafa7b3963c1ce6635590a0

SHA1
43d42228ad32e5c4d6da16b3a892e884f26f5be3

SHA256
471ced9bd9f2c0dbfa8e476b625f5b3fe78b50603f3ec30e805b2494c11bb16d

SHA512
e0fe9f0de3dd9b51786f7d5ff549b64b7db70e1a211443bdbf44982188cd1c71f03d0b1fa3ae354670020679615d23942dd520ad1fce22646253493022c50be5

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
28b20a47a682173f93dccf3921d4c69d

SHA1
3e5aa4d131899b0b367da569f801e216984bc941

SHA256
f224675401924966c42da19362d6d1b6544c1003c55b036bcfc6355fac8e5b44

SHA512
f826db99b77c00e037231b6007adbc693379df859c44f1ddbcaf9d9fb127b3bb5340d09db4bce68d1a482794d7e3181cde0056829e040210eb0e4279a69f99ad

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onBlue.gif

Filesize
90B

MD5
452d49e23089f887dcc36e7cfec0c4f2

SHA1
763d0be6d7a79422035668ede6dd674a1b4d745d

SHA256
8e0e5ae10dbf677e535b295bdce362456f88f575e77cdd1e62fca1d6c75b1fdd

SHA512
285c5f3d3cfede518d4b6a1ca47e4738e8936e0cacbb423f9d9dfdbed5c64d5f7e8e657a0944a8cf615804402b19c33eeaad1a71ca2a086690e41a4af2503088

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\gradient_onWhite.gif

Filesize
90B

MD5
b3cd2a1d3551e7ec412cb12cece040fb

SHA1
ba12d66d71e4bcc1a5810de98ece0b2793e3cff5

SHA256
36a2f88d6a51e59194284e310e4740c500b644b703bd8b939dfb08b39fd3d550

SHA512
8991232256deb9fa872c604020cc1e3aa217bc397ab02b6ecfd03b6d8debd498a1a5b29a4a235d9410dc9069b9872211c59f22764330a8a57fc951a04fcf3649

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
e4d41c23e04f9fcf29c03d77147dcc9b

SHA1
631315948d2da2df12aa45c0288d0dc5032ba099

SHA256
246bbebbb6b6c69a8cc3819dcc7cdda91714ee8a779561001f26a7f3896e45ca

SHA512
644c0246211b581a6b88000ba9216e77e1e2589d8474a2e629268c3b6ecbc25199afba4489e31eb93740a00f55c6c14f04ee8304535d338b90e28450ffadaf74

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
d2c13708f6380c35c5dbd682b808f0c9

SHA1
fc69f992da129f60f77536a020e5c4fbc68f82b0

SHA256
29e4a31815e17b03aa3faf116c7d99d04c8e3c5368122ffb756d5a46dd3901f4

SHA512
dee3b5d518b69dee5568ec344b669e245ccf09746d3520f0083992454b0183533d0705d5c5929ce1af909e4db759748b265ecaf48bd2075407764eb43dd5dea1

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e106827611dfe1cd524400aae74faa74

SHA1
fedfeeb83f9d657e725a9ee5e6c01c1bb84a81c7

SHA256
1a0e35740fb63d357ce923fce53805b9d80d0fc20388db01178a5c0772bb1553

SHA512
1518574778b02c8a250a76637afabad8225435e8365a6410a0b2ff03c9cdf11cc49e6431011180910a73e4a5582b06871318454c5144e96d537f248cd4d0f6b4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
df28862681bf1c09a365b19f11e044e4

SHA1
fba0289f2f104cd5e53944fdfbd1ef46a2abf122

SHA256
7447abe5e93db894de44f1d949c4f58a59c5334aa11cb219a83dda22dda3ae05

SHA512
55968c806221f203c9962fa022458718cec2bc85b651d0a94556b590a5685607f568e2ac673f0a1338a5cab026a19dfb63902a847e4b9cdb8ad2d9dd245d6ca2

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
c0d7bc3404cadeca65478a566749b6c2

SHA1
9079424fd46095f8569f8cfac330da951c569418

SHA256
22c5e97e0d69c5b32426c4dbeb00289f3e13c3f384e2586ca67a5824e7052208

SHA512
cac97f6cbce9da53459ba1e41abd3651bc77d4986ed02e2dbe43fffbab5ac4c3dc53d166b61530fae38576cff8af28c19e7a497d120079dd2061ef28c5d3db57

