xorist | 209f0dce943a3c800306c8fce83c6a4b2c35404be0e300c2e58b9dca78e39ef4

Analysis

max time kernel
95s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Size

7KB
MD5

2555237f97dee9001c766a3883d7238c
SHA1

4fad739590d3afb1827c2347dc7a0cc027ec8034
SHA256

209f0dce943a3c800306c8fce83c6a4b2c35404be0e300c2e58b9dca78e39ef4
SHA512

fee606df6ded2a41db4b4e1280da62d7feccf3271ec87b8045a1a2c22274ab6afeab13b7d0f0396b2ae6f90d75d8b9e03270fcee765d3973fa04a08ae2901dae
SSDEEP

192:Ab12QuKByDo/m/NMApWGBaiyPQt31tMUA:0YGhTUWmT3/MB

Score

10^/10

xorist discovery persistence ransomware spyware stealer upx

Malware Config

Signatures

Detected Xorist Ransomware 7 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4928-6351-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-6350-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-10706-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-10879-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-11186-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-11191-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist
behavioral2/memory/4928-11192-0x0000000000400000-0x000000000040C000-memory.dmp	family_xorist

Xorist Ransomware
Xorist is a ransomware first seen in 2020.
ransomware xorist
Renames multiple (2182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 9 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\drivers\gmreadme.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

Drops startup file 1 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Alcmeter = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe"	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

Drops file in System32 directory 64 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc1-controller.inf_amd64_63236b4ab51ad398\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmeric.inf_amd64_41ae7c84b8d94de0\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmpace.inf_amd64_5e0fbd01da4f7c7b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_x86_c62e9f8067f98247\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms004.inf_amd64_c28ee88ec1bd4178\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\es-MX\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_EnvironmentResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\halextintclpiodma.inf_amd64_7f59f2c73a7fab14\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmoptn.inf_amd64_583bd0f3892e01df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\it\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Registration\MSFT_FileDirectoryConfiguration\ja-JP\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\acpidev.inf_amd64_0f7f041f33bd01cc\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ntprint4.inf_amd64_0958c7cad3cd6075\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\sdstor.inf_amd64_0d2a33dd67a36577\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbser.inf_amd64_8de53ed035d71856\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\0407\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_ff37da248ddd748a\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Dism\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_LogResource\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TrustedPlatformModule\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_sbp2.inf_amd64_db7034ac4806cf05\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsier.inf_amd64_3ae2ea3a55ec0279\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_x86_360f6f3a7c4b3433\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_PackageResource\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nulhprs8.inf_amd64_e65ae5a38cb839e5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_154e6da862a6dc30\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmisdn.inf_amd64_ded39545dc6c301b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\en\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\MUI\040C\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\VpnClient\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_fsencryption.inf_amd64_b4b4845819a23338\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsii64.inf_amd64_0f02175b17cd3f66\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\040c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BranchCache\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\winrm\0410\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\oobe\es-ES\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\it-IT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\BaseRegistration\de-DE\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mdmsun1.inf_amd64_5b6db32fd04403a3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\memory.inf_amd64_9af3a8a63d4cb5f9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\lt-LT\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\nb-NO\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\wbem\es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_ProcessResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\Configuration\Schema\MSFT_FileDirectoryConfiguration\fr-FR\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\avc.inf_amd64_0eaf27d749819837\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\iscsi.inf_amd64_c089962740ea1f84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\InstallShield\setupdir\000b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\migwiz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\de-DE\default.help.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_UserResource\en-US\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_WaitForAny\uk-UA\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_pnpprinters.inf_amd64_0c653d53a35b896c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4928-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-6351-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-6350-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-10706-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-10879-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-11186-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-11191-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral2/memory/4928-11192-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionSmallTile.scale-150.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-40_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\animations\OneNoteCheckmark.gif	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-40_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-72_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-white_scale-125.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\MedTile.scale-200_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-400.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarLogoExtensions.scale-32.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-400.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-24_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeBadge.scale-100.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\FetchingMail-Dark.scale-400.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-24_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\added.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-black_targetsize-64.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Exchange.scale-250.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailWideTile.scale-200.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\icons.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-36_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\Logo.scale-100_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\31.jpg	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-20_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsBadge.contrast-black_scale-200.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-80_altform-unplated_contrast-white.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\AddressBook.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-16_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-30_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-125.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-125.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailBadge.scale-100.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-80.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreMedTile.scale-100.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-400.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected]	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20_altform-unplated.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.contrast-white_scale-200.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-256.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-32_altform-unplated_contrast-white.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hu-hu\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\Windows Mail\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-400_contrast-white.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\bg\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

Drops file in Windows directory 64 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..-keyboardfiltercore_31bf3856ad364e35_10.0.19041.1_none_56eb1eba7e7d3a22\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sxssrv_31bf3856ad364e35_10.0.19041.207_none_3eab5ab615eaf290\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_system.web.routing_31bf3856ad364e35_10.0.19041.1_none_7223c681aec12a38\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-c..fications.resources_31bf3856ad364e35_10.0.19041.1_es-es_12731fcce0780167\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.19041.1_none_db3463b66241962d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-r..vices-rdpserverbase_31bf3856ad364e35_10.0.19041.1266_none_df611733f1f65c19\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devices-lights-winrt_31bf3856ad364e35_10.0.19041.264_none_fd8e7e5b1e3eb4b2\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..erservice.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_d588cc6bee78032c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-ie-behaviors.resources_31bf3856ad364e35_11.0.19041.1_ja-jp_4a7e8ea9a7968b76\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..ivesyncprovisioning_31bf3856ad364e35_10.0.19041.264_none_814a9be57f374dff\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_c_proximity.inf.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ffddd23a4d319a46\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-audio-mci_31bf3856ad364e35_10.0.19041.1_none_d2fe66a98b958647\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-c..registrar.resources_31bf3856ad364e35_10.0.19041.1_it-it_264142ebc98075d5\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..manager-service-api_31bf3856ad364e35_10.0.19041.906_none_451f9f9f8c8636ec\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-appid_31bf3856ad364e35_10.0.19041.546_none_3f9a019e45575878\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_he-il_cadf785367c26b84\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\diagnostics\scheduled\Maintenance\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-c..s-manager.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_79934b9fb9473bc9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-printing-powershell_31bf3856ad364e35_10.0.19041.746_none_349bfa9e0638e409\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-s..e-runtime.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_34f1ce58c3039dd8\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-time-tool_31bf3856ad364e35_10.0.19041.1_none_ad4ed32c0facc27c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_hid-dll.resources_31bf3856ad364e35_10.0.19041.1_en-us_cdcd73f1d4aff533\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-c..ngshellapp.appxmain_31bf3856ad364e35_10.0.19041.84_none_24f8aafdaceaf0b5\square150x150logo.scale-150.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..imization.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_712b803a8e8506d7\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devices-printers-winrt_31bf3856ad364e35_10.0.19041.746_none_d9a8ccfc8fa70f23\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..omponents.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_8dd5d8c988f1d845\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-antimalware-scan-interface_31bf3856ad364e35_10.0.19041.746_none_3f024f186a43ff17\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NativeImages\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-wmi-core_31bf3856ad364e35_10.0.19041.1081_none_38869341091832be\r\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_bth-cpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_a2a3fd470eeae4d9\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\msil_napinit.resources_31bf3856ad364e35_10.0.19041.1_de-de_2a140752bc67ae18\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_11.0.19041.746_none_03878c0fc2f4e725\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Assets\Square310x310Logo.contrast-black_scale-100.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_b817dbd29134ec4d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.19041.844_none_d9eb415c5b9dbe4e\SplashScreen.scale-150.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..providers.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_40e4df6a21c955a1\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-dll_31bf3856ad364e35_10.0.19041.546_none_60324d60a5ae9b6f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.resources\v4.0_4.0.0.0_it_31bf3856ad364e35\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-locationprovider-adm_31bf3856ad364e35_10.0.19041.1_none_c2c148c44b59d086\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-rastls.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93fbb79a851dc53d\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-f..emutilityfatlibrary_31bf3856ad364e35_10.0.19041.1023_none_cd8e4e754349d46e\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_dual_mdmntt1.inf_31bf3856ad364e35_10.0.19041.1_none_bdb5cef29d5b2a2e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-e..ifiedwritefilter-ux_31bf3856ad364e35_10.0.19041.1_none_9fbebf8222c20a6d\ResetDriveSquare44x44Logo.scale-100_contrast-black.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ocr-ja-jp-main_31bf3856ad364e35_10.0.19041.1_none_de3c43dedb6b4e34\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-t..atform-input-ninput_31bf3856ad364e35_10.0.19041.1_none_74ab4b3f5126f808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.19041.1_es-mx_e63f48588d1537df\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-t..ices-msrdpwebaccess_31bf3856ad364e35_10.0.19041.746_none_6fd85971debf998b\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\Assets\SquareLogo71x71.scale-400.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-l..er-driver.resources_31bf3856ad364e35_10.0.19041.1_es-es_350331d5ef44995c\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.19041.844_none_6f27e9e1e7c4fb87\f\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_windows-media-speech-winrt.resources_31bf3856ad364e35_10.0.19041.789_de-de_98f28abf04b228e3\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics.resources\v4.0_4.0.0.0_ja_b77a5c561934e089\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_system.resources.writer_b03f5f7f11d50a3a_4.0.15805.0_none_5aba01d57fdfe808\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_usbxhci.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2bd3f83975569193\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-p..ellextensionhandler_31bf3856ad364e35_10.0.19041.1_none_dcd885cb7710303b\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\pris\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..trolpanel.resources_31bf3856ad364e35_11.0.19041.1_es-es_0c388a97f28a7905\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-ui-shell-component_31bf3856ad364e35_10.0.19041.1_none_03928ee4a9e5894c\RequestedDownloadsLargeCloudIcon.contrast-black_scale-200.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..mof-admin.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_0808e417dacc8ba6\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\wow64_microsoft-windows-i..gbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_28dc2f59fea46cdf\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..imeserver.resources_31bf3856ad364e35_10.0.19041.1_es-es_f4eb993ec8a8d47e\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.19041.844_none_c5675ea732c2eaa0\SplashScreen.contrast-white_scale-100.png	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

Modifies registry class 10 IoCs

Processes:

2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.awpteam.ts6.ru\ = "ROQFLYYPPLMZMSX"	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe,0"	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\ = "CRYPTED!"	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\DefaultIcon	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ROQFLYYPPLMZMSX\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\oC9nIClW9awwKro.exe"	2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2555237f97dee9001c766a3883d7238c_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Drops startup file
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\aic_file_icons.png

Filesize
50KB

MD5
e19d10c7a56d10119e28f7a3140d2ab0

SHA1
e60b35d133aa5b33ff1053671b54885639c4421a

SHA256
32cf949776c344f326a67d6c65d65bf93bfb16376a2fca3e7f600411ab55489c

SHA512
e55962d7dc0a793114acc8415da68d92f87e9f270bd19615c04c26432c5590ce53e00abb8c87965f92e0bb9045ca42b9a6cc0011fe9af7753c6de78d83e9fe50

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions.png

Filesize
1KB

MD5
a05b302bc87673fa526f2ffc77597c47

SHA1
8d70c9c50af75b73d53566c84fd9b9fd235b9198

SHA256
90445841c5bdc5874408a876c28f163869cff005ed026c9a64e64582d2b6d778

SHA512
764e322b6e934494093fc130bd17455e304f3c520869a5fe41a59f303ab5f38ef79443e46832703b1e428bc26267d2e48257011b23ba73b15d2afcdbcd762ca9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\selection-actions2x.png

Filesize
3KB

MD5
1b92043b28956b33c4ef58550ec4eb93

SHA1
af0ca73baef5674250b337cedddf2dbf76eca00e

SHA256
a6ed4d80dba0951645e3bc45d0ec636b2165ae4932078bb2b9a0d13e48c5b1a1

SHA512
f3b8928fbd58347d3bde7198a2d802f4b09f428d44113c0b79df9f22abc836b4e63a4751bb87e6ed67d756ba92dcac93261da085e48525f8ad1ad0ec2a1d3ccb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons.png

Filesize
683B

MD5
8f390f072a3bdfe84d1b4413cff5f3a0

SHA1
b7491789b74f7e569d7617cf80927b223e454d6e

SHA256
6410a9cbc1bd8c8bba5aa30a64fd3acb6567c30d4d834caa4c05129df5087981

SHA512
2103c7c900e515861fa7585c52cfe8beb046b49dbe258cea46ef9288798a2fcf74d114b776cd55c9af4723baea0af57138bf4f2615d8d91369783925488951af

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png

Filesize
1KB

MD5
6adbcc436ce015359f1fc34d95bad35e

SHA1
407e9de7affddfd110db6f8949dfb33d4e8111ae

SHA256
d19b9277d7f84748772f1ccf619cd9d6f74e14174597500cd1dd2d9943e5f518

SHA512
ed4f0552a8b33b725538c47f0c90372c867e86cc2a779a85711139a6cf6521292183a290a13f4fd99f8d6b7223bef64430cb4197951fe3c8b0ba94e7f0871d30

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon.png

Filesize
445B

MD5
0166c8a96ddf663efdb6dda717efb4dd

SHA1
eaefc0b302d14d6b884c915394a62d8ede1df64e

SHA256
fb7cbfe4384845d1c272063d412e553c3770f281f109d320b19ee04b358f46d8

SHA512
6ec63154dccfb79614cb319b7a29f24cbfcfafaa89580b70846f0f90706f01e25aa244921267d31db24309d159b29ffc1bc94a1bce3fa853d52e31c74775c978

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_2x.png

Filesize
611B

MD5
381027063ce07369301ffbfb3d9fc105

SHA1
34776b18167e1a2111d517cd9dec43466a9ffafe

SHA256
ea00c9dc574de48899016e05af76997cc0b808d4e02986743941574f8d474788

SHA512
e890255568b26c344aed38d8fc6c9dc4436c35ffc3fee1290f9784ea904cb49f4a5bcacfa10c1b98eae5881960680bc26e34269b63d71591551c114581f79dcf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover.png

Filesize
388B

MD5
781bb4686d77f2f821123484434f1f53

SHA1
9a85e96d4cb114b8365b8b430020494850e42668

SHA256
dc05aa034050f5f7ffc3975d780680cc73a487e54c56b418e3d53ad312a3a901

SHA512
fd386d292e6f8928a1ae7b20d6ae7dacd46342a2f81104e5680628736bcd1a0488145d25e1593d654635991d31cba106f9822d9012505b355f9adab3e07dc012

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
daf4b0204b6e4cbd5bb999a5743f1fb3

SHA1
373b680c74f835e762de98474b6b95443d44eda4

SHA256
f2e10596846fc6c14da174d1cda381548952c300248fb0a8b4a8b4237eb3d9f7

SHA512
c57537f9949b33df2020c029c42f905c402c0e63bae603553ffbcfbc6a5ced1cf2864bce3ab926c775627e75d613c6924009b1a950b27eeef5fc9da0e89ebc0b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon.png

Filesize
388B

MD5
30da9b810f7bfbb6e6a7edfd3c64b3bc

SHA1
114d5b18728815f465ef629c63dbe793bedaab39

SHA256
5f8fa94953feb8dd14fa274f3225199992414b485b3cbeb2fab7a7f9f45d4820

SHA512
a7b6a985414b31f1cfa6f88ffb5dc683f7ffd9abf9cf635d7d011e63efe39843670b0de7e7f97e47df7288f61124d7a69ecb3b40673b289daf9a03e604b013a1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png

Filesize
552B

MD5
5a4c7077ba49de2b7a82da893c8b5202

SHA1
5b80dab693f1338ca0c2b1131195b0ece81ffc28

SHA256
604ccfe25b2feb45193b45395fe960658d994f4b2aa1a1634ac70cc168411fa4

SHA512
09e38aa2f84376fc8bd398fb656bdd9d0a1ebbf3a3c29e98f7a0d1303621d6a4a9e198139c90426c07e18a3eb356bf29baa6c393e7342a663916950b12422a9d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png

Filesize
388B

MD5
57bd9fc9b09ce80828714db6933b20be

SHA1
58abdf11023119a554a5b9c023a37953a5c4165c

SHA256
ba5064f1c4620577c1aea7186b3ba5867d8340b4157060c06e577c2a37ee54a7

SHA512
9c2a186f042b1a3627070c314328a9d7e9cf6a0f433da4dfa86667d6455e2362ded169ea458b7b03f9b501047d387261d7a857a73dc15c4412d9b14b375224fa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png

Filesize
552B

MD5
513c2bc960757b151af738e416112e2e

SHA1
4970730d02f7b0c391d9417de32cc2457dfe583d

SHA256
a9f95dcde8bc67a12b2b08edaf3f724ad1882e8d62b00d201aa799f69ef343bc

SHA512
6d7735e6c2f1ff4f1034eff4239a3a06ca7df974a3e95ecf9ea5f0a0754cba24c297a89b99349562c64622eb737478d66cb2e224294ffc99bfba137c51958536

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons.png

Filesize
7KB

MD5
73a8a3f4cac0494b9610de152ad63cca

SHA1
dd2e73d90ab7870f4888ba82b0e7ec2d13c1e195

SHA256
0922a7225e0c208d65f0dd238eae4dc93ad493d28fbde3a2b65c2567e4be801a

SHA512
6b80a40e5ecaeabc4b595282d088cad4b2974101933aa7ea34da97d7916960065fed6332d5cb8cd5ad467e701206314eab9d71823b7630c8ecd288e745774f3e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_ie8.gif

Filesize
7KB

MD5
94c4555418a304058a3559eb76a361a5

SHA1
c90760217f0b03e8e60a8b7e2c26fd5ee1b188ff

SHA256
2e6b4a5b13bd7cbc5a6ede73c5034973b4251c55cdbaacbf3b643c349fa3a49d

SHA512
7b4fedcecc2b130d39e365477a6ceef3648e348a49d4271ba1f742b2ac8f8acc720beb2dd192c9bf4aefd05efc85138c385142e04760662336b565a5191ddc77

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png

Filesize
15KB

MD5
eb751e768e9e72711465558b53bdf398

SHA1
e874ce7157942161ac86944fa7e41c7178e38380

SHA256
e9c394cdc3d65ed38019a0b73846a20984e8143b06d560a7fc501b6ffb98d76e

SHA512
9c5a9e5499d1621ed5adc0f4fe7317d40229dfd58c9975d38201fe6ad2879ff626e7e93872d464036cadaf3c367a9fff75652718704c798a535e445b43ab207a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons.png

Filesize
8KB

MD5
1e4df5d30c98015b8b5bfc530a4a7277

SHA1
998765c9c8808515f3be39a8ad6eaedfa799c85c

SHA256
83b62a7ff8151bca4ace66ac1b24f613d4f707e993195f6e6147186d23ba6d62

SHA512
a0fc1eafc9cff8e79e7035f7cc73d00fc5d019fa09a6016d7c672f53cfd813f4023eb6e3702a517b8260b7f5d359b0117b069039d08e955ce8f557e7a8834696

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\new_icons_retina.png

Filesize
17KB

MD5
8ee85b73b78b928ecb2b9e602403eff9

SHA1
00fd4533dc43318a735adc2cb89e208254958fd4

SHA256
6fa3331386adfea18dfbc4f178b5cc2886f607dde272ab16653650e9c0e9fc00

SHA512
51a57bc409f981534de2ca8aabac6f619c44463aefd9223a40b1cdb5f14cef814c260b96440ec1c943cea06d64a091fa89c5ab20836e9c56a108296877087812

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_pattern_RHP.png

Filesize
179B

MD5
1cc4a692bee376828bfbc417e256adfa

SHA1
89019664f33aa686c54d95429e070571d13237f4

SHA256
3a075de500adf1d4c66742d4886564da2ede903b5a87a7975973e07d99a6cf99

SHA512
db553bd049bc573e88bc12767121652f0e9029dd562b30d68b15236b4a065fec296585b3a9fc148eac7e1fd56f38538ba4178cf99296fd554a7c6de6769cf8ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\bg_patterns_header.png