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_leftCorner.gif

Filesize
65B

MD5
da14d7c47823f93d4998de74c6b51a36

SHA1
4aea53e91f33fa92fe4d8a7689d353d12c08f31b

SHA256
ccb534fe3fbacac74d73e0cddcd55b8aa0c255485d1245c434b227cede5e5746

SHA512
f566d52f076df743315e37f15d2220ca6f0b76e242f5fcadd65e2eee86d08ed061f16eca65788dbe6d7b754bf3b8fda1612af8b426d0d29e87abaae995517b55

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\selectedTab_rightCorner.gif

Filesize
65B

MD5
4789e7f96983053f665b41248ac7d82f

SHA1
7cbb6436311ac5721caa0e731d825dc64e1dd482

SHA256
69096f46d09274b27aeb61dd3bfbaecfd8489548fbbaf92063a49a770d6449c3

SHA512
bc4834a36cdd5c3acc31f2fe403a24d875b6fa5f822161c88cb2f874e712ea13d49c733dd5b2d70dace99ebfb3ff9c2474607fd7666fb27ba58a8a5d3f265b00

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
e8b3707c97d91df8eca87ce8c2cc0373

SHA1
b191e9302c41769533307c3ac2280c5f10799f1a

SHA256
241d129d0a584d4383d7f9522ab0428dbf7b71cb93bdc44226af2b08cb121010

SHA512
c734d0b30d046b68d45d6a011d9019c91fc6046dd68ab14d145ce51d98ed0541fa2605c077f71719711d40148832279a998312ebf3fab54a26d11709515bce16

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_leftCorner.gif

Filesize
65B

MD5
291a37c5075c9fcb49c88dca7e75abcc

SHA1
81154fbf92332271d48da4595a230fd4cc52ee74

SHA256
5850d8b1f525c41dbb189fe36aeb3b4679a38f2022f7b9a0d4d9259794d9f96a

SHA512
1dde86e5ef955d54edf470180050ec7cb41b09d60f15ad4baf1237276388e5a9829359ed99bbedf27fe8c235afefc0d460375bbc91904845704bac469a43cb4e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\unSelectedTab_rightCorner.gif

Filesize
65B

MD5
2441e3c16908f11b6bcd236f93b3ee35

SHA1
e27b2ff1c14a5b08cf217565a28d5edc5b6e60cf

SHA256
d34cbb1559618e4e8c85fc4e12d04c60cca5dbff252284ca1efaf4400b9c53de

SHA512
776a90903c011f53aa85c9b5a96d9b93ddc49b5e862a3c1712e63402c014de62222ca568d37b9f4bd93f1348eacc35a91e1be5ca983bfe16b7c575ae3d4bb08e

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
ba594efb4b6653ee614caa18d976c79d

SHA1
d7e3dd845dc5382794e90163701bedc22e43ed96

SHA256
e629449881b0aca639613ac5f7e4b96cd3a15fec1023ddba07b3cf67a3d329f0

SHA512
61fd14e57161417a1acb8cb5c891cf02e1875925c1a71dc6a1025b237fc3c0450119a11ea84393f1a1ea8ad236c5d019d2c6c1986056761cb7b33e25cd8bb8d7

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\security_watermark.jpg

Filesize
49B

MD5
eee08885066978361d8abaa17ff70400

SHA1
b3b15f5af702f7516ad5b24c13576a80e2fdb844

SHA256
5e4305ed89c3d1a1bf6e9cef7bbca30c367ecccc1bfb22a3175b1595a1d12efe

SHA512
1b0595fa28f22019b81094974e4a9977b666c74c627559a04cbc0b45abafe0e48a80ef053852fa7a4f30c353c9f1c5059a1fb737dd860b7a101f8470710a8460

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
ebc752fc0c10e3464103661a6162056a

SHA1
9c72bd1abb838ec9abb24bd682203bf934de25c3

SHA256
7a0515c70890c8a6be4a89e6153bbbdce18d0173ca376099dbe9a32d897bc474

SHA512
a12d60146e253cc780f417888a6a2077d7ab76e7377a02d9f6830a1ccbbe4a2a3dba1ad52e0a5a0fc1d839ff69a635a6e9e21eceee25078b1cb39a0c05739a99