Filesize
703B

MD5
864166aef968fed24df64fcbb143b0fc

SHA1
552005a94f0fc19259902087b4b2699b0332d0ac

SHA256
d59a68edb467e4a1b0671891cfe51f8db4ed473c9e947352d1f91789fdee7a87

SHA512
71a372a6910bce459e0c7456d7571c1b18347eb1bce7c87f43a3ed3be8a2a0db1bd07da26158aed3ed6682262c03fab61dadd6e4b9fe1d3566bbe9e6f3eb46b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png

Filesize
8KB

MD5
a5b0a83c5ab533af6575a645f739ca67

SHA1
509c5951d0730cebfe4cedb62308f8b6952cd421

SHA256
c88c7d33789579746eec834f1f514a87f64b2879efcf4be89691ec073233ddff

SHA512
13d54424b5a683dcdfdc24dfa944a30c3de68d448f3309968eef954e2b29fc31c2ac240872a0d5b50c76692e7e9c5173bf63f74a27d74478170237b54621181a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations_retina.png

Filesize
19KB

MD5
cb8989835de69e531f62a8b8ada49b10

SHA1
57f49542e59b33b6e79a9e0caca067b544703aac

SHA256
5dd0b1ab6da3a4e0995421488f34dcde6ba9d8bb6244b063ca59321ffb6fe93f

SHA512
d1789bc3befea1f71d49fde0c4c1f1afcef115ad28c833739f9270ac2482275345509caffa7a277b180c07a10d4823b581df15f32a49734a16b4d8c36ffffbc6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\faf_icons.png

Filesize
6KB

MD5
8a9ca43d152c647a603e1bd08ec87f77

SHA1
142c2058bab00e386794e46631ffb655dc6ae48b

SHA256
9f3f7f4824a2098a1248811847dd28f0bff88b63ff322e13c7297bea985f4e9e

SHA512
79dc642c77a5c807a95e625bb7d4cc6fe0d9640376099d4cc7316b28dc411d255a57fed564ed22983820a5de85d39788893941b76e9223edd4b00cbde12b3404

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\bun.png

Filesize
2KB

MD5
a1029c285c6ed1b141e68b3913276825

SHA1
37243e5d470882a783b8aa704da8e7dd59d586d8

SHA256
507f8adb02383915d38f0d26ce08d705631ddc9df898a418471246756479d0ce

SHA512
0727326860342dfdfe97726a5240be604dd8b027fb10ddeade28d21ec5f72bccb435599014d5117993eba998a75691ba31ac0343278cb3133feb3ffee0eb1390

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview.png

Filesize
2KB

MD5
c964bfc9476cb1d72395304715f20aed

SHA1
c31db880a685e9df23ef526722795c3146d0fdf3

SHA256
c990b75715703c6e4b5f81f8ab1d387bfa752685dd873b8756295a5d9ccde32d

SHA512
e63855a1e1300a1f53347ac8e07983277fefc90a90733b317e607498b21cf33b85eef4a81312fc9cc6583c87cc5818979118afe7d8e1fe02fff0dbd71777b38d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\cstm_brand_preview2x.png

Filesize
4KB

MD5
997c86e46255bf7c278bea210e7d717d

SHA1
235b4556f265484f1101ed0d184513011180b7a4

SHA256
a3870148589ae81c0d7cd68e9abe4d3c9005105a47966d4dcec92e24a7fac1f3

SHA512
91e6d72332a4713b99e2ce4dc9515b0c068defa3e3a00fcdfd09f9ab07e568faec35f4fc795811ffddcd395d05d71ced098bdacdcac90b89d48a8fb75084bfe3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small.png

Filesize
289B

MD5
f78220cf535d9bc8dcabe79e59be7468

SHA1
f2f27eeb7aaea98c64b25b510a4e9ac136eade83

SHA256
7079ba9a9f5caa45ef920112a18ed7a4896ce41ca20f2fb542b8e6a236bd603e

SHA512
5cc1f8af2fd9519d6b6f837685301d009ce3e54065e91c75ddcc943e40c4daccdfe38d34e95a80243386da8428277b33796290ffc3be20d41be1486e1b939f42

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\dd_arrow_small2x.png

Filesize
385B

MD5
a22c12f65be5bd174c911b690e1532c6

SHA1
215b2b45bc5e9067dd17bea28117849ff512520d

SHA256
aebcc401c4e1216cfcb2336c6007c38a44e98d43bfe6103859b8cc71007ee55d

SHA512
62b3620adb62790302acf935dc01b4de3d80702ea88c91fe69476b9327cd25ac3cba37a6c385d6e71809557b659533f6939a2e4496f7a77f22d74410f5ec0025

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\illustrations.png

Filesize
4KB

MD5
4572307892ec951098dadb52ca1e1b2d

SHA1
55b90b6e4874f49a61cab84a84cc7f8d9542e675

SHA256
382783ca1373c54d0eb44af08a1f46e98a3cddc0138baca033ca74b60cf532ca

SHA512
2be554fafb3d2ed084ae6b35b94cf8906b2caa448cec5741f08166217e612d69c6420fe0f8dc5688ad3ccf9da3f9c25c2b1b98dcfbaef6547287e28ec3a0bc65

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\nub.png

Filesize
1003B

MD5
dbee6049104473b4e65e1c1ed4d23045

SHA1
bbf740f2570e2f624a6c332a20002da29d85ac23

SHA256
3494a41980be4577018670dbc3f4444cf2ae244497c7f4dbfc8354347c6bd656

SHA512
845899ae4c83a05a994016970def0cabbcc206c14551a17e6c78af975e659e2a12b72552f203b7a282da4fe6364d6670a0aa30f75645034a18701a3cd8d68b67

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons.png

Filesize
1KB

MD5
9e04819d54e7299933c893466ba59ed7

SHA1
58a182c55e2ac155255642921e0c53e56ebe2b43

SHA256
55b3705f6c61816e0067d724fc0c9d155de2d931cac6b2c98c4edd98c8ffb2a8

SHA512
f8dc22e7fb37a3eba7dcbbe20c91fb1bb5c8992eb8f2a59f1841902914009f8fe2cb7f2fb870ff31c9a5461fcf970e61c5ebeaa06a4158cc07ea6ec9cb6d73f0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\share_icons2x.png

Filesize
2KB

MD5
5df07ff7a41d5c39974b7bf9e8b20bd8

SHA1
500efec7ad11b375e1172bfaad032792eec1ac1c

SHA256
ade5406dbfbcb5f6820c0c022492fd5e9417f35e0f9a55574168f70c9d2b404f

SHA512
0292b48881f0eca2646ba6caf8f2dbb4b9e6ad2ffc689faf26074b9a2b319a664a6c15a8da1869f22b86abfb525d21c3514e38d83ffe0e50ea55344b8d8dac40

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adc_logo.png

Filesize
3KB

MD5
fd14e3830083740203204b77f57f5292

SHA1
f07786c357c98f87c662d0dac66f0dbcb8a06560

SHA256
fe86781e288341cadc79b623a004baa928cf56fbc280c8087bebc300aaa44f69

SHA512
b1af6dcdbc57994ed49f2cece5302e238a639edd2dde18e8b4b895f93b5436bf4162ea02944723b0cddad3d1cdcf9844ff843805022dbadaaab71bfdde29ac41

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\adobe_spinner.gif

Filesize
556B

MD5
fcd19648de4d5db47f200ac4080ca44e

SHA1
3f26e04142e6c0d99c5f43b6328a336627b28fef

SHA256
2a371fbd74bdcbcd6cb0b57f3939af42f634906b47cee37f3b09e3ddd67f2478

SHA512
11c1e958e03ae15967d4198547c93f81100604f46b31ef91bf4332bf2fca182c233d55c6a643704910a5bf74d5352d26eb837be3e9c567eb027ed0ab822bb2c8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\logo_retina.png

Filesize
6KB

MD5
bb81a44689f794fbbaa297faeea4dc70

SHA1
410a0fdfbef001f40b45be5d12263c4299c1be7b

SHA256
3425a60010f75f053e24c5c5cf8ec5f4b1276a2c311334a5a7e7b050ee0540f1

SHA512
4427a5766aa4753522eea2ff2e6821492e069d97fdf871fb9c87c4f3ba68ccbcc926e262b196d52442c36bba7adb1cbf42f990c6a600382aadaeaa663bd88cb6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo.png

Filesize
826B

MD5
ee61edb6b3fcd254dd9980755e8f722c

SHA1
14e627baf524106bc3244702794c22af46287ff3

SHA256
314df36727474d69df1d9e693a702238965d6a315c677a61594e45ba0866ac04

SHA512
1d82f2d1e5373552e56b2445aba09df6df2bb41356f43cfe9ea7bb1b580a706cad73a1b49b956c6b574daa8307a332b0acdb15ef6e9b1093cc2c27d79a4dcfa4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png

Filesize
1KB

MD5
2a23a4012ad9e50cee06bea674acb67d

SHA1
b3b61b6bbfc1864eee22b6af976e45c20c67088b

SHA256
58d861428688626ac7b8d6f009fdd477cba9bdab287de795a04af893b81c322f

SHA512
c61a902d5035369d51b5a3811b2c7fdedc338b372e1ed4b28324b73d412c36e6eda806f8eb8f012d12573fa7922206c843e973514b2927a263dad8fe36b3e5f2

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt

Filesize
32KB

MD5
5fc98c03424fd0c4b95529355186182e

SHA1
3128ddb5c5ffff272587908b89052e32aab0d61f

SHA256
e409892619c8e049e0f2cd3fe3741b86142f11d4dbbe156f4f6d6a44a00f2187

SHA512
f4ded83737189ae1e0008ab566846c2a92901453dd200c8b228fd5e98a695c181915164fd7a37b7d8dcb950a8359ff28b6abe0f39859b379ed0e8013dea75cfc

Download Submit
C:\Program Files\7-Zip\Lang\ÊÀÊ ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt

Filesize
298B

MD5
51e3c93bfb6c20bcc7e8b3dd27595e14

SHA1
f67355913b8bd117abe11c03f1220a5a6fb7fcf5

SHA256
735a06b74083f33c3d23f5a4e7fe1135c87e1bea8b0a23a8e54761eb34b35bc0

SHA512
b6c6fcdc86fc74a69da557c32482a027bbd360aee0d572ced9a20dfbd9c5d5749f7ac527d616545ef40ae51bb05320d044d714e85dab40b6eb9e4c33db2bab80

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.awpteam.ts6.ru

Filesize
153B

MD5
179fc49830d6283f08276d2be49568f3

SHA1
b279806266646b97126f4d332638e265d1bd9188

SHA256
9a5384b8c14a6a4a631c8f15f50a14c3d9c8a38eb18d4bf1106c13f81a5b554b

SHA512
8fafebd6d4f5ba19d30980bec80ed5e02baa1679a591f26a173baa82d3f724160088b4bc00cd91f6cb869325f67b78b5c434d80c4d18bd78f64e1d3ddb1f3adb

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
190B

MD5
feaac83e74603a122d7565cf5b856c8f

SHA1
d79afc21ba822c5e40dc12ab33df31a0d9b220d2

SHA256
dd802f313d5e935161e187d6846c1b4db6f80223fd53de97053847bf4ff73f88

SHA512
890b81321b6a24e60069d1e3ab1c62b2831b6f0da60fe4b503bcc434f6a5dc6e3c6eaa87693dd610c11ed9ffe5eca15fbed6ffd30ab3ad371f53007b24462fd9

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
190B

MD5
3d078aabbbeca37dc85ba6045d0895a3

SHA1
f0c1a336e56ec93b894060afbb5ba1c6d2de4993

SHA256
991dbdba3bd2621e47c8fa201b51b8f28bfc59e01f78411e771f78a86012b676

SHA512
529b6384eaa50a0157e81d6933063dc9e9c4d16ad6bb2a5dce3797c3485ce1ac5be57aa1d454cbeb04a38423735462b9f4a0386e1f61f99498c8f324fccca4c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
7de4f29408d41e6cc01d9c10acc69fcc

SHA1
ee1965023ac67dfea9ff1567b1a417f9f0d26488

SHA256
d9a7027cf0c7a97ff19c14870c1e8cf53182c458f0761cafd5c19fe5a658968d

SHA512
53cf1eefcb33e40f447d1e9f1da114fe13d531849a7c43518ed8d422004d28d7491cd4f1d91e605f69387793cc4bd3e7ab391c2e8a152495be5cc22b6f33069f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
18fd714045b12e3e7422a6158b8e0422

SHA1
9c30c33266555f5ef99663eecc8649b1eeaff1a9

SHA256
a7af3dcb2f66f9c590eb463f226f10faf861389def4f7854467d097c4732a63b

SHA512
5a90d01da69a61689e170450f29a518e0d21b8bdb94d6995a426ae3c6d5dd563cd6c7699cb4d17e4c0f67c2163d4ee203d07294ad4ddcb519d858a41c72da9e3

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
da80af3f9f268f224783ea83a9b181ed

SHA1
2f9e99c94cac356483d3f552bc26907ec73a3840

SHA256
c4234391b985b3a917ad146851c7e39123f9c92bcb841a062736fb9998f67b8d

SHA512
0344b009baa5d0e2958f394313b0e0ee7f6a2643d4df5e87d5526a20524d6953b99e73e025526dca60ee9136f613378ac6376cf36b74285ea156bf5ce243dc57

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
229f96b3d85df11c002b2abe64fb6c2d

SHA1
ba6a1bcd92a92cc3ab854bb949afbfd8b1e2d7f5

SHA256
bb989e23cb8a48630956b23d8ee2ae0ee55a93df0e8ff038626f88bfac5f664e

SHA512
0f42b6bcaebf2d24d91c39de29b5f974213113d2bc86af0cccb72eb1aa16a1bcda1e45bb4344f12579d7e1096c802a71fe90c5fd5dca17aab51d3e8e538f1ecc

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
68faf571e1059eaa418bcb2bc41b71f2

SHA1
e6d825c8f85e09940e1cb010ae91eefebbdacbde

SHA256
6de141815c83218ed65ffe5cd17097ab9ce7eb41974fa4a18af6c59a84ea2405

SHA512
213c0a617027fc98b1ffb466aa991598d4fd3047505fabd715fc0326a057ecc61c7b23d73048587bae3089f997a959804e6843a0a31f56b8b6a3303a25485a1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
6d13b9f23c6a585d7270a44731bfb9f4

SHA1
53831f39b36718b1db977316dc2df57b59848216

SHA256
bda54502dbb4d11deaca77cf61ed093f3cf6522daa76559b29606a98c77f4f0b

SHA512
22043e6acdd03ababad7ddecce91ca06edbfb611d8f2140a56f71bcfb88824db57d8d512a2d2165f6915d62112108b25f5095e6890c09e397f59a4da4567255f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
e4a5f6f32381940116f9d2e086224015

SHA1
e2c6a801dd4eea98e66ab389d767b5aa7776660e

SHA256
75932c6d531d78251fe11d64dfe21ecfb4357ad18bc628dba72a572439d9f132

SHA512
07efabb3fc78d100b08376c14ace2125491a3643cb17852287f4a0a739273149fc0a39853cc69f548ac2fb4fb62fe6d5352e4d16f337f5483ec08b73779cad4b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
268248a2d3e1f97a12425c5e64fa19d3

SHA1
14ba9d2fe07a7afedd1123abe8bbb0bb626e2c05

SHA256
75a7614a3d041f140af18d4d2ee37c070b69cfe0e84cfca1b5884d1948279435

SHA512
9bc27a241ce3b0e847f62dde3a981f5c4c77274a35c6b2dec6ca6199af890f2f024a41ce0cb21909a08d1ab78b1acd635a3c8b1b22dd345a7d67b89e4c748e7a

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
b476b8ee7842acc71f9d251e28147665

SHA1
9757e735af1e79c10c82f1e776bbaca8a231d44d

SHA256
1fd294d15163b3bab606eb82120e23c8e1a2ed950abc5ad15b5f897bc58628ac

SHA512
7943aafe59e27b5a830a62b6ef2769a02d7369618644c62ca584fea553d3901e52e4932b0595b7eda47eea069f8aaf3775023066ddf90a8af0c2db02e87d08ee

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
c9cde275a7667bea6947abe6dd7c4d72

SHA1
86baf594dfdb18ee0acba2064fae69c76a05fabe

SHA256
58948b990c65e9eb4b42b546cb873119fdc0a2aa89326e85aac961ccb2ec7733

SHA512
017b6dbfd202452cdcd1cd0e4d22e2775367e751986058e3720fd0d48c2ed27274814db528f6c74a2fef39893af17fad9e295f391770dd78f9ca18b70f7a6729

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
a1d2efdfc99f3f5976caa12536f7336c

SHA1
83b41d02b23bc669f2f555a101622c46a1cc1df0

SHA256
d34e6cc8186d3223ed1f648062f1ff66b2bfa535cfbe2489d2fad378cd6b9361

SHA512
84816be0baa17f37e641f099a57b615116202bbbe26b8fe84cf9b9b212411893e1fc90d364a46f08104ee8c50bc7a8eb9478d19451d829945ab3d5760880d7b1

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
c690c825d2e7e847bccd6d9d4cbf6be5

SHA1
3b31468a855e09f2ade3c2189d9c84dfcf508cda

SHA256
b408342d56e2e086d7bacacfed5b377858dce4b8b4fb1d54b262011b224f2cba

SHA512
42c175514acec4c3323496458891f0f52676c37f0332ec347cb3da7fc346204b28ff881f4df3e30eaadd7e22c73aaa8bcdf7a3db99073a905783aaa725894da6

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
86a18d1a15cb481dc6944b43b70951f5

SHA1
fce0dc95881809bd27de5db597757f317c53d5b2

SHA256
33f1ebb33189ec5e9f68da1456d12c14439fc5b63716e118adfbe4d64f424564

SHA512
83ed2e2507210ea9816e1e0869896ab9a21d4e7d42577ab316d9c176db53ffd9c2007d6897d900cbda36a677a8542d72c97f70dbf66e7cd9777e3c3dd7db209b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
1cc0701236a9f1f1c001ea0a2afa2dbc

SHA1
6753cdd565b874d53411b54089e8ebd25ee4c8ab

SHA256
3ad19ff89c2e4cbceaead20003138f7672ca5caf842e1f871b3eb26add12dfe3

SHA512
6ff80f2f72f86e86c92a930de13aa877516844d3fb0e8b12694b81f644dea8f906207d38fd2249c0f30f091e5d5af52e25c29b46e37df501ec03040ae2b50128

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
162B

MD5
17c3a2fe1eb186e40fc30801fc0a1343

SHA1
bac681cefe2fa21f68f320eeeca4fff5e665b7ba

SHA256
4227715010d9dea9f2caf3a06b7ba3fe6a8e0741427f7fcb3340f56cb89c7749

SHA512
c1de7b3bc0e8f82f45e8eaa7ae747666cecad97456392b9cc50480c33be2eb41e9e612a6a23bf796740647a070f2d48c02683cc95d9e8a40d33182b7655b8683

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
90c9a2c41858168fcb7c3823585817b7

SHA1
9901251e255b82662f247d0ddafc087e1e71ab49

SHA256
00e6202eeac3ff5a06a5538cfbdde313491ecf3a537d92f2bf92ae205edcdec2

SHA512
ca44bf20b02ac3b3c188c77b790176e43a18129859800c741f37adfb9ff8bc830199d44db46e6010a31639c2d452cd90e78708079456073d690b27d583732cf4

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
c4224ae1c54e409e142b109884489cd4

SHA1
28a74a706e763f7953d13741ff0a80431d476c4e

SHA256
00d9b98e36806bde3b60d1f955bad7c6bc234a7402225591942f1dbeede630bc

SHA512
aef8a71a96162c23329e019c2de2c8cf06320b57b52af1b13adc9ff728d2829e62d1a788b04c9ee8f1587fb30a1a8556069650c58ba7ff25b89a9c68acea1264