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
215ba1f1ab13aa4f4a292fb5dd11213b

SHA1
b6baa4fbffe23f16a52c1713e5109558f003a512

SHA256
6d9bee1da8c2886a7d50c52bafbd51388c165f1a79ab7735714d32ad582c9c3b

SHA512
e5d2ce66749590ba80ed7b5fc68b3f57e83689333365950f381b2ce1827fb9180cfb8abc763bc07767875edc04dc860c142282b8b67cb520935b22ba871a0c56

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
6a69a628f1f41d723cb7d8be769c0ae1

SHA1
de2a6769d4947ca1d0b74684f55e00b3f01eb3d4

SHA256
1175f3c405fe5a82b928618a9e6c70ca41fe421cda6a6b1f191589dcb387bc66

SHA512
2fca2fac28d6a5d6f6f367c65cf33a83d910beed8eb39240397831f5e0e5bafa6a6321b344f22bd9958f42d35a0fabdaf92ae51bb3d7a381420001f4a0cff1ca

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
3707bc19d9b9f28e5812b2d6312969a7

SHA1
de46fa602312849ec93a9c954fecf0e25192a8f8

SHA256
d832b1e05e84ce3b7d53a13b93929b0a37268f42352a6cc8d41f491281754411

SHA512
fd1cf89bb2fed6f8bde082ee20a49bcf9ef400762a6cab1b960719d68e528c58437c584c924973b445333bc3790944d6afee37053f9c2f0a440f72cb236eec78

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
840724390d2a26c00e6e6b9ff440e9ea

SHA1
2c1b8bef2239334e5782f0a999f55efefcd9c671

SHA256
e2c36aff6f82ce81748b28f4e865b1d8c87ab481946f16ad9fc8f546a79ab43a

SHA512
d21e338aadec8028c14739acb1da3d6ba2a5a36c165c1709871cccaebee8397af706e676687ce8309c1c99bc0a85f3219c28c07c94a5f93134e829dd934e0cde

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
e37db6aa6f4168c4a2dd31452a67bdc4

SHA1
bec9aa733df13a1bd282da738c479757b822ba38

SHA256
5a4f456233c151489a3f8bec5e3e579048338cc3c862908bd429b2a042117d64

SHA512
35e4eb5963117c6d57da71f8c0a86985c8680b8103eb05e0400ec1b5aa1e3f0fce1daa12ef1e7f0f7c91ca39d49086487264c17cde2ccc574fd4db4fa8a42cc6

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
6ce2ad74b625c695f7a922655109ab41

SHA1
e7d4198985654cf2bb75fe5befa28a38a0407c6c

SHA256
b914c2fc6228f2ba113d462d5f3431a049edae27a499d9c5384cc101f268e774

SHA512
eaf223cb67dfa953d1269e21520f1816c167ed188705f083f1cdb2a65ed56f5cbf5346d094e81a0da4354f617e8ccea4882b185b416cc923d858b79b8e1c3424

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6c2c973d8d65793d81b21ef12fa5cdea

SHA1
3b48606faa71b04d5757ff5ff445b3741d73639b

SHA256
813050e7456ad51af186ddd87eaf589b849863066f27e8d44fd294bbb6e62ca0

SHA512
39355aea525bf579e4bd35367d8e01aa18854f35c6d3587753d14c3295cb392a6d60abe655e249b55157dc3b58faee6b988e45e17bb02d0b3a6926f76865e09d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
13536f3ff306d0dd47f00c35670d9c92

SHA1
88485ce21829bc34474e92d3fc4f5111e3f6c767

SHA256
04ed574425529b1b8e8bad721495cf20b41cd8d12e1da2296a81579820114529

SHA512
c1f4e36ddae5ad821ffdafc372f29d3df946180d4ede55bad24f2960060b67b30ec14012cd0c011ed1d248959b8fb20b883a2ad31592d4e3e4282307cd599312

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
d027f3b1e68aa590807055a4482ee185

SHA1
4c83591838e7efe8e681667224a433d1d8fa9ef4

SHA256
93cd052159a2fc9965b9a3d8a4a7c33d60789ac5c2e27c9585509ece63a77feb

SHA512
e6daba987a4204663edb9e956e702517d58acebb379179bbd6a8d564f68ec32ee2af4b71db968a4039f295568d9a7cca4ad0db54f1c0f75bf40fbdf751498853

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
4c14907f6e6e04b649ee1382f6961047

SHA1
2b4467b9aedef52b84be63f330026c66920d15b3

SHA256
6f6244eecbe32e91ab1ae4f5dca55ebf11a4d4851b73af223e6ea9eee782b013

SHA512
89fa8af6956f77957614a4c904d5d5afaa8612c21ffc3d96aa58ccf1fba7623704b2ba0724eb22d5fdd8402242ad926c3dd8cca07efff860913336f2b9362e6a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
7adb6ebada4534f7aef22c7854c932e5

SHA1
de006d3e0cfd6b89a32463dfd5e0dfd053246ead

SHA256
de4e7bd96ec1c06fcf9ec373b1dba48dfb8a0fef6b8c737e011b53a8ae8a6fdd

SHA512
c9bd7a57a993ea468f14e10e0a4c34a8f26c87ae7c05ddaa970e3182d09ca8c4c6c561759248f2c56c598a39b71e5247155abf85f0f1a907383f4d6d5904fef9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
dfa0ab9fa22cf534f94e641b2f966f39

SHA1
8f91bb4580ab2d6b7ededada81aff5aae1dfe771

SHA256
aefc48e14f1b17c9972101e0e425560e63a077fa1d65862c2383c23c0106fd5e

SHA512
60ec8eccac933c4426df8f26fc54cda832234cfee36bf362d0c6f932d2ae6896f0871c157460d2a3a5e6e3472447d2fc71aabbeea41c89f1a3ad6d21d526158d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
f827b7f51776c3e945d09aca04a6009d

SHA1
6afc3ffd3165394ca4df181cc45f4146a8bfe806

SHA256
c2765020cff1f79303a587d2185374d8999c65b542117f435826a9a8ebc7c277

SHA512
e18a4b7d4e783b0434b9a173de07bcbd9e58a34eca2bbbea39488c22ede852800b09e8edee7321ca61693bac75bc5bebe2e96650d9a3e4e08096bbecb842db72

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
9695199f2bddd3cd4040a0e63594f585

SHA1
26a2e3392110607dd194c893376ab4f154324223

SHA256
6e175aaea4bcd889b1385b5c9db2974ffe6955c93e62afd085a1c25977faafa4

SHA512
371a435489896af2d9eb699f76d6b0a25d5245d7fa85fbe71aa382d6a68ed2f1d06345cf1bef0a74d6d5be23a77605520a703ffc398a21a8cbad9a3a65158371

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
e8a48beb4eca4b36a8a5e4ca29898aa7

SHA1
0093ba5af2c74b558da939a80d49d2d68b1a171e

SHA256
ffbb9481f4da530e2044f35acc8e92a9a28ef4cf0fe4203e517d88d9fea8af45

SHA512
465b0becd642b21c5e2866af23e2d0579b45dbd834f56eaf0bb628eb4ee53c1e34594734523ec3f6e245bac1fd7111cb2d162a71319acf2fd0444a58fb909d46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
4b24f1c9881e4f55aa4f11e53f94c53c

SHA1
34c20353fc8ac98865efbe82b481673dede6232a

SHA256
fa6e7e082a9dcb8023d16624e036877e0160dbc50513e4ba8b5fc1d5f54e8a3d

SHA512
dc66c7ca7c127a50745436ec106b24d01922e5d88681484818f6265acd9d15c2f6a7969702dfaa14dfd61c62f3eabd8457b7f1c4ad3422262935518c5182a988

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
3e20c7d9f127ae2546c396525579972c

SHA1
592f1cbd790772306897295653369ffd23fb300d

SHA256
b3d2b73534326b2d1474f4bb50c53ba599e4ba4f9d88187335a9c57eb054a4b3

SHA512
0f981022e5221078066e18525bc2efda33467ff76821bd0d6b0bc336dc2d7c63f2c25285633b980d6748859b2ce3e8ee6f86648885a1c772f58e1248a67df6f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
97bd3b7ce482bf0cf080b77b1f093c1d

SHA1
0615522b7e19c4095d67472ad39060df39d1e058

SHA256
540f776d9b42264014ed8e032d947beae4eea48006f84ad4c13a23c3a1c49e81

SHA512
dea97d5f3e3dea5c34627cb27570aa1e9bfd6a726c85621918dbf8137047e7145bcba32f5fd02c30793c05d99acc84a4273d84344d1db2c2ea1e879b11487ecd