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
5e8065fb68f8eb8c031e5555654299ca

SHA1
8816057721f1264254ffc50d4b1073abceaf1bf3

SHA256
c6a13a1bf1ebd924f915bd230e57c99ec70794759d04be84d76610997550a716

SHA512
104b608ea09b0555ef18cf58d253bf3f60a4440bccbb863bea72d78d102ab7ff73f232370c212d3c3faccd09c3711aeb617371a5bbafaa4a39ba278b3169f93e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
4d37b3d54950fa8f934a4fd4ccc72e73

SHA1
37c38a7abfd82547579836daeafe8dc549b77c18

SHA256
953ee31b828dc419476c776d8c555c0056940d2e42b0951f8e6a01925ea60042

SHA512
d6286eba84495f6c6a6968557f2ece9f1a9edee0bfab3fcca6e4935b772444a0433f9274583dd602f8bdf26c5dce2069323c6c983bf9e5ca1417bc548de61dc8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
acfd032d37bdbda517530b87d508c470

SHA1
f8c9839df7efbd215bd27c715ef911df0b2ea2ba

SHA256
87e4e6f6df1bd51b0350c5ceb3dae3b27f7c063953566f6e3b45ac665744d7fb

SHA512
a877261a9792f8f36a07d3245ff0cedf04fe4b0e0fc4aa8d83560c04aee3130c2c4ebaf26dd0a75a1909fd0b8bfdd0b4c2b2c28831ca36ee6773d1fe72ad58fc

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
879711ca0aa5da18b253b4a9b9c76585

SHA1
2b30b7f488b74e673ca621c46f5d43d8f9c46328

SHA256
54e5d8dea35687b4c50941b7ecf40b8f05970d6c4d19e50a9750940af0b5ad10

SHA512
b2735dc1adbf1538b822f6d301a91971cd237d5724d86cb9f7cf4d5f93faebae20562e28ab84f02da5accb3c62cbf5d95a478a0b6c96c1c6aef5b03dca11ecb2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
2f635b876265c58c93395cc944e9f58f

SHA1
8ee0c4f4cc66bb5fc3de77e0bed88e080ed05bb6

SHA256
36ad0ffb200b1430f1e2fd049e5d174ece6c1eaced6c249efa13ab250eddb109

SHA512
9cba9bcb5b68ef26b045bcfe979e71d8b13a26259542dfe8bed48744aebcb6a49ae751fc1ba68d77c77cee08b49f822591c5bab314b017e8d18af3e252c79919

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
2131b587e2846d0f33624ec8c4914d31

SHA1
a90dd386003dd00b8266b6611c43615a70d1c73f

SHA256
a2a0918cc3ce4f997544095b3e849c175f9dc4c67a297da1c7e575b196c08c34

SHA512
0c84903cc1c41ba5ae758ec53157a7f56ea1cdaa45c6f5c99e672ecd06b941a17ef22ca77246dcf1dfba0c0a8e3867c706948e919bf0e5f8f364f829c5092a15

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
7561093c8bde2927364029c29eb6f466

SHA1
0fc627bbbff21db5ecd42876d7d367a07f603bc2

SHA256
e206bc69d0aa758cb68a7835ed0762e80a4078113396d777fa3f69fa01afe466

SHA512
22fb5d2ba7ec92bfe2f9695100bec4caddc4d2a7ba0c896e9c27661f909396dd787f9ca65409fe4595aae25466ad4f42238fc61328b2dad9a8e8bd392ec3c7f2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
71a604be765bc49b57edccf5ff7507c4

SHA1
16982abd5f9c73c70693976dd0e612c8f555a2b8

SHA256
33e8415957933c31a85a98bc9451253d231bcb4d5fbbe5f759584e4702e36d04

SHA512
e025b588e25d0db75f16000b7d58ffb4a699949501bec871dbd696a3d5137401f334aff17386e17c23649a4d9756b2e1c92fdcbfeaea787cb1185aa5493bce60

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
a512d67dc788febd7133bfea00cc1b9f

SHA1
79c5a9a61766aeade7e1203b03a2d09d594b58bb

SHA256
31df626ac4beb6978c79ec26f82d2ea90cfcb6a454e7dd0bee959a0d17813b0a

SHA512
75ce81d16363def3301ee2a863e53425b15760bbd3b07131918cebefbf83584cad724b3a82623bbd3d190cb9411f0127d8f85d659f8045cd4489f45659bf5abf

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
ecd95d221f4262bf4c12dd6b0ee5a2d5

SHA1
ee8de451a14247d71477b8f90f81d223631685cc

SHA256
0591cd3392d8e42ccf87c2cdecb21cf492b850f749cbd7b6068436115852a620

SHA512
a994b50ff4677d29f264b74e2baf2b0346ab39ab414a02584c844fed61b4e1b93e92b597f7423d54a1f8c48ff334dc0161493550c0f51872b9878e1b6a1394e2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
fab47845593aef8bce5f0118fc41756e

SHA1
266cf5943724ac753243927611f08cef73b741d6

SHA256
a9397678fd80a37f545fd27f0ccfdef93ff333ddf03242a2b2321e4c2b666086

SHA512
d77feafdee838641f364b2eba5f3c3b3539f5f382d9b601bfcc77f4bafb74afce5c1c1116e147290ed2aee2829f86248ef55a3bda88f6bc778643b97c7dcec3b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
8121d791c2a7a27322d0080ee6149b3a

SHA1
9b53aa1cc7285adcf27dc90da134cbe0028e4d22

SHA256
b7c0d5d6c97952e738fa9d4746ecc8717f44f2fb140fea8daca94bf15472fb1a

SHA512
0999b6c47b8435a00dd139a8acf6d43afb05dc30abd6da08099ce3b5aa495477375ac5828f501a25e0b20effd9d23470ef58a661084e3c4e7858fe9718c0babe

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
bc95acc2e985d7ac90ae99888bbc3e07

SHA1
db775eff748c39de85e01f18a8b866a4c2ec7c49

SHA256
5d2d903a8dd96178f342374b5dff2d09d6f892018fdf643499d64f765c90f738

SHA512
5a2ac670e64d3a2a54229ae50bc850d68764a661a31b2405efe43021e4185b998d4bacd2ad4d8a53378b0788eb2e538248867891193e803b537709530fd98d97

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
e557c45f40723bb51c68b8de92729f7e

SHA1
24d972f831148380cac03c401e1bcb4c1d359bef

SHA256
eeab3689b81f1ccea8388a3d14f9145f7803447ec8068c9f4f1c7adfd27c0218

SHA512
4178f5becc8ddf7dea65aef6c0e49a81cb9c524262ea5bd163c6d033f9271c5368994cca4c5453331cf1750f1b8fbd4f0cb3a47e40e0517289723a161e82460a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
2d1cd1d9402b36f5a2b6a08bde35e5fb

SHA1
7556f26d034b90a24de78f0687203e7545016c41

SHA256
d23a6cd7cf8fbd4919fe6ff7997b281a5b2101882ab849689ecb6ed68bbff209

SHA512
5773052497da1e581a8e32a5d65a8476910a6447c5334e65eed522d1d4c439b4f8fe4dac80967f506a361442d4bf04acb97c4a22610d5d87daf923fb2a049c8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
7ebadd12b7a000654ace775e78e58900

SHA1
98677c32c27ed9c09f5f9802c1b3af401782ea9c

SHA256
335f01400fc6f861a5d8470f17d2fe89e751bdb0fea0ce29c726fff2d92e5c2c

SHA512
a1ab1cdf15e31de514e9da6fe6ab12d26d615ba4b4cdc6093e58aba1bad7c1bdf1852244edd53e5c80fc55499e5c8d0112874040d83fc24eba32bf828c4a7f49

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
1d394b2ebc3f6863765686db0f2656f1

SHA1
905aec21b92a1786017f9057dbd4c1550b55b554

SHA256
e620b8fcd09ba51444c44f6308dcb19aa7780d254796a665cba8fc7f6b9b06c6

SHA512
57dc6a8da1b7d5f1cae76854779e65ef09ac1a0535669f9b52156ab8facce1f0299d0bc8367904bb22364d222412f4c92f0558f5b83c2f69c7960be01049c457

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
d789a337d397a14de2ea1aafa241cc68

SHA1
cbe040e81a186947823bf0e449ed3c89a5e3a95b

SHA256
97220dfc5e32c0b5410e5f584a9d2a3a8949f4be44a94ed09b019a924a89690c

SHA512
5b530ed135ef77e882af92da6b2c9ddc980c8dff4e3132012981b953b272a1eec83e3ce54e92d3eb123e8ab7ac13c866e1aa46ee6a062278964f7399b136b30b

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
0c4f516776a4f0ea58e1a6353804ba44

SHA1
809fb7518053a64ccaf343b92de05f684d020b28

SHA256
30e98a2c9153fa47c8f3155c5e5518728cdcbdbc5d91ff8a71d18f50d83ac116

SHA512
217df7f4eb701e15dfb7b6eeb3f0ef1343f67a961c6ef28464f90de5fc12ec4a7a53a1bd86c2f31370180e2fb7cceea770dbc56cebf413c914af39495ba7ffd3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
636efad185038379b75c0fb113af6568

SHA1
f686d9402b6a2c90708e5e448290d42aa03def2a

SHA256
d5f1f297fe6e738db1ea6d67be202335bbf5124905b1f9c35db6912b322a9d47

SHA512
4e12bed7f75cb157585299b57d24d90cad892cae56d8924eb81fde91c443944d88a68312be4329c8ab5790f0126650b557251f4ad74da008f434899838902cb3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
99943e04e5efd39f39d14d21a426e09a

SHA1
bd57dc151278e3c1a5a1abc170a5f86f7e0ed2eb

SHA256
f64c4c1570bbb9c885afd9e3da3c53e4483032452af75260525d0b7e8cf01d1e

SHA512
d882049bb5d402c95f4c9e7f9d69a18274e06cbcec96431a9fab2f8534b5f98125f4a0b2b28a9b34203870790f082ae418d36ba2c6faa6911be6d67879843ca3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
6b8adfb095dd42bc27ffa120900e07ac