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
b0ec7362f48674248a606b520a2c1b11

SHA1
092854307f599a3139084623471d94220d0d062a

SHA256
30e978d7bfd8a6925b8e0ade5141eecb3ca3cc44457be05acb5cd47d9a777695

SHA512
eacd4b92dfc854e4f7293f14695c319003d06d9e0df486b6dcf80f8837aca74c4c45c31078935c08ac9e484382fcde4c96b80e02db05d51f7eb499f3289cc1a9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
cdd21fc0ac1f4e1f1bd67797fb1af78a

SHA1
ebd5069b599d7a304e4d7f200c9c75fc51ce7c18

SHA256
8aad3f889420a49661409b49b6c8b60a809c0674ea92b4291046bfd4220a4bb7

SHA512
5e4176374167ab1b879083011abee7aece870c5a8aaa8ba056b376db51ecf7711fce1a680367a61da6ee06636ed54de4c645c543681c145a47f58b3faa67b9e2

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
76bc8386bdecc002727735ac3b3c3654

SHA1
93a05db7a5c391a298e967fac1ee2d5377dd56b5

SHA256
5cbe0aeb20faaaadf303f37d23f9e220c96c65b1ffbf157d328534189d4bb47d

SHA512
ebbb33a57466eb755b4fe115b372f0a03302e754a1bb06564d97069c62a9a60811668f03d21f754a9422127721e511880e86b7cf82aa34e4bc96ce1f2ba71217

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
0ae42cf9290d420fac80f14f51db79aa

SHA1
40677b8877fef024de2da725415a565f9ce5fbac

SHA256
bc34a6597c6dd58f052bb783d0cc26ee38037cca6d35ab5a78df686ccde792df

SHA512
bb1a050f3eb192ab2968d20a9bcffb4bc7adb599ddaa533f8a9b8bfc9ece8a64fe852db757f845675187b28cbbed8660aeb751dcdc4103b986ea22bcf68de0c5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
6bb9150c5a7ec9734caefcb06ebfe8ef

SHA1
7e25a81cd835d2b9281ce30d5b6881392ea31d63

SHA256
c1993dcf124f6b5df17c4e6e6abc6a42fce9eac48613ab29705d4cc4d6816c57

SHA512
9f141cef61d662f6c4fb2e57522c8c1390b8536ae003a3dc5549dab583e37d5b33ed78905c27a5c9b981c85d3cce68d23ea36a77af3bfd034a6b9e70662b89b7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
cc4199ce3cca0b647c679d2613f81be8

SHA1
8a2315c6a85d81019c3c6196e08c219b54acf532

SHA256
4627676f43f468365420a797f41f75ed01127195e908a3ce2011a3afdd88c175

SHA512
2ab96a67f98fa35c7120e04d520d0fc6969bdd45ba65b313db935bc8dfe40772dae9ae6ae2f029319b94a9e7bff94cdd4386afbe779e3d8c44ad18541451688d

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
8538ea0047e0364a22f54e352f1a53bc

SHA1
f54cc54c14ebe01683d02d218c68abe7e6cec0f3

SHA256
3abfcdbc8dfcec9874eba374b78fa75f69c8b7f15585bc5f02721ed556be47dd

SHA512
89c20745c011bae4ae9f87bc165f14be1c098a51a51469bf10f157d5ee933d343dd20a276a8f15408a5e3bc06866a7fcfcd4f0924cd35dabe7d5a726969a5f57

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
8feed4316f6e91c0d14606c671fe1af4

SHA1
663021d36afc0ea7d10f42cd6c41988ea1845c87

SHA256
ca712b1b1281a5555b69f1f01aa96eda9766f9c20bced507168346e6ba2dbc8f

SHA512
e6ebcc96cbb7367bb6a51adc209849e8ee6a2d96730312501bee2b1ae0921e24bec5c48a3e6aa46547b42ec6720c61a21a7d0f457bcebd027cc26c2980cc62e9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
08b466785f989e5609aa8e35729d3687