SHA1
15a88ba9dfe41e2a7ef91e931a773df54dd4dca2

SHA256
27e32b922c1074875f9a5e8a6ed44144df4a7fbf2e437f7c09b00316679f6862

SHA512
9e982fcdbd4dd82936cf40572bb49688200034fcb8220fb67e48c60aef6c4fe36d97120b45da91841f0c31d7eabf4fc4b3e931a4e497d7fe02058b5daa8ee73c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
3cd0027eab9ab43aac6e909a68aecca8

SHA1
13acaaf89eed7e70f504c2826fd3e09e8b8f60eb

SHA256
c6833929a1811f882a504c434e4ad69e3a6ea1fea7dbfdf22c0887d75c09ac48

SHA512
8f8fabc0c6114bae5314bab9e3d8e637db9d29eeaff25ee92aad7f8dbd8e2e299bebebf99f8ac7fed7e8eaf32b59cef35fc650fc821943e0fad7bb803e9f62ef

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1011B

MD5
a07f327a893549360de855bb4cf67c54

SHA1
bd7f24d7567795f27d473152c177ce1314fbf72f

SHA256
5a56d1e62c419f603561a0ad776fbb57ad830577fa6b91b19fd7533799b19ac0

SHA512
b420cc887e0ba8e4afd28f825c901fb88d6122532fce2c13d2542ea54ad95c1e347c1670259bca9fd2b91333de4698a0a9fd62c6a74559de7576d18dc6e404f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727661992394667.txt

Filesize
77KB

MD5
80cbf3c691e535f15bdc279def3d4465

SHA1
a1918d264fdf5eb801ad25bb4f265b9a5e6aab47

SHA256
1f14a106f0df6fb0c3823db3a0d94f23a869e42e3b734f916e060c80c2b46f5e

SHA512
087327c60eb636dc964d187e9ca84fbb42565cabb2903df50c899a559521255d0a244365ac73ea9cd159708b92fca1746f714731dcb8e584c0a9b2ddff7333ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727662487357744.txt

Filesize
47KB

MD5
85685bb244e0ebb4ee93ef1ddf8b05bc

SHA1
8d1721a7d37f0d271faecb47b788d3b2276425b1

SHA256
d5e59aa01ba7241ac1e15a005e4376ccbf08ea394d26ea91e290095c30b894ae

SHA512
d658910c2da5fb2daea888cc8fbd97b0281934f33773b6ae2732f6956266b7282bf43a7a5fcd99752f88cce2a8103e7c06d9868c9adb8e33df10a62893293456

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727667722373689.txt

Filesize
63KB

MD5
8a70fbb4253b1a214159c72483cf4dc9

SHA1
2281bf196653a59126786d2aea66875da41ad49a

SHA256
00947c3b1325967918d31e73d7833b4cdcc6834558a20c47b70ebc0dcb0d9f9a

SHA512
f758458fd54d483421b372929fdc8ca4e3d60c7394d4eab534aa5df4559e27ec01831872b46cda8d2e7fdb891b9f175176fc5936c013288fa49999cbcd739c87

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133727670771168387.txt

Filesize
74KB

MD5
18dee0f9ea8e38783d7ed45fc4d146b6

SHA1
014a5d3b5d7e93521ac5ed195c96f14f24f1fd34

SHA256
2af7ba37266ef179dd7ce82aa1092419aab4dec373d6478a7a3fd94d79902343

SHA512
806df443249f2e8d1cae4e6a754489c69b64d9755e424fed3a6a7da48cd66d69768344d3bc1a8c3a825c39387d45e7f85f9ddb0c3035ccf1e84dd8b27a578ddc

Download Submit
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk

Filesize
407B

MD5
43544e4203ad4ad6443b1692bcd775ec

SHA1
dabfa095b89700ff2e1d59e096dee991110e1560

SHA256
1b45978c5cfd996437bf7b2f39cc7260d5de95affcb71a753e7ae7bc00a90ea7

SHA512
04ad23ceb25e8d9bfdd963112f0a2f86d924e08e5dd61507ec1f0e301a35eeb8c6137f11e9cb76a4ba5ca92c7183e7c48bcd8fe6b9f4b0470c57dc8201e63429

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg

Filesize
21KB

MD5
6e2c8642789e0e5e8b8a9eb239df3530

SHA1
887fa4ba155b2974d6258394073d6f82b16e530f

SHA256
4bbb083f4c5d8504c9a7cb69967a8b2e5f289371239b2ee0d0d08296477670f5

SHA512
7e9ca8e9fd6acc5b9a0f627154faf2bdeffeaaaa493d6b70e997ef83a2151ac0be6e4b817eee6a61f11582bf78f734d16f3689ff78e16f413ed857adacc886fc

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\HelpIcon_solid.gif

Filesize
1KB

MD5
f863a5647216bf727d29aa64a6f19be1

SHA1
868464397b45e04828f51dde2f12cc78b47edf6d

SHA256
3cb17c45194cac708f6a02c821cca245ef56106230cc22fa76e3cd53e36b232e

SHA512
5dc32786882de589caeecdec54472d5685d8d302488e1702e0f4b51517aca7750513ce91e349fd07e4372a1b4f31cdd951d410f9647feba1072985683bdbd8e8

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif

Filesize
952B

MD5
3c5ffa17fcbddfb3dc7ddfb26ba26daa

SHA1
557beb59422285c8d5c7ca5e4560f291ba7199e8

SHA256
d261557d7ec812373793c4c1648df0e5d79e1ab836532c079e45cf66fb9c1e71

SHA512
2e420f26e6f524e132b442150f73b24ad1a10464a2161470d68f32c82f88238b8793783e2c74b42aa516670727c0d8f2b642de067424cfbbe2ecffb60d2e88ba

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\aspx_file.gif

Filesize
121B

MD5
64afe9689608bdd29823cd496a950d81

SHA1
2b5fc0139113ce5ab0ece6d259e0bd1bf57f4016

SHA256
19fda99dd07ffd0d2073b648042f459c8dcef470e60950ccab6560b57fa586f7

SHA512
cad636901fb46028bf788d4245eb20c80386429e2c8594489e62faab5a96ed46b27bc7f566bb8b0f8115fa4d26e6b1cbc195e9f8e33839df48014e54a783e5ff

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\branding_Full2.gif

Filesize
1KB

MD5
b9b7beffdcdd48ec2b644d4149fd6a12

SHA1
6015bdbe6436c5407632ce79ebfef63232bdcbdb

SHA256
8b15e75adb194d835194fb1eaf6380d62f1976bc4b9c822217a249589e9e011d

SHA512
f749301b4d6fe454df608535aaf225cacf253be24004d7620009cfc8014674f489fe5a34df11c94f46d5b3af3dc5451d9ca956cfa4debffc67fe89c5ba50b86f

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg

Filesize
8KB

MD5
674df4ff38e7a7ac431da1f8fdd50d04

SHA1
a4f3ca67563b735534a8cb17a20c05267fc48fce

SHA256
6fe7feda96b1450d6feeeb9c159cf32b8bbfe87147ccc7c7d1029e14d772e1d2

SHA512
281aaa6fff413ddf494adf43a38be88322e31a0efd13509edb4a0ba37eaa6f457bb399ee951c7328dfb9e57b04987875919f8867110ba65fd907989fc8428b64

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\folder.gif

Filesize
914B

MD5
4fa39f94966c61a03f225ad5981a0110

SHA1
d2b38026798ec2338198bd4e4e2902ba88eb0e49

SHA256
bdd4de1b7507f412b1d6012ab06ab411990ffa3a77d44fccebe20b7d8721d5a4

SHA512
8e0bef923d8fee787d5adb4d521c39754e1f239ee9290b1642a84f38ca0582dffbccd8b70532751cd1fc94745e870264631b4cb8ba3fd41ee2404a95b09c9eab

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\headerGRADIENT_Tall.gif

Filesize
328B

MD5
cfefc7a768eaff92ab2ea29ccebc81c3

SHA1
5b4bbac9944861aeaf90edc4c966cbfeda714844

SHA256
0b6c3e98087fa814f42a314fad637866a6fd02899a28e4f7fc4437d5b7f876f0

SHA512
227a96f424366c870c86049b8403cc53c9734c2ec19c3ea194c28e04914b310f61755d925bf9888e88110be639c28cb3b7b578e33aedceb70ddcf4df9cd33189

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\help.jpg

Filesize
1KB

MD5
fbc99e81e079588d922e611e6099868b

SHA1
42a0dea61a2ddd3159d689d47c6bcf3e7a4ced39

SHA256
4e24bdc76e5569fe35bf08876734ffc0fbe51ca8f998af00ac6c6e30437b5e06

SHA512
f60ad74808dbc600fbffd62f3384e46227729df43cd531dc338d31a25747648bc7c6e24f7a1fdbfaabb6e503d0507eee24560ffaf8eade934c829d6501cf7941

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image1.gif

Filesize
162B

MD5
e81e6acee816c253c9f51e5285f95996

SHA1
a39e2c455d7f3914561e4934d84583757f5243ca

SHA256
f28f3a6f20c8a2e86ac96569a2f79c0d445e57f4fd4828d56db8b908724cfcb7

SHA512
3411aa33738b6fe186557e79372b90b0f4cafa5ff82754ba5d83b652efe26b7dcb49922ff490b7ec52bb3bc73af97197d6f95739041d28041ce4a58082842ce4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\image2.gif

Filesize
586B

MD5
30a551ef637517d8598e3fa0e573d1c6

SHA1
25a311a00bb1c4b9f70cfcf3d26dbebba526d81e

SHA256
244c0fcae88f97fe3a2181ab8e059c83db864cad146fd1a1f6d159c06df62f8b

SHA512
b745a1a0e3389daeec6fa321173e67f1cf9dd3c1c5272c5990563e773901768307177799548472e5547becd5dd6c8b72687ce128d20464b47d1725e42fe938a6

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\requiredBang.gif

Filesize
124B

MD5
4c4b9fa5e48e23e0930043a3699d3498

SHA1
367866e7339f265c1b7a82b77f7c72caefea30d6

SHA256
9dc566cb9b8171f3037d09fbc6ab065b041dd393fbf69b1f333cf5e6a1e65138

SHA512
a17c03370b6d383006ea89c1539d9d0334ce204adc7b11da856461094072f67b58c725393ddada58834968cfaa2631d112a334f346be8e0c2c8d79eaf0f5df3d

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg

Filesize
8KB

MD5
cf73a3cf99f32b542cec394a51459e97

SHA1
9def0d24f329d7b5a0b8781284d1c5a1215d4fad

SHA256
6979aa86672195648fb3638322e908960117fc646aa807849d5dc073a1af122e

SHA512
86e38fb115b4063d114afa9a92729c94fa422dad79213d3e8843adc826b9730468680cbb4dc85a098c2dee253853dbf0c1a71f159dea5d9124f6d6c085ddc6f4

Download Submit
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\yellowCORNER.gif

Filesize
880B

MD5
36b903c48edc70b4d15c4adc83146a42

SHA1
b5f5868d4ef245a37eef34a5bdb6aa5bff2d13d9

SHA256
015b4555efb02ff483824994527f1413ccbff1fa2885fe3363fc18520ff66327

SHA512
5935f07f97622656b331cb86132a796aa271df10f495fef74bb180d60fe7636f67eae9cb31715fc5e271762ffcde17aa601afce5e0b903ee7e92d74030f08ada

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk

Filesize
1KB

MD5
7aead87a195d1dcf7a0a3022d6741b7a

SHA1
0a133e6650d91db93c0005a3bd3422b8d577f581

SHA256
6e885466ceff05d87427a24e523aa258e3d9b73c55bfbc47ce9c9e3328b9d953

SHA512
5c0695a59614d43e45f9faddcbe58ae7a71a4c17a46363d1d2046496d7b0ea1f5193a9b98e14bebf73cbeb796a95c2c8e3a79532409017e30020e7d6e6041ff8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk

Filesize
1KB

MD5
08a1078763bf764962b6a429cd979e09

SHA1
ab3749b3709caaeff48b4731c9f7479b3bdeb472

SHA256
33eca464228b4ef806ffbfd37b2f6de93f24ebdb8889ab17f22884d32eb751d6

SHA512
be512aec9e21f8b86cfa303e5c3186941d4a8051f99e2aa422220a9a98cc7fc61ccbab109cb25a15fec7f9dfc18c1ea3760d242e9ea89c6adac31241d149b2d1

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk

Filesize
1KB

MD5
c75e6aab275519b923b1010e72f5edfc

SHA1
0b826132b7b9974963e6c68a9d7db2c626195c5a

SHA256
707c2bc68b1b29b1a4cb8d041bece258abc2b1441d455c54b211523e11447d00

SHA512
d27c91784b0b5f6cf25e782d74ff2a26d1ab7388e486a5ae597fdb4bccf4d8fc7bd1ce2191f66d738d0b69260f8c8834c96b54d313d3af7b696200d13da3c261

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk

Filesize
1KB

MD5
259fba915f9bca2af1e037aca7e47174

SHA1
96bc59349f7e10f913ab1f7e508c52ff966245a6

SHA256
c4562823bf0259aca3361d00b6199d9134d718391a6ebf9cd5f4153f2b963977

SHA512
7e74e585d2f82cf8141654dbe7ce3cee75fcf43e81a67769e28c2e59bc36c29328293fd853ab9e4cbc39c93ef19df1b5498a3c84b0d119ab24b59c52dfab9651

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk

Filesize
1KB

MD5
9c2f1c5ac5deca451ca2b37251f314c7

SHA1
d9f26d6b3031dee2966b1961abc71710a85c6d06

SHA256
f4eb34b6d3192e0cd7923aee9c6e8d3c4cd418055530c541aee19637cec93255

SHA512
ab13fb3cf995e9592128aba531727b0ef3516d085a64eab4df8e9de0c9a7aa1eb04970e4ea6770011630c1af0a70d3b70f7657e204f1d18fe04cdfb3584d7f70

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk

Filesize
1021B

MD5
4685ee4c9b6ef519b210e7d10be6697e

SHA1
994d639bae5e4faf1d381f0f9d9bb30b01101fd9

SHA256
d3014b6547a15c9e66bfbfb2c60b1b2b52f8a8990cf322f890ae3d9b0070b8a1

SHA512
7aab85f12690a7f824f77c7aba66007cfd99ef1072eecf5c76300b80a233185e85fe20187cf3abd9259e821aa1a0dfb04e134cc74e433f0f919377806e9c10bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk

Filesize
1015B

MD5
22112f9cbdf00cf6e434c71b2afd7fbb

SHA1
b7b30c7eebd392635e47e8da63ef434ac6e832cb

SHA256
c634298088a9b9f377a6b390f3660bea12d6b7f0f7244130610a90dc21c5f6f6

SHA512
086c4bc4f2db44308d77919260cf5ca69c6167c1747c8ddb342b5493fb2f638da84264eb45765ea8ee9493fdceaab6e234c1b438798a80320373a39e5770989c

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk

Filesize
1KB

MD5
6b1e91908de37cec62d8a667f7cbbf0c

SHA1
103a37ea105b7614d409c2fa04755ebad1ff49bb

SHA256
0b79cc9c075be9584193b04821f0dcfd2fcbd7ba06cd4d51ede7b0b73dbc43e3

SHA512
1a4b09ec355c1bd1ce521f5fd929668ff3796b1336bfffaea638eb9a24999b8d86b86c6489f4b85348d330bd24e3cffbf8da6928eb597ccc25cd10e5933c7197

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk

Filesize
1KB

MD5
13f75925b604fdac57efa31ea42da3ef

SHA1
d22fe6a908d1fa129eaa7fbdb7b6fcb85112908e

SHA256
6df97a7e8318517f8169d4d1eac52f111bcc438e8a17b0ceaaa50b11e9e936bb

SHA512
865f2340c255eca3254c6ab7445fcd09c7a8169b82b1f789a320afe98565b5a02ad9d60751d357d2f8eed75efb5ce6591fd7623b9ffbec4606fddf57c0d39260

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk

Filesize
1KB

MD5
560b08f472d8279d25e03e482de150cf

SHA1
abbfeb54df08dc6b2630fba0fd798e42c6dfe5a9

SHA256
8d70a0ddd20434f24cc428d670534b1258e22941305b31e8b7a80df9719016d2

SHA512
9cdcd58045dbf9c4a782789e4a6240091a543920d7708cff8a920732d91c22e9bdfbc079110fd1c6823e4be26c101794f4ad95c0f0ab2afb2e32d56278711d8b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk

Filesize
1015B

MD5
10012e7e1472e0b10071fe6cc3806a8b

SHA1
35cc7dd26f87264fccd112bddcb1bc0ae0b34ea1

SHA256
2209461fbe276d4dbad041287691d9c8b849301ed9e052531bdac9d1e7a7b72a

SHA512
4e42713c1f95ffd5d8b4245e9e1a840f30fb04db1139b0bae39ab020a31150eb9196ad5e4768cd75427623584aeec815d57f113c046edf036034f270d784b7bb

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk

Filesize
1015B

MD5
f2177f22a82d632182be92133cb352df

SHA1
05c45db8edc4a3cd73cd30f7bac2a5da72991241

SHA256
adc956bba484ab2e52e24a36e754947d79af0e22a919221ce2f30c8c54d97522

SHA512
26545f0f9afb41bcc73f1e2214ae12e8f8dbcec0c10a54f27b769944089704b9a4e2efac0e4c4a83a363b3f3c769100bf5a629bf218d487c7e5000785ecdf22f

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk

Filesize
1KB

MD5
4be8d80bec8d706d81442ddf6d8618c9

SHA1
047df9034bab05891f62d06d22e1ce40e9adca8a

SHA256
bbeed49553414d9eb77f8f75f124ca2cc15528f5dbc524247cea2ecaa1391d31

SHA512
29e49d54a3a1dad452ddb65d660112be5fb05c7d0e20ef8fa54918708005b7fb09a70fa10c4386e924e7d048b5c9cb5f3bb50e767b351015aa92b9bd64f68c90

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk

Filesize
1KB

MD5
5ae775e0f801787b46c941019aa80f2c

SHA1
5a03009265754b8f3e3b878bf38917adbc49559a

SHA256
8bf367e6374a1cc5cc6eafd0e3e8771ad5e7d66fbfeaca22bf1eb17207c74fbc

SHA512
492fb0e3fb8b5efa7cabe103f1b4f376cdbda813770c0aae44b9d0d9d358c97017e2e0b58390afd59727b1570d52b4c4198dbc26f4bca90c70adfcf736195679

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk

Filesize
1KB

MD5
4546715baa71f8d28c9ef4538b79fb54

SHA1
bb44c22c8e11873b8f82cead07f41115a6798c3b

SHA256
9f6314fde588ed2274dbb7b9c117d09988f1db5917a9e8893d77055d3bc0a62d

SHA512
afd87ab6b749a62c150d1305bfe4717c1c0dfd4d90a825bbd2864ec5c8ec99f791f660386849b419e7774ea0cc5deb0bec386fd6c8d652316d38b9e9e377c9c8

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk

Filesize
1015B

MD5
912d206993477c6d72611f6ebf09eea0

SHA1
830de39f30e51357f4f08899dfe47ba3a60545e2

SHA256
ab39cac830f34694bb1e7236d575e1668d670aa90a20b4e80687d0952316127f

SHA512
2a4fe2c9466451723004eb555797362da50cdda79900d79832ef953b67e08c61777cc3ed5d2dc55f3a6d7e67dec60c53acb80580e6734476db793f823ad8c60b

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk

Filesize
1KB

MD5
4a0e6d46ae395980e475270a055f2d00

SHA1
acbdbd8526c49d54bf171b57a40062afdd2f4198

SHA256
2b65655314dd8170424d67ad209627ccd46cbaa73f9c34859b459df0d3875ed6

SHA512
f1d4f450118d1000c8f36ff54c8cd150f8c0e9ee628d496f746cb08b7ecc5a5c0e42b73c4635c4ab6227d34ba78b6551975a1d3196e23952e78f87234be80e36