SHA1
cf073dbbc6db6460bd7fd8d5330870ee0ddf80dc

SHA256
255fc9bc08b86f77397893e012a804805621bf970fbc483ee4987a9f4fe75c92

SHA512
c6b397d8c019a3e51525738015b4219b29bc903b1099af9e5d4b40a751720a953468c77a18324f067a97c8b3e8372b61e69092abdfbd7e32c4c1d0cfd4be7c46

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
58c5c85b8c901213abe6709573892314

SHA1
fc82fd41a24fac34175c571dc503206c2c981708

SHA256
0a9394464ac598b50fe6da6de1a536b18746c2ec62cb439550dae4d1be51c8fd

SHA512
0fa610d57a845964359eb7a17e68339e3b4f15e07545009a1946a457d84c716df9c3634a2acd438b15560e9a3be493f8f9a849a2eb2094001dfa1a8cbbe63347

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
26d2b1dbad41f8858465612decc73db0

SHA1
7ab2e85352261ea7dec1b7b50b268f9cbed647d1

SHA256
9240615542d8aed2f4b60c09c9cc2ea7436be7abf27b534847d000141bcd1ce2

SHA512
f92147292cffea4618060f46db6925df4691c8fedd2b3515e76bba79e37b9d1c4cbfbecfea631ce5f9b0502c3df1d9e8c40e697153a892f4d7e9b9a9d0a37160

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
5b246641eae46332d8f1656305e1783a

SHA1
a3b46d4a74700e4326284a1ae4f19eb5a73ebe3a

SHA256
2f56271a4cfcc194130704eb622bbc47480c6783457d8fba09b78581a0514daa

SHA512
83c7fee06358090b775c443ffeb0d6b7c72d50916aef95f828692cff6e690333454e1934a571a539df4bf2015e3bf05ae2784757501e9c950c88edbb638d5afe

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
f3e708453ac264e35c45f3b310cc7da1

SHA1
43c3ec9ee079705582528eb89420f7102ac642e4

SHA256
a2bee7234d7a284222aaa0c482b82a2508ea037b26eba4d79c1cf4ed1cdb4744

SHA512
3b8bc327a466462b3395ede8c8ac4ea6c10e7209b8da3b7936b164625b580925b730543efca6e15045eea405a9f210394de26723683a348bee88d1919f5b0cb0

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
01e5cab0e287c0ab229174fc36e8a5ca

SHA1
befb03b76d370a115c0b7558a6f3f325d9c9dc15

SHA256
667e61b2e99ed3377c06867e0edbfcc4906faf5b7b5ba6e0646f52ad14c85080

SHA512
4a4452458d4516ad5f0c083937129c6232aa8aa2d8efed4734d4803250e1f4aa952773a952b9dff8ff88a242455d9468619616e620f0bb6184ea2476ef411e6a

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
ff861d26d6b7b991ba68ea2d4255d57b

SHA1
789cc8ea6c8743c6b3b72384a6de2e9d1e1420ad

SHA256
c6efdbd39f2e53ac5a01ec2d4182530417fdceee6e0879ce4b24837ab52cebec

SHA512
706bfaf0c86b258539c97364b5aa813a2409803a9f628acd8e00f43ba1576bd1bbe1274cd42130b21903e5a0e697213109a61d1bc3b4f8fff7888a3ac2b6f104

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
104b671d4142c19a5912d19d725a4fb0

SHA1
3f3548fc83dec6db7a53413ecf8cdd4cd8d71669

SHA256
82b18d30a9a6d44478d5a1c58afda31fe7229d96634dbc1f19ab1bbbbb1779e4

SHA512
07ac1d5c757305986de8e3e8e63d8ab78dc1bb0b67079dfc2b88d0831cb8796477bdf013ba57e981a19e9a8017d11b1f1cd3e31bcbbad9c5aa81eb080a4ee861

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
b027c7e1b43449947996682966a9b2a4

SHA1
b5c2e65b304914d53d0cb3c8da3ce225928ece57

SHA256
69505ddba311435ecae3f37cb7537527555172bdde0000a562946bbfa67219ed

SHA512
a74cdf953b10c03a5928198fe0a4fecdf06e99dc338563bb0536268b85e985e1c06523483e515f4ba3109767aa7560f0f5ccdd65af1e5abde611bb07e5e6bf5c

Download Submit
memory/4852-6149-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-10939-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-10487-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-6146-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-11272-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-11273-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4852-11278-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download