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk

Filesize
1015B

MD5
29a7376e0f524e75ae2c547b13b6618b

SHA1
dcae9c83cca2707e775ce3831f9e36727a60fa1b

SHA256
89562e6577efa74919077ee3118384147368a9d2411f01e0e070b897410b1b68

SHA512
2e305ec1cea132a7322145501cb230ce8bef8d2b9030f2b159fc4083846740a172ede09271bc3696fc0934e766a47869bcb60075ef2b3a8967e592ddef36d549

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk

Filesize
1KB

MD5
97eed5d9dd904bfe11b720a440e407fb

SHA1
3910cd9a736610b85dfe07f0cc49c7993097e24b

SHA256
5453a533a8bbdf27b05992db37421ba982e43b03af46332f3a799fa9bed97321

SHA512
48a56d4ffb8d9c588b14cb8929943b20fee891ad599559a5286d44827685027f87b6ec1a42d2ffd8c40fecf7e5f24c16a79ce60e0da2f7b5d9feb9ef604d3417

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

Filesize
352B

MD5
30c1b8b03b8cff1f29380ab7bc76f486

SHA1
63c40a4d5e757cb69be24f16d45b58a13c3c9388

SHA256
0367b90b0dabdb386b607ef4e2cd67391f574e85c814f41758b07025a4c4d18f

SHA512
ef71b3ee64c7cf2f95f4fd6a86aa666c823f984566bc923d6396feec91fb9a7ba47861c1907b1b9f2d3644ac38819f21c134e3e8546079dd3eb47af10f898642

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

Filesize
334B

MD5
b04a3ba6093fe82a32168f360ea09613

SHA1
fab36d61dce59e23173bd74db4365a6ad344d98b

SHA256
03b745805821978316bd69e7bd26b8aa802385c8ad7ac110e6915e664894325a

SHA512
44d54cb8b587c132e7af6db5c125814be5d6309c935fafca0c72a920d9c70c802ee1d17ac8d37357738495c055a33ec55e0a4b404817f22e4add56b5c6c847ec

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk

Filesize
1KB

MD5
ee0d9ac1ce9af8ad95c3215e9addc41e

SHA1
73ee3ba82d3c70733826e06bb91cfcf84872642a

SHA256
dfd5bf119edb389841c85234f69a0852860a37bba165a09a78ef603fcb4038c5

SHA512
18364303d0c24eefeaa7eab7ceeb50947dc6d58baa494b745eb7ffb5d7cc65f41fd736d614a244fc80f4c13b77fcf116c99972941b2c24af25638d7ff1cf86ea

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk

Filesize
1KB

MD5
d5689210f9127535389f449d919ab038

SHA1
ab21650227daa547cc50853ba8a2993d18be888b

SHA256
e0376d72cfd7a7457bd93bd419bd7ce8ce0374b316a70613b853c15e39adfad9

SHA512
5594dd964bf88f06de548cd26252a904e7d7153af62fa1a68cb34f93670c0f8430bcfff9921acb3d358a4f8d7de60f2f5d2753f313b778e9ded95425b8ae29b5

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk

Filesize
1KB

MD5
0fd74eab0e7092c5511c36ee3693e736

SHA1
b481e137a94200a4650f59e67f9962d35b922308

SHA256
3e24a9c8695aa204c97b89e2d53e905ff9fca14b8073902b518c5c430028cea8

SHA512
932056fd028d34b13fd3803f90ffe1a072933b63ebd8e3d9379d07ba585b2758a4197f55689a6341ddb4df7faff1cd94906fa4fd9e08f0e1424a144333f437f4

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk

Filesize
1KB

MD5
22e8c89c459d2ea9aabc533cba762294

SHA1
6d823cc9490f4a64308424a6cee85456a3221e3e

SHA256
34097f57c4de381abe559ae7596182d1a475216003c32b3b5971d7561b2c41d1

SHA512
05a6cba794f23327daea45d03ab539af42fc74522bb026f81169ab5c25627f84dfbf2f10b8bbd958412311de4b067d304fe7300f6f181e3741c56aff894b10c9

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk

Filesize
1KB

MD5
123c52fe432d57bdb25ffa77c1a86124

SHA1
f2b2d62754adf231d878c6ee6656d36bca77ab8e

SHA256
a5ac9b28a5da283bfc36ae8c46eae81206a007051a5f4397e630537395812d0c

SHA512
c30830bd950925bedceb77571dd9052e9862cdbf3d67f946868f115a49449babb26937f99d0460d2f0dddc5d2dd4096338366d98dd310e3dff94754f4a2eab04

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk

Filesize
405B

MD5
54275628c4c61b9200604e2672708d19

SHA1
83df4c7c0e50bf6c8fc112a317babef64f829e54

SHA256
df5a84440f716ac01b586adb1c1293bb35a0eca7f8ea785c3dbf875e64bb2b60

SHA512
94bc58083ca25b9bb1be8730427e9aa6dc48cd23eb6f4dc0c0546e3e294022d395636dc4e5c0de5617cd9155b17e0988333fdc2e55c4467d67f388e6294d6281

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk

Filesize
409B

MD5
a750698afc7829bce754c46238523935

SHA1
3257f909601b2320c41c8327f41f1922f96267d7

SHA256
0f1f1cb4d94ea57b7512fc0cec1cde72d16be6de868b2e4eaa04025c9ec9b574

SHA512
e0e59285638e37dc93abff131838352178845904375de5d31bfe014e9449c16939ad866efc5f9705a0ebdb2360db36c1176f8c9dce810b960f50f38c092ac815

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk

Filesize
335B

MD5
d3fe826b6df1a5d5fbbeb7c22db2dd5e

SHA1
ea70f1db842fcef73774cbfe917e6d3a6faaa768

SHA256
72f889817c2c499e5f5c8f8163b9aa14cf319e5cc11272589c1407aa5c5d56c7

SHA512
2ac50a305ba4caf29505ec450bd8625748a3fd87227b50461fa6382ef3a5a186bd2ca5dea4adbd85f8249c96d242bde4f06bb2a5a26315d082cd1693845a3fd7

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk

Filesize
2KB

MD5
a4acde767fb02e127906afe281aafd01

SHA1
1129d04e0d361190cd5e4ea5e097ad88e3b45b41

SHA256
752f1d0819dbf0fff2007fc21802b1d1e4badee5909e502283645e47a755fe78

SHA512
e150728113ba7b3bdbea8291a2d5c24972c31fcaeaafe311e5d673934e7bed67822d65c187d3630218c2a298cae1c1e8fd8e81cd5b530204a2cc51d47c9fb32a

Download Submit
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk

Filesize
2KB

MD5
bd371873f0e1ef1ef99da1cb4ff3351b

SHA1
a8404be5a636cd0df3670c606a53da4c48a52b9a

SHA256
eaf2b15e85b4ca12b442b45c99b66542225a667e750fac12cb53ed050c0b3b45

SHA512
c7b5ffff692c986742c6dc3b17b0da6897c0d44fba146ddc4969c3544270aececbfebd7af114a9edbbc4dcbdda69444de502928ceca0f26ca3b290d03409e522

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
6d43f24689cafbbd1a1f2a4d6367ec91

SHA1
b4cf719b7fef4501baf909b372af0570cdc564a0

SHA256
e40bca1e8cfdea28d495f593915f9451d04d7d1375b09f1749118b2a8901484f

SHA512
fb983e876b95156080b6467716295a3e77b4d7fd93e492db9509f33f6c37d0847f1777465f138cc8976ff5a915953cd978051cbc956994758954e044a51b2c30

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.153_none_90dc0b923cd83016\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
3ea8bf0b3751829ea75f4dac5b396a6c

SHA1
eb4ad1441216b40c04b631c505087f2cc0af7e4f

SHA256
c5f08521bec3c1fdb27fdecf3d463b7c54eea34126c6fd9b959403b6697806eb

SHA512
e2b286ca43bcb9fd0aa4217d348e7e9c0218089537875d14147cc60743f9632e5a15f265a7bd09a41e2ea476006010a1e5fe576ee6a4cf930212ee92a5c3d5f9

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_altform-unplated_contrast-black.png

Filesize
296B

MD5
77017d1e97c6fc80658566e30744605e

SHA1
9e0e008385fcf56bcf522b00d25e20d9710ddbb7

SHA256
f2693d6108e70564f1e8b33755fbbe0600a93405a5c9d77f6172c915b61fb6ff

SHA512
0dfb3235259f48646e347330bede90bb17159a312d4d5efca01a2c25396f4288d05fa5b647c4090695b90754d0f207c09435d810a997b4d936f2a8ea8ac12102

Download Submit
C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.19041.964_none_90d24b203cdf4e96\Square44x44Logo.targetsize-44_contrast-white.png

Filesize
276B

MD5
f5ee8305210b5bc5819779e0b5a81343

SHA1
8954d79bf719cce049899753bc5b41892fd84404

SHA256
a8fb24db1f354a4d2099bfd042e5f2b93ade1e66a7b4fb9d34f615aef731be72

SHA512
b1ee0666e8ece40536b5c5273434d7f6655add67a70ea917e8992298bb72e7963f0cb48147678708d7e25213afe6d09ef5eb6c4e23f6377d64e72fa7a0ce1a5b

Download Submit
C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.19041.1_none_e585f901f9ce93e6\OneDrive.lnk

Filesize
1KB

MD5
9f5cb7d0acfb5616cc0ff1b0a1587709

SHA1
519fe1e6924552d49baee08679e2e68451c3f992

SHA256
91ee44af91661d79654c92c52bcf2e0642ac63896f44a243a860368b950cf2a4

SHA512
a8b23e5a4ee4c46dc7f89f2bdd6e89e46206214cebf1752a7c74a7991ed05109b74b5910dc9cb19c7b54f05be78193fa055a1c4d6cb46931f5a9deb562211c85

Download Submit
memory/4928-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-10879-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-10706-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-6350-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-11186-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-6351-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-11191-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4928-11192-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download